JP2010016526A - Communication device, encryption communication system, communication method, and communication program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To suppress increase in the capacity of a transmitting/receiving buffer and increase in the frequency of communication, even for a communication device which performs encryption operation a plurality of times due to long data length. <P>SOLUTION: N blocks can be stored in smaller-capacity one of the following buffers: a transmission buffer A of an encryption communication device A and a receiving buffer B of an encryption communication device B. A control portion 202 of the encryption communication device A sequentially inputs data cut out for every N blocks from the beginning of transmission data into the transmit buffer A. When the size of data having not been input is larger than the size for N blocks while being storable in the smaller-capacity buffer, the data are input into the transmission buffer A at one time. A communication portion 201 of the encryption communication device A transmits data from the transmission buffer A to the encryption communication device B, every time the data are input into the transmission buffer A. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a communication device, a cryptographic communication system, a communication method, and a communication program.

In the conventional apparatus, data input to an input buffer provided for each input channel is stored, and the data stored in the input buffer is input to the arithmetic circuit in units of blocks in a time division manner via an input data selector. . The arithmetic circuit performs encryption (or decryption) in units of blocks. The conventional apparatus is premised on the use of a common key encryption algorithm. In the common key encryption algorithm, as described above, data of a predetermined length called a block (for example, 8 bytes) is encrypted by one operation. In the case of long data, the cryptographic operation is performed by dividing the data into block lengths and operating the arithmetic circuit by the number of divisions (see, for example, Patent Document 1).
JP 2007-114404 A (FIG. 1)

  In the conventional apparatus, the input data input from the channel is limited to an integral multiple of the block length. Therefore, when encrypting plaintext data longer than the length of the input buffer, the data is input to a different input buffer by switching the channel, and the calculation is performed while switching the input buffer by the input data selector. In this case, the input data length is shorter than the input buffer length, and the input data length is an integral multiple of the block length. However, it is rare that the plaintext data is divisible by the length of the input data, and the fractional length of data is usually input to the input buffer as input data. In other words, if there is fractional length data, no matter how short the length is, there is a problem that the same processing as that for inputting input data having a length that is an integral multiple of the block length to the input buffer is required once. It was.

  In addition, the conventional apparatus has a problem that the capacity of the memory to be temporarily used increases because a plurality of input buffers exist. In order to reduce the amount of memory, it is conceivable to use one input buffer, but in this case, the influence of the process of inputting fractional length data to the input buffer becomes relatively large, and the efficiency of the input buffer is reduced. The problem that it is difficult to use arises.

  An object of the present invention is, for example, to suppress the capacity of a transmission / reception buffer and suppress an increase in the number of communication even in a communication apparatus in which the length of data to be processed is long and a cryptographic operation must be performed a plurality of times.

A communication apparatus according to one aspect of the present invention is provided.
A communication device that transmits data to another communication device and causes the other communication device to perform a predetermined process for dividing the transmission data into blocks of a certain size,
Send buffer A;
Of the transmission buffer A and the reception buffer B provided in the other communication device, the number of blocks that can be stored in a small-capacity buffer is N, and the data cut out every N blocks from the top of the transmission data is the data When data is sequentially input to the transmission buffer A, and the data that has not been input to the transmission buffer A is larger than the size of N blocks among the transmission data, the data can be stored in the small capacity buffer. A control unit that inputs the data to the transmission buffer A at a time;
And a communication unit that transmits the data from the transmission buffer A to the other communication device each time data is input from the control unit to the transmission buffer A.

  According to one aspect of the present invention, in the communication apparatus, the control unit sets N as the number of blocks that can be stored in a buffer having a small capacity among the transmission buffer A and the reception buffer B included in another communication apparatus. When data cut out every N blocks from the top of the data is sequentially input to the transmission buffer A, and the size of the uninput data is larger than the size of N blocks, the size can be stored in a small capacity buffer. By inputting the data to the transmission buffer A at a time, it is possible to suppress the capacity of the transmission / reception buffer and suppress the increase in the number of communications.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

Embodiment 1 FIG.
This embodiment will be described with reference to FIG. FIG. 1 is a configuration diagram of communication apparatuses 200a and 200b included in the cryptographic communication system 100 according to the present embodiment. Hereinafter, the communication device 200a is referred to as an encryption communication device A, and the communication device 200b is referred to as an encryption communication device B.

  In FIG. 1, both the encryption communication device A and the encryption communication device B include a communication unit 201, a control unit 202, and a nonvolatile memory 203. The cryptographic communication device B further includes a random number generator 204 and a cryptographic processing unit 205. Each of the encryption communication device A and the encryption communication device B is configured by one or a plurality of microcomputers (microcomputers).

  The communication unit 201 performs transmission / reception of the communication data 101 using the transmission buffer A and the reception buffer A in the encryption communication apparatus A and using the transmission buffer B and the reception buffer B in the encryption communication apparatus B. The communication unit 201 includes, for example, a smart card contact interface, a non-contact interface, a parallel interface, a serial interface, IEEE (Institut of Electrical Engineering and Electronics Engineers) 1394, and USB (Universal Serial Bus). Wireless interfaces such as wired interfaces such as, infrared communication, Bluetooth (registered trademark), wireless LAN (local area network), DSRC (Dedicated Short Range Communication), and mobile phones. The control unit 202 decodes the communication data 101 received by the communication unit 201 or generates communication data 101 (transmission data) to be transmitted, and controls the entire apparatus. The control unit 202 includes a CPU (Central Processing Unit), a logic circuit, a sequence ROM (Read Only Only Memory), and the like. The nonvolatile memory 203 stores secret information such as a key used at the time of encryption processing. The random number generator 204 generates a random number used in the encryption process. The encryption processing unit 205 encrypts or decrypts the communication data 101 using secret information such as a key stored in the nonvolatile memory 203 or a random number generated by the random number generator 204.

  In the following description, it is assumed that the encryption communication device A, which is a communication device 200a having no encryption function, requests encryption encryption device B, which is another communication device 200b, to encrypt data using block encryption. That is, hereinafter, it is assumed that the encryption communication device A transmits data to the encryption communication device B, and causes the encryption communication device B to perform encryption processing of the transmission data by block encryption. The encryption process using the block cipher is an example of a predetermined process in which transmission data is divided into blocks each having a certain size.

  FIG. 2 shows that when the encryption communication device A requests the encryption communication device B to encrypt the data and the encryption communication device B encrypts the data, the encryption communication device A and the encryption communication device B It is a block diagram which shows the component of main HW (hardware) which performs delivery.

  In FIG. 2, a transmission data memory 211 and a reception data memory 212 are the nonvolatile memory 203 of the encryption communication apparatus A or a part thereof. The transmission buffer A and the reception buffer A are each part of the communication unit 201 of the encryption communication device A as described above. The block input unit 213, the cryptographic operation unit 214, and the block output unit 215 are each part of the cryptographic processing unit 205 of the cryptographic communication device B. As described above, the reception buffer B and the transmission buffer B are part of the communication unit 201 of the encryption communication device B, respectively.

  Data to be encrypted (or decrypted) is stored in the transmission data memory 211. Since the data to be encrypted is large, the control unit 202 of the encryption communication device A cannot transfer all the data to the transmission buffer A, and transfers the data in several times. That is, the control unit 202 of the encryption communication apparatus A inputs the divided data to the transmission buffer A in order. The communication unit 201 of the encryption communication device A transmits data from the transmission buffer A to the reception buffer B. Since the encryption processing unit 205 of the encryption communication apparatus B uses a common key encryption algorithm, it can accept data only in units of blocks. The block input unit 213 and the block output unit 215 are block interfaces. Since the length of the block is smaller than the length of the reception buffer B, the data is sent to the cryptographic processing unit 205 of the cryptographic communication apparatus B in several times. Data input to the block input unit 213 is encrypted by the cryptographic operation unit 214 and stored in the transmission buffer B via the block output unit 215. When all the data in the reception buffer B is encrypted, the communication unit 201 of the encryption communication device B transmits the data stored in the transmission buffer B to the reception buffer A. The control unit 202 of the encryption communication device A stores the data of the reception buffer A in the reception data memory 212. The encryption communication device A repeats the process from the input of data to the transmission buffer A until the reception of the encrypted data by the reception buffer A, so that all the data is encrypted, It is stored in the reception data memory 212.

  FIG. 3 is a diagram illustrating an example of a hardware configuration of each of the communication devices 200a and 200b, that is, the encryption communication device A and the encryption communication device B.

  In FIG. 3, an encryption communication device A and an encryption communication device B are mainly composed of a computer such as a microcomputer, and a display device 901 having a display screen such as an LCD (liquid crystal display), operation keys 902, operation buttons 903, and the like. These are connected by cables and signal lines.

  The encryption communication device A and the encryption communication device B include a CPU 911 that executes a program. The CPU 911 is an example of a processor. The CPU 911 is connected to the ROM 913, the RAM 914 (Random / Access / Memory), the communication board 915, the display device 901, the operation key 902, the operation button 903, and the magnetic disk device 920 via the bus 912, and controls these hardware devices. To do. Instead of the magnetic disk device 920, a storage medium such as a flash memory or a memory card reader / writer may be used.

  The RAM 914 is an example of a volatile memory. The storage media of the ROM 913 and the magnetic disk device 920 are an example of the nonvolatile memory 203. These are examples of memories. A communication board 915, operation keys 902, operation buttons 903, and the like are examples of an input device. The communication board 915, the display device 901, and the like are examples of output devices.

  The communication board 915 is connected to a wired or wireless LAN, a mobile communication network, a DSRC network, or the like. The communication board 915 is connected to the Internet or a WAN (wide area network) such as an IP-VPN (Internet, Protocol, Virtual, Private, Network), a wide area LAN, and an ATM (Asynchronous, Transfer, Mode) network. It doesn't matter. A LAN, a mobile communication network, a DSRC network, the Internet, and a WAN are all examples of networks.

  The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922. The program group 923 stores a program for executing a function described as “˜unit” in the description of the present embodiment. The program is read and executed by the CPU 911. The file group 924 includes data and information described as “˜data”, “˜information”, “˜ID (identifier)”, “˜flag”, and “˜result” in the description of this embodiment. Signal values, variable values, and parameters are stored as items of “˜file”, “˜database”, and “˜table”. The “˜file”, “˜database”, and “˜table” are stored in a storage medium such as a disk or a memory. Data, information, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for processing (operation) of the CPU 911 such as calculation / control / output / printing / display. Data, information, signal values, variable values, and parameters are temporarily stored in the main memory, cache memory, and buffer memory during processing of the CPU 911 such as extraction, search, reference, comparison, calculation, control, output, printing, and display. Is remembered.

  In addition, the arrows in the block diagrams and flowcharts used in the description of the present embodiment mainly indicate input / output of data and signals. The data and signals are RAM 914, memory such as flash memory, magnetic disk of magnetic disk device 920, and the like. Recorded on the recording medium. Data and signals are transmitted by a bus 912, a signal line, a cable, and other transmission media.

  In addition, what is described as “˜unit” in the description of this embodiment may be “˜circuit”, “˜device”, “˜device”, and “˜step”, “˜process”. , “˜procedure”, and “˜processing”. That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be realized only by software, or only by hardware such as an element, a device, a board, and wiring, or a combination of software and hardware, and further by a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk or a flash memory. This program is read by the CPU 911 and executed by the CPU 911. That is, the program causes the computer to function as “to part” described in the description of the present embodiment. Alternatively, it causes the computer to execute the procedures and methods described in the description of the present embodiment.

  Next, the processing flow will be described.

  FIG. 4 is a flowchart showing a processing flow (communication method according to the present embodiment) of the present embodiment.

  4, in step S101, a transmission / reception parameter setting process described later is performed. In this process, the transmission / reception parameters of the encryption communication device A and the encryption communication device B are set in order to perform efficient transmission / reception. In step S102, data encryption processing described later is performed. In this process, communication based on transmission / reception parameters is repeated, and long data is encrypted.

  Next, details of the transmission / reception parameter setting processing in step S101 described above will be described with reference to FIG.

  In step S111, the control unit 202 of the encryption communication device A sends the length of the reception buffer A of the encryption communication device A itself to the encryption communication device B via the communication unit 201 of the encryption communication device A. In step S112, the control unit 202 of the encryption communication device B receives the length via the communication unit 201 of the encryption communication device B. On the other hand, in step S113, the control unit 202 of the encryption communication device B sends the length of the reception buffer B of the encryption communication device B itself to the encryption communication device A via the communication unit 201 of the encryption communication device B. In step S114, the control unit 202 of the encryption communication device A receives the length via the communication unit 201 of the encryption communication device A. Through this process, the encryption communication device A and the encryption communication device B can share the length of the mutual reception buffer in the nonvolatile memory 203. It is assumed that the cryptographic communication device A and the cryptographic communication device B store the lengths of their transmission buffers and reception buffers in the nonvolatile memory 203 in advance.

  As described above, in the present embodiment, the nonvolatile memory 203 of the encryption communication device A stores the capacities of the transmission buffer A and the reception buffer A in advance. The control unit 202 of the encryption communication device A is notified of the capacity of the reception buffer B from the encryption communication device B, and the capacity of the reception buffer B is also stored in the nonvolatile memory 203 of the encryption communication device A. Further, the non-volatile memory 203 of the encryption communication device B stores the capacities of the transmission buffer B and the reception buffer B in advance. The control unit 202 of the encryption communication device B is notified of the capacity of the reception buffer A from the encryption communication device A, and the capacity of the reception buffer A is also stored in the nonvolatile memory 203 of the encryption communication device B.

  In step S115, the control unit 202 of the encryption communication device A selects the minimum length among the length of the reception buffer B and the length of the transmission buffer A. Further, the control unit 202 of the cryptographic communication apparatus A sets the integer part obtained by dividing the minimum length by the block length of the common key algorithm as the transmission block number A. Here, it is assumed that the minimum length is larger than the block length. Similarly, also in step S116, the control unit 202 of the encryption communication device B selects the minimum length among the length of the reception buffer A and the length of the transmission buffer B. Further, the control unit 202 of the cryptographic communication apparatus B sets the integer part obtained by dividing the minimum length by the block length of the common key algorithm as the transmission block number B. Next, in steps S117 and S118, the control unit 202 of each communication apparatus transmits the transmission block number A and the transmission block number B to each other via the communication unit 201, and the smaller one is transmitted as the number of transmission blocks (common). ) Select each as N. In step S119, the control unit 202 of the encryption communication apparatus A determines the minimum length among the number of transmission blocks (common) N and the length value obtained by multiplying the length of the block, the length of the reception buffer B, and the length of the transmission buffer A. Difference Sa is obtained. This difference Sa is equal to the length of the buffer that is not used in the smaller one of the reception buffer B and the transmission buffer A when the transmission block number (common) N data is sent to the encryption communication device B. The control unit 202 of the encryption communication apparatus A sets the number of transmission blocks (common) N and the difference Sa as transmission / reception parameters. In step S120, the control unit 202 of the encryption communication device B determines the minimum length among the number of transmission blocks (common) N and the length value obtained by multiplying the block length, the length of the reception buffer A, and the length of the transmission buffer B. The difference Sb is obtained. This difference Sb is equal to the length of the buffer that is not used in the smaller one of the reception buffer A and the transmission buffer B when the transmission block number (common) N data is sent to the encryption communication device A. The control unit 202 of the encryption communication device B sets the number of transmission blocks (common) N and the difference Sb as transmission / reception parameters.

  Thus, in the present embodiment, the control unit 202 of the encryption communication device A and the control unit 202 of the encryption communication device B include the transmission buffer A, the reception buffer A, the reception buffer B, and the transmission buffer B. The maximum number of blocks that can be stored in the buffer having the smallest capacity is N (this embodiment can be applied even if the number smaller than the maximum number of blocks that can be stored is N, but the maximum number of blocks that can be stored is N. Preferably). For example, when the capacity of the transmission buffer A, the reception buffer A, the reception buffer B, and the transmission buffer B is 20 bytes, 40 bytes, 30 bytes, and 30 bytes in order, the size of one block is 8 bytes. N = 2 (this embodiment can be applied even if N = 1, but N = 2 is desirable). In order to obtain N, the control unit 202 of the encryption communication device A blocks the minimum value of the capacity of the transmission buffer A stored in the nonvolatile memory 203 and the capacity of the reception buffer B notified from the encryption communication device B. Divide by one size. At this time, the quotient corresponds to the maximum number A of blocks that can be stored in a buffer having a small capacity among the transmission buffer A and the reception buffer B. In the above example, A = 2 (At this time, Sa = 4 bytes). In addition, the control unit 202 of the encryption communication device B sets the minimum value for one block between the capacity of the transmission buffer B stored in the nonvolatile memory 203 and the capacity of the reception buffer A notified from the encryption communication device A. Divide by size. At this time, the quotient corresponds to the maximum number B of blocks that can be stored in a buffer having a small capacity among the transmission buffer B and the reception buffer A. In the above example, B = 3 (At this time, Sb = 6 bytes). In this embodiment, in such a case, the minimum value of A and B is taken and N = 2. That is, N is common in the case where the encryption communication device A transmits data to the encryption communication device B and the case where the encryption communication device A receives data from the encryption communication device B. However, N may be set separately in the two cases. That is, when the encryption communication device A transmits data to the encryption communication device B, N = A (N may be a value smaller than A, but N = A is desirable), and the encryption communication device A May receive data from the encryption communication device B, N = B (N may be smaller than B, but N = B is desirable). In this way, for example, when the number of blocks of data input to the encryption processing unit 205 of the encryption communication device B is different from the number of blocks of data obtained by encrypting the data, the memory capacity is more efficiently increased. It can be used.

  By performing the transmission / reception parameter setting process of FIG. 5, the number of transmission blocks (common) N and the difference Sa are set in the encryption communication device A, and the number of transmission blocks (common) N and the difference Sb are set in the encryption communication device B. Will be set.

  Next, details of the data encryption processing in step S102 described above will be described with reference to FIG. The data encryption processing mainly includes data transmission / reception and cryptographic computation (encryption or decryption) processing, and is performed after the above-described transmission / reception parameter setting processing.

  In step S151, the control unit 202 of the cryptographic communication apparatus A transmits a cryptographic operation command to the cryptographic communication apparatus B via the communication unit 201 of the cryptographic communication apparatus A. The cipher operation command is a notification that the cipher operation is started, and a key number to be used, a number for specifying an encryption algorithm, a length of data to be transmitted, and the like are added as necessary. In step S152, the cryptographic operation command is received by the control unit 202 of the cryptographic communication device B via the communication unit 201 of the cryptographic communication device B, and the control unit 202 of the cryptographic communication device B performs the setting indicated by the command. Is called. For example, a key corresponding to the key number is set, and an encryption algorithm to be used is selected.

  Next, in the encryption communication device A, the control unit 202 starts data transmission in step S153. In step S154, the control unit 202 of the encryption communication device A divides the data from the transmission data memory 211 shown in FIG. At this time, the control unit 202 of the encryption communication apparatus A performs any of the following procedures (A) to (D) according to the relationship between the set number of transmission blocks (common) N, the difference Sa, and the untransmitted data length D. The data is transferred from the transmission data memory 211 to the transmission buffer A. The untransmitted data length is a length obtained by subtracting the length of transmitted data from the length of data to be transmitted. In step S155, the communication unit 201 of the encryption communication device A sends the divided data in the transmission buffer A to the encryption communication device B.

  In the following, the number of blocks is M, the block length (length of one block) is L, and the fraction is H. As described above, N is the number of transmission blocks (common), Sa is a difference, and D is an untransmitted data length.

