JP3172398B2 - Communication device and communication system - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication device used in a multimedia network or the like, and more particularly, to a communication device configured to charge a communication service for encrypted confidential information and a communication using the communication device. It is about the system.

[0002]

2. Description of the Related Art In recent years, with the development of optical fiber networks in trunk communication networks, the spread of cable television systems, the practical use of satellite communications, and the spread of local area networks, the use of such communication networks has led to the use of images, voice, and computers. The so-called information service industry, which provides various information such as data and collects fees according to the content and amount of the information, is increasing. In such a service, it is important to appropriately charge the provided information. However, the conventional billing system is a monthly billing system irrespective of the frequency of use, such as a cable television system or a satellite broadcast, or a frequency of use irrespective of the type and quality of information (or In many cases, the billing method only counts the usage time.

[0003] On the other hand, in such a communication network, it is important to transmit information safely, and as a means therefor, a method of encrypting and transmitting information has been proposed.
Hereinafter, a conventional encryption method and an information providing service using the encryption method will be described.

[0004] First, a conventional encryption system will be described.
DES (Data Encryption Stand)
ard) encryption and FEAL (Fast data Enc)
The conventional algorithm public key block cipher represented by the algorithm ALgorithm) has a drawback that when a set of ciphertexts and plaintexts with the same key is output more than a certain number, the key can be analyzed. In order to eliminate this disadvantage, as shown in FIG. 16, the key is updated by a computationally secure pseudorandom number at any time before a set of ciphertexts and plaintexts required for the analysis is output, thereby analyzing the key. Encryption schemes that make encryption more difficult (literature: Yamamoto, Iwamura, Matsumoto, Imai: "Practical encryption scheme using square-type pseudorandom number generator and block cipher", IEICE Technical Report, ISE
C93-29, 1993-08).

Next, the DES encryption will be briefly described.
The DES encryption is a typical algorithm public type common key block encryption widely used mainly by financial institutions at present. FIG. 19 shows a flowchart for performing DES encryption. DES performs encryption (decryption) in units of 64-bit data blocks. The key length is 56 bits. The encryption algorithm is based on transposition (replace the bit position of the input bit) and substitution (replace the input value with another value). In the encryption (decryption) of the DES encryption, the bit pattern of the plaintext is mixed by converting the transposition and the substitution appropriately in 16 stages, thereby converting the plaintext into an indecipherable ciphertext. In decryption,
Conversely, the original plaintext is restored by stirring. The parameter of this stirring method is a 56-bit key.

A pseudo-random number sequence that is computationally safe means that if there is a polynomial time algorithm that predicts a subsequent pseudo-random number sequence from a part of the pseudo-random number sequence, it is difficult to use in terms of computational complexity. Refers to a pseudo-random number sequence that has been proven to be able to construct a polynomial time algorithm for the problem being said. That is, a pseudo-random number sequence that is secure in terms of computational complexity is a sequence in which it is extremely difficult to predict subsequent sequences from the output sequence in terms of computational complexity. This is because C. Yao, "Theory and Appl
i-ations of Trapdoor Fun
ctions. "Proceedings of the
e 23rd IEEE Symposium on
Foundations of Computer S
science, IEEE, pp. 80-91, 198
2. Or, M. Blum and S.M. Micali,
“How to Generate Cryptogr
aphaly Strong Sequence
s of Pseudo-Random Bits "P
rc 22nd FOCS, IEEE, pp. 112
-117, 1982. Etc. are discussed in detail. Algorithms for generating pseudorandom numbers that are secure in terms of computational complexity include those described in the document "Cryptography and Information Security" (Tsujii, Kasahara, 1990, Shokosha, p. 86). There are known ones using a square-type random number, RSA encryption, discrete logarithm, and reciprocal encryption.

FIG. 16 shows an apparatus for performing an encryption method, which comprises a pseudo-random number generator 10, an arithmetic unit 20, and a block encryptor 30. As an algorithm of the block cipher 30, a block cipher such as a DES cipher or a FELA cipher is used. The block encryptor 30 encrypts plaintext and decrypts ciphertext. The pseudorandom number generator 10 generates a pseudorandom number according to a pseudorandom number generation algorithm that is safe in terms of computational complexity. In general, a pseudo-random number sequence b ₁ , b
_2, ... are generated from initial value x ₀ according to the following equation. x _{i + 1} = f (x _i ) (i = 0, 1,...) (1) b _{i + 1} = g (x _{i + 1} ) (i = 0, 1,...) () 2)

As shown in FIG. 17, the pseudo-random number generator 10 includes a processing circuit 11 for performing a feedback operation of the equation (1) and a processing circuit 12 for performing an operation of the equation (2). Therefore, the operation of the pseudo random number generator 10 is as follows. 1. The initial value x ₀ is input to the pseudo random number generator 10. 2. X ₁ , x ₂ ,..., X _i are generated by equation (1). 3. X _1, x ₂ produced, ..., perform the formula (2) with respect to x _i, resulting b _1, b ₂ ..., and outputs a b _i as a pseudo-random number.

