JPH09205419A - Private key retention management method - Google Patents

Abstract

(57) An object of the present invention is to provide a method for holding and managing a private key having an encryption / decryption key which is not stealable and which is managed by a simple device and management method. After a private key is used, a scramble key is generated from an access passphrase and predetermined information, the private key is encrypted and stored by the scramble key, and predetermined information for composing the scramble key is transmitted. Send it to the other party and erase it from your computer. The next time the private key is used, the predetermined information is received by sending the access passphrase to the communication partner, the scramble key is restored from the access passphrase and the predetermined information, and the private key is decrypted thereby. After using the private key, a scramble key is generated again, and the private key is encrypted and stored.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for holding and managing a secret key in secure communication using a public key method, and in particular, dividing a decryption key of a secret key stored in each user's computer, The present invention relates to a method for holding and managing a private key, which allows a part of the information to be stored in a communication partner (who needs to confirm the sender) or an arbitrary information processing device.

[0002]

2. Description of the Related Art Today, with the development of computers, electronic communication performed via a communication network has made remarkable progress. In particular, recently, electronic communication using a communication network accessible by an unspecified number of users (in this specification, such an open communication network is referred to as an open network) has significantly increased.

Particularly in recent years, membership-based sales systems utilizing the open network have been increasing. In such a membership sales system, a transaction form in which a product order is received by computer communication and the product is mailed to a member who ordered the product is widely adopted.

Further, a so-called electronic settlement method, which allows the debit from the credit account of the person himself or herself, has come into practical use by the person's consent by computer communication.

In the era of freely trading through such an open network, it is important to confirm which user (member) has sent the order for the product by computer communication or the consent for the direct debit. It becomes a problem. In particular, an open network has a huge number of communicating parties, and those who send communication messages (including both encrypted text and unencrypted plain text, which are digital text communication texts) This issue is even more important because you cannot see your face.

[0006] For example, if a third party impersonates a legitimate user and illegally sends a merchandise order or an account withdrawal consent by a communication message, if this cannot be immediately detected, the transaction is performed. It goes without saying that it will cause great confusion in the world.

Therefore, various methods for confirming the communication partner in electronic communication have been proposed. Among these methods of confirming the communication partner, a method called “public key” method is regarded as promising.

FIG. 2 schematically shows the method of concealing and authenticating a communication message by the above-mentioned "public key" method. FIG.
In the above, it is assumed that the user 1, the seller 2, and the credit company 3 perform computer communication with each other.

The user 1 has a public key P-Key-U disclosed to the seller 2 and the credit company 3 and a secret key S-Key-U known only to himself.

The seller 2 has a public key P-Key-M disclosed to the user 1 and the credit company 3 and a secret key S-Key-M known only to himself.

The credit company 3 has a public key P-Key-C disclosed to the user 1 and the seller 2, and a secret key S-Key-C known only to himself.

The public key and the private key are in a relationship of being able to decrypt the encrypted one another. That is, in the example of the user 1, the secret key S- of the user 1
The one encrypted by Key-U is the public key P of User 1.
-Key-U can be used for decoding. On the contrary, what is encrypted with the public key P-Key-U of the user 1 can be decrypted with the secret key S-Key-U of the user 1. This relationship can be applied to the public key and private key of the seller 2 and the credit company 3.

Next, a method of concealing and authenticating a communication message using the above public key and secret key will be described. First seller 2
Encrypts the product information with the public key P-Key-U of the user 1 and sends it to the user 1 (step S20).
0). On the other hand, when the user 1 orders a predetermined product, the user 1 encrypts his / her own ID information with the secret key S-Key-U in the sense that he / she certainly ordered, and puts it in the plaintext of the product order. Add. Furthermore, in order to prevent the information of the product order from being read by a third party, the entire product order to which the ID information is added is the public key PK of the seller 2.
It is encrypted by ey-M and sent to seller 2 (step S210).

The seller 2 having received the communication message of the product order first decrypts the communication message with his / her own secret key S-Key-M. However, user 1's private key S-
Since the ID information encrypted by the Key-U cannot be decrypted by the secret key S-Key-M of the seller 2, the seller 2 subsequently extracts the part that cannot be decrypted by the public key P-Key- of the user 1. Decode by U.

