JPS61236238A - Method for transferring key - Google Patents
Method for transferring keyInfo
- Publication number
- JPS61236238A JPS61236238A JP60076418A JP7641885A JPS61236238A JP S61236238 A JPS61236238 A JP S61236238A JP 60076418 A JP60076418 A JP 60076418A JP 7641885 A JP7641885 A JP 7641885A JP S61236238 A JPS61236238 A JP S61236238A
- Authority
- JP
- Japan
- Prior art keywords
- key
- exchange
- transferred
- terminal
- communication information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0827—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
Abstract
Description
【発明の詳細な説明】
〔発明の利用分野〕
本発明は、通信情報を保護する暗号通信における鍵転送
方法に関する。DETAILED DESCRIPTION OF THE INVENTION [Field of Application of the Invention] The present invention relates to a key transfer method in encrypted communication for protecting communication information.
暗号化を図る場合には、通信情報を暗号化する暗号鍵と
暗号文を復号する復号鍵の管理の重要となる。暗号化の
方式には、日経エレクトロニクス誌1982年10月1
j日号117〜155頁「コンピュータ犯罪に対する暗
号の有効性を探る」に詳述されているように、暗号鍵と
復号鍵とが同一である共通鍵暗号方式と、暗号鍵と復号
鍵とが異なる公開鍵暗号方式がある。When encrypting communication information, it is important to manage the encryption key for encrypting communication information and the decryption key for decoding ciphertext. The encryption method is described in Nikkei Electronics Magazine, October 1, 1982.
As detailed in ``Exploring the effectiveness of encryption against computer crimes'' on pages 117 to 155 of the Japanese issue, there are common key cryptosystems in which the encryption key and decryption key are the same, and symmetric key cryptography in which the encryption key and decryption key are There are different public key cryptosystems.
交換ネットワークの入口で暗号化し、出口で復号化する
ことで、ネットワーク内での通信情報の盗聴、改ざんを
防ぐ場合、呼毎に鍵を変える共通鍵暗号方式を用いるの
が安全上好ましい。しかし、共通鍵暗号方式では復号化
に必要な鍵を転送する必要があり、この鍵の保護が重要
な課題である。If communication information within the network is to be encrypted at the entrance and decrypted at the exit to prevent wiretapping and falsification of communication information within the network, it is preferable for safety to use a common key encryption method that changes the key for each call. However, with common key cryptography, it is necessary to transfer the key required for decryption, and protection of this key is an important issue.
鍵の転送方法には、通信情報と同様に通話路を介してイ
ンチャネルで転送する方法と、また、通信情報は通話路
で、鍵は共通線信号路を介してアドレス情報に含めて転
送する方法が考えられる。Key transfer methods include in-channel transfer via a communication path in the same way as communication information, and methods in which communication information is transferred via a communication path and keys are transferred as part of address information via a common line signal path. There are possible ways.
しかし、前者は、一本の通話路を観測することによシ暗
号化された通信情報と鍵の両方が得られるため、盗聴さ
れる危険性が高い。後者は、暗号化された通信情報と鍵
とが夫々側ルートで送られるので、盗聴は前者に較べて
よシ困難になると考えられる。しかるに、アドレス情報
がリンクバイリンクで転送される為、通信情報を中継す
る各交換機毎に暗号化された通信情報と鍵とが転送され
る。However, in the former case, both the encrypted communication information and the key can be obtained by observing a single communication path, so there is a high risk of eavesdropping. In the latter case, the encrypted communication information and the key are sent through respective routes, so eavesdropping is thought to be more difficult than in the former case. However, since the address information is transferred link-by-link, the encrypted communication information and key are transferred to each exchange that relays the communication information.
従って、各中継交換機での盗聴の機会が多くなってしま
うという不都合がある。Therefore, there is an inconvenience that there are many opportunities for eavesdropping at each relay exchange.
本発明の目的は、共通鍵暗号方式における鍵を通信網内
で安全に転送し、暗号化された通信情報の盗聴等を防ぐ
鍵転送方法を提供することにある。An object of the present invention is to provide a key transfer method that safely transfers a key in a common key cryptosystem within a communication network and prevents eavesdropping on encrypted communication information.
本発明では、暗号化された通信情報を通話路で転送し、
復号に必要な鍵を共通線信号路で転送することによシ、
メツセージと鍵の転送ルートを分離する。そして、発側
交換機と着側交換機間の通話パスをリンク・パイ・リン
クに設定し、該鍵はエンド・ツウ・エンドに着側交換機
に転送する。In the present invention, encrypted communication information is transferred over a communication path,
By transmitting the key necessary for decryption over a common signal path,
Separate message and key transfer routes. Then, the call path between the originating exchange and the destination exchange is set to link-to-link, and the key is transferred end-to-end to the destination exchange.