(A) When D ≧ N · L + Sa M = N and H = 0. That is, the control unit 202 of the encryption communication apparatus A divides the data by the number of transmission blocks (common) N in step S154 and moves the data to the transmission buffer A. Then, the communication unit 201 of the encryption communication apparatus A transmits the divided data transferred to the transmission buffer A in step S155.

(A) When N · L + Sa> D ≧ N · L, M = N + FLOOR (Sa / L), and H = D−M · L. Here, when it is referred to as FLOOR (X), this indicates a maximum integer not exceeding X. In this case, of the transmission buffer A and the reception buffer B of the encryption communication device B, untransmitted data within the range of a short buffer (free capacity when N blocks are stored, that is, Sa) Then, even if the number of transmission blocks (common) N is exceeded, the control unit 202 of the encryption communication apparatus A divides (extracts) all untransmitted data in step S154 and moves it to the transmission buffer A. Then, the communication unit 201 of the encryption communication apparatus A transmits the divided data transferred to the transmission buffer A in step S155.

(C) When N · L>D> 0: M = FLOOR (D / L) and H = D−M · L. In this case, the control unit 202 of the encryption communication device A divides (unloads) all untransmitted data in step S154 and moves it to the transmission buffer A. Then, the communication unit 201 of the encryption communication apparatus A transmits the divided data transferred to the transmission buffer A in step S155.

(D) When D = 0 The control unit 202 of the encryption communication device A stops transmission.

  In the encryption communication device B, when the communication unit 201 receives the divided data in step S156, the control unit 202 divides the divided data (received data) block by block in step S157. In step S158, the cryptographic processing unit 205 performs cryptographic computation. The result of the cryptographic operation in step S159 is the result of the block length. That is, one block of encrypted data is obtained. The control unit 202 of the encryption communication device B receives this encrypted data and stores it in the transmission buffer B in step S160. In the cryptographic communication device B, the processing from step S157 to step S160 is repeated until all received data is cryptographically computed. In FIG. 6, this repeating range is indicated by “repeating unit 1”.

  Here, before describing the number of repetitions of “repetition unit 1”, the format of data transmission in the present embodiment shown in FIG. 7 will be described.

  In FIG. 7, a header 301 includes an identifier indicating that the data is for cryptographic operation, an identifier indicating that the data is transmitted first, and an identifier indicating that it is the last data. Normally, the number of blocks 302 is set to the number of transmission blocks (common) N, but the last data may be smaller than the number of transmission blocks (common) N. The fraction 303 indicates the length of data that is less than the block length. The data 304 stores data having a length combining the block number 302 and the fractional number 303.

  As described above, in the present embodiment, the control unit 202 of the encryption communication apparatus A includes the number of blocks included in the data (data 304 in FIG. 7) in the format of the data (data 304 in FIG. 7) input to the transmission buffer A. The control information indicating the number of blocks 302) and the fraction when the data size is divided by the size of one block (fraction 303 in FIG. 7) is included. Similarly, the control unit 202 of the encryption communication apparatus B includes the number of blocks (the number of blocks 302 in FIG. 7) included in the data in the format of the data input to the transmission buffer B (data 304 in FIG. 7) and the data. Control information indicating the fraction (fraction 303 in FIG. 7) when the size of is divided by the size of one block is included.

  Since the format as described above is determined for data transmission, “repetition unit 1” is the number of blocks M when the fraction H = 0, and M + 1 when H> 0. When the fraction H exists, that is, when H> 0, the encryption processing unit 205 of the encryption communication device B performs cryptographic operation on data having a length smaller than the block length for the last time of “repetition unit 1”. Will do. For this reason, the control unit 202 of the encryption communication device B performs padding processing for bits that are less than the block length in step S157.

  As described above, in the present embodiment, the control unit 202 of the encryption communication device A sequentially inputs the data cut out every N blocks from the top of the transmission data to the transmission buffer A (step S154 in FIG. 6). When the data not input to the transmission buffer A among the transmission data is larger than the size of the N blocks, the control unit 202 of the encryption communication apparatus A The data is input to the transmission buffer A at a time (step S154 in FIG. 6). Each time data is input from the control unit 202 of the cryptographic communication device A to the transmission buffer A, the communication unit 201 of the cryptographic communication device A transmits the data from the transmission buffer A to the cryptographic communication device B (step of FIG. 6). S155).

  When “repetition unit 1” is completed, the transmission buffer B of the encryption communication apparatus B stores the data for which the cryptographic operation has been completed. The communication unit 201 of the encryption communication device B sends this transmission data to the encryption communication device A in step S161, and the communication unit 201 of the encryption communication device A receives the data in step S162. The control unit 202 of the encryption communication device A stores the received data in the reception data memory 212 in step S163.

  In the cryptographic communication system 100, the processing from step S154 to step S163 is repeated until there is no more data in the transmission data memory 211. In FIG. 6, this repeating range is indicated by “repeating unit 2”.

  In step S164, the control unit 202 of the encryption communication apparatus A can know the end of “repetition unit 2” from the header 301 of the data transmission format.

  Thus, in the present embodiment, the communication unit 201 of the encryption communication device B receives the data by the reception buffer B every time data is transmitted from the encryption communication device A (step S156 in FIG. 6). The control unit 202 of the encryption communication device B outputs the data from the reception buffer B (step S157 in FIG. 6). Each time the data is output from the reception buffer B by the control unit 202 of the encryption communication device B, the encryption processing unit 205 of the encryption communication device B sequentially encrypts the data by block encryption (steps S158 and S159 in FIG. 6). ). The control unit 202 of the encryption communication device B sequentially inputs the data encrypted by the encryption processing unit 205 of the encryption communication device B to the transmission buffer B (step S160 in FIG. 6). Each time data is input from the control unit 202 of the cryptographic communication device B to the transmission buffer B, the communication unit 201 of the cryptographic communication device B transmits the data from the transmission buffer B to the cryptographic communication device A (step of FIG. 6). S161). The communication unit 201 of the encryption communication device A receives the data by the reception buffer A every time the data transmitted to the encryption communication device B is encrypted by the encryption communication device B and the data is transmitted from the encryption communication device B. (Step S162 in FIG. 6). Each time data is received by the reception buffer A, the control unit 202 of the encryption communication apparatus A outputs the data from the reception buffer A and concatenates the data to generate encrypted data of the transmission data (FIG. 6). Step S163).

  Next, the effect of this embodiment will be described.

