Enciphering/deciphering device and method, and encryption/decryption communication system

US 5,870,477 A
Filed: 03/29/1996
Issued: 02/09/1999
Est. Priority Date: 09/29/1993
Status: Expired due to Fees

First Claim

Patent Images

1. An encryption/decryption communication system in which a first enciphering/deciphering device and a second enciphering/deciphering device are connected to each other through communicating means, whereinsaid first enciphering/deciphering device comprisesdata encryption key forming means for forming a data encryption key used for enciphering plaintext data,data enciphering means for enciphering said plaintext data using said data encryption key to form ciphertext data,key enciphering means for enciphering said data encryption key using a management key to form an enciphered key,first authenticator enciphering means for enciphering an authenticator for confirming whether or not transmitted data is correctly transmitted and received using said data encryption key to generate a first enciphered authenticator, andtransmitting means for transmitting said ciphertext data, said enciphered key and said first enciphered authenticator,said second enciphering/deciphering device comprisesreceiving means for receiving the ciphertext data, the enciphered key, and the first enciphered authenticator transmitted by said transmitting means,key deciphering means for deciphering the enciphered key received by said receiving means using the same management key as the management key used in said first enciphering/deciphering device to form a data encryption key,data deciphering means for deciphering the ciphertext data received by said receiving means using the data encryption key formed by said key deciphering means to form plaintext data,authenticator deciphering means for deciphering the first enciphered authenticator received by said receiving means using the data encryption key formed by said key deciphering means,second authenticator enciphering means for enciphering the authenticator obtained as a result of the deciphering by said authenticator deciphering means using said management key to form a second enciphered authenticator, andreturning means for returning said second enciphered authenticator to said first enciphering/deciphering device, andsaid first enciphering/deciphering device deciphers the second enciphered authenticator transmitted from said second enciphering/deciphering device using said management key, and collates the deciphered authenticator with the authenticator which has been subjected to the enciphering by said first authenticator enciphering means.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plaintext file 41 is enciphered using a file key 44, to generate ciphertext 42. The file key 44 is enciphered using a secret key 47 and a management key 48, respectively, to form an enciphered key 1 (45) and an enciphered key 2 (46). An enciphered file 43 is produced from the ciphertext 42, the enciphered key 1 and the enciphered key 2. At the time of decryption, the enciphered key 1 is taken out from the enciphered file 43. The enciphered key 1 taken out is deciphered using a secret key 47, to obtain a file key 44. The ciphertext 42 is deciphered using the file key 44, to obtain the plaintext 41.

Citations

39 Claims

1. An encryption/decryption communication system in which a first enciphering/deciphering device and a second enciphering/deciphering device are connected to each other through communicating means, whereinsaid first enciphering/deciphering device comprisesdata encryption key forming means for forming a data encryption key used for enciphering plaintext data,data enciphering means for enciphering said plaintext data using said data encryption key to form ciphertext data,key enciphering means for enciphering said data encryption key using a management key to form an enciphered key,first authenticator enciphering means for enciphering an authenticator for confirming whether or not transmitted data is correctly transmitted and received using said data encryption key to generate a first enciphered authenticator, andtransmitting means for transmitting said ciphertext data, said enciphered key and said first enciphered authenticator,said second enciphering/deciphering device comprisesreceiving means for receiving the ciphertext data, the enciphered key, and the first enciphered authenticator transmitted by said transmitting means,key deciphering means for deciphering the enciphered key received by said receiving means using the same management key as the management key used in said first enciphering/deciphering device to form a data encryption key,data deciphering means for deciphering the ciphertext data received by said receiving means using the data encryption key formed by said key deciphering means to form plaintext data,authenticator deciphering means for deciphering the first enciphered authenticator received by said receiving means using the data encryption key formed by said key deciphering means,second authenticator enciphering means for enciphering the authenticator obtained as a result of the deciphering by said authenticator deciphering means using said management key to form a second enciphered authenticator, andreturning means for returning said second enciphered authenticator to said first enciphering/deciphering device, andsaid first enciphering/deciphering device deciphers the second enciphered authenticator transmitted from said second enciphering/deciphering device using said management key, and collates the deciphered authenticator with the authenticator which has been subjected to the enciphering by said first authenticator enciphering means.

