JP2007129764A - Method for group encryption communication, method for authentication, computer and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To carry out group encryption communication between computers of a plurality of users without communicating with a server. <P>SOLUTION: When a computer 1-C transmits a request for subscription to a group to a computer 1-A (S202-3) when computers 1-A and 1-B carry out the group encryption communication, exchange keys are exchanged among the computers 1-A to 1-C (S210-1 and S210-3). The respective computers 1-A, 1-B and 1-C generate group secret keys based on received exchange keys (S211-1 to S211-3). Hereafter, the group encryption communication is carried out using the group secret keys. In the case of according to a Diffie-Hellman type key exchange system, the exchange keys α and Z of the computers 1-A, 1-C become gamod p and gzmod p, and the group secret keys calculated by the computers 1-A, 1-C become Zamod p, αzmod p, and become the same value as gazmod p. That is, it is possible to carry out group encryption communication using the group secret key without using the server. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

The present invention relates to a group encryption communication technology, and more particularly, a group composed of a plurality of users is formed, and communication information is encrypted with a group-specific encryption key in the group, thereby participating in the group. The present invention relates to a group encryption communication technique that makes it impossible for users who do not decrypt communication contents.

An example of a conventional group encryption communication system is described in JP-A-7-66803. In this conventional system, a plurality of users can form a group, share an encryption key with the group, and exchange encrypted information in a form that only members belonging to the group can decrypt. .

FIG. 9 is a block diagram showing the configuration of the group encryption communication system described in Japanese Patent Laid-Open No. 7-66803. The process A 106-1 of the computer 102-1 that exchanges information first communicates with the authentication server 103, and the conversation key a encrypted with the secret key A that has been shared between the authentication server 103 and the computer 102-1. Then, authentication information encrypted with the secret key α shared between the authentication server 103 and the group management server 105 is obtained. This authentication information includes the conversation key a. Next, the process A 106-1 adds the authentication information and requests the group management server 105 to join the group. The group management server 105 decrypts the authentication information with the secret key α, verifies the authentication, and obtains the conversation key a. Then, the shared encryption key g1 is encrypted with the conversation key a and distributed to the process A 106-1. The process A 106-1 decrypts the response information from the group management server 105 with the conversation key a, and obtains the shared encryption key g 1. Similarly, the processes 106-2 to 106-4 of the other computers 102-2 to 102-4 participating in the group obtain the shared encryption key g1. Each of the processes 106-1 to 106-4 can realize group encryption communication by performing encryption processing on the data to be transmitted / received by the common key encryption method using the shared encryption key g1. In the above system example, it is assumed that the secret key has already been shared, but as a method for securely exchanging the secret key between two parties, the Diffie-Hellman type key exchange method is well known. The Diffie-Hellman key exchange scheme uses a group generator g for a specific so-called group, an index x known only to party A, and an index y known only to party B. The group generator g is known among the parties. Party A generates exchange key X = gx, and party B calculates exchange key Y = gy and exchanges exchange keys X and Y with each other. Party A uses the received exchange key Y to calculate Yx. Party B uses the received exchange key X to calculate Xy. Here, Yx and Xy are both gxy, and as a result, the parties A and B can share gxy without being known to others and can use it as a secret key. It is widely known that the Diffie-Hellman type key exchange method is mathematically sufficiently secure, as described in JP-A-2001-313634 and the like, and thus detailed security proof is omitted.

Japanese Patent Application Laid-Open No. 11-15373 discloses an example of a method that enables information encryption / decryption processing and group member change while maintaining confidentiality among users belonging to a group. In this conventional system, the encryption key of the group is managed by encrypting the secret key of the group with the public key unique to the member using a public key cryptosystem. Also in this method, group encryption keys are centrally managed and require a server.

However, since the above-described conventional technique is a server client type system, there is a problem in that operation is expensive. In other words, security such as encryption key renewal and group entry / exit monitoring is monitored, a server that distributes secret keys, a server by a third-party organization for mutual authentication of users, or a server stops It is necessary to prepare a backup system, etc., so that operation is expensive. Furthermore, the above-described conventional technique also has a problem that the user has to perform communication setting work for performing communication with a server designated in advance.

[Object of invention]
Accordingly, an object of the present invention is to provide a group encryption communication technique that does not require a server, is simple, low-cost, and does not stop service.

In the group encryption communication method of the present invention, in order to achieve the above object, a representative computer in a group performing group encryption communication and a subscription request computer requesting to join the group exchange exchange keys generated in the own computer. A common encryption key is shared by sharing, a step of generating a new common encryption key using an encryption key sharing method, and a computer other than the representative computer in the group is exchanged by the subscription request computer Generating a common encryption key identical to the new common encryption key based on the key and the current common encryption key.

As an encryption key sharing method, a Diffie-Hellman type key exchange method can be adopted.

More specifically, the step of generating a new common encryption key using the encryption key sharing method includes the step of generating an exchange key generated by the subscription request computer using a secret key unique to the own computer to the representative computer. Transmitting the exchange key generated by the representative computer using a common encryption key shared by computers in the group to the subscription request computer, and the representative computer transmitting from the subscription request computer. A step of generating a new common encryption key using the exchange key and the common encryption key, and an exchange key sent from the representative computer by the subscription request computer and a secret key unique to the own computer. And generating a common encryption key identical to the new common encryption key generated by the representative computer.

