JPH1084338A - Ciphered information communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide the communication method for ciphered information high in security and easy in operation. SOLUTION: A sender terminal equipment 201 uses system key information sent from a ciphering processing server 30 on request to send a ciphered information signal obtained by ciphering message information to a terminal equipment 20n of the transmission destination. The destination terminal equipment 20n sends a reciphered signal obtained by ciphering the ciphered information signal sent from the sender terminal equipment 201 based on its own secret key to a ciphering processing server 30. The ciphering processing server 30 sends a system key release ciphered signal obtained by decoding the re-ciphering signal with the system key information to the destination terminal equipment 20n. The destination terminal equipment 20n decodes the system key release ciphered signal with the secret key to obtain message information and sends a ciphering communication end signal to the ciphering processing server 30. The ciphering processing server 30 deletes the content of the stored system key information in response to the ciphering communication end signal.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information communication system using an information network, and more particularly, to an encrypted information communication system that secures information security by encrypting and transmitting information to be transmitted.

[0002]

2. Description of the Related Art In recent years, a secret key cryptosystem has become widespread as a system for performing information communication with one specific client while ensuring security on an open information network. In such a secret key cryptosystem, a secret key for encryption is determined in advance between clients performing information communication, and this secret key is commonly used by both clients to encrypt and transmit information to be transmitted. It decrypts the encrypted information.

[0003] However, in such a secret key cryptosystem, it is necessary to hold a different secret key for each client as a communication partner. Therefore, there is a problem in that as the number of partners increases, the time and effort required for management increases. there were. Furthermore,
Since the secret key is known at least to the client that is the communication partner, there is a problem in security.

[0004]

SUMMARY OF THE INVENTION An object of the present invention is to provide an encrypted information communication system which is easy to operate and has high security. I do.

[0005]

An encrypted information communication system according to the present invention is an encrypted information communication system comprising a plurality of terminal devices connected to an information network and a cryptographic processing server connected to the information network. So,
The cryptographic processing server is means for transmitting system key information to a corresponding terminal device in response to a transmission request signal transmitted from a terminal device in a transmission mode of the terminal device, and is in a reception mode of the terminal device. Means for obtaining a system key release encrypted signal by decrypting the re-encrypted signal transmitted from the terminal device using the system key information, and means for transmitting the system key release encrypted signal to the corresponding terminal device. The terminal device is in the transmission mode, and transmits the transmission request signal to the cryptographic processing server when encrypting and transmitting the message information; and the system key information transmitted from the cryptographic processing server. Means for encrypting the message information in accordance with an encryption algorithm according to the above to generate an encrypted information signal; Means for transmitting the encrypted information signal to the information transmission destination terminal device in the reception mode, and re-encrypts the received encrypted information signal according to an encryption algorithm according to the secret key information to generate a re-encrypted signal. Means for transmitting the re-encrypted signal to the cryptographic processing server; and decrypting the message information by decrypting the system key release encrypted signal transmitted from the cryptographic processing server with the secret key information. And a means for transmitting a cryptographic communication end signal to the cryptographic processing server.

[0006]

FIG. 1 is a diagram showing the overall configuration of an encrypted information communication system according to the present invention. In encrypted information communication system shown in FIG. 1, the information network 10 is connected to the Internet or the like, are connected to the plurality of client terminal devices 20 ₁ to 20 _n. The information network 10 is, for example, an LA having a bus structure.
It is built with Ethernet as N (local area network).

Further, the information network 10 includes:
The cryptographic processing server 30 is connected. Each of the client terminal apparatus 20 ₁ to 20 _n are, for example, a personal computer, EWS (engineering workstation) or the like. These client terminal device 20 ₁ to
Each of the terminals 20 _n stores in advance an identification number ID and public key information P set for each client terminal device, and a program for performing encrypted information communication according to the present invention.

FIGS. 2 to 5 show each client terminal device 2.
0 is a diagram showing each subroutine flow as ₁ to 20 _n the encrypted information communication program previously stored in each. FIG. 2 shows a terminal first subroutine that is executed when a user operates an input device such as a keyboard (not shown) to issue an instruction to transmit encrypted information to another client terminal device. FIG.

That is, in response to the command, a CPU (central processing unit) mounted on the client terminal device
Is to temporarily suspend the processing by the currently executed main routine (the description is omitted) and shift to the execution processing of the terminal first subroutine shown in FIG. In FIG. 2, the CPU of the client terminal device transmits a transmission request signal RQ _n (n indicates the client terminal device of the transmission source) to the information network 10 in order to request the cryptographic processing server 30 to perform information communication. Send (Step S2
1). Note that the transmission request signal RQ _n also includes information indicating the client terminal device of the transmission destination.
After the execution of step S21, the CPU exits the terminal first subroutine and returns to the processing of the main routine.

On the other hand, the second terminal shown in FIGS.
Each of the subroutines 4 to 4 is executed at predetermined intervals during the execution of the main routine. In the terminal second subroutine shown in FIG. 3, the CPU, first, the system key information K _n is, it is determined whether or not received through the information network 10 (step S3
1). In step S31, if the system key information K _n is determined not to be received, it exits such terminal second subroutine, the process returns to the main routine. On the other hand, if it is determined in step S31 that the system key information K _n has been received, the message information M to be transmitted is replaced with the system key information K _n and the public key information P of the destination client terminal device. _{The following} encrypted information signal U _nm encrypted based on a predetermined encryption algorithm U using _m is generated (step S3).
2).

[0011]

U _nm = U {M, K _n , P _m } where n indicates the client terminal of the transmission source, and m indicates the client terminal of the transmission destination It is. The message information M may be not only document data created by a word processor or the like but also video data and audio data.

After the end of step S32, the CPU
Transmits the encrypted information signal U _nm to the information network 10.
Is transmitted to the client terminal device of the transmission destination via (step S33). After the end of step S33, the CPU
Exits the terminal second subroutine and returns to the processing of the main routine. In the terminal third subroutine shown in FIG. 4, the CPU first determines whether or not the encrypted information signal U _nm has been received via the information network 10 (step S41). Step S41
If it is determined that the encrypted information signal U _nm has not been received, the process exits the terminal third subroutine and returns to the processing of the main routine. On the other hand, when it is determined in step S41 that the encrypted information signal U _nm has been received, the public key information P _m is removed from the encrypted information signal U _nm and the intermediate decryption signal V _m is obtained (step S42).

[0013]

V _m = U {M, K _n } Next, the CPU generates the intermediate decryption signal V _m using the identification number ID _{m of the} terminal itself and the secret key information Q _m arbitrarily generated. To generate a re-encrypted signal U _m as described below (step S43).

[0014]

U _m = U ｛M, K _n , ID _m , Q _m ｝ Next, the CPU transmits the re-encrypted signal U _m to the cryptographic processing server 30 via the information network 10 (step). S44). After the end of step S44,
The CPU exits the terminal third subroutine and returns to the processing of the main routine.

In the terminal fourth subroutine shown in FIG. 5, the CPU first determines whether or not the K-deleted encrypted signal U _m 'has been received via the information network 10 (step S51). ). Step S51
If it is determined that the K-decryption signal U _m ′ has not been received, the process exits the terminal fourth subroutine and returns to the processing of the main routine. On the other hand, if it is determined in step S51 that the K-deleted encrypted signal U _m ′ has been received, the CPU determines from the K-decrypted signal U _m ′ the identification number ID _{m of} its terminal and the secret key information Q _m is removed to obtain the original message information M (step S52).

After the end of step S52, the CPU
Transmits the encrypted communication end signal F _m through the information network 10 to the encryption processing server 30 (step S5
3). After the end of step S53, the CPU exits this terminal fourth subroutine and returns to the processing of the main routine. As described above, among the client terminal devices, the terminal device that is the source of the message information M operates in the transmission mode in which the terminal subroutine shown in FIGS. 2 and 3 is executed. On the other hand, the terminal device to which the encrypted message information M is transmitted is the same as that in FIG.
5 and operates in the reception mode in which the terminal subroutine shown in FIG. 5 is executed.

Next, the cryptographic processing server 30 shown in FIG.
Is described. FIG. 6 is a diagram showing a schematic configuration of the cryptographic processing server 30. In FIG. 6, a random number generator 3
1 generates a binary random number that is safe in terms of information theory, that is, a random number that cannot estimate the next bit with a probability of 50% or more in the current bit string. For example, thermal noise generated by a reverse bias or the like of a semiconductor PN junction is amplified, and the amplified noise is subjected to a band-pass filter and then binarized with a predetermined threshold value to generate a random number signal. Such thermal noise is basically white normal noise, ie, a normal distribution N
(Μ, δ) and has all frequency components. Therefore, for example, depending on whether the noise amplitude is larger or smaller than the average μ, a binary random number signal having good statistical properties can be generated.

When a random number request signal is supplied from the controller 32, the random number generator 31 supplies the controller 32 with a random number signal consisting of a predetermined number of bit strings generated at this time. Repeater 33, the client terminal apparatus 20 ₁ which is connected on the information network 10
The communication arbitration between each of the controllers 20 _n and the controller 32 is performed.

The controller 32 comprises, for example, a personal computer, an EWS (engineering workstation), or the like. In such controller 32, information for identifying the client terminal apparatus 20 ₁ to 20 _n respectively connected to the information network 10 is registered in advance. Further, a program for performing the encrypted information communication according to the present invention is stored in the controller 32 in advance.

FIGS. 7 to 9 are flowcharts showing subroutines of the encrypted information communication program stored in the controller 32 in advance. Each of the server first to third subroutines shown in FIGS. 7 to 9 is executed at predetermined intervals during the execution of the main routine executed by the controller 32.

[0021] In the server first subroutine shown in FIG. 7, the controller 32 first sends a request signal RQ _n is, it is determined whether or not received through the information network 10 (step S71). In step S71, when the transmission request signal RQ _n is determined not to be received, exits such server first subroutine, the process returns to the main routine.
On the other hand, in such a step S71, if the transmission request signal RQ _n is determined to have been received, the controller 32 transmits the request signal RQ _n this received
, The source and destination of the client terminal device requesting the encrypted information communication are recognized and stored in an encryption processing memory area in a memory (not shown) provided in the controller 32. (Step S72).
Next, the controller 32 supplies a random number request signal to the random number generator 31. By performing step S72,
The random number generator 31 supplies a random number signal generated at that time to the controller 32. Thereafter, the controller 32 stores the random number signal as system key information K _{n in the} memory area for encryption processing (Step S).
74). Next, the controller 32 transmits the system key information _Kn to the source client terminal device stored in the memory area for encryption processing via the information network 10 (step S75). After the end of the step S75, the controller 32 exits the server first subroutine and returns to the processing of the main routine.

The server second subroutine shown in FIG.
First, the controller 32 first re-encrypts
Signal U_mHas been received via the information network 10
It is determined whether or not this is the case (step S81). Step S8
1, the re-encrypted signal U _mIs not received
If it is set, the server second subroutine is skipped.
Then, the process returns to the main routine. Meanwhile, take
In step S81, the re-encrypted signal U_mIs received
If it is determined that the re-encrypted signal U_mFrom
System key information K_nK-release encryption as follows
Signal U_m'(Step S82).

[0023]

U _m ′ = U {M, ID _m , Q _m } Next, the controller 32 sends the K-decryption signal U
_m ′ is transmitted to the client terminal device of the transmission destination stored in the encryption processing memory area via the information network 10 (step S83). After the end of the step S83, the controller 32 makes this server second
After exiting the subroutine, the process returns to the main routine.

[0024] Further, in the server third subroutine shown in FIG. 9, the controller 32, the encryption communication end signal F _m is, it is determined whether or not received through the information network 10 (step S91). Step S91
In the case where the encrypted communication end signal F _m is determined not to be received, it exits such server third subroutine, the process returns to the main routine. On the other hand, in step S91, the encrypted communication end signal F _m
Is determined to have been received, all the contents stored in the encryption processing memory area are deleted (step S
92). After the end of step S92, the controller 32 exits the terminal third subroutine and returns to the processing of the main routine.

Next, the operation of the above-mentioned encrypted information communication system will be described with reference to the process charts as shown in FIGS. In addition, this process diagram shows a communication process when transmitting the encryption information from the client terminal device A to the client terminal device D among the four client terminal devices A to D connected to the information network 10. is there.

First, the operator of the client terminal device A informs the user that the predetermined message information M is to be encrypted and transmitted to the client terminal device D by using an input device such as a keyboard provided in the client terminal device A (see FIG. (Not shown). In response to the instruction, the CPU of the client terminal device A temporarily suspends the processing of the currently executed main routine, and proceeds to the execution processing of the first subroutine shown in FIG.

By executing the first subroutine, the transmission request signal RQ _A is transmitted from the client terminal device A to the cryptographic processing server 30 via the information network 10 as shown in the first step of FIG. . Here, the encryption processing server 30 receives such a transmission request signal RQ _A, the controller 32 of the encryption processing server 30 will be performed the steps S72~S75 server first subroutine shown in FIG. 7 .

By executing the steps S72 to S75, as shown in the second step of FIG. 11, the cryptographic processing server 30 obtains the system key K _A corresponding to the random number signal generated by the random number generator 31. It is transmitted to the client terminal device A that is the transmission source. Here, when the client terminal device A receives the system key K _A , the CPU of the client terminal device A executes steps S32 to S33 of the terminal second subroutine shown in FIG.

By executing the steps S32 to S33, the message information M to be transmitted is transmitted from the client terminal A to the system key information K _A and the transmission destination as shown in the third step of FIG. the client terminal device the public key information P such _D in encryption algorithm based on the following encrypted encrypted information signal U _AD of D is transmitted to the client terminal apparatus D is the destination.

[0030]

U _AD = U {M, K _A , P _D } Here, when the client terminal device D receives this encrypted information signal U _AD , the CPU of the client terminal device D
Is the step S of the terminal third subroutine shown in FIG.
42 to S44 will be performed. Such step S
By executing the 42～S44, as is shown in the fourth stage in FIG. 13, from the client terminal device D, remove the public key information P _D from the encrypted information signal U _AD, to this, the client terminal apparatus D identification number ID _D, and re-encrypted signal U _D such as the following were re-encrypted by using the secret key information Q _D each had been arbitrarily generated is transmitted to the encryption processing server 30.

[0031]

[6] _{U D = U {M, K} A, ID D, Q D} Here, if the encryption processing server 30 receives the re-encrypted signal U _D, the controller of the encryption processing server 30 32
Performs steps S82 to S83 of the server second subroutine shown in FIG. By the execution of step S82～S83, as is shown in the fifth step of FIG. 14, from the encryption processing server 30, such as the following was released system key information K _A in the re-encrypted signal U _D K
Decrypt signals U _D 'is sent to the client terminal apparatus D.

[0032]

Equation 7] _{U D '= U {M,} ID D, Q D} Here, the client terminal device D The K decrypted signal U _D' receives the, CP of the client terminal D
U will perform steps S52 to S53 of the terminal fourth subroutine shown in FIG. By executing the steps S52 to S53, the client terminal device D
From the K decrypted signal U _D ', the identification number ID _D,
And to obtain the original message information M Remove the secret key information Q _D. When the message information M can be obtained, the CPU of the client terminal device D executes the sixth process in FIG.
Although it is shown in stroke as to transmit the current encrypted communication termination signal encrypted information communication notifying the completion F _m to the cryptographic processing server 30.

[0033] Here, it encryption processing server 30 receives such encrypted communication end signal F _m, the controller 32 of the encryption processing server 30 is to implement step S92 of the server third subroutine shown in FIG. 9 As a result, all the contents stored in the encryption memory area are deleted. As described above, in the encrypted communication system according to the present invention, the terminal device that is the source of the message information first requests the cryptographic processing server to perform the encrypted communication. The cryptographic processing server transmits the system key information to the source terminal device in response to the request. The source terminal device encrypts the message information to be transmitted using the system key information transmitted from the cryptographic processing server, and transmits the obtained encrypted information signal to the destination terminal device. In the destination terminal device, the encrypted information signal transmitted from the source terminal device is further
It generates a re-encrypted signal encrypted with its own secret key, and sends it once to the cryptographic processing server. The encryption processing server transmits the re-encrypted signal to the destination terminal device by decrypting the re-encrypted signal with the system key information. The destination terminal device obtains the message information by decrypting the system key release encrypted signal with its own secret key, and transmits an encrypted communication end signal to the encryption processing server. The cryptographic processing server deletes the stored contents of the system key information according to the cryptographic communication end signal.

Thus, according to the encryption communication system of the present invention, there is no need to preliminarily negotiate a secret key to be used for encryption and decryption between clients performing information communication. This eliminates the need for managing such a secret key. Further, since the secret key is not known between the clients, the security can be improved, which is preferable.

Note that, as the encryption algorithm U in the above embodiment, in addition to a public key encryption method such as the EIGamal method, an authentication method using zero-knowledge proof (for example, Fiat-Sha)
mir method) and standard digital signature method (DSA)
Etc. may be adopted.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of an encrypted information communication system according to the present invention.

FIG. 2 is a diagram showing a terminal first subroutine for managing encrypted information communication.

FIG. 3 is a diagram showing a terminal second subroutine for managing encrypted information communication.

FIG. 4 is a diagram showing a terminal third subroutine for managing encrypted information communication.

FIG. 5 is a diagram showing a terminal fourth subroutine for managing encrypted information communication.

FIG. 6 is a diagram showing an internal configuration of the cryptographic processing server 30.

FIG. 7 is a diagram showing a server first subroutine for managing encrypted information communication.

FIG. 8 is a diagram showing a server second subroutine for managing encrypted information communication.

FIG. 9 is a diagram showing a server third subroutine for managing encrypted information communication.

FIG. 10 is a diagram showing a communication process by the encrypted information communication system according to the present invention.

FIG. 11 is a diagram showing a communication process by the encrypted information communication system according to the present invention.

FIG. 12 is a diagram showing a communication process by the encrypted information communication system according to the present invention.

FIG. 13 is a diagram showing a communication process by the encrypted information communication system according to the present invention.

FIG. 14 is a diagram showing a communication process by the encrypted information communication system according to the present invention.

FIG. 15 is a diagram showing a communication process by the encrypted information communication system according to the present invention.

[Brief description of reference numerals]

10 Information network 20 ₁ to 20 _n client terminal 30 the encryption processing server 31 the random number generator 32 controller 33 relay

──────────────────────────────────────────────────の Continuation of the front page (51) Int.Cl. ⁶ Identification code Agency reference number FI Technical indication location G09C 1/00 630 7259-5J G09C 1/00 630A 7259-5J 630E H04L 9/00 601E

Claims (4)

[Claims] 1. An encrypted information communication system comprising: a plurality of terminal devices connected to an information network; and an encryption processing server connected to the information network, wherein the encryption processing server is included in the terminal device. Means for transmitting system key information to a corresponding terminal device in response to a transmission request signal transmitted from the terminal device in the transmission mode, and a re-encryption signal transmitted from the terminal device in the reception mode of the terminal device. Means for obtaining a system key release encrypted signal by decrypting with the system key information, and means for transmitting the system key release encrypted signal to a corresponding terminal device, wherein the terminal device is in the transmission mode Means for transmitting the transmission request signal to the cryptographic processing server when encrypting and transmitting the message information; Means for generating an encrypted information signal by encrypting the message information according to an encryption algorithm corresponding to the system key information transmitted from the server, and means for transmitting the encrypted information signal to a terminal device of the information transmission destination. Have
Means for generating a re-encrypted signal by re-encrypting the received encrypted information signal in accordance with an encryption algorithm according to secret key information in the reception mode, and transmitting the re-encrypted signal to the cryptographic processing server Means for obtaining the message information by decrypting the system key release encrypted signal transmitted from the cryptographic processing server with the secret key information, and transmitting a cryptographic communication end signal to the cryptographic processing server. And an encrypted information communication system. 2. The cryptographic processing server includes a memory for storing the system key information, and erases the system key information stored in the memory in response to the cryptographic communication end signal. 2. The encrypted information communication system according to claim 1, wherein: 3. The cryptographic processing server includes a random number generator, and generates the system key information based on the random number signal generated by the random number generator when the transmission request signal is received. Claim 1.
An encrypted information communication system according to claim 1. 4. The random number generator includes a transistor PN
4. The encrypted information communication system according to claim 3, wherein a signal obtained by binarizing a signal corresponding to thermal noise generated according to a reverse bias of the junction is generated as the random number signal.