JPH1173103A - Method of controlling encoding and recording medium having recorde program readable by machine - Google Patents

Abstract

PROBLEM TO BE SOLVED: To facilitate searching a decoding key at the time of emergency without decreasing the cipher intensity at the normal time. SOLUTION: A secondary key generating means 6 divides the primary key set 2, which is a candidate key set, into plural subsets according conditional expressions corresponding to individual features such as fingerprints, and generates a secondary key set 7 containing one subset as an encoding key candidate set and another subset as a decoding key candidate set. A key selection means 8 selects a coding/decoding key 9 from a secondary key set 7. A user himself in a standpoint in which he can know an individual feature is able to find the decoding key from the key candidates within a limited range by passing a process similar to the generation process of the decoding key, and this facilitate decoding in such an emergency case as he forgets the decoding key, etc. On the other hand, the cipher intensity is not lowered to a third party who cannot know the individual feature.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an encryption control method, and more particularly to an encryption control method that uses personal characteristics such as fingerprints that strongly depend on individuals to restrict key candidates for information decryption.

[0002]

2. Description of the Related Art In order to prevent data or images from leaking to a third party, a method of encryption is generally used. An encryption key is used for encryption, and the same or different key as the encryption key is used for decryption. The one in which the encryption key matches the decryption key is called a symmetric key encryption system, and the one in which they do not match is called an asymmetric key encryption system. The symmetric key cryptosystem includes DES (Data En
Cryption Standard). Further, among the asymmetric key cryptosystems, those in which the decryption key cannot be easily calculated from the encryption key are called public key cryptosystems, and RSA cryptography is a typical one.

[0003] Since the original purpose of encryption is "to prevent others from seeing", the encryption strength is basically important. For example, in the RSA encryption, the encryption / decryption key pair has two large prime numbers to increase the encryption strength. The large prime number has a length of at least about 256 bits, and in practice, the key length for short-term security recommended by RSA is 768 bits. Generally, it can be considered that the key length is simply increased in proportion to the encryption strength, so that the key length may be set to 1024 bits or more in order to further increase the encryption strength. Therefore, various improved techniques proposed for encryption are mainly intended to further increase the encryption strength.

[0004] However, a high encryption strength may cause a problem on the contrary. For example, if an encrypted document could be evidence of a criminal case, a criminal police or prosecutor would need to decipher it, but because of the high encryption strength, it could not be decrypted and could not be adopted as evidence. Also, if the encrypting party forgets the decryption key for decryption, this is virtually the same situation as losing that information. As described above, there is a problem that the higher the encryption strength, the more practically there is no way to cope with the loss of the decryption key.

As a well-known system for solving this problem, there is a mechanism called a key escrow system or a key escrow. In essence, this means depositing the decryption key itself with the government (or an equivalent third-party credit institution). By doing so, the encrypted information can be forcibly disclosed at any time only when the government or the like approves.

[0006]

However, there is a great danger lurking in a mechanism called a key escrow system or a key escrow. This mechanism works effectively only when the government or the like to whom the key is deposited is truly trustworthy. Therefore, if one step is mistaken, the government or the like will be able to hold all information encrypted by the individual or the like who wants to keep it secret.

SUMMARY OF THE INVENTION It is an object of the present invention to facilitate decryption only in an emergency, without providing the decryption key itself.

[0008] Of course, the decryption can be facilitated by adopting an encryption method that is easy to decipher or reducing the encryption strength by reducing the key length etc. even in an encryption method that can originally achieve strong encryption. The meaning of the encryption itself fluctuates.

Therefore, another object of the present invention is to use a personal characteristic such as a fingerprint which strongly depends on an individual to restrict a key candidate for information decryption. An object of the present invention is to make it easy to decrypt by reducing the encryption strength without impairment and only in an emergency.

As a well-known document which mentions a combination of personal characteristics and encryption, there is JP-A-7-262372. In this document, personal characteristics such as handwritten characters are used as an encryption key and a decryption key. That is, feature parameters are extracted from the handwritten characters, and the feature parameters are used as an encryption key and a decryption key. However, in this technique, if a personal characteristic such as a handwritten character is known to a third party, a decryption key is immediately obtained, and there is a risk that leakage of the personal characteristic directly leads to decryption of encrypted data.

