WO2015056601A1 - 鍵装置、鍵クラウドシステム、復号方法、およびプログラム - Google Patents
鍵装置、鍵クラウドシステム、復号方法、およびプログラム Download PDFInfo
- Publication number
- WO2015056601A1 WO2015056601A1 PCT/JP2014/076782 JP2014076782W WO2015056601A1 WO 2015056601 A1 WO2015056601 A1 WO 2015056601A1 JP 2014076782 W JP2014076782 W JP 2014076782W WO 2015056601 A1 WO2015056601 A1 WO 2015056601A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- information
- line
- line information
- ciphertext
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Definitions
- the present invention relates to a cloud key management type decryption technique.
- Patent Document 1 registration permission information corresponding to a terminal device to which a decryption authority is given is stored in a key device, and the ciphertext and the terminal information are received by the key device, and the terminal information is any registration permission.
- a cloud key management type decryption technique is disclosed that outputs response information corresponding to the decryption result of the ciphertext when corresponding to the information.
- registration permission information corresponding to each terminal device is stored in a key device, and a decryption authority is given to each terminal device. Therefore, even when a plurality of terminal devices are connected to the same line, it is necessary to give a decryption authority to each terminal device. Further, since the registration permission information is information dedicated to cloud key management type decryption, the registration permission information may be stored in the key device only after the setting for cloud key management type decryption is performed on the terminal device. Can not. That is, the decryption authority cannot be given to the terminal device unless the setting for decryption of the cloud key management type is performed on the terminal device.
- An object of the present invention is to improve convenience related to handling of decryption authority.
- the key device When the registered line information corresponding to any line is stored in the key device, the key device accepts the ciphertext and the line information, and the line information corresponds to the registered line information, the decrypted value of the ciphertext Outputs response information corresponding to.
- the decryption authority Since the decryption authority is given for each line, it is not necessary to give the decryption authority for each terminal apparatus even when a plurality of terminal apparatuses are connected to the same line. Further, since the decryption authority is given to the line, the decryption authority can be given to the terminal device even before the setting for the cloud key management type decryption is performed on the terminal device. Therefore, the convenience regarding handling of the decryption authority is improved.
- FIG. 1 is a block diagram for illustrating a functional configuration of a key cloud system according to the first embodiment and its modifications.
- FIG. 2 is a sequence diagram for explaining a decoding method according to the first embodiment and its modification.
- FIG. 3 is a block diagram for illustrating the functional configuration of the key cloud system according to the second embodiment and its modification.
- FIG. 4 is a sequence diagram for explaining a decoding method according to the second embodiment and its modification.
- FIG. 5 is a block diagram for illustrating a functional configuration of a key cloud system according to the third embodiment and its modification.
- FIG. 6 is a sequence diagram for explaining a decoding method according to the third embodiment and its modification.
- FIG. 7 is a block diagram for illustrating a functional configuration of a key cloud system according to the fourth embodiment and its modifications.
- FIG. 8 is a sequence diagram for explaining a decoding method according to the fourth embodiment and its modification.
- FIG. 9 is a flowchart for illustrating details of step S407.
- the key cloud system 1 of this embodiment includes a terminal device 11 and a key device 12.
- the terminal device 11 and the key device 12 are configured to be able to communicate through a public line having a line authentication function and a line information notification function.
- Line authentication (network-based authentication) is a user authentication technique for confirming that "this user has surely communicated from this line”.
- Line authentication itself is well known.
- Reference 1 “Development of an authentication collaboration function using line data of NTT DATA and NGN -Establishing a mechanism for easily ensuring security”, [online], stock Company NTT Data, [Search on March 21, 2013], Internet ⁇ http://www.nttdata.com/jp/ja/news/release/2009/091600.html>) and US Patent Application Publication No. US2007- 0234404 ⁇ A1 and the like.
- line information ⁇ ⁇ network based identification
- line information are, for example, “Nir Yosef, Roded Sharan, and William Stafford Noble,“ Improved network-based identification of protein orthologs, ”Oxford Journals, Science & Mathematics Bioinformatics, Volume 24, -sue , Http://bioinformatics.oxfordjournals.org/content/24/16/i200. ”. If the line authentication in the authentication device is successful, the terminal device 11 can communicate with the key device 12 through this line.
- line authentication includes NGN (next generation network) line authentication and EAP-SI authentication.
- line information include an identifier unique to a device connected to the line, a MAC address of a gateway (home gateway, etc.), a FLET'S number (registered trademark), an IMSI (International Mobile Subscriber Identity), an e-mail address, a department name, etc. It is.
- the line information notification function is a function for notifying the communication destination apparatus of line information of the line in communication using a certain line.
- the line information notification function is also known.
- Reference 2 Line information notification function
- [online] East Nippon Telegraph and Telephone Corporation, FLET'S official homepage, [March 21, 2013 search]
- Internet ⁇ http ⁇ /flets.com/asc/s_outline.html>.
- the terminal device 11 of the present embodiment includes a storage unit 111, an output unit 113, an input unit 114, and a decoding processing unit 115.
- the key device 12 includes storage units 121 and 122, an input unit 123, an output unit 124, a determination unit 125, and a response unit 126.
- Each device is provided in a general-purpose or dedicated computer including a processor (hardware processor) such as a CPU (central processing unit) or a memory such as a random-access memory (RAM) or a read-only memory (ROM). This program is configured by reading the program.
- the computer may include a single processor and memory, or may include a plurality of processors and memory.
- This program may be installed in a computer, or may be recorded in a ROM or the like in advance.
- some or all of the processing units are configured using an electronic circuit that realizes a processing function without using a program, instead of an electronic circuit (circuitry) that realizes a functional configuration by reading a program like a CPU. May be.
- an electronic circuit constituting one device may include a plurality of CPUs. Information output from each processing unit is stored in a temporary memory (not shown), read out as necessary, and used for processing of each processing unit.
- a temporary memory not shown
- FIG. 1 one terminal device 11 and one key device 12 are illustrated, but two or more terminal devices and key devices may exist. At this time, two or more terminal devices and key devices may be connected to the same line.
- a key pair (y, s) of the encryption key y and the corresponding decryption key s is set in advance.
- the key pair (y, s) may be, for example, a key pair of a public key and a secret key of a public key cryptosystem, a pair of an identifier of an ID base cryptosystem and a corresponding secret key, or a functional type It may be a pair of an encryption attribute vector and a corresponding private key, or may be a common key of the same common key encryption method.
- the encryption key y is stored in an encryption device (not shown), and the decryption key s is securely stored in the storage unit 121 (key storage unit) of the key device 12 (FIG.
- a line for which the decryption service is permitted is set in advance, and a list List of registered line information corresponding to any line for which the decryption service is permitted is stored in the storage unit 122 (registered line storage unit) of the key device 12. Is done.
- the registered line information may be the line information itself for which the decoding service is permitted, or may be information that is uniquely determined with respect to the line information for which the decoding service is permitted.
- the decoding process of this embodiment will be described with reference to FIG.
- the decryption processing unit 115 of the terminal device 11 (FIG. 1) reads the ciphertext C from the storage unit 111 and outputs the ciphertext C.
- the ciphertext C is input to the output unit 113.
- the output unit 113 outputs the ciphertext C to a predetermined public line with the key device 12 as a destination (step S101).
- the line information x of the line from which the ciphertext C is output is sent to an authentication device (not shown) that provides a line authentication function, and this authentication device performs line authentication using the line information x (step S102). If the line authentication has failed (step S103), error information is transmitted to the terminal device 11. The transmitted error information is input to the input unit 114 and sent to the decoding processing unit 115, and the decoding processing unit 115 ends the decoding process (step S104).
- the ciphertext C is transmitted to the key device 12, and a notification device (not shown) that provides a line information notification function further transmits the line information x to the key device 12.
- the line information x and the ciphertext C are input to the input unit 123 of the key device 12.
- the line information x input to the input unit 123 is information corresponding to a line that has been successfully authenticated.
- the line information x is sent to the determination unit 125, and the ciphertext C is sent to the response unit 126 (step S106).
- the determination unit 125 determines whether the line information x corresponds to any registered line information in the list List stored in the storage unit 122.
- the determination unit 125 determines whether the line information x is included in the list List stored in the storage unit 122 (step S107). When the line information x does not correspond to any registered line information in the list List (for example, when the line information x is not included in the list List) (step S108), error information is transmitted from the output unit 124. The transmitted error information is input to the input unit 114 of the terminal device 11 and sent to the decoding processing unit 115, and the decoding processing unit 115 ends the decoding process (step S109).
- the response unit 126 is stored in the storage unit 121.
- the ciphertext C is decrypted using the decryption key s, and the decrypted value m ′ obtained thereby is output (step S110).
- the decoded value m ′ is input to the output unit 124.
- the output unit 124 outputs the decoded value m ′ (response information corresponding to the decoded value) to the line corresponding to the line information x (line information corresponding to the registered line information) with the terminal device 11 as the destination (step) S111).
- the decrypted value m ′ is input to the input unit 114 of the terminal device 11 and sent to the decryption processing unit 115 (step S112).
- the decryption processing unit 115 outputs the decrypted value m ′ and ends the decryption process (step S113).
- the decryption authority since the decryption authority is given to each line, it is not necessary to give the decryption authority to each terminal apparatus even when a plurality of terminal apparatuses are connected to the same line. Further, since the decryption authority is given to the line, the decryption authority can be given to the terminal device before the setting dedicated to this system is performed. That is, even before the program for executing the decoding processing function of the present embodiment is installed in the terminal device, the line information corresponding to the line used by the terminal device can be specified, and the line corresponding to the line is used. A list including registered line information can be stored in the key device. The line information x input to the key device is information that has been successfully authenticated on the public line. Therefore, the validity of the terminal device connected to the key device using the line corresponding to the line information x is guaranteed.
- cloud key management type decryption using self-correction technology may be performed.
- Self-correction technology means that the correct calculation results are always output using a computer or system that does not necessarily output the correct calculation results (when using a computer that outputs the correct calculation results, the correct calculation results are output, and the correct results are not always output. When a computer that does not always output is used, a correct calculation result is obtained or a result indicating that the calculation cannot be obtained is obtained).
- the terminal device transmits information corresponding to the second ciphertext obtained by encrypting the plaintext m using the encryption key as ciphertext C to the key device, Transmits response information for the terminal device to obtain a decrypted value obtained by decrypting the second ciphertext using the decryption key by self-correction processing, and the terminal device The decoded value m ′ is obtained using the information.
- the self-correction technique itself is a known technique. For example, Reference 3 (International Publication WO / 2012/057134), Reference 4 (International Publication WO / 2011/086992), and Reference 5 (International Publication WO / 2012/121152) and the like. Below, it demonstrates centering around difference with the matter demonstrated so far, about the matter demonstrated so far, the same reference number is used and description is abbreviate
- the key cloud system 1 ′ of the present modification includes a terminal device 11 ′ and a key device 12 ′.
- the terminal device 11 ′ and the key device 12 ′ are configured to be able to communicate through a public line having a line authentication function and a line information notification function.
- the terminal device 11 ′ of the present modification includes a storage unit 111, an output unit 113 ′, an input unit 114 ′, and a decoding processing unit 115 ′.
- the key device 12 ' includes storage units 121 and 122, an input unit 123', an output unit 124 ', a determination unit 125, and a response unit 126'.
- Each device is configured, for example, by reading a predetermined program into the above-described computer.
- Information output from each processing unit is stored in a temporary memory (not shown), read out as necessary, and used for processing of each processing unit.
- FIG. 1 shows one terminal device 11 ′ and one key device 12 ′, there may be two or more terminal devices and key devices. At this time, two or more terminal devices and key devices may be connected to the same line.
- the decoding process of this modification is demonstrated using FIG.
- the decryption processing unit 115 ′ of the terminal device 11 ′ (FIG. 1) reads the second ciphertext Enc (y, m) from the storage unit 111, and encrypts information corresponding to the second ciphertext Enc (y, m). Output as sentence C.
- the ciphertext C of the present modification example is obtained by the terminal device 11 ′ in order to obtain from the key device 12 ′ response information for obtaining the decrypted value m ′ of the ciphertext Enc (y, m) through self-correction processing.
- 11 ′ is information given to the key device 12 ′.
- An example of the ciphertext C is information that disturbs the second ciphertext Enc (y, m).
- the “input information” disclosed in the references 3 to 5 and the like can be used as the ciphertext C (step S101 ′).
- the process proceeds to steps S102 to S104 described in the first embodiment.
- the terminal device 11 ′ performs these processes instead of the terminal device 11.
- the ciphertext C is transmitted to the key device 12 ′, and a notification device (not shown) that provides a line information notification function further transmits the line information x to the key device 12 ′.
- Step S105 ′ The line information x and the ciphertext C are input to the input unit 123 'of the key device 12'.
- the line information x is sent to the determination unit 125, and the ciphertext C is sent to the response unit 126 '(step S106').
- the process proceeds to steps S107 to S109 described in the first embodiment.
- the terminal device 11 'and the key device 12' perform these processes.
- the response unit 126 ′ uses the decryption key s read from the storage unit 121 and the input ciphertext C to obtain response information.
- the response information z is information for the terminal device 11 'to obtain the decoded value m' by self-correction processing.
- the “output information” disclosed in the references 3 to 5 and the like can be used as the response information z (step S110 ′).
- Response information z is input to the output unit 124 '.
- the output unit 124 ′ outputs the response information z (response information corresponding to the decoded value) to the line corresponding to the line information x (line information corresponding to the registered line information) with the terminal device 11 ′ as a destination ( Step S111 ').
- the response information z is input to the input unit 114 'of the terminal device 11' and sent to the decoding processing unit 115 '(step S112').
- the decoding processing unit 115 ' performs self-correction processing using the response information z, and obtains and outputs error information indicating that the decoded value m' or the decoded value m 'cannot be obtained (step S113').
- step S113 ' When error information is obtained in step S113 ', the decoding process may be terminated with an error, or the processes of steps S101' to S113 'may be executed again. In addition, when the decoded value m ′ cannot be obtained even after the processes of steps S101 ′ to S113 ′ are executed a predetermined number of times, the decoding process may be terminated with an error. Further, after it is determined that the line information x corresponds to any registered line information in the list List (step S108), the terminal device 11 ′ transmits the ciphertext C of the present modification to the key device 12 ′. (Step S101 ′′). If error information is obtained in step S113 ', the processes in steps S101' 'and S110' to S113 'may be executed again.
- step S101 ′′ when the decoded value m ′ cannot be obtained even after the processes of steps S101 ′′ and S110 ′ to S113 ′ are executed a predetermined number of times, the decoding process may be ended in error.
- step S101 ′′ is executed, the ciphertext C may not be output in step S101 ′.
- G and H are cyclic groups
- ⁇ h is a generator of cyclic group H
- the second ciphertext Enc (y, m) is an element of group H
- f is the second ciphertext Enc (y, m) ⁇ .
- the response unit 126 ′ outputs z 1 and / or z 2 as response information z.
- z 1 f ( ⁇ 1 ) or z 1 ⁇ f ( ⁇ 1 )
- z 2 f ( ⁇ 2 ) or z 2 ⁇ f ( ⁇ 2 ).
- the response unit 126 ′ correctly calculates f ( ⁇ 1 ) with a probability larger than a certain probability, sets the obtained calculation result to z 1, and correctly calculates f ( ⁇ 2 ) with a probability larger than a certain probability. and, a calculation result obtained and z 2.
- the “certain probability” is a probability of less than 100%.
- the example of “certain probability” is a probability that cannot be ignored, and the example of “probability that cannot be ignored” is a case where a polynomial ⁇ (k) is a polynomial that is a broad monotone increasing function for the security parameter k. Of 1 / ⁇ (k) or more. That is, the response unit 126 ′ outputs a calculation result including an intentional or unintentional error.
- the decoding processing unit 115 ′ outputs error information indicating that the decoded value m ′ cannot be obtained.
- G is a cyclic group
- group H is a direct product group G ⁇ G of group G
- ⁇ g is a generator of cyclic group G
- Enc (y, m) (c 1 , c 2 ) ⁇ H
- f is A homomorphic decryption function for decrypting the second ciphertext Enc (y, m) ⁇ H with the decryption key s to obtain an element of the group G
- a random variable whose values in the group G are X 1 and X 2
- x 1 is a real value of the random variable X 1
- x 2 is a real value of the random variable X 2
- (V, W) is an element of the group H
- f (V, W) Y
- r 4 to r 7 are 0 or more
- the response unit 126 ′ outputs z 1 and / or z 2 as response information z.
- z 1 f ( ⁇ 1 ) or z 1 ⁇ f ( ⁇ 1 )
- z 2 f ( ⁇ 2 ) or z 2 ⁇ f ( ⁇ 2 ).
- a second embodiment of the present invention will be described.
- the second embodiment is a modification of the first embodiment.
- the key device stores a plurality of decryption keys
- information for specifying the decryption key, ciphertext, and line information are input to the key device, and the line information corresponds to the registered line information
- the key device identifies the decryption key from the information for identifying the decryption key, and decrypts the ciphertext.
- the key cloud system 2 of this embodiment includes a terminal device 21 and a key device 22.
- the terminal device 21 and the key device 22 are configured to be able to communicate through a public line having a line authentication function and a line information notification function.
- the terminal device 21 of this embodiment includes storage units 111 and 211, an output unit 213, an input unit 114, and a decoding processing unit 215.
- the key device 22 includes storage units 221 and 122, an input unit 223, an output unit 124, a determination unit 125, and a response unit 226.
- Each device is configured, for example, by reading a predetermined program into the above-described computer. Information output from each processing unit is stored in a temporary memory (not shown), read out as necessary, and used for processing of each processing unit.
- one terminal device 21 and one key device 22 are shown, but two or more terminal devices and key devices may exist. At this time, two or more terminal devices and key devices may be connected to the same line.
- a plurality of key pairs (y, s) of the encryption key y and the corresponding decryption key s are set in advance.
- a plurality of types of key pairs may be set for a single encryption method, or a plurality of types of key pairs may be set for a plurality of types of encryption methods.
- a certain encryption key y is stored in an encryption device (not shown), and a key list s-List composed of a plurality of types of set decryption keys s is safely stored in the storage unit 221 (key storage unit) of the key device 22. Stored.
- the ciphertext C is stored in the storage unit 111 of the terminal device 21 (FIG. 3), and the encryption key y used to generate the ciphertext C is stored in the storage unit 211 of the terminal device 21.
- Other assumptions are the same as in the first embodiment.
- the decryption processing unit 215 of the terminal device 21 (FIG. 3) reads the ciphertext C from the storage unit 111, reads the encryption key y from the storage unit 211, and specifies the ciphertext C and the encryption key y (decryption key). Information).
- the ciphertext C and the encryption key y are input to the output unit 213.
- the output unit 213 outputs the ciphertext C and the encryption key y to a predetermined public line with the key device 22 as a destination (step S201).
- the process proceeds to steps S102 to S104 described in the first embodiment.
- the terminal device 21 performs these processes instead of the terminal device 11.
- the ciphertext C and the encryption key y are transmitted to the key device 22, and a notification device (not shown) that provides a line information notification function receives the line information x.
- the data is transmitted to the key device 22 (step S205).
- the line information x, the ciphertext C, and the encryption key y are input to the input unit 223 of the key device 22.
- the line information x is sent to the determination unit 125, and the ciphertext C and the encryption key y are sent to the response unit 226 (step S206).
- the process proceeds to steps S107 to S109 described in the first embodiment.
- the terminal device 21 and the key device 22 perform these processes instead of the terminal device 11 and the key device 12.
- step S107 When it is determined in step S107 that the line information x corresponds to any registered line information in the list List (step S108), the response unit 226 uses the input encryption key y to store the storage unit 221 (key storage unit).
- the decryption key s (decryption key specified by the information for specifying the decryption key) corresponding to the encryption key y is read from the key list s-List stored in ().
- the response unit 226 decrypts the ciphertext C using the read decryption key s, and outputs the decrypted value m ′ obtained thereby (step S210). Thereafter, the process proceeds to steps S111 to S113 described in the first embodiment. However, the terminal device 21 and the key device 22 perform these processes instead of the terminal device 11 and the key device 12.
- This embodiment also has the characteristics of the first embodiment described above.
- a decryption key is used as “information for identifying a decryption key” as “information for identifying a decryption key” has been described.
- information that uniquely identifies a decryption key (such as a key identifier of the decryption key) instead of the decryption key. May be “information for specifying a decryption key”.
- the key cloud system 2 ′ of the present modification includes a terminal device 21 ′ and a key device 22 ′.
- the terminal device 21 ′ and the key device 22 ′ are configured to be able to communicate through a public line having a line authentication function and a line information notification function.
- the terminal device 21 ′ includes storage units 111 and 211, an output unit 213 ′, an input unit 214 ′, and a decoding processing unit 215 ′.
- the key device 22 ′ includes storage units 121 and 222, an input unit 223 ′, an output unit 224 ′, a determination unit 125, and a response unit 226 ′.
- Each device is configured, for example, by reading a predetermined program into the above-described computer. Information output from each processing unit is stored in a temporary memory (not shown), read out as necessary, and used for processing of each processing unit.
- one terminal device 21 'and one key device 22' are shown, but two or more terminal devices and key devices may exist. At this time, two or more terminal devices and key devices may be connected to the same line.
- the decoding process of this modification is demonstrated using FIG.
- the decryption processing unit 215 ′ of the terminal device 21 ′ (FIG. 3) reads the second ciphertext Enc (y, m) from the storage unit 111, reads the encryption key y from the storage unit 211, and the second ciphertext Enc.
- the ciphertext C which is information corresponding to (y, m), and the encryption key y (information for specifying the decryption key) are output.
- the ciphertext C of the present modification example is obtained by the terminal device 21 ′ in order to obtain response information for obtaining the decrypted value m ′ of the ciphertext Enc (y, m) from the key device 22 ′ by self-correction processing.
- 21 ′ is information given to the key device 22 ′.
- An example of the ciphertext C is as shown in the modification of the first embodiment.
- the ciphertext C and the encryption key y are input to the output unit 213 ′.
- the output unit 213 ′ outputs the ciphertext C and the encryption key y to a predetermined public line with the key device 22 ′ as a destination (step S201 ′).
- the process proceeds to steps S102 to S104 described in the first embodiment.
- the terminal device 21 ′ performs these processes instead of the terminal device 11.
- the ciphertext C and the encryption key y are transmitted to the key device 22 ′, and a notification device (not shown) that provides a line information notification function is connected to the line information x.
- a notification device (not shown) that provides a line information notification function is connected to the line information x.
- the line information x, ciphertext C, and encryption key y are input to the input unit 223 'of the key device 22'.
- the line information x is sent to the determination unit 125, and the ciphertext C and the encryption key y are sent to the response unit 226 '(step S206').
- the process proceeds to steps S107 to S109 described in the first embodiment.
- the terminal device 21 'and the key device 22' perform these processes.
- the response unit 226 ′ uses the input encryption key y to store the storage unit 221 (key storage).
- the decryption key s (decryption key specified by the information for specifying the decryption key) corresponding to the encryption key y is read from the key list s-List stored in the section).
- the response information z is information for the terminal device 21 'to obtain the decoded value m' by self-correction processing.
- An example of the response information z is as shown in the modification of the first embodiment (step S210 ').
- step S111 'to S113' described in the modification of the first embodiment.
- the terminal device 21 ′ and the key device 22 ′ perform these processes instead of the terminal device 11 ′ and the key device 12 ′.
- the decoding process may be terminated with an error, or the processes of steps S201' to S113 'may be executed again.
- the decoded value m ′ cannot be obtained even if the processes in steps S201 ′ to S113 ′ are executed a predetermined number of times, the decoding process may be terminated with an error.
- the terminal device 21 ′ transmits the ciphertext C of the present modification to the key device 22 ′.
- Step S201 '' If error information is obtained in step S113 ', the processes in steps S201 ", S210' to S113 'may be executed again. Further, when the decoded value m ′ cannot be obtained even after the processes of steps S201 ′′ and S210 ′ to S113 ′ are executed a predetermined number of times, the decoding process may be ended in error.
- step S201 '' is executed, the ciphertext C does not have to be output in step S201 '.
- a third embodiment of the present invention will be described.
- the third embodiment is a modification of the first embodiment.
- a re-encryption key is further input to the key device, and the key device returns information corresponding to the re-ciphertext obtained by re-encrypting the decrypted value of the ciphertext with the re-encryption key as response information.
- the re-encryption key is, for example, a random value obtained by the terminal device to which response information is input, and the terminal device holds a re-ciphertext decryption key for decrypting the re-ciphertext.
- the terminal device can obtain a decrypted value from the re-ciphertext using the re-ciphertext decryption key.
