JP2001005383A - Device and method for generating random number, medium and device and method for ciphering - Google Patents

Abstract

PROBLEM TO BE SOLVED: To more firmly prevent information tapping and altering. SOLUTION: A pseudo-random number computing circuit 42 generates pseudo- random numbers by giving a seed to prescribed functions. A pseudo-random number converting device 41 converts the generated pseudo-random numbers into a session key, that is used as a cryptographic key for a ciphering, while a random number information obtaining device 43 obtains two decimal places, that are made into an integer, of the temperature outputted by a temperature sensor 44 as a random number information which is externally provided and impossible to predict. The circuit 42 changes the seed with the timing, based on a certain one random number information and based on other one random number information.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a random number generating device, a random number generating method, a medium, and an encrypting device and an encrypting method, and more particularly, to more securely prevent eavesdropping and tampering of information. The present invention relates to a random number generation device and a random number generation method, a medium, and an encryption device and an encryption method.

[0002]

2. Description of the Related Art In communication, there is a risk that transmitted information may be eavesdropped on or falsified by a third party. Therefore, information to be kept secret is transmitted after being encrypted. That is, for example, when transmitting e-mail (so-called E-mail) on the Internet that has been rapidly spreading recently, if the e-mail is transmitted as plain text, there is a possibility that the e-mail may be easily eavesdropped or altered by a third party. is there. Therefore,
In recent years, mailers that encrypt and send e-mails (applications for sending and receiving e-mails)
Has been realized.

[0003] Various encryption techniques have been proposed, developed and realized, but basically, information differs from the original state by a calculation method determined for each encryption method. It is encrypted by being in a state.

[0004] By the way, for example, all information is encrypted by a calculation method in which the same calculation is performed (the same encryption result is obtained by inputting the same information) while keeping the calculation method secret. Method, if the calculation method is specified by a third party, all information is
The third party is at risk of eavesdropping and tampering. Therefore, a calculation for encrypting information is performed using a numerical sequence called an encryption key (encryption key), and an encryption method that can obtain different encryption results if the information is the same but the encryption key is different. There is.

[0005] In this case, even if the calculation method is specified by a third party, if the decryption key (decryption key) for the encryption key is not known, the information cannot be decrypted.
If the encryption key or the decryption key is identified by leakage, etc., encryption using the new encryption key allows subsequent information tapping by a third party without changing the calculation method. And tampering can be easily prevented.

[0006] As a calculation method used for encryption,
In general, even if the calculation method of decryption is disclosed, unless a decryption key for the encryption key for decryption is specified,
It is desirable that the original information cannot be decrypted,
In the current encryption, such a calculation method is generally adopted.

The encryption method (encryption / decryption method)
An encryption key used for encryption and a decryption key used for decryption are roughly classified into two types depending on whether they are the same key or different keys.

[0008] An encryption method in which the encryption key and the decryption key are the same is called a symmetric key method, and a different encryption method is called an asymmetric key method.

In the symmetric key method, since the encryption key and the decryption key are the same, if any one of them is specified,
Since information can be decrypted, both the encryption key and the decryption key need to be kept secret (need to be kept as a secret key). From such a viewpoint, it is also called a secret key encryption method.

According to the symmetric key method (secret key encryption method), as described above, if the encryption key or the decryption key is stolen, the information can be decrypted. Need to be. However, the processing load for encryption and decryption is relatively light, and therefore, the symmetric key method is suitable for transmitting a large amount of information in real time.

On the other hand, in the asymmetric key system, since the encryption key and the decryption key are different, one key can be kept secret (by setting it as a secret key) and the other key can be made public (public). Key), and from such a viewpoint, it is also called a public key encryption system.

In the asymmetric key method (public key encryption method), one of two keys serving as an encryption key and a decryption key is held as a private key and the other is held as a public key. , And distribute it to many people. And
When transmitting information to the other party, the user performs encryption using his / her own secret key. In this case, the other party receiving the encrypted information decrypts the information using the public key. If it cannot be decrypted, it means that the information has been tampered with or the received information has been encrypted with a key that is not the user's private key. In this case, the secret key becomes the encryption key, and the public key becomes the decryption key.

When the other party transmits information,
The other party performs encryption using the distributed public key. In this case, the encrypted information cannot be decrypted without using the user's secret key. Therefore, when the information cannot be decrypted with the secret key, the information has been tampered with or the received information has not been decrypted. Is encrypted with a key that is not the public key corresponding to the user's private key. In this case, the public key becomes an encryption key and the secret key becomes a decryption key.

According to the asymmetric key method, the processing load for encryption and decryption is relatively heavy, but decryption cannot be performed unless the secret key is stolen. Therefore, the asymmetric key method is suitable for transmitting small information with high confidentiality.

The strength of encryption is determined by the encryption key (decryption key).
Is the cost required for a third party to estimate. That is, for example, an encryption method that requires 10,000 years to estimate an encryption key can be said to have almost perfect strength. In addition, for example, for information having a value of 100 yen, an encryption method that requires 10,000 yen to estimate an encryption key has sufficient robustness for the information of 100 yen. Can be said.

[0016]

However, as described above, when information is transmitted after being encrypted using a key, the secret is not affected by either the secret key encryption method or the public key encryption method. You need to distribute keys. The distribution of the private key can be performed, for example, by mail or the like, but since it is generally transmitted via a network in the same way as information is transmitted,
You are at risk of eavesdropping. Therefore, even when transmitting the secret key, the secret key is encrypted to prevent eavesdropping by a third party. Here, a public key encryption method is often used as an encryption method for transmitting a secret key.

However, even if the secret key is encrypted and transmitted, if the secret key is used for a long period of time, there is a possibility that the secret key will be estimated by a third party. And it is difficult to know whether the secret key has been guessed by a third party, and therefore, in general, a new secret key must be sent before the time it takes to guess the secret key has elapsed. By changing the secret key used for encryption (decryption),
Thus, eavesdropping of information by the estimated secret key is prevented.

The issuance of a secret key is generally performed using a pseudo random number. As a method of generating a pseudo random number, for example,
M sequence (Maximum length lenearly recurring sequence)
There are random number generation method, linear congruential method, etc.
In each case, a sequence that looks random is generated using a certain function. That is, generation of a pseudo-random number is performed by repeatedly giving an initial value called a seed to a certain function, and further giving a resulting numerical value (pseudo-random number) to the function. For example, according to the linear congruential method, a sequence x ₁ , x ₂ , x ₃ ,... Obtained by giving the seed x ₁ to the following equation is output as a pseudo random number sequence (pseudo random number sequence). .

X _n = (ax _n-1 + c) mod m where n = 2, 3, 4,..., And a, c, and m are appropriate integer values. Also, x mod y represents a remainder when x is divided by y.

As described above, a pseudo-random number is not a perfect random number because it is a sequence obtained by giving a certain function a seed. That is, due to the use of a certain function, the obtained sequence has a period. The sequence (pseudo-random number sequence) obtained using a certain function is unique for each seed. This means that if the function and the seed can be specified, the next pseudo-random number obtained can be specified. means. Therefore, when a secret key is issued using such a pseudo-random number, when a function and a seed used for generating the pseudo-random number are specified, an attempt is made to newly issue the secret key from the currently used secret key. The secret key that exists can be specified.

Therefore, there is a method of updating the seed to change the pseudo-random number sequence so that the pseudo-random number generated next cannot be specified, thereby ensuring the security of the secret key.

However, even with this method, there is no guarantee that the update rule of the seed is not specified by a third party, and if the update rule is specified,
The secret key can be specified.

The present invention has been made in view of such a situation, and is capable of generating pseudo-random numbers that are difficult to be specified by a third party. Is more firmly prevented.

[0024]

According to the present invention, there is provided a random number generating apparatus for generating a pseudo random number based on a predetermined initial value, obtaining means for obtaining an unpredictable value from the outside, Changing means for changing a predetermined initial value based on an unpredictable value at a timing based on a possible value.

This random number generating apparatus further includes an obtained value storage means for storing the value obtained by the obtaining means, and an operating means for operating the stored value of the obtained value storage means in response to an external pseudorandom request. In this case, the changing unit can determine the timing for changing the predetermined initial value based on the value stored in the acquired value storing unit.

The operating means causes the storage value of the acquired value storage means to be operated every time a request for the pseudo random number is made, and the changing means causes the storage value of the acquired value storage means to become a predetermined value at a timing when the storage value becomes a predetermined value. The predetermined initial value can be changed to a value obtained by the obtaining unit.

The random number generating device according to the present invention includes a pseudo random number storing means for storing a pseudo random number generated by the generating means, and a comparing means for comparing the pseudo random number generated by the generating means with a value stored in the pseudo random number storing means. May be further provided, and in this case, the changing means may be configured based on a comparison result of the comparing means.
The timing for changing the predetermined initial value can be determined.

The random number generation device according to the present invention includes an acquisition value storage means for storing a value acquired by the acquisition means, and an operation means for operating the value stored in the acquisition value storage means in accordance with the number of times the pseudo random number is generated by the generation means. And can be further provided,
In this case, the pseudo-random number storage means can store the pseudo-random number output by the generation means when the storage value of the acquired value storage means has reached a predetermined value.

The random number generation device according to the present invention includes an acquisition value storage means for storing a value acquired by the acquisition means, and an operation means for operating a value stored in the acquisition value storage means in accordance with the number of pseudo random numbers generated by the generation means. And can be further provided,
In this case, the changing means can change the predetermined initial value to a pseudo-random number output by the generating means when the value stored in the acquired value storage means has reached the predetermined value.

According to the random number generating method of the present invention, a generating step of generating a pseudo random number based on a predetermined initial value, an obtaining step of obtaining an unpredictable value from the outside, and a timing based on the unpredictable value And a changing step of changing a predetermined initial value based on an unpredictable value.

The program executed by the computer according to the medium of the present invention includes a generating step of generating a pseudorandom number based on a predetermined initial value, an obtaining step of obtaining an unpredictable value from the outside, At a timing based on the value, a changing step of changing a predetermined initial value based on an unpredictable value.

[0032] The encryption device of the present invention comprises a generating means for generating a pseudo-random number based on a predetermined initial value, an obtaining means for obtaining an unpredictable value from the outside, and a timing based on the unpredictable value. And a changing means for changing a predetermined initial value based on an unpredictable value.

According to the encryption method of the present invention, a generating step of generating a pseudorandom number based on a predetermined initial value, an obtaining step of obtaining an unpredictable value from the outside, and a timing based on the unpredictable value And a changing step of changing a predetermined initial value based on an unpredictable value.

In the random number generating device, the random number generating method, the medium, and the encrypting device and the encrypting method of the present invention, a pseudo random number is generated based on a predetermined initial value.
On the other hand, an unpredictable value is acquired from the outside, and at a timing based on the unpredictable value, a predetermined initial value is changed based on the unpredictable value.

[0035]

FIG. 1 shows a configuration example of an embodiment of an information transmission apparatus to which the present invention is applied.

This information transmission device comprises a transmission device 1 and a reception device 2, and bidirectional communication can be performed between the transmission device 1 and the reception device 2 via the Internet 3. I have. Further, a large amount of information can be transmitted from the transmitting device 1 to the receiving device 2 via the communication satellite 4. In addition,
In this embodiment, for example, through the satellite 4,
Information can be transmitted at a transmission rate of 30 Mbps (bit per second).

The transmitting apparatus 1 includes a router 11 for the Internet 3 (a router for performing routing with the Internet 3) and a computer 12 (in the embodiment of FIG. 1, four computers are provided). , Satellite 4
Router (router for performing routing to a satellite line) 13, a multiplexer 14, a modulation circuit 15, and a transmission antenna 16. The router 11, the computer 12, and the router 13 are connected to each other. LAN (Local Area Network) such as Ethernet (trademark)
Is composed.

The router 11 receives a request for information transmitted from the receiving device 2 via the Internet 3, and transfers the request to the computer 12. In addition, the router 11 transmits an IP (Internet Protocol) packet in which information transferred by the computer 12 to the router 11 is arranged to the receiving device 2 via the Internet 3 in response to such a request. Has become.

The computer 12 is, for example, a WWW (World
Wide Web) server, etc.
It stores and manages various information. When the computer 12 receives the information request, the computer 12 transfers the IP packet in which the requested information is arranged to the routers 11 and 13.

The router 13 receives an IP packet in which information from the computer 12 is located, and transmits the information to the satellite 4
Then, predetermined processing such as encryption for preventing eavesdropping or the like when transmitting via the Internet is performed, and output to the multiplexer 14.

The multiplexer 14 receives a signal from the router 13
The IP packet is multiplexed, and the resulting multiplexed data is supplied to the modulation circuit 15. Based on the multiplexed data from the multiplexer 14, the modulation circuit 15, for example, performs QPSK (Quadrature Phase Shift Keyin).
g), and the resulting modulated signal is supplied to the transmitting antenna 16. Transmitting antenna 16
Directs the modulated signal from the modulation circuit 15 to the satellite 4,
It is designed to be transmitted as radio waves.

The receiving device 2 comprises a receiving antenna 21, a satellite 4
And a computer 23. The router 22 and the computer 23 are connected to each other, and form a LAN such as an Ethernet, for example.

The receiving antenna 21 receives the radio wave transmitted from the transmitting antenna 16 by the satellite 4, and supplies the received signal (modulated signal) to the router 22. .

The router 22 receives the signal from the antenna 21 and performs, for example, demodulation, extraction of necessary IP packets,
Processing such as decoding of information arranged in the IP packet is performed, and the information is transferred to the computer 23.

The computer 23 includes, for example, the transmitting device 1
Is operated when requesting information, and a signal for the request is transmitted to the transmitting device 1 via the Internet 3.
To be sent to. Computer 23
Is an IP packet transmitted from the transmission device 1 via the Internet 3 or an IP packet transmitted from the router 22.
A packet is received, and necessary processing such as display and output is performed.

Although FIG. 1 shows only one receiving device 2 for simplicity, the receiving device 2
In addition, it is possible to provide a receiving device configured similarly.

Next, the transmitting device 1 and the receiving device 2 shown in FIG.
In the following, it is assumed that information is transmitted from the transmitting device 1 to the receiving device 2 via the satellite 4.

First, referring to the flowchart of FIG.
The processing (transmission processing) of the transmission device 1 in FIG. 1 will be described.

In the transmitting device 1, when a request for information is transmitted from the computer 23 of the receiving device 2 via the Internet 3, the request for information is received by the router 11. The router 11 transfers the request from the receiving device 2 to the computer 12, and in step S1, the computer 12 forms an IP packet in which the requested information is arranged, and transfers the IP packet to the router 13. In step S2, in order to prevent eavesdropping on the information placed in the IP packet, the router 13 encrypts the information,
Further, the IP packet is converted into a TS (Transport Stream) packet which is a format for transmission via the satellite 4. This TS packet is routed from the router 13 so as to be transmitted via the satellite 4, and is thereby supplied to the multiplexer 14.

Then, in step S 3, the multiplexer 14 multiplexes the TS packets sequentially supplied from the router 13, and supplies the resulting multiplexed data to the modulation circuit 15. Further, in step S3,
The modulation circuit 15 QPSK-modulates a carrier of a predetermined frequency in accordance with the multiplexed data from the multiplexer 14 and supplies a modulation signal obtained as a result to the antenna 16. Then, in step S4, the modulated signal is transmitted from the antenna 16 to the satellite 4 as a radio wave,
The process ends.

As described above, the radio wave transmitted from the antenna 16 is received by the transponder (not shown) of the satellite 4, subjected to amplification and other necessary processing, and then transmitted toward the ground. The radio waves from this satellite 4
And is processed in the receiving device 2 as described below.

Next, referring to the flowchart of FIG.
The processing (reception processing) of the receiving device 2 in FIG. 1 will be described.

In the receiving device 2, for example, when the user operates the computer 23 so as to request predetermined information, the request for the information is transmitted to the transmitting device 1 via the Internet 3 in step S11. You. Upon receiving the information request from the receiving device 2, the transmitting device 1
As described above, the information is transmitted via the satellite 4, so that the receiving device 2 determines in step S12 whether the information has been transmitted.
If it is determined in step S12 that the requested information has not been transmitted, the process returns to step S12 and waits until the information has been transmitted.

If it is determined in step S12 that the requested information has been transmitted, that is, the antenna 21 receives the radio wave from the satellite 4 and places the requested information in the received signal. If the received IP packet is included, the router 22 extracts the IP packet and proceeds to step S13. Here, whether or not a certain IP packet is an IP packet in which requested information is arranged (whether or not it is an IP packet addressed to the computer 23) can be recognized by referring to, for example, its header.

The router 22 determines in step S13
The encrypted information arranged in the IP packet is decrypted into the original information, and the process proceeds to step S14, and the result is obtained.
The IP packet is transferred to the computer 23, and the process ends.

As described above, the computer 23 can receive the requested information.

Next, in the information transmitting apparatus of FIG. 1, as described above, in order to prevent eavesdropping and tampering, the information is encrypted in the router 13 of the transmitting apparatus 1 and the information is encrypted in the router 22 of the receiving apparatus 2. The encrypted information is decrypted. The outline of the encryption / decryption of this information will be described with reference to FIGS. In the present embodiment,
It is assumed that information is encrypted / decrypted by a symmetric key method (secret key encryption method). However, the present invention can also be applied to an asymmetric key method (public key encryption method).

When the transmitting device 1 transmits the requested information to the receiving device 2, as shown in FIG. 4, the router 13 transmits the requested information to an IP packet in which the requested information is placed. The arranged portion) is encrypted using the session key Ks as an encryption key.

Then, in the router 22 of the receiving device 2, the IP packet (encrypted information arranged in) in the transmitting device 1 is transmitted to the session key used in the router 13 as shown in FIG. Decryption is performed using the same key Ks as Ks as a decryption key.

In this case, since the session key Ks used as an encryption key in the router 13 is used as a decryption key in the router 22, it is necessary to distribute the session key Ks from the transmitting device 1 to the receiving device 2. Similarly to the information described above, the session key Ks is arranged in an IP packet and transmitted via the satellite 4.

However, only the session key Ks
Is placed in an IP packet and sent,
Since the session key Ks is easily known to a third party, the transmitting device 1 uses the router 13 to set the session key Ks to, for example, DES (Da
ta Encryption Standard).

That is, as shown in FIG. 5, the router 13 of the transmitting apparatus 1 uses the session key Ks as a cryptographic key by using the master key Km, which is a key unique to each router 22 of the receiving apparatus 2, according to the DES method. The data is encrypted and transmitted to the receiving device 2. In the router 22 of the receiving device 2, a master key Km unique to the router 22 is recorded internally at the time of manufacture, and the router 22 transmits the master key Km from the transmitting device 1.
Session key K encrypted with master key Km
s is decrypted into the original session key Ks by the DES method using the master key Km stored therein as a decryption key.

The router 13 of the transmitting device 1 recognizes the correspondence between the router 22 of the receiving device 2 and the master key Km recorded therein, and when encrypting the session key Ks, the router 13 The master key Km corresponding to 22 is used.

Here, the master key Km does not leak out of the routers 13 and 22, and
In and 22, the master key Km is encrypted and managed, so that it is extremely difficult for a third party to know the master key Km.

Next, FIG. 6 shows a configuration example of the router 13 of the transmission device 1 of FIG.

The router 13 includes a routing unit 31, an encryption device 32, and an issuing device 33.

The IP packet from the computer 12 is supplied to the routing unit 31, where it is routed and supplied to the encryption device 32. Upon receiving the IP packet, the encryption device 32 requests the session key Ks for encrypting the IP packet from the issuing device 33 as necessary, and the issuing device 33
The session key Ks is supplied (issued) to the encryption device 32 in response to a request from the client device 2. Then, the encryption device 32
Encrypts the IP packet from the routing unit 31 using the session key Ks from the issuing device 33 and transfers the IP packet to the multiplexer 14.

The issuing device 33 includes the master key storage device 3
4. Session key issuing device 35 and encryption device 3
As described above, in addition to issuing the session key Ks in response to the request from the encryption device 32, the session key Ks is updated (changed) irregularly, and the updated session key Ks Is encrypted by the master key Km and output.

That is, the session key issuing device 35 generates a pseudo random number by inputting a seed to a predetermined function, and generates a session key Ks based on the pseudo random number. The seed used to generate the pseudo-random number is updated at a timing that is unpredictable (difficult) from the outside and based on a value that is unpredictable (difficult) from the outside. Here, as a method of generating a pseudo random number, as described above, there are an M-sequence random number generation method, a linear congruential method, and the like.

After updating the seed, the session key issuing device 35 supplies the encryption device 36 with a session key Ks generated based on a new sequence of pseudo-random numbers obtained by the update. Upon receiving the new session key Ks from the session key issuing device 35, the encryption device 36 reads the encrypted master key Km corresponding to the router 22 of the reception device 2 from the master key storage device 34.

That is, the master key storage device 34 stores a master key corresponding to each router in an encrypted manner for each router of each receiving device, and the encryption device 36 receives the master key from such a master key storage device 34. Router 2 of device 2
2 and reads the encrypted master key Km. Then, the encryption device 36 stores the master key storage device 3
4 and decrypts the encrypted master key Km, and uses the master key Km to encrypt a new session key Ks from the session key issuing device 35. This encrypted new session key Ks (represented by Km [Ks] in FIG. 6) is arranged in an IP packet and transmitted via the satellite 4 in the same manner as when transmitting normal information. It is transmitted to the device 2.

FIG. 7 shows an example of the configuration of the session key issuing device 35 shown in FIG.

The pseudo-random number conversion device 41 includes the encryption device 32
When a request to issue a session key Ks is received from (FIG. 6), a request is issued to the pseudo-random number calculation device 42 to generate a pseudo-random number, and a session key Ks is generated based on the resulting pseudo-random number. , To the encryption device 32.

The pseudo random number calculating device 42 includes a seed register 51 for storing a seed, a counter 52 for storing a count value to be described later, and a current value register 53 for storing a pseudo random number obtained immediately before based on a predetermined function. And a pseudo-random number obtained based on a predetermined function in response to a pseudo-random number issuance request from the pseudo-random number conversion device 41.
The pseudo random number conversion device 41 is supplied.

The random number information acquiring device 43 acquires an unpredictable value (hereinafter, appropriately referred to as random number information) from the outside and supplies it to the pseudo random number calculating device 42.

That is, the session key issuing device 35 issues the session key Ks based on the pseudo random number output by the pseudo random number calculation device 42. The pseudo random number output by the pseudo random number calculation device 42 is converted into a predetermined function. Since it is calculated on the basis of the pseudorandom number, there is a certain period in the pseudorandom number sequence. If such a pseudo-random number having a constant period is continuously used, a sequence of the pseudo-random number is estimated from the periodicity, and as a result, the session key Ks to be issued next becomes:
May be predicted by third parties.

Therefore, in the session key issuing device 35, the sequence of the pseudo-random numbers is changed to another sequence. For example, if the pseudo-random numbers are used to make the change, By predicting the pseudorandom number itself, the pseudorandom number sequence after the change may be predicted.

