安全な暗号鍵の ライフサイクル ... - ipa.go.jp

1 2007 872 2008 7 1..1 .. 1 .. 1 .. 1 2..2 .. 2 .. 3 .. 3 .. 5 .. 8 .. 8 .. 9 .. 10 3..12 .. 12 .. 12 .. 12 .. 13 .. 13 .. 13 .. 14 .. 14 .. 16 .. 16 .. 17 .. 17 .. 17 .. 18 .. 19 .. 19 .. 19 .. 19 .. 20 4. PKI ..22 .. 24 .. 25 .. 29 .. 31 .. 36 .. 37 .. 38 .. 39 .. 39 .. 40 .. 41 11. NIST SP800-57 part 1 2 3 4 PKI 2 2.

2 3 IC (1)PKI PKI PKI 4 (2)

3 4 (3) SSL/TLS (4) e (5) 5 NIST SP800-57part1 1 (Private signature key) (Public signature verification key) (Symmetric authentication key) (Private authentication key) (Public authentication key)

4 Symmetric data encryption key 1 NIST SP800-57 part1 19 6 6(1) Private signature key (2) Public signature verification key (3) Symmetric authentication key (4) Private authentication key 7(5) Public authentication key (6)

5 Symmetric data encryption key 8 2-1 9 3 PKI 4 10

6 11 CA 12 3. CA CA CA POP.

7 Proof of possession CA key transformation key derivation 14 CRC MAC split knowledge 1 - - - - CA

8 - - - 15- - - - - - - dual control split knowledge 16 key recovery key derivation key change re-keying key update 2

9 (1) re-keying 17(2) key update key derivation