1. Field of the Invention
The present invention relates to a commission information generator, a shared key calculator, a signature synthesizer, a commissioned key sharing computer and a commissioned signature generation computer, which can be applied, for example, to cases where a commissioned computer can securely process some of computations related to key exchange and authentication processes in proxy of communicators performing a communication.
2. Description of the Background Art
In order to use sensors and similar devices in social infrastructure sectors requiring high reliability and quality such as disaster prevention, traffic control, and financial applications, it is necessary to maintain the security of communications between communicators, for example, a server providing services and sensors connected thereto.
In order for a communicator such as a sensor to secure a secured end-to-end communication path with another communicator such as a service providing server, exchange of information (for authentication and exchange of keys) on an end-to-end basis is needed between the two communicators incorporated in the server and sensor.
A case in which communicators such as sensors form a power-saving multi-hop network will be discussed below. In this network, communicators such as sensors deliver data like from hand to hand. If a communicator does not participate in the data delivery, it sleeps, thus saving power consumption.
For example, where a huge number of communicators such as sensors are deployed over a broad area and a secured end-to-end communication path should be secured between each communicator and a server on the Internet, the aforementioned information exchange on the end-to-end basis raises the possibility that some problems such as congestion of power-saving multi-hop networks and increases in power consumption and processing time would take place.
A conventional solution to cope with the above-described problems is set forth in U.S. Pat. No. 7,197,643 to Takase. In this method, key exchange operations are assigned to a host network to alleviate the terminal load. This is because it is difficult to introduce an end-to-end key exchange operation required for Security Architecture for Internet Protocol (IPsec) to a cellular phone or a personal digital assistant (PDA) that needs small size and light weight.
In Takase, however, in order that the host network equipment acts as a proxy in execution of the key exchange operation, it is necessary that confidential information on an authentication key for the terminal device be given to the proxy equipment. Furthermore, in Takase, a shared key needs to be calculated by the proxy equipment.
For example, where proxy equipment in a network on a cloud environment is assumed or where plural proxy devices are employed, it is not very desirable to cause confidential information not associated with the proxy equipment to be treated by the proxy equipment because of the reliability of maintenance of confidential information given to the proxy equipment.