JP3537959B2 - Information decryption device - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method of storing predetermined key information between a sender and a receiver of information, and using the key information to encrypt the information encrypted at the sender of the information. The present invention relates to an information encryption / decryption method for decrypting information on the side and an information encryption / decryption device using the same.

[0002]

2. Description of the Related Art Due to the development of various types of information equipment, mainly computers, the remarkable development of information-related technologies, and the development of a solid infrastructure for information networks, information activities via networks are becoming active daily. Along with that, the information itself handled in our daily life is becoming more and more qualitative, not to mention a quantitative increase. Computers and network users, who are the main actors of information activities, are also appearing at various levels of society, and the population engaged in information business is increasing.

[0003] As information activities become more familiar, crimes such as eavesdropping, tampering, and spoofing of information occur, which poses a major threat to information security. Without such efforts to prevent and prevent crime, safe information activities cannot be secured.
The use of cryptographic systems to ensure information security in networks is a common and powerful means. Currently, PEM (Privacy Enhanced)
Mail), secure HTTP, PGP (Pr
Practical systems using encryption, such as E.T. Good Privacy (Privacy), are beginning to attract attention.

[0004] However, these cryptosystems and secret information systems are not convenient and freely usable for Internet users connecting almost all networks in the world. In order for each user to decrypt the ciphertext sent from the communication partner and obtain the plaintext, it is necessary to know the encryption system used by the partner and to prepare a corresponding decryption device. For example, if you want to freely communicate with anyone on the Internet, you must support all the ciphers used around the world. This can lead to two additional costs: money and hassle. This is a major factor hindering the use of cryptography.

As a measure for solving this problem, standardization of an encryption system can be considered. It would be nice if there was a standard encryption system that anyone could use freely on the Internet, but there is no standard encryption system and it cannot exist. This is because there are various obstacles and problems with the use of standard cryptography. The main obstacles are trade laws between countries and licensing issues.

[0006] In addition to such legal restrictions, there is a problem of user preference for encryption. Encryption strength and speed,
With the progress of computer performance and utilization technology, the reliability of users for cryptography also changes, so some users may dislike standard standards.

[0007]

With the current mail system, it is possible to send mail to anywhere in the world if a network is connected across countries and regions.
If a common tool such as the mail system exists in the encryption system, anyone can use it easily. However, the emergence of a standard encryption system is difficult due to the various problems described above.

[0008] Because there is no standard encryption system, a user of the encryption system, especially a receiver of ciphertext, must prepare a decryption device for almost all encryption systems that a communication partner will use. This is a factor that hinders the use of encryption itself because it increases the cost of money and labor. The use of cryptography will be more open and free if there is a scheme that is not limited to the above-mentioned rights issues and that can satisfy personal preferences.

[0009] Considering future multimedia communications that handle information of various capacities and formats, such as images, sounds, data, and programs, for each of these,
It is not easy to prepare a device for performing encryption / decryption on the transmission / reception side. In particular, in a situation where the receiving side is often a general user in terms of information consumption, an information protection mechanism that does not burden the receiving side is required.

Accordingly, the present invention has been made in view of the above-described problems, and has been made in consideration of the above-described problems. An object of the present invention is to provide a decryption method and an encryption / decryption device using the same.

[0011]

SUMMARY OF THE INVENTION An information encryption / decryption method of the present invention holds predetermined key information between a sender and a receiver of information, respectively, and transmits information using the key information. In an information encryption / decryption method in which information encrypted on a hand side is decrypted on a receiver side, plaintext information is encrypted using one of a plurality of encryption algorithms selected by an information sender and the key information. To generate a ciphertext, combine the ciphertext with a decryption program corresponding to the selected encryption algorithm, and, on the information receiving side, link the combined ciphertext and the decryption program via a network or a recording medium. When the ciphertext is received, it is separated and the ciphertext is decrypted into plaintext information using the decryption program and the key information. Encryption and decryption according to the type of information handled easily.