[0011] Therefore, still another object of the present invention is to prevent the leakage of personal characteristics from immediately leading to the decryption of encrypted data.

[0012]

In order to achieve the above object, the present invention uses personal features such as fingerprints that strongly depend on individuals to restrict key candidates for information decryption. Since the personal feature itself is not used as the decryption key only for limiting the key candidates, leakage of the personal feature does not directly lead to decryption of the encrypted data, and is safe. In addition, those who are in a position to be able to know the personal characteristics need only go through the same process as the process of generating the decryption key to find the decryption key from the key candidates within the restricted range. In the event of an emergency such as when the user has forgotten, the decryption becomes easy. Of course, the encryption strength does not decrease for a third party who cannot know the personal characteristics.

In the present invention, first, a primary key set, which is a set of candidate keys, is divided into a plurality of subsets by a conditional expression corresponding to personal characteristics, and one of the subsets is selected. A decryption key for information decryption is selected from one or more keys belonging to the subset. In particular,
A step of determining a personal feature strongly dependent on the individual such as a fingerprint; a step of determining a conditional expression corresponding to the determined individual feature; and a primary key set, which is a set of candidate keys, is divided into a plurality of parts by the conditional expression. Dividing the set into sets and selecting one subset as a set of encryption key candidates for information encryption and another set of subsets as a set of decryption key candidates for information decryption; Selecting an encryption key from the group of candidates and selecting a decryption key from the group of decryption keys; encrypting information using the selected encryption key; and Decrypting the encrypted information using a decryption key.

[0014] In the invention, the primary key set is divided into a plurality of subsets, and one of the subsets is selected.
The conditional expressions corresponding to individual characteristics are stored in a third party organization.

Further, the present invention specifies a group of decryption key candidates by applying a conditional expression corresponding to the personal characteristic used when generating the decryption key to the primary key set used when generating the decryption key. And finding a decryption key from the group by lice.

[0016]

The encryption that is difficult to decrypt means that the key length for encryption is long. A long key length means that there are too many key candidates for decryption and it takes too much time to decipher in a lice-like search. If the number of key candidates is small, decryption is naturally easy. However, reducing the number of key candidates is nothing less than reducing the strength of encryption. In order to avoid this, in the present invention, when selecting a key at the time of encryption, key candidates are narrowed down using a specific conditional expression (the number of candidates is reduced). As this specific conditional expression, for example, a conditional expression corresponding to personal characteristics such as fingerprint information of the person is used. In this way, the encryption strength is maintained as it is for a third party who does not have the same personal characteristics, and the user who can freely use personal characteristics such as fingerprints, or the criminal police organization or prosecutor who can seize this can be decrypted. Becomes easier.

[0017]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Next, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a block diagram showing an example of an encryption control device to which the present invention is applied. The encryption control device 100 of this example includes a primary key generation unit 1, a personal feature information generation unit 3,
It has a numerical table for personal characteristic information 4, a function table for personal characteristic information 5, a secondary key generating means 6, a key selecting means 8, an encrypting means 10 and a decrypting means 11. FIG.
, 2 is a primary key set generated by the primary key generation means 1, 7 is a secondary key set generated by the secondary key generation means 6, 9
Is an encryption / decryption key obtained by the key selection means 8. Reference numeral 12 denotes personal characteristics such as fingerprints, lip prints, and voices, reference numeral 13 denotes a document or the like to be kept secret, and reference numeral 14 denotes an encrypted document or the like.

As an example of implementation of the encryption control device 100,
As shown in FIG. 2C, the system includes a computer system 201 having a CPU and a main memory, a recording medium 202 storing an encryption / decryption program, and a personal characteristic reading device 203 such as a fingerprint reading device. it can. Here, the recording medium 202 is a machine-readable recording medium such as a CD-ROM, a magnetic disk, and a semiconductor memory.
The encryption / decryption program recorded here is read by the computer system 201 and controls the operation of the computer system 201 so that the primary key generation means 1 shown in FIG. Means 3, a numerical table for personal characteristic information 4, a function table for personal characteristic information 5, a secondary key generating means 6, a key selecting means 8, an encrypting means 10 and a decrypting means 11 are realized.

