1. Field of the Invention
The present invention relates to an enciphering method in an encryption (a cipher) network system, a device constituting the cipher network system, and a medium storing therein a program for controlling the device.
2. Description of the Related Art
A common-key cryptosystem and a public-key cryptosystem are known as a cryptosystem for enciphering plaintext and for deciphering ciphertext in encryption communication.
In the common-key cryptosystem, a key used for enciphering (encrypting) the plaintext and a key used for deciphering (decrypting) the ciphertext are identical.
In the public-key cryptosystem, the plaintext is enciphered using a public key, and the ciphertext is deciphered using a secret key paired with the public key used for the encryption.
In the common-key cryptosystem, the key used for enciphering the plaintext is also used for deciphering the ciphertext. Therefore, the same key as the key used for enciphering the plaintext must be previously delivered to a person who is authorized to decipher the ciphertext. In the public-key cryptosystem, a person who receives the ciphertext must previously put his or her own public key on a database or the like set in a network and disclose the public key. However, data in the database or the like set in the network is liable to be altered without authorization. It is said that a manager of the database must issue a certificate of the public key.
An object of the present invention is to provide an enciphering method in which encryption communication can be established safely and simply through a network utilized by a lot of persons, a device constituting a cipher network system, and a medium storing a program for controlling the device.
A cipher network system according to the present invention is constituted by a first device and a second device which are connected to each other by a network. The first device and the second device can communicate with each other through the network. In the system, ciphertext is transmitted from the first device to the second device through the network, and the ciphertext is deciphered in the second device.
The first device enciphers plaintext in accordance with an encryption program. Ciphertext thus obtained and its identifier are transmitted from the first device to the second device.
In the second device, in accordance with a first key generation program for generating a pair of a first public key and a first secret key in a first public-key cryptosystem, the pair of the first public key and the first secret key is generated, and the generated first secret key and its identifier are held. The generated first public key and its identifier are transmitted from the second device to the first device.
In the first device, information relating to the decryption of the ciphertext is enciphered using the received first public key. The enciphered information and the identifier are transmitted to the second device.
In the second device, the received enciphered information is deciphered using the first secret key, which corresponds to the received identifier, of the held first secret keys. The ciphertext is deciphered utilizing the deciphered information.
According to the present invention, the information relating to the decryption of the ciphertext is enciphered, and the enciphered information is transmitted from the first device to the second device. Moreover, the information relating to the decryption of the ciphertext is enciphered using the first public key cryptosystem. The first secret key for decryption in the first public key cryptosystem is generated in the second device, and is held in the second device. Since the first secret key is not transmitted on the network, the secrecy thereof is high, thereby making it possible to construct a cipher system that is significantly high in safety. Further, identifiers are respectively attached to the ciphertext and various keys, so that the correspondence between the ciphertext and the keys can be recognized by the identifiers. The present invention is particularly effective when a plurality of encrypted communications are transmitted on the network.
In one mode of the present invention, the information relating to the decryption of the ciphertext is a common key for enciphering plaintext to create the ciphertext. The plaintext is enciphered (ciphertext) using the common key in the first device, and is deciphered in the second device using the same common key as the common key used for the encryption.
In another mode of the present invention, the information relating to the decryption of the ciphertext is a secret key for plaintext corresponding to a public key for plaintext for enciphering plaintext to create the ciphertext. The plaintext is enciphered (ciphertext) using the public key for plaintext in the first device, and is deciphered in the second device using the secret key for plaintext corresponding to the public key for plaintext used for the encryption.
In still another mode, the information relating to the decryption of the ciphertext is a second secret key corresponding to a second public key in a second public key cryptosystem used for enciphering a common key for enciphering plaintext to create the ciphertext. In this case, the common key enciphered by the second public key is transmitted from the first device to the second device. In the second device, the received enciphered information is deciphered using the first secret key to obtain the second secret key, and the common key enciphered by the second public key is deciphered using the second secret key.
In a further mode, the information relating to the decryption of the ciphertext is a second secret key corresponding to a second public key in a second public key cryptosystem used for enciphering a secret key for plaintext corresponding to a public key for plaintext for enciphering plaintext to create the ciphertext. The secret key for plaintext that has been enciphered by the second public key is transmitted from the first device to the second device. In the second device, the received enciphered information is deciphered using the first secret key to obtain a second secret key, and the secret key for plaintext which has been enciphered by the second public key is deciphered using the second secret key.
