JP6919355B2 - Information processing equipment, information processing system, key management method - Google Patents

Description

The present invention relates to an information processing device, an information processing system, and a key management method.

SSL (Secure Socket Layer) / TLS (Transport Layer Security) is known as a typical cryptographic communication protocol. SSL / TLS is a protocol that can not only ensure the confidentiality and authenticity of data, but also authenticate the communication partner.

In a system consisting of a general client and server, in order to perform encrypted communication by SSL / TLS, it is necessary to have a digital certificate issued by a certificate authority (hereinafter referred to as CA) and incorporate it into the server. There is. Among the digital certificates issued by CA, the digital certificate for certifying the server is called a server certificate.

When establishing a session by SSL / TLS, the client accessing the server first obtains the server certificate from the server. The client uses the server's public key included in the server certificate to encrypt the data and sends this encrypted data to the server. The server receives the encrypted data, decrypts it with the private key stored in its own machine, and returns it to the original data.

In the case of a public key cryptosystem that encrypts and decrypts data using a public key and a private key, it is necessary to perform complicated calculations, which increases the processing load. From this, in SSL / TLS communication, the server and the client create a common key shared between them in the sequence for establishing communication, and finally use the common key to reduce the value. Perform encrypted communication under load.

The client is pre-installed with the certificate vendor's root certificate. The root certificate is a self-signed certificate issued to itself by the root CA, which is the highest certificate authority, in order to prove itself.

The client needs to verify whether the server certificate is legitimate before establishing SSL / TLS encrypted communication with the server. To perform this verification, the client verifies the server certificate using the pre-installed root certificate. Only if the verification result of the server certificate is conforming, the client continues the sequence for establishing the SSL / TLS encrypted communication. These series of processes are carried out without the user being aware of it.

In order to have an external CA such as a certificate vendor issue a server certificate, it is necessary to pay a predetermined cost to the certificate vendor. That is, issuing a server certificate is costly. For this reason, in the case of embedded devices, if the user who uses the embedded device wants to perform SSL / TLS encrypted communication without pre-installation before shipment, he / she can contact the certificate vendor as necessary. Perform the procedure for issuing a digital certificate and introduce it.

In order to reduce the cost of issuing the server certificate, the embedded device itself may self-sign and issue the server certificate by itself. In this case, since the embedded device is not configured to be certified by a third-party CA, the reliability of the authentication is lowered. However, since SSL / TLS encrypted communication can be used, confidentiality and authenticity are guaranteed. As a method of ensuring confidentiality and authenticity while reducing the cost of issuing a server certificate, the method of issuing a server certificate by itself is often used.

However, in recent years, not only confidentiality and authenticity, but also authentication has become more important. Some clients that receive a self-signed server certificate display a prominent warning screen to alert the user. When this warning screen is displayed, an unfamiliar user cannot determine whether to proceed with the process as it is. For this reason, it is becoming difficult for embedded devices to self-sign themselves.

From the above, as a security concept, it is becoming mainstream to authenticate embedded devices by using a server certificate signed by CA instead of a self-signed certificate.

There are two ways to handle a CA-signed server certificate. One is a method of using a public CA, and the other is a method of using a private CA. The method of using public CA is a mechanism for performing SSL / TLS encrypted communication by using a server certificate issued by an external certificate vendor. The method of using a private CA is a mechanism in which a CA is provided in a specific organization and the CA issues a server certificate that is valid within the organization. Private CAs can be freely set up by users within the organization and there is no cost to pay to certificate vendors.

It is expected that the use of private CAs will increase in embedded devices in the future. However, if there is no administrator in the organization who understands the mechanism of digital certificates and encryption, or if the business content is not taken over when the administrator retires or is transferred, it is not possible to operate a private CA. It will be difficult.

In addition, private CA software and key information may be lost due to an organization move or layout change.

According to Patent Document 1, when the digital certificate introduced in the embedded device becomes unusable due to the replacement of the non-volatile memory or the like, the digital certificate for recovery is used for encrypted communication with an external CA. Is disclosed. Further, Patent Document 1 discloses a technique in which an external CA restores a digital certificate or the like by transmitting a private key, a key pair of a public key, and a certificate to an embedded device and storing the certificate. ..

Patent Document 1 discloses such a technique, but discloses a recovery method when a device cannot use a certificate on the premise of using an external public CA. Further, in Patent Document 1, since the certificate vendor guarantees the loss of the root CA key, it is naturally assumed that the user side does not lose the root CA key. Therefore, Patent Document 1 does not solve the case where the root CA key is lost.

An object of the present invention is to make the key information recoverable when the key information is lost.

In order to solve the above problems, one aspect of the present invention is an information processing device belonging to a system including a plurality of information processing devices that encrypt and communicate data, and is a public key for performing encrypted communication. A private key that constitutes a key pair with the data, and is a signature key of the certification authority for issuing a digital certificate at a certification authority that issues a digital certificate included in any of a plurality of information processing devices belonging to the system. The key information is divided into a plurality of pieces by a secret sharing method to create secret sharing data, and the secret sharing data created by the creation unit is distributed to an information processing device belonging to the system. When the number of information processing devices belonging to the system is changed because the information processing device including the unit and the authentication authority that belonged to the system no longer belongs to the system, the key information is changed after the change. The information processing device belonging to the system is divided into a number according to the number of information processing devices, a recreating unit that newly creates secret sharing data, and the secret sharing data newly created by the recreating unit. and redistribution unit to be newly distributed, if the number of the information processing apparatus is changed to have a an acquiring unit for acquiring secret sharing data distributed to the information processing apparatus belonging to the system, respectively, wherein the re When the number of information processing devices belonging to the system is changed because the information processing device including the authentication authority that belonged to the system no longer belongs to the system, the creating unit owns the restored key information. The secret distribution data is stored in the storage unit of the machine, the authentication authority is newly provided in the own machine, the key information is restored from the secret distribution data acquired by the acquisition unit, and the secret distribution data is stored from the restored key information. The feature is to create a new one .

According to the present invention, even if the key information is lost, the key information can be restored.

It is a figure which shows the configuration example of the information processing system of an embodiment. It is a figure which shows the hardware configuration example of the image processing apparatus of embodiment. It is a figure which shows the storage state of the data of the information processing system of embodiment. It is a figure explaining the secret sharing of an embodiment. It is a block diagram of the image processing apparatus of an embodiment. It is a flowchart which shows the whole operation example at the time of setting the root CA of an embodiment. It is a figure which shows the screen example which makes it select whether to provide the root CA in the image processing apparatus operated by an administrator. It is a figure which shows the screen example which specifies the administrator contact of embodiment. It is a sequence diagram which shows the operation example at the time of making an IP address list of an embodiment. It is a sequence diagram which shows the operation example at the time of creating a digital certificate and secret sharing data of an embodiment. It is a sequence diagram which shows the detection example of whether the configuration of an image processing apparatus was changed, and the operation example at the time of redistributing an IP address list of an embodiment. It is a figure which shows the display example at the time of changing the apparatus configuration of an embodiment. It is a figure which shows the display example at the time of separating and reconstructing an information processing apparatus of an embodiment. It is a sequence diagram which shows the operation example when the non-CA information processing apparatus is separated from the information processing system and reconstructed in the embodiment. It is a sequence diagram which shows the operation example at the time of separating the information processing apparatus which has a root CA from the information processing system, and reconstructing it of Embodiment.

Hereinafter, aspects of the information processing device, the information processing system, and the key management method of the present embodiment will be described. In the present embodiment, as one aspect of the information processing apparatus, a copy, a printer, a scanner, and an image processing apparatus that transmits and receives faxes will be described.

In the present embodiment, a root CA is provided in one image processing device belonging to the information processing system. The root CA creates a key pair (key information) of a public key and a private key, and issues a self-signed certificate to prove itself based on the created key pair. This self-signed certificate is called a root certificate.

In the present embodiment, the key pair of the public key and the private key created by the root CA is divided into a plurality of pieces by using the threshold secret sharing method described later, and the secret sharing data is created. Then, in the present embodiment, each of the plurality of secret sharing data is stored in the image forming apparatus in the information processing system. When either the private key or the public key of the root CA is lost, the key information which is the key pair of the public key and the private key can be restored by collecting the secret sharing data. That is, the public key and private key of the root CA can be restored.

FIG. 1 is a diagram showing a configuration example of the information processing system of the present embodiment. The information processing system 1 has four image processing devices 100A, 100B, 100C, and 100D. These image processing devices 100A to 100D can transmit and receive data to and from each other via the network 200. Further, in the following description, when a plurality of image processing devices are collectively referred to or need not be specified, they will be described with reference numerals of only numbers.

The image processing device 100 is an MFP (Multifunction Peripheral) having each function of copying, printing, scanning, and fax transmission / reception. Of the image processing devices 100, the image processing device 100A is provided with the root CA 160, and the image processing devices 100B, 100C, and 100D are not provided with the root CA. The image processing device 100 in which the root CA is not installed is referred to as a non-CA image processing device.

The image processing devices 100B to 100D create a key pair of a public key and a private key, send the created public key to the root CA160 installed in the image processing device 100A, and request the issuance of a digital certificate. When the image processing devices 100B to 100D issue a digital certificate from the root CA160, the image processing devices 100B to 100D store the digital certificate in their own machine together with the public key and the private key pair. Similarly, the image processing device 100A also creates a key pair of a public key and a private key, has the root CA160 coexisting in the same housing issue a digital certificate, and stores the digital certificate in its own machine. Here, the digital certificate that the image processing device 100 requests the root CA 160 to issue is referred to as a server certificate. In this way, the image processing devices 100A to 100D store their own server certificates together with the key pairs created by their own machines.

The client 300 is a computer that communicates with the image processing device 100. Since the client 300 performs SSL / TLS encrypted communication with the image processing devices 100A to 100D, the root certificate issued by the route CA160 is stored in a predetermined position of the own machine. Further, in the present embodiment, the image processing devices 100A to 100D also perform SSL / TLS encrypted communication. Therefore, the image processing devices 100A to 100D also store the root certificate issued by the route CA160 at a predetermined position of their own machine.

Although the number of image processing devices belonging to the information processing system 1 is four in the present embodiment, the number of image processing devices is not limited to this, and any number of image processing devices may be used. Further, a plurality of clients 300 may be included in the information processing system 1.

FIG. 2 is a diagram showing a hardware configuration example of the image processing device 100. The image processing device 100 includes a controller 101 that comprehensively controls the devices inside the image processing device 100, and peripheral devices such as an operation panel 120, a printer engine 121, and a scanner 122 that are controlled by the controller 101.

The controller 101 is a general term for a control mechanism that controls operations when executing various jobs, and has the following configuration.

The network I / F 102 (I / F: Interface) is an interface board that controls data communication performed with an external device. The program ROM 103 (ROM: Read Only Memory) is a non-volatile memory in which a program for managing data in the controller 101 and controlling peripheral modules is stored.

The font ROM 104 is a non-volatile memory that stores various types of fonts used in the printing operation. The operation unit I / F 105 is an interface board that controls data input / output to / from the operation panel 120. The operation unit I / F 105 receives an instruction from the CPU 107 (CPU: Central Processing Unit) and causes the operation panel 120 to draw the instructed image. Further, the operation unit I / F 105 outputs the pressed coordinate data or the like received by the operation panel 120 to the CPU 107.

HDD 106 (HDD: Hard Disk Drive) is an auxiliary storage device for storing data. The HDD 106 stores a program executed by the CPU 107, control data, and image data scanned by the user. Further, the HDD 106 stores a program that provides a function as the root CA 160, a private key, key information of a public key, and each digital certificate.

The CPU 107 is a processing device that expands the programs stored in the program ROM 103 and the HDD 106 into the RAM 108 and executes calculations.

The RAM 108 is a volatile memory and is a work memory when the CPU 107 processes it. The RAM 108 stores programs and data to be calculated and executed by the CPU 107, and also functions as a buffer for temporarily storing print data. The print data stored in the buffer is processed by the CPU 107 and output to the printer engine 121.

The NV-RAM 109 is a non-volatile memory and stores data that needs to be continuously stored even when the power is turned off. The engine I / F 110 is an interface for controlling the printer engine 121 from the controller 101.

