JPH0637750A - Information transfer system - Google Patents

Abstract

PURPOSE:To decode ciphered information accurately even in ciphering communication using plural ciphering keys by transferring an identification number representing definitely a ciphered key/-decoding key together with ciphered information. CONSTITUTION:An input packet count circuit 211 in a ciphering section 200 counts number of packets inputted from a LAN control section and transfers a count to a ciphering key/ID read circuit 212. Then the ciphering key/ID read circuit 212 reads a ciphering key identifier definitely representing the ciphering key used for ciphering a packet from a memory 213. That is, a means transferring the ciphering key together with ciphering information informs the ciphering key attended with the ciphering information to a reception terminal equipment. Then a means deciding a decoding key from the ciphering key in the received information in the reception terminal equipment decides a decoding key corresponding to the ciphering key used by the transmission terminal equipment.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information transfer system for encrypting and transferring information from a transmission side communication terminal (hereinafter referred to as a transmission terminal) to a reception side communication terminal (hereinafter referred to as a reception terminal), In particular, the present invention relates to an information transfer method that encrypts and transfers information using an encryption algorithm (hereinafter, referred to as an encryption key) that differs depending on the destination of transfer information.

[0002]

2. Description of the Related Art As a conventional secret communication system using encryption, there is a technique disclosed in Japanese Patent Laid-Open No. 3-262227.

In the above-mentioned prior art, in order to carry out secret communication between two communication stations, both communication stations are provided with a password / encryption memory in which a large number of passwords and encryption codes (encryption keys) are stored at the same address. To do. The transmitting station sends to the receiving station a response request signal that specifies the address of the secret code / encryption memory, and the receiving station reads the secret code stored at the specified address and sends the secret code on the response signal. Reply to the station. After confirming that the secret code of the response signal is correct, the transmitting station reads the cipher code of the same address, encrypts the information using the cipher code, and then transmits it to the receiving station. On the other hand, the receiving station reads the cipher code of the address and decrypts the received information using the cipher code.

[0004]

When the above-mentioned conventional technique is applied to connectionless communication (hereinafter referred to as CL communication) such as a local area network (hereinafter referred to as LAN), the following problems occur. Occurs.

First, since there is no clear start of communication in CL communication, there is a problem in that the encryption code cannot be transferred prior to secret communication. On the other hand, it is possible to use a single encryption code, but when using a single encryption code, there is a high risk that a third party acquires the encryption code and obtains information in the network without permission. Therefore, it is not preferable.

To improve the security of the network, a plurality of cryptographic codes may be used, but in CL communication, as described above, the cryptographic code cannot be notified prior to the communication. Therefore, the following new problem occurs. Dots occur. That is, in CL communication, each terminal in the network does not necessarily receive the information addressed to itself. That is, each terminal monitors transfer information on the network, determines whether or not the packet is addressed to itself based on route information included in the transfer information (packet), and selects packets. here,
When a plurality of different route information is encrypted in the network using a plurality of different encryption codes, it is possible that the same encrypted route information is generated from the different route information. That is, in such a case, unless the encryption codes are matched between the transmitting and receiving terminals, the information that should not be received would be erroneously received.

As a technique similar to the conventional technique, an encryption code is notified at an arbitrary time point (for example, start time) of CL communication, and only different encrypted route information is generated from different route information. However, the following problems arise. That is, as described above, in CL communication, whether or not to receive a packet is determined by selecting packets on the network. Therefore, the receiving terminal does not have to decrypt the packet by using all the encryption codes each time the packet is received. Don't This not only causes a decrease in network throughput, but also causes an increase in the amount of hardware.

An object of the present invention is to erroneously receive encrypted information and to accompany it in an information transfer system using a plurality of encryption codes (encryption keys) to maintain the confidentiality of information exchange between transmitting and receiving terminals. An object of the present invention is to provide an information transfer method that prevents a decrease in throughput and an increase in the amount of hardware.

[0009]

As a first means for solving the above problems, a means for transferring an encryption key together with encrypted information is provided in a transmitting terminal, and a decryption key is extracted from an encrypted key in received information. The receiving terminal is provided with a means for determining.

As a second means for solving the above problems, the transmitting terminal is provided with means for transferring a decryption key corresponding to the encryption key together with the encrypted information, and means for reading the decryption key in the received information is provided for the receiving terminal. To be installed.

As a third means for solving the above problems, a means for determining an encryption key identifier uniquely indicating an encryption key to be used and a means for transferring the encryption key identifier together with the encryption information are provided to the transmission terminal. The receiving terminal is provided with means for determining the decryption key from the encryption key identifier in the received information.

As a fourth means for solving the above problems, there are provided means for determining a decryption key identifier uniquely indicating a decryption key corresponding to an encryption key to be used, and means for transferring the decryption key identifier together with the encryption information. The receiving terminal is provided with means for determining the decryption key from the decryption key identifier in the received information.

As a fifth means for solving the above-mentioned problems, means for determining an encryption key from either or both of a sending terminal address and a receiving terminal address is provided in the sending terminal, and the sending terminal in the received information is included. The receiving terminal is provided with means for determining the decryption key from either or both of the address and the receiving terminal address.

As a sixth means for solving the above-mentioned problems, a means for determining an encryption key from route information is provided in a transmitting terminal, and a means for determining a decryption key from route information in received information is provided in a receiving terminal. .

[0015]

In the information transfer system using the first solution, the means for transferring the encryption key together with the encryption information makes it possible to notify the receiving terminal of the encryption key along with the encryption information. . Further, the means for determining the decryption key from the encryption key in the received information allows the receiving terminal to determine the decryption key corresponding to the encryption key used by the transmitting terminal.
In this information transfer method, the encryption information and the encryption key are transferred as a pair, and the decryption key can be determined from the encryption key. Therefore, even when using multiple encryption keys, the encryption information can be accurately It becomes possible to decipher.

In the information transfer method using the second solving means, the means for transferring the decryption key corresponding to the encryption key together with the encrypted information notifies the receiving terminal of the decryption key along with the encrypted information. Will be possible. Further, the means for reading the decryption key in the received information allows the receiving terminal to determine the decryption key corresponding to the encryption key used by the transmitting terminal. In this information transfer method, since the encrypted information and the corresponding decryption key are transferred in pairs, the encrypted information can be accurately decrypted even when a plurality of encryption keys are used.

In the information transfer system using the third solving means, the encryption key identifier uniquely indicating the encryption key to be used is transferred together with the encryption information to notify the receiving terminal of the encryption key identifier. Will be possible. Further, the means for determining the decryption key from the encryption key identifier determines a pair of encryption key / decryption key for the encryption key identifier. In this information transfer method, the encrypted information and the encryption key identifier are transferred as a pair, so that the encrypted information can be accurately decrypted even when a plurality of encryption keys are used.

In the information transfer method using the fourth solving means, the decryption key identifier uniquely indicating the decryption key corresponding to the encryption key to be used is transferred together with the encryption information to the decryption key identifier to the receiving terminal. It becomes possible to notify. Further, the means for determining the decryption key from the decryption key identifier defines a pair of encryption key / decryption key for the decryption key identifier.
In this information transfer method, since the encrypted information and the decryption key identifier are transferred as a pair, it is possible to accurately decrypt the encrypted information even when using a plurality of encryption keys.

In the information transfer method using the fifth solving means, means for determining the encryption key from either or both of the sending terminal address and the receiving terminal address, and the sending terminal address in the received information By the means for determining the decryption key from either one or both of the receiving terminal address, a pair of encryption key / decryption key is determined for either one or both of the transmitting terminal address and the receiving terminal address. In this information transfer method, since the sending terminal address and the receiving terminal address are transferred together with the encrypted information, the encrypted information can be accurately decrypted even when a plurality of encryption keys are used.

In the information transfer method using the sixth solving means, the means for determining the encryption key from the root information and the means for determining the decryption key from the root information in the received information are used for the root information. A set of encryption / decryption keys is determined. In this information transfer method, since the route information is transferred together with the encrypted information, the encrypted information can be accurately decrypted even when a plurality of encryption keys are used.

[0021]

FIG. 2 shows a LAN connection board 14 using the present invention.
1 is a block diagram of a workstation (hereinafter, referred to as WS) main body 100 equipped with 0 (hereinafter, referred to as LAN interface).

In FIG. 2, a user I / O interface 110, a CPU 120, a memory 130, a LAN interface 140, and an FD controller 150 are connected by an internal bus 160. The user I / O interface 110 is an interface between the WS main unit 100 and the input device (keyboard) and the output device (display), transfers an input signal from the keyboard to the internal bus 160, and transfers a signal from the internal bus 160 to the display. It has functions such as output. Although the input device is a keyboard and the output device is a display in the present embodiment, this configuration does not limit the present invention.

The CPU 120 is a block that processes information input from the keyboard and information input from the other terminals via the LAN interface 140 and controls each functional block. The memory 130 is a functional block that stores the various types of information described above, and stores the information when the CPU 120 is waiting for processing, waiting for output to a display, or the like. The LAN interface 140 is a block having a function for connecting the WS to a network (LAN), converts the transmission format of the internal bus 160 and the transmission format of the LAN, and also performs MAC (Media A).
ccess Control) Layer end and encryption of transfer information. F
The D control unit 150 has functions such as loading from a floppy disk (hereinafter FD) and saving to the FD in accordance with instructions from the CPU 120. The internal bus 160 is composed of a data bus for transferring data processed by WS and a control information bus for transferring control information for controlling each functional block.

FIG. 3 is a functional block diagram of the LAN interface 140. The LAN interface 140 includes a bus interface 170, a LAN control unit 180, and a ROM 1.
90, an encryption unit 200, and a transmission unit 210.

The bus interface 170 is the internal bus 16
Cut out information block from 0, LA of information block
The transfer to the N control unit 180, the buffering of the information block transferred from the LAN control unit 180, and the transfer of the information block to the internal bus are performed. LAN controller 18
Reference numeral 0 is a block that realizes MAC layer functions such as packet generation / decomposition and packet header addition / deletion. Address of the sending terminal (source address) in the packet header
And the receiving terminal address (destination address). The MAC address registered in the ROM 190 is written in the transmission source address. The MAC address registered in the ROM 190 is an address assigned only to WS. On the other hand, the destination address is the W of the packet transmission destination.
The MAC address assigned to S is written. The MAC addresses of these destination WS are stored in the memory in the LAN control unit 180 as a database. The encryption unit 200 encrypts the information from the LAN control unit 180 and decrypts the encrypted information received from the LAN to L
The data is transferred to the AN control unit 180. The transmission unit 210 converts the information from the encryption unit 200 into the transmission format of the connected LAN and transfers it to the LAN. Also, the information transferred from the LAN is converted into a format within the own WS.

Next, the encryption unit 200 will be described in detail with reference to FIG. In FIG. 1, the input packet counting circuit 2
Reference numeral 11 indicates the number of packets input from the LAN control unit 180, and the count value is the encryption key / ID reading circuit 2
Transfer to 12. Based on the count value, the encryption key / ID reading circuit 212 reads from the memory 213 an encryption key used to encrypt a packet and an encryption key identifier (hereinafter, referred to as an encryption key ID) that uniquely indicates the encryption key. read out.

FIG. 4A shows a configuration example of the memory 213. In this embodiment, the count value 301 from 0 to 255
, The encryption key 302 is 2 so that there is a one-to-one correspondence.
56 types are registered, and 0 is displayed in hexadecimal for each encryption key.
The encryption key IDs 303 from 0 to FF are registered. The same encryption key can be associated with a plurality of different encryption key IDs. In such a case, 2 for 256 types of count values and encryption key IDs.
Up to 56 types of encryption keys are registered. Further, the encryption key / ID read circuit 212 sends the encryption key to the encryption circuit 21.
5, and the encryption key ID is transferred to the encryption key ID insertion circuit 216. The buffer 214 stores the packet input from the LAN control unit 180 only for the time until the encryption key is transferred. The encryption key ID insertion circuit 216 places the encryption key / ID read circuit 212 at a predetermined position of the packet.
The transferred encryption key ID is inserted.

FIG. 5 shows the encryption key ID 50 in this embodiment.
4 shows the insertion position of No. 4. The packet 500 is composed of a packet header and an information area 501. The destination address 502 and the source address 503 are written in the packet header. The encryption key ID 504 is inserted between the user information 505 and the packet header. At the MAC layer, the encryption key ID
Since the 504 and the user information 505 are handled as the information area 501, the insertion of the encryption key ID 504 does not affect the MAC layer protocol.

On the other hand, the encryption circuit 215 has a buffer 214.
The input packet is encrypted and transferred to the encryption key ID insertion circuit 216. In this embodiment, the encryption key ID is encrypted using an encryption key that can be decrypted by all communication devices in the network (hereinafter referred to as a common encryption key), and the other parts are individually read from the memory 213. Encrypt with the encryption key of.