Further, in the group encryption communication method of the present invention, in order to ensure high security, the representative computer extracts a random value, and an exchange key generated using the extracted random value is included in the group. Transmitting to the remaining computers, and generating a new common encryption key based on the exchange key sent from the representative computer and the current common encryption key.

Further, the group cipher communication method of the present invention enables the first group representative computer and the second group representative computer to merge the first and second groups performing group cipher communication. Generating a new common encryption key using a Diffie-Hellman type key exchange method, in which a common encryption key is shared by exchanging exchange keys generated in the own computer, and in the first group A computer other than the representative computer has the same common encryption key as the new common encryption key based on the exchange key generated by the representative computer of the second group and the current common encryption key of the first group. A computer other than the representative computer in the second group, and an exchange key generated by the representative computer of the first group and the second group at the present time. Based of the common encryption key and generating a same common encryption key and the new common key.

In the group encryption communication method of the present invention, the representative computer transmits identification information encrypted with the new common encryption key to the subscription request computer in order to ensure authentication. And the subscription request computer decrypts the received encrypted identification information with the new common encryption key and performs authentication by evaluating the validity of the decryption result.

Further, in the group encryption communication method of the present invention, in order to perform authentication more reliably, the subscription request computer transmits the common encryption key encrypted by the identification information decrypted by the own computer to the representative computer. And a step in which the representative computer performs authentication by decrypting the received encrypted common encryption key with the identification information and evaluating the validity of the decryption result.

Further, in the group encryption communication method of the present invention, the subscription request computer broadcasts or multicasts the subscription request so that the subscription request computer can participate in the group encryption communication without specifying the communication destination of the subscription request. A step in which a computer in the group transmits a response to the subscription request, and a response source computer of a response received by the subscription request computer within a predetermined time after broadcasting or multicasting the subscription request. Selecting a group encryption communication partner from among them.

[Action]
2. Assume that group encryption communication is performed between users A and B with user A as a representative. For encryption communication between two users, an encryption key sharing method such as a Diffie-Hellman key exchange method is well known to the operator. Thereafter, it is assumed that user C requests to join the group encryption communication.

Key sharing is performed between the computer (representative computer) KA of the user A and the computer (subscription request computer) KC of the user C. In other words, the subscription request computer KC and the representative computer KA of the user C who requests to join the group composed of the users A and B calculate the exchange keys by the Diffie-Hellman type key method, respectively, and exchange them. Send and receive keys to each other. The computer B of the user B also acquires the exchange key of the user C, and calculates a new common encryption key in each computer KA, KB, KC by the Diffie-Hellman type key method. All the computers KA, KB, KC constituting the group start group encryption communication using the newly calculated common encryption key. Whenever a user joins, group encryption communication is performed while the above process is repeated to update the common encryption key for encryption communication.

Therefore, a common encryption key can be shared only by communication between computers of a plurality of users without communicating with a server, and group encryption communication can be performed using the common encryption key. Therefore, since there is no need to operate a server, it is possible to obtain an effect of realizing group encryption communication that is simple, low cost, and without service stop.

Further, in the above, it is possible to perform cryptographic communication without specifying a communication destination, that is, only by broadcast communication, and an effect of saving the trouble of setting a user's communication destination can be obtained. Using broadcast communication has the risk of eavesdropping. This is largely due to leakage of secret information in group communication, but can be dealt with by using a unicast communication with only the group members for updating the secret key.

Also, the secret key is not obtained from the server, but is calculated in each computer. Therefore, there is no need to communicate with the server at the start of communication, and as long as communication between parties is possible, the effect of enabling group encryption communication is obtained.

The first effect is that group encryption communication can be performed safely between a plurality of users without using a server.

The reason for this is that a group secret key is shared between two or more users by using a key exchange method that has been mathematically proven to be secure between two users, and adding users or groups in sequence. This is because the above is realized.

The second effect is that authentication of users participating in the group is possible without using a server.

The reason is that the public key information for the authentication data of the user who wants to join the group is stored in the group in advance, and it will be used if it can be used when authenticating the user who wants to join the group. is there. This is because even if public key information cannot be used, it is possible to authenticate users who participate in the group by providing means for interactively judging whether or not to participate in the group.

Of course, not using a server means there is no service outage. This is because the group encryption communication service is established only between parties who intend to participate in the group.

Next, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 shows an overall configuration of a group encryption communication system according to the first exemplary embodiment of the present invention. Referring to FIG. 1, the group cryptographic communication system according to the present embodiment includes a network 7 such as the Internet, a LAN, and a wireless communication network, and a plurality of computers 1-1 to 1-n connected to the network 7. The In FIG. 1, since the components in each computer referred to in the present invention are common to each computer, only the configuration of one computer 1-1 is shown.

