WO2023181900A1 - Dispositif et procédé de traitement d'informations, et système de traitement d'informations - Google Patents

Dispositif et procédé de traitement d'informations, et système de traitement d'informations Download PDF

Info

Publication number
WO2023181900A1
WO2023181900A1 PCT/JP2023/008456 JP2023008456W WO2023181900A1 WO 2023181900 A1 WO2023181900 A1 WO 2023181900A1 JP 2023008456 W JP2023008456 W JP 2023008456W WO 2023181900 A1 WO2023181900 A1 WO 2023181900A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
key
signature
information
public key
Prior art date
Application number
PCT/JP2023/008456
Other languages
English (en)
Japanese (ja)
Inventor
卓也 五十嵐
Original Assignee
ソニーグループ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ソニーグループ株式会社 filed Critical ソニーグループ株式会社
Publication of WO2023181900A1 publication Critical patent/WO2023181900A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present technology relates to an information processing device, method, and information processing system, and particularly relates to an information processing device, method, and information processing system that can further reduce the size of a certificate while ensuring security.
  • RFC-4880 OpenPGP Pretty Good Privacy
  • RFC-8551 S/MIME Secure/Multipurpose Internet Mail Extensions
  • a signature is performed on the IoT data, which is plain text data shown by arrow Q11, and a signature shown by arrow Q12 is obtained.
  • the signed IoT data is encrypted to generate encrypted data shown by arrow Q13.
  • a signature is applied to the encrypted data, and a signature shown by arrow Q14 is obtained.
  • signatures using public key cryptography are not suitable for low-bandwidth IoT data communication, and currently, signatures using a common key, that is, a common key encryption method, are used for IoT data.
  • a common key that is, a common key encryption method
  • the present technology was developed in view of this situation, and is intended to make it possible to further reduce the size of a certificate while ensuring security.
  • the information processing system includes a device that generates transmission data including encrypted data obtained by encrypting predetermined data, and a license that manages the public key of the public key cryptosystem of the device.
  • An information processing system including a server and a server that uses the encrypted data, wherein the device generates additional information based on the data and corresponds to the additional information, the encrypted data, and the public key.
  • the license server includes a recording unit that records the public key in association with the key identifier, and a first communication unit that transmits the transmission data.
  • a second communication unit that receives a request including the key identifier sent from a server and sends a response including the public key to the server in response to the request; a third communication unit that receives the request including the key identifier included in the certificate of the transmission data to the license server, and receives the response transmitted from the license server; and a verification unit that verifies the common signature based on the encrypted data, the additional information, and the public key included in the response.
  • a device that generates transmission data including encrypted data obtained by encrypting predetermined data, a license server that manages a public key of a public key cryptosystem of the device,
  • the device In the information processing system having a server that uses the encrypted data, the device generates additional information based on the data, and generates additional information based on the additional information, the encrypted data, and a private key corresponding to the public key.
  • a common signature for the data and the encrypted data is generated, and the transmission data includes a key identifier for identifying the public key, the common signature, and a certificate including the additional information, and the encrypted data;
  • the transmission data is transmitted.
  • the license server records the public key in association with the key identifier, receives a request including the key identifier sent from the server, and responds with a response including the public key in response to the request. is transmitted to the server, where the transmitted data is received, and the request including the key identifier included in the certificate of the transmitted data is transmitted to the license server, and the request is transmitted to the license server. The response transmitted from is received, and the common signature is verified based on the encrypted data, the additional information, and the public key included in the response.
  • the information processing apparatus and method according to the second aspect of the present technology are information processing apparatuses and methods corresponding to the device of the information processing system according to the first aspect of the present technology
  • the information processing apparatus and method according to the third aspect of the present technology and method are an information processing apparatus and method corresponding to the server of the information processing system according to the first aspect of the present technology.
  • FIG. 3 is a diagram illustrating signatures for encrypted data and decrypted data.
  • FIG. 1 is a diagram illustrating a configuration example of an information processing system.
  • FIG. 3 is a diagram showing an example of transmission data.
  • FIG. 2 is a diagram showing a specific example of IoT data. It is a figure explaining addition of tag information.
  • FIG. 3 is a diagram showing an example of traceability information and context ID.
  • FIG. 3 is a diagram showing an example of traceability information and context ID. It is a flowchart explaining registration processing. It is a flowchart explaining installation processing. It is a flowchart explaining data transmission processing. 3 is a flowchart illustrating transmission data generation processing.
  • FIG. 2 is a diagram illustrating generation of a common signature. It is a flowchart explaining data utilization processing. It is a flowchart explaining verification processing. It is a flowchart explaining decoding processing. It is a diagram showing an example of the configuration of a computer.
  • FIG. 2 is a diagram illustrating a configuration example of an embodiment of an information processing system to which the present technology is applied.
  • the information processing system 11 shown in FIG. 2 includes a license server 21, an IoT device 22, an IoT system server 23, a cloud server 24-1, and a cloud server 24-2.
  • the license server 21 is a server that manages public keys of public key cryptography used to verify signatures on IoT data generated by IoT devices 22, encryption keys used to encrypt IoT data, and traceability information of IoT data. It is.
  • the license server 21 includes a communication section 31, a control section 32, a generation section 33, and a recording section 34.
  • the communication unit 31 performs communication with the IoT system server 23, cloud server 24-1, and cloud server 24-2 according to instructions from the control unit 32.
  • the control unit 32 controls the operation of the license server 21 as a whole.
  • the generation unit 33 generates an encryption key and the like used for encrypting IoT data.
  • the recording unit 34 records a derived public key pubKey derived , a context ID (cID), traceability information (TraceabilityInfo), and an encryption key dataKey in association with the signature key identifier eID.
  • the signature key identifier eID is identification information that identifies a signature key used for signing IoT data, more specifically, a derived public key pubKey derived that is a public key of a public key cryptosystem corresponding to the signature key.
  • the signing key identifier eID is generated based on the derived public key pubKey derived .
  • the derived public key pubKey derived is a public key for public key cryptography used to verify signatures on IoT data.
  • a private key priKey dev and a public key pubKey dev which form a pair of public key cryptography, are issued to the IoT device 22.
  • the derived public key pubKey derived is generated by deriving the public key pubKey dev based on the context ID (cID), that is, the traceability information.
  • the context ID is an identifier that identifies traceability information, and is generated based on the traceability information.
  • the traceability information is metadata that indicates the origin of IoT data generated by the IoT device 22, that is, metadata related to the generation of IoT data.
  • the traceability information includes information for identifying the owner of IoT data, information indicating the DNN (Deep Neural Network) model used to generate the IoT data, and information on the camera as the IoT device 22. It includes information such as the installation location.
  • DNN Deep Neural Network
  • the encryption key dataKey is the common key of the common key encryption method used to encrypt and decrypt IoT data.
  • the IoT device 22 is an information processing device consisting of any device such as a surveillance camera, for example.
  • the IoT device 22 includes a communication section 41, a data generation section 42, a control section 43, a signature generation section 44, and a recording section 45.
  • the communication unit 41 performs IoT communication, which is low-band communication, with the IoT system server 23.
  • the data generation unit 42 generates IoT data.
  • the data generation unit 42 includes an image sensor 51 and a DNN engine 52.
  • the image sensor 51 takes an image of the surroundings of the IoT device 22 as a subject.
  • the DNN engine 52 is a DNN model, and receives as input an image captured by the image sensor 51, more specifically, a thumbnail image obtained from the image, and performs a predetermined inference on the thumbnail image. For example, the DNN engine 52 detects a human face area on a thumbnail image, and outputs the detection result as an inference result.
  • thumbnail images that are input to the DNN engine 52, inference results that are the output of the DNN engine 52, etc. are generated as IoT data.
  • the control unit 43 controls the overall operation of the IoT device 22.
  • the signature generation unit 44 encrypts the IoT data based on the encryption key dataKey, and generates a common signature that is a common signature of the IoT data and the encrypted data obtained by encrypting the IoT data.
  • the recording unit 45 is made of, for example, a non-volatile memory, and records the public key pubKey dev , private key priKey dev , derived private key priKey derived , encryption key dataKey, and signature key identifier eID.
  • the derived private key priKey derived is a public key cryptographic private key corresponding to the derived public key pubKey derived , and is used to generate a common signature. That is, the derived private key priKey derived is a signature key used to generate a common signature.
  • the IoT system server 23 is a server that manages one or more IoT devices 22.
  • the IoT system server 23 includes a communication section 61, a control section 62, and a recording section 63.
  • the communication unit 61 communicates with the IoT device 22, license server 21, and cloud server 24-1.
  • the control unit 62 controls the entire operation of the IoT system server 23.
  • the recording unit 63 records the private key priKey dev and public key pubKey dev of the IoT device 22 for each IoT device 22.
  • the cloud server 24-1 is an information processing device that uses IoT data supplied from the IoT devices 22 via the IoT system server 23.
  • the cloud server 24-1 from the IoT system server 23 includes a common signature commonly used for encrypted data of IoT data and decrypted data (IoT data) obtained by decrypting the encrypted data, and encrypted data.
  • IoT data decrypted data obtained by decrypting the encrypted data, and encrypted data.
  • the transmitted data is sent.
  • the cloud server 24-1 includes a communication section 71, a control section 72, a verification section 73, and a decryption section 74.
  • the communication unit 71 communicates with the IoT system server 23, license server 21, and cloud server 24-2.
  • the control unit 72 controls the entire operation of the cloud server 24-1.
  • the verification unit 73 verifies the common signature included in the transmission data received from the IoT system server 23.
  • the decryption unit 74 decrypts encrypted data included in the transmitted data.
  • the cloud server 24-1 uses the decrypted data (IoT data) obtained by decryption as appropriate, and transmits transmission data including the common signature and decrypted data to the cloud server 24-2.
  • the cloud server 24-2 receives the transmission data sent from the cloud server 24-1, verifies the common signature included in the transmission data, and decrypts the decrypted data included in the transmission data as appropriate. This is the information processing device to be used.
  • the cloud server 24-2 has the same configuration as the cloud server 24-1.
  • the cloud server 24-1 and the cloud server 24-2 will also be simply referred to as the cloud server 24 unless there is a particular need to distinguish them.
  • These cloud servers 24 are servers that constitute a cloud.
  • the IoT system server 23 issues a private key priKey dev and a public key pubKey dev to the IoT device 22 at an arbitrary timing, such as when the IoT device 22 is shipped from the factory, and then issues the private key priKey dev and public key to the IoT device 22. Install the key pubKey dev on the IoT device 22.
  • the IoT system server 23 generates a request requesting registration of the public key pubKey dev and traceability information (TraceabilityInfo), transmits it to the license server 21, and receives a response from the license server 21.
  • TraceabilityInfo public key pubKey dev and traceability information
  • the request includes the public key pubKey dev and traceability information.
  • the license server 21 generates a signature key identifier eID, a derived public key pubKey derived , a context ID (cID), and an encryption key dataKey in response to the request.
  • the license server 21 then records the derived public key pubKey derived , context ID (cID), traceability information (TraceabilityInfo), and encryption key dataKey in association with the signature key identifier eID, and also generates and transmits a response. .
  • the response includes the signature key identifier eID, context ID (cID), and encryption key dataKey.
  • the IoT system server 23 Upon receiving the response, the IoT system server 23 supplies the signature key identifier eID, context ID (cID), and encryption key dataKey included in the response to the IoT device 22, and installs the derived private key priKey derived . conduct.
  • a derived private key priKey derived is generated based on the context ID (cID) and the private key priKey dev , and the signature key identifier eID is also verified based on the derived private key priKey derived .
  • the derived private key priKey derived the encryption key dataKey, and the signature key identifier eID are recorded in the IoT device 22, and thereafter IoT data can be generated at any timing. It will be done.
  • the license server 21 may manage the license of the DNN engine 52 (DNN model) installed in the IoT device 22.
  • the IoT system server 23 can send and receive requests and responses for registering the public key pubKey dev , etc., when acquiring the license for the DNN engine 52.
  • the IoT device 22 When the IoT device 22 generates IoT data, it generates transmission data including encrypted data of the IoT data, and transmits it to the IoT system server 23 via IoT communication.
  • the IoT system server 23 When the IoT system server 23 receives the transmission data by the gateway serving as the communication unit 61, it transmits the transmission data to the cloud server 24-1 at an arbitrary timing via an arbitrary network such as the Internet.
  • the IoT system server 23 may verify the common signature included in the transmission data received from the IoT device 22.
  • the IoT system server 23 may send a request including the signature key identifier eID to the license server 21 and receive a response including the derived public key pubKey derived and traceability information from the license server 21.
  • the cloud server 24-1 Upon receiving the transmission data from the IoT system server 23, the cloud server 24-1 reads the signature key identifier eID included in the transmission data. The cloud server 24-1 then sends a request to the license server 21 that includes the read signature key identifier eID and requests to obtain a decryption license for encrypted data and traceability information.
  • the license server 21 generates a response including the derived public key pubKey derived , traceability information, and the encryption key dataKey, and sends it to the cloud server 24-1.
  • the cloud server 24-1 verifies the common signature included in the transmitted data based on the derived public key pubKey derived included in the received response, and also confirms (verifies) the origin of the encrypted data based on the traceability information. conduct.
  • the cloud server 24-1 decrypts the encrypted data using the received encryption key dataKey as a decryption key, and uses the decrypted data (IoT data) that is the plaintext data obtained as a result. Furthermore, the cloud server 24-1 generates new transmission data including a certificate including a common signature and decrypted data, and transmits it to the cloud server 24-2 via an arbitrary network such as the Internet.
  • the cloud server 24-2 Upon receiving the transmission data from the cloud server 24-1, the cloud server 24-2 sends a request to the license server 21 that includes the signature key identifier eID and requests the acquisition of traceability information.
  • the license server 21 generates a response including the derived public key pubKey derived and traceability information, and transmits it to the cloud server 24-2.
  • the cloud server 24-2 verifies the common signature included in the transmitted data based on the derived public key pubKey derived received from the license server 21, and also confirms (verifies) the origin of the decrypted data based on the traceability information. and use the decrypted data.
  • transmission data in which encrypted data or decrypted data is stored is distributed on the cloud configured by the cloud server 24.
  • the authenticity of both encrypted data and decrypted data can be verified using one common signature, which is a public key cryptographic signature, so the size of the certificate can be reduced while ensuring security. Can be made smaller.
  • FIG. 3 shows a specific example of transmission data. Note that in FIG. 3, the numerical value in parentheses indicates the number of bytes of information.
  • the part indicated by arrow Q21 shows transmission data including encrypted data
  • the part shown by arrow Q22 shows transmission data including decrypted data.
  • the transmission data shown in arrow Q21 includes an E2E (End to End) header "E2E Header”, first data "Data1” which is IoT data of plain text data, and encrypted data "2nd data” which is IoT data of plain text data. EncryptedData2” is included.
  • the E2E header "E2E Header" functions as a certificate (certificate data) that includes a common signature.
  • the E2E header includes tag information "Tag”, signature key identifier "eID”, common signature “Sign”, data identifier "dID”, and additional information “hashData2ScrambleTruncated”.
  • the tag information "Tag” indicates that the data structure of the transmission data conforms to the structure shown in FIG. 3, that is, the data format of the transmission data (E2E data).
  • the tag information also indicates the type of data included in the transmitted data, that is, whether the second data field "Data2" contains the second data itself, which is decrypted data, or whether the second data field "Data2" contains the encrypted data of the second data. It also functions as an identifier to identify whether the
  • the common signature "Sign” is one elliptic curve cryptographic signature commonly used for the first data, the second data, and the encrypted data of the second data.
  • the data identifier "dID" is an identifier that identifies the second data, and has a different value for each second data with respect to the signature key identifier eID.
  • the data identifier "dID" is a timestamp or random number when the second data is generated, and is the initial vector (iv) of the CTR (Counter) mode of AES (Advanced Encryption Standard) that encrypts the second data. ) is also used to generate.
  • the additional information "hashData2ScrambleTruncated” is information required when verifying the common signature in a device that has received transmission data including the encrypted data of the second data whose tag information is "EE”. This additional information “hashData2ScrambleTruncated” is generated based on the second data, the encrypted data of the second data, and the encryption key dataKey.
  • the E2E header is provided with a reserve area "Reserved,” and in this example, zero data, that is, padding data with a value of 0, is stored in the reserve area.
  • the E2E header includes data length information "lengthOfData1” indicating the data length (number of bytes) of the first data, and data length information "lengthOfData2" indicating the data length of the second data.
  • the first data does not necessarily need to be stored in the transmission data, and if the transmission data does not include the first data, that is, there is no field "Data1" of the first data, the data length information "lengthOfData1" is stored. 0 is specified as the value. Further, the data length information "lengthOfData2" is information indicating the data length of the second data, but in encryption using AES CTR mode, the data lengths of the encrypted data and the decrypted data are the same.
  • the transmission data shown by arrow Q22 includes an E2E header "E2E Header”, first data "Data1”, and second data "Data2" which is IoT data.
  • the E2E header includes tag information "Tag”, signature key identifier "eID”, common signature “Sign”, data identifier "dID”, additional information “hashEncryptedData2Truncated”, additional information “hashScrambleTruncated”, and data length information " lengthOfData1” and data length information "lengthOfData2".
  • the additional information "hashEncryptedData2Truncated” is generated based on the encrypted data of the second data, and the additional information “hashScrambleTruncated” is generated based on the encrypted data of the second data and the encryption key dataKey.
  • the first data “Data1" is always plain text data. Therefore, in this example, among the IoT data, data that does not need to be anonymized, such as metadata of the second data, is defined as the first data, and data that is desired to be anonymized is defined as the second data.
  • the cloud server 24-1 when the cloud server 24-1 receives the transmission data shown by the arrow Q21, it generates the transmission data shown by the arrow Q22 by rewriting the tag information, additional information, and encrypted data, and then sends the data to the cloud server 24-1. send to.
  • the size of the certificate can be made smaller by using a common signature for the first data, the second data, and the encrypted data of the second data.
  • the size of the certificate can be further reduced.
  • the authenticity of IoT data can be verified, and the IoT device 22 can be authenticated.
  • FIG. 4 for example, when the information processing system 11 is applied to a security camera service, it is conceivable to use the input/output data of the DNN engine 52 as the second data.