2. An encryption/decryption communication system in which a first enciphering/deciphering device and a second enciphering/deciphering device are connected to each other through communicating means, whereinsaid first enciphering/deciphering device comprisesdata encryption key forming means for forming a data encryption key used for enciphering plaintext data,data enciphering means for enciphering said plaintext data using said data encryption key to form ciphertext data,key enciphering means for enciphering said data encryption key using a management key to form an enciphered key,first authenticator enciphering means for enciphering an authenticator for confirming whether or not transmitted data is correctly transmitted and received using said management key to form a first enciphered authenticator, andtransmitting means for transmitting said ciphertext data, said enciphered key and said first enciphered authenticator,said second enciphering/deciphering device comprisesreceiving means for receiving the ciphertext data, the enciphered key, and the first enciphered authenticator transmitted by said transmitting means,key deciphering means for deciphering the enciphered key received by said receiving means using the same management key as the management key used in said first enciphering/deciphering device to form a data encryption key,data deciphering means for deciphering the ciphertext data received by said receiving means using the data encryption key formed by said key deciphering means to form plaintext data,authenticator deciphering means for deciphering the first enciphered authenticator received by said receiving means using said management key,second authenticator enciphering means for enciphering the authenticator obtained as a result of the deciphering by said authenticator deciphering means using the data encryption key formed by said key deciphering means to form a second enciphered authenticator, andreturning means for returning said second enciphered authenticator to said first enciphering/deciphering device, andsaid first enciphering/deciphering device deciphers the second enciphered authenticator transmitted from said second enciphering/deciphering device using said data encryption key formed by the data encryption key forming means, and collates the deciphered authenticator with the authenticator which has been subjected to the enciphering by said first authenticator enciphering means.

3. An enciphering/deciphering device using operation storage media each storing inherent supervisor identification data and inherent operation identification data and a supervisor storage medium storing said supervisor identification data, comprising:
- data encryption key forming means for forming a data encryption key used for enciphering plaintext data;
  
  secret key forming means for forming a secret key used for enciphering the data encryption key formed by said data encryption key forming means;
  
  management key forming means for forming a management key used for enciphering the data encryption key formed by said data encryption key forming means;
  
  first storage controlling means for storing in said operation storage medium the secret key formed by said secret key forming means and the management key formed by said management key forming means; and
  
