WO2022259494A1 - 通信システム、ユーザ端末、通信方法および通信プログラム - Google Patents

通信システム、ユーザ端末、通信方法および通信プログラム Download PDF

Info

Publication number
WO2022259494A1
WO2022259494A1 PCT/JP2021/022218 JP2021022218W WO2022259494A1 WO 2022259494 A1 WO2022259494 A1 WO 2022259494A1 JP 2021022218 W JP2021022218 W JP 2021022218W WO 2022259494 A1 WO2022259494 A1 WO 2022259494A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
user terminal
file
file attached
server device
Prior art date
Application number
PCT/JP2021/022218
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
宏樹 伊藤
真一 平田
英雄 森
武生 長島
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to JP2023526784A priority Critical patent/JPWO2022259494A1/ja
Priority to PCT/JP2021/022218 priority patent/WO2022259494A1/ja
Priority to US18/567,784 priority patent/US20240146513A1/en
Publication of WO2022259494A1 publication Critical patent/WO2022259494A1/ja

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Definitions

  • the present invention relates to a communication system, user terminal, communication method and communication program.
  • the mail server at location A The mail text (including attached files, etc.) is encrypted using the corresponding public key, and sent to the destination domain (site B). Also, the mail server at site B confirms whether or not the received mail is encrypted, and if it is encrypted, it decrypts it using the private key stored in the mail server and delivers it to the user terminal.
  • public key cryptography is generally used to encrypt and decrypt messages or attached files between message senders and receivers and to keep communications confidential during the route.
  • Common public-key cryptography implementations involve sharing a key pair, i.e., the public key required to create an encrypted message or attachment that can only be decrypted by the message recipient. must be obtained in advance of attachment encryption.
  • IBE Identity Based Encryption
  • ID-based cryptography is one of the methods of public key cryptography, and is characterized by a method of generating a private key after defining a public key when generating a key pair of a private key and a public key. Therefore, it is possible to use an identifier such as a mail address, a name, or an arbitrary character string designated by a person who performs decryption as a public key.
  • the sender encrypts a message or email attachment using the identifier obtained from the key generator, in the same way as ciphertext generation and decryption using ordinary public key cryptography, Send to recipient.
  • the recipient decrypts the encrypted message or email attachment using the private key obtained from the key generator.
  • Attribute Based Encryption ABE as a method for performing encryption and decryption using attributes related to the recipient (name of department, position, deadline for decryption, etc.) as conditions for decryption.
  • Attribute-based encryption encrypts a message or email attachment file to be decrypted, including the decryption condition policy, and sends it to the recipient. This is a method that enables decryption of the encrypted message or mail attachment file only when the recipient conforms to the policy.
  • policies include identifiers of decryptable users, identifiers of decryptable organizations (groups of users), times when decryption is allowed, and so on.
  • the private key held by the recipient includes the user's identifier, the organization's identifier, and the like.
  • the sender creates a ciphertext in which the policy information that combines these conditions is embedded in the message or email attachment to be decrypted. Decryption is performed when it is suitable for the policy such as the identifier and the timing of decryption.
  • attribute-based encryption is generally implemented including ID-based encryption, these two techniques will be collectively referred to as "attribute-based encryption”.
  • there is a cloud key management technology as a method of managing the private key in the public key cryptosystem not on the terminal on the decryption side but on the network side.
  • Key escrow technology is generally known as a method for managing private keys on a network that should be managed on user terminals and devices such as IC cards owned by users. Key escrow technology allows keys (common keys, private keys) that should be kept secret in cryptographic communication to be transferred to third parties other than the sender and receiver of the ciphertext (for example, administrators of networks and applications, and administrators of organizations). The ciphertext between the sender and receiver can be decrypted by these administrators as needed.
  • cloud key management technology entrusts the key that should be kept confidential in encrypted communication to a third party other than the sender and receiver of the ciphertext, and allows the third party to decrypt the ciphertext. is the same as key escrow technology.
  • a receiver who wants to decrypt an encrypted communication performs a disturbance process when providing the ciphertext to a third party.
  • the disturbance-processed ciphertext is decrypted by a third party while the disturbance process is completed, and is provided to the recipient.
  • a third party cannot view the plaintext that has been deencrypted and disturbed at the time of decryption.
  • the recipient can keep the communication confidential from not only the person who defrauded the communication on the communication path, but also the third party who performs the decryption process.