Further, the arithmetic unit 20 shown in FIG. 16 converts the obtained b ₁ , b ₂ ,..., B _i into a key sequence of a block cipher. Each key of the block cipher is a bit string having a length determined by the algorithm of the block cipher to be used. For example, pseudo-random number sequences b ₁ , b ₂ ,.
It is generated by dividing _i by its bit length.
In FIG. 16, M _uv (u = 1, 2,..., T; v = 1,
, S) denote the plaintext block as k _u (u = 1, 2,
.., T) are the keys of the block cipher and k _u (M _uv ) (u =
1,2, ..., t; v = 1,2, ..., s) denotes a ciphertext block obtained by encrypting the encryption key k _u plaintext block M _uv. Here, it s blocks from M _u1 to M _us are encrypted with the same key k _u.

By using the key sequences k ₁ , k ₂ ,... Updated by the pseudorandom number generator 10 and the arithmetic unit 20 in this order as a block cipher key, the plaintext block in FIG. Be transformed into According to the above-described conventional encryption method, the number of plaintext blocks encrypted with the same key can be limited, and key analysis can be made difficult.

Next, an information providing service using a conventional encryption method will be described. As shown in FIG. 18, the cryptographic communication network in which the information providing service is realized includes an information providing center 40 and users A, B,. The information providing center 40 and the users A to M share a unique and secret key in advance. K _A , K _B , ...,
K _M is a key shared between the information providing center 40 and the user A, a key shared between the information providing center 40 and the user B,..., Shared between the information providing center 40 and the user M. Indicates the key that is being used.

Further, the information providing center 40 and each of the users A to M are encrypted (and decrypted) according to an algorithm determined in the network as shown in FIG.
, A pseudorandom number generator 10 that generates a computationally safe pseudorandom number according to an algorithm determined by the network, and a pseudorandom number output from the pseudorandom number generator 10. It has a communication terminal provided with a computing unit 20 for converting a key string.

For example, when the user A receives information from the information providing center 40, an information providing service using a conventional encryption method is performed in the following procedure. 1. The user A requests the information providing center 40 to provide necessary information. 2. The information providing center 40 sets the secret key K _A shared in advance with the user A in the pseudo random number generator 10 as an initial value of the communication and operates the pseudo random number generator 10;
Generates a pseudorandom sequence that is computationally safe. Further, the generated pseudo-random number sequence is converted into a block cipher key sequence by the arithmetic unit 20. The information provided by the block encryptor 30 is encrypted by using these keys while being updated as needed as a block cipher key, and the encrypted information is transmitted to the user A.

3. The user A sets the secret key K _A previously shared with the information providing center 40 in the pseudo-random number generator 10 as an initial value of this communication, and
To generate a pseudorandom number sequence that is computationally safe. Further, the generated pseudo-random number sequence is converted into a block cipher key sequence by the arithmetic unit 20. These are used while being updated as needed as a key of the block cipher, and the block cipher 30 is used.
Decrypts the received sentence from the information providing center 40 to obtain the provided information.

According to the above-mentioned procedure, the information providing service is provided between the information providing center 40 and each of the authorized users A to M sharing the key. By providing information in this procedure, the information providing center 40 can provide the information confidentially to users other than the user who wants to send the information. Therefore, the user who sent the information can be charged for the information providing service. However, when the information providing center 40 charges the information providing service in such a procedure, conventionally, as described above, the information providing center 40 simply charges based on the communication time regardless of the type and quality of the information, or performs the information provision once. There were many methods to charge each time.

[0016]

As described above, by providing an information providing service for concealing information by the conventional encryption method, it is possible to charge the side to which the information has been provided. However, it is difficult for a conventional accounting method that does not depend on the type and quality of information and services as described above to cope with various information and services that are expected to spread further in the future.

For example, it is conceivable that information provided by an information providing center generally provides not a single kind but a wide variety of information. A wide variety of information has different values,
The conditions charged for the information providing service should be different depending on the difference in the value. Also, even if the amount of information is simply considered, the amount of information of moving image information is orders of magnitude greater than that of text information. In the case of a billing method according to the amount of information, use of moving image information is provided. Would have to pay several orders of magnitude more than the information provision fee for text information, but such a fee system is impractical. The charging method in the conventional information providing service has the above problems.

The present invention has been made in view of the above-described circumstances, and has as its object to provide a billing system that can make use of features such as the type and quality of information and services.

[0019]

According to the first aspect of the present invention, there is provided an encryption transmitting means for encrypting and transmitting data, a counting means for counting the amount of the encrypted data, and a count value of the counting means. Charging means for charging a user of the data in accordance with.

According to a second aspect of the present invention, there is provided an encryption transmitting means for encrypting and transmitting data in units of blocks, a counting means for counting the number of the blocks to be encrypted, and a counting means for counting the number of blocks. Charging means for charging a user of the data.

According to a third aspect of the present invention, there is provided an encryption transmitting means for encrypting and transmitting data, a counting means for counting the number of encryption keys used for the encryption, and And a charging unit for charging a data user.

According to a fourth aspect of the present invention, there is provided an encryption transmitting means for encrypting and transmitting data while updating an encryption key,
There are provided counting means for counting the number of feedback operations performed for updating the encryption key, and charging means for charging a user of the data according to the count value of the counting means.

In the invention according to claim 8, a transmitting terminal device having an encryption transmitting means for encrypting and transmitting data,
A receiving terminal device having decryption receiving means for receiving and decrypting the encrypted data,
The transmitting terminal device is configured to charge the receiving terminal device according to the operation of the encryption transmitting means.

