Eiji Okamoto

Key distribution system based on identification information

A key distribution system (KDS) based on identification information (ID-based KDS) is presented. The system is founded on the Diffie-Hellman public key distribution scheme and has an identity authentication function. It uses an individual users identification information instead of the public file used in the Diffie-Hellman scheme. It does not require any services of a center to distribute work keys or users to keep directories of key-encrypting keys. Therefore, key management in cryptosystems can be simplified by adopting the ID-based KDS. Two kinds of identity-based key distribution system are proposed and applied to actual communication networks. One uses two-way (interactive) communication to distribute work keys, while the other uses one-way communication. Modular exponentiations of large numbers, used in the systems, are implemented with digital signal processors. >

Key Distribution Systems Based on Identification Information

Two types of key distribution systems based on identification information are proposed, one for decentralized networks and the other for centralized networks. The system suitable for decentralized networks is analogous to the Diffie-Hellman public key distribution system, in which the former uses each users identification information instead of a public file used in the latter. The proposed system is able to defend the networks from impostors. The system suitable for centralized networks, which is less analogous to the Diffie-Hellman system, can also defend the networks from impostors, though the network center does not have any directory of public or private key-encrypting keys of the users. Both of the systems proposed in this paper do not require any seivices of a center to distribute work keys, or users to keep directories of key-encrypting keys. Therefore, key management in cryptosystems can be practical and simplified by adopting the identity-based key distribution systems.

Identity-based information security management system for personal computer networks

A network information security management system which authenticates and/or encrypts messages is proposed. Both authentication and key distribution are executed in a simple scheme. Once the system is set up, the transactions are done independently by the users involved, yet the amount of information that users must keep is small. The experimental implementation of the system on a personal computer network, using IC cards (smart cards) and digital signal processors, is described. The signal processors shorten calculation time and make the concept practical. >

Key distribution system for mail systems using ID-related information directory

A key distribution system suitable for mail systems is presented. It realizes a secure cryptosystem that is convenient for users and, moreover, can be easily implemented in present computer networks. The system uses a public directory, which contains each users ID-related information, but is strong against forgery. A sender generates a key and key information which depends on the receiver, and sends the key information along with the encrypted message. Only the intended receiver can obtain the common key from the key information and decrypt the message. He can also convince himself that the sender is authentic. Since a random number is used in generation of a key and its information, keys are different in every mail item. The paper further discusses the implementation of the proposed system on an existing personal computer network. For faster execution, a digital signal processor is adopted. A modular algorithm suitable for the processor is presented.

Lifetimes of keys in cryptographic key management systems

The keys lifetimes necessary to attain a certain low disclosure rate have been investigated for two types of schemes. DES is employed as an encryption algorithm example. This paper employs the poorest attack, namely the exhaustive attack as a cryptanalysis. There may be a more effective attack. As results, we recommend to adopt SCHEME 2 and to change the master key ‘at least’ within a few years.

Proposal for Cryptographic Key Distribution System Based on Identification Information

A key distribution system based on identification information is presented. The system is based on the Diffie-Hellman public key distribution scheme (DH-PKDS) and has an identity authentication function. It uses identification information on individual users instead of a public file employed in the DH-PKDS. The system proposed here does not require any services of a center to distribute work keys, not does it require users to maintain directories of information for the generation of keys. This allows key management for cryptosystems to be simplified. n n n nIn this paper, two kinds of identity-based key distribution systems are proposed. One uses two-way (interactive) communication to distribute work keys, and the other uses one-way communication. They are applied to communication networks, on-line talk networks and mail networks, for instance. Modular exponentiations of large numbers used in the networks are implemented with digital signal processors.