  In the present embodiment, before performing the cryptographic operation, the size of the reception buffer of both the cryptographic communication devices A and B is notified, and the number of transmission blocks (common) so that the block that is the unit of the cryptographic operation can be maximized. N is set. This allows the system to minimize the area of the reception buffer that is not used for communication. This indicates that the number of communication times can be set to the smallest even in the case of a cryptographic communication device having a long data length and having to perform cryptographic operations a plurality of times.

  In the present embodiment, the format of communication data further describes the number of blocks and fractions, and the length of untransmitted data and the area not used for communication in the reception buffer (or transmission buffer) (the difference Sa described above) If the unsent data can be transmitted if all the receive buffers are used, all the unsent data is transmitted, and the data is subjected to cryptographic calculation processing at the receiving destination. The number of communications can be further reduced by one. This effect is illustrated in FIG. FIG. 8 shows an example in which transmission data is transmitted three times with the number of transmission blocks (common) N = 4. The transmission data of the third cross hatch is one in which the number of blocks is four and fractional data is also transmitted. As described above, when there is a margin in the reception buffer, a larger amount of data can be transmitted at the end, so the number of transmissions can be reduced by one. In accordance with this, the number of cryptographic computations is one more at the time of the third data transmission than at the first time and the second time. Also, as shown in FIG. 8, the fractional data is padded. On the other hand, FIG. 9 shows a case where the conventional example is performed with the same data as FIG. In FIG. 9, since all transmission data cannot be transmitted in three transmissions, the fourth transmission is performed, and it can be seen that the number of transmissions is increased as compared with the present embodiment.

  In the present embodiment, since the maximum transmission / reception parameter is set by the transmission / reception parameter setting process, an increase in the number of communication can be minimized even if one transmission / reception buffer is used.

  In the present embodiment, the data encryption process is performed after the transmission / reception parameter setting process is performed, but when the combination of the encryption communication devices is determined, the sizes of both reception buffers are known in advance, Transmission / reception parameters may be determined in advance, and during data processing, transmission / reception parameter setting processing may not be performed, and only data encryption processing may be performed.

  In this embodiment, the transmission data division is determined by sequentially considering the length of untransmitted data and the area of the reception buffer that is not used for communication. However, when handling fixed-length data, Since the division pattern is determined, the division pattern may be determined in advance, and data division may be performed according to the division pattern without performing sequential determination.

  In the description of the present embodiment, an individual device called a cryptographic communication device has been taken as an example, but communication between a one-chip microcomputer chip and a secure microcomputer chip capable of cryptographic operation may be used.

As described above, in the present embodiment, the cryptographic communication system 100 that performs cryptographic computation using the common key cryptographic algorithm in at least one of the devices includes:
Transmission / reception that sets the difference between the maximum number of transmission blocks (common) and the length corresponding to the other reception buffer and the number of transmission blocks (common) as transmission / reception parameters based on the mutual reception buffer length and transmission buffer length Parameter setting process,
From the number of transmission blocks (common), the above difference, and the length of untransmitted data, if transmission is possible using all receiving buffers at the receiver, untransmitted data equal to or greater than the number of transmission blocks (common) is transmitted and transmitted. And a data encryption process for performing a cryptographic operation based on the number of blocks and a fraction.

Further, in a modification of the present embodiment, the cryptographic communication system 100 that performs cryptographic computation using a common key cryptographic algorithm in at least one of the devices,
Based on the length of the mutual reception buffer and the length of the transmission buffer, the difference between the maximum number of transmission blocks (common) and the length corresponding to the other reception buffer and the number of transmission blocks (common) is set in advance as transmission / reception parameters. Send / receive parameter setting processing,
If the transmission / reception parameter setting process is not performed during the data encryption process, and transmission is possible using all the reception buffers of the reception destination based on the number of transmission blocks (common), the above difference, and the length of untransmitted data, the transmission block The number of (uncommon) or more untransmitted data is transmitted, and a data encryption process for performing a cryptographic operation based on the number of transmitted blocks and a fraction is executed.

Further, in a modification of the present embodiment, the cryptographic communication system 100 that performs cryptographic computation using a common key cryptographic algorithm in at least one of the devices,
Based on the lengths of the reception buffer and the transmission buffer, the difference between the maximum number of transmission blocks (common) and the length corresponding to the other reception buffer and the number of transmission blocks (common) is set in advance as transmission / reception parameters. Send / receive parameter setting processing,
The transmission / reception parameter setting process is not performed during the data encryption process, the transmission pattern is set in consideration of the transmission / reception parameter before the encryption process, and the data is transmitted based on the transmission pattern during the encryption process. And a data encryption process for performing a cryptographic operation based on the number of blocks and a fraction.

  In the present embodiment, the encrypted communication data format includes at least a block number and a fraction as a numerical value indicating the data length.

Embodiment 2. FIG.
In the present embodiment, differences from the first embodiment will be mainly described.

  This embodiment assumes a case where the encryption communication device A in FIG. 1 causes the encryption communication device B to determine the authenticity of transmission data. For example, there is a case where some encrypted data is sent from the outside to the encryption communication device A and the encryption communication device B is requested to determine the authenticity of the data. It is assumed that information for determining the authenticity of the encryption data is stored in advance in the encryption communication device B. In the following, the encryption communication device A transmits data to the encryption communication device B, and the data authenticity determination processing (encryption processing (decryption processing) with block encryption of the transmission data is transmitted to the encryption communication device B ( For example, when data is successfully decrypted, or when the value of the decrypted data is a predetermined value, a process of determining that the data is authentic is performed. The data authenticity determination process is an example of a predetermined process that is performed by dividing transmission data into blocks of a certain size.

  FIG. 10 shows that when the encryption communication device A requests the encryption communication device B to determine the authenticity of the data, and the encryption communication device B performs the data authenticity determination, the encryption communication device A and the encryption communication device B It is a block diagram which shows the component of main HW (hardware) which delivers and receives data.

  In FIG. 10, the transmission data memory 211, transmission buffer A, and reception buffer A of the encryption communication device A are the same as those in the first embodiment. Further, the block input unit 213, the cryptographic operation unit 214, the block output unit 215, the reception buffer B, and the transmission buffer B of the cryptographic communication device B are the same as those in the first embodiment. The result storage memory 216, the true / false register 217, and the buffer empty register 218 are the nonvolatile memory 203 of the encryption communication apparatus B or a part thereof, respectively.

  Data for which the authenticity is determined is stored in the transmission data memory 211. Since the data for which the authenticity is determined is large, the control unit 202 of the encryption communication device A cannot transfer all the data to the transmission buffer A, and transfers the data in several times. That is, the control unit 202 of the encryption communication apparatus A inputs the divided data to the transmission buffer A in order. The communication unit 201 of the encryption communication device A communicates data from the transmission buffer A to the reception buffer B. Since the encryption processing unit 205 of the encryption communication apparatus B uses a common key encryption algorithm, it can accept data only in units of blocks. The block input unit 213 and the block output unit 215 are block interfaces. Since the length of the block is smaller than the length of the reception buffer B, the data is sent to the cryptographic processing unit 205 of the cryptographic communication apparatus B in several times. Data input to the block input unit 213 is encrypted by the cryptographic operation unit 214 and stored in the result storage memory 216 via the block output unit 215. When all the data in the reception buffer B is encrypted (decrypted), the buffer empty register 218 is flagged, and the control unit 202 of the encryption communication device B communicates with the communication unit 201 (transmission buffer B) of the encryption communication device B. Through this, the encryption communication apparatus A is notified that the reception buffer B has become empty. In the encryption communication device A, if there is untransmitted data, the control unit 202 again moves the data from the transmission data memory 211 to the transmission buffer A, transmits the data via the communication unit 201, and authenticates the encryption communication device B. Request a decision. When all the data in the transmission data memory 211 is transmitted and all the cryptographic operations are completed, all the results are stored in the result storage memory 216. The control unit 202 of the encryption communication device B determines the contents and sets a true / false flag stored in the true / false register 217. The true / false flag is sent to the encryption communication device A via the communication unit 201 (transmission buffer B).

  Next, the processing flow will be described.

  FIG. 11 is a flowchart showing a processing flow (communication method according to the present embodiment) of the present embodiment.

  In FIG. 11, in step S201, a transmission parameter setting process to be described later is performed. In this process, the transmission parameters of the encryption communication device A are set in order to perform transmission efficiently. In step S202, a data authenticity determination process, which will be described later, is performed. In this process, communication based on the transmission parameter is repeated, long data is sent to the encryption communication device B, and the authenticity determination is performed in the encryption communication device B.

  Next, details of the transmission parameter setting process in step S201 described above will be described with reference to FIG.

  In step S211, the control unit 202 of the encryption communication device A sends a buffer length transmission request to the encryption communication device B via the communication unit 201 of the encryption communication device A. In step S112, the control unit 202 of the cryptographic communication device B receives the request via the communication unit 201 of the cryptographic communication device B. Thereafter, the control unit 202 of the encryption communication device B sends the length of the reception buffer B of the encryption communication device B itself to the encryption communication device A via the communication unit 201 of the encryption communication device B in step S213. In step S214, the control unit 202 of the encryption communication device A receives the length via the communication unit 201 of the encryption communication device A.

  In step S215, the control unit 202 of the encryption communication device A selects the minimum length among the length of the reception buffer B and the length of the transmission buffer A. Further, the control unit 202 of the cryptographic communication apparatus A sets the integer part obtained by dividing the minimum length by the block length of the common key algorithm as the transmission block number N. Here, it is assumed that the minimum length is larger than the block length. In step S216, the control unit 202 of the encryption communication device A determines the difference S between the number of transmission blocks N and the length value obtained by multiplying the length of the block with the minimum length among the length of the reception buffer B and the length of the transmission buffer A. Ask for. This difference S is equal to the length of the buffer that is not used in the smaller one of the reception buffer B and the transmission buffer A when the transmission block number N of data is sent to the encryption communication device B. The control unit 202 of the encryption communication device A sets the transmission block number N and the difference S as transmission parameters.

  Next, details of the data authenticity determination process in step S202 described above will be described with reference to FIG. The data authenticity determination process is performed after the transmission parameter setting process described above.

  In step S <b> 251, the control unit 202 of the encryption communication device A transmits a true / false determination command to the encryption communication device B via the communication unit 201 of the encryption communication device A. The authenticity determination command is a notification to start authenticity determination, and additionally includes a key number to be used, a number for specifying an encryption algorithm, a length of data to be transmitted, and the like as necessary. In step S252, the authenticity determination command is received by the control unit 202 of the encryption communication device B via the communication unit 201 of the encryption communication device B, and the control unit 202 of the encryption communication device B has a setting indicated by the command. Done. For example, a key corresponding to the key number is set, and an encryption algorithm to be used is selected.

  Next, in the encryption communication device A, the control unit 202 starts data transmission in step S253. In step S254, the control unit 202 of the encryption communication device A divides the data from the transmission data memory 211 shown in FIG. At this time, the control unit 202 of the encryption communication apparatus A executes one of the following procedures (f) to (k) in accordance with the relationship between the set number of transmission blocks N, the difference S, and the untransmitted data length D, Data is transferred from the transmission data memory 211 to the transmission buffer A. In step S <b> 255, the communication unit 201 of the encryption communication device A sends the divided data in the transmission buffer A to the encryption communication device B.

  In the following, the number of blocks is M, the block length (length of one block) is L, and the fraction is H. As described above, N is the number of transmission blocks, S is a difference, and D is an untransmitted data length.

(F) When D ≧ N · L + Sa M = N and H = 0. That is, the control unit 202 of the encryption communication device A divides the data by the number of transmission blocks N in step S254 and moves it to the transmission buffer A. Then, the communication unit 201 of the encryption communication device A transmits the divided data transferred to the transmission buffer A in step S255.

(G) When N · L + Sa> D ≧ N · L, M = N + FLOOR (S / L), and H = D−M · L. In this case, of the transmission buffer A and the reception buffer B of the encryption communication device B, untransmitted data within the range of a short buffer (free capacity when N blocks are stored, that is, Sa) If so, the control unit 202 of the encryption communication device A divides (extracts) all untransmitted data in step S254 even if the number of transmission blocks N is exceeded, and moves it to the transmission buffer A. Then, the communication unit 201 of the encryption communication device A transmits the divided data transferred to the transmission buffer A in step S255.

(H) When N · L>D> 0, M = FLOOR (D / L) and H = D−M · L. In this case, the control unit 202 of the encryption communication device A divides (unloads) all untransmitted data in step S254 and moves it to the transmission buffer A. Then, the communication unit 201 of the encryption communication device A transmits the divided data transferred to the transmission buffer A in step S255.

(G) When D = 0 The control unit 202 of the encryption communication apparatus A stops transmission.

  In the encryption communication device B, when the communication unit 201 receives the divided data in step S256, the control unit 202 divides the received data block by block in step S257. Then, the cryptographic processing unit 205 performs cryptographic computation in step S258. The result of the cryptographic operation in step S259 is the result of the block length. That is, one block of encrypted (decrypted) data is obtained. The control unit 202 of the encryption communication device B receives this encrypted data and stores it in the result storage memory 216 in step S260. In the cryptographic communication device B, the processing from step S257 to step S260 is repeated until all the received data is cryptographically computed. In FIG. 13, the repetition range is indicated by “repetition unit 1”.

  Here, before describing the number of repetitions of “repetition unit 1”, the format of data transmission in the present embodiment will be described. The format of data transmission in the present embodiment is the same as that of the first embodiment shown in FIG.

  Since the format as described above is determined for data transmission, “repetition unit 1” is the number of blocks M when the fraction H = 0, and M + 1 when H> 0. When the fraction H exists, that is, when H> 0, the encryption processing unit 205 of the encryption communication device B performs cryptographic operation on data having a length smaller than the block length for the last time of “repetition unit 1”. Will do. Therefore, as in Embodiment 1, the control unit 202 of the encryption communication device B performs padding processing for bits that are less than the block length in step S257.

  As described above, in the present embodiment, the control unit 202 of the encryption communication device A sequentially inputs the data cut out every N blocks from the head of the transmission data to the transmission buffer A (step S254 in FIG. 13). When the data not input to the transmission buffer A among the transmission data is larger than the size of the N blocks, the control unit 202 of the encryption communication apparatus A The data is input to the transmission buffer A at a time (step S254 in FIG. 13). Each time data is input to the transmission buffer A from the control unit 202 of the cryptographic communication device A, the communication unit 201 of the cryptographic communication device A transmits the data from the transmission buffer A to the cryptographic communication device B (step of FIG. 13). S255).

  When “repetition unit 1” is all completed, the result storage memory 216 of the encryption communication device B stores the data for which the cryptographic operation has been completed. Since the reception buffer B is empty, the buffer empty flag in the buffer empty register 218 is counted. The communication unit 201 of the encryption communication device B sends this buffer empty flag (buffer empty notification) to the encryption communication device A in step S261, and the communication unit 201 of the encryption communication device A receives the buffer empty flag in step S262.

  In the cryptographic communication system 100, the processing from step S254 to step S262 is repeated until there is no more data in the transmission data memory 211. In FIG. 13, the repetition range is indicated by “repetition unit 2”.

  When the “repetition unit 2” is all completed, the result storage memory 216 of the encryption communication device B stores all the data for which the cryptographic operation has been completed. In step S263, the control unit 202 of the encryption communication device B determines whether or not the content is authentic, and sets the true / false flag of the true / false register 217. The communication unit 201 of the encryption communication device B sends this authenticity flag (true / false determination notification) to the encryption communication device A in step S264, and the communication unit 201 of the encryption communication device A receives the authenticity flag in step S265. .

  As described above, in this embodiment, the communication unit 201 of the encryption communication device B receives the data by the reception buffer B every time data is transmitted from the encryption communication device A (step S256 in FIG. 13). The control unit 202 of the encryption communication device B outputs the data from the reception buffer B (step S257 in FIG. 13). Each time the data is output from the reception buffer B by the control unit 202 of the encryption communication device B, the encryption processing unit 205 of the encryption communication device B sequentially encrypts (decrypts) the data by block encryption (FIG. 13). Steps S258 and S259). The control unit 202 of the encryption communication device B verifies the data encrypted by the encryption processing unit 205 of the encryption communication device B and determines the authenticity of the transmission data (step S263 in FIG. 13). And the control part 202 of the encryption communication apparatus B notifies the said determination result to the encryption communication apparatus A via the communication part 201 of the encryption communication apparatus B (step S264 of FIG. 13).

  Next, the effect of this embodiment will be described.

  In this embodiment, before performing the cryptographic operation, the size of the reception buffer B of the cryptographic communication device B that is the data receiving side is notified, and the transmission block is set so that the block that is the unit of the cryptographic operation is the largest. Set the number N. As a result, the area of the reception buffer B that is not used for communication can be minimized by the system. This indicates that the number of communication times can be set to the smallest even in the case of a cryptographic communication device having a long data length and having to perform cryptographic operations a plurality of times.

  In the present embodiment, the communication data format further describes the number of blocks and the fraction, and the length of untransmitted data and the reception buffer B (or transmission buffer A) are not used for communication (described above). Compared with the difference S), if unsent data can be transmitted if all the reception buffers B are used, all unsent data is transmitted, and the data is subjected to true / false judgment processing at the receiving destination. Therefore, the number of communications can be further reduced by one.

  In this embodiment, the data authenticity determination process is performed after performing the transmission parameter setting process. However, when the combination of the encryption communication devices is determined, the size of the reception buffer B is known in advance. Transmission parameters may be determined in advance, and during data processing, transmission parameter setting processing may not be performed, and only data authenticity determination processing may be performed.

  In this embodiment, the transmission data division is determined by sequentially considering the length of untransmitted data and the area of the reception buffer B that is not used for communication. However, when handling fixed-length data, Therefore, the division pattern may be determined in advance, and data division may be performed according to the division pattern without performing sequential determination.

  In the description of the present embodiment, an individual device called a cryptographic communication device has been taken as an example, but communication between a one-chip microcomputer chip and a secure microcomputer chip capable of cryptographic operation may be used.

As described above, in the present embodiment, the cryptographic communication system 100 that performs cryptographic computation using the common key cryptographic algorithm in one apparatus is
A transmission parameter setting process for setting, as a transmission parameter, a difference between the length of the reception buffer B of the encryption communication device B that performs the cryptographic operation and the length corresponding to the maximum transmission block in block units and the number of transmission blocks;
From the number of transmission blocks, the above difference, and the length of untransmitted data, if transmission is possible using all receiving buffers B at the receiving destination, untransmitted data equal to or greater than the number of transmitted blocks is transmitted. And performing data encryption processing (data authenticity determination processing) for performing cryptographic operations based on the above.

Further, in a modification of the present embodiment, the cryptographic communication system 100 that performs a cryptographic operation using a common key cryptographic algorithm in one apparatus includes:
A transmission parameter setting process for setting in advance, as a transmission parameter, a difference between the length of the reception buffer B of the encryption communication device B that performs the cryptographic operation and the length corresponding to the maximum transmission block in block units and the length corresponding to the number of transmission blocks;
If the transmission / reception parameter setting process is not performed at the time of data encryption processing, and transmission is possible using the total reception buffer B of the reception destination from the number of transmission blocks, the above difference, and the length of untransmitted data, the number of transmission blocks or more The data encryption processing (data authenticity determination processing) for performing cryptographic operation based on the number of transmitted blocks and the fraction is executed.