As a result, when the ID information of the user 1 is correctly decrypted, the seller 2 determines that the sender is the user 1
Private key S-Key paired with the public key P-Key-U of
-You can confirm that you have U.

This public key P-Key-U and secret key S-K
Since only user 1 has ey-U, seller 2 can confirm that user 1 is the sender of the communication message.

The above is the confidentiality of the communication message by the public key method.
It is an authentication method.

After performing the above-mentioned identity verification, the seller 2 confirms with the credit company 3 whether or not credit selling is possible.
That is, in order to prevent the contents from being known to a third party, the seller 2 sends a communication message inquiring to the user 1 as to whether or not the credit sale is allowed, to the public key P-Key of the credit company 3.
-Send by encrypting with C (step S220).

Credit company 3 which received this inquiry
Decrypts the communication message with its own secret key S-Key-C and refers to a database or the like (step S23).
0), the result is encrypted with the public key P-Key-M of the seller 2 and returned (step S240).

The seller 2 responds to this inquiry.
Decrypts it with its own secret key S-Key-M, encrypts the result again with the public key P-Key-U of the user 1, and sends it to the user 1 (step S200).

According to the above method, the contents of the communication message are not known to the third party, and the secret key S-Key of the user 1 is used.
-Seller 2 is safe for User 1 unless U is stolen
Can be confirmed.

However, the private key S-Key- of the user 1
U is usually stored in the computer of user 1 and may be stolen or misused by a third party.

Therefore, various methods for holding and managing the private key in the public key system have been proposed in the past.

As a prior art closest to the technology of the present invention, a concept has been proposed in which a private key is encrypted and stored by a strong method, and a decryption key for decrypting the private key is divided and possessed. .

By doing so, even if a third party steals the encrypted private key, it cannot directly decrypt the private key, so that the private key cannot be decrypted. I have to get it. However, since the decryption key is divided and managed, it is extremely difficult to steal it.

As a method of dividing and managing the decryption key, specifically, a method of dividing the decryption key into an access passphrase and auxiliary information and storing the auxiliary information in an IC card, a fingerprint, a voice, A method has been proposed in which data such as a face is used as auxiliary information for personal identification.

[0027]

However, in the method of dividing the decryption key of the secret key and storing a part of it with the IC card, a person who knows the passphrase in some way can use the IC of the passphrase user. If you steal your card,
It can no longer detect fraudulent authentication.

Further, in the method of using the IC card, there is a possibility that an IC card must be prepared and stored for each communication group under the situation that the number of communication groups is expected to increase in the near future. In that case, it is complicated to manage many IC cards. If a large number of IC cards are lost at one time, the user must notify each communication group of the invalidity of the IC cards, resulting in great confusion.

Further, in the method of storing a part of the decryption key in the IC card, the user must be provided with a dedicated IC card reader, and the IC card reader different depending on the type of IC card must be provided. Considering that it must be done, overall capital investment will increase significantly.

On the other hand, the method of using the fingerprint, voice, face, etc. data as auxiliary information for identifying the person still has the possibility of forging the fingerprint, voice, face, etc. data of the subject by some method.

Further, the point that an auxiliary device for reading and confirming data such as fingerprints, voices, and faces is required is the same as the IC card method.

Therefore, the problem to be solved by the present invention is that the private key cannot be decrypted only with the passphrase of the user, and the remaining part of the decryption key does not exist in the user's personal area. Another object of the present invention is to provide a method for holding and managing an authentication private key having a decryption key that cannot be stolen.

Further, the present invention solves the complexity of the device brought about by the conventional means for authentication such as an IC card and the complicated management that may occur in the future, and the simple decryption can be performed only by the existing computer device. It is intended to realize a key management method.

[0034]

In order to solve the above-mentioned problems, a method for holding and managing a private key according to claim 1 of the present application is a method for holding and managing a private key in secure communication by a public key system, wherein each private key user After the use of the private key, the computer of generates a scramble key from the access passphrase and the predetermined information, encrypts and stores the secret key with the scramble key, and predetermined information for combining the scramble key. , A process of transmitting the access passphrase to the communication partner and deleting it from its own computer, a process of receiving the predetermined information by transmitting an access passphrase to the communication partner at the next use of the secret key, the access passphrase and the predetermined information The process of recovering the scramble key from the It generates a rumble key is characterized in that to perform a process of encrypting and storing the private key.

Next, in the method for holding and managing a secret key according to claim 2 of the present application, in the method according to claim 1, the predetermined information for combining the scramble key with the access passphrase is temporarily generated at the end of use of the secret key. It is characterized by being non-fixed information.

A method for holding and managing a private key according to claim 3 of the present application is the method according to claim 2, wherein the non-fixed information includes a random number generated by a computer of a correspondent, a random input by a keyboard, and a time. It is characterized in that it is composed of any one of the outputs of the function as a factor.

The private key holding and managing method according to claim 4 of the present application is the method according to claim 1, wherein the communication partner for storing the predetermined information for combining the scramble key is any communication partner or information specified by the user. It is a processing device.

[0038]

BEST MODE FOR CARRYING OUT THE INVENTION Next, an embodiment of a method of holding and managing a private key in a public key system according to the present invention will be described below with reference to the accompanying drawings.

FIG. 1 shows the flow of processing of the secret key holding and managing method according to the present invention. The private key holding and managing method of the present invention is based on the "public key" method described above, and the user has a public key open in the communication group and a private key known only to himself.

The private key is encrypted by the method described later and stored in the user's computer or the like. The private key encrypted for this storage will be referred to as a storage private key in distinction from the unencrypted private key.

The private key holding and managing method according to the present invention preferably changes the form and saves the private key each time the private key is used. That is, the stored secret key at the start of use is different from the stored secret key at the start of the previous use. in this case,
Therefore, a different key is used for decrypting the stored private key at the start of use of each private key.

In the method of the present invention, the key for decrypting the stored private key can decrypt the private key as well as the ordinary decryption key, and can also encrypt the private key. The key that can be used for both encryption and decryption will be referred to as a scramble key here in order to distinguish it from a normal decryption key.

In the secret key holding and managing method according to the present invention, the decryption key (corresponding to the scramble key) for decrypting the stored secret key is divided and stored in different places. The characteristic point is that a part of the scramble key does not exist around the user.

Specifically, the user stores only the access passphrase as a part of the scramble key, the remaining part of the scramble key is sent to the communication partner and the communication partner stores it, and when the user uses it, the scramble key is retrieved. To synthesize.

The processing by the method of the present invention will be described below with reference to FIG.
It is explained along. The processing of FIG. 1 is all performed within the user's computer, except for transmission from the communication partner.

First, when the user tries to use the private key, the saved private key is encrypted and saved by the scramble key generated at the end of the last private key use, as described later. . The stored private key at the start of use of this private key is referred to as the stored private key at the start of use in order to distinguish it from the stored private key at the end of use. The scramble key used to encrypt the stored secret key at the start of use, that is, the key for decrypting the stored secret key at the start of use is referred to as a first scramble key.

When attempting to use the private key, the user first inputs the access passphrase into his computer (step S10). This access passphrase is sent to the communication partner through the communication line. At this time, the access passphrase is preferably encrypted by the public key of the communication partner and sent.

The communication partner receiving the access passphrase returns the first random number generated at the end of the previous use, which will be described later, to the user (step S20).

The access passphrase and the first random number are
Each of them constitutes a part of the first scramble key, and the user's computer synthesizes the first scramble key from them (step S30). The first scramble key synthesized here is used for encrypting the secret key at the end of the last use of the secret key.

Next, using the first scramble key, the stored secret key at the start of use is decrypted, that is, unscrambled (step S40).

As a result, an unencrypted private key can be obtained (step S50).

Using this unencrypted private key,
The user can decrypt the ciphertext or encrypt his / her ID information for authentication (step S6).
0).

Here, the secret key is used to identify the user's ID.
The case of encrypting information will be described. In particular,
As described above, the plaintext (text) is added with its own ID information encrypted by the secret key, and the entire communication message including the ID information is encrypted by the other party's public key and transmitted.

Since the communication partner who has received this encrypted communication message can decrypt the communication message encrypted by his / her own (the communication partner here) public key, by his / her own secret key. , Decrypt the communication message using your private key.

However, since the user's ID information encrypted by the user's private key cannot be decrypted by the private key of the communication partner, the communication partner writes the part that could not be decrypted by the user. Further decryption is performed using the public key of.

The user's public key determines the user's ID
When the information is decrypted without error, this ensures that the sender is sure to use the private key paired with the public key, ie the legitimate user.

As a result, the communication partner performs necessary procedures, such as debiting the user's account.

After using the secret key, the computer on the user side generates a second random number (step S7).
0).

The user's computer synthesizes the second scramble key from the second random number and the access passphrase (step S80). Using this second scramble key, the user's computer encrypts the private key (step S90) and saves it as the saved private key at the end of use (step S100). The secret key is encrypted by an encryption method that is almost undecipherable, for example, a method called hashing.

After the storage, the second scramble key is erased.

On the other hand, the second generated in step S70
The random number is encrypted by the public key of the communication partner (step S110) and sent to the communication partner as an encrypted random number (step S120).

The second random number is erased from the user's computer after the encrypted random number is generated.

The second random number sent to the communication partner is decrypted by the communication partner and stored until the next use of the secret key. The second random number stored by this communication partner becomes a part of the key that decrypts the stored secret key of the user.

At the next use of the secret key, the communication partner sends the second random number to the user on the condition of the user's request and the input of the access passphrase. In the flowchart of FIG. 1, the second random number is the first random number when the user uses the next secret key.

The subsequent processing on the user side is the above step S.
The steps 10 to S120 are repeated.

The above is the outline of the method of holding and managing the private key when the private key is continuously used. The first use of the private key is in the middle of the normal processing, that is, in step 7
Processing from 0 may be performed.

That is, when using the secret key for the first time, after using the secret key, the user inputs his or her own access passphrase (step S10), and also generates a second random number by the computer (step S70). To generate a second scramble key (step S80).
From this point onward, the private key is encrypted with the second scramble key (step S90) and saved as the saved private key at the end of use (step S10), as in the case of the above-mentioned normal processing.
0) On the other hand, the second random number is encrypted by the public key of the other party (step S110) and sent to the communication partner as a part of the decryption key when the secret key is used next time (step S12).
0).

By using the private key for the first time, the private key can be retained and managed by normal processing thereafter (steps S10 to S120).

According to the method for holding and managing the private key according to the present invention, the private key can be almost completely prevented from being stolen. This is because a part of the decryption key information does not exist in the user's body.

The stored private key is encrypted by a method that is almost undecipherable such as hashing as described above. Therefore, a third party cannot decrypt the private key even if the stored private key itself is stolen. In order to decrypt this private key, a third party must obtain both the stored private key and the decryption key.

However, according to the method of the present invention, a part of the decryption key corresponding to the first random number and the second random number does not exist in the user's personal area including the file of the user's computer. On the other hand, since the access passphrase is in the user's memory, it cannot be stolen. After all, a third party cannot get the decryption key and therefore the private key.

As a result, stealing and misuse of the authentication private key can be almost completely prevented.

Another feature of the private key holding / management method according to the present invention is that the decryption key for decrypting the stored private key can be an intangible key (access passphrase + random number).

By setting the decryption key to (access passphrase + random number), even if the number of open networks increases, it is possible to simplify and maintain the management of the authentication private key.

That is, for example, in the conventional method of managing a part of the decryption key by the IC card, if the number of communication groups in the open network increases, the number of secret keys and the number of IC cards increase accordingly. To do. Since it is expected that the number of communication groups in the open network will increase drastically in the near future, the conventional IC card method requires possession of a large number of IC cards, which complicates the management thereof.

On the other hand, according to the method of the present invention, a large number of secret keys can be possessed by a single access passphrase and a large number of random numbers. That is, the user can completely manage a large number of decryption keys and secret keys by storing only one access passphrase.

This makes it possible to realize extremely simple and clear possession management of the private key, no matter how many private keys increase.

Furthermore, since the decryption key is intangible, the method of the present invention can simplify various devices for restoring the decryption key, which contributes to simplification of the device. For example, a conventional IC card is used as an authentication auxiliary means, a fingerprint is used as an authentication auxiliary means, and a method in which face data is used as an authentication auxiliary means is an IC card reader, a fingerprint recognition device, or a camera, respectively. Need auxiliary equipment such as.

Providing such an auxiliary device to the computers of all users requires enormous capital investment as a society as a whole, considering the spread of open systems.

On the other hand, according to the method of the present invention, it is sufficient to use the existing computer system, and new capital investment is not required.

Finally, according to the method for holding and managing the authentication private key according to the above embodiment, if the private key is misused,
The user can know that the private key has been stolen.

That is, in the method of the above-described embodiment, a part of the decryption key held by the communication partner changes every time the private key is used. If the private key is stolen in some way and misused, the user will not be able to use the secret key because the decryption key has already been changed by the use of a third party when the user next tries to use it. You can immediately know that the key has been used illegally, and you can take sub-optimal measures.

Considering that the transaction amount per transaction is usually limited in the open network transaction, the method according to the present invention can suppress the damage when the private key is stolen to a certain level or less. Is possible.

With the above, the description of the above embodiment is completed.
The gist of the present invention is not limited to the above-described embodiment, and includes a superordinate concept, replacement of equivalents, and the like. These will be described below.

In the above embodiment, a part of the decryption key is a random number generated by a computer, and the decryption key is changed each time it is used. However, the concept of the higher level of the present invention is to have a part of the decryption key stored by a communication partner, and includes a case where a part of the decryption key always has a fixed shape.

As described above, even with the method of depositing a part of the decryption key with the communication partner, the secret key can be retained and managed with high reliability, and a simple management method of a large number of secret keys and a simple device configuration are provided. Can be realized.

In the above embodiment, a part of the decryption key is a random number generated by the user's computer, but the decryption key is not limited to the random number, and can be information that is temporarily generated. The information that is temporarily generated may be, for example, a random keyboard input by the user, an output of a function that changes with time, or the like.

As a modification of the method in which a part of the decryption key is not placed around the user, for example, instead of sending a part of the decryption key to the communication partner, an information processing device arbitrarily designated by the user, It is also possible to send it to a secure third party information processing device or the like.

Although the above description has been made with the commercial transaction in the open system in mind, the method of the present invention is not limited to the commercial transaction, but can be applied to all communication partner confirmation of communication via a computer. For example, the present invention can be applied to confirmation of the principal in administrative procedures such as issuance of a resident card that will be realized in the future, confirmation of the principal in receiving and transmitting patient data and prescriptions in medical treatment, and the like.

[0090]

As is apparent from the above description, according to the method for holding and managing a private key according to the present invention, the private key cannot be decrypted only by the passphrase of the user, and the private key is decrypted by the user. By making the rest of the activation key nonexistent, it is possible to realize the secure communication by the public key method in the open system in which the private key cannot be stolen or misused.

Further, according to the present invention, the reading device required by the conventional authentication method using an IC card or the like can be omitted, and the existing computer system can be used as it is, and the secure and public key system with a simple device configuration can be used. It is possible to realize secure communication by.

Furthermore, even if the number of secret keys becomes large, it is possible to provide a method of managing and retaining all secret keys by managing a single access passphrase.

[Brief description of drawings]

FIG. 1 is a flowchart showing the flow of processing in a private key holding / management method of the present invention.

FIG. 2 is a flowchart conceptually showing a method of identity verification by a public key method.

[Explanation of symbols]

 1 user 2 seller 3 credit company P-Key- U user's public key S-Key- U user's private key P-Key- M seller's public key S-Key- M seller's private key P-Key- C-credit company public key S-Key- C-credit company private key

Claims (4)

[Claims] 1. A method of holding and managing a private key in secure communication using a public key method, wherein each private key user's computer generates a scramble key from an access passphrase and predetermined information after using the private key, The process of encrypting and storing the secret key with the scramble key, the process of sending predetermined information that synthesizes the scramble key to the other party and causing it to disappear from your computer, and the access pass when you use the secret key next time. A process of receiving the predetermined information by sending a phrase to the communication partner, a process of recovering the scramble key from the access pass phrase and the predetermined information, and a process of decrypting the secret key with the scramble key, and a scramble key after use. It is characterized by performing the process of generating, encrypting and storing the private key, and Retention management method of the secret key. 2. The holding of the private key according to claim 1, wherein the predetermined information for combining the scramble key with the access passphrase is non-fixed information which is temporarily generated at the end of use of the private key. Management method. 3. The non-fixed information comprises any one of a random number generated by a computer of a correspondent, a random input by a keyboard, and an output of a function having time as a factor. How to maintain and manage the private key described. 4. The secret key holding management according to claim 1, wherein the communication partner storing the predetermined information for combining the scramble keys is an arbitrary communication partner designated by the user or an information processing device. Method.