The present invention generally relates to user support systems for cryptographic communication, and more particularly to a user support system for cryptographic communication wherein a communication is made by enciphering and deciphering the communication in a network system.
When making a communication in a network system in which an unspecified large number of computers are connected, there is a possibility that the communication content is tapped at a repeater site or, the communication is made by a person identifying himself as the authorized user. Because of such possibilities, it is necessary to guarantee the security of the communication by enciphering the communication or, adding to the communication content a certificate or proof which is given by a third party and certifies or proves that the signature of the sender is that of himself, that is, the authorized user.
Various enciphering systems have been proposed. According to the DES system, a secret key which is common between the communicating users is prepared, and the enciphering is made by use of this secret key. The processing speed of this DES system is high, but the secret key must be held for each communicating user thereby making the key management difficult.
On the other hand, the RSA system prepares a secret key corresponding to a public key, and the enciphering is made by use of the public key or the secret key. The deciphering is made using the secret key when the enciphering is made using the public key, and the deciphering is made using the public key when the enciphering is made using the secret key. The number of required keys can be reduced according to this RSA system, however, the processing speed is low and a long processing time is necessary.
Accordingly, the PEM system which combines the DES system and the RSA system has been proposed.
FIG. 1 shows an example of a conventional cryptographic communication system employing the PEM system. The PEM system enciphers the mail text by a DES secret key according to the DES system, and enciphers this DES secret key by a public key of the receiving user according to the RSA system. The DES secret key is a session key which is generated at random using time information and the like when enciphering the mail. The receiving user obtains the mail, including the enciphered mail text of the transmitting user and the DES secret key, by a secret key of the receiving user. In other words, the receiving user deciphers the DES secret key using the DES secret key, and deciphers the enciphered mail text by using the deciphered DES secret key.
In FIG. 1, it is assumed for the sake of convenience that the cryptographic communication employing the PEM system is made from a transmitting (or sending) user A of a transmitting (or sending) system S to a receiving user B of a receiving system R so as to transmit a mail text (communication text) 300.
In the transmitting system S, a DES secret key 301 is generated at random using time information and the like when enciphering the mail text 300 according to the DES system. A public key 301′ of the user B is made by the user B and made public to the user A. A secret key of the user B, made in advance and secretly held by the user B is provided in correspondence with the public key of the user B.
In FIG. 1, a process 302 enciphers the mail text 300 according to the DES system using the DES secret key 301. A process 303 enciphers the DES secret key 301 according to the RSA system using the public key of the user B. Transmitting information 304 is the information to be transmitted in the network.
An enciphered DES secret key 305 is the DES secret key 301 which has been enciphered according to the RSA system. An enciphered mail text 306 is the mail text 300 which has been enciphered according to the DES system using the DES secret key 301.
On the other hand, in the receiving system R, A secret key 307 of the user B is secretly held in correspondence with the public key of the user B. A process 307′ deciphers the enciphered DES secret key 301 which has been enciphered according to the RSA system, using the secret key 305 of the user B. A process 308 deciphers the enciphered mail text 306 which has been enciphered according to the DES system, using the deciphered DES secret key 301. A deciphered mail text 309 is the mail text which is obtained by the deciphering process 308.
In the PEM system shown in FIG. 1, the transmitting user A of the transmitting system S makes the enciphered mail to be transmitted to the receiving user B of the receiving system R, and the receiving user B deciphers the enciphered mail in the following manner.
First, the transmitting user A makes the mail text 300, and starts an enciphering unit. The transmitting user A generates the DES secret key 301 by a secret key generator which is not shown in FIG. 1 but will be described later in conjunction with FIG. 3A, and enciphers the mail text 300 according to the DES system using the DES secret key 301. Then, the transmitting user A obtains the public key 301′ of the receiving user B, and enciphers the DES secret key 301 according to the RSA system using the public key 301′ of the receiving user B. Usually, the public key 301′ of the receiving user B is stored in a file such as a floppy disk.
The enciphered mail text 306 which has been enciphered according to the DES system and the enciphered DES secret key 305 which has been enciphered according to the RSA system are transmitted to the receiving user B.
The user B starts a deciphering unit when the receiving user B confirms that the enciphered mail text 306 is being transmitted to the receiving user B. The receiving user B obtains his own secret key 307 which corresponds to the public key made public to the transmitting user A, and uses this secret key 307 to decipher the DES secret key 305 which has been enciphered using the public key of the receiving user B. Usually, the secret key 307 is secretly stored in a floppy disk or the like. In addition, the deciphered mail text 309 is output.
FIG. 2 shows an example of a conventional cryptographic communication system employing a signature check system. According to the signature check system, the transmitting user A enciphers the mail text, and adds his signature when transmitting the enciphered mail text to the receiving user B.