In FIG. 1, the primary key generation means 1 has a function of generating all keys that can be candidates. Specifically, there are a case where all the key candidates are generated and held as the primary key set 2 and a case where the means has the ability to generate an arbitrary key when requested. In any case, the candidate key exists specifically or virtually as the primary key set 2.

The personal characteristic information converting means 3 is a means for converting the personal characteristics 12 into information. In general, humans have characteristics that identify individuals that are scientifically distinct from others. The finger fingerprint shown in FIG. 2 (a) is the most well-known, and is mainly useful widely in criminal investigations. For the same purpose, lip pattern (lip pattern),
There is also a voice pattern (voiceprint) schematically shown in FIG. In recent years, DNA and the like have also reached a level that can be put to practical use as a feature for personal identification, and are also useful for finding close relatives such as residual orphans. All of these indicate that these personal characteristics are clearly categorized according to scientific evidence and are clearly distinguished from others. In fact, in the case of fingerprints, there are various types of fingerprints, such as a bow-shaped print, a wedge-shaped print, a spiral print, a deformed print, a damaged print, an incomplete print, and a missing print. In addition, the Rochelle method, the Henry method, the Wesech method, and the like are known as fingerprint classification methods, and the adopted method differs in each country of the world. NEC Corporation also has a fingerprint collation system as a fingerprint system, which is in practical use. In the present specification, such features as fingerprints, lip prints, and voice prints that strongly depend on the individual are referred to as individual characteristics. The means for converting the personal characteristics into information is the personal characteristic information converting means 3. For example, it is assumed that a certain fingerprint of a specific person is classified and categorized into a type A. The means for converting the information from "fingerprint to A type" is the personal characteristic information converting means 3.

The secondary key generation means 6 converts the enormous number of primary key sets 2 which are generally key candidates into individual characteristic information conversion means 3.
This is a means for narrowing down by a conditional expression corresponding to the personal feature 12 that has been computerized in the above. Specifically, a secondary key set 7 including an encryption key candidate group that is one of the true subsets of the primary key set 2 and a decryption key candidate group that is also one of the true subsets of the primary key set 2 Generate When a symmetric key cryptosystem in which the encryption key and the decryption key are the same is used, only one true subset is obtained.

In the present embodiment, the conditional expression is a function table 5 for personal characteristic information that stores personal characteristics and functions in association with each other, and associates the personal characteristics with actual numerical values such as constant terms in the functions. It is generated using the personal characteristic information numerical value table 4 that is held by the user. That is, assuming that a fingerprint is used as the personal feature, if the personal feature information generating means 3 determines that the fingerprint is of type A, for example, the function corresponding to the type A and the numerical value used for the parameter of the function are used as the personal feature information function. The conditional expression for narrowing down the primary key set 2 is completed by reading out from the table 5 and the numerical table for personal characteristic information 4 and applying the numerical value to the constant term and the like of the function. Is applied to the primary key set 2 to narrow down candidates for encryption keys and decryption keys.

Here, the contents of the numerical table for personal characteristic information 4 and the function table for personal characteristic information 5 are provided to a reliable third party and managed by the same. In addition, a plurality of personal characteristic information numerical tables 4 and personal characteristic information function tables 5 may be prepared in advance, and may be switched and used, for example, at the time of use. Notify the third party of this fact. The supply of the contents of the personal characteristic information numerical value table 4 and the personal characteristic information function table 5 also means the supply of what is used as the personal characteristic.

The key selecting means 8 is a means for selecting an encryption key from a group of encryption keys in the secondary key set 7 and selecting a decryption key from the group of decryption keys. The encryption / decryption key 9 is the key selected in this way. In general, even if it is a true subset of the primary key set 2, it is considered that there are too many key candidates for humans to handle, and if humans arbitrarily select keys, bias may occur. In order to eliminate these biases, the key selection means 8 may select the encryption / decryption key 9 at random, for example.

The encryption means 10 is means for encrypting plaintext, image data, and the like, using the encryption key of the encryption / decryption key 9 selected by the key selection means 8.

Conversely, the encrypted document or the like is sent to the key selecting means 8.
The means for decrypting using the decryption key of the encryption / decryption key 9 selected by the above is the decryption means 11. At the time of decryption, it is natural that there is a decryption operation performed using a normal decryption key. However, in the present embodiment, by performing the procedure of finding the true subset of the primary key set 2 from the personal characteristics again, the candidates for the decryption key can be narrowed. That is, even if it is practically impossible to search for a decryption key from the entire primary key set 2, according to the present embodiment, decryption of the encrypted data is practically possible.

Next, the operation of the present embodiment configured as described above will be described in detail with reference to FIGS.

The user selects an encryption method in consideration of the purpose and the characteristics of each encryption method in order to encrypt data such as a document or an image to be encrypted. When the encryption method is determined, the conditions for the encryption / decryption key are determined. For example, in the case of the RSA encryption, the encryption / decryption key must be “a large prime number”. As shown in FIG. 3, therefore, in the case of the RSA encryption, specifically, the primary key generation means 1 is a prime number generation means, and the primary key set 2 is a set of prime numbers. The primary key set 2 may be a set of specifically generated (for example) prime numbers, but if a numerical value is arbitrarily specified, if it is clear whether or not it belongs to the primary key set 2, (If it is a prime number generated by the primary key generation means 1), it may be that it exists virtually.

As described above, in the case of a fingerprint, if the method is determined, the fingerprint at the fingertip of an individual can be collected and classified accordingly. As described above, a fingerprint reading apparatus that automates this is already in practical use. Associate a fingerprint with the corresponding pattern,
It is the personal characteristic information conversion means 3 that specifies the numerical values and functions from the personal characteristic information numerical value table 4 and the personal characteristic information function table 5. Specifically, when the Rochelle method is selected as the fingerprint classification method and the case of an arched pattern is assumed to be type A, the numerical value prepared in advance in the numerical table for personal characteristic information 4 corresponding to this type A is Similarly, a function prepared in advance in the function table for personal characteristic information 5 corresponding to the type A is specified.

As an extremely simple example, the function corresponding to the type A in the function table 5 for personal characteristic information is a function f (x) = x + a mod 5 SELECT encryption key candidate group FROM remainder 0 SELECT decryption key candidate group FROM remainder 1 and the numerical value corresponding to the type A in the personal characteristic information numerical value table 4 is 123, this 123 is converted to a function f
To complete the function f (x). The meaning of the function f (x) after completion is represented by a value obtained by dividing a value obtained by adding 123 to each numerical value x in the primary key set 2 by 5, and
The remainder is classified into five subsets of 0, 1, 2, 3, and 4,
A subset with a remainder of 0 is selected as an encryption key candidate group, and a subset with a remainder of 1 is selected as a decryption key candidate group. Therefore,
This function f (x) acts as the secondary key generation means 6.

When a secondary key set 7 including an encryption key candidate group and a decryption key candidate group is generated by the secondary key generation means 6, the key selection means 8 next generates an encryption key from the encryption key candidate group. Is selected, and a decryption key is selected from the decryption key candidate group.

The encryption of the target data is performed using the encryption key of the encryption / decryption key 9 selected lastly by the encryption means 1.
Perform at 0. The above is the steps up to data encryption.

On the other hand, when decrypting the encrypted data,
Normally, the user uses a decryption key. However, it is assumed that the user wants to disclose the decryption key with urgent requirements, such as when the user forgets the decryption key, in an unexpected accident, or when he / she wants to decrypt it as evidence in a criminal investigation. However, it is not considered that encrypted data using a sufficient key length can be decrypted at least within a valid time in accordance with an encryption method having a high encryption strength. However, according to the present embodiment, there is a step of limiting the primary key set 2 behind the selection of the encryption / decryption key 9 in the first place. What this means is that by following the same procedure that determined the encryption / decryption key 9, at least the vast number of key candidates in the primary key set 2 are found in the forgotten decryption key. That is, there is no need to target them. Even if a key corresponding to a decryption key is searched for from a true subset of the restricted primary key set 2 by lice crushing, this can be found within a valid time. Conversely, the secondary key generation means 6 is designed so that even if a key corresponding to a decryption key is searched for from the true subset of the restricted primary key set 2 by lice, it can be resolved within a valid time. Must be set in advance.

It should be particularly noted that it is basically very difficult for anyone other than the principal to find a candidate decryption key from the primary key set 2. The first point is that only the individual user knows what personal characteristics are used. Second, personal characteristics cannot be imitated by others, and fingerprint information such as fingerprint information is generally unknown to others. Thirdly, it may not be easily known what specific values are used as the numerical table 4 for personal characteristic information and the function table 5 for personal characteristic information. Because of the above three circumstances, even if it is specifically known what was used as the personal characteristic or what was used as the numerical table 4 for personal characteristic information and the function table 5 for personal characteristic information, It is difficult to decrypt the encrypted data itself. that is,
This is because the final personal information is still held by the user himself. In the case of criminal investigations above, the seizure of personal characteristics such as fingerprints opens the way for decryption for the first time. Normally, it is unlikely that personal characteristics are forcibly submitted in this way, so that the encryption strength does not decrease.

Therefore, even if the government or a third credit institution manages what is used as the personal characteristic, or what is used as the numerical table 4 for personal characteristic information and the function table 5 for personal characteristic information, it is necessary to use cryptography. Individuals can be relieved without violating privacy such as inadvertent decryption. This is an important feature of the present invention, which is different from the method of distributing the key itself, as seen in a key escrow or a key escrow system. This is because, in the present invention, even if the user is notified of which personal feature was used and the numerical table 4 for personal characteristic information and the function table 5 for personal characteristic information, it does not directly lead to the decoding of data.

[0037]

Next, an embodiment of the present invention will be described in detail with reference to FIGS. In this embodiment, a fingerprint is used as an individual feature, and RS is used as an encryption method.
This is the case where the A cipher is used. In the following embodiment, an extremely short key length that is not used in an actual situation is taken up, but this is for convenience of explanation.

According to FIG. 5, when the RSA encryption is selected as the encryption method, it is necessary to use a "large prime number" for the encryption / decryption key. A large prime number means a prime number of 256 bits or more. More bits in actual scenes, 1
It can be a prime number having a size of about 024 bits. In any case, since the description cannot be used with such a bit number, the number of bits is extremely reduced, and the description proceeds with 5 bits. Since 2 to the fifth power is 32, it is a prime number from 1 to 32, such as "1, 2, 3, 5, 7, 11, 13, 17, 17,
19, 23, 29 "are encryption / decryption key candidates (primary key set). The purpose of the present embodiment is to show that the present invention is actually realized. This one
From one numerical value, it is easy to select an encryption / decryption key and even try to crush the lice to decrypt the encrypted data. Have difficulty. By the way, the prime number is extracted from the range suitable for the bit length according to the requirements of the RSA encryption. The operation up to this point is the operation of the primary key generation means 1. Although the algorithm of the prime number extraction is not particularly specified in the present invention, it is performed using the Rabin method or the like. An example of the primary key set 2 thus obtained is the 11 prime numbers described above.

Next, a function and a numerical value are derived from individual characteristics. As described above, there are various classification methods for fingerprints, which have been put to practical use. There are fingerprint readers used for personal authentication. In principle, the fingerprint pattern is read and categorized according to the classification. The present embodiment is not related to the fingerprint collation or the type of the fingerprint as a result. What is important is the fact that it can be classified into a certain type by a given method. As long as an arbitrary fingerprint pattern is classified into a specific type, and all the types are known, a numerical table 4 for personal characteristic information and a function table 5 for personal characteristic information described below can be created. The function table 5 for personal characteristic information has functions corresponding to fingerprint patterns. The numerical value of the personal characteristic information numerical value table 4 is used for a constant term of a function of the personal characteristic information function table 5 and the like. Therefore, for example, when a fingerprint pattern of a certain user is examined by a fingerprint reader or the like (), it is assumed that the fingerprint pattern is classified as type A by the Rochelle method (). It is assumed that a numerical value “1” corresponding to the fingerprint pattern is prepared in the personal characteristic information numerical value table 4 for the pattern of type A (). In addition, for the pattern of type A, the function table for personal characteristic information 5 includes a function “x + a mod 3, SELECT” corresponding to the fingerprint pattern.
T encryption key candidate group FROM remainder 0, SELECT
It is assumed that a decryption key candidate group FROM remainder 2 "has been prepared (). When the numerical value “1” obtained from the personal characteristic information numerical value table 4 is substituted into the constant term “a” of the function obtained from the personal characteristic information function table 5, the function “f (x) = x + 1 m”
odd 3, SELECT encryption key candidate group FROM remainder 0, SELECT decryption key candidate group FROM remainder 2 "is obtained (). Numerical table 4 for personal characteristic information
And the function of the personal characteristic information function table 5 are preferably changed periodically or as needed. By doing so, operation can be performed without reducing the encryption strength.