When a first key generation program is put on the first device, and the program, together with the ciphertext and the identifier, is transmitted from the first device to the second device, the first key generation program need not be held in the second device.
Conversely, when a program for enciphering the plaintext, and a program for enciphering the information relating to the decryption of the ciphertext using the first public key are held in the second device, and the programs are transmitted to the first device by the second device (including a case where the first device accesses the second device), only a program for communication (for example, a web browser) may be provided in the first device.
It is possible to utilize an electronic mail and an internet in order to transmit the program and the ciphertext.
For example, at least one of transmission data including the ciphertext, the enciphered information and the identifier which are transmitted from the first device to the second device and transmission data including the first public key and the identifier which are transmitted from the second device to the first device is transmitted with it being stored in a file attached to an electronic mail.
An address, in a network, assigned to a file in the second device storing the program for enciphering the information relating to the decryption of the ciphertext using the first public key is described using the second device as a server on a web page provided therein. The first device accesses the second device to fetch the web page and further accesses the address, in the network, described on the web page to fetch the program.
The above-mentioned program can be also stored in the web page (JAVA applet, etc.). A program for calling the program from a device on the network (which may be the second device or the other device) may be stored (Plug-in, ActiveX, etc.).
The use of the following authenticating method for checking the second device makes it possible to prevent the other device from acquiring ciphertext without authorization. That is, the address, assigned to the second device, included in the transmission data including the first public key and the identifier which are transmitted from the second device to the first device is compared, in the first device, with an address, assigned to the second device, used when the ciphertext is transmitted from the first device to the second device, and the enciphered information and the identifier are transmitted from the first device to the second device only when the addresses coincide with each other.
In order to prevent the first public key transmitted on the network from being altered, an authenticator obtained by compressing the transmission data including the first public key and the identifier which are transmitted from the second device to the first device (including a part or the whole of a mail sentence in an electronic mail or a web page) and enciphering the compressed transmission data using the first secret key is created, and the authenticator and the transmission data are transmitted to the first device. In the first device, the transmission data is compressed, to check whether or not the compressed transmission data is the same as one which is obtained by deciphering the authenticator using the first public key.
The present invention further provides a method of reducing, when in a network system including a first device and a second device which are connected to each other by a network, enciphered information is generated in the first device and is transmitted to the second device, and the enciphered information is deciphered in the second device, the burden on the second device.
Specifically, the method of transmitting ciphertext from the first device to the second device which is connected to the first device by the network, and deciphering the ciphertext in the second device in the present invention is a method of transmitting a key generation program for generating a pair of a public key and a secret key in a public key cryptosystem, together with an identifier, from the first device to the second device, generating, in the second device, the pair of the public key and the secret key in accordance with the received key generation program, to hold the generated secret key in correspondence with the identifier, and transmit the generated public key, together with the identifier, to the first device, generating, in the first device, enciphered information using the received public key, to transmit the generated enciphered information, together with the identifier, to the second device, and deciphering, in the second device, the received enciphered information using the secret key, which corresponds to the received identifier, of the held secret keys.
In one mode, the enciphered information is ciphertext obtained by enciphering plaintext using the public key.
In another mode, the enciphered information is an enciphered key obtained by enciphering a common key used for creating ciphertext using the public key. In this case, the first device transmits the key generation program, together with the created ciphertext, to the second device.
Since the key generation program for generating the pair of the public key and the secret key in the public key cipher system is transmitted from the first device to the second device, the second device need not previously have the key generation program. Since a decryption program (also an encryption program) in the public key cryptosystem, for example, ActiveX or Plug-in is available from a web page on an internet, the second device need not hold the encryption program and the decryption program.
It is also possible to provide a third device in addition to the first and second devices, and to connect the first device, the second device and the third device to one another on a network system. In this configuration, the third device can manage the key generation program, the encryption program, and the decryption program, to reduce the burden on the first and second devices. In this case, in the first and second devices, the program transmitted from the third device is automatically eliminated (erased) after the execution thereof, thereby making it possible to further promote safety. A program for elimination is also transmitted from the third device to the first and second devices.
The present invention further provides first and second devices, and a medium storing a program for operating the first and second devices as described above.