以下、本発明の一実施例を図面を参照して説明する。 Hereinafter, one embodiment of the present invention will be described with reference to the drawings.
図は、本発明方法の実施例を適用した通信システムの構
成図で、1,6.7は交換機、2.9 は暗夜号器群、
3,8は通話路スイッチ、4,10は中央制御装置5.
11は共通線信号装置、12は信号中継局、13.14
は端末、15〜17は共通線信号路、18.19は通話
路である。The figure is a block diagram of a communication system to which an embodiment of the method of the present invention is applied, in which 1 and 6.7 are exchanges, 2.9 is a group of night alarms,
3 and 8 are communication path switches, and 4 and 10 are central control units 5.
11 is a common line signaling device, 12 is a signal relay station, 13.14
is a terminal, 15 to 17 are common signal paths, and 18 and 19 are speech paths.
次に、交換機1と交換機7とが、交換機6を介して暗号
通信を行う例を説明する。Next, an example in which exchange 1 and exchange 7 perform encrypted communication via exchange 6 will be described.
暗夜号器群2及び暗夜号器群9は、複数の暗夜号器よシ
構成され、各暗夜号器は各端末の加入者線に対応して設
置されている。同図で、端末13は暗夜号器21と、端
末14は暗夜号器91と接続される。The night code device group 2 and the night code device group 9 are composed of a plurality of night code devices, and each night code device is installed corresponding to the subscriber line of each terminal. In the figure, the terminal 13 is connected to the night code machine 21, and the terminal 14 is connected to the night code machine 91.
交換機1に接続された端末13からの端末14への発呼
は、中央制御装置4により認知され、中央制御装置4の
指示によシ、暗夜号器21は独自に乱数的に共通鍵暗号
系の鍵を決定する。該鍵は中央制御装置4をはじめいづ
れからも読み出せない保護機能によシ保護されている。A call from a terminal 13 connected to the exchange 1 to a terminal 14 is recognized by the central control device 4, and according to instructions from the central control device 4, the cryptographic device 21 independently uses a common key encryption system using random numbers. Determine the key. The key is protected by a protection function that cannot be read by anyone including the central control unit 4.
本発呼に対して、中央制御装置4の指示により、通話路
スイッチ3のパスが設定されて通話路18と暗夜号器2
1が接続され、通話路18の番号。In response to this call, the path of the communication path switch 3 is set according to the instructions from the central control device 4, and the path of the communication path 18 and the cipher 2 are set.
1 is connected and the number of call path 18.
自アドレス、端末13の番号及び端末140番号を持つ
アドレス情報が共通線信号装置5、共通線信号路15、
信号中継局12、共通線信号路16を介して交換機6へ
転送される。交換機6では通話路18と通話路19との
通話パスが設定され、通話路19の番号、交換機1のア
ドレス、端末130番号及び端末14の番号を持つアド
レス情報が共通線信号路16、信号中継局12、共通線
信号路17を介して交換機7へ転送される。Address information including the own address, the number of the terminal 13, and the number of the terminal 140 is transmitted to the common line signal device 5, the common line signal path 15,
The signal is transferred to the exchange 6 via the signal relay station 12 and the common line signal path 16. In the exchange 6, a call path between the call path 18 and the call path 19 is set, and address information including the number of the call path 19, the address of the exchange 1, the terminal 130 number, and the number of the terminal 14 is transferred to the common line signal path 16 and the signal relay. It is transferred to the exchange 7 via the station 12 and the common line signal path 17.
アドレス情報を共通線信号装置11を介して受信した中
央制御装置ji1oは、通話路スイッチ4のパスを設定
して通話路19と暗夜号器91を接続し暗夜号器′21
で設定した鍵を得るために、該アドレス情報の交換機1
のアドレスによシ、交換機1に対して自アドレスと端末
15の番号を付した鍵転送要求を共通線信号装置11を
介して共通線信号路17に転送する。この鍵転送要求は
、信号中継局12、共通線信号路15を介して交換機1
に転送される。The central control unit ji1o, which has received the address information via the common line signaling device 11, sets a path for the communication path switch 4, connects the communication path 19 and the dark signal device 91, and connects the communication path 19 to the dark signal device 91.
In order to obtain the key set in , the address information exchanger 1
A key transfer request with the own address and the number of the terminal 15 attached to the exchange 1 is transferred to the common line signal path 17 via the common line signal device 11. This key transfer request is sent to the exchange 1 via the signal relay station 12 and the common line signal path 15.
will be forwarded to.
