WO2023238172A1 - Key issuing system, key issuing method, and program - Google Patents

Key issuing system, key issuing method, and program Download PDF

Info

Publication number
WO2023238172A1
WO2023238172A1 PCT/JP2022/022725 JP2022022725W WO2023238172A1 WO 2023238172 A1 WO2023238172 A1 WO 2023238172A1 JP 2022022725 W JP2022022725 W JP 2022022725W WO 2023238172 A1 WO2023238172 A1 WO 2023238172A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
communication
private key
master
unit
Prior art date
Application number
PCT/JP2022/022725
Other languages
French (fr)
Japanese (ja)
Inventor
史堯 工藤
彰 永井
悠介 飯島
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2022/022725 priority Critical patent/WO2023238172A1/en
Publication of WO2023238172A1 publication Critical patent/WO2023238172A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • This disclosure relates to key issuance technology.
  • IoT Internet of Things
  • IoT devices IoT devices
  • authentication technology for confirming whether or not each other is the correct device at the time of communication is becoming important for IoT devices as well.
  • an IoT gateway device that aggregates a large number of IoT devices may be used.
  • IoT-GW IoT gateway device
  • a narrowband network such as LPWA (Low Power Wide Area) is used between the IoT device and the IoT gateway device
  • a mobile network for example, is used between the IoT gateway device and the server device.
  • a configuration that utilizes a broadband network such as is often adopted.
  • ID-based cryptography requires a key issuing authority because it issues a secret key corresponding to the ID of each entity such as an IoT device.
  • ID-based encryption key issuing authority issues private keys for all entities, it is possible to decrypt ciphertext addressed to any recipient.
  • ID-based encryption is used only in a local network under an IoT gateway device, there are cases in which it is desirable for the key issuing authority to be located in the local network from the viewpoint of load distribution, availability, and latency.
  • the present disclosure provides a technology that safely realizes key issuance in devices participating in a local network by installing a key issuing authority function in an IoT device equipped with a secure environment. It is in.
  • a key issuing system includes a communication gateway that includes a communication unit capable of communicating through a first line and a second line that uses a narrower band than the first line; at least one communication device capable of communicating with the communication gateway using the second line, the communication gateway having a security section for a secure environment, and the security section comprising: A master key generation unit that generates a master public key using the selected master private key, the master public key generated by the master key generation unit, and the identifier of the communication device that the communication unit receives as input. a user private key generation unit that generates a user private key using the user private key generation unit; and a key distribution unit that transmits the user private key generated by the user private key generation unit to the communication device having the identifier received by the communication unit.
  • a key issuing system includes a communication gateway including a communication unit capable of communicating through a first line and a second line that uses a narrower band than the first line; at least one communication device that can communicate using the second line, and k-1 (k is an integer of 2 or more) first devices, ..., (k-1) devices that can communicate using the second line.
  • the second security unit includes a communication device capable of communicating with the master public key and the first private key and the n+1th device of the intermediate key issuing device or the nth device of the intermediate key issuing device.
  • a communication device capable of communicating with the master public key and the first private key and the n+1th device of the intermediate key issuing device or the nth device of the intermediate key issuing device.
  • an n+1 private key generation unit that generates an n+1 private key using an n+1 identifier acquired from one of the devices; and an n+1 private key generator that generates the n+1 private key using an and a key distribution unit that transmits the key to the communication device that can communicate with the n-th device of the issuing device.
  • secure key issuance can be achieved in devices participating in a local network.
  • FIG. 1 is a diagram showing an example of a functional configuration of a key issuing system according to a first embodiment of the present disclosure.
  • FIG. 2 is a diagram showing an example of the functional configuration of the multifunctional communication gateway 10 and the communication device 20.
  • FIG. 3 is a sequence diagram showing an example of processing of the key issuing system 1.
  • FIG. 4 is a diagram showing a functional configuration example of a modified example of the key issuing system according to the first embodiment of the present disclosure.
  • FIG. 5 is a diagram showing an example of the functional configuration of a key issuing system according to the second embodiment of the present disclosure.
  • FIG. 6 is a diagram showing an example of the functional configuration of the multifunctional communication gateway 10B, the intermediate key issuing device 35n , and the communication device 20.
  • FIG. 7 is a sequence diagram showing an example of processing of the key issuing system 1B.
  • FIG. 8 is a diagram showing a functional configuration example of a modified example of the key issuing system according to the second embodiment of the present disclosure.
  • FIG. 9 shows a functional configuration example of another modification of the key issuing system according to the second embodiment of the present disclosure, which includes a multifunctional communication gateway 10C, an intermediate key issuing device 35Cn , and a communication device 20.
  • FIG. FIG. 10 is a sequence diagram showing an example of processing in another modification of the key issuing system according to the second embodiment.
  • FIG. 11 is a diagram illustrating the functional configuration of a computer.
  • ID A Identifier of the communication device 20A ID B : Identifier of the communication device 20B D
  • A User secret key of the communication device 20A D
  • B User secret key of the communication device 20B
  • k Security parameter p
  • G 1 E 1 is the elliptic curve on the finite field F p , and a subgroup of the group E (F p ) on the elliptic curve E 1.
  • G 2 E 2 is the elliptic curve on the k-th extension field of the finite field F p .
  • a key issuing system 1 As shown in FIG. 1, a key issuing system 1 according to a first embodiment of the present disclosure includes a server X, a multifunctional communication gateway 10, and a plurality of communication devices 20 (20A, 20B,). .
  • the server X and the multifunctional communication gateway 10 are communicably connected via a communication network N1 (first line) such as a mobile network, for example.
  • a communication network N1 (first line) such as a mobile network, for example.
  • Server X may be configured with an edge device.
  • the server X and the communication network N1 do not have to be essential components of the key issuing system 1. That is, the server X and the communication network N1 may constitute the key issuing system 1 without being included in the key issuing system 1.
  • the multifunctional communication gateway 10 and each communication device 20 are communicably connected via a communication network N2 (second line), such as LPWA, which uses a narrower band than the communication network N1.
  • the multifunctional communication gateway 10 and each communication device 20 constitute a local network.
  • the multifunctional communication gateway 10 is a device that includes a computer or computer system that functions as a KGC (Key Generation Center) in a device that functions as a communication gateway.
  • the multifunctional communication gateway 10 generates a master public key in advance using a master private key, and then makes the master public key public.
  • the multifunctional communication gateway 10 receives an identifier of a communication device 20 as a key issuance request to be described later, it generates a user secret key from this identifier and sends the user secret to the communication device 20 corresponding to the identifier. Distribute (send) the key.
  • the multifunctional communication gateway 10 in this embodiment includes a communication section 101 that communicates with external devices, and a first security section 102 that is connected to the communication section 101.
  • the communication unit 101 communicates with an external device such as the server X via the communication network N1.
  • the communication unit 101 performs various types of communication with the communication device 20 via the communication network N2.
  • the first security unit 102 includes a master key generation unit 1021, a user private key generation unit 1022, a key distribution unit 1023, and a storage unit 1024 that stores various data (for example, various data such as a master public key and a master private key). .
  • the first security unit 102 has a secure environment function.
  • the first security unit 102 may include a secure component such as a TEE (Trusted Execution Environment) in addition to a secure element such as an eSIM (An Embedded SIM).
  • TEE Trusted Execution Environment
  • eSIM An Embedded SIM
  • the communication device 20 uses the user private key distributed from the multifunctional communication gateway 10 to perform encrypted communication using ID-based encryption and authentication (i.e., confirm validity) with other communication devices 20. .
  • any identifier can be used as the identifier of the communication device 20 used in this embodiment.
  • the identifier include the manufacturing unique number, IP (Internet Protocol) address, physical address, user ID of the user of the communication device 20, name of the user of the communication device 20, email address of the user of the communication device 20, etc. can be mentioned.
  • An example of the communication device 20 is an IoT device. Examples include various sensor devices, embedded equipment, wearable devices, digital home appliances, surveillance cameras, lighting equipment, medical equipment, industrial equipment, etc.
  • the computing resources of the communication device 20 are often limited. For example, many have poor processor performance and memory capacity compared to general computers.
  • the communication device 20 in the present disclosure may be a device that does not fall under the category of IoT devices, such as a PC (personal computer), a server device, a smartphone, or a tablet terminal.
  • the communication device 20 in this embodiment includes a communication unit 201 and a storage unit 202 that stores various data (for example, a user secret key, etc.).
  • various data for example, a user secret key, etc.
  • the communication unit 201 performs various communications with other communication devices 20, the multifunctional communication gateway 10, and the like.
  • the processing method of the key issuing system is realized by the multifunctional communication gateway 10 equipped with the first security unit 102 having a secure environment function performing the processing shown in FIG. 3.
  • two communication devices 20, a communication device 20A and a communication device 20B request the multifunction communication gateway 10 to issue a key, and the multifunction communication gateway 10 issues a user private key D A and a user private key D B.
  • the process will be explained using the case of issuing a .
  • the master key generation unit 1021 generates a master public key and a master private key. That is, the master key generation unit 1021 selects the master private key z, calculates the master public key Z, and stores it in the storage unit 1024 (step S1021). Note that the master public key Z may be configured to be made public to each communication device 20 during generation.
  • the communication unit 101 receives an identifier as input from the communication device 20 as a key issuance request for a user private key (hereinafter also simply referred to as a “key issuance request”). That is, the communication unit 101 receives as input the identifier ID A of the communication device 20A and the identifier ID B of the communication device 20B at an arbitrary timing (step S101).
  • the identifier of the communication device 20 may be configured to be transmitted by the communication device 20 itself having the identifier, or may be configured to be transmitted by the communication device 20 itself having the identifier, or by other devices connected to the multifunctional communication gateway 10 via the communication network N1 or the communication network N2.
  • the configuration may be such that the terminal or the like transmits the information. If the multifunctional communication gateway 10 has an input device, it may be configured so that the identifier of the communication device 20 can be input from the input device.
  • the user private key generation unit 1022 When receiving the identifier of the communication device 20, the user private key generation unit 1022 generates a user private key from this identifier. That is, the user private key generation unit 1022 generates user private keys D A and D B according to the following formula (step S1022).
  • iA and iB may be configured to be generated by the communication device 20, or may be configured to be generated by the multifunctional communication gateway 10.
  • the communication device 20 when generating the user secret key DA , the communication device 20 may generate iA and disclose it to the multifunction communication gateway 10, or the multifunction communication gateway 10 may be configured to generate iA . You may do so.
  • the communication device 20 when generating the user secret key DB , the communication device 20 may generate iB and disclose it to the multifunction communication gateway 10, or the multifunction communication gateway 10 may generate iB . It may be configured as follows.
  • the generation of iA and iB may be configured such that the communication device 20A generates iA and the communication device 20B generates iB . However, if predetermined conditions are met, such as when the calculation resources of the communication device 20 are limited and a large number of calculation resources are required to calculate H1 , the multifunctional communication gateway 10 It may be configured to generate one or both of B.
  • the key distribution unit 1023 distributes (transmits) the user private key to the communication device 20 corresponding to the identifier. That is, the key distribution unit 1023 distributes the user private key DA to the communication device 20A, and also distributes the user private key DB to the communication device 20B (step S1023).
  • the key distribution unit 1023 may be configured to send the generated user private key to the corresponding communication device 20 using the generation of the user private key as a trigger. Further, the key distribution unit 1023 may be configured to distribute the user private key from the communication unit 101 to the communication device 20 in response to a request for distribution of the user private key from the communication device 20.
  • the initial key written at the time of device shipment, or the key exchanged based on the initial key is used as the encryption key (
  • the distribution encryption keys are shared in advance by some means, such as using them as “distribution encryption keys” (hereinafter collectively referred to as “distribution encryption keys"), and the distribution encryption keys stored in the storage unit are utilized.
  • the user private key may be encrypted and distributed. Alternatively, the user private key may be recorded on a recording medium or the like and then distributed to the communication device 20.
  • the communication device 20 can obtain a user secret key to be used when performing authenticated key exchange with another communication device 20. That is, by using the key issuing system 1 according to this embodiment, it is possible to realize secure key issuing in devices participating in a local network.
  • the first embodiment of the present disclosure may be configured like the key issuing system 1A shown in FIG. 4. That is, the key issuing device 30 may be configured to include a key issuing device 30 that is equipped with a communication unit capable of communicating with the communication network N2 and has a key issuing authority function equivalent to that of the multifunctional communication gateway 10. In this case, the multifunctional communication gateway 10 may be configured as a communication gateway 10A that does not include the function of a key issuing authority.
  • the second embodiment of the present disclosure has a configuration in which a key issuing authority function and an intermediate key issuing authority function compatible with a hierarchical ID-based encryption system are placed in a secure environment within each device.
  • the intermediate key issuing device 35 n is configured to be able to communicate via the communication network N2 like the communication device 20.
  • the intermediate key issuing device 35n may be configured with a plurality of layers so as to support the hierarchical ID encryption method. Note that for convenience of explanation, “intermediate key issuing device 35 n " may be referred to as “intermediate key issuing device 35.”
  • the multifunctional communication gateway 10B of FIG. 6 differs from the multifunctional communication gateway 10 according to the first embodiment shown in FIG. 1021-1 has been newly added, and the user secret key generation section 1022 has been changed to a first secret key generation section 1022B. Along with these changes, the name of the first security section 102 has been changed to the first security section 102B.
  • the first security unit 102B like the first security unit 102, has a secure environment (first secure environment) function. Furthermore, since the processing contents are different, the name of communication section 101 has been changed to communication section 101B.
  • the newly added intermediate key issuing device 35n includes a communication section 351 and a second security section 352 connected to the communication section 351.
  • the second security unit 352 includes an n+1 private key generation unit 3521, a key distribution unit 3522, and a storage unit 3523.
  • the second security unit 352 has a secure environment (second secure environment) function similarly to the first security unit 102B.
  • the key issuing authority placed in the secure environment may be configured to be implemented in all devices in a hierarchical structure. , it may be configured to be implemented only in a part of it. An example of partially implementing it is, for example, implementing it only in the terminal intermediate key issuing device among the intermediate key issuing devices 35n .
  • Key issuing method for key issuing system 1B The processing method of the key issuing system 1B according to this embodiment is realized by the multifunctional communication gateway 10B and the intermediate key issuing device 35n , each of which has a secure environment function, performing the processing shown in FIG.
  • the n+1 identifier id (n+1) is obtained from the ID (n+1).
  • the n+1 private key generation unit 3521 obtains the n+1 identifier, the Performs parsing process.
  • the n+1th private key generation unit 3521 generates the n+1th private key using the master public key, the nth private key, and the n+1 identifier. That is, the (n+1)th private key generation unit 3521 generates sk'[b.
  • the second embodiment of the present disclosure may be configured like the key issuing system 1C shown in FIG. 8.
  • the key issuing authority function that the multifunctional communication gateway 10B had is provided so that it can communicate on the communication network N1 as a key issuing device 30 having that function.
  • the multifunctional communication gateway 10B has been changed to a communication gateway 10C that does not have an intermediate key issuing authority function.
  • the intermediate key issuing device 35 corresponds to a lower layer of the key issuing device 30.
  • the second embodiment described above may have a configuration as shown in FIG.
  • the configuration shown in FIG. 9 differs from the configuration shown in FIG. 6 in that the multifunctional communication gateway 10B is changed to a communication gateway 10C, and the intermediate key issuing device 35 n is changed to an intermediate key issuing device 35 C n . This is something that has changed.
  • a device authentication section 1025 is newly provided in the first security section, and the name has been changed from the first security section 102B to the first security section 102C.
  • a device authentication section 3524 is provided in the second security section, and the name has been changed from the second security section 352 to the second security section 352C.
  • the multifunctional communication gateway 10C stores in advance a list of information on one or more terminals (devices) capable of issuing keys in the storage unit 1024, for example, as data in a table format.
  • the device information of the intermediate key issuing device 35C n is also received along with the identifier.
  • the device authentication unit 1025 performs an authentication check to determine whether the device information of the intermediate key issuing device 35Cn that has requested the key issuance request exists in the list of key issuing terminals stored in the storage unit 1024. If there is a match, it is determined to be "permitted”, and if there is no match, it is determined to be "not permitted” (step S1025).
  • the device authentication unit 3524 authenticates whether the device information of the (n+1)th device of the intermediate key issuing device that has requested the key issuance request exists in the list of key issuing terminals stored in the storage unit 3523. If there is a match, it is determined to be "permitted”, and if there is no match, it is determined to be "not permitted” (step S3524).
  • step S3524 if "permission" is determined, the (n+1)th private key generation unit 3521 performs the process of generating the (n+1)th private key. At this time, a key is generated using a predetermined flag so that permission can be identified (step S3521C).
  • the device authentication unit 3524 may be configured to be installed in all intermediate key issuing devices 35Cn . If device authentication is not required, the key issuing system may be constructed using intermediate key issuing apparatuses that do not include the device authentication section 3524 as part or all of the intermediate key issuing apparatuses.
  • various forms of the program can be considered, but for example, in addition to programs for devices that can control the entire key issuing system, various types of devices shown in this disclosure (for example, multifunctional communication gateways 1, 1B, Examples include a program used by the intermediate key issuing device 35 n , the communication device 20, the key issuing device 30, and modifications thereof), or a program that collectively executes the processes of two or more devices.
  • various types of devices shown in this disclosure for example, multifunctional communication gateways 1, 1B, Examples include a program used by the intermediate key issuing device 35 n , the communication device 20, the key issuing device 30, and modifications thereof), or a program that collectively executes the processes of two or more devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A key issuing system 1 comprises: a multifunctional communication gateway 10 including a communication unit 101 capable of performing communication via a communication network N1 and a communication network N2 that uses a bandwidth narrower than that of the communication network N1; and at least one communication device 20 capable of performing communication via the communication network N2. The multifunctional communication gateway 10 comprises a first security unit 102 in a secure environment. The first security unit 102 comprises a master key generation unit 1021 that generates a master public key, a user secret key generation unit 1022 that generates a user secret key by using the master public key and an identifier of the communication device 20, and a key distribution unit 1023 that transmits the user secret key to the communication device 20 having the received identifier.

