When a plurality of information processing devices perform data communication with each other via a network, various security risks exist. For example, data could be stolen or falsified by a third party on a communication path or a third party could fraudulently log on by using an unauthorized information processing device. Against this background, to ensure security, cryptographic communication technology can be used. Examples of the cryptographic communication technology include Secure Sockets Layer (SSL) and Transport Layer Security (TLS). SSL and TLS can be used in various types of data communication such as World Wide Web (WWW) communication, transmission of electronic mail, and Virtual Private Network (VPN) communication.
In cryptographic communication technology, there are cases in which handshakes are performed by using public key cryptography technology. For example, when two information processing devices perform a handshake, each of the two information processing devices that wish to perform data communication encrypts a key material such as a random number by using a public key of its communication peer and transmits the encrypted key material. The key material encrypted by using the public key can be decrypted only by an authorized information processing device having a private key that corresponds to the public key. Thus, when each of the two information processing devices determines that its communication peer has properly recognized the corresponding encrypted key material, each of the two information processing devices can validate its communication peer.
In addition, for example, when a handshake is performed, two information processing devices can independently generate a shared key on the basis of a predetermined key generation algorithm and a key material exchanged between the two information processing devices. If the two information processing devices are authorized information processing devices, the two information processing devices generate the same shared key. Thus, the two information processing devices can agree on the shared key, without transmitting the shared key itself. Thereafter, the two information processing devices can encrypt and transmit data on the basis of the agreed shared key.
Identity-based (ID-based) cryptography has been proposed as a kind of public key cryptography technology. In ID-based cryptography, instead of using a mathematically-generated numerical value as a public key, any identifier that can be recognized by humans such as a network address, a host name, or a device number or a numerical value obtained by converting such an identifier is used as a public key. In ID-based cryptography, cryptographic processing can be performed when an identifier of a communication peer is known, and there are cases in which a certificate that certifies that a public key is assigned to the communication peer is not needed.
See, for example, Japanese Laid-open Patent Publication No. 2010-4288.
In cryptographic communication technology, for example, two information processing devices can perform a handshake in accordance with the following procedure. One information processing device accesses the other information processing device. The latter information processing device transmits a key material obtained by performing encryption by using a public key of the former information processing device. The former information processing device transmits a key material obtained by performing encryption by using a public key of the latter information processing device. In addition, the former information processing device generates verification data for determining whether a shared key has accurately been generated from the key material and transmits the verification data. The latter information processing device also generates and transmits verification data. When each of the two information processing devices verifies its corresponding verification data, the two information processing devices determine that the shared key has been agreed upon.
However, in accordance with the above handshake procedure, four communications are performed between the two information processing devices. If the number of communications can be reduced, the authentication time can be shortened, and the overhead before the start of data communication can be reduced.