JPH10222567A - Information access controller and method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To independently issue an electronic ticket, maintaining safety in a user's local environment. SOLUTION: A ticket calculation processing part 300 calculates a ticket t based on ticket creating information that accompanies a content. First, a cryptograph key D calculating part 301 calculates a key of cryptograph D and creates a ticket by using the key D, control information and user's inherent information. The certifying device 500 creates response against a challenge based on the ticket t, the user's inherent information and utilization control information and creates a content decoding key K based on the response. A decoding processing part 900 decodes a content by utilizing the key K.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a technique for controlling access to information by decrypting encrypted information and authenticating a right to use, and more particularly to a technique for generating auxiliary information used for performing access control.

[0002]

2. Description of the Related Art In recent years, with the progress of encryption technology and the development of networks, many electronic distribution systems have been proposed. The utility brought by the realization of electronic distribution is very diverse, but one particularly effective use is the distribution of electronic tickets. The ticket here refers to the traditional world of printed tickets, such as existing tickets and admission tickets, to the electronic rights of software and electronic content, such as licenses and usage fees. Up to and including.

[0003] In general ticket use, starting with the selection of a target service, ticket purchase,
A series of processes such as payment, receipt, and use are required. Since it is troublesome for both the seller and the user to perform these manually, it has been studied to digitize the tickets and process them online in combination with electronic payment means.

For example, in an electronic ticket sales / refund system and a sales / refund method disclosed in Japanese Patent Application Laid-Open No. 8-147500, a method for realizing a secure transaction with a plurality of ticket issuers via electronic money is disclosed. Has been proposed. In this method, the user can obtain the electronic ticket created by the ticket issuer from a remote location through a telephone line or the like. According to this method, forgery or unauthorized duplication of the electronic ticket is prevented, and the user can only confirm the contents of the electronic ticket with a terminal device having no decryption means.

[0005] However, such a method enables online issuance of a ticket itself for a one-to-one correspondence between a conventional ticket such as a ticket and an admission ticket as described above, but the electronic method. When information (digital information) such as converted services and contents is comprehensively handled by the concept of a ticket, there are great restrictions. In other words, in order to enjoy the further merit of digitization, such as changing the usage control such as the number of uses and the period for each user, it is necessary to perform encryption as a separate ticket including the usage control each time. , It is troublesome. There is also a restriction that electronic money is used.

[0006] On the other hand, the present applicant generates a ticket on the information providing side based on user-specific information and usage control information such as the number of uses and the period assigned to each user.
This is sent to the user, and a method of controlling the use of information on the user side is proposed (Japanese Patent Application No. 8-191756).
issue). In the description of this application, control information is referred to as proof auxiliary information, but can be regarded as a ticket in a broad sense. According to this method, it is not necessary to encrypt and distribute the control information together with the digital information, and furthermore, the security in the case where the control information is falsified is secured.

However, in the above two methods, when issuing a ticket, it is necessary to have a service provider physically and logically separated from the user's environment issue the ticket for security. Performing this for each service or content, that is, for each application unit of the ticket is time-consuming. Even if it is received online through a communication line or the like, there is a first problem that the communication cost ratio is currently large for small tickets.

On the other hand, in a system using such an electronic ticket, there are a plurality of service or content providers (providers) according to the service.
Generally, an organization (called a center) that handles confidential information independently and issues tickets and charges is provided. At this time, since the center has secret information such as a key of the content, for example, if the user is concerned, the center can freely view the content in principle. These problems can be a provider's psychological distrust of the center. This is the second problem.

[0009]

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and addresses the above-mentioned first problem, and has been developed independently in a local environment of a user while maintaining security. The purpose is to be able to issue electronic tickets.

Another object of the present invention is to address the second problem and eliminate the need for the center to know the key of the content so that the center cannot decrypt the content.