Description

鍵発行システム、鍵発行方法、およびプログラムKey issuing system, key issuing method, and program
 本開示は、鍵発行技術に関する。 This disclosure relates to key issuance technology.
 IoT(Internet of Things)機器の普及に伴い、IoT機器(IoTデバイス)においても重要性の高い通信が行われるようになってきている。そのため、IoT機器においても通信時に互いが正しい機器か否かを確認する認証技術が重要になってきている。 With the spread of IoT (Internet of Things) equipment, highly important communications are also being performed in IoT equipment (IoT devices). Therefore, authentication technology for confirming whether or not each other is the correct device at the time of communication is becoming important for IoT devices as well.
 多数の機器(以下、「デバイス」ともいう。)を利用するIoTの技術では、多数のIoT機器を集約するIoTゲートウェイ装置(IoT-GW)を利用することがある。この場合、IoT機器とIoTゲートウェイ装置との間は、価格の面から例えばLPWA(Low Power Wide Area)などの狭帯域なネットワークを利用し、IoTゲートウェイ装置とサーバ装置との間は、例えばモバイルネットワーク等の広帯域なネットワークを利用する構成を採用されることが多い。 In IoT technology that uses a large number of devices (hereinafter also referred to as "devices"), an IoT gateway device (IoT-GW) that aggregates a large number of IoT devices may be used. In this case, from a cost perspective, a narrowband network such as LPWA (Low Power Wide Area) is used between the IoT device and the IoT gateway device, and a mobile network, for example, is used between the IoT gateway device and the server device. A configuration that utilizes a broadband network such as is often adopted.
 LPWAのような狭帯域を利用するネットワークにおいては、IDベース暗号を活用した通信量の少ない相互認証方式を用いることが期待されている。IDベース暗号の利用には、IoT機器等の各エンティティのIDに対応する秘密鍵を発行することから鍵発行局が必要となる。しかし、IDベース暗号の鍵発行局は、全てのエンティティの秘密鍵を発行するため、任意の受信者宛ての暗号文を復号する事ができてしまう。鍵発行局自体の信頼性はもちろんのこと、秘密鍵生成に用いるマスタ鍵やパラメータが漏洩しないように厳重な対策を施す必要がある。以上の背景から、これまで鍵発行局は、物理的なセキュリティを含む十分な対策を施すことが可能なサーバでの運用が想定されてきた。 In networks that use narrow bands such as LPWA, it is expected to use a mutual authentication method that utilizes ID-based encryption and requires less communication. The use of ID-based cryptography requires a key issuing authority because it issues a secret key corresponding to the ID of each entity such as an IoT device. However, since the ID-based encryption key issuing authority issues private keys for all entities, it is possible to decrypt ciphertext addressed to any recipient. In addition to ensuring the reliability of the key issuing authority itself, it is necessary to take strict measures to prevent leakage of the master key and parameters used to generate private keys. Based on the above background, it has been assumed that the key issuing authority is operated by a server that can take sufficient measures including physical security.
 しかし、IoTゲートウェイ装置配下のローカルネットワークのみでIDベース暗号を利用する場合は、負荷分散や可用性、レイテンシの観点から、鍵発行局がローカルネットワークに配置されていることが望ましいケースも存在する。 However, when ID-based encryption is used only in a local network under an IoT gateway device, there are cases in which it is desirable for the key issuing authority to be located in the local network from the viewpoint of load distribution, availability, and latency.
 従来技術では、サーバで鍵発行局を運用することが前提とされているため、IoTのローカルネットワークに参加するIoT機器上でセキュアに(通信の安全性を確保するために)鍵発行局を構築する方法が存在しないという問題があった。 Conventional technology assumes that the key issuing authority is operated by the server, so the key issuing authority is constructed securely (to ensure communication security) on the IoT devices participating in the local IoT network. The problem was that there was no way to do that.
 本開示は、上記課題を解決するために、セキュア環境を搭載したIoT機器に鍵発行局の機能を搭載することにより、ローカルネットワークに参加する装置において鍵発行を安全に実現する技術を提供することにある。 In order to solve the above problems, the present disclosure provides a technology that safely realizes key issuance in devices participating in a local network by installing a key issuing authority function in an IoT device equipped with a secure environment. It is in.
 上記課題を解決するために、本開示の一態様の鍵発行システムは、第1回線及び前記第1回線よりも狭帯域を使用する第2回線により通信可能な通信部を備えた通信ゲートウェイと、前記第2回線を用いて前記通信ゲートウェイと通信可能な少なくとも一つの通信装置と、を有した鍵発行システムであって、前記通信ゲートウェイは、セキュア環境のセキュリティ部を有し、前記セキュリティ部は、選択したマスタ秘密鍵を用いてマスタ公開鍵を生成するマスタ鍵生成部と、前記マスタ鍵生成部により生成されたマスタ公開鍵と、前記通信部が入力として受け付けた前記通信装置の識別子とを用いてユーザ秘密鍵を生成するユーザ秘密鍵生成部と、前記ユーザ秘密鍵生成部により生成されたユーザ秘密鍵を前記通信部が受け付けた識別子を有する前記通信装置に送信する鍵配布部と、を有する。 In order to solve the above problems, a key issuing system according to an aspect of the present disclosure includes a communication gateway that includes a communication unit capable of communicating through a first line and a second line that uses a narrower band than the first line; at least one communication device capable of communicating with the communication gateway using the second line, the communication gateway having a security section for a secure environment, and the security section comprising: A master key generation unit that generates a master public key using the selected master private key, the master public key generated by the master key generation unit, and the identifier of the communication device that the communication unit receives as input. a user private key generation unit that generates a user private key using the user private key generation unit; and a key distribution unit that transmits the user private key generated by the user private key generation unit to the communication device having the identifier received by the communication unit. .
 また、本開示の他の態様の鍵発行システムは、第1回線及び前記第1回線よりも狭帯域を使用する第2回線により通信可能な通信部を備えた通信ゲートウェイと、前記第2回線を用いて通信可能な少なくとも一つの通信装置と、前記第2回線を用いて通信可能なk-1個(kは2以上の整数)の第1装置、…、第(k-1)装置よりなる中間鍵発行装置と、を有した階層型IDベース暗号方式に対応する鍵発行システムであって、前記通信ゲートウェイは、第1セキュア環境の第1セキュリティ部を有し、前記第1セキュリティ部は、マスタ公開鍵とマスタ秘密鍵とを生成するマスタ鍵生成部と、前記マスタ秘密鍵を用いてルート秘密鍵を生成するルート秘密鍵生成部と、前記マスタ公開鍵と、前記ルート秘密鍵と、前記通信部が取得した前記中間鍵発行装置の第1装置の第1識別子とを用いて第1秘密鍵を生成する第1秘密鍵生成部と、前記第1秘密鍵を、前記中間鍵発行装置の第1装置に送信する鍵配布部と、を有し、前記中間鍵発行装置の第n(n=1,2,…,k-1)装置は、第2セキュア環境を有した第2セキュリティ部を有し、前記第2セキュリティ部は、前記マスタ公開鍵及び前記第1秘密鍵と、前記中間鍵発行装置の第n+1装置、もしくは前記中間鍵発行装置の第n装置と通信可能な通信装置のいずれかの装置から取得したn+1識別子とを用いて、第n+1秘密鍵を生成する第n+1秘密鍵生成部と、前記第n+1秘密鍵を、前記中間鍵発行装置の第n+1装置、もしくは前記中間鍵発行装置の第n装置と通信可能な前記通信装置に送信する鍵配布部と、を有する。 Further, a key issuing system according to another aspect of the present disclosure includes a communication gateway including a communication unit capable of communicating through a first line and a second line that uses a narrower band than the first line; at least one communication device that can communicate using the second line, and k-1 (k is an integer of 2 or more) first devices, ..., (k-1) devices that can communicate using the second line. A key issuance system compatible with a hierarchical ID-based encryption system, the communication gateway having a first security unit in a first secure environment, the first security unit comprising: an intermediate key issuance device; a master key generation unit that generates a master public key and a master private key; a root private key generation unit that generates a root private key using the master private key; the master public key, the root private key; a first secret key generation unit that generates a first secret key using a first identifier of the first device of the intermediate key issuing device acquired by the communication unit; a key distribution unit that transmits the key to the first device, and the n-th (n=1, 2, ..., k-1) device of the intermediate key issuing device is a second security unit having a second secure environment. and the second security unit includes a communication device capable of communicating with the master public key and the first private key and the n+1th device of the intermediate key issuing device or the nth device of the intermediate key issuing device. an n+1 private key generation unit that generates an n+1 private key using an n+1 identifier acquired from one of the devices; and an n+1 private key generator that generates the n+1 private key using an and a key distribution unit that transmits the key to the communication device that can communicate with the n-th device of the issuing device.
 本開示によれば、ローカルネットワークに参加する装置において安全な鍵発行を実現することができる。 According to the present disclosure, secure key issuance can be achieved in devices participating in a local network.
図1は本開示の第1の実施の形態に係る鍵発行システムの機能構成例を示した図である。FIG. 1 is a diagram showing an example of a functional configuration of a key issuing system according to a first embodiment of the present disclosure. 図2は多機能通信ゲートウェイ10と、通信装置20の機能構成例を示した図である。FIG. 2 is a diagram showing an example of the functional configuration of the multifunctional communication gateway 10 and the communication device 20. 図3は鍵発行システム1の処理の一例を示したシーケンス図である。FIG. 3 is a sequence diagram showing an example of processing of the key issuing system 1. 図4は本開示の第1の実施の形態に係る鍵発行システムの変形例の機能構成例を示した図である。FIG. 4 is a diagram showing a functional configuration example of a modified example of the key issuing system according to the first embodiment of the present disclosure. 図5は本開示の第2の実施の形態に係る鍵発行システムの機能構成例を示した図である。FIG. 5 is a diagram showing an example of the functional configuration of a key issuing system according to the second embodiment of the present disclosure. 図6は多機能通信ゲートウェイ10Bと、中間鍵発行装置35と、通信装置20の機能構成例を示した図である。FIG. 6 is a diagram showing an example of the functional configuration of the multifunctional communication gateway 10B, the intermediate key issuing device 35n , and the communication device 20. 図7は鍵発行システム1Bの処理の一例を示したシーケンス図である。FIG. 7 is a sequence diagram showing an example of processing of the key issuing system 1B. 図8は本開示の第2の実施の形態に係る鍵発行システムの変形例の機能構成例を示した図である。FIG. 8 is a diagram showing a functional configuration example of a modified example of the key issuing system according to the second embodiment of the present disclosure. 図9は本開示の第2の実施の形態に係る鍵発行システムの他の変形例の機能構成例の中で、多機能通信ゲートウェイ10Cと、中間鍵発行装置35Cと、通信装置20とを示した図である。FIG. 9 shows a functional configuration example of another modification of the key issuing system according to the second embodiment of the present disclosure, which includes a multifunctional communication gateway 10C, an intermediate key issuing device 35Cn , and a communication device 20. FIG. 図10は第2の実施の形態に係る鍵発行システムの他の変形例における処理の一例を示したシーケンス図である。FIG. 10 is a sequence diagram showing an example of processing in another modification of the key issuing system according to the second embodiment. 図11はコンピュータの機能構成を例示する図である。FIG. 11 is a diagram illustrating the functional configuration of a computer.
