JP4968622B2 - Group member confirmation system, group member confirmation method, and program - Google Patents

Description

  The present invention relates to a group member confirmation system and a group member confirmation method, and more particularly to a group member confirmation system and a group member confirmation method using a mobile terminal.

  In the past, to confirm whether the other party was a legitimate party, the name was spoken verbally or the name was disclosed by presenting an identification card or the like. In the case of electronic confirmation, it was in the form of requesting confirmation from the center, system, etc. via the network. However, the conventional method has the following problems.

  The first problem is that there is a case where personal information such as a name is asked to be disclosed even if it is not desired to be disclosed in order to confirm whether the person is a legitimate person. The reason is that the so-called name is the key to whether the individual is a legitimate partner. This is a situation where, for example, a person who meets only once, such as a home delivery company or a moving company, discloses personal information such as a name when the person is asked and trusts the other party.

  The second problem is that there is a risk of being impersonated as a legitimate partner. The reason is that there is no way to confirm on the spot even if there is a lie in the content of the spoken word or a paper flyer. As an example of impersonation, there is a case where the entrance door is opened by pretending to be a courier delivery, soliciting something or selling a product.

  The third problem is that if there is a center, server, etc. that proves the identity of personal information in another place, use the network to check whether the other party is electronically valid An environment that can be used is necessary. In the currently known method, when confirming the other party, it is necessary to separately send information to the system via the network and request confirmation.

  The fourth problem is that in the case of the public key method, it is necessary to obtain the public keys for all the parties to be confirmed in advance. You need to get the public key for everyone. The reason is that in the case of the public key method, in order to prove that it is legitimate, a signature is signed with its own private key, and the signature is verified with its own public key.

  In other words, the authentication method of the other party so far is a legitimate person, for example, using the public key method, signing with its own private key and having the other party decrypt it with the public key. I proved that.

  Also, in the case of a delivery service, as a system for electronically confirming receipt, the recipient holds the secret key in the public key method, and the merchant system holds the public key corresponding to the secret key, and it is included in the delivery slip. The recipient slip is encrypted with his / her private key and sent to the vendor system, and the vendor system decrypts the encrypted data received using the recipient's public key to verify receipt. Has been proposed (Japanese Patent Laid-Open No. 2003-128254).

  However, these methods can basically only prove that they are legitimate, so in order to prove that both parties are legitimate, both parties obtain or send the other party's public key in some way in advance. In order to confirm the validity of multiple people, it was necessary to obtain a public key for each. Furthermore, there is a problem that a network environment such as the Internet is indispensable when requesting confirmation of validity from a center such as a third party organization.

JP-A-2004-159298 (Patent Document 1) discloses a terminal device, a communication method, and a communication system.
In this prior art, an arbitrary character string is transmitted from the terminal Y to the terminal X, and the terminal X transmits a character string encrypted with its own secret key and a group participation certificate to the terminal Y. The terminal Y authenticates the terminal X by decrypting the participation certificate with the group public key and confirming whether or not it has succeeded.

Japanese Patent Laying-Open No. 2005-236850 (Patent Document 2) discloses a data communication apparatus and method, and a program.
In this prior art, validity verification data including a time / electronic signature or the like and a public key certificate are transmitted from the user terminal to the group management apparatus, and the management apparatus determines the validity of the user terminal.

Japanese Unexamined Patent Application Publication No. 2006-135618 (Patent Document 3) discloses a key management method, a key generation method, an encryption processing method, a decryption processing method, an electronic signature method, an access management method, and a communication network system.
In this prior art, an NW (network) management server distributes a decryption secret key to each user for a plurality of users (group members) sharing information.

Japanese Patent Laying-Open No. 2006-171829 (Patent Document 4) discloses an electronic shopping system and method.
In this prior art, each terminal obtains an authentication ticket that proves that the authentication server has been recognized normally, and the grouping server obtains the authentication ticket from each terminal that constitutes the group so that the member is valid. Certify.

  Furthermore, as related technologies, Japanese Patent Laid-Open No. 2002-342737 (Patent Document 5), Japanese Patent Laid-Open No. 2003-128254 (Patent Document 6), and Japanese Patent No. 3775864 (Patent Document 7) are known.

JP 2004-159298 A JP 2005-236850 A JP 2006-135618 A JP 2006-171829 A JP 2002-342737 A JP 2003-128254 A Japanese Patent No. 3775864

  An object of the present invention is to provide a group member confirmation method and a group member confirmation system that solve the conventional problems.

  In the following, means for solving the problem will be described using the numbers used in [Best Mode for Carrying Out the Invention] in parentheses. These numbers are added to clarify the correspondence between the description of [Claims] and [Best Mode for Carrying Out the Invention]. However, these numbers should not be used to interpret the technical scope of the invention described in [Claims].

  The group member confirmation system of the present invention generates different key information for members of the same group, selects the same prime number as the number of members, and generates the generated key information and all selected A center terminal (10) that distributes a product of prime numbers, a product of key information obtained from the center terminal (10) and the mobile terminals (20) of other members, and a prime number obtained from the center terminal (10). And a portable terminal (20) for verifying whether or not it is a member of the same group using the product.

  The center terminal (10) notifies the number of members to the portable terminal (20).

  The center terminal (10) includes a key generation unit (14) that generates different key information for members of the same group, an input / output control unit (12) that controls distribution of the generated key information, A storage unit (13) for storing the key information, and a prime number generation unit (15) for generating a prime number used for generation and verification of the key information.

  Here, the said portable terminal (20) produces | generates the random number used for the memory | storage part (23) which memorize | stores the key information acquired from the said center terminal (10) and the portable terminal (20) of another member, and verification A random number generation unit (25); and a calculation unit (24) that performs a calculation for verifying membership of the same group based on the key information, the product of prime numbers, and the random number.

  Alternatively, the center terminal (10) further includes a ciphertext generation unit (16) that generates a ciphertext obtained by encrypting plaintext to be encrypted with extra generated key information. The mobile terminal (20) includes a storage unit (23) for storing key information and ciphertext acquired from the center terminal (10) and another mobile terminal (20), key information, a product of prime numbers, and ciphertext. And a calculation unit (24) for performing a calculation for verifying that the members are members of the same group.

The group member confirmation method of the present invention includes the steps of (a1) the center terminal (10) determining the number n of members of the group and selecting _n different prime numbers _Pn , and (a2) the selected n number of prime numbers Calculating a product L = (P ₁ −1) × (P ₂ −1) ×... × (P _n −1) of values obtained by subtracting 1 from each of different prime numbers; (a3) the calculated L and Are disjoint, satisfy K ₁ × K ₂ ×... × K _n ≡1 mod L, and K ₁ , K ₂ ,..., K _n are all different, and K _i ≠ 1 (i = 1 to n) become such n pieces of key information _{K 1, K 2, ...,} and selecting _{K n,} the product _{Q = P 1 × P 2 ×} ... × P n of n primes selected (a4) and calculating, with respect to (a5) mobile terminal of each member _{G i} of the group (20), vinegar to distribute the _(K i, Q) Tsu; and a flop.

In step (a3), when (a31) n is equal to or greater than 3, K _{1 to} K _n−1 are selected so that they are disjoint from L and K _i ≠ 1, and K _i is all different, K _n comprises the step of selecting to be the inverse of K ₁ × K ₂ ×... × K _n−1 under the modulo L.

Wherein (a5) step, (a51) to the mobile terminal (20) of the _{G i,} comprising the step of notifying the number of members n.

Group Members confirmation method of the present invention, (b1) said to _{G i} of the mobile terminal (20), member key information _K 1 of all _content, K 2, ..., a step of collecting the _{K n,} (b2) the _{G i} in the mobile terminal (20), generating a random number R, (b3) on the mobile terminal (20) of the _{G i,} calculate ^{_{R'≡R (K 1 × K 2 ×}} ... × K n) modQ And (b4) comparing R with the calculated R ′, and if R = R ′, all the members G _i gathered are valid members who have obtained key information from the center terminal (10), If R ≠ R ', at least one out of at least gathered members G _i there is an unauthorized party which is not to get a valid key information from the center terminal (10), or still not equipped with all the determination Further comprising the steps of:

According to another group member confirmation method of the present invention, (c1) the center terminal (10) determines the number n of members of the group and selects _{n + 1} different prime numbers _{Pn + 1} ; and (c2) is selected. A step of calculating a product L = (P ₁ −1) × (P ₂ −1) ×... × (P _{n + 1} −1) obtained by subtracting 1 from each of n + 1 different prime numbers; (c3) calculation Selecting (n + 1) pieces of key information K ₁ , K ₂ ,..., K _{n + 1} that are relatively prime to L and K ₁ × K ₂ ×... × K _{n + 1} ≡1 mod L, (c4) Calculating the product of n + 1 primes Q≡P ₁ × P ₂ ×... × P _{n + 1} modQ; (c5) determining the plaintext M to be encrypted; and (c6) generated key information. one of the by ^{_{K n + 1, C = M}} (K n + ⁾ Calculating the MODQ, the mobile terminal (20) of (c7) each member of the group _G i (i = _1~n), and a step of distributing _{K i} and Q, a C.

In another group member confirmation method of the present invention, (d1) collecting key information K ₁ , K ₂ ,..., K _n for all members in the G _i mobile terminal (20); on the mobile terminal (20) of the G _i, further comprising calculating a _{^{M '= C (K 1 ×}} ... × K n) modQ.

  The program of the present invention causes a computer to execute the above group member confirmation method.

Thus, in the present invention, P _i (i = 1 to n, n: a natural number of 2 or more) is set to 3 or more different prime numbers. For the n members G ₁ , G ₂ ,..., G _n appointed by the center (intermediary), the center (intermediary), respectively, K ₁ × K ₂ × ... × K _n ≡1 mod ((P ₁ − _{1) × (P 2 -1)} × ... × (P n -1)) different key (key information _{satisfying) K 1, K 2, ...} , to create a _{K n, K i} and Q (= _{P 1} A pair of × P ₂ × ... × P _n ) is distributed. However, K ₁ , K ₂ ,..., Kn are _values other than 1 and different from each other and L (= (P ₁ −1) × (P ₂ −1) ×... × (P _n −1)). And The procedure for confirming whether n persons belong to the same group (a set of members designated by the center (broker)) is as follows.
First, the keys K ₁ , K ₂ ,..., K _n of each terminal are collected in terminals of arbitrary members G _i (i is an arbitrary satisfying 1 ≦ i ≦ n) among n members.
Next, an arbitrary value R satisfying 1 ≦ R ≦ Q−1 is generated at the G _i terminal.
Next, R′≡R ^(K ₁ × ^K ₂ ×... × ^K _n ⁾ modQ is calculated at the G _i terminal.
Finally, if R = R ′, then n are members of the same group nominated by the center, and if R ≠ R ′, then at least one person is using a key from another group or the number of keys is n It is judged that it is other than.

The first effect is that even the first meeting partner can confirm the partner designated by the center (intermediary) without giving out any personal information. The reason is that the legitimacy of the other party can be confirmed by calculation based on keys (key information) individually issued by the center.
The second effect is that it is not necessary to make an inquiry to the center that issued the key when checking whether the member is a legitimate partner. The reason is that if the key data is directly received from the other party's portable terminal via infrared communication or an external storage device, it is possible to verify whether the other party is valid by calculating on the spot.
A third effect is that a communication environment such as the Internet is not required when checking whether the other party is valid. The reason is the same as the reason for the second effect.
The fourth effect is that even when there are three or more members, it is possible to determine that each is a correct partner by a single verification process instead of individual confirmation. The reason is that confirmation is performed using a product of key information due to the nature of the operation.
The fifth effect is that the keys distributed by the center are all different and it is difficult to forge appropriately with an arbitrary value. The reason is based on a large prime number at the time of key generation, but the product Q of all the prime numbers used is distributed to the members of the group. In order to determine the key, it is necessary to factorize Q. However, as each prime number increases, this factorization becomes more difficult. Moreover, even if an appropriate value is used as a key, the probability of matching with the key created by the center becomes smaller as the prime numbers selected first become larger.
A sixth effect is that, when a member is verified, each portable terminal has no concept of an authentication side and an authenticated side, and anyone can confirm if the same functional configuration is implemented. This is because the verification results are always the same if the same verification algorithm is used due to the nature of the operation.
The seventh effect is that a special key such as a certificate is unnecessary, and a disposable key can be generated and used each time without special equipment or tools. The reason is that the values used are only natural numbers and can be handled freely without the need for special formats.

  In the present invention, there is a common mediator, but in the case where the parties actually meeting at a seat where there is no mediator is completely the first meeting, even when there is no environment for using a public network such as the Internet, all personal information is disclosed A group member confirmation method and a group member confirmation system that can confirm that both parties (in the case of a group of three or more persons) can be confirmed as an intermediary or a correct partner. Distribute a different key (key information) from each organization (intermediary) equivalent to the center to each member who wants to be in the same group (for example, wants to match), and each member distributes the key to a device such as a mobile phone. Store. When each member confirms that the other party should meet, an arbitrary member receives a key from the other party (all members in the case of a group of three or more) and performs a simple calculation on his / her device. As a result of the calculation, it can be determined whether or not the partner is a partner to be met (a member of the same group) designated by the mediator. Even if the other party is a complete first meeting, there is no need to disclose any personal information, and only the key is presented. At the time of confirmation, if even one person has a key of a different group, the calculation result is inappropriate. In addition, since the keys held by each person are all different, it is impossible to determine whether the other party is valid or not at first glance. In addition, it is very difficult to forge a key, and since the operation is performed based on the result of collecting a plurality of keys including one's own key to determine the other party, a fraudulent person who has forged and impersonated the key is mixed in. If it is, it can be determined that an illegal key is included.

A first embodiment of the present invention will be described below with reference to the accompanying drawings.
Referring to FIG. 1, the present embodiment includes a center (intermediary) terminal 10 and a mobile terminal 20 (G _i , i = 1 to n). The center terminal 10 and the mobile terminal 20 operate by program control and are connected to each other via a network 100 such as the Internet. The center terminal 10 is an apparatus having a personal computer, a mobile phone, and a mobile terminal information processing function, and generates a different key for each member of the same group and transmits the key to each member via the network, or It has a function of distributing keys via an external storage device such as a USB memory. The mobile terminal 20 (G _i ) is a device having an information processing function such as a mobile phone, a mobile terminal, a personal computer, etc., and receives keys from the center and other members, and determines whether or not a group member is based on those keys. A function to perform verification is provided. In addition, the mobile terminal 20 may be a device such as an interphone at the entrance, which is provided with the above function.

  Referring to FIG. 2, the center terminal 10 includes an input / output device 11, an input / output control unit 12, a storage unit 13, a key generation unit 14, and a prime number generation unit 15. Examples of the input / output device 11 include a network interface, a keyboard, a button, an SD card (Secure Digital memory card), and a USB (Universal Serial Bus). The input / output control unit 12 controls output of information input via the input / output device 11 and keys and other information created in the center. The storage unit 13 stores the created key. The key generation unit 14 generates a key that proves that it is a member of the same group and performs other operations. The prime number generation unit 15 generates a prime number used for key generation and verification.

Referring to FIG. 3, the mobile terminal 20 (G _i ) includes an input / output device 21, an input / output control unit 22, a storage unit 23, a calculation unit 24, and a random number generation unit 25. The input / output device 21 has a communication function such as a network interface, a keyboard, a button, an SD card, USB, Bluetooth, infrared communication, and an external input / output function. The input / output control unit 22 controls output such as display of information input via the input / output device 21, verification results verified in the mobile terminal 20 (G _i ), and other information. The storage unit 23 stores a key transmitted from the center 10 and a key received from another portable terminal to be verified. The calculation unit 24 performs a calculation for verifying that it is a member of the same group. The random number generator 25 generates a random number used for verification.

Next, the operation of this embodiment will be described in detail with reference to FIG. 1, FIG. 2, FIG. 3, FIG.
Here, in order to make the explanation easy to understand, it is assumed that a mediator corresponding to the center terminal 10 in FIG. 1 pulls G ₁ and G ₂ together. Intermediary knows both _{G 1} and _{G 2, G 1} and _{G 2} knows the intermediary. G ₁ and _{G 2} may or may not acquainted with each other. Members G ₁ and G ₂ is made to belong to the same group.

First, with reference to FIG. 4, a process for generating and distributing a key distributed to each member by an intermediary (center terminal 10) will be described.
(1) Step S101
The intermediary determines the number n of members of the group. Here, the _{G 1} and _{G 2} since n = 2.
(2) Step S102
Next, n different prime numbers are selected (P1 and P2 respectively). The prime number selected here is desirably larger. The reason is that the difficulty of preventing forgery of the key in this method depends on the difficulty of prime factorization, and in that case, the larger the P corresponding to the prime factor, the more difficult the prime factorization.
(3) Step S103
Next, a product L = (P ₁ −1) × (P ₂ −1) ×... × (P _n −1) obtained by subtracting 1 from each selected prime number is calculated.
(4) Step S104
Next, relatively prime and calculated The L, and satisfies _{K 1 × K 2 × ... ×} K n ≡1modL, _{and, K 1, K 2, ...} , K n are all different, and, _{K i} ≠ 1 Select _n keys K ₁ , K ₂ ,..., K _{n such} that Here, (K ₁ , K ₂ ) is selected. When n is 3 or more, for example, K _{1 to} K _n−1 are selected so that L is mutually prime and K _i ≠ 1 and K _i is completely different, and the last K _n is K under the modulus L. ₁ × K ₂ ×... × K _n-1 is selected so as to be an inverse element. Note that 1 mod L means a remainder (remainder) obtained by dividing 1 by L.
(5) Step S105
Next, a product Q = P ₁ × P ₂ ×... × P _n of n selected prime numbers is calculated.
(6) Step S106
Finally, a pair of (K _i , Q) is distributed to each member G _i via a network or an external storage device. Here, (K ₁ , Q) is distributed to G ₁ and (K ₂ , Q) is distributed to G ₂ .

Next, a method for verifying whether each member is actually a member of the same group designated by the mediator when each member actually meets will be described with reference to FIG.
(1) Step S201
When members aligned, the mobile terminal 20 of any member G _i, keys of all partial K _1, K 2, _..., a K _n, collected via the infrared communication or the external storage device or the like.
(2) Step S202
Next, the portable terminal 20 of _{G i,} and generates a random number R.
(3) Step S203
Next, on the mobile terminal 20 of _{G i,} computes the ^{_{R'≡R (K 1 × K 2 ×}} ... × K n) modQ.
(4) Step S204
'Compared with the, R = R' R, which was calculated to R if, gathered members G _i is a legitimate member G _i received the key from all intermediaries, if R ≠ R ', at least gathered members G _At least one of _i determines that there is an illegal partner who has not received a valid key from the mediator, or that all of them are not yet available. If there is only one partner, it can be determined that the partner is an unauthorized partner.
(5) Step S205
The result of the last judgment is displayed.

For example, G ₁ of the above is not a mobile terminal, is a intercom in the home or apartment, etc., G ₂ is a delivery man courier. The key K ₁ and Q are notified in advance from the delivery center to the G ₁ interphone or the home that owns the G ₁ interphone and stored in G ₁ , and the delivery person stores the key K in his portable terminal G _2. Remember ₂ . When the delivery man came the luggage delivery, ask to move the key K ₂ from G ₂ to the intercom G ₁ before opening the front door, it is to verify the opponent on G _1, delivery person legitimate partner It can be confirmed whether it is. By opening the door after confirming the opponent, you can protect yourself from crimes such as impersonation. Further, when representatives of a plurality of companies hold a meeting, it is possible to detect the presence of outsiders even before the meeting is held, even if the hostile company impersonates and enters.

Next, a second embodiment of the present invention will be described in detail with reference to the drawings.
Referring to FIG. 6, the present embodiment is different from the first embodiment in that the number of group members n is added to the information distributed to each member. By doing this, it is possible to check whether all the members (keys) of the group are in the verification process, and if the verification result is different with all the members together, some of the members on the spot are illegal You can see that you submitted the correct key.

With reference to FIG. 6, the process which produces | generates and distributes the key which an intermediary (center terminal 10) distributes to each member in this embodiment is demonstrated. Here, as in the first embodiment, a case is assumed in which an intermediary pulls G ₁ and G ₂ together. Step S301 ... Step S305 are the same as Step S101 ... Step S105.
(1) Step S301
The intermediary determines the number n of members of the group. Here, the _{G 1} and _{G 2} since n = 2.
(2) Step S302
Next, n different prime numbers are selected (P1 and P2 respectively). The prime number selected here is desirably larger. The reason is that the difficulty of preventing forgery of the key in this method depends on the difficulty of prime factorization, and in that case, the larger the P corresponding to the prime factor, the more difficult the prime factorization.
(3) Step S303
Next, a product L = (P ₁ −1) × (P ₂ −1) ×... × (P _n −1) obtained by subtracting 1 from each selected prime number is calculated.
(4) Step S304
Next, relatively prime and calculated The L, and satisfies _{K 1 × K 2 × ... ×} K n ≡1modL, _{and, K 1, K 2, ...} , K n are all different, and, _{K i} ≠ 1 Select _n keys K ₁ , K ₂ ,..., K _{n such} that Here, (K ₁ , K ₂ ) is selected. When n is 3 or more, for example, K _{1 to} K _n−1 are selected so that L is mutually prime and K _i ≠ 1 and K _i is completely different, and the last K _n is K under the modulus L. ₁ × K ₂ ×... × K _n-1 is selected so as to be an inverse element.
(5) Step S305
Next, a product Q = P ₁ × P ₂ ×... × P _n of n selected prime numbers is calculated.
(6) Step S306
Finally, a combination of (K _i , Q, n) is distributed to each member G _i via a network or an external storage device. Here, the _{G 1 (K 1, Q,} 2), the _{G 2} to distribute _{(K 2, Q, 2)} .

Next, a third embodiment of the present invention will be described.
7, 8, 9, and 10, in the present embodiment, the key generation process generates more keys than the number of members, and further encrypts the plaintext M to be encrypted with the generated keys. This is different from the first embodiment in that the encrypted ciphertext C is distributed and the ciphertext C distributed from the center in the verification process is operated and decrypted.

Referring to FIG. 7, the center terminal 10 according to the present embodiment includes an input / output device 11, an input / output control unit 12, a storage unit 13, a key generation unit 14, and a prime number generation unit 15. A sentence generation unit 16 is provided. The input / output device 11, the input / output control unit 12, the storage unit 13, the key generation unit 14, and the prime number generation unit 15 are the same as those in the first embodiment. The ciphertext generation unit 16 generates a ciphertext C obtained by encrypting the plaintext M to be encrypted with an extra key. The ciphertext C is distributed to the mobile terminal 20 (G _i ) by the input / output control unit 12 via the input / output device 11.

Referring to FIG. 8, the mobile terminal 20 (G _i ) in the present embodiment includes an input / output device 21, an input / output control unit 22, a storage unit 23, and a calculation unit 24. The difference from the first embodiment is that the random number generator 25 is not provided.

With reference to FIG. 9, a process of generating and distributing a key distributed to each member by the center (center terminal 10) will be described.
(1) Step S401
In the key generation process at the center (center terminal 10), the number n of members of the group is determined.
(2) Step S402
After determining the number of members n, n + 1 different prime numbers are selected.
(3) Step S403
Next, a product L = (P ₁ −1) × (P ₂ −1) ×... × (P _{n + 1} −1) obtained by subtracting 1 from each selected prime number is calculated.
(4) Step S404
Next, select _{n + 1} keys K ₁ , K ₂ ,..., K _{n + 1} that are relatively prime to L and that satisfy K ₁ × K ₂ ×... × K _{n + 1} ≡1 mod L.
(5) Step S405
Next, the product Q≡P ₁ × P ₂ ×... × P _{n + 1} modQ of the selected n + 1 prime numbers is calculated.
(6) Step S406
Next, the plaintext M to be encrypted is determined.
(7) Step S407
Next, a single _{K n + 1} of the generated ^key, to calculate the ^{_{C = M (K n + 1}} ) modQ.
(8) Step S408
Finally, K _i , Q, and C are distributed to the mobile terminal 20 of each member G _i via a network or an external storage device.

Next, a method for verifying whether each member is actually a member of the same group designated by the mediator in the present embodiment will be described with reference to FIG.
(1) Step S501
When members aligned, the mobile terminal 20 of any member G _i, keys of all partial K _1, K 2, _..., a K _n, collected via the infrared communication or the external storage device or the like.
(2) Step S502
Next, M ′ = C ^(K ₁ ×... × ^K _n ⁾ modQ is calculated on the G _i mobile terminal 20.
(3) Step S503
Finally, the calculated result is displayed.

  If all the members have submitted the correct key, meaningful information can be obtained, and each member is a legitimate partner. If anyone submits an incorrect key, C will not be decrypted correctly. In the present embodiment, as in the second embodiment, the center (center terminal 10) may distribute the number n of members to each member.

The features of the present invention are as follows.
(1) It can be confirmed without revealing personal information that the other party is a legitimate person nominated by an intermediary.
(2) Anyone including himself can verify that the other party is a legitimate party designated by the intermediary.
(3) Even when there are a plurality of opponents, it can be confirmed by a single verification process.
(4) It is difficult to forge a key and prevent impersonation.
(5) A public network such as the Internet is not required.
(6) Encryption is possible so that decryption is not possible unless all keys held by a legitimate person designated by the mediator are available.
(7) When P _i (i = 1 to n) is 3 or more different prime numbers, K ₁ × K ₂ ×... × K _n = 1 mod L, K _i ≠ 1, K _i ≠ K _j (1 ≦ j When obtaining a key K _i satisfying ≦ n, i ≠ j), K _{1 to} K _n−1 are selected so that L is mutually prime and K _i ≠ 1, and each K _i is different from each other. _n is selected to be an inverse element of the product K ₁ × K ₂ ×... × K _n−1 under the modulus L. However, L = (P ₁ −1) × (P ₂ −1) ×... × (P _n −1).

FIG. 1 is a schematic diagram of a group member confirmation system. FIG. 2 is a block diagram showing a configuration of a center (intermediary) terminal. FIG. 3 is a block diagram showing the configuration of the member mobile terminal. FIG. 4 is a flowchart showing the key generation process. FIG. 5 is a flowchart showing the verification process. FIG. 6 is a flowchart showing a key generation process when the number of members is notified. FIG. 7 is a block diagram showing another configuration of the center (mediator) terminal. FIG. 8 is a block diagram showing another configuration of the member mobile terminal. FIG. 9 is a flowchart showing another key generation process. FIG. 10 is a flowchart showing another verification process.

Explanation of symbols

10 ... Center (intermediary) terminal 11 ... input-output device 12 ... input-output control unit 13 ... memory unit 14 ... key generating unit 15 ... prime generating unit 16 ... ciphertext generator 20 ... portable terminal (Member _{G i} owned)
DESCRIPTION OF SYMBOLS 21 ... Input / output device 22 ... Input / output control part 23 ... Storage part 24 ... Operation part 25 ... Random number generation part 100 ... Network

Claims (12)

A center terminal that generates different key information for members of the same group, selects the same number of different prime numbers as the number of members, and distributes the generated key information and the product of all the selected prime numbers. When,
A group having a portable terminal that verifies whether or not it is a member of the same group by using a product of key information acquired from the center terminal and other members' portable terminals and a product of prime numbers acquired from the center terminal Member confirmation system. In the group member confirmation system according to claim 1,
The center terminal is a group member confirmation system that notifies the mobile terminal of the number of members. In the group member confirmation system according to claim 1 or 2,
The center terminal is
A key generation unit that generates different key information for members of the same group;
An I / O controller that controls the distribution of the generated key information;
A storage unit for storing the generated key information;
A group member confirmation system comprising a prime number generation unit that generates a prime number used for generation and verification of key information. In the group member confirmation system according to any one of claims 1 to 3,
The portable terminal is
A storage unit for storing key information acquired from the center terminal and the mobile terminals of other members;
A random number generator for generating random numbers used for verification;
A group member confirmation system comprising: an operation unit that performs an operation for verifying membership of the same group based on key information, a product of prime numbers, and a random number. In the group member confirmation system according to claim 3,
The center terminal is
A ciphertext generation unit that generates a ciphertext obtained by encrypting plaintext to be encrypted with extra generated key information;
The portable terminal is
A storage unit for storing key information and ciphertext obtained from the center terminal and other portable terminals;
A group member confirmation system comprising: an operation unit that performs an operation for verifying membership of the same group based on key information, a product of prime numbers, and ciphertext. (A1) the center terminal determines the number n of members of the group and selects _n different prime numbers P _n ;
(A2) calculating a product L = (P ₁ −1) × (P ₂ −1) ×... × (P _n −1) obtained by subtracting 1 from each of the n different prime numbers selected. ,
(A3) The calculated L is relatively prime and satisfies K ₁ × K ₂ ×... × K _n ≡1 mod L, and K ₁ , K ₂ ,..., K _n are all different, and K _i ≠ Selecting n pieces of key information K ₁ , K ₂ ,..., K _n such that 1 (i = 1 to n);
(A4) calculating a product Q = P ₁ × P ₂ ×... × P _n of n selected prime numbers;
(A5) Distributing (K _i , Q) to the mobile terminal of each member G _i of the group. The group member confirmation method according to claim 6,
The step (a3)
(A31) When n is 3 or more, K _{1 to} K _n−1 are selected so that L is mutually prime and K _i ≠ 1 and K _i is all different, and the last K _n is under the modulus L A group member confirmation method comprising the step of selecting so as to be an inverse element of K ₁ × K ₂ ×... × K _n−1 . In the group member confirmation method according to claim 6 or 7,
The step (a5) includes:
(A51) to the portable terminal of the G _i, group member verification method comprising the step of notifying the number of members n. In the group member confirmation method according to any one of claims 6 to 8,
(B1) said in a mobile terminal of _{G i,} key information _K 1 of all members _minute, K _{2, ...,} and the step of collecting the _{K n,}
(B2) a mobile terminal of the _{G i,} and generating a random number R,
(B3) on the mobile terminal of the _{G i,} calculating a ^{_{R'≡R (K 1 × K 2 ×}} ... × K n) modQ,
(B4) Comparing R with the calculated R ′, if R = R ′, all the members G _i gathered are legitimate members who have obtained key information from the center terminal, and if R ≠ R ′, at least one person there is an unauthorized party which is not to get a valid key information from the center terminal, or still group members confirmed that, further comprising the step of determining that it is not equipped with all of the at least gathered members G _i Method. (C1) the center terminal determines the number n of members of the group and selects _{n + 1} different prime numbers P _{n + 1} ;
(C2) calculating a product L = (P ₁ −1) × (P ₂ −1) ×... × (P _{n + 1} −1) obtained by subtracting 1 from each of the selected n + 1 different prime numbers; ,
(C3) selecting n + 1 pieces of key information K ₁ , K ₂ ,..., K _{n + 1} that are relatively prime to the calculated L and satisfy K ₁ × K ₂ ×... × K _{n + 1} ≡1 mod L; ,
(C4) calculating a product Q≡P ₁ × P ₂ ×... × P _{n + 1} modQ of selected n + 1 prime numbers;
(C5) determining a plaintext M to be encrypted;
(C6 ⁾ calculating C = M ^(K _{n + 1} ⁾ modQ with _{one of the} generated key information K _{n + 1} ;
(C7) to the mobile terminal of each member _G i (i = _1~n) group, the group members confirm how and a step of distributing _{K i} and Q, a C. In the group member confirmation method of Claim 10,
(D1) said in a mobile terminal of _{G i,} key information _K 1 of all members _minute, K _{2, ...,} and the step of collecting the _{K n,}
(D2) wherein _{G i} on the mobile _{^{device, M '= C (K 1}} × ... × K n) group members confirm method of and a step further calculating the MODQ.   The program for making a computer perform the group member confirmation method as described in any one of Claims 6 thru | or 11.

Images