Group oriented public key encryption and key management system

US 6,530,020 B1
Filed: 06/18/1998
Issued: 03/04/2003
Est. Priority Date: 06/20/1997
Status: Expired due to Fees

First Claim

Patent Images

1. In a computer readable recording medium for recording an encryption method used in a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said recording medium records a program for:

generating a group comprising one or more members Mi (i=1 to n);

generating a group public key P_Gand a group secret key S_G, which are allocated to the group; and

encrypting one or more encryptions of a group secret key P_Mi(S_G) (i=1 to n) encrypted by executing the data conversion of said group secret key S_Gby each of public keys P_Mispecific to said members Mi, wherein said members Mi are each capable of encrypting one or more encryptions of said group secret key, wherein said encrypted group secret keys P_Mi(S_G) are decrypted by a member secret key S_Mispecific to each of said members Mi to thereby acquire said group secret key S_Gand said acquired group secret key S_Gis used to execute a decryption process operation of cryptogram information encrypted by any of said members Mi using said group public key P_G.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a public key encryption system where an individual is used as a unit, an idea of “group” is newly introduced. Then, both an encryption process operation of a plain text by an arbitrary member belonging to the group, and a decryption process operation of cryptogram information can be executed by employing such a combination key made from a group public key and a group secret key, which are produced in unit of “group”, and further an individual public key and an individual secret key. With employment of this encryption system, while high secrecies can be maintained inside and outside the group, the cryptogram information can be commonly shared based upon a confirmation of a member among members within the group. Also, an electronic signature can be made by a member belonging to the group.

Citations

23 Claims

1. In a computer readable recording medium for recording an encryption method used in a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said recording medium records a program for:
- generating a group comprising one or more members Mi (i=1 to n);
  
  generating a group public key P_Gand a group secret key S_G, which are allocated to the group; and
  
  encrypting one or more encryptions of a group secret key P_Mi(S_G) (i=1 to n) encrypted by executing the data conversion of said group secret key S_Gby each of public keys P_Mispecific to said members Mi, wherein said members Mi are each capable of encrypting one or more encryptions of said group secret key, wherein said encrypted group secret keys P_Mi(S_G) are decrypted by a member secret key S_Mispecific to each of said members Mi to thereby acquire said group secret key S_Gand said acquired group secret key S_Gis used to execute a decryption process operation of cryptogram information encrypted by any of said members Mi using said group public key P_G.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer readable recording medium as claimed in claim 1, wherein said encrypted cryptogram information is a decryption key S1 of another cryptogram information, and said encrypted group secret keys P_Mi(S_G) are decrypted by the member secret key S_Mispecific to each of said members Mi to thereby acquire said group secret key S_G, P_G(S1) equal to said decryption key S1 which is encrypted by said group public key P_Gis decrypted by said group secret key S_Gto thereby acquire said decryption key S1, and said another cryptogram information is decrypted by said acquired decryption key S1.
  - 3. The computer readable recording medium as claimed in claim 1, wherein each of said members Mi is a discriminator capable of discriminating an individual, a group formed by a plurality of individuals, an execution function of a preset role, and an execution system of a preset role.
  - 4. The computer readable recording medium as claimed in claim 1, wherein a combination between said group public key P_Gand said encrypted group secret key P_Mi(S_G) (i=1 to n), which are produced in unit of said group, is arranged by a composite lock.
  - 5. The computer readable recording medium as claimed in claim 4, wherein said composite lock includes a composite lock changing public key P_Ubelonging to an authorized changing right owner of the composite lock;
    - and one or more encrypted composite lock changing secret keys P_Ui(S_U) which are produced, while executing a data conversion by the public key P_Uispecific to a member who owns a right for changing said composite lock, by encrypting a composite lock changing secret key S_Uwhich constitutes a pair with said composite lock changing public key P_U.
  - 6. The computer readable recording medium as claimed in claim 4, wherein a pair of said group public key P_Gand said group secret key S_Gin said composite lock is changed in response to a change in the structure of said composite lock.
  - 7. The computer readable recording medium as claimed in claim 5, wherein both said composite lock changing public key P_Uand said composite lock changing secret key S_Uare replaced by a pair of a new composite lock changing public key P_Uand a new composite lock changing secret key S_Uby changing said composite lock changing right owner.
  - 8. The computer readable recording medium as claimed in claim 5 or 6, wherein said composite lock owns an electronic signature block in which an electronic signature is executed by said composite lock changing secret key S_Uwith respect to data for constituting said composite lock.
  - 9. The computer readable recording medium as claimed in claim 8, wherein the electronic signature block obtained as a result of an electronic signature by using said composite lock changing secret key S_Uwith respect to the data for constituting the changed composite lock is newly added to the data for constituting said changed composite lock, data involving said signature block and said changed composite lock is set as a new composite lock, and said new composite lock further comprises a second signature block signed to said new composite block by employing changing secret key S_U.
  - 10. The computer readable recording medium as claimed in claim 4, wherein said composite lock owns a version discriminator V indicative of a version of said composite lock, and said version discriminator V indicates as to whether or not said composite lock is equal to the latest version.
  - 11. The computer readable recording medium as claimed in claim 4, wherein said composite lock owns a preceding version handling discriminator F, and said preceding version handling discriminator F is to define handling of a just-before-set version of said composite lock.
  - 12. The computer readable recording medium as claimed in claim 11, wherein said preceding version handling discriminator F is produced based upon a changed content of said composite lock.
  - 13. The computer readable recording Medium as claimed in claim 11, wherein said preceding version handling discriminator F contains information for discriminating as to whether or not said composite lock has been changed.

14. In a computer readable recording medium for recording an encryption method used in a public key encryption system wherein structural data is arranged as cryptogram information, and said structural data contains cryptogram information K(D) produced by encrypting at least a plain text by a common key K, and also one or more Pi(K) produced by encrypting said common key K by a public key Pi of each member belonging to a group in which one or more members Mi (i=1 to n) are set as structural members and are each capable of encrypting one or more Pi(K).

15. A computer based method of using a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, comprising:
- a step for generating a group comprising one or more members Mi (i=1 to n);
  
  a step for executing a data conversion of a plain text by using a group public key P_Gso as to encrypt said plain text, said group public key P_Gbeing allocated to the group;
  
  a step for producing one or more encryptions of a group secret key P_Mi(S_G) (i=1 to n) in such a manner that a group secret key S_Gproduced by a public key P_Miof said members Mi, wherein said m embers Mi are each capable of encrypting one or more encryptions of said group secret key, in unit of said group; and
  
  a step wherein said encrypted group secret keys P_Mi(S_G) are decrypted by a member secret key S_Mispecific to each of said members Mi to thereby acquire said group secret key S_Gan d execute a decryption process operation on plain text encrypted by any of said members Mi using said group public key P_G.

16. A computer based method of using a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, comprising:
- a step for generating a group comprising one or more members Mi (i=1 to n);
  
  a step for decrypting an encrypted group secret key P_Mi(S_G) based upon a secret key S_Miof one or more members Mi (i=1 to n), said encrypted group secret key being produced by each of said one or more members being capable of encrypting based on a public key P_Miof said one or more members of group secret key S_Gwhich is allocated to the group; and
  
  a step for decrypting encrypted information in such a manner that information encrypted by a group public key P_G, executed by any of said one or more members, produced in unit of said group is data-converted by employing said acquired group secret key S_G.

17. In a computer based method of using public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, a composite lock producing method in said public key encryption system for using a composite lock including a group public key P_Gand a group secret key S_Gwhich are allocated to a group constituted by one or more members Mi (i=1 to n) as constructive members, and one or more encryptions of a group secret keys P_Mi(S_G) (i=1 to n) which are encrypted by executing a data conversion of said group secret key S_Gbased upon each of public keys P_Mispecific to said members Mi, comprising:
- a step for producing a public key P_Gand a secret key S_Gin unit of a group constituted by one or more members Mi (i=1 to n) as constructive members;
  
  a step for producing one or more encryptions of a group secret key P_Mi(S_G) (i=1 to n) which are encrypted by each of said one or more members being capable of executing a data conversion of said group secret key S_Gbased upon each of public keys P_Mispecific to said members;
  
  a step wherein said encrypted group secret keys P_Mi(S_G) are decrypted by a member secret key S_Mispecific to each of said one or more members Mi to thereby acquire said group secret key S_Gand execute a decryption process operation on plain text encrypted by any of said one or more members Mi using said group public key P_G;
  
  a step for producing one or more encrypted composite lock changing secret keys P_Ui(S_U) which are encrypted by data-converting a composite lock changing secret key S_Ufor controlling a change of a composite lock based upon a public key P_Uispecific to a member having a right to execute a change; and
  
  a step for performing an electronic signature by using said produced composite lock changing secret key S_Uwith respect to data containing said produced public key P_G, said encrypted secret key P_Mi(S_G), and said encrypted composite lock changing secret key P_Ui(S_U).

18. A computer based composite lock changing method for an encryption system wherein in a public key encryption system arranged by a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said public key encryption system uses a composite lock including a group public key P_Gand a group secret key S_Gwhich are allocated to a group constituted by one or more members Mi (i=1 to n) as constructive members, one or more encryptions of a group secret key P_Mi(S_G) (i=1 to n) which are encrypted by each of said one or more members being capable of executing a data conversion of said group secret key S_Gbased upon each of public keys P_Mispecific to said members Mi, and one or more encrypted composite lock changing secret keys P_Ui(S_U) encrypted by executing a data conversion of a composite lock changing secret key S_Ufor controlling a change of a composite lock based upon a public key P_Uspecific to a member having a right to change, comprising:
- a step for changing a content of a composite lock;
  
  a step for obtaining a composite lock changing secret key S_Uby decrypting said encrypted composite lock changing secret key P_Ui(S_U) by using a secret key S_Ui;
  
  a step for performing an electronic signature by using said produced composite lock changing secret key S_Uwith respect to data containing said public key P_G, said encrypted group secret key P_Mi(S_G), and said encrypted composite lock changing secret key P_Ui(S_U); and
  
  a step wherein said encrypted group secret keys P_Mi(S_G) are decrypted by a member secret key S_Mispecific to each of said members Mi to thereby acquire said group secret key S_Gand execute a decryption process operation on plain text encrypted by any of said members Mi using said group public key P_G.
- View Dependent Claims (19, 20)
- - 19. The computer based method as claimed in claim 18, further comprising a step for producing a pair of a replacement composite lock changing public key P_Ufor controlling a change of a composite lock and a replacement composite lock changing secret key S_U, and a step for producing one or more replacement encrypted composite lock changing secret keys P_Ui(S_U) to be applied to a composite lock, said one or more replacement encrypted composite lock changing secret keys being encrypted by executing a data conversion by a public key P_Uispecific to a member having a right to change said composite lock.
  - 20. The computer based method as claimed in claim 19, further comprising a step for newly applying a signature block to data for constructing said changed composite lock, for setting entire data containing said signature block as a new composite lock, and for signing said new composite lock by said changing secret key S_U, obtained before said composite lock is changed, said signature block being equal to a result of electronically signing the data for constituting the changed composite lock by said composite lock changing secret key S_U.

21. In a computer based method of using public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, a composite lock changing method in said public key encryption system for using a composite lock including a group public key P_Gand a group secret key S_Gwhich are allocated to a group constituted by one or more members Mi (i=1 to n) as constructive members, and one or more encryptions of a group secret key P_Mi(S_G) (i=1 to n) which are encrypted by each of said one or more members being capable of executing a data conversion of said group secret key S_Gbased upon each of public keys P_Mispecific to said members Mi, and said encrypted group secret keys P_Mi(S_G) are decrypted by a member secret key S_Mispecific to each of said members Mi to thereby acquire said group secret key S_Gand execute a decryption process operation on plain text encrypted by any of said members Mi using said group public key P_G,wherein in the case that when a member is changed, a pair of a new group public key P_Gand a new group secret key S_Gis produced, and said new group public/secret keys are used as a new public key and a new secret key of said composite lock;
- and in the case that a member was changed in the past, a pair of the present group public key P_Gand the group secret key S_Gis continuously used without any modification as a public key and a secret key of said composite lock.

22. In a computer readable recording medium for recording an encryption method used in a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said recording medium records a program for executing:
- a step for executing a data conversion of a plain text using a group public key P_Gso as to encrypt said plain text, said group public key P_Gbeing allocated to a group constituted by one or more members Mi (i=1 to n) as constructive members;
  
  a step for producing one or more encryptions of a group secret key P_Mi(S_G) (i=1 to n) in such a manner that each of said one or more members are capable of producing a group secret key S_Gencrypted by a public key P_Miof said group; and
  
  a step wherein said encrypted group secret keys P_Mi(S_G) are decrypted by a member secret key S_Mispecific to each of said members Mi to thereby acquire said group secret key S_Gand execute a decryption process operation on plain text encrypted by any of said members Mi using said group public key P_G.

23. In a computer readable recording medium for recording a decryption method used in a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said recording medium records a program for executing:
- a step for decrypting an encrypted group secret key P_Mi(S_G) based upon a secret key S_Miof one or more members Mi (i=1 to n), said encrypted group secret key being produced by each of said one or more members being capable of encrypting based on a public key P_Miof said one or more members a group secret key S_Gwhich is allocated to a group constituted by said one or more members as the constructive members; and
  
  a step for decrypting encrypted information in such a manner that information encrypted by a group public key P_G, executed by any of said one or more members, produced in unit of said group is data-converted by employing said acquired group secret key S_G.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fuji Xerox Company Limited (Fujifilm Holdings Corporation)
Original Assignee
Fuji Xerox Company Limited (Fujifilm Holdings Corporation)
Inventors
Aoki, Ryuichi
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
Seal, James

Application Number

US09/099,308
Time in Patent Office

1,720 Days
Field of Search

713/163, 380/278, 380/279, 380/282, 380/284
US Class Current

713/163
CPC Class Codes

H04L 9/16 the keys or algorithms bein...

H04L 9/3255 using group based signature...

Group oriented public key encryption and key management system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Group oriented public key encryption and key management system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links