[0012] Further, the information encryption / decryption device of the present invention comprises:
An information encryption / decryption device that holds predetermined key information between an information sender and an information receiver and decrypts information encrypted at the information sender using the key information at the receiver. , One of a plurality of encryption algorithms selected by the information sender, encryption means for encrypting plaintext information using the key information, and ciphertext encrypted by the encryption means. A synthesizing means for synthesizing a decryption program corresponding to the selected encryption algorithm, and a ciphertext and a decryption program synthesized by the synthesizing means received on the information receiving side via a network or a recording medium. Separating means for separating the ciphertext separated by the separating means into plaintext information using the decryption program separated by the separating means and the key information; By providing the without burdening the recipient of the ciphertext can be easily performed encryption and decryption according to the type of information handled.

[0013]

Embodiments of the present invention will be described below with reference to the drawings. In general, there are symmetric encryption systems and asymmetric encryption systems as encryption systems. A cryptosystem in which one of the encryption key and the decryption key can be easily obtained from the other is called a symmetric cryptosystem.
m), an encryption system that is not easily obtained is replaced with an asymmetric encryption system (as
ymmetric cryptosystem). Recently, public key cryptosystems that do not require key transmission have attracted attention, but the present invention proposes a system that does not depend on a specific cryptosystem and targets it for implementation. In addition, a public key cryptosystem that must have a cryptosystem for generating a key prior to cryptographic communication is excluded.

An information encryption / decryption device according to an embodiment of the present invention transmits an encrypted text and an algorithm for decrypting the same from an information sender to a receiver simultaneously, without depending on a specific encryption system. In addition, the load on the receiving side for decryption can be reduced. In this example, a case of encrypted communication (for example, a mail system) via a network will be described as an example.

FIG. 1 is a block diagram schematically showing a functional configuration of an information encryption / decryption device using the information encryption / decryption method of the present invention. The information sender includes at least an encryption unit 1, a synthesizing unit 2, a key information file 3, and an encryption library 4. The information receiver includes at least a separation unit 5, a decryption unit 6, and a key information file. 7 is provided.

The cryptographic library 4 includes, for example, FEAL
(Fast data Encipherment A
Lgorithm), NFSR (Non-linear)
Feedback Shift Register
s), a group of programs (an encryption program for encrypting a plaintext to generate a ciphertext and a corresponding decryption program for decrypting the ciphertext into a plaintext) are stored.

The key information files 3 and 7 store key information predetermined between the sender and the receiver of the information, respectively. The encrypting unit 1 encrypts the encryption program f of the encryption algorithm E selected by the user on the information sender side from the group of programs stored in the encryption library 4.
e, and encrypts the plaintext data M using the key information Ks stored in the key information file 3.

The synthesizing unit 2 synthesizes the ciphertext C encrypted and output by the encrypting unit 1 with the decryption program fd of the encryption algorithm E read from the encryption library 4.

The ciphertext C combined with the combining unit 2 and the decryption program fd (hereinafter, the combined data is referred to as encrypted data) are transmitted to the information receiver via a predetermined network.

The separating section 5 separates encrypted data received via the network into a ciphertext C and a decryption program fd. The decryption unit 6 decrypts the ciphertext C separated by the separation unit 5 using the decryption program fd also separated by the separation unit 5 and the key information Ks stored in the key information file 7. Has become.

Here, when the information encryption / decryption method of the present invention is realized by software and is implemented on a personal computer or the like to constitute an information encryption / decryption device, the software is used to implement the information encryption / decryption method. The configurational features will be described.

1) Description of Program When, for example, the ciphertext and the decryption program are simultaneously transferred via a network such as the Internet that can handle almost all users, what kind of terminal is connected to the network Since it is not known, at least the decryption program is desirably in a description format that does not depend on the OS or the microprocessor of the terminal on the receiving side of the encrypted data (no machine dependence).

For this purpose, in the present invention, a virtual machine is provided to a recipient of encrypted data, and a program is described in a machine language analyzed and processed by the virtual machine. The program described in the machine language can be understood by a virtual machine provided in a terminal (computer) on the receiving side of the encrypted data. To execute the program on an actual computer, the computer interprets the machine language, There is a need for a function (interpreter) that translates further into understandable code and passes it to a computer for execution. Software having at least such a function is referred to herein as a virtual machine.

2) Security Measures for Existing System (Mail System, etc.) When a decryption program sent from another terminal via a network such as the Internet is executed, the system of the terminal on the receiving side is executed by the program. It is required not to be destroyed. For example, in the decryption program, instructions such as deleting data or a program stored in a storage area of a memory, or overwriting a storage area of a memory where a data or a program is stored are: By executing the program, the system setting file may be rewritten or the file may be deleted.

As a countermeasure, according to the present invention, when the decryption program is actually executed, for example, at the time of execution by an interpreter, the code in the program is analyzed and computer resources such as a memory, a hard disk, and a printer are analyzed. , That is, code that may destroy the existing system, and deletes it to protect the system of the receiving user.

As described above, checking whether or not there is an illegal code which accesses an illegal resource in a program at the time of executing the interpreter and deleting it as necessary also serves as a protection wall against virus intrusion. Will.

3) Management of Key Information An object of the present invention is to perform information encryption / decryption without depending on a specific encryption processing system.
For this purpose, the encryption method requires a symmetric encryption system that does not require a specific encryption system for key generation, and the key management must be performed locally.

Therefore, in the present invention, a password is used to protect the key information file 3 even in an environment without a file protection function. FIG. 2 shows an example of the configuration of software for implementing the information encryption / decryption method of the present invention, which comprises a virtual machine 10, a user interface 11, a key information file 12, and an encryption library 13. The key information file 12 of FIG. 2 corresponds to the key information files 3 and 7 of FIG.
Corresponds to the encryption library 4 in FIG.

The virtual machine 10 has an interpreter function as described above, and can use, for example, the programming language Schema. The programming language Schema, together with Common Lisp, is a programming language Lsp (List Pro
ESSOR) standard language. Lisp is, as the name suggests, a language that excels at list processing. The list itself is merely a sequence of things (data), but has the property that it can easily and efficiently represent very complex information as soon as it is used. Because of this property, the programming language Lisp has been used in the field of symbol processing, particularly in the development of artificial intelligence systems such as expert systems, mathematical processing systems, theorem proving systems, machine translation systems, and the like. However, the range of use is not limited to symbol processing, but is also used in numerical processing, graphics, text processing including text editors, system programming, etc. (Taichi Yuasa; "Introduction to Scheme") Iwanami Shoten, 1991).

As a virtual machine, the language Schema (SC
M version 4el) can be adopted because it has the following features. 1. It is designed to run on almost all computers in a processing system independent of a specific machine or OS.

2. The description of the algorithm can be simplified. 3. Since there are almost no restrictions on the type of data and the number of data that can be handled, it is easy to handle very large integers, making it suitable for describing cryptographic algorithms.

4. Since the cipher text can also be described as a part of the Scheme program, it is not necessary to rely on input / output instructions for resources such as a memory, and the transmission text can be easily configured. SCM is a language created by MIT's Aubrey Jaffer. SCM is Algorithmic L
Report on angular Scheme (Re
visited 4 Report) and IEEE p. 11
78 (Aubrey J
after; Online MANUAL for S
CM version 4el, MIT. 1994).
Although it is a small Lisp, the processing speed and function are excellent.

The user interface 11 provides an environment that is easy for the user to use. The user interface 11 exists independently of the encryption system and has many utility functions. Even if the user does not have this, if he has a cryptographic library and an editor, he can perform encryption, transmission, and decryption. However, by using the user interface 11, such troubles can be saved.

Next, specific functions of the user interface 11 will be described below. 1. Management of key information: Performs new registration, change, and deletion of key information. For example, the key information together with the mail address of the communication partner is encrypted and stored in a key information file 12. At this time, the password is used as the encryption key.

2. Password management: PC (Persono)
A password is used to protect the key information file even in an environment that does not have a file protection function such as nal Computer).

3. Each function of the encryption unit 1, the synthesis unit 2, the separation unit 5, and the decryption unit 6 in FIG. 1 is realized by a cooperative operation with the virtual machine 10. 4. E-mail transmission agency and received mail analysis function: The received message contains not only the cipher text and algorithm but also the mail header. Information such as the reception time and the ID of the communication partner is written in the mail header. The user interface 11 picks up the mail ID of the communication partner, searches the key information file 12 for predetermined key information with the communication partner, and performs a decryption operation.

5. Harmful command code checking function (security measures for existing systems): The execution of the decrypted program may damage the recipient's computer system. For example, the system setting file may be rewritten or a necessary file may be deleted. The user interface 11 protects the user's system by checking a command code that can cause such damage from the sent program and deleting it. The output of the user interface 11 is not written in a file, but is displayed only on the screen.

As described with reference to FIG. 1, the encryption library 13 is a program that describes an encryption algorithm (an encryption program that encrypts a plaintext to generate an encrypted text, and correspondingly decrypts the encrypted text into a plaintext. Decryption program) group is stored. Virtual machine 10
For example, when the Schema language is used, the program group of the cryptographic library 13 is also a Schema group.
It is written in a language.

Anyone who follows a few rules can add a new encryption algorithm. The user writes his favorite encryption algorithm, for example, in Scheme,
You can add to this library.

In writing the encryption (decryption) program, for example, the following rules may be provided. 1. The decryption program must start with a "(define)" statement.The user interface 11 and the virtual machine 10 recognize this as the beginning of the program.

2. At the end of the decryption program, a symbol “end <smail>” to be notified to the user interface 11 and the virtual machine 10 must be written. This is to delete unnecessary information such as a mark at the end of mail attached by the mail system.

3. It is necessary to output a line feed mark for each of a fixed number (fixed to 100 in the implementation) of a cipher text and a decryption program generated by the encryption program. This is because the size of the line buffer of the mail system is limited, and information sent via the mail system may be cut off halfway.

4. An encryption program and a decryption program in the encryption library 13 are separately written, and an encryption program is used for encryption and a decryption program is used for decryption. This is to completely separate the interface and the library.

The software having the configuration as shown in FIG.
It needs to be implemented on the computer of the sender and the receiver of the information. Next, the processing operation of the information encryption / decryption device shown in FIGS. 1 and 2 will be described with reference to the flowcharts shown in FIGS.

The user on the information sender side first calls up the user interface 11 at the terminal (computer) when, for example, creating an e-mail text, encrypting it, and transferring it to the partner terminal. Then, when an operation guide or the like is displayed on a predetermined display device provided in the terminal via the user interface 11, based on the operation guide, a plurality of encryption algorithms stored in the encryption library 13 are displayed. , One encryption algorithm E for encrypting the electronic mail text (plaintext data M) to be processed is selected (step S1 in FIG. 3). Further, a destination (ID, address, etc. of the communication partner) of the e-mail text is specified.

In the user interface 11, for example,
Based on the ID of the communication partner, a predetermined key information Ks is searched from the key information file 12 with the communication partner (step S2), and an encryption algorithm E selected by the user from the encryption library 13 is retrieved. The encryption program fe is read out, and the encryption processing is performed on the plaintext data M to generate a ciphertext C (step S3).

In the user interface 11, further,
Reads the decryption program fd of the encryption algorithm E selected by the user from the encryption library 13, and
Then, the ciphertext C is combined with the ciphertext C, a mail header is added thereto, and the ciphertext C is transferred to the partner terminal via a predetermined network (step S4).

