SECURE PROCESSING DEVICE, SECURE PROCESSING METHOD, ENCRYPTED CONFIDENTIAL INFORMATION EMBEDDING METHOD, PROGRAM, STORAGE MEDIUM, AND INTEGRATED CIRCUIT

US 20090132830A1
Filed: 10/24/2006
Published: 05/21/2009
Est. Priority Date: 10/31/2005
Status: Active Grant

First Claim

Patent Images

1. A secure processing device that performs an operation equivalent to a secure operation performed on a message using the confidential information, and that obtains a same operation result as the secure operation, the secure processing device comprising:

a storage unit that stores (i) a plurality of split confidential information pieces obtained by splitting the confidential information, (ii) a first confidential information generation equation for calculating the confidential information with use of the plurality of split confidential information pieces that are input to the first confidential information generation equation as arguments, and (iii) a first secure operation procedure indicating a procedure with use of the plurality of split confidential information pieces;

a combined information generation unit operable to generate a plurality of pieces of combined information, each of which is obtained by performing an operation on at least two or more pieces of the split confidential information;

a first generation unit operable to generate a second confidential information generation equation that is equivalent to the first confidential information generation equation, and that takes the plurality of pieces of combined information as;

a second generation unit operable to generate, based on one or more operators included in the second confidential information generation equation, a second secure operation procedure that is equivalent to the first secure operation procedure, and that takes the plurality of pieces of combined information as; and

an executing unit operable to perform the second secure operation procedure on the message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When performing secure processing using confidential information that needs to be confidential, the secure processing device according to the present invention prevents the confidential information from being exposed by an unauthorized analysis such as a memory dump. A signature generation device 100 that provides a message M with a signature by using a signature key comprises: a split key storage unit 110 that stores split secret keys obtained by splitting the signature key d into at least two, a signature key generation equation F for calculating the split secret keys to obtain the signature key d, and a signature generation equation; a signature key generation identical equation generation unit 120 that generates a signature key generation identical equation G for obtaining the same result as the signature generation equation F, with use of an associative law, a distributive law, and a commutative law; a combined split key generation unit 130 that generates a plurality of combined split keys that are each a result of calculating the split secret keys, and that are to be arguments for the signature key generation identical equation G; and a signature generation unit 150 that provides the message with the signature, based on the signature key generation identical equation G and the split secret keys.

78 Citations

View as Search Results

27 Claims

1. A secure processing device that performs an operation equivalent to a secure operation performed on a message using the confidential information, and that obtains a same operation result as the secure operation, the secure processing device comprising:
- a storage unit that stores (i) a plurality of split confidential information pieces obtained by splitting the confidential information, (ii) a first confidential information generation equation for calculating the confidential information with use of the plurality of split confidential information pieces that are input to the first confidential information generation equation as arguments, and (iii) a first secure operation procedure indicating a procedure with use of the plurality of split confidential information pieces;
  
  a combined information generation unit operable to generate a plurality of pieces of combined information, each of which is obtained by performing an operation on at least two or more pieces of the split confidential information;
  
  a first generation unit operable to generate a second confidential information generation equation that is equivalent to the first confidential information generation equation, and that takes the plurality of pieces of combined information as;
  
  a second generation unit operable to generate, based on one or more operators included in the second confidential information generation equation, a second secure operation procedure that is equivalent to the first secure operation procedure, and that takes the plurality of pieces of combined information as; and
  
  an executing unit operable to perform the second secure operation procedure on the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The secure processing device of claim 1, whereinthe first confidential information generation equation includes one or more operations, andthe first generation unit generates the second confidential information generation equation by randomly selecting, from operations included in the first confidential information generation equation, an operation having an alternative operation that satisfies one of a commutative law, an associative law, and a distributive law, and replacing the selected operation with the alternative operation.
  - 3. The secure processing device of claim 2, whereinthe first confidential information generation equation includes the one or more operations, each of which includes (i) a plurality of operands and (ii) an operator indicating a type of an operation between the operands,the storage unit stores attribute information indicating a relationship between the operands and the operator that are included in the first confidential information generation equation, andthe first generation unit generates the second confidential information with use of the attribute information.
  - 4. The secure processing device of claim 3, whereinin the first confidential information generation equation, values of arguments are input as the operands, each of the values corresponding to a different piece of the plurality of split confidential information,the attribute information indicates an operator that corresponds to a plurality of operands capable of being combined,the first generation unit concatenates the plurality of operands in the first confidential information generation equation with the operator, based on the attribute information, andthe second generation unit operable to generate the combined information by combining pieces of split confidential information corresponding to the combined operands.
  - 5. The secure processing device of claim 2, whereinthe second confidential information generation equation includes one or more operations, each of which includes a plurality of operands and an operator indicating a type of an operation between the operands,the storage unit stores attribute information indicating a relationship between the operands and the operator that are included in the second confidential information generation equation, andthe second generation unit generates the second secure operation procedure with use of the attribute information.
  - 6. The secure processing device of claim 1, whereinthe first generation unit further generates random number information, and thereby generates the second confidential information generation equation including the random number information,the second generation unit generates, with use of the plurality of pieces of combined information and the random number information, the second secure operation procedure indicting the operation procedure equivalent to the first the first secure operation procedure, based on the second confidential information generation equation;
    - andthe executing unit performs, with use of the plurality of pieces of combined information and the random number information, the second secure operation procedure on the message.
  - 7. The secure processing device of claim 1, whereinthe first generation unit further generates, with use of the confidential information, redundant information that does not affect a result of the operation processing, and thereby generates the second confidential information generation equation using the redundant information.
  - 8. The secure processing device of claim 1, whereinthe storage unit stores dummy information that is not used by the executing unit, together with the plurality of split confidential information pieces.
  - 9. The secure processing device of claim 1, whereinthe confidential information is a signature key for generating a digital signature, andthe secure operation is a signature generation operation for providing a digital signature on the message.
  - 10. The secure processing device of claim 9, whereinthe signature generation processing is RSA (Rivest Shamir Adleman) signature generation processing.
  - 11. The secure processing device of claim 9, whereinthe signature generation processing is performed using an elliptic curve digital signature method.
  - 12. The secure processing device of claim 11, further comprising:
    - a random number information generation unit operable to generate random number information, whereinthe executing unit performs (i) processing for calculating a random value k scalar multiplication point of a base point P that is an order q of an elliptic curve on a field of definition GF(p) in the elliptic curve digital signature method, and (ii) processing that uses a value of an inverse of k on the field of definition GF(q), without directly using the random number k, but using at least two pieces of random number information.
  - 13. The secure processing device of claim 1, whereinthe confidential information is a secret key of public key encryption, andthe executing unit performs, for the secure operation, processing of a public key encryption system using a public key and the secret key.
  - 14. The secure processing device of claim 13, whereinthe public key encryption is RSA encryption.
  - 15. The secure processing device of claim 13, whereinthe public key encryption is elliptic curve encryption.
  - 16. The secure processing device of claim 1, further comprising:
    - an acquiring unit operable to acquire, from outside, data for updating the first generation unit; and
      
      an updating unit operable to update the first generation unit with use of the data for updating.
  - 17. The secure processing device of claim 1, further comprising:
    - an acquiring unit operable to acquire, from outside, split confidential information for updating;
      
      an updating unit operable to update at least one piece of the plurality of split confidential information stored in the storage unit to the split confidential information for updating acquired by the acquiring unit.

18. A secure processing method used in a secure processing device that performs an operation equivalent to a secure operation performed on a message using the confidential information, and that obtains a same operation result as the secure operation, whereinthe secure processing device comprises:
- a storage unit that stores (i) a plurality of split confidential information pieces obtained by splitting the confidential information, (ii) a first confidential information generation equation for calculating the confidential information with use of the plurality of split confidential information pieces that are input to the first confidential information generation equation as arguments, and (iii) a first secure operation procedure indicating a procedure with use of the plurality of split confidential information pieces; and
  
  the secure processing method comprises the steps of;
  
  generating a plurality of pieces of combined information, each of which is obtained by performing an operation on at least two or more pieces of the split confidential information;
  
  generating, based on one or more operators included in the second confidential information generation equation, a second secure operation procedure that is equivalent to the first secure operation procedure, and that takes the plurality of pieces of combined information as the arguments; and
  
  performing a secure operation on the message, according to the second secure operation procedure.

19. A computer program used in a secure processing device that performs an operation equivalent to a secure operation performed on a message using the confidential information, and that obtains a same operation result as the secure operation, the secure processing device comprising, whereinthe secure processing device comprises:
- a storage unit that stores (i) a plurality of split confidential information pieces obtained by splitting the confidential information, (ii) a first confidential information generation equation for calculating the confidential information with use of the plurality of split confidential information pieces that are input to the first confidential information generation equation as arguments, and (iii) a first secure operation procedure indicating a procedure with use of the plurality of split confidential information pieces; and
  
  the computer program comprises the steps of;
  
  generating a plurality of pieces of combined information, each of which is obtained by performing an operation on at least two or more pieces of the split confidential information;
  
  generating a second confidential information generation equation that is equivalent to the first confidential information generation equation, and that takes the plurality of pieces of combined information as arguments;
  
  generating, based on one or more operators included in the second confidential information generation equation, a second secure operation procedure that is equivalent to the first secure operation procedure, and that takes the plurality of pieces of combined information as the arguments; and
  
  performing a secure operation on the message, according to the second secure operation procedure.
- View Dependent Claims (20)
- - 20. A recording medium that is computer-readable, and that stores the computer program of claim 19.

21. An integrated circuit that performs an operation equivalent to a secure operation performed on a message using the confidential information, and that obtains a same operation result as the secure operation, the integrated circuit comprising:
- a storage unit that stores (i) a plurality of split confidential information pieces obtained by splitting the confidential information, (ii) a first confidential information generation equation for calculating the confidential information with use of the plurality of split confidential information pieces obtained by splitting the confidential information, the plurality of split confidential information that are input to the first confidential information generation equation as arguments, and (iii) a first secure operation procedure indicating a procedure with use of the plurality of split confidential information pieces;
  
  a combined information generation unit operable to generate a plurality of pieces of combined information, each of which is obtained by performing an operation on at least two or more pieces of the split confidential information;
  
  a first generation unit operable to generate a second confidential information generation equation that is equivalent to the first confidential information generation equation, and that takes the plurality of pieces of combined information each of which is an operation result of at least two pieces of the plurality of split confidential information as arguments;
  
  a second generation unit operable to generate, based on one or more operators included in the second confidential information generation equation, a second secure operation procedure that is equivalent to the first secure operation procedure, and that takes the plurality of pieces of combined information as arguments; and
  
  an executing unit operable to perform the second secure operation procedure on the message.

22. An encrypted confidential information embedding method for encrypting and embedding confidential information in a secure processing device that performs an operation using the confidential information, the encrypted confidential information embedding method comprising the steps of:
- encrypting the confidential information, with use of an encrypting apparatus that converts the confidential information to a state of being difficult to be analyzed; and
  
  embedding the encrypted confidential information in the secure processing device, with use of an encrypted information writing apparatus.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The encrypted confidential information embedding method of claim 22, whereinthe encrypting apparatus includes an input unit operable to receive an input of a parameter used for determining a method of encrypting the confidential information, andthe confidential information encryption step includes:
    - a receiving step in which the input unit receives the parameter, andan encryption step for encrypting the confidential information in an encryption method determined by the parameter.
  - 24. The encrypted confidential information embedding method of claim 23, whereinthe parameter is a number of split pieces of confidential information, andthe encryption step includes a splitting step for splitting the confidential information into at least two pieces of split confidential information, based on the number of split pieces of confidential information.
  - 25. The encrypted confidential information embedding method of claim 24, whereinthe encryption step further includesan equation generation step for generating, based on the number of split pieces of confidential information, a first confidential information generation equation including a number of terms that is at least as many as the number of split pieces of confidential information, andin the splitting step, the confidential information is split in a manner that the confidential information is calculated from the first confidential information generation equation.
  - 26. The encrypted confidential information embedding method of claim 23, whereinthe parameter is a first confidential information generation equation, andthe encryption step includesa splitting step for splitting the confidential information into at least two pieces of split confidential information in a manner that the confidential information is calculated from the first confidential information generation equation.
  - 27. The encrypted confidential information embedding method of claim 22, whereinthe confidential information is a secret key issued from a key issuing authority, andthe encrypted confidential information embedding method further includes:
    - an encryption step in which the key issuing authority encrypts the secret key with a secret key of the key issuing authority; and
      
      a verification step in which the encrypting apparatus decrypts the encrypted secret key with use of a public key and verifies the resultant decrypted secret key, whereinthe confidential information encryption step encrypts the verified secret key, andthe embedding step includes;
      
      a binary conversion step for converting, to binary data, the encrypted confidential information that has been encrypted by the encrypting apparatus; and
      
      a binary data embedding step for embedding the binary data in a secure processing device that has a function of calculating with use of the encrypted confidential information and obtaining the same operation result as when the operation using the confidential information is performed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Asai, Reiko, Sato, Taichi, Haga, Tomoyuki

Granted Patent

US 8,656,175 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

H04L 9/085 Secret sharing or secret sp...

H04L 9/3249 using RSA or related signat...

SECURE PROCESSING DEVICE, SECURE PROCESSING METHOD, ENCRYPTED CONFIDENTIAL INFORMATION EMBEDDING METHOD, PROGRAM, STORAGE MEDIUM, AND INTEGRATED CIRCUIT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE PROCESSING DEVICE, SECURE PROCESSING METHOD, ENCRYPTED CONFIDENTIAL INFORMATION EMBEDDING METHOD, PROGRAM, STORAGE MEDIUM, AND INTEGRATED CIRCUIT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links