(1) Field of the Invention
The present invention relates to a method for speeding up an encryption/decryption process in the key management software that manages, using a key database with the tree structure, keys to be used for the encryption/decryption, in a device or the like that encrypts and/or decrypts files and data.
(2) Description of the Related Art
An issue of concern in recent years is that data like personal information is stolen from data processing devices such as personal computers and mobile phones.
Such a theft of data may be conducted by a malicious program such as a computer virus. The malicious program operates in an unauthorized manner within a target data processing device, making use of a malfunction of the program or the like having occurred therein. The malicious program may read data from the storage device of the personal computer or mobile phone. The malicious program may also send the read data to an attacker or the like via a network.
One of technologies for preventing such a theft of data is data encryption/decryption. The data encryption/decryption includes a data encryption and a data decryption. In the data encryption, data is encrypted by an encryption algorithm using a secret key. Here, the encryption algorithm to be used differs depending on the cryptography actually adopted. For example, the public key cryptography such as the RSA cryptography or the common key cryptography such as the AES cryptography may be adopted. In the data decryption, the encrypted data is decrypted. Here, the encrypted data is not correctly decrypted unless a key, which corresponds to a key used in the encryption, is used.
With use of the data encryption/decryption, even if a malicious program reads data from a data processing device and sends it to an attacker, the attacker cannot decrypt the received data when the attacker does not know the key. However, a problem with the data encryption/decryption is that, if the secret key is exposed, the attacker can decrypt the encrypted data and thus can steal the correctly decrypted information.
The Trusted Computing Group (TCG), in view of the above-mentioned problem, published a specification (see Non-Patent Document 1 identified below) for protecting the keys used in the data encryption/decryption.
In the following, the data encryption/decryption disclosed in the Non-Patent Document 1 as “Protected Storage” will be described with reference to FIGS. 15 through 18.
FIG. 15 shows a key database that is managed by the key management software for achieving the data encryption/decryption.
A key database 200 manages the keys in the tree structure. The tree structure of the key database 200 includes: a node 201 of the root key; a node 202 of a key A encrypted with the root key; and a node 203 of a key B encrypted with the root key.
The node 202 stores the key A encrypted with the root key. The key A is used to encrypt and/or decrypt data that is not illustrated.
The node 203 stores the key B encrypted with the root key. The key B is used to encrypt and/or decrypt data that is not illustrated.
FIG. 16 shows the structure of an encryption/decryption processing device that is used by the key management software to load keys and encrypt and/or decrypt data.
As shown in FIG. 16, an encryption/decryption processing device 210 includes a nonvolatile memory 211, an encryption/decryption engine 212, and a key storage unit 213.
The encryption/decryption processing device 210 has been made tamper-resistant so that process data stored therein cannot be stolen or tampered with from outside thereof.
The nonvolatile memory 211 is a nonvolatile storage device, meaning that once data is stored therein, the data is retained even if the power supply from an external power source is stopped. The nonvolatile memory 211 stores a root key 214. The root key 214 is a private key for use in the public key cryptography or a common key for use in the common key cryptography.
The encryption/decryption engine 212 is a device that decrypts encrypted keys, encrypts keys, decrypts encrypted data, and encrypts data.
The key storage unit 213 is a device storing the key that is used by the encryption/decryption engine 212.
FIG. 17 shows the flow of the process in which the key management software loads a key onto the encryption/decryption processing device 210.
FIG. 18 shows the flow of the process in which the key management software causes the encryption/decryption processing device 210 to encrypt and/or decrypt data.
The following will describe the process in which the key A shown in FIG. 15 is loaded onto the encryption/decryption processing device, and the process in which the encryption/decryption is achieved, with reference to FIGS. 17 and 18.
<Key Load Process>
The key management software is requested to load the key A, from an application that is not illustrated (S200).
The key management software obtains, from the key database 200, the node 202 that corresponds to the specified key, and loads the key onto the encryption/decryption processing device 210 (S201).
The encryption/decryption processing device 210 causes the encryption/decryption engine 212 to decrypt the key A, which has been encrypted with the root key, using the root key 214, and store the decrypted key into the key storage unit 213 (S202).
