JPH05167574A - Privacy communication system - Google Patents

Abstract

PURPOSE:To obtain a simple system with few using cryptographic keys by retrieving the cryptographic key using originating numbers by an other terminal device and by adding a session key to an incoming response message by ciphering the cryptographic keys of an originating terminal device when a request message for the call setting is requested to the other terminal device. CONSTITUTION:An originating terminal device 1i transfers a call setting message including a session key request command to an incoming terminal device 1j via an ISDN network 10. When the device 1i receives the call setting message, a cryptography control table of a key control storage part 13 is retrieved from an originating number #i and the corresponding cryptographic key is determined. Next, after the device 1j starts a random data generation part 19, the device starts a ciphering mechanism 12, ciphers the random data by imparting the cryptographic keys and initial value and responses to the device 1i. The device 1i decodes the response message, determines common session key and initial value, performs the ciphering and deciphering of the subsequent communication and executes a cipher communication.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a confidential communication system, and more particularly to a plurality of members spread across business establishments when encrypted communication is performed between terminal devices connected to an ISDN line using a common key encryption algorithm. Within a group consisting of
The present invention relates to a confidential communication system applied when performing encrypted communication using a common key method.

[0002]

2. Description of the Related Art A first conventional method will be described. The common key encryption algorithm is an encryption method that uses the same numerical data as a key (encryption key) for creating an encrypted text and a key (decryption key) for restoring the encrypted text. When encrypted communication is performed between terminal devices by using the common key encryption algorithm, in order to improve security, the transmitting terminal device uses a common encryption key with the decryption key that is also delivered to the receiving terminal device in advance. Used to encrypt the session key and send it to the communication line. A general method is that the receiving terminal device decrypts the received ciphertext with a decryption key that is common with the encryption key of the transmitting terminal device to know the session key, and then encrypts and decrypts subsequent data communication using the session key. .. For details of this method, refer to "Muroki, Nakamura, Cryptography and Applications, Information Processing, Vo1.32.
No. 6, pp714-723, 1991 "and the like.

In the above method, when there are N terminal devices at present and each terminal device wants to carry out secret communication with each other,
At least one encryption key is required for transmitting / receiving the session key between a pair of terminal devices, and {N (N-1) / 2} is used as a whole.
You need 4 keys. If the number of terminal devices increases, the number of keys will become huge.

For this reason, as the second conventional method, the conventional apparatus is provided with a separate key distribution center for registering the encryption key kept secret by each terminal device. Each time the terminal device T _i starts encrypted communication with the terminal device T _j , the key distribution center is accessed and the session key encrypted with the registered encryption keys K _i and K _j is transferred to the terminal devices T _i and T _j . _{In general} , the terminal devices T _i and T _j deliver the session key to the terminal device _j and decrypt the delivered session key to perform encrypted communication.

In the method of distributing the session keys using the key distribution center as described above, the number of keys managed by the entire group is N. However, in this method, an enemy makes the terminal device T _j believe as a key distribution center and distributes a fake session key, or an enemy who impersonates the terminal device T _i uses the key previously distributed. It is necessary to prevent the terminal device T _j from being illegally called. Therefore, for example, it is necessary to introduce the following complicated session key distribution protocol.

FIG. 8 shows a key distribution process in the second conventional method.
Indicates a protocol. [Step 1] Terminal device T_iIs (a_i, R_i, A_j)
Send in plain text to the key distribution center. However, a_iIs the terminal device T_iAddress number r_iIs a random number a_jIs T_jAddress number [Step 2] Key distribution center is E_Ki{R_i, A_j, K
_s, E_Kj(K_s, A_i)} Is the terminal device T_iReturn to.
However, E_Ki(M) is the encryption key K for the plaintext m_iCiphertext encrypted with K_iIs the terminal device T_iEncryption key K_jIs the terminal device T_jEncryption key K_sIs a session key generated by the key distribution center [Step 3] Terminal device T_iIs the received ciphertext E_Ki{R
_i, A_j, K_s, E_Kj(K_s, A_i)} Is your own encryption key
K_iSession key K decrypted by and generated by the key distribution center
_sAnd the transmitted random number r_iAnd decryption result r_iTo
Verify and certify that the key distribution center has responded securely
It Next, the terminal device T_jTo start E_Kj(K_s, A_i)
To send. [Step 4] Terminal device T_jOnly you and the key distribution center
Encryption key K_j(K_s, A_i) Decrypt the session
Key K_sWith the address a_iCheck the terminal
Device T _iTo authenticate. Details of this method can be found in, for example, the document "Translation by Tadahiro Kamizono: Net.
Work Security, pp137-142, Nikkei BP
Company, 1985 ".

[0007]

As described above, the conventional method requires the key distribution center in addition to the terminal device, and authenticates the terminal device and the key distribution center with the distribution of the session key. In addition, the complicated protocol as described above is required.

The present invention has been made in view of the above points, and the number of encryption keys used in the entire group is N, which is equal to the number of terminal devices (N), and the key distribution center and the complex session key are used. It is an object of the present invention to provide a secret key communication system of a common key method that does not require a delivery protocol.

[0009]

In a terminal device of a communication system for performing encrypted communication using a session key among a plurality of terminal devices connected to an ISDN line, a call origination number of a calling terminal device Search means for searching the encryption key, session key generation means for generating the session key when the encryption key of the transmitting terminal device is registered,
Message delivery means for encrypting the session key generated by the session key generation means using the encryption key of the transmitting terminal device, adding the encrypted session key to the message, and delivering the message.

[0010]

According to the present invention, when each terminal device that joins the ISDN network performs confidential communication, it sends a session key request when transmitting a call setting request message to the partner terminal device. The terminal device requested for the session key is I
Search the encryption key using the calling number sent from the SDN network,
If the encryption key of the originating terminal device is registered, the session key is encrypted with the encryption key of the originating terminal device, and when the incoming response message is transmitted, the encrypted session key is added and a response is sent. In this way, since the originating terminal device can decrypt the session key with its own encryption key and perform the secret communication after the call setup, the number of encryption keys used in the secret communication system is equal to the number of terminal devices N. The number of individual terminals is sufficient and the key distribution center is not required, and the authentication of the partner terminal device can be easily performed.

[0011]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below with reference to the drawings. FIG. 1 shows a block diagram of a secret communication system using a common key encryption algorithm according to an embodiment of the present invention. In the figure, a terminal device 1 includes a terminal control unit 11 that performs layer 1 to layer 3 control of an ISDN subscriber line and network control of an upper layer from layer 4 and an encryption mechanism 12.
And a key management storage unit 13 for storing the subscriber's encryption key for each subscriber line, a random data generation unit 14, and a session key storage unit 15 for storing a session key and an initial value.

First, the principle of encrypted communication will be described. Figure 2
Shows an example of the configuration of the encryption mechanism 12 and the principle of encrypted communication. In the figure, the left side shows the calling side terminal device, and the right side shows the receiving side terminal device. The cryptographic mechanism 12 includes a cryptographic operation unit 121, a register 122 for feeding back an operation result, a register 123 for holding an output result, and an exclusive OR circuit 124.
It is composed of

The cryptographic calculation unit 121 uses the cryptographic key K to stir the input data by a predetermined calculation means (cryptographic algorithm). Regarding the specific configuration of the cryptographic operation unit 121, there are various methods depending on the selection of the cryptographic algorithm. Typical encryption algorithms include the FEAL encryption algorithm and the DES encryption algorithm. FE
For details of the AL encryption algorithm, see the document: “Miyaguchi et al., FE
AL-8 cryptographic algorithm, Kenkyuho, Vo1.37, N
o. 4/5, pages 321-327, 1988 ". Furthermore, for details of the DES encryption algorithm, refer to "Koyama, Information Security, Densho Shoin, p.
88, 1989 "and the like. Since the object of the present invention is not to propose a method of configuring an arithmetic unit, detailed description thereof will be omitted. However, if the cryptographic key and the input data input to the cryptographic arithmetic unit are the same regardless of which encryption algorithm is used. The same data is always obtained as it is mixed and output.

The encrypted communication is executed in the following procedure. [Calling Terminal Device] (1) The calling terminal device sets an initial value IV (hereinafter abbreviated as IV) in the register 122 of the encryption mechanism 12 of the device itself. (2) The encryption key 121 and the contents of the register 122
And input the data to perform data mixing. The cryptographic operation unit 121 outputs the operation result to the register 123 and transfers it to the register 122. Here, the data fed back to the register 122 becomes the input data of the next encryption cycle. (3) 1 byte of plaintext m which is the communication content and the register 123
The exclusive OR of the upper 1 byte of the exclusive OR circuit 12
4 and the encrypted 1-byte data is sent to the communication path. Hereinafter, the ciphertext obtained by encrypting the plaintext m with the key K is described as c = E _K (m).

[Terminal Device on Receiving Side] (1) The terminal device on the receiving side sets the same initial value IV as that on the transmitting side in the register 122 '. (2) The encryption key and the contents of the register 122 'are set to the encryption operation unit 12
Input 1'to mix data. Register the calculation result in register 1
23 'and transfer to the register 122'. Here, the calling terminal device, the encryption key, and the register 12
Since the contents of 2'are the same, the same calculation result of the cryptographic calculation unit 121 'is obtained. The data fed back to the register 122 'becomes the input data of the next decoding cycle as in the case of the transmitting side terminal device. (3) 1 byte at the beginning of the received ciphertext c and the register 12
The exclusive OR of the upper 1 byte of 3'is performed by the exclusive OR circuit 124 ', and is decoded into the first 1 byte of the original plaintext m. That is, the operation of E _K {E _K (m)} = m is performed.

Similarly, every time 1 byte of data is transmitted, the transmission side terminal device side and the reception side terminal device side (2)-
The operation cycle of (3) is repeated, and encryption and decryption are continuously executed in synchronization with each other until there is no outgoing data. As described above, in the common key type encrypted communication, even if the encryption algorithm is open to the public, a correct decrypted text cannot be obtained unless both communicating parties know both the encryption key and the initial value IV.

Next, an encrypted communication procedure according to an embodiment of the present invention will be described. FIG. 3 shows a diagram for explaining encrypted communication according to an embodiment of the present invention. A procedure in which a terminal device such as a digital telephone connected to an ISDN subscriber line calls a terminal device of a communication partner to perform a call connection for circuit switching (hereinafter,
The call connection procedure is abbreviated as follows. That is, the call connection is started by sending a SETUP (call setup request) message from the caller. A CALL PROC (Call Proceed) having a meaning during the call setup process from the ISDN network 10 is issued to the calling terminal device 1 # i.
ing: Notification of ongoing processing for call setup) is forwarded. When the call of the receiving terminal device 1 # j starts, the receiving terminal device 1 # j sends an ALERT (Alerting;
Notification of calling #j) Message is the originating terminal device 1
Sent to #i. Next, when the receiving terminal device 1 # j responds, the CONN
(Connect: Notify that the called party has responded) A message is sent to originating terminal device 1 # i. When the terminating terminal device 1 # j responds, a CONN ACK (Connect Acknowledge: CONN) message is sent from the ISDN network 10 to the terminating terminal device 1 # j to complete the B channel connection and start communication. (For details, refer to, for example, the document: “Supervised by Akiyama, ISDN picture and book, pages 92-101, Ohmsha, published in 1988”).

On the other hand, the ISDN has a user / user signal (User) that enables relatively short data exchange between users who perform communication accompanying a message at the time of call setup for circuit switching.
-to-User Signaling) is specified as an additional service.

FIG. 4 shows the format of the call setup message. FIG. 9A shows a message format in the case where a user-user signal is transmitted to the receiving terminal device 1 # j accompanying the transmission of a message at the time of call setup. The information from the beginning of the common part to the higher layer consistency of the individual part is the information transmitted in the message during normal call setup, and the user-user information element is the information transferred by the supplementary service. At this time, the contents of Table 1 are used as the message type of the common part.

[Table 1]

Details of the information elements and detailed explanations of the information elements of the individual parts associated with the message type are omitted because they are not essential for explaining the content of the present invention, but the details are described in the document: "Akiyama supervision, ISDN picture. Toki Reader, Ohmsha, 19
Issued in 1988, "or" Nippon Telegraph and Telephone Corporation, technical reference material, INS net service interface No. 3 "
Separate volume, Telecommunications Association, published in 1988 ”and the like.

According to the present invention, the session key, the initial value IV and the encryption key are delivered by utilizing this user-user signal supplementary service.

The format of the user / user information element used in the present invention is shown in FIG. Here, the first byte of the user-user information element is the user-user information element identifier “01111110”, the second byte is the value of the data byte length of the third byte or less “00010010”, and the third byte is the protocol identifier. Yes When configuring the information content according to the user's need as in the present embodiment, it is decided to include ALL “0” (00000000) representing the user-specific protocol (for details, refer to the document: “ Nippon Telegraph and Telephone Corporation, technical reference material, INS net service interface third volume, Telecommunications Association, 1989, pp. 136-137 ”). The 4th byte is
The commands shown in Table 2 defined in the present embodiment, the fifth to twelfth
Bytes are session key data, and 13th to 20th bytes are data of initial value IV. In this embodiment, the encryption key / I
V has the same 8-byte length as the above-mentioned FEAL and DES method. The 4th to 20th bytes are information elements newly defined in the present invention.

[Table 2]

Next, the case where the originating terminal device 1 # i calls the terminating terminal device 1 # j and starts encrypted communication will be described.

(1) The calling terminal device 1 # i sets the display identifier of the calling number information element to displayable: "00", the content length "2", and the session key request command "0000000".
User and user information including 1 "is added, and SETUP
The message "00000101" is sent to the ISDN network 10D
Transfer to the receiving terminal device 1 # j through the channel. At this time, the calling terminal device 1 # i needs to set the contract condition of the caller ID notification service of the ISDN network to "specify for each call" in advance. At this time, if the display identifier is "displayable", even if the calling number is not set correctly, the IS
The DN network 10 sets the correct number, and the receiving terminal device 1 # j
Transfer to. For details on the calling number notification service and the rules for the calling number information element, refer to "Nippon Telegraph and Telephone Corporation Technical Reference Material,
INS Net Service Interface Third Volume, Telecommunications Association, pp94-95 and pp292-301,
1988 ". In this way, the receiving terminal device 1
#J can uniquely authenticate the calling terminal device 1 # i by confirming the calling number guaranteed by the ISDN network 10, and mistakenly detects an enemy terminal device that pretends to be the calling terminal device 1 # i and makes a call connection request. It is possible to prevent connection.

(2) The receiving terminal device 1 # j receives the SETUP message from the transmitting terminal device 1 # i. Figure 5
Indicates the contents of the encryption key management table to the user. When the terminal control unit 11 analyzes the SETUP message and detects the session key request command, the receiving terminal device 1 # j searches the encryption key management table of the key management storage unit 13 from the calling number #i. The receiving terminal device 1 # _j checks whether the encryption key K _i corresponding to the calling number #i is registered in the encryption key management table. If the encryption key K _i is registered in the encryption key management table, the receiving terminal device 1 # j activates the random data generation unit 14 to generate 16-byte random data M.
And the random data M is stored in the session key storage unit 15. Next, the receiving terminal device 1 # j has the encryption mechanism 1
2, the encryption key K _i and the initial value ALL “0” are given to encrypt the random data M, and the ciphertext E _Ki (M) is created. Next, the terminal control unit 11 adds the content length “18”, the session key distribution command and the ciphertext E to the CONN message.
User with _Ki (M) as the content ・ D with user information added
It responds to the originating terminal device 1 # i through the channel. The response of the CALL PROC message from the ISDN network 10 and the response of the ALERT message from the terminating terminal device 1 # j during this period are the same as in the normal call setup procedure.

(3) The transmitting terminal device 1 # i receives the CONN message from the receiving terminal device 1 # j, and when the terminal control unit 11 detects the session key distribution command, the encryption key of the key management storage unit 13 is received. The encryption key K _i of the own terminal device is read from the management table, the encryption key K _i and the initial value ALL “0” are given to the encryption mechanism 12 to decrypt the encrypted text E _Ki (M) of the user / user information, and the plain text M = E _Ki {E
_Ki (M)} is obtained. The upper 8 bytes of the decrypted plaintext M are stored in the session key storage unit 15 as the session key K _S and the lower 8 bytes as the initial value IV. During this period, ISDN network 1
0 responds to the terminal device 1 # j with a CONN ACK message, which is similar to the normal call setup procedure.

When the above call connection procedure is completed, the originating terminal device 1 # i and the terminating terminal device 1 # j use the common session key K _s and the initial value IV obtained at the time of call setup, and use the subsequent communication data. It encrypts and decrypts and executes encrypted communication.

Finally, each terminal device 1 which is an essential part of the present invention
The operation of the terminal control unit 11 will be described. FIG. 6 shows a flow chart of the call receiving process of the call connection of the terminal control unit of the receiving terminal device according to the embodiment of the present invention.

First, the case of incoming call processing will be described. [Incoming Call Processing] (Step 61) The receiving terminal device 1 # j scans for arrival of a D channel call setup message, and repeats scanning until the message arrives. (Step 62) When the SETUP message arrives from the calling terminal device 1 # i, the receiving terminal device 1 # j transmits an ALERT message notifying that the calling is in progress. (Step 63) It is checked whether or not there is a session key request command in the 4th byte of the user-user information element of the SETUP message.
N message is sent (step 70) and step 69
Move to. (Step 64) If there is a calling number notification of the SETUP message, the process proceeds to step 65. If not, for security reasons, no response is given and the incoming call processing is terminated. (Step 65) The receiving terminal device 1 # j searches the key management table of the key management storage unit 24 from the calling number #i. (Step 66) In the search, it is checked whether or not the encryption key K _i is registered in the key management table. Encryption key K
_{If i} is registered, the process proceeds to step 67, and if the encryption key K _i is not registered, no response is made for security as in step 64, and the incoming call process is terminated. (Step 67) The receiving terminal device 1 # j activates the random data generation unit 14 to generate 16 bytes of random data M, and the encryption mechanism 12 receives the encryption key K _i and the initial value ALL.
Random data M is encrypted by giving "0", and ciphertext E
Create _Ki (M). (Step 68) Next, the CONN message to which the user / user information including the session key response command and the ciphertext E _Ki (M) is added is sent to the originating terminal device 1 # i, and the process proceeds to step 69. (Step 69) CONN A from ISDN network 10
After confirming the CK message, the incoming call processing is ended.

Next, the case of transmission processing will be described.
FIG. 7 shows a flowchart of a call connection originating process of the terminal control unit of the originating terminal device according to the embodiment of the present invention. [In the case of calling process] (Step 81) When starting encrypted communication with the receiving terminal device 1 # j, the calling terminal device 1 # i sets the display identifier of the calling number information element of the SETUP message to be displayable, A call setup request is made by adding user / user information including a session key request command. (Step 82) ALER from the receiving terminal device 1 # j
If the T message arrives within the predetermined time, step 8
Go to 4. (Step 83) If the ALERT message does not arrive within the predetermined time, the same processing as that at the time of a normal call connection failure (Step 90) is performed and the calling processing is ended. (Step 84) CONN from the receiving terminal device 1 # j
If the message arrives within the predetermined time, step 86.
Move to. (Step 85) If the CONN message does not arrive from the terminating terminal device 1 # j within the predetermined time, the same processing as that at the time of the call connection failure of the normal communication (step 90) is performed and the calling processing is ended. (Step 86) If there is a session key response command in the 4th byte of the user information element of the CONN message, the process proceeds to step 87. If there is no correct response command, abnormal processing such as displaying that the session key reception has failed is performed (step 89) and the transmission processing ends. (Step 87) The encryption key K _{i of the} terminal device and the initial value ALL “0” are given from the encryption key management table of the key management storage unit 13 to decrypt E _Ki (M). (Step 88) Next, the upper 8 bytes of the demodulated M are stored in the session key storage unit 15 as the session key K _s and the lower 8 bytes are set as the initial value IV, and the transmission process ends.

As is clear from the flowchart of FIG. 6, in the confidential communication system of the present invention, the terminal devices of the originating and terminating subscriber lines have mutually registered encryption keys, and the terminating terminal device originates from the originating terminal device. Only when the number is confirmed and the session key distribution is responded, encrypted communication is started. In other cases, normal call setup processing is performed.
It goes without saying that normal communication is possible with a terminal device that does not have an encrypted communication function.

[0032]

As described above, according to the confidential communication system of the present invention, each terminal device that performs encrypted communication only registers the secret encryption key, and can communicate with any registered partner. Secure encrypted communication can be performed. Further, conventionally, there is a drawback that a key distribution center is installed in addition to a large number of terminal devices, and a complicated protocol for authenticating the terminal device and the key distribution center is required along with the distribution of the session key. According to the present invention, in addition to eliminating the conventional drawbacks, encrypted communication can be performed only with a terminal device that is registered in the terminal device and whose subscriber number is confirmed by the ISDN network. It is possible to provide a high confidential communication system.

[Brief description of drawings]

FIG. 1 is a block diagram of a secret communication system using a common encryption algorithm according to an embodiment of the present invention.

FIG. 2 is a diagram showing a configuration example of an encryption mechanism and a principle of encrypted communication.

FIG. 3 is a diagram showing a call connection procedure for ISDN circuit switching.

FIG. 4 is a diagram showing a format of a call setup message.

FIG. 5 is a diagram showing an encryption key management table.

FIG. 6 shows a flowchart of an incoming call process for call connection of a terminal control unit of an incoming terminal device according to an embodiment of the present invention.

FIG. 7 shows a flowchart of a call connection originating process of a terminal control unit of an originating terminal device according to an embodiment of the present invention.

FIG. 8 is a diagram showing a session key distribution protocol in a conventional method.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Terminal device 10 ISDN network 11 Terminal control unit 12 Cryptographic mechanism 13 Key management storage unit 14 Random data generation unit 15 Session key storage unit 121 Cryptographic operation unit 122, 122 ', 123, 123' Register 124, 124 'Exclusive OR circuit

Claims (1)

[Claims] 1. A terminal device of a communication system for performing encrypted communication using a session key between a plurality of terminal devices connected to an ISDN line, wherein an encryption key of a calling terminal device from a calling number of a call setting message. Search means for searching for, a session key generation means for generating a session key when the encryption key of the originating terminal device is registered, and a session key generated by the session key generating means for the originating terminal device. A confidential communication system comprising: a message delivery unit that uses the encryption key of 1.