  second storage controlling means for storing the management key formed by said management key forming means in said supervisor storage medium.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 21, 22, 23, 24, 26)
- - 4. The enciphering/deciphering device according to claim 3, further comprisingdata enciphering means for enciphering said plaintext data using said data encryption key to form ciphertext data,first key enciphering means for enciphering said data encryption key using the secret key formed by said secret key forming means to form a first enciphered key,second key enciphering means for enciphering said data encryption key using the management key formed by said management key forming means to form a second enciphered key, andthird storage controlling means for storing in a first storage medium said ciphertext data, said first enciphered key and said second enciphered key.
  - 5. The enciphering/deciphering device according to claim 4, further comprisingfourth storage controlling means for storing the management key stored in one operation storage medium in the other operation storage medium.
  - 6. The enciphering/deciphering device according to claim 3, further comprisingoperation identification name entering means for entering an operation identification name inherent to said operation storage medium for identifying the operation storage medium, andsupervisor identification name entering means for entering a supervisor identification name inherent to said supervisor storage medium for identifying the supervisor storage medium,said first storage controlling means storing in said operation storage medium the supervisor identification name entered by said supervisor identification name entering means and the operation identification name entered by said operation identification name entering means, andsaid second storage controlling means storing in said supervisor storage medium the supervisor identification name entered by said supervisor identification name entering means.
  - 7. The enciphering/deciphering device according to claim 6, whereinsaid second storage controlling means stores in said supervisor storage medium a list of the operation identification names stored in said all operation storage media.
  - 8. The enciphering/deciphering device according to claim 7, further comprisingfirst selecting means for selecting a first operation identification name from the list of the operation identification names stored in said supervisor storage medium,second selecting means for selecting a second operation identification name, andfifth storage controlling means for storing identification data including the first operation identification name and the management key which are stored in a first operation storage medium specified by the first operation identification name selected by said first selecting means in a second operation storage medium specified by the second operation identification name selected by said second selecting means.
  - 9. The enciphering/deciphering device according to claim 8, whereinsaid second storage controlling means stores in said supervisor storage medium the first operation identification name and the management key which are stored in said second operation storage medium in association with said second operation identification name.
  - 10. The enciphering/deciphering device according to claim 7, further comprisingoverlapped names judging means for judging whether or not the operation identification name entered from said operation identification name entering means are overlapped with the operation identification names stored as a list in the supervisor storage medium,when said overlapped names judging means judges that they are overlapped with each other, a name obtained by adding an additive name to the operation identification name entered from said operation identification name entering means being stored in the operation storage medium.
  - 11. The enciphering/deciphering device according to claim 3, further comprisingsecret key enciphering means for enciphering the secret key formed by said secret key forming means, andmanagement key enciphering means for enciphering the management key formed by said management key forming means,said first storage controlling means storing in the operation storage medium the secret key enciphered by said secret key enciphering means and said management key enciphered by said management key enciphering means,said second storage controlling means storing in said supervisor storage medium the management key enciphered by said management key enciphering means.
  - 12. The enciphering/deciphering device according to claim 11, whereinsaid secret key enciphering means enciphers the secret key formed by said secret key forming means using the management key formed by said management key forming means.
  - 21. The enciphering/deciphering device according to claim 3, further comprisingtransfer judging means for judging whether or not the data relating to the key stored in said operation storage medium or said supervisor storage medium has been transferred to the other storage medium, andreading inhibition controlling means for inhibiting the data relating to the key stored in the original operation storage medium or supervisor storage medium from being read out in response to the fact that the transfer judging means judges that the data has been transferred to the other storage medium.
  - 22. The enciphering/deciphering device according to claim 21, further comprisingfirst reading inhibition release controlling means for releasing the inhibition of the reading of the data in the operation storage medium by said reading inhibition controlling means.
  - 23. The enciphering/deciphering device according to claim 3, whereinsaid operation identification data or said supervisor identification data is random-number data or enciphered time data.
  - 24. The enciphering/deciphering device according to claim 4, whereinsaid supervisor storage medium or said operation storage medium stores a version code, andsaid third storage controlling means stores in said first storage medium said version code in addition to said ciphertext data, said first enciphered key and said second enciphered key.
  - 26. The enciphering/deciphering device according to claim 3, whereintime data is fed as input data, an initial value or an enciphered key to enciphering means, andenciphered data obtained from said enciphering means is used as said data encryption key, said secret key or said management key.

13. An enciphering/deciphering device comprising:
- first reading means for reading out from a first storage medium storing ciphertext data, a first enciphered key and a second enciphered key the ciphertext data, the first enciphered key and the second enciphered key;
  
  second reading means for reading out from an operation storage medium storing inherent operation identification data and a secret key for deciphering said first enciphered key read out from said first reading means the secret key;
  
  first key deciphering means for deciphering said first enciphered key using the secret key read out by said second reading means to form a data decryption key;
  
  first data deciphering means for deciphering said ciphertext data using the data decryption key formed by said first key deciphering means to form plaintext data; and
  
  storage controlling means for storing in a second storage medium the plaintext data formed by said first data deciphering means.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 25)
- - 14. The enciphering/deciphering device according to claim 13, further comprisingthird reading means for reading out from a supervisor storage medium storing said operation identification data, inherent supervisor identification data and a management key for deciphering said second enciphered key read out from said first reading means the management key;
    - second key deciphering means for deciphering said second enciphered key using the management key read out by said third reading means to form a data decryption key; and
      
