|
|
|
| United States Patent | 6351536 |
| Link to this page | http://www.wikipatents.com/6351536.html |
| Inventor(s) | Sasaki; Minoru (c/o Pumpkin House Incorporated, Amenityhill-Honatsugi 717, 1620-1, Iiyama, Atsugi-shi, Kanagawa 243-0213, JP) |
| Abstract | A key used for deciphering ciphertext is safely transmitted, to establish
simple encryption communication. A transmitter and a receiver are
connected through a network such that they can communicate with each
other. In the transmitter, plaintext is enciphered using a common key.
Ciphertext, together with a key generation program in a public-key
cryptosystem, is transmitted from the transmitter to the receiver. In the
receiver, a pair of a public key and a secret key is generated in
accordance with the key generation program, the public key is transmitted
to the transmitter, and the secret key is held in the receiver. In the
transmitter, the common key is enciphered using the public key transmitted
from the receiver. An enciphered common key transmitted to the receiver is
deciphered using the held secret key. The ciphertext is deciphered using
the deciphered common key. |
|
|
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 6351536 |
|
|
Encryption network system and method |
|
| Inventor |
Sasaki; Minoru (c/o Pumpkin House Incorporated, Amenityhill-Honatsugi 717, 1620-1, Iiyama, Atsugi-shi, Kanagawa 243-0213, JP) |
|
|
|
| Publication Date |
February 26, 2002 |
|
|
|
|
|
| Filing Date |
September 29, 1998 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Priority Data |
Oct 01, 1997[JP]9-283158 |
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
References |
|
|
| *references marked with an asterisk below are user-added references |
 |
U.S. References |
|
|
|
 |
|
|
|
U.S. References |
|
|
|
Foreign References |
|
|
|
|
|
|
|
|
Foreign References |
|
|
|
Other References |
|
|
|
|
|
|
|
|
Other References |
|
|
|
|
|
|
|
References |
|
|
|
|
|
|
| Market Size |
|
Estimate the gross annual revenues of the relevant market
sector:
|
| | |
| |
|
|
| Market Share |
|
Estimate the percentage of the relevant market sector this invention will capture:
|
| | |
| |
|
|
| Reasonable Royalty |
|
What percentage of gross sales should the inventor or assignee be paid?
|
| | |
| |
|
|
|
Public's "Guesstimation" of Royalty Value
|
| Market Size | N/A | [No votes] | | x | Market Share | N/A | [No votes] | | x | Reasonable Royalty | N/A | [No votes] |
| | N/A | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Market Review |
|
|
|
Technical Review |
|
|
|
Claims |
|
|
What is claimed is:
1. A method of transmitting ciphertext from a first device to a second
device which is connected to the first device by a network, and
deciphering the ciphertext in the second device, comprising:
the step of transmitting the ciphertext and an identifier thereof from the
first device to the second device;
the step in the second device of generating, in accordance with a first key
generation program for generating a pair of a first public key and a first
secret key in a first public-key cryptosystem, the pair of the first
public key and the first secret key, and holding the generated first
secret key in correspondence with the identifier;
the step of transmitting the generated first public key and the identifier
from the second device to the first device;
the step in the first device of enciphering information relating to the
decryption of the ciphertext using the received first public key, and
transmitting the enciphered information and the identifier to the second
device; and
the step in the second device of deciphering the received enciphered
information using the first secret key, which corresponds to the received
identifier, of the held first secret keys, and deciphering the ciphertext
utilizing the deciphered information.
2. The enciphering method according to claim 1, wherein
the information relating to the decryption of the ciphertext is a common
key for enciphering plaintext to generate the ciphertext.
3. The enciphering method according to claim 1, wherein
the information relating to the decryption of the ciphertext is a secret
key for plaintext corresponding to a public key for plaintext for
enciphering plaintext to create the ciphertext.
4. The enciphering method according to claim 1, wherein the information
relating to the decryption of the ciphertext is a second secret key
corresponding to a second public key in a second public-key cryptosystem
used for enciphering a common key for enciphering plaintext to create the
ciphertext, comprising:
the step of transmitting the common key which has been enciphered by the
second public key from the first device to the second device; and
the step in the second device of deciphering the received enciphered
information using the first secret key to obtain a second secret key, and
deciphering using the second secret key the common key enciphered by the
second public key.