The application process 2 is a user program such as groupware or communication. The communication unit 3 transmits data from the application process 2 to the network 7 or to another designated computer, and receives data from the network 7 or from the designated computer to the application process 2. The subscription confirmation unit 4 designates whether or not to accept a group subscription request from another user, and designates whether or not to invite one or more groups to join. The secret key management unit 5 holds and manages a secret key for performing encryption processing of data transmitted and received during group encryption communication. If necessary, it also holds and manages authentication data for authenticating each user and computer. The group secret key calculation unit 6 calculates an exchange key to be transmitted / received to calculate a secret key between computers of users who intend to perform group encryption communication, and uses this exchange key for group encryption communication. To calculate the secret key.

Next, the operation of the group encryption communication system of FIG. 1 will be described using the sequence charts of FIGS.

First, the operation when establishing group encryption communication between two users will be described with reference to FIG. A user A, B starts an application process 2 on his computer 1-A, 1-B, and then waits for a group join request sent by e-mail or the like (S101-1, S101-). 2). When the computer 1-B of the user B issues a group joining request (for example, including a requester name, a group name, and an e-mail address) to start group encryption communication (S102), the computer 1 of the user A 1- A receives the group join request (S103). Here, the transmission of the user B group subscription request may be broadcast message communication or multicast message communication. Broadcast message communication and multicast message communication are used when a partner who forms a group is not determined in advance.

The user A determines whether or not a group can be formed with the user B based on the group joining request sent from the user B (S104). If not, the user A waits for the group joining request again. (S101-1). If the user B cannot receive a response, it is assumed that there is no group formation partner, and another group join request is made or a group join request from another user is awaited. Here, a message rejecting group formation from the user A side may be transmitted to the user B side. In this case, the user B side can immediately proceed to the next process.

If the user A accepts the formation of the group, the computer 1-A transmits an exchange key request (for example, including the requester name, the group name, and the e-mail address) that means acceptance of the group formation. (S105). The computer B of the user B receives the exchange key request (S106), and the user B determines whether or not to form a group based on the received key exchange request. If a group join request is made by broadcast communication or multicast communication, there may be multiple responses. In this case, the user B selects a partner to form a group from a plurality of responses sent within a predetermined time after transmitting the group joining request. If there is no intention to form a group for any of the responses, the process cancels here and returns to waiting for a group join request (S101-2). A message rejecting group formation from the user B side may be transmitted to the user A side. In this case, the user A side can immediately proceed to the next process.

Next, the exchange key is calculated in both computers 1-A and 1-B. Here, the Diffie-Hellman type key exchange method is used. It is assumed that there is a group generator g for a specific so-called group and a certain prime number p, which is known to users who join the group. The computers 1-A and 1-B of the users A and B randomly extract a secret key x where 1 <x <p and a secret key y where 1 <y <p, respectively (S107-1, S107-2). Then, the exchange keys X and Y are obtained from X = g xmod p and Y = g ymod p (S108-1, S108-2).

Next, an exchange key is transmitted and received between users A and B (S109, S110, S111, S112). Then, in the group encryption communication, a group secret key (common encryption key) for encrypting communication data is calculated (S113-1, S113-2). In the case of the Diffie-Hellman type key exchange method, the computers 1-A and 1-B calculate Yxmod p and Xymod p based on the received exchange keys Y and X, respectively. The value obtained here is the same value for both computers 1-A and 1-B, and group encryption is possible by using this value as a common encryption key such as DES. Using this group secret key, data to be transmitted / received is encrypted, and group encryption communication between the two parties is performed (S114-1, S114-2).

The processing of S107-1, S107-2 to S113-1, S113-2 can also be performed using an RSA key encryption method as follows. User A's public key p is assumed to be known. The computer 1-B of the user B extracts the secret key x at random (S107-1). Then, the encryption key x is encrypted using the public key p to obtain the exchange key X (S108-2). Then, the exchange key X is transmitted to the user A side (S109, S110). The computer 1-A on the user A side decrypts the received exchange key X using the private key q corresponding to the public key p (S113-1), and obtains the encryption key x. Since only the user A can know the secret key q, only the user A can decrypt the encryption key x. Therefore, the encryption key x is securely distributed. Here, the encryption key x is a shared group secret key. Using this group secret key, data to be transmitted / received is encrypted, and group encryption communication is performed between the two parties (S114-1, S114-2). .

The group encryption communication between the two parties has been described above. The case where another user C newly joins the group will be described with reference to FIG.

It is assumed that a certain group encryption communication has been established (S201-1, 201-2). Among these group members, a certain user A is a group representative user. A group representative user is a group member who negotiates with a new subscriber, and uses a common encryption key for group encryption communication as a group secret key a.

The computer 1-C of the user C who intends to newly join starts the application process 2 first and waits for a group joining request (S201-3). Similarly to the establishment of the group encryption communication between the two users, when the user C issues a group joining request (S202-3), the computer 1-A of the user A receives the group joining request (S202- 1). If broadcast message communication or multicast message communication is used, the entire group receives a subscription request. However, for a user other than the group representative user (here, referred to as user B for convenience), the group subscription request is Ignored (S202-2, S203-2).