 以下、図を用いて本開示の実施の形態について詳細に説明する。なお、同じ機能を有する構成部には同じ番号を付し、重複説明を省略する。 Hereinafter, embodiments of the present disclosure will be described in detail using figures. Note that components having the same functions are given the same numbers and redundant explanations will be omitted.
<第1の実施の形態>
<<記号の定義>>
 第1の実施の形態で用いる記号を次のように定義する。 <First embodiment>
<<Definition of symbols>>
The symbols used in the first embodiment are defined as follows.
  ID:通信装置20Aの識別子
  ID:通信装置20Bの識別子
  D:通信装置20Aのユーザ秘密鍵
  D:通信装置20Bのユーザ秘密鍵
  k:セキュリティパラメータ
  p,q:p≠qを満たす素数
  G:有限体F上の楕円曲線をEとして、楕円曲線E上の群E(F)の部分群
  G:有限体Fのk次拡大体上の楕円曲線をEとして、楕円曲線E上の群
Figure JPOXMLDOC01-appb-M000001
の部分群
  g1:G1の生成元
  g2:G2の生成元
  Zq:qを法とする剰余類
  z∈Zq:マスタ秘密鍵
  Z=zg1:マスタ公開鍵
  H1:文字列(例えばオクテット列)からZq上の元を生成する関数
  H2:文字列からZq上の元を生成する関数
  H3:文字列からZq上の元を生成する関数
  H:鍵導出関数
  K:共有鍵
  e:G1×G2上で定義されたペアリング演算
  上記で定義した各記号のうち、マスタ秘密鍵z、ユーザ秘密鍵D及びD以外は公開情報であるものとする。なお、GとGとは逆であってもよい。また、群の元やZの元を関数に入力する場合には、当該元を表す文字列を関数に入力するものとする。 ID A : Identifier of the communication device 20A ID B : Identifier of the communication device 20B D A : User secret key of the communication device 20A D B : User secret key of the communication device 20B k: Security parameter p, q: Prime number satisfying p≠q G 1 : E 1 is the elliptic curve on the finite field F p , and a subgroup of the group E (F p ) on the elliptic curve E 1. G 2 : E 2 is the elliptic curve on the k-th extension field of the finite field F p . As, the group on the elliptic curve E 2
Figure JPOXMLDOC01-appb-M000001
Subgroup g1: Generator of G1 g2: Generator of G2 Zq: Coset modulo q z∈ZZq: Master private key Z=zg1: Master public key H1: From string (for example, octet string) to Zq H2: Function that generates an element on Zq from a string H3: Function that generates an element on Zq from a string H: Key derivation function K: Shared key e: Defined on G1×G2 Pairing operation Among the symbols defined above, it is assumed that the symbols other than the master secret key z, user secret keys DA and DB are public information. Note that G 1 and G 2 may be reversed. Furthermore, when inputting an element of a group or an element of Zq to a function, a character string representing the element is input to the function.
[鍵発行システム]
 本開示の第1の実施の形態に係る鍵発行システム1は、図1に示すように、サーバXと、多機能通信ゲートウェイ10と、複数の通信装置20(20A,20B,…)とを有する。 [Key issuing system]
As shown in FIG. 1, a key issuing system 1 according to a first embodiment of the present disclosure includes a server X, a multifunctional communication gateway 10, and a plurality of communication devices 20 (20A, 20B,...). .
 サーバXと多機能通信ゲートウェイ10とは、例えば、モバイルネットワークなどの通信ネットワークN1(第1回線)を介して通信可能に接続されている。サーバXはエッジデバイスで構成しても良い。サーバXと通信ネットワークN1とは、鍵発行システム1の必須の構成でなくても良い。即ち、サーバXと通信ネットワークN1は、鍵発行システム1に含めずに鍵発行システム1を構成しても良い。 The server X and the multifunctional communication gateway 10 are communicably connected via a communication network N1 (first line) such as a mobile network, for example. Server X may be configured with an edge device. The server X and the communication network N1 do not have to be essential components of the key issuing system 1. That is, the server X and the communication network N1 may constitute the key issuing system 1 without being included in the key issuing system 1.
 多機能通信ゲートウェイ10と、各通信装置20とは、例えば通信ネットワークN1よりも狭帯域を使用するLPWA等の通信ネットワークN2(第2回線)を介して通信可能に接続されている。多機能通信ゲートウェイ10と、各通信装置20とはローカルネットワークを構成している。 The multifunctional communication gateway 10 and each communication device 20 are communicably connected via a communication network N2 (second line), such as LPWA, which uses a narrower band than the communication network N1. The multifunctional communication gateway 10 and each communication device 20 constitute a local network.
(多機能通信ゲートウェイ10)
 多機能通信ゲートウェイ10は、通信ゲートウェイとして機能するデバイスに、KGC(Key Generation Center)として機能するコンピュータ又はコンピュータシステムを含む装置である。多機能通信ゲートウェイ10は、マスタ秘密鍵を用いてマスタ公開鍵を予め生成した上で、当該マスタ公開鍵を公開する。また、多機能通信ゲートウェイ10は、後述する鍵発行依頼として通信装置20の識別子を受け付けた場合に、この識別子からユーザ秘密鍵を生成した上で、当該識別子に対応する通信装置20に当該ユーザ秘密鍵を配布(送信)する。 (Multifunctional communication gateway 10)
The multifunctional communication gateway 10 is a device that includes a computer or computer system that functions as a KGC (Key Generation Center) in a device that functions as a communication gateway. The multifunctional communication gateway 10 generates a master public key in advance using a master private key, and then makes the master public key public. In addition, when the multifunctional communication gateway 10 receives an identifier of a communication device 20 as a key issuance request to be described later, it generates a user secret key from this identifier and sends the user secret to the communication device 20 corresponding to the identifier. Distribute (send) the key.
 本実施形態における多機能通信ゲートウェイ10は、図2に示すように、外部機器と通信を行う通信部101と、通信部101と接続されている第1セキュリティ部102とを有する。 As shown in FIG. 2, the multifunctional communication gateway 10 in this embodiment includes a communication section 101 that communicates with external devices, and a first security section 102 that is connected to the communication section 101.
 通信部101は、通信ネットワークN1を介して例えばサーバXなどの外部機器と通信する。通信部101は、通信ネットワークN2を介して通信装置20との間で各種の通信を行う。 The communication unit 101 communicates with an external device such as the server X via the communication network N1. The communication unit 101 performs various types of communication with the communication device 20 via the communication network N2.
 第1セキュリティ部102は、マスタ鍵生成部1021、ユーザ秘密鍵生成部1022、鍵配布部1023、各種データ(例えば、マスタ公開鍵やマスタ秘密鍵等の各種データ)を記憶する記憶部1024を有する。 The first security unit 102 includes a master key generation unit 1021, a user private key generation unit 1022, a key distribution unit 1023, and a storage unit 1024 that stores various data (for example, various data such as a master public key and a master private key). .
 第1セキュリティ部102はセキュア環境の機能を有する。第1セキュリティ部102は、例えば、eSIM(An Embedded SIM)等のセキュアエレメントの他、TEE(Trusted Execution Environment)等の、セキュアコンポーネントで構成しても良い。 The first security unit 102 has a secure environment function. The first security unit 102 may include a secure component such as a TEE (Trusted Execution Environment) in addition to a secure element such as an eSIM (An Embedded SIM).
(通信装置20)
 通信装置20は、多機能通信ゲートウェイ10から配布されたユーザ秘密鍵を用いて、他の通信装置20との間でIDベース暗号を用いた暗号通信や認証(即ち、正当性の確認)を行う。 (Communication device 20)
The communication device 20 uses the user private key distributed from the multifunctional communication gateway 10 to perform encrypted communication using ID-based encryption and authentication (i.e., confirm validity) with other communication devices 20. .
 本実施の形態に使用される通信装置20の識別子としては、任意の識別子を用いることが可能である。識別子の例としては、通信装置20の製造固有番号やIP(Internet Protocol)アドレス、物理アドレス、通信装置20のユーザのユーザID、通信装置20のユーザの氏名、通信装置20のユーザのメールアドレス等が挙げられる。 Any identifier can be used as the identifier of the communication device 20 used in this embodiment. Examples of the identifier include the manufacturing unique number, IP (Internet Protocol) address, physical address, user ID of the user of the communication device 20, name of the user of the communication device 20, email address of the user of the communication device 20, etc. can be mentioned.
 通信装置20の一例としては、IoT機器が挙げられる。例えば、各種センサデバイス、組み込み機器、ウェアラブルデバイス、デジタル家電、監視カメラ、照明機器、医療機器、産業用機器等である。通信装置20がIoT機器の場合には、通信装置20の計算リソースが限られていることが多い。例えば、プロセッサの処理性能やメモリの容量が一般的なコンピュータ等と比較して乏しいものが多い。ただし、本開示における通信装置20は、例えば、PC(パーソナルコンピュータ)やサーバ装置、スマートフォン、タブレット端末等のIoT機器の範疇に該当しない機器であっても良い。 An example of the communication device 20 is an IoT device. Examples include various sensor devices, embedded equipment, wearable devices, digital home appliances, surveillance cameras, lighting equipment, medical equipment, industrial equipment, etc. When the communication device 20 is an IoT device, the computing resources of the communication device 20 are often limited. For example, many have poor processor performance and memory capacity compared to general computers. However, the communication device 20 in the present disclosure may be a device that does not fall under the category of IoT devices, such as a PC (personal computer), a server device, a smartphone, or a tablet terminal.
 本実施形態における通信装置20は、図2に示すように、通信部201と、各種データ(例えば、ユーザ秘密鍵等)を記憶する記憶部202とを有する。 As shown in FIG. 2, the communication device 20 in this embodiment includes a communication unit 201 and a storage unit 202 that stores various data (for example, a user secret key, etc.).
 通信部201は、他の通信装置20や多機能通信ゲートウェイ10等との間で各種通信を行う。 The communication unit 201 performs various communications with other communication devices 20, the multifunctional communication gateway 10, and the like.
 以下、複数の通信装置20の各々を区別して表す場合は、例えば、「通信装置20A」、「通信装置20B」等と表すこともある。 Hereinafter, when each of the plurality of communication devices 20 is to be expressed separately, it may be expressed as, for example, "communication device 20A", "communication device 20B", etc.
 [鍵発行方法]
 セキュア環境の機能を有する第1セキュリティ部102を備えた多機能通信ゲートウェイ10が、図3に示す処理を実施することにより、本実施形態に係る鍵発行システムの処理方法が実現される。一例として、通信装置20Aと通信装置20Bの2つの通信装置20が、多機能通信ゲートウェイ10に対して鍵発行依頼を行い、多機能通信ゲートウェイ10が、ユーザ秘密鍵Dとユーザ秘密鍵Dとを発行する場合を用いてその処理を説明する。 [Key issuance method]
The processing method of the key issuing system according to this embodiment is realized by the multifunctional communication gateway 10 equipped with the first security unit 102 having a secure environment function performing the processing shown in FIG. 3. As an example, two communication devices 20, a communication device 20A and a communication device 20B, request the multifunction communication gateway 10 to issue a key, and the multifunction communication gateway 10 issues a user private key D A and a user private key D B. The process will be explained using the case of issuing a .