  • parts corresponding to those in FIG. 2 are denoted by the same reference numerals, and the explanation thereof will be omitted as appropriate.
  • the IoT device 22 is a security camera, and a thumbnail image generated based on a raw image captured by the image sensor 51 is input data to the DNN engine 52.
  • the DNN engine 52 detects the human face area on the input thumbnail image, and uses the detection result as output data, that is, the inference result.
  • the IoT device 22 performs processing such as blurring the human face area on the raw image or replacing it with a monochromatic area (image) to protect privacy.
  • the processed raw image is then compressed and encoded using the JPEG (Joint Photographic Experts Group) method to generate a JPEG image.
  • JPEG Joint Photographic Experts Group
  • the IoT device 22 receives the JPEG image "JPEG Data”, the E2E header "E2E Header”, the first data “Data1 (plaintext)”, and the encrypted data “Data2 (encrypted)” of the second data, as shown by arrow Q31.
  • the transmission data including the transmission data is transmitted to the cloud server 24. Note that the JPEG image and transmission data may be transmitted to the cloud server 24 via the IoT system server 23.
  • the hash value of the JPEG image is used as the first data. Further, the thumbnail image that is the input of the DNN engine 52 and the inference result that is the output of the DNN engine 52 are used as second data.
  • a JPEG image live-fed to the cloud server 24, that is, a security camera service, is recorded in the storage of the cloud server 24.
  • Users of the security camera service use a browser to check live-feed or recorded JPEG images, verify the authenticity of primary data and secondary data (encrypted data) for JPEG images, and traceability information. can be confirmed.
  • users can only view JPEG images that have been processed such as blurring, but in the event of an incident, they can obtain a license and decrypt the encrypted data, and use the decrypted data (second data).
  • a certain thumbnail image can be presented to a third party such as the police as evidence.
  • continuous JPEG images are transmitted as moving images from the IoT device 22 to the cloud server 24, so it is assumed that there is a communication band (wide).
  • Such security camera services can reduce the size of certificates, certify the authenticity of JPEG images, and provide traceability information.
  • the thumbnail image as the second data can be signed and encrypted to strengthen security.
  • a case may be considered in which a thumbnail image of an image obtained by the image sensor 51 is input to the DNN engine 52 and the type of subject on the thumbnail image is inferred.
  • the inference result by the DNN engine 52 ie, text data indicating the type of subject, etc.
  • the metadata may be the first data
  • the thumbnail image and the inference result, which are input and output of the DNN engine 52 may be the second data.
  • the IoT device 22 transmits the transmission data to the IoT system server 23 using low-band IoT communication.
  • the E2E header that serves as the certificate is generated by the IoT device 22, but the IoT system server 23 that manages the IoT device 22 uses the address of the IoT communication packet that stores the transmitted data to identify the IoT device that sent the transmitted data. 22 can be specified.
  • the derived public key pubKey derived corresponding to the derived private key priKey derived that the IoT device 22 uses to generate the common signature that is, the signature key identifier eID is known.
  • Tag information Tag and signature key identifier eID are not added (described) to the E2E header, and the IoT system server 22 sends data as shown in arrow Q42.
  • Tag information Tag and signature key identifier eID may be added in .
  • the tag information Tag and signature key identifier eID are written in the E2E header of the transmission data by the gateway of the IoT system server 23 that connects to the Internet from IoT communication.
  • a public key certificate of the derived public key pubKey derived indicated by the signature key identifier eID such as an X509-compliant hierarchical certificate, may be further added to the end of the transmitted data.
  • PKI public key pubKey derived public key infrastructure
  • the left side of Figure 6 shows an example of traceability information written in JSON format.
  • the IoT system server 23 that is, the IoT system administrator, generates JSON data as traceability information based on information regarding the installation of the IoT device 22, etc., and registers it in the license server 21.
  • the license server 21 can generate a context ID (cID) from traceability information by performing cryptographic calculations using the JSON Web Key standard. That is, for example, in JSON Web Key thumbprint, a unique context ID is generated by calculating the hash value of traceability information using the cryptographic hash function SHA256(). The context ID obtained in this way is managed by the license server 21.
  • cID context ID
  • the context ID (cID) will also change, so it is possible to verify whether the traceability information has been tampered with using the context ID.
  • the IoT system server 23 signs and issues traceability information including the VC, which is certified by multiple issuers. It is possible to provide secure traceability information.
  • the cryptographic hash value of the Id property (URL (Uniform Resource Locator)) included in the VC, calculated using the cryptographic hash function SHA256(), is used as the context ID (cID). It will be done.
  • the issuer (vendor) of each VC can be verified by generating traceability information based on VCs issued by multiple vendors, such as the vendor of the IoT device 22 and the vendor of the image sensor 51. Therefore, safety can be further improved. In other words, safer traceability information can be provided.
  • the IoT system server 23 issues a public key pair, a private key priKey dev and a public key pubKey dev , to the IoT device 22 at an arbitrary timing, such as at the time of factory shipment. Then, the IoT system server 23 supplies the issued private key priKey dev and public key pubKey dev to the recording unit 63 to be recorded and installed in the IoT device 22.
  • the private key priKey dev and the public key pubKey dev are recorded in the recording unit 45 of the IoT device 22.
  • the IoT system server 23 registers the derived public key pubKey derived and the traceability information in the license server 21.
  • the certificate (E2E header) signed by the derived private key priKey derived in the IoT device 22 includes information such as the device name of the IoT device 22 and the owner of the IoT data to verify the origin of the IoT data. Traceability information is not stored.
  • the certificate is signed using a derived private key priKey derived based on the traceability information, that is, the context ID (cID).
  • a license server 21 that provides a decryption license (decryption key license) for encrypted data obtained by encrypting second data that is IoT data manages the derived public key pubKey derived of the IoT device 22 and traceability information.
  • the license server 21 then provides the user of the encrypted data and decrypted data of the first data and the second data with the derived public key pubKey derived and traceability information for verifying the signature of the certificate.
  • the IoT system server 23 In order to enable the license server 21 to provide the derived public key pubKey derived and traceability information, the IoT system server 23 generates a request to register the derived public key pubKey derived and the traceability information and sends it to the license server 21. Send.
  • control unit 62 of the IoT system server 23 describes metadata related to the generation of IoT data, such as the IoT device 22, the image sensor 51, the DNN engine 52, the installation location of the IoT device 22, and the owner of the IoT data. to generate traceability information.
  • traceability information shown in FIGS. 6 and 7, for example, can be obtained.
  • control unit 62 generates a request including the public key pubKey dev and traceability information, and the communication unit 61 transmits the request generated by the control unit 62 to the license server 21.
  • the license server 21 performs a registration process and registers the derived public key pubKey derived and traceability information.
  • step S11 the communication unit 31 receives a request sent from the IoT system server 23.
  • step S12 the control unit 32 determines whether or not the requester has been successfully authenticated.
  • step S12 If it is determined in step S12 that the authentication has failed, the subsequent processing is not performed and the registration processing ends. At this time, for example, the communication unit 31 transmits a notification to the IoT system server 23 that an error has occurred.
  • step S12 the generation unit 33 generates a context ID (cID) in step S13 based on the traceability information included in the request received in step S11. do.
  • cID context ID
  • the generation unit 33 calculates the following equation (1) to obtain a hash value of the traceability information, and uses the obtained hash value as the context ID.
  • hash indicates a cryptographic hash function such as SHA256().
  • step S14 the generation unit 33 generates a derived public key pubKey derived based on the public key pubKey dev included in the request received in step S11 and the context ID (cID) generated in step S13.
  • the generation unit 33 derives the public key pubKey dev based on the context ID by calculating the following equation (2), and sets it as the derived public key pubKey derived .
  • Equation (2) G is the base point on the finite prime field elliptic curve, and the addition and integration calculations in equation (2) are performed on the finite prime field elliptic curve.
  • ECDSA Elliptic Curve Digital Signature Algorithm
  • step S15 the generation unit 33 generates a signature key identifier eID based on the derived public key pubKey derived .
  • the generation unit 33 calculates the hash value hashPubKey of the derived public key pubKey derived by calculating the following formula (3), and further calculates the signature key identifier eID by calculating the formula (4) based on the hash value hashPubKey. Calculate.
  • hash indicates a cryptographic hash function such as SHA256().
  • truncateLower20bytes() in equation (4) indicates a function that truncates the input 32-byte hash value hashPubKey to the lower 20 bytes. That is, in Equation (4), processing is performed to truncate a part of the hash value hashPubKey, and the value obtained as a result is used as the small-sized signature key identifier eID.
  • step S16 the generation unit 33 generates an encryption key dataKey.
  • the generation unit 33 generates the encryption key dataKey by calculating the following equation (5) based on the cryptographic random number generation function random(). That is, here, the generated random number is used as the encryption key dataKey.
  • the control unit 32 also supplies the signature key identifier eID, derived public key pubKey derived , context ID (cID), traceability information, and encryption key dataKey obtained through the above processing to the recording unit 34, and instructs recording. do.
  • step S17 the recording unit 34 records a record of a set of derived public key pubKey derived , context ID (cID), traceability information, and encryption key dataKey in the database in association with the signature key identifier eID. This means that the derived public key pubKey derived and traceability information are registered.
  • step S18 the control unit 32 generates a response including the signature key identifier eID, context ID (cID), and encryption key dataKey.