鍵転送要求を受けた共通線信号装置5は、受信した端末
16の番号よシ暗復号器21から先に決定された鍵を取
シ出し、端末13の番号で中央処理装置4より端末14
0番号を得、着信した交換機7宛に、鍵と端末14の番
号とを、共通線信号路15に転送する。鍵と端末14の
番号とは、信号中継局12、共通線信号路17を介して
交換機7へ転送される。鍵を受けた共通線信号装置17
は、受信した端末14の番号によシ暗復号器91に鍵を
設定する。暗夜号器91に設定された鍵は、中央処理装
置10をはじめいづれからも読み出せない保護機能によ
り保護されている。Upon receiving the key transfer request, the common line signaling device 5 retrieves the previously determined key from the encryptor/decoder 21 using the received number of the terminal 16, and transfers the key from the central processing unit 4 to the terminal 14 using the number of the terminal 13.
0 number is obtained, and the key and the number of the terminal 14 are transferred to the common line signal path 15 to the exchange 7 that received the call. The key and the number of the terminal 14 are transferred to the exchange 7 via the signal relay station 12 and the common line signal path 17. Common line signaling device 17 that received the key
sets a key in the encryptor/decryptor 91 based on the received number of the terminal 14. The key set in the secret code device 91 is protected by a protection function that prevents it from being read by anyone including the central processing unit 10.
このように通信路がリンクバイリンクに設定され、鍵が
エンドツーエンドに転送された以後、端末13からの通
信情報は、暗夜号器21により鍵で暗号化され、通話路
スイッチ3、通話路18、交換機6、通話路19を介し
て交換機7へ転送される。暗号化された通信情報は、通
話路スイッチ8を経由して暗夜号器91で鍵により復号
化されて端末14へ転送される。また、端末14がら発
せられた通信情報は暗夜号器9jで鍵により暗号化され
て交換機1へ転送され、暗夜号器21で鍵により復号化
されて端末13へ転送される。After the communication path is set link-by-link and the key is transferred end-to-end, the communication information from the terminal 13 is encrypted with the key by the encryptor 21, and then sent to the communication path switch 3. 18, exchange 6, and is transferred to exchange 7 via communication path 19. The encrypted communication information is decrypted using a key by an encryptor 91 via the communication path switch 8 and transferred to the terminal 14. Further, communication information issued from the terminal 14 is encrypted with a key in the encryptor 9j and transferred to the exchange 1, decrypted with the key in the encryptor 21, and transferred to the terminal 13.
本実施例では、交換機1と交換機7の間に1台の交換機
6を設けた例を示したが、その間に複数の交換機が介在
しても良い。また、加入者線に対応して暗夜号器を設け
たが、加入者の指定などにより選択的に暗夜号器と接続
する機能を設けても良い。さらに、本実施例では鍵を暗
号化せずに転送したが、公開鍵により暗号化された鍵を
転送しても良い。また、端末13からのメツセージを暗
号化する鍵と、端末14からのメツセージを暗号化する
鍵を同一のものとしたが、実施例と同様な方法によシ交
換機7と交換機1との間で別の鍵を決定して暗号化、復
号化を行っても良い。Although this embodiment shows an example in which one exchange 6 is provided between the exchange 1 and the exchange 7, a plurality of exchanges may be interposed between them. Further, although a night code device is provided corresponding to the subscriber line, a function may be provided to selectively connect to the night code device according to a subscriber's designation. Further, in this embodiment, the key is transferred without being encrypted, but a key encrypted using a public key may be transferred. In addition, the key for encrypting the message from terminal 13 and the key for encrypting the message from terminal 14 were made the same, but the same key was used to encrypt the message from terminal 13, but the same key was used to encrypt the message from exchange 7 and exchange 1 using the same method as in the embodiment. Encryption and decryption may be performed by determining another key.
本発明によれば、通信情報の経路(通話路)と鍵の経路
(信号路)が異なるため、盗聴を行うには全く異なる場
所の通話路と信号路を観測する必要があシ盗聴が困難に
なる。また、鍵は発側交換機と着側交換機との間でエン
ド・ツウ・エンドに転送されるので、両交換機間に介在
する複数の交換機および伝送路での盗聴は不可能であシ
、また、両交換機での鍵の処理は共通線信号装置と暗夜
号器がハード的に行い中央処理装置を介在しないため、
両交換機での盗聴も不可能となシ、両交換機を含めた交
換ネットワーク内での盗聴を防ぐことができる効果があ
る。According to the present invention, since the communication information route (call route) and the key route (signal route) are different, eavesdropping requires observing the call route and signal route at completely different locations, making wiretapping difficult. become. In addition, since the key is transferred end-to-end between the originating exchange and the destination exchange, wiretapping is impossible at the multiple exchanges and transmission lines intervening between the two exchanges. The key processing in both exchanges is done by hardware by the common line signal device and the cipher device, and there is no central processing device involved.