The user A of the group leader determines whether or not the user C can join the group (S203-1, S204). If it is not possible, the group encryption communication with the user B is continued without any response. . If the user C cannot receive a response, it is determined that group subscription is not permitted, and another group subscription request is made or a group subscription request from another user is awaited. Here, a message rejecting group subscription from the user A side may be transmitted to the user C side. In this case, the user C side can immediately proceed to the next process.

If the user A is permitted to join the group, an exchange key request indicating permission to join the group is transmitted (S205). User C receives the exchange key request and determines whether group C can be joined or not on the side of user C (S206-3). If a group join request is made by broadcast communication or multicast communication, there may be multiple responses. In that case, the user C selects a group to join from a plurality of responses. If there is no intention to join any response, cancel here and return to the group join request wait (S201). A message rejecting group subscription from the user C side may be transmitted to the user A side. In this case, the user A side can immediately proceed to the next process.

Next, the exchange key is calculated in both. Here, the Diffie-Hellman type key exchange method is used. The fact that there is a group generation source g for a specific so-called group and a certain prime number p, which is known to users who join the group, is the same as when establishing group encryption communication between two parties. In the computer 1-C of the user C, the secret key z satisfying 1 <z <p is extracted at random (S207). Then, the exchange key Z is obtained from gzmod p (S208-3). The computer 1-A of the user A obtains the exchange key α from gamod p by using the group secret member a already shared with the group constituent members of the group encryption communication already established (S208-1).

The exchange key request is also transmitted to user B (S205). When the computer 1-B of the user B receives the exchange key request, it prepares to update the group secret key so that the exchange key to be received can be received (S206-2, S209). User A transmits an exchange key to user C, and user C transmits an exchange key to user A. User A transmits the exchange key sent from user C to user B (S210-1, S210-2, S210-3). Then, a new group secret key is calculated using the received exchange key (S211-1, S211-2, S211-3). The computers 1-A and 1-B of the users A and B receive the exchange key Z and calculate Zamod p. In the computer 1-C of the user C, αzmod p is calculated. Zamod p and αzmod p have the same value and become a new group secret key shared by users A, B, and C. Using this group secret key, data to be transmitted / received is encrypted, and group encryption communication is performed between the three parties (S212-1, S212-2, S212-3).

In the above description, the computer 1-A transmits the exchange key sent from the computer 1-C to the computer 1-B, but the computer 1-C directly sends the exchange key to the computer 1-B. You may make it transmit. In the above description, the exchange key is transmitted from the computer 1-A of the user A to the computer 1-B of the user B, and the exchange key and the current group secret key are transmitted to the computer 1-B of the user B. Based on the above, the new group secret key is calculated, but the computer 1-A of the user A encrypts the new group secret key calculated based on the exchange key and the group secret key. You may make it transmit to this computer. For this encryption, for example, a group secret key that is currently recognized by the user B can be used.

In the above description, when a new subscriber joins, only a case where a new exchange key is generated and a group secret key is updated is described. It is not limited when a person joins. By frequently distributing a new exchange key and updating the group secret key at an arbitrary timing, the security can be further increased. Specifically, the computer 1-A selects a random value r and calculates R = grmod p. Then, this R is distributed to the computers 1-B and 1-C. In the computers 1-A, 1-B, 1-C, a new group secret key y is calculated by y = Rxmod p. Here, even if R is wiretapped, it is difficult to calculate a new group encryption key y as in the Diffie-Hellman type key exchange method, and the group encryption key can be updated safely.

Further, the processing of S206-2, S206-3 to S211-1, S211-2, S211-3 can use key exchange using the Diffie-Hellman type key exchange method as follows. . The public key p of the user C is assumed to be known. User A's computer 1-A encrypts the group secret key a using the public key p to obtain the exchange key α (S208-1). Then, the exchange key α is transmitted to the user C side (S210-1, S210-3). The computer 1-C of the user C decrypts the received exchange key α using the secret key q corresponding to the public key p (S211-3) to obtain the secret key a. The secret key a is a shared group secret key. Using this group secret key, the data to be transmitted / received is encrypted, and group encryption communication between the three parties is performed (S212-1, S212-2, S212- 3). However, in this case, the group secret key is not updated.

As described above, the case where the number of users is changed from two to three has been described. However, the same method can be applied to the case where more users join. Also, when a user leaves the group, no user registration or management is required, so no procedure is required. However, in the case of re-enrollment, a new enrollment procedure is required.

In the above description, the representative computer in the group has been described as a specific computer. However, for example, it may be determined as follows.

For example, when group encryption communication is performed by wireless access, a function to check the received radio wave level is added to the subscription request computer to join the group, and the computers in the group with the highest reception level are the most network-like. It is recognized that the computer is close to the computer, and this computer becomes the representative computer of the group.

Alternatively, the subscription request computer issues a ping message, and each computer in the group that has received the ping message checks the network path of the ping message to determine the number of routers and hubs that pass through. After that, each computer in the group exchanges the number of routers and hubs determined by its own computer, etc., so that the computer with the smallest number of routers and hubs with the subscription request computer (the subscription request computer and the network The computer that is closest to. Then, the computer specified in this way is set as a representative computer, and the representative computer notifies the subscription request computer to that effect.

