CA2062170C - Key distribution system for distributing a cipher key between two subsystems by one-way communication - Google Patents
Key distribution system for distributing a cipher key between two subsystems by one-way communicationInfo
- Publication number
- CA2062170C CA2062170C CA002062170A CA2062170A CA2062170C CA 2062170 C CA2062170 C CA 2062170C CA 002062170 A CA002062170 A CA 002062170A CA 2062170 A CA2062170 A CA 2062170A CA 2062170 C CA2062170 C CA 2062170C
- Authority
- CA
- Canada
- Prior art keywords
- key
- information
- subsystem
- identification information
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
In a key distribution system comprising a first subsystem (11), a second subsystem (12), and a public file (13), the first subsystem transmits distribution information (IDA, YA) to the second subsystem via a communication channel (16). The first subsystem (11) comprises a reading unit (22) for accessing the public file by reception identification information (IDB) inputted from an input unit (21) to read reception public information (XB). A first cipher key generator (28) generates a first cipher key (KA) by applying a first predetermined transformation on the reception public information and the reception identification information on the basis of first and second constants (n, t), and a random number (r). A distribution code generator (29) generates a key distribution code (YA) by applying a second predetermined transformation on transmission public information (XA) and a third constant (?) on the basis of the first constant, first secret information (rA), and the random number. The second subsystem comprises a second cipher key generator (35) for generating a second cipher key (KB) by applying a third predetermined transformation on the key distribution code and the transmission identification information on the basis of the first and the second constants and second secret information (rB). The second cipher key coincides with the first cipher key.
Description
KEY DISTRIBUTION SYSTEM FOR DISTRIBUTING A CIPHER KEY
BETWEEN TWO SUBSYSTEMS BY ONE-WAY COMMUNICATION
Background of the Invention:
Thls invention relates to a key distribution system for distributing a cipher key between two subsystems via a communication channel by one-way communication.
Various key distribution systems are already known. By way of example, a key distribution system is disclosed in a paper which is contributed by W. Diffie and M. E. Hellman to the IEEE Transactions on Information Theory, Vol. IT-22, No. 6, pages 644-654, November issue, 1976, under the title of "New Directions in Cryptography". The key distribution system according to the Diffie et al paper is called the Diffie-Hellman public key distribution system. The Diffie-Hellman public key distribution system comprises a public file or directory in which public information for each of users or conversers is stored. It will be assumed that two conversers are named A and B. Let p be a large prime *
2062 1 7~
number of about 256 bits in binary representation, which is publicly known. Let ~ be a fixed primitive element of the finite field GP(p), i.e. an integer such that its successive powers modulo p (~, d2(mod p), ~ (mod p), ...) fill the finite field GP(p) except zero, where a (mod b) means a remainder of division of the number a by the number b. The public file stores public information YA
of the converser A and public information YB of the converser B. The public information YA and YB are selected so as to be equal to ~ A (mod p) and ~ B (mod p), respectively, where XA and XB represent secret numbers of the conversers A and B that are chosen uniformly the set of integers ~1, 2, ..., (p - 1)}.
Before the converser A sends enciphered messages to the converser B, the converser A prepares an enciphering key KA generated from the public information YB and the secret information XA. The enciphering key KA represents a number obtained by calculating YB A (mod p). The converser B also prepares an enciphering key KB in accordance to YA B (mod p) in a similar manner. Inasmuch as the enciphering keys KA and KB are equal to each other, they will therefore be their common cipher key.
However, the Diffie-Hellman public key distribution system is disadvantageous in that a third party or an eavesdropper has possibility to impersonate one of the conversers A and B by doctoring or tampering with the public information.
Another key distribution system is disclosed in United States Patent No. 4,876,716 issued to Eiji Okamoto. The key distribution system according to the Okamoto's U.S. Patent is referred to an identity-based key distribution system. This is because a cipher key is generated by using each converser's identification information instead of the public file used in the Diffie-Hellman public key distribution system. The identification information may be any information such as converser's name and address. It is unfeared that tampering with the public information is made. This is because the identification information is used as the public information.
The identity based key distribution system comprises a first subsystem, a second subsystem, and an insecure communication channel such as a telephone line which connects the first subsystem with the second subsystem. It is assumed that the first and the second subsystems are used by users or conversers A and B, respectively. Let n be a modulus of size at least 512 bits which is a product of two sufficiently large prime numbers p and q, and e and d be two exponents such that exd = 1 (mod (p-l)x(q-l)). Let ~ be an integer which is both a primitive element in the finite fields GP(p) and GP(q). It will also be assumed that conversers A and B
are assigned with identification information IDA and IDB, respectively. In this event, the conversers A and B has or knows secret integer numbers SA and SB which are defined as numbers obtainable from IDA (mod n) and IDBd (mod n), respectively.
When the conversers A and B wish to obtain a work or session cipher key K, i.e. a key which is randomly chosen at each communication, the first subsystem of the converser A generates a random number ~ and sends the second subsystem of the converser B a first key distribution code XA representative of a number obtained by computing SAxd~ (mod n). The second subsystem of the converser B also generates a random number t and sends the first subsystem of the converser A a second distrlbution code XB representative of a number obtained by calculating SBx~t (mod n). Then, the first subsystem of the converser A calculates (XB /IDB)~ (mod n) and keeps the resulting number as the work cipher key K.
Similarly, the second subsystem of the converser B
calculates (XAe/IDA)t (mod n) and the resulting number as the work cipher key K.
As described above, the identity-based key distribution system must carry out mutual or two-way communication between the first and the second subsystems in order to distribute or exchange the work cipher key K.
As a result, the identity-based key distribution system is defective in that communication overhead increases in a known electronic mail system which can transmit messages enciphered with the work cipher key K via the insecure communication channel.
Summary of the Inventlon:
It ls therefore an ob~ect of thls lnventlon to provlde a key dlstrlbutlon system and a method of dlstrlbutlng a clpher key between two subsystems, whereln lt ls posslble to dlstrlbute the clpher key between these two subsystems by one-way communlcatlon.
It ls another ob~ect of thls lnventlon to provlde a key dlstrlbutlon system and a method of dlstrlbutlng a clpher key between two subsystems, whereln lt ls posslble to easlly manage secret lnformatlon.
It ls stlll another ob~ect of thls lnventlon to provlde a key dlstrlbutlon system and a method of dlstrlbutlng a clpher key between two subsystems, whereln lt ls unfeared to be breakable by a user's consplracy attack.
It ls yet another ob~ect of thls lnventlon to provlde a key dlstrlbutlon system and a method of dlstrlbutlng a clpher key between two subsystems, whereln lt ls operable ln hlgh securlty.
Other ob~ects of thls lnventlon wlll become clear as the descrlptlon proceeds.
Accordlng to a broad aspect of the lnventlon there ls provlded a method of dlstrlbutlng a clpher key between a flrst subsystem for a flrst converser and a second subsystem for a second converser vla a communlcatlon channel by uslng a publlc flle whlch stores publlc lnformatlon correspondlng to ldentlflcatlon lnformatlon asslgned to conversers, sald flrst and sald second conversers belng asslgned wlth flrst and second ldentlflcatlon lnformatlon, respectlvely, sald flrst and sald second ldentlflcatlon lnformatlon correspondlng to flrst and second publlc lnformatlon, respectlvely, sald flrst and sald second subsystems havlng flrst and second secret lnformatlon, respectlvely, each of sald flrst and sald second secret lnformatlon belng used as secret lnformatlon for transmlsslon and secret lnformatlon for receptlon ln common, sald method comprlslng the followlng steps:
ta) accesslng, ln sald flrst subsystem, sald publlc flle by sald second ldentlflcatlon lnformatlon to read sald second publlc lnformatlon;
(b) generatlng, ln sald flrst subsystem, a random number;
(c) generatlng, ln sald flrst subsystem, a flrst clpher key by applylng a flrst predetermlned transformatlon on sald second publlc lnformatlon and sald second ldentlflcatlon lnformatlon on the basls of flrst and second constants and sald random number;
(d) generatlng, ln sald flrst subsystem, a key dlstrlbutlon code by applylng a second predetermlned transformatlon on sald flrst publlc lnformatlon and a thlrd constant on the basls of sald flrst constant, sald flrst secret lnformatlon, and sald random number;
(e) transmlttlng, as dlstrlbutlon lnformatlon, sald key dlstrlbutlon code and sald flrst ldentlflcatlon lnformatlon from said flrst subsystem to said second subsystem vla sald communicatlon channel;
(f) recelvlng, ln sald second subsystem, sald dlstrlbutlon lnformatlon from sald flrst subsystem; and (g) generatlng, ln said second subsystem, a second clpher key by applylng a thlrd predetermlned transformatlon on sald key dlstrlbutlon code and sald flrst ldentlficatlon lnformatlon on the basls of sald flrst and said second constants and sald second secret lnformatlon, sald second clpher key belng equal to sald flrst clpher key.