  • the response may include the derived public key pubKey derived .
  • step S19 the communication unit 31 transmits the response generated in the process of step S18 to the IoT system server 23, and the registration process ends.
  • the license server 21 generates (issues) a derived public key pubKey derived in response to a request from the IoT system server 23, and registers the derived public key pubKey derived and traceability information.
  • traceability information is managed by the license server 21, even if the IoT device 22 or IoT system server 23 is hacked, the traceability information will not be tampered with. Further, since traceability information is provided only to a specific device (user) such as the cloud server 24, it is possible to maintain confidentiality, that is, to prevent leakage of traceability information.
  • the private key priKey dev of the IoT device 22 is never supplied to the license server 21, the private key priKey dev is not leaked from the license server 21, and security can be improved.
  • the IoT system server 23 When the IoT system server 23 receives the response from the license server 21 through the communication unit 61, the IoT system server 23 transmits the signature key identifier eID, the encryption key dataKey, and the derived secret key at any timing, such as when installing the IoT device 22. Install priKey derived . Note that this installation may be performed at the time of factory shipment.
  • the control unit 62 reads the signature key identifier eID, context ID (cID), and encryption key dataKey from the response, and the communication unit 61 transmits the signature key identifier eID, context ID (cID), and encryption key dataKey to the IoT device. 22.
  • step S51 the communication unit 41 receives the signature key identifier eID, context ID (cID), and encryption key dataKey transmitted from the IoT system server 23.
  • step S52 the control unit 43 generates a derived private key priKey derived based on the private key priKey dev recorded in the recording unit 45 and the context ID (cID) received from the IoT system server 23.
  • control unit 43 calculates the following equation (6) to derive the private key priKey dev from the context ID (cID), that is, the traceability information, and sets it as the derived private key priKey derived .
  • step S53 the control unit 43 verifies the signature key identifier eID received in step S51 based on the derived private key priKey derived .
  • control unit 43 calculates the following equation (7) based on the derived private key priKey derived to obtain the derived public key temp_pubKey derived corresponding to the derived public key pubKey derived .
  • G indicates a base point on the finite element elliptic curve.
  • control unit 43 calculates the hash value hashPubKey of the derived public key temp_pubKey derived based on the cryptographic hash function hash such as SHA256() by calculating the following equation (8).
  • control unit 43 calculates the signature key identifier temp_eID corresponding to the signature key identifier eID received in step S51 by calculating the following formula (9) based on the hash value hashPubKey obtained by calculating the formula (8). calculate.
  • truncateLower20bytes() in equation (9) is a function that performs the same truncation as in equation (4).
  • the control unit 43 verifies the signature key identifier eID by checking whether the signature key identifier temp_eID obtained in this manner matches the signature key identifier eID received in step S51.
  • the signature key identifier temp_eID and the signature key identifier eID match, it is confirmed (verified) that the derived private key priKey derived used to generate the signature key identifier temp_eID corresponds to the signature key identifier eID. . In other words, it has been verified that the derived private key priKey derived and the derived public key pubKey derived managed by the license server 21 are a corresponding key pair of the public key cryptosystem.
  • control unit 43 After the control unit 43 verifies the signature key identifier eID, the control unit 43 supplies the signature key identifier eID, the derived private key priKey derived , and the encryption key dataKey to the recording unit 45 to record them, and the installation process ends.
  • the IoT device 22 verifies the signature key identifier eID, and installs the signature key identifier eID, the derived private key priKey derived , and the encryption key dataKey. As a result, from now on, it becomes possible to generate a common signature using the derived private key priKey derived , that is, to sign a certificate.
  • the IoT device 22 receives the signature key identifier eID etc. from the IoT system server 23 and installs it.
  • the IoT device 22 can perform the installation without communicating with the license server 21.
  • the IoT device 22 may directly communicate with the license server 21 to install the signature key identifier eID and the like.
  • the communication unit 41 of the IoT device 22 transmits a request including the public key pubKey dev and traceability information to the license server 21, and receives a response transmitted from the license server 21 as a response.
  • This response includes, for example, a derived public key pubKey derived , a context ID (cID), and an encryption key dataKey.
  • the IoT device 22 Upon receiving the response, the IoT device 22 calculates the signature key identifier eID based on the derived public key pubKey derived , performs the same process as the installation process described with reference to FIG. 9, and installs the signature key identifier eID, etc. do.
  • the installation may be performed at a timing such as when the IoT device 22 is shipped from the factory.
  • the license server 21 also manages the license for the DNN engine 52, the signature key identifier eID, etc. may be installed when acquiring the license for the DNN engine 52.
  • the traceability information is changed, for example, when the DNN engine 52 is changed, the changed traceability information is registered in the license server 21.
  • the IoT device 22 a new signing key identifier eID, derived private key priKey derived , and encryption key dataKey are newly installed in accordance with the change in the traceability information.
  • step S81 the data generation unit 42 generates first data and second data as IoT data.
  • the image sensor 51 of the data generation unit 42 photographs a surrounding subject
  • the DNN engine 52 performs inference using the thumbnail image of the image obtained by the image sensor 51 as input, and outputs the inference result.
  • the data generation unit 42 generates, for example, metadata of an image obtained by photographing with the image sensor 51 as first data, and also generates thumbnail images and inference results that are input/output data of the DNN engine 52 as second data. Data.
  • step S82 the IoT device 22 generates transmission data by performing transmission data generation processing.
  • the details of the transmission data generation process will be described later, but in the transmission data generation process, the first data, the second data, the signature key identifier eID recorded in the recording unit 45, the derived private key priKey derived , the encryption key Based on dataKey, transmission data having the data structure shown by arrow Q21 in FIG. 3 is generated.
  • step S83 the communication unit 41 transmits the transmission data generated in step S82 to the IoT system server 23 by low-band communication.
  • step S84 the control unit 43 determines whether to end the process of generating and transmitting transmission data.
  • step S84 If it is determined in step S84 that the process is not finished yet, the process returns to step S81 and the above-described process is repeated.
  • step S84 each part of the IoT device 22 stops the process it is performing, and the data transmission process ends.
  • the IoT device 22 sequentially generates and transmits transmission data.
  • step S121 the signature generation unit 44 generates a hash value (cryptographic hash value) of the IoT data generated in step S81 of FIG.
  • the signature generation unit 44 calculates the hash value hashData1 of the first data by calculating the following equation (10) based on the first data (Data1) and the cryptographic hash function SHA256(). Similarly, the signature generation unit 44 calculates the hash value hashData2 of the second data by calculating the following equation (11) based on the second data (Data2) and the cryptographic hash function SHA256( ).
  • step S122 the signature generation unit 44 encrypts the second data and generates a hash value of the encrypted data obtained as a result.
  • the signature generation unit 44 reads the signature key identifier eID from the recording unit 45 and generates the data identifier dID based on the time stamp, random number, etc. of the second data.
  • the signature generation unit 44 calculates the following equation (12) to obtain the hash value of the data obtained by combining the signature key identifier eID and the data identifier dID based on the cryptographic hash function SHA256().
  • the hash value be the initial vector iv.
  • the signature generation unit 44 calculates the following equation (13) based on the initial vector iv, the second data (Data2), and the encryption key dataKey recorded in the recording unit 45, and encrypts the second data. do.
  • AES256_CTR_enc() indicates the cryptographic function of AES CTR (Counter) mode.
  • Encrypted data EncryptedData2 is obtained by encrypting the second data.
  • the signature generation unit 44 calculates the hash value hashEncryptedData2 of the encrypted data by calculating the following equation (14) based on the encrypted data EncryptedData2.
  • the hash value hashEncryptedData2 of the encrypted data EncryptedData2 is determined based on the cryptographic hash function SHA256().
  • step S123 the signature generation unit 44 generates a common hash value of the first data, the second data (decrypted data), and the encrypted data of the second data.
  • the signature generation unit 44 calculates the following equation (15) based on the hash value hashEncryptedData2 of the encrypted data and the encryption key dataKey, and obtains the hash value hashScramble.
  • the hash value of the data obtained by combining the hash value hashEncryptedData2 and the encryption key dataKey is determined based on the cryptographic hash function SHA256(), and is set as hashScramble.
  • the signature generation unit 44 calculates the following equation (16) based on the hash value hashScramble obtained by calculating equation (15), thereby truncating a part of the hash value hashScramble to obtain a hash value hashScrambleTruncated.
  • TruncateToLower10Bytes() in equation (16) indicates a function that truncates the input 32-byte cryptographic hash value, that is, the hash value hashScramble, to only the lowest 10 bytes.
  • the signature generation unit 44 calculates the following formula (17) based on the hash value hashScrambleTruncated obtained by formula (16) and the hash value hashData2 obtained by formula (11), thereby generating a random number of the second data. Calculate (generate) the converted hash value hashData2Scramble.
  • the hash value of the data obtained by combining hash value hashData2 and hash value hashScrambleTruncated is determined based on the cryptographic hash function SHA256(), and is set as hashData2Scramble.
  • the signature generation unit 44 truncates a part of the hash value hashData2Scramble to obtain a hash value hashData2ScrambleTruncated by calculating the following formula (18) based on the hash value hashData2Scramble obtained by formula (17).
  • TruncateToLower10Bytes() in equation (18) is a function that performs the same truncation as in equation (16).
  • the hash value hashData2ScrambleTruncated obtained by formula (18) is the final hash value of the second data that has been converted into a random number, and this hash value is stored as additional information in the E2E header, that is, in the certificate.
