Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded
First Claim
1. A method of securing the transmission of information that is encrypted in a transmission apparatus and transferred to be decrypted in a reception apparatus, comprising the steps of:
- storing a plurality of secret keys in the transmission apparatus and the reception apparatus;
selecting one of the secret keys from the plurality of stored secret keys in the transmission apparatus;
generating a message;
encrypting the message with a first encryption algorithm using the selected secret key as an encryption key to produce a first cryptogram;
encrypting the message with a second encryption algorithm using the message as an encryption key to produce a second cryptogram;
transmitting the first cryptogram and the second cryptogram to the reception apparatus;
decrypting the first cryptogram with a first secret key stored in the reception apparatus used as a decryption key to provide a first decrypted data;
decrypting the second cryptogram with the first decrypted data of the first cryptogram used as a decryption key to provide a second decrypted data;
comparing the first and second decrypted data to determine if they match and when they match, the secret key selected in the transmission apparatus is authenticated; and
repeating the decrypting of the first cryptogram with successive stored secret keys and comparing the successive decrypted data until a match occurs, whereby upon completion of the comparing step a final determination of the use of an authenticated secret key can be made.
0 Assignments
0 Petitions
Accused Products
Abstract
A transmission apparatus 100 includes a secret key storage unit 103 that stores three secret keys K1, K2 and K3, a secret key selection unit 104 that selects one secret key Ks from the secret keys, a message generation unit 106 for generating a message M used as a carrier for indicating a secret key, an encryption module 105 for generating a cryptogram Ca by encrypting the generated message M using the secret key Ks, an encryption module 107 for generating a cryptogram Cm by encrypting the message M using the message M itself as the secret key, and two transmission units 111 and 112 for transmitting the cryptograms Ca and Cm to the reception apparatus 200 to indicate the selected secret key Ks. The reception apparatus 200 includes a decryption module, such as 221, for generating decrypted data Mi by decrypting the cryptogram Ca using a secret key Ki out of the three secret keys, and a decryption module, such as 222, for generating decrypted data Mii by decrypting the cryptogram Cm using the decrypted data Mi, and authorizes that the secret key Ki has been selected when the decrypted data Mi matches the decrypted data Mii.
24 Citations
19 Claims
-
1. A method of securing the transmission of information that is encrypted in a transmission apparatus and transferred to be decrypted in a reception apparatus, comprising the steps of:
-
storing a plurality of secret keys in the transmission apparatus and the reception apparatus; selecting one of the secret keys from the plurality of stored secret keys in the transmission apparatus; generating a message; encrypting the message with a first encryption algorithm using the selected secret key as an encryption key to produce a first cryptogram; encrypting the message with a second encryption algorithm using the message as an encryption key to produce a second cryptogram; transmitting the first cryptogram and the second cryptogram to the reception apparatus; decrypting the first cryptogram with a first secret key stored in the reception apparatus used as a decryption key to provide a first decrypted data; decrypting the second cryptogram with the first decrypted data of the first cryptogram used as a decryption key to provide a second decrypted data; comparing the first and second decrypted data to determine if they match and when they match, the secret key selected in the transmission apparatus is authenticated; and repeating the decrypting of the first cryptogram with successive stored secret keys and comparing the successive decrypted data until a match occurs, whereby upon completion of the comparing step a final determination of the use of an authenticated secret key can be made. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A secret key transmission method, used in a secret key transfer method in which one secret key selected out of a plurality of secret keys is transferred,
the secret key transmission method comprising: -
a secret key selecting step for selecting and reading one secret key out of the plurality of secret keys stored in a secret key storing unit which prestores the plurality of secret keys; a message generating step for generating a message; a first encrypting step for encrypting the message according to a first encryption algorithm using the secret key selected in the secret key selecting step as an encryption key to produce a first cryptogram; a second encrypting step for encrypting the message according to a second encryption algorithm using the message as an encryption key to produce a second cryptogram; and a transferring step for transferring the first cryptogram and the second cryptogram. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A secret key reception method, used in a secret key transfer method in which one secret key selected out of a plurality of secret keys is transferred,
the secret key reception method comprising: -
