Group oriented public key encryption and key management system
First Claim
1. In a computer readable recording medium for recording an encryption method used in a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said recording medium records a program for:
- generating a group comprising one or more members Mi (i=1 to n);
generating a group public key PG and a group secret key SG, which are allocated to the group; and
encrypting one or more encryptions of a group secret key PMi (SG) (i=1 to n) encrypted by executing the data conversion of said group secret key SG by each of public keys PMi specific to said members Mi, wherein said members Mi are each capable of encrypting one or more encryptions of said group secret key, wherein said encrypted group secret keys PMi (SG) are decrypted by a member secret key SMi specific to each of said members Mi to thereby acquire said group secret key SG and said acquired group secret key SG is used to execute a decryption process operation of cryptogram information encrypted by any of said members Mi using said group public key PG.
1 Assignment
0 Petitions
Accused Products
Abstract
In a public key encryption system where an individual is used as a unit, an idea of “group” is newly introduced. Then, both an encryption process operation of a plain text by an arbitrary member belonging to the group, and a decryption process operation of cryptogram information can be executed by employing such a combination key made from a group public key and a group secret key, which are produced in unit of “group”, and further an individual public key and an individual secret key. With employment of this encryption system, while high secrecies can be maintained inside and outside the group, the cryptogram information can be commonly shared based upon a confirmation of a member among members within the group. Also, an electronic signature can be made by a member belonging to the group.
-
Citations
23 Claims
-
1. In a computer readable recording medium for recording an encryption method used in a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said recording medium records a program for:
-
generating a group comprising one or more members Mi (i=1 to n);
generating a group public key PG and a group secret key SG, which are allocated to the group; and
encrypting one or more encryptions of a group secret key PMi (SG) (i=1 to n) encrypted by executing the data conversion of said group secret key SG by each of public keys PMi specific to said members Mi, wherein said members Mi are each capable of encrypting one or more encryptions of said group secret key, wherein said encrypted group secret keys PMi (SG) are decrypted by a member secret key SMi specific to each of said members Mi to thereby acquire said group secret key SG and said acquired group secret key SG is used to execute a decryption process operation of cryptogram information encrypted by any of said members Mi using said group public key PG. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. In a computer readable recording medium for recording an encryption method used in a public key encryption system wherein structural data is arranged as cryptogram information, and said structural data contains cryptogram information K(D) produced by encrypting at least a plain text by a common key K, and also one or more Pi(K) produced by encrypting said common key K by a public key Pi of each member belonging to a group in which one or more members Mi (i=1 to n) are set as structural members and are each capable of encrypting one or more Pi(K).
-
15. A computer based method of using a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, comprising:
-
a step for generating a group comprising one or more members Mi (i=1 to n);
a step for executing a data conversion of a plain text by using a group public key PG so as to encrypt said plain text, said group public key PG being allocated to the group;
a step for producing one or more encryptions of a group secret key PMi (SG) (i=1 to n) in such a manner that a group secret key SG produced by a public key PMi of said members Mi, wherein said m embers Mi are each capable of encrypting one or more encryptions of said group secret key, in unit of said group; and
a step wherein said encrypted group secret keys PMi (SG) are decrypted by a member secret key SMi specific to each of said members Mi to thereby acquire said group secret key SG an d execute a decryption process operation on plain text encrypted by any of said members Mi using said group public key PG.
-
-
16. A computer based method of using a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, comprising:
-
a step for generating a group comprising one or more members Mi (i=1 to n);
a step for decrypting an encrypted group secret key PMi (SG) based upon a secret key SMi of one or more members Mi (i=1 to n), said encrypted group secret key being produced by each of said one or more members being capable of encrypting based on a public key PMi of said one or more members of group secret key SG which is allocated to the group; and
a step for decrypting encrypted information in such a manner that information encrypted by a group public key PG, executed by any of said one or more members, produced in unit of said group is data-converted by employing said acquired group secret key SG.