- the key cloud system 3 of this embodiment includes a terminal device 31 and a key device 32.
- the terminal device 31 and the key device 32 are configured to be able to communicate through a public line having a line authentication function and a line information notification function.
- the terminal device 31 of the present embodiment includes storage units 111 and 311, an output unit 313, an input unit 314, and a decoding processing unit 315.
- the key device 32 includes storage units 121 and 122, an input unit 323, an output unit 324, a determination unit 125, and a response unit 326. Each device is configured, for example, by reading a predetermined program into the above-described computer. Information output from each processing unit is stored in a temporary memory (not shown), read out as necessary, and used for processing of each processing unit.
- one terminal device 31 and one key device 32 are shown, but two or more terminal devices and key devices may exist. At this time, two or more terminal devices and key devices may be connected to the same line.
- the key pair generation unit 316 of the terminal device 31 re-encrypts the re-encryption key p (u) for re-encryption and the re-encryption key p (u).
- a re-ciphertext decryption key s (u) for decrypting the ciphertext is generated.
- the key pair generation unit 316 randomly generates a pair of the re-encryption key p (u) and the corresponding re-ciphertext decryption key s (u).
- the pair of the re-encryption key p (u) and the re-ciphertext decryption key s (u) may be, for example, a public / private key pair of public key cryptosystem, It may be a pair with a corresponding private key, a pair of a functional encryption method attribute vector and a corresponding private key, or a common key with a common common key encryption method.
- the pair of the re-encryption key p (u) and the re-ciphertext decryption key s (u) is stored (held) in the storage unit 311 (step S300).
- the decryption processing unit 315 reads the ciphertext C from the storage unit 111, reads the re-encryption key p (u) from the storage unit 311, and outputs the ciphertext C and the re-encryption key p (u).
- the ciphertext C and the re-encryption key p (u) are input to the output unit 313.
- the output unit 313 outputs the ciphertext C and the re-encryption key p (u) to a predetermined public line with the key device 32 as a destination (step S301).
- the process proceeds to steps S102 to S104 described in the first embodiment.
- the terminal device 31 performs these processes instead of the terminal device 11.
- the ciphertext C and the re-encryption key p (u) are transmitted to the key device 32, and a notification device (not shown) that provides a line information notification function is
- the line information x is transmitted to the key device 32 (step S305).
- the line information x, ciphertext C, and re-encryption key p (u) are input to the input unit 323 of the key device 32.
- the line information x is sent to the determination unit 125, and the ciphertext C and the re-encryption key p (u) are sent to the response unit 326 (step S306).
- the process proceeds to steps S107 to S109 described in the first embodiment.
- the terminal device 31 and the key device 32 perform these processes instead of the terminal device 11 and the key device 12.
- the response unit 326 decrypts the ciphertext C using the decryption key s stored in the storage unit 121, and Thereby, a decoded value m ′ is obtained.
- Enc ′ is an encryption function for encrypting the decrypted value m ′ using the re-encryption key p (u), and is, for example, a homomorphic function (step S310).
- the re-ciphertext R is input to the output unit 324.
- the output unit 324 has the terminal device 31 as the destination, and re-ciphertext R (response information corresponding to the decrypted value, in other words, re-encryption for the line corresponding to the line information x (line information corresponding to the registered line information).
- the response information corresponding to the re-ciphertext obtained by re-encrypting the decrypted value of the ciphertext with the encryption key is output (step S311).
- the re-ciphertext R is input to the input unit 314 of the terminal device 31 and sent to the decryption processing unit 315 (step S312).
- Dec ′ is a decryption function for decrypting the re-ciphertext R using the re-ciphertext decryption key s (u), and is, for example, a homomorphism function (step S313).
- This embodiment also has the characteristics of the first embodiment described above.
- the decrypted value obtained by the key device is re-encrypted and sent to the terminal device, it is possible to prevent the decrypted value from leaking to a third party.
- the validity of the terminal device connected to the key device using the line that has been successfully authenticated is guaranteed, this re-encryption is possible even if there is no certificate for the re-encryption key sent to the key device. The validity of the activation key is guaranteed.
- a configuration in which a pair of a re-encryption key and a re-ciphertext decryption key is not randomly generated may be used. Further, in this embodiment, a new pair of re-encryption key and re-ciphertext decryption key is generated each time decryption processing is performed, but a new pair of these keys is generated each time the decryption processing is performed a predetermined number of times. These key pairs may be newly generated each time a predetermined period elapses. These key pairs need not be updated. When the re-encryption key is held in the key device and the re-ciphertext decryption key is held in the terminal device, the re-encryption key may not be sent from the terminal device to the key device.
- the key cloud system 3 ′ of the present modification includes a terminal device 31 ′ and a key device 32 ′.
- the terminal device 31 ′ and the key device 32 ′ are configured to be communicable through a public line having a line authentication function and a line information notification function.
- the terminal device 31 ′ of this modification includes storage units 111 and 311, an output unit 313 ′, an input unit 314 ′, and a decoding processing unit 315 ′.
- the key device 32 ' includes storage units 121 and 122, an input unit 323', an output unit 324 ', a determination unit 125, and a response unit 326'.
- Each device is configured, for example, by reading the aforementioned program.
- Information output from each processing unit is stored in a temporary memory (not shown), read out as necessary, and used for processing of each processing unit.
- FIG. 5 shows one terminal device 31 ′ and one key device 32 ′, there may be two or more terminal devices and key devices. At this time, two or more terminal devices and key devices may be connected to the same line.
- the terminal device 31 ′ executes the process of step S300 described in the third embodiment.
- the decryption processing unit 315 ′ reads the second ciphertext Enc (y, m) from the storage unit 111, reads the re-encryption key p (u) from the storage unit 311, and reads the second ciphertext Enc (y , M), the ciphertext C and the re-encryption key p (u) are output.
- the re-ciphertext R is obtained by re-encrypting the decrypted value m ′ of the cipher text Enc (y, m) with the re-encryption key p (u).
- An example of the ciphertext C is as shown in the modification of the first embodiment (step S301 ′).
- the process proceeds to steps S102 to S104 described in the first embodiment.
- the terminal device 31 ′ performs these processes instead of the terminal device 11.
- the ciphertext C and the re-encryption key p (u) are transmitted to the key device 32 ′, and a notification device (not shown) that provides a line information notification function is also provided.
- the line information x is transmitted to the key device 32 ′ (step S305 ′).
- the line information x, ciphertext C and re-encryption key p (u) are input to the input unit 323 'of the key device 32'.
- the line information x is sent to the determination unit 125, and the ciphertext C and the re-encryption key p (u) are sent to the response unit 326 '(step S306').
- the process proceeds to steps S107 to S109 described in the first embodiment.
- the terminal device 31 ′ and the key device 32 ′ perform these processes instead of the terminal device 11 and the key device 12.
- the response unit 326 ′ determines the decryption key s read from the storage unit 121, the input ciphertext C, and the re-encryption key p.
- the response information z is generated and output.
- a specific example of the response information z is a homomorphism for re-encrypting the decrypted value m ′ obtained by decrypting the second ciphertext Enc (y, m) with the decryption key s with the re-encryption key p (u). Except for the sex function to be f, it is as shown in the modification of the first embodiment (step S310 ′).
- Response information z is input to the output unit 324 '.
- the output unit 324 ′ outputs the response information z (response information corresponding to the decoded value) to the line corresponding to the line information x (line information corresponding to the registered line information) with the terminal device 31 ′ as a destination ( Step S311 ′).
- the response information z is input to the input unit 314 'of the terminal device 31' and sent to the decoding processing unit 315 '(step S312').
- the decryption processing unit 315 ′ performs self-correction processing using the response information z, and obtains error information indicating that the re-ciphertext R or the re-ciphertext R cannot be obtained.
- the decryption processing unit 315 ′ that has obtained the re-ciphertext R reads the re-ciphertext decryption key s (u) from the storage unit 311 and decrypts the re-ciphertext R using the re-ciphertext decryption key s (u).
- the decoded value m ′ obtained thereby is output.
- the decoding processing unit 315 'that has obtained the error information outputs the error information (step S313').
- step S313 ' When error information is obtained in step S313 ', the decoding process may be terminated with an error, or the processes in steps S300 to S313' may be executed again. In addition, if the decoded value m ′ cannot be obtained even after the processes of steps S300 to S313 ′ are executed a predetermined number of times, the decoding process may be terminated with an error. Also, after it is determined that the line information x corresponds to any registered line information in the list List (step S108), the terminal device 31 ′ transmits the ciphertext C of the present modification to the key device 32 ′. (Step S301 ′′). If error information is obtained in step S313 ', the processes in steps S301 "and S310' to S313 'may be executed again.
- step S301 ′′ when the decoded value m ′ cannot be obtained even after the processes of steps S301 ′′ and S310 ′ to S313 ′ are executed a predetermined number of times, the decoding process may be ended in error.
- step S301 ′′ is executed, the ciphertext C may not be output in step S301 ′.
- the fourth embodiment is a modification of the first embodiment.
- the registered line information is hierarchical line information
- the registered line information is information corresponding to any hierarchical line information
- the ciphertext is encrypted according to the hierarchical ID-based encryption method.
- the decryption value is a value obtained by decrypting the ciphertext with the decryption key corresponding to the identifier including the line information.
- Hierarchical line information means hierarchical line information having a tree structure.
- Hierarchical line information belonging to the lower layer of the hierarchical line information x alpha x beta (although, alpha, beta is a positive integer) is information obtained by adding information to the hierarchical line information x alpha.
- the hierarchical line information x beta including all hierarchical line information x alpha belonging to the upper layer. That is, the hierarchical line information x alpha belonging to the upper hierarchy of the hierarchical line information x beta is formed of a part of information of the hierarchical line information x beta.
- Specific examples of the hierarchical line information x ⁇ is, e-mail address, department name, and the like.
- hierarchical line information x alpha elements chi 1, ..., a tuple x alpha consists ⁇ ⁇ ( ⁇ 1, ..., ⁇ ⁇ ) is denoted by.
- the hierarchical ID-based encryption method is a kind of ID-based encryption method, and uses hierarchical information having a tree structure as an identifier.
- a person who knows a secret key corresponding to an identifier belonging to an upper layer can decrypt a ciphertext encrypted with the identifier belonging to the lower layer.
- Hierarchical ID-based cryptography itself is known, and details thereof are described in, for example, Reference 6 (Boneh, Boyen, Goh, “Hierarchial Identity Based Encryption with Constant Size Ciphertext,” Advances in Cryptology-EUROCRYPT 2005, LNCS 3494, pages 440-456, Springer, 2005.) and Reference 7 (Japanese Patent Laid-Open No. 2010-154193).
- a hierarchical ID-based encryption scheme can be configured using hierarchical line information as an identifier.
- Such a hierarchical ID-based encryption scheme is defined by the following functions setup, keygen, enc, and dec.
- the function setup takes 1 ⁇ as input and outputs a parameter params and a master secret key master key ⁇ KEY.
- ⁇ is a security parameter that is a positive integer
- params includes information representing a plaintext space, information representing a ciphertext space, and information representing a key space KEY.
- Function keygen as input parameters params, hierarchical line information or identifier x ⁇ is the information that belongs to the lower layer, the secret key s ⁇ ⁇ KEY corresponding to the identifier x hierarchical line information x belonging to the upper layer of ⁇ ⁇
- the secret key s ⁇ ⁇ KEY corresponding to the hierarchical line information x ⁇ is output. It should be noted that the secret key s ⁇ can also be obtained parameters params, the master secret key master key, from the identifier x ⁇ .
- Function enc the parameter params, and the plaintext m, the hierarchical line information x alpha inputs, the hierarchical line information x alpha is the identifier, in accordance with the hierarchical ID-based cryptosystem, the ciphertext obtained by encrypting plaintext m C enc (x ⁇ , m) is output.
- enc is an encryption function of a hierarchical ID-based encryption method.
- dec is a decryption function of the hierarchical ID-based encryption method.
- the key cloud system 4 of this embodiment includes a terminal device 41, a key device 42, and a key generation device 43.
- the terminal device 41 and the key device 42 are configured to be able to communicate through a public line having a line authentication function and a line information notification function.
- the key device 42 and the key generation device 43 are configured to be able to communicate with each other.
- the terminal device 41 of this embodiment includes a storage unit 411, an output unit 413, an input unit 114, and a decoding processing unit 415.
- the key device 42 includes storage units 421 and 422, an input unit 423, an output unit 424, a determination unit 425, a response unit 426, and a decryption key acquisition unit 427.