Next, the function "f (x) = x + 1 mo"
d 3, SELECT encryption key candidate group FROM remainder 0, SELECT decryption key candidate group FROM remainder 2 "
Is used to generate a secondary key set 7 from the primary key set 2.
By substituting each element of the primary key set 2 into x of the function f (x) and calculating, it is understood that the primary key set 2 is divided into three true subsets as shown in FIG. These three true subsets are actually quite biased and do not seem to be appropriate in practice, but this is what the previous setting of the function f (x) does. The reason that the bias can be reduced is that the first half of the function f (x) is actually a function known as a hash function, and there are many studies for setting a function that reduces the bias. It is.

Next, SELECT in the latter half of the function f (x)
By the function, of the true subsets generated above,
The true subset corresponding to the remainder 0 is selected as an encryption key candidate group, and the true subset corresponding to the remainder 2 is selected as a decryption key candidate group. That is, any one of “2, 5, 11, 17, 23, 29” becomes the encryption key (). Further, any one of “1, 7, 13, 19” becomes a decryption key (). The procedure for generating the secondary key set 7 including the encryption key candidate group and the decryption key candidate group described above is included in the secondary key generation means 6 ().

By the above description, the true subset of the primary key set 2 from which the encryption / decryption key 9 can be selected has been specified. The key selection unit 8 actually selects an encryption key and a decryption key from the true subset. This can be a random selection by computer. If it is not known that the candidates for the encryption / decryption key 9 have been narrowed down from the primary key set 2 by the route from the fingerprint information, the operation of the key selecting means 8 to select the encryption / decryption key 9 is simply the primary key set 2 Note that this is no different from randomly selecting from a set with a large number of elements. In the present embodiment, since f (x) is biased, the explanation is not sufficient, but f (x)
If a hash function excellent in is selected, it is no different from simply selecting a primary key set 2 randomly from a set having a large number of elements.

The encryption means 10 is a means for executing a specific procedure for performing encryption using the encryption / decryption key 9. In the case of the present embodiment, the algorithm itself is the RSA encryption algorithm. Since the algorithm itself is a well-known technique, a detailed description is omitted.

The usual method for decrypting the encrypted data is to apply the decryption key of the encryption / decryption key 9 and decrypt it. The decoding means 11 naturally performs a decoding operation according to this procedure. Since the decoding algorithm itself is a well-known technique, a detailed description is omitted. The present invention is effective when the decryption key is forgotten or lost, or when decryption is forcibly required. If a decryption key cannot be obtained, a matching key must be searched for in the entire primary key set 2. The investigation of the entire primary key set 2 remains the same whether it is a lice-killing method or a method of searching for a condition with some other conditions. If you're lucky, you'll find it in the first try, and in the worst case, you'll find the last key. In this embodiment, the search is performed from 11 numerical values corresponding to the entire primary key set 2. If there are only 11 key candidates in this way, there is no need to worry, and even if a brute force search is performed, it can be solved in a short time. However, in the actual case, the key candidates are enormous, and using the fastest computer is not a very real time solution. In fact, it is the opposite of the argument, and the fact that there are too many key candidates means that the cryptography in the first place has high reliability (that is, high cryptographic strength). Because of this background, the ability to restrict key candidates directly leads to weak encryption, which is extremely dangerous.