5. The enciphering method according to claim 1, wherein the information
relating to the decryption of the ciphertext is a second secret key
corresponding to a second public key in a second public-key cryptosystem
used for enciphering a secret key for plaintext corresponding to a public
key for plaintext for enciphering plaintext to create said ciphertext,
comprising:
the step of transmitting the secret key for plaintext which has been
enciphered by the second public key from the first device to the second
device; and
the step in the second device of deciphering the received enciphered
information using the first secret key to obtain a second secret key, and
deciphering using the second secret key the secret key for plaintext
enciphered by the second public key.
6. The enciphering method according to claim 1, wherein
the first key generation program, together with the ciphertext and the
identifier, is transmitted from the first device to the second device.
7. The enciphering method according to claim 1, comprising the step of
comparing, in the first device, an address assigned to the second device
included in transmission data including the first public key and the
identifier which are transmitted from the second device to the first
device with an address assigned to the second device which is used when
the ciphertext is transmitted from the first device to the second device,
and transmitting the enciphered information and the identifier from the
first device to the second device when the addresses coincide with each
other.
8. The enciphering method according to claim 1, wherein
at least one of transmission data including the ciphertext, the enciphered
information and the identifier which are transmitted from the first device
to the second device and the transmission data including the first public
key and the identifier which are transmitted from the second device to the
first device is transmitted with it being included in a file attached to
an electronic mail.
9. The enciphering method according to claim 1, wherein
an instruction to execute the first key generation program is described on
a web page provided in the second device, and
the second device generates the pair of the first public key and the first
secret key in accordance with the instruction to execute the first key
generation program when the first device accesses the web page provided in
the second device.
10. The enciphering method according to claim 1, wherein
a program for enciphering the information relating to the decryption of the
ciphertext using the first public key is held in the second device, and
the first device accesses said program which is held in the second device.
11. The enciphering method according to claim 1, wherein
an address, in a network, assigned to a file of the second device storing a
program for enciphering the information relating to the decryption of the
ciphertext using the first public key is described on the web page
provided in the second device, and
the first device accesses the second device to fetch the web page, and
further accesses the address in the network described on the web page to
fetch the program.
12. The enciphering method according to claim 1, further comprising
the step in the second device of compressing the transmission data
including the first public key and the identifier which are transmitted
from the second device to the first device, enciphering the compressed
transmission data using the first secret key to create an authenticator,
and transmitting the authenticator and the transmission data to the first
device, and
the step in the first device of compressing the transmission data, to check
whether or not the compressed transmission data is the same as one which
has been obtained by deciphering the authenticator using the first public
key.
13. A method in which a first device, a second device and a third device
which are connected by a network are capable of communicating with one
another, to transmit ciphertext from the first device to the second
device, and decipher the ciphertext in the second device, comprising:
the step in the third device of generating a pair of a first public key and
a first secret key in a first public key cryptosystem, and holding the
generated first secret key and an identifier thereof;
the step of transmitting the first public key and the identifier from the
third device to the first device;
the step in the first device of creating the ciphertext using the received
first public key to transmit the ciphertext and the identifier thereof to
the second device;
the step in the second device of generating, in accordance with a second
key generation program for generating a pair of a second public key and a
second secret key in a second public-key cryptosystem, the second public
key and the second secret key, and transmitting the generated second
public key and the identifier to the third device;
the step in the third device of enciphering the first secret key, which
corresponds to the received identifier, of the held first secret keys
using the received second public key, and transmitting the enciphered
first secret key and the identifier from the third device to the second
device; and
the step in the second device of deciphering the received enciphered first
secret key using the second secret key corresponding to the received
identifier, and deciphering the ciphertext using the deciphered first
secret key.
14. A method in which a first device, a second device and a third device
which are connected by a network are capable of communicating with one
another, to transmit ciphertext from the first device to the second
device, and decipher the ciphertext in the second device, comprising:
the step of transmitting a first key generation program for generating a
pair of a first public key and a first secret key in a first public-key
cryptosystem from the third device to the first device in response to a
request from the first device;
the step in said first device of generating the pair of the first public
key and the first secret key in accordance with said received first key
generation program, holding the generated first secret key and an
identifier thereof, creating the ciphertext using the first public key,
and transmitting the ciphertext and the identifier to the second device,
the step of transmitting a second key generation program for generating a
pair of a second public key and a second secret key in a second public-key
cryptosystem from the third device to the second device in response to a
request from the second device;
the step in the second device of generating the pair of the second public
key and the second secret key in accordance with the received second key
generation program, and holding the generated second secret key in
correspondence with the identifier transmitted from the first device;
the step of transmitting the generated second public key and the identifier
from the second device to the first device;
the step in the first device of enciphering the first secret key, which
corresponds to the received identifier, of the held first secret keys
using the transmitted second public key, and transmitting the enciphered
first secret key, together with the identifier, to the second device; and
the step in the second device of deciphering the received enciphered first
secret key using the second secret key corresponding to the received
identifier, and deciphering the ciphertext using the deciphered first
secret key.
