JPH0468387A - Data encoding processing method - Google Patents

Abstract

PURPOSE:To prevent the disorder of data in its transmission by outputting some of unit data which are handled as special control data as they are without encoding. CONSTITUTION:A nonconversion table 75 wherein unit data whose specific contents are inhibited from being encoded are listed up is provided and an encoding table 55 of the contents which are inhibited from being encoded among the listed-up unit data is generated by referring to the nonconversion data table 57. The contents of the unit data which are set in the nonconversion table 57 and inhibited from being encoded never change. Consequently, wrong transmission is prevented.

Description

DETAILED DESCRIPTION OF THE INVENTION (Field of Industrial Application) The present invention relates to a data encryption processing method for encrypting data used within a computer.

(Prior Art) Data encryption is one of the methods for maintaining the confidentiality of data used in a computer, that is, for preventing a second party from easily recognizing the data.

This encryption is a process performed on, for example, data transmitted over a communication line or data stored in a disk device or the like. By applying this encryption, the data on the communication line or on the disk device cannot be easily recognized. After encrypting such data, it is necessary to decrypt it. Since the encryption and decryption are basically the same process, the encryption and decryption are normally processed by one device. Here, a processing method in a cryptographic control device that executes this encryption and decryption processing, that is, a data encryption processing method will be explained.

First, a computer system that transmits encrypted data via a communication line will be explained.

FIG. 2 is a block diagram of a simple encryption computer system.

The system shown in the figure is composed of a transmitting side 1, a communication line 2, and a receiving side 3.

The sending side 1 is provided with a terminal device 11, a cryptographic control device 12, and a communication control device 13. The receiving side 3 is provided with terminal devices 31a to 31c, encryption control devices 32a to 32c, and communication control devices 338 to 33C.

The terminal device 11 and the terminal devices 31a to 31c are comprised of a keyboard, a display device, etc. that input/output and display data. Cryptographic control device 12 and cryptographic control device 3
2a to 32c are used to encrypt and decrypt input data. The communication control device 13 and the communication control devices 33a to 33c are interfaces that perform access to the communication line 2 and signal matching between the communication line 2 and each encryption control device.

Here, the cryptographic control device 12 will be described as a device that performs encryption, and the cryptographic control devices 32a to 32c will be described as devices that perform decryption.

For example, when transmitting data from the terminal device 11 to the terminal device 31a, the input data input to the terminal device 11 is first input to the encryption control device 12. The encryption control device 12 encrypts input data and outputs the encrypted data to the communication control device 13. Communication control device 13
will transmit encrypted data to the communication control device 33a.

The communication control device 33a outputs the received encrypted data to the encryption control device 32a. The encryption control device 32a restores and restores the encrypted data and outputs output data (input data input to the terminal device 11) to the terminal device 31a.

The terminal device 31a displays inputted output data and the like. The same applies when transmitting to the terminal devices 31b and 31c.

Here, the encryption processing, that is, the data encryption processing method in the encryption control device 12 will be specifically explained.

FIG. 3 is an explanatory diagram of a conventional data encryption processing method.

The figure shows the configuration of the cryptographic control device 12. The cryptographic control device 12 includes a processor 14 and a processor 14.
It is composed of an input control section 15, an output control section 16, and a storage section 17 connected to.

The processor 14 controls the conversion of input data (encrypted data) and encrypted data (output data). The input control unit 15 is an input interface that has a buffer function for input data. The output control unit 16 is an output interface that has a buffer function for encrypted data. The storage unit 17 encrypts (decrypts)
It is made up of a RAM and the like that stores tables (encryption table 18 and decryption table 19) that are referred to when carrying out the process. The encryption table 18 includes a reference item 18a that is referenced by the processor 14, and an encryption item 18b that stores the encrypted data obtained as a result of this reference.

Here, assuming that numerical data is to be encrypted, it is assumed that a numerical value is stored in the reference item 18a of the encryption table 18. Further, the encryption item 18b stores encryption data (numeric values) corresponding to each numerical value.

It is assumed that the configurations of the encryption control devices 32a to 32c are also the same.

In the cryptographic control device 12 having the above configuration, for example, “12
When input data (a plurality of unit data) such as "35012540" is input to the input control unit 15, the processor 14 refers to the encryption table 18 and inputs "30412".
Encrypted data such as "30152" can be obtained and output to the output control section 16. When this encrypted data is output from the output control section 16, it is sent to the terminal device 31a via the communication control device 13 and the communication line 2. Here, the unit data is data indicating one numerical value, and in this case, the input data is composed of 10 unit data.

The storage unit 17 of the encryption control device 32a decrypts the input encrypted data by referring to the decryption table 19.

(Problem to be Solved by the Invention) Now, specific data in the input data input from the terminal device 11, for example, data data 0'' is used to control the communication control device 1.
A case in which an attempt is made to control the operation No. 3 will be explained. Specifically, each time the communication control device 13 recognizes data "O", the data transmission destination is switched from the terminal device 31a to the terminal device 31c, and then again to the terminal device 31a.

When attempting to execute such control, the terminal device 11
When the input data output from
5° toward the terminal device 31a, and the data “1254°”
° will be transmitted toward the terminal device 31b.

However, when the encryption control device 12 performs encryption, the terminal device 31a receives the encrypted data “3” (manual data “1”).
However, the terminal device 31b receives the encrypted data °“4123” (
The input data "2350°" is input to the terminal device 31c as the encrypted data "152" (manual data "540"), and the transmitted content is no longer the desired one.

In this way, when encryption is applied, the delimitation of data changes, causing problems such as erroneous transmission.

The present invention has been made with attention to the above points, and an object of the present invention is to provide a data encryption processing method that does not cause data disturbance during transmission even when encryption is performed.

(Means for Solving the Problems) In the data encryption processing method of the present invention, encryption is performed by referring to an encryption table for each unit of data, in which the encryption of specific contents is prohibited in advance. An unconverted data table listing data is provided, and the unconverted data table is referred to to generate the encrypted table with contents in which encryption of the listed unit data is prohibited.

In addition, in the case where encryption is performed by performing an encryption operation on each unit data, an unconverted data table is provided in advance that lists the unit data for which encryption of specific contents is prohibited, and the unconverted data table is The invention is characterized in that encryption of the listed unit data is prohibited with reference to .

(Operation) In the above method, when generating an encryption table, the contents of the unconverted data table prepared in advance are referred to, and for the unit data set in this unconverted data table,
An encryption table is generated so that the contents remain the same even after encryption. As a result, the contents of the unit data set in the non-conversion table and for which encryption is prohibited will not change.

Further, when performing an encryption operation, the contents of a non-conversion data table prepared in advance are referred to, and the unit data set in this non-conversion table is output as is without executing the encryption operation. As a result, the contents of the unit data set as unconverted data and whose encryption is prohibited will not change.

(Embodiment) FIG. 1 is a block diagram according to a first embodiment of the present invention.

The figure shows a block diagram of a cryptographic control device 50 according to the present invention, and the first embodiment of the data encryption processing method of the present invention is realized by this cryptographic control device 50.

The cryptographic control device 50 includes a processor 51, an input control section 52 connected to the processor 51, an output control section 53,
It is composed of a storage section 54.

The processor 51 performs conversion control between input data (encrypted data) and encrypted data (output data). The input control unit 52 is an input interface that has a buffer function for input data. The output control unit 53 is an output interface that has a buffer function for encrypted data. The storage unit 54 encrypts (decrypts)
A RAM that stores an encryption table (decryption table 56) and an unconverted data table 57 that are referred to when performing
etc. The encryption table 55 includes a reference item 55a that is referenced by the processor 51, and an encryption item 55b that stores the encrypted data obtained as a result of this reference. The unconverted data table 57 is composed of unconverted data items 57a that are listed in advance and indicate unit data (specific data) that will not be encrypted. The decryption table 56 is a data arrangement table symmetrical to the encryption table 55.

The processor 51 is provided with an unconverted data setting section 58 and a table creation control section 59.

When generating the encryption table 55, the unconverted data setting unit 58 refers to the unconverted data table 57, and for the unit data set in the unconverted data table 57,
It controls so that the contents of the unit data are not encrypted (changed). Specifically, the unconverted data table 57
Encrypted table 55 corresponding to unit data set in
Control is performed to set the contents of the encryption item 55b to the same contents as the reference item 55a.

The table creation control unit 59 generates a random number or the like and sets the contents of the encryption item 55b of the encryption table 55 for the unit data determined by the non-conversion data setting unit 58 as not being set in the non-conversion data table 57. This control is used to control In this case, the contents of the encryption item 55b are the contents set in the unconverted data table 57, and
Make sure that it does not match the content already set in the encryption item 55b. Specifically, if they match, processing such as generating a random number again is executed.

The encryption control device 5o shown in the figure needs to perform processing to generate the encryption table 55 after setting the unconverted data table 57.

Regarding the procedure for generating this encryption table 55, the fourth
This will be explained with reference to the figures.

FIG. 4 is a flowchart for generating the encryption table 55.

In this case, in order to encrypt numerical data, the processor 51 sets the final numerical data to be encrypted in an internal register n (not shown), and at the same time sets the initial numerical data for generating the encryption table 55 in an internal register I. Store (step Sl). When this setting is completed, the non-conversion data setting section 58 is activated, compares the contents of the non-conversion data table 57 with the contents of internal register I, and determines whether the contents of register ■ are non-conversion data. (Step S2). If the result is NO, the table creation control unit 59 is activated. The table creation control unit 59 generates a random number and confirms that this random number is data that is not set in the encryption item 55b of the unconverted data table 57 and the encryption table 55 (step S3), and the encryption table 55 The reference item 55a1 is registered in the encryption item 55b (step S4). For example, if the content of the internal register I is °1° and a random number 3 is generated, the content of the reference item 55a becomes 3°, and the content of the corresponding cryptographic item 55b becomes 3°. . When this registration is completed, the processor 51 increments the contents of the internal register (step S5), and further increments the contents of the internal register (step S5).
It is determined whether the contents of the internal register n are smaller than the contents of the internal register n (step S6). If the result is YES, the process returns to step S2. If the result is YES, the process of generating the encryption table 55 ends.

Now, if the result of step S2 is YES, the unconverted data setting unit 58 registers the same contents as the reference item 55a in the encryption item 55b corresponding to the contents of the internal register (step S7), and moves to step S5. In this case, since "OPA" is set as unconverted data in the unconverted data table 57, the reference item 55a of the encryption table 55
The content of the encryption item 55b corresponding to the unit data "O" is set to the unit data "O". Also, if the data is unconverted and has already been set as a code in step S3, random number generation is performed again. I will do it.

Here, returning to FIG. 1, when input data is encrypted by referring to the encryption table 55 generated under the control of the unconverted data setting section 58 and the table creation control section 59, for example, if the input data is "'1235012450''
shall be. In this case, the encrypted data output from the encryption control device 50 becomes "3142031250". In this way, input data “0” (specific data)
The contents of the file do not change even if it is encrypted. Therefore, even when the unit data "O" is used to switch destination terminal devices, each terminal device can obtain the same data as the input data.

Next, FIG. 5 is a block diagram according to a second embodiment of the present invention.

The figure shows a block diagram of a cryptographic control device 60 according to the present invention, and the second embodiment of the data encryption control method of the present invention is realized by this cryptographic control device 60.

The cryptographic control device 60 includes a processor 61, an input control section 62 connected to the processor 61, an output control section 63,
It is composed of a storage section 64.

The processor 61 controls the conversion of input data (encrypted data) and encrypted data (output data), that is, performs an encryption operation (decryption operation). The input control unit 62 is an input interface that has a buffer function for input data. The output control unit 63 is an output interface that has a buffer function for encrypted data.

The storage unit 64 includes a RAM and the like that stores calculation parameters 65 and an unconverted data table 66 that are used as parameters when performing an encryption calculation (decryption calculation). The calculation parameters 65 are numerical data consisting of addition/subtraction values, multiplication/division values, etc. with respect to input data (encrypted data) when the processor 61 executes an encryption calculation (decryption calculation). The unconverted data table 66 is composed of unconverted data items 66a that are listed in advance and indicate unit data that will not be encrypted.

The processor 61 is provided with an unconverted data control section 67 and an arithmetic control section 68.

The unconverted data control unit 67 performs encryption calculation (decryption calculation)
Before doing so, it is determined whether the input data (encrypted data) is unconverted data set in the unconverted data table 66, and if it is determined to be unconverted data, control is performed to output it as is. It is something. Arithmetic control unit 6
8 executes a predetermined calculation set in advance with reference to the calculation parameter 65 on the input data (encrypted data) that is not determined to be non-conversion data by the non-conversion data control unit 67, and outputs the calculation result. It is something to do. still,
If the result of this calculation is unconverted data and content that has already been set as a code, the calculation parameters are converted again and the calculation is executed.

In the data encryption processing method in the cryptographic control device 60 having the above configuration, before executing the encryption (decryption) operation, the unconverted data control unit 67 stores the unit data to be operated on in the unconverted data table 66. It is determined whether or not the data is the set unconverted data, and if the data corresponds to the unconverted data, no calculation is performed and the data is output as is.

(Effects of the Invention) The data encryption processing method of the present invention configured as described above outputs unit data as it is without encrypting what is handled as special control data. Regarding other unit data that does not correspond to specific control data, the content indicating special control data is not encrypted, so it is possible to avoid a situation where desired control cannot be executed using unit data.

[Brief explanation of drawings]

FIG. 1 is a block diagram according to the first embodiment of the present invention, and FIG.
The figure shows the configuration of a general encrypted computer system, Fig. 3 is an explanatory diagram of the conventional data encryption processing method, Fig. 4 is a flowchart of encrypted table generation, and Fig. 5 shows the second method of the present invention. FIG. 2 is a block diagram according to an embodiment. 55... Encrypted table, 57. 66... Non-converted data table, 58... Non-converted data setting section, 59... Table creation control section, 67... Non-converted data control section, 68. ...Arithmetic control section.

Claims (1)

[Scope of Claims] 1. In a device that performs encryption by referring to an encryption table for each unit of data, an unconverted data table is provided in advance that lists the unit data for which encryption of specific contents is prohibited. . A data encryption processing method, comprising: referring to the unconverted data table to generate the encryption table with contents in which encryption of the listed unit data is prohibited. 2. In a device that encrypts each unit of data by performing an encryption operation, a non-conversion data table is provided in advance that lists the unit data for which encryption of specific contents is prohibited, and the non-conversion data table is A data encryption processing method, characterized in that encryption of the listed unit data is prohibited.