1. Field of the Invention
The present invention relates to at technology for encryption and decryption of data in data communications.
2. Description of the Related Art
Recently, with the development of network technology such as the Internet, various kinds of important information are transferred via a network. When information is transferred via such an open network, a security measure for preventing falsification and tapping of transferred data, and spoofing is essential.
To achieve secure communications, a communication technology using cryptogram has been proposed. For example, secure sockets layer (SSL) is a communication protocol for encrypting data communicated between a client and a server at a socket level, in which falsification and tapping of data and spoofing are prevented by combining a public key cryptosystem, a common key cryptosystem, and a digital certificate (http://www.verisign.co.jp/repository/faq/SSL/).
When the server authenticates a client by using the SSL, the public key cryptosystem is used to share the common key, and communication is performed by the common key cryptosystem using the common key.
With such authentication method, however, communication (communication by the public key cryptosystem) for sharing the common key is necessary before intended data communication (communication by the common key cryptosystem). Therefore, time, a processing load, and a communication load required for the authentication increases. In addition, if the number of communications increases, the chance of the data being in danger of falsification, tapping, and spoofing also increases.
It is an object of the present invention to at least solve the problems in the conventional technology.
An encryption apparatus according to one aspect of the present invention performs encryption on data to be transmitted. The encryption apparatus includes a storage unit configured to store at least one encryption scheme; an encrypting unit configured to encrypt the data based on the encryption scheme; and a transmitting unit configured to transmit encrypted data.
An encryption method according to still another aspect of the present invention is for encrypting data to be transmitted. The encryption method includes storing at least one encryption scheme; encrypting the data based on the encryption scheme; and transmitting encrypted data.
A computer-readable recording medium according to still another aspect of the present invention stores therein a computer program for realizing the encryption method according to the above aspect.
The other objects, features, and advantages of the present invention are specifically set forth in or will become apparent from the following detailed description of the invention when read in conjunction with the accompanying drawings.
Exemplary embodiments according to the present invention will be explained in detail with reference to the accompanying drawings.
When transmitting data D1, the client 1 selects a public key to be used from the pattern table 11, and encrypts the data D1 by using the selected public key, to create a ciphertext DZ. The client 1 then adds a pattern number D3 corresponding to the used public key to the ciphertext D2 and transmits these to the server 2.
On the other hand, when having received the ciphertext D2 and the pattern number D3, the server 2 searches the pattern table 21 based oh the received pattern number D3, to specify the public key used for encryption. Thereafter, the server 2 decrypts the ciphertext D2 by a secret key corresponding to the specified public key and extracts the data D1.
The RSA cryptography is based on the fact that prime factorization of a large natural number, which is not a prime number, is difficult. Specifically, optional two large prime numbers p and q are selected, to designate the product thereof as n (n=pq). Euler's function φ(n) derived from the Euler's theorem is defined as φ(n)(p−1)(q−1).
A figure k that is aliqu ant of φ(n) is selected. n and k are used as the public keys. Subsequently, an integer h satisfying 1=hkxmodφ(n) is calculated. The h is used as the secret key. When it is assumed that a plaintext is M and a ciphertext is C, and if M<n, the following relation is established.
C=Mhmodn
M=Chmodn
Based on the relation, as long as the secret key h is not known, even if the public keys k and n are known, huge calculation is required to obtain the secret key from the public keys. Particularly, by increasing the number of digits of the key, calculation of the secret key becomes more difficult.
The generally used RSA cryptography uses this characteristic and maintains communication security by making the public key available to anyone, but keeping the secret key confidential. However, although calculation of the secret key from the public key is difficult, it is not impossible. Therefore, if the public key can be obtained by anyone, it is necessary to use a key of a sufficient number of digits, since the security of communication is determined according to the number of digits of the key.
On the other hand, in the cryptocommunication according to an embodiment of the present invention, the public key is open only to the clients, and is kept secret from other terminals. Furthermore, the pattern number indicates the public key used for encryption by the client. That is, since the public key is not exposed in the data communication, secure cryptocommunication can be realized with a fewer number of digits.
In other words, the terms “public key” and “secret key” are used for convenience' sake of using the RSA encryption method, the public key in the present invention is kept confidential from other terminals, similarly to the common key in the common key cryptosystem.
The client 1 includes a transmission-data creating unit 13, a ciphertext creating unit 12, and the pattern table 11. The transmission-data creating unit 13 creates original data to be transmitted to the server 2, and for example, when authentication is performed between the client 1 and the server 2, creates authentication request data.
The ciphertext creating unit 12 encrypts the data created by the transmission-data creating unit 13, and includes a pattern selector 12a, an encryption processor 12b, and a pattern number adding unit 12c. The pattern selector 12a selects a public key to be used for encryption from the pattern table 11. The encryption processor 12b creates a ciphertext obtained by encrypting the data created by the transmission-data creating unit 13 by using the public key selected by the pattern selector 12a. The pattern number adding unit 12c adds a pattern number corresponding to the used public key.
On the other hand, the server 2 has a data receiver 23, a decrypting unit 22, and the pattern table 21. The data receiver 23 receives the ciphertext from the client, and transmits the received ciphertext to the decrypting unit 22. The decrypting unit 22 decrypts the ciphertext received by the data receiver 23, and includes a pattern recognizing unit 22a, a secret key selector 22b, and a decryption processor 22c. The pattern recognizing unit 22a reads the pattern number added to the ciphertext. The secret key selector 22b specifies the public key used for encryption by using the pattern number read by the pattern recognizing unit 22a, to select a corresponding secret key. The decryption processor 22c decrypts the ciphertext by using the secret key selected by the secret key selector 22b.
The pattern tables 11 and 21 are explained next. In the pattern table, the pattern number is associated with the set of the public key and the secret key. Specifically, a combination of “k” and “n” is stored as the public key, and “h” is stored as the secret key. Alternatively, in the pattern table, a set of parameters used for encryption and decryption, that is, a set of “p”, “q”, and “k” can be stored, instead of the public key and the secret key.
On the other hand, in a pattern table 32 shown in FIG. 3B, a combination of parameters “p”, “q”, and “k” is stored in association with the pattern number. For example, in a pattern indicated by a pattern number “001”, “p=7, q=13, k=5”. In a pattern indicated by a pattern number “002”, “p=29, q=5, k=5”. Likewise, in a pattern indicated by a pattern number “003”, “p=7, q=17, k=7”, and in a pattern indicated by a pattern number “004”, “p=101, q=11, k=3”.
The server 2 stores the combination of the pattern number, the public key, and the secret key, or the combination of the pattern number and the parameters, for all patterns used by respective clients. On the other hand, respective clients store only a part of the pattern table, that is, only the pattern used by the own terminal. Respective clients do not need to store the secret key, and need only to store the combination of the pattern number and the public key as the pattern table.
Thus, since respective clients store only the pattern used by the own terminal, and do not store the secret key, the security of the cryptocommunication can be increased.
A specific example of ciphertext creation is explained with reference to the pattern table shown in
(97)3mod(1111)=542
is obtained from Mkmodn=C, and hence, the ciphertext becomes “542”.
When a pattern 002 shown in the pattern table 32 is used to encrypt the character “a”, “97” obtained by converting the code of “a” to a decimal number is designated as the plaintext M, and by using “p=29, q=5, k=5” of the pattern 002,
(97)5mod(29×5)=37,
is obtained from Mkmod(pq)=C, and hence, the ciphertext becomes “37”.
Thus, after encryption is performed by using a predetermined pattern, the number of the used pattern is added to the data and transmitted. The server side can specify the secret key to be used for decryption based on the pattern number.
A specific processing operation of the server 2 shown in
In the first embodiment, since a pattern number is set with respect to the set of a public key and a secret key to create a pattern table, the pattern table is shared between the client and the server, and the client adds, to the ciphertext, the pattern number corresponding to the public key used at the time of encrypting the data, and transmits the ciphertext, communication using the public key cryptosystem can be performed without exposing the public key to the communication network.
Since secure cryptocommunication can be realized with a fewer number of digits by keeping the public key confidential, a processing load applied to encryption and decryption can be reduced. Particularly, when the first embodiment is used for authentication between the client and the server, since the client can transmit an authentication request directly, the number of communications can be reduced, and time required for improvement of security and authentication can be reduced.
Although an example of encrypting data of one character and transmitting the encrypted data has been explained above, the present invention is not limited thereto, and is also applicable to an encryption of a character string to be transmitted.
When a character string is encrypted and transmitted, the number of digits for one character can be determined, to divide characters.
When a character string is encrypted, after respective characters included in the character string are encrypted, the encrypted data is equalized to the number of digits specified in the pattern table.
In decryption in the server 2, the pattern number at the end of the ciphertext is identified, to obtain the number of digits provided to the pattern. Accordingly, based on the number of digits, the ciphertext can be divided into characters and decrypted.
Since communication is performed by encrypting the character string in this manner, the number of communications between the client and the server can be further suppressed, the load on the communication line can be also reduced, and the security strength can be increased.
To increase the encryption strength, it is desired to use a different pattern for each communication. To do this, it is only necessary to store a plurality of patterns in the pattern table on the client side, and select a different pattern for each communication. Since the server side can specify the secret key to be used for decryption based on the pattern number added to the ciphertext, even if the client uses a different public key every time the server side can accurately decrypt the ciphertext.
In the first embodiment, the pattern used for encryption is informed to the server by adding the pattern number to the ciphertext. In a second embodiment, a cryptocommunication system in which the server identifies the client to specify a pattern to be used for decryption is explained.
The client 50 includes the transmission-data creating unit 13, a ciphertext creating unit 52, and a pattern table 51. The transmission-data creating unit 13 creates data to be transmitted to the server. The public key associated with the pattern number is stored in the pattern table 51.
The ciphertext creating unit 52 includes an encryption processor 52a. The ciphertext creating unit 52 creates a ciphertext by using the public key stored in the pattern table 51, and transmits the ciphertext to the server 60. The client 50 does not add the pattern number indicating the public key used for encryption.
On the other hand, the server 60 has the data receiver 23, a decrypting unit 62, and a pattern table 61. The data receiver 23 receives a ciphertext via the network 3, and transmits the received ciphertext to the decrypting unit 62. A pattern number is added to a set of a public key and a secret key to be stored, and information for specifying each client, for example, an Internet protocol (IP) address is associated with a pattern number to be stored in the pattern table 61.
The decrypting unit 62 includes a client recognizing unit 62a, a pattern specifying unit 62b, a secret key selector 62c, and a decryption processor 62d. Upon reception of a ciphertext, the client recognizing unit 62a recognizes the client as a sender by referring to the IP address or the like. The pattern specifying unit 62b specifies a pattern used for encryption based on the recognition result by the client recognizing unit 62a. The secret key selector 62c selects a secret key based on the pattern specified by the pattern specifying unit 62b. The decryption processor 62d decrypts the ciphertext by using the secret key.
In the cryptocommunication system according the second embodiment, the patterns stored on the client side are registered on the server side, and the server identifies the client by using the IP address or a media access control (MAC) address to select a secret key to be used for decryption from the pattern, which can be used by the client.
Therefore, the client need not add the pattern number to the ciphertext, and since only the ciphertext is transmitted via the network, further stronger security can be realized.
A specific processing operation of the client 50 shown in
A specific processing operation of the server 60 shown in
The relation between the client and the pattern, stored in the pattern table 61 of the server 60 is explained.
A table 72 shown in
The correspondence between the client and the pattern can be stored together with the correspondence between the public key and the secret key.
In the second embodiment, a pattern number is set with respect to a set of a public key and a secret key to create a pattern table, and the pattern table is shared by the client and the server. Further, since the pattern stored by the client is registered on the server side, the server can identify the client by using the IP address, the MAC address, or the like, and select a secret key to be used for decryption from the pattern that can be used by the client to perform decryption.
To improve the communication security, it is desired that the pattern used by the client can be updated appropriately. One example of an update method of the pattern in the present invention is explained with reference to
The client receives this data, and decrypts the data to extract the new pattern table (step S502). Thereafter, the client determines whether all necessary data have been received (step S504). If all data have been received (“YES” at step S504), the client transmits data having the same content as the received data to the server (step S506). On the other hand, if all data have not been received (“NO” at step S504), the client encrypts the current pattern table by the existing pattern of the own terminal and transmits the encrypted pattern table to the server (step S505).
The server receives the data transmitted by the client (step S605). If the received data is identical to the transmitted data (“YES” at step S606), the server updates the pattern table (step S608), and informs the client of the successful update (step S609). If the received data is different from the transmitted data (“NO” at step S606), the server informs the client of update failure (step S607), and ends the processing.
On the other hand, the client receives the update result (step S507), and when the update has been successful (“YES” at step S508), updates the pattern table (step S509). After finishing the update of the pattern table, or when the update has failed (“NO” at step S508), the client ends the processing.
When update of the pattern table has failed, it is desired to restore the pattern table, and ensure cryptocommunication by the existing pattern table.
When the pattern number is added to the received data (“YES” at step S702), the server obtains the pattern number from the received data (step S703). The server then specifies the client based on the IP address or the like, and specifies the pattern number based on the pattern table (step S704). Thereafter, the server compares the received pattern number with the pattern number read from the pattern table (step S705). When the pattern numbers agree with each other (“YES” at step S706), the server informs the client of the successful update of the pattern table and ends the processing.
On the other hand, when the pattern numbers do not agree with each other (“NO” at step S705), the server reads the pattern number from the old pattern table (step S707), and compares the number with the pattern number added to the data (step S708). When the pattern number added to the data agrees with the old pattern number (“YES” at step S708), the server restores the pattern table (step S716), informs the client of restoration completion of the pattern table (step S717) and ends the processing. When the pattern number added to the data does not agree with the old pattern number (“NO” at step S708), the server sends an error message to the client (step S709) and ends the processing.
When the pattern number is not added to the received data (“NO” at step S702), the server uses the IP address or the like in the received data to specify the client (step S710), and obtains a pattern number from the pattern table (step S712). The server then decrypts the received data by a secret key corresponding to the obtained pattern number. When decryption has been successful (“YES” at step S713), the server informs the client of the successful update of the pattern table and ends the processing (step S718).
On the other hand, when decryption has failed (“NO” at step S713), the server obtains a pattern number from the old pattern table (step S714) to execute decryption (step S715). When decryption using the old pattern number has been successful (“YES” at step S715), the server restores the pattern table (step S716), informs the client of restoration completion of the pattern table (step S717) and ends the processing. When decryption using the old pattern number has failed (“NO” at step S715), the server sends an error message to the client (step S709) and ends the processing.
Thus, by updating the pattern table shared between the client and the server based on the update request from the client, the pattern table to be used can be changed according to need, thereby improving the communication security.
Update of the pattern table is not limited to the second embodiment, and is also effective in the cryptocommunication system according to the first embodiment.
In the first and the second embodiments, although an example of using the RSA cryptosystem has been explained, the present invention is not limited thereto, and the present invention can be realized by using an optional encryption method.
Although the invention has been described with respect to a specific embodiment for a complete and clear disclosure, the appended claims are not to be thus limited but are to be construed as embodying all modifications and alternative constructions that may occur to one skilled in the art which fairly fall within the basic teaching herein set forth.
Number | Date | Country | |
---|---|---|---|
Parent | PCT/JP03/06228 | May 2003 | US |
Child | 11281875 | Nov 2005 | US |