15. The enciphering method according to claim 13, further comprising the
step of
transmitting, together with the program for encryption or decryption which
is transmitted from the third device to the first device and the second
device, a program for eliminating the programs, and eliminating the key
generation program or the program for encryption or decryption by the
program for elimination, after performing encryption processing and
decryption processing in the first device and the second device.
16. A method of transmitting ciphertext from a first device to a second
device which is connected to the first device by a network, and
deciphering the ciphertext in the second device, comprising:
the step of transmitting a key generation program for generating a pair of
a public key and a secret key in a public-key cryptosystem, together with
an identifier, from the first device to the second device;
the step in the second device of generating the pair of the public key and
the secret key in accordance with the received key generation program,
holding the generated secret key in correspondence with the identifier,
and transmitting the generated public key, together with the identifier,
to the first device;
the step in the first device of generating enciphered information using the
received public key, to transmit the generated enciphered information,
together with the identifier, to the second device; and
the step in the second device of deciphering the received enciphered
information using the secret key, which corresponds to the received
identifier, of the held secret keys.
17. The enciphering method according to claim 16, wherein
the enciphered information is ciphertext obtained by enciphering plaintext
using the public key.
18. The enciphering method according to claim 16, wherein
the enciphered information is an enciphered key obtained by enciphering a
common key used for creating the ciphertext using the public key, and
the first device transmits the key generation program, together with the
created ciphertext, to the second device.
19. A first device, in a cipher network system, connected to a second
device by a network for transmitting to the second device ciphertext to be
deciphered in the second device, comprising:
first transmitting means for transmitting the ciphertext and an identifier
thereof to the second device;
receiving means for receiving, in a pair of a first public key and a first
secret key in a first public key cryptosystem which have been generated in
the second device, the first public key and the identifier thereof from
the second device;
enciphering means for enciphering information relating to the decryption of
the ciphertext using the received first public key; and
second transmitting means for transmitting the enciphered information and
the identifier to the second device.
20. The first device in the cipher network system according to claim 19,
further comprising
third transmitting means for transmitting to the second device a first key
generation program for generating the pair of the first public key and the
first secret key in the first public-key cryptosystem.
21. A second device, in a cipher network system, connected to a first
device by a network for deciphering ciphertext transmitted from the first
device, comprising:
first receiving means for receiving the ciphertext transmitted from the
first device and the identifier;
key generating means for generating, in accordance with a first key
generation program for generating a pair of a first public key and a first
secret key in a first public key cryptosystem, the pair of the first
public key and the first secret key;
holding means for holding the generated first secret key and the identifier
thereof;
first transmitting means for transmitting the generated first public key
and the identifier to the first device;
second receiving means for receiving information relating to the decryption
of the ciphertext which has been enciphered using the first public key in
the first device and the identifier;
first deciphering means for deciphering the received enciphered information
using the first secret key, which corresponds to the received identifier,
of the held first secret keys; and
second deciphering means for deciphering the ciphertext utilizing the
deciphered information.
22. The second device according to claim 21, further comprising
second transmitting means for transmitting to the first device an
encryption program for enciphering plaintext in the first device to
generate the ciphertext and a public key system encryption program for
enciphering the information relating to the decryption of the ciphertext
using the first public key in the first device.
23. A first device, in a cipher network system, connected to a second
device by a network for transmitting to the second device enciphered
information to be deciphered in the second device, comprising:
first transmitting means for transmitting to the second device a key
generation program for generating a pair of a public key and a secret key
in a public-key cryptosystem, together with an identifier;
receiving means for receiving from the second device the public key in the
pair of the public key and the secret key which have been generated in
accordance with the key generation program in the second device, together
with the identifier; and
second transmitting means for generating enciphered information using the
received public key, to transmit the generated enciphered information,
together with the identifier, to the second device.
24. A second device, in a cipher network system, connected to a first
device by a network for deciphering enciphered information transmitted
from the first device, comprising:
first receiving means for receiving a key generation program for generating
a pair of a public key and a secret key in a public-key cryptosystem,
together with an identifier, from the first device;
means for generating the pair of the public key and the secret key in
accordance with the received key generation program, and holding the
generated secret key in correspondence with the identifier;
transmitting means for transmitting the generated public key, together with
the identifier, to the first device;
second receiving means for receiving the enciphered information generated
using the public key in the first device, together with the identifier;
and
means for deciphering the received enciphered information using the secret
key, which corresponds to the received identifier, of the held secret
keys.
25. A computer readable recording medium storing a program for controlling
a first device connected to a second device by a network for transmitting
to the second device ciphertext to be deciphered in the second device, so
as to
transmit the ciphertext and an identifier thereof to the second device;
receive, in a pair of a first public key and a first secret key in a first
public-key cryptosystem which have been generated in the second device,
the first public key and the identifier from the second device;
encipher information relating to the decryption of the ciphertext using the
received first public key; and
transmit the enciphered information and the identifier to the second
device.
26. A computer readable recording medium storing a program for controlling
a second device connected to a first device by a network for deciphering
ciphertext transmitted from the first device, so as to
receive the ciphertext transmitted from the first device and an identifier
thereof;
generate a pair of a first public key and a first secret key in a first
public-key cryptosystem;
hold the generated first secret key and the identifier, and transmit the
generated first public key and the identifier to the first device;
receive information relating to the decryption of the ciphertext enciphered
using the first public key in the first device and the identifier;
decipher the received enciphered information using the first secret key,
which corresponds to the received identifier, of the held first secret
keys; and
decipher the ciphertext utilizing the deciphered information.
27. The computer readable recording medium according to claim 26, further
storing
an encryption program for enciphering, in the first device, plaintext to
create the ciphertext, and a public key system encryption program for
enciphering, in the first device, the information relating to the
decryption of the ciphertext using the first public key.
28. A computer readable recording medium storing a program for controlling
a first device connected to a second device by a network for transmitting
to the second device enciphered information to be deciphered in the second
device, so as to
transmit a key generation program for generating a pair of a public key and
a secret key in a public-key cryptosystem, together with an identifier, to
the second device;
receive the public key transmitted from the second device in the pair of
the public key and the secret key which have been generated in accordance
with the key generation program, together with the identifier;
create the enciphered information using the received public key; and
transmit the created enciphered information together with the identifier.
29. A computer readable recording medium storing a program for controlling
a second device connected to a first device by a network for deciphering
enciphered information transmitted from the first device, so as to
receive a key generation program for generating a pair of a public key and
a secret key in a public-key cryptosystem and an identifier which are
transmitted from the first device;
generate the pair of the public key and the secret key in accordance with
the received key generation program;
hold the generated secret key in correspondence with the identifier;
transmit the generated public key, together with the identifier, to the
first device;
receive enciphered information which has been generated using the public
key in the first device and the identifier, which are sent from the first
device; and
decipher the received enciphered information using the secret key, which
corresponds to the received identifier, of the held secret keys.
30. The enciphering method according to claim 14, further comprising the
step of
transmitting, together with the program for encryption or decryption which
is transmitted from the third device to the first device and the second
device, a program for eliminating the programs, and eliminating the key
generation program or the program for encryption or decryption by the
program for elimination, after performing encryption processing and
decryption processing in the first device and the second device. |
|
|
|
|
|
|
Claims |
|
|
|
Description |
|
|
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an enciphering method in an encryption (a
cipher) network system, a device constituting the cipher network system,
and a medium storing therein a program for controlling the device.
2. Description of the Related Art
A common-key cryptosystem and a public-key cryptosystem are known as a
cryptosystem for enciphering plaintext and for deciphering ciphertext in
encryption communication.
In the common-key cryptosystem, a key used for enciphering (encrypting) the
plaintext and a key used for deciphering (decrypting) the ciphertext are
identical.
In the public-key cryptosystem, the plaintext is enciphered using a public
key, and the ciphertext is deciphered using a secret key paired with the
public key used for the encryption.
In the common-key cryptosystem, the key used for enciphering the plaintext
is also used for deciphering the ciphertext. Therefore, the same key as
the key used for enciphering the plaintext must be previously delivered to
a person who is authorized to decipher the ciphertext. In the public-key
cryptosystem, a person who receives the ciphertext must previously put his
or her own public key on a database or the like set in a network and
disclose the public key. However, data in the database or the like set in
the network is liable to be altered without authorization. It is said that
a manager of the database must issue a certificate of the public key.