Eavesdropping on both exchanges is also impossible, which has the effect of preventing eavesdropping within the exchange network including both exchanges.
図は、本発明方法の一例を実施した通信システムの構成
図である。
1゜6.7・・・・・・交換機
2.9 ・・・・・・暗夜号器群
3.8 ・・・・・・通話路スイッチ
4.10 ・・・・・・中央制御装置
5.11 ・・・・・・共通線信号装置12 ・・・
・・・信号中継局
13.14・・・・・・端末The figure is a configuration diagram of a communication system that implements an example of the method of the present invention. 1゜6.7... Exchange 2.9... Black code group 3.8... Call path switch 4.10... Central control unit 5 .11...Common line signal device 12...
...Signal relay station 13.14...Terminal
Claims (1)
号化して送信し、着側交換機で暗号化された通信情報を
受信して復号化する通信システムにおいて、前記暗号化
した通信情報を通信路を介して発側交換機から着側交換
機までリンクバイリンクに転送し、前記鍵を共通線信号
路を介して発側交換機から着側交換機までエンドツーエ
ンドに転送することを特徴とする鍵転送方法。1. In a communication system in which the originating exchange encrypts and transmits communication information using a common encryption key, and the destination exchange receives and decrypts the encrypted communication information, the encrypted communication information is transmitted. The key transfer is characterized in that the key is transferred link-by-link from an originating exchange to a destination exchange via a common line signal path, and the key is transferred end-to-end from the originating exchange to the destination exchange via a common line signal path. Method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP60076418A JPS61236238A (en) | 1985-04-12 | 1985-04-12 | Method for transferring key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP60076418A JPS61236238A (en) | 1985-04-12 | 1985-04-12 | Method for transferring key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JPS61236238A true JPS61236238A (en) | 1986-10-21 |
Family
ID=13604649
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP60076418A Pending JPS61236238A (en) | 1985-04-12 | 1985-04-12 | Method for transferring key |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPS61236238A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003076273A (en) * | 2001-09-03 | 2003-03-14 | Fumio Masutomi | Security enhancing method using magic square sequence |
-
1985
- 1985-04-12 JP JP60076418A patent/JPS61236238A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003076273A (en) * | 2001-09-03 | 2003-03-14 | Fumio Masutomi | Security enhancing method using magic square sequence |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP3080382B2 (en) | Cryptographic communication system | |
| EP1161806B1 (en) | Key management for telephone calls to protect signaling and call packets between cta's | |
| US6289451B1 (en) | System and method for efficiently implementing an authenticated communications channel that facilitates tamper detection | |
| JPH05227152A (en) | Method and device for establishing privacy communication link | |
| JP2001517020A (en) | Security measures for telecommunication network transmission | |
| JPH04154233A (en) | Communication concealing method | |
| JP2862141B2 (en) | Identification number-based key management device using conventional encryption | |
| JPH05130241A (en) | Communication network for privacy transmission | |
| JPH1168730A (en) | Encryption gateway device | |
| US20020116606A1 (en) | Encryption and decryption system for multiple node network | |
| CN101282250B (en) | Method, system and network equipment for snooping safety conversation | |
| JPS61236238A (en) | Method for transferring key | |
| JPS6188363A (en) | Message preservation/transfer method and apparatus using updated term code | |
| JPH07336328A (en) | Cipher device | |
| JPH06209313A (en) | Method and device for security protection | |
| US20010010721A1 (en) | Common key generating method, common key generating apparatus, encryption method, cryptographic communication method and cryptographic communication system | |
| JPS63155930A (en) | Enciphered data communication system | |
| AU2021104202A4 (en) | Intelligent secure private key sharing framework for advanced communication using asymmetric cryptography and blockchain | |
| JPS6181043A (en) | Cipher processing system of packet communication | |
| JP2000222315A (en) | Server client type security system | |
| JPS61114633A (en) | Multiple address communication system | |
| JPS59154849A (en) | Simple ciphering device in packet exchange network | |
| JP3057724B2 (en) | Encryption device | |
| JPH0671259B2 (en) | Key sharing method | |
| JPH06105935B2 (en) | Telephone exchange system |