JP2000232443A - Information pass control method, gateway device and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To verify the transmission of false information by transmitting a pair of cipher communication information and cipher pass control information to a receiver, receiving the transmitted pair of information by means of a public key that is previously acquired to decide the propriety of pass and controlling a communication path on the basis of the cipher communication information received from the receiver and the hash value of the communication information. SOLUTION: An SPA produces the hash value MD(T1) to MD(T2) against a label and subprograms T1 to T3 respectively and enciphers these hash value by means of a secret key to send them to a Web server manager. When the connection is requested, the server manager enciphers the subprogram T1 by means of a session key K and transmits the enciphered subprogram T1 to a Web browser after adding a cipher label sent from the SPA to the subprogram T1. A gateway decodes the received signals by means of a public key and decides the propriety of the pass. The Web server sends the hash value of the subprogram and the decoded subprogram back to the gateway from a program and decides the propriety of the continuation of connection.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to information passing control in information communication, and more particularly to information passing control when a sender and a receiver communicate by encrypting communication information.

[0002]

2. Description of the Related Art Conventionally, as a secret communication method, there is a label adding method for adding a label to communication information. In this method, a sender first attaches a label indicating the characteristic of communication information to communication information and transmits the communication information to a receiver, and the passage control device existing between the sender and the receiver determines that the passage control device itself has The control rule is compared with the label to determine whether the communication information can be passed. In this method, the passage control device can perform passage control of communication information without analyzing the entire communication information. However, this method is possible only when communication information is transmitted in plain text, and is not suitable for encrypted communication.

On the other hand, in recent years, encryption communication using end-to-end encryption has been used. SSL (Sec
ure Socket Layer) method is one example. In SSL, first, a session key is created at the time of starting communication using the respective public keys, secret keys, and random numbers of a sender and a receiver and shared with each other. Next, the sender encrypts the communication information with the session key and transmits it. The receiver decrypts the received communication information with the session key. In this method, the passage control device passes communication information in an encrypted state.

[0004] In the case where the label addition method is applied to the above-mentioned SSL method and used for encrypted communication, that is, after the sender adds a label representing the characteristic of the communication information to the communication information, the communication information and the label are added to the receiver. In the case where the label is encrypted with the session key shared with the server and transmitted to the recipient, the label flows through the communication path in a state where the label is encrypted with the session key, so that the label cannot be read by the passage control device.

As a first means for solving the problem that the label cannot be read by the passage control device, a method in which the passage control device shares the session key and decrypts the ciphertext can be considered. However, this method has a new problem that the passage control device knows the contents of the communication information in addition to the label. This is inconsistent with the original purpose of encrypted communication in which a third party cannot know communication information along the communication path, and the meaning of encrypted communication is lost.

As a second means for solving the problem that the label cannot be read by the passage control device, the label is transmitted to the sender in plain text separately from the encrypted communication information before performing the encrypted communication. A method is conceivable. In this case, the passage control device can determine whether or not the communication information can be passed by comparing the passage control rule of the device itself with the transmitted label. However, this method has a problem that when the sender is unreliable, that is, when the sender encrypts and transmits communication information different from the contents of the label to the receiver, the passage control device cannot detect this. Further, since the information communication is encrypted, the passage control device itself cannot analyze the communication information to verify the mismatch between the label and the communication information.

[0007]

SUMMARY OF THE INVENTION It is an object of the present invention to provide a communication system in which communication information is encrypted between a sender and a receiver without knowing the contents of the communication information. The present invention provides an information passing control method, a gateway device, and a recording medium that can perform false pass control, and can verify when a sender and a receiver send false information to a pass control device. It is in.

[0008]

According to the information passing control method of the present invention, in order to achieve the above object, a verification organization has a public key and a secret key based on a public key cryptosystem and is submitted in advance by a sender. Generating a label corresponding to the communication information by verifying the characteristics of the communication information, and encrypting the label and the hash value of the communication information with a secret key of a verification organization to generate encryption pass control information; Transmitting the encrypted communication information to the recipient as a pair with the encrypted encrypted communication information and the encryption pass control information corresponding to the communication information; and To obtain the encrypted communication information and the encryption pass control information sent from the sender, decrypt the encryption pass control information with the public key of the verification organization, and pass the label in the pass control information and the pass of the device itself. control If it is determined that passage is not possible, the communication route is blocked.If it is determined that passage is possible, the hash value of the communication information in the passage control information and the hash value of the Storing the address and, when the receiver receives the encrypted communication information and the encrypted passage control information, the hash value of the encrypted communication information and the hash value of the decrypted communication information are transmitted to the passage control device. Sending, and the pass control device determines whether the hash value of the communication information retrieved using the hash value of the encrypted communication information sent from the receiver as a key and the communication information decrypted from the encrypted communication information sent from the receiver. The method includes a step of comparing the hash value with the hash value, maintaining the communication enabled state when the values match, and cutting off the communication path based on the stored sender address when the values do not match.

A recording medium according to the present invention is a recording medium on which a program for controlling a passage control device is recorded by the above method.

Further, the gateway device of the present invention transmits a hash value of encrypted communication information obtained by encrypting the communication information, a hash value of the communication information, and a sender's address, and transmits the information to the receiver. It has a pass control rule that describes the characteristics of communication information that is allowed to be transmitted, and a function to receive encrypted pass control information and encrypted communication information encrypted with the private key of the verifier from the sender, and decrypts the crypto pass control information Function to obtain the hash value of the passage control information and communication information, the function of blocking the communication path when it is determined that passage is not possible by comparing the passage control information and the passage control rule, and the hash value of the encrypted communication information. A function to add the hash value of the communication information and the address of the sender to the database, a function to receive the hash value of the encrypted communication information and the hash value of the communication information from the receiver, A function for extracting the hash value of the communication information and the address of the sender from the database using the hash value of the communication information as a key, and comparing the hash value of the communication information received from the receiver with the hash value of the communication information extracted from the database If they do not match, a function is provided to cut off the communication path based on the sender's address.

The present invention functions as follows. A verifier creates a label corresponding to the communication information by analyzing the communication information sent from the sender, and encrypts the label and the hash value of the communication information with a secret key to create encryption pass control information. To the sender. Since the cryptographic pass control information is encrypted with the private key of the verification organization, the sender cannot arbitrarily create it, and it is assured that the correct label has been created for the communication information by the verification organization. . Further, the passage control device decrypts the encrypted passage control information using the public key of the verification organization, and obtains a hash value and a label of the communication information. Since the communication information is encrypted between the sender and the receiver, the passage control device cannot obtain the plaintext of the communication information. However, by performing the passage control based on the label, the passage control device can perform the passage control without obtaining the plain text of the communication information.

Next, the receiver sends the hash value of the received encrypted communication information and the hash value of the decrypted communication information to the passage control device. The passage control device compares the hash value of the communication information obtained by decrypting the encrypted passage control information with the hash value of the encrypted communication information as a key, and the hash value of the communication information sent from the receiver. First, when the sender attaches the encryption pass control information obtained by sending other communication information to the verification authority, that is, when the sender attaches false encryption pass control information, the above two hash values to be compared are used. Values do not match. Also, when the receiver sends the hash value of the false communication information to the passage control device, the two hash values to be compared do not match. That is, the one-to-one relationship between the label and the communication information becomes clear. From this, as long as the sender and the receiver do not collude and obtain the same hash value of the communication information, the pass control device can determine the false application between the sender and the receiver.

As described above, according to the present invention, even when communication information is encrypted between a sender and a receiver, the passage control device does not know the communication information itself,
It is possible to control the passage of communication information, and it is possible to detect that the sender and the receiver have made false answers to the passage control device. If the reply to the pass control device of the receiver is determined to be false, or if there is no reply from the receiver for a certain period of time, the pass control device will thereafter transmit the communication information sent from the same sender or the time Discards the accumulated communication information in. This can prevent the sender and the receiver from communicating thereafter. That is, when the communication information is composed of a plurality of information segments, the receiver cannot obtain the entire communication information.

[0014]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Next, an embodiment of the present invention will be described for the case where end-to-end encrypted communication is performed between a web server and a web browser. FIG.
Is a diagram for explaining this embodiment. There is a gateway between the web server and the web browser. In this gateway, a passage control rule for each machine including a web browser terminal is registered by a gateway administrator. In addition, there is a SPA (Security Policy Authority) as a verification organization that labels contents.

[0015] The gateway administrator describes the passage control rules for each machine in the internal network in the gateway. For example, the following pass control rules are set for the web browser terminal. file.read = / tmp; / usr / home / share; file.write = / tmp; network.connect = smtp; http; This example shows the following: Regarding file reading, the directory or file under / tmp and / usr
Only the directory or file under / home / share is permitted.
Only the directory or file under mp is permitted, and only the port used for smtp or the port used for http is permitted for connection with other hosts.

The web server administrator creates a program T using mobile codes operating on the web. The program has, for example, three segments: subprogram T1, subprogram T2 and subprogram T
3 As a segment unit of the program, a packet or a cell can be used in addition to the subprogram. Also, mobile code is a program that is automatically downloaded and executed on a user's machine just by accessing a web page in which they are embedded, without explicit download by the user. Examples of mobile code include Java applets, ActiveXcontrols
, JavaScript, and the like.

Here, it is assumed that the program T operates as follows. file.read =; file.write =; network.connect =; That is, a program that does not read a file, write to a file, or connect to a port at all.

First, a series of flows in the normal system will be described. The web server administrator assigns the created program T to S
Send to PA. In the SPA, the received program T is analyzed, and the label CT for the program T and the hash value MD for each of the subprograms T1, T2 and T3 are analyzed.
(T1), MD (T2) and MD (T3) are created. next,
CT and MD (T1), CT and MD (T2), and CT and MD
(T3) are combined to create an encryption label encrypted with the private key of the SPA, and subprograms T1, T2 and T3 are created.
Are added with the encryption labels Cm1, Cm2 and Cm3, and are returned to the web server administrator. Web server administrator
Place the program sent from the PA on the web server.

A web browser accesses content on a web server. Prior to this, a session key K known only to the web server and the web browser is created to perform end-to-end encrypted communication.
In response to the connection request from the web browser, the web server first adds the encryption label Cm1 received from the SPA to the information {T1} K obtained by encrypting the subprogram T1 with the session key K, and transmits the information to the web browser.

The gateway converts the received encryption label to S
Decryption is performed using the public key of the PA, and the obtained label is compared with the passage control rule held by the device itself. If CT obtained by decrypting the encryption label Cm1 satisfies the passage control rule in the gateway, it is determined that passage is possible. The gateway uses M obtained at the same time as CT.
D (T1) and the IP address of the web server are stored. Also, the hash value MD ($ T1 $ K) of the information encrypted with the session key is stored as a search key.
The gateway sends the subprogram and the encryption label encrypted with the session key to the web browser. After that, the information sent from the web server, C
m2 and ｛T2｝ K and Cm3 and ｛T3｝ K suspend the connection at the gateway until a reply to the gateway is sent from the web browser described later.

The web browser obtains the subprogram T1 after decrypting using the session key. The web browser sends back the hash value MD (T1｝ K) of the encrypted subprogram sent from the web server and the hash value MD (T1) of the subprogram obtained by decryption to the gateway.

Here, the gateway uses the MD ({T1} K) returned from the web browser as a search key, and obtains the MD (T1) stored at the time of passing and the IP address of the web server. Here, MD (T1) sent from the web browser and M saved by the gateway
D (T1). In this case, they match. If they match, the pass judgment at the gateway is allowed.

Next, a series of flows in the abnormal system will be described. First, assume that there is a malicious web server administrator.
It is assumed that the web server administrator creates a program T 'for reading / etc / passwd and transferring it to the outside by smtp and the program T described above. That is, the program T 'operates as follows: file.read = / etc / passwd; file.write =; network.connect = smtp; The web server administrator sends T and T 'to the SPA, and obtains the encryption labels Cm and Cm'. The malicious web server administrator would originally have {T'1} K and Cm '
Is sent, {T'1} K and Cm are sent to the web browser.

The gateway decrypts the encryption label Cm1 and compares it with the passage control rule. In this case, since CT is obtained, the gateway determines that passage is possible. The gateway stores the MD (T1) obtained at the same time as the CT and the IP address of the web server. Also, the hash value MD ({T′1} K) of the information encrypted with the session key is stored as a search key. The gateway sends the subprogram and the encryption label encrypted with the session key to the web browser. Thereafter, the information Cm2 and {T'2} K and Cm3 and {T'3} K, which are subsequently transmitted from the web server, are transmitted by the gateway until a response to the gateway is transmitted from the web browser described later. Hold the connection.

The web browser obtains the subprogram T′1 after decrypting using the session key. The web browser transmits the hash value MD ({T′1} K) of the encrypted subprogram sent from the web server and the hash value MD (T′1) of the subprogram obtained by decryption.
To the gateway.

Here, the gateway performs a search using the MD ({T'1} K) returned from the web browser as a search key. As a result, the M stored in the gateway
D (T1) is obtained. Since this does not match the MD (T'1) sent from the web browser, the gateway rejects the passage judgment and discards the subsequent segments. Thus, the web browser can obtain only the subprogram T1 of the program T. As a result, the web browser cannot execute the program T.

Next, it is assumed that a malicious web browser exists simultaneously with the malicious web server. A malicious web browser shall rewrite the information returned to the gateway. In this case, the web browser needs to send MD (T1) to the gateway. Since T'1 is a program rewritten by the web server, MD
(T1) is information that cannot be known by a web browser alone. Therefore, if the information returned by the web browser to the gateway is falsified, the post-check of the gateway cannot be passed. That is, the web browser cannot obtain the entire program T. Further, if there is no response from the web browser for a certain period of time, the gateway rejects the passage judgment and makes the held Cm2 and {T2} K
And Cm3 and {T3} K are discarded. As a result, even a web browser that does not reply to the gateway can obtain only the subprogram T1 of the program T.

Therefore, even if the web browser and the web server individually falsify the information sent to the gateway, the gateway can detect the falsification and prevent the entire program from being delivered to the web browser.

[0029]

As described above, according to the present invention,
Even when encrypted communication is performed between the sender and the receiver and both the sender and the receiver are not reliable, the passage control of the communication information in the passage control device is possible. Therefore, for example, in an organization having a certain policy, the passage control device can prevent a user in the organization from obtaining communication information that violates the organization's policy. Further, according to the present invention, since the passage control device is a protocol that cannot view plain communication information itself, the passage control device can know the communication information itself sent from the sender to the receiver. Not guaranteed. This satisfies the condition that the third party, which is the original purpose of the encrypted communication, cannot know the communication information.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating an embodiment of the present invention.

[Explanation of symbols]

 T program C label MD hash function K session key

 ────────────────────────────────────────────────── ─── Continuing on the front page (72) Inventor Kimihiko Sekino 3-19-2 Nishi-Shinjuku, Shinjuku-ku, Tokyo Japan Nippon Telegraph and Telephone Corporation F-term (reference) 5B089 GA31 GB03 JA21 KA17 KB13 KC52 KC57 KC58 KH30 5J104 AA01 AA07 KA01 KA03 KA05 NA02 NA12 NA27 NA37 NA38 PA00 PA09

Claims (5)

[Claims] 1. A sender for transmitting communication information attaches a label indicating the characteristic to the communication information, and a passage control device located between the sender and the receiver is provided with a passage control rule that the device itself has. In an information passage control method for comparing a label with a label to determine whether communication information can be passed, a verifier has a public key and a secret key based on a public key cryptosystem, and verifies a communication information submitted in advance by a sender. Generating a label corresponding to the communication information by verifying the characteristics, encrypting the label and the hash value of the communication information with a private key of a verification institution to generate encryption passage control information, wherein the sender encrypts the communication information Transmitting the encrypted encrypted communication information and the encryption pass control information corresponding to the communication information to the recipient as a pair, and the pass control device obtains the public key of the verification organization in advance. , Obtain the encrypted communication information and the encryption pass control information sent from the sender, decrypt the encrypted pass control information with the public key of the verification organization, and collate the label in the pass control information with the pass control rule of the device itself. Step of blocking the communication path if it is determined that the passage is not permitted, and storing the hash value of the communication information and the address of the sender in the passage control information using the hash value of the encrypted communication information as a key when determining that the passage is permitted Sending a hash value of the encrypted communication information and a hash value of the decrypted communication information to the passage control device when the receiver receives the encrypted communication information and the encrypted passage control information; The hash value of the communication information retrieved by the device using the hash value of the encrypted communication information sent from the receiver as a key, and the hash value of the communication information decrypted from the encrypted communication information sent from the receiver. A communication path based on the sender's address that is stored if the addresses do not match. . 2. One communication information is composed of a plurality of communication information segments, and the sender encrypts the communication information in units of communication information segments. 2. The information passing control method according to claim 1, wherein each step is carried out for each segment. Further, if the pass control device determines that the pass is possible by comparing the label in the pass control information with the pass control rule of the device itself, the pass control unit determines that the pass is possible after the judgment. The encrypted communication information and the passage control information sent to the destination are stored, and the hash value of the encrypted communication information and the hash value of the communication information obtained by decrypting the encrypted communication information are received from the receiver, and whether or not the passage is possible is determined again based on the hash value. A step of determining, a step of transmitting the stored information to a receiver if the passable state is maintained, and a step of determining whether or not passage is possible; and
If the passage control device does not receive the hash value of the encrypted communication information and the hash value of the communication information obtained by decrypting the encrypted communication information from the recipient within a certain period of time, the communication path is cut off and the stored information addressed to the recipient is stored. 2. The information passing control method according to claim 1, further comprising a step of discarding the information. 4. A gateway device located between a sender transmitting communication information and a receiver receiving communication information, wherein a hash value of encrypted communication information obtained by encrypting the communication information, a hash value of the communication information, and transmission are provided. A database that stores the sender's address, and a pass control rule that describes the characteristics of the communication information that is allowed to be sent to the recipient. A function to receive control information and encrypted communication information; a function to decode encrypted passage control information to obtain a hash value of the passage control information and communication information; Function to block the communication path in the event of encryption, the function to add the hash value of the encrypted communication information, the hash value of the communication information, and the address of the sender to the database, and the encryption from the receiver. A function to receive the hash value of the communication information and the hash value of the communication information, a function to extract the hash value of the communication information and the address of the sender from the database using the hash value of the encrypted communication information as a key, and the communication information received from the receiver A gateway device having a function of comparing a hash value of the communication information with a hash value of communication information extracted from a database and, if the hash values do not match, blocking a communication path based on a sender address. 5. A recording medium on which a control program of a passage control device located between a sender for transmitting communication information and a receiver for receiving communication information is recorded, wherein 1) the communication information is encrypted from the sender. Receiving and decrypting the encrypted encrypted communication information and the encrypted passage control information encrypted with the private key of the verification organization, and comparing the label in the passage control information with the passage control rule of the device itself; 2) according to the comparison result Step of blocking the communication path if it is determined that the passage is not permitted, and 3) Transmission of the communication information hash value in the passage control information using the hash value of the encrypted communication information as a key if it is determined that the passage is possible based on the verification result. Storing the address of the recipient, transmitting the encrypted communication information and the passage control information to the recipient, and receiving the hash value of the encrypted communication information and the decrypted communication information from the recipient. Receiving the information hash value,
The hash value of the communication information retrieved using the hash value of the encrypted communication information as a key is compared with the hash value of the communication information obtained by decrypting the encrypted communication information sent from the receiver. If the hash values match, the communication is enabled. And recording a control program including a step of interrupting a communication path based on the sender's address stored if the addresses do not match.