JPH0293487A - Key writing device - Google Patents

Abstract

PURPOSE:To easily hold a generation rule of a key in secret and to secure its safety by generating a key Ki as a function of a secret parameter P which can be written and cannot be read out and a terminal code Xi. CONSTITUTION:A key generating means 2 inputs a parameter P from a holding means 3, and also, inputs a terminal code Xi from an ID input part 7, generates a key Ki by Ki = F (P, Xi), and transmits a result to a key writing means 5. A physical protecting means 4 is allowed to have such a quality as the parameter P can be changed from the outside of the key writing device but cannot be read out to the outside, or the value is broken down if it is tried to read it out. For instance, a ROM is put into an LSI and a metallic box whose read- out terminal is not led out to the outside and a physical lock is added. The means 5 can write the key Ki generated as a writing device of the ROM and the IC in the ROM and the IC card.

Description

[Detailed Description of the Invention] J-Industrial Application Field J This invention is applicable to encryption keys, message authentication keys for detecting message tampering, communication partner authentication keys for slandering a communication partner, or digital signatures. This relates to a device that generates secret information used in, etc.

[-Prior Art] A terminal code for identifying an individual terminal within a network is represented by a symbol Xi (i=1.2, . . . ).

The terminal code is, for example, the user's telephone number or user identification number, and is information that can be made public. Conventionally, to generate a private key Ki for each user based on the terminal code Xi, for example, an appropriate function F° is used, and Ki=F' (Xi)
It was generated by The conventional key writing device uses the function F°
Once known to a third party, the key Ki can be easily calculated from the terminal code, and the key Ki cannot be kept secret.

"Means to solve problems" A key Ki is generated using the secret parameter P.

That is, the key Ki is calculated using X1=F(P, Xi), where F is a function expression of the function of the key generation means. The parameter P is characterized in that it is kept secret from the terminal side.

Even if F is known to the outside, Ki can be kept secret by changing the parameter P. The key writing device is provided with a ``P holding means'' that allows the private parameter P to be read but cannot be read. A secret parameter P is input, and the parameter P is held in the P holding means inside the key writing device.

For example, the P holding means can be carried out by holding the memory inside an LSI (Large Scale Integrated Circuit) with a battery, or by making a strong metal box, putting the ROM in it, and physically holding it. This is achieved by providing a lock. When the terminal code Xi is input to the key writing device, the key generation means generates a key Ki. The secret parameter P cannot be extracted from this key writing device.

"Method for realizing F" The first method is to realize the function F using a random number generation algorithm. That is, F(yl, y2)=R(yl, y2
).

R(yl, y2) is a random number generation algorithm, and yt
is the first initial value of the function R, and y2 is the second initial value of the function R. R(yl, y2) is a random number generation algorithm that has the property that the value of the random number R(yl, y2) is determined when yt and y2 are given.

The second method implements the function F using a cryptographic algorithm. That is, F(yl, y2) = E(yl, y2) where E(yl, y2) is the cryptographic algorithm and y
l is the encryption key, y2 is the input data, and the ciphertext C=E
(yl, y2) is output.

The third method implements the function F by a data compression algorithm. That is, F(yl, y2)II(ν1. y
2), where H(yl, y2) is the data compression algorithm, yl is the initial value, y2 is the input data, and the input data y2 is data compressed under the condition of initial (#fyl, and the compression result H( yl, y2).

As a data compression algorithm, a hash function used in the field of digital signatures may be used.

The fourth method implements the function F by modulo operation of the modulus n. For example, the modulo operation is F(yl.

y2)=F(P, Xl)=(Xi)' mod n,
Here the parameter P is two parameters P = (d, n)
, where sod n is the modulo operation of modulus n.

Next, yl and y2 of F(yl, y2) will be explained.

yt is y+=p when Gi is not used, and when Gi is used, for example, yl=f1(P,Gi)=p
HGi Or yl=f1(P, Gi)=P■G
Let it be i.

Here, allb represents data created by arranging data a and b, and a and b represent the exclusive OR of a and b. y
2 is y2=Xi when Xiu is not used, and Xiu
When using, for example, y2=f2(Xi.

Xiu) =Xi II Xiu or y2=
Let f2(Xi, Xiu)=Xi■Xiu. Gi
is called a protection code and will be described later.

"Embodiment I" FIG. 1 is a block diagram of an embodiment of a key writing WUI based on the present invention, which includes a key generation means 2, a P holding means 3, a physical protection means 4, a key writing means 5, and a P input section. 6 and an ID input section 7. The key generation means 2 inputs the parameter P from the P holding means 3, inputs the terminal code Xi from the ID input section 7, generates a key Ki, and sends the result to the key writing means 5.
tell to. The P holding means 3 stores the parameter P in a temporary memory, for example. Although the physical protection means 4 can change the parameter P from outside the key writing device, it has a property that P cannot be read out to the outside, or that the value of P is destroyed if an attempt is made to read it. For example, the physical protection means 4 may be realized as an LSI whose output terminals are not led out to the outside, or by making a metal box, inserting a ROM therein, and adding a physical lock. The writing means 5 is
For example, it is a ROM writer, and writes the key Ki generated by the key generation means 2 into the ROM. Another example of the writing means 5 is an IC cart writing device, in which case:
The generated key Ki is written to the IC card.

In order to operate this key writing device, first, one human-powered unit 6
The secret parameter P is manually inputted from , and P is held in the P holding means 3 . The key generation means 2 inputs the terminal code Xi from the human power section 7, uses the parameter P held in the P holding means, and determines the key Ki by 1=F(P, Xi). Ki is transmitted to the key writing means 5, and the key writing means 5 writes 1 to the key, for example, to an IC card.