 マスタ鍵生成部1021は、マスタ公開鍵とマスタ秘密鍵を生成する。即ち、マスタ鍵生成部1021は、マスタ秘密鍵zを選択し、マスタ公開鍵Zを計算して記憶部1024に格納する(ステップS1021)。なお、生成の際、マスタ公開鍵Zは各通信装置20に公開するように構成しても良い。 The master key generation unit 1021 generates a master public key and a master private key. That is, the master key generation unit 1021 selects the master private key z, calculates the master public key Z, and stores it in the storage unit 1024 (step S1021). Note that the master public key Z may be configured to be made public to each communication device 20 during generation.
 通信部101は、通信装置20からユーザ秘密鍵の鍵発行依頼(以下、単に「鍵発行依頼」ともいう)として識別子を入力として受け付ける。即ち、通信部101は、任意のタイミングで通信装置20Aの識別子IDと通信装置20Bの識別子IDとを入力として受け付ける(ステップS101)。通信装置20の識別子は、例えば、その識別子を有する当該通信装置20自身が送信するように構成しても良いし、多機能通信ゲートウェイ10と通信ネットワークN1又は通信ネットワークN2を介して接続される他の端末等が送信するように構成しても良い。多機能通信ゲートウェイ10が入力装置を有する場合には、その入力装置から通信装置20の識別子を入力できるように構成しても良い。 The communication unit 101 receives an identifier as input from the communication device 20 as a key issuance request for a user private key (hereinafter also simply referred to as a “key issuance request”). That is, the communication unit 101 receives as input the identifier ID A of the communication device 20A and the identifier ID B of the communication device 20B at an arbitrary timing (step S101). For example, the identifier of the communication device 20 may be configured to be transmitted by the communication device 20 itself having the identifier, or may be configured to be transmitted by the communication device 20 itself having the identifier, or by other devices connected to the multifunctional communication gateway 10 via the communication network N1 or the communication network N2. The configuration may be such that the terminal or the like transmits the information. If the multifunctional communication gateway 10 has an input device, it may be configured so that the identifier of the communication device 20 can be input from the input device.
 ユーザ秘密鍵生成部1022は、通信装置20の識別子を受け付けた場合に、この識別子からユーザ秘密鍵を生成する。即ち、ユーザ秘密鍵生成部1022は、以下の数式に従い、ユーザ秘密鍵D及びDを生成する(ステップS1022)。
Figure JPOXMLDOC01-appb-M000002
Figure JPOXMLDOC01-appb-M000003
 ここで、i=H(ID)、i=H(ID)である。これらi及びiは、通信装置20が生成するように構成しても良いし、多機能通信ゲートウェイ10が生成するように構成しても良い。例えば、ユーザ秘密鍵Dを生成する際に、通信装置20がiを生成して多機能通信ゲートウェイ10に公開しても良いし、多機能通信ゲートウェイ10がiを生成するように構成しても良い。同様に、例えば、ユーザ秘密鍵Dを生成する際に、通信装置20がiを生成して多機能通信ゲートウェイ10に公開しても良いし、多機能通信ゲートウェイ10がiを生成するように構成しても良い。 When receiving the identifier of the communication device 20, the user private key generation unit 1022 generates a user private key from this identifier. That is, the user private key generation unit 1022 generates user private keys D A and D B according to the following formula (step S1022).
Figure JPOXMLDOC01-appb-M000002
Figure JPOXMLDOC01-appb-M000003
Here, i A = H 1 (ID A ), i B = H 1 (ID B ). These iA and iB may be configured to be generated by the communication device 20, or may be configured to be generated by the multifunctional communication gateway 10. For example, when generating the user secret key DA , the communication device 20 may generate iA and disclose it to the multifunction communication gateway 10, or the multifunction communication gateway 10 may be configured to generate iA . You may do so. Similarly, for example, when generating the user secret key DB , the communication device 20 may generate iB and disclose it to the multifunction communication gateway 10, or the multifunction communication gateway 10 may generate iB . It may be configured as follows.
 i及びiの生成は、通信装置20Aがiを生成し、通信装置20Bがiを生成するように構成することが考えられる。但し、通信装置20の計算リソースが限られており、Hの計算に多くの計算リソースが必要な場合等、所定の条件に当てはまる場合には、多機能通信ゲートウェイ10にて、i及びiの一方あるいは双方を生成するように構成しても良い。 The generation of iA and iB may be configured such that the communication device 20A generates iA and the communication device 20B generates iB . However, if predetermined conditions are met, such as when the calculation resources of the communication device 20 are limited and a large number of calculation resources are required to calculate H1 , the multifunctional communication gateway 10 It may be configured to generate one or both of B.
 鍵配布部1023は、ユーザ秘密鍵を当該識別子に対応する通信装置20に配布(送信)する。即ち、鍵配布部1023は、ユーザ秘密鍵Dを通信装置20Aに配布すると共に、ユーザ秘密鍵Dを通信装置20Bに配布する(ステップS1023)。鍵配布部1023によるユーザ秘密鍵の配布方法としては、例えば、鍵配布部1023は、ユーザ秘密鍵が生成されたことをトリガとして該当する通信装置20へ送付するように構成しても良い。また、鍵配布部1023は、通信装置20からのユーザ秘密鍵の配布要求に応じて、通信部101から該当のユーザ秘密鍵を当該通信装置20に配布するように構成しても良い。 The key distribution unit 1023 distributes (transmits) the user private key to the communication device 20 corresponding to the identifier. That is, the key distribution unit 1023 distributes the user private key DA to the communication device 20A, and also distributes the user private key DB to the communication device 20B (step S1023). As a method for distributing a user private key by the key distribution unit 1023, for example, the key distribution unit 1023 may be configured to send the generated user private key to the corresponding communication device 20 using the generation of the user private key as a trigger. Further, the key distribution unit 1023 may be configured to distribute the user private key from the communication unit 101 to the communication device 20 in response to a request for distribution of the user private key from the communication device 20.
 また、安全に鍵を配布するために、通信装置との間で、例えば、デバイス出荷時に書き込んでおいた初期鍵、あるいは初期鍵をもとに鍵交換した鍵を鍵配布の際の暗号鍵(以下、これらをまとめて「配布用暗号鍵」ともいう。)として用いる等、何らかの手段によって配布用暗号鍵を事前に共有しておき、記憶部に格納しておいた当該配布用暗号鍵を活用してユーザ秘密鍵を暗号化して配布するように構成してもよい。あるいは、ユーザ秘密鍵を記録媒体等に記録した上で、通信装置20に配布しても良い。 In order to securely distribute keys, for example, the initial key written at the time of device shipment, or the key exchanged based on the initial key, is used as the encryption key ( The distribution encryption keys are shared in advance by some means, such as using them as "distribution encryption keys" (hereinafter collectively referred to as "distribution encryption keys"), and the distribution encryption keys stored in the storage unit are utilized. The user private key may be encrypted and distributed. Alternatively, the user private key may be recorded on a recording medium or the like and then distributed to the communication device 20.
 上述した処理方法を実施することにより、通信装置20は、他の通信装置20との間で認証付き鍵交換を行う際に用いるユーザ秘密鍵を得ることができる。即ち、本実施の形態に係る鍵発行システム1を用いることにより、ローカルネットワークに参加する装置において安全な鍵発行を実現することができる。 By implementing the processing method described above, the communication device 20 can obtain a user secret key to be used when performing authenticated key exchange with another communication device 20. That is, by using the key issuing system 1 according to this embodiment, it is possible to realize secure key issuing in devices participating in a local network.
<第1の実施の形態の変形例>
 本開示の第1の実施の形態は、図4で示した鍵発行システム1Aのように構成しても良い。即ち、通信ネットワークN2と通信可能な通信部を備えた装置であって、多機能通信ゲートウェイ10と同等の鍵発行局機能を有した鍵発行装置30を有するように構成しても良い。この場合、多機能通信ゲートウェイ10は、鍵発行局の機能を含まない通信ゲートウェイ10Aとして構成しても良い。 <Modification of the first embodiment>
The first embodiment of the present disclosure may be configured like the key issuing system 1A shown in FIG. 4. That is, the key issuing device 30 may be configured to include a key issuing device 30 that is equipped with a communication unit capable of communicating with the communication network N2 and has a key issuing authority function equivalent to that of the multifunctional communication gateway 10. In this case, the multifunctional communication gateway 10 may be configured as a communication gateway 10A that does not include the function of a key issuing authority.
<第2の実施の形態>
 本開示の第2の実施の形態は、階層型IDベース暗号方式に対応した鍵発行局機能及び中間鍵発行局機能を各装置内のセキュア環境に配置する構成としたものである。図5に示す鍵発行システム1Bが、図1に示す鍵発行システム1と異なる点は、多機能通信ゲートウェイ10が、階層型ID暗号方式に対応した、多機能通信ゲートウェイ10Bへと変わっている点と、鍵発行システム1には含まれていなかった中間鍵発行装置35(n=1,2,…,k-1(kは2以上の整数))を有している点である。ここで、中間鍵発行装置35は、通信装置20と同じく通信ネットワークN2を介して通信できるように構成されている。中間鍵発行装置35は階層型ID暗号方式に対応するように、複数の階層で構成されていても良い。なお、説明の便宜上、「中間鍵発行装置35」を「中間鍵発行装置35」と表記することもある。 <Second embodiment>
The second embodiment of the present disclosure has a configuration in which a key issuing authority function and an intermediate key issuing authority function compatible with a hierarchical ID-based encryption system are placed in a secure environment within each device. The key issuing system 1B shown in FIG. 5 differs from the key issuing system 1 shown in FIG. 1 in that the multifunctional communication gateway 10 has been changed to a multifunctional communication gateway 10B that supports the hierarchical ID encryption method. And, it has an intermediate key issuing device 35 n (n=1, 2, . . . , k-1 (k is an integer of 2 or more)) which was not included in the key issuing system 1. Here, the intermediate key issuing device 35 n is configured to be able to communicate via the communication network N2 like the communication device 20. The intermediate key issuing device 35n may be configured with a plurality of layers so as to support the hierarchical ID encryption method. Note that for convenience of explanation, "intermediate key issuing device 35 n " may be referred to as "intermediate key issuing device 35."
(多機能通信ゲートウェイ10B)
 図6の多機能通信ゲートウェイ10Bが、図2に示した第1の実施の形態に係る多機能通信ゲートウェイ10と異なる点は、第1セキュリティ部102内には含まれていなかったルート秘密鍵生成部1021-1が新たに追加されている点と、ユーザ秘密鍵生成部1022が第1秘密鍵生成部1022Bへと変わっている点である。これらの変更に伴い、第1セキュリティ部102の名称が第1セキュリティ部102Bへと変わっている。 (Multifunctional communication gateway 10B)
The multifunctional communication gateway 10B of FIG. 6 differs from the multifunctional communication gateway 10 according to the first embodiment shown in FIG. 1021-1 has been newly added, and the user secret key generation section 1022 has been changed to a first secret key generation section 1022B. Along with these changes, the name of the first security section 102 has been changed to the first security section 102B.
第1セキュリティ部102Bは、第1セキュリティ部102と同様に、セキュア環境(第1セキュア環境)の機能を有する。また、処理内容が異なることから、通信部101を通信部101Bへとその名称を変えている。 The first security unit 102B, like the first security unit 102, has a secure environment (first secure environment) function. Furthermore, since the processing contents are different, the name of communication section 101 has been changed to communication section 101B.