[0011]

According to the present invention, in order to achieve the above-mentioned object, means for holding user-specific information in an information access control device for controlling access to information to be protected, Means for calculating unique information of the information to be protected from auxiliary information of the information to be protected supplied from a manager of the information to be protected; means for holding unique information of the information to be protected; Means for calculating the auxiliary information for access control from at least the unique information of the user and the unique information of the protection target information;
Means for permitting access to the protection target information based on the user specific information and the auxiliary information.

In this configuration, since the information access control device can generate the access control auxiliary information, it is not necessary to frequently obtain the access auxiliary information from the outside.

According to the present invention, in an information access control device for controlling access to information to be protected, a means for holding user's unique information, a means for holding unique information of information to be protected, Means for calculating auxiliary information for controlling access to the target information from at least the user's unique information and the unique information of the protection target information; and the protection based on the user's unique information and the access control auxiliary information. Means for permitting access to the target information is provided.

Also in this configuration, since the information access control device can generate access control auxiliary information, there is no need to frequently obtain external access auxiliary information.

According to the present invention, in order to achieve the above object, a means for holding user-specific information in an information access control device for controlling access to information to be protected; Means for calculating unique information of the protection target information from auxiliary information of the information supplied from an administrator, means for holding the unique information of the protection target information, and means for holding the use control information of the protection target information Means for calculating auxiliary information for controlling access to the protection target information from at least the user's unique information, the unique information of the protection target information, and the use control information, and the user's unique information, the use control A method and means for permitting access to the information to be protected based on the auxiliary information.

Also in this configuration, since the information access control device can generate access control auxiliary information, it is not necessary to frequently obtain access auxiliary information from outside. In particular, there is no need to exchange access control auxiliary information for each use control information, which is very convenient.

Further, in the above-mentioned configuration, of the above-mentioned respective means, means for holding at least the user-specific information,
Means for calculating unique information of the protection target information, means for holding the unique information of the protection target information, and means for generating auxiliary information for controlling access to the protection target information, You may make it have the protection means which prevents that said various information leaks outside in the process of a process.

The auxiliary information of the information to be protected is generated by encrypting the unique information of the information to be protected by a predetermined method, and the means for calculating the unique information of the information to be protected includes: A means for decoding the auxiliary information of the target information may be included.

The information to be protected is encrypted with a modulus n of the RSA public key cryptosystem and a public key E, and the unique information of the information to be protected is the public information under the modulus n. The secret key D corresponding to the key E may be used.

The secret key D of the information to be protected is a public key pair E ′, n ′ different from the public key E and the modulus n.
May be encrypted. In this case, the center does not need to hold the secret key D.

The control of access to the information to be protected may be performed by encryption or may be performed based on authentication.

According to the present invention, in order to achieve the above object, in the information access control method, a step of transmitting auxiliary information of the information to be protected and a step of receiving the auxiliary information of the information to be protected are provided. Holding the unique information of the user, calculating the unique information of the protection target information from the auxiliary information of the protection target information, holding the unique information of the protection target information, Calculating the auxiliary information for access control from at least the unique information of the user and the unique information of the information to be protected, and permitting access to the information to be protected based on the unique information of the user and the auxiliary information. Steps to be followed. Also in this configuration, since the auxiliary information for access control can be generated on the information access control device side, it is not necessary to frequently obtain the auxiliary information for access from outside.

According to the present invention, in order to achieve the above object, an access control auxiliary information generating apparatus for generating access control auxiliary information used for controlling access to protected information includes: Means for holding user's unique information; means for calculating unique information of the protection target information from auxiliary information of the protection target information supplied from a manager of the protection target information; Means for holding and means for calculating the access control auxiliary information from at least the unique information of the user and the unique information of the protection target information are provided.

Also in this configuration, since the auxiliary information for access control can be generated on the information access control device side, it is not necessary to frequently obtain the auxiliary information for access from the outside.

In the above description, the information to be protected may be an application. According to the present invention, the use of the application of the information to be protected can be controlled.

[0026]

DESCRIPTION OF THE PREFERRED EMBODIMENTS

[Embodiment 1] FIG. 1 shows the configuration of Embodiment 1 of the present invention.
In the present embodiment, when decrypting the encrypted content (digital information), a use ticket having an arbitrary condition among a plurality of predetermined control information (use period, number of times, etc.) is assigned to the user's local information. A case where the content is issued in an environment and the content is decrypted and used under the conditions of the ticket will be described.

Referring to FIG. 1, a digital information access control device according to this embodiment includes an input unit 100, a capsule holding unit 2
00, ticket calculation processing unit 300, user unique information holding unit 400, certification processing unit 500, ticket t holding unit 60
0, a control information L holding unit 700, a conventional encryption key K calculation processing unit 800, a decryption processing unit 900, an output unit 1000, and a token 1100. Hereinafter, each will be described.

The input unit 100 has a connection to an external environment via a network 101 or the like and a connection to a local medium 102 such as a CD-ROM or a DVD, and supplies digital information to the capsule holding unit 200.

The capsule holding section 200 is a section for safely protecting the content, and includes ticket generation information 210,
Key calculation information 220, encrypted content (executable format and visualization data) 23 encrypted with key K by conventional encryption
Holds 0.

The key K is encrypted by the RSA public key encryption, and the key calculation information 220 holds the RSA public key E, the modulus n, and the encrypted key K ^E mod n.

The ticket generation information 210 includes, for the ticket generation ticket t ′, the ticket generation public keys n ′ and E ′ and their control information L ′, and the RSA secret key D encrypted by n ′ and E ′. Hold ^{E '} mod n'.

The user unique information holding unit 400 stores a user authentication key dU (4) as unique information for identifying a user.
01).

The control information L holding unit 700 holds control information L such as the expiration date and the number of times of use. It is assumed that this information has been distributed to the user in advance by the provider.

The ticket calculation processing unit 300 performs the above-described RS based on the information input from the ticket generation information 210.
The RSA secret key D corresponding to the A public key E is calculated by the secret key D calculation unit 301 and stored in the secret key D storage unit 302.
Further, at least this secret key D, modulus n (222),
The ticket t is calculated by the ticket t calculating unit 303 based on the control information L and the user authentication key dU (401), and stored in the ticket t holding unit 600.

The proof processing unit 500 transmits digital information (called a challenge: C
This is a program for performing authentication based on the user authentication key dU (401), the ticket, and the control information, and returning a decryption result (called a response: R). In this embodiment, it is used for both ticket calculation and key calculation.

The ticket t holding unit 600 holds the result obtained by the ticket calculation processing unit 300 and is used as a ticket t when decrypting and using the encrypted content. In this embodiment, the following formula is specifically used as a formula for calculating the ticket t.

[0037]

[Mathematical formula-see original document] t = D-hash (dU, L) + [omega] [phi] (n) In the calculation formula, the function hash () is the user authentication key d.
A one-way hash function taking U and control information L as arguments, ω is a random number, and φ (n) is the Euler number of modulus n. In the RSA cryptosystem, when prime numbers p and q are given, ED = 1 mod (p
−1) (q−1), and the Euler number φ (n) = (p−
1) It is (q-1).

Here, since p and q are not given in the user environment, the Euler number is unknown, but from the above, ED = 1 mod φ (n), and αφ ( Since n) = ED-1, if E is sent to the token, a multiple of φ (n) can be calculated in the token.

The ticket can be calculated by adding or subtracting the operation result depending on the modulus n, the user authentication key dU and the control information L from the secret key D, and is generalized as follows. You.

[0040]

T = D−f (L, n, dU) where f () is a one-way function.

The conventional encryption key K calculation processing section 800 calculates a challenge C based on K ^E mod n, E obtained from the key calculation information 220, and performs a proof processing based on this and n, t, and L. The customary encryption key K is calculated from the response R obtained from the unit 500.

The decryption processing unit 900 decrypts the encrypted content using the obtained key K.

The output unit 1000 outputs a program according to the type of the decrypted content if it is an executable format, or a process such as visualization by a viewer / browser if it is a visualized content.

The token 1100 includes at least the ticket calculation processing unit 300, the user-specific information holding unit 400,
This is a mechanism that includes a proof processing unit 500 and is protected (tamper-proofed) by defense means that prevents information from leaking outside during the process of holding, transmitting, and processing. In the framework of using a ticket, it is necessary that tamper-proofing be performed using a token in order to control access using the ticket.

Next, the operation of this embodiment will be described.
First, the operation for decoding the digital information after the ticket t has already been calculated will be described with reference to FIG.

First, the operation of the proof processing unit 500 will be described. The proof processing unit 500 receives the user authentication key dU, the control information L, the challenge C, the ticket t, and the modulus n as inputs, and calculates the following value when the control information L satisfies the condition.

[0047]

## ^EQU3 ## R ′ = C ^{hash (dU, L)} mod n Further, the following value is calculated and output as a response R.

[0048]

R = C ^t R ′ mod n Next, the operation of the conventional encryption key K calculation processing section 800 will be described. The customary encryption key K calculation processing unit 800 generates a random number r for each session in addition to the given K ^E mod n, (E, n). A challenge C obtained by encrypting a product obtained by multiplying a conventional encryption key K by a random number r is expressed as follows.

[0049]

Equation 5] C = r ^E K ^E mod n inputs the challenge C to the certification processing unit 500 along with other known parameters.

Since r is multiplied at the time of calculating C, the key K is obtained by multiplying the response R returned from the proof processing unit 500 by the reciprocal of r as follows.

[0051]

R ^-1 R = r ^-1 rK = K If t is calculated from the above, the conventional encryption key K is obtained, and the encrypted content can be decrypted.

Next, a method for generating the ticket t in a local environment will be described. (1) First, regarding the ticket t 'for issuing a ticket,
Keys n ', E', D 'and control information L' are prepared in advance. Here, it is assumed that there is a center that manages confidential information separately from the provider, and D ′ is held by the center together with the secret key D of the content. (2) The provider receives the ticket issuance ticket t 'and the encrypted D which are obtained by the following calculation at the center.

[0053]

T ′ = D′−hash (L ′, n ′) + φ (n ′) D ^{E ′} mod n ′ (3) The provider uses the above t ′ and D ^{E ′} mod as ticket generation information. In addition to n ′, L ′, E ′, n ′ are added to the content. (4) In the processing device of the user, the ticket calculation processing unit 3 based on the ticket generation information attached to the content.
At 00, the ticket t is calculated. For this calculation method, the same method as the calculation in the key calculation processing unit 301 is used. This will be described in more detail with reference to FIG.

The secret key D encrypted with the public key E 'is handled in the same manner as K in the above-described conventional encryption key K calculation process. That is, given D ^{E ′} mod n, (E ′, n ′),
Based on the random number r, the challenge C ′ is calculated as follows.

[0055]

C ′ = (r · D) ^{E ′} mod n ′ = r ^{E ′} D ^{E ′}
mod n 'In addition to the challenge C', the proof processing unit 500 is applied in exactly the same way as the key calculation, with the arguments t 'and L' given to the content as arguments. Then, a response R is returned from the certification processing unit 500, and the secret key D is obtained by multiplying the response R by the reciprocal of r as follows.

[0056]

R ⁻¹ R = r ⁻¹ rD = D Here, the ticket t is obtained by the following calculation as described above.

[0057]

[Mathematical formula-see original document] t = D-hash (dU, L) + [omega] [phi] (n) Since D is obtained, all the arguments are known.
Is calculated and stored in the ticket holding unit 600. later,
The processing described assuming that the ticket is already known is performed, and the content is decrypted.

In calculating the ticket, the secret key D is calculated as an intermediate result, so that the ticket calculation unit 303 must also be included in the token.

As is apparent from a comparison between FIG. 2 and FIG.
The exchange between the conventional encryption key K calculation processing unit 800 and the proof processing unit 500 is performed by the secret key D calculation unit 301 and the proof processing unit 5.
It has exactly the same configuration and processing as the exchange with the 00. Therefore, not only the proof processing unit 500 but also the key calculation unit 301 and the key calculation processing unit 800 can actually use exactly the same program or hardware. Second Embodiment Next, a second embodiment of the present invention will be described. FIG. 4 shows the configuration of the second embodiment of the present invention. In this embodiment, the center does not need to know the secret key D relating to the encryption of the content which is assumed to be held by the center in the first embodiment, and the provider can generate the content key independently.

