U.S. patent application number 10/812352 was filed with the patent office on 2004-12-23 for cryptographic communication method, encryption algorithm shared control method, encryption algorithm conversion method and network communication system.
Invention is credited to Asada, Hajime, Harazaki, Hideki, Hayami, Hiroshi, Kouchi, Munetoshi, Ougi, Hirokazu, Takashima, Hideo, Taniguchi, Hidenobu.
Application Number | 20040260950 10/812352 |
Document ID | / |
Family ID | 16708887 |
Filed Date | 2004-12-23 |
United States Patent
Application |
20040260950 |
Kind Code |
A1 |
Ougi, Hirokazu ; et
al. |
December 23, 2004 |
Cryptographic communication method, encryption algorithm shared
control method, encryption algorithm conversion method and network
communication system
Abstract
An operating encryption algorithm is converted to another
encryption algorithm. When different encryption algorithms are
operated by a personal computer 100 for use by a group A and a
personal computer 200 for use by group B, an encryption algorithm,
operated by the personal computer 100 is encrypted by the personal
computer 100 with the encryption algorithm operated by the personal
computer 200 and transmitted to the personal computer 200.
Inventors: |
Ougi, Hirokazu;
(Yokohama-shi, JP) ; Takashima, Hideo;
(Yokohamashi, JP) ; Taniguchi, Hidenobu;
(Yokohama-shi, JP) ; Kouchi, Munetoshi;
(Yokohama-shi, JP) ; Hayami, Hiroshi; (Tokyo,
JP) ; Asada, Hajime; (Yokohama-shi, JP) ;
Harazaki, Hideki; (Yachiyo-shi, JP) |
Correspondence
Address: |
SOFER & HAROUN LLP.
317 MADISON AVENUE, SUITE 910
NEW YORK
NY
10017
US
|
Family ID: |
16708887 |
Appl. No.: |
10/812352 |
Filed: |
March 29, 2004 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
10812352 |
Mar 29, 2004 |
|
|
|
09365446 |
Aug 2, 1999 |
|
|
|
Current U.S.
Class: |
726/1 |
Current CPC
Class: |
H04L 9/16 20130101; H04L
9/0833 20130101 |
Class at
Publication: |
713/201 |
International
Class: |
H04L 009/00 |
Foreign Application Data
Date |
Code |
Application Number |
Jul 31, 1998 |
JP |
10-217732 |
Claims
What is claimed is:
1. A cryptographic communication method wherein when different
encryption algorithms are operated at a transmission side and a
reception side, the transmission side encrypts an encryption
algorithm operated at the transmission side with an encryption
algorithm operated at the reception side and transmits the
encrypted algorithm to the reception side.
2. A cryptographic communication method wherein information on an
encryption algorithm operated at a transmission side and
information on an encryption algorithm operated at a reception side
are obtained from the transmission side and when different
encryption algorithms are operated at the transmission side and the
reception side, an encryption algorithm operated at the
transmission side is encrypted with an encryption algorithm
operated at the reception side and transmitted to the reception
side.
3. A cryptographic communication method as claimed in claim 2
wherein signature data produced based on a public key preliminarily
allocated to the transmission side is supplied to the reception
side with said encryption algorithm operated at the transmission
side with the encryption algorithm operated at the reception
side.
4. A cryptographic communication method as claimed in claim 2
wherein signature data produced based on a public key preliminarily
allocated to the transmission side is supplied to the transmission
side together with said encryption algorithm operated at the
transmission side encrypted with the encryption algorithm operated
at the reception side and transmitted to the reception side.
5. An encryption algorithm sharing management method for sharing an
encryption algorithm for cryptographic communication, comprising
the steps of: from a user of a transmission side, obtaining a user
identifier indicating the user of the transmission side and a user
identifier indicating a user of a reception side; and querying a
data base in which user identifiers indicating users and their
corresponding encryption algorithms are preliminarily described, so
as to obtain an encryption algorithm operated by the user of the
transmission side and an encryption algorithm operated by the user
of the reception side, wherein if said encryption algorithm
operated by the user of the transmission side is different from
said encryption algorithm operated by the user of the reception
side, data indicating said encryption algorithm operated by the
user of the transmission side is encrypted with said encryption
algorithm operated by the user of the reception side and
transmitted to the user of the reception side.
6. An encryption algorithm sharing management method for sharing an
encryption algorithm for cryptographic communication, comprising
the steps of: from a user of a transmission side, obtaining a user
identifier indicating the user of the transmission side and a user
identifier indicating a user of a reception side; querying a data
base in which user identifiers indicating users, corresponding
encryption algorithms and encryption keys thereof, are
preliminarily described so as to obtain an encryption algorithm
operated by the user of the transmission side and an encryption key
thereof and an encryption algorithm operated by the user of the
reception side and an encryption key thereof, wherein if said
encryption algorithm operated by the user of the transmission side
is different from said encryption algorithm operated by the user of
the reception side, data indicating said encryption algorithm
operated by the user of the transmission side and an encryption key
produced based on the encryption key operated by the user of the
reception side corresponding to a key length of said encryption
algorithm operated by the user of the transmission side is
encrypted with said encryption algorithm operated by the user of
the reception side and transmitted to the user of the reception
side.
9. A network communication system composed by connecting a
plurality of users, comprising at least one encryption key
management station to be connected from a user of a transmission
side, said encryption key management station obtaining, from the
user of the transmission side, information indicating an encryption
algorithm operated by the user of the transmission side and
information indicating an encryption algorithm operated by a user
of a reception side and if different encryption algorithms are
operated by the user of the transmission side and the user of the
reception side, encrypting the encryption algorithm operated by the
user of the transmission side with the encryption algorithm
operated by the user of the reception side and transmitting it to
the user of the reception side.
10. A network communication system composed by connecting a
plurality of users, comprising at least one encryption key
management station to be connected from a user of a transmission
side, said encryption key management station comprising a data base
in which a correspondence between a user identifier indicating a
user and an encryption algorithm operated by said user is
preliminarily described about each user; wherein when a
communication is carried out from the user of the transmission side
to a user of a reception side, a user identifier indicating the
user of the transmission side and a user identifier indicating a
user of a reception side are obtained from the user of the
transmission side and said data base is queried with the obtained
identifiers as a key so as to obtain an encryption algorithm
operated by the user of the transmission side and an encryption
algorithm operated by the user of the reception side, and if the
encryption algorithm operated by the user of the transmission side
is different from the encryption algorithm operated by the user of
the reception side, the encryption algorithm operated by the user
of the transmission side is encrypted with the encryption algorithm
operated by the user of the reception side and transmitted to the
user of the reception side.
11. An encryption algorithm sharing management method for sharing
an encryption algorithm for cryptographic communication, comprising
the steps of: from a user of a transmission side, obtaining a user
identifier indicating the user of the transmission side and a user
identifier indicating a user of a reception side; and querying a
data base in which user identifiers indicating users and their
corresponding encryption algorithms, are preliminarily described so
as to obtain an encryption algorithm operated by the user of the
transmission side and an encryption algorithm operated by the user
of the reception side; wherein if said encryption algorithm
operated by the user of the transmission side is different from
said encryption algorithm operated by the user of the reception
side, data indicating said encryption algorithm operated by the
user of the reception side is encrypted with said encryption
algorithm operated by the user of the transmission side and
transmitted to the user of the transmission side.
12. An encryption algorithm sharing management method for sharing
an encryption algorithm for cryptographic communication, comprising
the steps of: from a user of a transmission side, obtaining a user
identifier indicating the user of the transmission side and a user
identifier indicating a user of a reception side; querying a data
base in which user identifiers indicating users, corresponding
encryption algorithms and encryption keys thereof, are
preliminarily described so as to obtain an encryption algorithm
operated by the user of the transmission side and an encryption key
thereof and an encryption algorithm operated by the user of the
reception side and an encryption key thereof, wherein if said
encryption algorithm operated by the user of the transmission side
is different from said encryption algorithm operated by the user of
the reception side, data indicating said encryption algorithm
operated by the user of the reception side and an encryption key
produced based on the encryption key operated by the user of the
transmission side corresponding to a key length of said encryption
algorithm operated by the user of the reception side is encrypted
with said encryption algorithm operated by the user of the
transmission side and transmitted to the user of the transmission
side.
15. A network communication system composed by connecting a
plurality of users, comprising at least one encryption key
management station to be connected from a user of a transmission
side, said encryption key management station obtaining, from the
user of the transmission side, information indicating an encryption
algorithm operated by the user of the transmission side and
information indicating an encryption algorithm operated by a user
of a reception side, and if different encryption algorithms are
operated by the user of the transmission side and the user of the
reception side, encrypting the encryption algorithm operated by the
user of the reception side with the encryption algorithm operated
by the user of the transmission side and transmitting it to the
user of the transmission side.
16. A network communication system composed by connecting a
plurality of users, comprising at least one encryption key
management station to be connected from a user of a transmission
side, said encryption key management station comprising a data base
in which a correspondence between a user identifier indicating a
user and an encryption algorithm operated by said user is
preliminarily described about each user; wherein when a
communication is carried out from the user of the transmission side
to a user of a reception side, a user identifier indicating the
user of the transmission side and a user identifier indicating a
user of a reception side are obtained from the user of the
transmission side, and said data base is queried with the obtained
identifiers as a key so as to obtain an encryption algorithm
operated by the user of the transmission side and an encryption
algorithm operated by the user of the reception side, and if the
encryption algorithm operated by the user of the transmission side
is different from the encryption algorithm operated by the user of
the reception side, the encryption algorithm operated by user of
the reception side is encrypted with the encryption algorithm
operated by the user of the transmission side and transmitted to
the user of the transmission side.
17. A cryptographic communication method wherein if different
encryption algorithms are operated by a transmission side and a
reception side, an encryption algorithm operated by the reception
side is encrypted with an encryption algorithm operated by the
transmission side and transmitted to the transmission side.
18. A cryptographic communication method wherein information
indicating an encryption algorithm operated by a transmission side
and information indicating an encryption algorithm operated by a
reception side are obtained from the transmission side and when
different encryption algorithms are operated by the transmission
side and the reception side, the encryption algorithm operated by
the reception side is encrypted with the encryption algorithm
operated by the transmission side and transmitted to the
transmission side.
19. A cryptographic communication method as claimed in claim 18
wherein signature data produced based on a public key preliminarily
allocated to the reception side is supplied to the transmission
side with the encryption algorithm operated by the reception side
encrypted with the encryption algorithm operated by the
transmission side.
20. An encryption algorithm sharing management method for sharing
an encryption algorithm for cryptographic communication, comprising
the steps of: from a user of a transmission side, obtaining a user
identifier indicating the user of the transmission side and a user
identifier indicating a user of a reception side; querying a data
base in which user identifiers indicating users and corresponding
encryption algorithms are preliminarily described so as to obtain
an encryption algorithm operable by the user of the transmission
side and an encryption algorithm operable by the user of the
reception side; determining whether or not there is an encryption
algorithm operable by the user of the transmission side and the
user of the reception side commonly; and if the commonly operable
encryption algorithm exists, the user of the transmission side is
notified that cryptographic communication at the user of the
transmission side and the user of the reception side is
enabled.
21. An encryption algorithm sharing management method as claimed in
claim 20 wherein: if the commonly operable encryption algorithm
exists, information indicating the commonly operable encryption
algorithm is transmitted to the user of the transmission side and
if the commonly operable encryption algorithm does not exists, the
user of the reception side is notified that cryptographic
communication at the user of the transmission side and the user of
the reception side is disabled.
22. An encryption algorithm conversion method for converting a
first encryption algorithm to a second encryption algorithm
comprising: querying a data base in which user identifiers
indicating users, corresponding encryption algorithms and
encryption keys thereof, are preliminarily described for a user,
whose encryption algorithm is to be converted as a key, so as to
obtain a first encryption algorithm operated by the user whose
encryption algorithm is to be converted and a first encryption key
thereof; and with a first management secret key preliminarily
allocated for management and applied to the firs encryption
algorithm, supplying first and second signature data for the first
encryption key and a second encryption key, public key data
obtained by encrypting a second public key corresponding to a
second management secret key applied to a second encryption
algorithm preliminarily allocated for management with the first
encryption algorithm, the second encryption algorithm encrypted
with the first encryption algorithm and signature data produced
based on the second management secret key to the user whose
encryption algorithm is to be converted.
23. A cryptographic communication method wherein information
concerning a first encryption algorithm is encrypted with a second
encryption algorithm, and encrypted information including said
information concerning said first encryption algorithm is
transmitted from a first side to a second side, or from said second
side to said first side.
24. A terminal device for transmitting or receiving information,
where said terminal device encrypts information concerning a fist
encryption algorithm with a second encryption algorithm, and
transmits or receives encrypted information including said
information concerning said first encryption algorithm.
Description
RELATED APPLICATIONS
[0001] This application is a continuation application of U.S.
patent application Ser. No. 09/365,446, filed on Aug. 2, 1999,
which in turn claims the benefit of priority from Japanese Patent
Application No. 10-217732, filed on Jul. 31, 1998, the entirety of
which are incorporated herein by reference.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] The present invention relates to cryptographic communication
method, encryption algorithm shared control method and network
communication system for converting encryption algorithm for
cryptographic communication to other encryption algorithm, and more
particularly to cryptographic communication method, encryption
algorithm shared control method and network communication system
suitable for sharing the same encryption algorithm as encryption
algorithm operated by a plurality of users and changing the shared
encryption algorithm to other encryption algorithm.
[0004] 2. Description of Related Art
[0005] As a means for securing the safety of information
transmission, a method of transmitting encrypted information is
generally employed. Because of recent advancement of performance of
a personal computer, in a case where information to be transmitted
is digital information such as document and video, often such
information is encrypted on software basis. If a user U[A] carries
out cryptographic communication with a user U[B], the user U[A]
encrypts transmission information with an encryption key and
transmits that encrypted data. On the other hand, the user U[B]
receives this data and decrypts that received data with a
decryption key. This cryptographic communication can be established
on a presumption that the user U[A] and user U[B] share the same
encryption algorithm. Usually, the encryption algorithm is shared
by the following manners. The encryption algorithm is recorded in a
recording medium such as a floppy disk by an encryption system
manager and distributed to each user. Or the encryption algorithm
is installed in an information processing unit having encryption
processing function such that it can be executed and the
information processing unit is distributed.
[0006] As for a method for operating the encryption algorithm, to
improve the cipher security, not only a scramble key is generated
as a key for encrypting information, but also a session key for
encrypting this scramble key is generated. Then, duplex encryption
method is employed so that user U[A] transmits information
encrypted with the scramble key and the scramble key encrypted with
the session key to user U[B]. Each time when cryptographic
communication occurs, the scramble key is changed.
SUMMARY OF THE INVENTION
[0007] However, in the above described encryption method, the
following problem arises.
[0008] (1) If the transmission side and the reception side use
different operating algorithms, cryptographic communication cannot
be carried out. Therefore, a necessity of distributing an
encryption algorithm of one of the transmission side and the
reception side to the other side occurs.
[0009] However, the above described method of recording the
encryption algorithm in a recording medium and distributing it to
each user and method of distributing an information processing unit
having an encryption function in which the encryption algorithm is
installed so that it can be executed requires time for distribution
because the distribution is carried out by transportation or the
like. If the encryption algorithm is distributed to each user, an
encryption processing unit in which the encryption algorithm is
installed is connected to a unit having a communication function so
as to construct a system, and whether or not the cryptographic
communication is enabled is verified on function basis. Because
this functional verification is carried out with communication
between users, time and labor are needed.
[0010] (2) As a method for improving the encryption security, a
method of operating the encryption algorithm by periodically
changing it can be considered by this inventor. For example, if the
encryption algorithm of the session key in the above mentioned
duplex encryption method is changed periodically, the security can
be expected to be improved.
[0011] However, for this purpose, the encryption algorithm to be
changed needs to be distributed to each user. However, if
distribution of this encryption algorithm is carried out in the
same manner as (1), time and labor are needed thereby the
efficiency being lower.
[0012] (3) With a recent progress of information appliance such as
a personal computer, information processing speed has been improved
every year. The intensity of the encryption algorithm needs to be
so strong that information is not decrypted within its effective
limit even if an attack is made to decrypt with such information
appliance.
[0013] Therefore, the intensity of the encryption algorithm needs
to be set corresponding to the information processing speed of the
information appliance of a day in which it is used and changed to
an encryption algorithm whose intensity is higher. Thus, a
distribution method for an encryption algorithm having an excellent
efficiency is needed like above (2).
[0014] (4) The inventor of the present invention has considered a
method for constructing a cryptographic communication system in
which a plurality of users are connected to a station for managing
the key for operating the encryption algorithm. However, if a
plurality of the encryption algorithms exist in the cryptographic
communication system and the encryption algorithms are periodically
updated, this system requires such a complicated system operating
function for grasping the encryption algorithms of each user,
distributing the same algorithm so as to be shared if the
algorithms of users about to communicate with each other are
different, if the user is changing the algorithm, suspending the
cryptographic communication with the user whose algorithm is being
changed. If the distribution method for the encryption algorithm of
(1) is applied, not only time and labor are needed, but also it is
difficult to grasp the condition of the encryption algorithm of
each user at real time, so that there is a fear that the
cryptographic communication system is disturbed thereby an
effective system operation being obstructed.
[0015] (5) If the encryption algorithm is changed, a key for use by
the user may not correspond to that encryption algorithm to be
changed. If a common key encryption algorithm is changed to a
public key encryption algorithm or conversely if the public key
encryption algorithm is changed to the common key encryption
algorithm, there is a problem that the key for use by the user
cannot be used for the changed encryption algorithm.
[0016] If the encryption algorithm is changed to an encryption
algorithm having a high intensity, usually, the key length for use
is prolonged. Therefore, if the key for use by the user can be used
under the changed encryption algorithm, there is a problem that the
intensity of the encryption is not increased if the same key length
is used.
[0017] Accordingly, the present invention has been made in views of
the above problems and therefore, it is an object of the invention
to provide a cryptographic communication method, encryption
algorithm sharing management method, encryption algorithm
conversion method, and network communication system capable of
distributing an encryption algorithm with the safety and converting
it in a state that time and labor required therefor are
reduced.