- Each device is configured, for example, by reading a predetermined program into the above-described computer. Information output from each processing unit is stored in a temporary memory (not shown), read out as necessary, and used for processing of each processing unit.
- one terminal device 41, one key device 42, and one key generation device 43 are illustrated, but there may be two or more terminal devices, key devices, and key generation devices. At this time, two or more terminal devices and key devices may be connected to the same line.
- each line of the public line has a hierarchical structure, and line information corresponding to each line is hierarchical line information.
- line information corresponding to each line is hierarchical line information.
- a hierarchical line is assigned to each hierarchy such as an organization, and line information corresponding to a line used in each hierarchy is hierarchical line information.
- the parameters params and master secret key master key described above are set in the key generation device 43, and the parameters params are set in the decryption processing unit 415 of the terminal device 41 and the response unit 426 of the key device 42.
- certain hierarchical line information or information on the upper layer thereof is set as an identifier K, and a secret key s K corresponding to the identifier K is stored as a decryption key in the storage unit 421 (key storage unit) of the key device 42.
- the identifier K is hierarchical layer information corresponding to the line used by the administrator or information on the upper layer of the hierarchical line information corresponding to the line managed by the administrator.
- Circuit information of the hierarchical line information x j or lower layer terminal 41 is used (although, i, j is a positive integer) the identifier x i, using the function enc, obtained by encrypting the plaintext m
- the ciphertext C enc (x i , m) is stored in the storage unit 411 of the terminal device 41.
- a list List of registered line information (registered line information corresponding to any hierarchical line information) corresponding to any line for which the decoding service is permitted is set in advance. It is stored in the storage unit 422 (registered line storage unit) of the key device 42.
- the registered line information may be the hierarchical line information itself for which the decoding service is permitted, or may be information uniquely determined with respect to the hierarchical line information for which the decoding service is permitted.
- the decoding process according to this embodiment will be described with reference to FIG.
- the decryption processing unit 415 of the terminal device 41 (FIG. 7) reads the ciphertext C from the storage unit 411 and outputs the ciphertext C.
- the ciphertext C is input to the output unit 413.
- the output unit 413 outputs the ciphertext C to a predetermined public line with the key device 42 as a destination (step S401).
- the hierarchical line information x j of the line from which the ciphertext C is output is sent to an authentication device (not shown) that provides a line authentication function, and the authentication device performs line authentication using the hierarchical line information x j. This is performed (step S402). If the line authentication has failed (step S403), error information is transmitted to the terminal device 41. The transmitted error information is input to the input unit 114 and sent to the decoding processing unit 415, and the decoding processing unit 415 ends the decoding process (step S104).
- step S403 the ciphertext C is transmitted to the key device 42, and a notification device (not shown) that provides a line information notification function receives the hierarchical line information xj .
- the data is transmitted to the key device 42 (step S405).
- the hierarchical line information xj and the ciphertext C are input to the input unit 423 of the key device 42.
- Hierarchical line information x j input to the input unit 423 is information corresponding to a line of successful access authentication.
- Hierarchical line information x j is sent to the judging unit 425, the ciphertext C is transmitted to the response unit 426 (step S406).
- Determination unit 425 determines whether the hierarchical line information x j corresponds to one of the registration line information list List stored in the storage unit 422. For example, if the registration line information is hierarchical circuit information itself, that list List to determine whether including the hierarchical line information x j, hierarchical line information x j is in any of the registration line information list List Judge whether it corresponds. Alternatively, for example, by hierarchical line information x j to determine whether including the hierarchical line information corresponding to one of the registration line information of list List, registration hierarchical line information x j is either list List It may be determined whether the line information is supported.
- Hierarchical line information x j corresponds to any registered line information in the list List
- hierarchical line information x j includes hierarchical line information corresponding to the registered line information”. May be.
- “the hierarchical line information x j corresponds to one of the registration line information of list List” is "tiered line information x j is hierarchical corresponding to any of the registration line information list List It may be “belonging to the lower hierarchy of the line information or the hierarchical line information corresponding to the registered line information”.
- the decryption key acquisition unit 427 obtains the secret key s xi corresponding to the identifier x i. Extract as a decryption key.
- the subscript “xi” represents “x i ”. Since x i is information of x j or its lower layer, x i is information including x j . That decryption key acquisition unit 427 extracts the secret key s xi corresponding to the identifier x i comprising hierarchical line information x j as a decryption key.
- the decryption key acquisition unit 427 extracts a secret key s xi needs to have the decryption key acquisition unit 427 identifies an identifier x i.
- the decryption key acquisition unit 427 cannot identify the identifier x i only from the hierarchical line information x j .
- x i may be transmitted from the terminal device 41 to the key device 42 together with the ciphertext C, whereby the determination unit 425 may identify x i .
- the decryption key acquisition unit 427 may also identify the x i to obtain the public identifier x i (step S407).
- the decryption key acquisition unit 427 does not extract the decryption key.
- Step S407 Details of Step S407 >> FIG. 9 is used to illustrate the details of step S407.
- Determination unit 425 determines whether the hierarchical line information x j corresponds to one of the registration line information of list List of (e.g., list List contains a hierarchical line information x j) (step S4071). If hierarchical line information x j is determined not to correspond to any of the registration line information list List, as the authentication of the decryption authority fails, the process of step S407 is completed.
- list List of e.g., list List contains a hierarchical line information x j
- the decryption key acquisition unit 427 uses the input identifier x i and the secret key s K read from the storage unit 421.
- the key is output to the key generation device 43 (step S4075).
- the key generation apparatus 43 using an identifier x i and a secret key s K are parameters params and the input, the function keygen, generates and outputs a secret key s xi corresponding to the identifier x i.
- the secret key s xi is input to the decryption key acquisition unit 427 (step S4076).
- the decryption key acquisition unit 427 uses the input secret key s xi as the decryption key, and the authentication of the decryption authority is successful, and ends the process of step S407 (step S4077) ( ⁇ Details of step S407 >>) ).
- step S407 If the decryption authority authentication fails in step S407 (step S408), error information is transmitted from the output unit 424.
- the transmitted error information is input to the input unit 114 of the terminal device 41 and sent to the decoding processing unit 415, and the decoding processing unit 415 ends the decoding process (step S109).
- step S408 when the authentication of the decryption authority is successful in step S407 (step S408), the response unit 426 decrypts the ciphertext C using the extracted decryption key s xi and the decrypted value m obtained thereby. 'Is output (step S410).
- the decoded value m ′ is input to the output unit 424.
- the output unit 424 outputs the decoded value m ′ (response information corresponding to the decoded value) to the line corresponding to the hierarchical line information x j (line information corresponding to the registered line information) with the terminal device 41 as the destination. (Step S411). Thereafter, the process proceeds to steps S112 and S113 described in the first embodiment. However, the terminal device 41 performs these processes instead of the terminal device 11.
- the line information is set as hierarchical line information
- the registered line information is set as information corresponding to any hierarchical line information
- the information encrypted according to the hierarchical ID-based encryption method is decrypted.
- the decrypted value is obtained by decrypting the ciphertext with the decryption key corresponding to the identifier including the line information as ciphertext. This makes it possible to manage the decryption authority according to the line hierarchical structure.
- step S407 For example, if the decoding authority is given when the line information corresponding to the used line belongs to the lower layer of the hierarchical line information corresponding to the registered line information in step S407, the determination in step S407 is performed for the hierarchical line information of a certain upper layer.
- the determination process can be simplified as compared with the case where the presence / absence of the decryption authority is determined for each line information, and the data amount of the registered line information to be managed by the key device can be reduced.
- the decryption authority can be managed hierarchically, it is possible to suppress human error at the time of setting the key device, such as setting error of registered line information and missed setting.
- the key cloud system 4 ′ of the present modification includes a terminal device 41 ′ and a key device 42 ′.
- the terminal device 41 ′ and the key device 42 ′ are configured to be able to communicate through a public line having a line authentication function and a line information notification function.
- the terminal device 41 ′ of this modification includes a storage unit 411, an output unit 413 ′, an input unit 414 ′, and a decoding processing unit 415 ′.
- the key device 42 ′ includes storage units 421 and 422, an input unit 423 ′, an output unit 424 ′, a determination unit 425, and a response unit 426 ′.
- Each device is configured, for example, by reading the aforementioned program.
- Information output from each processing unit is stored in a temporary memory (not shown), read out as necessary, and used for processing of each processing unit.
- one terminal device 41 ′, one key device 42 ′, and one key generation device 43 ′ are illustrated. However, two or more terminal devices, key devices, and key generation devices may exist. . At this time, two or more terminal devices and key devices may be connected to the same line.
- ⁇ Decryption process> The decoding process of this modification is demonstrated using FIG. Terminal 41 and the second ciphertext enc (x i, m) from the storage unit 411 'decryption processing unit 415 (FIG. 7)' reads the information corresponding to the second ciphertext enc (x i, m) Output as ciphertext C.
- the ciphertext C of the present modification example is obtained by the terminal device 41 ′ in order to obtain response information from the key device 42 ′ for obtaining the decrypted value m ′ of the ciphertext enc (x i , m) through self-correction processing. This is information that the device 41 ′ gives to the key device 42 ′.
- An example of the ciphertext C is a ciphertext C obtained by replacing Enc (y, m) with enc (x i , m) in the modification of the first embodiment (step S401 ′).
- the process proceeds to steps S402, S403, and S104 described in the first and fourth embodiments.
- the terminal device 41 ′ performs these processes instead of the terminal devices 11 and 41.
- the ciphertext C is transmitted to the key device 42 ', and a notification device (not shown) that provides a line information notification function uses the hierarchical line information xj as a key. It transmits to apparatus 42 '(step S405').
- the hierarchical line information x j and the ciphertext C are input to the input unit 423 ′ of the key device 42 ′.
- Hierarchical line information x j is sent to the judging unit 425, the ciphertext C is the response portion 426 'is transmitted (step S406').
- the process proceeds to steps S407, S408, and S109 described in the first and fourth embodiments.
- the terminal device 41 ′ and the key device 42 ′ perform these processes.
- the response unit 426 ′ If the authentication of the decryption authority is successful in step S407 (step S408), the response unit 426 ′ generates and outputs response information z using the extracted decryption key s xi and the input ciphertext C. To do.
- the response information z is information for the terminal device 41 ′ to obtain the decoded value m ′ by self-correction processing.
- An example of the response information z is the response information z obtained by replacing Enc (y, m) with enc (x i , m) in the modification of the first embodiment (step S410 ′).
- the response information z is input to the output unit 424 ′.
- the output unit 424 ′ sends the response information z (response information corresponding to the decoded value) to the line corresponding to the hierarchical line information x j (line information corresponding to the registered line information) with the terminal device 41 ′ as the destination.
- Output step S411 '. Thereafter, the process proceeds to steps S112 ′ and S113 ′ described in the modification of the first embodiment. However, the terminal device 41 ′ performs these processes instead of the terminal device 11 ′.
- the present invention is not limited to the above-described embodiment.
- communication between the terminal device and the key device is performed through the public line.
- communication between the terminal device and the key device may be performed via a private line instead of a public line, and line information and hierarchical line information may be information corresponding to a private line.
- the key device when the decryption authority authentication is successful (“Yes” in steps S108 and S408), the key device generates and outputs response information. However, regardless of whether or not the decryption authority authentication is successful, response information is generated, and when the decryption authority authentication is successful, the key device outputs the response information, and the decryption authority authentication has failed. In this case, the key device may not output response information.
- the key device when authentication of the decryption authority is successful, the key device outputs correct response information to the terminal device, and when authentication of the decryption authority is unsuccessful, the key device returns dummy information (incorrect response information, In other words, response information that does not correspond to the decrypted value of the ciphertext may be output to the terminal device.
- dummy information is a random value.
- the decryption key corresponding to the line information corresponding to the line used by the terminal device is used.
- the decryption key corresponding to the line information corresponding to the line used by the terminal device may be used. That is, the decrypted value may be a value obtained by decrypting the ciphertext with the decryption key corresponding to the line information.
- decryption keys corresponding to line information are: a secret key for public key cryptography when line information is used as a public key, a secret key for ID-based cryptography using line information as an identifier, and a common key using line information as a key identifier. They are a common key for key encryption, a secret key for function encryption using line information as an attribute vector, and the like.
