The present invention relates to a system for controlling decryption keys used for decrypting encrypted data. More particularly, the present invention relates to a system for controlling decryption keys used for decrypting encrypted data in a manner to permit disclosure of information to a plurality of users on a communication network at the same time.
In recent years, information can be readily exchanged among a plurality of terminals by way of a communication network such as the Internet. Among data to be exchanged, there is a kind of information with a property which requires that the information be kept secret up to a predetermined time at a predetermined date but be set free for disclosure afterward. An example of such information is confidential data of the government. In addition, such information is to be disclosed to a plurality of users after the predetermined time at the predetermined date. In other words, there must be an assurance that information can be put in a state that allows a plurality of users to know the most essential part of the information. An example of information with such a property is information on a transaction such as a tender or an offer.
For such information, there has been provided a conventional method whereby information produced at a terminal of an information producer is kept at the terminal up to a date or a time of a date at which protection of the confidentiality of the information is ended. It is not until the termination of the confidentiality protection is ended, that is, the expiration of the time of the confidentiality protection, that the information is disclosed and distributed to a plurality of users.
With the method described above, however, it is not easy for an information producer to disclose or distribute information to a plurality of users at the same time with a high degree of reliability. Particularly if the amount of the information to be disclosed or distributed is large or if there are a large number of users on the distribution list.
In addition, the information producer has to control the date and time at which information is to be disclosed or distributed. In particular, if there are many kinds of information to be disclosed or distributed at the same date and time, it will be difficult to assure that these pieces of information will be disclosed or distributed to a plurality of users simultaneously.
An object of the present invention to provide a system for conducting decryption keys used for decrypting encrypted data in a manner to permit simultaneous disclosure of information to a plurality of users on a network.
The present invention provides a key arrangement system including an information encrypting apparatus for encrypting information by using encryption keys, an information decrypting apparatus for decrypting information by using decryption keys, a key controlling apparatus for controlling the encryption keys and the decryption keys used in the information encrypting apparatus and the information decrypting apparatus respectively, and a communication network connected at least between the information encrypting apparatus and the key controlling apparatus.
The key controlling apparatus includes a key storage for storing at least a pair of the encryption and decryption keys, a key control table storage for storing a key control table illustrating a relation between the decryption keys stored in the key storage and disclosure dates or disclosure dates and times of the decryption keys, a key searching apparatus for searching the key control table stored in the key control table storage for one of the decryption keys associated with one of the disclosure dates or disclosure dates and times specified by the information encrypting apparatus and one of the encryption keys forming a pair in conjunction with the decryption key, an encryption key transmitting apparatus for transmitting the encryption key searched for by the key searching apparatus to the information encrypting apparatus through the communication network, and a decryption key disclosing apparatus for disclosing one of the decryption keys associated with the present date or the present date and time according to the relation shown by the key control table stored in the key control table storage.
The information encrypting apparatus includes a date/date and time information transmitting apparatus for transmitting data representing a date or a date and time at which security protection of data to be encrypted will be ended to the key controlling apparatus through the communication network, an encryption key acquiring apparatus for acquiring one of the encryption keys which is transmitted by the key controlling apparatus through the communication network and forms a pair in conjunction with one of the decryption keys associated with a disclosure date or a disclosure date and time indicated by the data used for representing a disclosure date or a disclosure date and time and transmitted by the date/date and time information transmitting apparatus, a data encrypting apparatus for encrypting data by using the encryption key acquired by the encryption key acquiring apparatus, and an encrypted information forming apparatus for forming encrypted information to be transmitted to the information decrypting apparatus by adding the data representing a date or a date and time, at which secrecy protection of the encrypted data is to be ended, to the data encrypted by the data encrypting apparatus.
The information decrypting apparatus includes encrypted information acquiring apparatus for acquiring the encrypted information formed by the information encrypting apparatus, a decryption key acquiring apparatus for acquiring one of the decryption keys disclosed by the key controlling apparatus at a disclosure date or a disclosure date and time indicated by the data used for representing a disclosure date or a disclosure date and time and included in the encrypted information acquired by the encrypted information acquiring apparatus, and an information decrypting apparatus for decrypting the encrypted data included in the encrypted information acquired by the encrypted information acquiring apparatus by using the decryption key acquired by the decryption key acquiring apparatus.
The encryption key and the decryption key are a disclosed key and a secret key respectively in a key based encryption system. In the configuration provided by the present invention as described above, the information producer is capable of encrypting information produced thereby using the encryption key. The encrypted information is distributed to information users prior to a date or a date and time at which secrecy protection of the information is ended. It is thus no longer necessary for the information producer to control the disclosure date of information produced thereby.
It is not until a date or a date and time at which secrecy protection of encrypted information received by the information user is ended that the information user is allowed to acquire a decryption key for decrypting the encrypted information. As a result, the encrypted information can be kept secret until the date or the date and time at which the secrecy protection of the encrypted information is ended.
In addition, since the information user is allowed to acquire a decryption key for decrypting encrypted information after a date and time at which secrecy protection of the encrypted information received by the information user is ended, the information user is capable of decrypting the encrypted information received prior to the set date and time by using the decryption key. As a result, if there are a plurality of information users, disclosure of encrypted information at the same time can be assured.
It should be noted that, according to the present invention, if there are a plurality of information decrypting apparatuses, the information decrypting apparatuses are each connected to the key controlling apparatus through the communication network. In this case, the decryption key disclosing apparatus employed in the key controlling apparatus is then capable of simultaneously transmitting a decryption key to the information decrypting apparatuses at the same time by way of the communication network as a broadcast packet or a multi-cast packet. As an alternative, the decryption key disclosing apparatus employed in the key controlling apparatus may disclose a decryption key to the information decrypting apparatuses by adopting a radio broadcasting method. In this case, it is not necessary anymore to connect the information decrypting apparatuses to the key controlling apparatus by using the communication network.
Further, according to the present invention, a decryption key associated with a disclosure date or a disclosure date and time specified by the information encrypting apparatus and transmitted to the key controlling apparatus may not exist in the key control table stored in the key control table storage employed in the key controlling apparatus. In order to cope with such a case, the key control apparatus can be further provided with a key generating apparatus for generating a new pair of encryption and decryption keys, and a key control table creating apparatus for associating the new pair of encryption and decryption keys generated by the key generating apparatus with the disclosure date and time specified by the information encrypting apparatus and transmitted to the key controlling apparatus as well as for adding the new pair and the disclosure date and time to the key control table.