Enciphering/deciphering device and method, and encryption/decryption communication system
First Claim
1. An encryption/decryption communication system in which a first enciphering/deciphering device and a second enciphering/deciphering device are connected to each other through communicating means, whereinsaid first enciphering/deciphering device comprisesdata encryption key forming means for forming a data encryption key used for enciphering plaintext data,data enciphering means for enciphering said plaintext data using said data encryption key to form ciphertext data,key enciphering means for enciphering said data encryption key using a management key to form an enciphered key,first authenticator enciphering means for enciphering an authenticator for confirming whether or not transmitted data is correctly transmitted and received using said data encryption key to generate a first enciphered authenticator, andtransmitting means for transmitting said ciphertext data, said enciphered key and said first enciphered authenticator,said second enciphering/deciphering device comprisesreceiving means for receiving the ciphertext data, the enciphered key, and the first enciphered authenticator transmitted by said transmitting means,key deciphering means for deciphering the enciphered key received by said receiving means using the same management key as the management key used in said first enciphering/deciphering device to form a data encryption key,data deciphering means for deciphering the ciphertext data received by said receiving means using the data encryption key formed by said key deciphering means to form plaintext data,authenticator deciphering means for deciphering the first enciphered authenticator received by said receiving means using the data encryption key formed by said key deciphering means,second authenticator enciphering means for enciphering the authenticator obtained as a result of the deciphering by said authenticator deciphering means using said management key to form a second enciphered authenticator, andreturning means for returning said second enciphered authenticator to said first enciphering/deciphering device, andsaid first enciphering/deciphering device deciphers the second enciphered authenticator transmitted from said second enciphering/deciphering device using said management key, and collates the deciphered authenticator with the authenticator which has been subjected to the enciphering by said first authenticator enciphering means.
2 Assignments
0 Petitions
Accused Products
Abstract
A plaintext file 41 is enciphered using a file key 44, to generate ciphertext 42. The file key 44 is enciphered using a secret key 47 and a management key 48, respectively, to form an enciphered key 1 (45) and an enciphered key 2 (46). An enciphered file 43 is produced from the ciphertext 42, the enciphered key 1 and the enciphered key 2. At the time of decryption, the enciphered key 1 is taken out from the enciphered file 43. The enciphered key 1 taken out is deciphered using a secret key 47, to obtain a file key 44. The ciphertext 42 is deciphered using the file key 44, to obtain the plaintext 41.
-
Citations
39 Claims
-
1. An encryption/decryption communication system in which a first enciphering/deciphering device and a second enciphering/deciphering device are connected to each other through communicating means, wherein
said first enciphering/deciphering device comprises data encryption key forming means for forming a data encryption key used for enciphering plaintext data, data enciphering means for enciphering said plaintext data using said data encryption key to form ciphertext data, key enciphering means for enciphering said data encryption key using a management key to form an enciphered key, first authenticator enciphering means for enciphering an authenticator for confirming whether or not transmitted data is correctly transmitted and received using said data encryption key to generate a first enciphered authenticator, and transmitting means for transmitting said ciphertext data, said enciphered key and said first enciphered authenticator, said second enciphering/deciphering device comprises receiving means for receiving the ciphertext data, the enciphered key, and the first enciphered authenticator transmitted by said transmitting means, key deciphering means for deciphering the enciphered key received by said receiving means using the same management key as the management key used in said first enciphering/deciphering device to form a data encryption key, data deciphering means for deciphering the ciphertext data received by said receiving means using the data encryption key formed by said key deciphering means to form plaintext data, authenticator deciphering means for deciphering the first enciphered authenticator received by said receiving means using the data encryption key formed by said key deciphering means, second authenticator enciphering means for enciphering the authenticator obtained as a result of the deciphering by said authenticator deciphering means using said management key to form a second enciphered authenticator, and returning means for returning said second enciphered authenticator to said first enciphering/deciphering device, and said first enciphering/deciphering device deciphers the second enciphered authenticator transmitted from said second enciphering/deciphering device using said management key, and collates the deciphered authenticator with the authenticator which has been subjected to the enciphering by said first authenticator enciphering means.
-
2. An encryption/decryption communication system in which a first enciphering/deciphering device and a second enciphering/deciphering device are connected to each other through communicating means, wherein
said first enciphering/deciphering device comprises data encryption key forming means for forming a data encryption key used for enciphering plaintext data, data enciphering means for enciphering said plaintext data using said data encryption key to form ciphertext data, key enciphering means for enciphering said data encryption key using a management key to form an enciphered key, first authenticator enciphering means for enciphering an authenticator for confirming whether or not transmitted data is correctly transmitted and received using said management key to form a first enciphered authenticator, and transmitting means for transmitting said ciphertext data, said enciphered key and said first enciphered authenticator, said second enciphering/deciphering device comprises receiving means for receiving the ciphertext data, the enciphered key, and the first enciphered authenticator transmitted by said transmitting means, key deciphering means for deciphering the enciphered key received by said receiving means using the same management key as the management key used in said first enciphering/deciphering device to form a data encryption key, data deciphering means for deciphering the ciphertext data received by said receiving means using the data encryption key formed by said key deciphering means to form plaintext data, authenticator deciphering means for deciphering the first enciphered authenticator received by said receiving means using said management key, second authenticator enciphering means for enciphering the authenticator obtained as a result of the deciphering by said authenticator deciphering means using the data encryption key formed by said key deciphering means to form a second enciphered authenticator, and returning means for returning said second enciphered authenticator to said first enciphering/deciphering device, and said first enciphering/deciphering device deciphers the second enciphered authenticator transmitted from said second enciphering/deciphering device using said data encryption key formed by the data encryption key forming means, and collates the deciphered authenticator with the authenticator which has been subjected to the enciphering by said first authenticator enciphering means.
-
3. An enciphering/deciphering device using operation storage media each storing inherent supervisor identification data and inherent operation identification data and a supervisor storage medium storing said supervisor identification data, comprising:
-
data encryption key forming means for forming a data encryption key used for enciphering plaintext data; secret key forming means for forming a secret key used for enciphering the data encryption key formed by said data encryption key forming means; management key forming means for forming a management key used for enciphering the data encryption key formed by said data encryption key forming means; first storage controlling means for storing in said operation storage medium the secret key formed by said secret key forming means and the management key formed by said management key forming means; and second storage controlling means for storing the management key formed by said management key forming means in said supervisor storage medium. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 21, 22, 23, 24, 26)
-
-
13. An enciphering/deciphering device comprising:
-
first reading means for reading out from a first storage medium storing ciphertext data, a first enciphered key and a second enciphered key the ciphertext data, the first enciphered key and the second enciphered key; second reading means for reading out from an operation storage medium storing inherent operation identification data and a secret key for deciphering said first enciphered key read out from said first reading means the secret key; first key deciphering means for deciphering said first enciphered key using the secret key read out by said second reading means to form a data decryption key; first data deciphering means for deciphering said ciphertext data using the data decryption key formed by said first key deciphering means to form plaintext data; and storage controlling means for storing in a second storage medium the plaintext data formed by said first data deciphering means. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 25)
-
-
27. An enciphering/deciphering method using operation storage media each storing inherent operation identification data and a supervisor storage medium storing inherent supervisor identification data, comprising the steps of:
-
forming a data encryption key used for enciphering plaintext data; forming a secret key used for enciphering the formed data encryption key; forming a management key used for enciphering the formed data encryption key; storing in said operation storage medium the formed secret key and the formed management key; and storing the formed management key in said supervisor storage medium. - View Dependent Claims (29, 32)
-
-
28. An enciphering/deciphering method using operation storage media each storing inherent operation identification data and a supervisor storage medium storing inherent supervisor identification data, comprising the steps of:
-
forming a data encryption key used for enciphering plaintext data; forming a secret key used for enciphering the formed data encryption key, forming a management key used for enciphering the formed data encryption key; storing in said operation storage medium the formed secret key and the formed management key; storing the formed management key in said supervisor storage medium; enciphering said plaintext data using said data encryption key to form ciphertext data; enciphering said data encryption key using said secret key to form a first enciphered key; enciphering said data encryption key using said management key to form a second enciphered key; and storing in a first storage medium said ciphertext data, said first enciphered key and said second enciphered key.
-
-
30. An enciphering/deciphering method comprising the steps of:
-
reading out from a first storage medium storing ciphertext data, a first enciphered key and a second enciphered key the ciphertext data, the first enciphered key and the second enciphered key; reading out from an operation storage medium storing an inherent operation identification name, inherent operation identification data, and a secret key for deciphering said first enciphered key said secret key; deciphering said first enciphered key using said secret key read out to form a data decryption key; deciphering said ciphertext data using the formed data decryption key to form plaintext data; and storing the formed plaintext data in a second storage medium. - View Dependent Claims (31, 33)
-
-
34. A computer readable operation storage medium which is used in an enciphering/deciphering device including a computer and is managed by a supervisor storage medium, the operation storage medium storing therein
supervisor identification data inherent to said supervisor storage medium, an enciphered secret key obtained by enciphering a secret key for enciphering a data encryption key used for enciphering plaintext data, a decryption program for deciphering said enciphered secret key to obtain the secret key, an enciphered management key obtained by enciphering a management key for enciphering said data encryption key, and a decryption program for deciphering said enciphered management key to obtain the management key.
-
36. A computer readable supervisor storage medium, which is used in an enciphering/deciphering device including a computer, for managing operation storage media each storing therein an enciphered secret key obtained by enciphering a secret key for enciphering a data encryption key used for enciphering a plaintext data and a first enciphered management key obtained by enciphering a management key for enciphering the data encryption key, the supervisor storage medium storing therein
operation identification data inherent to said operation storage media, inherent supervisor identification data, a second enciphered management key obtained by enciphering the same management key as said management key, and a decryption program for deciphering said second enciphered management key to obtain said management key.
Specification