  • the signature generation unit 44 also generates a hash value of the first data. That is, the signature generation unit 44 generates a partially truncated hash value hashData1Truncated by calculating the following equation (19) based on the hash value hashData1 of the first data obtained in step S121.
  • TruncateToLower10Bytes() in equation (19) is a function that performs the same truncation as in equation (18).
  • the signature generation unit 44 calculates the following equation (20) based on the hash value hashEncryptedData2 of the encrypted data of the second data obtained by equation (14), thereby generating a partially truncated hash value hashEncryptedData2Truncated. generate.
  • TruncateToLower10Bytes() in equation (20) is a function that performs the same truncation as in equation (18).
  • the signature generation unit 44 generates (calculates) a common hash value hashData of the first data, second data, and encrypted data by calculating the following equation (21).
  • the hash value hashData1Truncated of the first data, the hash value hashEncryptedData2Truncated of the encrypted data, and the hash value hashData2ScrambleTruncated of the second data are combined to generate combined data. Then, a hash value of the combined data is determined based on the cryptographic hash function SHA256( ), and the hash value is set as the common hash value hashData.
  • step S124 the signature generation unit 44 generates a common signature (Sign) based on the common hash value hashData and the derived private key priKey derived recorded in the recording unit 45.
  • the signature generation unit 44 calculates the hash message hashMsg by calculating the following equation (22).
  • the signature key identifier eID, the data identifier dID, the common hash value hashData, the data length information lengthOfData1 indicating the length of the first data, and the data length information lengthOfData2 indicating the length of the second data are combined.
  • Combined data is generated.
  • a hash value of the combined data is determined based on the cryptographic hash function SHA256(), and the hash value is taken as the hash message hashMsg.
  • the signature generation unit 44 generates a common signature (Sign) by calculating the following equation (23) based on the derived private key priKey derived and the hash message hashMsg.
  • ECDSA256_sign() is a cryptographic function that performs an elliptic curve cryptographic signature.
  • steps S121 to S124 above is summarized as shown in FIG. 12. Note that the numbers in parentheses in FIG. 12 indicate equation numbers indicating calculations performed in the process of generating the common signature (Sign).
  • the hash value hashData1 of the first data (Data1) is first obtained, and then a part of the hash value hashData1 is truncated to generate the final hash value hashData1Truncated of the first data. be done.
  • the hash value hashData2 of the second data (Data2) is obtained, and as shown in the upper right of the figure, the second data is calculated based on the initial vector iv and the encryption key dataKey.
  • the data is encrypted and encrypted data EncryptedData2 is generated.
  • a hash value hashEncryptedData2 of the encrypted data EncryptedData2 is obtained, and a hash value hashScrambleTruncated is generated based on the hash value hashEncryptedData2 and the encryption key dataKey, as shown in the center of the figure.
  • a final hash value hashData2ScrambleTruncated of the second data is generated, which is randomized using the encryption key dataKey.
  • the final hash value hashEncryptedData2Truncated of the encrypted data is generated from the hash value hashEncryptedData2 of the encrypted data.
  • a common hash value hashData is generated from the hash value hashData1Truncated of the first data, the hash value hashData2ScrambleTruncated of the second data, and the hash value hashEncryptedData2Truncated of the encrypted data.
  • a hash message hashMsg is generated from the common hash value hashData, and a common signature (Sign) is generated from the hash message hashMsg.
  • the common signature obtained in this way can be verified using the derived public key pubKey derived that corresponds to the derived private key priKey derived .
  • the transmission data including the encrypted data of the second data does not include the second data.
  • the device that receives the transmission data indicated by arrow Q21 cannot obtain the hash value hashData2ScrambleTruncated obtained from the second data and the encryption key dataKey. Therefore, the certificate (E2E header) included in such transmission data includes a hash value hashData2ScrambleTruncated as additional information for verifying the common signature.
  • the transmitted data including the second data does not include the encrypted data of the second data. Therefore, the device that receives the transmission data shown by arrow Q22 cannot obtain the hash value hashScrambleTruncated or the hash value hashEncryptedData2Truncated from the encrypted data of the second data.
  • the certificate (E2E header) included in such transmission data includes the hash value hashScrambleTruncated and the hash value hashEncryptedData2Truncated as additional information for verifying the common signature.
  • a hash value hashScrambleTruncated is generated from the encryption key dataKey, which is kept secret, that is, not made public.
  • the hash value hashScrambleTruncated is used to generate a hash value hashData2ScrambleTruncated for verifying the authenticity of the second data (Data2).
  • the hash value of the second data is randomized using the encryption key dataKey.
  • the encryption hash since the encryption hash has the same hash value for the same data, it is not possible to identify the original data from the hash values of multiple data. However, if the hash value hashData2 of the second data is stored (recorded) as it is in the E2E header, it becomes possible to determine the identity of the second data from the transmitted data.
  • the second data can be identified by calculating a hash value from the estimated value of the second data. turn into.
  • the hash value of the second data is randomized (scrambled) using the encryption key dataKey, so it is possible to prevent the second data from being obtained by estimation.
  • the signature generation unit 44 generates information such as a hash value obtained from the first data when generating the common signature, a hash value obtained from the encrypted data of the second data, a hash value obtained from the second data, etc. Performs processing to truncate part of each hash value. This allows the size of the certificate, ie, the common signature, to be further reduced.
  • the common signature determines the authenticity of the signature key identifier eID, data identifier dID, data length information lengthOfData1 of the first data, and data length information lengthOfData2 of the second data, which are used to generate the common signature and are included in the E2E header. can also be verified.
  • step S125 the process of step S125 is then performed.
  • step S125 the control unit 43 generates an E2E header that includes the common signature and has the tag information value "EE".
  • control unit 43 as shown by arrow Q21 in FIG. Generate an E2E header including data length information lengthOfData1 and data length information lengthOfData2.
  • This E2E header is a certificate.
  • an E2E header that does not include tag information and signing key identifier eID may be generated.
  • the communication unit 61 or control unit 62 of the IoT system server 23 writes the tag information “EE” and the signature key identifier eID to the E2E header of the transmission data received from the IoT device 22, and after the communication unit 61 writes the transmission data to the cloud server 24.
  • step S126 the control unit 43 generates transmission data including the encrypted data of the E2E header, first data, and second data generated in step S125.
  • transmission data having the data structure shown, for example, by arrow Q21 in FIG. 3 is obtained.
  • the IoT device 22 generates one public key cryptographic signature common to the first data, the second data, and the encrypted data of the second data as a common signature. By doing so, it is possible to further reduce the size of the certificate while ensuring security using public key cryptography.
  • the common signature does not include traceability information
  • the size of the common signature can be further reduced. This can be achieved by generating a common signature (signing the certificate) using the derived private key priKey derived based on the traceability information, and managing the derived public key pubKey derived and the traceability information on the license server 21. be.
  • the communication unit 61 of the IoT system server 23 receives the transmitted transmission data and transmits it to the cloud server 24-1. Further, the cloud server 24-1 uses the received transmission data, rewrites a part of the transmission data as appropriate, and transmits the rewritten data to the cloud server 24-2.
  • the cloud server 24 receives the transmission data that includes the first data and either the encrypted data of the second data or the second data, and Take advantage of.
  • step S151 the communication unit 71 receives transmission data transmitted from the IoT system server 23 or another cloud server 24.
  • step S152 the control unit 72 determines whether the value of the tag information included in the E2E header of the transmission data received in step S151 is "EE". Based on the value of the tag information, it is determined whether the second data included in the transmission data is encrypted, that is, whether decrypted data or encrypted data is stored.
  • step S152 If it is determined in step S152 that the value of the tag information is "EE", the transmitted data includes the encrypted data of the second data, so the process then proceeds to step S153.
  • step S153 the communication unit 71 transmits a request to the license server 21 to obtain a decryption license for encrypted data and traceability information, including the signature key identifier eID.
  • control unit 72 reads the signature key identifier eID from the E2E header of the received transmission data, and generates a request including the read signature key identifier eID.
  • the read signature key identifier eID is set in the request.
  • the communication unit 71 transmits the request generated by the control unit 72 to the license server 21.
  • encryption of the communication path such as TLS, authentication of the license server 21, request by password, etc., that is, authentication of the requester (cloud server 24) is also performed as appropriate. .
  • the communication unit 31 of the license server 21 transmits a response according to the request.
  • step S154 the communication unit 71 receives a response sent from the license server 21 that includes the decryption license corresponding to the designated signature key identifier eID, the derived public key pubKey derived , and traceability information.
  • the decryption license is generated based on the encryption key dataKey.
  • the decryption license includes the encryption key dataKey as the decryption key.
  • the encryption key dataKey used during decryption will also be particularly referred to as the decryption key dataKey.
  • step S155 the verification unit 73 performs verification processing and verifies the common signature included in the E2E header of the transmission data. Note that details of the verification process will be described later.
  • step S156 the control unit 72 determines whether or not the common signature has been successfully verified.
  • step S156 If it is determined in step S156 that the verification has failed, the control unit 72 determines that an error has occurred, notifies the user of the error occurrence as appropriate, and ends the data usage process.
  • step S156 determines whether the verification was successful. If it is determined in step S156 that the verification was successful, the process proceeds to step S157.
  • step S157 the cloud server 24 performs decryption processing. Note that the details of the decryption process will be described later, but in the decryption process, the encrypted data is decrypted based on the decryption license included in the response, that is, the decryption key dataKey.
  • step S157 After the process of step S157 is performed, the process then proceeds to step S163.
  • step S152 determines that the value of the tag information is not "EE”
  • the control unit 72 in step S158 determines that the value of the tag information included in the E2E header of the transmission data received in step S151 is "EP”. ”.
  • step S158 If it is determined in step S158 that the value of the tag information is not "EP”, the control unit 72 determines that an error has occurred, appropriately reports the occurrence of the error, and ends the data usage process.
  • step S158 determines whether the value of the tag information is "EP"
  • the transmission data includes the second data (decoded data), so the process then proceeds to step S159. move on.
  • step S159 the communication unit 71 transmits a request to the license server 21 to request the acquisition of traceability information including the signature key identifier eID.
  • control unit 72 reads the signature key identifier eID from the E2E header of the received transmission data, and generates a request including the read signature key identifier eID.
  • the communication unit 71 transmits the request generated by the control unit 72 to the license server 21.
  • encryption of the communication path such as TLS, authentication of the license server 21, request by password, etc., that is, authentication of the requester (cloud server 24) is also performed as appropriate. . Note that if anyone is to be able to verify the common signature and obtain traceability information, the requester of the request may not be authenticated.
  • the communication unit 31 of the license server 21 transmits a response according to the request.
  • step S160 the communication unit 71 receives a response including the derived public key pubKey derived corresponding to the designated signature key identifier eID and traceability information, which is transmitted from the license server 21.
  • step S161 the verification unit 73 performs verification processing and verifies the common signature included in the E2E header of the transmission data. Note that in step S161, the same process as step S155 is performed.
  • step S162 the control unit 72 determines whether or not the common signature has been successfully verified.
  • control unit 72 determines that an error has occurred, notifies the user of the error occurrence as appropriate, and ends the data usage process.
  • step S162 determines whether the verification is successful. If it is determined in step S162 that the verification is successful, the process proceeds to step S163.
  • step S157 If the process in step S157 has been performed or it is determined in step S162 that the verification has been successful, then the process in step S163 is performed.
  • control unit 72 uses the first data and second data as IoT data, and traceability information.
  • control unit 72 supplies IoT data and traceability information to a display unit (not shown) and displays the data.
  • step S163 the data usage process ends.
  • the cloud server 24 acquires the derived public key pubKey derived and traceability information from the license server 21, verifies the common signature (certificate) of the transmitted data, and also verifies the IoT data included in the transmitted data. Make use of it.
  • the authenticity of a plurality of data such as the first data, the encrypted data of the second data, and the second data (decrypted data) can be verified using one common signature included in the transmitted data.
  • step S191 the verification unit 73 determines whether the value of the tag information included in the E2E header of the transmission data received in step S151 of FIG. 13 is "EE".
  • step S191 If it is determined in step S191 that the value of the tag information is "EE", the transmitted data includes the encrypted data of the second data, so the process then proceeds to step S192.
  • step S192 the verification unit 73 calculates (generates) a hash value hashData1Truncated of the first data based on the first data included in the transmission data.
  • the verification unit 73 calculates the above equation (10) based on the first data (Data1) to calculate the hash value hashData1, and further calculates the above equation (19) based on the obtained hash value hashData1. By doing this, the hash value hashData1Truncated is calculated.
  • step S193 the verification unit 73 calculates (generates) a hash value hashEncryptedData2Truncated based on the encrypted data EncryptedData2 of the second data included in the transmission data.
  • the verification unit 73 calculates the hash value hashEncryptedData2 by calculating the above equation (14) based on the encrypted data EncryptedData2. Furthermore, the verification unit 73 calculates the hash value hashEncryptedData2Truncated by calculating the above-mentioned formula (20) based on the obtained hash value hashEncryptedData2.
  • step S194 the verification unit 73 reads the hash value hashData2ScrambleTruncated of the second data from the E2E header of the transmission data.
  • step S195 the verification unit 73 calculates (generates) a hash message hashMsg.
  • the verification unit 73 calculates the common hash value hashData by calculating the above equation (21) based on the hash value hashData1Truncated, the hash value hashEncryptedData2Truncated, and the hash value hashData2ScrambleTruncated obtained in steps S192 to S194.
  • the verification unit 73 uses the common hash value hashData, the signature key identifier eID, the data identifier dID, the data length information lengthOfData1 of the first data, and the data length information lengthOfData2 of the second data included in the E2E header of the transmission data.
  • the hash message hashMsg is calculated by calculating the above-mentioned formula (22) based on the above equation (22).
  • step S191 determines whether the value of the tag information is not "EE”, that is, the value of the tag information is "EP”
  • the process of step S196 is performed, and the hash value hashData1Truncatedg of the first data is calculated. Ru.
  • step S196 is the same as the process in step S192, so a description thereof will be omitted. Further, if the value of the tag information is neither "EE” nor "EP”, it is determined in step S158 of FIG. 13 that the value of the tag information is not "EP”, and error processing is performed.
  • step S197 the verification unit 73 reads the hash value hashEncryptedData2Truncated and hash value hashScrambleTruncated of the encrypted data from the E2E header of the transmission data.
  • step S198 the verification unit 73 calculates (generates) a hash value hashData2ScrambleTruncated of the second data based on the second data included in the transmission data and the hash value hashScrambleTruncated read out in step S197.
  • the verification unit 73 calculates the hash value hashData2 by calculating the above equation (11) based on the second data (Data2).
  • the verification unit 73 calculates the hash value hashData2ScrambleTruncated by calculating the above-mentioned equations (17) and (18) based on the hash value hashData2 and the hash value hashScrambleTruncated read in step S197.
  • step S199 the verification unit 73 calculates (generates) a hash message hashMsg.
  • the verification unit 73 calculates the common hash value hashData by calculating the above equation (21) based on the hash value hashData1Truncated, hash value hashEncryptedData2Truncated, and hash value hashData2ScrambleTruncated obtained in steps S196 to S198.
  • the verification unit 73 uses the common hash value hashData, the signature key identifier eID, the data identifier dID, the data length information lengthOfData1 of the first data, and the data length information lengthOfData2 of the second data included in the E2E header of the transmission data.
  • the hash message hashMsg is calculated by calculating the above-mentioned formula (22) based on the above equation (22).
  • step S195 or step S199 After the process of step S195 or step S199 is performed, the process of step S200 is performed.
  • step S200 the verification unit 73 verifies the common signature (Sign) included in the E2E header of the transmission data based on the derived public key pubKey derived and the hash message hashMsg.
  • the verification unit 73 verifies the common signature using the signature verification function ECDSA256_Verify() by calculating the following equation (24) based on the derived public key pubKey derived , the hash message hashMsg, and the common signature (Sign). conduct.
  • step S162 the verification process ends. At this time, for example, if the verification process is performed as the process of step S155 in FIG. , After the verification process is completed, the process proceeds to step S162.
  • steps S192 to S195 and step S200 which are performed when the value of the tag information is "EE" are performed by the cloud server 24-1.
  • steps S196 to step S200 that are performed when the value of the tag information is "EP” are performed by the cloud server 24-2.
  • the cloud server 24 verifies the common signature based on the received transmission data and the derived public key pubKey derived obtained from the license server 21.
  • the authenticity of a plurality of data such as the first data, the encrypted data of the second data, and the second data (decrypted data) can be verified using one common signature. Furthermore, the authenticity of the signature key identifier eID, the data identifier dID, the data length information lengthOfData1 of the first data, and the data length information lengthOfData2 of the second data can also be verified.
  • step S231 the control unit 72 calculates (generates) a hash value hashEncryptedData2Truncated as additional information based on the encrypted data EncryptedData2 of the second data included in the transmission data received in step S151 of FIG.
  • control unit 72 calculates the hash value hashEncryptedData2Truncated by calculating the above-mentioned equations (14) and (20) based on the encrypted data EncryptedData2.
  • step S232 the control unit 72 replaces (rewrites) the hash value hashData2ScrambleTruncated as additional information in the E2E header of the received transmission data with the hash value hashEncryptedData2Truncated obtained in step S231.
  • step S233 the control unit 72 calculates (generates) a hash value hashScrambleTruncated as additional information based on the encrypted data EncryptedData2 and the decryption key dataKey.
  • control unit 72 calculates the hash value hashScrambleTruncated by calculating the above equations (14) to (16) based on the encrypted data EncryptedData2 and the decryption key dataKey.
  • step S234 the control unit 72 replaces (rewrites) the padding data in the reserved area "Reserved" of the E2E header of the received transmission data with the hash value hashScrambleTruncated as the additional information obtained in step S233, and also adds the tag information of the E2E header. Rewrite the value from "EE" to "EP".
  • the size of the certificate can be further reduced compared to the case where all the additional information is stored in the certificate (E2E header) in advance. can.
  • step S235 the decryption unit 74 decrypts the encrypted data EncryptedData2 based on the signature key identifier eID and data identifier dID included in the E2E header of the transmission data, and the decryption key dataKey.
  • the decryption unit 74 obtains the initial vector iv by calculating the above equation (12) based on the signature key identifier eID and the data identifier dID.
  • the decryption unit 74 calculates the following equation (25) based on the initial vector iv, the decryption key dataKey, and the encrypted data EncryptedData2.
  • EncryptedData2 is decrypted based on the decryption function AES256_CTR_dec(), and as a result, decrypted data, that is, second data is obtained.
  • step S236 the control unit 72 replaces the encrypted data EncryptedData2 in the received transmission data with the second data (Data2) obtained in step S235.
  • the transmission data indicated by arrow Q22 is newly generated by the control unit 72 from the transmission data indicated by arrow Q21 in FIG. 3, for example. Transmission data including such decoded data is transmitted to the cloud server 24-2 at an arbitrary timing.
  • the cloud server 24 decrypts the encrypted data EncryptedData2 of the second data, rewrites a part of the received transmission data, and generates new transmission data including the decrypted data. By doing so, the common signature can be verified on the cloud server 24-2 as well, and the decrypted data can be used.
  • the authenticity of the encrypted data of the second data can be verified and the encrypted data can be decrypted by the data usage process described with reference to FIG. Furthermore, since the cloud server 24 verifies the authenticity of the encrypted data and the signature by verifying the common signature immediately before decrypting the encrypted data, there is no need to verify the authenticity of the decrypted data.
  • the series of processes described above can be executed by hardware or software.
  • the programs that make up the software are installed on the computer.
  • the computer includes a computer built into dedicated hardware and, for example, a general-purpose personal computer that can execute various functions by installing various programs.
  • FIG. 16 is a block diagram showing an example of the hardware configuration of a computer that executes the above-described series of processes using a program.
  • a CPU Central Processing Unit
  • ROM Read Only Memory
  • RAM Random Access Memory
  • An input/output interface 505 is further connected to the bus 504.
  • An input section 506 , an output section 507 , a recording section 508 , a communication section 509 , and a drive 510 are connected to the input/output interface 505 .
  • the input unit 506 includes a keyboard, a mouse, a microphone, an image sensor, and the like.
  • the output unit 507 includes a display, a speaker, and the like.
  • the recording unit 508 includes a hard disk, nonvolatile memory, and the like.
  • the communication unit 509 includes a network interface and the like.
  • the drive 510 drives a removable recording medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory.
  • the CPU 501 executes the above-described series by, for example, loading a program recorded in the recording unit 508 into the RAM 503 via the input/output interface 505 and the bus 504 and executing it. processing is performed.
  • a program executed by the computer (CPU 501) can be provided by being recorded on a removable recording medium 511 such as a package medium, for example. Additionally, programs may be provided via wired or wireless transmission media, such as local area networks, the Internet, and digital satellite broadcasts.
  • the program can be installed in the recording unit 508 via the input/output interface 505 by loading the removable recording medium 511 into the drive 510. Further, the program can be received by the communication unit 509 via a wired or wireless transmission medium and installed in the recording unit 508. Other programs can be installed in the ROM 502 or the recording unit 508 in advance.
  • the program executed by the computer may be a program in which processing is performed chronologically in accordance with the order described in this specification, in parallel, or at necessary timing such as when a call is made. It may also be a program that performs processing.
  • embodiments of the present technology are not limited to the embodiments described above, and various changes can be made without departing from the gist of the present technology.
  • the present technology can take a cloud computing configuration in which one function is shared and jointly processed by multiple devices via a network.
  • each step described in the above flowchart can be executed by one device or can be shared and executed by multiple devices.
  • one step includes multiple processes
  • the multiple processes included in that one step can be executed by one device or can be shared and executed by multiple devices.
  • the present technology can also have the following configuration.
  • a device that generates transmission data including encrypted data obtained by encrypting predetermined data, a license server that manages a public key of a public key cryptosystem of the device, and a server that uses the encrypted data.
  • An information processing system The device includes: a signature generation unit that generates additional information based on the data and generates a common signature for the data and the encrypted data based on the additional information, the encrypted data, and a private key corresponding to the public key; a control unit that generates the transmission data that includes a key identifier that identifies the public key, the common signature, and a certificate that includes the additional information; and the encrypted data; a first communication unit that transmits the transmission data;
  • the license server is a recording unit that records the public key in association with the key identifier; a second communication unit that receives a request including the key identifier transmitted from the server, and transmits a response including the public key to the server in response to the request;
  • the server is a third device that receives the transmission data, transmits
  • the recording unit of the license server records the public key and traceability information of the data in association with the key identifier
  • the second communication unit of the license server transmits the response including the public key and the traceability information to the server in response to the request
  • the information processing system according to (1) wherein the third communication unit of the server receives the response including the public key and the traceability information from the license server.
  • the information processing system according to (1) or (2) wherein the private key is generated based on traceability information.
  • Additional information is generated based on predetermined data, and based on the additional information, encrypted data obtained by encrypting the data, and the private key of the public key cryptosystem, common information between the data and the encrypted data is generated.
  • a signature generation unit that generates a signature
  • An information processing device comprising: a control unit that generates transmission data that includes a certificate that includes the common signature and the additional information; and the encrypted data.
  • the private key is generated based on traceability information of the data.
  • the signature generation unit generates the additional information based on the data and an encryption key of a common key cryptosystem used to encrypt the data.
  • the signature generation unit performs a process of truncating a part of the hash value obtained based on the data or the encrypted data when generating the common signature.
  • the signature generation unit is the additional information, the encrypted data, and the private key;
  • the information processing device Additional information is generated based on predetermined data, and based on the additional information, encrypted data obtained by encrypting the data, and the private key of the public key cryptosystem, common information between the data and the encrypted data is generated.
  • An information processing method comprising: generating transmission data including a certificate including the common signature and the additional information, and the encrypted data.
  • Predetermined data Endetermined data, encrypted data obtained by encrypting the data, a common signature of the data and the encrypted data generated based on a private key of a public key cryptosystem, and the data or the encrypted data.
  • a communication unit that includes a certificate including additional information generated based on the data, and receives transmission data including the data or the encrypted data;
  • An information processing device comprising: a verification unit that verifies the common signature based on the data or the encrypted data, the additional information, and a public key corresponding to the private key.
  • the certificate includes a key identifier that identifies the public key,
  • the communication unit sends a request including the key identifier to a license server, and receives a response including the public key that is sent from the license server in response to sending the request.
  • the information processing device further comprising a decryption unit that decrypts the encrypted data based on an encryption key of a common key cryptosystem used to encrypt the data.
  • the method further includes a control unit that generates new additional information generated based on the encrypted data, a certificate including the common signature, and new transmission data including the data obtained by the decryption.
  • the certificate includes a key identifier that identifies the public key, The communication unit sends a request including the key identifier to the license server, and receives a response including the public key and the encryption key, which is sent from the license server in response to the request. (16) ).
  • the transmitted data includes the certificate and the data
  • the certificate includes the additional information generated based on the encrypted data
  • the information processing device according to (10), wherein the verification unit verifies the common signature based on the data, the additional information, and the public key.
  • the information processing device Predetermined data, encrypted data obtained by encrypting the data, a common signature of the data and the encrypted data generated based on a private key of a public key cryptosystem, and the data or the encrypted data.
  • receiving transmission data including a certificate including additional information generated based on the data or the encrypted data; An information processing method, wherein the common signature is verified based on the data or the encrypted data, the additional information, and a public key corresponding to the private key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente technologie concerne un dispositif et un procédé de traitement d'informations et un système de traitement d'informations qui permettent respectivement de réduire la taille d'un certificat tout en garantissant la sécurité. Ce dispositif de traitement d'informations comprend : une unité de génération de signature qui génère des informations supplémentaires sur la base de données prescrites et, sur la base des informations supplémentaires, des données chiffrées qui sont obtenues par chiffrement de données, et une clé privée d'un procédé de chiffrement à clé publique, qui génère une signature commune pour les données et les données chiffrées ; et une unité de commande qui génère des données de transmission qui comprennent les données chiffrées et un certificat comprenant la signature commune et les informations supplémentaires. La présente technologie peut être appliquée à un système de traitement d'informations.
PCT/JP2023/008456 2022-03-25 2023-03-07 Dispositif et procédé de traitement d'informations, et système de traitement d'informations WO2023181900A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2022-049749 2022-03-25
JP2022049749 2022-03-25

Publications (1)

Publication Number Publication Date
WO2023181900A1 true WO2023181900A1 (fr) 2023-09-28

Family

ID=88100722

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2023/008456 WO2023181900A1 (fr) 2022-03-25 2023-03-07 Dispositif et procédé de traitement d'informations, et système de traitement d'informations

Country Status (1)

Country Link
WO (1) WO2023181900A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11331145A (ja) * 1998-05-18 1999-11-30 Mitsubishi Materials Corp 情報共有システム、情報保管装置およびそれらの情報処理方法、並びに記録媒体
JP2002116769A (ja) * 2000-10-06 2002-04-19 Matsushita Electric Ind Co Ltd 音楽配信装置及び音楽再生装置
JP2007199928A (ja) * 2006-01-25 2007-08-09 Fuji Xerox Co Ltd データ通信監視プログラム、システム及び方法
JP2014204444A (ja) * 2013-04-09 2014-10-27 ローベルト ボッシュ ゲゼルシャフト ミット ベシュレンクテル ハフツング センサへの操作及び/又はセンサのセンサデータへの操作を検出するための方法及び装置
WO2020192996A1 (fr) * 2019-03-27 2020-10-01 Mtg Ag Certificat numérique et procédé de fourniture sécurisée d'une clé publique

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11331145A (ja) * 1998-05-18 1999-11-30 Mitsubishi Materials Corp 情報共有システム、情報保管装置およびそれらの情報処理方法、並びに記録媒体
JP2002116769A (ja) * 2000-10-06 2002-04-19 Matsushita Electric Ind Co Ltd 音楽配信装置及び音楽再生装置
JP2007199928A (ja) * 2006-01-25 2007-08-09 Fuji Xerox Co Ltd データ通信監視プログラム、システム及び方法
JP2014204444A (ja) * 2013-04-09 2014-10-27 ローベルト ボッシュ ゲゼルシャフト ミット ベシュレンクテル ハフツング センサへの操作及び/又はセンサのセンサデータへの操作を検出するための方法及び装置
WO2020192996A1 (fr) * 2019-03-27 2020-10-01 Mtg Ag Certificat numérique et procédé de fourniture sécurisée d'une clé publique

Similar Documents

Publication Publication Date Title
RU2718689C2 (ru) Управление конфиденциальной связью
US7797544B2 (en) Attesting to establish trust between computer entities
US8799981B2 (en) Privacy protection system
US9847880B2 (en) Techniques for ensuring authentication and integrity of communications
US6678821B1 (en) Method and system for restricting access to the private key of a user in a public key infrastructure
WO2017045552A1 (fr) Procédé et dispositif pour charger un certificat numérique dans une communication de couche de prise sécurisée (ssl) ou de sécurité de couche de transport (tls)
CA2663241C (fr) Systeme, dispositif, procede et programme pour authentifier un partenaire de communication au moyen d'un certificat electronique incluant des informations personnelles
US8719575B2 (en) Method of secure broadcasting of digital data to an authorized third party
US9137017B2 (en) Key recovery mechanism
US20020038420A1 (en) Method for efficient public key based certification for mobile and desktop environments
AU2016287732A1 (en) Mutual authentication of confidential communication
JP2004304304A (ja) 電子署名生成方法,電子署名検証方法,電子署名生成依頼プログラム,及び電子署名検証依頼プログラム
US9094207B2 (en) Terminal for strong authentication of a user
JP2010514000A (ja) 電子装置にプログラム状態データをセキュアに記憶するための方法
US20220116230A1 (en) Method for securely providing a personalized electronic identity on a terminal
CN114244508B (zh) 数据加密方法、装置、设备及存储介质
US20210392004A1 (en) Apparatus and method for authenticating device based on certificate using physical unclonable function
TWI773161B (zh) 數位簽章私鑰驗證方法
CN111740995B (zh) 一种授权认证方法及相关装置
Wang Public key cryptography standards: PKCS
JP2008506293A (ja) デジタル認証機能を提供する方法
WO2023181900A1 (fr) Dispositif et procédé de traitement d'informations, et système de traitement d'informations
KR101933090B1 (ko) 전자 서명 제공 방법 및 그 서버
US8307098B1 (en) System, method, and program for managing a user key used to sign a message for a data processing system
US20220272087A1 (en) Owner identity confirmation system and owner identity confirmation method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23774499

Country of ref document: EP

Kind code of ref document: A1