      second data deciphering means for deciphering said ciphertext data using the data decryption key formed by said second key deciphering means to form plaintext data,said storage controlling means storing in said second storage medium the plaintext data formed by said second data deciphering means.
  - 15. The enciphering/deciphering device according to claim 14, whereinsaid second reading means reads out from an operation storage medium storing inherent operation identification data, a secret key for deciphering the first enciphered key, and a management key for the other operation storage medium said management key, andsaid second key deciphering means deciphers said second enciphered key using said management key read out by said second reading means to form a data decryption key.
  - 16. The enciphering/deciphering device according to claim 15, further comprisingjudging means for judging whether or not said second enciphered key can be deciphered using the management key for the other operation storage medium stored in the operation storage medium, andfirst enciphered key eliminating means for erasing said first enciphered key stored in said first storage medium in response to the fact that said judging means judges that the deciphering is possible.
  - 17. The enciphering/deciphering device according to claim 16, further comprisingdisplay controlling means for displaying the operation identification name of the operation storage medium in response to the fact that said first enciphered key is erased by said first enciphered key eliminating means.
  - 18. The enciphering/deciphering device according to claim 14, further comprisingstorage controlling means for reading out data relating to the management key stored in said supervisor storage medium and storing the data in the other storage medium.
  - 19. The enciphering/deciphering device according to claim 18, further comprisingeliminating means for erasing the data relating to the management key in the supervisor storage medium which is stored in said other storage medium.
  - 20. The enciphering/deciphering device according to claim 18, further comprisingmeans for reversely transferring the data relating to the management key stored in said other storage medium to the original supervisor storage medium to store therein and erasing the data relating to the management key in said other storage medium.
  - 25. The enciphering/deciphering device according to claim 14, wherein version codes are respectively stored in said first storage medium, said operation storage medium and said supervisor storage medium, further comprisingcomparing means for comparing the version code read out by said first reading means with the version code read out by said second reading means or the version code read out by said third reading means, andkey formation controlling means for allowing the formation of the data decryption key by said first key deciphering means and the formation of the data decryption key by said second key deciphering means when it is judged that the version code read out by said first reading means represents an older version than a version represented by the version code read out by said second reading means or the version code read out by said third reading means as a result of the comparison by said comparing means.

27. An enciphering/deciphering method using operation storage media each storing inherent operation identification data and a supervisor storage medium storing inherent supervisor identification data, comprising the steps of:
- forming a data encryption key used for enciphering plaintext data;
  
  forming a secret key used for enciphering the formed data encryption key;
  
  forming a management key used for enciphering the formed data encryption key;
  
  storing in said operation storage medium the formed secret key and the formed management key; and
  
  storing the formed management key in said supervisor storage medium.
- View Dependent Claims (29, 32)
- - 29. The enciphering/deciphering method according to claim 27, further comprising the step ofstoring the management key stored in one operation storage medium in the other operation storage medium.
  - 32. The enciphering/deciphering method according to claim 29, comprising the step ofperforming encryption processing using time data as input data, an initial value or an encryption key,enciphered data obtained by the encryption processing being used as said data encryption key, said secret key or said management key.

28. An enciphering/deciphering method using operation storage media each storing inherent operation identification data and a supervisor storage medium storing inherent supervisor identification data, comprising the steps of:
- forming a data encryption key used for enciphering plaintext data;
  
  forming a secret key used for enciphering the formed data encryption key,forming a management key used for enciphering the formed data encryption key;
  
  storing in said operation storage medium the formed secret key and the formed management key;
  
  storing the formed management key in said supervisor storage medium;
  
  enciphering said plaintext data using said data encryption key to form ciphertext data;
  
  enciphering said data encryption key using said secret key to form a first enciphered key;
  
  enciphering said data encryption key using said management key to form a second enciphered key; and
  
  storing in a first storage medium said ciphertext data, said first enciphered key and said second enciphered key.