[0024]

According to the present invention, billing information is calculated based on information indicating the number of calculations performed at the time of encryption, that is, information indicating the number of data, the number of blocks, the number of encryption keys, the number of feedback calculations, and the like. The information providing center determines in advance the fee per unit according to the type and quality of the information and the user provides the information providing center with the fee for the information providing service according to the type, quality and quantity of the information provided. Can pay.

Thus, the information providing center can determine the charge for the provided service according to the quality of the provided information. In addition, since the fee is charged for each unit, even if the user who receives the information provides information that is different from the expected information, it is possible to minimize the damage by promptly canceling the provision. It is advantageous.

[0026]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments 1 to 5 of the present invention will be described below with reference to the drawings.

(Embodiment 1) In this embodiment, as shown in FIG. 1, an information providing center 40 is a block encryptor (hereinafter simply referred to as an "encryptor") that performs encryption (and decryption) according to an algorithm determined by a network. The communication terminal 50 includes a counter 51 for counting the number of encrypted blocks. Since the user does not need the counter 52 provided in the communication terminal 50 of FIG. 1, the communication terminal used by the user has a configuration in which the counter 52 is removed from the communication terminal 50 used by the information providing center. Use something. However, when it is desired that the user terminal also obtains information on the usage fee of the information providing service, the terminal having the same configuration as the communication terminal 50 of FIG. 1 may be used.

The encryptor 51 is the same as that shown in FIG.
Can be used as it is. The data input to the encryptor 51 is
Input in synchronization with the clock that is operating
The counter 52 can count the number of encrypted blocks by counting the number of clocks operating the encryptor 51. Further, before operating the encryptor 51 to perform encryption, the value of the counter 52 is reset by a reset signal. When the encryption is completed, the value of the counter 52 is read, and a fee is charged based on the read value.

The encryption communication network in which the information providing service is realized is composed of an information providing center 40 and users A to M as shown in FIG. Advance unique and secret key K _A is between an information providing center 40 the user A~M, K _B, ..., share the K _M, respectively. The sharing of the key can be realized by the information providing center 40 setting the key in advance. Or the cited document "Cryptography and Information Security" (by Tsujii and Kasahara, 19
Published in 1990, Shokosha Co., Ltd., 72-73, 97-10
It can also be realized by a well-known key sharing scheme as described in 4).

In the information providing center 40, the number of encrypted blocks is counted by the counter 52, and charging is performed according to the number. According to this procedure, it is possible to provide a billing method that can make use of characteristics such as the type and quality of information. In other words, the information providing center 40 determines the fee per block for the information to be provided in advance in accordance with the type and quality of the information, so that the information providing center 40 does not have to simply rely on the communication time as in the related art. In addition, flexible charging can be performed for each piece of information according to its value. In addition, the user can pay the information providing service to the information providing center 40 according to the type, quality, and amount of the provided information. In addition, since the fee is charged for each unit, even if the user who receives the information does not know exactly the content of the information that he / she wants to provide, he / she can provide a small amount of information for the time being to minimize the damage. It can be advantageous.

(Embodiment 2) In this embodiment, the information providing center 40 includes an encryptor 51 for encrypting (and decrypting) according to an algorithm determined by the network, as shown in FIG. Key generator 53 for generating the key of
A communication terminal 50 including a counter 52 for counting the number of encryption keys used for encryption is used. Since the communication terminal used by the user does not require a counter, the communication terminal used by the information providing center 40 has a configuration obtained by removing the counter 52 from the communication terminal 50. However, if the user wants to know the information on the usage fee of the information providing service, the same configuration as in FIG. 2 may be used.

As shown in FIG. 18, the cryptographic communication network on which the information providing service is realized is an information providing center 4.
0 and users A to M. The counter 52
And the encryptor 51 of the first embodiment can be used.

The key generator 53 generates a key to be used for the encryptor 51 from the key shared in FIG. 18 according to an algorithm determined by the network. Counter 52
By counting the number of clocks operating the key generator 53, the number of used encryption keys can be counted. Further, before operating the encryptor 51 to perform encryption, the value of the counter is reset by a reset signal. When the encryption is completed, the value of the counter 51 is read, and a fee is charged based on the read value.

(Embodiment 3) In this embodiment, as shown in FIG. 3, the information providing center 40 includes a block encryptor 51 that performs encryption (and decryption) according to an algorithm determined by the network, and a block encryptor 51 that determines by the network. A pseudo-random number generator 54 that generates a pseudo-random number that is computationally secure in accordance with the given algorithm, a calculator 55 that converts the pseudo-random number output from the pseudo-random number generator 54 into a key sequence of an encryptor, A communication terminal 50 having a counter 52 for counting how many times the feedback operation required to generate a safe pseudo-random number has been performed since the start of communication. still,
The number of times the feedback calculation necessary for generating a pseudo-random number that is safe in terms of computational complexity since the start of communication is performed is referred to as the number of pseudo-random number generation calculations.

The counter 52 counts the number of clocks for operating the pseudorandom number generator 54, so that the number of times of performing the feedback operation can be counted. Also, as described later, the encryption device 5 is used to perform encryption.
Before the operation of the counter 5, the counter 5 is reset by a reset signal.
Reset the value of 2. When the encryption is completed, the value of the counter 52 is read, and a fee is charged based on the read value.

Since the user does not need a counter, the communication terminal 60 used by the user has a configuration in which the counter 52 is removed from the communication terminal 50 used by the information providing center 40, as shown in FIG. Is used. When the user also wants to know the information of the usage fee, the same configuration as the communication terminal 50 of FIG. 3 may be used. In that case, a display device 56 for displaying the usage fee can be provided as shown in FIG.

In the user's communication terminal 60 shown in FIG. 11, the unit fee sent from the information provider is stored in the buffer 57, as described in [Procedure for Providing Information According to the Present Invention] described later. In advance, based on the unit charge held in the buffer 57 and the number of pseudo-random number operations read from the counter 52, the charge of the information providing service is calculated by the same charge calculation described in [Charging procedure according to the present invention] described later. The calculated value is displayed on the display device 56. When the display device 56 is provided, the user can later confirm whether or not the usage fee charged from the information providing center 40 is legitimate.

The encryptor 51, the pseudo-random number generator 54, and the arithmetic unit 55 can be the same as those described in the prior art of FIG. Further, an encrypted communication network shown in FIG. 18 is used.

In this embodiment, the pseudo random number generator 54
Then, encryption (decryption) is performed while updating the block cipher key for each s blocks using the key sequence generated by the arithmetic unit 55. s is determined by a pseudo-random number generation speed realized by the pseudo-random number generator 54 and an encryption (decryption) speed realized by the block cipher (for details, refer to the above document 1).
See). In a system where s is determined, the number of times the pseudo-random number generator 54 performs the feedback operation is almost proportional to the amount of information to be encrypted (decrypted). Similarly, the number of block cipher keys used for updating when encrypting information is almost proportional to the amount of information to be encrypted (decrypted).

Therefore, when charging is performed in proportion to the amount of encrypted information, (a) one block and (b) one key are used as units of the amount of information for performing charging. (C) The amount of encryption (decryption) during one feedback operation is considered.

In the present embodiment, the unit of the amount of information for billing is the amount to be encrypted (decrypted) during the one-time feedback operation of (c). The other cases (a) and (b) will be described in a fourth embodiment described later. That is, in the present embodiment, a fee is charged each time the pseudorandom number generator 54 performs the feedback operation once.

In the present embodiment, each user A of the cryptographic communication network of FIG.
-M each have a portable storage device 70 as shown in FIG. The portable storage device 70 stores the secret key of the owner of each portable storage device 70 necessary for the encrypted communication. If the secret key is disclosed to anyone other than the owner, secret communication will not be possible and a reliable information provision service will not be realized. In consideration of the above, the portable storage device 70 is provided for each user separately from the communication terminal 50 of the user.

If a physically secure area can be secured for each user, the portable storage device 70 may be a part of the communication terminal 60. In this case, the portable storage device 70 is used for encryption communication for each user. The available communication terminals 60 are limited. As in the present embodiment, the communication terminal 60 and the portable storage device 70 are separated from each other, and the communication terminal 60 does not store the secret information of each user.
Even if 0 is used, the user's secret information can be exchanged via his / her portable storage device 70 and used for encrypted communication, which is convenient.

As shown in FIG. 5, the portable storage device 70 is capable of exchanging information with the communication terminal 60 via a secure communication path, and stores a physically secure area in the storage means 71. Have as. Only authorized owners can operate the portable storage device 70 normally.
It is determined whether or not the user is a legitimate owner by authentication procedures such as a password. The portable storage device can be realized by an IC card or the like.

The information providing center 40 is configured as shown in FIG. 6, and includes a communication terminal 50, a database 41 storing information to be provided, and a unit amount of provided information. It has at least one billing device 42 for billing and at least one storage device 43 in which information on secret keys and usage amounts of all users required for encrypted communication is stored. In FIG. 6, in order to be able to provide information to a plurality of users at the same time, a plurality of communication terminals 5 are provided.
0 is provided. When a larger-scale information providing system is constructed, a plurality of databases 41, accounting devices 42, and storage devices 43 may be provided.

The database 41 is configured as shown in FIG. 7, and stores information to be provided to the user and a fee per unit amount of the information. A fee per unit amount that differs for each piece of this information is referred to as a unit fee. It is also assumed that each information is given a name so that the user can specify it.
Such a database 41 can be easily configured with an existing database.

The storage device 43 is configured as shown in FIG. 8, and includes, for each user who subscribes to the information providing network, a key storage area in which a secret key required for performing cryptographic communication is stored; There is an accumulated amount storage area in which the accumulated amount of the usage fee for a certain period is stored. This period will be referred to as a usage fee totaling period. The usage fee aggregation period is set to, for example, one month. The information providing center 40 calculates a fee for the information providing service for each user within the usage fee totaling period based on the accumulated amount of each user in the accumulated amount storage area, and charges each user. After a certain usage fee totaling period, the usage amount for each user in the usage totaling period stored in the accumulated amount storage area is moved to another storage means as information for backup, and the accumulated amount storage area is stored. Is reset for each user.

The billing device 42 is configured as shown in FIG. The billing device 42 performs a billing calculation for the information currently provided, and can extract unit fee information from the database 41, and further extracts the number of pseudo random number generation calculations from the counter 52 of the communication terminal 50 at the end of communication. be able to. Further, a charge for information provision is calculated from the unit charge information and the number of pseudorandom number generation operations, and the new charge is calculated by adding the charge to the accumulated charge of the user who provided the information stored in the storage device 43. Then, the new accumulated amount is written in the accumulated amount storage area of the user in the storage device 43.

Next, a description will be given of a block cipher used in a communication terminal and an algorithm for generating a pseudorandom number which is secure in terms of computation amount in this embodiment. In this embodiment, a DES cipher is used as an algorithm of a block cipher, and a square-type pseudo random number is used as an algorithm for generating a pseudo random number which is secure in terms of computational complexity. The DES cipher is a common key block cipher having a block length of 64 bits, and the key is 56 bits. The square-type pseudo-random number sequence is a pseudo-random number sequence b ₁ , b ₂ ,... Generated by the following procedure.

[Square-type pseudorandom number sequence] p and q are expressed as p {q}
3 (mod 4), N = p · q, an initial value x ₀ (an integer of 1 <x ₀ <N−1) and a recursive expression x _{i + 1} = x _i ² mod N (i = 0, 1 ,... (3) b _i = lsbj (x _i ) (i = 1, 2,...) (4) The bit sequence b ₁ , b ₂ ,. It is called a pseudo-random number sequence. Here, lsbj (x _i ) represents the lower j bits of x _i , and when the number of bits of N is n, j
= O (log ₂ n). The square-type pseudo-random number sequence is N
Is a computationally safe pseudo-random number sequence under the assumption that the problem of determining the quadratic residue in is computationally difficult.

FIG. 10 shows a pseudo random number generator 54 for generating this square type pseudo random number sequence. In order to make the square-type pseudorandom number sufficiently secure, the number of bits n of the modulus N of the square operation expression (3) is set to 512 bits. Further, the keys (initial values of the pseudo-random number generators) K _A , K _B ,... Secretly shared in advance between the information providing center and each subscriber are 1 <K
_A, K _B, ... <and N-1.

In FIG. 18, the user A requests the information providing center 40 to provide certain information, and the information providing center 40 sends the information to the user A.
The procedure in which the user charges the user A for the information providing service is performed as follows. The user A has already received the information provision from the information providing center 40 several times during the current usage fee totaling period, and as a result, within the current usage fee totaling period of the user A in the accumulated amount storage area of the storage device 43. Is accumulated _A. It is also assumed that the name of the information requested by the user A to be provided is Info. Further, it is assumed that the unit fee of Info (charge per feedback operation) is UC _Info . User A
Knows the name Info of the information and the unit charge UC _Info in advance, but does not have accurate information about the contents, and therefore requests the information provision center 40 to provide a part of the Info for the time being. It is assumed that the information amount of the portion has a size that is necessary to perform the feedback operation of Expression (3) i times in order to perform the encrypted communication.

In the following description, the authorized user A is authenticated by his / her portable storage device 70 and the portable user 7
0 is set so as to be able to communicate with the communication terminal 60 in an operable state. It is also assumed that the user A is a legitimate user who has been authenticated as A by the information providing center 40. These two authentications can be sufficiently realized by a known authentication technique.

[Procedure for Providing Information According to the Present Invention] The user A requests the information providing center 40 to provide Info. At the same time, let them know which part of it you want to provide. 2. The information providing center 40 calculates the fee for the information providing service from the unit charge UC _{Info of Info} and the requested portion of the user A in response to the request for providing Info from the user A,
The calculated fee information is sent to the user A. When the user uses the communication terminal 60 of FIG. 11, the unit charge UC
Send _Info .

3. User A receives the charge information and
If the user can be satisfied with the provision of the required portion of nfo at the charge, the information providing center 40 is requested to provide Info. When the user uses the communication terminal 60 of FIG. 11, the received unit charge UC _Info is stored in the buffer 57. If you are not convinced, Inf
Informing that the provision of o has been canceled, the procedure ends.

Next, the user A sends the information
The following procedure is continued when the provision of nfo is requested. [Procedure of information provision according to the present invention (related to information provision center)] The counter 52 of the communication terminal 50 used for communication with the user A is reset to zero. 2. The secret key K _A held in the key storage area of the user A in the storage device 43 is set in the pseudo random number generator 54 in the communication terminal as an initial value x ₀ for pseudo random number generation. 3. The pseudo-random number generator 54 of the communication terminal 50 used for communication with the user A is operated to generate a pseudo-random number sequence that is secure in terms of computational complexity.

4. The pseudo-random number sequence generated by the arithmetic unit 55 is converted into a block cipher key sequence. 5. Using the key string output from the arithmetic unit 55 while updating it as a key of the block cipher, the encryptor 51 converts the requested part of Info into a ciphertext. At the end of the encryption, the number of pseudo random number generation calculations indicated by the counter 52 of the communication terminal 50 has been counted up to i.

[Procedure for Providing Information According to the Present Invention (User A
Related)] 1. The secret key K _A held in the portable storage device 70 is set in the pseudo random number generator 54 in the communication terminal 60 as an initial value x ₀ for pseudo random number generation. 2. The pseudo random number generator 54 of the communication terminal 60 is operated,
Generates a pseudorandom sequence that is computationally safe. 3. The pseudo-random number sequence generated by the arithmetic unit 55 is converted into a block cipher key sequence. 4. The ciphertext is converted to plaintext by the encryptor 51 by using the key string output from the arithmetic unit 55 while updating the keystring as a block cipher key.

Next, a charging procedure after the provision of Info from the information providing center is completed will be described. [Charging Procedure (Regarding Information Providing Center) According to the Present Invention] The billing device 42 extracts the unit charge information UC _Info of Info from the database 41, and extracts the pseudo random number generation operation count i from the counter 52 of the communication terminal 50 that has been communicating with the user A. 2. The billing device 42 calculates the information provision fee from the unit fee information UC _Info and the pseudo random number generation operation count i. In this case, the fee is i × UC _Info . 3. The billing device 42 calculates the new accumulated amount Charge _A + i × UC _Info by adding the charge i × UC _Info to the accumulated amount Charge _A of the user A held in the storage device 43, and calculates the user of the storage device 43. The new accumulated amount Charge _A + i × UC _Info is written in the accumulated amount storage area of _A.

The information providing center charges a fee to each user based on the accumulated amount of money for each user every time the above-mentioned usage fee totaling period ends. Further, when the usage fee totaling period ends, the usage amount for each user in the usage totaling period stored in the cumulative price storage area is moved to another storage means as information for backup, and the cumulative total amount storage is performed. The usage fee for each user of the area is reset.

According to the above-described procedure, it is possible to provide a billing system that can make use of characteristics such as the type and quality of information. In other words, the information providing center 40 pre-determines the fee per unit for the information to be provided according to the type and quality of the information, so that the information providing center 40 does not have to simply rely on the communication time as in the related art. In addition, flexible charging can be performed for each piece of information according to its value. Also, the user can pay the fee for the information providing service to the information providing center according to the type, quality, and quantity of the provided information.

[0062] Also, since a fee is charged for each unit, even if the user who receives the information does not know exactly the content of the information desired to be provided, the user is requested to provide a small amount of information for the time being. This is advantageous because damage can be reduced.

In the above [charging procedure according to the present invention], the charge per feedback calculation is used as the unit charge information UC _Info , but the unit charge information is set as the charge per feedback calculation multiple times (for example, w times). The billing method of the present invention also includes a method of calculating a fee for an information providing service in which a fee is charged every time the number of pseudorandom number generation operations becomes a multiple of w.

Further, in the above [Procedure for Providing Information According to the Present Invention], the obtained pseudo-random number sequence is divided by the bit length (56 bits) of the key of the DES encryption by the arithmetic unit 55, and is used as the key of the DES encryption. As a method of use, there is a method in which the bit length (56 bits) of the key of the DES encryption is divided before the pseudo-random number sequence and used in order as the key of the DES encryption. In addition, the pseudo-random number series is
Any method may be used as a method for converting to a key string of the ES encryption as long as the method is common to the network in which the information providing service is provided.

Further, the number of blocks to be encrypted (decrypted) by one key may be any number as long as it is common to the network in which the information providing service is provided. Also, b _i can use the number of bits determined by equation (4). Furthermore, although the modulus N of the square operation was set to 512 bits,
Any number of bits may be used as long as it is sufficiently secure in terms of computational complexity.

In this embodiment, the DES cipher is used as the block cipher. However, the present invention is not limited to the DES cipher, and any common key cipher can be used.
Encryption can also be used. Further, although one DES encryptor is used as the encryptor 51, a plurality of DES encryptors may be used, or DES encryption and FEAL encryption may be combined.

Furthermore, although the square-type pseudorandom number is used as an algorithm for generating a pseudorandom number which is secure in terms of computational complexity, any algorithm can be used as long as it is a pseudorandom number generation algorithm which is secure in terms of computational complexity. As described in the above-mentioned document "Cryptography and Information Security" (by Tsujii and Kasahara, issued in 1990, Shokosha Co., Ltd., paragraph 86), RSA
Those using encryption, discrete logarithm, or reciprocal encryption can also be used for the pseudo random number generation algorithm of the present invention.

(Embodiment 4) As described in Embodiment 3, when charging in proportion to the amount of encrypted information is considered, the unit of the amount of information for performing charging is as described in (a) above.
(B) and (c) are conceivable, and the third embodiment has described the case of "amount (encrypted (decrypted) during one feedback operation of (c)"). In the present embodiment, another (a)
(B) Two cases. FIG. 12A illustrates a communication terminal in the case of “one block”, and FIG. 13B illustrates a “1 block”.
The amount that is encrypted (decrypted) while two keys are used "
Shows the communication terminal 50 in the case of.

In the communication terminal 50 of FIG. 12, an encryptor 51 that performs encryption (and decryption) according to an algorithm determined in the network, and generates a pseudorandom number that is computationally secure in accordance with the algorithm determined in the network. A pseudo-random number generator 54, an arithmetic unit 55 for converting the pseudo-random number output from the pseudo-random number generator 54 into a key sequence of an encryptor,
And a counter 52 for counting how many blocks have been encrypted to provide information.

In the communication terminal 50 shown in FIG. 13, an encryptor 51 for performing encryption (and decryption) according to an algorithm determined on the network and a pseudorandom number which is computationally secure according to the algorithm determined on the network are generated. A pseudo-random number generator 54, an arithmetic unit 55 for converting the pseudo-random number output from the pseudo-random number generator 54 into a key sequence of an encryptor,
A counter 52 for counting how many encryption keys are used to provide information.

When the communication terminal 50 shown in FIGS. 12 and 13 is used, the other components of the information communication network are the same as those of the third embodiment. The procedure for providing information is basically the same, but the unit fee of the database 41 of the information providing center 40 is a fee per block or a fee per key. In addition, both communication terminals 50 can have a display device 56 as shown in FIG.

(Embodiment 5) In Embodiment 3, since the key shared between the information providing center 40 and each user is fixed,
When the users are the same, the initial value of the pseudo-random number generator 54 is always the same value, and when the same information is sent, the same ciphertext is generated, so that there is a problem that confidentiality cannot be sufficiently maintained. Therefore, in this embodiment, even if the user is the same, the initial value of the pseudo-random number generator is changed each time the user uses the same, thereby improving security.

Next, a case will be described in which a DES cipher is used as a block cipher algorithm and a square-type pseudo random number is used as an algorithm for generating a pseudo random number which is secure in terms of computational complexity. In this embodiment, the user who provides information and the information providing center 40 include an encryptor 51 that performs encryption (and decryption) according to an algorithm determined by the network, as shown in FIG. A pseudo-random number generator 54 that generates a pseudo-random number that is computationally secure in accordance with a predetermined algorithm, a calculator 55 that converts the pseudo-random number output from the pseudo-random number generator 54 into a key sequence of the encryptor 51, A communication terminal 5 having a counter 52 for counting how many times feedback operation required for generating a quantitatively safe pseudo-random number has been performed since the start of communication;
0 and 60 are used.

In Equations (3) and (4), which are the pseudo-random number generation procedures described in the third embodiment, x _{i + 1} that is successively updated by the feedback operation is replaced by the pseudo-random number generator 5.
4 are called internal variables. As shown in FIG. 15, the pseudo-random number generator 54 of this embodiment includes a processing circuit 54a for performing the feedback operation of Expression (3) and a processing circuit 54b for performing the operation of Expression (4). The internal variable updated by the calculation of 3) can be read.

The read internal variables are stored in the key storage area of the storage device 43 in the communication terminal 50 on the information providing center side, and the holding means 71 of the portable storage device 70 in the communication terminal 60 on the user side. Is stored. In the third embodiment, the data is moved in one direction only by setting an initial value from the storage device 43 to the pseudo-random number generator 54 or from the portable storage device 70 to the pseudo-random number generator 54. The reading of the internal variable of the pseudo random number generator 54 can be performed in the direction. The read internal variable is replaced with the common key used for the current information provision as a common key used for the next information provision. The billing device 42 has the same configuration as that of the third embodiment.

Next, as in the third embodiment, a case will be described in which the user A has the information providing center provide information through the network shown in FIG. Here, it is assumed that the name of the information requested by the user A to be provided is Info, and the amount of requested information needs to perform the feedback calculation of Expression (3) i times in order to perform the cryptographic communication. Let's say that it has only the size [Pre-procedure of information provision according to the present invention]
And [Billing procedure according to the present invention (related to the information providing center)] are the same as those in the third embodiment, and will not be described.

Hereinafter, the user A sends an Inf to the information providing center.
The procedure is continued for the case where the request for providing o has been made. [Procedure of information provision according to the present invention (related to information provision center)] The counter 52 of the communication terminal 50 used for communication with the user A is reset to zero. 2. The secret key K _A held in the key storage area of the user A in the storage device 43 is set in the pseudo random number generator 54 in the communication terminal 50 as the initial value x ₀ for pseudo random number generation. 3. The pseudorandom number generator 54 of the communication terminal 50 used for communication with the user A is operated to generate a pseudorandom number sequence that is safe in terms of computational complexity.

4. The pseudo-random number sequence generated by the arithmetic unit 55 is converted into a block cipher key sequence. 5. Using the key string output from the arithmetic unit 55 while updating it as a key of the block cipher, the encryptor 51 converts the requested part of Info into a ciphertext. At the end of the encryption, the number of pseudo random number generation operations indicated by the counter 52 of the communication terminal 50 is counted as i, and the internal variable is x _i . 6. The storage device 43 stores the internal variable x from the pseudo random number generator 54.
_i, and a secret key K _A for providing information to the next user A in the key storage area of the user A in the storage device 43.
Hold as.

[Procedure for Providing Information According to the Present Invention (User A
Related)] 1. The secret key K _A held in the portable storage device 70 is set in the pseudo random number generator 54 in the communication terminal 60 as an initial value x ₀ for pseudo random number generation. 2. The pseudo random number generator 54 of the communication terminal 60 is operated,
Generate a pseudorandom number sequence that is computationally safe. 3. The pseudo-random number sequence generated by the arithmetic unit 55 is converted into a block cipher key sequence.

4. The ciphertext is converted to plaintext by the encryptor 51 by using the key string output from the arithmetic unit 55 while updating the keystring as a block cipher key. 5. Portable storage device 70 reads the internal variable x _i from the pseudo-random number generator 54, and holds it as a secret key K _A for the next advertisement in the storage means of the portable storage device 70.

According to the above procedure, even when the same user receives information provision, the initial value input to pseudo-random number generator 54 changes every communication for information provision. A sequence is not generated, and even if the same information is provided to the same user, it is encrypted with a different key sequence for each communication, so that the security of the block cipher can be improved.

Also, in the present embodiment, as in the case of the first embodiment, when accounting is performed in proportion to the amount of information encrypted in the present encryption system, the unit of the amount of information for performing accounting is as follows. The above (a), (b) and (c) are considered.

In the present embodiment, in particular, the unit of the amount of information for billing is the amount to be encrypted (decrypted) during one feedback operation of (c). 1
Terminal in the case of “two blocks” and “1” in (b)
The amount that is encrypted (decrypted) while two keys are used "
In this case, the communication terminals 50 and 60 can be configured according to the third embodiment.

Further, each of the communication terminals 50 and 60 can be provided with a display device 56 for displaying the usage fee as in the case of the third embodiment. When the display device 56 is provided, the user can later confirm whether or not the usage fee charged from the information providing center 40 is legitimate.

[0085]

As described above, according to the present invention,
It is possible to provide a billing method that can make use of features such as the type and quality of information and services. In addition, for the information provided by the information providing center, a fee per unit is determined in advance according to the type and quality of the information, and the user can obtain the information according to the type, quality and quantity of the provided information. The fee for the provided service can be paid to the information providing center. Thus, the information providing center can determine the fee for the provided service according to the quality of the provided information. In addition, since the fee is charged for each unit, even if the user who receives the information provides information that is different from the expected information, the provision of the information should be discontinued immediately to minimize the damage. This is advantageous.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a communication terminal according to a first embodiment of the present invention.

FIG. 2 is a block diagram illustrating a communication terminal according to a second embodiment of the present invention.

FIG. 3 is a block diagram illustrating a communication terminal according to a third embodiment of the present invention.

FIG. 4 is a block diagram showing a communication terminal for a user according to Embodiment 3 of the present invention.

FIG. 5 is a block diagram showing a portable storage device according to a third embodiment of the present invention.

FIG. 6 is a block diagram illustrating an information providing center according to a third embodiment of the present invention.

FIG. 7 is a block diagram illustrating a database according to a third embodiment of the present invention.

FIG. 8 is a block diagram showing a storage device according to a third embodiment of the present invention.

FIG. 9 is a block diagram illustrating a billing device according to a third embodiment of the present invention.

FIG. 10 is a block diagram showing a pseudo-random number generator using a square-type pseudo-random number according to Embodiment 3 of the present invention.

FIG. 11 is a block diagram showing a communication terminal having a display device according to Embodiments 1 and 3 of the present invention.

FIG. 12 is a block diagram illustrating a communication terminal according to a fourth embodiment of the present invention.

FIG. 13 is a block diagram illustrating a communication terminal according to a fourth embodiment of the present invention.

FIG. 14 is a block diagram showing a communication terminal according to Embodiment 5 of the present invention.

FIG. 15 is a block diagram showing a pseudo-random number generator using a square-type pseudo-random number according to the present invention.

FIG. 16 is a block diagram showing a conventional encryption method.

FIG. 17 is a block diagram showing a conventional pseudo random number generator.

FIG. 18 is a block diagram illustrating a network in which an information providing service is provided.

FIG. 19 is a flowchart for performing DES encryption.

[Explanation of symbols]

 REFERENCE SIGNS LIST 40 information providing center 41 database 42 billing device 43 storage device 50 communication terminal 51 block encryptor 52 counter 53 key generator 54 pseudorandom number generator 54a feedback operation processing circuit 55 arithmetic unit 56 display device 60 communication terminal 70 portable storage device 71 Holding means

──────────────────────────────────────────────────の Continuation of the front page (51) Int.Cl. ⁷ identification code FI H04L 12/14 H04L 11/02 F (58) Investigated field (Int.Cl. ⁷ , DB name) G09C 1/00-5 / 00 H04K 1/00-3/00 H04L 9/00 G06F 1/00 370 H04H 1/00 H04L 12/00

Claims (12)

(57) [Claims] 1. An encryption transmitting means for encrypting and transmitting data, a counting means for counting an amount of the encrypted data, and a user of the data according to a count value of the counting means. A communication device comprising: 2. An encryption transmitting means for encrypting and transmitting data in block units, a counting means for counting the number of the blocks to be encrypted, and a user of the data according to a count value of the counting means. A communication device comprising: a charging unit that charges a user. 3. An encryption transmitting means for encrypting and transmitting data, a counting means for counting the number of encryption keys used for the encryption, and a user of the data according to a count value of the counting means. A communication device comprising: a charging unit that charges the battery. 4. An encryption transmitting means for encrypting and transmitting data while updating an encryption key, a counting means for counting the number of feedback operations performed for updating the encryption key, and a count value of the counting means. And a billing means for billing a user of the data in accordance with the data. 5. The cryptographic transmission means includes: a cryptographic unit that performs encryption according to a predetermined algorithm; a pseudorandom number generator that generates a pseudorandom number sequence that is computationally secure by performing a feedback operation; The communication device according to any one of claims 1 to 4, further comprising: an operation unit that converts a pseudo-random number sequence output from the generator into a key sequence of the encryptor. 6. The communication device according to claim 1, further comprising display means for displaying a charge amount by said charge means. 7. The communication device according to claim 5, wherein a square-type pseudo-random number generator is used as said pseudo-random number generator. 8. A communication system comprising: a transmission terminal device having an encryption transmission unit for encrypting and transmitting data; and a reception terminal device having a decryption reception unit for receiving and decrypting the encrypted data, The communication system, wherein the transmitting terminal device charges the receiving terminal device according to an operation of the encryption transmitting unit. 9. The communication system according to claim 8, wherein said transmitting terminal device has a charging unit for charging according to an amount of data encrypted by said encryption transmitting unit. 10. The communication system according to claim 8, wherein said transmission terminal device has charging means for charging according to the number of data blocks encrypted by said encryption transmitting means. 11. The communication system according to claim 8, wherein said transmission terminal device has charging means for charging according to the number of encryption keys encrypted by said encryption transmission means. 12. The communication system according to claim 8, wherein said transmission terminal device has a charging unit for charging according to the number of feedback operations encrypted by said encryption transmission unit.