In the transmitting system S shown in FIG. 2, a mail text 330 is to be transmitted to the receiving user B. A secret key 331 of the transmitting user A is formed in advance by the transmitting user A in correspondence with the public key of the transmitting user A, and is secretly stored in a floppy disk or the like. A public key 332 of the transmitting user A is formed by the transmitting user A and is made public to the destination of the communication, that is, the receiving user B. The public key 332 of the transmitting user A corresponds to the secret key 331 of the transmitting user A.
A digest 333 is regarded as the signature of the transmitting user A, and is obtained by subjecting the mail text 330 to a data compression. This digest 333 is enciphered into an enciphered digest 334 according to the RSA system using the secret key 331 of the transmitting user A. This enciphered digest 334 is regarded as an electronic signature of the transmitting user A.
An enciphering unit 340 enciphers the mail text 330 according to the PEM system, into an enciphered mail text 341.
On the other hand, in the receiving system R, a process 335 deciphers the received signature using the public key 332 of the transmitting user A, and a deciphered digest 336 is obtained. A deciphering unit 342 employs the PEM system and deciphers the enciphered mail text 341 which is transmitted from the transmitting user A into a deciphered mail text 343. A digest 344 of the deciphered mail text 343 is obtained by subjecting the deciphered mail text 343 to a data compression.
A collating process 345 compares the deciphered digest 336 which is obtained by deciphering the enciphered digest 334 using the public key 332 of the transmitting user A and the digest 344 of the deciphered mail text 343 which has been deciphered in the deciphering unit 342. The collating process 345 makes this comparison so as to check the signature.
In FIG. 2, the transmitting user A first makes the mail text 330. This mail text 330 is subjected to a data compression and regarded as the signature of the transmitting user A, and the transmitting user A further enciphers the compressed mail text using the secret key 331 of the transmitting user A. The enciphered signature of the transmitting user A is transmitted to the receiving user B. On the other hand, the mail text 330 is enciphered in the enciphering unit 340, and the enciphered mail text 341 is transmitted to the receiving user B.
In the receiving system R, the receiving user B obtains the public key 332 of the transmitting user A (corresponding to the secret key 331 of the transmitting user A) which is received in advance, and obtains the deciphered digest 336 by deciphering the signature of the transmitting user A (enciphered digest 334) using the public key 332 of the transmitting user A.
On the other hand, the receiving user B receives the enciphered mail text 341 which is transmitted from the transmitting user A, and deciphers this enciphered mail text 341 in the deciphering unit 342. The receiving user B then forms the digest of the deciphered mail text 343. In addition, the deciphered digest 336 which is obtained from the enciphered digest (signature) 334 and the digest 344 which is formed from the deciphered mail text 343. If the two compared digests 336 and 344 match, it is regarded that the signature is correct. But it is regarded that the signature is incorrect if the two compared digests 336 and 344 do not match.
FIGS. 3A and 3B are diagrams for explaining the constructions of a conventional enciphering unit and a conventional deciphering unit.
The enciphering unit shown in FIG. 3A enciphers a mail text 350. A storage 351 stores the public key of the transmitting user A. A storage 352 stores a secret key of the transmitting user A in correspondence with the public key of the transmitting user A. A DES secret key generator 353 generates a secret key (session key) at random using random numbers, time information and the like when making the enciphering process according to the DES system.
A storage 354 stores a public key of the receiving user B. A signature part 356 forms a digest of the mail text 350 and enciphers this digest using the secret key of the transmitting user A. An enciphering part enciphers the mail text 350 according to the DES system. An output part 358 outputs the enciphered signature of the transmitting user A and the enciphered mail text to the network.
The deciphering unit shown in FIG. 3B deciphers the enciphered mail 360 which is transmitted from the transmitting user A. A normal mail 361 has not been enciphered. A spool file 362 is a file common to the network on the receiving end, and stores the enciphered mail 360 and the received normal mail 361. A mail box 363 is a file which stores a mail intended for the receiving user B, that is, the mail having the receiving user B as its destination.
A deciphering part 364 inputs the enciphered mail intended for the receiving user B, and deciphers the enciphered mail using the secret key of the receiving user B or the like that is necessary for the deciphering process. A storage 366 stores the public key of the transmitting user A. A signature check part 367 deciphers the signature of the enciphered mail intended for the receiving user B using the public key of the transmitting user A, and checks the signature. A deciphered mail output part 368 outputs the deciphered mail text and the signature check result.
According to the conventional cryptographic communication systems, complicated key management was required at the transmitting user A who enciphers the mail and at the receiving user B who deciphers the enciphered mail, in order to provide complete security from the transmitting user A to the receiving user B. In addition, it was necessary to carry out the troublesome process of starting the enciphering unit and starting the deciphering unit every time the communication is made. As a result, there were problems in that the complicated key management and troublesome operations are required.