30. An enciphering/deciphering method comprising the steps of:
- reading out from a first storage medium storing ciphertext data, a first enciphered key and a second enciphered key the ciphertext data, the first enciphered key and the second enciphered key;
  
  reading out from an operation storage medium storing an inherent operation identification name, inherent operation identification data, and a secret key for deciphering said first enciphered key said secret key;
  
  deciphering said first enciphered key using said secret key read out to form a data decryption key;
  
  deciphering said ciphertext data using the formed data decryption key to form plaintext data; and
  
  storing the formed plaintext data in a second storage medium.
- View Dependent Claims (31, 33)
- - 31. The enciphering/deciphering method according to claim 30, further comprising the steps ofreading out from an operation storage medium storing inherent operation identification data, a secret key for deciphering said first enciphered key, and a management key for the other operation storage medium said management key, anddeciphering said second enciphered key using said management key read out to form a data decryption key.
  - 33. An enciphering/deciphering method according to claim 30, further comprising the steps ofreading out from a supervisor storage medium storing said operation identification name, said operation identification data, an inherent supervisor identification name, inherent supervisor identification data and a management key for deciphering said second enciphered key said management key, anddeciphering said second enciphered key using said management key read out to form a data decryption key.

34. A computer readable operation storage medium which is used in an enciphering/deciphering device including a computer and is managed by a supervisor storage medium, the operation storage medium storing thereinsupervisor identification data inherent to said supervisor storage medium,an enciphered secret key obtained by enciphering a secret key for enciphering a data encryption key used for enciphering plaintext data,a decryption program for deciphering said enciphered secret key to obtain the secret key,an enciphered management key obtained by enciphering a management key for enciphering said data encryption key, anda decryption program for deciphering said enciphered management key to obtain the management key.
- View Dependent Claims (35)
- - 35. The operation storage medium according to claim 34, said operation storage medium storing therein an enciphered management key stored in the other operation storage medium than said operation storage medium.

36. A computer readable supervisor storage medium, which is used in an enciphering/deciphering device including a computer, for managing operation storage media each storing therein an enciphered secret key obtained by enciphering a secret key for enciphering a data encryption key used for enciphering a plaintext data and a first enciphered management key obtained by enciphering a management key for enciphering the data encryption key, the supervisor storage medium storing thereinoperation identification data inherent to said operation storage media,inherent supervisor identification data,a second enciphered management key obtained by enciphering the same management key as said management key, anda decryption program for deciphering said second enciphered management key to obtain said management key.
- View Dependent Claims (37, 38, 39)
- - 37. The supervisor storage medium according to claim 36, wherein said operation identification data includes a given operation identification name,said supervisor storage medium storing therein a program for displaying a list of the operation identification names stored therein.
  - 38. The supervisor storage medium according to claim 36 further storing therein a program for erasing, from a storage medium storing therein ciphertext data enciphered using said data encryption key, a first enciphered key which is to be deciphered by said secret key and a second enciphered key which is to be deciphered by said management key, said first enciphered key.
  - 39. The supervisor storage medium according to claim 36, wherein version codes are respectively stored in a storage medium, said operation storage medium and said supervisor storage medium, said supervisor storage medium further storing therein,a comparing program for comparing the version code read out from said storage medium with the version code read out from said operation storage medium or the version code read out from said supervisor storage medium, anda program for allowing the deciphering of said first enciphered management key and the deciphering of said second enciphered management key when it is judged that the version code read out from said storage medium represents an older version than or equal to a version represented by the version code read out from said operation storage medium or the version code read out from said supervisor storage medium as a result of the comparison by said comparing program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pumkin House Incorporated, Pumpkin House Incorporated
Original Assignee
Pumpkin House Incorporated
Inventors
Sasaki, Minoru, Yoshikawa, Hiroharu
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/619,601
Time in Patent Office

1,047 Days
Field of Search

380/25, 380/30, 380/21
US Class Current

713/165
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2107   File encryption

H04L 9/0822   using key encryption key

Enciphering/deciphering device and method, and encryption/decryption communication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Enciphering/deciphering device and method, and encryption/decryption communication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links