[0018] It is another object of the invention to provide a
cryptographic communication method, encryption algorithm sharing
management method, encryption algorithm conversion method and
network communication system in which encryption algorithms
operated by a plurality of users share the same encryption
algorithm as a result of the encryption algorithm conversion and
preferable for changing the shared encryption algorithm to other
encryption algorithm.
[0019] To achieve the above object, according to a first aspect of
the present invention, there is provided a cryptographic
communication method wherein when different encryption algorithms
are operated at a transmission side and a reception side, the
transmission side encrypts an encryption algorithm operated at the
transmission side with an encryption algorithm operated at the
reception side and transmits the encrypted algorithm to the
reception side.
[0020] According to a second aspect of the present invention, there
is provided a cryptographic communication method wherein
information on encryption algorithm operated at a transmission side
and information on an encryption algorithm operated at a reception
side are obtained from the transmission side and when different
encryption algorithms are operated at the transmission side and the
reception side, an encryption algorithm operated at the
transmission side is encrypted with an encryption algorithm
operated at the reception side and transmitted to the reception
side.
[0021] According to a third aspect of the present invention, there
is provided an encryption algorithm sharing management method for
sharing an encryption algorithm for cryptographic communication,
comprising the steps of: from a user of a transmission side,
obtaining a user identifier indicating the user and a user
identifier indicating a user of a reception side; and querying a
data base in which a correspondence between the user identifier
indicating the user and the encryption algorithm operated by the
user is preliminarily described about each user and then retrieving
encryption algorithm operated by the user of the transmission side
and the encryption algorithm operated by the user of the reception
side, wherein if the encryption algorithm operated by the user of
the transmission side is different from the encryption algorithm
operated by the user of the reception side, data indicating the
encryption algorithm operated by the user of the transmission side
is encrypted with the encryption algorithm operated by the user of
the reception side and transmitted to the user of the reception
side.
[0022] According to a fourth aspect of the present invention, there
is provided an encryption algorithm sharing management method for
sharing an encryption algorithm for cryptographic communication,
comprising the steps of: from a user of a transmission side,
obtaining a user identifier indicating the user and a user
identifier indicating a user of a reception side; querying a data
base in which a correspondence between the user identifier
indicating the user, an encryption algorithm operated by the user
and an encryption key thereof is preliminarily described about each
user so as to obtain the encryption algorithm operated by the user
of the transmission side and the encryption key thereof and the
encryption algorithm operated by the user of the reception side and
the encryption key thereof, wherein if the encryption algorithm
operated by the user of the transmission side is different from the
encryption algorithm operated by the user of the reception side,
data indicating the encryption algorithm operated by the user of
the transmission side and encryption key produced based on the
encryption key operated by the user of the reception side
corresponding to a key length of the encryption algorithm is
encrypted with the encryption algorithm operated by the user of the
reception side and transmitted to the user of the reception
side.
[0023] According to a fifth embodiment of the present invention,
there is provided an encryption algorithm sharing management method
for sharing an encryption algorithm for cryptographic
communication, comprising the steps of: from a user of a
transmission side, obtaining a user identifier indicating the user
and a user identifier indicating a user of a reception side; and
querying a data base in which a correspondence between user
identifier indicating the user, an encryption algorithm operated by
the user and an encryption key thereof is preliminarily described
about each user so as to obtain the encryption algorithm operated
by the user of the transmission side and the encryption key thereof
and the encryption algorithm operated by the user of the reception
side and the encryption key thereof, wherein if the encryption
algorithm operated by the user of the transmission side is
different from the encryption algorithm operated by the user of the
reception side, signature data produced for the encryption key
operated by the user of the transmission side is transmitted to the
user of the transmission side and data obtained by encrypting the
encryption algorithm operated by the user of the transmission side
with the encryption algorithm operated by the user of the reception
side and signature data produced for an encryption key operated by
the user of the reception side are transmitted to the user of the
reception side.
[0024] According to a sixth aspect of the present invention, there
is provided an encryption algorithm sharing management method for
sharing an encryption algorithm for cryptographic communication,
comprising the steps of: from a user of a transmission side,
obtaining a user identifier indicating the user and a user
identifier indicating a user of a reception side; and querying a
data base in which a correspondence between the user identifier
indicating the user, an encryption algorithm operated by the user
and an encryption key thereof is preliminarily described about each
user so as to obtain an encryption algorithm operated by the user
of the transmission side and an encryption key thereof and an
encryption algorithm operated by the user of the reception side and
an encryption key thereof, wherein if the encryption algorithm
operated by the user of the transmission side is different from the
encryption algorithm operated by the user of the reception side,
signature data produced for the encryption key operated by the user
of the transmission side is transmitted to the user of the
transmission side and data indicating the encryption algorithm
operated by the user of the transmission side and encryption key
produced based on the encryption key operated by the user of the
reception side corresponding to a key length of the encryption
algorithm is encrypted with the encryption algorithm operated by
the user of the reception side and transmitted to the user of the
reception side with the signature data produced corresponding to
the encryption key operated by the user of the reception side.
[0025] According to a seventh aspect of the present invention,
there is provided Network communication system composed by
connecting a plurality of users, comprising at least an encryption
key management station to be connected from a user of a
transmission side, the encryption key management station obtaining,
from the user of the transmission side, information indicating an
encryption algorithm operated by the user and information
indicating an encryption algorithm operated by a user of a
reception side and if different encryption algorithms are operated
by the users of the transmission side and the reception side,
encrypting the encryption algorithm operated by the user of the
transmission side with the encryption algorithm operated by the
user of reception side and transmitting it to the user of the
reception side.
[0026] According to an eighth aspect of the present invention,
there is provided network communication system composed by
connecting a plurality of users, comprising at least an encryption
key management station to be connected from a user of a
transmission side, the encryption key management station comprising
data base in which a correspondence between a user identifier
indicating the user and an encryption algorithm operated by the
user is preliminarily described about each user;
[0027] wherein when a communication is carried out from the user of
the transmission side to a user of a reception side, a user
identifier indicating the user and a reception side user identifier
are obtained from the user of the transmission side and the data
base is queried with the obtained identifier as a key so as to
obtain an encryption algorithm operated by the user of the
transmission side and an encryption algorithm operated by the user
of the reception side, and
[0028] if the encryption algorithm operated by the user of the
transmission side is different from the encryption algorithm
operated by the user of the reception side, the encryption
algorithm operated by the user of the transmission side is
encrypted with the encryption algorithm operated by the user of the
reception side and transmitted to the user of the reception
side.
[0029] According to a ninth aspect of the present invention, there
is provided an encryption algorithm sharing management method for
sharing an encryption algorithm for cryptographic communication,
comprising the steps of: from a user of a transmission side,
obtaining a user identifier indicating the user and a user
identifier indicating a user of a reception side; querying a data
base in which a correspondence between the user identifier
indicating the user and an encryption algorithm operated by the
user is preliminarily described about each user so as to retrieve
an encryption algorithm operated by the user of the transmission
side and an encryption algorithm operated by the user of the
reception side; and if the encryption algorithm operated by the
user of the transmission side is different from the encryption
algorithm operated by the user of the reception side, data
indicating the encryption algorithm operated by the user of the
transmission side is encrypted with the encryption algorithm
operated by the user of the reception side and transmitted to the
user of reception side.
[0030] According to a tenth aspect of the present invention, there
is provided an encryption algorithm sharing management method for
sharing an encryption algorithm for cryptographic communication,
comprising the steps of: from a user of a transmission side,
obtaining a user identifier indicating the user and a user
identifier indicating a user of a reception side; and querying a
data base in which a correspondence between the user identifier
indicating the user, an encryption algorithm operated by the user
and an encryption key is preliminarily described about each user so
as to obtain the encryption algorithm operated by the user of the
transmission side and an encryption key thereof and the encryption
algorithm operated by the user of the reception side and an
encryption key, wherein if the encryption algorithm operated by the
user of the transmission side is different from the encryption
algorithm operated by the user of the reception side, data
indicating the encryption algorithm operated by the user of the
transmission side and the encryption key produced based on an
encryption key operated by the user of the reception side
corresponding to a key length of the encryption algorithm is
encrypted with the encryption algorithm operated by the user of
reception side and transmitted to the user of the reception
side.
[0031] According to an eleventh aspect of the present invention,
there is provided an encryption algorithm sharing management method
for sharing an encryption algorithm for cryptographic
communication, comprising the steps of: from a user of a
transmission side, obtaining a user identifier indicating the user
and a user identifier indicating a user of a reception side; and
querying a data base in which a correspondence between the user
identifier indicating the user, an encryption algorithm operated by
the user and an encryption key is preliminarily described about
each user so as to obtain the encryption algorithm operated by the
user of the transmission side and the encryption key thereof and
the encryption algorithm operated by the user of the reception side
and encryption key thereof, wherein if the encryption algorithm
operated by the user of the transmission side is different from the
encryption algorithm operated by the user of the reception side,
signature data produced for an encryption key operated by the user
of the transmission side is transmitted to the user of the
transmission side and the encryption algorithm operated by the user
of the transmission side is encrypted with the encryption algorithm
operated by the user of the reception side and transmitted to the
user of the reception side with signature data produced for an
encryption key operated by the user of the reception side.
[0032] According to a twelfth aspect of the present invention,
there is provided an encryption algorithm sharing management method
for sharing an encryption algorithm for cryptographic
communication, comprising the steps of: from a user of a
transmission side, obtaining a user identifier indicating the user
and a user identifier indicating a user of a reception side; and
querying a data base in which a correspondence between the user
identifier indicating the user, encryption algorithm operated by
the user and encryption key is preliminarily described about each
user so as to obtain the encryption algorithm operated by the user
of the transmission side and an encryption key thereof and the
encryption algorithm operated by the user of the reception side and
encryption key, wherein if the encryption algorithm operated by the
user of the transmission side is different from the encryption
algorithm operated by the user of the reception side, signature
data produced for an encryption key operated by the user of the
transmission side is transmitted to the user of the transmission
side and data indicating the encryption algorithm operated by the
user of the transmission side and encryption key produced based on
an encryption key operated by the user of the reception side
corresponding to a key length of the encryption algorithm is
encrypted with the encryption algorithm operated by the user of the
reception side and transmitted to the user of the reception side
with signature data produced corresponding to the encryption key
operated by the user of the reception side.
[0033] According to a thirteenth aspect of the present invention,
there is provided a network communication system composed by
connecting a plurality of users, comprising at least an encryption
key management station to be connected from a user of a
transmission side, the encryption key management station obtaining,
from the user of the transmission side, information indicating an
encryption algorithm operated by the user and information
indicating an encryption algorithm operated by a user of a
reception side, and when different encryption algorithms are
operated by the user of the transmission side and the user of the
reception side, encrypting the encryption algorithm operated by the
user of the transmission side with the encryption algorithm
operated by the user of the reception side and transmitted to the
user of reception side.
[0034] According to a fourteenth aspect of the present invention,
there is provided a network communication system composed by
connecting a plurality of users, comprising at least an encryption
key management station to be connected from a user of a
transmission side, the encryption key management station comprising
a data base in which a correspondence between a user identifier
indicating a user and an encryption algorithm operated by the user
is preliminarily described about each user;
[0035] wherein when a communication is carried out from the user of
transmission side to a user of a reception side, a user identifier
indicating the user and a reception side user identifier are
obtained from the user of the transmission side, and the data base
is queried with the obtained identifier as a key so as to obtain an
encryption algorithm operated by the user of the transmission side
and encryption algorithm operated by the user of the reception
side, and if the encryption algorithm operated by the user of the
transmission side is different from the encryption algorithm
operated by the user of the reception side, the encryption
algorithm operated by the user of the transmission side is
encrypted with the encryption algorithm operated by the user of the
reception side and transmitted to the user of the reception
side.
[0036] According to a fifteenth aspect of the present invention,
there is provided a cryptographic communication method wherein if
different encryption algorithms are operated by a transmission side
and a reception side, the encryption algorithm operated by the
reception side is encrypted with the encryption algorithm operated
by the transmission side and transmitted to the transmission
side.
[0037] According to a sixteenth aspect of the present invention,
there is provided a cryptographic communication method wherein
information indicating an encryption algorithm operated by a
transmission side and information indicating an encryption
algorithm operated by a reception side are obtained from the
transmission side and when different encryption algorithms are
operated by the transmission side and the reception side, the
encryption algorithm operated by the reception side is encrypted
with the encryption algorithm operated by the transmission side and
transmitted to the transmission side.
[0038] According to a seventeenth aspect of the present invention,
there is provided an encryption algorithm sharing management method
for sharing an encryption algorithm for cryptographic
communication, comprising the steps of: from a user of a
transmission side, obtaining a user identifier indicating the user
and a user identifier indicating a user of a reception side;
querying a data base in which a correspondence between the user
identifier indicating user and encryption algorithm operable by the
user is preliminarily described about each user so as to obtain an
encryption algorithm operable by the user of the transmission side
and an encryption algorithm operable by the user of the reception
side; determining whether or not there is an encryption algorithm
operable by the user of the transmission side and the user of the
reception side commonly; and if the commonly operable encryption
algorithm exists, it is notified the user of the transmission side
that cryptographic communication at the user of the transmission
side and the user of the reception side is enabled.
[0039] According to an eighteenth aspect of the present invention,
there is provided an encryption algorithm conversion method for
converting an operating first encryption algorithm to other second
encryption algorithm comprising: querying a data base in which a
correspondence between a user identifier indicating a user, an
encryption algorithm operated by the user and an encryption key
thereof is preliminarily described about each user with a user
whose encryption algorithm is to be converted as a key so as to
obtain a first encryption algorithm operated by the user and a
first encryption key; and supplying first and second signature data
written in the first and second encryption keys with a first
management secret key preliminarily allocated for management and
operated on the first encryption algorithm, public key data
obtained by encrypting a second public key corresponding to a
second management secret key operated on the second encryption
algorithm preliminarily allocated for management with the first
encryption algorithm, a second encryption algorithm encrypted with
the first encryption algorithm and signature data produced based on
the second management secret key to the user.
BRIEF DESCRIPTION OF THE DRAWINGS
[0040] FIG. 1 is an explanatory diagram showing a network
communication system;
[0041] FIG. 2 is a functional block diagram showing a functional
structure of respective portions of the network communication
system;
[0042] FIGS. 3A and 3B are explanatory diagrams showing information
to be stored in data base accessed by a key management work
station, FIG. 3A indicates information to be stored in a network
encryption algorithm control data base and FIG. 3B indicates
information to be stored in the network key management data
base;
[0043] FIGS. 4A and 4B are explanatory diagrams showing information
to be stored in data base accessed by a personal computer, FIG. 4A
indicates information to be stored in encryption algorithm control
data base and FIG. 4B indicates information to be stored in a key
structure management data base;
[0044] FIG. 5 is a schematic data flow diagram showing conversion
of encryption algorithm to which the present invention is
applied;
[0045] FIG. 6 is a schematic data flow diagram showing encryption
algorithm conversion for common key cipher to which the present
invention is applied;
[0046] FIG. 7 is a data flow diagram showing cryptographic
communication by common key cipher to which the present invention
is applied;
[0047] FIG. 8 is a flow chart showing a former half portion of
encryption algorithm conversion procedure by common key cipher to
which the present invention is applied;
[0048] FIG. 9 is a flow chart showing a latter half portion of
encryption algorithm conversion procedure by common key cipher to
which the present invention is applied;
[0049] FIGS. 10A and 10B are explanatory diagrams showing a change
of an encryption key of common key cipher to which the present
invention is applied; FIG. 10A indicates a case in which the key
length is shortened, and FIG. 10B indicates a case in which the key
length is prolonged;
[0050] FIG. 11 is a data flow diagram showing cryptographic
communication by public key cipher to which the present invention
is applied;
[0051] FIG. 12 is a data flow chart showing encryption algorithm
conversion by public key cipher to which the present invention is
applied;
[0052] FIG. 13 is a flow chart showing a former half portion of
encryption algorithm conversion procedure by public key cipher to
which the present invention is applied;
[0053] FIG. 14 is a flow chart showing a latter half portion of
encryption algorithm conversion procedure by public key cipher to
which the present invention is applied;
[0054] FIG. 15 is an explanatory diagram showing a change of
encryption key of public key cipher to which the present invention
is applied;
[0055] FIG. 16 is a data flow chart showing cryptographic
communication system by public key cipher algorithm to which the
present invention is applied;
[0056] FIG. 17 is a data flow chart showing encryption algorithm
conversion by a portable information processing apparatus to which
the present invention is applied;
[0057] FIG. 18 is a data flow chart showing other embodiment of
encryption algorithm conversion by a portable information
processing apparatus to which the present invention is applied;
[0058] FIG. 19 is an explanatory diagram showing a data base
relating to encryption key and encryption algorithm to which the
present invention is applied;
[0059] FIG. 20 is a data flow diagram showing a case in which a
encryption key is generated by user in encryption algorithm
conversion to which the present invention is applied;
[0060] FIG. 21 is a block diagram showing cryptographic
communication system by public key cipher algorithm to which the
present invention is applied;
[0061] FIG. 22 is an explanatory diagram showing other embodiment
of network communication system;
[0062] FIG. 23 is an explanatory diagram showing an operation of
encryption of key recovery function to which the present invention
is applied;
[0063] FIG. 24 is an explanatory diagram showing an operation of
decryption of key recovery function to which the present invention
is applied; and
[0064] FIG. 25 is a block diagram showing cryptographic
communication system using IC card based on public key cipher
algorithm to which the present invention is applied.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0065] Hereinafter, the embodiments of the present invention will
be described with reference to the accompanying drawings.
[0066] First, functions of a network communication system to which
the present invention is applied will be described. In a
cryptographic communication system to which the present invention
is applied, (1) a key management station for controlling an
encryption algorithm is placed, (2) condition of encryption
algorithm operated by each user is grasped by the key management
station, (3) an encryption algorithm for use by each user is set up
and (4) encryption algorithm for use by each user is converted.
[0067] The respective functions will be described below.
[0068] First, the key management station for controlling the
encryption algorithm of (1) will be described. A key management
station for controlling encryption algorithm is placed in the
cryptographic communication system, so as to register all
encryption algorithms used by user and encryption algorithms to be
updated in this key management station.
[0069] Next, the function for grasping the condition of the
encryption algorithm operated by each user of (2) will be
described.
[0070] Each user carrying out the cryptographic communication and
the key management station are connected to each other through such
an electronic communication line as a satellite communication line
or ground communication line or the like and the key management
station always monitors the condition of the encryption algorithm
operated by the user through the line. If a necessity of the
cryptographic communication arises between users, whether or not
the cryptographic communication is possible is determined by
judging from the operating condition of the encryption algorithm to
be operated by the user.
[0071] Further, the key management station grasps the operating
condition of the encryption algorithm of each user and information
of the key for use by the user. If the encryption algorithm
operated by the user is changed, information for converting the key
is created so as to be capable of adapting to an encryption
algorithm in which the key for use by the user is changed and then
transmitted to that user.
[0072] Next, the function for setting up the encryption algorithm
for use by each user of (3) will be described about a case (i) in
which cryptographic communication is carried out between respective
users and a case (ii) in which the intensity of the encryption
algorithm for use by each user is converted to an encryption
algorithm of the same series having an intensity equivalent to or
higher than that encryption algorithm.
[0073] First, the case in which the cryptographic communication is
carried out between the respective users of (i) will be
described.
[0074] Possible cases include a case (a) in which the users
intending to carry out the cryptographic communication share the
same encryption algorithm and a case (b) in which the users
intending to carry out the cryptographic communication do not share
the same encryption algorithm. Corresponding functions to these
cases will be described below.
[0075] (a) Case where users intending to carry out cryptographic
communication share the same encryption algorithm
[0076] 1. The key management station determines that cryptographic
communication between the users is possible and transmits this
determination result to the users.
[0077] 2. The users receive this result and execute the
cryptographic communication by the shared encryption algorithm.
[0078] (b) Case where users intending to carry out cryptographic
communication do not share the same encryption algorithm
[0079] 1. The key management station determines that cryptographic
communication between the users is impossible.
[0080] 2. Considering user request, restriction and the like of a
registered encryption algorithm, the key management station sets up
encryption algorithm for use in cryptographic communication between
the users and transmits this encryption algorithm to the users
through a communication line.
[0081] If there is a necessity of converting a key for use by user
so as to be applicable for a new set encryption algorithm,
information for this key conversion is created and transmitted to
the user through a communication line.
[0082] 3. The user converts the transmitted encryption algorithm
and as required, the key for use and executes cryptographic
communication.
[0083] Next, the case in which the intensity of the encryption
algorithm for use by each user of (ii) is converted to encryption
algorithm of the same series having an intensity equivalent to or
higher than that encryption algorithm will be described.
[0084] To convert the intensity of the encryption algorithm to an
encryption algorithm of the same series having an intensity
equivalent to or higher than that encryption algorithm, for
example, it can be considered that (a) with respect to the
encryption algorithm used by the user, the user supplies an
encryption algorithm of the same series having an intensity
equivalent to or higher than the encryption algorithm used by the
user, and (b) with respect to the encryption algorithm used by the
user, the key management station possesses an encryption algorithm
generating apparatus for the encryption algorithm for use by the
user and supplies an encryption algorithm of the same series having
an intensity equivalent to or higher than that encryption
algorithm. The function of each case will be described below.
[0085] (a) Case where with respect to the encryption algorithm used
by the user, the user supplies an encryption algorithm of the same
series having an intensity equivalent to or higher than the
encryption algorithm used by the user
[0086] 1. An encryption algorithm of the same series having an
intensity equivalent to or higher than the encryption algorithm
used by the user is produced and transmitted to the key management
station and registered therein.
[0087] 2. The key management station sets up a user using an
encryption algorithm except the registered encryption algorithm of
the same series having an intensity equivalent to or higher, as
required, produces information for converting a key for use by the
user and then transmits the aforementioned encryption algorithm of
the same series having an intensity equivalent to or higher and
information for key conversion to this user.
[0088] 3. The user receiving the encryption algorithm of the same
series having an intensity equivalent to or higher and information
for key conversion converts the key for use using the transmitted
information for key conversion as required and then carries out
cryptographic communication according to the transmitted encryption
algorithm.
[0089] (b) Case where with respect to the encryption algorithm used
by the user, the key management station possesses an encryption
algorithm generating apparatus for the encryption algorithm for use
by the user and supplies an encryption algorithm of the same series
having an intensity equivalent to or higher than that encryption
algorithm.
[0090] 1: the key management station produces an encryption
algorithm of the same series having an intensity equivalent to or
higher than the encryption algorithm used by the user and registers
the produced encryption algorithm.
[0091] 2: The key management station sets up user using an
encryption algorithm other than the registered encryption algorithm
of the same series having an intensity equivalent to or higher, as
required produces information for converting a key used by the user
and then transmits the encryption algorithm of the same series
having an intensity equivalent to or higher and information for key
conversion to this user.
[0092] 3. The user receiving the encryption algorithm of the same
series having an intensity equivalent to or higher and information
for key conversion converts the key for use by using the received
information for key conversion as required and carries out
cryptographic communication according to the received encryption
algorithm.
[0093] Next, a function for converting the encryption algorithm for
use by user of (4) will be described.
[0094] 1: The key management station produces the encryption
algorithm for conversion by user and as required, information for
conversion of the key for use by each user according to the above
(3).
[0095] 2: The key management station encrypts the encryption
algorithm for conversion by each user and key conversion
information produced as required by using the encryption algorithm
operated by the user and transmits it to each user through
communication line.
[0096] 3: Each user decrypts data transmitted from the key
management station using the operated encryption algorithm so as to
obtain the encryption algorithm for conversion and key conversion
information.
[0097] 4: Each user changes the operated encryption algorithm and
key for use according to the aforementioned decrypted data.
[0098] 5. Each user encrypts a statement "encryption algorithm
change completed" using the changed encryption algorithm and
transmits it to the key management station through communication
line.
[0099] 6: The key management station decrypts the encrypted and
transmitted data and obtains the statement "encryption algorithm
change completed" and confirms that user's encryption algorithm has
converted and the encryption function operates properly.
[0100] Next, a first embodiment of the present invention will be
described with reference to FIGS. 1-5. In this embodiment, an
outline of encryption algorithm conversion to which the present
invention is applied will be described.
[0101] First, a network communication system to which the present
invention is applicable will be described with reference to FIG. 1.
Here, an example of a structure in which a plurality of personal
computers (information processing apparatuses) 100, 200 used by
users are connected to the key management station 400, will be
described.
[0102] The encryption algorithms operated by this system are
assumed to be A[1]-A[n], B[1]-B[m] and these encryption algorithms
are controlled by the key management station. The encryption
algorithms A[1]-A[n] are encryption algorithms belonging to the
same series A having an intensity equivalent or different. The key
management station updates security by changing encryption
algorithm to a new encryption algorithm of the same series having
an intensity equivalent to or higher than the encryption algorithm
concerned.
[0103] The key management station manages the encryption algorithm
operated by the user and user ID with correspondence therebetween
assuming that the user ID of user operating the encryption
algorithm A[1] is U[A.sub.1, 1.sub.1]-U[A.sub.1, N.sub.1], user ID
of user operating the encryption algorithm A[2] is U[A.sub.2,
1.sub.2]-U[A.sub.2, N.sub.2], user ID of user operating the
encryption algorithm A[n] is U[A.sub.n, 1.sub.n]-U[A.sub.n,
N.sub.n], user ID of user operating the encryption algorithm B[1]
is U[B.sub.1, 1.sub.1]-U[B.sub.1, M.sub.1], user ID of user
operating the encryption algorithm B[2] is U[B.sub.2,
1.sub.2]-U[B.sub.2, M.sub.2], user ID of user operating the
encryption algorithm B[m] is U[B.sub.n, 1.sub.n]-U[B.sub.n,
M.sub.m].
[0104] Referring to FIG. 1, personal computers 100 used by a user
operating one of the encryption algorithms belonging to series A
(hereinafter referred to as encryption algorithm A), personal
computers 200 used by a user operating one of the encryption
algorithms belonging to series B (hereinafter referred to as
encryption algorithm B), and the key management station 400
provided with a key management work station 500 are connected
through a network.
[0105] In this network communication system, cryptographic
communication, encryption algorithm conversion and the like are
carried out by means of software processing of the personal
computers 100, 200 such as an information processing unit used by
the users and key management work station 500.
[0106] FIG. 22 shows a different embodiment from FIG. 1 of the
network communication system in which a plurality of encryption
algorithms exist. In this embodiment of the network communication
system, algorithm A, algorithm B, algorithm C and algorithm D exist
as the encryption algorithm.
[0107] Usually, the encryption algorithm for use is determined by
user's selection.
[0108] There are some encryption algorithms which user don't want
to use because of the characteristic of the encryption
algorithm.
[0109] In the network communication system shown in FIG. 22, the
aforementioned four encryption algorithms A, B, C and D are used.
In this Figure, a range of users using the encryption algorithm A
is indicated with a solid line, a range of users using the
encryption algorithm B is indicated with a dot and dash line, a
range of users using the encryption algorithm C is indicated with
two dots and dash line and a range of users using the encryption
algorithm D is indicated with broken line.
[0110] Users located in a region in which the encryption algorithms
overlap can use plural encryption algorithms.
[0111] The key management station stores users capable of using
each encryption algorithm in data base.
[0112] If a request for cryptographic communication occurs between
users, the key management work station grasps the operating
condition of the encryption algorithm of the transmission side and
reception side according to the aforementioned data base.
[0113] If the transmission side and reception side share the same
encryption algorithm, cryptographic communication between the both
is continued.
[0114] If the same encryption algorithm is not shared, whether or
not the same encryption algorithm can be held by the transmission
side and reception side is determined according to the
aforementioned data base. If the sharing is impossible, it is
notified the both that the cryptographic communication is
disabled.
[0115] Whether or not the encryption algorithm can be shared
between the users is determined depending on user's convenience.
The range of users using each encryption algorithm is changed by
user's convenience.
[0116] The key management work station changes information stored
in data base for indicating users using each encryption algorithm
by notification from the user.
[0117] Next, software processing function of each information
processing unit (personal computer, key management work station) in
this network communication system will be described with reference
to FIG. 2.
[0118] In FIG. 2, the personal computers 100 and 200 are connected
to each other so as to construct a network. Hereinafter, a case
where the personal computer 100 is used by a transmission side user
and the personal computer 200 is used by a reception side user will
be described. It is needless to say that because the personal
computers 100, 200 have the same structure, they can be used for
both. The key management work station 500 is connected to the
personal computer 100 for use by at least the transmission side
user.
[0119] The personal computer 100 (200) for use by the transmission
side (reception side) user includes key structure control function
110 (210), encryption algorithm control function 120 (220),
scramble function 130 (230), descramble function 140 (240) and
cryptographic communication control function 150 (250). A key
structure control data base 180 (280) and encryption algorithm data
base 190 (290) are connected to the personal computer 100 (200) so
as to be accessible therefrom.
[0120] These data bases may be provided separately from the
personal computers 100, 200 or may be provided integrally
therewith. The aforementioned data bases may be shared by plural
personal computers.
[0121] The aforementioned key management work station 500 includes
scramble function 530, descramble function 540, cryptographic
communication control function 550, encryption algorithm generating
function 595, network encryption control function 560, and network
key management function 570, and is connected to network encryption
algorithm control data base 590 and network key management control
data base 580 so as to be accessible therefrom. These data bases
may be provided separately of the key management work station 500
or may be provided integrally with the key management work station
500.
[0122] Next, the function of the key management work station 500
will be described with reference to FIG. 2.
[0123] A user ID of each user and encryption algorithm are
registered in the network encryption algorithm control data base
DB590 with correspondence therebetween.
[0124] The network encryption algorithm control function 570
controls the data bases for the aforementioned two kinds of data,
and carries out registration, updating and deletion of the
encryption algorithm for use by each user.
[0125] The encryption algorithm generating function 595 has a
function for generating the encryption algorithm of series A.
[0126] As for the encryption intensity of the encryption algorithm,
the longer the length of an operating key, the more difficult
decryption becomes so that the encryption intensity increases
thereby improving the security.
[0127] Further, if even in the encryption algorithm having the same
key length, the operating encryption algorithm is changed
periodically, a period in which a cipher is attacked can be limited
thereby improving the security on communication.
[0128] The encryption algorithm generating function 595 generates
different encryption algorithms belonging to series A in which the
key length for use is the same as or longer than current encryption
algorithms belonging to series A.
[0129] The network key structure control function 570 controls the
key to be operated by this system and stores information of the key
to be used by the user in the network key structure control data
base.
[0130] The scramble function 530 is a function for encrypting data
to be transmitted by the key management station 400 (see FIG. 1) to
the user and the descramble function 540 is a function for
decrypting the encoded data received by the key management station
400 (see FIG. 1) from the user.
[0131] The network key management function 570 controls the key to
be used for encrypting and decrypting and stores information about
the key for use by the user with a correspondence to the encryption
algorithm operated for the key structure control data bases 180,
280.
[0132] Next, the software function of the personal computers 100
(200) which are information processing units for use by the user
will be described.
[0133] The encryption algorithm control function 120 (220) controls
the encryption algorithm operated by the user.
[0134] The operating encryption algorithm converts the encryption
algorithm according to an instruction from the key management work
station 500. The encryption algorithm control data base stores the
encryption algorithms to be distributed by the key management
station 400 (see FIG. 1).
[0135] The scramble function 130 (230) is a function for encrypting
data to be transmitted by the user and the descramble function 140
(240) is a function for decrypting the encrypted data received by
the user.
[0136] The key structure control function 110 (210) controls the
key for use for encrypting and decrypting and stores the keys with
a correspondence to the encryption algorithm to be operated by the
key structure control data base 180 (280).
[0137] Next, the content of information to be stored in data base
to be accessed from the aforementioned key management work station
will be described with reference to FIGS. 3A and 3B.
[0138] In FIG. 3A, user ID for identifying a user, name of the
encryption algorithm to be operated by the user, a correspondence
to the encryption algorithm version, updating date, key management
station ID for identifying the key management station, name of the
encryption algorithm to be operated by the key management station,
a correspondence with the encryption algorithm version and its
updating date are stored in the network encryption algorithm
control data base.
[0139] In FIG. 3B, user ID for identifying a user, name of the
encryption algorithm to be operated by the user, a correspondence
between encryption algorithm version and key information indicating
the encryption key to be operated, its updating date, key
management station ID for identifying the key management station,
name of the encryption algorithm to be operated by the key
management station, a correspondence between the encryption
algorithm version and key information indicating the encryption key
to be operated, and its updating date are stored in the network key
management data base.
[0140] Next, the content of information to be stored in the data
base accessible from the personal computer for use by user will be
described with reference to FIGS. 4A and 4B.
[0141] In FIG. 4A, a name of the encryption algorithm, a
correspondence of the encryption algorithm version, and its
updating date are stored in the encryption algorithm control data
base.
[0142] In FIG. 4B, a name of the encryption algorithm, encryption
algorithm version, a correspondence to user key information
indicating user's encryption key, and its updating date, and a name
of the encryption algorithm, encryption algorithm version, a
correspondence to key information of the key management station
indicating the encryption key of the key management station, and
its updating date are stored in the key management data base.
[0143] Referring to FIG. 7, an outline of cryptographic
communication of a case where both the transmission side and
reception side users share the same encryption algorithm (assuming
that a common key cipher is operated here) will be described. In
this case, it is assumed that the transmission side user is A, the
reception side user is B and the transmission data to be
transmitted therebetween is M.
[0144] The user U[A] specifies the user U[B] relative to the key
management work station 500 and requests to issue a session key for
use in cryptographic communication.
[0145] The key management work station 500 receives this request
and issues the user U[B] with a session key which enables
cryptographic communication to the user U[A].
[0146] If the user U[A] receives this session key, by using it with
the scramble function 130 of the personal computer for use, data M
is encrypted and transmitted to user U[B] as an encrypted
statement.
[0147] The user U[B] stores the same encryption algorithm as the
user U[A] in the encryption algorithm data base 190. As a result,
the user U[B] decrypts the encrypted statement transmitted from the
user U[A] by the descramble function 140 to obtain data M.
[0148] On the other hand, as a case where the operating encryption
algorithm differs between the transmission side and reception side
users, for example, in the operating encryption algorithms
A[1]-A[n], B[1]-B[m], sometimes a plurality of encryption
algorithms in which methods of the common key encryption algorithm
and public key encryption algorithm are different exist.
[0149] If the user U[A] carries out cryptographic communication for
the user U[B], in case where both the users share the same
encryption algorithm, the cryptographic communication can be
carried out without any special treatment. However, if the same
encryption algorithm is not shared, the encryption algorithm
possessed by user is converted so as to make both the users share
the same encryption algorithm thereby achieving the cryptographic
communication.
[0150] This encryption algorithm conversion is carried out
depending on the condition of the encryption algorithm possessed by
the user as follows.
[0151] (1) The encryption algorithms of the same series are
controlled based on the version number. The encryption algorithm is
converted to the other encryption algorithm of the same series
having the same or a different encryption intensity.
[0152] (2) The common key encryption algorithm is converted to
other common key encryption algorithm.
[0153] (3) The public key encryption algorithm is converted to
other public key encryption algorithm.
[0154] (4) The common key encryption algorithm is converted to
other public key encryption algorithm.
[0155] (5) The public key encryption algorithm is converted to
other common key encryption algorithm.
[0156] The encryption algorithm mentioned here means a procedure
for converting a series of data. The encryption mentioned here
means data conversion and the decryption means inverse conversion
of converted data.
[0157] For example, it is assumed that K is binary data string and
M is another binary data string. Consider the following .pi.
function which is determined by K.
.pi.(M)=M xor K
[0158] where xor indicates exclusive .sup.-OR between M and K. The
data string M has been converted by .pi.(M). If .pi.(M) xor K is
obtained with respect to this converted data, 1 ( M ) xor K = ( M
xor K ) xor K = M xor ( K xor K ) = M
[0159] The data M is obtained by inversely converting the converted
data .pi.(M). The procedure for data conversion and inverse
conversion like this .pi. function is called encryption
algorithm.
[0160] Next, assuming N data {K.sub.1, K.sub.2, K.sub.3, . . .
K.sub.N}, a function corresponding to data K.sub.i is assumed to be
.pi..sub.i. From this N .pi. functions, the following two pairs of
the functions f, g are considered.
f=.pi..sub.1o.pi..sub.2o.pi..sub.3ooo.pi..sub.N
g=.pi..sub.No.pi..sub.N-1o.pi..sub.N-2ooo.pi..sub.1
[0161] These two pairs of the functions f, g are obtained by
computation on the n .pi. functions sequentially. Therefore, f(M)
and g(M) indicate a procedure for conversion of data M and the
converted data f (M) is inversely converted by the function g to
introduce data M.