Accordlng to another broad aspect of the lnventlon there ls provlded a key transmlttlng subsystem for use ln a key dlstrlbutlon system, sald key transmlttlng subsystem belng for transmlttlng dlstrlbutlon lnformatlon to a key recelvlng subsystem of sald key dlstrlbutlon system vla a communlcatlon channel, sald key recelvlng subsystem belng for recelvlng sald dlstrlbutlon informatlon to generate a cipher key, sald key transmlttlng subsystem belng ln use by a transmlsslon converser whllst sald key recelvlng subsystem ls ln use by a receptlon converser, sald key dlstrlbutlon system comprlslng a publlc flle whlch stores publlc lnformatlon correspondlng to ldentlflcatlon informatlon asslgned to conversers, sald transmlsslon converser belng asslgned wlth transmlsslon ldentlflcatlon lnformatlon correspondlng to transmlsslon public lnformatlon whllst sald receptlon converser ls asslgned wlth receptlon ldentlflcatlon informatlon correspondlng to receptlon publlc lnformatlon, sald key transmlttlng subsystem comprlslng:
accessing means supplled wlth sald receptlon ldentlflcatlon lnformatlon and connected to sald publlc flle for accesslng sald publlc flle by sald receptlon ldentlflcatlon lnformatlon to read sald receptlon publlc .~
~ 64768-264 lnformatlon;
random number generatlng means for generatlng a random number;
constant holdlng means for holdlng flrst through thlrd constant 8;
secret lnformatlon holdlng means for holdlng secret lnformatlon for sald transmlsslon converser the secret lnformatlon belng used as that for transmlsslon and that for receptlon ln common, publlc lnformatlon holdlng means for holdlng sald transmlsslon publlc lnformatlon;
ldentlflcatlon lnformatlon holdlng means for holdlng sald transmlsslon ldentlflcatlon lnformatlon;
clpher key generatlng means connected to sald accesslng means, sald random number generatlng means, and sald constant holdlng means for generatlng sald clpher key by applylng a flrst predetermlned transformatlon on sald receptlon publlc lnformatlon and sald receptlon ldentlflcatlon lnformatlon on the basls of sald flrst and sald second constants, and sald 0 random number;
code generatlng means connected to sald random number generatlng means, sald secret lnformatlon holdlng means, sald constant holdlng means, and sald publlc lnformatlon holdlng means for generatlng a key dlstrlbutlon code by applylng a second predetermlned transformatlon on sald transmlsslon publlc lnformatlon and sald thlrd constant on the basls of sald flrst constant, sald secret lnformatlon, and sald random number; and 2062t 70 transmlttlng means connected to sald code generatlng means and sald ldentlflcation lnformatlon holdlng means for transmlttlng, as sald dlstrlbutlon lnformatlon, sald key dlstrlbutlon code and sald transmlsslon ldentlflcatlon lnformatlon to sald key recelvlng subsystem vla sald communlcatlon channel.
Accordlng to another broad aspect of the lnventlon there ls provlded a key recelvlng subsystem for use ln a key dlstrlbutlon system comprlslng a key transmlttlng subsystem for transmlttlng dlstrlbutlon lnformation to said key recelvlng subsystem vla a communlcatlon channel, sald key recelvlng subsystem belng for recelvlng sald dlstribution lnformatlon to generate a clpher key, sald key transmittlng subsystem belng ln use by a transmlsslon converser whlle sald key recelvlng subsystem ls ln use by a receptlon converser, sald key dlstrlbutlon system comprlslng a publlc flle whlch stores publlc lnformatlon correspondlng to ldentlflcatlon lnformatlon asslgned to conversers, sald transmlsslon converser belng asslgned wlth transmlsslon ldentlflcatlon lnformatlon correspondlng to transmlsslon public informatlon whllst sald reception converser ls asslgned wlth receptlon ldentlflcatlon lnformatlon correspondlng to receptlon publlc lnformatlon, sald key receivlng subsystem comprlslng:
recelvlng means connected to sald key transmlttlng subsystem vla sald communlcation channel for recelving, as sald dlstrlbutlon lnformation, a key dlstrlbutlon code and sald transmlsslon ldentlflcatlon lnformatlon from sald key transmlttlng subsystem vla sald communlcation channel, said ~ ~ _ g ~, 20 62 ~ 70 dlstrlbutlon code representlng a number generated by uslng sald transmlsslon publlc lnformatlon~
constant holdlng means for holdlng flrst and second constants;
secret lnformatlon holdlng means for holdlng secret lnformatlon for said second converser, the secret lnformatlon belng used as that for transmlsslon and that for receptlon ln common; and clpher key generatlng means connected to sald recelvlng means, sald constant lnformatlon holdlng means, and sald secret lnformatlon holdlng means for generatlng sald clpher key by applylng a predetermlned transformatlon on sald key dlstrlbutlon code and sald transmlsslon ldentlflcatlon lnformatlon on the basls of sald flrst and sald second constants and sald secret lnformatlon.
Brlef De~crlptlon of the Drawlnq:
Flg. 1 ls a block dlagram of a key dlstrlbutlon system accordlng to a preferred embodlment of the lnstant lnventlon;
Flg. 2 shows a flow chart for use ln descrlblng operatlon of lssulng varlous lnformatlon used ln the key dlstrlbutlon system lllustrated ln Flg. l; and Flg. 3 ls a block dlagram of a subsystem used as the flrst and the second subsystems ln Flg. 1.
De~crlptlon of the Preferred Embodlment:
Referrlng to Flg. 1, descrlptlon wlll begln wlth a key dlstrlbutlon system accordlng to a preferred embodlment of the lnventlon. The key dlstrlbutlon system comprlses a flrst subsystem 11, a second subsystem 12, and a publlc flle 13.
The flrst subsystem 11 and the ~ - lOa -, .
~.
second subsystem 12 are connected each other via first and second insecure communication channels 16 and 17 each of which may be a telephone line. The first subsystem 11 and the public file 13 are connected to each other via a connection line 18.
In the manner which will later become clear, the first subsystem 11 transmits distribution information to the second subsystem 12 via the first insecure communication channel 16. The second subsystem 12 receives the distribution information to generate a cipher key. Therefore, the first subsystem 11 is called a key transmitting subsystem whilst the second subsystem 12 is referred to a key receiving subsystem. The key transmitting subsystem 11 is in use by a first or transmission converser A whilst the key receiving subsystem 12 is in use by a second or reception converser B.
The public file 13 stores public information corresponding to identification information assigned to conversers. The transmission converser A is assigned with first or transmission identification information IDA
corresponding to first or transmission public information XA whilst the reception converser B is assigned with second or reception identification information IDB
corresponding to second or reception public information XB.
The key transmitting subsystem 11 comprises an input unit 21 and a reading unit 22. The input unit 21 inputs the reception identification information IDB to provide the reading unit 22 with the reception identification information IDB. The reading unit 22 is connected to the public file 13. Responsive to the reception identification information IDB, the reading unit 22 reads the reception public information XB out of the public file 13. The reading unit 22 produces the reception identification information IDB and the reception public information XB. Therefore, a combination of the input unit 21 and the reading unit 22 serves as an accessing arrangement supplied with the reception identification information IDB and connected to the public file 13 for accessing the public file 13 by the reception identification information IDB to read the reception public information XB.
The key transmitting subsystem 11 further comprises a random number generator 23, a first constant register 24, a first secret information register 25, a public information register 26, and an identification information register 27. The random number generator 23 generates a random number r. The first constant register 24 holds first through third constants n, t, and ~ which will later become clear. The first secret information register 25 holds first or transmission secret information rA for the transmission converser A. The public information register 26 holds the transmission public information XA. The identification information register 27 holds the transmission identification information IDA.
The key transmitting subsystem 11 furthermore comprises a first cipher key generator 28, a distribution code generator 29, a transmitting unit 30, and an enciphering unit 31. The first cipher key generator 28 is connected to the reading unit 22, the random number generator 23, and the constant register 24. In the manner which will later be described, the first cipher key generator 28 generates a first cipher key KA by applying a first predetermined transformation on the reception public information XB and the reception identifi.cation information IDB on the basis of the first and the second constants n and t, and the random number r. The distribution code generator 29 is connected to the random number generator 23, the first secret information register 25, the first constant register 24, and the public information register 26. In the manner which will later be described, the distribution code generator 29 generates a key distribution code YA by 2~ applying a second predetermined transformation on the transmission public information XA and the third constant on the basis of the first constant n, the first secret information rA, and the random number r. The transmitting unit 30 is connected to the distribution code generator 29 and the identification information register 27. The transmitting unit 30 transmits, as the distribution information, the key distribution code YA
and the transmission identification information IDA to the key receiving subsystem 12 via the first insecure communication channel 16. The enciphering unit 31 is supplied with transmission messages and is connected to the first cipher key generator 28. The enciphering unit 31 enciphers the transmission messages with the first cipher key KA to produce enciphered messages. The enciphered messages are delivered to the key receiving subsystem 12 via the second insecure communication channel 17.
The key receiving subsystem 12 comprises a receiving unit 32, a second constant register 33, and a second secret information register 34. The receiving unit 32 is connected to the key transmitting subsystem 11 via the first insecure communication channel 16. The receiving unit 32 receives, as the distribution information, the key distribution code YA and the transmission identification information IDA from the key transmitting subsystem 11 via the first insecure communication channel 16. The second constant register 33 holds the first and the second constants n and t. The second secret information register 34 holds second or reception secret information rB for the second converser B.
The key receiving subsystem 12 further comprises a second cipher key generator 35 and a deciphering unit 36. The second cipher key generator 35 is connected to the receiving unit 32, the first constant register 33, and the second secret information register 34. The second cipher key generator 35 generates a second cipher key KB by applying a third predetermined transformation on the key distribution code YA and the transmission identification information IDA on the basis of the first and the second constants n and t and the second secret information rB. In the manner which will later become clear, the second cipher key KB coincides with the first cipher key KA. The deciphering unit 36 is supplied with the enciphered messages via the second insecure communication channel 17 and is connected to the second cipher key generator 35. The deciphering unit 36 deciphers the enciphered messages with the second cipher key KB to produce reception messages which coincide with the transmission messages.