-
-
17. In a computer based method of using public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, a composite lock producing method in said public key encryption system for using a composite lock including a group public key PG and a group secret key SG which are allocated to a group constituted by one or more members Mi (i=1 to n) as constructive members, and one or more encryptions of a group secret keys PMi (SG) (i=1 to n) which are encrypted by executing a data conversion of said group secret key SG based upon each of public keys PMi specific to said members Mi, comprising:
-
a step for producing a public key PG and a secret key SG in unit of a group constituted by one or more members Mi (i=1 to n) as constructive members;
a step for producing one or more encryptions of a group secret key PMi (SG) (i=1 to n) which are encrypted by each of said one or more members being capable of executing a data conversion of said group secret key SG based upon each of public keys PMi specific to said members;
a step wherein said encrypted group secret keys PMi (SG) are decrypted by a member secret key SMi specific to each of said one or more members Mi to thereby acquire said group secret key SG and execute a decryption process operation on plain text encrypted by any of said one or more members Mi using said group public key PG;
a step for producing one or more encrypted composite lock changing secret keys PUi (SU) which are encrypted by data-converting a composite lock changing secret key SU for controlling a change of a composite lock based upon a public key PUi specific to a member having a right to execute a change; and
a step for performing an electronic signature by using said produced composite lock changing secret key SU with respect to data containing said produced public key PG, said encrypted secret key PMi (SG), and said encrypted composite lock changing secret key PUi (SU).
-
-
18. A computer based composite lock changing method for an encryption system wherein in a public key encryption system arranged by a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said public key encryption system uses a composite lock including a group public key PG and a group secret key SG which are allocated to a group constituted by one or more members Mi (i=1 to n) as constructive members, one or more encryptions of a group secret key PMi (SG) (i=1 to n) which are encrypted by each of said one or more members being capable of executing a data conversion of said group secret key SG based upon each of public keys PMi specific to said members Mi, and one or more encrypted composite lock changing secret keys PUi (SU) encrypted by executing a data conversion of a composite lock changing secret key SU for controlling a change of a composite lock based upon a public key PU specific to a member having a right to change, comprising:
-
a step for changing a content of a composite lock;
a step for obtaining a composite lock changing secret key SU by decrypting said encrypted composite lock changing secret key PUi (SU) by using a secret key SUi;
a step for performing an electronic signature by using said produced composite lock changing secret key SU with respect to data containing said public key PG, said encrypted group secret key PMi (SG), and said encrypted composite lock changing secret key PUi (SU); and
a step wherein said encrypted group secret keys PMi (SG) are decrypted by a member secret key SMi specific to each of said members Mi to thereby acquire said group secret key SG and execute a decryption process operation on plain text encrypted by any of said members Mi using said group public key PG. - View Dependent Claims (19, 20)
-
-
21. In a computer based method of using public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, a composite lock changing method in said public key encryption system for using a composite lock including a group public key PG and a group secret key SG which are allocated to a group constituted by one or more members Mi (i=1 to n) as constructive members, and one or more encryptions of a group secret key PMi (SG) (i=1 to n) which are encrypted by each of said one or more members being capable of executing a data conversion of said group secret key SG based upon each of public keys PMi specific to said members Mi, and said encrypted group secret keys PMi (SG) are decrypted by a member secret key SMi specific to each of said members Mi to thereby acquire said group secret key SG and execute a decryption process operation on plain text encrypted by any of said members Mi using said group public key PG,
wherein in the case that when a member is changed, a pair of a new group public key PG and a new group secret key SG is produced, and said new group public/secret keys are used as a new public key and a new secret key of said composite lock; - and
in the case that a member was changed in the past, a pair of the present group public key PG and the group secret key SG is continuously used without any modification as a public key and a secret key of said composite lock.
- and
-
22. In a computer readable recording medium for recording an encryption method used in a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said recording medium records a program for executing:
-
a step for executing a data conversion of a plain text using a group public key PG so as to encrypt said plain text, said group public key PG being allocated to a group constituted by one or more members Mi (i=1 to n) as constructive members;
a step for producing one or more encryptions of a group secret key PMi (SG) (i=1 to n) in such a manner that each of said one or more members are capable of producing a group secret key SG encrypted by a public key PMi of said group; and
a step wherein said encrypted group secret keys PMi (SG) are decrypted by a member secret key SMi specific to each of said members Mi to thereby acquire said group secret key SG and execute a decryption process operation on plain text encrypted by any of said members Mi using said group public key PG.
-
-
23. In a computer readable recording medium for recording a decryption method used in a public key encryption system comprising a combination between a first key P and a second key S, said first key P being used in a data conversion for encrypting a plain text, and said second key S being different from said first key P and being used in a data conversion for decrypting a cryptogram to produce a plain text, said recording medium records a program for executing:
-
a step for decrypting an encrypted group secret key PMi (SG) based upon a secret key SMi of one or more members Mi (i=1 to n), said encrypted group secret key being produced by each of said one or more members being capable of encrypting based on a public key PMi of said one or more members a group secret key SG which is allocated to a group constituted by said one or more members as the constructive members; and
a step for decrypting encrypted information in such a manner that information encrypted by a group public key PG, executed by any of said one or more members, produced in unit of said group is data-converted by employing said acquired group secret key SG.
-
Specification