Pseudo public key encryption
First Claim
1. ) An apparatus comprising tamper-proof hardware, the hardware comprising an encryption-authentication section for performing issuance of an ID, encryption, and authentication, in response to a request by a user, and a tampering detection section for detecting one of voltage change and pressure change, to electrically destroy the encryption-authentication section, the encryption-authentication section comprising:
- an ID issuance-registration section for issuing an ID in response to a request by a user, and storing the ID in a storage section;
a key generation section for generating a key corresponding to the ID using a one-to-one function, and outputting the key;
a first key acquisition section for, in response to a request by a user for decryption or generation of a message authentication code, comparing an inputted ID and the ID stored in the ID storage section, and, if the IDs are corresponding to each other, handing over the ID to the key generation section to output a key generated by the key generation section;
a second key acquisition section for, in response to a request by a user for encryption or verification of a message with a message authentication code attached thereto, handing over an inputted ID to the key generation section to output a key generated by the key generation section;
a message authentication code generation section for handing over an inputted ID to the first key acquisition section, and, with the use of a key outputted from the first key acquisition section, calculating and outputting a message authentication code of an inputted message;
a message authentication code verification section for handing over an inputted ID to the second key acquisition section, calculating a message authentication code of an inputted message with the use of a key outputted from the second key acquisition section, comparing the obtained message authentication code and an inputted message authentication code, and, if the message authentication codes are corresponding to each other, returning information indicating that the verification has succeeded to the user;
an encryption section for handing over an inputted ID to the second key acquisition section, encrypting inputted plaintext with the use of a key outputted from the second key acquisition section, and returning the result to a user; and
a decryption section for handing over an inputted ID to the first acquisition section and, with the use of a key outputted from the first key acquisition section, decrypting and outputting inputted encrypted text.
1 Assignment
0 Petitions
Accused Products
Abstract
According to the present invention, a secret key cryptosystem and tamper-proof hardware are used to realize a pseudo public key cryptosystem at a low cost. A trap-door one-way function is substantially realized with the use of tamper-proof hardware. Each user performs communication using equipment provided with hardware having the same capabilities described below. Such hardware retains association between an ID and a key. In response to a request from a user, the hardware issues and stores an ID, and it can perform decryption and generation of a MAC (message authentication code) with a key associated with the ID. A user publishes his ID. When performing encryption, a message sender encrypts a message using the published ID. A third person can perform decryption with the ID only by analyzing the mechanism in the hardware. However, the hardware has a capability of destroying itself when such an act is attempted.
31 Citations
20 Claims
-
1. ) An apparatus comprising tamper-proof hardware, the hardware comprising an encryption-authentication section for performing issuance of an ID, encryption, and authentication, in response to a request by a user, and a tampering detection section for detecting one of voltage change and pressure change, to electrically destroy the encryption-authentication section, the encryption-authentication section comprising:
-
an ID issuance-registration section for issuing an ID in response to a request by a user, and storing the ID in a storage section;
a key generation section for generating a key corresponding to the ID using a one-to-one function, and outputting the key;
a first key acquisition section for, in response to a request by a user for decryption or generation of a message authentication code, comparing an inputted ID and the ID stored in the ID storage section, and, if the IDs are corresponding to each other, handing over the ID to the key generation section to output a key generated by the key generation section;
a second key acquisition section for, in response to a request by a user for encryption or verification of a message with a message authentication code attached thereto, handing over an inputted ID to the key generation section to output a key generated by the key generation section;
a message authentication code generation section for handing over an inputted ID to the first key acquisition section, and, with the use of a key outputted from the first key acquisition section, calculating and outputting a message authentication code of an inputted message;
a message authentication code verification section for handing over an inputted ID to the second key acquisition section, calculating a message authentication code of an inputted message with the use of a key outputted from the second key acquisition section, comparing the obtained message authentication code and an inputted message authentication code, and, if the message authentication codes are corresponding to each other, returning information indicating that the verification has succeeded to the user;
an encryption section for handing over an inputted ID to the second key acquisition section, encrypting inputted plaintext with the use of a key outputted from the second key acquisition section, and returning the result to a user; and
a decryption section for handing over an inputted ID to the first acquisition section and, with the use of a key outputted from the first key acquisition section, decrypting and outputting inputted encrypted text. - View Dependent Claims (2, 3, 4, 5, 20)