(中間鍵発行装置35
 新たに追加された中間鍵発行装置35は、通信部351と、通信部351と接続された第2セキュリティ部352とを有する。第2セキュリティ部352は、第n+1秘密鍵生成部3521、鍵配布部3522、記憶部3523を有する。第2セキュリティ部352は、第1セキュリティ部102Bと同様にセキュア環境(第2セキュア環境)の機能を有する。 (Intermediate key issuing device 35 n )
The newly added intermediate key issuing device 35n includes a communication section 351 and a second security section 352 connected to the communication section 351. The second security unit 352 includes an n+1 private key generation unit 3521, a key distribution unit 3522, and a storage unit 3523. The second security unit 352 has a secure environment (second secure environment) function similarly to the first security unit 102B.
 なお、セキュア環境に配置する鍵発行局(例えば、第1セキュリティ部102Bや第2セキュリティ部352を構成する各要素)は、階層構造となる全ての装置に実装するように構成しても良いし、その一部のみに実装するように構成しても良い。一部に実装する例としては、例えば、中間鍵発行装置35の中でも末端の中間鍵発行装置のみに実装するなどが挙げられる。 Note that the key issuing authority placed in the secure environment (for example, each element configuring the first security unit 102B and the second security unit 352) may be configured to be implemented in all devices in a hierarchical structure. , it may be configured to be implemented only in a part of it. An example of partially implementing it is, for example, implementing it only in the terminal intermediate key issuing device among the intermediate key issuing devices 35n .
[鍵発行システム1Bの鍵発行方法]
 夫々がセキュア環境の機能を有する多機能通信ゲートウェイ10B及び中間鍵発行装置35が、図7に示す処理を実施することにより、本実施形態に係る鍵発行システム1Bの処理方法が実現される。 [Key issuing method for key issuing system 1B]
The processing method of the key issuing system 1B according to this embodiment is realized by the multifunctional communication gateway 10B and the intermediate key issuing device 35n , each of which has a secure environment function, performing the processing shown in FIG.
 以下の説明においては、bを0と1の間の一様分布に従って選んだ乱数とする。また、x=1,2,…, kとし、id(x)=(I, I、…, I)とし、b.id(x)=(b||I, I、…, I)を示すものとする。 In the following description, b is a random number selected according to a uniform distribution between 0 and 1. Also, x=1, 2,..., k, id (x) = (I 1 , I 2 ,..., I x ), and b. Let id (x) = (b||I 1 , I 2 , ..., I x ) be shown.
 図7に示すように、マスタ鍵生成部1021は、セキュリティパラメータ1κを取得して(mpk’,msk’)←SetUp’(1κ)を実行し、マスタ公開鍵mpk’と、マスタ秘密鍵msk’を生成する(ステップS1021)。この場合、ユーザ秘密鍵の配布の際の暗号化として用いるために、生成されたマスタ公開鍵mpk’は、各中間鍵発行装置35や、通信装置20との間で共有(公開)しておいても良い。 As shown in FIG. 7, the master key generation unit 1021 obtains the security parameter 1 κ , executes (mpk', msk')←SetUp'(1 κ ), and generates the master public key mpk' and the master private key. msk' is generated (step S1021). In this case, the generated master public key mpk' is shared (published) with each intermediate key issuing device 35 n and the communication device 20 in order to be used for encryption when distributing the user private key. You can leave it there.
 ルート秘密鍵生成部1021-1は、マスタ秘密鍵を用いてルート秘密鍵を生成する。即ち、ルート秘密鍵生成部1021-1は、ルート秘密鍵sk[id(0)]=(msk’,msk’)を生成する(ステップS1021-1)。 The root private key generation unit 1021-1 generates a root private key using the master private key. That is, the root private key generation unit 1021-1 generates the root private key sk[id (0) ]=(msk', msk') (step S1021-1).
 第1秘密鍵生成部1022Bは,通信部101Bを介して、鍵発行依頼として、第1(k=2)の中間鍵発行装置35(もしくは多機能通信ゲートウェイ10Bと通信可能な通信装置20)の識別子であるid(1)を取得した場合には、mpk=mpk’に、sk[id(0)]=(sk’[0.id(0)],sk’[1.id(0)])にパースする(ステップS1022B-1)。 The first private key generation unit 1022B sends a key issuance request via the communication unit 101B to the first (k=2) intermediate key issuing device 35 1 (or the communication device 20 capable of communicating with the multifunctional communication gateway 10B). If you obtain id ( 1 ) , which is the identifier of ]) (step S1022B-1).
 第1秘密鍵生成部1022Bは、マスタ公開鍵と、ルート秘密鍵と、通信部が取得した中間鍵発行装置の第1装置の第1識別子とを用いて第1秘密鍵を生成する。即ち、第1秘密鍵生成部1022Bは、各b∈{0,1}に対して、sk’[b.id(1)]←KG’(mpk’,sk’[b.id(0)],b.id(1))を実行し、第1秘密鍵sk[id(1)]=(sk’[0.id(1)],sk’[1.id(1)]を生成する(ステップS1022B-2)。 The first private key generation unit 1022B generates a first private key using the master public key, the root private key, and the first identifier of the first intermediate key issuing device acquired by the communication unit. That is, the first secret key generation unit 1022B generates sk'[b. id (1) ]←KG'(mpk', sk'[b.id (0) ], b.id (1) ), and the first secret key sk[id (1) ]=(sk'[ 0.id (1) ], sk'[1.id (1) ] are generated (step S1022B-2).
 鍵配布部1023は、第1秘密鍵生成部1022Bが生成した第1秘密鍵sk[id(1)]を第1の中間鍵発行装置351、もしくは多機能通信ゲートウェイ10Bと通信可能な通信装置20に配布(送信)する(ステップS1023)。 The key distribution unit 1023 transmits the first secret key sk[id (1) ] generated by the first secret key generation unit 1022B to the first intermediate key issuing device 35 1 or a communication device capable of communicating with the multifunctional communication gateway 10B. 20 (step S1023).
 第1の中間鍵発行装置351の第n+1秘密鍵生成部3521は、通信部351を介して、鍵発行依頼としてn+1の識別子を取得した場合には、ステップS1023により受信した、マスタ公開鍵mpk’と、第1秘密鍵sk[id(1)]=(sk’[0.id(1)],sk’[1.id(1)]を、mpk=mpk’に、sk[id(n)]=(sk’[0.id(n)],sk’[1.id(n)])にパースする(ステップS3521-1)。例えば、n=1の場合、第1(k=2)の中間鍵発行装置351の通信部351は、鍵発行依頼として、第2(k=3)の中間鍵発行装置352、もしくは第1の中間鍵発行装置351と通信可能な通信装置20から当該IDであるn+1の識別子id(n+1)(n=1の場合は、id(2))を取得する。第n+1秘密鍵生成部3521は、n+1の識別子を取得した場合には、上述のパース処理を行う。 When the n+1 private key generation unit 3521 of the first intermediate key issuing device 35 1 obtains the n+1 identifier as a key issue request via the communication unit 351, the master public key mpk received in step S1023 is ' and the first secret key sk[id (1) ] = (sk'[0.id (1) ], sk'[1.id (1) ] to mpk=mpk', sk[id (n ) ]=(sk'[0.id (n) ], sk'[1.id (n) ]) (step S3521-1). For example, if n=1, the first (k=2 ) communication unit 351 of the intermediate key issuing device 35 1 is a communication device capable of communicating with the second (k=3) intermediate key issuing device 35 2 or the first intermediate key issuing device 35 1 as a key issuing request. 20, the n+1 identifier id (n+1) (in the case of n=1, id (2) ) is obtained from the ID (n+1). When the n+1 private key generation unit 3521 obtains the n+1 identifier, the Performs parsing process.
 第n+1秘密鍵生成部3521は、マスタ公開鍵と、第n秘密鍵と、n+1識別子とを用いて、第n+1秘密鍵を生成する。即ち、第n+1秘密鍵生成部3521は、各b∈{0,1}に対して、sk’[b.id(n+1)]←KG’(mpk’,sk’[b.id(n)],b.id(n+1))を実行し、第n+1秘密鍵sk[id(n+1)]=(sk’[0.id(n+1)],sk’[1.id(n+1)]を生成する(ステップS3521-2)。例えば、n=1の場合、第1の中間鍵発行装置351の第n+1秘密鍵生成部3521は、第2秘密鍵を生成する。 The n+1th private key generation unit 3521 generates the n+1th private key using the master public key, the nth private key, and the n+1 identifier. That is, the (n+1)th private key generation unit 3521 generates sk'[b. id (n+1) ]←KG'(mpk', sk'[b.id (n) ], b.id (n+1)) ), and the n+1th private key sk[id (n+1) ]=(sk'[ 0.id (n+1) ], sk'[1.id (n+1) ] (step S3521-2).For example, in the case of n=1, the (n+1)th private key of the first intermediate key issuing device 35 1 is generated. The generation unit 3521 generates a second secret key.
 鍵配布部3522は、第n+1秘密鍵生成部3521が生成した第n+1秘密鍵sk[id(n+1)]を下位の中間鍵発行装置35(中間鍵発行装置の第n+1装置)、もしくは通信装置20(中間鍵発行装置の第n装置と通信可能な前記通信装置)に配布する(ステップS3522)。例えば、n=1の場合、第1の中間鍵発行装置351の鍵配布部3522は、第2(k=3)の中間鍵発行装置352、もしくは第1の中間鍵発行装置351と通信可能な通信装置20に第2秘密鍵を配布する。 The key distribution unit 3522 sends the n+1st private key sk [id (n+1) ] generated by the n+1th private key generation unit 3521 to the lower intermediate key issuing device 35 (the n+1st device of the intermediate key issuing devices) or to the communication device 20. (the communication device capable of communicating with the n-th device of the intermediate key issuing device) (step S3522). For example, when n=1, the key distribution unit 3522 of the first intermediate key issuing device 35 1 is connected to the second (k=3) intermediate key issuing device 35 2 or the first intermediate key issuing device 35 1 . The second secret key is distributed to communication devices 20 that can communicate.
 以下、更に下位の階層に当たる中間鍵発行装置35、あるいはそれらと通信可能な通信装置20が設けられているときは、上述のステップ(ステップS3521-1、ステップS3521―2、ステップS3522)の処理を繰り返す。 Hereinafter, when an intermediate key issuing device 35 in a lower hierarchy or a communication device 20 that can communicate with them is provided, the above steps (step S3521-1, step S3521-2, step S3522) are performed. repeat.
 上述した処理方法を実施することにより、通信装置20は、他の通信装置20との間で認証付き鍵交換を行う際に用いるユーザ秘密鍵を得ることができる。即ち、本実施の形態に係る鍵発行システム1Bを用いることにより、ローカルネットワークに参加する装置において安全な鍵発行を実現することができる。 By implementing the processing method described above, the communication device 20 can obtain a user secret key to be used when performing authenticated key exchange with another communication device 20. That is, by using the key issuing system 1B according to this embodiment, it is possible to realize secure key issuing in devices participating in the local network.
<第2の実施の形態の変形例>
 本開示の第2の実施の形態は、図8で示した鍵発行システム1Cのように構成しても良い。鍵発行システム1Cでは、多機能通信ゲートウェイ10Bが有していた鍵発行局機能は、その機能を有した鍵発行装置30として通信ネットワークN1上で通信できるように設けられている。これに伴い、多機能通信ゲートウェイ10Bは、中間鍵発行局機能を有しない通信ゲートウェイ10Cへと変わっている。ここで、中間鍵発行装置35は、鍵発行装置30の下位層に相当する。 <Modified example of second embodiment>
The second embodiment of the present disclosure may be configured like the key issuing system 1C shown in FIG. 8. In the key issuing system 1C, the key issuing authority function that the multifunctional communication gateway 10B had is provided so that it can communicate on the communication network N1 as a key issuing device 30 having that function. Along with this, the multifunctional communication gateway 10B has been changed to a communication gateway 10C that does not have an intermediate key issuing authority function. Here, the intermediate key issuing device 35 corresponds to a lower layer of the key issuing device 30.
 なお、通信ネットワークN2と通信する機器のいずれかに中間鍵発行局機能を有していればよいことから、鍵発行システム1Cの場合であっても、通信ゲートウェイ10Cの中に中間鍵発行局機能を有していても良い。また、鍵発行システム1Cでは、図5に示した鍵発行システム1Bに設けられた中間鍵発行装置35のように、中間鍵発行装置35が複数の階層で構成されていても良い。 Note that since it is sufficient that any of the devices communicating with the communication network N2 has an intermediate key issuing authority function, even in the case of the key issuing system 1C, the intermediate key issuing authority function is provided in the communication gateway 10C. It may have. Furthermore, in the key issuing system 1C, the intermediate key issuing apparatus 35n may be configured in a plurality of layers, like the intermediate key issuing apparatus 35n provided in the key issuing system 1B shown in FIG.
<第2の実施の形態の他の変形例>
 上述した第2の実施の形態は、図9に示したような構成としても良い。図9に示した構成が、図6に示す構成と異なる点は、多機能通信ゲートウェイ10Bが通信ゲートウェイ10Cへと変わっている点と、中間鍵発行装置35が中間鍵発行装置35Cへと変わっている点である。 <Other modifications of the second embodiment>
The second embodiment described above may have a configuration as shown in FIG. The configuration shown in FIG. 9 differs from the configuration shown in FIG. 6 in that the multifunctional communication gateway 10B is changed to a communication gateway 10C, and the intermediate key issuing device 35 n is changed to an intermediate key issuing device 35 C n . This is something that has changed.
 多機能通信ゲートウェイ10Cは、第1セキュリティ部内に、新たにデバイス認証部1025が設けられ、名称が、第1セキュリティ部102Bから第1セキュリティ部102Cへと変更されている。中間鍵発行装置35Cは、第2セキュリティ部内に、デバイス認証部3524が設けられ、名称が、第2セキュリティ部352から第2セキュリティ部352Cへと変更されている。 In the multifunctional communication gateway 10C, a device authentication section 1025 is newly provided in the first security section, and the name has been changed from the first security section 102B to the first security section 102C. In the intermediate key issuing device 35C n , a device authentication section 3524 is provided in the second security section, and the name has been changed from the second security section 352 to the second security section 352C.
 デバイス認証部1025を備えた多機能通信ゲートウェイ10C及び、デバイス認証部3524を備えた中間鍵発行装置35Cが、図10に示す処理を実施することにより、本変形例の処理方法が実現される。図10の処理方法が、図7の処理方法と異なる点は、デバイス認証処理のためのステップS1025、ステップS3524が追加されている点、ステップS1022B―2がステップS1022Cへと変更されている点、ステップS3521―2がステップS3521Cへと変更されている点、である。 The processing method of this modification is realized by the multifunctional communication gateway 10C equipped with the device authentication section 1025 and the intermediate key issuing device 35Cn equipped with the device authentication section 3524 performing the processing shown in FIG. . The processing method in FIG. 10 differs from the processing method in FIG. 7 in that step S1025 and step S3524 for device authentication processing are added, and step S1022B-2 is changed to step S1022C. The difference is that step S3521-2 is changed to step S3521C.
 本変形例においては、多機能通信ゲートウェイ10Cは、鍵発行が可能な1以上の端末(デバイス)の情報の一覧(リスト)を、例えばテーブル形式のデータとして予め記憶部1024に記憶しておく。中間鍵発行装置35Cから識別子を受け付けた際には、その識別子と共に、中間鍵発行装置35Cのデバイス情報も受け取るように構成しておく。 In this modification, the multifunctional communication gateway 10C stores in advance a list of information on one or more terminals (devices) capable of issuing keys in the storage unit 1024, for example, as data in a table format. When an identifier is received from the intermediate key issuing device 35C n , the device information of the intermediate key issuing device 35C n is also received along with the identifier.
 デバイス認証部1025は、鍵発行依頼を依頼してきた中間鍵発行装置35Cのデバイス情報が、記憶部1024に記憶している鍵発行端末のリストの中に存在するか否かの認証確認を実施し、一致するものがあれば「許可」、一致するものがなければ「不許可」を判定する(ステップS1025)。 The device authentication unit 1025 performs an authentication check to determine whether the device information of the intermediate key issuing device 35Cn that has requested the key issuance request exists in the list of key issuing terminals stored in the storage unit 1024. If there is a match, it is determined to be "permitted", and if there is no match, it is determined to be "not permitted" (step S1025).
 ステップS1025の判断において、「許可」を判定した場合には、第1秘密鍵生成部1022Bは、第1秘密鍵生成の処理を行う。この際、許可されたことが識別できるように所定のフラグを用いて鍵を生成する(ステップS1022C)。 If "permission" is determined in step S1025, the first private key generation unit 1022B performs a first private key generation process. At this time, a key is generated using a predetermined flag so that permission can be identified (step S1022C).
 同様に、中間鍵発行装置35Cは、鍵発行が可能な1以上の端末(デバイス)の情報の一覧(リスト)を、例えばテーブル形式のデータとして予め記憶部3523に記憶しておく。中間鍵発行装置の第n+1装置から識別子を受け付けた際には、その識別子と共に、中間鍵発行装置の第n+1装置のデバイス情報も受け取るように構成しておく。 Similarly, the intermediate key issuing device 35C n stores in advance a list of information on one or more terminals (devices) capable of issuing keys in the storage unit 3523, for example, as data in a table format. When an identifier is received from the (n+1)th device of the intermediate key issuing device, the device information of the (n+1)th device of the intermediate key issuing device is also received along with the identifier.
 デバイス認証部3524は、鍵発行依頼を依頼してきた中間鍵発行装置の第n+1装置のデバイス情報が、記憶部3523に記憶している鍵発行端末のリストの中に存在するか否かの認証確認を実施し、一致するものがあれば「許可」、一致するものがなければ「不許可」を判定する(ステップS3524)。 The device authentication unit 3524 authenticates whether the device information of the (n+1)th device of the intermediate key issuing device that has requested the key issuance request exists in the list of key issuing terminals stored in the storage unit 3523. If there is a match, it is determined to be "permitted", and if there is no match, it is determined to be "not permitted" (step S3524).
 ステップS3524の判断において、「許可」を判定した場合には、第n+1秘密鍵生成部3521は、第n+1秘密鍵生成の処理を行う。この際、許可されたことが識別できるように所定のフラグを用いて鍵を生成する(ステップS3521C)。 In the determination of step S3524, if "permission" is determined, the (n+1)th private key generation unit 3521 performs the process of generating the (n+1)th private key. At this time, a key is generated using a predetermined flag so that permission can be identified (step S3521C).
 なお、デバイス認証部3524は、全ての中間鍵発行装置35Cに実装するように構成しても良い。デバイス認証が不要であれば、一部あるいは全部の中間鍵発行装置を、デバイス認証部3524を備えない中間鍵発行装置を用いて鍵発行システムを構成しても良い。 Note that the device authentication unit 3524 may be configured to be installed in all intermediate key issuing devices 35Cn . If device authentication is not required, the key issuing system may be constructed using intermediate key issuing apparatuses that do not include the device authentication section 3524 as part or all of the intermediate key issuing apparatuses.
[プログラム、記録媒体]
 上述の各種の処理は、図11に示すコンピュータ2000の記録部2020に、上記方法の各ステップを実行させるプログラムを読み込ませ、制御部2010、入力部2030、出力部2040、表示部2050などに動作させることで実施できる。 [Program, recording medium]
The various processes described above are performed by causing the recording unit 2020 of the computer 2000 shown in FIG. This can be done by letting
 この処理内容を記述したプログラムは、コンピュータで読み取り可能な記録媒体に記録しておくことができる。コンピュータで読み取り可能な記録媒体としては、例えば、磁気記録装置、光ディスク、光磁気記録媒体、半導体メモリ等どのようなものでもよい。 A program that describes this processing content can be recorded on a computer-readable recording medium. The computer-readable recording medium may be of any type, such as a magnetic recording device, an optical disk, a magneto-optical recording medium, or a semiconductor memory.
 また、このプログラムの流通は、例えば、そのプログラムを記録したDVD、CD-ROM等の可搬型記録媒体を販売、譲渡、貸与等することによって行う。さらに、このプログラムをサーバコンピュータの記憶装置に格納しておき、ネットワークを介して、サーバコンピュータから他のコンピュータにそのプログラムを転送することにより、このプログラムを流通させる構成としてもよい。 Further, distribution of this program is performed, for example, by selling, transferring, lending, etc. portable recording media such as DVDs and CD-ROMs on which the program is recorded. Furthermore, this program may be distributed by storing the program in the storage device of the server computer and transferring the program from the server computer to another computer via a network.
 このようなプログラムを実行するコンピュータは、例えば、まず、可搬型記録媒体に記録されたプログラムもしくはサーバコンピュータから転送されたプログラムを、一旦、自己の記憶装置に格納する。そして、処理の実行時、このコンピュータは、自己の記録媒体に格納されたプログラムを読み取り、読み取ったプログラムに従った処理を実行する。また、このプログラムの別の実行形態として、コンピュータが可搬型記録媒体から直接プログラムを読み取り、そのプログラムに従った処理を実行することとしてもよく、さらに、このコンピュータにサーバコンピュータからプログラムが転送されるたびに、逐次、受け取ったプログラムに従った処理を実行することとしてもよい。また、サーバコンピュータから、このコンピュータへのプログラムの転送は行わず、その実行指示と結果取得のみによって処理機能を実現する、いわゆるASP(Application Service Provider)型のサービスによって、上述の処理を実行する構成としてもよい。なお、本形態におけるプログラムには、電子計算機による処理の用に供する情報であってプログラムに準ずるもの(コンピュータに対する直接の指令ではないがコンピュータの処理を規定する性質を有するデータ等)を含むものとする。 A computer that executes such a program, for example, first stores a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. When executing a process, this computer reads a program stored in its own recording medium and executes a process according to the read program. In addition, as another form of execution of this program, the computer may directly read the program from a portable recording medium and execute processing according to the program, and furthermore, the program may be transferred to this computer from the server computer. The process may be executed in accordance with the received program each time. In addition, the above-mentioned processing is executed by a so-called ASP (Application Service Provider) service, which does not transfer programs from the server computer to this computer, but only realizes processing functions by issuing execution instructions and obtaining results. You can also use it as Note that the program in this embodiment includes information that is used for processing by an electronic computer and that is similar to a program (data that is not a direct command to the computer but has a property that defines the processing of the computer, etc.).
 また、この形態では、コンピュータ上で所定のプログラムを実行させることにより、本装置を構成することとしたが、これらの処理内容の少なくとも一部をハードウェア的に実現することとしてもよい。 Furthermore, in this embodiment, the present apparatus is configured by executing a predetermined program on a computer, but at least a part of these processing contents may be implemented in hardware.
 なお、プログラムの形態としては様々なものが考えられるが、例えば、鍵発行システム全体として制御可能な装置向けのプログラムの他、本開示で示した各種の機器(例えば多機能通信ゲートウェイ1,1B、中間鍵発行装置35、通信装置20、鍵発行装置30、及びこれらの変形例)が使用するプログラム、あるいは2つ以上の機器の処理をまとめて実施するプログラムが挙げられる。 Note that various forms of the program can be considered, but for example, in addition to programs for devices that can control the entire key issuing system, various types of devices shown in this disclosure (for example, multifunctional communication gateways 1, 1B, Examples include a program used by the intermediate key issuing device 35 n , the communication device 20, the key issuing device 30, and modifications thereof), or a program that collectively executes the processes of two or more devices.

Claims (8)

  1.  第1回線及び前記第1回線よりも狭帯域を使用する第2回線により通信可能な通信部を備えた通信ゲートウェイと、前記第2回線を用いて前記通信ゲートウェイと通信可能な少なくとも一つの通信装置と、を有した鍵発行システムであって、
     前記通信ゲートウェイは、セキュア環境のセキュリティ部を有し、
     前記セキュリティ部は、
     選択したマスタ秘密鍵を用いてマスタ公開鍵を生成するマスタ鍵生成部と、
     前記マスタ鍵生成部により生成されたマスタ公開鍵と、前記通信部が入力として受け付けた前記通信装置の識別子とを用いてユーザ秘密鍵を生成するユーザ秘密鍵生成部と、
     前記ユーザ秘密鍵生成部により生成されたユーザ秘密鍵を前記通信部が受け付けた識別子を有する前記通信装置に送信する鍵配布部と、
    を有する鍵発行システム。     a communication gateway including a communication unit capable of communicating via a first line and a second line using a narrower band than the first line; and at least one communication device capable of communicating with the communication gateway using the second line. A key issuance system having the following:
    the communication gateway has a security section for a secure environment;
    The security department is
    a master key generation unit that generates a master public key using the selected master private key;
    a user private key generation unit that generates a user private key using the master public key generated by the master key generation unit and the identifier of the communication device accepted as input by the communication unit;
    a key distribution unit that transmits the user private key generated by the user private key generation unit to the communication device having the identifier received by the communication unit;
    A key issuing system with
  2.  第1回線及び前記第1回線よりも狭帯域を使用する第2回線により通信可能な通信部を備えた通信ゲートウェイと、前記第2回線を用いて通信可能な通信部を備えた鍵発行装置と、前記第2回線を用いて通信可能な少なくとも一つの通信装置と、を有した鍵発行システムであって、
     前記鍵発行装置は、セキュア環境のセキュリティ部を有し、
     前記セキュリティ部は、
     選択したマスタ秘密鍵を用いてマスタ公開鍵を生成するマスタ鍵生成部と、
     前記マスタ鍵生成部により生成されたマスタ公開鍵と、前記通信部が入力として受け付けた前記通信装置の識別子を用いてユーザ秘密鍵を生成するユーザ秘密鍵生成部と、
     前記ユーザ秘密鍵生成部により生成されたユーザ秘密鍵を前記通信部が受け付けた識別子を有する前記通信装置に送信する鍵配布部と、
    を有する鍵発行システム。     a communication gateway equipped with a communication unit capable of communicating using a first line and a second line using a narrower band than the first line; and a key issuing device equipped with a communication unit capable of communicating using the second line. , at least one communication device capable of communicating using the second line,
    The key issuing device has a security section for a secure environment,
    The security department is
    a master key generation unit that generates a master public key using the selected master private key;
    a user private key generation unit that generates a user private key using the master public key generated by the master key generation unit and the identifier of the communication device accepted as input by the communication unit;
    a key distribution unit that transmits the user private key generated by the user private key generation unit to the communication device having the identifier received by the communication unit;
    A key issuing system with
  3.  第1回線及び前記第1回線よりも狭帯域を使用する第2回線により通信可能な通信部を備えた通信ゲートウェイと、前記第2回線を用いて通信可能な少なくとも一つの通信装置と、前記第2回線を用いて通信可能なk-1個(kは2以上の整数)の第1装置、…、第(k-1)装置よりなる中間鍵発行装置と、を有した階層型IDベース暗号方式に対応する鍵発行システムであって、
     前記通信ゲートウェイは、第1セキュア環境の第1セキュリティ部を有し、
     前記第1セキュリティ部は、
      マスタ公開鍵とマスタ秘密鍵とを生成するマスタ鍵生成部と、
      前記マスタ秘密鍵を用いてルート秘密鍵を生成するルート秘密鍵生成部と、
      前記マスタ公開鍵と、前記ルート秘密鍵と、前記通信部が取得した前記中間鍵発行装置の第1装置の第1識別子とを用いて第1秘密鍵を生成する第1秘密鍵生成部と、
      前記第1秘密鍵を、前記中間鍵発行装置の第1装置に送信する鍵配布部と、を有し、
     前記中間鍵発行装置の第n(n=1,2,…,k-1)装置は、第2セキュア環境を有した第2セキュリティ部を有し、
     前記第2セキュリティ部は、
      前記マスタ公開鍵及び前記第1秘密鍵と、前記中間鍵発行装置の第n+1装置、もしくは前記中間鍵発行装置の第n装置と通信可能な通信装置のいずれかの装置から取得したn+1識別子とを用いて、第n+1秘密鍵を生成する第n+1秘密鍵生成部と、
      前記第n+1秘密鍵を、前記中間鍵発行装置の第n+1装置、もしくは前記中間鍵発行装置の第n装置と通信可能な前記通信装置に送信する鍵配布部と、
    を有する鍵発行システム。     a communication gateway including a communication unit capable of communicating via a first line and a second line using a narrower band than the first line; at least one communication device capable of communicating using the second line; A hierarchical ID-based encryption system comprising k-1 first devices (k is an integer of 2 or more) capable of communicating using two lines, ..., an intermediate key issuing device consisting of the (k-1)th device A key issuing system compatible with the method,
    the communication gateway has a first security part of a first secure environment;
    The first security department includes:
    a master key generation unit that generates a master public key and a master private key;
    a root private key generation unit that generates a root private key using the master private key;
    a first private key generation unit that generates a first private key using the master public key, the root private key, and a first identifier of a first device of the intermediate key issuing device acquired by the communication unit;
    a key distribution unit that transmits the first private key to a first device of the intermediate key issuing device;
    The n-th (n=1, 2, ..., k-1) device of the intermediate key issuing device has a second security section having a second secure environment,
    The second security department includes:
    the master public key, the first private key, and an n+1 identifier obtained from either the n+1st device of the intermediate key issuing device or a communication device capable of communicating with the nth device of the intermediate key issuing device; an (n+1)-th private key generation unit that generates the (n+1)-th private key using the
    a key distribution unit that transmits the n+1 private key to the n+1 device of the intermediate key issuing device or the communication device capable of communicating with the n device of the intermediate key issuing device;
    A key issuing system with
  4.  第1回線を用いて通信する鍵発行装置と、第1回線及び前記第1回線よりも狭帯域を使用する第2回線により通信可能な通信部を備えた通信ゲートウェイと、前記鍵発行装置の下位層に相当し、第2回線を用いて通信可能なk-1個(kは2以上の整数)の第1装置、…、第(k-1)装置よりなる中間鍵発行装置と、前記第2回線を用いて通信可能な少なくとも一つの通信装置と、を有した階層型IDベース暗号方式に対応する鍵発行システムであって、
     前記鍵発行装置は、第1セキュア環境の第1セキュリティ部を有し、
     前記第1セキュリティ部は、
      マスタ公開鍵とマスタ秘密鍵とを生成するマスタ鍵生成部と、
      前記マスタ秘密鍵を用いてルート秘密鍵を生成するルート秘密鍵生成部と、
      前記マスタ公開鍵と、前記ルート秘密鍵と、前記通信部が取得した前記中間鍵発行装置の第1装置の第1識別子とを用いて第1秘密鍵を生成する第1秘密鍵生成部と、
      前記第1秘密鍵を、前記中間鍵発行装置の第1装置に送信する鍵配布部と、を有し、
     前記中間鍵発行装置の第n(n=1,2,…,k-1)装置は、第2セキュア環境を有した第2セキュリティ部を有し、
     前記中間鍵発行装置の第n(n=1,2,…,k-1)装置は、第2セキュア環境を有した第2セキュリティ部を有し、
     前記第2セキュリティ部は、
      前記マスタ公開鍵及び前記第1秘密鍵と、前記中間鍵発行装置の第n+1装置、もしくは前記中間鍵発行装置の第n装置と通信可能な通信装置のいずれかの装置から取得したn+1識別子とを用いて、第n+1秘密鍵を生成する第n+1秘密鍵生成部と、
      前記第n+1秘密鍵を、前記中間鍵発行装置の第n+1装置、もしくは前記中間鍵発行装置の第n装置と通信可能な通信装置に送信する鍵配布部と、
    を有する鍵発行システム。     a key issuing device that communicates using a first line; a communication gateway that includes a communication unit capable of communicating via a first line and a second line that uses a narrower band than the first line; and a lower layer of the key issuing device. an intermediate key issuing device consisting of k-1 (k-1) first devices (k is an integer of 2 or more) corresponding to the second line and capable of communicating using the second line; A key issuance system compatible with a hierarchical ID-based cryptosystem, comprising: at least one communication device capable of communicating using two lines;
    The key issuing device has a first security unit in a first secure environment,
    The first security department includes:
    a master key generation unit that generates a master public key and a master private key;
    a root private key generation unit that generates a root private key using the master private key;
    a first private key generation unit that generates a first private key using the master public key, the root private key, and a first identifier of a first device of the intermediate key issuing device acquired by the communication unit;
    a key distribution unit that transmits the first private key to a first device of the intermediate key issuing device;
    The n-th (n=1, 2, ..., k-1) device of the intermediate key issuing device has a second security section having a second secure environment,
    The n-th (n=1, 2, ..., k-1) device of the intermediate key issuing device has a second security section having a second secure environment,
    The second security department includes:
    the master public key, the first private key, and an n+1 identifier obtained from either the n+1st device of the intermediate key issuing device or a communication device capable of communicating with the nth device of the intermediate key issuing device; an (n+1)-th private key generation unit that generates the (n+1)-th private key using the
    a key distribution unit that transmits the n+1 private key to an n+1 device of the intermediate key issuing device or a communication device capable of communicating with the n device of the intermediate key issuing device;
    A key issuing system with
  5.  前記第1セキュリティ部は、デバイス認証部をさらに有し、
     前記デバイス認証部は、前記通信ゲートウェイが、前記中間鍵発行装置の第1装置から第1識別子と共に、デバイス情報を受け取った際に、前記デバイス情報が、前記能通信ゲートウェイが予め記憶している複数のデバイス情報のいずれかと一致する場合には、前記第1秘密鍵生成部に第1秘密鍵を生成させる、請求項3に記載の鍵発行システム。     The first security section further includes a device authentication section,
    The device authentication unit is configured to determine that when the communication gateway receives the device information together with the first identifier from the first device of the intermediate key issuing device, the device information is a plurality of information stored in advance in the communication gateway. 4. The key issuing system according to claim 3, wherein if the device information matches any of the device information, the first private key generation unit generates the first private key.
  6.  第1回線及び前記第1回線よりも狭帯域を使用する第2回線により通信可能な通信部を備え、マスタ鍵生成部と、ユーザ秘密鍵生成部と、鍵配布部とを含むセキュア環境を有したセキュリティ部を有する通信ゲートウェイと、前記第2回線を用いて前記通信ゲートウェイと通信可能な少なくとも一つの通信装置と、を有した鍵発行システムを用いた鍵発行方法であって、
     前記マスタ鍵生成部が、マスタ秘密鍵を選択し、前記マスタ秘密鍵を用いてマスタ公開鍵を生成し、
     ユーザ秘密鍵生成部が、前記マスタ鍵生成部により生成されたマスタ公開鍵と、前記通信部が入力として受け付けた通信装置の識別子とを用いてユーザ秘密鍵を生成し、
     鍵配布部が、前記ユーザ秘密鍵生成部により生成されたユーザ秘密鍵を前記通信部が受け付けた識別子を有する通信装置に送信する、
    鍵発行方法。     A communication unit capable of communicating through a first line and a second line using a narrower band than the first line, and a secure environment including a master key generation unit, a user private key generation unit, and a key distribution unit. A key issuance method using a key issuance system comprising: a communication gateway having a security unit configured to provide a security unit; and at least one communication device capable of communicating with the communication gateway using the second line,
    The master key generation unit selects a master private key and generates a master public key using the master private key,
    a user private key generation unit generates a user private key using the master public key generated by the master key generation unit and the identifier of the communication device accepted as input by the communication unit;
    a key distribution unit transmits the user private key generated by the user private key generation unit to a communication device having an identifier received by the communication unit;
    Key issuance method.
  7.  第1回線及び前記第1回線よりも狭帯域を使用する第2回線により通信可能な通信部を備え、第1セキュリティ部を有する通信ゲートウェイと、第2回線を用いて通信可能な少なくとも一つの通信装置と、前記第2の回線を用いて通信可能なk-1個(kは2以上の整数)の第1装置、…、第(k-1)装置よりなる中間鍵発行装置であって、前記第n(n=1,2,…,k-1)装置が第2セキュリティ部を有する中間鍵発行装置と、を有した階層型IDベース暗号方式に対応する鍵発行システムを用いた鍵発行方法であって、
     前記第1セキュリティ部は、
      マスタ秘密を選択し、このマスタ秘密鍵を用いてマスタ公開鍵を生成し、
      前記マスタ秘密鍵を用いてルート秘密鍵を生成し、
      前記マスタ公開鍵と、前記ルート秘密鍵と、前記通信部が取得した前記中間鍵発行装置の第1装置の第1識別子とを用いて第1秘密鍵を生成し、
      前記第1秘密鍵を、前記中間鍵発行装置の第1装置に送信し、
     前記第2セキュリティ部は、
      前記マスタ公開鍵及び前記第1秘密鍵と、前記中間鍵発行装置の第n+1装置、もしくは前記中間鍵発行装置の第n装置と通信可能な通信装置のいずれかの装置から取得した第n+1識別子とを用いて、第n+1秘密鍵を生成し、
      前記第n+1秘密鍵を、前記中間鍵発行装置の第第n+1装置、もしくは前記中間鍵発行装置の第n装置と通信可能な通信装置に送信する、
    鍵発行方法。     A communication gateway including a communication unit capable of communicating via a first line and a second line using a narrower band than the first line, and having a first security unit, and at least one communication unit capable of communicating using a second line. An intermediate key issuing device comprising a device, k-1 first devices (k is an integer of 2 or more), ..., (k-1)th devices capable of communicating using the second line, The n-th (n=1, 2,..., k-1) device is an intermediate key issuing device having a second security part, and key issuing using a key issuing system compatible with a hierarchical ID-based cryptosystem. A method,
    The first security department includes:
    Select a master secret, use this master private key to generate a master public key,
    generating a root private key using the master private key;
    generating a first private key using the master public key, the root private key, and a first identifier of the first intermediate key issuing device acquired by the communication unit;
    transmitting the first private key to a first device of the intermediate key issuing device;
    The second security department includes:
    the master public key, the first private key, and an (n+1)th identifier obtained from either the n+1st device of the intermediate key issuing device or a communication device capable of communicating with the nth device of the intermediate key issuing device; Generate the n+1 private key using
    transmitting the n+1 private key to an n+1 device of the intermediate key issuing device or a communication device capable of communicating with the n device of the intermediate key issuing device;
    Key issuance method.
  8.  請求項1、請求項3、又は請求項5の通信ゲートウェイ、請求項2又は請求項4の鍵発行装置、あるいは請求項3から請求項5に記載の中間鍵発行装置のうちのいずれか1の装置をコンピュータに機能させるためのプログラム。 Any one of the communication gateway according to claim 1, claim 3, or claim 5, the key issuing device according to claim 2 or claim 4, or the intermediate key issuing device according to claims 3 to 5. A program that allows the device to function on a computer.
PCT/JP2022/022725 2022-06-06 2022-06-06 Key issuing system, key issuing method, and program WO2023238172A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/022725 WO2023238172A1 (en) 2022-06-06 2022-06-06 Key issuing system, key issuing method, and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/022725 WO2023238172A1 (en) 2022-06-06 2022-06-06 Key issuing system, key issuing method, and program