The scanner I / F 111 outputs a scan start instruction from the CPU 107 to the scanner 122. Further, the scanner I / F 111 outputs the scanned image from the scanner 122 to the CPU 107. The scanned image is temporarily stored in the RAM 108 or the like under the control of the CPU 107.

The operation panel 120 is a touch panel display in which a touch panel is laminated on a flat display. The operation panel 120 displays the status of the main body of the image processing device 100, the execution status of the job, and the like, and also receives input by a touch operation from the user.

The printer engine 121 supplies a recording medium from the supply unit, and forms an image specified by the user on the recording medium. Then, the printer engine 121 discharges the formed recording medium to the outside of the image processing device 100.

The scanner 122 reads a document placed on a glass plate using an imaging device such as a CCD (Charge-Coupled Device) image sensor. The read scanned image is temporarily stored in the RAM 108 or the HDD 106 via the scanner I / F 111. After that, the scanned image is transmitted to the destination specified by the user via the network I / F 102.

FIG. 3 is a schematic diagram showing data stored in each image processing device 100. Each image processing device 100 stores the data shown in FIG. 3 in addition to the above-mentioned root certificate and server certificate, the private key created by the image processing device 100, and the key pair of the public key.

The image processing device 100A stores the private key, the public key pair, and the IP address list created by the root CA 160. The IP address list is data in which the identification information of the image processing devices 100A to 100D belonging to the information processing system 1 is listed. In this embodiment, an IP address is adopted as the identification information. The description of "CA = IP_A" in the IP address list shown in FIG. 3 indicates that the route CA160 is installed in the image processing apparatus 100A to which the IP address of IP_A is assigned. Further, the description of "nonCA = IP_B, IP_C, IP_D" indicates that the image processing devices 100B, 100C, and 100D to which the IP addresses of IP_B, IP_C, and IP_D are assigned are non-CA.

Further, the image processing device 100A has secret sharing data A. The secret sharing data is one of the data obtained by dividing the private key and public key pair of the root CA160 by secret sharing. The secret sharing data will be described later.

The image processing devices 100B to 100D store the same IP address list as the image processing device 100A, and store secret sharing data B, C, and D, respectively.

The secret sharing data of this embodiment will be described with reference to FIG. The secret sharing data is data obtained by dividing secret data into N pieces, and has a feature that the original secret data can be restored by collecting arbitrary M pieces (N ≧ M) among them. The value of M is arbitrarily defined when creating secret sharing data from secret data. Further, the secret sharing data has a feature that the secret data can be restored by collecting M pieces, but cannot be restored to the secret data when the number is (M-1) or less. In the present embodiment, as shown in FIG. 4, the private key and public key pair created by the root CA 160 are divided into four secret sharing data by secret sharing and created. Further, in the present embodiment, the secret sharing data is created so that the original key pair can be restored by collecting any three secret sharing data.

FIG. 4A illustrates the restoration of the key pair when the image processing device 100A having the root CA 160 is disconnected from the information processing system 1 due to a malfunction or the like. If the image processing device 100A including the root CA 160 is disconnected due to a defect or the like, the key pair managed inside the root CA 160 does not exist. However, since the secret sharing data B to D are stored in the image processing devices 100B to 100D, respectively, the private key and the public key pair can be restored by collecting the secret sharing data B to D. 4 (B) to 4 (D) explain the restoration of the key pair when the non-CA image processing devices 100B to 100D are separated from the information processing system 1. Similarly, the key pair can be restored by collecting the secret sharing data remaining in the information processing system 1.

In the present embodiment, among the so-called secret sharing methods, secret sharing data is created from the key pair by using the threshold secret sharing method. In addition, the so-called secret sharing method includes various methods such as a lamp type method and a method using a matrix, and any method may be adopted. In addition, in this specification, as an expression indicating a secret sharing method, it may be simply expressed as "secret sharing".

FIG. 5 is a block diagram of the image processing device 100. It is assumed that all of the image processing devices 100A to 100D have the configuration shown in FIG. 5, regardless of whether or not the route CA160 is included. The image processing device 100 includes an IP address list creation unit 151, a key creation unit 152, a certificate creation unit 153, a secret sharing data creation unit 154, a system control unit 155, a storage unit 156, a configuration change detection unit 157, and a display operation unit 158. , Has a communication unit 159. These are realized by the CPU 107 calculating and executing the programs stored in the HDD 106 and the program ROM 103 to control each hardware inside the image processing device 100.

The IP address list creation unit 151 lists the IP addresses input by the administrator via the display operation unit 158 and the like. As described above, this list lists the IP addresses of the image processing apparatus 100 included in the information processing system 1. Further, when the configuration change detection unit 157 detects a change such as a change in the IP address of the image processing device 100 or an increase or decrease in the number of image processing devices 100, the IP address list creation unit 151 follows the change in the IP address list. Update.

The key creation unit 152 creates a key pair of a private key and a public key for performing encrypted communication. The certificate creation unit 153 creates a root certificate. Further, when the issuance request of the server certificate is received from the image processing devices 100A to 100D, the certificate creation unit 153 creates the server certificate of the image processing device 100.

When the root certificate is created, the certificate creation unit 153 describes the public key created by the key creation unit 152, the information of the root CA160, and the information of the root CA160 as the request source (this information is described). Calculate the hash value of (referred to as information). The certificate creation unit 153 encrypts the calculated hash value with the private key created by the key creation unit 152, that is, the private key of the root CA 160, and creates an electronic signature. Then, the certificate creation unit 153 creates a root certificate by attaching an electronic signature to the described information. Further, when creating the server certificate of the image processing devices 100A to 100D, the request source information in the above description information is replaced with the information of the image processing devices 100A to 100D.

The secret sharing data creation unit 154 creates secret sharing data from the key pair of the private key and the public key of the root CA160 created by the key creation unit 152. Here, the secret sharing data creation unit 154 creates four secret sharing data A to D. As described above, by collecting three of the secret sharing data A to D, the key pair of the private key and the public key can be restored. When the configuration change detection unit 157 detects a configuration change of the information processing system 1, the secret sharing data creation unit 154 recreates the secret sharing data divided into the same number as the number of the changed image processing devices 100. In this embodiment, a plurality of modules are stored in advance according to the number of divisions and the number required for restoration, such as a program for creating four secret sharing data and a program for creating three secret sharing data. Has been done. The secret sharing data creation unit 154 can create secret sharing data according to various numbers by switching the program to be used according to the number of image processing devices 100 and the number required for restoration.

The system control unit 155 comprehensively controls the functions and modules of the entire image processing device 100. The system control unit 155 executes jobs such as copying, printing, scanning, and fax transmission / reception. In addition, each functional unit shown in FIG. 5 is activated by designating parameters, and acts as a bridge for data exchange between the functional units.

The storage unit 156 stores each digital certificate, secret sharing data, and IP address list, and also stores the private key and public key pair of each image processing device 100. In the case of the image processing device 100A including the root CA160, in addition to these, the storage unit 156 also stores the key pair of the private key and the public key of the root CA160.

The configuration change detection unit 157 detects whether or not there is a change in the configuration of the image processing device 100. The change in the configuration here may be an increase or decrease in the number of image processing devices 100 belonging to the information processing system 1, or a change in the IP address of the existing image processing device 100. A configuration change for increasing or decreasing the number of units is referred to as a unit number change, and a change in the IP address of the image processing apparatus 100 is referred to as an IP address change. An example of detecting a change in configuration will be described later.

The display operation unit 158 displays a message such as the status of the image processing device 100 to the user, and also receives a job execution instruction and a set value at the time of job execution from the user.

The communication unit 159 transmits / receives information to / from the outside. Based on the instruction from the system control unit 155, the communication unit 159 sends / receives secret sharing data, sends / receives each digital certificate, and notifies the administrator by e-mail.

The secret sharing data creation unit 154 functions as a creation unit and a re-creation unit. The system control unit 155 and the communication unit 159 function as a distribution unit, a redistribution unit, and an acquisition unit. The IP address list creation unit 151 functions as an update unit. The configuration change detection unit 157 functions as a determination unit. The communication unit 159 and the display operation unit 158 function as a notification unit.

Next, an operation example when the route CA160 is introduced into the information processing system 1 will be described. FIG. 6 is a flowchart showing an example of the introduction operation of the route CA160. Here, the operation example of the image processing device 100A will be described, but the flowchart of FIG. 6 can be applied to the non-CA image processing devices 100B to 100D. The flowchart of FIG. 6 is executed when the administrator performs a predetermined operation on the display operation unit 158. Further, here, it is assumed that the route CA160 is provided in the image processing device 100A.

The system control unit 155 of the image processing device 100A determines whether CA or non-CA is set in the own machine (S601). The system control unit 155 determines the presence or absence of the setting by checking the presence or absence of the regulation file indicating that CA or non-CA has already been set, or by checking the presence or absence of the IP address list or secret sharing data. do. When CA or non-CA is set (S601: No), the process proceeds to S609. When CA or non-CA is not set (S601: Yes), the system control unit 155 displays a selection screen for selecting whether the image processing device 100A is CA or non-CA on the display operation unit 158. (S602). This selection screen is shown in FIG. The display operation unit 158 displays a selection screen 700 including the CA button 701 and the non-CA button 702, and causes the administrator to select whether the image processing device 100A is CA or non-CA.

When the non-CA button 702 is pressed (S603: No), the system control unit 155 gives an instruction to start setting the non-CA (S604). If the image processing device 100 operated by the administrator is an image processing device 100B to 100D, the process proceeds to S604. In S604, when the system control unit 155 of the image processing devices 100B to 100D receives the non-CA setting start instruction, it starts a background process for transmitting and receiving data. As a result, specific TCP ports and UDP ports of the image processing devices 100B to 100D are opened. The communication unit 159 will receive and transmit data via this port. These TCP ports and UDP ports are referred to as communication ports in this embodiment.

On the other hand, when the CA button 701 is pressed (S603: Yes), the system control unit 155 displays a confirmation screen on the display operation unit 158 and waits until the administrator gives an instruction to start setting the route CA160 (S605). : No loop). In the present embodiment, data is transmitted and received between the image processing devices 100B to 100D during the setting process of the route CA160. Therefore, in order to enable data reception by the image processing devices 100B to 100D, it is necessary to perform the non-CA setting process of S604 in advance and open the above-mentioned communication port. The administrator gives an instruction to start setting the non-CA of S604 to the image processing devices 100B to 100D, and then gives an instruction to start setting the route CA160 of S605.

Upon receiving the instruction to start the CA setting process (S605: Yes), the system control unit 155 first opens the TCP and UDP communication ports. Then, the system control unit 155 displays the administrator information setting screen 800 shown in FIG. 8 on the display operation unit 158 and performs the administrator registration process (S606). The administrator inputs his / her e-mail address in the input field 801 and presses the registration button 802. Triggered by pressing the registration button 802, the system control unit 155 of the image processing device 100A stores the input e-mail address in the storage unit 156, and stores the administrator's e-mail address in the other image processing devices 100B to 100D. Send information. When the image processing devices 100B to 100D receive the information of the administrator's e-mail address, the image processing devices 100B to 100D store the administrator's e-mail address in the storage unit 156 of the own machine. When the cancel button 803 is pressed, the value entered in the input field 801 is not registered, and the process proceeds to the next S607 process. The administrator can change the contact information at any time by displaying the setting screen 800.

The system control unit 155 of the image processing apparatus 100A performs an IP address list introduction process (S607), and then performs a root CA start-up process (S608). S607 and S608 will be described later. When these processes are completed, the system control unit 155 starts the actual operation (S609).

The process of introducing the IP address list of S607 will be described with reference to the sequence diagram of FIG.

Upon receiving the instruction to start setting the route CA160, the IP address list creation unit 151 of the image processing device 100A acquires the IP address of the image processing device 100 in the information processing system 1 including the IP address of its own machine (S901). .. In S901, the IP address input by the administrator is acquired via the display operation unit 158. The IP address list creation unit 151 lists a plurality of acquired IP addresses and stores them in the storage unit 156 (S902). The IP address list creation unit 151 can also search the image processing device 100 via the network 200. The IP address list creation unit 151 transmits a UDP datagram including a specified message using the above communication port as a destination port by broadcasting or multicasting. Then, when the IP address list creation unit 151 receives a reply message from the device whose communication port is opened, the IP address list creation unit 151 registers the IP address of the device that has replied in the list. In this case, the image processing device 100A currently being operated by the administrator is registered as the image processing device having the route CA160, and the other image processing devices 100B to 100D that have been returned are registered as non-CA.

The IP address list creation unit 151 transmits the created IP address list to the image processing devices 100B to 100D (S903). The IP address list creation unit 151 designates the TCP communication port as the destination port and transmits the IP address list. The IP address list creation unit 151 of the image processing devices 100B to 100D receives the IP address list and stores it in the storage unit 156 (S904). As a result, the image processing device 100A having the root CA 160 and the non-CA image processing devices 100B to 100D hold the same IP address list.

Subsequently, the start-up process of the route CA160 shown in S608 of FIG. 6 will be described with reference to FIG. The key creation unit 152 of the image processing device 100A creates a private key and a public key of the root CA 160 (S1001). The public key cryptosystem includes RSA, elliptic curve cryptography, ElGamal, and the like, but any method may be adopted. The key creation unit 152 stores the created private key and public key pair of the root CA160 in the storage unit 156 (S1002). The certificate creation unit 153 acquires a public key from the key pair created in S1001, creates a root certificate for the public key (S1003), and saves the created root certificate in the storage unit 156. (S1004).

The secret sharing data creation unit 154 of the image processing device 100A creates secret sharing data from the secret key and public key pair of the root CA160 created in S1001 (S1005). In the present embodiment, the secret sharing data creation unit 154 creates four types of secret sharing data A to D. The secret sharing data creation unit 154 stores the secret sharing data A in the storage unit 156 out of the four created data (S1006). Then, the secret sharing data creation unit 154 transmits the root certificate created in S1003 and the secret sharing data B created in S1005 to the image processing device 100B (S1007). The system control unit 155 of the image processing device 100B acquires the root certificate and the secret sharing data B via the communication unit 159 and stores them in the storage unit 156 of the own machine (S1008).

The secret sharing data creation unit 154 of the image processing device 100A similarly transmits the root certificate and the secret sharing data C to the image processing device 100C (S1009). Then, the system control unit 155 of the image processing device 100C acquires these and stores them in the storage unit 156 of the own machine (S1010). Similarly, the root certificate and the secret sharing data D are transmitted to the image processing device 100D, and these are stored in the storage unit 156 of the image processing device 100D (S1011, S1012).

After the above processing is performed, the operation is started (S608). During operation, the root certificate of root CA160 is introduced into the client 300. Further, the image processing devices 100A to 100D create a private key and a public key by themselves, and transmit the public key to the root CA 160 included in the image processing device 100A to request the issuance of a server certificate.

Root CA160 creates a server certificate and returns it to the requester. The image processing devices 100A to 100D receive the server certificate and store it in the own machine together with the created private key and public key.

Further, the sequence for establishing SSL / TLS encrypted communication between the image processing device 100 and the client 300 is generally as follows. Here, it will be described as assuming that SSL / TLS encrypted communication is established with the image processing device 100B.
(1) In the SSL / TLS communication establishment sequence, the client 300 acquires the server certificate of the image processing device 100B from the image processing device 100B.
(2) The client 300 verifies the server certificate obtained from the image processing device 100B by using the root certificate stored in its own machine. This verification operation will be described. The client 300 decrypts the digital signature attached to the server certificate with the public key of the root CA160 included in the installed root certificate, and obtains a hash value. Then, the client 300 calculates the hash value of the description information included in the server certificate, and compares these two hash values to determine the suitability of the verification.
(3) If the verification is conforming, the client 300 makes the acquired server certificate reliable, encrypts the data with the public key included in the server certificate, and transmits the data to the image processing device 100B. The data transmitted here is the premaster secret that is the basis of the common key.
(4) The image processing device 100B decodes the transmitted data using its own private key to obtain a premaster secret.
Subsequent procedures for creating a common key from the premaster secret and performing encrypted communication using the common key are the same as in the conventional SSL / TLS sequence.

Next, the operation of detecting whether the configuration of the information processing system 1 has been changed will be described. FIG. 11 is a sequence diagram for detecting whether or not the configuration of the image processing device 100 belonging to the information processing system 1 has been changed. Here, it is described that the non-CA image processing device 100B mainly operates, but it can also be applied to the case where the other image processing devices 100A, 100C, and 100D mainly operate.

When the power of the image processing device 100B is turned on or the specified period elapses (S1101), the configuration change detection unit 157 of the image processing device 100B transmits a network configuration inquiry message to the image processing devices 100A, 100C, and 100D. (S1102). The message transmitted in S1102 is a predefined one. This message is sent by broadcast or multicast. At this time, the configuration change detection unit 157 transmits the UDP datagram with the above-mentioned communication port as the destination port.

When the image processing devices 100A, 100C, and 100D listening for data at the communication port receive this transmission message, they return the IP address list stored in the storage unit 156 of their own device to the image processing device 100B ( S1103).

The configuration change detection unit 157 of the image processing device 100B receives the IP address list and extracts the IP address of the transmission source from the IP header attached to the received data. Further, the IP address currently assigned to the image processing apparatus 100B is acquired (S1104). According to S1104, the configuration change detection unit 157 can acquire the value of the current IP address of each of the image processing devices 100A to 100D.

The configuration change detection unit 157 of the image processing device 100B compares the IP addresses listed in the IP address list with the current IP addresses of the image processing devices 100A to 100D (S1105). When the IP addresses listed in the IP address list and the current IP addresses match in both number and content (S1105: Yes), the configuration change detection unit 157 determines that there is no configuration change. The process ends. On the other hand, if they do not match (S1105: No), the configuration change detection unit 157 determines that the configuration has been changed, and sends an e-mail stating this to the e-mail address of the administrator. Here, a notification that the number of image processing devices 100 has changed and a notification that the IP address of any of the image processing devices 100 has changed are sent by e-mail. Then, the configuration change detection unit 157 operates the display operation unit 158 to display, for example, the dialog screen 1200 of FIG. 12 (S1106). When the button 1201 in the dialog screen 1200 is pressed, an e-mail regarding the configuration change is resent to the administrator's e-mail address.

The configuration change detection unit 157 determines whether the configuration change this time is only an IP address change or is accompanied by a change in the number of units (S1107). When only the IP address is changed (S1107: Yes), the configuration change detection unit 157 updates the IP address list so as to match the current IP address configuration (S1108).

The configuration change detection unit 157 of the image processing device 100B saves the saved IP address list so as to replace it with the updated IP address list (S1108). Then, the configuration change detection unit 157 transmits the updated IP address list to the image processing devices 100A, 100C, and 100D via the communication unit 159 (S1100). The configuration change detection unit 157 of the image processing devices 100A, 100C, and 100D replaces the stored IP address list with the updated IP address list and stores it in the storage unit 156 of the own machine (S1111).

In S1107, when the number of units is changed (S1107: No), the IP address list is not updated in the present embodiment, and the process is terminated as it is. The reason for this will be explained. Since four image processing devices 100 are configured in the present embodiment, a total of four IP address lists including the IP address list stored in the own machine are usually collected in S1103. However, when only three IP address lists are collected, it means that one image processing device 100 is no longer belonging to the information processing system 1 for some reason. If it is recovered by a simple restart, it is not necessary to update the IP address list because it is temporary. However, if something goes wrong and needs to be repaired, it will be long-term and the IP address list will need to be updated. In this way, the determination of whether it is temporary or long-term is left to the administrator in this embodiment. Therefore, in S1107, if the number of units is changed (S1107: No), the process ends without updating the IP address list.

For the above reason, in the case of a configuration change accompanied by a change in the number of units, the IP address list is not updated, but the mode is not limited to this. It may be a configuration change that involves a change in the number of units, or an implementation that updates the IP address list.

When a configuration change is detected by the process of FIG. 11 and the change is a change that reduces the number of image processing devices 100, the target image processing device 100 is separated from the management of the information processing system 1 and the secret sharing data is regenerated. Need to create. This will be described. In the present embodiment, the configuration is changed from 4 units to 3 units, and even if the number of secret sharing data is reduced to 3, the key pair can be recreated from the secret sharing data. However, if the number of image processing devices 100 is further reduced, the key pair cannot be restored. Therefore, in a situation where the number of units has already decreased, it is preferable to recreate the three secret sharing data that can be restored to the original key pair by collecting two, for example. Hereinafter, an operation of separating one of the image processing devices 100 from the management of the information processing system 1 and recreating the secret sharing data will be described.

First, the administrator operates one of the image processing devices 100 to display the selection screen 1300 of FIG. When the non-CA image processing devices 100B to 100D are separated from the information processing system 1, the administrator presses the button 1301. When the image processing device 100A including the route CA160 is separated from the information processing system 1, the administrator presses the button 1302. When the button 1302 is pressed, the image processing device 100 currently being operated by the administrator is configured to include the root CA 160.

FIG. 14 is a sequence diagram when the non-CA image processing device 100 is separated. Here, the image processing apparatus 100D will be described as being separated. Further, it is assumed that the image processing device 100B is operated by the administrator.

When the display operation unit 158 of the image processing device 100B receives the pressing of the button 1301 shown in FIG. 13, the IP address list creation unit 151 of the image processing device 100B reconstructs the IP address list (S1401). As described in S1103 and S1104 of FIG. 11, the IP address list creation unit 151 creates a list of IP addresses of the image processing apparatus 100 that has returned to the broadcast or multicast UDP message. The IP address list creation unit 151 also adds the IP address of its own machine to the list. The display operation unit 158 of the image processing device 100B may display the created IP address list so that the administrator can confirm and correct it.

The secret sharing data creation unit 154 of the image processing device 100B transmits a secret sharing data request message to the image processing device 100A via the system control unit 155 and the communication unit 159 (S1402). The secret sharing data creation unit 154 acquires the secret sharing data A from the image processing device 100A via the system control unit 155 and the communication unit 159 (S1403). The secret sharing data creation unit 154 also acquires the secret sharing data C from the image processing device 100C (S1404, S1405). The secret sharing data creation unit 154 acquires the secret sharing data B stored in the storage unit 156 of the own machine (S1406). The secret sharing data creation unit 154 restores the key pair of the root CA160 from the secret sharing data A, B, and C thus acquired (S1407).

The secret sharing data creation unit 154 newly creates three secret sharing data X, Y, and Z from the restored key pair of the root CA160 (S1408). The secret sharing data X, Y, and Z have a data structure in which a key pair can be restored when two or more data are collected. After creating the secret sharing data X, Y, Z, the restored key pair is deleted for security reasons.

The system control unit 155 stores the IP address list and the secret sharing data X after being reconstructed in S1401 in the storage unit 156 of the own machine (S1409). The system control unit 155 transmits the reconstructed IP address list and secret sharing data Y to the image processing device 100A via the system control unit 155 and the communication unit 159 (S1410). The system control unit 155 of the image processing device 100A stores the received IP address list and secret sharing data Y in the storage unit 156 of the own machine (S1411).

The system control unit 155 of the image processing device 100B transmits the reconstructed IP address list and secret sharing data Z to the image processing device 100C via the system control unit 155 and the communication unit 159 (S1412). The system control unit 155 of the image processing device 100C stores the received IP address list and secret sharing data Z in the storage unit 156 of the own machine (S1413).

FIG. 15 is a sequence diagram in the case of disconnecting the image processing device 100A having the route CA160. As in FIG. 14, the image processing device 100B will be described as being operated by the administrator.

Since S1501 to S1507 are substantially the same as the operations of S1401 to S1407 of FIG. 14, the difference from FIG. 14 will be referred to here. In S1501, the IP address list is reconstructed so that the image processing apparatus 100B has a route CA160. Further, in S1502 to S1505, the secret sharing data C is received from the image processing device 100C, and the secret sharing data D is received from the image processing device 100D. Further, in S1507, the key pair of the root CA160 is restored from the secret sharing data B, C, and D.

The system control unit 155 stores the created key pair of the root CA160 in the storage unit 156 of the own machine (S1508). By storing the key pair of the private key and the public key in this way, the image processing device 100B can operate as the root CA 160. Further, if necessary, the own machine may execute a command to become the route CA160. Then, the secret sharing data creation unit 154 creates secret sharing data X, Y, and Z from the created key pair of the root CA160 (S1509).

Hereinafter, storing the reconstructed IP address list and each of the secret sharing data X, Y, and Z in the storage units 156 of the image processing devices 100B, 100C, and 100D is described in S1409 to S1413 of FIG. Is similar to.

In the present embodiment, the key pair of the private key and the public key of the root CA160 is used as the key information for performing encrypted communication. Then, in the present embodiment, secret sharing data for this key pair is created. In public key cryptography, a public key is data that can be known to a third party without any problem. Even if the public key is lost, it is written on the distributed digital certificate (root certificate). Therefore, the public key is data that can be extracted from the digital certificate. There is also a system that leaves only the private key and root certificate in a file without leaving the public key as a file when creating a root certificate. From this, the secret sharing data may be created only from the private key, or the secret sharing data may be created from the set of the private key and the root signature. Further, the embodiment of the present embodiment can also be applied to a common key cryptosystem in which encryption and decryption are performed with the same common key. In this case, secret sharing data is created from the common key, and the secret sharing data is distributed to each image processing device 100.

In the present embodiment, secret sharing data is created and restored for the private key and public key pair created by the root CA 160, that is, the key pair for the root certificate, and distributed to each image processing device 100. Explained what to do. Not limited to this, the embodiment of the present embodiment may be applied to a key pair of a private key and a public key created by each image processing device 100, that is, a key pair for a server certificate.

The relationship between the number of secret-sharing data created and the number of secret-sharing data required to restore the original data is not limited to the embodiment of the present embodiment. For example, the secret sharing data may be created so that the key information can be restored by collecting two of the four secret sharing data.

In the above embodiment, one secret sharing data is distributed to each of the image processing devices 100A to 100D. If there is a gap in the number of secret-shared data distributed for each information processing device, if one information processing device that has been distributed in large numbers becomes inoperable, the remaining number of secret-shared data will fall below the recoverable limit and will be restored. It may not be possible. By evenly distributing the information to the information processing devices as in the present embodiment, the possibility of recovery can be improved. However, the aspect is not limited to this. If there are four secret-sharing data, for example, they are not distributed to the image processing device 100A, but two to the image processing device 100B, one to each of the image processing devices 100C and 100D, and so on. good.

Further, the number of the image processing devices 100 and the number of divisions of the secret sharing data do not have to match. For example, in the case where the image processing device 100 is composed of four units, the secret sharing data divided into three may be created and distributed to each image processing device 100, or the secret sharing data divided into five or more may be created. , May be distributed to each image processing device 100. In this case, there may be an image processing device 100 to which the secret sharing data is not distributed, or there may be an image processing device 100 to which a plurality of secret sharing data are distributed.

In the above embodiment, it has been described that the secret sharing data is recreated and redistributed when the number of image processing devices 100 is reduced. Not limited to this, even when the number of image processing devices to which the secret sharing data is distributed increases, the re-creation and redistribution of the secret-sharing data of the present embodiment can be applied. For example, when the number of image processing devices 100 increases from 4 to 6, in S1408 of FIG. 14, the secret sharing data creation unit 154 creates 6 secret sharing data that can be restored by collecting 5 of each. The secret sharing data may be distributed to the image processing device 100.

Further, even when the number of units increases, the above-mentioned reconstruction of the IP address list can be applied. For example, when the number of image processing devices 100 increases from 4 to 6, the IP address list can be reconstructed by adding new IP addresses for 2 devices, for example, manually by the administrator. .. Further, if S604 of FIG. 6 is executed for the newly installed image processing device 100 and the above communication port is opened, it is possible to implement an automatic addition to the IP address list.

In the present embodiment, the image processing device 100 having each function of copying, printing, scanning, and fax transmission / reception has been described as an example of the information processing device. The embodiment of the present embodiment can be applied to computers such as servers and clients, mobile terminal devices such as smartphones and tablets, network communication devices, and other communicable devices. That is, any device or device can be applied as long as it is an information processing device capable of communicating with the outside.

In the present embodiment, the configuration includes the upper root CA160, but instead of the root CA160, a digital certificate is issued from an external root CA and the certificate authority may be authenticated. Further, in the present embodiment, although described as a private CA, it may be a public CA.

In the present embodiment, any of the image processing devices 100 is configured to have a CA function. With this configuration, it is not necessary to separately prepare a server for CA. Therefore, the maintenance work of the server for the CA does not naturally occur, and the labor of the administrator can be saved. On the other hand, a CA server having the function of the route CA160 of the present embodiment may be separately installed in the information processing system 1. The location of the server for CA may be any location as long as communication is possible, and may be installed overseas, for example.

In the present embodiment, a mode in which the key information is divided into a plurality of pieces to create secret sharing data and distributed to an information processing device belonging to the system has been described. Further, when the number of information processing devices is changed, a mode in which secret sharing data is newly created and redistributed according to the changed number is described. In this way, the key information can be easily restored by using the secret sharing data. Further, as the number of information processing devices decreases, the remaining number of secret-shared data also approaches the limit number that can be restored, and cannot be further reduced. For this reason, it is better to create new secret sharing data according to the changed number. According to the embodiment of the present embodiment, it is not necessary to manually perform the operation of recreating the secret sharing data and newly distributing it, and the workload of the administrator can be reduced.

In the present embodiment, a mode in which secret sharing data is collected from an image processing device and key information is restored using the collected secret sharing data has been described. Further, even if the information processing device including the CA is separated from the system, the key information is restored and the CA is newly provided in the other information processing device. As a result, the key information can be restored and the CA can be relocated under the initiative of the system, and the load of the administrator's setting work can be reduced.

In the present embodiment, the actual network configuration is detected, the detected configuration is compared with the configuration described in the IP address list, and if there is a change, the administrator is notified and the IP address list is updated. An implementation example has been described. As a result, the configuration change can be automatically followed, and the workload of the administrator can be reduced.

The system configuration of the image processing apparatus described in this embodiment is merely an example, and it goes without saying that there are various system configuration examples depending on the application and purpose.

As described in detail above, the present embodiment makes it possible to recover the lost key and reduce the cost.

1: Information processing system,
100, 100A, 100B, 100C, 100D: Image processing device,
101: Controller, 102: Network I / F, 103: Program ROM,
104: Font ROM, 105: Operation unit I / F, 106: HDD,
107: CPU, 108: RAM, 109: NV-RAM, 110: engine I / F,
111: Scanner I / F, 120: Operation panel, 121: Printer engine,
122: Scanner, 151: IP address list creation unit, 152: Key creation unit,
153: Certificate creation unit, 154: Secret sharing data creation unit, 155: System control unit,
156: Storage unit, 157: Configuration change detection unit, 158: Display operation unit, 159: Communication unit,
200: Network.

Japanese Patent No. 4778210

Claims (7)

An information processing device that belongs to a system that includes multiple information processing devices that encrypt and communicate data.
A digital certificate is issued by a certificate authority that issues a digital certificate included in any of a plurality of information processing devices belonging to the system, which is a private key that constitutes a public key and a key pair for performing encrypted communication. A creation unit that creates secret sharing data by dividing the key information as the signing key of the relevant certificate authority into multiple parts by the secret sharing method.
A distribution unit that distributes the secret sharing data created by the creation unit to an information processing device belonging to the system, and a distribution unit.
When the number of information processing devices belonging to the system is changed because the information processing device including the certification authority that belonged to the system no longer belongs to the system, the key information is changed to the information processing device after the change. The re-creation department that creates new secret sharing data by dividing it into the number according to the number of
A redistribution unit that newly distributes the secret sharing data newly created by the recreating unit to an information processing device belonging to the system, and a redistribution unit.
When the number of the information processing devices is changed, the acquisition unit that acquires the secret sharing data distributed to the information processing devices belonging to the system, and the acquisition unit.
Have,
The recreating unit restores the key information when the number of information processing devices belonging to the system is changed because the information processing device including the certification authority that belonged to the system no longer belongs to the system. Is stored in the storage unit of the own machine, the authentication authority is newly provided in the own machine, the key information is restored from the secret sharing data acquired by the acquisition unit, and the secret sharing is performed from the restored key information. An information processing device characterized by creating new data. In the information processing apparatus according to claim 1, further
The configuration of the information processing device is changed by comparing the list of identification information of the information processing device belonging to the system with the identification information of the information processing device that has replied to a predetermined transmission message defined in advance. An information processing device having a determination unit for determining whether or not the information has been processed. In the information processing apparatus according to claim 2, further
An information processing device having an update unit that updates the list to a list of identification information of the information processing device that has returned when it is determined by the determination unit that the configuration has been changed. In the information processing apparatus according to any one of claims 1 to 3, further
An information processing device having a notification unit that notifies a message when the configuration of the information processing device belonging to the system is changed. In the information processing apparatus according to any one of claims 1 to 4.
The creation unit divides the key information into the same number as the number of information processing devices belonging to the system to create secret sharing data.
The distribution unit distributes the secret sharing data one by one for each information processing device belonging to the system.
When the number of information processing devices belonging to the system is changed, the recreating unit creates secret sharing data by newly dividing the key information into the same number as the changed number.
The redistribution unit is an information processing device that distributes the secret sharing data newly created by the recreating unit to each information processing device belonging to the system. An information processing system that enables mutual communication of encrypted data between multiple information processing devices.
A digital certificate at an authentication authority that issues a digital certificate included in any of a plurality of information processing devices belonging to the information processing system, which is a private key that constitutes a public key and a key pair for encrypted communication. The secret sharing data creation unit that creates secret sharing data by dividing the key information as the signature key of the certification authority for issuing the data into multiple pieces by the secret sharing method.
A distribution unit that distributes and distributes the secret sharing data to each of the information processing devices,
A system configuration acquisition unit that acquires the number of the information processing devices included in the information processing system, and
When the number of the information processing devices is changed, the acquisition unit that acquires the secret sharing data distributed to the information processing devices belonging to the information processing system, and the acquisition unit.
Have,
When the system configuration acquisition unit detects a change in the number of information processing devices,
In the secret sharing data creation unit, the number of information processing devices belonging to the information processing system is changed because the information processing devices including the certification authority that belonged to the information processing system no longer belong to the information processing system. In this case, the restored key information is stored in the storage unit of the own machine, the authentication authority is newly provided in the own machine, and the key information is restored and restored from the secret sharing data acquired by the acquisition unit. From the key information that has been processed, the secret sharing data is recreated according to the number of units after the change.
The distribution unit is an information processing system characterized in that the secretly distributed data created again is distributed and redistributed to each of the information processing devices after the number of units has changed. It is a key management method for a system that includes multiple information processing devices that encrypt data for communication.
A digital certificate is issued by a certificate authority that issues a digital certificate that is a private key that constitutes a public key and a key pair for performing encrypted communication and is included in any of a plurality of information processing devices belonging to the system. The key information as the signing key of the relevant certificate authority is divided into multiple parts by the secret sharing method to create secret sharing data.
The created secret sharing data is distributed to the information processing device belonging to the system, and the information processing device is distributed.
When the number of the information processing devices is changed, the secret sharing data distributed to the information processing devices belonging to the system is acquired.
When the number of information processing devices belonging to the system is changed because the information processing device including the certification authority that belonged to the system no longer belongs to the system, the key information belongs to the system. When the number of information processing devices belonging to the system is changed because the information processing device including the certification authority no longer belongs to the system, the restored key information is stored in the storage unit of the own machine, and the information processing device is stored in the storage unit of the own machine. Airplane newly provided with the certificate authority, before Quito resulting secret distributed data, the key information restoring, by dividing the number corresponding to the number of the information processing apparatus after the change from the restored key information, a new Create secret shared data in
A key management method characterized in that the newly created secret sharing data is newly distributed to an information processing device belonging to the system.

Images