[0162] Therefore, it can be considered that the functions f, g are
a single encryption algorithm, so that it can be considered that
the function f corresponds to encrypting of data and the function g
corresponds to decrypting of data.
[0163] If the computation order of N .pi. functions or the value of
parameter K.sub.i is changed, another encryption algorithm can be
obtained.
[0164] The encryption algorithm of the same series mentioned in the
aforementioned encryption algorithm conversion means an encryption
algorithm obtained by changing an order of a part of the data
conversion or assembling by changing the values of parameters for
use. Hereinafter, the encryption algorithm of the same series is
referred to as encryption algorithm of a different version.
[0165] If such encryption algorithm conversion is carried out, the
key possessed by the user is also converted corresponding to the
converted encryption algorithm.
[0166] Next, an outline of the encryption algorithm conversion
operated in network communication to which the present invention is
applied will be described with reference to FIG. 5.
[0167] Here, it is assumed that the transmission side user is U[A]
and the encryption algorithm operated by the U[A] is encryption
algorithm EANG. On the other hand, it is assumed that the reception
side user is U[B] and encryption algorithm operated by the U[B] is
encryption algorithm EBF.
[0168] The encryption algorithm EANG and encryption algorithm EBF
are stored in the network encryption algorithm control data base
590 of the key management work station 500 by making the former
correspond to the user ID of the user U[A] and the latter
correspond to the user ID of the user U[B].
[0169] Further, it is assumed that a key for the key management
work station 500 to carry out cryptographic communication with the
user U[A] based on the encryption algorithm EANG is K.sub.A and a
key for the key management work station 500 to carry out
cryptographic communication with the user U[B] based on encryption
algorithm EBF is K.sub.B.
[0170] The key K.sub.A is stored in the key structure control data
base 180 of the user U[A] and the key K.sub.B is stored in the key
structure control data base 280 of the user U[B]. Further, the key
K.sub.A is stored in the network key management data base 580 of
the key management work station 500 with a correspondence to the
user ID of the user U[A] and the key K.sub.B is stored therein with
a correspondence to the user ID of the user U[B].
[0171] By taking a case where the user U[A] carries out
cryptographic communication with the user U[B] under the above
described environment, an outline of the encryption algorithm
conversion to be operated in this network communication system will
be described.
[0172] 1: The user U[A] specifies a reception side person by the
user ID of the user U[B] by the cryptographic communication control
function 150 and sends "a request for session key issue" to the
cryptographic communication control function 550 of the key
management work station 500.
[0173] 2: The "request for session key issue" is sent to the
network encryption algorithm control function 560 of the key
management work station 500. The network encryption algorithm
control function 560 retrieves in the network encryption algorithm
data base 590 based on the user ID of the user U[A] and user ID of
the user U[B].
[0174] The encryption algorithm to be operated by the user U[A] is
encryption algorithm EANG and the encryption algorithm to be
operated by the user U[B] is encryption algorithm EBF. Thus, it is
determined that the same encryption algorithm is not shared and
this result is transmitted to the cryptographic communication
control function 550.
[0175] 3: Receiving this result, the cryptographic communication
control function 550 starts conversion of the encryption algorithm
of the user U[B] from EBF to EANG.
[0176] First, the key L.sub.B is generated to carry out
cryptographic communication with the user U[B] with encryption
algorithm EANG and "descramble function confirmation end" is
specified in plain text data MD.
[0177] Next, the encryption algorithm EANG and key L.sub.B are
encrypted by the encryption algorithm EBF and key K.sub.B so as to
create the cipher statement EBF.sub.KB (EANG) and EBF.sub.KB
(L.sub.B).
[0178] Further, the plain text data MD is encrypted with the
encryption algorithm EANG and key L.sub.B so as to create the
encrypted statement EANG.sub.LB (MD). The aforementioned three
encrypted statements are created by the scramble function 530 of
the key management work station 500.
[0179] These three encrypted statements are sent to the user U[B]
as "encryption algorithm updating request".
[0180] 4: The user U[B] receiving these three encrypted statements
EBF.sub.KB(EANG), EBF.sub.KB(L.sub.B) and EANG.sub.LB(MD) decrypts
these encrypted statements by the descramble function 240.
[0181] First, the encrypted statement EBF.sub.KB (EANG) and
encrypted statement EBF.sub.KB(L.sub.B) are decrypted by the key
K.sub.B stored in the key structure control data base 280 so as to
obtain the encryption algorithm EANG and key L.sub.B.
[0182] The encryption algorithm control function 220 stores the
obtained encryption algorithm EANG in the encryption algorithm data
base 290 and updates the operating condition of the encryption
algorithm from the encryption algorithm EBF to the encryption
algorithm EANG. The key structure control function 210 stores the
obtained key L.sub.B in the key structure control data base
280.
[0183] In this manner, the encryption algorithm and key are
updated.
[0184] Next, by using the updated encryption algorithm EANG and key
L.sub.B, the encrypted statement EANG.sub.LB (MD) is decrypted so
as to obtain a plain text data MD. It is confirmed that the
obtained plain text data MD is written as "descramble function
confirmation is terminated" and then it is confirmed that the
descramble function 240 by the converted encryption algorithm EANG
is operated properly.
[0185] 5: Next, the plain text data MS is written as "scramble
function confirmation is terminated" and by operating the scramble
function 230, the encrypted statement EANG.sub.LB (MS) is created
using the encryption algorithm EANG and key L.sub.B.
[0186] This created encrypted statement is distributed to the key
management work station 500 as the "encryption algorithm updating
report".
[0187] 6: Receiving the "encryption algorithm updating report", the
key management work station 500 decrypts the encryption algorithm
EANG and key L.sub.B so as to obtain the plain text data MS. It is
confirmed that the obtained plain text data MS is written as
"scramble function confirmation is terminated" and then it is
confirmed that the scramble function 230 by the encryption
algorithm EANG converted by the user U[B] is operated properly. As
a result, it is confirmed that the encryption algorithm conversion,
the scramble function 230 and descramble function 240 for carrying
out encrypting and decrypting are operated properly and then the
encryption algorithm conversion is terminated.
[0188] 7: As a result of the above procedure, the user U[A] and
user U[B] become capable of sharing the same encryption algorithm
EANG. The users U[A] and U[B] restart cryptographic communication
and the key management work station carries out "session key issue"
based on the algorithm EANG to the user U[A].
[0189] In the above description, the procedures for distribution of
the encryption algorithm upon encryption, conversion of the key to
be operated and confirmation of the operation of the converted
encryption algorithm have been described.
[0190] A detail of the encryption algorithm conversion has been
described. Here, an attention is paid to which the operating cipher
is public key cipher or common key cipher and then, the encryption
algorithm conversion (second embodiment of the present invention)
in a case where the cryptographic communication system is
constructed of the common key cipher will be described and
secondly, the encryption algorithm conversion (third embodiment of
the present invention) in a case where the cryptographic
communication system is constructed of public key cipher will be
described. Because the basic composition of these embodiments is
the same as the aforementioned first embodiment, in the following
description, mainly a different point therefrom will be stated and
a detail of the encryption algorithm conversion of each case will
be described.
[0191] First, the second embodiment of the present invention will
be described with reference to FIGS. 6-10. Here, the encryption
algorithm conversion in the cryptographic communication system
constructed of the common key cipher will be described. That is,
the encryption algorithm conversion in a case where the operating
encryption algorithms A[1]-A[n] and B[1]-B[m] are all common key
encryption algorithms in the cryptographic communication system of
FIG. 1 will be described.
[0192] The cryptographic communication based on the common key
encryption algorithm will be described with reference to FIGS. 6
and 7.
[0193] As a presumption for carrying out cryptographic
communication, user ID and a secret key as master key are allocated
to each user using information processing unit such as a personal
computer from the key management station 500. Then, the master key
allocated to each user is registered and controlled in the network
key management data base 580 of the key management work station 500
with a correspondence to the user ID. Likewise, the secret key
P.sub.CID is allocated to the key management station 500 as the
master key.
[0194] This embodiment uses duplex encryption method in which the
encryption algorithm of the scramble key k.sub.s for use in data
encryption and the encryption algorithm of the session key for use
in dispatch of the descramble key K.sub.D are composed of different
encryption algorithms, thereby intending to improve the security as
compared to the case where the same encryption algorithm is used.
In this embodiment, it is assumed that the encryption algorithm for
operating the session key and master key uses the same encryption
algorithm.
[0195] Hereinafter, by taking a case where cryptographic
communication is carried out from the user u[A] to the user U[B], a
content of the cryptographic communication will be described.
[0196] (1) In case where the user U[A] carries out cryptographic
communication with the user U[B], the user U[A] requests the key
management station 500 for issue of the session key. Here, it is
assumed that the user U[A] is a transmission side user and the user
U[B] is a reception side user. Receiving this session key issue
request, the network encryption algorithm control function 560 of
the key management work station 500 retrieves in the network
encryption algorithm data base 590 and determines whether or not
the encryption algorithm used by the user U[A] is the same as that
used by the user U[B].
[0197] (2) When it is determined that the user U[A] and user U[B]
use the same encryption algorithm, the network key management
function 570 of the key management work station 500 generates a
session key P.sub.T with that encryption algorithm. Next, the
master key PID of the transmission side user and the master key
P.sub.YID of the reception side user are fetched out from the
network key management data base 580 and a plain text of the
session key P.sub.T is encrypted so as to create the encrypted
statements E.sub.PID (P.sub.T), E.sub.PYID (P.sub.T). This
encrypted statement is transmitted to such an information
processing unit as a personal computer used by the transmission
side user.
[0198] (3) In the personal computer for use by the transmission
side user, the master key P.sub.ID of that user controlling the
computer is fetched out from the key structure control data base
180. Using this key, the transmitted session key encrypted is
decrypted so as to obtain the session key P.sub.T.
[0199] (4) On the other hand, receiving the data M input by the
user, the scramble key k.sub.s for encrypting this data M and
descramble key K.sub.D for decrypting it are generated.
[0200] (5) Next, the data M input by the user is encrypted by the
scramble key k.sub.s so as to create an encrypted statement
E.sub.ks(M). Likewise, the descramble key K.sub.D is encrypted with
the session key P.sub.T so as to create the encrypted statement
E.sub.PT (k.sub.D). These two encrypted statements and the
transmitted encrypted statement E.sub.PYID(P.sub.T) are transmitted
to such information processing unit as a personal computer for use
by the reception side user.
[0201] (6) The personal computer of the reception side user fetches
the master key P.sub.YID of this user from the key structure
control data base 280 and the encrypted session key
E.sub.PYID(P.sub.T) by this key is decrypted so as to obtain the
session key P.sub.T. Next, the transmitted encrypted descramble key
E.sub.PT(K.sub.D) is decrypted with the session key P.sub.T so as
to obtain the descramble key K.sub.D.
[0202] Finally, the encrypted statement E.sub.ks (M) of data
transmitted with this descramble key K.sub.D is decrypted so as to
obtain the data M.
[0203] If the network encryption algorithm control function of the
key management work station 500 determines that the user U[A] and
user U[B] do not use the same encryption algorithm, it carries out
conversion of the encryption algorithm of the user U[B] for the
users U[A] and U[B] to be able to operate the same encryption
algorithm.
[0204] Next, the procedure for encryption algorithm conversion of
this embodiment will be described with reference to FIGS. 6, 8 and
9.
[0205] (1) If the network encryption algorithm control function 560
receives a session key issue request containing user ID of the
transmission side user and user ID of the reception side user from
the transmission side user and retrieves in the network encryption
algorithm data base 590 with the transmitted user ID as a key, so
as to grasp the operating condition of the encryption algorithm
operated by the transmission side user and reception side user. As
shown in FIG. 6, the cryptographic communication system applies
duplex encryption method by the common key cipher, so that two
kinds of encryption algorithms, that is, encryption algorithm for
use in encrypting of data and encryption algorithm for use in
operating the session key are used. If the two kinds of the
encryption algorithms operated by the transmission side user and
reception side user do not agree with each other, cryptographic
communication between both the parties cannot be achieved.
[0206] If no coincidence occurs as a result of retrieval in the
network encryption algorithm data base 590, the encryption
algorithm EANG operated by the transmission side user is fetched
out. The fetched encryption algorithm is supplied with an
identifier for identifying whether it will be used for encrypting
of data or operating the session key. If the two kinds of the
encryption algorithms do not coincide with each other, the two
kinds of the encryption algorithms are fetched out.
[0207] Assuming that the encryption algorithm operated by the
reception side user is EBF, this encryption algorithm EBF is
converted to the encryption algorithm EANG fetched out.
[0208] (2) The network key management function 570 of the key
management work station 500 generates the session key P.sub.TA with
the encryption algorithm EBF prior to conversion and generates the
session key P.sub.TB with the encryption algorithm EANG after the
conversion. If there is no change in the algorithm for operating
the session key, the P.sub.TA is equal to the P.sub.TB. Next, the
user ID key of the reception side user is retrieved in the network
key management data base 580 and the master key P.sub.YID of the
reception side user is fetched out.
[0209] If the encryption algorithm is converted, the key length of
the key to be used for cryptographic communication or bit length
increases or decreases. Therefore, in this case, it is demanded
that a change of the key length of the encryption key is carried
out with a conversion of the encryption algorithm.
[0210] Conversion of the encryption key accompanied by a conversion
of the encryption algorithm will be described with reference to
FIG. 10A and FIG. 10B.
[0211] A case where the bit number of the key decreases is as
follows. As shown in FIG. 10A, redundant bit numbers after the
master key P.sub.YID of the reception side user and after the
master key P.sub.CID of the key management station 500 are deleted
so as to obtain new master key P.sub.YIDC for the reception side
user and master key P.sub.CIDC for the key management station
500.
[0212] On the other hand, a case where the bit number of the key
increases is as follows. As shown in FIG. 10B, random numbers YR,
CR are generated corresponding to short bit numbers, so that a new
master key P.sub.YIDC (P.sub.YIDC=P.sub.YID.parallel.YR) for the
reception side user is obtained by connecting a random number YR to
the P.sub.YID and a new master key P.sub.CIDC
(C.sub.CIDC=C.sub.CID.parallel.CR) for the network key management
work station 500 is obtained by connecting the random number CR to
the P.sub.CID.
[0213] Because there is a possibility that the updated master keys
P.sub.YIDC, P.sub.CIDC of the users are equal to the master keys of
the other users, by retrieving the network key management data base
580, it is confirmed if there is same master key or not and if
there is a user of the same master key, a new master key of a
required length is generated.
[0214] (3) The following encrypted statement is produced using the
encryption algorithm EBF prior to conversion at the key management
work station 500.
[0215] 1: The session key P.sub.TA is encrypted with the encryption
algorithm EBF prior to conversion and master key P.sub.YID so as to
create the encrypted statement EBF.sub.PYID (P.sub.TA).
[0216] 2: The encryption algorithm EANG is encrypted with the
encryption algorithm EBF prior to the conversion and the session
key P.sub.TA so as to create the encrypted statement EBF.sub.PTA
(EANG).
[0217] 3: The master key P.sub.YIDC of the reception side user
after the conversion is encrypted with the encryption algorithm EBF
prior to the conversion and session key P.sub.TA so as to create
the encrypted statement EBF.sub.PTA (P.sub.YIDC). If there is no
change in the master key of the reception side user, this encrypted
statement is not created.
[0218] (4) The following encrypted statement is created using the
encryption algorithm EANG after the conversion at the key
management station 500.
[0219] 1: The session key P.sub.T to be operated by the encryption
algorithm after the conversion is encrypted with the encryption
algorithm EANG after the conversion and the master key P.sub.YIDC
of the reception side user after the conversion so as to create the
encrypted statement EANG.sub.PYIDC(P.sub.TB).
[0220] If there is no change in the encryption algorithm for
operating the session key, this encrypted statement is the same as
the EBF.sub.PYID(P.sub.TA).
[0221] 2. The session key P.sub.TB to be operated by the encryption
algorithm after the conversion with the encryption algorithm EANG
after the conversion and the master key P.sub.CIDC of the key
management work station 500 after the conversion has been encrypted
so as to create the encrypted statement
EANG.sub.PCIDC(P.sub.TB).
[0222] If there is no change in the encryption algorithm for
operating the session key, this encrypted statement is the same as
the encrypted statement EBF.sub.PCID (P.sub.TA) produced by
ciphering the session key P.sub.TA to be operated based on the
encryption algorithm before the conversion with the encryption
algorithm EBF before the conversion and the master key P.sub.CID of
the key management work station 500 before the conversion.
[0223] 3: The plain text data MD is written as "confirmation of
descramble function after algorithm conversion is terminated".
[0224] A scramble key k.sub.SC for encrypting plain text data MD
and a descramble key K.sub.DC for decrypting both with the
encryption algorithm EANG after the conversion, are generated.
[0225] Next, the data MD is encrypted with the scramble key
k.sub.SC so as to create an encrypted statement E.sub.ksc (MD).
Likewise, the descramble key K.sub.DC is encrypted with the session
key P.sub.TB to be operated with the encryption algorithm after the
conversion so as to create the encrypted statement
EANG.sub.PTB(K.sub.DC).
[0226] (5) At the key management work station 500, three encrypted
statements have been produced in the above (3), EBF.sub.PYID
(P.sub.TA), EBF.sub.PTA(EANG) and EBF.sub.PTA (P.sub.YIDC) and four
encrypted statements have been produced in the above (4)
EANG.sub.PYIDC(P.sub.TB), EANG.sub.PCIDC(P.sub.TB), E.sub.ksC(MD)
AND EANG.sub.PTB(K.sub.dc). These statements are sent to a
reception side user as "encryption algorithm conversion request".
Here, the three encrypted statements produced in the above (3) are
information for converting the encryption algorithm of the
reception side user and the four encrypted statements produced in
the above (4) are information for confirming whether or not the
converted encryption algorithm operates properly after the
encryption algorithm is converted.
[0227] (6) After the encryption algorithm of the reception side
user is converted and the master key is updated, the reception side
user is operating the EBF as the encryption algorithm and possesses
the P.sub.YID as the mater key. From an encrypted statement
transmitted from the key management work station,
[0228] 1: the encrypted statement EBF.sub.PYID (P.sub.TA) is
decrypted with the P.sub.YID as the master key so as to obtain the
session key P.sub.TA.
[0229] 2: The encrypted statement EBF.sub.PTA (EANG) is decrypted
with the session key P.sub.TA so as to obtain the encryption
algorithm EANG.
[0230] 3: The encrypted statement EBF.sub.PTA (P.sub.YIDC) is
decrypted with the session key P.sub.TA so as to obtain the master
key P.sub.YIDC.
[0231] In the above manner, the reception side user obtains the
encryption algorithm EANG and master key P.sub.YIDC. Then, the
obtained encryption algorithm EANG is registered in the encryption
algorithm control data base 290 and the encryption algorithm to be
operated by the encryption algorithm control function 220 is
converted from EBF to EANG.
[0232] If the master key of a reception side user is updated, the
master key is changed from P.sub.YID to P.sub.YIDC by the key
structure control function 210.
[0233] (7) The descramble function 240 is confirmed by the
encryption algorithm converted by the reception side user.
[0234] The encrypted statement transmitted from the key management
work station 500 is decrypted by the descramble function 240 using
the converted encryption algorithm and it is confirmed that the
descramble function 240 operates properly.
[0235] 1: The encrypted statement EANG.sub.PYIDC(P.sub.TB) is
decrypted with P.sub.YIDC as the master key so as to obtain the
session key P.sub.TB.
[0236] 2: The encrypted statement EANG.sub.PTB (k.sub.DC) is
decrypted with the session key P.sub.TB so as to obtain the
descramble key k.sub.DC.
[0237] 3: The encrypted statement E.sub.ksc(MD) is decrypted with
the descramble key k.sub.DC so as to obtain a plain text data
MD.
[0238] 4: It is confirmed that the plain text data MD is written as
"confirming the descramble function after the algorithm conversion
has been terminated" and then it is confirmed that the descramble
function 240 operates properly.
[0239] (8) Driving the scramble function 230 using the converted
encryption algorithm of a reception side user
[0240] To confirm that the scramble function 230 using the
converted encryption algorithm operates properly, plain text data
is set and encrypted by the scramble function 230 and then
transmitted to the key management work station 500.
[0241] 1: The plain text data MS is written as "algorithm
conversion confirmation test is terminated". A scramble key
K.sub.su for encrypting this plain text data MS with the encryption
algorithm EANG after the conversion and a descramble key K.sub.du
for decrypting are generated. Next, the data MS is encrypted with
the scramble key k.sub.su so as to produce an encrypted statement
EANG.sub.ksu(MS). Likewise, the descramble key K.sub.du is
encrypted with the obtained session key P.sub.TB so as to create
the encrypted statement EANG.sub.PTB (k.sub.Du).
[0242] 2: Produced two encrypted statements EANG.sub.PTB(k.sub.DU)
and EANG.sub.ksu (MS) and an encrypted statement
EANG.sub.PCIDC(P.sub.TB) transmitted from the key management work
station 500 are returned to the key management work station 500 as
"encryption algorithm conversion confirmation request".
[0243] (9) Confirmation of encryption algorithm conversion at the
key management work station 500
[0244] The encrypted statement returned from the reception side
user is decrypted so as to confirm that the scramble function 230
for the converted encryption algorithm of the reception side user
operates properly. Then, it is confirmed that the encryption
algorithm after the conversion operates properly.
[0245] 1: The encrypted statement EANG.sub.PCIDC(P.sub.TB) is
decrypted with the master key P.sub.CIDC of the key management work
station 500 so as to obtain the session key P.sub.TB.
[0246] 2: The encrypted statement EANG.sub.PTB (K.sub.DU) is
decrypted with the session key P.sub.TB so as to obtain the
descramble key K.sub.DU.
[0247] 3: The encrypted statement E.sub.ksu(MS) is decrypted with
the descramble key k.sub.Du so as to obtain a plain text data
MS.
[0248] 4: It is confirmed that the obtained plain text data MS is
written as "algorithm conversion confirmation test is terminated"
and it is confirmed that the scramble function 230 of a reception
side user operates properly. Then, it is confirmed that the
encryption algorithm after the conversion operates properly.
[0249] In the network communication system in which the common key
cipher is operated, the algorithm conversion can be carried
out.
[0250] As a result of this algorithm conversion, it comes that the
user U[A] and user U[B] share the same encryption algorithm. As a
result, the user U[A] and user U[B] are enabled to carry out
cryptographic communication by the steps shown in FIG. 7.
[0251] In this embodiment, in case where the user U[A] and user
U[B] possess an encryption algorithm of the same series having the
same intensity or having a different intensity, it is possible to
convert to an encryption algorithm having a high intensity by the
network encryption algorithm control function 560.
[0252] In this case, if the user U[A] has an encryption algorithm
having a higher intensity than the user U[B], the encryption
algorithm of the user U[B] is converted to an encryption algorithm
of the user U[A]. Conversely if the encryption algorithm of the
user U[B] has a higher intensity, the encryption algorithm of the
user U[A] is converted to that of the user U[B]. This algorithm
conversion can be carried out in the same procedures as shown in
FIGS. 6, 8 and 9.
[0253] Next, a case in which the security is improved by raising
the encryption intensity of an encryption algorithm controlled by
the key management work station 500 or by changing the encryption
algorithm version without changing the encryption intensity will be
described.
[0254] As shown in FIG. 1, the encryption algorithms A[1]-A[n] are
encryption algorithms controlled by the key management work station
500 of the same A cipher series and the key management work station
500 has a function for generating this encryption algorithm. By
changing the encryption algorithm, it is possible to change the
encryption intensity or procedure for encryption computation. As
compared to use of the same encryption algorithm, the security of
the cryptographic communication system can be improved.
[0255] The user ID of a user operating the same A series encryption
algorithm is U[Ai, j] and the key management work station 500
selects a user which changes the encryption algorithm from these
users. Then, by using the function for generating the encryption
algorithm, a new encryption algorithm is generated and the newly
generated encryption algorithm is distributed to a user determined
to change the encryption algorithm.
[0256] This distribution can be carried out in the same manner as
the above described algorithm conversion of the encryption
algorithm.
[0257] Cases for distributing an encryption algorithm of a
different version and an encryption algorithm having a different
encryption intensity have been described above.
[0258] The encryption algorithm of each user is converted to an
encryption algorithm distributed thereto. The encryption algorithm
before the conversion is not deleted but stored in the encryption
algorithm data base 190, 290 of each user. The key management work
station 500 controls the encryption algorithm stored in the
encryption algorithm data base 190, 290 of each user by using the
network encryption algorithm control data base 590.
[0259] Consequently, in case when a request for cryptographic
communication from the user U[A] to the user U[B] occurs, if a
common encryption algorithm exists in the encryption algorithm data
bases 190, 290 of both the users, the key management work station
500 does not have to distribute any encryption algorithm. If the
key management work station 500 dispatches an instruction for
changing over to the common encryption algorithm, the cryptographic
communication from the user U[A] to the user U[B] is enabled.
[0260] The encryption algorithm conversion of a case when the
cryptographic communication system is composed of common key
ciphers has been described above.
[0261] A third embodiment of the present invention will be
described with reference to FIGS. 11-15. Here, encryption algorithm
conversion of a network communication system in which a public key
cipher is operated or a case where the cryptographic communication
system is composed of the public key cipher will be described.
[0262] In the network communication system shown in FIG. 1, it is
assumed that all the encryption algorithms A[1]-A[n], B[1]-B[m] to
be operated are public key cipher algorithms.
[0263] Cryptographic communication by the public key cipher
algorithm will be described with reference to FIG. 12.
[0264] As the public key cipher algorithm, for example, elliptical
curve cipher algorithm is applicable. It is assumed that a base
point of an elliptical curve necessary for describing computation
of this elliptical curve cipher key is P. The elliptical curve
cipher has been stated in for example, "Quick Encryption Method
Using Elliptical Curve" by Kazuo Takaragi and Hiroyuki Kurumaya, in
Technical Report of IEICE ISEC 97-15(1997-07).
[0265] In case when cryptographic communication is carried out, an
issue of the session key is received from the network key
management function 570 of the key management work station 500,
data received based on this key is encrypted so as to create an
encrypted statement and then transmitted to the descramble function
240 of a personal computer of a reception side user.
[0266] The descramble function 240 decrypts the transmitted
encrypted statement so as to obtain data.
[0267] As a presumption for operating the cryptographic
communication processing portion, a user ID, a secret key d.sub.ID
as a master key and a public key Q.sub.ID (=P.multidot.d.sub.ID:
.multidot. is computation on elliptical curve) corresponding to
this secret key are allocated by the key management work station
500 to each user using such information processing unit as a
personal computer. The public key Q.sub.ID allocated to user is
registered and controlled in the network key management data base
580 of the key management work station 500 with a correspondence to
the user ID. Likewise, a secret key d.sub.C as the mater key and a
public key Q.sub.C (=P.multidot.d.sub.c: .multidot. is computation
on elliptical curve) corresponding to this secret key are allocated
to the key management work station 500. The public key Q.sub.C of
the key management work station 500 is open to all users of this
system.
[0268] According to this embodiment, data encryption is carried out
with the scramble key K.sub.S and data decrypting is carried out
with the descramble key K.sub.D. Distribution of this descramble
key K.sub.D is carried out by the elliptical curve cipher which is
a public key cipher. As a common key encryption algorithm for
operating the scramble key K.sub.s, descramble key K.sub.D, for
example, MULTI2 encryption algorithm can be used. The MULTI2
encryption algorithm (Hitachi, "MULTI2", Registration of
cryptographic algorithm, ISO9979/0009, NCC, UK (1994)) is an
encryption algorithm which has achieved actual performance in for
example, CS digital broadcasting (digital broadcasting using
communication satellite).
[0269] Hereinafter, a case where cryptographic communication is
carried out from the user U[A] to the user U[B] will be described.
It is assumed that the user U[A] is transmission side user and the
user U[B] is reception side user.
[0270] (1) Upon cryptographic communication from the user U[A] to
the user U[B], the user U[A] requests the key management work
station 500 for session key issue. Receiving this session key issue
request, the network encryption algorithm control function 560 of
the key management work station 500 retrieves in the network
encryption algorithm data base 590 so as to determine whether or
not the encryption algorithm used by the user U[A] is equal to the
encryption algorithm used by the user U[B].
[0271] (2) If it is determined that the user U[A] and user U[B] use
the same encryption algorithm, the network key management function
570 of the key management work station 500 retrieves in the network
key management data base 580 with the user ID as a key and fetches
out a public key Q.sub.YID corresponding to a master key of a
reception side user and a public key Q.sub.ID corresponding to a
master key of the transmission side user.
[0272] Signature producing computation is carried out with the
secret key d.sub.c which is the master key of the key management
work station 500 to the fetched out public key Q.sub.YID and public
key Q.sub.ID so as to create signature data S.sub.dc (Q.sub.YID)
and signature data Sdc(Q.sub.ID). With this public key Q.sub.YID as
a session key, the signature data S.sub.dc (Q.sub.YID) and
signature data S.sub.dc (Q.sub.ID) are transmitted in combination
to the transmission side user so as to issue the session key.
[0273] (3) A user receiving the public key Q.sub.YID, signature
data S.sub.dc(Q.sub.YID) and signature data S.sub.dc(Q.sub.ID)
carries out signature verifying computation on the signature data
S.sub.dc(Q.sub.YID) and Q.sub.YID using the public key Q.sub.C of
the key management work station 500 so as to confirm that the
public key Q.sub.YID is a key transmitted from a proper key
management work station 500 and a key allocated to a proper
reception side user intended to communicate with.
[0274] In this manner, the transmission side user receives an issue
of a public key for use as a session key.
[0275] (4) The transmission side user generates the scramble key
K.sub.s for encrypting data M to be transmitted and the descramble
key K.sub.D for decrypting.
[0276] Next, the data M inputted by the user is encrypted with the
scramble key K.sub.s so as to create an encrypted statement
E.sub.Ks (M).
[0277] Further, the descramble key K.sub.D is encrypted with the
transmitted public key Q.sub.YID as a session key so as to generate
an encrypted descramble key E.sub.QYID (K.sub.D).
[0278] To guarantee that the data M to be transmitted has been
created by the transmission side user, signature producing
computation is carried out to the data M to be transmitted with the
secret key d.sub.ID as a master key allocated to the transmission
side user from the key management work station 500 and the
signature data S.sub.dID (M) is produced.
[0279] In case of public key cipher, the transmitted key Q.sub.YID
can be used as an encryption key as it is.
[0280] Five data, that is, two encrypted statements E.sub.KS(M) and
E.sub.QYID(K.sub.D), signature data S.sub.dID(M) about the data M,
signature data S.sub.dc (Q.sub.ID) about a public key of
transmission side user transmitted from the key management work
station 500, and public key Q.sub.ID of the transmission side user
are sent to the reception side user.
[0281] (5) Receiving the five data, the reception side user carries
out signature verifying computation on the signature data
S.sub.dc(Q.sub.ID) and Q.sub.ID using the public key Qc of the key
management work station 500, so as to confirm that the public key
Q.sub.ID has been transmitted from a proper key management work
station 500, thereby ensuring that that key is a public key
allocated to the transmission side user properly.
[0282] Then, the encrypted descramble key E.sub.QYID (K.sub.D) is
decrypted with the secret key d.sub.YID as a master key which is
allocated to the reception side user from the key management work
station 500 so as to obtain the descramble key K.sub.D.
[0283] Next, the encrypted statement E.sub.Ks(M) is decrypted with
this descramble key K.sub.D so as to obtain the data M.
[0284] Finally, signature verifying computation is carried out on
the signature data S.sub.dID (M) and data M with the public key
Q.sub.ID transmitted from the transmission side user so as to
ensure that the data M is data transmitted from a proper
transmission side user.
[0285] Consequently, in the network communication system, the user
U[A] is capable of carrying out cryptographic communication with
the user U[B].
[0286] On the other hand, if the encryption algorithm control
function determines that the user U[A] and user U[B] don't use the
same encryption algorithm, it converts the encryption algorithm of
the user U[B] for both the users U[A] and U[B] to be able to use
the same encryption algorithm.
[0287] Encryption algorithm conversion in a network communication
system operating the public key encryption algorithm will be
described with reference to FIGS. 11, 13 and 14.
[0288] (1) Receiving a session key issue request containing the
user ID of the transmission side user and user ID of the reception
side user from the transmission side user, the network encryption
algorithm control function 560 retrieves in the network encryption
algorithm control data base 590 with a transmitted user ID as a key
and grasps a condition of the encryption algorithm operated by the
transmission side user and reception side user. As shown in FIG.
11, the network communication system employs cryptographic
communication system based on duplex encryption method. A common
key encryption algorithm is used for data encryption and a public
key encryption algorithm is used for operating the session key.
[0289] Unless two kinds of the encryption algorithms operated by
the transmission side user and reception side user agree,
cryptographic communication between the both cannot be carried
out.
[0290] If the two kinds of the encryption algorithms do not agree
as a result of querying on the network encryption algorithm
management data base 590, the encryption algorithm EANG operated by
the transmission side user is fetched out. The fetched encryption
algorithm is supplied with an identifier for indicating whether it
is used for data encryption or operation of the session key. Of
course, if each of the two kinds of the encryption algorithms does
not agree, the two kinds of the encryption algorithms are fetched
out.
[0291] Assuming that the encryption algorithm operated by the
reception side user is EBF, the encryption algorithm is converted
from this encryption algorithm EBF to the fetched out encryption
algorithm EANG.
[0292] (2) The network key management function 570 of the key
management work station 500, with the user ID as a key, retrieves
in the network key management data base 580 and fetches out a
public key Q.sub.YID corresponding to a master key of a reception
side user for the encryption algorithm EBF before the
conversion.
[0293] In case where the encryption algorithm is changed to the
encryption algorithm EANG, there is a possibility that the master
key cannot be used under the encryption algorithm EBF before the
conversion of the reception side user. In this case, the network
key management function 570 determines whether the master key of
the reception side user is compatible for conversion of the
encryption algorithm and if it is determined that there is no
compatibility, a new public key is generated for the reception side
user.
[0294] As the new master key, the secret key d.sub.YIDC is
generated and a public key QYIDC corresponding to this secret key
is generated.
[0295] In the key management work station, both the encryption
algorithm EBF before the conversion and encryption algorithm EANG
after the conversion are supplied with a corresponding master
key.
[0296] A secret key as a master key corresponding to the encryption
algorithm EBF before the conversion is d.sub.c and a public key
corresponding to this secret key is Q.sub.c.
[0297] It is assumed that the secret key which is a master key
suitable for the encryption algorithm EANG after conversion is
d.sub.cc and a public key corresponding to this secret key is
Q.sub.CG.
[0298] (3) The network key management function 570 creates the
following encrypted statement and signature data using the
encryption algorithm EBF prior to the conversion.
[0299] 1: A scramble key K.sub.SB for encrypting the encryption
algorithm EANG and secret key d.sub.YIDC with the encryption
algorithm EBF prior to the conversion and a descramble key K.sub.DB
for decrypting are generated.
[0300] 2: The encryption algorithm EANG and secret key d.sub.YIDC
is encrypted with the scramble key K.sub.SB so as to create the
encrypted statement EBF.sub.KSB (EANG) and encrypted statement
EBF.sub.KSB (d.sub.YIDC). Further, the descramble key K.sub.DB is
encrypted with the fetched public key Q.sub.YID as a master key so
as to create the encrypted statement EBF.sub.QYID(K.sub.DB).
[0301] 3: Signature producing computation is carried out on the
generated secret key D.sub.YIDC and public key Q.sub.YIDC with the
encryption algorithm EBF prior to the conversion and the secret key
d.sub.c which is a master key of the key management work station
500, so as to create the signature data Sdc(d.sub.YIDC) and
signature data S.sub.dc(Q.sub.YIDC).
[0302] 4: Signature producing computation is carried out on the
encryption algorithm EANG with the encryption algorithm EBF prior
to the conversion and the secret key d.sub.c which is a master key
of the key management work station 500, so as to create signature
data S.sub.dc (EANG).
[0303] 5: Signature producing computation is carried out on the
public key Q.sub.CG which is a master key of the key management
work station 500 to be applied to the encryption algorithm EANG
after the conversion, with the encryption algorithm EBF prior to
the conversion and the secret key d.sub.c which is a master key of
the key management work station 500, so as to create signature data
S.sub.dc (Q.sub.CG).
[0304] (4) The scramble function 530 creates the following
encrypted statement and signature data using the encryption
algorithm EANG after the conversion.
[0305] 1: The plain text data MD is written as "confirmation of
descramble function after algorithm conversion is terminated".
[0306] A scramble key K.sub.SC for encrypting the plain text data
MD with the encryption algorithm EANG after the conversion and a
descramble key K.sub.DC for decrypting are generated. Next, the
data MD is encrypted with the scramble key K.sub.SC so as to create
the encrypted statement EANG.sub.KSC (MD) and then the descramble
key K.sub.DC is encrypted with the public key Q.sub.YIDC to be
operated as a session key in the encryption algorithm after the
conversion, so as to create the encrypted statement
EANG.sub.QYIDC(K.sub.DC).
[0307] 2: Signature producing computation is carried out on the
generated public key Q.sub.YIDC and plain text data MD with the
secret key d.sub.cg allocated as a master key of the key management
work station 500 with the encryption algorithm EANG after the
conversion, so as to create signature data S.sub.dcg(Q.sub.YIDC)
and S.sub.dcg(MD).
[0308] (5) The three encrypted statements EBF.sub.QYID(K.sub.DB),
EBF.sub.KSB(EANG), EBF.sub.KSB(d.sub.YIDC) produced in the above
(3), four signature data S.sub.dc(d.sub.YIDC),
S.sub.dc(Q.sub.YIDC), S.sub.dc(EANG) and S.sub.dc(Q.sub.CG), newly
generated public key Q.sub.YIDC, public key Q.sub.CG of the key
management work station 500, the two encrypted statements
EANG.sub.KSC(MD), EANG.sub.QYIDC(K.sub.DC) produced in the above
(4), and two signature data S.sub.dcg(Q.sub.YIDC), S.sub.dcg(MD)
are transmitted to a reception side user as "encryption algorithm
conversion request". Here, the encrypted statement and signature
data produced in the above (3) are information for converting the
encryption algorithm of the reception side user and the four
encrypted statements and signature data produced in the above (4)
are information for recognizing whether or not the converted
encryption algorithm functions properly after that encryption
algorithm is converted.
[0309] The network key management function 570 stores the generated
public key Q.sub.YIDC which is a master key of the reception side
user in the network key management data base 580 with a
correspondence to the encryption algorithm EANG.
[0310] (6) Conversion of the encryption algorithm of the reception
side user and updating its master key
[0311] The reception side user operates EBF as the encryption
algorithm and possesses the secret key d.sub.YID as its master key
and the public key Q.sub.c of the key management work station 500
to be operated by the encryption algorithm EBF.
[0312] From the encrypted statement transmitted from the key
management work station 500.
[0313] 1: The encrypted statement EBF.sub.QYID (K.sub.DB) is
decrypted with the secret key d.sub.YID as the master key so as to
obtain the descramble key K.sub.DB. Next, the encrypted statement
EBF.sub.KSB(EANG) is decrypted with this descramble key K.sub.DB so
as to obtain the encryption algorithm EANG. Signature verifying
computation is carried out on the signature data S.sub.dc(EANG) and
the obtained encryption algorithm EANG with the public key Q.sub.C
of the key management work station 500 so as to ensure that the
obtained encryption algorithm EANG has been transmitted from a
proper key management work station 500.
[0314] 2: The encrypted statement EBF.sub.KSB (d.sub.YIDC) is
decrypted using the descramble key K.sub.DB and then a secret key
d.sub.YIDC is obtained as a master key of a given user to be
operated on the converted encryption algorithm EANG.
[0315] Using the public key Q.sub.C of the key management work
station 500, signature verifying computation is carried out on the
signature data S.sub.dc(d.sub.YIDC) and the obtained secret key
d.sub.YIDC, so as to determine whether or not the obtained secret
key d.sub.YIDC has been transmitted from a proper key management
work station 500. Likewise, signature verifying computation is
carried out on the signature data S.sub.dc(Q.sub.YIDC) and the
public key Q.sub.YIDC which is a transmitted master key using the
public key Q.sub.C of the key management work station 500 so as to
determine that the obtained public key Q.sub.YIDC has been
transmitted from a proper key management work station 500.
[0316] 3: Signature verifying computation is carried out on the
signature data S.sub.dc(Q.sub.CG) and the public key Q.sub.CG to be
operated on the transmitted encryption algorithm EANG converted of
the key management work station 500, using the public key Q.sub.C
of the key management work station 500, so as to determine whether
or not the transmitted public key Q.sub.CG is a public key sent
from a proper key management work station 500.
[0317] In this manner, the reception side user obtains the
encryption algorithm EANG, a secret key d.sub.YIDC as a master key,
a public key Q.sub.YIDC corresponding to this secret key, and a
public key Q.sub.CG to be operated on the converted encryption
algorithm EANG of the key management work station 500. Then, the
obtained encryption algorithm EANG is registered in the encryption
algorithm control data base 290 and the encryption algorithm to be
operated by the encryption algorithm control function 220 is
converted from the encryption algorithm EBF to the encryption
algorithm EANG.
[0318] If the master key of a reception side user is changed, the
secret key as the master key is updated from d.sub.YID to
d.sub.YIDC by the key structure control function 210.
[0319] (7) Confirmation of the descramble function 240 by the
converted encryption algorithm of a reception side user
[0320] An encrypted statement transmitted from the key management
work station 500 is decrypted by the descramble function 240 using
a converted encryption algorithm so as to determine whether or not
the descramble function 240 operates properly.
[0321] 1: The encrypted statement EANG.sub.QYIDC (K.sub.DC) is
decrypted using the secret key d.sub.YIDC as a master key so as to
obtain the descramble key K.sub.DC.
[0322] 2: The encrypted statement EANG.sub.KSC (MD) is decrypted
with the descramble key K.sub.DC so as to obtain a plain text data
MD. Next, signature verifying computation is carried out on the
signature data S.sub.dcg(MD) and the obtained plain text data MD
using the public key Q.sub.CG of the key management work station
500, so as to determine that the obtained plain text data MD has
been transmitted from a proper key management work station 500.
[0323] 3: It is confirmed that the plain text data MD is
"confirmation of the descramble function after algorithm conversion
is terminated". Then, it is confirmed that the descramble function
240 operates properly.
[0324] (8) Driving the scramble function by the converted
encryption algorithm at a reception side user
[0325] To ensure that the scramble function 230 of the converted
encryption algorithm operates properly, plain text data is set up,
encrypted by the scramble function 230 and transmitted to the key
management work station 500.
[0326] 1: The plain text data MS is written as "algorithm
conversion confirmation test is terminated". The scramble key
K.sub.su for encrypting the aforementioned plain text data MS and
the descramble key K.sub.DU for decrypting are generated with the
encryption algorithm EANG after the conversion. Next, the plain
text data MS is encrypted by the scramble key K.sub.SU so as to
create an encrypted statement EANG.sub.KSU (MS). Likewise, the
descramble key K.sub.DU is encrypted with the public key Q.sub.CG
of the key management work station 500 so as to create the
encrypted statement EANG.sub.QCG(K.sub.DU). Further, signature
producing computation is carried out on the data MS using the
secret key d.sub.YIDC as a master key of a reception side user so
as to produce the signature data S.sub.dYIDC (MS).
[0327] 2: Two produced encrypted statements EANG.sub.QCG
(K.sub.DU), EANG.sub.KSU(MS), signature data S.sub.dYIDC(MS),
signature data S.sub.dcg (Q.sub.YIDC) transmitted from the key
management work station 500, and public key Q.sub.YIDC of a
reception side user are returned to the key management work station
500 as "encryption algorithm conversion confirmation request".
[0328] (9) Confirmation of the encryption algorithm conversion at
the key management work station 500
[0329] An encrypted statement returned from the reception side user
is decrypted so as to confirm that the scramble function 230 using
the converted encryption algorithm of the reception side user
operates properly. Then, it is confirmed that the encryption
algorithm after the conversion operates properly.
[0330] 1: The encrypted statement EANG.sub.QCG(K.sub.DU) is
decrypted with the secret key d.sub.cg as a master key of the key
management work station 500 so as to obtain the descramble key
K.sub.DU.
[0331] 2: The encrypted statement EANG.sub.ksu(MS) is decrypted
with the descramble key K.sub.DU so as to obtain plain text data
MS.
[0332] 3: Signature verifying computation is carried out on the
signature data S.sub.dcg(Q.sub.YIDC) and the transmitted public key
Q.sub.YIDC of the reception side user using the public key Q.sub.cg
of the key management work station 500, so as to confirm that the
transmitted public key Q.sub.YIDC of the reception side user has
been transmitted from a proper reception side user.
[0333] 4: Signature verifying computation is carried out on the
signature data S.sub.dYIDC (MS) and obtained plain text data MS,
using the public key Q.sub.YIDC of a reception side user, so as to
confirm that the obtained plain text data MS has been transmitted
from a proper reception side user.
[0334] 5: It is confirmed that the obtained plain text data MS is
"algorithm conversion confirmation test is terminated" and then it
is confirmed that the scramble function 230 of the reception side
user operates properly. Then, it is confirmed that the encryption
algorithm after the conversion operates properly.
[0335] The examples of the algorithm conversion of this embodiment
have been described in the above (1)-(9). By this encryption
algorithm conversion, it comes that the user U[A] and user U[B]
share the same encryption algorithm. Consequently, as shown in FIG.
12, cryptographic communication between the user U[A] and user U[B]
is enabled.
[0336] In case when an encryption algorithm is converted, in this
embodiment, the secret key as a master key possessed by user and a
public key corresponding to this secret key are generated at the
key management work station.
[0337] Although these keys may be generated newly, it is possible
to generate them based on the keys prior to the conversion. The
generation of the key will be described below.
[0338] In case of public key cipher also, the key length of the
secret key for use in the cryptographic communication, or bit
number is increased or decreased by the encryption algorithm
conversion like the case of the common key cipher.
[0339] To reduce the bit number of the key, redundant bit number of
a rear part of the secret key d.sub.YID as a master key prior to
the conversion of a reception side user is deleted and this is used
as the secret key d.sub.YIDC as a new master key of the reception
side user.
[0340] To prolong the bit number of the key, as shown in FIG. 15, a
random number YR is generated corresponding to a short bit number
and the YR is connected to d.sub.PYID so as to obtain the secret
key d.sub.YIDC (d.sub.YIDC=P.sub.YIDC.parallel.YR) as a new master
key of a reception side user. A public key Q.sub.YIDC
(=P.multidot.d.sub.YIDC; .multidot. is computation on an elliptical
curve) is determined corresponding to the generated secret key
d.sub.YIDC.
[0341] Because there is a possibility that this public key
Q.sub.YIDC is a secret key of other user generated previously, the
key management work station 500 retrieves in the network encryption
algorithm control data base 590 so as to confirm that there is no
same public key. If the same public key exists, a random number is
generated again so as to generate a secret key as a master key.
[0342] Here, it is always possible to use 0 as YR.
[0343] As described, the encryption algorithm for operating the
master key and session key employs an elliptical curve encryption
algorithm which is different from the common key encryption
algorithm. As a result, duplex encryption method is constructed so
as to improve the security.
[0344] Next, a configuration of a case where the elliptical curve
cipher is used as a public key cipher in the network communication
system of the present invention will be described. The software
function of the case where the public key cipher is used is the
same as the software function of the common key cipher shown in
FIG. 2. As shown in an example of a case where the aforementioned
public key encryption algorithm is used, the master key of each
user is the secret key d.sub.ID and this secret key corresponds to
a public key Q.sub.ID (=d.sub.ID.multidot.P: .multidot. is
computation on elliptical curve) on computation of an elliptical
curve. The encryption algorithm of the scramble key and descramble
key is MULTI2 encryption algorithm as the common key encryption
algorithm.
[0345] A fourth embodiment of the present invention will be
described. Encryption algorithm conversion in encryption function
incorporated in a portable information processing unit will be
described here.
[0346] In the above described first-third embodiments, a plurality
of encryption algorithms exist in network communication system as
shown in FIG. 1. The key management work station 500 grasps a
condition of the encryption algorithm of each user and each time
when a request for cryptographic communication occurs, it converts
the encryption algorithm of each user as required so as to achieve
the cryptographic communication between users.
[0347] Recently, an encryption function has been incorporated in a
portable information processing unit, for example, portable
terminal unit, IC card and the like and it is used for automatic
payment of electronic money.
[0348] In case where user possesses an IC card as information
processing unit in which an encryption function is incorporated and
executes automatic payment of electronic money, this IC card is
inserted into a reader which is an information processing unit
installed on a retailer counter or the like, so that the payment is
carried out by information processing between the both.
[0349] In this case, if the IC card is connected to the key
management work station to carry out encryption processing, a
user's procedure becomes complicated so that he or she feels a lot
of inconvenience.
[0350] Hereinafter, an encryption algorithm conversion method
preferable for encryption algorithm conversion to be operated in a
portable information processing unit (terminal, IC card and the
like) will be described.
[0351] If cryptographic communication is carried out in an
cryptographic communication system operated by the public key
encryption algorithm shown in FIG. 12, a transmission side user
makes a "session key issue request" to the key management work
station 500 as shown in FIG. 2 and receives a public key Q.sub.YID
of a reception side user, signature data S.sub.dc(Q.sub.YID ) of
the public key.sub.YID, its own public key Q.sub.ID and signature
data S.sub.dc(Q.sub.ID) of that public key Q.sub.ID from the key
management work station 500.
[0352] Here, each user stores its own public key Q.sub.ID and
signature data S.sub.dc(Q.sub.ID) in the key structure control data
base 180, 280. FIG. 16 shows cryptographic communication system
operated by the public key encryption algorithm (FIG. 25 shows the
functional blocks of this method). Each user receives its own
public key Q.sub.ID and signature data S.sub.dc(Q.sub.ID) of that
public key Q.sub.ID from the key management work station 500
through a route indicated by dotted line of FIG. 16 and possesses
it in the key structure control data base of each user. In this
case, the "session key issue request" for executing cryptographic
communication may be made to a reception side user, but not to the
key management work station 500.
[0353] That is, the "session key issue request" is sent to the
reception side user and then, a public key Q.sub.YID of that
reception side user and signature data S.sub.dc(Q.sub.YID) of this
public key are received from the reception side user.
[0354] In the method shown in FIG. 16, it can be considered that
the secret key d.sub.ID as a master key to be allocated to each
user is generated by the key management work station 500 or each
user.
[0355] 1: Method in which the secret key is generated by the key
management work station 500
[0356] If the secret key d.sub.ID as a master key and a
corresponding public key Q.sub.ID are generated by the key
management work station 500, user not accustomed to operation of
the encryption algorithm feels very convenient.
[0357] However, how the generated secret key is distributed to each
user is a problem.
[0358] In this embodiment, it is stored in such an electronic
medium as an IC card and floppy disk and distributed to each
user.
[0359] As a result, it is made possible for the key management work
station 500 to hold the generated secret key d.sub.ID and for the
key management work station 500 to decrypt data encrypted with the
public key Q.sub.ID corresponding to the user. Because the key
management work station 500 prevents grasping of user's
information, according to this embodiment, the generated secret key
d.sub.ID is provided with a key recovery function and stored in the
network key structure data base 580 with a correspondence to user
ID, thereby disabling user to decrypt a cipher text generated by
user except when an unexpected event occurs.
[0360] Hereinafter, the key recovery function of this embodiment
will be described by taking cryptographic communication in which
the key has duplex hierarchical structure as an example. The key
recovery function adds information about decryption to an encrypted
statement E.sub.KS(M) and is capable of decrypting the encrypted
statement without the descramble key K.sub.D.
[0361] First, the key recovery function in cryptographic
communication based on common key encryption algorithm will be
described. That is, data to be transmitted by the user is assumed
to be M. The data is encrypted with the scramble key K.sub.s
generated by the portable information processing unit so as to
generate the encrypted statement E.sub.KS(M). The descramble key
K.sub.D for decrypting this encrypted statement is encrypted with
the session key P.sub.T transmitted from the key management work
station 500, so as to generate an encrypted statement
E.sub.PT(K.sub.D).
[0362] First, a procedure for producing additional data for
providing with the key recovery function when data is encrypted
with the scramble key K.sub.S will be described with reference to
FIG. 23.
[0363] (1) A random number is generated when the scramble key
K.sub.s is generated and the scramble key is expressed as
K.sub.s=K1 XOR K2 by exclusive OR between K1 and K2 (XOR is
indicated by direct sum symbol in the Figure).
[0364] (2) P1, P2 are used as a key for key recovery and stored
with the key recovery function of the portable information
processing unit and key management work station 500. K1, K2
generated for generating the scramble keys K.sub.s are encrypted
with the keys P1, P2 for key recovery so as to produce encrypted
statements E.sub.p1(K1), E.sub.P2(K2). This data is added to the
encrypted statement E.sub.KS (M) of data produced with the scramble
key K.sub.s.
[0365] Next, a procedure for decrypting the encrypted statement
with this additional data will be described with reference to FIG.
24.
[0366] (1) Data E.sub.p1 (K1), E.sub.p2(K2) added from the
encrypted statement are separated from each other and then K1, K2
are decrypted with the keys P1, P2 for key recovery.
[0367] (2) An exclusive OR between K1 and K2 is obtained and with
K.sub.s=K1 XOR K2, the scramble key K.sub.S is generated. In case
of common key cipher, the scramble key K.sub.s and descramble key
K.sub.D are the same. The encrypted statement can be decrypted with
this scramble key K.sub.s.
[0368] If a necessity of decrypting the encrypted statement occurs
because an unexpected event is generated, the encrypted statement
is transmitted to the key management work station 500.
Consequently, the encrypted statement can be decrypted with the
keys P1, P2 for key recovery in the aforementioned procedure.
[0369] Next, the key recovery function in the cryptographic
communication based on the public key encryption algorithm will be
described. It is assumed that the scramble keys for use in
encryption of the data M are K.sub.s and the descramble keys are
K.sub.D and the public key as a session key for distributing the
descramble key is Q.sub.YID. Cryptographic communication is carried
out by transmission of the encrypted statement E.sub.KS (M) and
encrypted descramble key E.sub.QYID (K.sub.D).
[0370] Here, a case where elliptical curve cipher is used as a
public key cipher will be described. The elliptical curve cipher
has been described in for example, "Quick Encryption Method Using
Elliptical Curve" by Kazuo Takaragi and Hiroyuki Kurumatani,
Technical Report of IEICE ISEC97-15(1997-07).
[0371] First, key recovery function in which a threshold value
logic is added to encrypted descramble key E.sub.QYID(K.sub.D) will
be described.
[0372] (1) In the key recovery function of the key management work
station 500, the public keys for key recovery Q.sub.A, Q.sub.b,
Q.sub.c are allocated and publicized and secret keys d.sub.A,
d.sub.B, d.sub.c (Q.sub.A=d.sub.A.multidot.P,
Q.sub.B=d.sub.B.multidot.P, Q.sub.C=d.sub.C.multidot.P)
corresponding to the public keys are stored. A threshold value
logic computed by the keys Q.sub.YID, Q.sub.A, Q.sub.B, Q.sub.C is
added to the encrypted descramble key E.sub.QYID(K.sub.D).
[0373] (2) Like the case where the common key cipher is used, upon
cryptographic communication, data cannot be encrypted with the
scramble key K.sub.s until the descramble key K.sub.D is encrypted.
The encrypted statement E.sub.KS(M) of data and the encrypted
descramble key E.sub.QYID(K.sub.D) are always generated in
pair.
[0374] (3) If a necessity of decrypting an encrypted statement
occurs because an unexpected event is generated, the encrypted
statements E.sub.KS(M) and E.sub.QYID(K.sub.D) of a pair are
transmitted to the key management work station 500.
[0375] The key recovery function decrypts with two of the secret
keys d.sub.A, d.sub.B, d.sub.C and the threshold value logic added
to the E.sub.QYID(K.sub.D) to obtain the descramble key
K.sub.D.
[0376] Next, the encrypted statement E.sub.KS(M) is decrypted with
this key K.sub.D so as to obtain data M.
[0377] An encrypted statement of data M to be transmitted is
created by encryption computation with the scramble key K.sub.s.
Thus, like the key recovery function using the common key cipher
(see FIG. 23 for encryption and FIG. 24 for decryption), it is
permissible to express the scramble key K.sub.S by exclusive OR
between K1 and K2 and carry out key recovery using them. Although
the keys P1, P2 for key recovery shown in FIGS. 23, 24 can be
operated with the common key encryption algorithm, they can be also
operated for key recovery with the public keys Q.sub.A,
Q.sub.B.
[0378] In this case, data to be added to the encrypted statement
E.sub.KS (M) for key recovery are encrypted statements
E.sub.QA(K1), E.sub.QB(K2) obtained by encrypting K1, K2 with
public keys Q.sub.A, Q.sub.B. The key recovery is carried out by
decrypting the added data using the secret keys d.sub.A, d.sub.B
corresponding to the public keys Q.sub.A, Q.sub.B in the key
recovery function of the key management work station 500.
[0379] 2: Method for generation by each user
[0380] A user accustomed to operation of the encryption algorithm
is capable of generating the secret key d.sub.ID as a master key
for use by himself or herself and corresponding public key
Q.sub.ID.
[0381] In this case, because the secret key d.sub.ID as a master
key to be possessed by user is possessed only by the user, there is
no possibility that an encrypted statement produced by the public
key Q.sub.ID may be decrypted at the key management work station
500.
[0382] The user transmits the public key Q.sub.ID generated
corresponding to the secret key d.sub.ID to the key management work
station 500.
[0383] The key management work station 500 recognizes an identity
of a user transmitting the public key Q.sub.ID, carries out
signature producing computation on the transmitted public key
Q.sub.ID with the secret key d.sub.c possessed by the key
management work station 500 and transmits the signature data
S.sub.dc (Q.sub.ID) to that user.
[0384] According to this embodiment, like the case indicated by 1:,
the secret key d.sub.ID as a master key possessed by user is
provided with key recovery function and stored in the network key
structure data base 580 with a correspondence to user ID.
[0385] Which the secret key d.sub.ID as a master key possessed by
each user and a corresponding public key Q.sub.ID are to be
generated by the key management work station 500 or user is
selected depending on user condition.
[0386] If the above method is applied, cryptographic communication
can be achieved between the IC card (as a reception side user) and
a reader (as a transmission side user) which is an information
processing unit installed on a retailer counter or the like not
through the key management work station 500, with the IC card
inserted in the reader.
[0387] If the encryption algorithms are different between the IC
card and reader which is the information processing unit, when user
inserts the IC card into the reader, cryptographic communication or
payment cannot be achieved until the encryption algorithm of the
both are made equal.
[0388] In this case, a necessity of converting the encryption
algorithm occurs. If this encryption algorithm conversion is
possible in the condition that the IC card is inserted in the
reader which is the information processing unit installed on a
retailer counter, user's procedure is simplified, thereby ensuring
a lot of convenience.
[0389] Such encryption algorithm conversion will be described with
reference to FIGS. 17 and 18.
[0390] In case of elliptical curve cipher, the encryption algorithm
is determined by coefficients a and b of the elliptical curve
Y.sup.2=X.sup.3+ax+b, characteristic p of coefficient, base point P
and its order n. This encryption algorithm may be kept secret or
public.
[0391] The public key Q and secret key d of an elliptical curve
cipher are expressed as Q=d.multidot.P (.multidot. is computation
on an elliptical curve) by the base point P.
[0392] Even if the coefficients a and b of the elliptical curve
y.sup.2=x.sup.3+ax+b are equal, it is possible to provide different
encryption algorithms having the same encryption intensity by
changing the base point P. If the coefficients a, b and
characteristic p of the coefficient are changed, the elliptical
curve is changed, so that a different encryption algorithm is
settled.
[0393] If the elliptical curve is generated so as to have almost
equal key length before and after the coefficients a, b and
characteristic p of the coefficient are changed, a plurality of
almost the same encryption algorithms having different encryption
intensity can be provided.
[0394] In case where the coefficients a, b and characteristic p of
the coefficient are changed, the encryption intensity or key length
can be changed depending on a generation method of the elliptical
curve.
[0395] Hereinafter, a case assuming that the encryption algorithm
used by the IC card is EBF and the encryption algorithm used by a
reader as an information processing unit is EANG and the key length
of the EANG is longer than that of the EBF will be described about
other example of the encryption algorithm conversion.
[0396] Here, cryptographic communication system to which the
encryption algorithm conversion is applied will be described with
reference to FIG. 21. This cryptographic communication system
employs a hierarchical structure having a simplex cipher key. That
is, this system does not employ the scramble key and descramble key
of the cryptographic communication system shown in FIG. 16.
[0397] First of all, data base about the key and encryption
algorithm possessed by the transmission side user, reception side
user and network management work station will be described with
reference to the software function of the network communication
system shown in FIG. 3. In this embodiment, the transmission side
user corresponds to a reader as the information processing unit and
the reception side user corresponds to a portable information
processing unit such as an IC card.
[0398] With reference to FIG. 19, examples of information to be
stored in the data base about the key and encryption algorithm will
be described.
[0399] (1) Data base of the key management work station 500
[0400] 1: Network encryption algorithm management data base 590
[0401] The data base stores encryption algorithms A[1], A[2], . . .
A[N] of all the elliptical curves for use by this network
communication system, version numbers B[1], B[2], . . . B[N]
corresponding to the encryption algorithms, secret keys d.sub.c[1],
d.sub.c[2], . . . d.sub.c[N] as a master key for use by the key
management work station 500 corresponding to the encryption
algorithms, and public keys Q.sub.c[1], Q.sub.C[2], . . .
Q.sub.C[N] corresponding to the secret keys.
[0402] In the encryption algorithm EBF of this embodiment, the
version number BF, the secret key d.sub.c as the master key and the
public key Q.sub.C corresponding to this secret key are stored
corresponding to the encryption algorithm EBF. Likewise, in the
encryption algorithm EANG of this embodiment, the version number
BG, the secret key d.sub.cg as the master key and the public key
Q.sub.cg corresponding to this secret key are stored corresponding
to the encryption algorithm EANG.
[0403] 2: Network key management data base 580
[0404] The network key management data base 580 stores user ID of
user of an IC card or a reader which is an information processing
unit, ID[1], ID[2], . . . ID[M], version numbers of the encryption
algorithm for use by this user, BP [1], BP[2], . . . BP[M], and the
public keys for use by the user with this encryption algorithm,
Q.sub.ID[1], Q.sub.ID[2], . . . Q.sub.ID[M] corresponding to the
user ID.
[0405] The secret keys d.sub.ID[1], d.sub.ID[2], . . . d.sub.ID[M]
as the master key for use by each user corresponding to the
encryption algorithm are supplied with the key recovery function
and stored corresponding to each user ID.
[0406] (2) Data base of the transmission side user 100 (reader
which is an information processing unit)
[0407] 1: encryption algorithm data base 190
[0408] (i) As information of the encryption algorithm operated by
the user, the encryption algorithm data base 190 stores encryption
algorithm EANG, version number BG, public key Q.sub.cg for use by
the key management work station 500 under this encryption algorithm
and signature data S.sub.dcg(EANG) of the key management work
station 500 corresponding to the encryption algorithm EANG.
[0409] Here, the signature data S.sub.dcg(EANG) is obtained by
carrying out signature producing computation on the encryption
algorithm EANG with the secret key d.sub.cg as the master key for
use by the key management work station 500 under the encryption
algorithm EANG.
[0410] (ii) As information about the encryption algorithm operated
by the network communication system, the encryption algorithms
A[1], A[2], . . . A[N], corresponding version numbers B[1], B[2], .
. . B[N], the public keys for use by the key management work
station 500, Q.sub.C[1], Q.sub.C[2], . . . Q.sub.C[N], and
signature data of the key management work station corresponding to
the public key Q.sub.cg, S.sub.dc[1](Q.sub.cg),
S.sub.dc[2](Q.sub.cg), . . . S.sub.dc[N](Q.sub.cg) are stored
corresponding to the encryption algorithms.
[0411] Here, the signature data S.sub.dc[i](Q.sub.cg) is obtained
by carrying out signature producing computation on the public key
Q.sub.cg with the secret key d.sub.c[i] as the master key for use
by the key management work station 500 under the encryption
algorithm A[i].
[0412] Specifically in the encryption algorithm EBF of this
embodiment, the version number BF, public key Q.sub.c and signature
data S.sub.dc (Q.sub.cg) are stored corresponding to the encryption
algorithm EBF.
[0413] Here, the signature data S.sub.dc(Q.sub.cg) is obtained by
carrying out signature producing computation on the public key
Q.sub.cg with the secret key d.sub.c as the master key for use by
the key management work station 500 under the encryption algorithm
EBF.
[0414] 2: Key structure management data base 180
[0415] The key structure management data base 180 stores the
encryption algorithm to be operated by user, namely in this
embodiment, the secret key d.sub.ID as the master key for use by
the user under the encryption algorithm EANG, public key Q.sub.ID
corresponding to this secret key and signature data
S.sub.dcg(Q.sub.ID) obtained by carrying out signature producing
computation on the public key Q.sub.ID with the secret key d.sub.cg
as the master key for use by the key management work station 500
under the encryption algorithm EANG.
[0416] (3) Reception side user (IC card) 200 data base
[0417] 1: encryption algorithm data base 290
[0418] As information about the encryption algorithm operated by
the user, the encryption algorithm EBF, version number BF, public
key Q.sub.c for use by the key management work station 500 under
this encryption algorithm and signature data S.sub.dc(EBF) of the
key management work station 500 relative to the encryption
algorithm EBF are stored.
[0419] Here, the signature data S.sub.dc(EBF) is obtained by
carrying out signature producing computation on the encryption
algorithm EBF with the secret key d.sub.c as the master key for use
by the key management work station 500 under the encryption
algorithm EBF.
[0420] 2: Key structure management data base 280
[0421] The key structure management data base 280 stores the
encryption algorithm to be operated by user, namely in this
embodiment, the secret key d.sub.YID as the master key for use by
the user under the encryption algorithm EBF, public key Q.sub.YID
corresponding to this secret key and signature data
S.sub.dc(Q.sub.YID) obtained by carrying out signature producing
computation on the public key Q.sub.YID with the secret key d.sub.C
as the master key for use by the key management work station 500
under the encryption algorithm EBF.
[0422] Above, the data base about the key and encryption algorithm
which are a presumption for the encryption algorithm conversion has
been described.
[0423] A public key for use by the key management work station 500,
signature data produced with the secret key as a master key for use
by the key management work station 500, an encryption algorithm and
a version number corresponding thereto are stored in the
transmission side user and reception side user data bases.
[0424] These data are distributed by the key management work
station 500.
[0425] Next, an example of encryption algorithm conversion to be
carried out between a transmission side user (reader which is an
information processing unit) and a reception side user (IC card)
will be described with reference to FIGS. 17 and 18.
[0426] Although for encryption algorithm conversion, the elliptical
curve encryption algorithm may be sent in open state, according to
this embodiment, it is sent in encryption state.
[0427] Here, assuming that as described previously, the key length
of the EANG is longer than that of the EBF, a case where the
encryption algorithm EBF of an IC card is converted to the
encryption algorithm EANG will be described.
[0428] 1: User possessing an IC card purchases at a shop or the
like and inserts the IC card into a reader as the information
processing unit to pay for purchased goods.
[0429] The cryptographic communication control function of the
reader as the information processing unit adds a version number BG
to the operating encryption algorithm EANG and sends a "session key
issue request" to cryptographic communication control function 250
of the IC card.
[0430] 2: If the version number of the encryption algorithm
operated by the IC card agrees with the BG, the IC card issues the
public key possessed by himself and the signature data of the
public key and carries out cryptographic communication with the
reader as the information processing unit according to a procedure
shown in FIG. 21.
[0431] However, the version number of the encryption algorithm EBF
operated by the IC card is BF, which is different from the
transmitted version number BG.
[0432] After recognizing that the version number is different, the
cryptographic communication control function 250 adds BF to this
version number and sends an "encryption algorithm updating request"
to the cryptographic communication control function 150 of a reader
which is an information processing unit.
[0433] 3: Under the version number BF, the reader as the
information processing unit retrieves in the encryption algorithm
data base 190 and fetches out the public key Q.sub.cg of the key
management work station 500 operated with the encryption algorithm
EANG and signature data S.sub.dc(Q.sub.cg) obtained by carrying out
signature producing computation on the public key Q.sub.cg with the
secret key d.sub.c as a master key for use by the key management
work station 500 under the encryption algorithm EBF and transmits
this public key Q.sub.cg and the signature data S.sub.dc(Q.sub.cg)
to the IC card.
[0434] 4: The IC card carries out signature verifying computation
on the transmitted public key Q.sub.cg and signature data S.sub.dc
(Q.sub.cg) using the public key Q.sub.c of the key management work
station 500 operated under the encryption algorithm EBF, so as to
verify that the public key Q.sub.cg has been transmitted from the
reader as a proper information processing unit.
[0435] 5: Next, the IC card carries out signature producing
computation on the public key Q.sub.YID with the public key
Q.sub.YID of an IC card operated under the encryption algorithm EBF
from the key structure management data base 280 and the secret key
d.sub.c as a master key for use by the key management work station
500 under the encryption algorithm EBF and fetches out the
signature data S.sub.dc(Q.sub.YID) distributed from the management
work station 500, and then transmits this public key Q.sub.YID and
signature data S.sub.dc(Q.sub.YID) to the reader as an information
processing unit.
[0436] 6: The reader as the information processing unit carries out
signature verifying computation on the received public key
Q.sub.YID and signature data S.sub.dc(Q.sub.YID) using the public
key Q.sub.c of the key management work station 500 operated under
the encryption algorithm EBF, so as to verify that the public key
Q.sub.YID has been transmitted from a proper IC card.
[0437] 7: The reader as the information processing unit, encrypts
the encryption algorithm EANG with the public key Q.sub.YID by
operating the encryption algorithm EBF so as to create the
encrypted statement EBF.sub.QYID (EANG).
[0438] At the same time, signature producing computation is carried
out on the encryption algorithm EANG with the secret key d.sub.cg
as a master key for use by the key management work station 500
under the encryption algorithm EANG. Then, the signature data
S.sub.dcg(EANG) distributed from the management work station 500 is
fetched out and the encrypted statement EBF.sub.QYID(EANG) and
signature data S.sub.dcg(EANG) are transmitted to the IC card.
[0439] 8: The IC card decrypts the transmitted encrypted statement
EBF.sub.QYID (EANG) using the secret key d.sub.YID possessed by the
IC card operated under the encryption algorithm EBF so as to obtain
the encryption algorithm EANG.
[0440] Next, the IC card converts the operating encryption
algorithm from EBF to the obtained EANG, and carries out signature
verifying computation on the obtained encryption algorithm EANG and
received signature data S.sub.dcg(EANG) using the public key
Q.sub.cg of the key management work station 500 obtained in 4: so
as to verify that this is an encryption algorithm distributed from
a reader as a proper information processing unit. As a result,
updating of the encryption algorithm to this EANG is completed.
[0441] 9: Because the key length of the encryption algorithm EANG
is longer than the encryption algorithm EBF, the secret key
d.sub.YID as the master key of the IC card is used as a secret key
of the encryption algorithm EANG as it is and a corresponding
public key Q.sub.YIDC (=P.multidot.d.sub.YID; .multidot. is
computation on an elliptical curve) is generated from the base
point P of the received encryption algorithm EANG.
[0442] The IC card returns the encryption algorithm to EBF
temporarily and carries out signature producing computation on the
public key Q.sub.YIDC using the secret key d.sub.YID under the
encryption algorithm EBF so as to produce signature data S.sub.dYID
(Q.sub.YIDC).
[0443] The IC card transmits the generated public key Q.sub.YIDC
and signature data S.sub.dYID (Q.sub.YIDC) to the reader as an
information processing unit.
[0444] 10: The reader as the information processing unit converts
the encryption algorithm to EBF temporarily and carries out
signature verifying computation on the received signature data
S.sub.dYID(Q.sub.YIDC) and public key Q.sub.YIDC using the public
key Q.sub.YID obtained in 6:, so as to verify that it is a public
key Q.sub.YIDC of an IC card distributed from a proper IC card.
[0445] After that, the encryption algorithm is converted to the
encryption algorithm EANG again.
[0446] 11: The reader as the information processing unit carries
out signature producing computation on the public key Q.sub.ID with
the public key Q.sub.ID for use by the reader as the information
processing unit operated under the encryption algorithm EANG sent
from the key structure management data base 180 and the secret key
d.sub.cg as a master key for use by the key management work station
500 under the encryption algorithm EANG. Then, the signature data
S.sub.dcg(Q.sub.ID) distributed from the management work station
500 is fetched out and this public key Q.sub.ID and the signature
data S.sub.dcg(Q.sub.ID) are transmitted to the IC card.
[0447] 12: The IC card carries out signature verifying computation
on the received signature data S.sub.dcg(Q.sub.ID) and public key
Q.sub.ID using the public key Q.sub.cg of the key management work
station 500 obtained in 4: under the encryption algorithm EANG, so
as to verify that it is a public key Q.sub.ID for the reader as an
information processing unit, transmitted from the reader as a
proper information processing unit.
[0448] 13: Consequently, the IC card and the reader as the
information processing unit share the encryption algorithm EANG and
verifies the validities of the public keys (public key Q.sub.ID of
a reader as the information processing unit and public key
Q.sub.YIDC of the IC card). By carrying out data encryption with
this public key, cryptographic communication, signature producing
computation and signature verifying computation can be executed
between the IC card and the reader as the information processing
unit, thereby enabling payment.
[0449] The key management work station 500 does not do anything in
the above described procedure.
[0450] However, because the IC card has no signature data of the
key management work station 500 regarding the converted public key
Q.sub.YIDC, it cannot be used just as it is, but after the payment
is settled, the encryption algorithm needs to be returned from EANG
to EBF.
[0451] Next, an example for obtaining signature data of the key
management work station by the public key Q.sub.YIDC converted by
the IC card will be described with reference to FIG. 18.
[0452] 1: The signature data S.sub.dYID (Q.sub.YIDC) produced with
the secret key d.sub.YID under the encryption algorithm EBF for the
public key Q.sub.YIDC of an IC card operated by the encryption
algorithm EANG whose validity is verified, is transmitted from the
IC card to the reader as the information processing unit.
[0453] This signature data S.sub.dYID (Q.sub.YIDC), public key
Q.sub.YIDC, public key Q.sub.YID of an IC card operated with the
encryption algorithm EBF, version number BF of the encryption
algorithm EBF, version number BG of the encryption algorithm EANG,
and user ID of the IC card are transmitted to the key management
work station 500.
[0454] 2: With the user ID of the IC card as a key, the key
management work station 500 retrieves in the network key management
data base 580 and verifies that the public key Q.sub.YID of a
received IC card exists.
[0455] Signature verifying computation is carried out on the
signature data S.sub.dYID (Q.sub.YIDC) and public key Q.sub.YIDC
using the public key Q.sub.YID of the IC card so as to verify that
it is a public key Q.sub.YIDC of a proper IC card.
[0456] In the above procedure, it is verified that the public key
Q.sub.YIDC is a public key of the IC card.
[0457] 3: Signature producing computation is carried out on this
public key Q.sub.YIDC using the secret key d.sub.cg of the key
management work station 500 operated with the encryption algorithm
EANG so as to create signature data S.sub.dcg(Q.sub.YIDC) and it is
returned to the reader as the information processing unit.
[0458] The key management work station 500 updates a version number
of the encryption algorithm stored corresponding to the user ID of
the IC card in the network key management data base 580 and the
public key to BG and Q.sub.YIDC respectively.
[0459] 4: The reader as the information processing unit transmits
this signature data S.sub.dcg(Q.sub.YIDC) to the IC card.
[0460] In the above processing, the IC card is capable of obtaining
the signature data S.sub.dcg(Q.sub.YIDC) of the key management work
station 500 for the public key Q.sub.YIDC.
[0461] In the above described embodiment, the key management work
station 500 verifies an existence of the public key Q.sub.YID
before the conversion and signature data of the public key
Q.sub.YIDC after the conversion thereby preventing an access of a
false IC card.
[0462] The IC card possesses the public key Q.sub.YIDC operated
under the encryption algorithm EANG and signature data
S.sub.dcg(Q.sub.YIDC) of the key management work station 500 and is
capable of operating the encryption algorithm EANG.
[0463] The key management work station only has to carry out
signature production and signature verifying computation on a
public key generated with respect to the converted encryption
algorithm. Thus, with the IC card inserted into the reader as the
information processing unit, encryption algorithm conversion can be
carried out.
[0464] In this encryption algorithm conversion, user (IC card in
this case) generates its own secret key and public key for a new
encryption algorithm.
[0465] In this embodiment, it is specified that the secret keys
possessed by the user are the same for the encryption algorithm
before the conversion and encryption algorithm after the
conversion.
[0466] Such a secret key setting method is effective when the key
lengths of the encryption algorithms mixing in a system vary and it
cannot be specified which key length encryption algorithm the user
is using.
[0467] It can be considered that conversion of encrypting algorithm
is carried out to one which has a longer key which any user does
not use.
[0468] In this case, if the key length of a secret key used by each
user is the same as before the conversion, the key length used by
every user is not increased although a key length permitted by the
encryption algorithm is extended. In this case, a cipher attacker
can attack with a range of the key length to be attacked limited to
an original key length. That is, it does not come that
substantially the encryption intensity is increased, even if the
allowable key length is prolonged.
[0469] To avoid this event, a method in which the key length is
prolonged as shown in FIG. 15 can be considered effective.
[0470] In this case, even if every user increases the key length
based on a random number, key management is made easier because the
same key length does not exist.
[0471] An attention has to be paid to only a user newly
participating in the system so that the same key may not exist.
[0472] The method for user to generate his or her own secret key
and public key for a new encryption algorithm is applicable to
ordinary encryption algorithm conversion described in FIGS. 13, 14
and 11. If user generates his or her own secret key, a possibility
that the secret key may be decrypted by the key management work
station can be avoided. Hereinafter, an example for generating his
or her own secret key with respect to the encryption algorithm
conversion will be described with reference to FIG. 20.
[0473] Although in the encryption algorithm conversion of this
case, it is necessary to verify the scramble function and
descramble function, this is the same method as described in FIGS.
13, 14 and 11 and only an encryption algorithm distribution method
and a generation method for a secret key to be possessed by user
himself will be stated here.
[0474] An operating condition of the public key encryption method
mentioned here employs the cryptographic communication method shown
in FIG. 16 and FIG. 20 shows an example of the encryption algorithm
conversion in this cryptographic communication method.
[0475] In this Figure, it is assumed that the encryption algorithm
operated by the reception side user is EBF and the encryption
algorithm to be converted is EANG.
[0476] As described in FIGS. 13, 14 and 11, it is assumed that a
secret key as a master key to be operated by the key management
work station relative to the encryption algorithm EBF is dc and a
public key corresponding to this secret key is Q.sub.c.
[0477] Likewise, it is assumed that the secret key as a master key
for the key management work station to operate the encryption
algorithm EANG is d.sub.cg and the public key corresponding to this
secret key is Q.sub.cg.
[0478] On the other hand, it is assumed that the secret key as a
master key to be operated by the reception side user for the
encryption algorithm EBF is d.sub.YID and the public key
corresponding to this secret key is Q.sub.YID.
[0479] The above described presumption is the same as shown in
FIGS. 13, 14 and 11 and an embodiment of the encryption algorithm
conversion will be described.
[0480] (1) The network key management function 570 of the key
management work station 500 creates the following encrypted
statement and signature data using the encryption algorithm EBF
before the conversion.
[0481] 1: A scramble key K.sub.SB for encrypting the encryption
algorithm EANG and a descramble key K.sub.DB for decrypting are
generated with the encryption algorithm EBF before the
conversion.
[0482] 2: The encryption algorithm EANG is encrypted with the
scramble key k.sub.SB so as to create an encrypted statement
EBF.sub.KSB(EANG).
[0483] Further, the public key Q.sub.YID as the master key of the
reception side user is fetched out and the descramble key K.sub.DB
is encrypted so as to create an encrypted statement
EBF.sub.QYID(K.sub.DB).
[0484] 3: Signature producing computation is carried out on the
encryption algorithm EANG with the encryption algorithm EBF before
the conversion and the secret key d.sub.c which is a master key of
the key management work station 500 so as to create signature data
S.sub.dc (EANG).
[0485] 4: Signature producing computation is carried out on the
encryption algorithm EBF before the conversion and the public key
Q.sub.cg as a master key of the key management work station 500
which is applied to the encryption algorithm EANG after the
conversion with the secret key dc as the master key of the key
management work station 500 so as to create signature data
S.sub.dc(Q.sub.cg).
[0486] 5: Two produced encrypted statements EBF.sub.QYID
(K.sub.DB), EBF.sub.KSB(EANG), two signature data S.sub.dc(EANG),
S.sub.dc(Q.sub.CG) and the public key Q.sub.cg of the key
management work station 500 are transmitted to the IC card (the
reception side user) via an IC card reader (not shown in FIG.
20).
[0487] (2) Reception side user's obtaining the encryption
algorithm
[0488] The reception side user operates EBF as an encryption
algorithm and possesses the secret key d.sub.YID as a master key
and a public key Q.sub.c of the key management work station 500
operated by the encryption algorithm EBF.
[0489] 1: An encrypted statement EBF.sub.QYID (K.sub.DB) is
decrypted using the secret key d.sub.YID as a master key so as to
obtain the descramble key K.sub.DB. Next, the encrypted statement
EBF.sub.KSB(EANG) is decrypted using this descramble key K.sub.DB
so as to obtain the encryption algorithm EANG. Signature verifying
computation is carried out on the signature data S.sub.dc (EANG)
and obtained encryption algorithm EANG using the public key Q.sub.c
of the key management work station 500 under the encryption
algorithm EBF and it is verified whether or not the obtained
encryption algorithm EANG has been transmitted from the proper key
management work station 500.
[0490] 2: Under the encryption algorithm EBF, signature verifying
computation is carried out on the signature data S.sub.dc
(Q.sub.cg) and the public key Q.sub.cg to be operated on the
received encryption algorithm EANG converted by the key management
work station 500 using the public key Q.sub.C of the key management
work station 500 so as to verify that the transmitted public key is
a public key of a proper key management work station 500.
[0491] In the above manner, the reception side user has obtained
the encryption algorithm EANG and public key Q.sub.cg to be
operated on the encryption algorithm EANG of the key management
work station 500. Then, the obtained encryption algorithm EANG is
registered in the encryption algorithm management data base 290,
and the encryption algorithm EANG as well as EBF is made operable
by the encryption algorithm management function.
[0492] (3) Conversion of the key possessed by the reception side
user
[0493] 1: With respect to the encryption algorithm EANG transmitted
from the key management work station 500, the reception side user
generates a new secret key d.sub.YIDC as a master key which he owns
himself.
[0494] The following three methods can be mentioned as a method for
generating the secret key.
[0495] (a) Using the secret key d.sub.YID operated with the
encryption algorithm EBF as a secret key of the encryption
algorithm EANG
[0496] (b) Generating a new secret key d.sub.YIDC by adding a
random number to the secret key d.sub.YID operated with the
encryption algorithm EBF as shown in FIG. 15.
[0497] (c) Generating a new secret key d.sub.YIDC according to
information of the encryption algorithm EANG.
[0498] The secret key d.sub.YIDC to be possessed by the reception
side user himself or herself is generated by any of these methods
so as to generate the public key Q.sub.YIDC corresponding to this
secret key.
[0499] Because the above method (c) has a possibility that the
generated secret key may agree with a key of other user as
described previously, it is necessary for the key management work
station 500 to verify that there is no public key which the other
user uses.
[0500] In case when an encryption algorithm EANG to be converted is
an elliptical curve cipher, with the base point of this algorithm
as P, the public key Q.sub.YIDC is given as P.multidot.d.sub.YIDC
(.multidot. is computation on elliptical curve).
[0501] 2: The reception side user returns the encryption algorithm
to EBF temporarily and carries out signature producing computation
on the public key Q.sub.YIDC using the secret key d.sub.YID under
this encryption algorithm EBF so as to create signature data
S.sub.dYID((Q.sub.YIDC). The generated public key Q.sub.YIDC,
signature data S.sub.dYID (Q.sub.YIDC) and the reception side
user's ID are transmitted to the key management work station 500
via the IC card reader (not shown in FIG. 20).
[0502] 3: The key management work station 500 returns the
encryption algorithm to EBF and queries the network key management
data base 580 with the transmitted user ID as a key so as to fetch
out the public key Q.sub.YID of a given reception side user. Next,
signature verifying computation is carried out on the transmitted
public key Q.sub.YIDC and signature data S.sub.dYID (Q.sub.YIDC)
using the public key Q.sub.YID of this reception side user so as to
verify that this is a public key Q.sub.YIDC transmitted from a
proper reception side user.
[0503] Because the key management work station 500 queries the
network key management data base 580 and recognizes the public key
Q.sub.YID of the reception side user, it is possible to prevent a
false reception side user from accessing this system.
[0504] In the above manner, the key management work station 500
obtains the public key Q.sub.YIDC operated by the reception side
user under the converted encryption algorithm EANG. After that, the
key management work station 500 needs a series of procedure related
to the encryption algorithm conversion, such as carrying out
signature producing computation on the public key Q.sub.YIDC
operated by the reception side user by using the secret key
d.sub.cg as a master key operated under the encryption algorithm
EANG, creating signature data S.sub.dcg(Q.sub.YIDC), sending it to
the reception side user, verifying the scramble function and
descramble function. These are achieved by carrying out the
procedure for the encryption algorithm conversion described in
FIGS. 13, 14 and 11.
[0505] An example for user to generate his own key himself or
herself for a new encryption algorithm has been described. Finally,
(1) conversion from a common key encryption algorithm to other
public key encryption algorithm and (2) conversion from the public
key encryption algorithm to other common key encryption algorithm
will be described below.
[0506] (1) Conversion from a common key encryption algorithm to
other public key encryption algorithm
[0507] The embodiment of the encryption algorithm conversion from
the common key encryption algorithm to other common key encryption
algorithm has been described with reference to FIGS. 8, 9 and
6.
[0508] In this case, it is assumed that the encryption algorithm
before the conversion is EBF and the encryption algorithm after the
conversion is EANG.
[0509] A case where the encryption algorithm will be converted from
the common key encryption algorithm to other public key encryption
algorithm will be described assuming that the common key encryption
algorithm before the conversion is EBF and the public key
encryption algorithm after the conversion is EANG to use the same
symbols.
[0510] The public key encryption algorithm EANG after the
conversion can be encrypted with the common key encryption
algorithm EBF before the conversion according to the embodiment
shown in FIGS. 8, 9 and 6 and distributed.
[0511] In case where the common key encryption algorithm is
converted to the public key encryption algorithm, it is necessary
to generate a new secret key and public key and verify the scramble
function and descramble function for a converted public key
encryption algorithm. This series of key generation and functional
verification can be carried out according to the embodiment of the
public key encryption algorithm conversion shown in FIGS. 13, 14
and 11.
[0512] (2) Conversion from the public key encryption algorithm to
other common key encryption algorithm
[0513] The common key encryption algorithm is different from the
public key encryption algorithm in that no signature producing
computation or signature verifying computation is carried out.
[0514] Therefore, in case where the public key encryption algorithm
is converted to other common key encryption algorithm, the
encryption algorithm conversion can be carried out in a procedure
excluding the signature producing and verifying computations in the
embodiment of the public key encryption algorithm conversion shown
in FIGS. 13, 14 and 11.
[0515] The embodiment of the encryption algorithm conversion has
been described above.
[0516] Whether or not the encryption algorithm conversion has been
carried out properly in the embodiment of the encryption algorithm
conversion shown in FIG. 5, embodiment of the common key encryption
algorithm conversion shown in FIGS. 8, 9 and 6 and embodiment of
the public key encryption algorithm conversion shown in FIGS. 13,
14 and 11, is verified by operating the scramble function and
descramble function of cryptographic communication system,
encrypting plain text data MD "confirmation of descramble function
after the algorithm conversion is terminated" and plain text data
MS "algorithm conversion confirmation test is terminated",
transmitting the data and verifying whether or not the data are
successfully decrypted.
[0517] If a given plain text data MD or plain text data MS is not
decrypted in each process for confirmation of this encryption
algorithm conversion, a response message to "encryption algorithm
conversion operation error" is transmitted and that given process
is executed again.
[0518] In a process for exchange of encryption algorithm conversion
data in the embodiment of the public key encryption algorithm
conversion shown in FIGS. 17, 18, 13, 14 and 11, signature
verifying computation is carried out on signature production data
created under the public key encryption algorithm. If an error
occurs in the signature production data as a result of this
signature verifying computation, a response message "encryption
algorithm conversion operation error" is transmitted and that given
process is executed again.
[0519] If the plain text data MD or plain text data MS is not
decrypted after that reexecution or an error occurs in the
signature production data as a result of the signature verifying
computation, a response message "encryption algorithm conversion
abnormal termination" is transmitted and then the encryption
algorithm conversion process is interrupted.
[0520] If such a response "encryption algorithm conversion abnormal
termination" occurs, cryptographic communication system components
are inspected in viewpoints of hardware and software.
[0521] Although FIGS. 13, 14 and 11 show the embodiments of the
public key encryption algorithm conversion, if the encryption
algorithm conversion is not carried out or if the encryption
algorithm is the same and therefore, not distributed, the key
management station sends a procedure for distributing a key for use
by user for key updating, deletion and the like. Although in the
embodiment of the public key encryption algorithm conversion shown
in FIGS. 17 and 18, the process for encryption algorithm conversion
confirmation by the plain text data MD and MS has not been
described, the encryption algorithm conversion confirmation can be
carried out by encrypting the plain text data MD and MS with the
public key based on the encryption algorithm and sending them
according to the embodiment shown in FIGS. 13, 14 and 11.
[0522] According to the present invention, the encryption algorithm
can be distributed with the safety and further, converted in a
condition that time and labor required for the distribution are
reduced.
[0523] Further, by the above-mentioned encryption algorithm
conversion, encryption algorithms operated by plural users are
capable of sharing the same encryption algorithm or that shared
encryption algorithm can be changed to other encryption
algorithm.
* * * * *