SUMMARY OF THE INVENTION
An object of the present invention is to provide an enciphering method in
which encryption communication can be established safely and simply
through a network utilized by a lot of persons, a device constituting a
cipher network system, and a medium storing a program for controlling the
device.
A cipher network system according to the present invention is constituted
by a first device and a second device which are connected to each other by
a network. The first device and the second device can communicate with
each other through the network. In the system, ciphertext is transmitted
from the first device to the second device through the network, and the
ciphertext is deciphered in the second device.
The first device enciphers plaintext in accordance with an encryption
program. Ciphertext thus obtained and its identifier are transmitted from
the first device to the second device.
In the second device, in accordance with a first key generation program for
generating a pair of a first public key and a first secret key in a first
public-key cryptosystem, the pair of the first public key and the first
secret key is generated, and the generated first secret key and its
identifier are held. The generated first public key and its identifier are
transmitted from the second device to the first device.
In the first device, information relating to the decryption of the
ciphertext is enciphered using the received first public key. The
enciphered information and the identifier are transmitted to the second
device.
In the second device, the received enciphered information is deciphered
using the first secret key, which corresponds to the received identifier,
of the held first secret keys. The ciphertext is deciphered utilizing the
deciphered information.
According to the present invention, the information relating to the
decryption of the ciphertext is enciphered, and the enciphered information
is transmitted from the first device to the second device. Moreover, the
information relating to the decryption of the ciphertext is enciphered
using the first public key cryptosystem. The first secret key for
decryption in the first public key cryptosystem is generated in the second
device, and is held in the second device. Since the first secret key is
not transmitted on the network, the secrecy thereof is high, thereby
making it possible to construct a cipher system that is significantly high
in safety. Further, identifiers are respectively attached to the
ciphertext and various keys, so that the correspondence between the
ciphertext and the keys can be recognized by the identifiers. The present
invention is particularly effective when a plurality of encrypted
communications are transmitted on the network.
In one mode of the present invention, the information relating to the
decryption of the ciphertext is a common key for enciphering plaintext to
create the ciphertext. The plaintext is enciphered (ciphertext) using the
common key in the first device, and is deciphered in the second device
using the same common key as the common key used for the encryption.
In another mode of the present invention, the information relating to the
decryption of the ciphertext is a secret key for plaintext corresponding
to a public key for plaintext for enciphering plaintext to create the
ciphertext. The plaintext is enciphered (ciphertext) using the public key
for plaintext in the first device, and is deciphered in the second device
using the secret key for plaintext corresponding to the public key for
plaintext used for the encryption.
In still another mode, the information relating to the decryption of the
ciphertext is a second secret key corresponding to a second public key in
a second public key cryptosystem used for enciphering a common key for
enciphering plaintext to create the ciphertext. In this case, the common
key enciphered by the second public key is transmitted from the first
device to the second device. In the second device, the received enciphered
information is deciphered using the first secret key to obtain the second
secret key, and the common key enciphered by the second public key is
deciphered using the second secret key.
In a further mode, the information relating to the decryption of the
ciphertext is a second secret key corresponding to a second public key in
a second public key cryptosystem used for enciphering a secret key for
plaintext corresponding to a public key for plaintext for enciphering
plaintext to create the ciphertext. The secret key for plaintext that has
been enciphered by the second public key is transmitted from the first
device to the second device. In the second device, the received enciphered
information is deciphered using the first secret key to obtain a second
secret key, and the secret key for plaintext which has been enciphered by
the second public key is deciphered using the second secret key.
When a first key generation program is put on the first device, and the
program, together with the ciphertext and the identifier, is transmitted
from the first device to the second device, the first key generation
program need not be held in the second device.
Conversely, when a program for enciphering the plaintext, and a program for
enciphering the information relating to the decryption of the ciphertext
using the first public key are held in the second device, and the programs
are transmitted to the first device by the second device (including a case
where the first device accesses the second device), only a program for
communication (for example, a web browser) may be provided in the first
device.
It is possible to utilize an electronic mail and an internet in order to
transmit the program and the ciphertext.