- the re-encryption process and the re-encrypted text decryption process described in the third embodiment and its modifications may be performed. That is, the hierarchical line information described in the fourth embodiment and its modification is used as the line information of the third embodiment and its modification, and the fourth embodiment is used as the decryption key of the third embodiment and its modification. Alternatively, a decryption key corresponding to the hierarchical line information described in the modification example may be used.
- the encryption key may be selected as in the second embodiment and its modifications. That is, the decryption key of the second embodiment or its modification may be used as the decryption key of the third embodiment or its modification.
- the line information for line authentication is stored in the key device. It is determined whether or not response information corresponding to the decrypted value of the ciphertext is output by determining whether the line information corresponds to any registered line information included in the list by the key device.
- the key device may be difficult for the key device to identify the user from the line information for line authentication, and it is possible to manage the decryption authority using the line information for line authentication. It can be difficult.
- line information such as IMEI and IMSI is used for line authentication, but it may be difficult for the key device to manage the decryption authority using IMEI or IMSI.
- a FLET'S number is used for line information for NGN line authentication, it may be difficult for the key device to manage the decryption authority using this FLET's number.
- management using general line information such as a highly versatile telephone number is often easier. Therefore, when a plurality of pieces of line information are associated with one line, a part of the line information (for example, IMEI, IMSI, FLET'S number, MAC address, etc.) is used for line authentication.
- Line information (general line information or the like) associated with (corresponding to) the line information used for line authentication may be used for managing the decryption authority. That is, when the line authentication in the authentication device is successful, the line information used for the line authentication is sent to the key device, and another line linked to the line information used for the line authentication is used. Information (ID information) or line information used for line authentication and other line information associated therewith are transmitted to the key device. The key device determines whether the other line information, or the line information used for line authentication and the other line information corresponds to any registered line information included in the list, thereby It is determined whether to output response information corresponding to the decoded value.
- ID information Information
- the key device determines whether the other line information, or the line information used for line authentication and the other line information corresponds to any registered line information included in the list, thereby It is determined whether to output response information corresponding to the decoded value.
- the registered line information in this case may be other line information associated with the line information for which the decryption service is permitted, or information that is uniquely determined with respect to the other line information.
- it may be a set of line information for which the decryption service is permitted and other line information associated therewith, or information uniquely determined for the set.
- the processing contents of the functions that each device should have are described by a program.
- the above processing functions are realized on the computer.
- the program describing the processing contents can be recorded on a computer-readable recording medium.
- An example of a computer-readable recording medium is a non-transitory recording medium. Examples of such a recording medium are a magnetic recording device, an optical disk, a magneto-optical recording medium, a semiconductor memory, and the like.
- This program is distributed, for example, by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.
- a computer that executes such a program first stores a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. When executing the process, this computer reads a program stored in its own recording device and executes a process according to the read program. As another execution form of the program, the computer may read the program directly from the portable recording medium and execute processing according to the program, and each time the program is transferred from the server computer to the computer. The processing according to the received program may be executed sequentially.
- the above-described processing may be executed by a so-called ASP (Application Service Provider) type service that does not transfer a program from the server computer to the computer but implements a processing function only by the execution instruction and result acquisition. Good.
- ASP Application Service Provider
- At least a part of the processing functions of the above embodiment may be realized by hardware.
- [Appendix] The above-described embodiments and modifications thereof support the configurations of the following items.
- [Item 1] A registered line storage unit that stores registered line information corresponding to any of the lines; An input unit for inputting ciphertext and line information; A response unit that generates response information corresponding to the decrypted value of the ciphertext; An output unit that outputs the response information when the line information corresponds to the registered line information.
- [Item 2] Item 1 key device, The output unit outputs the response information to a line corresponding to the line information corresponding to the registered line information; A key device characterized by that.
- Item 3 Item 1 or 2 key device,
- the line is capable of line authentication,
- the line information input to the input unit is information corresponding to a line that has been successfully authenticated.
- the key device according to any one of items 1 to 3, A key storage unit for storing a plurality of decryption keys; Information for specifying the decryption key is further input to the input unit,
- the decryption value is a value obtained by decrypting the ciphertext with a decryption key specified by information for specifying the decryption key.
- a key device characterized by that.
- the key device according to any one of items 1 to 4, The re-encryption key is further input to the input unit, The response information is information corresponding to a re-ciphertext obtained by re-encrypting a decrypted value of the ciphertext with the re-encryption key.
- Item 6 Item 5 key device, The re-encryption key is a random value obtained by a terminal device to which the response information is input, The terminal device holds a re-ciphertext decryption key for decrypting the re-ciphertext; A key device characterized by that.
- the key device according to any one of items 1 to 6,
- the decrypted value is a value obtained by decrypting the ciphertext with a decryption key corresponding to the line information.
- [Item 8] The key device according to any one of items 1 to 7,
- the line information is hierarchical line information;
- the registered line information is information corresponding to any hierarchical line information,
- the ciphertext is encrypted according to a hierarchical ID-based encryption scheme,
- the decryption value is a value obtained by decrypting the ciphertext with a decryption key corresponding to an identifier including the line information.
- Item 8 key device That the line information corresponds to the registered line information is that the line information belongs to a hierarchical line information corresponding to the registered line information or a lower layer of the hierarchical line information corresponding to the registered line information.