For this reason, the random number information acquisition device 43 acquires random number information that is an unpredictable value from the outside and supplies it to the pseudo random number calculation device 42. At a timing based on one piece of random number information, a seed to be set in a predetermined function for generating a pseudo random number is changed based on another piece of random number information.
This prevents a sequence of pseudo-random numbers from being predicted by a third party.

Here, the random number information acquiring device 43 is, for example, a temperature sensor 4 attached inside the issuing device 33.
4, two digits after the decimal point (accuracy of 1/100) and the like of the temperature sensed are acquired as random number information. The reason for using the temperature in this manner is that it is possible to predict a certain approximate value of the temperature from the season, time, and the like.
It is impossible (extremely difficult) to accurately predict from outside, and even if it is possible to predict accurately by accident at a certain timing, it is impossible to continue the accurate prediction. Because there is.

In addition, the random number information acquiring device 43 may acquire, for example, a traffic amount per unit time to the router 13 of the transmitting device 1 and other unpredictable values from outside as random number information. it can.

Further, in the present embodiment, the random number information acquisition device 43 acquires an integer value as random number information. Therefore, here, the random number information acquisition device 43
Two digits after the decimal point of the temperature output from the temperature sensor 44 are 1
The value multiplied by 00 is output as random number information.

Next, referring to the flowchart of FIG.
The process of issuing the session key Ks (session key issuing process) by the session key issuing device 35 of FIG. 7 will be described.

In the pseudo random number conversion device 41, step S2
In 1, it is determined whether or not there has been a request to issue the session key Ks from the encryption device 32 (FIG. 6), and if it is determined that there is no request, the process returns to step S21. If it is determined in step S21 that the encryption device 32 has issued a request to issue a session key Ks, the pseudo-random number conversion device 41 outputs a request to issue a pseudo-random number to the pseudo-random number calculation device 42, Proceed to step S22.

In step S22, the pseudo-random number calculating device 4
2 decrements the count value of the counter 52 by, for example, 1 and proceeds to step S23 to determine whether or not the count value is equal to, for example, 0 as a predetermined constant. If it is determined in step S23 that the count value is not equal to 0, the process proceeds to step S24,
The pseudo random number calculating device 42 calculates a pseudo random number while maintaining the current internal state. That is, the pseudorandom number calculation device 42
Inputs the pseudo-random number issued immediately before stored in the current value register 53 to a predetermined function, and stores the pseudo-random number obtained as a result in the current value register 53 in the current value register 53. Instead of the pseudo-random numbers that are present. further,
The pseudo random number calculation device 42 supplies the pseudo random number set in the current value register 53 to the pseudo random number conversion device 41, and proceeds to step S28.

The pseudo random number conversion device 41 determines in step S28
, A session key Ks is generated based on the pseudo-random number from the pseudo-random number calculation device 42 (the pseudo-random number is converted into the session key Ks), supplied to the encryption device 32 in FIG. 6, and the process returns to step S21. Thereafter, the same processing is repeated.

On the other hand, when it is determined in step S23 that the count value of the counter 52 is equal to 0, the process proceeds to step S25, and the pseudo random number calculation device 42 acquires a new seed. That is, the pseudo-random number calculation device 42 requests random number information from the random number information acquisition device 43. In this case, the random number information acquisition device 43 acquires the current output of the temperature sensor 44 to two decimal places and converts it to an integer. , As random number information,
It is supplied to the pseudo-random number calculation device 42. Then, the pseudorandom number calculation device 42 sets the random number information from the random number information acquisition device 43 in the seed register 51.

Thereafter, the process proceeds to step S26, where the pseudo-random number calculating device 42 acquires an initial value of the count value. That is, the pseudorandom number calculation device 42 acquires random number information in the same manner as in step S25, and sets the random number information in the counter 52 as an initial count value.

Then, the process proceeds to a step S27, where the pseudorandom number calculating device 42 calculates a new series of pseudorandom numbers using the new seed set in the seed register 51 as an initial value to be input to a predetermined function. , Its pseudo-random number,
The current value register 53 is set instead of the pseudo random number already stored therein. Further, the pseudorandom number calculation device 42
Supplies the pseudo-random number set in the current value register 53 to the pseudo-random number conversion device 41, and proceeds to step S28.

The pseudo random number conversion device 41 determines in step S28
In FIG. 6, a session key Ks is generated based on the pseudo-random number from the pseudo-random number calculation device 42, and the encryption device 3 shown in FIG.
2 and also to the encryption device 36 of FIG. 6, and returns to step S21. Thereafter, the same processing is repeated.

Here, upon receiving the session key Ks obtained from the new series of pseudo-random numbers as described above, the encrypting device 36 of FIG. 6 converts the new session key Ks as described above. , Encrypted with the master key Km and transmitted.

As described above, the random number information is stored in the counter 52
Each time a pseudo-random number is issued, the count value is decremented by one, and at a timing equal to 0, the pseudo-random number sequence is used as a new seed with random number information. Therefore, it is extremely difficult to externally predict the timing of the change and the sequence of the pseudo-random number after the change, and therefore, the session key Ks, which is difficult for a third party to specify, is used. As a result, eavesdropping and falsification of information can be more securely prevented than when, for example, random number information is directly used as the session key Ks.

By the way, in the embodiments of FIGS. 7 and 8, random number information is used as a seed as it is. Therefore, if there is a bias in the random number information, the seed is also biased. Even if the pseudo-random number sequence is changed using a new seed, the pseudo-random number sequence after the change may be easily predicted.

FIG. 9 shows another configuration example of the session key issuing device 35. In the figure, parts corresponding to those in FIG. 7 are denoted by the same reference numerals, and a description thereof will be omitted as appropriate below. That is,
The session key issuing device 35 in FIG. 9 is basically configured in the same manner as in FIG. 7 except that the counter 52 is deleted and a null count register 61 and a standby value register 62 are newly provided. I have.

Here, the empty calculation number register 61 or the standby value register 62 stores the number of times of calculation of the pseudo random number by the pseudo random number calculation device 42 or the value to be compared with the pseudo random number generated by the pseudo random number calculation device 42, respectively. It has become.

Next, the process of issuing the session key Ks (session key issuing process) by the session key issuing device 35 of FIG. 9 will be described with reference to the flowchart of FIG.

In the pseudo random number conversion device 41, step S3
In 1, it is determined whether or not there has been a request to issue the session key Ks from the encryption device 32 (FIG. 6), and if it is determined that there is no request, the process returns to step S31. If it is determined in step S31 that the encryption device 32 has issued a request to issue the session key Ks, the pseudo-random number conversion device 41 outputs a request to issue a pseudo-random number to the pseudo-random number calculation device 42, Proceed to step S32.

In step S32, the pseudo-random number calculation device 4
2 calculates a pseudo-random number while maintaining the current internal state. That is, the pseudo-random number calculation device 42 stores the current value register 5
3 is input to a predetermined function, and the resulting pseudo-random number is stored in the current value register 53 and replaced with the pseudo-random number already stored therein. And the process proceeds to step S33.

In step S33, the pseudo-random number calculating device 4
2 is the pseudo random number newly set in the current value register 53 and the value stored in the standby value register 62 (hereinafter, appropriately
It is determined whether the waiting value is equal to the waiting value.
If it is determined in step S33 that the pseudo random number newly set in the current value register 53 is not equal to the standby value stored in the standby value register 62, the pseudo random number calculation device 42 sets the pseudo random number in the current value register 53. The pseudo-random number is supplied to the pseudo-random number conversion device 41, skipping steps S34 to S44 and proceeding to step S45.

In step S45, the pseudo random number conversion device 4
1 generates a session key Ks based on the pseudo-random number from the pseudo-random number calculation device 42 and supplies it to the encryption device 32 in FIG. 6, returns to step S31, and thereafter, the same processing is repeated.

On the other hand, if it is determined in step S33 that the pseudo random number newly set in the current value register 53 is equal to the standby value stored in the standby value register 62, the process proceeds to step S34, where the pseudo random number calculating device 42 is
Get the initial value of empty calculation count. That is, the pseudo-random number calculation device 42 requests random number information from the random number information acquisition device 43. In this case, the random number information acquisition device 43 acquires the current output of the temperature sensor 44 to two decimal places and converts it to an integer. ,
The random number information is supplied to the pseudo random number calculation device 42. Then, the pseudo-random number calculation device 42 sets the random number information from the random number information acquisition device 43 as the number of times of idle calculation in the idle count register 61.

Thereafter, the process proceeds to step S35, where the pseudo-random number calculation device 42 gives the pseudo-random number stored in the current value register 53 as an input of a predetermined function, calculates a new pseudo-random number, and calculates the new pseudo-random number. The random number is stored in the current value register 53 so as to be overwritten, and the process proceeds to step S36. In step S36, the pseudo-random number calculation device 42 decrements the null calculation count stored in the null count register 61 by, for example, 1 and proceeds to step S37 to determine whether or not the null count is equal to 0, for example. I do. If it is determined in step S37 that the number of empty calculations is not equal to 0, the process returns to step S35, and the same processing is repeated.

If it is determined in step S37 that the number of empty calculations is equal to 0, that is, the pseudo random number output from the pseudo random number calculation device 42 becomes equal to the standby value stored in the standby value register 62. From step S34
If the pseudo random number is calculated the same number of times (the number of empty calculations) as the random number information obtained in step (a), the process proceeds to step S38, where the pseudo random number stored in the current value register 53 is replaced with the standby value register. In step 62, a new standby value is stored, and the process proceeds to step S39.

In step S39, as in step S34, the pseudo-random number calculation device 42 obtains the initial value of the number of empty calculations, and proceeds to step S40.
In step S40, the pseudorandom number calculation device 42 gives the pseudorandom number stored in the current value register 53 as an input of a predetermined function, calculates a new pseudorandom number, and stores the new pseudorandom number in the current value register 53. 53 is overwritten and stored, and the process proceeds to step S41. In step S41, the pseudo-random number calculation device 42 decrements the number of null calculations stored in the null count register 61 by, for example, 1 and proceeds to step S42 to determine whether or not the number of null calculations is equal to 0, for example. I do. If it is determined in step S42 that the number of blank calculations is not equal to 0, the process proceeds to step S42.
Returning to 40, the same processing is repeated thereafter.

If it is determined in step S42 that the number of empty calculations is equal to 0, ie, step S3
When the pseudo random number is calculated by the number of times of the initial value after the initial value of the empty calculation number is obtained in step 9, the process proceeds to step S 43, and the pseudo random number currently stored in the current value register 53 is obtained. , As a new seed, seed register 5
Set to 1.

Then, the process proceeds to a step S44, wherein the pseudorandom number calculating device 42 calculates a new series of pseudorandom numbers by using the new seed set in the seed register 51 as an initial value to be input to a predetermined function. , Its pseudo-random number,
It is stored in the current value register 53 by overwriting. Further, the pseudo-random number calculation device 42 supplies the pseudo-random number stored in the current value register 53 to the pseudo-random number conversion device 41, and proceeds to step S45.

The pseudo random number conversion device 41 determines in step S45
In FIG. 6, a session key Ks is generated based on the pseudo-random number from the pseudo-random number calculation device 42, and the encryption device 3 of FIG.
2 as well as to the encryption device 36 of FIG. 6, and returns to step S31, where the same processing is repeated.

As described above, when the pseudo-random number output from the pseudo-random number calculating device 42 becomes equal to the standby value, the pseudo-random number is calculated by the number of times corresponding to the random number information, and the pseudo-random number finally obtained is obtained. Since the random number is set as the initial value of the standby value, the pseudo random number is further calculated the number of times corresponding to the random number information, and the pseudo random number finally obtained is set as a new seed. It is extremely difficult to externally predict the timing of the change of the pseudo-random number sequence and the pseudo-random number sequence after the change, and therefore, it is possible to generate a session key Ks that is difficult to be specified by a third party. As a result, eavesdropping and falsification of information can be more reliably prevented. Furthermore, in this case, even if the random number information has some bias, the influence of such bias is small,
A series of pseudo-random numbers that are difficult to predict can be changed.

In the embodiment shown in FIGS. 9 and 10, the pseudo-random number output from pseudo-random number calculation device 42 changes the pseudo-random number sequence at a timing equal to the standby value. The pseudo-random sequence of
It is necessary that a value equal to the waiting value appears (otherwise, the pseudorandom number sequence (seed change) will not be performed thereafter). Therefore, in this case,
The function used to calculate the pseudo-random number must be such that all values in a predetermined range appear within one cycle.

Next, FIG. 11 shows a configuration example of the router 22 in the receiving device 2 of FIG.

The modulation signal as a reception signal output when the antenna 21 receives a radio wave from the satellite 4 is:
It is supplied to the receiving unit 71. The receiving unit 71 includes a demodulation circuit 72
And a demodulation circuit 72
Then, the modulated signal from the antenna 21 is QPSK demodulated, for example, and the resulting stream of TS packets is supplied to the packet extracting unit 73. Packet extractor 73
From the stream of TS packets from the demodulation circuit 72,
Extract the IP packet addressed to itself, and if information other than the session key Ks is arranged in the IP packet,
It is supplied to the decryption unit 74, and when the session key Ks is arranged, it is supplied to the session key registration unit 75.

When receiving the IP packet in which the session key Ks is arranged, the session key registration unit 75 extracts the session key Ks and stores the extracted session key Ks in the session key storage unit 7.
6 is stored. Then, the decryption unit 78 decrypts the session key Ks stored in the session key storage unit 76.

That is, as described above, the router 13 of the transmitting device 1 encrypts the session key Ks using the master key Km corresponding to the router 22, and transmits the encrypted session key Ks. Master key Km
Is encrypted at the time of manufacture, and
7 is stored.

For this reason, the decryption section 78 reads the encrypted master key Km from the master key storage section 77,
Decrypt. Further, the decryption unit 78 outputs the master key Km
To decrypt the encrypted session key Ks stored in the session key storage unit 76 and supply it to the decryption unit 74. As described above, the decryption unit 74 decrypts the IP packet from the packet extraction unit 73 using the session key Ks supplied from the decryption unit 74 and transfers the IP packet to the computer 23 (FIG. 1).

Next, the above-described series of processing can be performed by hardware or software. When a series of processing is performed by software, a program constituting the software is
It is installed in a computer incorporated in the router 13 as dedicated hardware, or a general-purpose computer that performs various processes by installing various programs.

With reference to FIG. 12, a description will be given of a medium used to install a program for executing the above-described series of processes in a computer and to make the computer executable.

As shown in FIG. 12A, the program can be provided to the user in a state where the program is previously installed in a hard disk 102 or a semiconductor memory 103 as a recording medium built in the computer 101.

Alternatively, the program is executed as shown in FIG.
As shown in (B), the floppy disk 111 and the CD-R
OM (Compact Disc Read Only Memory) 112, MO (Magnet
o optical) disc 113, DVD (Digital Versatile Di)
sc) 114, magnetic disk 115, semiconductor memory 116
And the like, can be temporarily or permanently stored in a recording medium such as a storage medium and provided as package software.

Further, as shown in FIG. 12C, the program is transmitted from the download site 121 to the computer 1 via an artificial satellite 122 for digital satellite broadcasting.
01 wirelessly, LAN (Local Area Network),
Via a network 131 such as the Internet,
The data is transferred to the computer 123 by wire and the computer 10
1, it may be stored in a built-in hard disk 102 or the like.

In the present specification, the medium means a broad concept including all these media.

In this specification, steps for describing a program provided by a medium need not necessarily be processed in chronological order according to the order described in the flowchart, but may be performed in parallel or individually. (For example, parallel processing or object processing)
Is also included.

Next, FIG. 13 shows the computer 1 of FIG.
1 shows a configuration example.

The computer 101 has a built-in CPU (Central Processing Unit) 142 as shown in FIG. An input / output interface 145 is connected to the CPU 142 via a bus 141, and the CPU 142 is connected to the CPU 142 by the user via the input / output interface 145.
When a command is input by operating the input unit 147 including a keyboard, a mouse, and the like, a ROM corresponding to the semiconductor memory 103 in FIG.
(Read Only Memory) The program stored in 143 is executed. Alternatively, the CPU 142 may execute a program stored in the hard disk 102,
Alternatively, the data is transferred from the network 131 and the communication unit 14
8, the program installed on the hard disk 102 or the floppy disk 111, the CD-ROM 112, and the MO disk 11 mounted on the drive 149.
3. A program read from the DVD 114 or the magnetic disk 115 and installed on the hard disk 102 is loaded into a RAM (Random Access Memory) 144 and executed. Then, the CPU 142 transmits the processing result to the LC via the input / output interface 145, for example.
Display unit 14 composed of D (Liquid CryStal Display) etc.
6 and output as necessary.

In the present embodiment, the case where information is transmitted from transmitting apparatus 1 to receiving apparatus 2 via satellite 4 which is one of the radio channels has been described as an example. The present invention is also applicable to a case where information is transmitted via a wired line (for example, the current Internet 3) instead of a wireless line.

[0124]

As described above, according to the random number generating device and the random number generating method, the medium, and the encrypting device and the encrypting method of the present invention, a pseudo random number is generated based on a predetermined initial value. On the other hand, unpredictable values are obtained from outside,
At a timing based on the unpredictable value, the predetermined initial value is changed based on the unpredictable value. Therefore,
It is possible to generate pseudo-random numbers that are difficult to identify by a third party. As a result, information is encrypted using the pseudo-random numbers as keys, thereby more securely preventing information tapping and tampering. Becomes possible.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a configuration example of an embodiment of an information transfer device to which the present invention has been applied.