-
-
6. ) A method for performing pseudo public key encryption and digital signaling with the use of an apparatus including tamper-proof hardware which comprises an encryption-authentication section for performing issuance of an ID, encryption, and authentication, in response to a request by a user, and a tampering detection section for detecting voltage change or pressure change to electrically destroy the encryption-authentication section, the encryption-authentication section of the apparatus comprising:
-
an ID issuance-registration section for issuing an ID in response to a request by a user, and storing the ID in a storage section;
a key generation section for generating a key corresponding to the ID using a one-to-one function, and outputting the key;
a first key acquisition section for, in response to a request by a user for decryption, or generation of a message authentication code, comparing an inputted ID and the ID stored in the ID storage section, and, if the IDs are corresponding to each other, handing over the ID to the key generation section to output a key generated by the key generation section;
a second key acquisition section for, in response to a request by a user for encryption, or verification of a message with a message authentication code attached thereto, handing over an inputted ID to the key generation section to output a key generated by the key generation section;
a message authentication code generation section for handing over an inputted ID to the first key acquisition section, and, with the use of a key outputted from the first key acquisition section, calculating and outputting a message authentication code of an inputted message;
a message authentication code verification section for handing over an inputted ID to the second key acquisition section, calculating a message authentication code of an inputted message with the use of a key outputted from the second key acquisition section, comparing the obtained message authentication code and an inputted message authentication code, and, if the message authentication codes are corresponding to each other, returning information indicating that the verification has succeeded to the user;
an encryption section for handing over an inputted ID to the second key acquisition section, encrypting inputted plaintext with the use of a key outputted from the second key acquisition section, and returning the result to a user; and
a decryption section for handing over an inputted ID to the first acquisition section, and, with the use of a key outputted from the first key acquisition section, decrypting and outputting inputted encrypted text; and
the method comprising, in sending a message between a sending user and a receiving user, having the apparatus A and the apparatus B, respectively, the steps of;
the apparatus A selecting and storing a sending user ID, and then returning the sending user ID to the sending user, for publication of the sending user ID;
the apparatus B selecting and storing a receiving user ID, and then returning the receiving user ID to the receiving user, for publication of the receiving user ID;
the apparatus A acquiring a key corresponding to the sending user ID, generating a message authentication code, and returning the message authentication code to the sending user;
in response to a request by the sending user for encryption, the apparatus A acquiring a key corresponding to the receiving user ID, encrypting the message and the message authentication code, and returning the encrypted message and message authentication code to the sending user;
in response to a request by the receiving user for decryption of the encryption, the apparatus B acquiring a key corresponding to the receiving user ID, decrypting the received message, and returning the decrypted message to the receiving user; and
in response to a request by the receiving user for verification of the message authentication code, the apparatus B acquiring a key corresponding to the sending ID, verifying the message authentication code, and returning the result to the receiving user. - View Dependent Claims (7, 8, 9, 10, 18, 19)
-
-
11. ) A method comprising:
-
providing tamper-proof hardware having capabilities to perform issuance of an ID, encryption, and authentication, in response to a request by a user;
detecting one of voltage change and pressure change, and electrically destroying at least one of said capabilities;
issuing and storing a first ID in response to a request by a user;
generating a first key corresponding to the first ID using a one-to-one function, and outputting the first key;
in response to a request by the user for one of decryption of a message authentication code and generation of a message authentication code, comparing an inputted ID and the first ID, and if the inputted ID and the first ID correspond to each other, handing over the first ID and outputting the first key;
in response to a request by the user for encryption or verification of a message with a message authentication code attached thereto, handing over the inputted ID and outputting a second key;
handing over the inputted ID to the first key acquisition section, and with the use of the first key calculating and outputting a message authentication code of an inputted message;
a message authentication code verification section for handing over the inputted ID to the second key acquisition section, calculating a message authentication code of the inputted message with the use of the second key, comparing the obtained message authentication code and an inputted message authentication code, and, if the message authentication codes correspond to each other, returning information to the user indicating that the verification has succeeded;
handing over the inputted ID, encrypting inputted plaintext with the use of the second key, and returning the result to a user; and
handing over the inputted ID, and with the use of the first key, decrypting and outputting inputted encrypted text. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification