JP3673688B2 - Information communication method, information communication system, information providing apparatus, information requesting apparatus, and control method - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present inventionInformation communication method and information communication systemIn particular, the present invention relates to a technique for managing information provided via a network.
[0002]
[Prior art]
In recent years, with the development of optical fiber networks in mainline communication networks, the practical use of satellite communications, the spread of local area networks (LAN), etc., the contents of communication should not be known to third parties other than those at the time of communication. For this purpose, it is important to build a network system that achieves encryption and secrecy.
[0003]
In addition, the so-called information service industry that collects charges according to the contents and amount of information provided through such communication networks is increasing. For this reason, it is important to record and collect billing information for the provided information at the same time, in addition to the above encryption and secrecy.
[0004]
Conventionally, a method called a common key encryption method and a method called a public key encryption method are known as methods for encrypting and secretizing information in such communication.
[0005]
Details of these are described in detail by D.W.Davies and W.L.Pric, translated by Tadahiro Uesono, "Netto Work Security", published by Nikkei McGraw-Hill (Showa 60), etc.
[0006]
Details will be given in the above-mentioned document, but these methods will be described briefly below.
[0007]
In the common key encryption method, an encryption / decryption key is shared between a transmission terminal and a reception terminal, and information is encrypted / transmitted / decrypted using this key.
[0008]
There are many known encryption methods, from simple sum encryption / transposition encryption to encryption called DES, which is standardized by the US Department of Commerce.
[0009]
In the common key method, a key for encryption / decryption must be determined in advance between the transmission terminal and the reception terminal, and this key must not be known to a third party. This is because if the third party knows this key, the encrypted information can be easily decrypted.
[0010]
On the other hand, the public key encryption method uses a different encryption key and decryption key to be paired, and the encryption key is disclosed to all terminals.
[0011]
Each terminal has a decryption key unique to the terminal. Then, the transmission terminal selects a transmission destination key from the publicly disclosed encryption keys of each terminal, and encrypts and transmits information using this key. On the other hand, the receiving terminal decrypts the information with the decryption key paired with this key.
[0012]
As described above, since a key pair that cannot be used to determine the decryption key from the encryption key is used, even if the encryption key is disclosed, the encrypted information is not decrypted by a third party. It is.
[0013]
In addition, since there is no need to determine a key in advance between the sending and receiving terminals, there is no possibility that a third party will know the key when the key is decided in advance between the sending and receiving terminals.
[0014]
[Problems to be solved by the invention]
However, the conventional example has the following drawbacks.
[0015]
In the common key encryption method,
(1) As described above, the encryption / decryption key must be determined in advance between the transmission terminal and the reception terminal, and the key is obtained by communication for negotiating the encryption / decryption key. There is a known risk.
(2) In order to avoid the above danger, even if the same key is controlled to be used over and over again, the third information is still obtained by comparing a plurality of pieces of information encrypted with the same key. May break through the keys.
(3) Complex encryption such as DES reduces this possibility, but high-speed encryption / decryption becomes difficult, and the amount of data transferred per hour for digitized video signals, etc. Encrypt data with lots of data.
[0016]
In public key cryptography,
(4) High-speed encryption / decryption processing is generally difficult.
[0017]
Both of the above encryption methods have the above-mentioned drawbacks (1) to (4), so that the conventional communication type information that requires high-speed transmission such as a video signal has been conventionally used. It was difficult to encrypt and transmit the data securely.
[0018]
[Means for Solving the Problems]
The present invention has been made for the purpose of solving the above-described problems, and includes the following configuration as one means for solving the above-described problems.
[0019]
  That is, the information communication method of the present invention provides information via a network.Information provisionEquipment,The informationRequest to provideInformation requestAn information communication method in an information communication system having a device,The informationFrom request information that requests provision ofGenerated and encrypted by public key cryptographyRequest information with digital signatureInformation provisionTransmitting to the apparatus; after decrypting the request information with the digital signature by public key cryptography; confirming the digital signature of the request information; after confirming the digital signature of the request information;The informationFrom the key to decryptGenerated and encrypted by public key cryptographyDigitally signed keyInformation requestTransmitting to a device; after decrypting the digital signature key with a public key cryptosystem, confirming the digital signature of the key;The digital signature of the request information is confirmed in the information providing device, and the digital signature of the key is confirmed in the information requesting device.rear,The informationEncrypting and transmitting to the information requesting device.
  In addition, the information communication system of the present invention is connected via a network.Information provision to provide informationapparatusAnd an information request for requesting provision of the informationAn information communication system comprising:Information requestThe deviceThe informationFrom request information that requests provision ofGenerated and encrypted by public key cryptographyRequest information with digital signatureInformation provisionSecond transmission means for transmitting to the apparatus, and second confirmation means for confirming the digital signature of the key after decrypting the key with the digital signature by a public key cryptosystem.Device toSaidInformation provisionThe apparatus, after decrypting the request information with the digital signature by a public key cryptosystem, after confirming the digital signature of the request information, first confirmation means for confirming the digital signature of the request information,The informationFrom the key to decryptGenerated and encrypted by public key cryptographyThe digitally signed keyInformation requestFirst transmitting means for transmitting to the device,The digital signature of the request information is confirmed in the information providing device, and the digital signature of the key is confirmed in the information requesting device.rear,The informationIs encrypted and transmitted to the information requesting deviceIs a deviceIt is characterized by that.
  The information providing apparatus according to the present invention is an information providing apparatus that provides information via a network, and is a digital signature generated from request information for requesting provision of the information and encrypted by a public key cryptosystem. Receiving request information from the information requesting device, means for confirming the digital signature of the request information after decrypting the request information with the digital signature by a public key cryptosystem, and confirming the digital signature of the request information And a means for transmitting a digitally signed key generated from a key for decrypting the information and encrypted by a public key cryptosystem to the information requesting device, and in the information providing device, After the digital signature of the request information is confirmed and the digital signature of the key is confirmed in the information requesting device, the information is encrypted. And transmits the information request device.
  The information requesting device of the present invention is an information requesting device that requests the information providing device that provides information via a network to provide the information, and is generated from the request information that requests the provision of the information, Means for transmitting request information with a digital signature encrypted by a public key cryptosystem to the information providing device, and for decrypting the information after the digital signature of the request information is confirmed in the information providing device. Means for receiving a digital signature key generated from a key and encrypted by a public key cryptosystem from the information providing device; and after decrypting the digital signature key by a public key cryptosystem, the digital signature of the key A digital signature of the request information is confirmed in the information providing apparatus, and the information requesting apparatus After digital signature key is verified, and wherein the receiving the information encrypted by the information providing apparatus.
  The control method of the present invention is a control method executed by an information providing apparatus that provides information via a network, and is generated from request information for requesting provision of the information and encrypted by a public key cryptosystem. Receiving the converted digital signature request information from the information requesting device; decrypting the digital signature request information using a public key cryptosystem; and confirming the digital signature of the request information; and the request information Confirmed digital signature A digitally signed key generated from a key for decrypting the information and encrypted by a public key cryptosystem is transmitted to the information requesting device; and And a step of encrypting and transmitting the information to the information requesting device after the digital signature is confirmed and the digital signature of the key is confirmed in the information requesting device.
  Further, the control method of the present invention is a control method executed by an information requesting device that requests the information providing device that provides information via a network to provide the information, and is a request for requesting provision of the information. Transmitting the request information with the digital signature generated from the information and encrypted by the public key cryptosystem to the information providing apparatus; and after confirming the digital signature of the request information in the information providing apparatus, the information is Receiving a key with a digital signature generated from a key for decryption and encrypted by a public key cryptosystem from the information providing device; and after decrypting the key with a digital signature by a public key cryptosystem, Confirming the digital signature of the key; and confirming the digital signature of the request information in the information providing device; After digital signature of the key is confirmed in the multi-address request apparatus, and having a step of receiving the information encrypted by the information providing apparatus.
[0029]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, an embodiment according to the present invention will be described in detail with reference to the drawings.
[0030]
[First Embodiment]
A first embodiment according to the present invention will be described below with reference to FIGS.
[0031]
FIG. 1 is a block diagram of a first embodiment according to the present invention, FIG. 2 is a diagram showing an example of an outline of a multimedia network system to which the present embodiment is applied, and FIG. FIG. 4 is a diagram showing a function of a part that performs encryption with a public key in FIG. 1, and FIG. 5 is a diagram showing a function of a part that performs a digital signature in FIG.
[0032]
In FIG. 1, 1 is a first terminal that encrypts and transmits the immediate communication type information, 2 is a second terminal that receives and decrypts the encrypted immediate communication type information, and 3 is a transmission path.
[0033]
In the first terminal 1, 101 is a magnetic storage device for storing storage type information such as a computer file and an electronic slip in the transmission terminal 1, and 102 is certainly the first terminal when the storage type information is transmitted. 1 is a digital signature part for performing a digital signature for authenticating that it has not been forged by a third party, and 103 is disclosed to the second terminal 2 that is the destination of information. The public key encryption unit 104 encrypts the storage type information using the encrypted key, and 104 stores the storage type information encrypted and transmitted using the public encryption key unique to the first terminal 1. , A public key decryption unit for decrypting using a secret decryption key unique to the terminal 1, and 105 indicates that the storage type information decrypted by the public key decryption unit 104 is certainly the second terminal 2. From the third partyCounterfeitA signature confirmation unit for confirming a digital signature for authenticating that the information is not received, 106 is an immediate communication type information generating device for generating digital immediate communication type information such as the TV camera 106a and VTR 106b, and 107 is a first terminal. A synchronization signal generator 108 for obtaining synchronization necessary for communication between the first terminal 2 and the second terminal 2; a clock extractor 109 for extracting a clock signal from the immediate communication type information from the immediate communication type information generator 106; Is a pseudo-random number generator that generates a pseudo-random number sequence that corresponds to the data key given by the magnetic storage device 101 and that is synchronized with the clock signal from the clock extractor 108, and 110 from the immediate communication type information generator 106 Information andPseudorandom number generator 109An exclusive OR gate for taking an exclusive OR with the pseudo random number from 111, 111 is a charge for measuring the operating state of the pseudo random number generation unit 109 and taking information on the consideration to be paid for the transmitted information An information collecting unit 112 transmits information from the public key encryption unit 103 and a signal from the exclusive OR gate 110 to the transmission path 3 and receives a signal from the transmission path 3 to receive the public key decryption unit 104. It is a communication interface for outputting to the network.
[0034]
In the second terminal 2, reference numerals 201 to 205 and 212 denote the same magnetic storage device, digital signature unit, public key encryption unit, public key decryption unit, and signature as those of the first terminal 101 to 105 and 112, respectively. It is a confirmation part and a communication interface. Reference numeral 206 denotes an immediate communication type information processing device including a CRT 206a, a VTR 206b, a magnetic storage device 206c, and the like for displaying, storing, processing, and the like for the immediate communication type information. A synchronization signal extraction unit for extracting a synchronization signal from the signal transmitted to the transmission path 3, 208 a reception clock extraction unit for extracting a clock component from the transmitted signal, and 209 for transmission of immediate communication type information When receiving the same key as the pseudo-random number generating unit 109 of the first terminal 1 which is the side device, the pseudo-random number generating unit 210 generates the same pseudo-random number, 210 is the received information from the communication interface 212 and the pseudo-random number This is an exclusive OR gate that takes an exclusive OR with a pseudorandom number from the generation unit 209.
[0035]
The multimedia network system according to the present embodiment, which includes the first terminal 1 which is a transmitting station apparatus having the above configuration, the second terminal 2 which is a receiving station, and the like.System configurationIs shown in FIG.
[0036]
In FIG. 2, 11 is a transmitting station corresponding to the first terminal 1 shown in FIG. 1 that provides information and receives compensation for the information, 21A to 21C, 2A2 to 22c, 23A to 23C, and 24A to 24C. 1 receives the information from the transmitting station 11 and pays for it. The receiving station has the same configuration as the second terminal 2 in FIG. 1, 31 is a communication satellite, 32 is a trunk communication network using an optical fiber, etc. , A communication network such as CATV, 34 is a local area network (LAN), 341 to 344 are nodes that exchange information between the LAN 34 and the outside, and 35 is a communication between the transmission station 11 and the communication satellite 31. The ground stations 351, 361 to 363 are antennas used for communication between the communication satellite and the ground.
[0037]
The transmission path 3 in FIG. 1 is the transmission path using the ground station 351, the communication satellite 31 shown in FIG. 2, the transmission path using the trunk station 32, the transmission path using the CATV network 33, or the LAN. It is a general term for the transmission lines used.
[0038]
The schematic operation of the system of the present embodiment having the above configuration will be described below with reference to the flowchart of FIG.
[0039]
In the system of FIG. 2, the transmitting station 11 provides video information and other immediate communication type information according to the request from each of the receiving stations 21A to 24C. This information includes the communication satellite 31, the trunk station 32, and the CATV network 33. Or, it is transmitted via the LAN 34 to the receiving station that requested the information. The receiving station pays for this information. Further, between the transmitting station 11 and the receiving stations 21 to 24, transmission of all information except for the payment of the consideration is performed via any one of the transmission paths shown in FIG. 2, that is, online.
[0040]
However, as described above, in the network shown in FIG.
[0041]
(1) A third party intercepts immediate communication type information without paying consideration.
[0042]
(2) A third party disguises other receiving stations and requests and receives information.
[0043]
(3) After receiving the information, the receiving station falsifies the billed electronic slip.
[0044]
(4) The receiving station forges the receipt electronic voucher without paying the consideration.
[0045]
In the present embodiment, in order to prevent such fraud, the transmitting station 11 that is the first terminal 1 includes a public key encryption unit 103, a public key decryption unit 104, and The pseudo random number generation unit 109 is equipped, and the receiving stations 21A to 24C as the second terminals are each equipped with the public key encryption unit 203, the public key decryption unit 204, and the pseudo random number generation unit 209 shown in FIG. Has been.
[0046]
Therefore, the procedure from the time each receiving station requests information until the consideration is paid is as follows.
[0047]
First, in step S1, a file (electronic slip) for ordering information is transmitted from the receiving station to the transmitting station 11. The transmission and reception are subjected to encryption / decryption processing by a public key method described later. Subsequently, the transmitting station 11 that has received the file transmits the immediate communication type information according to the file to the ordering receiving station in step S2. As will be described later, this transmission information is subjected to encryption / decryption processing by a common key method.
[0048]
In step S3, an electronic voucher for confirming receipt is transmitted from the receiving station to the transmitting station 11. In step S4, the transmitting station 11 transmits an electronic voucher for billing from the transmitting station to the receiving station. The transmission and reception of the electronic slip are subjected to encryption / decryption processing by a public key method described later.
[0049]
In step S5, the receiving station pays the value using means other than the network. Upon confirming the payment, the transmitting station 11 transmits an electronic voucher for receipt to the ordering receiving station in step S6. Also in the transmission and reception of the electronic slip, encryption / decryption processing by the public key method described later is similarly performed.
[0050]
Through the above procedure, provision of information and payment for compensation are performed.
[0051]
The encryption / decryption processing of the present embodiment in the information communication procedure of FIG. 3 outlined above will be described in detail below.
[0052]
In the present embodiment, the immediate communication type information is transmitted / received after being encrypted / decrypted by the common key method by the pseudo random number generators 109 and 209.
[0053]
On the other hand, the electronic slips are encrypted by a public key method by each encryption / decryption unit.
[0054]
First, an outline of encryption / decryption of immediate communication type information by the common key method of this embodiment will be described.
[0055]
The transmitting station 11 of the present embodiment excludes the immediate communication type information sequence to be transmitted and the pseudo random number sequence generated by the pseudo random number generation unit 109 using the data encryption key from the magnetic storage device 101 as a seed. By performing the logical OR, the communication using the common key method is performed and the immediate communication type information is transmitted.
[0056]
The receiving station uses the encrypted signal and the pseudorandom number sequence generated by the pseudorandom number generator 109 of the transmitting station 11 generated by the pseudorandom number generator 209 using the data encryption key from the magnetic storage device 201 as a seed. Decoding is performed by taking an exclusive OR with the same pseudorandom number sequence.
[0057]
In the above description, the transmitting station and the receiving station use the same pseudorandom number generator, and the same pseudorandom number sequence can be generated by giving the same data encryption key.
[0058]
Next, an outline of encryption / decryption by the public key system of the above-described embodiment will be described.
[0059]
In the present embodiment, the public key method is used to encrypt and transmit electronic vouchers such as information request, receipt, consideration charge, receipt, and the data encryption key in the common key method.
[0060]
The data encryption key in this common key system transmitted from the transmitting station 11 to the requesting receiving station is encrypted in advance using the public key encryption system, thereby preventing the third party from knowing it. be able to. In addition, by changing this type for each communication, it is possible to prevent a pseudorandom number sequence encrypted by comparing a plurality of communication texts.
[0061]
In this embodiment, by using such an encryption method, it is possible to perform high-speed and highly secure encryption in real time even for high bit rate immediate communication information. Become.
[0062]
Further, in the present embodiment, in order to prevent (2) to (4) among the frauds described above, electronic slips are transmitted by encryption / decryption using the public key method, and each terminal In addition, the digital signature units 102 and 202 and the signature confirmation units 105 and 205 have a function of performing a so-called digital signature and a function of confirming the digital signature for authenticating the transmission source simultaneously with encryption.
[0063]
Thereby, (2) to (4) can be effectively prevented among the above-mentioned fraudulent acts. For this reason, it becomes possible to detect when the electronic slip is forged by a third party or is tampered with after transmission.
[0064]
Hereinafter, the functions of the public key encryption and the digital signature in the present embodiment will be described with reference to FIGS.
[0065]
First, the details of the public key encryption method of this embodiment will be described with reference to FIG.
[0066]
In FIG. 4, the input “x” is information such as an unencrypted electronic voucher and a data encryption key, “ke” is a key for encryption by a public key encryption method, and “E” is a key “ encryption unit that encrypts information “x” using “ke”, “y” is information encrypted by encryption unit E, “kd” is a key for decryption, “D” is key “kd” "K" is information for determining a pair of encryption key "ke" and decryption key "kd", "F" , “G” is an apparatus that generates an encryption key “ke” and a decryption key “kd” from information “ks”.
[0067]
The information “ks” and the decryption key “kd” are stored as confidential information unique to each terminal so as not to leak from the terminal. In contrast, the encryption key “ke” is disclosed to all terminals as public information unique to each terminal.
[0068]
In the above configuration, the transmission-side terminal encrypts and transmits information using a public encryption key unique to the counterpart terminal to which the information is to be transmitted. The encryption key “ke” and the decryption key “kd”Make a pairHowever, a key pair is used in which it is virtually impossible to estimate the decryption key “kd” from the encryption key “ke”. Such a key pair is generated by using a function called a one-way function.
[0069]
As a preferred example of this one-way function, when two disjoint integers are “p” and “q”, the product n is (n = p · q). That is, “p” and “q” can be easily obtained from “n”, but it is difficult to obtain “p” and “q” from “n”. Can be generated.
[0070]
As described above, in the present embodiment, information is encrypted and transmitted using a public encryption key, and decrypted using a secret decryption key that cannot be estimated from this encryption key, Highly secure encrypted transmission can be performed without transmitting a decryption key.
[0071]
Next, details of the digital signature function of this embodiment will be described with reference to FIG.
[0072]
In FIG. 5, “s” is a signed communication message. Further, parts having the same functions as those in FIG.
[0073]
In the above configuration, when a digital signature is transmitted, the terminal on the transmission side performs the decryption operation on the original information using the decryption key unique to the terminal and transmits the information. Then, the encryption operation performed on the decrypted information is performed using the encryption key disclosed by the receiving terminal. Since the cryptographic operation and the decryption operation are mathematically inversely related, even if such an operation is performed, the received and cryptographically operated information can be returned to the information before the decryption operation at the transmitting terminal. it can. The decryption key “kd” is stored as the secret method of the transmitting terminal as described above, and cannot be estimated from the publicly available encryption key “ke”. Therefore, the receiving terminal obtains information “x”, which is the original communication text, by performing an encryption operation on the transmitted signed communication text “s” using the public encryption key. It is done.
[0074]
As a result, it can be authenticated that this information “x” is certainly issued from the terminal that disclosed the encryption key. Information forged by a third party who does not know the decryption key becomes information that has not been appropriately encrypted. Even if encryption processing is performed with an inappropriate encryption key, only a signal (information) that does not make sense is obtained.
[0075]
The specific role of each unit when the above processing is performed will be described below according to a specific example.
[0076]
In the following description, a case where the receiving station 24B receives information from the transmitting station 11 and pays the price is taken as an example. It goes without saying that the same operation is performed in communication in other stations.
[0077]
First, the receiving station 24B, which is the terminal 2 in FIG. 1, performs the process of step S1 in FIG. That is, an electronic slip (order slip) that requests immediate communication type information is created in the magnetic storage device 201. Subsequently, the digital signature unit 202 digitally signs the electronic slip using a secret signature decryption key unique to the receiving station 24B. Further, the encryption device 203 encrypts the electronic voucher including the digital signature using the public encryption key unique to the transmission station 11 and sends it out to the transmission path 3 via the communication interface 212.
[0078]
The receiving station 24B is connected to the LAN 34 by the node 343, and the signed and encrypted slip from the receiving station 24B is sent to the LAN 34 through the node 343, passes through the nodes 344 and 341, The transmission station 11 is reached.
[0079]
This slip is taken into the transmitting station 11 by the communication interface 112. Then, this signal is decrypted by the public key decryption unit 104 using a secret decryption key unique to the transmitting station 11. This decrypted information includes the digital signature transmitted from the receiving station 24B, and the digital signature transmitted from the receiving station 24B is confirmed by the signature verification device 105, and the electronic signature from the receiving station 24B is confirmed. It is verified that it is a slip. This electronic slip is stored in the magnetic storage device 101.
[0080]
Next, the transmitting station 11 executes the process of step S2 of FIG. That is, the common key encryption data key used when transmitting the immediate communication type information is first determined. Subsequently, the digital signature unit 102 signs the data key. Then, the public key encryption unit 103 performs encryption processing using the public key, and transmits this data key to the receiving station 24B. The receiving station 24B decrypts the received signal, confirms the signature, and receives the data key. Then, using this data key, the pseudo-random number generator 209 is set up to prepare for reception of immediate communication type information. Thereafter, it notifies the transmitting station 11 that the preparation for reception has been completed.
[0081]
Upon receiving the notification of completion of reception preparation, the transmitting station 11 sets up the pseudo-random number generator 109 using the same data key transmitted to the receiving station 24B, and then energizes the synchronization signal generator 107. By generating a synchronization signal, starting the operation of any device based on the request of the immediate communication type information terminal group 106, and taking the exclusive OR of the signal sequence output from this device and the pseudo-random number sequence Encrypt. Then, the encrypted signal is transmitted to the receiving station 24B via the communication interface 112. In the receiving station 24B that has received this encrypted signal through the communication interface 212, the synchronization signal extraction unit 207 detects the synchronization signal in this signal and activates the pseudo-random number generation unit 209.
[0082]
The exclusive OR gate 210 performs an exclusive OR operation on the encrypted immediate communication type information from the transmitting station 11 and the pseudo random number sequence from the pseudo random number generator 209 to perform a decryption process, and CRT 206a, Input to the VTR 206b or the like.
[0083]
Charging information collection units 111 and 211 that measure the operating time of the own apparatus and measure charging information are connected to the pseudo random number generation unit 109 of the transmission station 11 and the pseudo random number generation unit 209 of the reception station 24B, respectively. The billing information collecting units 111 and 211 can charge and pay for the amount according to the amount of information transmitted.
[0084]
In the present embodiment, since the billing information collecting units 111 and 211 for measuring the billing information by measuring the operation time of each device are connected, by displaying the billing information collection information by displaying it, etc. Billing information can be grasped on both the transmitting side and the receiving side, and preparations for payment at a later date can be made promptly.
[0085]
Further, by transmitting this collected billing information at the end of communication, it becomes possible to prevent troubles in the future.
[0086]
When the transmission of the immediate communication type information is completed, the receiving station 24B executes the process of step S3 in FIG. That is, the electronic voucher (acknowledgment confirmation voucher) received is sent to the transmitting station 11 after being signed and encrypted by the same control as described above.
[0087]
On the other hand, the transmitting station 11 also signs and encrypts the electronic bill for billing in step S4 in FIG. 3 as described above, and sends it to the receiving station 24B.
[0088]
As shown in step S5, the receiving station 24B pays the consideration to the transmitting station 11 side through a bank or other methods.
[0089]
On the other hand, as shown in step S6, the transmitting station 11 signs and encrypts the receipt electronic voucher and transmits it to the receiving station 24B, thereby completing one unit of information service transaction.
[0090]
As described above, according to the present embodiment, by performing such a procedure, the immediate communication type information can be transmitted in high-speed real time without the encryption key being known or estimated by a third party. It is possible to transmit with secure encryption, and to prevent forgery or falsification of electronic slips.
[0091]
Furthermore, since all communications are encrypted, it is not known to third parties what kind of information has been traded, and the confidentiality of communications is protected not only in terms of content but also in its presence or absence. .
[Other Embodiments]
The present invention is not limited to the encryption / decryption processing in the above system, and is not limited to the configuration and control of the above-described embodiment. The encryption and decryption processing according to the present invention can be applied to any data transmission system.
[0092]
A second embodiment of the present invention in which the present invention is applied to another system will be described below with reference to FIGS.
[0093]
In recent years, a conference system using a network called an electronic conference or a video conference has begun to spread. Such a conference system uses a local area network (LAN) and a public line to send a signal from a television camera that captures a person or an object, a picture image, or an image scanner signal from a remote location. It is transmitted between the two rooms. Usually, a plurality of electronic conference rooms are connected to a LAN provided in an office, and information is transmitted via a public line network. In order to avoid the interception of information by three parties, it is necessary to encrypt the information.
[0094]
FIG. 6 is a schematic diagram of such a conference system according to the present embodiment. In FIG. 6, 5 is a first establishment of a company, and 6 is a second establishment of the company. The stations are connected via a public line 7.
[0095]
In the first office 5, 51 is the first meeting room A of the office 5, 52 and 53 are the second and third meeting rooms B and C, and 511 to 515 of this office are in the meeting room A. 511 is a control device, 512 is a display, 513 is a CRT for document presentation, 514 is a TV camera, 515 is an image scanner, 551 to 555 are nodes, 561 is a LAN transmission line, and 562 is branched from the LAN. The transmission lines are coaxial cables and optical fibers.
[0096]
In the second office 6 as well, similar conference rooms 61 and 62, nodes 651 to 655, an interface 64, and transmission paths 661 and 662 are arranged.
[0097]
FIG. 7 and FIG. 8 show a schematic configuration of a communication interface for performing encryption of each device except for the control device installed in the conference room shown in FIG. 6 in the conference system of the present embodiment having the above configuration. .
[0098]
FIG. 7 is a configuration diagram of an interface for a transmission device that sends out information such as a TV camera and an image scanner. FIG. 8 is a configuration diagram of an interface for a reception device that receives information such as a display and a CRT.
[0099]
7 and 8, reference numerals 71 and 81 denote these information devices, 72 and 82 denote clock extraction circuits that extract clock components from information signals, 73 and 83 denote pseudo-random number generation circuits, and 74 and 84 denote communication synchronization and pseudo-signals. Control circuits for controlling the generation of random numbers, the automatic operation of information devices, etc., 75 and 85 are exclusive OR gates that take exclusive OR, and 76 and 86 are transmission / reception circuits for transmitting and receiving signals to and from the transmission line.
[0100]
The operation of the present embodiment having the above configuration will be described below. In the following description, a case where a conference is performed between the conference room A51 and the conference room B61 will be described as an example. The conference rooms 52, 53, 62, etc. have the same functions as those of these conference rooms, and it goes without saying that the same operation is performed between other conference rooms.
[0101]
Assume that each conference room control device, for example, the control devices 511 and 611, has the information encryption function based on the public key encryption described in the first embodiment.
[0102]
First, the control device 511 of the conference room 51 determines a common key encryption data key for each of the devices in the conference room 51 and the conference room 61 prior to the start of the conference between the conference room 51 and the conference room 51. Then, this data key is encrypted by the same public key method as in the first embodiment described above, and is transmitted to the control device 611 in the conference room 61. Next, the control device 511 transmits this data key to the control circuits 74 and 84 of all the devices in the conference room 51, and sets up the encrypted communication interface of each device.
[0103]
Similarly, the control device 611 transmits a data key to the control circuit of each device in the conference room 61 to perform setup.
[0104]
Thereafter, each device is synchronized using a synchronization signal from the control circuit of each device, and communication is started.
[0105]
In this state, all information from each transmitting device is encrypted and transmitted by exclusive OR with a pseudo-random number sequence using the previously determined data key as a seed. Each receiving device decodes and receives a signal using the same pseudo-random number sequence. The encryption / decryption during this period is performed in the same manner as in the first embodiment described above.
[0106]
By conducting the electronic conference in this way, for example, it is possible to prevent the viewing of the conference from the conference room C52 or the conference room D53.
[0107]
Moreover, the danger of being intercepted by a third party while information is transmitted through the public line can be avoided.
[0108]
The details of the present invention have been described above using the first embodiment and the second embodiment, but the scope of the present invention is not limited to these embodiments.
[0109]
In other words, the present invention allows immediate communication type information that requires high-speed, real-time encryption and storage-type information that requires more secure encryption and caller authentication via the same medium. It is obvious that any form of multimedia network can be applied, and it does not depend on the form of network or the type of terminal.
[0110]
【The invention's effect】
As described above, according to the present invention, the network is used.In addition to request information that requests information that can be provided, it is possible to prevent fraud, such as forgery, falsification, forgery, etc., on the key for decrypting the information requested by the request information. As a result, the request information The information required by can be transmitted very safely.
[Brief description of the drawings]
FIG. 1 is a block diagram of a first embodiment according to the present invention.
FIG. 2 is a diagram showing an example of an outline of a multimedia network system to which the embodiment is applied.
FIG. 3 is a flowchart showing a schematic operation of the embodiment.
4 is a diagram illustrating functions of a part that performs encryption with a public key in FIG. 1;
FIG. 5 is a diagram showing the function of a part that performs digital signature in FIG. 1;
FIG. 6 is a configuration diagram of a conference system according to a second embodiment of the present invention.
FIG. 7 is a configuration diagram of an interface for a transmitting device in a second embodiment.
FIG. 8 is a configuration diagram of an interface for a receiving device in the second embodiment.
[Explanation of symbols]
1, 2 Communication terminal
3 Transmission path
5,6 Business establishment
7 Public line
11 Transmitting station
21A-24C Receiving station
31 Communication satellite
32 Main line station
33 Communication network
34 Local Area Network (LAN)
35 Ground station
51-53, 61, 62 Meeting room
54,64 interface
71, 81 Information equipment
72, 82 clock extraction circuit
73,83 Pseudorandom number generator
74, 84 Control circuit
75, 85, 110, 210 Exclusive OR gate
76, 86 Transmission / reception circuit
101, 201 Magnetic storage device
102,202 Digital signature part
103, 203 Public key encryption unit
104,204 Public key decryption unit
105, 205 Signature confirmation part
106,206 Immediate communication type information generator
106a, 206a TV camera
106b, 206b VTR
107, 207 Sync signal generator
108,208 Clock extractor
109,209 Pseudorandom number generator
111, 211 Billing information collection part
112,212 Communication interface
341-344, 551-555 nodes
511 controller
512 display
513 CRT for document presentation
514 TV camera
515 Image Skiana
D Decryption unit
E Encryption section
D Decryption unit

Claims (12)

An information communication method in an information communication system comprising an information providing device for providing information via a network and an information requesting device for requesting provision of the information ,
And transmitting the generated from the request information for requesting the provision of the information, a digital signed requests information encrypted by the public key cryptosystem to the information providing apparatus,
Verifying the digital signature of the request information after decrypting the digital signature request information by public key cryptography;
After confirming the digital signature of the request information, transmitting the digital signature key generated from the key for decrypting the information and encrypted by a public key cryptosystem to the information requesting device;
Verifying the digital signature of the key after decrypting the key with the digital signature by public key cryptography;
The digital signature of the request information in the information providing device has been confirmed, after the digital signature of the key is confirmed in the information request device, information communication and a step for encrypting and transmitting the information to the information request device Method. An information communication system comprising: an information providing device that provides information via a network; and an information requesting device that requests provision of the information ,
The information requesting device includes:
Generated from the request information for requesting the provision of the information, and second transmission means for transmitting the digital-signed request encrypted information to said information providing apparatus by the public key cryptosystem,
After decoding by the public key cryptosystem digital signature key, an apparatus that have a second confirmation means for confirming the digital signature of the key,
The information providing apparatus includes:
First decryption means for confirming the digital signature of the request information after decrypting the request information with the digital signature by a public key cryptosystem;
After the digital signature of the request information is confirmed, a first transmission for transmitting the key with the digital signature generated from a key for decrypting the information and encrypted by a public key cryptosystem to the information requesting device Means,
Wherein the digital signature of the request information in the information providing device has been confirmed, after the digital signature of the key is confirmed in the information request device, an apparatus for encrypting and transmitting the information to the information request device An information communication system. An information providing device for providing information via a network,
Means for receiving request information with a digital signature generated from request information for requesting provision of the information and encrypted by a public key cryptosystem from an information requesting device;
Means for verifying the digital signature of the request information after decrypting the digital signature request information by a public key cryptosystem;
Means for transmitting a key with a digital signature generated from a key for decrypting the information and encrypted by a public key cryptosystem to the information requesting device after the digital signature of the request information is confirmed. And
The information providing apparatus confirms the digital signature of the request information, and after the digital signature of the key is confirmed in the information request apparatus, the information is encrypted and transmitted to the information request apparatus. Providing device. An information requesting device that requests the information providing device that provides information via a network to provide the information,
Means for transmitting request information with a digital signature generated from request information for requesting provision of the information and encrypted by a public key cryptosystem to the information providing device;
After the digital signature of the request information is confirmed in the information providing apparatus, a key with a digital signature generated from a key for decrypting the information and encrypted by a public key cryptosystem is received from the information providing apparatus. Means to
After the key with the digital signature is decrypted by a public key cryptosystem, the digital Means for verifying
The information providing apparatus receives the information encrypted by the information providing apparatus after the digital signature of the request information is confirmed and the information requesting apparatus confirms the digital signature of the key. Information request device. A control method executed by an information providing apparatus that provides information via a network,
Receiving request information with a digital signature generated from request information for requesting provision of the information and encrypted by a public key cryptosystem from an information requesting device;
Verifying the digital signature of the request information after decrypting the digital signature request information by public key cryptography;
After confirming the digital signature of the request information, transmitting the digital signature key generated from the key for decrypting the information and encrypted by a public key cryptosystem to the information requesting device;
And a step of encrypting the information and transmitting the information to the information requesting device after the digital signature of the request information is confirmed in the information providing device and the digital signature of the key is confirmed in the information requesting device. Characteristic control method. A control method that is executed by an information requesting device that requests an information providing device that provides information via a network to provide the information,
Transmitting request information with a digital signature generated from request information requesting provision of the information and encrypted by a public key cryptosystem to the information providing device;
After the digital signature of the request information is confirmed in the information providing apparatus, a key with a digital signature generated from a key for decrypting the information and encrypted by a public key cryptosystem is received from the information providing apparatus. And steps to
Verifying the digital signature of the key after decrypting the key with the digital signature by public key cryptography;
Receiving the information encrypted by the information providing apparatus after the digital signature of the request information is confirmed in the information providing apparatus, and the digital signature of the key is confirmed in the information requesting apparatus. A control method characterized by the above. After the digital signature of the request information is confirmed in the information providing apparatus and the digital signature of the key is confirmed in the information requesting apparatus, before the information providing apparatus transmits the information, the information The information communication method according to claim 1, wherein the information providing apparatus is notified that preparation for reception is completed. The information requesting device transmits the information after the digital signature of the request information is confirmed in the information providing device and the digital signature of the key is confirmed in the information requesting device. The information communication system according to claim 2, wherein the information providing apparatus is notified before the preparation for receiving the information is completed. After the digital signature of the request information is confirmed in the information providing apparatus and the digital signature of the key is confirmed in the information requesting apparatus, and before the information is received from the information providing apparatus, the information The information providing apparatus according to claim 3, wherein a notification indicating that preparation for reception is completed is received. After the digital signature of the request information is confirmed in the information providing apparatus and the digital signature of the key is confirmed in the information requesting apparatus, before the information providing apparatus transmits the information, the information 5. The information requesting apparatus according to claim 4, wherein the information providing apparatus is notified that preparation for reception has been completed. After the digital signature of the request information is confirmed in the information providing apparatus and the digital signature of the key is confirmed in the information requesting apparatus, and before the information is received from the information providing apparatus, the information 6. The control method according to claim 5, further comprising a step of receiving a notification indicating that preparation for receiving is completed. After the digital signature of the request information is confirmed in the information providing apparatus and the digital signature of the key is confirmed in the information requesting apparatus, before the information providing apparatus transmits the information, the information The control method according to claim 6, further comprising a step of notifying the information providing apparatus that preparation for reception has been completed.

Images