FIG. 2 is a flowchart for explaining processing of a transmission device 1 of FIG. 1;

FIG. 3 is a flowchart for explaining processing of the receiving device 2 of FIG. 1;

4 is a diagram for explaining an outline of information encryption / decryption performed by a router 13 / router 22 in FIG. 1;

FIG. 5 is a diagram for describing an outline of information encryption / decryption performed by a router 13 / router 22 of FIG. 1;

FIG. 6 is a block diagram showing a configuration example of a router 13 of FIG.

FIG. 7 is a block diagram showing a configuration example of a session key issuing device 35 of FIG. 6;

FIG. 8 is a flowchart for explaining processing of the session key issuing device 35 of FIG. 7;

FIG. 9 is a block diagram showing another configuration example of the session key issuing device 35 of FIG. 6;

FIG. 10 is a flowchart for explaining processing of the session key issuing device 35 of FIG. 9;

11 is a block diagram illustrating a configuration example of a router 22 in FIG.

FIG. 12 is a diagram for explaining a medium to which the present invention is applied.

13 is a block diagram illustrating a configuration example of a computer 101 in FIG.

[Explanation of symbols]

1 transmitting device, 2 receiving device, 11 router, 1
2 computers, 13 routers, 14 multiplexers, 15 modulation circuits, 16, 21 antennas,
22 router, 23 computer, 31 routing unit, 32 encryption device, 33 issuing device, 3
4 master key storage device, 35 session key issuing device, 36 encryption device, 41 pseudo-random number conversion device,
42 pseudorandom number calculation device, 43 random number information acquisition device,
44 temperature sensor, 51 seed register, 52
Counter, 53 current value register, 61 empty calculation count register, 62 standby value register, 71 receiver,
72 demodulation circuit, 73 packet extraction unit, 74
Decryption unit, 75 session key registration unit, 76 session key storage unit, 77 master key storage unit, 78
Decoding unit, 101 computer, 102 hard disk, 103 semiconductor memory, 111 floppy disk, 112 CD-ROM, 113 MO disk, 114 DVD, 115 magnetic disk, 11
6 semiconductor memory, 121 download site,
122 satellites, 131 networks, 141 bus, 142 CPU, 143 ROM, 144 RAM,
145 input / output interface, 146 display unit,
147 input unit, 148 communication unit, 149 drive

Claims (10)

[Claims] 1. A random number generating device for generating a pseudo random number, comprising: a generating unit that generates the pseudo random number based on a predetermined initial value; an obtaining unit that obtains an unpredictable value from outside; Changing means for changing the predetermined initial value based on the unpredictable value at a timing based on the unpredictable value. 2. An acquisition value storage means for storing a value acquired by the acquisition means, and an operation means for operating a storage value of the acquisition value storage means in accordance with an external request for the pseudo-random number, 2. The random number generator according to claim 1, wherein the change unit determines a timing at which the predetermined initial value is changed based on a value stored in the acquired value storage unit. 3. The operation unit operates a storage value of the acquired value storage unit every time there is a request for the pseudorandom number, and the changing unit changes the storage value of the acquired value storage unit to a predetermined value. At the timing when the predetermined initial value is obtained,
The random number generator according to claim 2, wherein the value is changed to a value obtained by the obtaining unit. 4. A pseudorandom number storage means for storing a pseudorandom number generated by said generating means, and a comparing means for comparing said pseudorandom number generated by said generating means with a value stored in said pseudorandom number storage means. Including, the changing means, based on a comparison result of the comparing means,
The random number generator according to claim 1, wherein a timing for changing the predetermined initial value is determined. 5. An apparatus according to claim 1, further comprising: an obtained value storage unit configured to store a value obtained by the obtaining unit; and an operating unit configured to operate the stored value of the obtained value storage unit in accordance with the number of pseudo random numbers generated by the generating unit. 5. The random number generator according to claim 4, wherein the pseudo random number storage unit stores a pseudo random number output by the generation unit when the storage value of the obtained value storage unit reaches a predetermined value. apparatus. 6. An acquisition value storage means for storing a value acquired by the acquisition means, and an operation means for operating a value stored in the acquisition value storage means in accordance with the number of pseudo random numbers generated by the generation means. 5. The method according to claim 4, wherein the changing unit changes the predetermined initial value to a pseudo-random number output by the generating unit when the value stored in the acquired value storage unit reaches a predetermined value. 3. The random number generator according to 1. 7. A method for generating a pseudo random number, the method comprising: generating a pseudo random number based on a predetermined initial value; obtaining an unpredictable value from outside; A changing step of changing the predetermined initial value based on the unpredictable value at a timing based on the unpredictable value. 8. A medium for causing a computer to execute a program for performing a random number generation process for generating a pseudo random number, comprising: a generation step of generating the pseudo random number based on a predetermined initial value; A program comprising: an acquiring step of acquiring an unpredictable value; and a changing step of changing the predetermined initial value based on the unpredictable value at a timing based on the unpredictable value. To
A medium to be executed by the computer. 9. An encryption device for encrypting information based on a predetermined encryption key, comprising: random number generation means for generating a pseudo random number; and opening an encryption key obtained from the pseudo random number to encrypt information. The random number generating means, based on a predetermined initial value, generating means for generating the pseudo-random number, obtaining means for obtaining an unpredictable value from the outside, Changing means for changing the predetermined initial value based on the unpredictable value at a timing based on a possible value. 10. An encryption method for encrypting information based on a predetermined encryption key, comprising the steps of: generating a pseudorandom number; and opening an encryption key obtained from the pseudorandom number to encrypt information. The random number generating step includes: generating the pseudorandom number based on a predetermined initial value; obtaining an externally unpredictable value; Changing the predetermined initial value based on the unpredictable value at a timing based on a possible value.