The difference from the first embodiment is that a different RSA key nt, Et, Dt is used for each token. The center manages these and does not hold the secret key D itself. In addition, there is no ticket for issuing a ticket as information for generating a ticket, and as a method of encrypting and transferring D, D ^Et mod encrypted with the RSA public key is used.
Use nt.

The difference in structure is that ticket generation information 2
10, an encryption private key D holding unit 1200 is prepared, and the token private key D
t (402), and holding the token modulus nt (402).

Since the method after the generation of the ticket t is the same as that in the first embodiment, only the method for generating the ticket t will be described here. (1) As described above, the center manages different RSA keys nt, Et, and Dt for each token, and the token has n
t and Dt are tamper-proof and held. . (2) The user needs the D required to create a content ticket.
(Encrypted) and L to the provider. (3) The provider provides the center with the user's token n
t, Et, and encrypts the secret key (D ^Et mod n).
Calculate t) and send it to the user with L. (4) In the processing device of the user, the encrypted private key (D ^Et
mod nt) and token keys nt, Dt.
The ticket t is calculated by the ticket calculation processing unit 300.
In this calculation method, the key calculation processing unit 301 described in the first embodiment
A method similar to the calculation in is used. This will be described in more detail with reference to FIG.

The secret key (D ^Et encrypted with the public key Et)
modnt) is handled in the same manner as K in the above-described conventional encryption key K calculation process. However, here, the ticket calculation unit 30
An example is shown in which the random number r is not used, assuming that all 0s are tamper-proof. In addition to this, various realizations are possible, such as using the method of multiplying r described in the first embodiment by separately giving Et.

The given D ^Et mod nt is set as a challenge Ct.

[0065]

Ct = D ^Et modnt The ticket generation ticket tt is calculated in the token in the same manner as described above.

[0066]

Tt = Dt−hash (dU, L) + ωφ (nt) In addition to the challenges Ct and tt, L sent from the provider is input to the certification processing unit 500, and the response R, that is, the secret key D is obtained. Can be

As described above, the ticket t is set in the same manner as in the above example.
Can be obtained by the following calculation, after which ordinary decoding can be performed.

[0068]

T = D−hash (dU, L) + ωφ (n) It goes without saying that the present invention is not limited to the above embodiment. For example, as described above, the ticket calculation formula in the above-described embodiment is D to dU,
Any method may be used as long as it adds and subtracts a function using L and n as arguments. The method of calculating the secret key D may be any method that does not leak to the outside as described in the second embodiment. In the above-described embodiment, the decryption key K is calculated and decrypted. However, it goes without saying that authentication may be performed using the above-described challenge and response.

The present invention can also be used for controlling access to analog information, for example, for authenticating access rights to analog information.

[0070]

As described above, according to the present invention,
It is possible to issue electronic tickets independently in a local environment of the user while maintaining security. As a result, there is an advantage that it is not necessary to obtain a ticket for each service or content via a center or the like, and that communication costs are unnecessary for a small ticket.

Further, the center does not need to know the key of the content so that the center cannot decrypt the content. As a result, the center can be prevented from freely viewing the content, and unnecessary distrust is avoided.

Further, according to the realization method in which the existing key calculation unit and the proof processing unit are applied in a double manner as described in the embodiment, the number of parts newly prepared for the present invention is extremely small. However, costs can be kept low regardless of hardware or software. In particular, it is advantageous for reduction in capacity and integration into one chip when realized by hardware.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating a configuration of a first exemplary embodiment of the present invention.

FIG. 2 is a diagram illustrating a content decryption operation according to the first embodiment.

FIG. 3 is a diagram illustrating a ticket generation operation according to the first embodiment.

