Key Sharing System
First Claim
Patent Images
1. An encrypting apparatus comprising:
- a parameter selection unit for selecting a parameter used for sharing a session key with another information processing apparatus with which a simultaneous communication, in which a message protected with the session key is exchanged, is performed after the session key is shared, wherein the parameter selection unit selects the parameter as a procedure for sharing the session key in the simultaneous communication;
a member information generation unit for generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., an information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to the encrypting apparatus in advance, and a public key assigned to the participating apparatus in advance;
a session information generation unit for generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key;
a session information obtaining unit for respectively obtaining other session information generated by the participating apparatus from the participating apparatus; and
a session key generation unit for generating the session key by using the session information generated by the encrypting apparatus and the session information generated by the participating apparatus.
1 Assignment
0 Petitions
Accused Products
Abstract
When each apparatus generates session information needed for calculating a session key used in a simultaneous communication, an encrypting apparatus and a key processing apparatus according to the present invention causes each piece of session information to include a value dependent upon a private key unique to each apparatus, which is assigned to each apparatus in advance. Therefore, this provides protection against spoofing attempt by a member within a group.
-
Citations
25 Claims
-
1. An encrypting apparatus comprising:
-
a parameter selection unit for selecting a parameter used for sharing a session key with another information processing apparatus with which a simultaneous communication, in which a message protected with the session key is exchanged, is performed after the session key is shared, wherein the parameter selection unit selects the parameter as a procedure for sharing the session key in the simultaneous communication; a member information generation unit for generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., an information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to the encrypting apparatus in advance, and a public key assigned to the participating apparatus in advance; a session information generation unit for generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key; a session information obtaining unit for respectively obtaining other session information generated by the participating apparatus from the participating apparatus; and a session key generation unit for generating the session key by using the session information generated by the encrypting apparatus and the session information generated by the participating apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A key processing apparatus comprising:
-
a session information obtaining unit for obtaining session information transmitted from an encrypting apparatus for transmitting a parameter used as a temporary key by a participating apparatus participating in a simultaneous communication, wherein the session information is used for generating a session key for the simultaneous communication and identifying the simultaneous communication which is performed with the encrypting apparatus after the session key is shared and in which a message protected with the session key is exchanged, and wherein the session information obtaining unit also obtains session information transmitted from another participating apparatus participating in the simultaneous communication, which is different from the session information transmitted from the encrypting apparatus; a temporary key calculation unit for calculating a temporary key by using the session information transmitted from the encrypting apparatus, a public key assigned to the encrypting apparatus in advance, and a private key assigned to the key processing apparatus in advance, and a published parameter published in advance, wherein the temporary key is set by the encrypting apparatus to be used in the simultaneous communication; a parameter selection unit for selecting a parameter used for calculating the session information generated by the key processing apparatus to be transmitted to the encrypting apparatus; a session information generation unit for generating the session information transmitted to the encrypting apparatus and the another participating apparatus, by using the parameter selected by the parameter selection unit, the published parameter, the private key, and the session information transmitted from the encrypting apparatus; and a session key generation unit for generating the session key by using the session information generated by the key processing apparatus, the session information transmitted from the encrypting apparatus, and the session information transmitted from the another participating apparatus. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. An encrypting method comprising the steps of:
-
selecting a parameter used for sharing a session key with another information processing apparatus with which a simultaneous communication, in which a message protected with the session key is exchanged, is performed after the session key is shared, wherein the parameter is selected as a procedure for sharing the session key in the simultaneous communication; generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., an information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to an apparatus carrying out the encrypting method in advance, and a public key assigned to the participating apparatus in advance; generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key; obtaining other session information generated by the participating apparatus from the participating apparatus; and generating the session key by using the session information generated by the apparatus carrying out the encrypting method and the session information generated by the participating apparatus.
-
-
22. A key processing method comprising the steps of:
-
obtaining session information transmitted from an encrypting apparatus for transmitting a parameter used as a temporary key by a participating apparatus participating in a simultaneous communication, wherein the session information is used for generating a session key for the simultaneous communication, and identifying the simultaneous communication, in which a message protected with the session key is exchanged, performed with the encrypting apparatus after the session key is shared; calculating a temporary key by using the session information transmitted from the encrypting apparatus, a public key assigned to the encrypting apparatus in advance, and a private key assigned to an apparatus carrying out the key processing method in advance, and a published parameter published in advance, wherein the temporary key is set by the encrypting apparatus to be used in the simultaneous communication; selecting a parameter used for calculating the session information generated by the apparatus carrying out the key processing method to be transmitted to the encrypting apparatus; session information generation step for generating the session information transmitted to the encrypting apparatus and the another participating apparatus, by using the selected parameter, the published parameter, the private key, and the session information transmitted from the encrypting apparatus; obtaining session information transmitted from another participating apparatus participating in the simultaneous communication, which is different from the session information transmitted from the encrypting apparatus; and generating the session key by using the session information generated by the apparatus carrying out the key processing method, the session information transmitted from the encrypting apparatus, and the session information transmitted from the another participating apparatus.