- the key device according to any one of items 1 to 9 The ciphertext is information corresponding to the second ciphertext,
- the response information is information for obtaining a re-encrypted text obtained by re-encrypting the decrypted value of the second cipher text or the decrypted value of the second cipher text by self-correction processing.
- a key device characterized by that.
- a key device and a terminal device The key device stores registered line information corresponding to any line, The key device receives the ciphertext output from the terminal device and line information corresponding to the line to which the terminal device is connected, The key device outputs response information corresponding to a decrypted value of the ciphertext when the line information corresponds to the registered line information; A key cloud system characterized by this.
- Registered line information corresponding to any line is stored in the registered line storage unit, Accept ciphertext and line information at the input section, When the line information corresponds to the registered line information, output response information corresponding to the decrypted value of the ciphertext from the output unit, A decoding method characterized by the above.
- [Item 13] A program for causing a computer to function as the key device according to any one of items 1 to 10.
- item 14 A computer-readable recording medium storing a program for causing a computer to function as the key device according to any one of items 1 to 10.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
Description
[第1実施形態]
本発明の第1実施形態を説明する。
<構成>
本形態の構成を説明する。図1に例示するように、本形態の鍵クラウドシステム1は、端末装置11と鍵装置12とを有する。端末装置11と鍵装置12とは、回線認証機能および回線情報通知機能を備える公衆回線を通じて通信可能に構成されている。
本形態では、暗号化鍵yとそれに対応する復号鍵sとの鍵ペア(y,s)が事前に設定される。鍵ペア(y,s)は、例えば、公開鍵暗号方式の公開鍵と秘密鍵との鍵ペアでもよいし、IDベース暗号方式の識別子とそれに対応する秘密鍵とのペアでもよいし、関数型暗号方式の属性ベクトルとそれに対応する秘密鍵とのペアでもよいし、互いに等しい共通鍵暗号方式の共通鍵であってもよい。暗号化鍵yは図示していない暗号化装置に格納され、復号鍵sは鍵装置12(図1)の記憶部121(鍵記憶部)に安全に格納される。図示していない暗号化装置は、暗号化鍵yを用いて平文mを暗号化した暗号文C=Enc(y,m)を生成し、暗号文Cは端末装置11(図1)の記憶部111に格納される。
図2を用いて本形態の復号処理を説明する。端末装置11(図1)の復号処理部115は記憶部111から暗号文Cを読み込み、暗号文Cを出力する。暗号文Cは出力部113に入力される。出力部113は、鍵装置12を宛先とし、公衆回線の所定の回線に対して暗号文Cを出力する(ステップS101)。
本形態では回線ごとに復号権限を与えるため、同一の回線に複数個の端末装置が接続される場合であっても、端末装置ごとに復号権限を与える必要はない。また、回線に対して復号権限を与えるため、本システム専用の設定を行う前の端末装置に対しても復号権限を与えることができる。すなわち、本形態の復号処理機能を実行するためのプログラムを端末装置にインストールする前であっても、その端末装置が使用する回線に対応する回線情報を特定することはでき、その回線に対応する登録回線情報を含むリストを鍵装置に格納することができる。また、鍵装置に入力される回線情報xは公衆回線での回線認証に成功したものである。そのため、この回線情報xに対応する回線を利用して鍵装置に接続してきた端末装置の正当性が保証される。
第1実施形態の変形例として、自己訂正技術を用いたクラウド鍵管理型の復号が行われてもよい。自己訂正技術とは、必ずしも正しい計算結果を出力するとは限らない計算機やシステムを用いて常に正しい計算を行う(正しい計算結果を出力する計算機を用いた場合に正しい計算結果を出力し、必ずしも正しい結果を出力するとは限らない計算機を用いた場合に、正しい計算結果を得るか、または計算できない旨の結果を得る)技術である。この変形例の場合、端末装置は、暗号化鍵を用いて平文mを暗号化して得られた第2暗号文に対応する情報を暗号文Cとして鍵装置に送信し、鍵装置は、回線情報が登録回線情報に対応する場合に、復号鍵を用いて第2暗号文を復号して得られる復号値を端末装置が自己訂正処理によって得るための応答情報を送信し、当該端末装置は当該応答情報を用いて復号値m’を得る。自己訂正技術自体は公知技術であり、例えば、参考文献3(国際公開WO/2012/057134号公報)、参考文献4(国際公開WO/2011/086992号公報)、および参考文献5(国際公開WO/2012/121152号公報)等に開示されている。以下では、これまで説明した事項との相違点を中心に説明し、これまで説明した事項については同じ参照番号を用い、説明を省略する。
本変形例の構成を説明する。図1に例示するように、本変形例の鍵クラウドシステム1’は、端末装置11’と鍵装置12’とを有する。端末装置11’と鍵装置12’とは、回線認証機能および回線情報通知機能を備える公衆回線を通じて通信可能に構成されている。
第1実施形態と同じである。
図2を用いて本変形例の復号処理を説明する。端末装置11’(図1)の復号処理部115’は、記憶部111から第2暗号文Enc(y,m)を読み込み、当該第2暗号文Enc(y,m)に対応する情報を暗号文Cとして出力する。本変形例の暗号文Cは、端末装置11’が自己訂正処理によって暗号文Enc(y,m)の復号値m’を得るための応答情報を鍵装置12’から取得するために、端末装置11’が鍵装置12’に与える情報である。暗号文Cの例は、第2暗号文Enc(y,m)をかく乱した情報である。例えば、参考文献3~5等に開示された「入力情報」を暗号文Cとすることができる(ステップS101’)。
本変形例の暗号文Cおよび応答情報zの具体例を示す。この例では、G,Hが巡回群、μhが巡回群Hの生成元、第2暗号文Enc(y,m)が群Hの元、fが第2暗号文Enc(y,m)∈Hを復号鍵sで復号して群Gの元を得るための準同型性復号関数、X1,X2が群Gに値を持つ確率変数、x1が確率変数X1の実現値、x2が確率変数X2の実現値、r1,r2が0以上のランダムな自然数、a,bが互いに素である自然数である。a,bの一方が1などの定数であってもよい。
本変形例の暗号文Cおよび応答情報zの具体例を示す。この例では、Gが巡回群、群Hが群Gの直積群G×G、μgが巡回群Gの生成元、Enc(y,m)=(c1,c2)∈H、fが第2暗号文Enc(y,m)∈Hを復号鍵sで復号して群Gの元を得るための準同型性復号関数、X1,X2が群Gに値を持つ確率変数、x1が確率変数X1の実現値、x2が確率変数X2の実現値、(V,W)が群Hの元、f(V,W)=Y、r4~r7が0以上の自然数の乱数、a,bが互いに素である自然数である。a,bの一方が1などの定数であってもよい。
本発明の第2実施形態を説明する。第2実施形態は第1実施形態の変形例である。本形態では、鍵装置が複数個の復号鍵を格納し、復号鍵を特定するための情報と暗号文と回線情報とが鍵装置に入力され、回線情報が登録回線情報に対応する場合に、鍵装置が復号鍵を特定するための情報から復号鍵を特定し、暗号文を復号する。以下では、これまで説明した事項との相違点を中心に説明し、これまで説明した事項については同じ参照番号を用い、説明を省略する。
本形態の構成を説明する。図3に例示するように、本形態の鍵クラウドシステム2は、端末装置21と鍵装置22とを有する。端末装置21と鍵装置22とは、回線認証機能および回線情報通知機能を備える公衆回線を通じて通信可能に構成されている。
本形態では、事前に、暗号化鍵yとそれに対応する復号鍵sとの鍵ペア(y,s)が複数種類設定される。単一の暗号化方式に対して複数種類の鍵ペアが設定されてもよいし、複数種類の暗号化方式に対して複数種類の鍵ペアが設定されてもよい。或る暗号化鍵yは図示していない暗号化装置に格納され、設定された複数種類の復号鍵sからなる鍵リストs-Listが鍵装置22の記憶部221(鍵記憶部)に安全に格納される。図示していない暗号化装置は、上述の或る暗号化鍵yを用いて平文mを暗号化した暗号文C=Enc(y,m)を生成する。暗号文Cは端末装置21(図3)の記憶部111に格納され、暗号文Cの生成に用いられた暗号化鍵yは、端末装置21の記憶部211に格納される。その他の前提は、第1実施形態と同じである。
図4を用いて本形態の復号処理を説明する。端末装置21(図3)の復号処理部215は、記憶部111から暗号文Cを読み込み、記憶部211から暗号化鍵yを読み込み、暗号文Cと暗号化鍵y(復号鍵を特定するための情報)とを出力する。暗号文Cと暗号化鍵yは出力部213に入力される。出力部213は、鍵装置22を宛先とし、公衆回線の所定の回線に対して暗号文Cと暗号化鍵yを出力する(ステップS201)。
本形態も前述した第1実施形態の特徴を備える。加えて本形態では、設定された複数種類の暗号化鍵の何れで暗号化された暗号文であっても復号を行うことができる。なお、本形態では、「復号鍵を特定するための情報」として復号鍵を用いる例を示したが、復号鍵に代えて、復号鍵を一義的に特定する情報(復号鍵の鍵識別子等)が「復号鍵を特定するための情報」であってもよい。
第2実施形態の変形例として、自己訂正技術を用いたクラウド鍵管理型の復号が行われてもよい。以下では、これまで説明した事項との相違点を中心に説明し、これまで説明した事項については同じ参照番号を用い、説明を省略する。
本変形例の構成を説明する。図3に例示するように、本変形例の鍵クラウドシステム2’は、端末装置21’と鍵装置22’とを有する。端末装置21’と鍵装置22’とは、回線認証機能および回線情報通知機能を備える公衆回線を通じて通信可能に構成されている。
第2実施形態と同じである。
図4を用いて本変形例の復号処理を説明する。端末装置21’(図3)の復号処理部215’は、記憶部111から第2暗号文Enc(y,m)を読み込み、記憶部211から暗号化鍵yを読み込み、当該第2暗号文Enc(y,m)に対応する情報である暗号文Cと暗号化鍵y(復号鍵を特定するための情報)とを出力する。本変形例の暗号文Cは、端末装置21’が自己訂正処理によって暗号文Enc(y,m)の復号値m’を得るための応答情報を鍵装置22’から取得するために、端末装置21’が鍵装置22’に与える情報である。暗号文Cの例は、第1実施形態の変形例で示した通りである。暗号文Cと暗号化鍵yは出力部213’に入力される。出力部213’は、鍵装置22’を宛先とし、公衆回線の所定の回線に対して暗号文Cと暗号化鍵yを出力する(ステップS201’)。
本発明の第3実施形態を説明する。第3実施形態は第1実施形態の変形例である。本形態では、鍵装置に再暗号化鍵がさらに入力され、鍵装置は再暗号化鍵で暗号文の復号値を再暗号化して得られる再暗号文に対応する情報を応答情報として返す。再暗号化鍵は、例えば、応答情報が入力される端末装置で得られたランダム値であり、端末装置は、再暗号文を復号するための再暗号文復号鍵を保持する。端末装置は、再暗号文復号鍵を用い、再暗号文から復号値を得ることができる。以下では、これまで説明した事項との相違点を中心に説明し、これまで説明した事項については同じ参照番号を用い、説明を省略する。
本形態の構成を説明する。図5に例示するように、本形態の鍵クラウドシステム3は、端末装置31と鍵装置32とを有する。端末装置31と鍵装置32とは、回線認証機能および回線情報通知機能を備える公衆回線を通じて通信可能に構成されている。
第1実施形態と同じである。
図6を用いて本形態の復号処理を説明する。まず、端末装置31(図5)の鍵ペア生成部316が、再暗号化のための再暗号化鍵p(u)と、再暗号化鍵p(u)を用いて再暗号化された再暗号文を復号するための再暗号文復号鍵s(u)とを生成する。例えば、鍵ペア生成部316は、再暗号化鍵p(u)とそれに対応する再暗号文復号鍵s(u)とのペアをランダムに生成する。再暗号化鍵p(u)と再暗号文復号鍵s(u)とのペアは、例えば、公開鍵暗号方式の公開鍵と秘密鍵との鍵ペアでもよいし、IDベース暗号方式の識別子とそれに対応する秘密鍵とのペアでもよいし、関数型暗号方式の属性ベクトルとそれに対応する秘密鍵とのペアでもよいし、互いに等しい共通鍵暗号方式の共通鍵であってもよい。再暗号化鍵p(u)と再暗号文復号鍵s(u)とのペアは、記憶部311に格納(保持)される(ステップS300)。
本形態も前述した第1実施形態の特徴を備える。加えて本形態では、鍵装置で得られた復号値が再暗号化されて端末装置に送られるため、復号値が第三者に漏洩することを抑制できる。また、回線認証に成功した回線を利用して鍵装置に接続してきた端末装置の正当性が保証されるため、鍵装置に送られた再暗号化鍵に対する証明書がなくても、この再暗号化鍵の正当性が保証される。再暗号化鍵と再暗号文復号鍵とのペアがランダムに生成される場合、再暗号化鍵と再暗号文復号鍵とを鍵装置で管理する必要がない。
第3実施形態の変形例として、自己訂正技術を用いたクラウド鍵管理型の復号が行われてもよい。以下では、これまで説明した事項との相違点を中心に説明し、これまで説明した事項については同じ参照番号を用い、説明を省略する。
本変形例の構成を説明する。図5に例示するように、本変形例の鍵クラウドシステム3’は、端末装置31’と鍵装置32’とを有する。端末装置31’と鍵装置32’とは、回線認証機能および回線情報通知機能を備える公衆回線を通じて通信可能に構成されている。
第1実施形態と同じである。
図6を用いて本変形例の復号処理を説明する。まず、端末装置31に代えて端末装置31’が第3実施形態で説明したステップS300の処理を実行する。次に、復号処理部315’は、記憶部111から第2暗号文Enc(y,m)を読み込み、記憶部311から再暗号化鍵p(u)を読み込み、当該第2暗号文Enc(y,m)に対応する情報である暗号文Cと再暗号化鍵p(u)とを出力する。本変形例の暗号文Cは、端末装置31’が自己訂正処理によって再暗号文R=Enc’(p(u),m’)を得るための応答情報を鍵装置32’から取得するために、端末装置31’が鍵装置32’に与える情報である。再暗号文Rは、暗号文Enc(y,m)の復号値m’を再暗号化鍵p(u)で再暗号化して得られるものである。暗号文Cの例は、第1実施形態の変形例で示した通りである(ステップS301’)。
本発明の第4実施形態を説明する。第4実施形態は第1実施形態の変形例である。本形態では、登録回線情報が階層型回線情報であり、登録回線情報が何れかの階層型回線情報に対応する情報であり、暗号文が階層型IDベース暗号方式に則って暗号化されたものであり、復号値が回線情報を含む識別子に対応する復号鍵で、暗号文を復号して得られる値である。以下では、これまで説明した事項との相違点を中心に説明し、これまで説明した事項については同じ参照番号を用い、説明を省略する。
階層型回線情報とは、木構造を持つ階層型の回線情報を意味する。階層型回線情報xαの下位階層に属する階層型回線情報xβ(ただし、α,βは正の整数)は、階層型回線情報xαに情報を付加した情報となる。言い換えると、階層型回線情報xβは、その上位階層に属する階層型回線情報xαをすべて含む。すなわち、階層型回線情報xβの上位階層に属する階層型回線情報xαは、階層型回線情報xβの一部の情報からなる。階層型回線情報xβの具体例は、メールアドレス、所属部署名などである。本形態では、階層型回線情報xαを要素χ1,...,χαからなるタプルxα=(χ1,...,χα)で表記する。例えば、階層型回線情報xαが“ntt.co.jp”であれば、xα=(jp,co,ntt)と表記する。xα=(χ1,...,χα)とxβ=(χ1’,...,χα’,...,χβ’)とに対してχ1=χ1’,...,χα=χα’(ただし、α<β)を満たす場合、xαはxβの上位階層に属し、xβはxαの下位階層に属する。このことを[xα]>[xβ]と表記する。例えば、“ntt.co.jp”を表すxα=(jp,co,ntt)は、“lab.ntt.co.jp”を表すxβ=(jp,co,ntt,lab)の上位階層に属し、このことを[xα]>[xβ]と表記する。また、階層型回線情報xα=(χ1,...,χα)とxα’=(χ1’,...,χα’)とに対してχ1=χ1’,...,χα=χα’を満たすことを[xα]=[xα’]と表記する。さらに、[xα]>[xβ]であるか[xα]=[xβ]であることを、[xα]≧[xβ]と表記する。
階層型IDベース暗号方式は、IDベース暗号方式の一種であり、木構造を持つ階層型の情報を識別子として用いる。階層型IDベース暗号方式では、上位階層に属する識別子に対応する秘密鍵を知っている者は、その下位階層に属する識別子で暗号化された暗号文を復号できる。階層型IDベース暗号方式自体は公知であり、その詳細は、例えば、参考文献6(Boneh, Boyen, Goh,“Hierarchial Identity Based Encryption with Constant Size Ciphertext,” Advances in Cryptology-EUROCRYPT 2005, LNCS 3494, pages 440-456, Springer, 2005.)や参考文献7(特開2010-154193号公報)などに記載されている。
階層型回線情報を識別子として階層型IDベース暗号方式を構成できる。このような階層型IDベース暗号方式は、以下の関数setup,keygen,enc,decで定義される。
関数setupは、1λを入力とし、パラメータparams,マスター秘密鍵master key∈KEYを出力する。ただし、λは正の整数であるセキュリティパラメータであり、paramsは、平文空間を表す情報、暗号文空間を表す情報、および鍵空間KEYを表す情報を含む。
関数keygenは、パラメータparams,階層型回線情報またはその下位階層に属する情報である識別子xβ,識別子xβの上位階層に属する階層型回線情報xαに対応する秘密鍵sα∈KEYを入力とし、階層型回線情報xβに対応する秘密鍵sβ∈KEYを出力する。なお、秘密鍵sβは、パラメータparams,マスター秘密鍵master key,識別子xβから得ることもできる。
関数encは、パラメータparams,平文m,階層型回線情報xαを入力とし、階層型回線情報xαを識別子とし、階層型IDベース暗号方式に則って、平文mを暗号化して得られる暗号文C=enc(xα,m)を出力する。ただし、encは階層型IDベース暗号方式の暗号化関数である。
関数decは、パラメータparams,暗号文C,秘密鍵sαを入力とし、階層型IDベース暗号方式に則って、秘密鍵sαで暗号文Cを復号して得られる復号値m’=dec(sα,C)を出力する。ただし、decは階層型IDベース暗号方式の復号関数である。
本形態の構成を説明する。図7に例示するように、本形態の鍵クラウドシステム4は、端末装置41と鍵装置42と鍵生成装置43とを有する。端末装置41と鍵装置42とは、回線認証機能および回線情報通知機能を備える公衆回線を通じて通信可能に構成されている。鍵装置42と鍵生成装置43とは互いに通信可能に構成されている。
本形態では、公衆回線の各回線が階層構造であり、各回線に対応する回線情報が階層型回線情報となっている。例えば、組織等の各階層に対して階層構造の回線が割り当てられ、各階層で使用する回線に対応する回線情報が階層型回線情報となっている。上述したパラメータparamsおよびマスター秘密鍵master keyが鍵生成装置43に設定され、パラメータparamsが端末装置41の復号処理部415および鍵装置42の応答部426に設定される。また、或る階層型回線情報またはその上位階層の情報を識別子Kとし、識別子Kに対応する秘密鍵sKが復号鍵として鍵装置42の記憶部421(鍵記憶部)に格納される。例えば、識別子Kは、管理者が使用する回線に対応する階層型回線情報や、その管理者が管理する回線に対応する階層型回線情報の上位階層の情報である。端末装置41が使用する回線の階層型回線情報xjまたはその下位階層の情報(ただし、i,jは正の整数)を識別子xiとし、関数encを用い、平文mを暗号化して得られる暗号文C=enc(xi,m)が、端末装置41の記憶部411に格納される。
図8を用いて本形態の復号処理を説明する。端末装置41(図7)の復号処理部415は記憶部411から暗号文Cを読み込み、暗号文Cを出力する。暗号文Cは出力部413に入力される。出力部413は、鍵装置42を宛先とし、公衆回線の所定の回線に対して暗号文Cを出力する(ステップS401)。
図9を用い、ステップS407の詳細を例示する。
判定部425は、階層型回線情報xjがリストListの何れかの登録回線情報に対応するか(例えば、リストListが階層型回線情報xjを含むか)を判定する(ステップS4071)。階層型回線情報xjがリストListの何れの登録回線情報にも対応しないと判定された場合、復号権限の認証が失敗したとして、ステップS407の処理が終了する。
本形態も前述した第1実施形態の特徴を備える。加えて本形態では、回線情報を階層型回線情報とし、登録回線情報を何れかの階層型回線情報に対応する情報とし、階層型IDベース暗号方式に則って暗号化されたものを復号対象の暗号文とし、回線情報を含む識別子に対応する復号鍵で当該暗号文を復号して復号値が得られる。これにより、回線の階層構造に応じた復号権限の管理が可能となる。例えば、ステップS407で使用回線に対応する回線情報が登録回線情報に対応する階層型回線情報の下位階層に属する場合に復号権限を与える場合、或る上位階層の階層型回線情報についてステップS407の判定を行うことで、その下位階層に属するすべての回線情報に対応する回線の復号権限の有無を判定できる。これにより、回線情報ごとに復号権限の有無を判定する場合に比べて判定処理を簡略化でき、さらに、鍵装置で管理すべき登録回線情報のデータ量を削減できる。さらに、階層的に復号権限を管理できるため、登録回線情報の設定誤りや設定の取りこぼしなどの、鍵装置の設定時における人為的誤りも抑制できる。
第4実施形態の変形例として、自己訂正技術を用いたクラウド鍵管理型の復号が行われてもよい。以下では、これまで説明した事項との相違点を中心に説明し、これまで説明した事項については同じ参照番号を用い、説明を省略する。
本変形例の構成を説明する。図7に例示するように、本変形例の鍵クラウドシステム4’は、端末装置41’と鍵装置42’とを有する。端末装置41’と鍵装置42’とは、回線認証機能および回線情報通知機能を備える公衆回線を通じて通信可能に構成されている。
第4実施形態と同じである。
図8を用いて本変形例の復号処理を説明する。端末装置41’(図7)の復号処理部415’は記憶部411から第2暗号文enc(xi,m)を読み込み、当該第2暗号文enc(xi,m)に対応する情報を暗号文Cとして出力する。本変形例の暗号文Cは、端末装置41’が自己訂正処理によって暗号文enc(xi,m)の復号値m’を得るための応答情報を鍵装置42’から取得するために、端末装置41’が鍵装置42’に与える情報である。暗号文Cの例は、第1実施形態の変形例でEnc(y,m)をenc(xi,m)に置換して得られる暗号文Cである(ステップS401’)。
本発明は上述の実施形態に限定されるものではない。例えば、上述の実施形態では公衆回線を通じて端末装置と鍵装置との間の通信が行われた。しかしながら、公衆回線ではなくプライベート回線を通じて端末装置と鍵装置との間の通信が行われ、回線情報や階層型回線情報がプライベート回線の回線に対応する情報であってもよい。
上記実施形態およびそれらの変形例は以下の各項目の構成をサポートしている。
[項目1]
何れかの回線に対応する登録回線情報を格納する登録回線記憶部と、
暗号文と回線情報とが入力される入力部と、
前記暗号文の復号値に対応する応答情報を生成する応答部と、
前記回線情報が前記登録回線情報に対応する場合に前記応答情報を出力する出力部と、を有する鍵装置。
[項目2]
項目1の鍵装置であって、
前記出力部は、前記登録回線情報に対応する前記回線情報に対応する回線に対して前記応答情報を出力する、
ことを特徴とする鍵装置。
[項目3]
項目1または2の鍵装置であって、
前記回線は回線認証可能であり、
前記入力部に入力される前記回線情報は、回線認証に成功した回線に対応する情報である、
ことを特徴とする鍵装置。
[項目4]
項目1から3の何れかの鍵装置であって、
複数個の復号鍵を格納する鍵記憶部をさらに有し、
前記入力部には、復号鍵を特定するための情報がさらに入力され、
前記復号値は、前記復号鍵を特定するための情報によって特定される復号鍵で前記暗号文を復号して得られる値である、
ことを特徴とする鍵装置。
[項目5]
項目1から4の何れかの鍵装置であって、
前記入力部には、再暗号化鍵がさらに入力され、
前記応答情報は、前記再暗号化鍵で前記暗号文の復号値を再暗号化して得られる再暗号文に対応する情報である、
ことを特徴とする鍵装置。
[項目6]
項目5の鍵装置であって、
前記再暗号化鍵は、前記応答情報が入力される端末装置で得られたランダム値であり、
前記端末装置は、前記再暗号文を復号するための再暗号文復号鍵を保持する、
ことを特徴とする鍵装置。
[項目7]
項目1から6の何れかの鍵装置であって、
前記復号値は、前記回線情報に対応する復号鍵で前記暗号文を復号して得られる値である、
ことを特徴とする鍵装置。
[項目8]
項目1から7の何れかの鍵装置であって、
前記回線情報が階層型回線情報であり、
前記登録回線情報が何れかの階層型回線情報に対応する情報であり、
前記暗号文が、階層型IDベース暗号方式に則って暗号化されたものであり、
前記復号値が、前記回線情報を含む識別子に対応する復号鍵で、前記暗号文を復号して得られる値である、
ことを特徴とする鍵装置。
[項目9]
項目8の鍵装置であって、
前記回線情報が登録回線情報に対応するとは、前記回線情報が、前記登録回線情報に対応する階層型回線情報または前記登録回線情報に対応する階層型回線情報の下位階層に属することである、
ことを特徴とする鍵装置。
[項目10]
項目1から9の何れかの鍵装置であって、
前記暗号文は、第2暗号文に対応する情報であり、
前記応答情報は、自己訂正処理によって、前記第2暗号文の復号値または前記第2暗号文の復号値を再暗号化して得られる再暗号文を得るための情報である、
ことを特徴とする鍵装置。
[項目11]
鍵装置と端末装置とを有し、
前記鍵装置には、何れかの回線に対応する登録回線情報が格納され、
前記鍵装置には、前記端末装置から出力された暗号文と前記端末装置が接続された回線に対応する回線情報とが入力され、
前記鍵装置は、前記回線情報が前記登録回線情報に対応する場合に、前記暗号文の復号値に対応する応答情報を出力する、
ことを特徴とする鍵クラウドシステム。
[項目12]
何れかの回線に対応する登録回線情報が登録回線記憶部に格納され、
暗号文と回線情報とを入力部で受け付け、
前記回線情報が前記登録回線情報に対応する場合に、前記暗号文の復号値に対応する応答情報を出力部から出力する、
ことを特徴とする復号方法。
[項目13]
項目1から10の何れかの鍵装置としてコンピュータを機能させるためのプログラム。
[項目14]
項目1から10の何れかの鍵装置としてコンピュータを機能させるためのプログラムを格納したコンピュータ読み取り可能な記録媒体。
11~41,11’~41’ 端末装置
12~42,12’~42’ 鍵装置
43 鍵生成装置
Claims (14)
- 何れかの回線に対応する登録回線情報を格納する登録回線記憶部と、
暗号文と回線情報とが入力される入力部と、
前記暗号文の復号値に対応する応答情報を生成する応答部と、
前記回線情報が前記登録回線情報に対応する場合に前記応答情報を出力する出力部と、を有する鍵装置。 - 請求項1の鍵装置であって、
前記出力部は、前記登録回線情報に対応する前記回線情報に対応する回線に対して前記応答情報を出力する、
ことを特徴とする鍵装置。 - 請求項1の鍵装置であって、
前記回線は回線認証可能であり、
前記入力部に入力される前記回線情報は、回線認証に成功した回線に対応する情報である、
ことを特徴とする鍵装置。 - 請求項1の鍵装置であって、
複数個の復号鍵を格納する鍵記憶部をさらに有し、
前記入力部には、復号鍵を特定するための情報がさらに入力され、
前記復号値は、前記復号鍵を特定するための情報によって特定される復号鍵で前記暗号文を復号して得られる値である、
ことを特徴とする鍵装置。 - 請求項1の鍵装置であって、
前記入力部には、再暗号化鍵がさらに入力され、
前記応答情報は、前記再暗号化鍵で前記暗号文の復号値を再暗号化して得られる再暗号文に対応する情報である、
ことを特徴とする鍵装置。 - 請求項5の鍵装置であって、
前記再暗号化鍵は、前記応答情報が入力される端末装置で得られたランダム値であり、
前記端末装置は、前記再暗号文を復号するための再暗号文復号鍵を保持する、
ことを特徴とする鍵装置。 - 請求項1の鍵装置であって、
前記復号値は、前記回線情報に対応する復号鍵で前記暗号文を復号して得られる値である、
ことを特徴とする鍵装置。 - 請求項1の鍵装置であって、
前記回線情報が階層型回線情報であり、
前記登録回線情報が何れかの階層型回線情報に対応する情報であり、
前記暗号文が、階層型IDベース暗号方式に則って暗号化されたものであり、
前記復号値が、前記回線情報を含む識別子に対応する復号鍵で、前記暗号文を復号して得られる値である、
ことを特徴とする鍵装置。 - 請求項8の鍵装置であって、
前記回線情報が登録回線情報に対応するとは、前記回線情報が、前記登録回線情報に対応する階層型回線情報または前記登録回線情報に対応する階層型回線情報の下位階層に属することである、
ことを特徴とする鍵装置。 - 請求項1から9の何れかの鍵装置であって、
前記暗号文は、第2暗号文に対応する情報であり、
前記応答情報は、自己訂正処理によって、前記第2暗号文の復号値または前記第2暗号文の復号値を再暗号化して得られる再暗号文を得るための情報である、
ことを特徴とする鍵装置。 - 鍵装置と端末装置とを有し、
前記鍵装置には、何れかの回線に対応する登録回線情報が格納され、
前記鍵装置には、前記端末装置から出力された暗号文と前記端末装置が接続された回線に対応する回線情報とが入力され、
前記鍵装置は、前記回線情報が前記登録回線情報に対応する場合に、前記暗号文の復号値に対応する応答情報を出力する、
ことを特徴とする鍵クラウドシステム。 - 何れかの回線に対応する登録回線情報が登録回線記憶部に格納され、
暗号文と回線情報とを入力部で受け付け、
前記回線情報が前記登録回線情報に対応する場合に、前記暗号文の復号値に対応する応答情報を出力部から出力する、
ことを特徴とする復号方法。 - 請求項1から9の何れかの鍵装置としてコンピュータを機能させるためのプログラム。
- 請求項10の鍵装置としてコンピュータを機能させるためのプログラム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015542581A JPWO2015056601A1 (ja) | 2013-10-16 | 2014-10-07 | 鍵装置、鍵クラウドシステム、復号方法、およびプログラム |
US15/027,718 US10686604B2 (en) | 2013-10-16 | 2014-10-07 | Key device, key cloud system, decryption method, and program |
CN201480055975.2A CN105637802B (zh) | 2013-10-16 | 2014-10-07 | 密钥装置、密钥云系统、解密方法、以及程序 |
EP14854587.4A EP3059898B1 (en) | 2013-10-16 | 2014-10-07 | Key device, key cloud system, decryption method, and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013-215391 | 2013-10-16 | ||
JP2013215391 | 2013-10-16 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015056601A1 true WO2015056601A1 (ja) | 2015-04-23 |
Family
ID=52828047
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/076782 WO2015056601A1 (ja) | 2013-10-16 | 2014-10-07 | 鍵装置、鍵クラウドシステム、復号方法、およびプログラム |
Country Status (5)
Country | Link |
---|---|
US (1) | US10686604B2 (ja) |
EP (1) | EP3059898B1 (ja) |
JP (1) | JPWO2015056601A1 (ja) |
CN (1) | CN105637802B (ja) |
WO (1) | WO2015056601A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10691815B2 (en) | 2016-04-27 | 2020-06-23 | Mitsubishi Electric Corporation | Attribute linkage apparatus, transfer system, attribute linkage method and computer readable medium |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10686604B2 (en) * | 2013-10-16 | 2020-06-16 | Nippon Telegraph And Telephone Corporation | Key device, key cloud system, decryption method, and program |
WO2017078696A1 (en) * | 2015-11-04 | 2017-05-11 | Hewlett Packard Enterprise Development Lp | Direct connection limitation based on a period of time |
KR102050887B1 (ko) | 2017-11-29 | 2019-12-02 | 고려대학교 산학협력단 | 사물인터넷 관리를 위한 클라우드 컴퓨팅 환경에서의 데이터 공유 방법 및 시스템 |
JP6732141B2 (ja) * | 2017-12-28 | 2020-07-29 | 三菱電機株式会社 | 変換鍵生成装置、暗号文変換装置、秘匿情報処理システム、変換鍵生成方法、変換鍵生成プログラム、暗号文変換方法及び暗号文変換プログラム |
JP7119605B2 (ja) * | 2018-06-08 | 2022-08-17 | 日本電信電話株式会社 | 暗号文変換システム、暗号文変換方法、及びプログラム |
CN109344627B (zh) * | 2018-08-16 | 2021-05-28 | 中国科学院重庆绿色智能技术研究院 | 一种新型香农完美保密方法 |