The key management software ends the key load process when it receives, from the encryption/decryption processing device 210, a notification that the key loading has been completed (S203).
<Data Encryption/Decryption Process>
After the key A is stored into the key storage unit 213 as described above, the key management software is requested to encrypt or decrypt the data, from an application that is not illustrated (S210).
The key management software inputs, into the encryption/decryption processing device 210, the data input from the application, and requests the encryption/decryption processing device 210 to encrypt or decrypt the data using the key A (S211).
The encryption/decryption processing device 210 causes the encryption/decryption engine 212 to encrypt or decrypt the input data using the key A stored in the key storage unit 213, and outputs the data that has been encrypted or decrypted (S212).
The key management software notifies the application of the data output from the encryption/decryption processing device 210, and ends the data encryption/decryption process (S213).
With the above-described structure where the key database and the encryption/decryption processing device are used, the plaintext key can be used while it is always stored in the tamper-resistant encryption/decryption processing device. This prevents the plaintext key from being stolen.
Further, when registering a key with the key database 200, the user or application that is to perform the data encryption/decryption may set a password into the node 202 of the key A encrypted with the root key or into the node 203 of the key B encrypted with the root key, in the structure shown in FIG. 15. In this case, the user or application performs the data encryption/decryption by inputting a password, which corresponds to the node storing a key to be used, into the key management software.
The Patent Document 1 identified below discloses a technology for achieving deletion of nodes from the tree structure in the data management. This technology will be briefly described with reference to FIG. 19.
FIG. 19 shows a terminal management database 220 used for managing terminals which may include, for example, a DVD playback device.
The terminal management database 220 is a tree-structure database composed of: a root 221, an intermediate node A 222, an intermediate node B 223, a leaf C 224, an intermediate node D 225, a leaf E 226, a leaf F 227, and a leaf G 228. Of these, the root is a node that has no parent node, and is positioned at the top of the tree structure. The intermediate node is a node that has a parent node and child node(s). The leaf is a node that has merely a parent node.
In the terminal management database 220, the leaf C 224, the leaf E 226, the leaf F 227, and the leaf G 228 store information corresponding to the terminals.
When terminals respectively corresponding to the leaf F 227 and the leaf G 228 are to be revoked, the leaf D 225 is deleted from the terminal management database 220. This makes it possible to delete the leaf F 227 and the leaf G 228 from the terminal management database 220 all at once.
According to the method of the Non-Patent Document 1, the key database of the tree structure is used so that the data encryption/decryption can be performed by protecting a plaintext key.
However, this method has a problem that as the number of intermediate nodes that exist on a path from the root to the leaves increases (hereinafter, the number of intermediate nodes is referred to as “tree-structure depth”), the data encryption/decryption performance deteriorates.
The problem will be described briefly with reference to FIG. 20. FIG. 20 shows a key database 230. The key database 230 is composed of: a node 231 storing the root key; a node 232 storing a key A encrypted with the root key; a node 233 storing a key B encrypted with the key A; a node 234 storing a key C encrypted with the key B; and a node 235 storing a key D encrypted with the key C.
With this structure, to obtain the key D from the key database 230, the key load process should be performed four times in total: the first load process in which key A is obtained by decrypting encrypted key A, which has been encrypted using the root key, using the root key; the second load process in which key B is obtained by decrypting encrypted key B, which has been encrypted using the key A, using the key A; the third load process in which key C is obtained by decrypting encrypted key C, which has been encrypted using the key B, using the key B; and the fourth load process in which key D is obtained by decrypting encrypted key D, which has been encrypted using the key C, using the key C.
Further, although Patent Document 1 discloses the method of deleting leaves efficiently, the technology has problem that, when an intermediate node is deleted, all the leaves connected with the deleted node are also deleted.
It is therefore an object of the present invention to provide a method for speeding up an encryption/decryption process in the key management software that manages, using a key database with the tree structure, keys to be used for the encryption/decryption, in a device or the like that encrypts and/or decrypts files and data.    Patent Document 1: Japanese Patent Application Publication No. 2002-152187    Non-Patent Document 1: TCG Specification Architecture Overview, Specification, Revision 1.3, 28 Mar. 2007.