FIG. 4 is a diagram illustrating a configuration of a second exemplary embodiment of the present invention.

FIG. 5 is a diagram illustrating a ticket generation operation according to the second embodiment.

[Explanation of symbols]

 200 Capsule holding unit 300 Ticket calculation processing unit 400 User unique information holding unit 500 Certification processing unit 600 Ticket t holding unit 700 Control information L holding unit 800 Conventional encryption key calculation processing unit 900 Decryption unit 1100 Token

Continued on the front page (51) Int.Cl. ⁶ Identification code FI H04L 9/00 601B 601E 675B

Claims (12)

[Claims] 1. An information access control device for controlling access to information to be protected, comprising: means for holding user's unique information; and information from auxiliary information of the information to be protected supplied from a manager of the information to be protected. Means for calculating the unique information of the information to be protected; means for holding the unique information of the information to be protected; and auxiliary information for controlling access to the information to be protected, at least the unique information of the user and the information to be protected. An information access control device, comprising: means for calculating from the unique information of the user; and means for permitting access to the protection target information based on the unique information of the user and the auxiliary information for access control. 2. An information access control device for controlling access to information to be protected, comprising: means for holding user's unique information; means for holding unique information of the information to be protected; and access control to the information to be protected. Means for calculating at least auxiliary information for use from the unique information of the user and the unique information of the information to be protected, and an access to the information to be protected based on the unique information of the user and the auxiliary information for access control. An information access control device comprising: means for allowing access. 3. An information access control device for controlling access to information to be protected, comprising: means for holding user's unique information; and an auxiliary information of the information supplied from a manager of the information to be protected. Means for calculating unique information of information; means for holding unique information of the protection target information; means for holding usage control information of the protection target information; and auxiliary information for controlling access to the protection target information. Means for calculating at least the unique information of the user, the unique information of the protection target information, and the use control information; and the protection target based on the user unique information, the use control method, and the access control auxiliary information. Means for permitting access to information. 4. A means for holding at least the user's unique information, a means for calculating the unique information of the protection target information, a means for holding the unique information of the protection target information, and the protection target 3. The information according to claim 1, wherein the means for generating auxiliary information for controlling access to the information includes a protection means for preventing the leakage of the various information to the outside in the process of holding, transmitting, and processing the various information. Access control device. 5. The auxiliary information of the protection target information is generated by encrypting the unique information of the protection target information by a predetermined method, and the means for calculating the unique information of the protection target information includes: 5. The information access control device according to claim 1, further comprising means for decoding auxiliary information of the target information. 6. The information to be protected is encrypted with a modulus n of an RSA public key cryptosystem and a public key E, and the unique information of the information to be protected is the public information under a modulus n. The information access control device according to claim 1, 2, 3, or 4, wherein the secret key D corresponds to the key E. 7. The secret key D of the information to be protected is encrypted with a public key pair E ′, n ′ different from the public key E and the modulus n. Or the information access control device according to 5. 8. The information access control device according to claim 1, wherein the control of access to the protection target information is performed by decoding. 9. The method according to claim 1, wherein control of access to the protection target information is performed based on authentication.
Or the information access control device according to 7. 10. The method according to claim 1, wherein accessing the protected information includes using an application.
The information access control device according to 3, 4, 5, 6, 7, 8 or 9. 11. A step of sending auxiliary information of the information to be protected, a step of receiving the auxiliary information of the information to be protected, a step of retaining user-specific information, and Calculating the unique information of the information; holding the unique information of the protection target information; and providing auxiliary information for controlling access to the protection target information, at least the user unique information and the uniqueness of the protection target information. An information access control method, comprising: calculating from information; and allowing access to the protection target information based on the user specific information and the access control auxiliary information. 12. An access control auxiliary information generating apparatus for generating access control auxiliary information used for controlling access to protection target information, comprising: means for holding user's unique information; Means for calculating the unique information of the protection target information from the auxiliary information of the protection target information supplied from an administrator; means for holding the unique information of the protection target information; and Means for calculating from the unique information of the user and the unique information of the protection target information.