JP7024666B2 (ja) * | 2018-08-28 | 2022-02-24 | 日本電信電話株式会社 | Idベースハッシュ証明系構成装置、idベース暗号装置及びプログラム |
CN109409106B (zh) * | 2018-09-25 | 2021-05-28 | 中国科学院重庆绿色智能技术研究院 | 一种新型无穷字母表的香农完美保密方法 |
CN113382002B (zh) * | 2021-06-10 | 2022-11-22 | 杭州安恒信息技术股份有限公司 | 数据请求方法、请求应答方法、数据通信系统及存储介质 |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070234404A1 (en) | 2006-04-03 | 2007-10-04 | Bogdanovic Ivan D | Network based authentication |
JP2009258816A (ja) * | 2008-04-14 | 2009-11-05 | Nippon Telegr & Teleph Corp <Ntt> | 課金情報管理システムおよび課金情報管理方法 |
JP2009542118A (ja) * | 2006-06-22 | 2009-11-26 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | 階層的な決定論的ペアワイズキーの事前配布方式 |
JP2010154193A (ja) | 2008-12-25 | 2010-07-08 | Nippon Telegr & Teleph Corp <Ntt> | 階層型idベース暗号化装置及び復号化装置、それらの方法、プログラム及び記録媒体 |
WO2011086992A1 (ja) | 2010-01-12 | 2011-07-21 | 日本電信電話株式会社 | 代理計算システム、方法、依頼装置、プログラム及びその記録媒体 |
WO2012057134A1 (ja) | 2010-10-26 | 2012-05-03 | 日本電信電話株式会社 | 代理計算システム、計算装置、能力提供装置、代理計算方法、能力提供方法、プログラム、及び記録媒体 |
JP2012151756A (ja) | 2011-01-20 | 2012-08-09 | Nippon Telegr & Teleph Corp <Ntt> | 復号システム、鍵装置、復号方法、及びプログラム |
WO2012121152A1 (ja) | 2011-03-04 | 2012-09-13 | 日本電信電話株式会社 | 代理計算システム、方法、依頼装置及びプログラム |
JP2013523050A (ja) * | 2010-03-19 | 2013-06-13 | エフ5 ネットワークス、インコーポレイテッド | 中間ストリーム再ネゴシエーションを介したプロキシsslハンドオフ |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5442708A (en) * | 1993-03-09 | 1995-08-15 | Uunet Technologies, Inc. | Computer network encryption/decryption device |
US7418504B2 (en) * | 1998-10-30 | 2008-08-26 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
US7533270B2 (en) * | 2002-04-15 | 2009-05-12 | Ntt Docomo, Inc. | Signature schemes using bilinear mappings |
US20040236939A1 (en) * | 2003-02-20 | 2004-11-25 | Docomo Communications Laboratories Usa, Inc. | Wireless network handoff key |
US7370202B2 (en) * | 2004-11-02 | 2008-05-06 | Voltage Security, Inc. | Security device for cryptographic communications |
JP4640307B2 (ja) * | 2006-09-29 | 2011-03-02 | ブラザー工業株式会社 | コンテンツ配信システム、コンテンツ配信方法、コンテンツ配信システムにおける端末装置及びそのプログラム |
US8023646B2 (en) * | 2006-11-08 | 2011-09-20 | Voltage Security, Inc. | Identity-based-encryption extensions formed using multiple instances of an identity based encryption scheme |
CN101272241B (zh) | 2008-04-09 | 2010-05-12 | 西安西电捷通无线网络通信有限公司 | 一种密钥的分配与管理方法 |
US8656177B2 (en) * | 2008-06-23 | 2014-02-18 | Voltage Security, Inc. | Identity-based-encryption system |
US9219714B2 (en) * | 2011-05-31 | 2015-12-22 | Samsung Sds Co., Ltd. | ID-based encryption and signature method and terminal |
JP5715030B2 (ja) | 2011-11-11 | 2015-05-07 | Kddi株式会社 | アクセス回線特定・認証システム |
US10686604B2 (en) * | 2013-10-16 | 2020-06-16 | Nippon Telegraph And Telephone Corporation | Key device, key cloud system, decryption method, and program |
-
2014
- 2014-10-07 US US15/027,718 patent/US10686604B2/en active Active
- 2014-10-07 CN CN201480055975.2A patent/CN105637802B/zh active Active
- 2014-10-07 JP JP2015542581A patent/JPWO2015056601A1/ja active Pending
- 2014-10-07 EP EP14854587.4A patent/EP3059898B1/en active Active
- 2014-10-07 WO PCT/JP2014/076782 patent/WO2015056601A1/ja active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070234404A1 (en) | 2006-04-03 | 2007-10-04 | Bogdanovic Ivan D | Network based authentication |
JP2009542118A (ja) * | 2006-06-22 | 2009-11-26 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | 階層的な決定論的ペアワイズキーの事前配布方式 |
JP2009258816A (ja) * | 2008-04-14 | 2009-11-05 | Nippon Telegr & Teleph Corp <Ntt> | 課金情報管理システムおよび課金情報管理方法 |
JP2010154193A (ja) | 2008-12-25 | 2010-07-08 | Nippon Telegr & Teleph Corp <Ntt> | 階層型idベース暗号化装置及び復号化装置、それらの方法、プログラム及び記録媒体 |
WO2011086992A1 (ja) | 2010-01-12 | 2011-07-21 | 日本電信電話株式会社 | 代理計算システム、方法、依頼装置、プログラム及びその記録媒体 |
JP2013523050A (ja) * | 2010-03-19 | 2013-06-13 | エフ5 ネットワークス、インコーポレイテッド | 中間ストリーム再ネゴシエーションを介したプロキシsslハンドオフ |
WO2012057134A1 (ja) | 2010-10-26 | 2012-05-03 | 日本電信電話株式会社 | 代理計算システム、計算装置、能力提供装置、代理計算方法、能力提供方法、プログラム、及び記録媒体 |
JP2012151756A (ja) | 2011-01-20 | 2012-08-09 | Nippon Telegr & Teleph Corp <Ntt> | 復号システム、鍵装置、復号方法、及びプログラム |
WO2012121152A1 (ja) | 2011-03-04 | 2012-09-13 | 日本電信電話株式会社 | 代理計算システム、方法、依頼装置及びプログラム |
Non-Patent Citations (6)
Title |
---|
"Network-based identification notification function", NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION, 21 March 2013 (2013-03-21), Retrieved from the Internet <URL:http: /flets.com asc/s out ine. l> |
BONEH; BOYEN; GOH: "Advances in Cryptology-EUROCRYPT 2005, LNCS 3494", 2005, SPRINGER, article "Hierarchical Identity Based Encryption with Constant Size Ciphertext", pages: 440 - 456 |
CARL M. CAMPBELL: "Design and Specification of Cryptographic Capabilities", COMMUNICATIONS SOCIETY MAGAZINE, vol. 16, no. ISSUE, November 1978 (1978-11-01), pages 15 - 19, XP011366812 * |
D. W. DAVIES ET AL.: "Network Security", NIKKEI MAGUROUHIRU-SHA, 5 December 1985 (1985-12-05), pages 102 - 108, XP008183602 * |
NIR YOSEF; RODED SHARAN; WILLIAM STAFFORD NOBLE: "Improved network-based identification of protein orthologs", OXFORD JOURNALS, SCIENCE & MATHEMATICS BIOINFORMATICS, vol. 24, no. 16, pages I200 - I206, Retrieved from the Internet <URL:http://bioinformatics.oxford-journals.org/content/24/16/i200> |
YUTO KAWAHARA ET AL.: "Pairing Ango System ni Okeru Jiko Teisei o Mochiita Fukugo Module no Kosei Oyobi Jisso", 2011 NEN SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY, 25 January 2011 (2011-01-25), XP008172390 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10691815B2 (en) | 2016-04-27 | 2020-06-23 | Mitsubishi Electric Corporation | Attribute linkage apparatus, transfer system, attribute linkage method and computer readable medium |
Also Published As
Publication number | Publication date |
---|---|
US20160254914A1 (en) | 2016-09-01 |
CN105637802A (zh) | 2016-06-01 |
EP3059898B1 (en) | 2019-05-22 |
EP3059898A1 (en) | 2016-08-24 |
EP3059898A4 (en) | 2017-06-07 |
JPWO2015056601A1 (ja) | 2017-03-09 |
CN105637802B (zh) | 2019-09-06 |
US10686604B2 (en) | 2020-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015056601A1 (ja) | 鍵装置、鍵クラウドシステム、復号方法、およびプログラム | |
JP4981072B2 (ja) | 復号可能かつ検索可能な暗号化のための方法およびシステム | |
KR101982237B1 (ko) | 클라우드 컴퓨팅 환경에서의 속성 기반 암호화를 이용한 데이터 공유 방법 및 시스템 | |
JP6497747B2 (ja) | 鍵交換方法、鍵交換システム | |
JP5506704B2 (ja) | 復号システム、鍵装置、復号方法、及びプログラム | |
CN107196919B (zh) | 一种匹配数据的方法和装置 | |
Premkamal et al. | Dynamic traceable CP‐ABE with revocation for outsourced big data in cloud storage | |
CN111355702B (zh) | 安全传输数据集的方法和系统、医学设施和程序产品 | |
EP3509246B1 (en) | Key exchange method and key exchange system | |
Chen et al. | Enhanced authentication protocol for the Internet of Things environment | |
Agarkar et al. | LRSPPP: lightweight R-LWE-based secure and privacy-preserving scheme for prosumer side network in smart grid | |
Zhou et al. | Threshold Key Management Scheme for Blockchain‐Based Intelligent Transportation Systems | |
JP6368047B2 (ja) | 鍵交換方法、鍵交換システム、鍵配送装置、代表通信装置、一般通信装置、およびプログラム | |
JP6267658B2 (ja) | 署名生成装置、署名システム、署名生成方法、およびプログラム | |
Rottondi et al. | A protocol for metering data pseudonymization in smart grids | |
EP3001346B1 (en) | Directory service device, client device, key cloud system, method thereof, and program | |
JP2007049455A (ja) | 暗号鍵管理サーバ、暗号鍵管理方法および暗号鍵管理プログラム | |
Peng et al. | On the security of fully homomorphic encryption for data privacy in Internet of Things | |
Ray et al. | Design of an efficient mobile health system for achieving HIPAA privacy-security regulations | |
JP2019125956A (ja) | 鍵交換方法、鍵交換システム、鍵交換サーバ装置、通信装置、プログラム | |
JP5945525B2 (ja) | 鍵交換システム、鍵交換装置、その方法、及びプログラム | |
JP5432776B2 (ja) | Idベース暗号利用方法、暗号化装置、管理装置及びそれらのプログラム | |
KR101599996B1 (ko) | 폐기가능한 id 기반 암호 서버 및 시스템 | |
Wang et al. | A Cheating Detectable Privacy‐Preserving Data Sharing Scheme for Cloud Computing | |
JP2016129301A (ja) | 鍵装置、鍵交換システム、およびプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14854587 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015542581 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15027718 Country of ref document: US |
|
REEP | Request for entry into the european phase |
Ref document number: 2014854587 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014854587 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |