WO2021192078A1 - 暗号化端末、暗号管理装置、暗号化通信システム、方法および非一時的なコンピュータ可読媒体 - Google Patents

暗号化端末、暗号管理装置、暗号化通信システム、方法および非一時的なコンピュータ可読媒体 Download PDF

Info

Publication number
WO2021192078A1
WO2021192078A1 PCT/JP2020/013267 JP2020013267W WO2021192078A1 WO 2021192078 A1 WO2021192078 A1 WO 2021192078A1 JP 2020013267 W JP2020013267 W JP 2020013267W WO 2021192078 A1 WO2021192078 A1 WO 2021192078A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
encryption
terminal
encrypted
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2020/013267
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
遠山 裕之
操 石原
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to US17/910,294 priority Critical patent/US12335386B2/en
Priority to PCT/JP2020/013267 priority patent/WO2021192078A1/ja
Priority to JP2022509868A priority patent/JP7459930B2/ja
Publication of WO2021192078A1 publication Critical patent/WO2021192078A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present disclosure relates to cryptographic terminals, cryptographic management devices, cryptographic communication systems, methods and non-transitory computer-readable media.
  • Patent Document 1 discloses that data including a new encryption algorithm encrypted with a common key is delivered from a center device to a terminal device via a network.
  • An object of the present disclosure is to provide an encryption terminal, an encryption management device, an encryption communication system, a method, and a non-temporary computer-readable medium capable of improving the security of encrypted communication in view of the above-mentioned problems. It is in.
  • the encryption terminal in one aspect of the present disclosure is a cryptographic algorithm for generating a cryptographic text from a plain text, and is a terminal communication for receiving a cryptographic algorithm encrypted by using a first one-time key of a one-time pad method.
  • the encrypted encryption algorithm is decrypted by using the unit, the terminal storage unit that stores the key table including the second one-time key corresponding to the first one-time key, and the second one-time key. It includes a decryption unit.
  • the encryption management device includes an encryption unit that encrypts an encryption algorithm for generating an encryption sentence from a plain sentence by using a one-time pad type first one-time key, and the first one-time.
  • a management communication unit that transmits the encrypted encryption algorithm to an encryption terminal having a key table including a second one-time key corresponding to the key is provided.
  • the encrypted communication system is encrypted with an encryption unit that encrypts an encryption algorithm for generating an encryption sentence from a plain sentence by using a first one-time key of a one-time pad method.
  • a key including a cryptographic management device having a management communication unit for transmitting the encryption algorithm, a terminal communication unit for receiving the encrypted encryption algorithm, and a second one-time key corresponding to the first one-time key.
  • An encryption terminal having a terminal storage unit that stores a table and a decryption unit that decrypts the encrypted encryption algorithm using the second one-time key is provided.
  • the method in one aspect of the present disclosure is a cryptographic algorithm for generating a cryptographic text from plain text, and includes a communication step of receiving a cryptographic algorithm encrypted using a first one-time key of a one-time pad method. It comprises a decryption step of decrypting the encrypted cryptographic algorithm using the second one-time key of the key table including the second one-time key corresponding to the first one-time key.
  • the non-temporary computer-readable medium in one aspect of the present disclosure is a cryptographic algorithm for generating a cryptographic text from a plain text, and is a cryptographic algorithm encrypted by using a first one-time key of a one-time pad method.
  • the encrypted cryptographic algorithm is decrypted using the communication step of executing the receiving process and the second one-time key of the key table including the second one-time key corresponding to the first one-time key. Contains the decryption step and the program that causes the computer to execute.
  • an encryption terminal an encryption management device, an encryption communication system, a method, and a non-temporary computer-readable medium that can improve the security of encrypted communication.
  • FIG. It is a block diagram which shows the structure of the encryption terminal which concerns on Embodiment 1.
  • FIG. It is a schematic block diagram of the encrypted communication system which concerns on Embodiment 2.
  • FIG. It is a block diagram which shows the structure of the encryption terminal and the encryption management apparatus which concerns on Embodiment 2.
  • FIG. It is a flowchart which shows the decryption process of the encryption terminal which concerns on Embodiment 2.
  • FIG. It is a figure for demonstrating an example of the 2nd one-time key acquisition process and the key table update process which concerns on Embodiment 2.
  • FIG. It is a flowchart which shows the process of the encryption management apparatus which concerns on Embodiment 2.
  • It is a block diagram which shows the structure of the encryption terminal which concerns on Embodiment 3 together with the encryption management apparatus 30.
  • FIG. 1 is a block diagram showing a configuration of an encryption terminal 10 according to the first embodiment.
  • the encryption terminal 10 includes a terminal communication unit 100, a terminal storage unit 102, and a decryption unit 107.
  • the terminal communication unit 100 receives the encrypted encryption algorithm.
  • a cryptographic algorithm is a cryptographic algorithm for generating a ciphertext from plaintext.
  • the encryption algorithm is encrypted using the first one-time key of the one-time pad method.
  • the terminal storage unit 102 stores a key table including a second one-time key corresponding to the first one-time key.
  • the decryption unit 107 decrypts the encrypted cryptographic algorithm using the second one-time key.
  • the encryption terminal 10 receives the encryption algorithm encrypted with the information-theoretic secure one-time pad type key, so that the used key is prevented from being leaked. Can be done. Therefore, the security of delivery of the cryptographic algorithm can be improved. This makes it possible to improve the security of encrypted communication.
  • the newly created encryption algorithm can be delivered sequentially, it is not necessary to excessively incorporate a spare encryption algorithm in the encryption terminal 10. Therefore, the workload of installing the encryption terminal 10 can be minimized, and the initial cost can be minimized.
  • the decryption process of the encrypted data using the one-time key of the one-time pad method can be executed with a small amount of calculation resources, the calculation resources of the encryption terminal 10 such as an IoT (Internet of Things) device are small. It can also be applied to devices.
  • IoT Internet of Things
  • FIG. 2 is a schematic configuration diagram of an encrypted communication system 1 to which the encrypted terminal according to the second embodiment can be applied.
  • the encrypted communication system 1 provides a function in which a highly confidential information terminal performs encrypted communication with another information terminal via the encrypted terminal.
  • the encryption communication system 1 includes one or more encryption terminals 12, one or more information terminals 22, and an encryption management device 30.
  • One or a plurality of encryption terminals 12 and the encryption management device 30 are connected to each other so as to be able to communicate with each other via the network 8.
  • the network 8 includes various networks such as the Internet, a wide area network (WAN), and a local area network (LAN), or a combination thereof.
  • the network 8 may also include a dedicated line separated from the Internet.
  • the network 8 is the Internet.
  • the encryption terminal 12 performs data encrypted communication using an encryption algorithm with another encryption terminal 12 connected to the network 8. Further, the encryption terminal 12 communicates data related to the encryption algorithm A with the encryption management device 30.
  • the encryption terminal 12 is a personal computer, a notebook computer, a mobile phone, a smartphone, or other terminal device capable of inputting / outputting data.
  • the encryption terminal 12 is communicably connected to the corresponding information terminal 22 by a communication means other than the network 8.
  • the communication means between the encryption terminal 12 and the information terminal 22 is wired or wireless communication, and may be, for example, a private network, a virtual private network (VPN), a short-range wireless communication, or the like.
  • VPN virtual private network
  • the first encryption terminal 12a uses an encryption algorithm in response to receiving a request for encrypted communication of data destined for the second information terminal 22b from the first information terminal 22a to be connected. Encrypt your data. Then, the first encryption terminal 12a transmits the encrypted data to the encryption terminal 12b connected to the destination second information terminal 22b. Further, the first encryption terminal 12a receives a request for encrypted communication of data destined for the first information terminal 22a to be connected from the encryption terminal 12b connected to the second information terminal 22b. Correspondingly, the data is decrypted based on the cryptographic algorithm. Then, the first encryption terminal 12a transmits the decrypted data to the destination first information terminal 22a.
  • the encryption terminal 12 receives a new encryption algorithm from the encryption management device 30.
  • the encryption terminal 12 receives the new encryption algorithm as encrypted data.
  • the encryption terminal 12 decrypts the encrypted data and acquires a new encryption algorithm.
  • the information terminal 22 is a personal computer, a notebook computer, a mobile phone, a smartphone, or another device capable of inputting / outputting data, which performs encrypted communication of data including confidential information with another information terminal 22 via the encrypted terminal 12. It is a terminal device.
  • the first information terminal 22a transmits a request for encrypted communication of data destined for the second information terminal 22b to the first encrypted terminal 12a to be connected. Further, the first information terminal 22a receives data transmitted from the second information terminal 22b and decrypted by the first encrypted terminal 12a to be connected from the first encrypted terminal 12a.
  • the encryption management device 30 is a computer such as a server computer that manages the encryption algorithm used by one or more encryption terminals 12.
  • the computer of the encryption management device 30 may be a computer composed of the entire network 8 by distributing the functions to each device on the network 8.
  • the encryption management device 30 encrypts a new encryption algorithm and transmits the encrypted new encryption algorithm to one or a plurality of encryption terminals 12.
  • FIG. 3 is a block diagram showing the configurations of the encryption terminal 12 and the encryption management device 30 according to the second embodiment.
  • the encryption terminal 12 includes a terminal communication unit 120, a mode switching unit 121, a terminal storage unit 122, an encryption / decryption unit 127, a terminal key update unit 128, and an algorithm update unit 129.
  • the terminal communication unit 120 performs various data communications with the encryption management device 30, another encryption terminal 12, and the connection destination information terminal 22.
  • the terminal communication unit 120 receives the new encryption algorithm A as data from the encryption management device 30.
  • the cryptographic algorithm A includes a cryptographic algorithm for generating a ciphertext from plaintext.
  • the cryptographic algorithm A further includes a decryption algorithm for decryption that generates plaintext from the ciphertext, corresponding to the cryptographic algorithm used for encryption.
  • the data of the new encryption algorithm A received from the encryption management device 30 is encrypted using the first one-time key of the one-time pad method.
  • the terminal communication unit 120 supplies the encryption / decryption unit 127 with a new encrypted encryption algorithm.
  • the mode switching unit 121 selects a decryption mode according to the reception of data by the terminal communication unit 120, and controls the encryption / decryption unit 127 according to the selected decryption mode.
  • the decoding mode is a mode indicating the type of data decoding method, and includes a normal mode and an update mode.
  • the normal mode is a mode in which the received data is decrypted by using the current decryption algorithm included in the current encryption algorithm A.
  • the update mode is a mode in which the received data is decrypted by using the second one-time key of the key table TT described later.
  • the terminal storage unit 122 is a storage medium that stores various information related to the encryption processing and the decryption processing of the data to be communicated.
  • the terminal storage unit 122 inputs / outputs data between the encryption / decryption unit 127, the terminal key update unit 128, and the algorithm update unit 129.
  • the terminal storage unit 122 includes a key storage unit 123 and an algorithm storage unit 126.
  • the key storage unit 123 stores a key table TT including a second one-time key used for decryption processing of data of a new encryption algorithm received from the encryption management device 30.
  • the key table TT is a one-time pad type random number table which is a cryptographic operation method in which decryption is performed using a one-time random number key.
  • the second one-time key is a random number key included in the key table TT.
  • the second one-time key may be a random number sequence of true random numbers having a data amount equivalent to the data amount of the received data.
  • the second one-time key may include true random numbers that are different from each other for each encryption terminal 12. That is, each of the plurality of encryption terminals 12 may have a key table TT including a second one-time key that is different from each other.
  • the algorithm storage unit 126 is a storage medium that stores various information used for the encryption process or the decryption process of the data received from the other encryption terminal 12 and the connection destination information terminal 22.
  • the various information stored in the algorithm storage unit 126 includes the encryption algorithm A and the encryption algorithm key AK.
  • the cryptographic algorithm A includes the current cryptographic algorithm A.
  • the cryptographic algorithm A may further include a spare cryptographic algorithm A.
  • the cryptographic algorithm key AK is a key applied to the cryptographic algorithm A.
  • the cryptographic algorithm key AK may be a common key.
  • the cryptographic algorithm key AK includes the current cryptographic algorithm key AK applied to the current cryptographic algorithm A.
  • the cryptographic algorithm key AK may further include a spare cryptographic algorithm key AK applied to the spare cryptographic algorithm A.
  • the encryption / decryption unit 127 has the same function and configuration as the decryption unit 107 of the first embodiment.
  • the encryption / decryption unit 127 encrypts or decrypts the received data based on the control by the mode switching unit 121. For example, the encryption / decryption unit 127 acquires the current encryption algorithm A and the encryption algorithm key AK, and performs encryption processing of the received data using these. Then, the encryption / decryption unit 127 supplies the encrypted data to the terminal communication unit 120. Further, the encryption / decryption unit 127 acquires the current encryption algorithm A and the encryption algorithm key AK in the normal mode, and performs decryption processing of the received data using these.
  • the encryption / decryption unit 127 stores the decrypted data in the terminal storage unit 122. Further, the encryption / decryption unit 127 decrypts the data of the new encrypted encryption algorithm A by using the second one-time key of the key table TT in the update mode. Then, the encryption / decryption unit 127 supplies the decrypted new encryption algorithm A to the algorithm update unit 129.
  • the terminal key update unit 128 deletes the used second one-time key from the key table TT of the key storage unit 123 in response to the use of the second one-time key, and updates the key table TT.
  • the algorithm update unit 129 stores the decrypted new encryption algorithm A in the algorithm storage unit 126. Further, the algorithm update unit 129 may erase the current cryptographic algorithm A and update the new cryptographic algorithm A as the current cryptographic algorithm A.
  • the encryption management device 30 includes an acquisition unit 300, a management storage unit 302, an encryption unit 304, a management key update unit 306, and a management communication unit 308.
  • the acquisition unit 300 acquires the plaintext data of the new encryption algorithm A.
  • the acquisition unit 300 may be connected to an input device (not shown) and may acquire plaintext data of the new encryption algorithm A by receiving input from the administrator. Further, the acquisition unit 300 may acquire the plaintext data of the new encryption algorithm A from another device (not shown) of the communication destination via the management communication unit 308 described later.
  • the acquisition unit 300 supplies the acquired plaintext data to the encryption unit 304.
  • the management storage unit 302 stores the key table MT including the first one-time key used for the encryption process of the management communication unit 308.
  • the key table MT is a one-time pad type random number table corresponding to the key table TT.
  • the first one-time key is a one-time pad type key and corresponds to the second one-time key.
  • the first one-time key has the same information as the second one-time key. That is, the first one-time key is a random number sequence of true random numbers that is the same as the second one-time key.
  • the management storage unit 302 may store a plurality of key table MTs. At this time, the management storage unit 302 may store the key table MT including the first one-time key corresponding to the second one-time key possessed by each of the plurality of encryption terminals 12. The management storage unit 302 supplies the encryption unit 304 with the first one-time key.
  • the encryption unit 304 uses the first one-time key to encrypt a new encryption algorithm A for generating a ciphertext from plaintext.
  • the encryption unit 304 supplies the encrypted new encryption algorithm A to the management communication unit 308.
  • the management key update unit 306 deletes the used first one-time key from the key table MT of the management storage unit 302 in response to the use of the first one-time key, and updates the key table MT.
  • the management communication unit 308 is communicably connected to the encryption terminal 12 and transmits the encrypted data of the new encryption algorithm A to the encryption terminal 12.
  • the management communication unit 308 When the management communication unit 308 is connected to the plurality of encrypted terminals 12, the management communication unit 308 corresponds to each of the plurality of encrypted terminals 12 for each of the plurality of encrypted terminals 12.
  • the data of the new cryptographic algorithm A encrypted using the one-time key is transmitted.
  • FIG. 4 is a flowchart showing a decryption process of the encryption terminal 12 according to the second embodiment.
  • the terminal communication unit 120 of the encryption terminal 12 receives data from the encryption management device 30 or another encryption terminal 12.
  • the data received in the second embodiment may include the data of the main text and the data related to the destination.
  • the data related to the destination may include the address information of the information terminal 22 of the connection destination of the encryption terminal 12 or the address information of the encryption terminal 12.
  • the address information may be, for example, an Internet protocol address (IP address) or a domain name.
  • IP address Internet protocol address
  • the terminal communication unit 120 supplies the main text data of the received data to the encryption / decryption unit 127. Further, the terminal communication unit 120 supplies the data related to the destination among the received data to the mode switching unit 121.
  • step S11 the mode switching unit 121 determines whether or not the data received by the terminal communication unit 120 includes the new encryption algorithm A. At this time, the mode switching unit 121 determines whether or not the address information included in the data related to the destination is the address information of the encryption terminal 12, and whether the received data includes the new encryption algorithm A. It may be determined whether or not.
  • the mode switching unit 121 determines that the received data includes the new encryption algorithm A (Yes in step S11)
  • the mode switching unit 121 proceeds to the process in step S12. On the other hand, if this is not the case (No in step S11), the mode switching unit 121 advances the process to step S17.
  • step S12 the mode switching unit 121 selects the "update mode" as the decryption mode, and supplies the control signal related to the update mode to the encryption / decryption unit 127.
  • step S13 the encryption / decryption unit 127 acquires the second one-time key from the key table TT of the key storage unit 123 of the terminal storage unit 122 based on the control of the mode switching unit 121.
  • step S14 the encryption / decryption unit 127 decrypts the text data using the second one-time key based on the control of the mode switching unit 121.
  • the encryption / decryption unit 127 may decrypt the data in the text by calculating the exclusive OR of the bit string of the data in the text and the bit string of the second one-time key.
  • the encryption / decryption unit 127 supplies the decrypted text data to the algorithm update unit 129. Further, the encryption / decryption unit 127 notifies the terminal key update unit 128 that the decryption process is completed.
  • step S15 the terminal key update unit 128 stores the used second one-time key in the key storage unit 123 in response to the completion of the decryption process in step S14, that is, the use of the second one-time key. Delete from the key table TT and update the key table TT.
  • step S16 the algorithm update unit 129 stores the decrypted text data in the algorithm storage unit 126 of the terminal storage unit 122 as a new encryption algorithm A. Then, the algorithm update unit 129 ends the process.
  • step S17 when the mode switching unit 121 determines that the data received in step S11 does not include the new encryption algorithm A (No in step 11), the mode switching unit 121 selects "normal mode" as the decryption mode. Then, the mode switching unit 121 supplies the control signal related to the normal mode to the encryption / decoding unit 127.
  • step S18 the encryption / decryption unit 127 acquires the current encryption algorithm A and the current encryption algorithm key AK from the algorithm storage unit 126 of the terminal storage unit 122 based on the control of the mode switching unit 121.
  • step S19 the encryption / decryption unit 127 decrypts the data in the text using the current decryption algorithm included in the current encryption algorithm A and the current encryption algorithm key AK. Then, the encryption / decryption unit 127 may store the decrypted text data in the terminal storage unit 122. Then, the encryption / decryption unit 127 ends the process.
  • the data received in step S10 may include data related to the source in addition to or in place of the data related to the destination.
  • the data related to the source may include the address information of the source.
  • the mode switching unit 121 determines whether or not the address information included in the data related to the transmission source is the address information of the encryption management device 30, so that the received data is a new encryption. It may be determined whether or not the algorithm A is included.
  • FIG. 5 illustrates an example of the second one-time key acquisition process (that is, the process of step S13 of FIG. 4) and the key table TT update process (that is, the process of step S15 of FIG. 4) according to the second embodiment. It is a figure for doing. As shown in this figure, the key table TT has a random number sequence containing a large number of random numbers.
  • step S13 the encryption / decryption unit 127 acquires a random number sequence R of random numbers corresponding to the amount of data equivalent to the amount of data in the text from the key table TT as the second one-time key.
  • the encryption / decryption unit 127 generates a random number string R of random numbers having the same number of bits as the number of bits of the data in the text in order from the memory space having the youngest memory address in the memory space allocated to the key table TT. It may be read as a time key.
  • step S15 the terminal key update unit 128 erases the data in the memory space in which the random number string R of the used second one-time key is stored in the memory space allocated to the key table TT.
  • a predetermined number of random numbers are stored in ascending order of memory addresses in the memory space in which the random numbers are stored. You may read only.
  • FIG. 6 is a flowchart showing the processing of the encryption management device 30 according to the second embodiment.
  • the acquisition unit 300 of the encryption management device 30 acquires the plaintext data of the new encryption algorithm A from the administrator. Then, the acquisition unit 300 supplies the acquired data to the encryption unit 304.
  • the acquisition unit 300 may acquire data related to the destination from the administrator. Then, the acquisition unit 300 may supply the data related to the destination to the management communication unit 308.
  • step S22 the encryption unit 304 acquires the first one-time key from the key table MT of the management storage unit 302. At this time, the encryption unit 304 acquires a number of random numbers corresponding to the amount of data equivalent to the amount of plaintext data from the key table MT as the first one-time key.
  • the first one-time key acquisition process may be acquired in the same procedure as the second one-time key acquisition process shown in FIG.
  • step S24 the encryption unit 304 encrypts the plaintext data of the new encryption algorithm A using the first one-time key.
  • the encryption unit 304 may encrypt the plaintext data by calculating the exclusive OR of the plaintext data bit string and the first one-time key bit string.
  • the encryption unit 304 supplies the data of the new encrypted encryption algorithm A to the management communication unit 308. Further, the encryption unit 304 may notify the management key update unit 306 that the encryption process has been completed.
  • step S26 the management key update unit 306 manages and stores the used first one-time key in response to the completion of the encryption process in step S24, that is, the use of the first one-time key.
  • the key table MT update process may be acquired in the same procedure as the key table TT update process shown in FIG.
  • step S28 the management communication unit 308 uses the data of the new encrypted encryption algorithm A as the text data, and connects the data in which the data related to the destination is added to the text data to the destination information terminal 22. It is transmitted to the encrypted terminal 12. Then, the management communication unit 308 ends the process.
  • the encryption management device 30 transmits an encryption algorithm encrypted with an information-theoretic secure one-time pad type key, and the encryption terminal 12 receives the encryption algorithm. Therefore, it is possible to prevent the used key from being leaked. Therefore, the security of delivery of the cryptographic algorithm is improved. This makes it possible to improve the security of encrypted communication.
  • the encryption management device 30 can sequentially deliver the newly created encryption algorithm to the encryption terminal 12, it is not necessary to excessively incorporate a spare encryption algorithm into the encryption terminal 12. Therefore, the workload of installing the encryption terminal 12 can be minimized, and the initial cost can be minimized.
  • the encryption terminal 12 can be used even for a device having a small number of calculation resources such as an IoT device. Can be applied.
  • the encryption management device 30 When the encryption management device 30 is connected to the plurality of encryption terminals 12, the encryption management device 30 uses the first one-time key corresponding to the second one-time key corresponding to each of the plurality of encryption terminals 12. Encrypts the new encryption algorithm A. Therefore, the security of delivery of the encryption algorithm A can be further improved, and the security of encrypted communication can be further improved.
  • the encryption terminal 12 is communicably connected to the information terminal 22 in the second embodiment, it may be incorporated in the information terminal 22 instead. That is, the encryption terminal 12 and the information terminal 22 may be configured by a single terminal device.
  • the mode switching unit 121 determines whether or not the address information included in the data related to the transmission source is the address information of the encryption management device 30, so that the received data can be obtained. It may be determined whether or not it is a new encryption algorithm A.
  • the third embodiment is characterized in that the key storage unit of the terminal storage unit of the encrypted terminal is composed of a plurality of memories.
  • FIG. 7 is a block diagram showing the configuration of the encryption terminal 14 according to the third embodiment together with the encryption management device 30. Since the encryption management device 30 according to the third embodiment is the same as the encryption management device 30 according to the second embodiment, the description thereof will be omitted.
  • the encryption terminal 14 according to the third embodiment has basically the same configuration and function as the encryption terminal 12 according to the second embodiment. However, the encrypted terminal 14 is different from the encrypted terminal 12 in that it has a terminal storage unit 142 and a terminal key update unit 148 instead of the terminal storage unit 122 and the terminal key update unit 128.
  • the terminal storage unit 142 has the same configuration and function as the terminal storage unit 122, but includes a key storage unit 143 instead of the key storage unit 123.
  • the key storage unit 143 stores the key table TT including the second one-time key, similarly to the key storage unit 123. However, the key storage unit 143 has a plurality of key memories that alternately store the information of the key table TT excluding the used second one-time key.
  • the key storage unit 143 is composed of key memories 144 and 145. Each of the key memories 144 and 145 is a single non-transitory computer-readable medium. In the third embodiment, the key memories 144 and 145 may be flash ROMs (Read Only Memory).
  • the terminal key update unit 148 stores information on the used second one-time key in response to the use of the second one-time key.
  • the information in the key table TT in the key memory is completely erased.
  • the decryption process of the encryption terminal 14 is performed by the same steps as the step shown in FIG.
  • the terminal key update unit 148 of the encryption terminal 14 executes the update process of the key table TT, which will be described later, instead of step S15.
  • FIG. 8 is a flowchart showing the update process of the key table of the encryption terminal 14 according to the third embodiment. It is assumed that the key table TT is stored in the key memory 144 up to step S14.
  • step S30 the terminal key update unit 148 of the encryption terminal 14 uses the second one-time key among the information in the key table TT in response to the use of the second one-time key in step S14. Acquires information on unused second one-time keys, excluding. For example, the terminal key update unit 148 selectively duplicates only the unused second one-time key information among the information in the key table TT.
  • the terminal key update unit 148 stores the unused second one-time key information as a new key table TT in the key memory 145 excluding the key memory 144 that stores the key table TT. For example, the terminal key update unit 148 stores only the duplicated unused second one-time key information in the key memory 145.
  • step S34 the terminal key update unit 148 completely erases all the data in the original key memory 144 in which the information of the used second one-time key is stored by flash or the like.
  • complete erasure means erasure that cannot be restored.
  • the terminal key update unit 148 completely erases the information in the key table TT of the key memory 144.
  • the key storage unit 143 is composed of two key memories 144 and a key memory 145, but instead, it may be composed of two or more key memories.
  • the key table TT of the key memory 144 in which the used second one-time key is stored is completely erased together with the memory.
  • the key table TT of the key memory 144 in which the used second one-time key is stored is completely erased together with the memory.
  • the security of delivery of the encryption algorithm A can be further improved, and the security of encrypted communication can be further improved. Since the key table TT including the remaining random numbers excluding the second one-time key is stored in another key memory 145, the key table TT can be used again for the next and subsequent decryption processes.
  • the management storage unit 302 of the encryption management device 30 has a plurality of management key memories for alternately storing the information of the key table MT excluding the used first one-time key, similarly to the terminal key update unit 128. May be good.
  • the management key update unit 306 of the encryption management device 30 updates the key table MT by performing the same processing as the update processing of the key table TT of the terminal key update unit 148. You can.
  • the "terminal key update unit 148" in steps S30 to 34 shown in FIG. 8 is the "management key update unit 306"
  • the "key storage unit 143" is the “management storage unit 302”
  • the "key table TT" is "key table TT”.
  • Key table MT and "second one-time key” are read as "first one-time key”.
  • first one-time key used for encryption of the new encryption algorithm A erased after use from being restored.
  • security of delivery of the encryption algorithm A can be further improved, and the security of encrypted communication can be further improved.
  • the fourth embodiment is characterized in that the data of the encryption algorithm A is falsified when the encryption terminal is in an emergency.
  • FIG. 9 is a block diagram showing the configuration of the encryption terminal 16 according to the fourth embodiment together with the encryption management device 30. Since the encryption management device 30 according to the fourth embodiment is the same as the encryption management device 30 according to the second and third embodiments, the description thereof will be omitted.
  • the encryption terminal 16 according to the fourth embodiment has basically the same configuration and function as the encryption terminal 14 according to the third embodiment. However, the encryption terminal 16 has an algorithm update unit 169 instead of the algorithm update unit 129.
  • the algorithm update unit 169 includes a tamper resistance unit 170 in addition to the configuration and functions of the algorithm update unit 129.
  • the anti-tamper unit 170 falsifies the information stored in the algorithm storage unit 126 in response to the detection of the target motion.
  • the target operation may be, for example, the communication connection with the network 8 being cut off.
  • the anti-tamper unit 170 may confirm the reachability of the node on the network 8 by confirming the response status of the message via the terminal communication unit 120 on a regular or irregular basis.
  • the tamper resistant unit 170 may detect the target motion based on the confirmation result of reachability.
  • the anti-tamper unit 170 may detect the target operation according to the fact that the response from the message transmission destination is not received within a predetermined time.
  • the target operation may be the detection of a change in a physical quantity such as an ambient atmospheric pressure or temperature.
  • the encryption terminal 16 is managed to maintain the internal air pressure or temperature within a predetermined range, and the tamper resistant unit 170 is connected to a sensor (not shown) that detects changes in these physical quantities. It's okay.
  • the target operation may be the detection of an electromagnetic wave intensity equal to or higher than a predetermined threshold value.
  • the encryption terminal 16 is housed in a case that shields electromagnetic waves, and the tamper-resistant unit 170 may be connected to a sensor (not shown) that detects electromagnetic waves.
  • the tamper resistant unit 170 may be supplied with power from a backup power source separated from the main power source of the encryption terminal 16.
  • FIG. 10 is a flowchart showing the processing of the tamper resistant portion 170 according to the fourth embodiment.
  • the anti-tamper unit 170 determines whether or not the target motion has been detected. For example, the anti-tamper unit 170 may determine whether or not the target motion is detected based on the detection result of the connected sensor.
  • the process proceeds to S42. On the other hand, if this is not the case (No in step S40), the anti-tamper unit 170 repeats the process shown in S40.
  • step S42 the anti-tamper unit 170 falsifies the information stored in the algorithm update unit 169.
  • the anti-tamper unit 170 may completely erase all the information stored in the algorithm update unit 129 by a flash or the like.
  • the tamper resistance unit 170 may randomly select bits included in the information stored in the algorithm update unit 169, shift the selected bits, and irreversibly tamper with them.
  • the anti-tamper unit 170 may physically destroy the memory constituting the algorithm update unit 129. Then, the tamper resistant portion 170 ends the process.
  • the encryption terminal 16 irreversibly makes the encryption algorithm A stored in the algorithm update unit 169 unreadable in response to the detection of the target operation. Therefore, even if the encryption terminal 16 itself is stolen by an outsider, it is possible to prevent the encryption algorithm A from being leaked to the outsider. Even if the new encryption algorithm A is eavesdropped at the time of delivery and the encryption terminal 16 itself is stolen, the second one-time key used for decrypting the new encryption algorithm A is erased, and the new encryption algorithm A is deleted. Can be prevented from leaking to an outsider. As a result, the security of delivery of the encryption algorithm and, by extension, the security of the encrypted communication are further improved.
  • the present disclosure of the first to fourth embodiments has been described above as a hardware configuration. However, the present disclosure is not limited to this. The present disclosure can also be realized by causing the processor 1010, which will be described later, to execute a computer program to perform various processes such as the above-mentioned decryption process, encryption process, key table update process, and tamper resistance process.
  • FIG. 11 is a schematic configuration diagram of the computer 1900 according to the first to fourth embodiments.
  • the computer 1900 includes a control unit 1000 for controlling the entire system.
  • An input device 1050, a storage device 1200, a storage medium drive device 1300, a communication control device 1400, and an input / output I / F 1500 are connected to the control unit 1000 via a bus line such as a data bus.
  • the control unit 1000 includes a processor 1010, a ROM 1020, and a RAM 1030.
  • the processor 1010 performs various information processing and control according to a program stored in various storage units such as the ROM 1020 and the storage device 1200.
  • the ROM 1020 is a read-only memory in which various programs and data for the processor 1010 to perform various controls and calculations are stored in advance.
  • the RAM 1030 is a random access memory used as a working memory by the processor 1010. In the RAM 1030, various areas for performing various processes according to the first to fourth embodiments can be secured.
  • the input device 1050 is an input device that accepts input from users such as a keyboard, mouse, and touch panel.
  • the keyboard is provided with various keys such as a numeric keypad, function keys for executing various functions, and cursor keys.
  • the mouse is a pointing device, and is an input device that specifies a corresponding function by clicking a key, an icon, or the like displayed on the display device 1100.
  • the touch panel is an input device arranged on the surface of the display device 1100. It identifies a user's touch position corresponding to various operation keys displayed on the screen of the display device 1100, and an operation displayed corresponding to the touch position. Accepts key input.
  • the display device 1100 for example, a CRT, a liquid crystal display, or the like is used.
  • the display device displays the input result by the keyboard and the mouse, and displays the finally searched image information. Further, the display device 1100 displays an image of operation keys for performing various necessary operations from the touch panel according to various functions of the computer 1900.
  • the storage device 1200 includes a readable and writable storage medium and a drive device for reading and writing various information such as programs and data to and from the storage medium.
  • a storage medium used in the storage device 1200 a hard disk or the like is mainly used, but a non-temporary computer-readable medium used in the storage medium drive device 1300 described later may be used.
  • the storage device 1200 has a data storage unit 1210, a program storage unit 1220, and other storage units (for example, a storage unit for backing up programs and data stored in the storage device 1200) and the like (for example, a storage unit for backing up programs and data stored in the storage device 1200). ing.
  • the program storage unit 1220 stores programs for realizing various processes according to the first to fourth embodiments.
  • the data storage unit 1210 stores various data of various databases according to the first to fourth embodiments.
  • the storage medium drive device 1300 is a drive device for the processor 1010 to read data including computer programs and documents from an external storage medium (external storage medium).
  • the external storage medium means a non-temporary computer-readable medium in which computer programs, data, and the like are stored.
  • Non-transient computer-readable media include various types of tangible storage media. Examples of non-temporary computer-readable media include magnetic recording media (eg, flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (eg, magneto-optical disks), CD-ROMs (Read Only Memory), CD-Rs.
  • the various programs may also be supplied to the computer by various types of transient computer readable medium.
  • Examples of temporary computer-readable media include electrical, optical, and electromagnetic waves.
  • various programs can be supplied to the computer via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path and a storage medium driving device 1300.
  • the processor 1010 of the control unit 1000 reads various programs from the external storage medium set in the storage medium driving device 1300 and stores them in each unit of the storage device 1200.
  • the computer 1900 executes various processes, the corresponding program is read from the storage device 1200 into the RAM 1030 and executed.
  • the computer 1900 can also read and execute the program directly from the external storage medium into the RAM 1030 by the storage medium driving device 1300 instead of from the storage device 1200.
  • various programs and the like may be stored in the ROM 1020 in advance, and the processor 1010 may execute the programs.
  • the computer 1900 may download various programs and data from another storage medium via the communication control device 1400 and execute the programs and data.
  • the communication control device 1400 is a control device for connecting the computer 1900 to various external electronic devices such as other personal computers and word processors via a network.
  • the communication control device 1400 makes it possible to access the computer 1900 from these various external electronic devices.
  • the input / output I / F 1500 is an interface for connecting various input / output devices via a parallel port, a serial port, a keyboard port, a mouse port, and the like.
  • processor 1010 a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), an FPGA (field-programmable gate array), a DSP (digital signal processor), an ASIC (application specific integrated circuit), or the like may be used.
  • CPU Central Processing Unit
  • GPU Graphics Processing Unit
  • FPGA field-programmable gate array
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • (Appendix 1) A ciphertext for generating ciphertext from plaintext, and a terminal communication unit that receives a ciphertext encrypted using the first one-time key of the one-time pad method.
  • a terminal storage unit that stores a key table including a second one-time key corresponding to the first one-time key, and a terminal storage unit.
  • a decryption unit that decrypts the encrypted encryption algorithm using the second one-time key, and An encryption terminal equipped with.
  • the terminal storage unit has a plurality of key memories that alternately store information in the key table excluding the used second one-time key.
  • the encryption terminal according to Appendix 1. (Appendix 3) In response to the use of the second one-time key, the encryption terminal has an unused second key included in the information of the key table in a key memory other than the key memory for storing the information of the key table. It further includes a terminal key update unit that stores only the one-time key information and completely erases the information in the key table of the key memory in which the used second one-time key information is stored.
  • Appendix 4 An algorithm storage unit that stores the decrypted encryption algorithm and A tamper-resistant unit that falsifies the information stored in the algorithm storage unit according to the detection of the target motion, Further prepare, The encryption terminal according to any one of Appendix 1 to 3.
  • Appendix 5 An encryption unit that encrypts the encryption algorithm for generating ciphertext from plaintext using the first one-time key of the one-time pad method, A management communication unit that transmits the encrypted encryption algorithm to an encryption terminal having a key table including a second one-time key corresponding to the first one-time key.
  • Cryptographic management device (Appendix 6) The cryptographic management device is A management storage unit that stores a management key table including the first one-time key is further provided.
  • the terminal storage unit has a plurality of management key memories that alternately store information in the management key table excluding the used first one-time key.
  • the cryptographic management device according to Appendix 5. (Appendix 7) Each of the encrypted terminals has a key table containing a second one-time key that is different from each other.
  • the management communication unit applies the encryption algorithm encrypted to each of the plurality of encrypted terminals by using the first one-time key corresponding to the second one-time key possessed by each of the plurality of encrypted terminals. Send, The cryptographic management device according to Appendix 5 or 6.
  • An encryption unit that encrypts an encryption algorithm for generating an encryption text from a plain sentence and a management communication unit that transmits the encrypted encryption algorithm using the first one-time key of the one-time pad method are used.
  • Cryptographic management device and The terminal communication unit that receives the encrypted encryption algorithm, the terminal storage unit that stores the key table including the second one-time key corresponding to the first one-time key, and the second one-time key are used.
  • the management storage unit has a plurality of key memories that alternately store information in the key table excluding the used second one-time key.
  • the encrypted communication system according to Appendix 8.
  • the encrypted terminal is An algorithm storage unit that stores the decrypted encryption algorithm and A tamper-resistant unit that falsifies the information stored in the algorithm storage unit according to the detection of the target motion, Have more, The encrypted communication system according to Appendix 8 or 9.
  • Appendix 11 A communication step for receiving a cryptographic algorithm for generating a ciphertext from plaintext, which is encrypted using the first one-time key of the one-time pad method.
  • a communication step that executes a process of receiving a ciphertext encrypted by using the first one-time key of the one-time pad method, which is a ciphertext for generating a ciphertext from plaintext.
  • a non-transitory computer-readable medium containing a program that causes a computer to run.
  • 1 encryption communication system 8 networks, 10, 12, 14, 16 encryption terminals, 22 information terminals, 30 encryption management devices, 100 terminal communication units, 102, 122, 142 terminal storage units, 107 decryption units, 120 terminal communications Unit, 121 mode switching unit, 123,143 key storage unit, 126 algorithm storage unit, 127 encryption / decryption unit, 128,148 terminal key update unit, 129,169 algorithm update unit, 144,145 key memory, 170 tamper resistance unit , 300 acquisition unit, 302 management storage unit, 304 encryption unit, 306 management key update unit, 308 management communication unit, MT key table, TT key table, A encryption algorithm, AK encryption algorithm key, R random number string

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
PCT/JP2020/013267 2020-03-25 2020-03-25 暗号化端末、暗号管理装置、暗号化通信システム、方法および非一時的なコンピュータ可読媒体 Ceased WO2021192078A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US17/910,294 US12335386B2 (en) 2020-03-25 2020-03-25 Encryption terminal, encryption management device, encrypted communication system, and method
PCT/JP2020/013267 WO2021192078A1 (ja) 2020-03-25 2020-03-25 暗号化端末、暗号管理装置、暗号化通信システム、方法および非一時的なコンピュータ可読媒体
JP2022509868A JP7459930B2 (ja) 2020-03-25 2020-03-25 暗号化端末、暗号管理装置、暗号化通信システム、方法およびプログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/013267 WO2021192078A1 (ja) 2020-03-25 2020-03-25 暗号化端末、暗号管理装置、暗号化通信システム、方法および非一時的なコンピュータ可読媒体

Publications (1)

Publication Number Publication Date
WO2021192078A1 true WO2021192078A1 (ja) 2021-09-30

Family

ID=77889992

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/013267 Ceased WO2021192078A1 (ja) 2020-03-25 2020-03-25 暗号化端末、暗号管理装置、暗号化通信システム、方法および非一時的なコンピュータ可読媒体

Country Status (3)

Country Link
US (1) US12335386B2 (https=)
JP (1) JP7459930B2 (https=)
WO (1) WO2021192078A1 (https=)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2022320143A1 (en) * 2021-07-30 2024-03-14 Mpowered Technology Solutions Inc. System and method for secure data messaging

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001069133A (ja) * 1999-08-27 2001-03-16 Ntt Communications Kk 情報処理方法及びその装置
JP2001125481A (ja) * 1999-10-25 2001-05-11 Toshiba Corp 暗号通信端末、暗号通信センター装置及び暗号通信システム並びに記録媒体
JP2003333023A (ja) * 2002-05-09 2003-11-21 Toshiba Corp プラント監視制御用データ中継プログラムおよびシステム
JP2003337753A (ja) * 2002-05-17 2003-11-28 Matsushita Electric Ind Co Ltd 耐タンパ装置およびその方法

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001127747A (ja) 1999-10-25 2001-05-11 Toshiba Corp 情報暗号化復号化装置
JP2006133839A (ja) * 2004-11-02 2006-05-25 Seiko Epson Corp 画像処理装置、印刷装置および画像処理方法
JP2006133639A (ja) 2004-11-09 2006-05-25 Inax Corp 室内に面する面部に設けた音響装置
JP2009157611A (ja) * 2007-12-26 2009-07-16 Cis Electronica Industria & Comercio Ltda 磁気ヘッド
EP2731040B1 (en) * 2012-11-08 2017-04-19 CompuGroup Medical SE Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
KR101933649B1 (ko) * 2016-05-27 2018-12-28 삼성에스디에스 주식회사 화이트박스 암호 알고리즘을 이용한 공개키 암호화를 위한 장치 및 방법
KR101815175B1 (ko) * 2016-05-27 2018-01-04 삼성에스디에스 주식회사 데이터 암호화 장치 및 방법, 데이터 복호화 장치 및 방법
US10484177B2 (en) * 2017-07-10 2019-11-19 Dell Products, Lp Method and apparatus for generation of a time-based one-time password for session encryption of sensor data gathered in low-performance and IOT environments
GB2594392B (en) * 2019-03-12 2023-03-08 Dhanraj Hatti Ajitkumar A system for generation and verification of identity and a method thereof
KR102714982B1 (ko) * 2019-07-05 2024-10-10 삼성전자주식회사 키-밸류 기반으로 데이터를 저장하는 스토리지 장치 및 이의 동작 방법
GB2587438A (en) * 2019-09-30 2021-03-31 Governing Council Univ Toronto Key generation for use in secured communication
US12143481B2 (en) * 2019-09-30 2024-11-12 The Governing Council Of The University Of Toronto Method and system for key generation
US11709609B2 (en) * 2020-03-27 2023-07-25 Via Technologies, Inc. Data storage system and global deduplication method thereof
US20230163955A1 (en) * 2020-08-21 2023-05-25 Almond Inc. Encryption method, terminal device, encryption system, and program
JP2022040957A (ja) * 2020-08-31 2022-03-11 株式会社日立製作所 暗号鍵管理システムおよび暗号鍵管理方法
US11636214B2 (en) * 2020-12-11 2023-04-25 Hewlett Packard Enterprise Development Lp Memory scan-based process monitoring
US11791989B2 (en) * 2020-12-11 2023-10-17 Knwn Technologies, Inc. Deploying, securing, and accessing encryption keys
US11704444B2 (en) * 2021-03-08 2023-07-18 Micron Technology, Inc. Managing encryption keys per logical block on a persistent memory device
JP2022188703A (ja) * 2021-06-09 2022-12-21 株式会社日立製作所 暗号鍵管理システムおよび暗号鍵管理方法
JP2023064977A (ja) * 2021-10-27 2023-05-12 Necソリューションイノベータ株式会社 タイムスタンプ発行方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001069133A (ja) * 1999-08-27 2001-03-16 Ntt Communications Kk 情報処理方法及びその装置
JP2001125481A (ja) * 1999-10-25 2001-05-11 Toshiba Corp 暗号通信端末、暗号通信センター装置及び暗号通信システム並びに記録媒体
JP2003333023A (ja) * 2002-05-09 2003-11-21 Toshiba Corp プラント監視制御用データ中継プログラムおよびシステム
JP2003337753A (ja) * 2002-05-17 2003-11-28 Matsushita Electric Ind Co Ltd 耐タンパ装置およびその方法

Also Published As

Publication number Publication date
JPWO2021192078A1 (https=) 2021-09-30
JP7459930B2 (ja) 2024-04-02
US12335386B2 (en) 2025-06-17
US20230155827A1 (en) 2023-05-18

Similar Documents

Publication Publication Date Title
US12375294B2 (en) Provisioning trusted execution environment based on chain of trust including platform
US10693635B2 (en) System and method for encryption and decryption based on quantum key distribution
EP3086587B1 (en) Method and apparatus for transmitting and receiving encrypted message between terminals
US7912223B2 (en) Method and apparatus for data protection
US10735186B2 (en) Revocable stream ciphers for upgrading encryption in a shared resource environment
US9912484B2 (en) Secure neighbor discovery (SEND) using pre-shared key
US11321471B2 (en) Encrypted storage of data
WO2018017168A2 (en) System and method for encryption and decryption based on quantum key distribution
CN111475832A (zh) 一种数据管理的方法以及相关装置
WO2024245301A1 (zh) 信息管理方法、装置和电子设备
US12355878B2 (en) Secret management in distributed systems through onboarding
CN116132065B (zh) 密钥确定方法、装置、计算机设备和存储介质
JP7459930B2 (ja) 暗号化端末、暗号管理装置、暗号化通信システム、方法およびプログラム
US11520655B1 (en) Systems and methods for self correcting secure computer systems
US11231988B1 (en) Systems and methods for secure deletion of information on self correcting secure computer systems
JP7577284B2 (ja) 鍵端末に秘密鍵を秘匿したまま暗号ファイルを処理するストレージシステムのダウンロード端末、鍵端末、ならびに、ストレージサーバ
CN119106421A (zh) 进程运行方法、装置、电子设备及存储介质
CN109933994B (zh) 数据分级存储方法和装置以及计算设备
CN106453335B (zh) 一种数据传输方法及装置
JP7302404B2 (ja) 情報処理装置およびプログラム
US11669389B1 (en) Systems and methods for secure deletion of information on self correcting secure computer systems
US20230098969A1 (en) Sim, communication device, and writing method for application
KR20220133138A (ko) 패스워드 백업 방법 및 그 장치
JP2024176144A (ja) 位置認証を用いるファイル管理技術
CN114430343A (zh) 一种数据同步的方法、装置、电子设备及可读存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20926578

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022509868

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20926578

Country of ref document: EP

Kind code of ref document: A1

WWG Wipo information: grant in national office

Ref document number: 17910294

Country of ref document: US