Publications (1)

Publication Number Publication Date
WO2023238172A1 true WO2023238172A1 (en) 2023-12-14

Family

ID=89117934

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/022725 WO2023238172A1 (en) 2022-06-06 2022-06-06 Key issuing system, key issuing method, and program

Country Status (1)

Country Link
WO (1) WO2023238172A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2021507564A (en) * 2017-12-15 2021-02-22 エヌチェーン ホールディングス リミテッドNchain Holdings Limited Computer-implemented systems and methods for allowing blockchain transactions with low entropy passwords

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2021507564A (en) * 2017-12-15 2021-02-22 エヌチェーン ホールディングス リミテッドNchain Holdings Limited Computer-implemented systems and methods for allowing blockchain transactions with low entropy passwords

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BEN A. FISCH ; DHINAKARAN VINAYAGAMURTHY ; DAN BONEH ; SERGEY GORBUNOV: "Iron: Functional Encryption using Intel SGX", IACR, INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH, vol. 20170428:221846, 29 April 2017 (2017-04-29), pages 1 - 37, XP061022762, DOI: 10.1145/3133956.3134106 *
MENG YIFAN, LI JINGZHAO: "Data Sharing Mechanism of Sensors and Actuators of Industrial IoT Based on Blockchain-Assisted Identity-Based Cryptography", SENSORS, MDPI, CH, vol. 21, no. 18, CH , pages 6084, XP093114801, ISSN: 1424-8220, DOI: 10.3390/s21186084 *
SANKARAN SRIRAM: "Lightweight security framework for IoTs using identity based cryptography", 2016 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI), IEEE, 21 September 2016 (2016-09-21), pages 880 - 886, XP032989898, DOI: 10.1109/ICACCI.2016.7732156 *

Similar Documents

Publication Publication Date Title
JP7011646B2 (en) Methods and systems for data security based on quantum communication and trusted computing
US10938554B2 (en) Managing private key access in multiple nodes
US20180309570A1 (en) Secure communication in network access points
US7774594B2 (en) Method and system for providing strong security in insecure networks
JP2019535153A (en) Method and system for quantum key distribution based on trusted computing
US20080031458A1 (en) System, methods, and apparatus for simplified encryption
US20080141027A1 (en) System and method of providing security
JP7292263B2 (en) Method and apparatus for managing digital certificates
JP2009086802A (en) Mediation method and system for authentication
JP2009010470A (en) Terminal device, group management server, network communication system, and method for generating encryption key
JP2013201537A (en) Key generation device and key generation method
JP2006065660A (en) Terminal equipment, information delivery server, and information delivery method
US9954859B2 (en) Random number distribution
CN1798021B (en) Communication supporting server, method and system
WO2022100356A1 (en) Identity authentication system, method and apparatus, device, and computer readable storage medium
JP4344783B2 (en) Seed delivery type one-time ID authentication
JP3908982B2 (en) CUG (Closed User Group) management method, CUG providing system, CUG providing program, and storage medium storing CUG providing program
KR102266654B1 (en) Method and system for mqtt-sn security management for security of mqtt-sn protocol
WO2023238172A1 (en) Key issuing system, key issuing method, and program
KR20180053066A (en) Implicit Certificate Issuing Method and System for Applying Key Expansion
KR101165350B1 (en) An Authentication Method of Device Member In Ubiquitous Computing Network
JPWO2018216749A1 (en) Cryptographic communication method, information processing apparatus and program
JP4837470B2 (en) VPN server hosting system, VPN construction method, and computer program
Reimair et al. In Certificates We Trust--Revisited
WO2020240741A1 (en) Key exchange system, communication device, key exchange method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22945685

Country of ref document: EP

Kind code of ref document: A1