Cryptography – Key management – Having particular key generator
Reexamination Certificate
1998-09-29
2002-02-26
Chung, Phung M. (Department: 2132)
Cryptography
Key management
Having particular key generator
C380S255000, C380S277000, C380S278000, C380S283000, C713S150000, C713S168000
Reexamination Certificate
active
06351536
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an enciphering method in an encryption (a cipher) network system, a device constituting the cipher network system, and a medium storing therein a program for controlling the device.
2. Description of the Related Art
A common-key cryptosystem and a public-key cryptosystem are known as a cryptosystem for enciphering plaintext and for deciphering ciphertext in encryption communication.
In the common-key cryptosystem, a key used for enciphering (encrypting) the plaintext and a key used for deciphering (decrypting) the ciphertext are identical.
In the public-key cryptosystem, the plaintext is enciphered using a public key, and the ciphertext is deciphered using a secret key paired with the public key used for the encryption.
In the common-key cryptosystem, the key used for enciphering the plaintext is also used for deciphering the ciphertext. Therefore, the same key as the key used for enciphering the plaintext must be previously delivered to a person who is authorized to decipher the ciphertext. In the public-key cryptosystem, a person who receives the ciphertext must previously put his or her own public key on a database or the like set in a network and disclose the public key. However, data in the database or the like set in the network is liable to be altered without authorization. It is said that a manager of the database must issue a certificate of the public key.
SUMMARY OF THE INVENTION
An object of the present invention is to provide an enciphering method in which encryption communication can be established safely and simply through a network utilized by a lot of persons, a device constituting a cipher network system, and a medium storing a program for controlling the device.
A cipher network system according to the present invention is constituted by a first device and a second device which are connected to each other by a network. The first device and the second device can communicate with each other through the network. In the system, ciphertext is transmitted from the first device to the second device through the network, and the ciphertext is deciphered in the second device.
The first device enciphers plaintext in accordance with an encryption program. Ciphertext thus obtained and its identifier are transmitted from the first device to the second device.
In the second device, in accordance with a first key generation program for generating a pair of a first public key and a first secret key in a first public-key cryptosystem, the pair of the first public key and the first secret key is generated, and the generated first secret key and its identifier are held. The generated first public key and its identifier are transmitted from the second device to the first device.
In the first device, information relating to the decryption of the ciphertext is enciphered using the received first public key. The enciphered information and the identifier are transmitted to the second device.
In the second device, the received enciphered information is deciphered using the first secret key, which corresponds to the received identifier, of the held first secret keys. The ciphertext is deciphered utilizing the deciphered information.
According to the present invention, the information relating to the decryption of the ciphertext is enciphered, and the enciphered information is transmitted from the first device to the second device. Moreover, the information relating to the decryption of the ciphertext is enciphered using the first public key cryptosystem. The first secret key for decryption in the first public key cryptosystem is generated in the second device, and is held in the second device. Since the first secret key is not transmitted on the network, the secrecy thereof is high, thereby making it possible to construct a cipher system that is significantly high in safety. Further, identifiers are respectively attached to the ciphertext and various keys, so that the correspondence between the ciphertext and the keys can be recognized by the identifiers. The present invention is particularly effective when a plurality of encrypted communications are transmitted on the network.
In one mode of the present invention, the information relating to the decryption of the ciphertext is a common key for enciphering plaintext to create the ciphertext. The plaintext is enciphered (ciphertext) using the common key in the first device, and is deciphered in the second device using the same common key as the common key used for the encryption.
In another mode of the present invention, the information relating to the decryption of the ciphertext is a secret key for plaintext corresponding to a public key for plaintext for enciphering plaintext to create the ciphertext. The plaintext is enciphered (ciphertext) using the public key for plaintext in the first device, and is deciphered in the second device using the secret key for plaintext corresponding to the public key for plaintext used for the encryption.
In still another mode, the information relating to the decryption of the ciphertext is a second secret key corresponding to a second public key in a second public key cryptosystem used for enciphering a common key for enciphering plaintext to create the ciphertext. In this case, the common key enciphered by the second public key is transmitted from the first device to the second device. In the second device, the received enciphered information is deciphered using the first secret key to obtain the second secret key, and the common key enciphered by the second public key is deciphered using the second secret key.
In a further mode, the information relating to the decryption of the ciphertext is a second secret key corresponding to a second public key in a second public key cryptosystem used for enciphering a secret key for plaintext corresponding to a public key for plaintext for enciphering plaintext to create the ciphertext. The secret key for plaintext that has been enciphered by the second public key is transmitted from the first device to the second device. In the second device, the received enciphered information is deciphered using the first secret key to obtain a second secret key, and the secret key for plaintext which has been enciphered by the second public key is deciphered using the second secret key.
When a first key generation program is put on the first device, and the program, together with the ciphertext and the identifier, is transmitted from the first device to the second device, the first key generation program need not be held in the second device.
Conversely, when a program for enciphering the plaintext, and a program for enciphering the information relating to the decryption of the ciphertext using the first public key are held in the second device, and the programs are transmitted to the first device by the second device (including a case where the first device accesses the second device), only a program for communication (for example, a web browser) may be provided in the first device.
It is possible to utilize an electronic mail and an internet in order to transmit the program and the ciphertext.
For example, at least one of transmission data including the ciphertext, the enciphered information and the identifier which are transmitted from the first device to the second device and transmission data including the first public key and the identifier which are transmitted from the second device to the first device is transmitted with it being stored in a file attached to an electronic mail.
An address, in a network, assigned to a file in the second device storing the program for enciphering the information relating to the decryption of the ciphertext using the first public key is described using the second device as a server on a web page provided therein. The first device accesses the second device to fetch the web page and further accesses the address, in the network, described on the web page to fetch the program.
The above-mentioned program can be also stored in the web page (JAVA apple
Chung Phung M.
Jack Todd
McDermott & Will & Emery
LandOfFree
Encryption network system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Encryption network system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Encryption network system and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2945987