Further, in a modification of the present embodiment, the cryptographic communication system 100 that performs a cryptographic operation using a common key cryptographic algorithm in one apparatus includes:
A transmission parameter setting process for setting in advance, as a transmission parameter, a difference between the length of the reception buffer B of the encryption communication device B that performs the cryptographic operation and the length corresponding to the maximum transmission block in block units and the length corresponding to the number of transmission blocks;
The transmission / reception parameter setting process is not performed during the data encryption process, the transmission pattern is set in consideration of the transmission / reception parameter before the encryption process, and the data is transmitted based on the transmission pattern during the encryption process. A data encryption process (data authenticity determination process) for performing a cryptographic operation on the basis of the number of blocks and a fraction is performed.

  In the present embodiment, the encrypted communication data format includes at least a block number and a fraction as a numerical value indicating the data length.

  As mentioned above, although embodiment of this invention was described, you may implement combining 2 or more embodiment among these. Alternatively, one of these embodiments may be partially implemented. Or you may implement combining two or more embodiment among these partially.

1 is a block diagram showing a configuration of a cryptographic communication system according to Embodiment 1. FIG. FIG. 3 is a block diagram illustrating main components that perform data transfer in each communication device when the communication device according to Embodiment 1 causes another communication device to perform data encryption. 2 is a diagram illustrating an example of a hardware configuration of a communication apparatus according to Embodiment 1. FIG. 3 is a flowchart showing a communication method according to the first embodiment. 3 is a flowchart showing a communication method according to the first embodiment. 3 is a flowchart showing a communication method according to the first embodiment. 6 is a diagram showing a format of transmission data according to Embodiment 1. FIG. 6 is a diagram illustrating an example using the communication method according to Embodiment 1. FIG. It is a figure which shows a prior art example. FIG. 10 is a block diagram illustrating main components that exchange data in each communication device when the communication device according to the second embodiment causes another communication device to perform data encryption. 6 is a flowchart illustrating a communication method according to Embodiment 2. 6 is a flowchart illustrating a communication method according to Embodiment 2. 6 is a flowchart illustrating a communication method according to Embodiment 2.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 100 Encryption communication system, 101 Communication data, 200a, 200b Communication apparatus, 201 Communication part, 202 Control part, 203 Non-volatile memory, 204 Random number generator, 205 Encryption processing part, 211 Transmission data memory, 212 Reception data memory, 213 Block input , 214 Cryptographic operation unit, 215 block output unit, 216 result storage memory, 217 true / false register, 218 buffer empty register, 301 header, 302 blocks, 303 fraction, 304 data, 901 display device, 902 operation key, 903 operation Button, 911 CPU, 912 bus, 913 ROM, 914 RAM, 915 communication board, 920 magnetic disk unit, 921 operating system, 922 window system, 923 program group, 924 file Yl group.

Claims (9)

A communication device that transmits data to another communication device and causes the other communication device to perform a predetermined process for dividing the transmission data into blocks of a certain size,
Send buffer A;
Of the transmission buffer A and the reception buffer B provided in the other communication device, the number of blocks that can be stored in a small-capacity buffer is N, and the data cut out every N blocks from the top of the transmission data is the data When data is sequentially input to the transmission buffer A, and the data that has not been input to the transmission buffer A is larger than the size of N blocks among the transmission data, the data can be stored in the small capacity buffer. A control unit that inputs the data to the transmission buffer A at a time;
And a communication unit that transmits the data from the transmission buffer A to the other communication device each time data is input from the control unit to the transmission buffer A.   The communication apparatus according to claim 1, wherein the control unit sets N as a maximum number of blocks that can be stored in the small-capacity buffer. The communication device further includes:
A memory for storing in advance the capacity of the transmission buffer A;
The control unit is notified of the capacity of the reception buffer B from the other communication device, and the capacity of the transmission buffer A stored in the memory and the capacity of the reception buffer B notified from the other communication device The communication apparatus according to claim 1, wherein N is obtained by dividing the minimum value by the size of one block.   The control unit is a control information indicating the number of blocks included in the data and the fraction when the size of the data is divided by the size of one block in the format of data input to the transmission buffer A The communication apparatus according to claim 1, further comprising: The predetermined process is an encryption process using a block cipher,
The communication device further includes:
A receive buffer A;
The control unit, N is the maximum number of blocks that can be stored in the buffer having the smallest capacity among the transmission buffer A, the reception buffer A, the reception buffer B, and the transmission buffer B provided in the other communication device,
The communication unit receives the data by the reception buffer A every time the data transmitted to the other communication device is encrypted by the other communication device and the data is transmitted from the other communication device. ,
The control unit outputs the data from the reception buffer A each time data is received by the reception buffer A, and generates encrypted data of the transmission data by concatenating the data. The communication apparatus according to any one of claims 1 to 4. An encryption communication system comprising the communication device according to any one of claims 1 to 5 and the other communication device,
Each time data is transmitted from the communication device, the other communication device receives the data by the reception buffer B, outputs the data from the reception buffer B, and sequentially encrypts the data by block cipher. And transmitting the data to the communication device. An encryption communication system comprising the communication device according to any one of claims 1 to 4 and the other communication device,
Each time data is transmitted from the communication device, the other communication device receives the data by the reception buffer B, outputs the data from the reception buffer B, and verifies the data by block cipher. An encryption communication system, wherein authenticity of the transmission data is determined and the determination result is notified to the communication device. A communication method using a communication device that transmits data to another communication device and causes the other communication device to perform a predetermined process for dividing the transmission data into blocks of a certain size,
The control unit included in the communication device has N as the number of blocks that can be stored in a small-capacity buffer among the transmission buffer A included in the communication device and the reception buffer B included in the other communication device, and the transmission data Data cut out every N blocks from the beginning is sequentially input to the transmission buffer A, and the capacity of the capacity is not affected even if the data not input to the transmission buffer A is larger than the size of N blocks among the transmission data. A first step of inputting the data to the transmission buffer A at a time when the data can be stored in a small buffer;
A communication unit included in the communication device includes a second step of transmitting the data from the transmission buffer A to the other communication device each time data is input to the transmission buffer A in the first step. A communication method characterized by the above. A communication program executed by a communication device that transmits data to another communication device and causes the other communication device to perform a predetermined process in which the transmission data is divided into blocks of a certain size. ,
Of the transmission buffer A provided in the communication device and the reception buffer B provided in the other communication device, N is the number of blocks that can be stored in a buffer having a small capacity, and is cut out every N blocks from the head of the transmission data. The received data is sequentially input to the transmission buffer A, and the size of the transmission data that can be stored in the small buffer even if the data not yet input to the transmission buffer A is larger than the size of N blocks. A control process for inputting the data to the transmission buffer A at a time;
A communication program for causing a computer to execute a communication process for transmitting the data from the transmission buffer A to the other communication device each time data is input from the control process to the transmission buffer A.

Images