However, the present invention has a feature that, in the normal case, the encryption strength does not need to be reduced by using the personal feature with respect to the key candidate restriction. Personal characteristics such as fingerprints are impossible or extremely difficult to be imitated by others. Therefore, even if the user of the cryptography narrows the key candidates using the personal characteristics, it does not lead to others to narrow down the key candidates from the entire primary key set 2. As has already been seen in this embodiment, for the user himself or for a person who can use the personal characteristics and the used conditional expression, the candidate for the decryption key is "1, 7, 13, 1".
There are only four of "9". Even if it is difficult to extract the decryption key from the entire primary key set 2, if the primary key set 2 is extracted from the set after being restricted by the personal characteristics as shown in the present embodiment, the decryption key is extracted. Searching becomes extremely easy. Again, only those who can take advantage of personal characteristics can benefit from candidate restrictions on decryption keys. The “persons in a position where personal characteristics can be used” include those who use the encryption and those who can forcibly collect personal characteristics. The decryption means 11 includes a procedure for finding a decryption key from the decryption keys thus restricted and decrypting the encrypted data. The "method of finding the decryption key from the restricted decryption key" is, as described in the present embodiment,
The purpose is to find a restricted decryption key candidate group in the primary key set 2 from personal characteristics, and to find out a decryption key from this key candidate group by, for example, lice crushing.

According to the above procedure, a person who is in a position where personal characteristics cannot be obtained (usually all except the cipher user) keeps high encryption strength, and only a person who can use personal characteristics is not. The strength of the decryption key can be reduced.

In the above description, a fingerprint is mainly taken as an individual feature, but a pattern (lip print) engraved on a lip, a voice pattern (voice print), DNA, or the like can be used as an individual feature.

Although the RSA encryption method has been mainly described as the encryption method, any encryption method may be used in the present invention. Therefore, an encryption method in which the encryption key and the decryption key match may be used.

Although a computer system is used for key generation, encryption / decryption, key selection, and the like, it may be performed manually.

Regarding generation of prime numbers and the like described in the embodiment,
Any algorithm can be applied.

In the embodiment, it is assumed that all the procedures are managed by the cryptographic user himself, but may be managed by a trusted third party.

The numerical table 4 for personal characteristic information and the function table 5 for personal characteristic information may be arbitrarily selected and used by switching depending on the use period or the like.

Depending on how the personal characteristic information numerical value table 4 and the personal characteristic information function table 5 are set, the restriction of the primary key set 2 may or may not be subdivided. That is, the number of encryption / decryption key 9 candidates can be increased or decreased. If the number of candidates for the encryption / decryption key 9 is increased, the encryption strength can be set to a higher level even in a situation where a personal characteristic is forcibly taken by a third party. If the number of encryption / decryption key 9 candidates is reduced, the decryption key search becomes easy in an emergency. How to set the personal characteristic information numerical table 4 and the personal characteristic information function table 5 is left to the user or the administrator of the personal characteristic information numerical table 4 and the personal characteristic information function table 5.

[0054]

The first effect is that the encryption strength can be reduced only in a special case such as when the decryption key is lost without reducing the encryption strength within the range of normal operation. The reason is that, since personal characteristics such as fingerprints are added to the selection of a decryption key candidate, only those who can obtain personal information can reduce the encryption strength. Usually, the personal characteristics are not known to others, so the encryption strength does not decrease.
However, in the case where the decryption key is lost by the encryption user himself / herself and the user himself / herself wants to decrypt the decryption key, the decryption key candidates are narrowed down by using his / her own personal characteristics, and it becomes easy to find the decryption key.

The second effect is that the security of key management is higher than that of a key escrow or key escrow system in which a decryption key itself is submitted and managed.
The reason is that the key escrow or key escrow system requires the premise that the depository of the key must be trustworthy now and in the future, and this assumption is absolutely broken because it directly leads to privacy infringement. It must not be. Another reason is that if the key escrow or the key escrow system itself is broken, the encrypted data will be immediately decrypted because the key itself is deposited.

