Cryptography – Key management – Having particular key generator
Utility Patent
1998-01-26
2001-01-02
Swann, Tod R. (Department: 2767)
Cryptography
Key management
Having particular key generator
C380S200000, C380S201000, C705S016000
Utility Patent
active
06169803
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an encryption key processing system for generating an encryption key for use in encipherment of data and, more particularly, to an encryption key processing system which can be incorporated into a data recovery system capable of restoring enciphered data even when a user loses a key or into a key setting system which sets a key for use in the data recovery system, as well as saving secret information related to the set key in a plurality centers.
2. Description of the Related Art
Among conventional data recovery systems which restore enciphered data by using a specific key are those disclosed in International Publication No. WO 93/21708, entitled “VERIFYING SECRET KEYS IN A PUBLIC-KEY CRYPTOSYSTEM” (Article 1), U.S. Pat. No. 5,557,346, entitled “SYSTEM AND METHOD FOR KEY ESCROW ENCRYPTION” (Article 2), U.S. Pat. No. 5,557,765, entitled “SYSTEM AND METHOD FOR DATA RECOVERY” (Article 3) and the literature “File Key Management Using Public Key Encryption” (Kazutoyo Kurita and Hiroshi Miyauchi, 47th National Conference of Japanese Society of Information Processing Engineers of Japan, April 1978) (Article 4).
These conventional data recovery systems provide a means for coping with user's loss of a session key. In the system disclosed in Article 1, for example, each user divisionally provides consignees with his secret key, so that when the user loses a session key, the user terminal system is allowed to obtain the secret key from the consignee to restore the session key. On the other hand, in the system disclosed in Article 2, a user enciphers his own session key and his own identification information by a public key of a center and stores the enciphered key and information, so that when the user loses the session key, he has the enciphered data decoded by the center by using the enciphered session key and identification information. For excluding other's request for decoding of enciphered data, when the center decodes enciphered data, the system is allowed to present a decoding result after confirming that the user's identification information appears in a decoded text.
The conventional technique recited in Article 1, however, needs numerous management steps because a secret key of each user is saved in a plurality of centers.
On the other hand, the conventional technique recited in Article 4 needs another management mechanism for excluding overlap of identification information and seizing a corresponding relationship between identification information and an actual individual because the user's identification information is not authorized, which results in making the system structure complicated.
In addition, the system recited in Article 1 in which a user divisionally provides a plurality of consignees with his secret key requires each user to follow lodging procedures by himself so as to enable a consignee to verify that the user properly divides his own secret key. This makes the procedures troublesome. When encryption communication is conducted by using this system, for example, a user will generate a public key and a secret key based on secret information issued from a key management center and provide a consignee with the secret key.
Moreover, with the system, all the centers might restore a user's secret key and use the key for other purpose in conspiracy with each other.
Conventional encryption communication technique is recited, for example, in Patent Laying-Open (Kokai) No. Heisei 3-16339, entitled “Encryption Key Delivery System” (Article 5). Article 5 recites a key deliver system in which each sub-system generates and delivers a key delivery code of an encryption key by using identification information assigned to each system and secret information dependent on the identification information, while a sub-system as a receiver of the key delivery code generates the same encryption key by using the identification information of the sub-system as a sender and secret information of the own system, thereby enabling key delivery by one-way communication from a sender to a receiver, while preventing false use of keys by the alteration of public information.
SUMMARY OF THE INVENTION
An object of the present invention is to provide an encryption key processing system realizing a data recovery system capable of unifying secret information managed by a restoration center, as well as excluding a request for restoration from a false user with ease.
Another object of the present invention is to provide an encryption key processing system realizing a key setting system in which a key management center issues secret information divisionally at the time of key setting to eliminate user's need to follow lodging procedures.
According to one aspect of the invention, an encryption key processing system for generating an encryption key for use in enciphering data, comprises
a user terminal system which uses a key, and
a sub-system for holding information regarding the user terminal system,
the sub-system generating predetermined public information, secret information corresponding to the public information and a secret key dependent on an identifier of the user terminal system and sending the secret key to the user terminal system in secret, and
the user terminal system generating and using a key and necessary information based on the secret key and the public information received from the sub-system.
In the preferred construction, the user terminal system comprises key generation means for generating a key and key information by using an appropriate random number, the secret key and the public information, data processing means for enciphering and decoding data by using a key generated by the key generation means, and storage means for storing key information generated by the key generation means and enciphered data enciphered by the data processing means together, and
the sub-system comprises key restoration means for restoring a key of the user terminal system based on the key information, the secret information and an identifier of the user terminal system when necessary.
In the preferred construction, the user terminal system comprises key generation means for generating a key and key information by using an appropriate random number, the secret key and the public information, encipherment means for enciphering a key for storage arbitrarily set by using a key generated by the key generation means, as well as generating information of the key for storage, data processing means for enciphering and decoding data by using a key for storage enciphered by the encipherment means, and storage means for storing key information generated by the key generation means, key for storage information generated by the encipherment means and enciphered data enciphered by the data processing means together, and
the sub-system comprises key restoration means for restoring a key of the user terminal system based on the key information, the secret information and an identifier of the user terminal system when necessary.
In the preferred construction, the user terminal system comprises key generation means for generating a key and key information by using an appropriate random number, the secret key and the public information, encipherment means for enciphering an encryption key for communication set for enciphering a communication between specific user terminal systems by using a key generated by the key generation means, as well as generating information of the encryption key for communication, data processing means for enciphering and decoding data by using a key for storage enciphered by the encipherment means, and storage means for storing key information generated by the key generation means, key for storage information generated by the encipherment means and enciphered data enciphered by the data processing means together, and
the sub-system comprises key restoration means for restoring a key of the user terminal system based on the key information, the secret information and an identif
Miyauchi Hiroshi
Sako Kazue
Jack Todd
NEC Corporation
Sughrue Mion Zinn Macpeak & Seas, PLLC
Swann Tod R.
LandOfFree
Encryption key processing system to be incorporated into... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Encryption key processing system to be incorporated into..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Encryption key processing system to be incorporated into... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2461206