Alternatively, the subscription request computer issues a ping message, each computer in the group returns a response to the subscription request computer with time, and the subscription request computer recognizes the computer with the earliest response time as the representative computer.

Next, a second embodiment of the present invention will be described. The basic configuration of this embodiment is the same as that of the first embodiment, but two groups performing group cryptographic communication can authenticate each other and further form a group performing one group cryptographic communication. Devised. The operation of the group encryption communication system will be described using the sequence chart of FIG.

A user A1, A2 of a certain group A performs group cipher communication with the group secret key A using his / her computers 1-A1, 1-A2 (S201-1, S201-2). It is assumed that B users B1 and B2 are performing group encryption communication with the group secret key B using their own computers 1-B1 and 1-B2 (S201-3 and S201-4). When these two groups A and B merge to form one group, the representative users A1 and B1 of each group A and B negotiate. First, the representative user B1 of the group B transmits a group merge request to the computer 1-A1 of the representative user A1 of the group A using the computer 1-B1 (S302). The A group representative user A1 receives the group merge request (S303), and determines whether the request is possible (S304). If the request is rejected, the request is ignored and the group A group encryption communication is continued. At this time, it may be notified to the computer 1-B1 of the representative user B1 of the group B that the request is rejected. In this case, the representative user B1 of the group B proceeds to the next process as soon as the rejection is received.

If representative user A1 of group A permits the group merge request, it sends an exchange key request (S305). The computer 1-B1 of the group B receives the exchange key request and determines whether or not group merge is possible on the group B side (S306). If the merger is permitted, the exchange key is calculated using the group secret key B (S307). The exchange key β is calculated by β = gBmod p. On the other hand, the computer 1-A1 of the group A calculates the exchange key using the group secret key A (S308). The exchange key α is calculated by α = gAmod p.

Next, the exchange keys α and β are transmitted and received between the computers 1-A1 and 1-B1 of the groups A and B (S309-1, S309-3). The computer 1-A1 transmits the received exchange key β to the group A member computer 1-A2 (S310-1), and the computer 1-B1 transmits the received exchange key α to the group B member computer 1-A2. It transmits to B2 (S310-3). Group member computers 1-A2 and 1-B2 receive exchange keys β and α, respectively (S311, S312). Then, all the computers 1-A1, 1-A2, 1-B1, 1-B2 perform group secret key calculation (S313-1 to S313-4). Computers 1-A1 and 1-A2 in group A calculate βAmod p, and computers 1-B1 and 1-B2 in group B calculate αBmod p. Both βAmod p and αBmod p are gABmod p, and the group secret keys can be shared by the computers 1-A1, 1-A2, 1-B1, 1-B2 of both group members. Thereafter, each of the computers 1-A1, 1-A2, 1-B1, 1-B2 performs group encryption communication using the group secret key (S201-1 to S201-4). The representative computer after the merger may be, for example, a computer that has issued a group merge request or a computer that has received a group merge request.

In the above description, the exchange key is transmitted from the group representative computer 1-A1, 1-B1 to the group member computer 1-A2, 1-B2, and the group member computer 1-A2, 1-B2 The new group secret key is calculated on the basis of the exchange key sent and the current group secret key of the own group, but the new one calculated by the computer 1-A1, 1-B1 of the group representative The group secret key may be encrypted with the group secret key of the own group currently used by the group member computers 1-A2, 1-B2 and transmitted to the group member computers 1-A2, 1-B2. good. In this case, the group member computers 1-A2 and 1-B2 decrypt the new group secret key using the group secret key of the group currently used, and thereafter use the new group secret key. Group encryption communication.

In the second embodiment as described above, by further devising the method described above, even when a plurality of users try to request a group subscription almost simultaneously, the processing can be performed more efficiently.

The representative computer of the group pools the group join requests that have been sent between the time when the first group join request is received and the predetermined time has elapsed. If, for example, as shown in FIG. 5 during the predetermined time, n group subscription requests sent from a plurality of users 1 to n are pooled, the representative computer first has two users. First, authentication and secret key sharing are performed between the two users. Furthermore, the same process is repeated with one of the pairs as a representative. That is, a pair of two users is further generated from a set of representatives, and authentication and secret key sharing are performed between the two users. If the number of users is not an even number, the surplus users go directly to the next grouping. By repeating this process, the secret key is shared between the last two users. This is the group secret key.

Next, the group secret key is encrypted, and the group secret key is shared by encrypting and distributing to the partner of the representative pair. The encryption at this time can be safely distributed by using a secret key shared with the partner of the pair. By repeating this process, it becomes possible to distribute the group secret key to all who intend to join the group.

A third embodiment of the present invention will be described. Although the basic configuration of the present embodiment is the same as that of the first embodiment, the processing for determining whether or not a group member can join is further devised. Specifically, as shown in FIG. 6, the authentication data processing unit 8 is added to each of the computers 1-1 to 1-n.