a reception step for receiving a first cryptogram and a second cryptogram; a first decrypting step for decrypting the received first cryptogram according to a first decryption algorithm using one secret key selected from a plurality of secret keys stored in a secret key storing unit, which prestores the plurality of secret keys, as a decryption key to produce a first set of decrypted data, wherein the first decryption algorithm is an inverse transformation of a first encryption algorithm that was used to encrypt the first cryptogram; a second decrypting step for decrypting the received second cryptogram according to a second decryption algorithm using the first set of decrypted data as a decryption key to produce a second set of decrypted data, wherein the second decryption algorithm is an inverse transformation of a second encryption algorithm that was used to encrypt the second cryptogram; ajudging step for judging whether the first set of decrypted data matches the second set of decrypted data and, when the sets of decrypted data match, for authorizing that the secret key used in the first decryption step is a secret key selected and transmitted; and a repetition control step for having a decryption in the first decrypting step, a decryption in the second decrypting step, and a judging and an authorizing in the judging step repeated for each of the plurality of secret keys in the secret key storing unit. - View Dependent Claims (15)
-
-
16. A computer program embodied on computer-readable medium for transmitting one secret key selected out of a plurality of secret keys,
the computer program comprising: -
a secret key selecting step for selecting and reading one secret key out of the plurality of secret keys stored in a secret key storing unit which prestores the plurality of secret keys; a message generating step for generating a message; a first encrypting step for encrypting the message according to a first encryption algorithm using the secret key selected in the secret key selecting step as an encryption key to produce a first cryptogram; a second encrypting step for encrypting the message according to a second encryption algorithm using the message as an encryption key to produce a second cryptogram; and a transferring step for transferring the first cryptogram and the second cryptogram.
-
-
17. A computer program embodied on computer-readable medium for receiving one secret key selected out of a plurality of secret keys in a secret key transfer system,
the computer program comprising: -
a reception step for receiving a first cryptogram and a second cryptogram; a first decrypting step for decrypting the received first cryptogram according to a first decryption algorithm using one secret key selected from a plurality of secret keys stored in a secret key storing unit, which prestores the plurality of secret keys, as a decryption key to produce a first set of decrypted data, wherein the first decryption algorithm is an inverse transformation of a first encryption algorithm that was used to encrypt the first cryptogram; a second decrypting step for decrypting the received second cryptogram according to a second decryption algorithm using the first set of decrypted data as a decryption key to produce a second set of decrypted data, wherein the second decryption algorithm is an inverse transformation of a second encryption algorithm that was used to encrypt the second cryptogram; ajudging step for judging whether the first set of decrypted data matches the second set of decrypted data and, when the sets of decrypted data match, for authorizing that the secret key used in the first decryption step is a secret key selected and transmitted; and a repetition control step for having a decryption in the first decrypting step, a decryption in the second decrypting step, and a judging and an authorizing in the judging step repeated for each of the plurality of secret keys in the secret key storing unit.
-
-
18. A computer data signal embodied in a carrier wave including a program for transmitting one secret key selected out of a plurality of secret keys,
the program comprising: -
a secret key selecting step for selecting and reading one secret key out of the plurality of secret keys stored in a secret key storing unit which prestores the plurality of secret keys; a message generating step for generating a message; a first encrypting step for encrypting the message according to a first encryption algorithm using the secret key selected in the secret key selecting step as an encryption key to produce a first cryptogram; a second encrypting step for encrypting the message according to a second encryption algorithm using the message as an encryption key to produce a second cryptogram; and a transferring step for transferring the first cryptogram and the second cryptogram.
-
-
19. A computer data signal embodied in a carrier wave including a program for receiving one secret key selected out of a plurality of secret keys in a secret key transfer system,
the program comprising: -
a reception step for receiving a first cryptogram and a second cryptogram; a first decrypting step for decrypting the received first cryptogram according to a first decryption algorithm using one secret key selected from a plurality of secret keys stored in a secret key storing unit, which prestores the plurality of secret keys, as a decryption key to produce a first set of decrypted data, wherein the first decryption algorithm is an inverse transformation of a first encryption algorithm that was used to encrypt the first cryptogram; a second decrypting step for decrypting the received second cryptogram according to a second decryption algorithm using the first set of decrypted data as a decryption key to produce a second set of decrypted data, wherein the second decryption algorithm is an inverse transformation of a second encryption algorithm that was used to encrypt the second cryptogram; a judging step for judging whether the first set of decrypted data matches the second set of decrypted data and, when the sets of decrypted data match, for authorizing that the secret key used in the first decryption step is a secret key selected and transmitted; and a repetition control step for having a decryption in the first decryption step, a decryption in the second decrypting step, and a judging and an authorizing in the judging step repeated for each of the plurality of secret keys in the secret key storing unit.
-
Specification