Next, the processing when the encrypted information is received from the LAN will be described. Encryption key ID separation circuit 21
7 cuts out the section of the encryption key ID from the received encrypted packet and transfers it to the decryption key reading circuit 218. The parts other than the encryption key ID are stored in the buffer 220 as they are. The decryption key reading circuit 218 reads the decryption key from the memory 219 based on the encrypted key ID. Encryption key ID
Is encrypted with the common encryption key, all receiving terminals can decrypt the encryption key ID. In this embodiment, since the common encryption key is used to encrypt the encryption key ID, the plaintext encryption key ID and the encrypted encryption key ID have a one-to-one correspondence, and therefore the received packet is encrypted. Key I
It is also possible to select the decryption key using D without decrypting it. It is also possible to transfer the encryption key ID together with other encryption information without encrypting it, and in that case, the encryption key ID cut out by the encryption key ID separation circuit 217 is used as it is to obtain the decryption key. select.

FIG. 4B shows a configuration example of the memory 219. In this embodiment, 256 types of decryption keys 402 are registered in a one-to-one correspondence with the encryption key IDs 401 from 00 to FF in hexadecimal notation. The memory 213
Similarly, the same decryption key can be associated with a plurality of different encryption key IDs. In such a case, 256 types or less of decryption keys are registered for 256 types of encryption key IDs. The decryption key reading circuit 218 reads the decryption key uniquely determined by the encryption key ID, and the decryption circuit 22
Transfer to 1. The decryption circuit 221 decrypts the packet input from the buffer 220 using the decryption key and transfers it to the LAN control unit 180.

Next, a method of setting the count value / encryption key / encryption key ID / decryption key in this embodiment will be described. In this embodiment, setting data is loaded from a floppy disk (FD) when the system is constructed. The memory write control 222 controls writing of setting data to the memory 213 that registers the count value / encryption key / encryption key ID. On the other hand, the memory writing control 223 controls writing of the setting data to the memory 219 for registering the encryption key ID / decryption key. When the setting data is changed, the registered content in the memory is rewritten by command input from the communication terminal or control terminal in the network. In this case, the setting data processed by the CPU 120 in the WS main body 100 is stored in the memory write control 22 via the internal bus 160.
2 and memory write control 223. The write controls 222 and 223 rewrite the registered contents of the memory 213 and the memory 219 based on the instruction of the CPU 120.

Next, a second embodiment will be described with reference to FIGS. In this embodiment, the encryption key to be used is determined based on the destination address of the packet input from the LAN control unit 180. Note that this embodiment differs from the first embodiment only in the operation of the encryption unit 200, so only the encryption unit 200 will be described.

In FIG. 6, the destination address reading circuit 224 reads the destination address of the packet input from the LAN control unit 180 and transfers it to the encryption key reading circuit 225. The encryption key reading circuit 225 reads the encryption key to be used from the memory 213 based on the destination address.

FIG. 7A shows the memory 21 in this embodiment.
3 shows a configuration example. In the memory 213, 256 types of transmission packet destination addresses 304 (DA # 0 to DA # 25
For 5), the encryption key 302 has a one-to-one correspondence.
There are 256 types registered. The destination address includes an address for individual communication to each terminal, an address for group communication commonly given to a plurality of terminals, and an address for broadcast communication commonly given to all terminals. .
The same encryption key can be associated with a plurality of different destination addresses. 2 in such cases
Up to 256 types of encryption keys are registered for 56 types of destination addresses. Furthermore, it is also possible to register the encryption key so that there is a one-to-one correspondence with the combination of the destination address and the source address. Further, the encryption key reading circuit 225 transfers the encryption key to the encryption circuit 215. The buffer 214 is L for the time until the encryption key is transferred.
The packet input from the AN control unit 180 is stored. The encryption circuit 215 encrypts the packet input from the buffer 214 and transfers it to the transmission unit 210. In this embodiment,
The destination address and the source address are encrypted using the common encryption key, and the other parts are encrypted using the encryption key read from the memory 213.

In this embodiment, since no specific parameter such as the encryption key ID in the first embodiment is used,
The packet format exchanged between the encryption unit 200 and the transmission unit 210 matches the packet format of the MAC layer protocol supported by the LAN control unit.

Next, the encrypted information (packet) is sent from the LAN.
The process when the is received will be described. The destination address separating circuit 226 copies the destination address section from the encrypted packet and transfers it to the decryption key reading circuit 218. The decryption key reading circuit 218 reads the decryption key from the memory 219 based on the destination address. Since the destination address is encrypted with the common encryption key, all receiving terminals can decrypt the destination address. In this embodiment, since the common encryption key is used to encrypt the destination address, the plaintext destination address and the encrypted destination address have a one-to-one correspondence, so the destination address of the received packet cannot be decrypted. It is also possible to select the decryption key by using the.
It is also possible to transfer the destination address together with other encrypted information without encrypting it, and in that case, the destination address copied by the destination address separation circuit 226 is used as it is to select the decryption key.

FIG. 7B shows a configuration example of the memory 219. In this embodiment, (N + 2) types of decryption keys 402 are used for destination addresses 403 of (N + 2) types of received packets.
Are registered in a one-to-one correspondence. Specifically, one type of own address when the own WS is a receiving terminal for individual communication, N types of group address when performing group communication for a group including the own WS, and when performing broadcast communication for all terminals The (N + 2) types of decryption keys 402 are registered in a one-to-one correspondence with one total broadcast address (N + 2) types of addresses. The same decryption key can be associated with a plurality of different received packet destination addresses. In such a case, decryption keys of (N + 2) types or less are registered for (N + 2) types of destination addresses. Furthermore, it is also possible to register the decryption key so that there is a one-to-one correspondence with the combination of the destination address and the source address. The decryption key read circuit 218 reads the decryption key uniquely determined by the destination address and transfers it to the decryption circuit 221.
The decryption circuit 221 decrypts the packet input from the buffer 220 using the decryption key and transfers it to the LAN control unit 180.

Next, a method of setting the transmission packet destination address / encryption key and the reception packet destination address / decryption key in this embodiment will be described. In this embodiment, the setting data is loaded from the FD when the system is constructed. Memory 213 for registering transmission packet destination address / encryption key
The writing of setting data to the memory is controlled by the memory writing control 222.
Do. On the other hand, the memory # 2 write control 223 controls writing of the setting data to the memory 219 for registering the received packet destination address / decryption key. When the setting data is changed, the registered content in the memory is rewritten by command input from the communication terminal or control terminal in the network. In this case, the setting data processed by the CPU 120 in the WS main body 100 is the internal bus 160.
Memory write control 222 and memory write control 2 via
23. The write controls 222 and 223 are the CPU 1
According to the instruction of 20, the registered contents of the memory 213 and the memory 219 are rewritten.

Next, a third embodiment will be described with reference to FIGS. In this embodiment, the encryption key to be used is determined based on the route information of the packet input from the LAN control unit 180. Note that this embodiment also differs from the above-described first embodiment only in the operation of the encryption unit 200, so the encryption unit 200
Only explained.

In FIG. 8, the route information reading circuit 2
27 reads the route information of the packet input from the LAN control unit 180 and transfers it to the encryption key reading circuit 225. The encryption key reading circuit 225 reads the encryption key to be used from the memory 213 based on the route information.

FIG. 9A shows the memory 21 in this embodiment.
3 shows a configuration example. The memory 213 stores 256 types of transmission packet route information 305 (VCN # 0 to VCN # 25).
For 5), the encryption key 302 has a one-to-one correspondence.
There are 256 types registered. The route information setting method is arbitrary and does not limit the present invention. The encryption key reading circuit 225 transfers the encryption key to the encryption circuit 215. The buffer 214 stores the packet input from the LAN control unit 180 until the transfer of the encryption key. The encryption circuit 215 encrypts the packet input from the buffer 214 and transfers it to the transmission unit 210. In this embodiment, the root information is encrypted using the common encryption key, and the other parts are encrypted using the encryption key read from the memory 213.

In this embodiment as well, since no specific parameter such as the encryption key ID in the first embodiment is used, the LAN control unit supports the packet format exchanged between the encryption unit 200 and the transmission unit 210. It exactly matches the packet format of the MAC layer protocol.

Next, encrypted information (packet) from the LAN
The process when the is received will be described. The route information separation circuit 228 copies a section of route information from the encrypted packet and transfers it to the decryption key reading circuit 218. Based on the route information, the decryption key reading circuit 218 determines whether the memory 21
The decryption key is read from 9. Since the route information is encrypted with the common encryption key, all receiving terminals can decrypt the route information. In this embodiment, since the common encryption key is used to encrypt the route information, the plaintext route information and the encrypted route information have a one-to-one correspondence, so that the route information of the received packet is not decrypted. It is also possible to use it to select the decryption key. It is also possible to transfer the route information together with other encrypted information without encrypting it. In that case, the route information copied by the route information separation circuit 228 is used as it is to select the decryption key.

FIG. 9B shows a configuration example of the memory 219. In this embodiment, 256 kinds of decryption keys 40 are provided so as to correspond one-to-one with the route information 404 of the received packet.
2 is registered. The same decryption key can be associated with a plurality of different route information. In such a case, 256 types of route information are used.
A decryption key of the type or less is registered. Decryption key readout circuit 2
18 reads the decryption key uniquely determined by the route information and transfers it to the decryption circuit 221. Decoding circuit 221 is buffer 2
The packet input from 20 is decrypted using the decryption key and L
The data is transferred to the AN control unit 180.

Next, a method of setting the transmission packet route information / encryption key and the reception packet route information / decryption key in this embodiment will be described. In this embodiment, the setting data is loaded from the FD when the system is constructed. The writing control of the setting data to the memory 213 for registering the transmission packet route information / encryption key is performed by the writing control 22 of the memory 213.
2 does. On the other hand, the writing control 223 of the memory 219 controls writing of the setting data to the memory 219 that registers the received packet route information / decryption key. When the setting data is changed, the registered content in the memory is rewritten by command input from the communication terminal or control terminal in the network. In this case, the WS main body 100
The setting data processed by the internal CPU 120 is the internal bus 1
Memory # 1 write control 222 and memory # via 60
2 write control 223. The write controls 222 and 223 rewrite the registered contents of the memory 213 and the memory 219 based on the instruction of the CPU 120.

Next, a fourth embodiment will be described with reference to FIGS. In this embodiment, the encryption key to be used is determined based on the MAC address of the communication terminal that transmits the packet. Therefore, one communication terminal is physically a plurality of M
One terminal has a plurality of encryption keys when it has an AC address, and when a plurality of communication terminals share one MAC address, a plurality of terminals share one encryption key. Become. Note that this embodiment also differs from the above-described first embodiment only in the operation of the encryption unit 200, so only the encryption unit 200 will be described.

In FIG. 10, the transmission source address reading circuit 229 reads the transmission source address of the packet input from the LAN control unit 180, and the encryption key reading circuit 2
25. The encryption key reading circuit 225 stores the encryption key to be used in the memory 21 based on the source address.
Read from 3.

FIG. 11A shows the memory 2 in this embodiment.
13 shows an example of the configuration. In this embodiment, one type of encryption key 30 is used for one type of transmission packet source address 306.
2 is registered. The encryption key reading circuit 225 transfers the encryption key to the encryption circuit 215. Buffer 214
Stores the packet input from the LAN control unit 180 only for the time until the encryption key is transferred. The encryption circuit 215 encrypts the packet input from the buffer 214 and transfers it to the transmission unit 210. In the present embodiment, the destination address and the source address are encrypted using the common encryption key, and the other parts are encrypted using the encryption key read from the memory 213.

In this embodiment as well, since no specific parameter such as the encryption key ID in the first embodiment is used, the LAN control unit supports the packet format exchanged between the encryption unit 200 and the transmission unit 210. It matches the packet format of the MAC layer protocol.

Next, the encrypted information (packet) is sent from the LAN.
The process when the is received will be described. The source address separating circuit 230 copies the source address section from the encrypted packet and transfers it to the decryption key reading circuit 218. The decryption key reading circuit 218 reads the decryption key from the memory 219 based on the source address. Since the source address is encrypted with the common encryption key, all receiving terminals can decrypt the source address. In this embodiment, since the common encryption key is used to encrypt the source address, the plaintext source address and the encrypted source address correspond one-to-one, so the source address of the received packet It is also possible to select the decryption key using without decrypting. It is also possible to transfer the source address together with other encrypted information without encrypting it, and in that case, the source address copied by the source address separating circuit 230 is used as it is to select the decryption key. .

FIG. 11B shows a configuration example of the memory 219. In this embodiment, 256 types of decryption keys 402 are registered so as to correspond to the source addresses 405 of the 256 types of received packets in a one-to-one correspondence. The same decryption key can be associated with different source addresses of received packets. 256 in such cases
Up to 256 types of decryption keys are registered for each type of destination address. The decryption key read circuit 218 reads the decryption key uniquely determined by the source address and transfers it to the decryption circuit 221. The decryption circuit 221 decrypts the packet input from the buffer 220 using the decryption key, and the LAN control unit 18
Transfer to 0.

Next, a method of setting the transmission packet transmission source address / encryption key and the reception packet transmission source address / decryption key in this embodiment will be described. In this embodiment, the setting data is loaded from the FD when the system is constructed. The memory 213 write control 222 controls writing of the setting data to the memory 213 that registers the transmission packet transmission source address / encryption key. On the other hand, the writing control 223 of the memory 219 controls writing of the setting data to the memory 219 that registers the received packet transmission source address / decryption key.
When the setting data is changed, the registered content in the memory is rewritten by command input from the communication terminal or control terminal in the network. In this case, the setting data processed by the CPU 120 in the WS body 100 is transferred to the write control 222 of the memory 213 and the write control 223 of the memory 219 via the internal bus 160. The write controls 222 and 223 rewrite the registered contents of the memory 213 and the memory 219 based on the instruction of the CPU 120.

Next, a fifth embodiment will be described with reference to FIGS. 12, 13 and 14. Whereas the first embodiment transfers the encryption key ID with the encryption information, this embodiment transfers the encryption key with the encryption information. Since only the operation of the encryption unit 200 differs from that of the first embodiment, only the encryption unit 200 will be described.

In FIG. 12, the input packet counting circuit 211 counts the number of packets input from the LAN control unit 180, and the count value is the encryption key reading circuit 23.
Transfer to 1. The encryption key reading circuit 231 reads the encryption key used for encrypting the packet from the memory 213 based on the count value.

FIG. 13A shows a configuration example of the memory 213. In this embodiment, the count value 301 from 0 to 255
, The encryption key 302 is 2 so that there is a one-to-one correspondence.
56 types are registered. The same encryption key can be associated with different count values. In such a case, 256 types or less of encryption keys are registered with respect to 256 types of count values. Further, the encryption key reading circuit 231 outputs the encryption key to the encryption circuit 215.
To the encryption key insertion circuit 232. Buffer 214
Stores the packet input from the LAN control unit 180 only for the time until the encryption key is transferred. Encryption key insertion circuit 23
2 is an encryption key reading circuit 2 at a predetermined position of the packet.
The encryption key transferred from 31 is inserted.

FIG. 14 shows an encryption key 506 in this embodiment.
Indicates the insertion position of. The packet 500 includes a packet header and an information area 501. The destination address 502 and the source address 503 are written in the packet header. The encryption key 506 is inserted between the user information 505 and the packet header. At the MAC layer, the encryption key 50
6 and the user information 505 are treated as the information area 501, the insertion of the encryption key 506 does not affect the MAC layer protocol.

On the other hand, the encryption circuit 215 has a buffer 214.
The packet to be input is encrypted, and the encryption key insertion circuit 2
32. In this embodiment, the encryption key is encrypted by using an encryption key that can be decrypted by all the communication devices in the network (hereinafter referred to as a common encryption key), and the other part is an individual key read from the memory 213. Encrypt using the encryption key.

Next, the processing when the encrypted information is received from the LAN will be described. The encryption key separating circuit 233 cuts out an encryption key section from the received encrypted packet and transfers it to the decryption key reading circuit 218. The parts other than the encryption key are stored in the buffer 220 as they are. The decryption key reading circuit 218 reads the decryption key from the memory 219 based on the encryption key. Since the encryption key is encrypted with the common encryption key, all receiving terminals can decrypt the encryption key. In this embodiment, since the common encryption key is used to encrypt the encryption key, the plaintext encryption key and the encrypted encryption key have a one-to-one correspondence, so the encryption key of the received packet It is also possible to select the decryption key using without decrypting. It is also possible to transfer the encryption key together with other encryption information without encryption. In that case, the encryption key cut out by the encryption key separation circuit 233 is used as it is to select the decryption key. To do.

FIG. 13B shows a configuration example of the memory 219. In this embodiment, 256 types of encryption keys 406 (CK)
decryption key 402 (D-Key # 0-D-Key # 25) so as to correspond one-to-one with ey # 0-C-Key # 255).
5) is registered in 256 types. The decryption key reading circuit 218 reads the decryption key uniquely determined by the encryption key and transfers it to the decryption circuit 221. The decryption circuit 221 decrypts the packet input from the buffer 220 using the decryption key,
Transfer to the LAN control unit 180.

Next, a method of setting the count value / encryption key / decryption key in this embodiment will be described. In this embodiment, setting data is loaded from a floppy disk (FD) when the system is constructed. The memory # 1 write control 222 controls writing of the setting data to the memory 213 for registering the count value / encryption key. On the other hand, the writing control 223 of the memory 219 controls writing of the setting data to the memory 219 for registering the encryption key / decryption key. When the setting data is changed, the registered content in the memory is rewritten by command input from the communication terminal or control terminal in the network. In this case, the WS body 10
The setting data processed by the CPU 120 in 0 is transferred to the write control 222 of the memory 213 and the write control 223 of the memory 219 via the internal bus 160. Write control 22
2 and 223 rewrite the registered contents of the memory 213 and the memory 219 based on the instruction of the CPU 120.

Next, a sixth embodiment will be described with reference to FIGS. 15, 16 and 17. Whereas the first embodiment transfers the encryption key ID with the encryption information, this embodiment transfers the decryption key with the encryption information. Since only the operation of the encryption unit 200 differs from that of the first embodiment, only the encryption unit 200 will be described.

In FIG. 15, the input packet counting circuit 211 counts the number of packets input from the LAN control unit 180 and transfers the count value to the encryption key / decryption key reading circuit 234. Based on the count value, the encryption key / decryption key reading circuit 234 stores the encryption key used to encrypt the packet and the decryption key used at the time of decryption in the memory 2.
Read from 13.

FIG. 16 shows a configuration example of the memory 213. In this embodiment, the encryption key 302 and the decryption key 3 correspond to the count value 301 from 0 to 255 in a one-to-one correspondence.
There are 256 sets of 07 registered. The same encryption key / decryption key can be associated with different count values. In such a case, 256 sets or less of encryption / decryption keys are registered for 256 kinds of count values. Further, the encryption key / decryption key reading circuit 234 transfers the encryption key to the encryption circuit 215 and the decryption key to the decryption key insertion circuit 235. The buffer 214 stores the packet input from the LAN control unit 180 only for the time until the encryption key is transferred. The decryption key insertion circuit 232 inserts the decryption key transferred from the encryption key / decryption key reading circuit 234 into a predetermined position of the packet.

FIG. 17 shows the insertion position of the decryption key 507 in this embodiment. The packet 500 includes a packet header and an information area 501. The destination address 502 and the source address 503 are written in the packet header. The decryption key 507 is inserted between the user information 505 and the packet header. Since the MAC layer handles the decryption key 507 and the user information 505 as the information area 501, the insertion of the decryption key 507 does not affect the MAC layer protocol.

The encryption circuit 215 encrypts the packet input from the buffer 214 and transfers it to the decryption key insertion circuit 235. In the present embodiment, the decryption key is encrypted using the common encryption key, and the other parts are encrypted using the individual encryption key read from the memory 213.

Next, the processing when the encrypted information is received from the LAN will be described. The decryption key separation circuit 236 cuts out a decryption key section from the received encrypted packet and transfers it to the decryption circuit 221. Since the decryption key is encrypted with the common encryption key, all receiving terminals can decrypt the decryption key. It is also possible to transfer the decryption key together with other encrypted information without encrypting it, and in that case, the decryption key cut out by the decryption key separation circuit 236 is used as it is. The decryption circuit 221 decrypts the packet transferred from the decryption key separation circuit 236 using the decryption key and transfers it to the LAN control unit 180.

Next, a method of setting the count value / encryption key / decryption key in this embodiment will be described. In this embodiment, setting data is loaded from a floppy disk (FD) when the system is constructed. The writing control 222 of the memory 213 controls writing of setting data to the memory 213 for registering the count value / encryption key / decryption key. When the setting data is changed, the registered content in the memory is rewritten by command input from the communication terminal or control terminal in the network. In this case, WS main unit 1
The setting data processed by the CPU 120 in 00 is transferred to the write control 222 of the memory 213 via the internal bus 160. The write control 222 rewrites the registered content of the memory 213 based on the instruction of the CPU 120.

Next, a seventh embodiment will be described with reference to FIGS. 18, 19 and 20. While the first embodiment transfers the encryption key ID together with the encryption information, this embodiment transfers the decryption key identifier (hereinafter referred to as the decryption key ID) together with the encryption information. Since only the operation of the encryption unit 200 differs from that of the first embodiment, only the encryption unit 200 will be described.

In FIG. 18, the input packet counting circuit 211 counts the number of packets input from the LAN control unit 180 and transfers the count value to the encryption key / ID reading circuit 212. Encryption key / ID read circuit 21
2 reads out, from the memory 213, a decryption key ID that uniquely indicates an encryption key used for packet encryption and a decryption key corresponding to the encryption key.

FIG. 19A shows a configuration example of the memory 213. In this embodiment, the count value 301 from 0 to 255
On the other hand, 256 pairs of the encryption key 302 and the decryption key ID 308 are registered in a one-to-one correspondence. The same encryption key / decryption key ID for different count values
It is also possible to correspond. 2 in such cases
Up to 256 sets of encryption key / decryption key IDs are registered for 56 types of count values. Further, the encryption key / decryption key reading circuit 212 transfers the encryption key to the encryption circuit 215 and the decryption key ID to the decryption key ID insertion circuit 237. The buffer 214 stores the packet input from the LAN control unit 180 only for the time until the encryption key is transferred. The decryption key ID insertion circuit 237 inserts the decryption key ID transferred from the encryption key / ID reading circuit 212 into a predetermined position of the packet.

FIG. 20 shows the decryption key ID 50 in this embodiment.
8 shows the insertion position. The packet 500 is composed of a packet header and an information area 501. The destination address 502 and the source address 503 are written in the packet header. The decryption key ID 508 is inserted between the user information 505 and the packet header. At the MAC layer, the decryption key ID
Since the 508 and the user information 505 are handled as the information area 501, the insertion of the decryption key ID 508 does not affect the MAC layer protocol.

The encryption circuit 215 encrypts the packet input from the buffer 214, and the decryption key ID insertion circuit 237.
Transfer to. In the present embodiment, the decryption key is encrypted using the common encryption key, and the other parts are encrypted using the individual encryption key read from the memory 213.

Next, the processing when the encrypted information is received from the LAN will be described. Decryption key ID separation circuit 237
Cuts out the decryption key ID section from the received encrypted packet and transfers it to the decryption key reading circuit 218. Decryption key ID
The other parts are stored in the buffer 220 as they are. The decryption key reading circuit 218 reads the decryption key from the memory 219 based on the decryption key ID. Since the decryption key ID is encrypted with the common encryption key, all receiving terminals can decrypt the decryption key ID. Since the common encryption key is used to encrypt the decryption key ID in this embodiment, the plaintext decryption key ID and the encrypted decryption key ID have a one-to-one correspondence, so the decryption key ID of the received packet It is also possible to select the decryption key using without decrypting. It is also possible to transfer the decryption key ID together with other encrypted information without encrypting it, and in that case, the decryption key ID cut out by the decryption key ID separation circuit 238 is used as it is to select the decryption key. To do.

FIG. 19B shows a configuration example of the memory 219. In this embodiment, 256 types of decryption keys 402 are registered so as to correspond one-to-one to 256 types of decryption key IDs 407. The decryption key reading circuit 218 reads the decryption key uniquely determined by the decryption key ID and transfers it to the decryption circuit 221. The decryption circuit 221 decrypts the packet input from the buffer 220 using the decryption key and transfers it to the LAN control unit 180.

Next, a method of setting the count value / encryption key / decryption key ID / decryption key in this embodiment will be described.
In this embodiment, the floppy disk is
Load the setting data from (FD). The writing control 222 of the memory 213 controls writing of the setting data to the memory 213 that registers the count value / encryption key / decryption key ID. The writing control of the setting data to the memory 219 for registering the decryption key ID / decryption key is performed by the writing control 22 of the memory 219.
3 does. When the setting data is changed, the registered content in the memory is rewritten by command input from the communication terminal or control terminal in the network. In this case, the setting data processed by the CPU 120 in the WS body 100 is transferred to the write control 222 of the memory 213 via the internal bus 160. The write control 222 is the CPU 12
Based on the instruction of 0, the registered contents of the memory 213 and the memory 219 are rewritten.

Next, the eighth embodiment will be described with reference to FIGS. The seventh embodiment is different from the first embodiment in the setting method of the memories 213 and 219. That is, in the first embodiment, the setting of the memories 213 and 219 was performed by loading the setting data from the FD. In this embodiment, as shown in FIG. 21, the setting data in the memories 213 and 219 is stored in the ROM 1 in the LAN interface 140.
Read from 91.

In FIG. 22, the write control 239 is a ROM.
Setting data from 191 to the memory 213 (count value /
The encryption key / encryption key ID) is read and written in the memory 213. The write control 240 is based on the ROM 191 and the memory 2
Setting data for 19 (encryption key ID / decryption key) is read and written in the memory 219.

It is easy to apply this embodiment to the second to seventh embodiments. When applied to the second embodiment, the contents stored in the ROM 191 are stored in the memory 2
13 for sending packet destination address / encryption key, for memory 219 for receiving packet destination address /
You can use the decryption key. When applied to the third embodiment, the contents stored in the ROM 191 are used as the transmission packet route information / encryption key for the memory 213, and are stored in the memory 2
It is sufficient to use the received packet route information / decryption key for 19. When applied to the fourth embodiment, the ROM 191
The contents stored in the memory 213 may be the transmission packet source address / encryption key for the memory 213 and the reception packet source address / decryption key for the memory 219. When applied to the fifth embodiment, the contents stored in the ROM 191 may be the count value / encryption key for the memory 213 and the encryption key / decryption key for the memory 219. When applied to the sixth embodiment, the contents stored in the ROM 191 may be the count value / encryption key / decryption key for the memory 213. When applied to the seventh embodiment, the contents stored in the ROM 191 are used as the count value / encryption key / decryption key ID for the memory 213 and the memory 219.
For decryption, the decryption key ID / decryption key may be used.

[0080]

According to the present invention, since the identification information that uniquely indicates the encryption key / decryption key is transferred together with the encryption information, the encryption information can be accurately decrypted even in the secret communication using a plurality of encryption keys. can do.

When the encryption key or the decryption key itself is used as the identification information, any encryption key can be used for any communication terminal, so that the reliability of the secret communication is further improved.

When the encryption key identifier or the decryption key identifier is used as the identification information, the encryption key or the decryption key can be used for any communication terminal, and the encryption key or the decryption key can be used as the identifier. Since it is expressed as, the reliability of the confidential communication is further improved.

When the terminal address or the route information is used as the identification information, the encryption key / decryption key can be specified without using a special identifier.

[Brief description of drawings]

FIG. 1 is a block diagram of an encryption unit according to a first embodiment of the present invention.

FIG. 2 is a diagram illustrating a communication terminal (W according to the first embodiment of the present invention.
S) Block diagram of the main body.

FIG. 3 is a block diagram of a LAN interface according to the first embodiment of this invention.

FIG. 4 is an explanatory diagram of an encryption key storage unit and a decryption key storage unit according to the first embodiment of the present invention.

FIG. 5 is an explanatory diagram of a packet according to the first embodiment of this invention.

FIG. 6 is a block diagram of an encryption unit in the second embodiment of the present invention.

FIG. 7 is an explanatory diagram of an encryption key storage unit and a decryption key storage unit according to the second embodiment of the present invention.

FIG. 8 is a block diagram of an encryption unit in the third embodiment of the present invention.

FIG. 9 is an explanatory diagram of an encryption key storage unit and a decryption key storage unit according to the third embodiment of the present invention.

FIG. 10 is a block diagram of an encryption unit according to a fourth embodiment of the present invention.

FIG. 11 is an explanatory diagram of an encryption key storage unit and a decryption key storage unit according to the fourth embodiment of the present invention.

FIG. 12 is a block diagram of an encryption unit according to a fifth embodiment of the present invention.

FIG. 13 is an explanatory diagram of an encryption key storage unit and a decryption key storage unit according to the fifth embodiment of the present invention.

FIG. 14 is an explanatory diagram of packets in the fifth embodiment of the present invention.

FIG. 15 is a block diagram of an encryption unit according to a sixth embodiment of the present invention.

FIG. 16 is an explanatory diagram of an encryption key / decryption key storage unit according to the sixth embodiment of the present invention.

FIG. 17 is an explanatory diagram of a packet according to the sixth embodiment of the present invention.

FIG. 18 is a block diagram of an encryption unit in a seventh embodiment of the present invention.

FIG. 19 is a configuration diagram of an encryption key storage unit and a decryption key storage unit according to a seventh embodiment of the present invention.

FIG. 20 is an explanatory diagram of a packet according to the seventh embodiment of this invention.

FIG. 21 is a block diagram of a LAN interface according to an eighth embodiment of the present invention.

FIG. 22 is a block diagram of an encryption unit according to an eighth embodiment of the present invention.

[Explanation of symbols]

Reference numeral 200 ... Encryption unit, 211 ... Input packet count circuit, 212 ... Encryption key / ID read circuit, 213 ... Memory, 215 ... Encryption circuit, 216 ... Encryption key ID insertion circuit, 217 ... Encryption key ID separation circuit 218 ... Decryption key reading circuit, 219 ... Memory, 221 ... Decryption circuit, 2
22 ... Memory writing control, 223 ... Memory writing control.

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁵ Identification number Reference number in the agency FI Technical indication location H04L 12/28 (72) Inventor Hideya Suzuki 1-280, Higashi Koigokubo, Kokubunji, Tokyo Hitachi Central In the laboratory

Claims (32)

[Claims] 1. An information transfer system for encrypting and transferring information from a transmitting terminal to a receiving terminal, wherein the transmitting terminal transfers an encryption key together with the encrypted information each time the transmitting information is transferred, and the receiving terminal An information transfer system comprising means for determining a decryption key from an encryption key in the received information, and decrypting the received information using the decryption key. 2. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, wherein the transmitting terminal comprises means for changing an encryption key to be used according to a predetermined rule, and changing the encryption key. The encryption key is transferred together with the encryption information each time, and the receiving terminal comprises means for determining a decryption key from the encryption key in the received information, and the reception information is transmitted using the decryption key. Information transfer method characterized by decoding. 3. The information transfer method according to claim 1, wherein at least the encryption key is encrypted using the encryption key that can be decrypted by all communication terminals in the network. 4. The information transfer method according to claim 1, wherein at least the encryption key is transferred without being encrypted. 5. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, wherein each time the transmitting terminal transfers encrypted information, a decryption key corresponding to the encryption key is transferred together with the encrypted information. Then, the receiving terminal decrypts the received information using a decryption key in the received information. 6. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, wherein the transmitting terminal comprises means for changing an encryption key to be used according to a predetermined rule, and changing the encryption key. An information transfer system characterized in that a decryption key corresponding to the encryption key is transferred together with the encrypted information each time the decryption key is decrypted, and the receiving terminal decrypts the received information using the decryption key in the received information. 7. The information transfer method according to claim 5, wherein at least the decryption key is encrypted using a common key. 8. The information transfer method according to claim 5, wherein at least the decryption key is transferred without being encrypted. 9. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, wherein the transmitting terminal comprises means for determining an encryption key identifier uniquely indicating an encryption key to be used, and the encryption is performed. Each time information is transferred, the encryption key identifier is transferred together with the encryption information, and the receiving terminal comprises means for determining a decryption key from the encryption key identifier in the received information, and using the decryption key. An information transfer method characterized by decoding the received information. 10. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, said transmitting terminal determining means for an encryption key uniquely indicating an encryption key to be used, and according to a predetermined rule. A means for changing the encryption key to be used, the encryption key identifier is transferred together with the encryption information each time the encryption key is changed, and the receiving terminal receives the encryption key in the received information. An information transfer system characterized by comprising means for determining a decryption key from the identifier, and decrypting the received information using the decryption key. 11. The information according to claim 9 or 10, comprising, as means for determining the encryption key identifier, means for storing one or a plurality of the encryption keys and one encryption key identifier in association with each other. Transfer method. 12. The information transfer method according to claim 9, 10 or 11, wherein at least the encryption key identifier is encrypted using the common key. 13. The information transfer method according to claim 9, 10 or 11, wherein at least the encryption key identifier is transferred without being encrypted. 14. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, wherein the transmitting terminal comprises means for determining a decryption key identifier uniquely indicating a decryption key corresponding to an encryption key to be used. And each time the encrypted information is transferred, the decryption key identifier is transferred together with the encrypted information, and the receiving terminal comprises means for determining the decryption key from the decryption key identifier in the received information. An information transfer method characterized in that the received information is decrypted using a decryption key. 15. An information transfer system for encrypting and transferring information from a transmitting terminal to a receiving terminal, said transmitting terminal determining a decryption key identifier uniquely indicating a decryption key corresponding to an encryption key to be used, A means for changing the encryption key to be used according to a predetermined rule is provided, and the decryption key identifier is transferred together with encryption information each time the encryption key is changed,
The information transfer system, wherein the receiving terminal includes means for determining the decryption key from the decryption key identifier in the received information, and decrypts the received information using the decryption key. 16. The information transfer system according to claim 14 or 15, comprising means for determining the decryption key identifier, and means for storing one or more of the encryption keys and one decryption key identifier in association with each other. . 17. The method according to claim 14, 15 or 16,
An information transfer method in which at least the decryption key identifier is encrypted using the common key. 18. The method according to claim 14, 15 or 16,
An information transfer method in which at least the decryption key identifier is transferred without being encrypted. 19. In an information transfer system for encrypting information from a transmitting terminal to a receiving terminal and packetizing and transmitting the encrypted information, the transmitting terminal encrypts the information using two or more types of encryption keys, Is assembled and transferred to the receiving terminal. 20. The transmission terminal according to claim 19, further comprising means for determining the encryption key identifier that uniquely indicates the encryption key to be used, and the encryption key is transferred each time the encryption information is transferred. Information for transferring an identifier together with the encrypted information, the receiving terminal comprising means for determining the decryption key from the encrypted key identifier in the received information, the information for decrypting the received information using the decryption key Transfer method. 21. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, wherein the transmitting terminal determines an encryption key from either or both of a transmitting terminal address and a receiving terminal address, An information transfer method, wherein the receiving terminal determines the decryption key from either or both of the transmitting terminal address and the receiving terminal address in the received information. 22. The means for determining the encryption key according to claim 21, further comprising means for storing one or a plurality of the transmission terminal addresses and one of the encryption keys in association with each other, and determining the decryption key. An information transfer system comprising means for storing one or a plurality of the transmission terminal addresses and one of the decryption keys in association with each other. 23. The means for determining the encryption key according to claim 21, further comprising: a means for storing one or more of the receiving terminal addresses and one of the encryption keys in association with each other, and storing the decryption key. An information transfer system comprising a means for storing one or more of the receiving terminal addresses and one of the decryption keys in association with each other as means for determining. 24. The means for determining the encryption key according to claim 21, wherein a means for storing one or a plurality of combinations of the transmission terminal address and the reception terminal address and one encryption key is stored. An information transfer system, comprising: as means for determining the decryption key, means for storing one or more combinations of the transmission terminal address and the reception terminal address and one decryption key in association with each other. 25. The transmission terminal according to claim 21, 22, 23 or 24, wherein at least one or both of the transmission terminal address and the reception terminal address is transferred together with the transfer information without being encrypted. Information transfer method. 26. The transmission information according to claim 21, 22, 23, or 24, wherein the transmission terminal encrypts one or both of the transmission terminal address and the reception terminal address by using a common key, Information transfer method to transfer with. 27. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, wherein the transmitting terminal determines an encryption key from route information indicating a transfer route from the transmitting terminal to the receiving terminal. The information transfer method, wherein the receiving terminal determines a decryption key from the route information in the received information. 28. The means for determining the encryption key according to claim 27, further comprising means for storing one or a plurality of route information and the one encryption key in association with each other.
An information transfer system, comprising means for storing one or more of the route information and one of the decryption keys in association with each other as means for determining the decryption key. 29. The information transfer method according to claim 27, wherein the transmitting terminal transfers at least the route information together with the transfer information without encrypting the route information. 30. The information transfer method according to claim 27, wherein the transmitting terminal encrypts at least the route information using the common key and transfers the encrypted route information together with the transfer information. 31. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, the method comprising: loading from a floppy disk, loading from a read-only memory, and command input from a communication terminal or control terminal. An information transmission method characterized in that an encryption key is set by at least one means. 32. An information transfer method for encrypting and transferring information from a transmitting terminal to a receiving terminal, wherein any one of loading from a floppy disk, loading from a read-only memory, and command input from a communication terminal or a control terminal is performed. An information transfer system comprising a plurality of setting means and further selecting any setting means.