-
-
23. A program for a computer capable of performing a simultaneous communication, in which a message protected with a session key is exchanged, with another information processing apparatus after the session key is shared, wherein the program causes the computer to achieve:
-
a parameter selection function for selecting a parameter used for sharing the session key, wherein parameter selection function selects the parameter as a procedure for sharing the session key in the simultaneous communication; a member information generation function for generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., the information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to the computer in advance, and a public key assigned to the participating apparatus in advance; a session information generation function for generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key; a session information obtaining function for respectively obtaining other session information generated by the participating apparatus from the participating apparatus; and a session key generation function for generating the session key by using the session information generated by the program and the session information generated by the participating apparatus.
-
-
24. A program for a computer capable of performing a simultaneous communication, in which a message protected with a session key is exchanged, with an encrypting apparatus and another information processing apparatus after the session key is shared, wherein the program causes the computer to achieve:
-
a session information obtaining function for obtaining session information transmitted from an encrypting apparatus for transmitting the parameter used as a temporary key by a participating apparatus participating in a simultaneous communication, wherein the session information is used for generating a session key for the simultaneous communication and identifying the simultaneous communication which is performed with the encrypting apparatus, and wherein the session information obtaining unit also obtains session information transmitted from another participating apparatus participating in the simultaneous communication, which is different from the session information transmitted from the encrypting apparatus; a temporary key calculation function for calculating a temporary key by using the session information transmitted from the encrypting apparatus, a public key assigned to the encrypting apparatus in advance, and a private key assigned in advance, and a published parameter published in advance, wherein the temporary key is set by the encrypting apparatus to be used in the simultaneous communication; a parameter selection function for selecting a parameter used for calculating the session information generated by the computer to be transmitted to the encrypting apparatus; a session information generation function for generating the session information transmitted to the encrypting apparatus and the another participating apparatus, by using the selected parameter, the published parameter, the private key, and the session information transmitted from the encrypting apparatus; and a session key generation function for generating the session key by using the session information generated by the computer, the session information transmitted from the encrypting apparatus, and the session information transmitted from the another participating apparatus.
-
-
25. A key sharing system comprising:
-
an encrypting apparatus including; a parameter selection unit for selecting a parameter used for sharing a session key with another information processing apparatus with which a simultaneous communication, in which a message protected with the session key is exchanged, is performed after the session key is shared, wherein parameter selection unit selects the parameter as a procedure for sharing the session key in the simultaneous communication; a member information generation unit for generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., an information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to the encrypting apparatus in advance, and a public key assigned to the participating apparatus in advance; a session information generation unit for generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key; a session information obtaining unit for respectively obtaining other session information generated by the participating apparatus from the participating apparatus; and a session key generation unit for generating the session key by using the session information generated by the encrypting apparatus and the session information generated by the participating apparatus, and a key processing apparatus including; a session information obtaining unit for obtaining session information transmitted from the encrypting apparatus and also obtaining session information transmitted from another participating apparatus participating in the simultaneous communication, which is different from the session information transmitted from the encrypting apparatus; a temporary key calculation unit for calculating a temporary key by using the session information transmitted from the encrypting apparatus, a public key assigned to the encrypting apparatus in advance, and a private key assigned to the key processing apparatus in advance, and a published parameter published in advance, wherein the temporary key is set by the encrypting apparatus to be used in the simultaneous communication; a parameter selection unit for selecting a parameter used for calculating the session information generated by the key processing apparatus to be transmitted to the encrypting apparatus; a session information generation unit for generating the session information transmitted to the encrypting apparatus and the another participating apparatus, by using the parameter selected by the parameter selection unit, the published parameter, the private key, and the session information transmitted from the encrypting apparatus; and a session key generation unit for generating the session key by using the session information generated by the key processing apparatus, the session information transmitted from the encrypting apparatus, and the session information transmitted from the another participating apparatus.
-
Specification