Cryptographic management apparatus, decryption management apparatus and program

US 8,688,969 B2
Filed: 09/25/2008
Issued: 04/01/2014
Est. Priority Date: 09/28/2007
Status: Active Grant

First Claim

Patent Images

1. A cryptographic management apparatus, comprising:

a storage device which stores cryptographic key information including a cryptographic key to encrypt object information and cryptographic process condition information including the cryptographic key information as the encryption condition for encrypting the object information, the cryptographic process condition information being provided to specify information, the cryptographic key, and a processing method used for creating a result of execution of the cryptographic process on the object information, the cryptographic process condition information further including a cryptographic process ID, which is an identifier of the cryptographic process condition information, cryptographic method parameter information used in each cryptographic algorithm, a category ID indicating a category of the cryptographic algorithm, a cryptographic algorithm ID indicating the cryptographic algorithm used for the processing method, and a key creation process ID being an identifier of cryptographic key creation condition information, the cryptographic key creation condition information including the cryptographic key and the cryptographic method parameter information;

a cryptographic process information input device configured to receive an input of the object information and cryptographic key creation request information, the cryptographic key creation request information also including the category ID;

a cryptographic parameter information acquisition device configured to acquire cryptographic method parameter information to create the cryptographic key corresponding to the creation request information from the storage device based on the category ID in the cryptographic key creation request information input, the cryptographic method parameter information being a value, used in a mathematical formula in a cryptographic algorithm, to determine the cryptographic algorithm uniquely;

a cryptographic key creation ID creation device configured to create cryptographic key creation condition information by relating the cryptographic method parameter information and the cryptographic key created based on the acquired cryptographic method parameter information to each other and attach an identifier of the created cryptographic key creation condition information;

a first cryptographic module evaluation description information acquisition device configured to acquire evaluation description information for the cryptographic module optimally adapted to the cryptographic process corresponding to the created cryptographic key creation condition information, the evaluation description information being digitized information for indicating a security of a cryptographic method, a cryptographic processing speed, and a key length required for the cryptographic module;

a cryptographic process ID creation device configured to attach, to the object information, an identifier of the cryptographic process condition information at the time of encrypting the object information with the cryptographic key information and the cryptographic module corresponding to the acquired evaluation description information; and

an output device configured to output the attached identifier of the cryptographic process condition information, the attached identifier of the created cryptographic key creation condition information, and the result of the cryptographic process executed on the object information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic management apparatus includes a storage unit which stores cryptographic key information containing a cryptographic key and cryptographic process condition information containing the cryptographic key information, a cryptographic process information input unit which receives an input of the object information and cryptographic key search request information, a cryptographic key information acquisition unit which acquires the cryptographic key information from the storage unit based on the search request information, a cryptographic module evaluation description information acquisition unit which acquires evaluation description information of the cryptographic module corresponding to the cryptographic key information, a cryptographic process ID creation unit which attaches an identifier of the cryptographic process condition information to the object information based on the cryptographic key information and the cryptographic module corresponding to the evaluation description information, and an output which outputs the identifier and the result of the cryptographic process executed on the object information.

Citations

14 Claims

1. A cryptographic management apparatus, comprising:
- a storage device which stores cryptographic key information including a cryptographic key to encrypt object information and cryptographic process condition information including the cryptographic key information as the encryption condition for encrypting the object information, the cryptographic process condition information being provided to specify information, the cryptographic key, and a processing method used for creating a result of execution of the cryptographic process on the object information, the cryptographic process condition information further including a cryptographic process ID, which is an identifier of the cryptographic process condition information, cryptographic method parameter information used in each cryptographic algorithm, a category ID indicating a category of the cryptographic algorithm, a cryptographic algorithm ID indicating the cryptographic algorithm used for the processing method, and a key creation process ID being an identifier of cryptographic key creation condition information, the cryptographic key creation condition information including the cryptographic key and the cryptographic method parameter information;
  
  a cryptographic process information input device configured to receive an input of the object information and cryptographic key creation request information, the cryptographic key creation request information also including the category ID;
  