The authentication data processing unit 8 verifies the authentication data of the other party to join. The authentication data is added to the group join request and group merge request transmitted in S102, S202-3, and S302 of the first and second embodiments described above and transmitted. Further, it is added to the exchange key request transmitted in S105, S205, and S305 and transmitted. That is, the authentication process is performed when establishing group encryption communication between two users, when a new subscriber joins group encryption communication, and when two groups merge. The authentication data includes, for example, a requester name (email address) of a requester who makes a group join request, a group merge request, and an exchange key request, a public key storage location (server name, URL), and a secret key of the subscriber requester. An encrypted subscription request group name is included.

Verification is usually performed as follows. The authentication data is encrypted with the sender's RSA encryption private key. The receiver can authenticate the sender of the authentication data by obtaining the sender's public key from a trusted third party and decrypting the encrypted authentication data using the public key. . The details of the authentication process are well known to those skilled in the art and are not directly related to the present invention, and thus the detailed configuration is omitted.

In the present invention, the received authentication data is verified by the authentication data processing unit 8, but is processed as follows.

First, it is checked whether the public key information of the sender of the authentication data is included in the pair of the requester name and the public key information registered when the authentication data has been verified previously. This check is performed, for example, by searching for the registered information using the requester name included in the authentication data as a key. If it is included, the validity of the public key information is checked. The validity is, for example, a check of an expiration date. Then, using the stored public key information, the subscription request group name is decrypted, an authentication process is performed, and based on the result, it is determined whether the group can be joined.

If the public key information for the sender authentication data is not included in the stored public key information, an inquiry is made to another group member. If someone in the group has stored public key information for the sender's authentication data, the authentication data is processed using that information.

If the public key information for the authentication data of the sender is not stored by any group member, an inquiry is made to the corresponding server according to the location of the public key included in the authentication data. If no inquiry is made to the authentication server, it is understood that the authentication data is incomplete, and it is determined whether or not the group can be joined. If public key information is obtained by making an inquiry to the authentication server, the public key information is stored in association with the requester name in the authentication data for use in the next verification.

If the authentication data sent from the sender does not contain public key information, but the sender's identity can be verified, a local RSA encryption key pair is created and one of them is the private key information. May be held by the sender, and the other may be held by the receiver as public key information. The public key pair may be generated either on the sender side or on the group side. The public key information is stored in association with the requester name in the authentication data for use in the next verification.

Also, by distributing the authenticated public key information to other group members, even if there is no group member who has been authenticated at that time, any of the group members will be verified in the next verification. Since the public key information is held, verification processing can be performed smoothly.

Thus, in the third embodiment, the sender can be authenticated. By performing authentication, not only can the sender be confirmed, but also the following effects can be expected.

First, when using wireless communication, there is a possibility that the connection of the line may be suddenly cut off during the communication, but if the connection is cut off, confirm the sender when reconnecting. By doing so, it may be possible to continue the communication safely and efficiently.

Second, impersonation is performed to facilitate the discovery of users participating in group cryptographic communication. This is because it is possible to make it impossible for a regular user and a pretending user to participate in group communication at the same time.

Next, a fourth embodiment of the present invention will be described. Although the basic configuration of the present embodiment is the same as that of the third embodiment, the authentication process is further devised. Specifically, the processing of S701-1 to S704-2 shown in the sequence chart of FIG. 7 is performed.

The processing of S701-1 and S701-2 in FIG. 7 corresponds to the processing of S109 to S112 in FIG. 2, the processing of S210-1 and S210-3 in FIG. 3, and the processing of S309-1 and S309-3 in FIG. It is processing to do. 7 are the processes of S113-1 and S113-2 of FIG. 2, the processes of S211-1 and S211-3 of FIG. 3, and the processes of S313-1 and S313 of FIG. This process corresponds to the process -3. The processing in S703-1, S703-2, S704-1, and S704-2 in FIG. 7 is the processing that is performed next to S113-1 and S113-2 in FIG. 2, and the processing in S211-1 and S211-3 in FIG. This is a process to be performed next, a process to be performed next to S313-1 and S313-3 in FIG.

In S701-1, S701-2, S702-1, and S702-2 of FIG. 7, the Diffie-Hellman type key exchange method described above is used to calculate an exchange key, communicate with each other, and share an encryption key. However, the exchange key X is obtained from X = g xmod p, and g and p are values that only group members can know. The obtained group encryption key Xymod p is set as a key. Further, it is assumed that the group member holds secret identification information id1 unique to the group. That is, the group member holds three group-specific secret values g, p, and id1.

Next, one user encrypts the group-specific identification information id1 with the group encryption key key and transmits it to the other party (S703-1). If the other party is the same group member, the same group encryption key key is shared, and the group-specific identification information id1 can be decrypted. If the decrypted identification information id1 is the same as the identification information held by itself, the transmission side user is recognized as a group member (S703-2). If the members are not the same group members, the group-specific identification information id1 cannot be decrypted, and the user on the transmission side can be denied as a group member.

Further, the group encryption key key is encrypted with the group-specific identification information id1 and returned (S704-2). The received user decrypts with the identification information and obtains the encryption key key, thereby admitting the returning user as a group member (S704-1). If the reply side is not a group member, the group encryption key key cannot be correctly decrypted, so that the reply side user can be denied as a group member.

In the above example, three group-specific secret values g, p, and id1 are used, but when replying, another group-specific secret identification information id2 is used and the group-specific identification information id2 is encrypted. It may be encrypted with the key key and sent back.

As described above, in the fourth embodiment, it is possible to safely and easily authenticate the sender and the receiver. Even if one of them is impersonating and exchanging information for authentication, secret information unique to the group cannot be obtained, and even if eavesdropping, secret information unique to the group cannot be obtained. Authentication processing can be performed safely. Further, since only a slight change from the Diffie-Hellman type key exchange method described above, authentication processing can be easily performed.

Next, a fifth embodiment of the present invention will be described. Although the basic configuration of the present embodiment is the same as that of the first embodiment, a function for supporting group decision making such as determination of whether or not a group member can join is devised. Specifically, as shown in FIG. 8, each computer 1-1 to 1-n is provided with a voting data processing unit 9. The details of the voting process are well known to those skilled in the art and are not directly related to the present invention, and therefore the detailed configuration is omitted.

In the present invention, group decision making will be described taking as an example the determination of whether or not a group member can join. The group representative user inquires of the group member whether or not the new member can join. The inquiry includes new member profile information.

The vote is totaled, and the result is compared with a predetermined group policy to determine whether or not a new member can join. Here, the group policy includes that all group members have an OK response, that half of the responses are OK, and that there is no NG response.

In the present invention, as the calculation of the exchange key, the description has been made mainly on the configuration in which the Diffie-Hellman type key exchange system is applied. Can be applied as an exchange key calculation method.

Although the configuration of the embodiment of the present invention has been described in detail above, the communication processing and encryption processing described above are well known to those skilled in the art and are not directly related to the present invention. Omitted.

It is a block diagram which shows the structure of the 1st Embodiment of this invention. It is a sequence chart which shows the example of a process at the time of establishing group encryption communication between 2 users. It is a sequence chart which shows the process example at the time of a new user joining to group encryption communication. It is a sequence chart explaining the flow of processing of a 2nd embodiment of the present invention. It is a figure which shows the outline | summary of the process of the 2nd implementation of this invention. It is a block diagram which shows the structure of the 3rd Embodiment of this invention. It is a sequence chart explaining the flow of a process of the 4th Embodiment of this invention. It is a block diagram which shows the structure of the 5th Embodiment of this invention. It is a block diagram for demonstrating the prior art.

Explanation of symbols

1-1 to 1-n, 102-1 to 102-4 ... computer 2 ... application process 3 ... communication unit 4 ... subscription confirmation unit 5 ... secret key management unit 6 ... group secret key calculation unit 7, 51 ... network 8 ... Authentication data processing unit 9 ... voting data processing unit
103: Authentication server
105 ... Group management server
106-1 ~ 106-4 ... Process

Claims (19)

A common computer in a group that performs group cryptographic communication and a subscription requesting computer that requests to join the group share a common cryptographic key by exchanging a new common cryptographic key with an exchange key generated in its own computer. Generating with an encryption key sharing method,
A computer other than the representative computer in the group generates a common encryption key identical to the new common encryption key based on the exchange key sent from the subscription request computer and the current common encryption key; A group encryption communication method. A representative computer of a first group that implements the group encryption communication method according to claim 1 or 2, and a representative computer of a second group that implements any one group encryption communication method according to any one of claims 1 to 5. Generating a new common encryption key by an encryption key sharing method in which the common encryption key is shared by exchanging exchange keys generated in the own computer;
A computer other than the representative computer in the first group can use the new common encryption key based on the exchange key generated by the representative computer of the second group and the current common encryption key of the first group. Generating a common encryption key identical to
A computer other than the representative computer in the second group can use the new common encryption key based on the exchange key generated by the representative computer of the first group and the current common encryption key of the second group. Generating a common encryption key identical to the group encryption communication method. In the group encryption communication method according to claim 1 or 2,
The subscription request computer broadcasting subscription request information;
A group encryption communication method comprising the step of selecting one of the computers belonging to the group having the smallest number of routers or hubs through which communication is made to the subscription request computer as a representative computer. In the group encryption communication method according to claim 1 or 2,
The subscription request computer broadcasting subscription request information;
A computer in the group sending a response to the subscription request information to the subscription request computer;
And a step of recognizing the computer that has returned the earliest response as a representative computer in the group. In the group encryption communication method according to claim 1 or 2,
Communicating authentication data with each other between the representative computer and the subscription request computer;
A group encryption communication method, comprising: a step of authenticating the representative computer and the subscription request computer based on the received authentication data. In the group encryption communication method according to claim 1 or 2,
The representative computer sends identification information encrypted with the new common encryption key to the subscription request computer;
The subscription request computer performs authentication by decrypting the received encrypted identification information with the new common encryption key and evaluating whether the decryption result and the identification information managed by itself are equal. And a group encryption communication method. The group encryption communication method according to claim 6,
Transmitting the common encryption key encrypted by the identification information decrypted by the own computer to the representative computer by the subscription request computer;
The representative computer performs authentication by decrypting the received encrypted common encryption key with identification information and evaluating whether the decryption result and the common encryption key managed by itself are equal. A group encryption communication method. The group encryption communication method according to claim 2,
The representative computer of the first group transmits identification information encrypted with the new common encryption key to the representative computer of the second group;
The representative computer of the second group decrypts the received encrypted identification information with the new common encryption key, and evaluates whether the decryption result and the identification information managed by itself are equal. And a step of performing authentication. The group encryption communication method according to claim 8, wherein
Transmitting the common encryption key encrypted by the identification information decrypted by the local computer to the representative computer of the second group and the representative computer of the first group;
The representative computer of the first group decrypts the received encrypted common encryption key with identification information, and performs authentication by evaluating whether the decryption result and the common key managed by itself are equal. And a group encryption communication method. In the group encryption communication method according to claim 1 or 2,
Communicating authentication data with each other between the representative computer and the subscription request computer;
If the representative computer stores authentication necessary information necessary for performing authentication processing based on the authentication data sent from the subscription request computer in its own computer, the stored authentication is required. Authentication processing is performed using the information, and it is not stored on the local computer, but if it is stored on another computer in the group, authentication is performed using the authentication required information stored on the other computer. If processing is performed and neither the own computer nor other computers in the group are stored, the step of acquiring authentication necessary information from the server and performing the authentication process;
A group encryption communication method comprising: a step of performing an authentication process based on authentication data transmitted from the representative computer, wherein the subscription request computer. In the group encryption communication method according to claim 1 or 2,
Between the representative computer and the subscription request computer, communicating with each other authentication data encrypted using a private key of the own computer;
The representative computer decrypts the encrypted authentication data sent from the subscription request computer with the public key of the subscription request computer, and performs an authentication process based on the decryption result;
The subscription request computer includes a step of decrypting encrypted authentication data sent from the representative computer with a public key of the representative computer and performing an authentication process based on a decryption result. Group encryption communication method. The group encryption communication method according to claim 11,
If the representative computer holds the public key of the subscription request computer in its own computer, the authentication data is decrypted using the public key and is not stored in the own computer, but If the computer is stored, the authentication data is decrypted using the public key stored by the other computer. If neither the own computer nor other computers in the group are stored, the server A group encryption communication method, comprising: decrypting authentication data using the acquired public key of the subscription request computer. The group encryption communication method according to claim 12,
The public key and encryption key used by the representative computer and the subscription request computer are local public keys and encryption keys determined between the representative computer and the subscription request computer. . The group encryption communication method according to claim 11, 12, or 13,
The representative computer distributes the public key of the subscription request computer to other computers in the group;
The other computer stores the public key of the subscription request computer sent from the representative computer. The group encryption communication method according to any one of claims 1 to 14,
Inquiring whether or not the representative computer holds the public key of the subscription request computer to other computers in the group;
Responding to the inquiry from the representative computer whether or not the other computer holds the public key of the subscription request computer;
If the representative computer determines that the other computer holds the public key of the subscription request computer based on the response from the other computer, the subscription request computer joins the group. And a step of permitting the group encryption communication method. The group encryption communication method according to any one of claims 1 to 15,
When a plurality of subscription request computers wish to join the same group encryption communication, the representative computer of the group encryption communication joins each of the plurality of subscription request computers desired to join two by two. Divide into request computer pairs, establish a group encryption communication group in each pair, and make one computer of each pair as a representative, constitute a representative pair, and group encryption communication group in each pair The process of establishing is repeated until the last two users are reached, and then the common encryption key shared between the last two users is sent to the partner who represents the common encryption key shared by the pair. The group encryption is characterized in that a common encryption key is shared among all the subscription request computers that wish to perform group encryption communication by repeatedly performing encryption processing and communication. Communication method. The group encryption communication method according to claim 1 or 2,
The subscription request computer broadcasting or multicasting a subscription request;
A computer in the group sending a response to the subscription request;
A group cipher comprising: a step of selecting a partner of group cipher communication from among computers responding to a response received within a predetermined time after the join request computer broadcasts or multicasts the join request. Communication method. A computer in a group that performs group encryption communication,
Means for generating a new common encryption key using an encryption key sharing method for sharing a common encryption key by exchanging mutual exchange keys with a subscription request computer requesting to join the group; ,
By transmitting the exchange key of the subscription request computer to another computer in the group, the new common code based on the exchange key of the subscription request computer and the current common encryption key is transmitted to the other computer. A computer comprising means for generating a common encryption key identical to the encryption key. Computers in the group that perform group encryption communication
Means for generating a new common encryption key using an encryption key sharing method for sharing a common encryption key by exchanging mutual exchange keys with a subscription request computer requesting to join the group;
By transmitting the exchange key of the subscription request computer to another computer in the group, the new common code based on the exchange key of the subscription request computer and the current common encryption key is transmitted to the other computer. A program for functioning as a means for generating a common encryption key identical to the encryption key.

Images