Referring to Fig. 2, description will be made as regards operation of issuing the first through the third constants n, t, and ~, an i-th identification information IDi, an i-th subsidiary secret information si, an i-th secret information ri, and an i-th public information Xi, where i represents a positive integer. In the example being illustrated, the positive integer i is one selected from one and two. In the manner which will later be described, a key distribution center 37 distributes the first through the third constants n, t, and ~, the i-th identification information IDi, and the i-th subsidiary secret information si to an i-th subsystem 38, like the first and the second subsystems 11 and 12 in Fig. 1.
At first, the key distribution center 37 generates two sufficiently large prime numbers p and q ta step Sl) and then calculates the first constant, i.e. a modules n which is a product of the two prime numbers p and q (a step S2). For instance, the two prime numbers p and q may be of size at least 256 bits. The second constant t is selected as an exponent such that exd = 1 (mod (p-l)x(q-l)) and the third constant ~ is selected as a positive integer which is both a primitive element in finite fields GP(p) and GP(q) (a step S3). The third constant ~ is less than the first constant n.
The i-th subsystem 38 issues a subscriber's request to the key distribution center 37 (a step S4).
The i-th subsystem 38 judges whether the subscriber's request is present or absent (a step S5). The i-th subsystem 38 applies for the i-th identification information IDi therefor (a step S6). When the subscriber's request is present (YES of the step S5), the key distribution center 37 sets the i-th identification information IDi on applying for the i-th identification information IDi (a step S7). At a step S8, the key distribution center 37 calculates the i-th subsidiary secret information si on the i-th identification information IDi by using the first and the second constants n and t as follows:
Si = (IDi) ( / ) (mod n). (1) That is, the first and the second identification information IDA and IDB are related to first and second subsidiary secret information sA and sB by using the first and the second constants n and t as follows:
sA = (IDA) ( / ) (mod n); (2) and sB = (IDB) ( / ) (mod n). (3) Subsequently, the key distribution center 37 secretly distributes the first through the third constants n, t, and ~, the i-th identification information IDi, and the i-th subsidiary secret information si to the i-th subsystem 38 (a step S9). The i-th subsystem 38 receives the first through the third constants n, t, and d, the i-th identification information IDi, and the i-th subsidiary secret information si from the key distribution center 37 (a step S10). The i-th subsystem 38 generates a random number as the i-th secret information ri (a step Sll).
Therefore, the first and the second conversers A and B
have the first and the second secret information rA and rB, respectively. At a step S12, the i-th subsystem 38 calculates the i-th public information Xi on the i-th subsidiary secret information Si and the third constant by using the first constant n and the i-th secret information ri as follows:
Xi = Si x ~ i (mod n). (4) That is, the first and the second public information XA
and XB are represented by using the first and the second subsidiary secret information sA and sB, the first and the third constants n and ~, and the first and the second secret information rA and rB as follows:
XA = SA x ~ A (mod n); (5) and XB = sB x ~ B (mod n). (6) At a step S13, the i-th public information Xi is stored into the public file 13 (Fig. 1) on a designated address which coincides with the i-th identification information IDi and into an i-th public information register, like the public information register 26 (Fig.
1). Subsequently, the i-th subsystem 38 stores the i-th secret information ri into an i-th secret information register, like 25 and 34 in Fig. 1, stores the first through the third constants n, t, and ~ into an i-th constant register, like 24 and 33 in Fig. 33, and stores the i-th identification information IDi into an i-th identification information register, like 27 in Fig. 1 (a step S14). The i-th identification information IDi represents herein a number obtained by considering as a numeric value a code obtained by encoding the address, the name and so on of the i-th converser.
Turning to Fig. 1, description will be made as regards operation of the key distribution system. It will be assumed that the first (key transmitting) subsystem 11 of the first (transmission) converser A
accesses the public file 13.
In the first subsystem 11, the reception identification information IDB is supplied to the reading unit 22 through the input unit 21. The reading unit 22 accesses the public file 13 by the reception identification information IDB to read the reception 20~2 1 ~
public information XB. The reception public information XB and the reception identification information IDB are supplied from the reading unit 22 to the first cipher key generator 28. The first cipher key generator 28 is also supplied with the random number r generated by the random number generator 23 and with the first and the second constants n and t which are held in the first constant register 24. The first cipher key generator 28 generates the first cipher key KA by applying the first predetermined transformation on the reception public information XB and the reception identification i.nformation IDB on the basis of the first and the second constants n and t, and the random number r. The first predetermined transformation is represented by:
KA = (XB x IDB) (mod n). (7) Incidentally, the following relationship is satisfied. That is:
XBt = sBt x drBXt = (ID ) 1 x ~rBXt (8) To substitute the equation (8) into the equation (7), the first cipher key KA is represented by using the third constant ~, the second secret information rB, the random number r, and the second constant t as follows:
KA = ~rBxrxt The random number r is also supplied to the distribution code generator 29. The distribution code generator 29 is supplied with the first secret information rA from the first secret information register 25, with the first and the third constants n and ~ from the first constant register 24, and with the transmission public information XA from the public information register 26. The distribution code generator 29 generates, as an intermediate cipher key, the key distribution code YA by applying the second predetermined transformation on the transmission public information XA
and the third constant ~ on the basis of the first constant n, the first secret information rA, and the random number r. The second predetermined transformation is represented by:
YA = XA x ~ A (mod n). (10) The key distribution code YA is supplied to the transmitting unit 30. The transmitting unit 30 is also supplied with the transmission identification information IDA held in the identification information register 27.
The transmitting unit 30 transmits, as the distribution information, the key distribution code YA and the transmission identification information IDA to the key receiving subsystem 12 via the first insecure communication channel 16.
In the key receiving subsystem 12, the receiving unit 32 receives, as the distribution information, the key distribution code YA and the transmission identification information IDA from the key transmitting subsystem 11 via the first insecure communication channel 16. The key distribution code YA and the transmission identification information IDA are supplied to the second cipher key generator 35 from the receiving unit 32. The 2062 1 7~) second cipher key generator 35 is also supplied with the first and the second constants n and t held in the second constant register 33 and with the second secret information rB held in the second secret information register 34. The second cipher key generator 35 generates the second cipher key KB by applying the third predetermined transformation on the key distribution code YA and the transmission identification information IDA on the basis of the first and the second constants n and t and the second secret information rB. The third predetermined transformation is represented by:
KB = (YA x IDA) B (mod n). (11) Incidentally, the following relationship is satisfied. That is:
t t x ~rxt = (IDA) 1 x ~ (12) To substitute the equation (12) into the equation (11), the second cipher key KB is represented by using the third constant ~, the second secret information rB, the random number r, and the second constant t as follows:
KB = ~rBxrxt (13) As apparent from the two equations (9) and (13), the second cipher key KB coincides with the first cipher key KA. As a result, it is unnecessary for the second, (key receiving) subsystem 12 to send distribution information to the first (key transmitting) subsystem 11.
This is because the second or reception public information XB for the second or reception converser B is 2062l7~) stored in the public file 13 and the first subsystem 11 can access the public file 13 by the second or reception identification information IDB to read the reception public information XB. Accordingly, the first subsystem 11 for the first converser A can distribute the cipher key to the second subsystem 12 for the second converser B
in spite of presence or absence of the second converser B. In addition, the first subsystem 11 can transmit, to the second subsystem 12, the enciphered messages as well as the key distribution code YA and the transmission identification information IDA.
Furthermore, an i-th converser assigned with the i-th identification information IDi, in general, has the i-th secret information ri which is held in the secret information register, like 25 and 34 in Fig. 1 and which is used as secret information for transmission and secret information for reception in common. As a result, it is possible to easily manage the secret information.
In order to impersonate the i-th converser by tampering with the i-th public information Xi, an eavesdropper must find the i-th public information Xi and the i-th secret information ri which satisfy the following relationship:
X t x ID ~txri ( d ) (14) However, it is difficult for the eavesdropper to find the i-th public information Xi and the i-th secret information ri by a converser's conspiracy attack. This reason will be described more in detail in a reference, 20621 7(J
for example, an article contributed by Eiji Okamoto to "Advances in Cryptology-CRIPTO '87", pages 194-202, under the title of "Key Distribution Systems Based on Identification Information". This reference describes that the subsidiary secret information si and the i-th secret information ri are not revealed although the i-th public information Xi is opened in the public.
Referring now to Fig. 3, description will be made as regards a subsystem, like the first and the second subsystems 11 and 12 in Fig. 1. The subsystem comprises a terminal unit (TMU) 41, a read only memory unit (ROM) 42, a random access memory unit (RAM) 43, a random number generator (RNG) 44, a common bus 45, and a signal processor (SP) 46. The terminal unit 41 may be a personal computer equipped with communication processing functions. The common bus 45 interconnects the terminal unit 41, the read only memory unit 42, the random access memory unit 43, the random number generator 44, and the signa] processor 46.
The random number generator 44 may be a key source disclosed in United States Patent No. 4,200,770 issued to Hellman et al. The signal processor 46 may be a processor available from CYLINK Corporation under the trade name CY 1024 KEY MANAGEMENT PROCESSOR.
The random number generator 44 generates the random number r in response to a command given from the signal processor 46. Therefore, the random number generator 44 acts in cooperation with the signal processor 46 as the random number generator 23 in Fig. 1.
The read only memory unit 42 stores the first through the third constants n, t, and ~, the i-th subsidiary secret information Si, the i-th secret information ri, and the i-th identification information IDi. The read only memory unit 42 is therefore operable as the constant register, like 24 or 33 in Fig. 1, the secret information register, like 25 or 34 in Fig. 1, and the identification information register, like 27 in Fig. 1. Instead of storing the i-th secret information ri into the read only memory unit 42, the i-th secret information ri may be stored in the random access memory unit 43 from the terminal unit 41 everytime conversers or users communicate. The random access memory unit 43 stores the lS i-th public information Xi. Therefore, the random access memory unit 43 acts as the public information register 26 in Fig. 1.
The read only memory unit 42 also stores a program which is divisible into a first subprogram for transmission and a second subprogram for reception. The random access memory unit 43 is used to temporarily store intermediate calculation results. According to the first subprogram stored in the read only memory unit 42, the signal processor 46 serves in cooperation with the random access memory unit 43 as the first cipher key generator 28 and the distribution code generator 29 in Fig. 1.
According to the second subprogram stored in the read only memory unit 42, the signal processor 46 acts in cooperation with the random access memory unit 43 as the second cipher key generator 35 in Fig. 1. The terminal unit 41 is operable as either the transmitting unit 30 in Fig. 1 or the receiving unit 32 in Fig. 1.
Each of the first and the second subsystems 11 and 12 may be a data processing unit such as a general purpose computer and an integrated circuit (IC) card.
BETWEEN TWO SUBSYSTEMS BY ONE-WAY COMMUNICATION
Background of the Invention:
Thls invention relates to a key distribution system for distributing a cipher key between two subsystems via a communication channel by one-way communication.
Various key distribution systems are already known. By way of example, a key distribution system is disclosed in a paper which is contributed by W. Diffie and M. E. Hellman to the IEEE Transactions on Information Theory, Vol. IT-22, No. 6, pages 644-654, November issue, 1976, under the title of "New Directions in Cryptography". The key distribution system according to the Diffie et al paper is called the Diffie-Hellman public key distribution system. The Diffie-Hellman public key distribution system comprises a public file or directory in which public information for each of users or conversers is stored. It will be assumed that two conversers are named A and B. Let p be a large prime *
2062 1 7~
number of about 256 bits in binary representation, which is publicly known. Let ~ be a fixed primitive element of the finite field GP(p), i.e. an integer such that its successive powers modulo p (~, d2(mod p), ~ (mod p), ...) fill the finite field GP(p) except zero, where a (mod b) means a remainder of division of the number a by the number b. The public file stores public information YA
of the converser A and public information YB of the converser B. The public information YA and YB are selected so as to be equal to ~ A (mod p) and ~ B (mod p), respectively, where XA and XB represent secret numbers of the conversers A and B that are chosen uniformly the set of integers ~1, 2, ..., (p - 1)}.
Before the converser A sends enciphered messages to the converser B, the converser A prepares an enciphering key KA generated from the public information YB and the secret information XA. The enciphering key KA represents a number obtained by calculating YB A (mod p). The converser B also prepares an enciphering key KB in accordance to YA B (mod p) in a similar manner. Inasmuch as the enciphering keys KA and KB are equal to each other, they will therefore be their common cipher key.
However, the Diffie-Hellman public key distribution system is disadvantageous in that a third party or an eavesdropper has possibility to impersonate one of the conversers A and B by doctoring or tampering with the public information.
Another key distribution system is disclosed in United States Patent No. 4,876,716 issued to Eiji Okamoto. The key distribution system according to the Okamoto's U.S. Patent is referred to an identity-based key distribution system. This is because a cipher key is generated by using each converser's identification information instead of the public file used in the Diffie-Hellman public key distribution system. The identification information may be any information such as converser's name and address. It is unfeared that tampering with the public information is made. This is because the identification information is used as the public information.
The identity based key distribution system comprises a first subsystem, a second subsystem, and an insecure communication channel such as a telephone line which connects the first subsystem with the second subsystem. It is assumed that the first and the second subsystems are used by users or conversers A and B, respectively. Let n be a modulus of size at least 512 bits which is a product of two sufficiently large prime numbers p and q, and e and d be two exponents such that exd = 1 (mod (p-l)x(q-l)). Let ~ be an integer which is both a primitive element in the finite fields GP(p) and GP(q). It will also be assumed that conversers A and B
are assigned with identification information IDA and IDB, respectively. In this event, the conversers A and B has or knows secret integer numbers SA and SB which are defined as numbers obtainable from IDA (mod n) and IDBd (mod n), respectively.
When the conversers A and B wish to obtain a work or session cipher key K, i.e. a key which is randomly chosen at each communication, the first subsystem of the converser A generates a random number ~ and sends the second subsystem of the converser B a first key distribution code XA representative of a number obtained by computing SAxd~ (mod n). The second subsystem of the converser B also generates a random number t and sends the first subsystem of the converser A a second distrlbution code XB representative of a number obtained by calculating SBx~t (mod n). Then, the first subsystem of the converser A calculates (XB /IDB)~ (mod n) and keeps the resulting number as the work cipher key K.
Similarly, the second subsystem of the converser B
calculates (XAe/IDA)t (mod n) and the resulting number as the work cipher key K.
As described above, the identity-based key distribution system must carry out mutual or two-way communication between the first and the second subsystems in order to distribute or exchange the work cipher key K.
As a result, the identity-based key distribution system is defective in that communication overhead increases in a known electronic mail system which can transmit messages enciphered with the work cipher key K via the insecure communication channel.
Summary of the Inventlon:
It ls therefore an ob~ect of thls lnventlon to provlde a key dlstrlbutlon system and a method of dlstrlbutlng a clpher key between two subsystems, whereln lt ls posslble to dlstrlbute the clpher key between these two subsystems by one-way communlcatlon.
It ls another ob~ect of thls lnventlon to provlde a key dlstrlbutlon system and a method of dlstrlbutlng a clpher key between two subsystems, whereln lt ls posslble to easlly manage secret lnformatlon.
It ls stlll another ob~ect of thls lnventlon to provlde a key dlstrlbutlon system and a method of dlstrlbutlng a clpher key between two subsystems, whereln lt ls unfeared to be breakable by a user's consplracy attack.
It ls yet another ob~ect of thls lnventlon to provlde a key dlstrlbutlon system and a method of dlstrlbutlng a clpher key between two subsystems, whereln lt ls operable ln hlgh securlty.
Other ob~ects of thls lnventlon wlll become clear as the descrlptlon proceeds.
Accordlng to a broad aspect of the lnventlon there ls provlded a method of dlstrlbutlng a clpher key between a flrst subsystem for a flrst converser and a second subsystem for a second converser vla a communlcatlon channel by uslng a publlc flle whlch stores publlc lnformatlon correspondlng to ldentlflcatlon lnformatlon asslgned to conversers, sald flrst and sald second conversers belng asslgned wlth flrst and second ldentlflcatlon lnformatlon, respectlvely, sald flrst and sald second ldentlflcatlon lnformatlon correspondlng to flrst and second publlc lnformatlon, respectlvely, sald flrst and sald second subsystems havlng flrst and second secret lnformatlon, respectlvely, each of sald flrst and sald second secret lnformatlon belng used as secret lnformatlon for transmlsslon and secret lnformatlon for receptlon ln common, sald method comprlslng the followlng steps:
ta) accesslng, ln sald flrst subsystem, sald publlc flle by sald second ldentlflcatlon lnformatlon to read sald second publlc lnformatlon;
(b) generatlng, ln sald flrst subsystem, a random number;
(c) generatlng, ln sald flrst subsystem, a flrst clpher key by applylng a flrst predetermlned transformatlon on sald second publlc lnformatlon and sald second ldentlflcatlon lnformatlon on the basls of flrst and second constants and sald random number;
(d) generatlng, ln sald flrst subsystem, a key dlstrlbutlon code by applylng a second predetermlned transformatlon on sald flrst publlc lnformatlon and a thlrd constant on the basls of sald flrst constant, sald flrst secret lnformatlon, and sald random number;
(e) transmlttlng, as dlstrlbutlon lnformatlon, sald key dlstrlbutlon code and sald flrst ldentlflcatlon lnformatlon from said flrst subsystem to said second subsystem vla sald communicatlon channel;
(f) recelvlng, ln sald second subsystem, sald dlstrlbutlon lnformatlon from sald flrst subsystem; and (g) generatlng, ln said second subsystem, a second clpher key by applylng a thlrd predetermlned transformatlon on sald key dlstrlbutlon code and sald flrst ldentlficatlon lnformatlon on the basls of sald flrst and said second constants and sald second secret lnformatlon, sald second clpher key belng equal to sald flrst clpher key.