  a cryptographic parameter information acquisition device configured to acquire cryptographic method parameter information to create the cryptographic key corresponding to the creation request information from the storage device based on the category ID in the cryptographic key creation request information input, the cryptographic method parameter information being a value, used in a mathematical formula in a cryptographic algorithm, to determine the cryptographic algorithm uniquely;
  
  a cryptographic key creation ID creation device configured to create cryptographic key creation condition information by relating the cryptographic method parameter information and the cryptographic key created based on the acquired cryptographic method parameter information to each other and attach an identifier of the created cryptographic key creation condition information;
  
  a first cryptographic module evaluation description information acquisition device configured to acquire evaluation description information for the cryptographic module optimally adapted to the cryptographic process corresponding to the created cryptographic key creation condition information, the evaluation description information being digitized information for indicating a security of a cryptographic method, a cryptographic processing speed, and a key length required for the cryptographic module;
  
  a cryptographic process ID creation device configured to attach, to the object information, an identifier of the cryptographic process condition information at the time of encrypting the object information with the cryptographic key information and the cryptographic module corresponding to the acquired evaluation description information; and
  
  an output device configured to output the attached identifier of the cryptographic process condition information, the attached identifier of the created cryptographic key creation condition information, and the result of the cryptographic process executed on the object information.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The cryptographic management apparatus according to claim 1,wherein the first cryptographic module evaluation description information acquisition device, with regard to a cryptographic module selection unit connected to the cryptographic management apparatus, acquires the evaluation description information for the cryptographic module adapted to the cryptographic process corresponding to the created cryptographic key creation condition information.
  - 3. The cryptographic management apparatus according to claim 2, further comprising:
    - a second cryptographic module evaluation description information acquisition device configured to acquire the evaluation description information of the cryptographic key creation module for creating the cryptographic key from the cryptographic method parameter information; and
      
      a cryptographic key creation device configured to create the cryptographic key based on the evaluation description information of the cryptographic key creation module acquired from the second cryptographic module evaluation description information acquisition device and the cryptographic method parameter information acquired from the cryptographic parameter information acquisition device.
  - 4. The cryptographic management apparatus according to claim 3, further comprising:
    - a cryptographic process device configured to execute the cryptographic process for the object information based on the cryptographic module evaluation description information acquired by the first cryptographic module evaluation description acquisition device and the cryptographic key information.
  - 5. The cryptographic management apparatus according to claim 1, further comprising:
    - a second cryptographic module evaluation description information acquisition device configured to acquire the evaluation description information of the cryptographic key creation module for creating the cryptographic key from the cryptographic method parameter information; and
      
      a cryptographic key creation device configured to create the cryptographic key based on the evaluation description information of the cryptographic key creation module acquired from the second cryptographic module evaluation description information acquisition device and the cryptographic method parameter information acquired from the cryptographic parameter information acquisition device.
  - 6. The cryptographic management apparatus according to claim 5, further comprising:
    - a cryptographic process device configured to execute the cryptographic process for the object information based on the cryptographic module evaluation description information acquired by the first cryptographic module evaluation description acquisition device and the cryptographic key information.

7. A decryption management apparatus, comprising:
- a storage device which stores decryption key information including a decryption key for executing a decryption process on encrypted information and decryption process condition information as the decryption condition including the decryption key information for execution of the decryption process, the decryption process condition information being provided to specify information, the decryption key, and a processing method used for creating a result of execution of the decryption process on the encrypted information, the decryption process condition information further including a cryptographic process ID, which is an identifier of the decryption process condition information, decryption system parameter information used in each cryptographic algorithm, a category ID indicating a category of the cryptographic algorithm, a cryptographic algorithm ID indicating the cryptographic algorithm used for the decryption process, and a key creation process ID being an identifier of decryption key creation condition information, the decryption key creation condition information including the decryption key and the decryption system parameter information;
  
  a decryption process information input device configured to receive an input of the encrypted information and decryption key creation request information, the decryption key creation request information including the category ID;
  
  a decryption parameter information acquisition device configured to acquire decryption system parameter information for creating the decryption key corresponding to the creation request information from the storage device based on the category ID in the decryption key creation request information input, the decryption system parameter information being a value, used in a mathematical formula in a cryptographic algorithm, to determine the cryptographic algorithm uniquely;
  