A third effect is that even if personal characteristic information serving as a base of a decryption key created by applying the present invention is provided to a third party, it does not directly lead to decryption of encrypted data. No. The reason is that in a key escrow or key escrow system that deposits the key itself, the encrypted data is immediately decrypted when the system itself is broken, but in the present invention, only a decryption key candidate is obtained, This is because there is time left before the decryption to make the encrypted information itself meaningless. "To make the encrypted information itself meaningless" means to re-encrypt the encrypted data with another encryption key or to declare that the current encrypted data is invalid (Invalidation of credit card numbers etc. is an example).

As a fourth effect, there is no security cost. The reason for this is that the cost of maintaining personal characteristics safely is generally considered to be close to zero, so that there is no cost other than the cost of managing the encryption / decryption key 9.

A fifth effect is that reproducibility of decryption of encrypted data is high. "High reproducibility of decryption of encrypted data" means that encrypted data can be decrypted many times over a long period of time. The reason is that personal characteristics such as fingerprints have a characteristic that they do not change throughout their lives. Therefore, it is possible to decrypt the code until the user of the cryptosystem dies (or even after dying if personal characteristics remain).

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating an example of an encryption control device to which the present invention has been applied.

FIG. 2 is a diagram showing an example of personal features used in the present invention and an example of a computer system for implementing the present invention.

FIG. 3 is a diagram showing a process up to generation of a secondary key set.

FIG. 4 is a diagram showing selection and use of an encryption / decryption key.

FIG. 5 is a diagram illustrating an example of generating a primary key set in the case of RSA encryption and an example of determining a conditional expression for generating a secondary key set.

FIG. 6 is a diagram illustrating an example of generating a secondary key set from a primary key set by applying a conditional expression.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 ... Primary key generation means 2 ... Primary key set 3 ... Personal characteristic information formation means 4 ... Numeric table for personal characteristic information 5 ... Function table for personal characteristic information 6 ... Secondary key generation means 7 ... Secondary key set 8 ... Key Selection means 9 ... Encryption / decryption key 10 ... Encryption means 11 ... Decryption means 12 ... Personal characteristics 13 ... Documents and the like to be kept secret 14 ... Encrypted documents and the like 100 ... Encryption control device 201 ... Computer system 202 ... Recording medium 203: personal characteristic reading device

Claims (6)

[Claims] 1. An encryption control method comprising using personal characteristics such as fingerprints which strongly depend on an individual for limiting key candidates for information decryption. 2. A primary key set, which is a set of candidate keys, is divided into a plurality of subsets by a conditional expression corresponding to personal characteristics, and one of the subsets is selected. An encryption control method, wherein a decryption key for information decryption is selected from one or more keys belonging to the encryption control method. 3. A step of obtaining a personal characteristic strongly dependent on an individual such as a fingerprint, a step of determining a conditional expression corresponding to the obtained personal characteristic, and a primary key set which is a set of candidate keys, And selecting one of the subsets as an encryption key candidate group for information encryption and the other subset as a decryption key candidate group for information decryption. Selecting an encryption key from the group of encryption key candidates and selecting a decryption key from the group of decryption key candidates; andencrypting information using the selected encryption key. Decrypting the encrypted information using the selected decryption key. 4. The method according to claim 1, wherein the primary key set is divided into a plurality of subsets, and one of the subsets is selected. The conditional expression corresponding to personal characteristics is stored by a third party. 4. The encryption control method according to claim 2, wherein: 5. A decryption key candidate group is specified by applying a conditional expression corresponding to a personal characteristic used at the time of generation of a decryption key to a primary key set used at the time of generation of a decryption key. 5. The encryption control method according to claim 4, further comprising the step of finding a decryption key by crushing lice. 6. A computer, comprising: a step of obtaining a personal characteristic such as a fingerprint which strongly depends on an individual; a step of determining a conditional expression corresponding to the obtained personal characteristic; and a step of determining a primary key set which is a set of candidate keys. Divided into a plurality of subsets by the above conditional expression, and one of the subsets is selected as an encryption key candidate group for information encryption, and the other subset is selected as a decryption key candidate group for information decryption. Selecting an encryption key from the group of encryption key candidates and selecting a decryption key from the group of decryption key candidates; and encrypting information using the selected encryption key. And a machine-readable recording medium storing a program for executing the step of: decrypting the encrypted information using the selected decryption key.