For example, at least one of transmission data including the ciphertext,
the enciphered information and the identifier which are transmitted from
the first device to the second device and transmission data including the
first public key and the identifier which are transmitted from the second
device to the first device is transmitted with it being stored in a file
attached to an electronic mail.
An address, in a network, assigned to a file in the second device storing
the program for enciphering the information relating to the decryption of
the ciphertext using the first public key is described using the second
device as a server on a web page provided therein. The first device
accesses the second device to fetch the web page and further accesses the
address, in the network, described on the web page to fetch the program.
The above-mentioned program can be also stored in the web page (JAVA
applet, etc.). A program for calling the program from a device on the
network (which may be the second device or the other device) may be stored
(Plug-in, ActiveX, etc.).
The use of the following authenticating method for checking the second
device makes it possible to prevent the other device from acquiring
ciphertext without authorization. That is, the address, assigned to the
second device, included in the transmission data including the first
public key and the identifier which are transmitted from the second device
to the first device is compared, in the first device, with an address,
assigned to the second device, used when the ciphertext is transmitted
from the first device to the second device, and the enciphered information
and the identifier are transmitted from the first device to the second
device only when the addresses coincide with each other.
In order to prevent the first public key transmitted on the network from
being altered, an authenticator obtained by compressing the transmission
data including the first public key and the identifier which are
transmitted from the second device to the first device (including a part
or the whole of a mail sentence in an electronic mail or a web page) and
enciphering the compressed transmission data using the first secret key is
created, and the authenticator and the transmission data are transmitted
to the first device. In the first device, the transmission data is
compressed, to check whether or not the compressed transmission data is
the same as one which is obtained by deciphering the authenticator using
the first public key.
The present invention further provides a method of reducing, when in a
network system including a first device and a second device which are
connected to each other by a network, enciphered information is generated
in the first device and is transmitted to the second device, and the
enciphered information is deciphered in the second device, the burden on
the second device.
Specifically, the method of transmitting ciphertext from the first device
to the second device which is connected to the first device by the
network, and deciphering the ciphertext in the second device in the
present invention is a method of transmitting a key generation program for
generating a pair of a public key and a secret key in a public key
cryptosystem, together with an identifier, from the first device to the
second device, generating, in the second device, the pair of the public
key and the secret key in accordance with the received key generation
program, to hold the generated secret key in correspondence with the
identifier, and transmit the generated public key, together with the
identifier, to the first device, generating, in the first device,
enciphered information using the received public key, to transmit the
generated enciphered information, together with the identifier, to the
second device, and deciphering, in the second device, the received
enciphered information using the secret key, which corresponds to the
received identifier, of the held secret keys.
In one mode, the enciphered information is ciphertext obtained by
enciphering plaintext using the public key.
In another mode, the enciphered information is an enciphered key obtained
by enciphering a common key used for creating ciphertext using the public
key. In this case, the first device transmits the key generation program,
together with the created ciphertext, to the second device.
Since the key generation program for generating the pair of the public key
and the secret key in the public key cipher system is transmitted from the
first device to the second device, the second device need not previously
have the key generation program. Since a decryption program (also an
encryption program) in the public key cryptosystem, for example, ActiveX
or Plug-in is available from a web page on an internet, the second device
need not hold the encryption program and the decryption program.
It is also possible to provide a third device in addition to the first and
second devices, and to connect the first device, the second device and the
third device to one another on a network system. In this configuration,
the third device can manage the key generation program, the encryption
program, and the decryption program, to reduce the burden on the first and
second devices. In this case, in the first and second devices, the program
transmitted from the third device is automatically eliminated (erased)
after the execution thereof, thereby making it possible to further promote
safety. A program for elimination is also transmitted from the third
device to the first and second devices.
The present invention further provides first and second devices, and a
medium storing a program for operating the first and second devices as
described above.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates the overall outline of a cipher network system;
FIG. 2 is a block diagram showing the configuration of a transmitter;
FIG. 3 illustrates the outline of encryption/decryption processing in a
first embodiment;
FIG. 4 is a flow chart showing the procedure for encryption processing and
decryption processing in the first embodiment;
FIG. 5 is a flow chart showing the procedure for encryption processing and
decryption processing in a second embodiment;
FIG. 6 is a flow chart showing the procedure for encryption processing and
decryption processing in a third embodiment;
FIG. 7 illustrates the outline of encryption/decryption processing in a
fourth embodiment;
FIGS. 8 and 9 are flow charts showing encryption processing and decryption
processing in the fourth embodiment;
FIGS. 10 and 11 are flow charts showing the procedure for encryption
processing and decryption processing in a fifth embodiment;
FIG. 12 is a flow chart showing the procedure for encryption processing and
decryption processing in a sixth embodiment;
FIG. 13 is a flow chart showing the procedure for encryption processing and
decryption processing in a seventh embodiment;
FIG. 14 is a flow chart showing the procedure for encryption processing and
decryption processing in an eighth embodiment;
FIG. 15 illustrates the contents of an SHTML file;
FIG. 16 is a flow chart showing the procedure for encryption processing and
decryption processing in a ninth embodiment;
FIG. 17 illustrates the contents of an HTML file;
FIG. 18 is a flow chart showing the procedure for encryption processing and
decryption processing in a tenth embodiment;
FIG. 19 illustrates the overall outline of a cipher network system;
FIG. 20 is a flow chart showing the procedure for encryption processing and
decryption processing in an eleventh embodiment;
FIG. 21 is a flow chart showing the procedure for encryption processing and
decryption processing in a twelfth embodiment; and
FIG. 22 is a flow chart showing the procedure for encryption processing and
decryption processing in a thirteenth embodiment.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
First Embodiment
FIG. 1 illustrates the overall configuration of a cipher network system.
In the cipher network system, a plurality of transmitters (transmitting
devices or apparatuses) 10 and receivers ( receiving devices or
apparatuses) 20 are connected through a network 5 such that they can
communicate with one another. The transmitter 10 and the receiver 20 are
realized by a computer system, as described later. The computer system is
referred to as a transmitter when it enciphers plaintext and transmits the
enciphered plaintext, while being referred to as a receiver when it
receives ciphertext transmitted from the transmitter and deciphers the
received ciphertext. The transmitter and the receiver are names given for
convenience of illustration by paying attention to their functions.
The network 5 is a public line network or a leased (or dedicated) line
network that has existed or will be laid in the future. The transmitter 10
and the receiver 20 make data transmission using a communication protocol
such as TCP/IP (Transmission Control Protocol/Internet Protocol) or HTTP
(HyperText Transfer Protocol).
FIG. 2 is a block diagram showing the configuration of the transmitter.
The transmitter 10 comprises a computer 13. Connected to the computer 13
through a bus are an input device 11 (a keyboard, a mouse, etc.) for
accepting entry, an output device 12 (a CRT display device, a printer,
etc.) for visibly outputting data, a modem 14 for making connection to the
network 5, an FD drive 16 for reading data recorded on a floppy-disk (FD)
and recording data on the FD, a CD-ROM drive 17 for reading data recorded
on a CD-ROM 19, and an external storage device 18 (a hard disk device,
etc.) storing an operating system. Inside the computer 13, there is
provided an internal memory 15 for providing a program area storing
programs to be executed by the computer, a work area for various
operations, a buffer area, and so forth.
The receiver 20 basically has the same components as the transmitter 10. In
FIG. 2, the components of the receiver 20 are respectively indicated by
reference numerals in parentheses.
The transmitter 10 has programs for performing processing at the steps 101
to 106 shown on the left side of FIG. 4. The programs in the transmitter
10 include the following programs i) to iv):
i) an encryption program in a common-key cryptosystem (hereinafter referred
to as a common key encryption program)
ii) a key generation program for generating a common key (hereinafter
referred to as a common key generation program)
(this program may be included in the common key encryption program)
iii) a first encryption program in a public-key cryptosystem (hereinafter
referred to as a first public key system encryption program)
iv) a first key generation program for generating a pair of a first public
key and a first secret key (hereinafter referred to as a first public
key/secret key generation program)
(this program iv) is not used in the transmitter 10, but is transmitted to
the receiver 20 and used therein).
The receiver 20 has programs for performing processing at the steps 201 to
206 shown on the right side of FIG. 4. The programs in the receiver 20
include the following programs v) and vi):
v) a decryption program in a common-key cryptosystem (hereinafter referred
to as a common key decryption program)
vi) a first decryption program in a public-key cryptosystem (hereinafter
referred to as a first public key system decryption program) (this first
public key system decryption program may, in some cases, be the same as
the first public key system encryption program)
The programs (which include the programs i), ii), iii) and iv) but may not,
in some cases, include the communication programs at the steps 103 and
106) of the transmitter 10 are recorded on the CD-ROM 19 (or the FD), and
are distributed to an operator of the transmitter 10. The programs (which
include the programs v) and vi) but may not, in some cases, include the
transmission program at the step 203) of the receiver 20 are recorded on a
CD-ROM 29 (or a FD), and are distributed to an operator of the receiver
20. The operator of the transmitter 10 loads the CD-ROM 19 in the CD-ROM
drive 17. The operator of the receiver 20 loads the CD-ROM 29 in a CD-ROM
drive 27. The program recorded on the CD-ROM 19 (29) is directly read in
the computer 13 (23) from the CD-ROM drive 17 (27), or is installed in the
external storage device 18 (28) from the CD-ROM drive 17 (27) and is read
in the computer 13 (23) from the external storage device 18 (28), so that
processing shown in FIG. 4 as described in detail below is performed.
FIG. 3 illustrates the outline of encryption processing and decryption
processing which are respectively executed by the transmitter 10 and the
receiver 20, centered around the roles of keys. FIG. 4 is a flow chart
showing the procedure for encryption processing in the transmitter 10,
decryption processing in the receiver 20, and communication processing
between the transmitter 10 and the receiver 10.
In the transmitter 10, the operator first enters plaintext from the input
device 11, or plaintext is automatically created in the transmitter 10
(including a case where plaintext created in the other computer is
received by the transmitter 10 (on read from the FD, etc.)). The plaintext
is not limited to document data. For example, it includes a credit card
number, a password, and so forth in electronic commerce (EC). The entered
plaintext is temporarily stored in the internal memory 15 in the
transmitter 10.
A common key is generated in accordance with a common key generation
program. For example, a random number generation program is used as the
common key generation program, to generate a random number and take the
random number as a common key.
The generated common key is registered (stored) in the external storage
device 18 in correspondence with an identifier (step 101). The identifier
is indicated by i, and a common key corresponding to the identifier i is
taken as a common key i. The identifier is used for identifying a key used
in processing in the cipher network system. This is effective for a case
where a plurality of types of ciphertext are transmitted and received
between the transmitter 10 and the receiver 20 or between the transmitter
10 or the receiver 20 and the other device. Used as the identifier i are a
number which is increased or changed every time the common key is
generated (for example, a random number generated every time the common
key is generated), a character or a number which is entered by the
operator, and so forth. A plurality of common keys may be previously
generated and stored in the external storage device 18 so that the
identifier i corresponds to one of the stored common keys every time the
identifier i is generated or entered.
The plaintext is then enciphered using the common key i in accordance with
the common key encryption program (step 102) (ciphertext thus created is
taken as ciphertext i). The ciphertext i, together with the identifier i
and the first public key/secret key generation program, is transmitted
from the transmitter 10 to the receiver 20 (step 103).
The receiver 20 executes, when it receives the ciphertext i, the identifier
i and the first public key/secret key generation program which are
transmitted from the transmitter 10, the received first public key/secret
key generation program. Consequently, a pair of the first public key and
the first secret key is generated (step 201).
The first secret key in the generated pair of the first public key and the
first secret is registered (stored) in the external storage device 28 of
the receiver 20 in correspondence with the identifier i (step 202). On the
other hand, the first public key, together with the identifier i, is
transmitted to the transmitter 10 (step 203). The first secret key and the
first public key which correspond to the identifiers i are respectively
taken as a first secret key i and a first public key i.
The transmitter 10 which has received the first public key i and the
identifier i retrieves a common key i, which corresponds to the received
identifier i, of the common keys registered in the external storage device
18 (step 104).
The retrieved common key i is enciphered using the first public key i
transmitted from the receiver 20 in accordance with a first public key
system encryption program (step 105). The enciphered common key
(hereinafter referred to as the enciphered common key i), together with
the identifier i, is transmitted to the receiver 20 (step 106).
The receiver 20 retrieves the first secret key i, which corresponds to the
identifier i, of the first secret keys that have been registered in the
external storage device 28 (step 204). The retrieved first secret key i is
one which is paired with the first public key i used for enciphering the
common key i (step 105).
In the receiver 20, the enciphered common key i transmitted from the
transmitter 10 is deciphered using the retrieved first secret key i in
accordance with the first public key system decryption program (step 205),
to obtain a common key i. The ciphertext which has been previously
received is then deciphered using the deciphered common key i in
accordance with a common key decryption program (step 206). Plaintext is
thus obtained.
Keys transmitted through the network 10 are only the enciphered common key
| | |
