Cryptographic communication system, terminal device, server, and decryption method

US 20040025019A1
Filed: 06/03/2003
Published: 02/05/2004
Est. Priority Date: 06/04/2002
Status: Active Grant

First Claim

Patent Images

5. A cryptographic communication system, comprising:

a sender terminal for encrypting and transmitting an original message;

a recipient terminal for holding a secret key for decryption of the encrypted message;

an agent terminal for decrypting the encrypted message in place of the recipient terminal based on the secret key of said recipient terminal; and

a conversion server for validating decryption processing of the encrypted message by the agent terminal, wherein an operation of the secret key of said recipient terminal is shared between said agent terminal and said conversion server using threshold decryption, and the agent terminal is allowed to decrypt the encrypted message on obtaining validation from the conversion server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cryptographic communication system including a sender terminal for encrypting and transmitting a message, a recipient terminal for receiving and decrypting the encrypted message, an agent terminal for decrypting the message in place of the recipient terminal, and a conversion server for supporting the agent terminal to decrypt the message. The sender terminal encrypts the message using a public key of the recipient terminal. Using a public key of the conversion server, a predetermined restricted condition, and a secret key for decryption of the message, the recipient terminal generates a delegation key allowing decryption of the message under the restricted condition and passes the delegation key to the agent terminal. The conversion server validates a power of the agent terminal to decrypt the message based on the information contained in the delegation key from the agent terminal. The agent terminal then decrypts the message with validation of the conversion server.

43 Citations

View as Search Results

24 Claims

5. A cryptographic communication system, comprising:
- a sender terminal for encrypting and transmitting an original message;
  
  a recipient terminal for holding a secret key for decryption of the encrypted message;
  
  an agent terminal for decrypting the encrypted message in place of the recipient terminal based on the secret key of said recipient terminal; and
  
  a conversion server for validating decryption processing of the encrypted message by the agent terminal, wherein an operation of the secret key of said recipient terminal is shared between said agent terminal and said conversion server using threshold decryption, and the agent terminal is allowed to decrypt the encrypted message on obtaining validation from the conversion server.
- View Dependent Claims (6, 7, 8, 21)
- - 6. The cryptographic communication system according to claim 5, wherein said recipient terminal sets a predetermined restricted condition in a power of the agent terminal to decrypt the message in place of the recipient terminal, and said conversion server validates whether or not the decryption processing of the encrypted message by the agent terminal satisfies the restricted condition.
  - 7. The cryptographic communication system according to claim 6, wherein said recipient terminal sets time limitation as the restricted condition.
  - 8. The cryptographic communication system according to claim 5, wherein a plurality of conversion servers are provided and the validation is performed by means of secret sharing among the plurality of conversion servers.
  - 21. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing cryptographic communication, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 5.

9. A terminal device for receiving and decrypting an encrypted message, comprising:
- secret key holding means for holding a secret key for decryption of a message encrypted using a public key of its own; and
  
  delegation key generation means for generating a delegation key based on a public key of a predetermined conversion server, a predetermined restricted condition, and the secret key, the delegation key allowing decryption of the message under the restricted condition, wherein said terminal device passes the delegation key generated by said delegation key generation means to a predetermined agent terminal for decrypting the message in place of the terminal device.
- View Dependent Claims (10, 11)
- - 10. The terminal device according to claim 9, wherein said delegation key generation means generates the delegation key by calculation using a one-way hash function.
  - 11. The terminal device according to claim 9, wherein the delegation key generation means sets time limitation as the restricted condition.

12. A terminal device, comprising:
- delegation key holding means for holding a delegation key generated using a one-way hash function based on a public key of a predetermined conversion server, a predetermined restricted condition, and a secret key for decryption of an encrypted message, the delegation key allowing decryption of the message under the restricted condition;
  
  inquiry means for transmitting at least part of the delegation key to the conversion server and receiving from the conversion server a parameter obtained as a result of validation of the conversion server according to the restricted condition; and
  
  decryption means for decrypting the message by use of the parameter acquired from the conversion server and the delegation key.
- View Dependent Claims (1, 3, 4, 13, 20)
- - 1. A cryptographic communication system, comprising:
    - a sender terminal for encrypting and transmitting an original message;
      
      a recipient terminal for receiving and decrypting the encrypted message;
      
      an agent terminal for decrypting the message in place of said recipient terminal; and
      
      a conversion server for supporting the agent terminal to decrypt the message, wherein said sender terminal encrypts the original message using a public key of said recipient terminal, said recipient terminal generates a delegation key using a public key of said conversion server, a predetermined restricted condition, and a secret key for decryption of the encrypted message and passes the generated delegation key to said agent terminal, the delegation key allowing decryption of the encrypted message under the restricted condition, said conversion server acquires at least part of the delegation key from the agent terminal and validates a power of said agent terminal to decrypt the encrypted message based on acquired information, and said agent terminal decrypts the encrypted message with validation of said conversion sever.
  - 3. The cryptographic communication system according to claim 1, wherein said recipient terminal generates the delegation key using a one-way hash function, and using the one-way hash function, said conversion server validates whether or not the delegation key of said agent terminal satisfies the restricted condition.
  - 4. The cryptographic communication system according to claim 1, wherein a plurality of conversion servers are provided and the power of said agent terminal to decrypt the encrypted message is validated by means of secret sharing between the plurality of conversion servers.
  - 13. The terminal device according to claim 12, wherein the delegation key held by said delegation key holding means is generated based on public keys of a plurality of conversion servers;
    - and said inquiry means transmits/receives information to/from the plurality of conversion servers corresponding to the public keys.
  - 20. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing cryptographic communication, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 1.

14. A server, comprising:
- receiving means for receiving from a predetermined terminal device a predetermined restricted condition, part of a message encrypted with a first public key, and predetermined information encrypted with a second public key;
  
  judgment means for judging whether or not the acquired restricted condition is satisfied;
  
  parameter calculation means for decrypting the predetermined information with a secret key corresponding to the second public key and calculating a parameter for decryption of the message by use of the predetermined information, the restricted condition, and the part of the message encrypted with the first public key; and
  
  transmitting means for transmitting to the predetermined terminal device the parameter calculated by said parameter calculation means.
- View Dependent Claims (2, 15, 22)
- - 2. The cryptographic communication system according to claim 1, wherein said recipient terminal generates the delegation key by setting a time limitation as the restricted condition.
  - 15. The server according to claim 14, wherein said parameter calculation means calculates the parameter using a one-way hash function.
  - 22. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing reception and decryption of an encrypted message, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 9.

16. A program for controlling a computer to decrypt an encrypted message, the program causing the computer to realize:
- a function of holding in a predetermined storage a secret key for decryption of a message encrypted using a public key of its own;
  
  a function of generating a delegation key based on a public key of a predetermined conversion server, a predetermined restricted condition, and the secret key using a one-way hash function, the delegation key allowing decryption of the message under the restricted condition; and
  
  a function of transmitting the delegation key to a predetermined agent terminal for decrypting the message by proxy.

17. A program for controlling a computer to decrypt an encrypted message, the program causing the computer to realize:
- a function of holding in a predetermined storage a delegation key generated using a one-way hash function based on a public key of a predetermined conversion server, a predetermined restricted condition, and a secret key for decryption of an encrypted message, the delegation key allowing decryption of the message under the restricted condition;
  
  a function of transmitting at least part of the delegation key to the conversion server and receiving from the conversion server a parameter obtained as a result of validation of the conversion server according to the restricted condition; and
  
  a function of decrypting the message using the parameter acquired from the conversion server and the delegation key.

18. A program for controlling a computer to decrypt an encrypted message, the program causing the computer to realize:
- a function of receiving from a predetermined terminal device a predetermined restricted condition, part of a message encrypted with a first public key, and a predetermined information encrypted with a second public key;
  
  a function of judging whether or not the acquired restricted condition is satisfied;
  
  a function of decrypting the predetermined information with a secret key corresponding to the second public key and calculating a parameter for decryption of the message by use of the predetermined information, the restricted condition, the part of the message encrypted with the first public key; and
  
  a function of returning the parameter to the predetermined terminal device.

19. A decryption method, comprising the steps of:
- generating a delegation key based on a first secret key corresponding to a first public key, a predetermined restricted condition, and a second public key, the delegation key allowing decryption of the message under the restricted condition;
  
  passing at least part of the delegation key to an external party having a second secret key corresponding to the second public key and acquiring from the external party a result of judgment whether or not decryption processing with the delegation key satisfies the restricted condition; and
  
  decrypting the message, which is encrypted with the first public key, by use of the delegation key and the result of judgment of the external party.
- View Dependent Claims (23, 24)
- - 23. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for causing decryption, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect the steps of claim 19.
  - 24. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for decryption, said method steps comprising the steps of claim 19.

22-1. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing decryption of an encrypted message, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 12.

22-2. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing server functions, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 14.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Numao, Masayuki, Watanabe, Yuji

Granted Patent

US 8,386,780 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/76 Proxy, i.e. using intermedi...

H04L 9/3013 involving the discrete loga...

Cryptographic communication system, terminal device, server, and decryption method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic communication system, terminal device, server, and decryption method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links