  • the confidentiality of communication between the mail server at site A and the mail server at site B is guaranteed based on the encryption method of the email text (including attached files, etc.).
  • the text of the mail (including the attached file, etc.) decrypted into plain text by the mail server of each base is distributed as plain text within the base.
  • the encryption function and decryption function are executed on the user terminal that sends and receives the e-mail. is also widely practiced.
  • the mail text (including attached files and the like) is encrypted and decrypted for each mail server.
  • E-mails and attached files decrypted on the mail server are distributed in plain text on the closed network within the same site. If there is an attack to intrude into the closed network, the content of decrypted e-mails and attached files may be easily viewed by attackers.
  • the recipient of an email sent by the sender to the wrong address can check the contents. Confidentiality of the e-mail text and attached files downloaded to the user's terminal is guaranteed based on the position, work content, department, work project, etc., and is not related to the work that requires the document. , it is necessary to make it impossible for other employees to easily refer to the text of the email (including attached files, etc.).
  • the communication system of the present invention is a communication system having a user terminal for transmitting and receiving messages, and a server device for managing public and private keys. , when the user terminal transmits the message to another user terminal, the user terminal obtains a public key corresponding to the identification information of the recipient of the message, and uses the obtained public key to transmit the message or the message.
  • An encryption unit that encrypts an attached file, a transmission unit that transmits the message in which the message or the file attached to the message is encrypted by the encryption unit to another user terminal, and another user terminal a request unit for requesting the server device to decrypt the message or a file attached to the message when the message is received from the server device, and receiving the decrypted message or the file from the server device; , wherein the server device includes a key issuing unit that issues a private key corresponding to identification information of a recipient of the message, and a request for decryption of the message or a file attached to the message to the user terminal.
  • the key issuing unit when the private key issued by the key issuing unit is used to decrypt the message or the file attached to the message, and the decrypted message or the file is sent to the decryption and a decoding unit for transmitting to a user terminal that has made a request.
  • FIG. 1 is a block diagram showing a configuration example of a communication system according to the first embodiment.
  • FIG. 2 is a sequence diagram illustrating an example of the processing flow of the communication system according to the first embodiment;
  • FIG. 3 is a sequence diagram illustrating an example of the processing flow of the communication system according to the first embodiment;
  • FIG. 4 is a sequence diagram illustrating an example of the processing flow of the communication system according to the first embodiment;
  • FIG. 5 is a block diagram showing a configuration example of a communication system according to the second embodiment.
  • FIG. 6 is a sequence diagram showing an example of the processing flow of the communication system according to the second embodiment.
  • FIG. 7 is a sequence diagram illustrating an example of the processing flow of the communication system according to the second embodiment.
  • FIG. 8 is a sequence diagram illustrating an example of the processing flow of the communication system according to the second embodiment.
  • FIG. 9 is a diagram showing an example of an encryption policy setting screen.
  • FIG. 10 is a diagram showing a computer that executes a
  • Embodiments of the communication system, user terminal, communication method, and communication program according to the present application will be described in detail below with reference to the drawings. Note that the communication system, user terminal, communication method, and communication program according to the present application are not limited by this embodiment.
  • FIG. 1 is a block diagram showing a configuration example of a communication system according to the first embodiment. Note that the configuration shown in FIG. 1 is merely an example, and the specific configuration is not particularly limited.
  • the communication system of this embodiment comprises a message server 101 and a user environment 161 on the network 1, which are interconnected within the network 1. Also provided on the network 2 is a message server 102 and a user environment 162 which are interconnected within the network 2 .
  • the user environments 161 and 162 may have any configuration, but include at least user terminals.
  • a cloud key management server 171 is provided on the network 4.
  • Network 1, network 2, and network 4 are interconnected.
  • the message server 101 and the message server 102 have the same configuration because they mutually exchange messages using the same protocol.
  • the user environment 161 and the user environment 162 are assigned to individual users and exchange messages with each other, so they have the same configuration.
  • network 1 and network 2 have the same configuration.
  • a message is sent from the user environment 161 to the user environment 162 as an example.
  • the message server 101 includes a message receiving unit 101a that receives messages sent from the message transmission/reception function of the user environment 161, a message DB 101b that temporarily stores messages, and a user environment 141 that is used by the user to whom the message is addressed. a message sending unit 101c that identifies a message addressed to the user based on a message reception request from the user and sends the message to the user environment 141; Note that the message server 102 has the same configuration as that of the message server 101, so a description thereof will be omitted.
  • the user environment 161 includes a message transmission/reception unit 161a that distributes messages via the message server 101 and the message server 102; includes a perturbation unit 161c that perturbs the attached file of the message.
  • the user environment 162 has the same configuration as the user environment 161, so description thereof will be omitted.
  • the encryption unit 161b When transmitting a message to another user terminal (user environment 162), the encryption unit 161b acquires a public key corresponding to the identification information of the recipient of the message (e.g., the email address of the recipient). Encrypt a message or a file attached to a message with a public key. For example, the encryption unit 161b uses existing ID-based encryption to encrypt a message or a file attached to the message using an identifier such as the recipient's email address or name as a public key (see reference 1, for example). .
  • Reference 1 Kobayashi, Yamamoto, Suzuki, Hirata, "Application of ID-based cryptography and keyword search cryptography", NTT Technical Journal, February 2010
  • the message transmission/reception unit 161a has a transmission unit 1610 and a request unit 1611.
  • the transmission unit 1610 transmits the message encrypted by the encryption unit 161b or the file attached to the message to another user terminal (user environment 162).
  • the request unit 1611 When the request unit 1611 receives a message from another user terminal (user environment 162), it requests the cloud key management server 171 to decrypt the message or a file attached to the message. Receive decrypted messages or files.
  • the disturbing unit 161c disturbs the message encrypted by the encrypting unit 161b or the file attached to the message.
  • the cloud key management server 171 has a key issuing unit 171a, a key management unit 171b, and a decryption unit 171c.
  • the key issuing unit 171a issues a private key corresponding to the identification information of the recipient of the message.
  • the key management unit 171b stores public keys and private keys corresponding to message recipients. For example, when the key management unit 171b receives a request for a secret key from the user environment 161, and stores the requested secret key, it transmits the secret key to the user environment 161 and stores the requested secret. If the key is not stored, it requests the key issuing unit 171 a to issue a private key, and then transmits the issued private key to the user environment 161 .
  • the decryption unit 171c When the decryption unit 171c receives a request for decrypting a message or a file attached to the message from the user terminal (user environment 161), the decryption unit 171c uses the private key issued by the key issuing unit 171a to decrypt the message or The file attached to the message is decrypted, and the decrypted message or file is sent to the user terminal (user environment 161) that made the decryption request.
  • FIG. 2 to 4 are sequence diagrams showing an example of the processing flow of the communication system according to the first embodiment.
  • the message sender uses the user environment 161 to compose a message addressed to the recipient of the message.
  • the body of the message or attachments to the message are intended to prevent viewing by third parties other than the sender of the message or the recipient of the message.
  • the message sender designates a message or an attached file of the message, and an identifier of the message recipient (for example, recipient's mail address) (S000).
  • the message transmission/reception unit 161a of the user environment 161 requests the encryption unit 161b to encrypt the message or the attached file using the identifier of the message recipient as the public key (S001).
  • the encryption unit 161b uses the public key to encrypt the message or attached file (S002), and responds to the message transmission/reception unit 161a (S003).
  • the message transmission/reception unit 161a of the user environment 161 transmits the encrypted message or the encrypted attached file to the message server 101 (S004).
  • the message server 101 transmits the encrypted message or the encrypted attached file to the message server 102 of the network 2 to which the user environment 161 used by the message recipient belongs (S005).
  • the message transmission/reception unit 162a of the user environment 162 requests the message server 102 to acquire a new message (S021). Then, the message server 102 searches for a new message addressed to the message recipient (S022), and sends the new message to the message transmission/reception unit 162a of the user environment 162 (S023).
  • the message transmission/reception unit 162a of the user environment 162 confirms whether or not the new message has an encrypted message or an encrypted attached file (S024). If the encrypted attached file is included, the disturbance unit 162c is requested to process the encrypted message or the encrypted attached file (S025). The disturbance unit 162c performs disturbance processing (S026), and responds to the message transmission/reception unit 162a with the disturbed encrypted message or the disturbed encrypted attached file (S027).
  • the message transmission/reception unit 162a of the user environment 162 transmits the disturbed encrypted message or the disturbed encrypted attached file to the encryption processing function on the cloud key management server 171, and requests decryption (S028 ).
  • the decryption unit 171c then requests the private key corresponding to the message recipient from the key management unit 171b on the cloud key management server 171 (S029).
  • the key management unit 171b requests the key issuing function on the cloud key management server 171 to issue a private key (S031).
  • the key issuing unit 171a issues a private key corresponding to the message recipient (S032) and responds to the key managing unit 171b (S033).
  • the key management unit 171b responds with the secret key to the encryption processing function (S034).
  • the decrypting unit 171c decrypts the disturbed encrypted message or the disturbed encrypted attached file using the secret key (S035), and decrypts the disturbed encrypted mail or the disturbed decrypted attached file. It responds to the message transmitter/receiver 162a on the user environment 162 (S036).
  • the message transmission/reception unit 162a of the user environment 162 requests the disturbance release of the disturbed message or the disturbed attached file to the disturber 162c (S037).
  • the disturbance unit 162c performs disturbance cancellation processing (S038), and responds with the disturbed encrypted message or the disturbed encrypted attached file to the message transmitter/receiver 162a (S039).
  • the communication system when sending an email, the public key corresponding to the identification information of the message recipient is obtained and encrypted, and when receiving the email, the cloud key management server 171 is requested to decrypt it, so that the key can be managed by the user terminal. It is possible to send and receive messages more easily and safely without using For example, in the communication system according to the first embodiment, between the sender's user environment 161 and the recipient's user environment 162, using a public key corresponding to the identification information of the recipient of the message, can encrypt attachments and send and receive them. Also, in the communication system according to the first embodiment, it is possible to realize a secure message transmission/reception function in which key management on the user terminal side is minimized.
  • FIG. 5 is a block diagram showing a configuration example of a communication system according to the second embodiment. As shown in FIG. 5, networks 1 and 2 have directory servers 111 and 112, respectively.
  • the directory server 111 manages attributes related to users existing on the network 1 and provides the attributes in response to requests for other functions. Attributes here include an identifier that identifies the user, such as an email address or an account name at the time of login, affiliation information indicating the group to which the user belongs, position, authority, etc., and other information within the network. It includes general attribute information associated with an individual, such as name, which is necessary for the user to use not only this system but also systems connected to the network.
  • the directory server 111 has an attribute management unit 111a.
  • the attribute management unit 111a stores attribute information of each user, identifiers necessary for exchanging messages managed within the network, and user accounts used within the network.
  • the attribute management unit 111a stores, as attribute information, affiliation information indicating the group to which each user belongs, position, authority, and the like. Note that the directory server 111 and the directory server 112 have the same configuration, and the description of the directory server 112 is omitted.
  • the encryption unit 161b of the user environment 161 acquires a public key corresponding to the attribute information of the recipient of the message, and uses the acquired public key as to encrypt messages or files attached to messages.
  • the encryption unit 161b may encrypt a message or a file attached to the message including policy information indicating conditions for enabling decryption.
  • the encryption unit 161b may use an existing attribute-based encryption method to encrypt a decryption target message or email attachment including a policy of decryption conditions (for example, see Reference 2).
  • Reference 2 Abe, Tokunaga, Mehdi, Nishimaki, Kusakawa, "Forefront of Cryptographic Theory Research Corresponding to Changes in Computing Environment", NTT Technical Journal, February 2020
  • policies include identifiers of decryptable users, identifiers of decryptable organizations (groups of users), times when decryption is allowed, and so on.
  • the encryption unit 161b adds policy information that combines conditions such as a decryptable user identifier, a decryptable organization (group of users) identifier, and decryptable time to a message or email attachment to be decrypted. Generate embedded ciphertext.
  • the key issuing unit 171a links the user account, the organization to which the user account belongs, affiliation information such as position, available time zone, available terminal or available network, etc., to the message Generates a key pair that enables encryption and decryption of the text or attached file.
  • the decryption unit 171c of the cloud key management server performs decryption when the identification information embedded in the recipient's private key, the timing of decryption, etc. are suitable for the policy.
  • the private key held by the recipient includes, for example, the identifier of the user, the identifier of the organization, and the like.
  • FIG. 6 to 8 are sequence diagrams showing an example of the processing flow of the communication system according to the second embodiment.
  • the message transmitter/receiver 161a of the user environment 161 sends the identifier of the message receiver to the directory server 111 when the message sender creates a message addressed to the message receiver. Based on this, request is made for affiliation information indicating the group to which the message receiver belongs, position, authority, etc. (S101).
  • the directory server 111 acquires affiliation information related to the message recipient from the attribute management function based on the identifier of the message recipient (S102), and provides the affiliation information to the message transmission/reception unit 161a of the user environment 161 ( S103).
  • FIG. 9 is a diagram showing an example of an encryption policy setting screen.
  • the message transmission/reception unit 161a of the user environment 161 requests the encryption processing function to encrypt the message or attached file based on the encryption policy (S105). Then, the encryption unit 161b encrypts the message or attached file using the identifier and the encryption policy (S106). Since the flow of subsequent processing is the same as that of the first embodiment, description thereof is omitted.
  • each component of each device illustrated is functionally conceptual, and does not necessarily need to be physically configured as illustrated.
  • the specific form of distribution/integration of each device is not limited to the illustrated one, and all or part of them can be functionally or physically distributed/integrated in arbitrary units according to various loads and usage conditions. Can be integrated and configured.
  • the operation log acquisition device may detect an event of an operation screen displayed on another terminal and record the operation log.
  • each processing function performed by each device may be implemented in whole or in part by a CPU and a program analyzed and executed by the CPU, or implemented as hardware based on wired logic.
  • FIG. 10 is a diagram showing a computer that executes a communication program.
  • the computer 1000 has a memory 1010 and a CPU 1020, for example.
  • Computer 1000 also has hard disk drive interface 1030 , disk drive interface 1040 , serial port interface 1050 , video adapter 1060 and network interface 1070 . These units are connected by a bus 1080 .
  • the memory 1010 includes a ROM 1011 and a RAM 1012.
  • the ROM 1011 stores a boot program such as BIOS (Basic Input Output System).
  • Hard disk drive interface 1030 is connected to hard disk drive 1031 .
  • Disk drive interface 1040 is connected to disk drive 1041 .
  • a removable storage medium such as a magnetic disk or optical disk is inserted into the disk drive 1041 .
  • the serial port interface 1050 is connected to a mouse 1051 and a keyboard 1052, for example.
  • Video adapter 1060 is connected to display 1061, for example.
  • the hard disk drive 1031 stores an OS (Operating System) 1091, application programs 1092, program modules 1093, and program data 1094, for example. That is, a program that defines each process of each device is implemented as a program module 1093 in which code executable by the computer 1000 is described.
  • Program modules 1093 are stored, for example, in hard disk drive 1031 .
  • the hard disk drive 1031 stores a program module 1093 for executing processing similar to the functional configuration in the user terminal.
  • the hard disk drive 1031 may be replaced by an SSD (Solid State Drive).
  • the setting data used in the processing of the embodiment described above is stored as the program data 1094 in the memory 1010 or the hard disk drive 1031, for example. Then, the CPU 1020 reads out the program modules 1093 and program data 1094 stored in the memory 1010 and the hard disk drive 1031 to the RAM 1012 as necessary and executes them.
  • the program modules 1093 and program data 1094 are not limited to being stored in the hard disk drive 1031, but may be stored in a removable storage medium, for example, and read by the CPU 1020 via the disk drive 1041 or the like. Alternatively, the program modules 1093 and program data 1094 may be stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.). Program modules 1093 and program data 1094 may then be read by CPU 1020 through network interface 1070 from other computers.
  • LAN Local Area Network
  • WAN Wide Area Network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
PCT/JP2021/022218 2021-06-10 2021-06-10 通信システム、ユーザ端末、通信方法および通信プログラム WO2022259494A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2023526784A JPWO2022259494A1 (US08130964-20120306-P00016.png) 2021-06-10 2021-06-10
PCT/JP2021/022218 WO2022259494A1 (ja) 2021-06-10 2021-06-10 通信システム、ユーザ端末、通信方法および通信プログラム
US18/567,784 US20240146513A1 (en) 2021-06-10 2021-06-10 Communication system, user terminal, communication method, and communication program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/022218 WO2022259494A1 (ja) 2021-06-10 2021-06-10 通信システム、ユーザ端末、通信方法および通信プログラム

Publications (1)

Publication Number Publication Date
WO2022259494A1 true WO2022259494A1 (ja) 2022-12-15

Family

ID=84425079

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/022218 WO2022259494A1 (ja) 2021-06-10 2021-06-10 通信システム、ユーザ端末、通信方法および通信プログラム

Country Status (3)

Country Link
US (1) US20240146513A1 (US08130964-20120306-P00016.png)
JP (1) JPWO2022259494A1 (US08130964-20120306-P00016.png)
WO (1) WO2022259494A1 (US08130964-20120306-P00016.png)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005500740A (ja) * 2001-08-13 2005-01-06 ザ ボード オブ トラスティーズ オブ ザ リーランド スタンフォード ジュニア ユニバーシティ Idベース暗号化および関連する暗号手法のシステムおよび方法
JP2006319457A (ja) * 2005-05-10 2006-11-24 Ntt Data Corp 暗号化通信システム、秘密鍵発行装置、および、プログラム
WO2015008607A1 (ja) * 2013-07-18 2015-01-22 日本電信電話株式会社 復号装置、復号能力提供装置、それらの方法、およびプログラム
JP2018180408A (ja) * 2017-04-19 2018-11-15 日本電信電話株式会社 暗号処理方法、暗号処理システム、暗号化装置、復号装置、プログラム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005500740A (ja) * 2001-08-13 2005-01-06 ザ ボード オブ トラスティーズ オブ ザ リーランド スタンフォード ジュニア ユニバーシティ Idベース暗号化および関連する暗号手法のシステムおよび方法
JP2006319457A (ja) * 2005-05-10 2006-11-24 Ntt Data Corp 暗号化通信システム、秘密鍵発行装置、および、プログラム
WO2015008607A1 (ja) * 2013-07-18 2015-01-22 日本電信電話株式会社 復号装置、復号能力提供装置、それらの方法、およびプログラム
JP2018180408A (ja) * 2017-04-19 2018-11-15 日本電信電話株式会社 暗号処理方法、暗号処理システム、暗号化装置、復号装置、プログラム

Also Published As

Publication number Publication date
US20240146513A1 (en) 2024-05-02
JPWO2022259494A1 (US08130964-20120306-P00016.png) 2022-12-15

Similar Documents

Publication Publication Date Title
JP4571865B2 (ja) 識別ベースの暗号化システム
US9917828B2 (en) Secure message delivery using a trust broker
US20080098237A1 (en) Secure e-mail services system and methods implementing inversion of security control
KR20210137073A (ko) 블록체인 기반 보안 이메일 시스템
KR20200027921A (ko) 멀티-홉 변환 암호화를 통한 그룹들에 대한 직교 액세스 제어
Mont et al. A flexible role-based secure messaging service: Exploiting IBE technology for privacy in health care
US20050210246A1 (en) Secure email service
US7877594B1 (en) Method and system for securing e-mail transmissions
JP2006520112A (ja) セキュリティ用キーサーバ、否認防止と監査を備えたプロセスの実現
US20090271627A1 (en) Secure Data Transmission
US20080044023A1 (en) Secure Data Transmission
US20170279807A1 (en) Safe method to share data and control the access to these in the cloud
US20070288746A1 (en) Method of providing key containers
US9665731B2 (en) Preventing content data leak on mobile devices
JP4434680B2 (ja) 電子メール処理装置用プログラム
Sharma et al. A comprehensive review on encryption based open source cyber security tools
KR102413497B1 (ko) 보안 전자 데이터 전송을 위한 시스템 및 방법
CN109194650B (zh) 基于文件远距离加密传输系统的加密传输方法
WO2022259494A1 (ja) 通信システム、ユーザ端末、通信方法および通信プログラム
EP4144041A1 (en) Method and apparatus for end-to-end secure sharing of information with multiple recipients without maintaining a key directory
WO2022259495A1 (ja) 通信システム、ユーザ端末、通信方法および通信プログラム
Rawdhan et al. Enhancement of Email Security Services
Dumka et al. Taxonomy of E-Mail Security Protocol
US11736462B1 (en) Hybrid content protection architecture for email
JP2009503963A (ja) メッセージの伝送方法およびシステム、ならびにそれに適した暗号鍵発生器

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21945168

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023526784

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 18567784

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21945168

Country of ref document: EP

Kind code of ref document: A1