Accordlng to another broad aspect of the lnventlon there ls provlded a key transmlttlng subsystem for use ln a key dlstrlbutlon system, sald key transmlttlng subsystem belng for transmlttlng dlstrlbutlon lnformatlon to a key recelvlng subsystem of sald key dlstrlbutlon system vla a communlcatlon channel, sald key recelvlng subsystem belng for recelvlng sald dlstrlbutlon informatlon to generate a cipher key, sald key transmlttlng subsystem belng ln use by a transmlsslon converser whllst sald key recelvlng subsystem ls ln use by a receptlon converser, sald key dlstrlbutlon system comprlslng a publlc flle whlch stores publlc lnformatlon correspondlng to ldentlflcatlon informatlon asslgned to conversers, sald transmlsslon converser belng asslgned wlth transmlsslon ldentlflcatlon lnformatlon correspondlng to transmlsslon public lnformatlon whllst sald receptlon converser ls asslgned wlth receptlon ldentlflcatlon informatlon correspondlng to receptlon publlc lnformatlon, sald key transmlttlng subsystem comprlslng:
accessing means supplled wlth sald receptlon ldentlflcatlon lnformatlon and connected to sald publlc flle for accesslng sald publlc flle by sald receptlon ldentlflcatlon lnformatlon to read sald receptlon publlc .~
~ 64768-264 lnformatlon;
random number generatlng means for generatlng a random number;
constant holdlng means for holdlng flrst through thlrd constant 8;
secret lnformatlon holdlng means for holdlng secret lnformatlon for sald transmlsslon converser the secret lnformatlon belng used as that for transmlsslon and that for receptlon ln common, publlc lnformatlon holdlng means for holdlng sald transmlsslon publlc lnformatlon;
ldentlflcatlon lnformatlon holdlng means for holdlng sald transmlsslon ldentlflcatlon lnformatlon;
clpher key generatlng means connected to sald accesslng means, sald random number generatlng means, and sald constant holdlng means for generatlng sald clpher key by applylng a flrst predetermlned transformatlon on sald receptlon publlc lnformatlon and sald receptlon ldentlflcatlon lnformatlon on the basls of sald flrst and sald second constants, and sald 0 random number;
code generatlng means connected to sald random number generatlng means, sald secret lnformatlon holdlng means, sald constant holdlng means, and sald publlc lnformatlon holdlng means for generatlng a key dlstrlbutlon code by applylng a second predetermlned transformatlon on sald transmlsslon publlc lnformatlon and sald thlrd constant on the basls of sald flrst constant, sald secret lnformatlon, and sald random number; and 2062t 70 transmlttlng means connected to sald code generatlng means and sald ldentlflcation lnformatlon holdlng means for transmlttlng, as sald dlstrlbutlon lnformatlon, sald key dlstrlbutlon code and sald transmlsslon ldentlflcatlon lnformatlon to sald key recelvlng subsystem vla sald communlcatlon channel.
Accordlng to another broad aspect of the lnventlon there ls provlded a key recelvlng subsystem for use ln a key dlstrlbutlon system comprlslng a key transmlttlng subsystem for transmlttlng dlstrlbutlon lnformation to said key recelvlng subsystem vla a communlcatlon channel, sald key recelvlng subsystem belng for recelvlng sald dlstribution lnformatlon to generate a clpher key, sald key transmittlng subsystem belng ln use by a transmlsslon converser whlle sald key recelvlng subsystem ls ln use by a receptlon converser, sald key dlstrlbutlon system comprlslng a publlc flle whlch stores publlc lnformatlon correspondlng to ldentlflcatlon lnformatlon asslgned to conversers, sald transmlsslon converser belng asslgned wlth transmlsslon ldentlflcatlon lnformatlon correspondlng to transmlsslon public informatlon whllst sald reception converser ls asslgned wlth receptlon ldentlflcatlon lnformatlon correspondlng to receptlon publlc lnformatlon, sald key receivlng subsystem comprlslng:
recelvlng means connected to sald key transmlttlng subsystem vla sald communlcation channel for recelving, as sald dlstrlbutlon lnformation, a key dlstrlbutlon code and sald transmlsslon ldentlflcatlon lnformatlon from sald key transmlttlng subsystem vla sald communlcation channel, said ~ ~ _ g ~, 20 62 ~ 70 dlstrlbutlon code representlng a number generated by uslng sald transmlsslon publlc lnformatlon~
constant holdlng means for holdlng flrst and second constants;
secret lnformatlon holdlng means for holdlng secret lnformatlon for said second converser, the secret lnformatlon belng used as that for transmlsslon and that for receptlon ln common; and clpher key generatlng means connected to sald recelvlng means, sald constant lnformatlon holdlng means, and sald secret lnformatlon holdlng means for generatlng sald clpher key by applylng a predetermlned transformatlon on sald key dlstrlbutlon code and sald transmlsslon ldentlflcatlon lnformatlon on the basls of sald flrst and sald second constants and sald secret lnformatlon.
Brlef De~crlptlon of the Drawlnq:
Flg. 1 ls a block dlagram of a key dlstrlbutlon system accordlng to a preferred embodlment of the lnstant lnventlon;
Flg. 2 shows a flow chart for use ln descrlblng operatlon of lssulng varlous lnformatlon used ln the key dlstrlbutlon system lllustrated ln Flg. l; and Flg. 3 ls a block dlagram of a subsystem used as the flrst and the second subsystems ln Flg. 1.
De~crlptlon of the Preferred Embodlment:
Referrlng to Flg. 1, descrlptlon wlll begln wlth a key dlstrlbutlon system accordlng to a preferred embodlment of the lnventlon. The key dlstrlbutlon system comprlses a flrst subsystem 11, a second subsystem 12, and a publlc flle 13.
The flrst subsystem 11 and the ~ - lOa -, .
~.
second subsystem 12 are connected each other via first and second insecure communication channels 16 and 17 each of which may be a telephone line. The first subsystem 11 and the public file 13 are connected to each other via a connection line 18.
In the manner which will later become clear, the first subsystem 11 transmits distribution information to the second subsystem 12 via the first insecure communication channel 16. The second subsystem 12 receives the distribution information to generate a cipher key. Therefore, the first subsystem 11 is called a key transmitting subsystem whilst the second subsystem 12 is referred to a key receiving subsystem. The key transmitting subsystem 11 is in use by a first or transmission converser A whilst the key receiving subsystem 12 is in use by a second or reception converser B.
The public file 13 stores public information corresponding to identification information assigned to conversers. The transmission converser A is assigned with first or transmission identification information IDA
corresponding to first or transmission public information XA whilst the reception converser B is assigned with second or reception identification information IDB
corresponding to second or reception public information XB.
The key transmitting subsystem 11 comprises an input unit 21 and a reading unit 22. The input unit 21 inputs the reception identification information IDB to provide the reading unit 22 with the reception identification information IDB. The reading unit 22 is connected to the public file 13. Responsive to the reception identification information IDB, the reading unit 22 reads the reception public information XB out of the public file 13. The reading unit 22 produces the reception identification information IDB and the reception public information XB. Therefore, a combination of the input unit 21 and the reading unit 22 serves as an accessing arrangement supplied with the reception identification information IDB and connected to the public file 13 for accessing the public file 13 by the reception identification information IDB to read the reception public information XB.
The key transmitting subsystem 11 further comprises a random number generator 23, a first constant register 24, a first secret information register 25, a public information register 26, and an identification information register 27. The random number generator 23 generates a random number r. The first constant register 24 holds first through third constants n, t, and ~ which will later become clear. The first secret information register 25 holds first or transmission secret information rA for the transmission converser A. The public information register 26 holds the transmission public information XA. The identification information register 27 holds the transmission identification information IDA.
The key transmitting subsystem 11 furthermore comprises a first cipher key generator 28, a distribution code generator 29, a transmitting unit 30, and an enciphering unit 31. The first cipher key generator 28 is connected to the reading unit 22, the random number generator 23, and the constant register 24. In the manner which will later be described, the first cipher key generator 28 generates a first cipher key KA by applying a first predetermined transformation on the reception public information XB and the reception identifi.cation information IDB on the basis of the first and the second constants n and t, and the random number r. The distribution code generator 29 is connected to the random number generator 23, the first secret information register 25, the first constant register 24, and the public information register 26. In the manner which will later be described, the distribution code generator 29 generates a key distribution code YA by 2~ applying a second predetermined transformation on the transmission public information XA and the third constant on the basis of the first constant n, the first secret information rA, and the random number r. The transmitting unit 30 is connected to the distribution code generator 29 and the identification information register 27. The transmitting unit 30 transmits, as the distribution information, the key distribution code YA
and the transmission identification information IDA to the key receiving subsystem 12 via the first insecure communication channel 16. The enciphering unit 31 is supplied with transmission messages and is connected to the first cipher key generator 28. The enciphering unit 31 enciphers the transmission messages with the first cipher key KA to produce enciphered messages. The enciphered messages are delivered to the key receiving subsystem 12 via the second insecure communication channel 17.
The key receiving subsystem 12 comprises a receiving unit 32, a second constant register 33, and a second secret information register 34. The receiving unit 32 is connected to the key transmitting subsystem 11 via the first insecure communication channel 16. The receiving unit 32 receives, as the distribution information, the key distribution code YA and the transmission identification information IDA from the key transmitting subsystem 11 via the first insecure communication channel 16. The second constant register 33 holds the first and the second constants n and t. The second secret information register 34 holds second or reception secret information rB for the second converser B.
The key receiving subsystem 12 further comprises a second cipher key generator 35 and a deciphering unit 36. The second cipher key generator 35 is connected to the receiving unit 32, the first constant register 33, and the second secret information register 34. The second cipher key generator 35 generates a second cipher key KB by applying a third predetermined transformation on the key distribution code YA and the transmission identification information IDA on the basis of the first and the second constants n and t and the second secret information rB. In the manner which will later become clear, the second cipher key KB coincides with the first cipher key KA. The deciphering unit 36 is supplied with the enciphered messages via the second insecure communication channel 17 and is connected to the second cipher key generator 35. The deciphering unit 36 deciphers the enciphered messages with the second cipher key KB to produce reception messages which coincide with the transmission messages.
Referring to Fig. 2, description will be made as regards operation of issuing the first through the third constants n, t, and ~, an i-th identification information IDi, an i-th subsidiary secret information si, an i-th secret information ri, and an i-th public information Xi, where i represents a positive integer. In the example being illustrated, the positive integer i is one selected from one and two. In the manner which will later be described, a key distribution center 37 distributes the first through the third constants n, t, and ~, the i-th identification information IDi, and the i-th subsidiary secret information si to an i-th subsystem 38, like the first and the second subsystems 11 and 12 in Fig. 1.
At first, the key distribution center 37 generates two sufficiently large prime numbers p and q ta step Sl) and then calculates the first constant, i.e. a modules n which is a product of the two prime numbers p and q (a step S2). For instance, the two prime numbers p and q may be of size at least 256 bits. The second constant t is selected as an exponent such that exd = 1 (mod (p-l)x(q-l)) and the third constant ~ is selected as a positive integer which is both a primitive element in finite fields GP(p) and GP(q) (a step S3). The third constant ~ is less than the first constant n.
The i-th subsystem 38 issues a subscriber's request to the key distribution center 37 (a step S4).
The i-th subsystem 38 judges whether the subscriber's request is present or absent (a step S5). The i-th subsystem 38 applies for the i-th identification information IDi therefor (a step S6). When the subscriber's request is present (YES of the step S5), the key distribution center 37 sets the i-th identification information IDi on applying for the i-th identification information IDi (a step S7). At a step S8, the key distribution center 37 calculates the i-th subsidiary secret information si on the i-th identification information IDi by using the first and the second constants n and t as follows:
Si = (IDi) ( / ) (mod n). (1) That is, the first and the second identification information IDA and IDB are related to first and second subsidiary secret information sA and sB by using the first and the second constants n and t as follows:
sA = (IDA) ( / ) (mod n); (2) and sB = (IDB) ( / ) (mod n). (3) Subsequently, the key distribution center 37 secretly distributes the first through the third constants n, t, and ~, the i-th identification information IDi, and the i-th subsidiary secret information si to the i-th subsystem 38 (a step S9). The i-th subsystem 38 receives the first through the third constants n, t, and d, the i-th identification information IDi, and the i-th subsidiary secret information si from the key distribution center 37 (a step S10). The i-th subsystem 38 generates a random number as the i-th secret information ri (a step Sll).
Therefore, the first and the second conversers A and B
have the first and the second secret information rA and rB, respectively. At a step S12, the i-th subsystem 38 calculates the i-th public information Xi on the i-th subsidiary secret information Si and the third constant by using the first constant n and the i-th secret information ri as follows:
Xi = Si x ~ i (mod n). (4) That is, the first and the second public information XA
and XB are represented by using the first and the second subsidiary secret information sA and sB, the first and the third constants n and ~, and the first and the second secret information rA and rB as follows:
XA = SA x ~ A (mod n); (5) and XB = sB x ~ B (mod n). (6) At a step S13, the i-th public information Xi is stored into the public file 13 (Fig. 1) on a designated address which coincides with the i-th identification information IDi and into an i-th public information register, like the public information register 26 (Fig.
1). Subsequently, the i-th subsystem 38 stores the i-th secret information ri into an i-th secret information register, like 25 and 34 in Fig. 1, stores the first through the third constants n, t, and ~ into an i-th constant register, like 24 and 33 in Fig. 33, and stores the i-th identification information IDi into an i-th identification information register, like 27 in Fig. 1 (a step S14). The i-th identification information IDi represents herein a number obtained by considering as a numeric value a code obtained by encoding the address, the name and so on of the i-th converser.
Turning to Fig. 1, description will be made as regards operation of the key distribution system. It will be assumed that the first (key transmitting) subsystem 11 of the first (transmission) converser A
accesses the public file 13.
In the first subsystem 11, the reception identification information IDB is supplied to the reading unit 22 through the input unit 21. The reading unit 22 accesses the public file 13 by the reception identification information IDB to read the reception 20~2 1 ~
public information XB. The reception public information XB and the reception identification information IDB are supplied from the reading unit 22 to the first cipher key generator 28. The first cipher key generator 28 is also supplied with the random number r generated by the random number generator 23 and with the first and the second constants n and t which are held in the first constant register 24. The first cipher key generator 28 generates the first cipher key KA by applying the first predetermined transformation on the reception public information XB and the reception identification i.nformation IDB on the basis of the first and the second constants n and t, and the random number r. The first predetermined transformation is represented by:
KA = (XB x IDB) (mod n). (7) Incidentally, the following relationship is satisfied. That is:
XBt = sBt x drBXt = (ID ) 1 x ~rBXt (8) To substitute the equation (8) into the equation (7), the first cipher key KA is represented by using the third constant ~, the second secret information rB, the random number r, and the second constant t as follows:
KA = ~rBxrxt The random number r is also supplied to the distribution code generator 29. The distribution code generator 29 is supplied with the first secret information rA from the first secret information register 25, with the first and the third constants n and ~ from the first constant register 24, and with the transmission public information XA from the public information register 26. The distribution code generator 29 generates, as an intermediate cipher key, the key distribution code YA by applying the second predetermined transformation on the transmission public information XA
and the third constant ~ on the basis of the first constant n, the first secret information rA, and the random number r. The second predetermined transformation is represented by:
YA = XA x ~ A (mod n). (10) The key distribution code YA is supplied to the transmitting unit 30. The transmitting unit 30 is also supplied with the transmission identification information IDA held in the identification information register 27.
The transmitting unit 30 transmits, as the distribution information, the key distribution code YA and the transmission identification information IDA to the key receiving subsystem 12 via the first insecure communication channel 16.
In the key receiving subsystem 12, the receiving unit 32 receives, as the distribution information, the key distribution code YA and the transmission identification information IDA from the key transmitting subsystem 11 via the first insecure communication channel 16. The key distribution code YA and the transmission identification information IDA are supplied to the second cipher key generator 35 from the receiving unit 32. The 2062 1 7~) second cipher key generator 35 is also supplied with the first and the second constants n and t held in the second constant register 33 and with the second secret information rB held in the second secret information register 34. The second cipher key generator 35 generates the second cipher key KB by applying the third predetermined transformation on the key distribution code YA and the transmission identification information IDA on the basis of the first and the second constants n and t and the second secret information rB. The third predetermined transformation is represented by:
KB = (YA x IDA) B (mod n). (11) Incidentally, the following relationship is satisfied. That is:
t t x ~rxt = (IDA) 1 x ~ (12) To substitute the equation (12) into the equation (11), the second cipher key KB is represented by using the third constant ~, the second secret information rB, the random number r, and the second constant t as follows:
KB = ~rBxrxt (13) As apparent from the two equations (9) and (13), the second cipher key KB coincides with the first cipher key KA. As a result, it is unnecessary for the second, (key receiving) subsystem 12 to send distribution information to the first (key transmitting) subsystem 11.
This is because the second or reception public information XB for the second or reception converser B is 2062l7~) stored in the public file 13 and the first subsystem 11 can access the public file 13 by the second or reception identification information IDB to read the reception public information XB. Accordingly, the first subsystem 11 for the first converser A can distribute the cipher key to the second subsystem 12 for the second converser B
in spite of presence or absence of the second converser B. In addition, the first subsystem 11 can transmit, to the second subsystem 12, the enciphered messages as well as the key distribution code YA and the transmission identification information IDA.
Furthermore, an i-th converser assigned with the i-th identification information IDi, in general, has the i-th secret information ri which is held in the secret information register, like 25 and 34 in Fig. 1 and which is used as secret information for transmission and secret information for reception in common. As a result, it is possible to easily manage the secret information.
In order to impersonate the i-th converser by tampering with the i-th public information Xi, an eavesdropper must find the i-th public information Xi and the i-th secret information ri which satisfy the following relationship:
X t x ID ~txri ( d ) (14) However, it is difficult for the eavesdropper to find the i-th public information Xi and the i-th secret information ri by a converser's conspiracy attack. This reason will be described more in detail in a reference, 20621 7(J
for example, an article contributed by Eiji Okamoto to "Advances in Cryptology-CRIPTO '87", pages 194-202, under the title of "Key Distribution Systems Based on Identification Information". This reference describes that the subsidiary secret information si and the i-th secret information ri are not revealed although the i-th public information Xi is opened in the public.
Referring now to Fig. 3, description will be made as regards a subsystem, like the first and the second subsystems 11 and 12 in Fig. 1. The subsystem comprises a terminal unit (TMU) 41, a read only memory unit (ROM) 42, a random access memory unit (RAM) 43, a random number generator (RNG) 44, a common bus 45, and a signal processor (SP) 46. The terminal unit 41 may be a personal computer equipped with communication processing functions. The common bus 45 interconnects the terminal unit 41, the read only memory unit 42, the random access memory unit 43, the random number generator 44, and the signa] processor 46.
The random number generator 44 may be a key source disclosed in United States Patent No. 4,200,770 issued to Hellman et al. The signal processor 46 may be a processor available from CYLINK Corporation under the trade name CY 1024 KEY MANAGEMENT PROCESSOR.
The random number generator 44 generates the random number r in response to a command given from the signal processor 46. Therefore, the random number generator 44 acts in cooperation with the signal processor 46 as the random number generator 23 in Fig. 1.
The read only memory unit 42 stores the first through the third constants n, t, and ~, the i-th subsidiary secret information Si, the i-th secret information ri, and the i-th identification information IDi. The read only memory unit 42 is therefore operable as the constant register, like 24 or 33 in Fig. 1, the secret information register, like 25 or 34 in Fig. 1, and the identification information register, like 27 in Fig. 1. Instead of storing the i-th secret information ri into the read only memory unit 42, the i-th secret information ri may be stored in the random access memory unit 43 from the terminal unit 41 everytime conversers or users communicate. The random access memory unit 43 stores the lS i-th public information Xi. Therefore, the random access memory unit 43 acts as the public information register 26 in Fig. 1.
The read only memory unit 42 also stores a program which is divisible into a first subprogram for transmission and a second subprogram for reception. The random access memory unit 43 is used to temporarily store intermediate calculation results. According to the first subprogram stored in the read only memory unit 42, the signal processor 46 serves in cooperation with the random access memory unit 43 as the first cipher key generator 28 and the distribution code generator 29 in Fig. 1.
According to the second subprogram stored in the read only memory unit 42, the signal processor 46 acts in cooperation with the random access memory unit 43 as the second cipher key generator 35 in Fig. 1. The terminal unit 41 is operable as either the transmitting unit 30 in Fig. 1 or the receiving unit 32 in Fig. 1.
Each of the first and the second subsystems 11 and 12 may be a data processing unit such as a general purpose computer and an integrated circuit (IC) card.
Claims (7)
1. A method of distributing a cipher key between a first subsystem for a first converser and a second subsystem for a second converser via a communication channel by using a public file which stores public information corresponding to identification information assigned to conversers, said first and said second conversers being assigned with first and second identification information, respectively, said first and said second identification information corresponding to first and second public information, respectively, said first and said second subsystems having first and second secret information, respectively, each of said first and said second secret information being used as secret information for transmission and secret information for reception in common, said method comprising the following steps:
(a) accessing, in said first subsystem, said public file by said second identification information to read said second public information;
(b) generating, in said first subsystem, a random number;
(c) generating, in said first subsystem, a first cipher key by applying a first predetermined transformation on said second public information and said second identification information on the basis of first and second constants and said random number;
(d) generating, in said first subsystem, a key distribution code by applying a second predetermined transformation on said first public information and a - 26a -(Claim 1 continued) third constant on the basis of said first constant, said first secret information, and said random number;
(e) transmitting, as distribution information, said key distribution code and said first identification information from said first subsystem to said second subsystem via said communication channel;
(f) receiving, in said second subsystem, said distribution information from said first subsystem; and (g) generating, in said second subsystem, a second cipher key by applying a third predetermined transformation on said key distribution code and said first identification information on the basis of said first and said second constants and said second secret information, said second cipher key being equal to said first cipher key.
(a) accessing, in said first subsystem, said public file by said second identification information to read said second public information;
(b) generating, in said first subsystem, a random number;
(c) generating, in said first subsystem, a first cipher key by applying a first predetermined transformation on said second public information and said second identification information on the basis of first and second constants and said random number;
(d) generating, in said first subsystem, a key distribution code by applying a second predetermined transformation on said first public information and a - 26a -(Claim 1 continued) third constant on the basis of said first constant, said first secret information, and said random number;
(e) transmitting, as distribution information, said key distribution code and said first identification information from said first subsystem to said second subsystem via said communication channel;
(f) receiving, in said second subsystem, said distribution information from said first subsystem; and (g) generating, in said second subsystem, a second cipher key by applying a third predetermined transformation on said key distribution code and said first identification information on the basis of said first and said second constants and said second secret information, said second cipher key being equal to said first cipher key.
2. A key distribution method as claimed in Claim 1, wherein r is said random number, n, t, and ? are said first, said second, and said third constants, IDA and IDB
are said first and said second identification information, XA and XB are said first and said second public information, rA and rB are said first and said second secret infomration, KA and KB are said first and said second cipher keys, YA is said key distribution code, said first predetermined transformation is represented by:
KA = (XBt x IDB)r (mod n);
said second predetermined transformation is represented (Claim 2 continued) by:
YA = XA x ?r-r A (mod n);
and said third predetermined transformation is represented by:
KB = (YAt x IDA)rB (mod n).
are said first and said second identification information, XA and XB are said first and said second public information, rA and rB are said first and said second secret infomration, KA and KB are said first and said second cipher keys, YA is said key distribution code, said first predetermined transformation is represented by:
KA = (XBt x IDB)r (mod n);
said second predetermined transformation is represented (Claim 2 continued) by:
YA = XA x ?r-r A (mod n);
and said third predetermined transformation is represented by:
KB = (YAt x IDA)rB (mod n).
3. A key distribution method as claimed in Claim 2, wherein said first and said second identification information IDA and IDB are related to first and second subsidiary secret information sA and sB by using said first and said second constants n and t as follows:
sA = (IDA) -(l/t) (mod n);
and sB = (IDB) -(l/t) (mod n);
and said first and said second public information XA and XB are represented by using said first and said second subsidiary secret information sA and sB, said first and said third constants n and ?, and said first and said second secret information rA and rB as follows:
XA = sA x ?rA (mod n);
and XB = sB x ?rB (mod n).
sA = (IDA) -(l/t) (mod n);
and sB = (IDB) -(l/t) (mod n);
and said first and said second public information XA and XB are represented by using said first and said second subsidiary secret information sA and sB, said first and said third constants n and ?, and said first and said second secret information rA and rB as follows:
XA = sA x ?rA (mod n);
and XB = sB x ?rB (mod n).
4. A key transmitting subsystem for use in a key distribution system, said key transmitting subsystem being for transmitting distribution information to a key receiving subsystem of said key distribution system via a communication channel, said key receiving subsystem being for receiving said distribution information to generate a cipher key, said key transmitting subsystem being in use by a transmission converser whilst said key receiving subsystem is in use by a reception converser, said key distribution system comprising a public file which stores public information corresponding to identification information assigned to conversers, said transmission converser being assigned with transmission identification information corresponding to transmission public information whilst said reception converser is assigned with reception identification information corresponding to reception public information, said key transmitting subsystem comprising:
accessing means supplied with said reception identification information and connected to said public file for accessing said public file by said reception identification information to read said reception public information;
random number generating means for generating a random number;
constant holding means for holding first through third constants;
secret information holding means for holding secret information for said transmission converser the secret information being used as that for transmission and that for reception in common, public information holding means for holding said transmission public information;
identification information holding means for holding said transmission identification information;
cipher key generating means connected to said accessing means, said random number generating means, and (Claim 4 twice continued) said constant holding means for generating said cipher key by applying a first predetermined transformation on said reception public information and said reception identification information on the basis of said first and said second constants, and said random number;
code generating means connected to said random number generating means, said secret information holding means, said constant holding means, and said public information holding means for generating a key distribution code by applying a second predetermined transformation on said transmission public information and said third constant on the basis of said first constant, said secret information, and said random number; and transmitting means connected to said code generating means and said identification information holding means for transmitting, as said distribution information, said key distribution code and said transmission identification information to said key receiving subsystem via said communication channel.
accessing means supplied with said reception identification information and connected to said public file for accessing said public file by said reception identification information to read said reception public information;
random number generating means for generating a random number;
constant holding means for holding first through third constants;
secret information holding means for holding secret information for said transmission converser the secret information being used as that for transmission and that for reception in common, public information holding means for holding said transmission public information;
identification information holding means for holding said transmission identification information;
cipher key generating means connected to said accessing means, said random number generating means, and (Claim 4 twice continued) said constant holding means for generating said cipher key by applying a first predetermined transformation on said reception public information and said reception identification information on the basis of said first and said second constants, and said random number;
code generating means connected to said random number generating means, said secret information holding means, said constant holding means, and said public information holding means for generating a key distribution code by applying a second predetermined transformation on said transmission public information and said third constant on the basis of said first constant, said secret information, and said random number; and transmitting means connected to said code generating means and said identification information holding means for transmitting, as said distribution information, said key distribution code and said transmission identification information to said key receiving subsystem via said communication channel.
5. A key transmitting subsystem as claimed in Claim 4, wherein r is said random number, n, t, and ? are said first, said second, and said third constants, IDA
and IDB are said transmission and said reception identification information, XA and XB are said transmission and said reception public information, rA is said secret information, KA is said cipher key, YA is (Claim 5 continued) said key distribution code, said first predetermined transformation is represented by:
KA = (XBt x IDB)r (mod n);
and said second predetermined transformation is represented by:
YA = XA x ? r-rA (mod n).
and IDB are said transmission and said reception identification information, XA and XB are said transmission and said reception public information, rA is said secret information, KA is said cipher key, YA is (Claim 5 continued) said key distribution code, said first predetermined transformation is represented by:
KA = (XBt x IDB)r (mod n);
and said second predetermined transformation is represented by:
YA = XA x ? r-rA (mod n).
6. A key receiving subsystem for use in a key distribution system comprising a key transmitting subsystem for transmitting distribution information to said key receiving subsystem via a communication channel, said key receiving subsystem being for receiving said distribution information to generate a cipher key, said key transmitting subsystem being in use by a transmission converser while said key receiving subsystem is in use by a reception converser, said key distribution system comprisung a public file which stores public information corresponding to identification information assigned to conversers, said transmission converser being assigned with transmission identification information corresponding to transmission public information whilst said reception converser is assigned with reception identification information corresponding to reception public information, said key receiving subsystem comprising:
receiving means connected to said key transmitting subsystem via said communication channel for receiving, as said distribution information, a key distribution code and said transmission identification information from said key transmitting subsystem via said communication channel, said distribution code representing a number generated by using said transmission public information;
constant holding means for holding first and second constants;
secret information holding means for holding secret information for said second converser, the secret information being used as that for transmission and that for reception in common; and cipher key generating means connected to said receiving means, said constant information holding means, and said secret information holding means for generating said cipher key by applying a predetermined transformation on said key distribution code and said transmission identification information on the basis of said first and said second constants and said secret information.
receiving means connected to said key transmitting subsystem via said communication channel for receiving, as said distribution information, a key distribution code and said transmission identification information from said key transmitting subsystem via said communication channel, said distribution code representing a number generated by using said transmission public information;
constant holding means for holding first and second constants;
secret information holding means for holding secret information for said second converser, the secret information being used as that for transmission and that for reception in common; and cipher key generating means connected to said receiving means, said constant information holding means, and said secret information holding means for generating said cipher key by applying a predetermined transformation on said key distribution code and said transmission identification information on the basis of said first and said second constants and said secret information.
7. A key receiving subsystem as claimed in claim 6, wherein n and t are said first and said second constants, IDA
is said transmission identification information, rB is said secret information, YA is said key distribution code, KB is said cipher key, and said predetermined transformation is represented by:
KB = (YAt x IDA)rB (mod n).
is said transmission identification information, rB is said secret information, YA is said key distribution code, KB is said cipher key, and said predetermined transformation is represented by:
KB = (YAt x IDA)rB (mod n).
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP3119544A JP2725478B2 (en) | 1991-03-05 | 1991-03-05 | Encryption key distribution method |
| JP119544/1991 | 1991-03-05 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2062170A1 CA2062170A1 (en) | 1992-09-06 |
| CA2062170C true CA2062170C (en) | 1997-03-04 |
Family
ID=14763933
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002062170A Expired - Fee Related CA2062170C (en) | 1991-03-05 | 1992-03-02 | Key distribution system for distributing a cipher key between two subsystems by one-way communication |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US5251258A (en) |
| EP (1) | EP0502441B1 (en) |
| JP (1) | JP2725478B2 (en) |
| CA (1) | CA2062170C (en) |
| DE (1) | DE69227936T2 (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH06175905A (en) * | 1992-12-03 | 1994-06-24 | Fujitsu Ltd | Ciphered file sharing method |
| WO1995002292A1 (en) * | 1993-07-07 | 1995-01-19 | Ntt Mobile Communications Network Inc. | Method of controlling secrecy of personal communication |
| US5729608A (en) * | 1993-07-27 | 1998-03-17 | International Business Machines Corp. | Method and system for providing secure key distribution in a communication system |
| US5668878A (en) * | 1994-02-28 | 1997-09-16 | Brands; Stefanus Alfonsus | Secure cryptographic methods for electronic transfer of information |
| FR2717334B1 (en) * | 1994-03-11 | 1996-04-19 | Pierre Rolin | Integrity check of data exchanged between two telecommunications network stations. |
| US5748735A (en) * | 1994-07-18 | 1998-05-05 | Bell Atlantic Network Services, Inc. | Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography |
| US5557678A (en) * | 1994-07-18 | 1996-09-17 | Bell Atlantic Network Services, Inc. | System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem |
| US5838792A (en) * | 1994-07-18 | 1998-11-17 | Bell Atlantic Network Services, Inc. | Computer system for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem |
| US5588059A (en) * | 1995-03-02 | 1996-12-24 | Motorola, Inc. | Computer system and method for secure remote communication sessions |
| EP0735472A3 (en) * | 1995-03-31 | 2000-01-19 | Sun Microsystems, Inc. | Method and apparatus for conspiracy among objects |
| US5684951A (en) * | 1996-03-20 | 1997-11-04 | Synopsys, Inc. | Method and system for user authorization over a multi-user computer system |
| GB2319704B (en) * | 1996-11-15 | 2001-07-04 | Desktop Guardian Ltd | Data encryption technique |
| JP4543555B2 (en) * | 1999-04-13 | 2010-09-15 | ソニー株式会社 | Data transmission system, data transmission method, data transmission device, and data reception device |
| JP2001211155A (en) * | 2000-01-25 | 2001-08-03 | Murata Mach Ltd | Method and device for generating common key and cipher communication method |
| JP2001211154A (en) * | 2000-01-25 | 2001-08-03 | Murata Mach Ltd | Secret key generating method, ciphering method, and cipher communication method |
| SE517460C2 (en) * | 2000-03-24 | 2002-06-11 | Imp Internat Ab | Method and system for encryption and authentication |
| JP2007288254A (en) * | 2006-04-12 | 2007-11-01 | Sony Corp | Communication system, communication apparatus and method, and program |
| US8707042B2 (en) * | 2008-08-28 | 2014-04-22 | Red Hat, Inc. | Sharing keys between cooperating parties |
| KR20130049542A (en) * | 2011-11-04 | 2013-05-14 | 삼성전자주식회사 | Memory device and memory systme comprising the device |
| CN109240974A (en) * | 2017-07-10 | 2019-01-18 | 比亚迪股份有限公司 | Double 2-vote-2 system synchronous method and computer equipment |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4200770A (en) * | 1977-09-06 | 1980-04-29 | Stanford University | Cryptographic apparatus and method |
| EP0257585B1 (en) * | 1986-08-22 | 1992-11-25 | Nec Corporation | Key distribution method |
| US4908861A (en) * | 1987-08-28 | 1990-03-13 | International Business Machines Corporation | Data authentication using modification detection codes based on a public one way encryption function |
| JP2734726B2 (en) * | 1989-03-03 | 1998-04-02 | 日本電気株式会社 | Encryption key distribution method |
| CA2011396C (en) * | 1989-03-03 | 1995-01-03 | Kazue Tanaka | Cipher-key distribution system |
| US4956863A (en) * | 1989-04-17 | 1990-09-11 | Trw Inc. | Cryptographic method and apparatus for public key exchange with authentication |
| JP2606419B2 (en) * | 1989-08-07 | 1997-05-07 | 松下電器産業株式会社 | Cryptographic communication system and cryptographic communication method |
| JP3080382B2 (en) * | 1990-02-21 | 2000-08-28 | 株式会社日立製作所 | Cryptographic communication system |
| US5142578A (en) * | 1991-08-22 | 1992-08-25 | International Business Machines Corporation | Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors |
-
1991
- 1991-03-05 JP JP3119544A patent/JP2725478B2/en not_active Expired - Fee Related
-
1992
- 1992-02-28 US US07/843,275 patent/US5251258A/en not_active Expired - Lifetime
- 1992-02-28 EP EP92103460A patent/EP0502441B1/en not_active Expired - Lifetime
- 1992-02-28 DE DE69227936T patent/DE69227936T2/en not_active Expired - Fee Related
- 1992-03-02 CA CA002062170A patent/CA2062170C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CA2062170A1 (en) | 1992-09-06 |
| EP0502441A2 (en) | 1992-09-09 |
| DE69227936T2 (en) | 1999-05-27 |
| US5251258A (en) | 1993-10-05 |
| JP2725478B2 (en) | 1998-03-11 |
| DE69227936D1 (en) | 1999-02-04 |
| EP0502441B1 (en) | 1998-12-23 |
| EP0502441A3 (en) | 1993-06-23 |
| JPH04277951A (en) | 1992-10-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2062170C (en) | Key distribution system for distributing a cipher key between two subsystems by one-way communication | |
| CA1292790C (en) | Controlled use of cryptographic keys via generating station establishedcontrol values | |
| US5313521A (en) | Key distribution protocol for file transfer in the local area network | |
| Matsumoto et al. | On the key predistribution system: A practical solution to the key distribution problem | |
| US4876716A (en) | Key distribution method | |
| US5029208A (en) | Cipher-key distribution system | |
| US5602917A (en) | Method for secure session key generation | |
| US5745571A (en) | Cryptographic communications method and system | |
| US5124117A (en) | Cryptographic key distribution method and system | |
| US5519778A (en) | Method for enabling users of a cryptosystem to generate and use a private pair key for enciphering communications between the users | |
| EP0202768B1 (en) | Technique for reducing rsa crypto variable storage | |
| Li et al. | A matrix key-distribution scheme | |
| CN1322699C (en) | Indirect public-key encryption | |
| EP0695485B1 (en) | Fair cryptosystems and methods of use | |
| US5136642A (en) | Cryptographic communication method and cryptographic communication device | |
| US5073935A (en) | Method for secure communication | |
| JPH0448009B2 (en) | ||
| US5204901A (en) | Public key cryptographic mechanism | |
| JPS6370634A (en) | Cryptographic key sharing system | |
| US5761310A (en) | Communication system for messages enciphered according to an RSA-type procedure | |
| Chang et al. | The design of a conference key distribution system | |
| KR20050057474A (en) | Method and system for generating a common secret key | |
| JP2948605B2 (en) | Terminal for encrypted communication common to encryption keys | |
| JP2942395B2 (en) | Network system for secret communication | |
| CA1121480A (en) | Cryptographic apparatus and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |