JP5489775B2 - Secret key sharing system, method, data processing apparatus, management server, and program - Google Patents

Description

  The present invention relates to a technique in which a plurality of information devices share the same secret key via a network.

  In conventional computer use, companies and individuals, who are users, own and manage computer hardware, software, data, etc. themselves, but in cloud computing that has become popular in recent years, In many cases, a service is received from the other side of the network (such as a data center) to which the device at hand is connected and a service usage fee is paid to the cloud service provider.

  One of the advantages of cloud services is that you can save and retrieve your own data without having to carry a memory medium such as a USB memory as long as you have a network connection environment. Furthermore, since the user does not own the data center equipment and many users use one data center, each user can use the high performance of the data center at low cost.

  Among the cloud services, the service that stores user data on a server on the network is also called an online storage service. In order for users to use this service with peace of mind, there is a server across the network, Users need to be able to trust the form of storing and using their own data. In particular, when a public line called the Internet is used and a server is shared by a plurality of companies, what kind of security measures are taken by the operator operating the cloud is a problem.

  In current online storage, data is sent after the communication path between the device and the server is encrypted using technology such as SSL so that the data of the user flowing on the network is not intercepted by a third party. ing. Also, the server on the network has an encryption key, and encryption is performed when data is stored in the hard disk on the server so that the user's data cannot be seen even if the hard disk is stolen.

JP 2009-55201 A

  However, since the current online storage service described above has an encryption key on the server side, the user data stored on the hard disk can be viewed by using this encryption key.

  In order to reduce the risk of information leakage that occurs when user data is deposited on a server on the network in this way, the encrypted data is transmitted to the server on the user side, and the encryption is performed on the server side. It would be desirable to prevent storage service providers from reading data by not having a key to unlock.

  For this purpose, it is necessary to store and manage a key (secret key) for decrypting data so as not to be stolen or lost. A simple solution is to store the private key only inside one device and not output it at all, thereby limiting the number of devices that can read the data acquired from the server to one. Unable to take advantage of cloud services.

  In other words, one of the advantages of cloud services is that the data is on a server on the network and can be used from any device, so you can read the data while taking advantage of this advantage. In order to limit the devices, it is desirable to limit a plurality of devices that can read data and share a secret key among the plurality of devices.

  In order to share a secret key among a plurality of devices in this way, it has been a conventional method to use a USB memory or the like and pass the secret key through a human hand. Patent Document 1 discloses that information to be transferred is encrypted with a public key of a destination device and stored in the USB memory so that the information inside the USB memory is not misused even if the USB memory is lost in the middle. .

  However, since the great advantage of the cloud service is that it is not necessary to carry a memory medium such as a USB memory, passing the secret key with the USB memory significantly impairs the convenience for the user.

  In view of the above circumstances, the present invention realizes an online storage service that does not have a secret key for decrypting user data on the server side, and this secret key is shared among a plurality of user devices. It is an object of the present invention to provide a technology that enables safe and easy sharing via a network.

  A data processing apparatus according to the present invention receives a communication means for communicating with at least one server via a network, and the encrypted data stored in the server via the communication means, and is unique to the user. A data processing means for decrypting the data using a user secret key, a device key holding means for holding a device secret key and a device public key unique to the device, and the user secret key is stored in the device A request means for transmitting the request message for requesting the user private key held by another device, including the device public key of the own device, and the user secret key in the own device. If held, the device receives a request for the user secret key from another device and sends a response message including the device public key of the device in response to the request, and the device holds Presenting means for presenting device public key confirmation information as first public key information, and presenting device public key confirmation information transmitted from another device as second public key information; The first public key information presented by the own device by the means matches the second public key information presented by the other device, and the second public key information presented by the own device matches the first public key information presented by the other device. On the condition that the public key information matches, the permission means for permitting the sharing of the user secret key, and the user secret key held by the own device for sharing the user secret key, The transmission means for encrypting and transmitting with the device public key transmitted from the device and the information for sharing the user secret key transmitted from the other device are decrypted with the device secret key held by the own device. The user secret key obtained in And a user key storage means for lifting.

  In the data processing apparatus, the transmission means includes means for signing the information for sharing the user private key to be transmitted with a device private key held by the own apparatus, and the user key holding means includes: The signature added to the information for sharing the user private key transmitted from the other device is verified based on the device public key of the other device transmitted as a response to the request message from the other device. It is also possible to include means for

  In the above data processing device, the permission means may provide a response message by the response means on condition that the second public key information presented by the own device matches the first public key information presented by the other device. The transmission is permitted, and the response message transmitted by the response unit includes information transmitted by the transmission unit for sharing the user secret key. The permission unit includes a first public key presented by the own device. The user key holding means may be allowed to hold the user secret key on condition that the information matches the second public key information presented by the other device.

  In the above data processing device, the data processing device further includes a reading unit that reads the first and second public key information presented by the other device, and the permission unit includes the first and second public key information presented by the device, A means for comparing the second and first public key information read by the reading means may be included.

  The secret key sharing system according to the present invention includes at least one server and a plurality of data processing devices communicating with the at least one server via a network, and the plurality of data processing devices are encrypted and stored in the server. Including first and second data processing devices having data processing means for receiving stored data and decrypting the data using a user private key unique to the user, Each of the data processing devices has device key holding means for holding a device secret key and a device public key unique to the device, and the second data processing device holds the user secret key, The first data processing apparatus includes request means for transmitting the request message for requesting the user private key held by another apparatus, including the device public key of the own apparatus, and the first data processing apparatus. The device public key confirmation information held by the data processing device is presented as first public key information, and the device public key confirmation information transmitted from the second data processing device is displayed as the second public key information. Obtained by decrypting the presenting means for presenting as public key information and the information for sharing the user private key transmitted from the second data processing device with the device private key held by the own device User key holding means for holding the user secret key, wherein the second data processing device transmits a response message including the device public key of its own device in a response message to the request message; The device public key confirmation information held by the second data processing device is presented as third public key information, and the device public key confirmation information transmitted from the first data processing device is the fourth public key information. As public key information In order to share the presenting means to present and the user secret key, the user secret key held by the own device is encrypted and transmitted with the device public key transmitted from the first data processing device. Transmission means, provided that the first public key information and the fourth public key information match, and the second public key information and the third public key information match, Share the user private key.

  In the above-described system, the first and second data processing devices are configured such that the same user can receive the public key information presented by the presentation means of both data processing devices, or one of the data processing devices. It is preferable that the public key information presented by the presenting means is connected to the network at a physical distance that can be read by the reading means attached to the other data processing apparatus.

  In the above system, the at least one server includes a management server, and the management server performs authentication based on login requests from the first and second data processing devices, and the authentication fails. Means for rejecting login; and means for transferring the request message to the second data processing apparatus that has been successfully logged in on condition that the first data processing apparatus has been successfully logged in. You may make it prepare.

  The management server according to the present invention includes first and second data processing means for receiving encrypted data stored in the server and decrypting the data using a user private key unique to the user. Authentication is performed based on login requests from the first and second data processing devices and communication means for communicating with the second data processing device via the network, and the login is rejected when the authentication fails. Control means for receiving, a receiving means for receiving a request message for requesting the user private key held by another apparatus from the first data processing apparatus that has been successfully logged in, and a user having successfully logged in, The user to / from the first data processing device by transferring the request message to the second data processing device holding a secret key And a transfer means for enabling executing the transmission for determining and sharing permission sharing Mitsukagi.

  The management server determines success or failure of the login based on success or failure of authentication for the user, and associates the user who has successfully logged in with the data processing apparatus that has transmitted the login request. Means for searching for another data processing device stored in correspondence with the user who has logged in from the first data processing device, and the searched data processing device is the second data processing device; The transfer may be performed as follows.

  The management server further includes means for storing the data processing apparatus in which the user secret key is shared and the device public key of the data processing apparatus in association with each other, wherein the second data processing apparatus The request server further includes means for signing with a device private key held by the device itself, and the management server stores the device information of the second data processing device in which the signature added to the login request is stored. It may be further provided with means for verifying based on the key and rejecting login if the verification fails.

  In the above system, when the first and second data processing devices have successfully logged in, the first and second data processing devices can acquire information for accessing the server storing the data handled by the data processing means from the management server. It may be a thing.

  The secret key sharing method according to the present invention comprises a data processing means for receiving encrypted data stored on a server via a network and decrypting the data using a user secret key unique to the user. In the system including the first and second data processing devices, the first and second data processing devices respectively hold a device secret key and a device public key unique to the device, and the second The data processing device holds the user secret key, and the first data processing device uses the device public key of its own device in a request message for requesting the user secret key held by another device. The second data processing device transmits the response message for the request message including the device public key of the own device, and the first data processing device is held by the own device. Presenting device public key confirmation information as first public key information, presenting device public key confirmation information transmitted from the second data processing device as second public key information, The second data processing device presents device public key confirmation information held by itself as third public key information, and transmits the device public key transmitted from the first data processing device. Confirmation information is presented as fourth public key information, the first public key information and the fourth public key information match, and the second public key information and the third public key information. And the second data processing device allows the user secret key held by the device to be shared for sharing the user secret key. Device disclosure transmitted from the first data processing device The first data processing apparatus encrypts and transmits the information to share the user private key transmitted from the second data processing apparatus. The user secret key obtained by decrypting with is held.

  One program according to the present invention includes data processing means for receiving encrypted data stored in a server via a network and decrypting the data using a user secret key unique to the user. A program for allowing a computer device to share the user secret key, the program code for holding the device secret key and the device public key unique to the device, and the user secret key in the device A program code for causing the request message for requesting the user secret key held by another device to include the device public key of the own device and the user secret key If the request is received by the other device, the request for the user private key is received from the other device, and the device public key of the own device is added to the response message in response to the request. Including the program code for transmission including the device public key confirmation information held by the device as the first public key information, and the device public key confirmation information transmitted from the other device. The program code to be presented as the second public key information matches the first public key information presented by the own device and the second public key information presented by the other device, and the first presented by the own device. 2 on the condition that the public key information of 2 matches the first public key information presented by the other device, and for sharing the user secret key, For sharing the user secret key held by the own device by encrypting the user secret key transmitted from the other device with the device public key and transmitting the user secret key transmitted from the other device Information, the user secret key obtained by decoding by the device secret key the device itself holds, and a program code for causing held in the own device.

  Another program according to the present invention is a program for operating a computer device having communication means for communicating with a plurality of data processing devices via a network as a management server for secret key sharing. Log-in requests from the first and second data processing devices having data processing means for receiving data stored in the server and decrypting the data using a user private key unique to the user , A program code for authenticating based on the log-in request, and a program code for rejecting log-in when the authentication fails, from the first data processing apparatus that has successfully logged in, A program code for receiving a request message for requesting the user private key held by the device, and login The user secret key to and from the first data processing device is transferred by transferring the request message to the second data processing device holding the user secret key. Program code for making it possible to execute permission for sharing and transmission for sharing.

  The above invention makes it possible to share a user secret key between a plurality of devices used by the same user. Among these devices, the user public key of another user is also secure and secure. It is convenient if it can be easily shared.

  For this purpose, the management server stores information including user public keys of a plurality of users, and the user public key of the user specified by the acquisition request in response to the acquisition request from each data processing device. Means for returning the information including the data processing device to the data processing device, and each data processing device stores the data encrypted using the user public key of the user who is permitted to use the data in the server. You may make it have a means to do.

  In addition or alternatively, one of the first and second data processing devices acquires and stores a user public key other than the user of the device itself, and the first and second data processing devices When the other user is the same as the user of the one data processing apparatus, the one data processing apparatus signs the user public key other than the user of the own apparatus with the user secret key of the user of the own apparatus. And the management server stores information transmitted from the one data processing apparatus with a signature, and the other data processing apparatus stores a signature stored in the management server. Means for acquiring the attached information and verifying the signature based on the user public key of the user of the own device, and a user public key other than the user of the own device from the acquired information on condition that the verification is successful Removed, it may be provided with means for storing.

  Note that the inventions of the above-described data processing apparatus, secret key sharing system, management server, secret key sharing method, and program (or a recording medium on which the program is recorded) are all valid as inventions of other categories. It is.

  Moreover, the structure of each invention for sharing a user private key mentioned above can be applied to the invention for sharing a user public key. The user public key is used to encrypt the data before it is stored on the server. For example, if the user public key corresponding to the impersonator's user private key is encrypted, information leakage will occur. Therefore, it is desirable to obtain a genuine user public key safely and easily.

  A data processing apparatus to which the present invention is applied to a user public key uses a communication means for communicating with at least one server via a network and a user public key unique to the user to encrypt the data and encrypt the data. Data processing means for transmitting via the communication means, device key holding means for holding a device private key and device public key unique to the device, and the user disclosure Requesting means for transmitting the request message for requesting the user public key held by another device including the device public key of the own device when the key is not held in the own device; and the user public key Is received in the own device, the response method of receiving the user public key request from another device and transmitting the response message including the device public key of the own device in response to the request. The device public key confirmation information held by the device is presented as first public key information, and the device public key confirmation information transmitted from another device is presented as second public key information. Presenting means, and the first public key information presented by the present apparatus by the presenting means matches the second public key information presented by the other apparatus, and the second public key information presented by the own apparatus, On condition that the first public key information presented by the other device matches, permission means for permitting sharing of the user public key, and the own device holds the user public key for sharing The own device holds information for sharing the user public key transmitted from the other device, and transmission means for encrypting and transmitting the user public key with the device public key transmitted from the other device. User public key obtained by decrypting with the device private key The key can be made and a user key holding means for holding in the own device.

  In the present invention, as an invention for sharing a user secret key, not only a data processing apparatus but also various categories of inventions such as a key sharing system, a key sharing method, a management server, and a program exist. As for the invention for sharing the key, there are various categories of inventions (in which the user secret key is replaced with the user public key).

  As described above, according to the present invention, while realizing an online storage service that does not have a secret key for decrypting the user's data on the server side, the secret key is transferred between a plurality of users' devices. Sharing over a network safely and easily becomes possible.

The figure which shows an example of the whole structure containing the secret key sharing system which concerns on embodiment of this invention The figure which shows an example of the data processing of (a) encryption and (b) decoding for the same user in this system The figure which shows an example of the data processing of (a) encryption and (b) decryption for a plurality of users in this system The figure which shows an example of the internal structure of the apparatus in this system The figure which shows an example of the information preserve | saved in the apparatus public key preservation | save part of FIG. The figure which shows an example of the internal structure of the management server in this system 6A and 6B are diagrams illustrating examples of information stored in (a) a user information storage unit, (b) an active user information storage unit, and (c) a device information storage unit, respectively. The flowchart which shows an example of the login procedure performed between the apparatus and management server in this system The flowchart which shows an example of operation | movement of the apparatus which performs the key exchange procedure following FIG. The sequence diagram which shows an example of the procedure in which the apparatus A and the apparatus B in this system share a user private key via a management server FIG. 10 is a diagram showing an example of detailed processing from confirmation display to approval in FIG. 10 when (a) device B includes a barcode reader and (b) device A includes a barcode reader. The sequence diagram which shows another example of the procedure in which the apparatus A and the apparatus B in this system share a user private key via a management server The figure which shows the example which detailed the process from the confirmation display performed in two steps in FIG. 12 to the case where the apparatus B is provided with a barcode reader. The figure which shows an example of the internal structure of the apparatus in embodiment which shares the user public key of another user The figure which shows an example of the information preserve | saved at the user public key preservation | save part of FIG. The figure which shows an example of the internal structure of the management server in embodiment which shares the user public key of another user The figure which shows an example of the information preserve | saved at the user public key preservation | save part of FIG. The sequence diagram which shows an example of the procedure in which the apparatus C and the apparatus A in this system share the user public key of another user via a management server

  Hereinafter, a secret key sharing system according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a diagram showing an overall configuration including the present system.

  In the example of FIG. 1, for the sake of explanation, the user 1 uses three devices (10 *), that is, the device A (101), the device B (102), and the device C (103), and the user 2 uses the device D ( 111) and two devices (11 *) of device E (112). In an actual system, it is a matter of course that a large number of users can use any number of devices.

  These devices can be connected to the management server 300 and the storage server 400 via the network 200. The present embodiment can be applied to any storage server 400 that handles data in any format such as a file or a message. The management server 300 and the storage server 400 are a server group forming a so-called cloud, and may be a large-scale data center or a single server. The data center here may be at a single point or may be distributed at a plurality of locations (management servers and / or storage servers may be distributed and arranged). The function of the management server 300 and the function of the storage server 400 may be realized by physically separate servers, or may be mounted on the same server.

  The network 200 is typically the Internet in the case of a public cloud, and may be a corporate network in the case of a private cloud. Since the data created by each device is stored in the storage server 400 and the user reads and writes data on the server, the same user has multiple devices, and the data created by one device is used by another device Easy to do. There is an advantage in security if data is not left in the device.

  When each device stores data in the storage server 400 via the network 200, the encrypted data is transmitted to the server. In general encryption, one device has one secret key and encrypts data. However, in this method, when the number of devices increases or decreases, the encryption of data on the server must be changed. It is not efficient to respond to the increase or decrease of equipment. In other words, when the use of the device B is newly started, the data encrypted for the device B must be newly created from the data encrypted for the existing device A.

  Therefore, in this system, in order to reduce the processing on the server when the number of devices of the same user increases or decreases, a plurality of devices held by the same user hold the same user secret key. A method for sharing one user secret key among a plurality of devices will be described later.

  FIG. 2 shows an example of processing when data is stored in the server by one user. The device 10 * of the user 1 encrypts plaintext data by common key encryption using a session key generated at random. Next, the session key is encrypted with the user public key of the user (user 1). The encrypted data and the encrypted session key are sent as a set to the storage server 400. The server saves in this state. In order to decrypt this data, the user private key of user 1 is necessary, but the server does not have this key, so it cannot be decrypted. Therefore, it is possible to deposit data with confidence in a cloud operated by an organization different from the organization to which the device user belongs.

  Next, a decoding method will be described. The device 10 * of the user 1 (which may be a device different from the encrypted device 10 *) acquires the encrypted data and the encrypted session key from the storage server 400. The device 10 * decrypts the encrypted session key with its own user secret key (user 1). Using the session key obtained here, the encrypted data is decrypted by the common key encryption. As a result, plaintext data can be acquired.

  In FIG. 2, the device 10 * of the user 1 has been described as an example. However, the device 11 * of the user 2 can be similarly encrypted and decrypted. In the example of FIG. 2, even if another user (user 2) obtains data stored in the server by one user (user 1), it cannot be read because there is no user private key necessary for decryption. .

  FIG. 3 shows an example of processing when data is to be shared among a plurality of users. The device 10 * of the user 1 encrypts the session key with the user public key of the user 1 (user 1), encrypts the session key with the user public key of the other user (user 2) to be shared, and encrypts both. And stored in the storage server 400. As a result, as shown in FIG. 2, not only the device 10 * of the same user (user 1) can use the data stored in the server, but also the device 11 * of a different user (user 2) can use the same data. That is, the device 11 * decrypts the encrypted session key as shown in FIG. 3 with its own user secret key (user 2), and decrypts the encrypted data using the session key.

  As described above, since the encrypted data stored in the storage server can be decrypted if the user private key is present, the user private key is not stolen when one user private key is shared among a plurality of devices. It is important to do so. In particular, when a user secret key is transmitted via a network and shared, the user secret key transmitted to the device that is spoofed (spoofed) as a legitimate request source or transmitted after being encrypted It is important to eliminate the risk that the key used for decryption will be obtained by others.

  In this system, a device public key unique to each device is used for encrypting the user private key, and a device private key corresponding to each device public key is used for the decryption. Since the device secret key is unique and can be generated inside the device and not permanently output to the outside, the possibility that the key used for decrypting the user secret key will be minimized. Further, in this system, a procedure for preventing impersonation is executed between devices sharing a user secret key. Furthermore, in this system, a server that manages login from each device is provided so that only devices that are authenticated as devices of the same user are designated as devices that share the user secret key.

  FIG. 4 shows an example of the internal configuration of the devices 10 * and 11 * in this system. The device can be configured by a general client computer (a personal computer, a PDA, a smartphone, or the like), and includes a processing unit 510, a storage unit 520, an input unit 530, a display unit 540, and a communication unit 550.

  The processing unit 510 includes a data processing unit 514 that performs the data processing described with reference to FIGS. 2-3 and a key exchange unit 512 that performs the procedures described with reference to FIGS. The storage unit 520 stores a device private key storage unit 522 that stores the device private key of this device, a device that can store the device public key of this device, and can store the device public key of other devices as shown in FIG. A public key storage unit 524; a user private key storage unit 526 for storing the user private key of the user of the device; and a user public key storage unit 528 for storing the user public key of the user of the device. . Communication unit 550 is connected to network 200.

  FIG. 6 shows an internal configuration example of the management server 300 in this system. The management server can be configured by a general server computer, and includes a processing unit 310, a storage unit 320, and a communication unit 340.

  The processing unit 310 includes a user management unit 312 that performs the login procedure described in FIG. 8 and the message transfer and registration processing described in FIGS. 10 and 12. The storage unit 320 includes a user information storage unit 322 for storing user information as illustrated in FIG. 7A and an active user information storage unit for storing active user information as illustrated in FIG. 7B. 324 and a device information storage unit 326 for storing device information as shown in FIG. Communication unit 340 is connected to network 200.

  The user information storage unit 322 stores the user ID and password of a user registered as a user of this system, and is used for authentication of the user who made the login request. In addition, the user public key of the user can be registered, and a user whose user public key is registered can be interpreted as having a user private key in at least one of the devices. .

  The active user information storage unit 324 includes a user ID of a user who has successfully logged in and is logged in or has logged in (not logged out), a device ID of a device that has transmitted the login request, and the login And the session information of the session established by.

  When the user logs out, the information of the user and the requesting device of the logout is deleted from the active user information storage unit 324. However, the device information storage unit 326 stores the set of user ID and device ID thereafter. ing. Furthermore, the device public key of the device can be registered in correspondence with the device ID. When the next login request is sent, the signature verification by the device private key is performed in addition to the password authentication. become able to. In addition, it is possible to operate a device in which a device public key is registered so that it can be interpreted as having already held a user secret key (shared after the second device).

  The functions of the devices and the management server described above may be implemented by installing a software program in a general-purpose computer, or some or all of the functions may be implemented as dedicated hardware.

  In the following, when a single user has a plurality of devices, a method for securely sharing a secret key between the devices will be described with reference to FIGS.

  FIG. 8 is a diagram illustrating an example of a procedure for logging in from the device to the management server. In this example, it is assumed that nothing is stored in the device secret key storage unit 522, the device public key storage unit 524, the user secret key storage unit 526, and the user public key storage unit 528 when the device is initially activated. Of course, the device private key and the device public key may be created and stored at the time of shipment of the device.

  At the start of the login procedure (800), the device checks whether the device private key exists in the device private key storage unit 522 in the device (805). If the device private key exists, a login process (820 and later) is performed.

  If the device private key does not exist, the device generates a device ID (810), creates a device private key and a device public key (815), and stores a device private key storage unit 522 and a device public key storage unit 524, respectively. Save to. A different ID is assigned to each device ID. For example, a UUID defined by RFC4122 (A Universally Unique Identifier (UUID) URN Namespace) can be used.

  Thereafter, the device performs a login process (820). Specifically, the device establishes a session so that communication can be performed with the IP address of the management server registered in advance. The IP address of the management server may be registered in advance, or instead, FQDN (Fully Qualified Domain Names) may be registered in advance, and if it is obtained from the server, It is general purpose. The session may be an encrypted session such as SSL (Secure Socket Layer) or TLS (Transport Layer Security) using TCP, or a user secret key using TCP or UDP. May be encrypted. The latter method can be adopted when the device already holds the user private key of its own user and the management server has already registered the corresponding user public key.

  The device transmits a login request message including a user ID and a password to the management server using the established session. The device ID may be included as additional information in the login request message or information transmitted from the device to the management server.

  The management server authenticates the user ID and password stored in the user information storage unit 322, and registers the user ID, device ID, and session information in the active user information storage unit 324 if the user is a correct user. (880). The session information is information related to the session established as described above, and is, for example, [source IP address, source port number, destination IP address, destination port number]. If password authentication fails, the management server notifies the device of login failure (830).

  As information to be transmitted from the device to the management server, a user ID or a password may be signed using a device secret key. In this case, the management server searches the device information storage unit 326 by the device ID, and can verify the signature using the device public key if it exists (840). If signature verification fails, the management server notifies the device of login failure (845), and does not proceed to registration of active user information (880).

  After successful password authentication, if the verification of the signature is successful, or if the device public key corresponding to the device information storage unit 326 does not exist, the management server sends a login request message to the user information storage unit 322. It is confirmed whether the user public key of the included user ID is registered (850). If the user public key is not registered, a message requesting the user public key is transmitted to the device.

  The device that has received the user public key request message creates a user private key and a user public key, and stores them in the user private key storage unit 526 and the user public key storage unit 528 in the device (855). Then, the device signs the user public key with the user private key and sends it to the management server as a user public key response message (860). Here, the device public key may be included as additional information in the user public key response message or information transmitted from the device to the management server.

  The management server that has received the user public key response message verifies the received signature by using the received user public key, and if the verification is successful, the received user public key is associated with the user ID in the user information storage unit 322. Save (865). The management server further stores the received device public key in the device information storage unit 326 in association with the device ID (870).

  Even when the user public key already exists or when a new request is generated from the device and saved as described above, the management server stores the user ID and device ID in the active user information storage unit 324. The session information is registered (880), and a login success message is sent to the device (885).

  The device that has been notified of the successful login is logged in (900), and then proceeds as shown in FIG. First, it is confirmed whether or not a user secret key exists in the user secret key storage unit 526 of the device (910).

  If the user private key exists, it is assumed that the user has logged in and processing after login is performed (940). As processing after login (until logout), for example, there is data processing described with reference to FIGS. At this time, the device has information for accessing the storage server from the management server (for example, information specifying which storage server stores data to be processed by the device when there are a plurality of storage servers). May be obtained. If it is in a logged-in state, it is possible to execute processing using the user private key or user public key.

  If the user secret key does not exist, the user secret key exchange procedure is started (920), and the user secret key is acquired from the device having the user secret key. The details of this replacement procedure are shown in 1015 to 1070 in FIG. 10 or 1215 to 1275 in FIG. 12, as will be described later.

  Upon acquiring the user private key and the user public key, the device stores the user private key in the user private key storage unit 526, stores the user public key in the user public key storage unit 528 (930), and is logged in. (940).

  FIG. 10 shows an example of a procedure in which the device A and the device B share the user secret key. In this example, sharing of the user secret key is permitted by performing one-time approval in a device that holds the user secret key in advance. Device A and device B are the property of the same user (here, user 1). In FIG. 10, a solid line arrow indicates message exchange between the device A and the management server, and a dotted line arrow indicates message exchange between the device B and the management server.

  In the example of FIG. 10, the device B has the secret key of the user 1 in advance, but the device A is not. Therefore, a procedure for registering the secret key of the user 1 held by the device B in the device A safely and reliably (a procedure for performing initial registration for the device A) is executed. This is a procedure (920 and 930 in FIG. 9) that is executed until the device A is first logged in and can use the storage server. From the next time, the device A is already assigned to the user 1 as well. Since the private key is held, as in the case of the device B, it is possible to shift from being logged in (900) to the state of being logged in directly (940).

  First, the device B performs the login procedure of FIG. 8 to the management server and logs in as the user 1 (1005). The device B creates and stores the user private key and the user public key in the current login procedure or the previous login procedure (855), and the user public key of the user 1 is the user information storage unit 322 of the management server. (865), and the device public key of device B is stored in the device information storage unit 326 of the management server (870).

  Of course, before that, the device C of the user 1 creates and stores the user private key and the user public key in the login procedure, and performs a procedure similar to the procedure between the devices AB described below. As a result of sharing between the devices B and C, the device B may hold the user secret key and the user public key as a result of sharing.

  In any case, the device B stores the information as an active user in the active user information storage unit 324 in this login procedure (880), becomes logged in (900), and a user secret key exists in the device B. (910), it is already logged in (940).

  Next, the device A performs the login procedure of FIG. 8 to the management server and logs in as the user 1 (1010). In the device A, the user public key of the user 1 is already registered in the user information storage unit 322 of the management server, so that the device public key of the device A is not registered in the device information storage unit 326 of the management server ( From 850 to 880, the information on the device A as an active user is stored in the active user information storage unit 324.

  The device A that has been logged in (900) does not have a user secret key in the device A (910), and thus starts a user secret key exchange procedure as follows (920).

  In addition, although the example which logs in in order of the apparatus B and the apparatus A was demonstrated here, conversely, the apparatus A which does not have a user private key logs in first, and the apparatus B which has a user private key Even if the user logs in later (the login of the device B is the second and subsequent logins), the resulting state is the same, and the subsequent steps in FIG. 10 can be executed in the same manner. As will be described later, the user 1 can physically place both the device A and the device B at hand and share the user secret key. It does not matter. Even when the devices A and B are physically placed close to each other, information (including the user secret key) between them is transmitted and received via the network.

  As shown in FIG. 10, when the device A does not have a user secret key, a user secret key acquisition request message is sent to the management server (1015). The device public key of device A is included in this user private key acquisition request message.

  The management server refers to the active user information (FIG. 7 (b)), refers to the session information for all devices logged in with the same user ID (here, device B), and from the device A, The received user private key acquisition request message is transferred (1025).

  In addition to active user information, refer to device information (FIG. 7C) and select a device whose device public key is registered in the management server from all devices logged in with the same user ID. Then, the user secret key acquisition request message may be transferred to the selected device (it is assumed that the device already holds the user secret key). Thereafter, the device public key of the device A included in the user private key acquisition request message is stored in the device information storage unit 326 of the management server (1020). However, if the approval (1050) in the following procedure is not made, the user private key is not shared with the device A, so the device public key of the device A stored in the management server may be deleted.

  The device B that has received the user secret key acquisition request message is in a state where it can execute the user secret key exchange procedure (the user 1 who has the device B at hand may input an instruction, or the device B May be determined as set in advance), a user private key acquisition response message is returned to the management server (1030). The user private key acquisition response message includes the device public key of device B, the device ID of device B as the transmission source device ID, and the device ID of device A as the destination device ID.

  The management server that has received the user secret key acquisition response message searches the active user information storage unit 324 for an entry of the device ID that matches the destination device ID in the user secret key acquisition response message, and obtains session information of the entry. The user private key acquisition response message is transferred to the device A (1035).

  In this example, the acquisition response message is returned from the device B to the device A via the management server, but may be transmitted directly from the device B to the device A. When returning directly to the request source, by including the IP address of the device A in the user private key acquisition request message transmitted to the device B, it is possible to know where the device B should transmit the acquisition response message. Like that.

  Thereafter, the device B has the public key information of the device A (the device public key included in the user private key acquisition request message) and the public key information of the device B (the own device stored in the device public key storage unit 524). Public key) is displayed (1045). In addition, the device A has the public key information of the device A (its own device public key stored in the device public key storage unit 524) and the public key information of the device B (the device public key included in the user private key acquisition response message). Key) is displayed (1040).

  The device public key information is information for confirming the device public key, and may be the device public key data itself, data obtained by subjecting the device public key to a hash function, or other conversions to the device public key. The applied data may be used. The public key information may be displayed as a fingerprint of the device public key or as numerical information that can be confirmed by a human. This display can be performed in the form of images, videos, character strings, voices, etc. that are easy for the confirmer to recognize so that humans can check whether the two devices are consistent with each other. Good. More specifically, a display such as a two-dimensional barcode may be used.

  In addition, according to the required security level, two or more modes of simple setting and advanced setting are provided. In the advanced setting, the fingerprint is fully converted into a character string and displayed, while in the simple setting, a short character string is displayed. Or the like may be displayed.

  The operator (user 1) who has the device A and the device B at hand checks whether or not the displayed information is the same, and if so, instructs the device B to approve. Input (1050). If they are not the same, there is a risk that a malicious device on the network between device A and device B will acquire or misrepresent a user private key to be transmitted thereafter. Cancel. This check can be easily performed if the device A and the device B are physically located close to each other, but it is only necessary that the user can check the display of both devices. A reader which will be described later may be placed so as to read the display of the counterpart device.

  When the device A receives the user private key acquisition response message, the device A stores the device ID and device public key of the device B in the device public key storage unit 524. When the device B receives the user private key acquisition request message, the device B stores the device ID and the device public key of the device A in the device public key storage unit 524. However, if the approval instruction is not input to the device B as described above, the device ID ID and the device public key are deleted.

  The confirmation display (1040, 1045) and approval (1050) of the public key information includes the two-dimensional barcode of the public key information displayed on the device A by the camera of the device B, as illustrated in FIG. It may be performed by reading (1047). In this case, the device A displays the public key information so that the camera can read it, but the device B displays the two-dimensional barcode read from the device A and the two-dimensional barcode of the public key information in the device B. Can be compared within the device B without the human eye, the device B displays only the comparison result (match / mismatch) and prompts the operator to approve / deny. Alternatively, if they match, the process may be automated up to approval (1050).

  When the device A has a camera, as illustrated in FIG. 11B, the device A reads the two-dimensional barcode of the public key information displayed on the device B (1042), and reads the reading. Whether the result and the public key information possessed by device A are the same is displayed (1048). The operator who sees the same indication inputs an approval instruction to the device B. Alternatively, instead of displaying the same, a notification that they are the same may be sent from the device A to the device B by wireless communication such as infrared communication, and the device B may input a display and approval instruction. Then, the approval in the device B that has received the notification may be automated.

  Thereafter, the device B transmits the user secret key (1060). In this user secret key transmission message, the device ID of device A is entered as the destination device ID. In addition, the device ID of the device B is entered as the transmission source device ID, and the transmission source device ID, the user private key of the user 1 and the user public key are signed with the device private key of the device B, and signed. Is encrypted with the device public key of device A. The order of encryption and signature may be reversed, and the signature may be obtained after encryption. The user secret key transmission message created in this way is transmitted from the device B to the management server.

  The management server that has received the user private key transmission message searches the active user information storage unit 324 for an entry of the device ID that matches the destination device ID in the user private key transmission message, and uses the session information of that entry. Then, the user private key transmission message is transferred to the device A (1065).

  In this example, the user secret key transmission message is transmitted from the device B to the device A via the management server, but may be transmitted directly from the device B to the device A. Where the device B should transmit the user secret key transmission message can be taught by including the IP address of the device A in the user secret key acquisition request message transmitted to the device B.

  The device A that has received the user private key transmission message decrypts it with the device private key of the device A. Further, the device A searches the device public key storage unit 524 for the device ID entry that matches the transmission source device ID included in the decryption result, and verifies the signature using the device public key of the entry. If the signature is confirmed, the user private key and the user public key included in the decryption result are stored in the user private key storage unit 526 and the user public key storage unit 528, respectively (1070).

  FIG. 12 shows another example of a procedure for sharing the user secret key between the device A and the device B of the user 1. In this example, sharing of the user private key is permitted by performing approval (both approvals in total) by both the device that holds the user private key in advance and the device that requests to send the user private key. The In the following, description of parts similar to those in FIG. 10 will be omitted, and description will be made centering on parts unique to FIG.

  First, the user 1 logs in to the management server from the device B on the one hand (1205), and performs the login procedure from the device A on the other hand (1210), and both devices log in.

  If the device A does not have the user secret key, the device A sends a user secret key acquisition request message to the management server (1215). This user private key acquisition request message also includes the device public key of device A.

  The management server refers to the active user information, refers to the session information for all devices logged in with the same user ID, or a device selected from the devices (here, device B), and The user private key acquisition request message received from A is transferred (1225).

  After that, the device A performs confirmation display of the public key information of the device A (its own device public key stored in the device public key storage unit 524) (1230). The device B also performs confirmation display of the public key information of the device A (the device public key included in the user private key acquisition request message) (1235). In the public key confirmation display, there can be various display methods as in the case of one approval.

  The public key information of the device A displayed on the device A is compared with the public key information of the device A displayed on the device B. If they are the same, the device B performs the first approval (1240). The approval method may be various approval methods such as approval using a two-dimensional barcode, as in the case of one approval. FIG. 13 shows an example of a case where the device B has a camera for reading a two-dimensional barcode. However, it is obvious to those skilled in the art that the device A can be modified and implemented even when the device A has a camera. .

  After the first approval, the device B stores the device ID and the device public key of the device A in the device public key storage unit 524, and transmits the user secret key (1250). In this user secret key transmission message, the device ID of device A is entered as the destination device ID. Further, the device ID of the device B is entered as the transmission source device ID, and the transmission source device ID, the device public key of the device B, the user secret key of the user 1 and the user public key are the device secret key of the device B. The signed one is encrypted with the device public key of device A. The order of encryption and signature may be reversed, and the signature may be obtained after encryption. The user secret key transmission message created in this way is transmitted from the device B to the management server.

  The management server that has received the user private key transmission message searches the active user information storage unit 324 in accordance with the destination device ID in the user private key transmission message, and transfers the user private key transmission message to device A (1255). It is the same as in the case of one approval that the data may be transmitted directly from the device B to the device A instead of being transferred via the management server.

  In parallel, the device B performs confirmation display of the public key information of the device B (its own device public key stored in the device public key storage unit 524) (1265).

  When the device A receives the user private key transmission message, the device A decrypts the information included in the message with the device private key of the device A, and verifies the signature using the device public key of the device B included in the decryption result. When the signature is confirmed, confirmation display of the public key information of the device B (device public key included in the user private key transmission message) is performed (1260).

  The device A compares the public key information of the device B displayed on the device B with the public key information of the device B displayed on the device A, and if they are the same, performs the second approval (1270). . The example using the two-dimensional barcode reader of FIG. 13 shows a method of performing the second approval in addition to the first approval.

  After the second approval, the device A stores the device ID and the device public key of the device B in the device public key storage unit 524, and the user secret key and the user public key included in the decryption result are stored in the user secret key storage unit. It is stored in 526 and the user public key storage unit 528 (1275).

  By the above procedure, the user secret key and the user public key can be safely passed from the device B to the device A.

  In the following, with reference to FIGS. 14 to 18, a certain user takes the user public key of another user into one of the devices used by the user, and the acquired user public key is himself (identical). The procedure for copying to all other devices will be described.

  The example of the internal configuration of the device shown in FIG. 14 is the same as that in FIG. 4. However, the key exchange unit 512 performs the procedure described in FIG. 18, and the user public key storage unit 529 is configured as shown in FIG. The difference is that not only the user public key of the user of this device but also the user public key of another user is stored.

  Also, the internal configuration example of the management server shown in FIG. 16 is the same as that in FIG. 6, but the user management unit 312 performs the procedure described in FIG. 18 and a user public key storage unit 328 is newly provided. Is different.

  The user public key storage unit 328 of the management server 300 stores information as shown in FIG. In the example of FIG. 17, the user 1 has user public keys of users 2 and 3 who are other users, and the user 2 has a user public key of user 1 which is another user. The user public key information of another user possessed by a certain user may be the user public key of the other user itself, or may be signed with the user private key of the user who is the owner. That is, taking the user public key of user 2 owned by user 1 as an example, the user public key of user 2 signed with the user private key of user 1 is stored in user public key storage unit 328.

  FIG. 18 shows an example of a procedure in which the user C's device C and device A share the user public key of another user (user 2) via the management server. It is assumed that at least device C and device A are in a state after login to the management server in accordance with FIGS.

  First, the user public key of the user 2 is copied from the device D of the user 2 to the device C of the user 1 (1810). The method of storing the user public key of the user 2 in the device C of the user 1 may be a method of reading the user public key using a two-dimensional barcode. The device C registers the user public key of the user 2 in the user public key storage unit 529 together with the user ID of the user 2 (1820).

  Next, the device C signs the user public key of the user 2 with the user secret key of the user 1 stored in the user secret key storage unit 526 (1830). This information and the user ID of the user 2 are transmitted to the management server as a user public key registration request message (1840).

  The management server stores the user ID of the logged-in user (user 1) in the user public key storage unit 328 as the user ID. Then, “user ID (user 2)” included in the received user public key registration request message is stored as the counterpart user ID. Further, the “user public key of user 2 signed with the user private key of user 1” included in the received user public key registration request message is stored as user public key information (1850).

  If the user A's device A wants to use another user's user public key, it sends a user public key acquisition request message including the user ID of the desired user (user 2) to the management server (1860). The timing at which the device A transmits this acquisition request message may be sent periodically or at the time of login. Alternatively, when the management server stores the user public key as described above, the management server notifies the logged-in device of the same user other than the device that sent the user public key registration request. The device may return an acquisition request message.

  The management server that has received the user public key acquisition request message from device A returns a user public key acquisition response message to device A (1870). The management server uses the user public key stored in the user public key storage unit 328 as the user ID (user ID of the user using the device that has transmitted the user public key acquisition request message-user 1) and the other user ID ( The user public key information (the user public key of user 2 signed with the private key of user 1) is retrieved by searching with user ID-user 2) included in the user public key acquisition request message. In the user public key acquisition response message, the partner user ID and the extracted user public key information are entered.

  The device A that has received the user public key acquisition response message verifies the signature of the user public key information in the message using the user public key stored in the user public key storage unit 529 (user 1). (1880). If the signature is confirmed, the other party user ID (user 2) in the user public key acquisition response message and the user public key of user 2 whose signature has been removed are stored in the user public key storage unit 529 (1890).

  By the above procedure, the user public key of another user can be safely and easily stored in all devices used by the user (same user).

The embodiment of the present invention has been described above, but it is needless to say that the above-described embodiment can be variously modified and applied by those skilled in the art within the scope of the present invention.

Claims (17)

A communication means for communicating with at least one server via a network;
Data processing means for receiving encrypted data stored on the server via the communication means and decrypting the data using a user private key unique to the user;
Device key holding means for holding a device private key and device public key unique to the device;
When the user secret key is not held in the own device, a request means for sending the request message for requesting the user secret key held by another device including the device public key of the own device;
When the user private key is held in the own device, a response for receiving the request for the user secret key from another device and transmitting the response message including the device public key of the own device in response to the request Means,
Presentation that presents device public key confirmation information held by its own device as first public key information, and presents device public key confirmation information transmitted from another device as second public key information Means,
The first public key information presented by the own device by the presenting means matches the second public key information presented by the other device, and the second public key information presented by the own device and the other device presented Permission means for permitting sharing of the user private key on condition that the first public key information matches;
Transmitting means for encrypting and transmitting the user secret key held by its own device with a device public key transmitted from another device for sharing the user secret key;
User key holding for holding the user secret key obtained by decrypting the information for sharing the user secret key transmitted from another device with the device secret key held by the device. A data processing apparatus comprising: means. The transmitting means includes means for signing information for sharing the user private key to be transmitted with a device private key held by the own device,
The user key holding means sends a signature added to the information for sharing the user private key transmitted from another device to the other device transmitted from the other device as a response to the request message. The data processing apparatus according to claim 1, further comprising means for verifying based on the device public key. The permission means permits the transmission of the response message by the response means on the condition that the second public key information presented by the own device matches the first public key information presented by the other device,
The response message transmitted by the response unit includes information transmitted by the transmission unit for sharing the user secret key,
The permission unit permits the user key holding unit to hold the user secret key on condition that the first public key information presented by the own device matches the second public key information presented by the other device. The data processing apparatus according to claim 1, wherein the data processing apparatus is a device. It further comprises reading means for reading the first and second public key information presented by the other device,
The permission means includes means for comparing the first and second public key information presented by the own device with the second and first public key information read by the reading means, respectively. The data processing apparatus according to any one of claims 1 to 3. At least one server;
A secret key sharing system comprising a plurality of data processing devices communicating with the at least one server via a network,
The plurality of data processing devices include first and second data processing means for receiving encrypted data stored in a server and decrypting the data using a user secret key unique to the user. 2 data processing devices,
Each of the first and second data processing devices has device key holding means for holding a device secret key and a device public key unique to the device,
The second data processing apparatus holds the user secret key;
The first data processing device includes:
Request means for transmitting the request message for requesting the user private key held by another device, including the device public key of the own device,
The device public key confirmation information held by the first data processing device is presented as first public key information, and the device public key confirmation information transmitted from the second data processing device is displayed. Presenting means for presenting as second public key information;
User key for holding the user secret key obtained by decrypting the information for sharing the user secret key transmitted from the second data processing device with the device secret key held by the own device Holding means,
The second data processing device includes:
Response means for transmitting a response message for the request message including the device public key of the device itself;
The device public key confirmation information held by the second data processing device is presented as third public key information, and the device public key confirmation information transmitted from the first data processing device is displayed. Presenting means for presenting as fourth public key information;
Transmission means for encrypting and transmitting the user secret key held by the own device with the device public key transmitted from the first data processing device for sharing the user secret key;
Sharing the user private key on condition that the first public key information and the fourth public key information match and that the second public key information and the third public key information match A secret key sharing system characterized by allowing   The first and second data processing devices are presented by the physical distance at which the same user can receive public key information presented by the presentation means of both data processing devices, or by the presentation means of one data processing device. 6. The secret key sharing system according to claim 5, wherein the public key information is connected to the network at a physical distance that can be read by a reading means attached to the other data processing apparatus. . The at least one server includes a management server;
The management server
Means for performing authentication based on login requests from the first and second data processing devices, and rejecting login when the authentication fails;
And a means for transferring the request message to the second data processing apparatus that has been successfully logged in on condition that the first data processing apparatus has been successfully logged in. Item 7. The secret key sharing system according to Item 5 or 6. The management server
Determining the success or failure of the login based on the success or failure of authentication for the user;
Means further comprising means for storing the user who has successfully logged in and the data processing apparatus that has transmitted the login request in correspondence;
A search is made for another data processing device stored corresponding to the user who has logged in from the first data processing device, and the transfer is performed using the searched data processing device as the second data processing device. The secret key sharing system according to claim 7, wherein the secret key sharing system is provided. The second data processing device includes:
Means for signing the login request with a device private key held by the device;
The management server
Means for associating and storing the data processing apparatus in which the user secret key is shared and the device public key of the data processing apparatus;
And further comprising: means for verifying the signature added to the login request based on the stored device public key of the second data processing apparatus, and rejecting the login if the verification fails. The secret key sharing system according to claim 7 or 8.   The first and second data processing devices can acquire information for accessing the server storing the data handled by the data processing means from the management server when the login is successful. The secret key sharing system according to claim 7, wherein the secret key sharing system is any one of claims 7 to 9. The management server
Means for storing information including a user public key of each of a plurality of users;
Means for returning information including the user public key of the user specified by the acquisition request to the data processing device in response to the acquisition request from each data processing device;
Each of the data processing devices
The secret key sharing according to any one of claims 7 to 10, further comprising means for causing a server to store the data encrypted using a user public key of a user who is permitted to use the data. system. One of the first and second data processing devices acquires and stores a user public key other than the user of the device itself,
The other user of the first and second data processing devices is the same as the user of the one data processing device,
The one data processing device is
Means for signing and transmitting a user public key other than the user of the own device with the user private key of the user of the own device;
The management server
The information transmitted from the one data processing device is stored with a signature,
The other data processing device is
Means for acquiring information with a signature stored in the management server and verifying the signature based on a user public key of a user of the device;
The apparatus according to any one of claims 7 to 11, further comprising: a unit that extracts and stores a user public key other than the user of the device itself from the acquired information on the condition that the verification is successful. Private key sharing system. For the first and second data processing devices having data processing means for receiving encrypted data stored on the server and decrypting the data using a user private key unique to the user, A communication means for communicating via a network;
Control means for performing authentication based on login requests from the first and second data processing devices, and rejecting login when authentication fails;
Receiving means for receiving a request message for requesting the user secret key held by another device from the first data processing device that has been successfully logged in;
By transferring the request message to the second data processing apparatus that has successfully logged in and holds the user private key, the user with the first data processing apparatus A management server comprising: transfer means for enabling determination of whether or not to share a secret key and performing transmission for sharing. First and second data processing devices having data processing means for receiving encrypted data stored in a server via a network and decrypting the data using a user private key unique to the user A secret key sharing method in a system including:
Each of the first and second data processing devices holds a device secret key and a device public key that are unique to the device,
The second data processing apparatus holds the user secret key;
The first data processing apparatus transmits a request message for requesting the user private key held by another apparatus, including the device public key of the own apparatus,
The second data processing device transmits a response message to the request message including the device public key of its own device,
The first data processing device presents device public key confirmation information held by itself as first public key information, and the device public key transmitted from the second data processing device. Present confirmation information as second public key information,
The second data processing device presents device public key confirmation information held by itself as third public key information, and transmits the device public key transmitted from the first data processing device. Present confirmation information as fourth public key information,
Sharing the user private key on condition that the first public key information and the fourth public key information match and that the second public key information and the third public key information match Allow
The second data processing device encrypts the user private key held by the second data processing device with the device public key transmitted from the first data processing device in order to share the user private key. Send
The first data processing device is obtained by decrypting the information for sharing the user secret key transmitted from the second data processing device with the device secret key held by the device. A secret key sharing method characterized by holding a user secret key. The encrypted data stored on the server is received via the network, and the computer device having data processing means for decrypting the data using the user private key unique to the user is provided with the user private key A program that allows sharing,
A program code for holding the device private key and device public key unique to the device;
A program code for causing the request message for requesting the user secret key held by another device to include the device public key of the own device when the user secret key is not held in the own device; ,
When the user secret key is held in the own device, the request for the user secret key from another device is received, and a response message in response to the request is transmitted including the device public key of the own device. Program code,
In order to cause the device public key confirmation information held by the own device to be presented as the first public key information, and the device public key confirmation information transmitted from the other device to be presented as the second public key information. Program code,
The first public key information presented by the own device matches the second public key information presented by the other device, and the second public key information presented by the own device and the first public key presented by the other device. Program code for permitting sharing of the user secret key, provided that the key information matches,
For sharing the user secret key, a program code for transmitting the user secret key held by the own device by encrypting it with a device public key transmitted from another device;
Program for holding the user secret key obtained by decrypting the information for sharing the user secret key transmitted from another device with the device secret key held by the own device in the own device A program characterized by comprising code. A program for operating a computer device having communication means for communicating with a plurality of data processing devices via a network as a management server for secret key sharing,
Login from first and second data processing devices having data processing means for receiving encrypted data stored on the server and decrypting the data using a user private key unique to the user Program code for receiving the request,
Authenticates based on the login request, and a program code for rejecting login when authentication fails;
Program code for receiving a request message for requesting the user secret key held by another device from the first data processing device that has been successfully logged in;
By transferring the request message to the second data processing apparatus that has successfully logged in and holds the user private key, the user with the first data processing apparatus And a program code for enabling determination of whether or not to share a secret key and enabling transmission for sharing. A communication means for communicating with at least one server via a network;
Data processing means for encrypting the data using a user public key unique to the user and transmitting the encrypted data on the server so that the encrypted data is stored in the server;
Device key holding means for holding a device private key and device public key unique to the device;
When the user public key is not held in the own device, a request means for transmitting the request message for requesting the user public key held by another device including the device public key of the own device;
When the user public key is held in the own device, a response for receiving the user public key request from another device and transmitting the response message including the device public key of the own device in response to the request Means,
Presentation that presents device public key confirmation information held by its own device as first public key information, and presents device public key confirmation information transmitted from another device as second public key information Means,
The first public key information presented by the own device by the presenting means matches the second public key information presented by the other device, and the second public key information presented by the own device and the other device presented Permission means for permitting sharing of the user public key on condition that the first public key information matches;
Transmitting means for encrypting and transmitting the user public key held by its own device with a device public key transmitted from another device for sharing the user public key;
User key holding for holding the user public key obtained by decrypting the information for sharing the user public key transmitted from another device with the device private key held by the device. A data processing apparatus comprising: means.