JP6854872B1 - Master key creation method and master key creation system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method for creating a master key and a system for creating a master key, which can prevent the master key of a cloud user on the cloud from being taken out or changed from the cloud service provider side. A method is to logically link a user cloud area constructed on the cloud of a cloud service provider and a third-party cloud area constructed on the cloud of a cloud service provider by a third party. , When a user requests a third party to create a master key while the third party is configured to be able to upload and download to the user cloud area, the third party will give the master key. Create and download a wrap key for encryption in the user cloud area. The master key created by the master key creation device installed in the data center of the third party is encrypted with the downloaded wrap key, and the third party uploads the master key to the user cloud area. [Selection diagram] Fig. 5

Description

The present invention relates to a master key creation method and a master key creation system used for encrypting and decrypting a database on the cloud.

Currently, services that can use various IT resources such as databases, storage, and applications by cloud (cloud computing) on demand are being provided.

Normally, a cloud user who uses the cloud (sometimes referred to simply as a user) signs a contract with a cloud service provider that provides a cloud service, and a virtual private cloud (VPC: Virtual Private) is placed on the cloud. Cloud) is built. In the claims and specification of this patent application, the constructed virtual private cloud is simply referred to as a cloud area.

At the time of contract, the cloud user is given root authority and authority to manage keys by the cloud service provider. The root authority is the authority to initialize the cloud area. With this authority, the user can encrypt and store information such as personal information, important information, and confidential information in a database in the cloud area, for example. Database encryption and decryption is done using the master key. The authority to manage keys (KMS management authority) is the authority to store, manage, create, etc. of this master key, and uses the key management service (KMS: Key Management Service) prepared by the cloud service provider. It is configured so that it can be executed.

"What is Amazon Web Services (AWS)?" Http://aws.amazon.com/jp/about-aws/

The root authority and the authority to manage the key are given only to the cloud user, and the user can manage, create, store, etc. the master key by the key management service (KMS). However, because it is located in the cloud, cloud service providers, especially system engineers in it, change the master key created by the cloud user and decrypt the data encrypted using the master key. Things are possible. As a result, cloud users have always been worried that important encrypted data could be tampered with or stolen by misusing the master key.

The present invention has been made in view of the above problems, and an object of the present invention is to prevent the master key of a cloud user on the cloud area from being changed or used by the cloud service provider. The purpose is to provide a creation method and a master key creation system.

The method for creating a master key according to claim 1 for achieving the above object is as follows.
A user cloud area built by a cloud user on the cloud of a cloud service provider, and a third built on the cloud of the cloud service provider by the cloud service provider and a third party different from the cloud user. The cloud use that uses the cloud in a state in which the third party can access the user cloud area and execute uploading and downloading by logically linking the cloud area. A method of creating a master key used by a person to encrypt and decrypt a database on the user cloud area constructed on the cloud.
When the cloud user requests the third party to create the master key, the computer of the third party encrypts the master key created on the user cloud area. The wrap key for this purpose is downloaded to the third-party computer, a master key is created by the master key creation device provided in the third-party data center, and the master key is created by the third-party data center. The master key is encrypted with the wrap key transferred from the third-party computer, and the encrypted master key is uploaded to the user cloud area by the third-party computer. It is characterized by doing.

By this method, the master key is not created by using the key management service provided by the cloud service provider on the cloud area, but by a third party different from the cloud service provider and the cloud user. It is created in the data center managed and operated by the user and uploaded to the user cloud area. Therefore, it is impossible for the cloud provider to know how to create the master key and how to create it, so it is not possible to use the uploaded master key or decrypt the encrypted information using it. Can not. Therefore, the cloud user can use the database placed on the cloud area with peace of mind without worrying that the information is stolen or altered by the cloud service provider on the cloud area.

The method for creating a master key according to claim 2 is the method for creating a master key according to claim 1.
The master key is characterized in that it is created in an electromagnetic wave shielding room of the third party data center.

According to this method, when the master key is created, an electromagnetic wave attack by an electromagnetic wave from the outside is prevented and a highly reliable master key can be created.

The method for creating a master key according to claim 3 is the method for creating a master key according to claim 1 or 2.
The master key is stored in an electronic card and stored in a storage as a backup in the third party data center.

By this method, even if the master key uploaded to the user cloud area is deleted on the cloud area for security, it can be uploaded again. Therefore, convenient operation is possible while maintaining the confidentiality of the master key.

The master key creation system according to claim 4 for achieving the above object is
A user cloud area built by a cloud user on the cloud of a cloud service provider, and a third built on the cloud of the cloud service provider by the cloud service provider and a third party different from the cloud user. The cloud use that uses the cloud in a state in which the third party can access the user cloud area and execute uploading and downloading by logically linking the cloud area. A master key creation system used by a person to encrypt and decrypt a database on the user cloud area built on the cloud.
The third party, which is connected to the website of the cloud service provider via the Internet, the computer of the cloud user and the computer of the third party, and the computer of the third party via a dedicated line. A data center computer installed in a person's data center and a master key creation device connected to the data center computer are provided, and the cloud user requests the third party to create the master key. If there is, the third-party computer downloads the wrap key for encrypting the master key created on the user cloud area to the third-party computer, and the first A master key is created by a master key creation device provided in a three-party data center, and the master key created by the data center computer is encrypted with the wrap key transferred from the third-party computer. It is characterized in that the master key that has been processed and encrypted by the third-party computer is uploaded to the user cloud area .

With this configuration, the master key is not created using the key management service provided by the cloud service provider on the cloud area, but by a third party different from the cloud service provider and the user. It is created in the data center managed and operated by, and uploaded to the user cloud area. Therefore, it is impossible for the cloud service provider to know how to create the master key and how to create it. Therefore, use the uploaded master key and decrypt the encrypted information using it. Can't. Therefore, the cloud user can use the database placed on the cloud area with peace of mind without worrying that the information is stolen or altered by the cloud service provider on the cloud area.

According to the master key creation method and the master key creation system of the present invention, the master key is managed and operated by a third party different from the cloud service provider and the cloud user in the data center. Since it is created, no one can decrypt or change the master key on the cloud domain. Therefore, the confidentiality of the database recorded on the cloud area is improved, and the cloud user can use the database on the cloud area with peace of mind.

The schematic block diagram of the master key making system of this invention is shown. It is a figure explaining the relationship between the user cloud area, the third party cloud area, and the third party data center in the master key creation system of FIG. The contract flow between the user and a third party in the method of creating the master key of the present invention is shown. The flow of making a master key in the method of making a master key of this invention is shown. The flow of the wrap key and the master key in the method of creating the master key of the present invention is shown.

Hereinafter, the method for creating the master key of the present invention and the embodiment of the master key creating system of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a schematic configuration diagram of the master key creation system of the present invention. The master key creation system 10 has a user PC (computer) 12 and a third party PC (computer) 20, which are connected to each other via the cloud service provider's server 16 and the Internet 14. The connection between the user PC 12 and the Internet 14 and the connection between the third party PC 20 and the Internet 14 are general lines (telephone lines) 18. Further, the connection between the server 16 of the cloud service provider and the Internet 14 is also a general line 18.

The cloud user can build a user cloud area by connecting the user PC 12 and the server 16 of the cloud service provider via the Internet 14. Similarly, a third party can also connect the third party PC 20 and the server 16 of the cloud service provider via the Internet 14 to construct a third party cloud area. Here, the third party is a person who is completely different from the cloud service provider and the cloud user.

The third-party PC 20 is connected to the data center PC (computer) 26 in the third-party data center 24 via a dedicated line 22. The data center PC 26 is connected to a master key creation device (HSM: Hardware Security Module) 28, and the HSM 28 is installed in an electromagnetically shielded space in a third party data center 24. This is to prevent damage or alteration of the master key created by an electromagnetic wave attack from the outside. The dedicated line 22 is a dedicated line that connects only between the third party PC 20 and the data center PC 26, and has a configuration that prevents signal leakage and signal intrusion from the outside. The connection between the data center PC 26 and the HSM 28 is a normal cable connection.

FIG. 2 is a diagram illustrating the relationship between the user cloud area 30, the third party cloud area 32, and the third party data center 24 in the master key creation system 10 of FIG. The user cloud area 30 and the third party cloud area 32 are constructed in the cloud 34. A database 36 is constructed in the user cloud area 30, and the cloud user can encrypt and decrypt important data by using the master key. The encrypted data is stored in the database 36.

The cloud service provider gives the cloud user root authority and KMS management authority. The root authority is an authority that enables on-demand use of various IT resources, including initial setting of a cloud area, access to a cloud area, and use of a database. KMS (KMS: Key Management Service) management authority is an authority that enables creation and modification of a master key that encrypts and decrypts a database, setting an expiration date of the master key, and the like. Normally, the master key is managed by the cloud user using the KMS management service prepared by the cloud service provider.

The third-party cloud area 32 is a cloud area constructed by a third party, and a private link (logical connection) 44 is established with the user cloud area 30. The private link 44 is a service prepared by the cloud service provider side, and is a service that logically connects one cloud area and another cloud area and enables data transmission / reception between the cloud areas. , A logical dedicated connection service. With this link, a third party can access the user cloud area 30 and upload and download various data and the like.

That is, the private link 44 enables a third party to access the user cloud area 30 from the third party cloud area 32, for example, to create a wrap key, to download the wrap key, and the like. The wrap key is a key for encrypting the master key.

However, in order to enable these operations, it is necessary to separately set the root authority from the user to the third party as described later (see Fig. 3), and the third party must entrust the root authority to one side. In addition, the user needs to transfer the KMS management authority to a third party, and the third party needs to entrust the KMS management authority.

The third-party cloud area 32 is connected to the data center PC 26 in the third-party data center 24 managed and operated by the third party via the third-party PC 20. The connection between the third party PC 20 and the data center PC 26 is performed using the dedicated line 22 as described above.

The third-party PC 20 has a function of downloading the wrap key, a function of uploading the created master key, and an audit trail function of leaving a detailed record when the download and upload are executed. Further, the data center PC 26 in the third party data center 24 has a function of receiving the wrap key from the third party PC 20 and sending it to the HSM 28 that creates the master key, and wraps the created master key with the wrap key (encryption process). ) Has the function of.

FIG. 3 shows a necessary contract flow between a user and a third party in the master key creation system of the present invention. First, the user sets the root authority to be separated from the third party (step S1). Specifically, the authority to create and download the wrap key and the authority to upload the created master key are set from the user to a third party. The wrap key is a set with the one-term password, and when downloading the wrap key, the one-time password is presented, and a third party can download by entering the presented numbers, symbols, words, etc. It will be possible.

Next, the user transfers the KMS management authority to a third party (step S2). Specifically, the authority to create a master key is transferred from the user to a third party. As a result, the master key can only be created by a third party. The third party entrusts the root authority separately set by the user on one side (step S3), and entrusts the KMS management authority transferred by the user (step S4). By concluding such a contract, the user cloud area 30 constructed by the cloud user on the cloud 34 of the cloud service provider and the cloud service provider and a third party different from the cloud user provide the cloud service. By logically linking with the third-party cloud area 32 constructed on the cloud 34 of the user, a third party can access the cloud area 30 of the user and execute uploading and downloading.

FIG. 4 shows a flow of master key creation in the master key creation system of the present invention.

The third party determines whether or not there is a request to create a master key from the cloud user (step S5). If there is no request, just wait. When requested, the third party creates a wrap key in the user cloud area 30 (step S6). This wrap key is a key for encrypting the newly created master key, and can be executed because the root authority is entrusted to one side and the KMS management authority is entrusted.

Next, the third party downloads the created wrap key to the third party PC 20 (step S7). This download is possible because the user cloud area 30 and the third party cloud area 32 have a private link 44, and when the download is executed on the third party PC 20, the contents operated by the audit trail function. A record (log) of, for example, who performed what kind of operation at what time and minute is recorded. Therefore, if an unauthorized person downloads the file illegally, a trace of the fraud will always remain.

Next, the downloaded wrap key is transferred from the third party PC 20 to the data center PC 26 in the third party data center 24. In this transfer, since the third party PC 20 and the data center PC 26 are connected by a dedicated line 22, there is no concern that the data will leak to the outside. Then, the master key is created in the HMS 28 connected to the data center PC 26 (step S9). The created master key is wrapped (encrypted) with the downloaded wrap key (step S10).

The third party uploads the wrapped master key to the user cloud area 30 via the third party cloud area 32 (step S11). For this upload as well, the audit trail function keeps a record (log) of the operation contents, for example, who performed what operation at what time and minute. After that, the user can decrypt the uploaded master key as needed and use it for decrypting the database and the like.

Further, the created master key is recorded in an electronic card (IC card) or the like as a backup (step S12), and is stored in, for example, a storage (not shown) in the third party data center 24 (step S13). ).

FIG. 5 is a diagram illustrating the flow of the lap key 38 and the master key 40 described above. When there is a request to create the master key 40, the wrap key 38 is created in the user cloud area 30, and the wrap key 38 is downloaded to the third party PC 20 via the third party cloud area 32. Then, the wrap key 38 is transferred to the data center PC 26 in the third party data center 24, and the master key 40 is created by the master key creation device (HSM) 28. The master key 40 is encrypted with the wrap key 38 that is transferred to the data center PC 26 and downloaded. The encrypted master key 40 is uploaded to the third party cloud area 32 via the third party PC 20 and transferred to the user cloud area 30.

The arrow A1 indicates the flow of the wrap key 38 from the user cloud area (VPC) 30 to the third party PC 20 via the third party cloud area (VPC) 32. The arrow A2 indicates the flow of the wrap key 38 from the third party PC 20 to the data center PC 26 in the third party data center 24. Arrow A3 indicates the flow of the wrap key 38 from the data center PC 26 to the HSM 28. Arrow A4 indicates the flow of the master key 40 from the HSM 28 to the data center PC 26. Arrow A5 indicates the flow of the encrypted master key 40 from the data center PC 26 to the third party PC 20. The arrow A6 indicates the flow of the encrypted master key 40 from the third party PC 20 to the user cloud area 30 via the user cloud area 32. Although the private link 44 and the dedicated line 22 are actually one each, the wrap key 38 and the master key 40 are shown separately in order to show the key flow in an easy-to-understand manner.

When creating a master key using the master key creation device (HSM) 28 in the electromagnetic shielding room in the third party data center 24, entry into the electromagnetic shielding room is strictly controlled, and with the above-mentioned third party. Is done by two other third parties. This is to increase the confidentiality of the master key.

According to the master key creation method and the master key creation system of the present embodiment, the master key is created not on the cloud 34 but in a third-party data center 24 separated from the cloud 34. It is uploaded to the user cloud area 30 by the three parties. Therefore, since the cloud service provider cannot modify or change the created master key 40, the cloud user can safely record important information on the cloud 34.

The present invention is not limited to the above-described embodiment, and various modifications can be made without departing from the spirit of the present invention. For example, in the embodiment, the master key making device (HSM) 28 is installed in the electromagnetic shielding room, but it does not have to be in the electromagnetic shielding room if there is no risk of electromagnetic interference. Further, although the master key 40 created on the electronic card is recorded and stored as a backup, it may be stored by another method.

10 Master key creation system 12 User computer (PC)
14 Internet 16 Cloud service provider server 18 General line 20 Third-party computer (PC)
22 Dedicated line 24 Third-party data center 26 Data center computer (PC)
28 Master Key Creator (HSM: Hardware Security Module)
30 User Cloud Area (VPC)
32 Third Party Cloud Area (VPC)
34 Cloud 36 Database 38 Wrap key 40 Master key 44 Private link A1 Flow of wrap key 38 from user cloud area 30 to third-party PC 20 A2 Flow of wrap key 38 from third-party PC 20 to data center PC 26 A3 Data center Flow of wrap key 38 from PC26 to HSM28 A4 Flow of master key 40 from HSM28 to data center PC26 A5 Flow of master key 40 from data center PC26 to third party PC20 A6 Flow of master key 40 from third party PC20 to user cloud area 30 Flow of master key 40 to

Claims (4)

A user cloud area built by a cloud user on the cloud of a cloud service provider, and a third built on the cloud of the cloud service provider by the cloud service provider and a third party different from the cloud user. The cloud use that uses the cloud in a state in which the third party can access the user cloud area and execute uploading and downloading by logically linking the cloud area. A method of creating a master key used by a person to encrypt and decrypt a database on the user cloud area constructed on the cloud.
When the cloud user requests the third party to create the master key,
The wrap key for encrypting the master key created on the user cloud area by the third party computer is downloaded to the third party computer.
A master key is created by the master key creation device installed in the third-party data center, and the master key is created.
The master key created by the third party data center is encrypted with the wrap key transferred from the third party computer.
A method for creating a master key , which comprises uploading the encrypted master key to the user cloud area by the third party computer. The method for creating a master key according to claim 1, wherein the master key is created in an electromagnetic wave shielding room of the third party data center. The method for creating a master key according to claim 1 or 2, wherein the master key is stored in an electronic card and stored in a storage as a backup in the data center of the third party. A user cloud area built by a cloud user on the cloud of a cloud service provider, and a third built on the cloud of the cloud service provider by the cloud service provider and a third party different from the cloud user. The cloud use that uses the cloud in a state in which the third party can access the user cloud area and execute uploading and downloading by logically linking the cloud area. A master key creation system used by a person to encrypt and decrypt a database on the user cloud area built on the cloud.
The computer of the cloud user and the computer of the third party, which are connected to the website of the cloud service provider via the Internet, respectively.
A data center computer installed in the third party's data center connected to the third party's computer via a dedicated line, and
It has a master key creation device connected to the data center computer, and has
When the cloud user requests the third party to create the master key,
The wrap key for encrypting the master key created on the user cloud area by the third party computer is downloaded to the third party computer.
A master key is created by the master key creation device installed in the third-party data center, and the master key is created.
The master key created by the data center computer is encrypted with the wrap key transferred from the third party computer.
A master key creation system characterized in that the encrypted master key is uploaded to the user cloud area by the third party computer.

Images