When the terminal on the information receiving side receives a communication message (encryption data) in which the ciphertext C and the decryption program fd are combined via a predetermined network (step S10 in FIG. 4), the user interface is automatically received. The face 11 is called (step S11), and the user interface 11
Separates the encrypted data into the ciphertext C and the decryption program fd (step S12).

The decryption program fd is stored in the virtual machine 10
Is translated into a code (executable program) that can be executed by the terminal on the receiving side by the interpreter provided in step S13. At this time, as described above, harmful command codes and the like on the program are checked and deleted (step S14).

On the other hand, the user interface 11 is predetermined from the key information file 12 with the communication partner based on the sender's mail ID described in the mail header added to the message. The key information Ks is read out (step S15).

The ciphertext C is decrypted into plaintext data M using the key information Ks and the decryption program fd translated into an executable program in the virtual machine 10 (step S1).
6). As described above, according to the above embodiment, the user who sends the ciphertext can use his / her own.
Alternatively, a ciphertext is generated by using the desired cryptographic system, and a decryption program is sent together with the ciphertext. At the receiving terminal, key information determined between the transmitted decryption program and a communication partner is determined in advance. , The plaintext is obtained from the ciphertext, so that the recipient side does not need any information on the type of the encryption system used by the other party, and there is no restriction on the right problem and the like, so that there is no burden at all. In addition, by checking the access command code for resources such as memory in the received decryption program and deleting it if necessary, not only can the existing mail system be used as it is, but also what effect on the existing system Has no effect. Therefore, encryption and decryption according to the type of information to be handled can be easily performed without imposing a burden on the recipient of the ciphertext.

The key information is previously indicated on the sender side and the receiver side, and secure communication is possible if the key information is not leaked to other persons. In addition, the receiver side does not need to prepare a decryption device in advance, and can obtain the original information simply by inputting the key information. Further, there is an advantage that the information sender can select or create a desired encryption.

Although the above embodiment has been described by taking as an example the encrypted communication of an electronic mail sentence using an existing mail system, the present invention is not limited to this case. The present invention can also be applied to a case where a user combines a ciphertext and a decryption program in a recording medium such as a floppy disk or a CDROM, and exchanges information via the recording medium.

[0054]

As described above, according to the present invention,
It is possible to provide an information encryption / decryption method capable of easily performing encryption / decryption according to the type of information to be handled without placing a burden on a recipient of a ciphertext, and an encryption / decryption system using the same.

[Brief description of the drawings]

FIG. 1 is a block diagram schematically showing a functional configuration of an information encryption / decryption device according to an embodiment of the present invention.

FIG. 2 is a diagram showing a configuration example of software for realizing the information encryption / decryption method according to the embodiment of the present invention.

FIG. 3 is a flowchart for explaining the processing operation of the information encryption / decryption device, showing the processing operation on the information sender side.

FIG. 4 is a flowchart for explaining the processing operation of the information encryption / decryption device, showing the processing operation on the information receiving side;

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Encryption part, 2 ... Synthesis part, 3 ... Key information file, 4 ...
Encryption library, 5: separation unit, 6: decryption unit, 7: key information file, 10: virtual machine, 11: user interface, 12: key information file, 13: encryption library, M: plaintext data, C: encryption Sentence, Ks ... Key information.

──────────────────────────────────────────────────続 き Continued on the front page (58) Field surveyed (Int.Cl. ⁷ , DB name) H04L 9/14 G06F 9/445 H04L 9/08 JICST file (JOIS)

Claims (1)

(57) [Claims] 1. An information decryption device for decrypting information encrypted by an information encryption device, comprising: storage means for storing predetermined key information with the information encryption device; Receiving, via a network or a recording medium, encrypted data including a decryption program for decrypting the encrypted text and the decryption program for decrypting the encrypted data, Means for deleting an input / output instruction for accessing the computer resource of the information decryption apparatus from the decryption program separated from the decryption program; and deleting the ciphertext separated from the encrypted data from the key information and the input / output instruction. Means for decoding by using the decoding program thus obtained to obtain the information.