Note that the P holding means 3 may be omitted, and in this case, the parameter P is manually entered into the key generating means 2 each time this key writing device is used.

“Embodiment 2” In Embodiment 1, the parameter P consists of d and n, that is, P=(d, n), the P input unit 6 manually inputs d and n, and the P holding means 3 inputs d and n. Holding n, the key generation means 2 performs the following calculation.

Ki = F((d, n), Xi) = (Xi)' m
ad n However, mod n represents a modulo operation of modulus n.

To operate this key correction device, first, the P input section 6
Input the secret parameters d and n from , and set d and n to P
It is held in the holding means 3. Input the terminal code Xi from the human power section 7, and set the parameter P=(d, n
), the secret information Ki is determined by Ki = (Xi)'nod n, and is output to the key writing means 5.

Note that the P holding means 3 may be omitted, and in this case, the parameter P is input to the key generating means 2 each time this key writing device is used.

“Example 3” Actually hii! In Example 1, the key generation means 2 also includes a random number generation function, and has a function of determining the random number generated here as the protection code G1, and outputting the key Ki and the protection coat 'Gi to the key writing means.

To operate this key writing device, first, the P input section 6
The secret parameter P is manually inputted from , and P is held in the P holding means 3 . Terminal code ), where PGi=f
1(P, Gi), and set the key to 1, where f1
(P, Gi) is a function of P and Gi, for example f1(
P, Gi) -P II Gi or f1(P, Gi)=
il■G1 (II is data concatenation, ■ is exclusive OR).

As described above, the key Ki and the protection code G14c are written into the key writing means.

Note that P holding stage 1 and stage 3 may be omitted, and in this case, the parameter P is manually input to key generation stage 1 and stage 2 each time this key writing device is used.

Embodiment 4 In Embodiment 1, the human resources department includes a function to input not only the terminal court Xi but also the sub-terminal court Xiu (u=1.2...).

To operate this key writing device, first, the P input section 6
Input the secret parameter P from 1) Holding means 3
to hold. X of the sub-terminal code along with Xi of the terminal code
Input iu through the ID input section 7, and use the secret parameter 1) in the P holding means, X1=F(P, Xi■Xiu)
, however, u=1.2. ..., calculates the key Kiu.

Note that the P holding means 3 may be omitted, and in this case, the parameter P is input to the key generating means 2 each time this key writing device is used.

Examples of how to use rKi” An example of how to use Ki will be explained.

A system is established in which a center and multiple IC card input/output devices are connected via communication lines. The IC card holding rod is a suitable I
Information is exchanged with the center via the c-card input/output device and communication line. For example, 1 is used as the key for message authentication between the center and each 1C power source. Each IC card holds an individual key Ki therein by the key writing device of the present invention. The center inquires and obtains the terminal code Xl from each 1c card, and calculates and generates a key Ki (the center has a key generation means and a parameter P).

In such an IC card usage system, it is conceivable that a huge number of IC cards will be issued.

In order to operate a large-scale IC card usage system, it is necessary to generate a key for each IC card in a secure manner so that the key 1 will not be leaked to the outside, and the key generation method is required to be used by a third party. The key writing device according to this invention is absolutely effective.

Another example of how to use Ki will be explained. Consider a system in which a center and multiple terminals are connected via communication lines.

For example, a key Ki is used for message authentication between the center and each terminal.
use. Each terminal internally holds its own key Ki and protection code Gi using the key writing device of the present invention. The center inquires and obtains the terminal code Xi and protection code from each terminal, and calculates and generates a key Ki. The terminal code uses the phone number assigned to the terminal. If the terminal owner changes without changing the telephone number Xi due to buying or selling the terminal, the center changes the protection code Gi of the terminal. Then IKi changes. Since the old key (i) can no longer be used, the old owner of the terminal cannot know the new key Ki, so it is safe.

For information on how to use Ki as secret information in digital signatures, etc., see, for example, the following document: [Kurosawa Kaoru, Easy-to-change IDD&No. 1 IEICE technical research report (Vol. 88. Reference 33)] Information Security is explained in Paper No. 15EC88-6J.

"Effects of the Invention" Although the key writing device according to the present invention can write the parameter P, it is also possible to write the parameter P.
Therefore, even if the terminal code Xi is known, the parameter P is secret, so the key Ki cannot be generated.By using the key writing device of this invention, the key It is easy to keep the generation rules of Ki secret, and security can be ensured.

[Brief explanation of drawings]

FIG. 1 is a block diagram of an embodiment of a key writing device based on the present invention. Patent applicant Nippon Telegraph and Telephone Corporation

Claims (3)

[Claims] (1) Input the terminal code Xi and use the secret parameter P. However, P can be single or multiple, and depending on the key generation means, Ki = F (P, Xi) is the key generation means function. The key Ki is determined as a function expression, where the function F is either a random number generation algorithm, a cryptographic algorithm, a data compression algorithm, or a modulo operation of modulo n.A key having the characteristics of determining the key Ki according to the above. writing device. (2) The key generation means determines the key Ki as Ki=F(PGi, Xi), where PGi=f1(P, Gi)
, f1 is a function of P and Gi, P is the secret parameter, G
2. The key writing device according to claim 1, wherein i is a protection code. (3) The key generation means determines n keys Kiu as Kiu=F(P, Qiu) (u=1, 2,...n), where Qiu=f2(Xi, Xiu), f2 is Xi and Xi
2. The key writing device according to claim 1, wherein P is a function of u, P is the secret parameter, and Xiu is a sub-terminal code.