  a decryption key creation ID creation device configured to create decryption key creation condition information by relating the decryption key created based on the acquired decryption system parameter information and the decryption system parameter information to each other and attach an identifier of the created decryption key creation condition information;
  
  a first decryption evaluation description information acquisition device configured to acquire evaluation description information of a decryption module optimally adapted to the decryption process corresponding to the created decryption key creation condition information, the evaluation description information being digitized information for indicating a security of a decryption method, a decryption processing speed, and a key length required for the decryption module;
  
  a decryption process ID creation device configured to attach an identifier of the decryption process condition information for execution of the decryption process on the encrypted information based on the decryption key information and the decryption module corresponding to the acquired evaluation description information; and
  
  an output device configured to output the attached identifier of the decryption process condition information, the attached identifier of the created decryption key creation condition information, and the result of the decryption process executed on the encrypted information.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The decryption management apparatus according to claim 7,wherein the first decryption evaluation description information acquisition device, with regard to a decryption module selection unit connected to the decryption management apparatus, acquires the evaluation description information of the decryption module adapted to the decryption process corresponding to the created decryption key creation condition information.
  - 9. The decryption management apparatus according to claim 8, further comprising:
    - a second decryption evaluation description information acquisition device configured to acquire the evaluation description information of a decryption key creation module for creating the decryption key from the decryption system parameter information; and
      
      a decryption key creation device configured to create the decryption key based on the evaluation description information of the decryption key creation module acquired from the second decryption evaluation description information acquisition device and the decryption system parameter information acquired from the decryption parameter information acquisition device.
  - 10. The decryption management apparatus according to claim 9, further comprising:
    - a decryption process device configured to execute the decryption process on the encrypted information based on the decryption evaluation description information acquired by the first decryption evaluation description acquisition device and the decryption key information.
  - 11. The decryption management apparatus according to claim 7, further comprising:
    - a second decryption evaluation description information acquisition device configured to acquire the evaluation description information of a decryption key creation module for creating the decryption key from the decryption system parameter information; and
      
      a decryption key creation device configured to create the decryption key based on the evaluation description information of the decryption key creation module acquired from the second decryption evaluation description information acquisition device and the decryption system parameter information acquired from the decryption parameter information acquisition device.
  - 12. The decryption management apparatus according to claim 11, further comprising:
    - a decryption process device configured to execute the decryption process on the encrypted information based on the decryption evaluation description information acquired by the first decryption evaluation description acquisition device and the decryption key information.

13. A non-transitory computer-readable storage medium storing a program that, when executed, causes a cryptographic management apparatus to perform cryptographic management, the program comprising:
- a program code for causing the cryptographic management apparatus to execute the process of storing, sequentially in a storage device, cryptographic key information including a cryptographic key for executing a cryptographic process on object information and cryptographic process condition information including the cryptographic key information as the cryptographic conditions for execution of the cryptographic process, the cryptographic process condition information being provided to specify information, the cryptographic key, and a processing method used for creating a result of execution of the cryptographic process on the object information, the cryptographic process condition information further including a cryptographic process ID, which is an identifier of the cryptographic process condition information, cryptographic method parameter information used in each cryptographic algorithm, a category ID indicating a category of the cryptographic algorithm, a cryptographic algorithm ID indicating the cryptographic algorithm used for the processing method, and a key creation process ID being an identifier of cryptographic key creation condition information, the cryptographic key creation condition information including the cryptographic key and the cryptographic method parameter information;
  
  a program code for causing the cryptographic management apparatus to sequentially execute the process of receiving an input of the object information and cryptographic key creation request information, the cryptographic key creation request information including the category ID;
  
  a program code for causing the cryptographic management apparatus to sequentially execute the process of acquiring cryptographic method parameter information for creating the cryptographic key corresponding to the creation request information from the storage device based on the category ID in the cryptographic key creation request information input, the cryptographic method parameter information being a value, used in a mathematical formula in a cryptographic algorithm, to determine the cryptographic algorithm uniquely;
  
  a program code for causing the cryptographic management apparatus to sequentially execute the process of creating cryptographic key creation condition information by relating the cryptographic key created based on the acquired cryptographic method parameter information and the cryptographic method parameter information to each other and attaching an identifier of the created cryptographic key creation condition information;
  
  a program code for causing the cryptographic management apparatus to sequentially execute the process of acquiring evaluation description information of a cryptographic module optimally adapted to the cryptographic process corresponding to the cryptographic key creation condition information created, the evaluation description information being digitized information for indicating a security of a cryptographic method, a cryptographic processing speed, and a key length required for the cryptographic module;
  
  a program code for causing the cryptographic management apparatus to sequentially execute the process of attaching an identifier of the cryptographic process condition information at the time of execution of the cryptographic process on the object information with the cryptographic key information and the cryptographic module corresponding to the acquired evaluation description information; and
  
  a program code for causing the cryptographic management apparatus to sequentially execute the process of outputting the attached identifier of the cryptographic process condition information, the attached identifier of the created cryptographic key creation condition information, and the result of the cryptographic process executed on the object information.

14. A non-transitory computer-readable storage medium storing a program that, when executed, causes a decryption management apparatus to perform decryption management, the program comprising:
- a program code for causing the decryption management apparatus to sequentially execute the process of storing, in a storage device, decryption key information including a decryption key for executing a decryption process on encrypted information and decryption process condition information including the decryption key information as the decryption condition at the time of executing the decryption process, the decryption process condition information being provided to specify information, the decryption key, and a processing method used for creating a result of execution of the decryption process on the encrypted information, the decryption process condition information further including a cryptographic process ID, which is an identifier of the decryption process condition information, decryption system parameter information used in each cryptographic algorithm, a category ID indicating a category of the cryptographic algorithm, a cryptographic algorithm ID indicating the cryptographic algorithm used for the decryption process, and a key creation process ID being an identifier of decryption key creation condition information, the decryption key creation condition information including the decryption key and the decryption system parameter information;
  
  a program code for causing the decryption management apparatus to sequentially execute the process of receiving an input of the encrypted information and decryption key creation request information, the decryption key creation request information including the category ID;
  
  a program code for causing the decryption management apparatus to sequentially execute the process of acquiring decryption system parameter information for creating the decryption key corresponding to the creation request information from the storage device based on the category ID in the decryption key creation request information input, the decryption system parameter information being a value, used in a mathematical formula in a cryptographic algorithm, to determine the cryptographic algorithm uniquely;
  
  a program code for causing the decryption management apparatus to sequentially execute the process of creating decryption key creation condition information by relating the decryption key created based on the acquired decryption system parameter information and the decryption system parameter information to each other and attaching an identifier of the created decryption key creation condition information;
  
  a program code for causing the decryption management apparatus to sequentially execute the process of acquiring evaluation description information for a decryption module optimally adapted to the decryption process corresponding to the created decryption key creation condition information, the evaluation description information being digitized information for a security of a decryption method, a decryption processing speed, and a key length required for the cryptographic module;
  
  a program code for causing the decryption management apparatus to sequentially execute the process of attaching an identifier of the decryption process condition information at the time of executing the decryption process on the encrypted information based on the decryption key information and the decryption module corresponding to the acquired evaluation description information; and
  
  a program code for causing the decryption management apparatus to sequentially execute the process of outputting the attached identifier of the decryption process condition information, the attached identifier of the created decryption key creation condition information, and the result of the decryption process executed on the encrypted information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toshiba Digital Solutions Corporation (Toshiba Corporation), Yokosuka Telecom Research Park, Inc.
Original Assignee
Toshiba Solutions Corporation (Toshiba Corporation), Yokosuka Telecom Research Park, Inc.
Inventors
Miyazaki, Shingo, Nakamizo, Takanori, Niwa, Akito, Okada, Koji, Tochikubo, Kouya, Fukushima, Shigeyuki, Ishikawa, Chiaki, Koshizuka, Noboru, Sakamura, Ken
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US12/237,718
Publication Number

US 20090138700A1
Time in Patent Office

2,014 Days
Field of Search

713/150
US Class Current

713/150
CPC Class Codes

H04L 2209/12 Details relating to cryptog...

H04L 9/0894 Escrow, recovery or storing...

Cryptographic management apparatus, decryption management apparatus and program

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic management apparatus, decryption management apparatus and program

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links