WO2017073389A1 - Communication system and communication method - Google Patents

Communication system and communication method Download PDF

Info

Publication number
WO2017073389A1
WO2017073389A1 PCT/JP2016/080681 JP2016080681W WO2017073389A1 WO 2017073389 A1 WO2017073389 A1 WO 2017073389A1 JP 2016080681 W JP2016080681 W JP 2016080681W WO 2017073389 A1 WO2017073389 A1 WO 2017073389A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
communication
algorithm
signature
key information
Prior art date
Application number
PCT/JP2016/080681
Other languages
French (fr)
Japanese (ja)
Inventor
友洋 水谷
Original Assignee
株式会社オートネットワーク技術研究所
住友電装株式会社
住友電気工業株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社オートネットワーク技術研究所, 住友電装株式会社, 住友電気工業株式会社 filed Critical 株式会社オートネットワーク技術研究所
Publication of WO2017073389A1 publication Critical patent/WO2017073389A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a communication system that shares information that should be kept secret between communication apparatuses, and relates to a communication system and a communication method that can realize safe communication with a small amount of communication and a large amount of computation.
  • Patent Document 1 Various encryption schemes have been proposed and used for transmitting and receiving information so that the contents are not known to third parties.
  • a typical encryption method is a public key encryption method.
  • the public key cryptosystem information on asymmetric keys such as a secret key and a public key is used, and a public key corresponding to the secret key is transmitted from the receiver side having the secret key to the sender.
  • the sender side encrypts and transmits the information shared using the public key, and the receiver decrypts the information encrypted with the corresponding private key. Since decryption is impossible with a public key and it is difficult to derive a secret key from a public key, information can be transmitted and received in a secret state even if the public key is known to a third party.
  • Diffie-Hellman key sharing is used in common key cryptography different from public key cryptography to share key information as secret information.
  • the sender and receiver calculate values that can be disclosed separately using secret information separately from each other, exchange the calculated values with each other, and exchange the calculated values with their own values.
  • an equal value secret key
  • the sender and the receiver can share the same information (secret key) without being known to the third party.
  • the present invention has been made in view of such circumstances, and an object thereof is to provide a communication system and a communication method capable of realizing safe communication with a small communication amount.
  • a communication system is a communication system that transmits and receives information between a transmission device and a reception device, wherein the transmission device includes a transmission-side storage unit that stores predetermined key information in advance, and an arbitrary The data and the predetermined key information as inputs, a transmission side calculation unit that calculates based on a first algorithm that uniquely outputs a plurality of sets of information, and the set output by the data and the transmission side calculation unit A receiving unit that stores in advance the corresponding key information uniquely corresponding to the predetermined key information.
  • the storage unit, the receiving unit that receives the data and the predetermined information transmitted by the transmitting unit, the data received by the receiving unit, the predetermined information, and the corresponding key information are input.
  • a receiving-side calculating unit for calculating on the basis of the second algorithm for outputting other information in the plurality of information included on the output said set based on Gorizumu.
  • a communication method is a communication method in which information is transmitted and received between a transmission device and a reception device.
  • the transmission device stores predetermined key information in advance, and stores arbitrary data and the predetermined information.
  • the key information is input based on a first algorithm that uniquely outputs a plurality of sets of information, and the data and predetermined information included in the sets output by the calculation are received.
  • the reception device stores in advance corresponding key information uniquely corresponding to the predetermined key information, and receives and receives the data and the predetermined information transmitted by the transmission unit.
  • a second algorithm that receives the data, the predetermined information, and the corresponding key information as input, and outputs other information of the plurality of pieces of information included in the set output based on the first algorithm Based computed.
  • the present application can be realized not only as a communication system and a communication method including such characteristic components, but also in a computer that performs a transmission device, a reception device, and such characteristic steps included in the communication system.
  • Each can be realized as a program to be executed.
  • it can be realized as a transmission device and a reception device included in the communication system, or a semiconductor integrated circuit that realizes part or all of the communication method described above, or as another system including the communication system. is there.
  • the same information is disclosed so that it is not known to a third party by a single transmission process of transmitting data and predetermined information without performing bidirectional communication between the transmission device and the reception device. Can be derived and shared. Thereby, a safe communication can be realized with a small communication amount and a calculation amount.
  • FIG. 1 is a block diagram showing a configuration of a communication system in a first embodiment.
  • 3 is a flowchart illustrating an example of a processing procedure performed between communication devices in the communication system according to the first embodiment.
  • 6 is a sequence diagram illustrating an example of a procedure of communication processing executed by the communication device according to Embodiment 1.
  • FIG. It is a sequence diagram which shows the procedure in the conventional secret sharing method (Diffie-Hellman key sharing).
  • 6 is a flowchart illustrating an example of an authentication processing procedure using the communication method according to the first embodiment.
  • 6 is a block diagram showing a configuration of a communication system in a second embodiment.
  • FIG. 6 is an explanatory diagram illustrating an outline of a communication method performed in the communication system according to Embodiment 2.
  • FIG. It is explanatory drawing which shows the outline
  • FIG. 10 is a block diagram illustrating a configuration of a communication system in a third embodiment.
  • a communication system is a communication system in which information is transmitted and received between a transmission device and a reception device, wherein the transmission device stores predetermined key information in advance.
  • a transmitting unit that transmits predetermined information of the plurality of pieces of information included in the set to the receiving device, wherein the receiving device stores in advance corresponding key information uniquely corresponding to the predetermined key information.
  • the receiving side storage unit the receiving unit that receives the data and the predetermined information transmitted by the transmitting unit, the data received by the receiving unit and the predetermined information, and the corresponding key information as inputs, And a receiving-side operation unit calculating for on the basis of the second algorithm for outputting other information in the plurality of information included on the output said set based on 1 algorithm.
  • the first and second algorithms are used to calculate a predetermined plurality of sets of information based on the data and the corresponding key information.
  • the first and second algorithms are used to calculate a predetermined plurality of sets of information based on the data and the corresponding key information.
  • a communication system includes a plurality of the reception devices, and the transmission device stores different key information corresponding to each of the plurality of reception devices in the transmission-side storage unit.
  • the receiving device stores corresponding key information corresponding to each of the different key information in the receiving-side storage unit in advance.
  • a combination of key information and corresponding key information is set for each pair of the transmitting device and any one of the plurality of receiving devices. And by storing in a secret state in advance on the receiving device side, the same information can be derived so that each receiving device does not know each other.
  • the predetermined key information is a signature key
  • the corresponding key information is a verification key
  • the first algorithm is a signature generation algorithm that outputs a signature and a comparison signature
  • the second algorithm is a signature verification algorithm that outputs the comparison signature based on the verification key and the signature
  • the transmission unit transmits the signature output by the data and the signature generation algorithm. It is.
  • a signature verification algorithm that verifies the signature by decrypting the encrypted information on the receiving side and verifying whether or not it matches the original information is employed, which is less than the key encryption method. It becomes possible to perform data communication safely with a communication amount and a calculation amount.
  • a communication method is a communication method in which information is transmitted and received between a transmission device and a reception device.
  • the transmission device stores predetermined key information in advance and stores arbitrary data. And the predetermined key information as an input, calculation based on a first algorithm that uniquely outputs a plurality of sets of information, and predetermined information among a plurality of information included in the set output by the data and calculation
  • the receiving device stores in advance corresponding key information uniquely corresponding to the predetermined key information, and receives the data and the predetermined information transmitted by the transmitting unit.
  • a second algorithm that receives the received data, the predetermined information, and the corresponding key information as input, and outputs other information of the plurality of pieces of information included in the set output based on the first algorithm. Calculating on the basis of the rhythm.
  • each of the transmission devices includes a calculation unit that calculates a predetermined plurality of sets of information based on data and corresponding key information by the first and second algorithms.
  • the receiving device can derive other information included in the set. If the corresponding key information can be held in a secret state in advance, even if the data and the predetermined information are disclosed to a third party, that is, sent to a communication medium, the same information is known to the third party. It can be derived without being done.
  • FIG. 1 is an explanatory diagram showing the concept of sharing secret information in the present invention.
  • the information used on the sender side is shown on the left side in FIG. 1, and the information used on the receiver side is shown on the right side in FIG.
  • an algorithm P is used in which a predetermined plurality of sets of information ( ⁇ , ⁇ ,...) Are uniquely derived from key information (Key X) and plaintext ( ⁇ ).
  • Key Y key information
  • Key X plaintext
  • plaintext
  • a signature-dedicated algorithm is used as an algorithm for uniquely deriving a plurality of verification information sets ( ⁇ , ⁇ ) from paired key information (Key X, Y) and plaintext ( ⁇ ).
  • the algorithm is not limited to a signature-only algorithm.
  • a verification value (of a set of information ( ⁇ , ⁇ )) derived from a plaintext ( ⁇ ) and a key (Key X, Y) prepared in advance by a signature-dedicated algorithm ( Focusing on the fact that ⁇ ) can be re-derived (verifiable) based on the plaintext ( ⁇ ) and the key corresponding to the key (Key Y) and the predetermined information ( ⁇ ) in the signature, This ( ⁇ ) is to be shared. This will be specifically described below with reference to Embodiments 1 to 3.
  • FIG. 2 is a block diagram showing a configuration of the communication system in the first embodiment.
  • the communication system is an in-vehicle network and includes a communication device 1 and a communication device 2.
  • Each of the communication devices 1 and 2 is an ECU (Electronic Controller Unit), and the communication devices 1 and 2 are connected by a communication bus 3.
  • the communication devices 1 and 2 communicate with each other based on, for example, CAN (Controller Area Network).
  • the communication device 1 includes a control unit 10, a storage unit 11, a communication unit 12, a random number generation unit 13, a hash calculation unit 14, and an algorithm calculation 15.
  • the control unit 10 is a microcontroller using, for example, one or a plurality of CPUs (Central Processing Unit) or a multi-core CPU, and having a ROM (Read Only Memory), a RAM (Random Access Memory), an input / output interface, a timer, and the like.
  • the CPU of the control unit 10 is connected to the storage unit 11, the communication unit 12, the random number calculation unit 13, the hash calculation unit 14, and the algorithm calculation unit 15 via an input / output interface.
  • the control unit 10 controls the operation of each component unit by executing a built-in control program stored in a built-in ROM.
  • the storage unit 11 uses a flash memory.
  • the storage unit 11 stores information that the control unit 10 refers to during processing.
  • signature key information 1K is stored in advance in a secret state.
  • the timing at which the signature key information 1K is stored is a specific timing such as when the communication apparatus 1 itself is assembled, when a test is performed after the communication system including the communication apparatus 1 is constructed, and when a vehicle is inspected.
  • the signature key information 1K may be stored separately using a technique such as encryption so that it can be securely stored in a secret state at a specific timing.
  • the storage unit 11 stores a password for authentication of the communication device 2 in advance.
  • the communication unit 12 implements communication with the communication device 2 via the communication bus 3 using a transceiver.
  • the communication unit 12 transmits information instructed from the control unit 10 to the communication device 2 by the function of the communication controller included in the control unit 10, detects and receives information sent to the communication bus 3, and receives the control unit 10 is output.
  • the random number calculation unit 13 is an integrated circuit that inputs seeds to generate and output random numbers.
  • the control unit 10 can use the time information obtained from a timer as a seed and give it to the random number calculation unit 13 to obtain a random number.
  • the hash calculation unit 14 is an integrated circuit that inputs numerical information, performs a hash function calculation, and outputs a hash value.
  • the control unit 10 can obtain a hash value by giving the random number obtained from the random number calculation unit 13 to the hash calculation unit 14.
  • the algorithm calculation unit 15 is an integrated circuit that executes a signature verification algorithm by an ECDSA (Elliptic Curve Digital Signature Algorithm) signature scheme.
  • the algorithm calculation unit 15 inputs arbitrary data (hash value) and signature key information 1K, and outputs a signature (r, s).
  • the communication device 2 Since the communication device 2 includes the same components as the communication device 1, the corresponding reference numerals are assigned and detailed description is omitted. However, the communication device 2 stores verification key information 2K corresponding to the signature key information 1K of the communication device 1 in the storage unit 21 in advance. Verification key information 2K is also stored in a secret state in advance. The timing at which the verification key information 2K is stored is the same as the timing at which the signature key information 1K is stored in the storage unit 11 of the communication device 1. The verification key information 2K may also be stored separately using a technique such as encryption so that it can be securely stored in a secret state. The storage unit 21 stores an authentication password.
  • the algorithm calculation unit 25 of the communication device 2 is an integrated circuit that executes a calculation corresponding to the calculation of the algorithm calculation unit 15 of the communication device 1.
  • the algorithm calculation unit 25 receives the signature r when the data input to the algorithm calculation unit 15, the signature s of the signature (r, s) output by the data, and the verification key information 2K of the storage unit 21 are input. Output.
  • FIG. 3 is a flowchart illustrating an example of a procedure of communication processing executed by the communication devices 1 and 2 according to the first embodiment.
  • the control unit 10 of the communication device 1 generates a random number by the random number calculation unit 13 using the time information as a seed to start sharing of secret information (step S11), and the hash value calculation unit 14 based on the obtained random number Is acquired (step S12).
  • the control unit 10 gives the acquired hash value and signature key information 1K to the algorithm calculation unit 15 to acquire the signature (r, s) (step S13).
  • the control unit 10 stores the signature r in the acquired signature (r, s) in the storage unit 11 (step S14), and transmits the other signature s and the hash value acquired in step S12 to the communication device 2 ( Step S15).
  • the control unit 20 of the communication apparatus 2 receives the signature s and the hash value by the communication unit 22 (step S21), and gives the received signature s, hash value, and verification key information 2K to the algorithm calculation unit 25 to obtain the signature r. Derived and acquired (step S22). The control unit 20 stores the acquired signature r in the storage unit 21 (step S23) and ends the process.
  • the signature r having the same contents is stored in the storage unit 11 of the communication device 1 and the storage unit 21 of the communication device 2 without transmitting / receiving the encrypted signature r. In this way, secret information can be shared from the communication device 1 to the communication device 2 by a single transmission process.
  • FIG. 4 is a sequence diagram showing the procedure of the communication method in the first embodiment described above.
  • FIG. 5 is a sequence diagram showing a procedure in a conventional secret sharing method (Diffie-Hellman key sharing).
  • the exchange between the communication device 1 and the communication device 2 for sharing information (signature r) is performed from the communication device 1 side by the signature s and the hash. It is completed in one transmission of value (S15).
  • the conventional secret sharing method requires exchange of values that can be disclosed to each other between the transmission device and the reception device. In this way, it is possible to share information in a secret state with a small amount of communication (number of times).
  • the signature (r, s) output by the algorithm calculation unit 15 is numerical information output based on ECDSA, and there is a condition on the information obtained. Therefore, the secret information can be shared with the signature r by the above-described method.
  • numerical information that is meaningless but serves as a key to be concealed for example, a hash calculation seed is preferable.
  • the signature r can be used as a seed for the hash calculation. It is.
  • FIG. 6 is a flowchart illustrating an example of an authentication processing procedure using the communication method according to the first embodiment.
  • the same procedures as those shown in the flowchart of FIG. 3 are denoted by the same reference numerals, and detailed description thereof is omitted.
  • the control unit 20 of the communication device 2 that is the client transmits an authentication request from the communication unit 22 to the communication device 1 that is the server (step S201).
  • the communication unit 12 of the communication device 1 receives the request for authentication (step S101), generates a random number by the random number calculation unit 13 using the time information of the received time as a seed (S11), and acquires a hash value (S12). Subsequently, the control unit 10 acquires the signature (r, s) from the algorithm calculation unit 15 (S13), stores the signature r in the storage unit 11 (S14), and communicates the signature s and the hash value as a response to the request. It transmits to the apparatus 2 (S15).
  • the control unit 20 of the communication device 2 receives the signature s and the hash value by the communication unit 22 (S21), and derives and acquires the signature r (S22).
  • the control unit 20 stores the acquired signature r in the storage unit 21 (S23), and the hash calculation unit 24 calculates and acquires the password hash value stored in the storage unit 21 using the signature r as a seed (step S23). S24).
  • the control unit 20 transmits the hash value obtained in step S24 to the communication device 1 that is a server (step S25).
  • the control unit 10 of the communication device 1 as a server obtains the hash value of the authentication password of the communication device 2 stored in the storage unit 11 by using the stored signature r as a seed by the hash calculation unit 14. (Step S16). And the control part 10 receives the hash value transmitted from the communication apparatus 2 by the communication part 12 (step S17), and authenticates by comparing the hash value acquired by step S16, and the hash value received by step S17. Is executed (step S18). If the comparison results in step S18 match, authentication is successful, and if they do not match, authentication fails. The control unit 10 returns an authentication result (step S19), receives this on the communication device 2 side (step S26), and ends the authentication process.
  • the authentication process it is possible to securely share a secret seed with a small amount of communication and execute authentication safely.
  • the amount of information can be reduced by using an algorithm of the ECDSA signature method.
  • an embedded processor such as the above-described ECU is used, it is possible to reduce the processing load and save the storage capacity. Further, the above-described method has high resistance against man-in-the-middle attacks.
  • the algorithm calculation units 15 and 25 are configured to use the ECDSA signature method, but may use DSA or RSA encryption. Further, the algorithm calculation units 15 and 25 may perform the calculation by a new method that substitutes for these signature algorithms. That is, the algorithm calculation unit 15 outputs a plurality of sets of information when key information and arbitrary data are input, and outputs other information of the set when a corresponding calculation is performed using the output numerical information as input. Any other method may be used as long as it is an algorithm.
  • the algorithm calculation unit 25 is paired with the numerical information when the input data, the numerical information output by the algorithm calculation unit 15 and the corresponding key information are input corresponding to the algorithm calculation unit 15. Other numerical information may be output.
  • FIG. 7 is a block diagram showing a configuration of a communication system in the second embodiment.
  • the communication system in the second embodiment includes a communication device 1 and communication devices 2a, 2b, and 2c.
  • the communication device 1 and the communication devices 2a, 2b, and 2c are all ECUs and are connected by a communication bus 3.
  • the details of the internal configuration of the communication device 1 are the same as those of the communication device 1 according to the first embodiment except for the information stored in the storage unit 11.
  • the details of the internal configuration of the communication devices 2a, 2b, and 2c are the same as those in the second embodiment except for the information stored in each storage unit 21. Therefore, the same reference numerals are given to configurations common to the first embodiment, and detailed description thereof is omitted.
  • the storage unit 11 of the communication device 1 stores a plurality of signature key information 1Ka, 1Kb, and 1Kc in advance.
  • the signature key information 1Ka is key information for sharing secret information with the communication device 2a
  • the signature key information 1Kb is key information for sharing secret information with the communication device 2b
  • the signature key information 1Kc is key information for sharing secret information with the communication device 2c.
  • the storage unit 21 of the communication device 2a stores in advance verification key information 2Ka corresponding to the signature key information 1Ka.
  • the storage unit 21 of the communication device 2b stores verification key information 2Kb corresponding to the signature key information 1Kb in advance.
  • the storage unit 21 of the communication device 2c stores verification key information 2Kc corresponding to the signature key information 1Kc in advance.
  • the communication process between the communication apparatus 1 and the communication apparatus 2a, the communication process between the communication apparatus 1 and the communication apparatus 2b, and the communication process between the communication apparatus 1 and the communication apparatus 2c are each in the first embodiment.
  • the same procedure (FIG. 3) as the communication process between the communication device 1 and the communication device 2 is performed.
  • FIG. 8 is an explanatory diagram showing an outline of a communication method performed in the communication system according to the second embodiment.
  • FIG. 8 shows the correspondence between the key information held in each communication device 1, 2a, 2b, 2c and the flow of information transmitted and received.
  • the control unit 10 of the communication device 1 is for the communication device 2a among the plurality of signature key information 1Ka, 1Kb, 1Kc.
  • the signature (r, s) is acquired by the algorithm calculation unit 15 using the signature key information 1Ka.
  • the control unit 10 of the communication device 1 sends the data (hash value) and the signature s input when acquiring the signature (r, s) from the communication unit 12 to the communication bus 3.
  • the transmitted data (hash value) and signature s can be received by the communication units 22 of all the communication devices 2a, 2b, 2c connected to the communication bus 3. However, only the communication device 2a that operates using the verification key information 2Ka corresponding to the signature key information 1Ka used to output the data and the signature s acquires the signature r by the algorithm operation unit 25, and the communication device 1 and the secret key information 1Ka are secret. Information (information r) can be shared. The communication devices 2b and 2c can also receive the data based on the signature key information 1Ka and the signature s. However, since the corresponding verification key information 2Ka is not owned, obtaining the common signature r with the communication device 1 is not possible. Can not.
  • the communication process between the communication apparatus 1 and the communication apparatus 2b and the communication process between the communication apparatus 1 and the communication apparatus 2c are the same.
  • arbitrary data (hash value) and signature (r, s) are transmitted from the communication device 1 on the transmission side to the other communication devices 2a, 2b, and 2c on the reception side. Send the signature s.
  • secret information can be shared for each set of the communication device 1 and each of the plurality of communication devices 2a, 2b, and 2c.
  • the signature key information 1Ka, 1Kb, 1Kc stored in the storage unit 11 of the communication device 1 and the verification key information 2Ka, 2Kb, 2Kc stored in each storage unit 21 of the communication devices 2a, 2b, 2c are stored.
  • Various timings can be considered for the storage.
  • the timing at which the communication devices 1, 2 a, 2 b, and 2 c are individually assembled may be the timing at which which communication device is to be communicated when the communication system is constructed.
  • the communication system according to the present invention is applied to communication between ECUs in an in-vehicle network, for example.
  • the present invention is not limited to this, and may be applied to communication between various electronic devices or devices including HMI (Human Machine Interface), PLC (Programmable Logic Controller), controller, maintenance jig, etc. in industrial equipment networks. It is.
  • secret information (signature r) is shared at the same timing between one transmission-side communication device and one or more reception-side communication devices.
  • secret information by obtaining secret information through a certain procedure or process, information different from the value (signature r) shared in the communication of the present invention is shared between specific devices.
  • FIG. 9 is an explanatory diagram showing an outline of a communication method implemented in the modified example.
  • the communication device 2 stores the same verification key information 2Ka, in addition to the communication device 2a that stores only the verification key information 2Ka, “processing 2”
  • the communication apparatus 1 on the transmission side knows “processing 1”.
  • “Processing 1” and “Processing 2” are specific calculation procedures or algorithms, and are stored in each storage unit 21 in advance without being otherwise known between devices that share information.
  • the communication device 1 can acquire not only the signature r as secret information by the signature key information 1Ka but also “information r1” by the process “processing 1” for “information r”. .
  • the communication device 2a can acquire “information r” from the verification key information 2Ka corresponding to the signature key information 1Ka, the data transmitted from the communication device 1, and the information s.
  • the communication devices 2b and 2c do not store the verification key information 2Ka corresponding to the signature key information 1Ka, the same “information r” as that of the communication device 2a is transmitted by the data and information s transmitted from the communication device 1. Can not get.
  • the communication device 2e and the communication device 2g not only can acquire “information r” based on the verification key information 2Ka, but also acquire “information r1” by processing “processing 1” for “information r”. be able to. Accordingly, the communication device 2e and the communication device 2g can share “information r1” that cannot be known to the communication devices 2a, 2b, 2c, 2d, and 2f with the communication device 1.
  • the communication device 2d, the communication device 2f, and the communication device 2g can not only acquire “information r” common to the communication device 1 and the communication device 2a based on the verification key information 2Ka, but also “ “Information r2” can be acquired by the processing of “Process 2”.
  • the communication device 2d, the communication device 2f, and the communication device 2g can share “information r2” that cannot be known to the communication devices 2a, 2b, 2c, and 2e, and the communication device 1 that is a transmission device.
  • the present invention can also be applied between communication devices such as a PC (Personal Computer) and a server computer that communicate with each other via a public communication network such as the Internet, and is one-to-one or one-to-multiple secret information. It is possible to apply to communication sharing.
  • communication devices such as a PC (Personal Computer) and a server computer that communicate with each other via a public communication network such as the Internet, and is one-to-one or one-to-multiple secret information. It is possible to apply to communication sharing.
  • Embodiment 3 shows an example in which the present invention is applied to a server client system.
  • FIG. 10 is a block diagram showing a configuration of a communication system in the third embodiment.
  • the communication system in the third embodiment includes a central device 4 and a terminal device 5.
  • the central device 4 is a server computer
  • the terminal device 5 is a PC. Communication between the central device 4 and the terminal device 5 is possible via a network N which is a public communication network such as the Internet.
  • the central device 4 includes a control unit 40, a storage unit 41, a temporary storage unit 42, and a communication unit 43.
  • the control unit 40 uses a CPU.
  • the control unit 40 reads and executes the algorithm P program 411 stored in the storage unit 41, thereby causing the general-purpose server computer to function as the transmission device in the present invention.
  • the temporary storage unit 42 uses a RAM such as a DRAM and temporarily stores information generated by the processing of the control unit 40.
  • the storage unit 41 uses a nonvolatile memory such as a hard disk or a flash memory, and stores the algorithm P program 411 and the signature key information 4K in advance.
  • the algorithm P program 411 is a program that realizes an operation based on the algorithm P shown in FIG. 1, that is, the signature verification algorithm based on the ECDSA signature scheme.
  • the communication unit 43 implements communication with the terminal device 5 via the network N using a network card.
  • the communication realized by the communication unit 45 may be either wired communication or wireless communication.
  • the terminal device 5 includes a control unit 50, a storage unit 51, a temporary storage unit 52, and a communication unit 53.
  • the control unit 50 uses a CPU.
  • the control unit 50 reads and executes the algorithm Q program 511 stored in the storage unit 51, thereby causing the general-purpose PC to function as the receiving device in the present invention.
  • the temporary storage unit 52 uses a RAM such as a DRAM and temporarily stores information generated by the processing of the control unit 50.
  • the storage unit 51 uses a non-volatile storage medium such as a hard disk or a flash memory, and stores the algorithm Q program 511 and the verification key information 5K corresponding to the signature key information 4K.
  • the algorithm Q program 511 is a program that realizes an operation corresponding to an operation based on the algorithm P program 411 in the central apparatus 4.
  • the communication unit 53 realizes communication with the central device 4 via the network N using a network card.
  • the communication realized by the communication unit 53 may be either wired communication or wireless communication.
  • the process for sharing secret information (signature r) using the signature key information 4K and the verification key information 5K performed between the central device 4 and the terminal device 5 is performed in the embodiment. 1 is the same as the processing content (FIG. 3) performed between the communication device 1 and the communication device 2 in FIG. Therefore, detailed description is omitted.
  • the second embodiment and the modification can be applied to the processing between the central device 4 and the terminal device 5 shown in the third embodiment.
  • the communication system according to the present invention can be applied to a server client system using a PC and a server computer. Further, as shown in the third embodiment, it can also be realized by processing based on software.
  • Communication device 11 Storage unit (transmission side storage unit) 12 Communication unit (transmission unit) 15 Algorithm computation unit (transmission side computation unit) 1K, 1Ka, 1Kb, 1Kc Signature key information (predetermined key information) 2, 2a, 2b, 2c Communication device (receiving device) 21 storage unit (reception side storage unit) 22 Communication unit (receiving unit) 25 Algorithm operation part (reception side operation part) 2K, 2Ka, 2Kb, 2Kc Verification key information (corresponding key information) 4 Central unit (transmitting unit) 40 Control unit (transmission side calculation unit) 411 Algorithm P program (transmission side computing unit) 41 Storage unit (transmission side storage unit) 43 Communication part (transmission part) 4K signature key information (predetermined key information) 5 Terminal device (receiving device) 50 Control unit (receiver side calculation unit) 511 Algorithm Q program (receiver side calculation unit) 51 storage unit (reception side storage unit) 53 Communication unit (

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The purpose of the present invention is to provide a communication system and communication method that are capable of realizing safe communications with a small amount of communication and small amount of computations. Provided is a communication system in which information is transmitted and received between a transmission device and a receiving device, wherein the transmission device: stores prescribed key information in advance; perform computations using arbitrary data and the prescribed key information as input, on the basis of a first algorithm for uniquely outputting a set of a plurality of information items; and transmits, to the receiving device, the data and a prescribed information item from among the plurality of information items included in the set output by the computation unit. The receiving device: stores, in advance, corresponding key information which uniquely corresponds to the prescribed key information; receives the data and the prescribed information item transmitted by the transmission unit; and uses the received data and prescribed information item, as well as the corresponding key information, as input to perform computations on the basis of a second algorithm for outputting the other information item from among the plurality of information items included in the set output on the basis of the first algorithm.

Description

通信システム及び通信方法Communication system and communication method
 本発明は、通信装置間で秘匿されるべき情報を共有する通信システムに関し、少ない通信量及び演算量で安全な通信を実現することができる通信システム及び通信方法に関する。 The present invention relates to a communication system that shares information that should be kept secret between communication apparatuses, and relates to a communication system and a communication method that can realize safe communication with a small amount of communication and a large amount of computation.
 第三者に内容を知られないように情報を送受信するために種々の暗号方式が提案され、利用されている(特許文献1等)。 Various encryption schemes have been proposed and used for transmitting and receiving information so that the contents are not known to third parties (Patent Document 1, etc.).
 暗号方式の代表的なものとして、公開鍵暗号方式がある。公開鍵暗号方式では、秘密鍵と公開鍵という非対称な鍵の情報を用い、秘密鍵を持つ受信者側から秘密鍵に対応する公開鍵を送信者へ送信する。送信者側で公開鍵を用いて共有する情報を暗号化して送信し、受信者は対応する秘密鍵で暗号化された情報を復号する。公開鍵では復号は不可能であり、公開鍵から秘密鍵を導出することは困難であるから、公開鍵が第三者に知られても情報を秘密状態のままで送受信することができる。 A typical encryption method is a public key encryption method. In the public key cryptosystem, information on asymmetric keys such as a secret key and a public key is used, and a public key corresponding to the secret key is transmitted from the receiver side having the secret key to the sender. The sender side encrypts and transmits the information shared using the public key, and the receiver decrypts the information encrypted with the corresponding private key. Since decryption is impossible with a public key and it is difficult to derive a secret key from a public key, information can be transmitted and received in a secret state even if the public key is known to a third party.
 公開鍵暗号方式とは異なる共通鍵暗号方式では、鍵情報自体を秘密の情報として共有するためにDiffie-Hellman鍵共有が使用されている。Diffie-Hellman鍵共有では、送信者と受信者とが、互いに別途個別に秘密の情報を用いて公開できる値を算出し、算出された値を相互に交換し、交換により得た値と自身の個別の秘密の情報とを用いて所定の演算を行なった場合、等しい値(秘密鍵)が導出されるというものである。これにより、交換されるものが第三者に知られたとしても、送信者と受信者とが互いに等しい情報(秘密鍵)を第三者に知られずに共有することができる。なおこの場合第三者が交換される情報を途中ですり替えるなどした場合(中間者攻撃)には情報を秘密にして共有することは難しくなるところ、事前に予め別途情報を共有しておく楕円曲線Diffie-Hellman鍵共有の方法によりこの問題が解決されている。楕円曲線Diffie-Hellman鍵共有の方法により、送信者及び受信者の間で秘密の状態で共有されるべき情報を安全に、任意のタイミングで更新することができる。 Diffie-Hellman key sharing is used in common key cryptography different from public key cryptography to share key information as secret information. In Diffie-Hellman key sharing, the sender and receiver calculate values that can be disclosed separately using secret information separately from each other, exchange the calculated values with each other, and exchange the calculated values with their own values. When a predetermined calculation is performed using individual secret information, an equal value (secret key) is derived. Thereby, even if what is exchanged is known to the third party, the sender and the receiver can share the same information (secret key) without being known to the third party. In this case, if the information exchanged by a third party is changed in the middle (man-in-the-middle attack), it is difficult to share information secretly, but an elliptic curve that shares information beforehand beforehand The Diffie-Hellman key agreement method solves this problem. With the method of elliptic curve Diffie-Hellman key sharing, information to be shared in a secret state between the sender and the receiver can be updated safely and at any timing.
特開2000-354031号公報JP 2000-354031 A
 楕円曲線Diffie-Hellman鍵共有の方法では、公開可能な情報を相互に送受信し合うこと、即ち双方向通信を行なって初めて等しい情報を秘密に共有できる。公開鍵暗号方式においても、受信者側からの公開鍵の送信と送信者側からの暗号化された情報の送信という双方向通信が必要である。しかもいずれの方法も豊富な演算資源が必要であり、処理には比較的長時間を要する。 In the elliptic curve Diffie-Hellman key sharing method, publicly available information can be transmitted and received mutually, that is, equal information can be shared secretly only after two-way communication is performed. Also in the public key cryptosystem, two-way communication is required, that is, transmission of a public key from the receiver side and transmission of encrypted information from the sender side. In addition, both methods require abundant computing resources, and processing takes a relatively long time.
 本発明は斯かる事情に鑑みてなされたものであり、少ない通信量で安全な通信を実現することができる通信システム及び通信方法を提供することを目的とする。 The present invention has been made in view of such circumstances, and an object thereof is to provide a communication system and a communication method capable of realizing safe communication with a small communication amount.
 本発明の一態様に係る通信システムは、送信装置と受信装置との間で情報を送受信する通信システムにおいて、前記送信装置は、所定の鍵情報を予め記憶している送信側記憶部と、任意のデータ及び前記所定の鍵情報を入力として、複数の情報の組を一意に出力する第1アルゴリズムに基づき演算する送信側演算部と、前記データ及び前記送信側演算部により出力された前記組に含まれる複数の情報の内の所定の情報を前記受信装置へ送信する送信部とを備え、前記受信装置は、前記所定の鍵情報に一意に対応する対応鍵情報を予め記憶している受信側記憶部と、前記送信部により送信された前記データ及び前記所定の情報を受信する受信部と、前記受信部により受信したデータ及び所定の情報並びに前記対応鍵情報を入力として、第1アルゴリズムに基づき出力された前記組に含まれる複数の情報の内の他の情報を出力する第2アルゴリズムに基づき演算する受信側演算部とを備える。 A communication system according to an aspect of the present invention is a communication system that transmits and receives information between a transmission device and a reception device, wherein the transmission device includes a transmission-side storage unit that stores predetermined key information in advance, and an arbitrary The data and the predetermined key information as inputs, a transmission side calculation unit that calculates based on a first algorithm that uniquely outputs a plurality of sets of information, and the set output by the data and the transmission side calculation unit A receiving unit that stores in advance the corresponding key information uniquely corresponding to the predetermined key information. The storage unit, the receiving unit that receives the data and the predetermined information transmitted by the transmitting unit, the data received by the receiving unit, the predetermined information, and the corresponding key information are input. And a receiving-side calculating unit for calculating on the basis of the second algorithm for outputting other information in the plurality of information included on the output said set based on Gorizumu.
 本発明の一態様に係る通信方法は、送信装置と受信装置との間で情報を送受信する通信方法において、前記送信装置は、所定の鍵情報を予め記憶しておき、任意のデータ及び前記所定の鍵情報を入力として、複数の情報の組を一意に出力する第1アルゴリズムに基づき演算し、前記データ及び演算により出力された前記組に含まれる複数の情報の内の所定の情報を前記受信装置へ送信し、前記受信装置は、前記所定の鍵情報に一意に対応する対応鍵情報を予め記憶しておき、前記送信部により送信された前記データ及び前記所定の情報を受信し、受信された前記データ及び所定の情報、並びに前記対応鍵情報を入力として、前記第1アルゴリズムに基づき出力された前記組に含まれる複数の情報の内の他の情報を出力する第2アルゴリズムに基づき演算する。 A communication method according to one aspect of the present invention is a communication method in which information is transmitted and received between a transmission device and a reception device. The transmission device stores predetermined key information in advance, and stores arbitrary data and the predetermined information. The key information is input based on a first algorithm that uniquely outputs a plurality of sets of information, and the data and predetermined information included in the sets output by the calculation are received. And the reception device stores in advance corresponding key information uniquely corresponding to the predetermined key information, and receives and receives the data and the predetermined information transmitted by the transmission unit. A second algorithm that receives the data, the predetermined information, and the corresponding key information as input, and outputs other information of the plurality of pieces of information included in the set output based on the first algorithm Based computed.
 なお本願は、このような特徴的な各構成部を備える通信システム及び通信方法として実現することができるだけでなく、通信システムに含まれる送信装置、受信装置、そしてかかる特徴的なステップをコンピュータに実行させるプログラムとして夫々実現することができる。また、通信システムに含まれる送信装置及び受信装置、又は、上述の通信方法の一部又は全部を実現する半導体集積回路として実現することも、通信システムを含むその他のシステムとして実現することも可能である。 Note that the present application can be realized not only as a communication system and a communication method including such characteristic components, but also in a computer that performs a transmission device, a reception device, and such characteristic steps included in the communication system. Each can be realized as a program to be executed. In addition, it can be realized as a transmission device and a reception device included in the communication system, or a semiconductor integrated circuit that realizes part or all of the communication method described above, or as another system including the communication system. is there.
 上記によれば、送信装置と受信装置との間で双方向通信を行なうことなしにデータ及び所定の情報を送信するという一回の送信処理によって、第三者に知られないように同一の情報を導出して共有することが可能になる。これにより、少ない通信量及び演算量で安全な通信を実現することができる。 According to the above, the same information is disclosed so that it is not known to a third party by a single transmission process of transmitting data and predetermined information without performing bidirectional communication between the transmission device and the reception device. Can be derived and shared. Thereby, a safe communication can be realized with a small communication amount and a calculation amount.
本発明における秘密情報の共有の概念を示す説明図である。It is explanatory drawing which shows the concept of the sharing of secret information in this invention. 実施の形態1における通信システムの構成を示すブロック図である。1 is a block diagram showing a configuration of a communication system in a first embodiment. 実施の形態1の通信システムにおける通信装置間にて実施される処理手順の一例を示すフローチャートである。3 is a flowchart illustrating an example of a processing procedure performed between communication devices in the communication system according to the first embodiment. 実施の形態1における通信装置にて実行される通信処理の手順の一例を示すシーケンス図である。6 is a sequence diagram illustrating an example of a procedure of communication processing executed by the communication device according to Embodiment 1. FIG. 従来の秘密の共有方法(Diffie-Hellman鍵共有)における手順を示すシーケンス図である。It is a sequence diagram which shows the procedure in the conventional secret sharing method (Diffie-Hellman key sharing). 実施の形態1における通信方法を用いた認証処理手順の一例を示すフローチャートである。6 is a flowchart illustrating an example of an authentication processing procedure using the communication method according to the first embodiment. 実施の形態2における通信システムの構成を示すブロック図である。6 is a block diagram showing a configuration of a communication system in a second embodiment. FIG. 実施の形態2の通信システムにて実施される通信方法の概要を示す説明図である。6 is an explanatory diagram illustrating an outline of a communication method performed in the communication system according to Embodiment 2. FIG. 変形例にて実施される通信方法の概要を示す説明図である。It is explanatory drawing which shows the outline | summary of the communication method implemented in a modification. 実施の形態3における通信システムの構成を示すブロック図である。FIG. 10 is a block diagram illustrating a configuration of a communication system in a third embodiment.
[本発明の実施形態の説明]
 最初に本発明の実施態様を列記して説明する。また、以下に記載する実施形態の少なくとも一部を任意に組み合わせてもよい。 [Description of Embodiment of the Present Invention]
First, embodiments of the present invention will be listed and described. Moreover, you may combine arbitrarily at least one part of embodiment described below.
 (1)本発明の一態様に係る通信システムは、送信装置と受信装置との間で情報を送受信する通信システムにおいて、前記送信装置は、所定の鍵情報を予め記憶している送信側記憶部と、任意のデータ及び前記所定の鍵情報を入力として、複数の情報の組を一意に出力する第1アルゴリズムに基づき演算する送信側演算部と、前記データ及び前記送信側演算部により出力された前記組に含まれる複数の情報の内の所定の情報を前記受信装置へ送信する送信部とを備え、前記受信装置は、前記所定の鍵情報に一意に対応する対応鍵情報を予め記憶している受信側記憶部と、前記送信部により送信された前記データ及び前記所定の情報を受信する受信部と、前記受信部により受信したデータ及び所定の情報並びに前記対応鍵情報を入力として、第1アルゴリズムに基づき出力された前記組に含まれる複数の情報の内の他の情報を出力する第2アルゴリズムに基づき演算する受信側演算部とを備える。 (1) A communication system according to an aspect of the present invention is a communication system in which information is transmitted and received between a transmission device and a reception device, wherein the transmission device stores predetermined key information in advance. An arbitrary data and the predetermined key information as inputs, a transmission side calculation unit that calculates based on a first algorithm that uniquely outputs a plurality of sets of information, and the data and the transmission side calculation unit output A transmitting unit that transmits predetermined information of the plurality of pieces of information included in the set to the receiving device, wherein the receiving device stores in advance corresponding key information uniquely corresponding to the predetermined key information. The receiving side storage unit, the receiving unit that receives the data and the predetermined information transmitted by the transmitting unit, the data received by the receiving unit and the predetermined information, and the corresponding key information as inputs, And a receiving-side operation unit calculating for on the basis of the second algorithm for outputting other information in the plurality of information included on the output said set based on 1 algorithm.
 本願にあっては、第1及び第2アルゴリズム(1つのアルゴリズムの送信側の演算方法及び受信側の演算方法)により、データと対応する鍵情報とに基づいて所定の複数の情報の組を演算する演算部を夫々有する送信装置と受信装置との間で、データと前記組に含まれる所定の情報を送信装置から受信装置へ送信することで、受信装置側で前記組に含まれる他の情報を導出することができる。対応する鍵情報を事前に秘密の状態で相互に持つことができれば、データと前記所定の情報を第三者に公開、即ち通信媒体上に送出したとしても、同一の情報を第三者に知られることなく導出することができる。 In the present application, the first and second algorithms (the calculation method on the transmission side and the calculation method on the reception side of one algorithm) are used to calculate a predetermined plurality of sets of information based on the data and the corresponding key information. By transmitting the data and the predetermined information included in the set from the transmission device to the reception device between the transmission device and the reception device each having a calculation unit to perform other information included in the set on the reception device side Can be derived. If the corresponding key information can be held in a secret state in advance, even if the data and the predetermined information are disclosed to a third party, that is, sent to a communication medium, the same information is known to the third party. It can be derived without being done.
 (2)本発明の一態様に係る通信システムは、前記受信装置を複数含み、前記送信装置は、複数の受信装置夫々に対応する異なる鍵情報を前記送信側記憶部に記憶しておき、複数の受信装置は、前記異なる鍵情報夫々に対応する対応鍵情報を予め前記受信側記憶部に記憶している。 (2) A communication system according to an aspect of the present invention includes a plurality of the reception devices, and the transmission device stores different key information corresponding to each of the plurality of reception devices in the transmission-side storage unit. The receiving device stores corresponding key information corresponding to each of the different key information in the receiving-side storage unit in advance.
 本願にあっては、受信装置が複数含まれる構成であっても、送信装置と複数の受信装置の内のいずれか1つとの組毎に、鍵情報と対応鍵情報との組み合わせを送信装置側及び受信装置側で予め秘密状態で記憶しておくことで、各組で相互に他の受信装置に知られないように同一の情報を導出することができる。 In the present application, even in a configuration including a plurality of receiving devices, a combination of key information and corresponding key information is set for each pair of the transmitting device and any one of the plurality of receiving devices. And by storing in a secret state in advance on the receiving device side, the same information can be derived so that each receiving device does not know each other.
 (3)本発明の一態様に係る通信システムは、前記所定の鍵情報は署名鍵であり、前記対応鍵情報は検証鍵であり、第1アルゴリズムは署名及び比較用署名を出力する署名生成アルゴリズムであり、第2アルゴリズムは、前記検証鍵及び前記署名に基づき前記比較用署名を出力する署名検証アルゴリズムであり、前記送信部は、前記データ及び署名生成アルゴリズムにより出力される署名を送信するようにしてある。 (3) In the communication system according to one aspect of the present invention, the predetermined key information is a signature key, the corresponding key information is a verification key, and the first algorithm is a signature generation algorithm that outputs a signature and a comparison signature. The second algorithm is a signature verification algorithm that outputs the comparison signature based on the verification key and the signature, and the transmission unit transmits the signature output by the data and the signature generation algorithm. It is.
 本願にあっては、暗号化された情報を受信側で復号して元の情報と一致するか否かの検算を行なうことで署名を検証する署名検証アルゴリズムを採用し、鍵暗号方式よりも少ない通信量及び演算量でデータの通信を安全に行なうことが可能となる。 In the present application, a signature verification algorithm that verifies the signature by decrypting the encrypted information on the receiving side and verifying whether or not it matches the original information is employed, which is less than the key encryption method. It becomes possible to perform data communication safely with a communication amount and a calculation amount.
 (4)本発明の一態様に係る通信方法は、送信装置と受信装置との間で情報を送受信する通信方法において、前記送信装置は、所定の鍵情報を予め記憶しておき、任意のデータ及び前記所定の鍵情報を入力として、複数の情報の組を一意に出力する第1アルゴリズムに基づき演算し、前記データ及び演算により出力された前記組に含まれる複数の情報の内の所定の情報を前記受信装置へ送信し、前記受信装置は、前記所定の鍵情報に一意に対応する対応鍵情報を予め記憶しておき、前記送信部により送信された前記データ及び前記所定の情報を受信し、受信された前記データ及び所定の情報、並びに前記対応鍵情報を入力として、前記第1アルゴリズムに基づき出力された前記組に含まれる複数の情報の内の他の情報を出力する第2アルゴリズムに基づき演算する。 (4) A communication method according to one aspect of the present invention is a communication method in which information is transmitted and received between a transmission device and a reception device. The transmission device stores predetermined key information in advance and stores arbitrary data. And the predetermined key information as an input, calculation based on a first algorithm that uniquely outputs a plurality of sets of information, and predetermined information among a plurality of information included in the set output by the data and calculation To the receiving device, the receiving device stores in advance corresponding key information uniquely corresponding to the predetermined key information, and receives the data and the predetermined information transmitted by the transmitting unit. A second algorithm that receives the received data, the predetermined information, and the corresponding key information as input, and outputs other information of the plurality of pieces of information included in the set output based on the first algorithm. Calculating on the basis of the rhythm.
 本願にあっては、上述の態様(1)同様に、第1及び第2アルゴリズムにより、データと対応する鍵情報とに基づいて所定の複数の情報の組を演算する演算部を夫々有する送信装置と受信装置との間で、データと前記組に含まれる所定の情報を送信装置から受信装置へ送信することで、受信装置側で前記組に含まれる他の情報を導出することができる。対応する鍵情報を事前に秘密の状態で相互に持つことができれば、データと前記所定の情報を第三者に公開、即ち通信媒体上に送出したとしても、同一の情報を第三者に知られることなく導出することができる。 In the present application, similarly to the above-described aspect (1), each of the transmission devices includes a calculation unit that calculates a predetermined plurality of sets of information based on data and corresponding key information by the first and second algorithms. By transmitting the data and the predetermined information included in the set from the transmitting device to the receiving device, the receiving device can derive other information included in the set. If the corresponding key information can be held in a secret state in advance, even if the data and the predetermined information are disclosed to a third party, that is, sent to a communication medium, the same information is known to the third party. It can be derived without being done.
[本発明の実施形態の詳細]
 以下、本発明をその実施形態を示す図面に基づいて具体的に説明する。なお、以下に示す実施の形態は例示であって、本発明は以下の構成に限られないことは勿論である。 [Details of the embodiment of the present invention]
Hereinafter, the present invention will be specifically described with reference to the drawings illustrating embodiments thereof. In addition, the embodiment shown below is an illustration, and of course, the present invention is not limited to the following configuration.
 図1は、本発明における秘密情報の共有の概念を示す説明図である。図1中左側に送信者側で使用する情報を示し、図1中右側に受信者側で使用する情報を示している。以下に説明する実施の形態では、鍵の情報(Key X)及び平文(α)によって、所定の複数の情報の組(β、γ、…)が一意に導出されるアルゴリズムPを用いる。そして、予め上述の鍵の情報(Key X)と対となる鍵の情報(Key Y)を持たせておいた受信者側において、複数の情報の組(β、γ、…)の内の所定の情報(β)と平文(α)とを送信者側から受信する。受信者側ではアルゴリズムPに対応するアルゴリズムQ(=P´)によって前記組の内の他の情報(γ)を導出し、図1中二重丸で示す他の情報(γ)を秘密裏に共有する対象とする。以下の説明では、対となる鍵の情報(Key X,Y)及び平文(α)によって、検証用の複数の情報の組(β、γ)が一意に導出されるアルゴリズムとして署名専用アルゴリズムを用いるが、署名専用アルゴリズムに限らないことは勿論である。 FIG. 1 is an explanatory diagram showing the concept of sharing secret information in the present invention. The information used on the sender side is shown on the left side in FIG. 1, and the information used on the receiver side is shown on the right side in FIG. In the embodiment described below, an algorithm P is used in which a predetermined plurality of sets of information (β, γ,...) Are uniquely derived from key information (Key X) and plaintext (α). On the receiver side that has previously been given key information (Key Y) that is paired with the above key information (Key X), a predetermined one of a plurality of information sets (β, γ,...) Information (β) and plaintext (α) are received from the sender side. On the receiver side, other information (γ) in the set is derived by the algorithm Q (= P ′) corresponding to the algorithm P, and the other information (γ) indicated by a double circle in FIG. Target for sharing. In the following description, a signature-dedicated algorithm is used as an algorithm for uniquely deriving a plurality of verification information sets (β, γ) from paired key information (Key X, Y) and plaintext (α). However, it goes without saying that the algorithm is not limited to a signature-only algorithm.
 署名専用アルゴリズムでは、公開鍵暗号方式における秘匿されるべき情報(α=データ(平文))をそのまま送受信し、鍵(Key X)を用いて暗号化された検証用の情報(β、γ=意味のないもの)を用いて送信者を認証するものであるから、秘匿されるべき共有の情報という概念がない。本発明では、署名専用アルゴリズムによって平文(α)及び予め用意した鍵(Key X,Y)に基づいて導出される署名(複数の情報の組(β、γ))の内の検証用の値(γ)が、平文(α)及び前記鍵に対応する鍵(Key Y)と、署名の内の所定の情報(β)とに基づいて再導出できる(検証が可能である)ところに着目し、これ(γ)を共有の対象とするものである。以下に実施の形態1~3によって具体的に説明する。 In the signature-only algorithm, information to be concealed in the public key cryptosystem (α = data (plain text)) is sent and received as is, and verification information (β, γ = meaning) encrypted using the key (Key X) The sender is used to authenticate the sender, and there is no concept of shared information that should be kept secret. In the present invention, a verification value (of a set of information (β, γ)) derived from a plaintext (α) and a key (Key X, Y) prepared in advance by a signature-dedicated algorithm ( Focusing on the fact that γ) can be re-derived (verifiable) based on the plaintext (α) and the key corresponding to the key (Key Y) and the predetermined information (β) in the signature, This (γ) is to be shared. This will be specifically described below with reference to Embodiments 1 to 3.
 (実施の形態1)
 図2は、実施の形態1における通信システムの構成を示すブロック図である。通信システムは車載ネットワークであり、通信装置1及び通信装置2を含む。通信装置1,2はいずれもECU(Electronic Controller Unit)であり、通信装置1,2間は通信バス3により接続されている。通信装置1,2は例えばCAN(Controller Area Network )に基づき相互に通信を行なう。 (Embodiment 1)
FIG. 2 is a block diagram showing a configuration of the communication system in the first embodiment. The communication system is an in-vehicle network and includes a communication device 1 and a communication device 2. Each of the communication devices 1 and 2 is an ECU (Electronic Controller Unit), and the communication devices 1 and 2 are connected by a communication bus 3. The communication devices 1 and 2 communicate with each other based on, for example, CAN (Controller Area Network).
 通信装置1は、制御部10、記憶部11、通信部12、乱数発生部13、ハッシュ演算部14及びアルゴリズム演算15を備える。 The communication device 1 includes a control unit 10, a storage unit 11, a communication unit 12, a random number generation unit 13, a hash calculation unit 14, and an algorithm calculation 15.
 制御部10は、例えば1つ若しくは複数のCPU(Central Processing Unit )又はマルチコアCPUを用い、ROM(Read Only Memory)、RAM(Random Access Memory)、入出力インタフェース、タイマ等を有するマイクロコントローラである。制御部10のCPUは、入出力インタフェースを介して記憶部11、通信部12、乱数演算部13、ハッシュ演算部14、及びアルゴリズム演算部15に接続されている。制御部10は、内蔵するROMに記憶されている組み込み系の制御プログラムを実行することにより、各構成部の動作を制御する。 The control unit 10 is a microcontroller using, for example, one or a plurality of CPUs (Central Processing Unit) or a multi-core CPU, and having a ROM (Read Only Memory), a RAM (Random Access Memory), an input / output interface, a timer, and the like. The CPU of the control unit 10 is connected to the storage unit 11, the communication unit 12, the random number calculation unit 13, the hash calculation unit 14, and the algorithm calculation unit 15 via an input / output interface. The control unit 10 controls the operation of each component unit by executing a built-in control program stored in a built-in ROM.
 記憶部11は、フラッシュメモリを用いる。記憶部11は、制御部10が処理時に参照する情報を記憶する。記憶部11には、予め署名鍵情報1Kが秘密の状態で記憶されている。署名鍵情報1Kが記憶されるタイミングは、通信装置1自体の組み立て時、通信装置1を含む通信システムを構築した後のテスト実行時、車両点検時等の特定のタイミングである。署名鍵情報1Kは特定のタイミングで、安全に秘密状態で記憶されるように別途暗号化などの技術を用いて記憶されるとよい。また記憶部11には、予め通信装置2の認証用のパスワードを記憶している。 The storage unit 11 uses a flash memory. The storage unit 11 stores information that the control unit 10 refers to during processing. In the storage unit 11, signature key information 1K is stored in advance in a secret state. The timing at which the signature key information 1K is stored is a specific timing such as when the communication apparatus 1 itself is assembled, when a test is performed after the communication system including the communication apparatus 1 is constructed, and when a vehicle is inspected. The signature key information 1K may be stored separately using a technique such as encryption so that it can be securely stored in a secret state at a specific timing. The storage unit 11 stores a password for authentication of the communication device 2 in advance.
 通信部12は、トランシーバを用いて通信バス3を介した通信装置2との通信を実現する。通信部12は制御部10に含まれる通信コントローラの機能により、制御部10から指示される情報を通信装置2へ送信し、通信バス3に送出されている情報を検知して受信し、制御部10へ出力する。 The communication unit 12 implements communication with the communication device 2 via the communication bus 3 using a transceiver. The communication unit 12 transmits information instructed from the control unit 10 to the communication device 2 by the function of the communication controller included in the control unit 10, detects and receives information sent to the communication bus 3, and receives the control unit 10 is output.
 乱数演算部13は、シードを入力して乱数を発生し、出力する集積回路である。制御部10は例えばタイマから得られる時刻情報等をシードにして乱数演算部13に与え、乱数を取得することが可能である。 The random number calculation unit 13 is an integrated circuit that inputs seeds to generate and output random numbers. For example, the control unit 10 can use the time information obtained from a timer as a seed and give it to the random number calculation unit 13 to obtain a random number.
 ハッシュ演算部14は、数値情報を入力してハッシュ関数の演算を行ない、ハッシュ値を出力する集積回路である。制御部10は乱数演算部13から得られる乱数をハッシュ演算部14に与え、ハッシュ値を取得することが可能である。 The hash calculation unit 14 is an integrated circuit that inputs numerical information, performs a hash function calculation, and outputs a hash value. The control unit 10 can obtain a hash value by giving the random number obtained from the random number calculation unit 13 to the hash calculation unit 14.
 アルゴリズム演算部15は、ECDSA(Elliptic Curve Digital Signature Algorithm)署名方式による署名検証アルゴリズムを実行する集積回路である。アルゴリズム演算部15は、任意のデータ(ハッシュ値)及び署名鍵情報1Kを入力し、署名(r,s)を出力する。 The algorithm calculation unit 15 is an integrated circuit that executes a signature verification algorithm by an ECDSA (Elliptic Curve Digital Signature Algorithm) signature scheme. The algorithm calculation unit 15 inputs arbitrary data (hash value) and signature key information 1K, and outputs a signature (r, s).
 通信装置2は通信装置1と同様の構成部を備えるので、対応する符号を付して詳細な説明を省略する。ただし通信装置2は記憶部21に予め、通信装置1の署名鍵情報1Kに対応する検証鍵情報2Kを記憶している。検証鍵情報2Kも事前に秘密の状態で記憶されている。検証鍵情報2Kが記憶されるタイミングは署名鍵情報1Kが通信装置1の記憶部11に記憶されるタイミングと同様である。検証鍵情報2Kも、安全に秘密状態で記憶されるように別途暗号化などの技術を用いて記憶されるとよい。また記憶部21には認証用のパスワードが記憶されている。 Since the communication device 2 includes the same components as the communication device 1, the corresponding reference numerals are assigned and detailed description is omitted. However, the communication device 2 stores verification key information 2K corresponding to the signature key information 1K of the communication device 1 in the storage unit 21 in advance. Verification key information 2K is also stored in a secret state in advance. The timing at which the verification key information 2K is stored is the same as the timing at which the signature key information 1K is stored in the storage unit 11 of the communication device 1. The verification key information 2K may also be stored separately using a technique such as encryption so that it can be securely stored in a secret state. The storage unit 21 stores an authentication password.
 また通信装置2のアルゴリズム演算部25は、通信装置1のアルゴリズム演算部15の演算と対応する演算を実行する集積回路である。アルゴリズム演算部25は、アルゴリズム演算部15へ入力したデータ、該データにより出力された署名(r,s)の内の署名s、及び記憶部21の検証鍵情報2Kを入力した場合に署名rを出力する。 The algorithm calculation unit 25 of the communication device 2 is an integrated circuit that executes a calculation corresponding to the calculation of the algorithm calculation unit 15 of the communication device 1. The algorithm calculation unit 25 receives the signature r when the data input to the algorithm calculation unit 15, the signature s of the signature (r, s) output by the data, and the verification key information 2K of the storage unit 21 are input. Output.
 上述のように構成される通信装置1と通信装置2との間で行なわれる通信処理についてフローチャートを参照して説明する。図3は、実施の形態1における通信装置1,2にて実行される通信処理の手順の一例を示すフローチャートである。 Communication processing performed between the communication device 1 and the communication device 2 configured as described above will be described with reference to a flowchart. FIG. 3 is a flowchart illustrating an example of a procedure of communication processing executed by the communication devices 1 and 2 according to the first embodiment.
 通信装置1の制御部10は、秘密の情報の共有を開始するべく時刻情報をシードとして乱数演算部13により乱数を発生させ(ステップS11)、得られた乱数に基づきハッシュ演算部14によりハッシュ値を取得する(ステップS12)。制御部10は、取得したハッシュ値及び署名鍵情報1Kをアルゴリズム演算部15に与えて署名(r,s)を取得する(ステップS13)。 The control unit 10 of the communication device 1 generates a random number by the random number calculation unit 13 using the time information as a seed to start sharing of secret information (step S11), and the hash value calculation unit 14 based on the obtained random number Is acquired (step S12). The control unit 10 gives the acquired hash value and signature key information 1K to the algorithm calculation unit 15 to acquire the signature (r, s) (step S13).
 制御部10は、取得した署名(r,s)の内の署名rを記憶部11に記憶し(ステップS14)、他方の署名s及びステップS12で取得したハッシュ値を通信装置2へ送信する(ステップS15)。 The control unit 10 stores the signature r in the acquired signature (r, s) in the storage unit 11 (step S14), and transmits the other signature s and the hash value acquired in step S12 to the communication device 2 ( Step S15).
 通信装置2の制御部20は、通信部22により署名s及びハッシュ値を受信し(ステップS21)、受信した署名s、ハッシュ値、及び検証鍵情報2Kをアルゴリズム演算部25に与えて署名rを導出させ、取得する(ステップS22)。制御部20は、取得した署名rを記憶部21に記憶し(ステップS23)、処理を終了する。 The control unit 20 of the communication apparatus 2 receives the signature s and the hash value by the communication unit 22 (step S21), and gives the received signature s, hash value, and verification key information 2K to the algorithm calculation unit 25 to obtain the signature r. Derived and acquired (step S22). The control unit 20 stores the acquired signature r in the storage unit 21 (step S23) and ends the process.
 このとき通信装置1の記憶部11と通信装置2の記憶部21には、暗号化を行なった上での署名rを送受信することなしに、同一の内容の署名rが記憶されている。このように、通信装置1から通信装置2へ1回の送信処理で秘密の情報を共有できる。 At this time, the signature r having the same contents is stored in the storage unit 11 of the communication device 1 and the storage unit 21 of the communication device 2 without transmitting / receiving the encrypted signature r. In this way, secret information can be shared from the communication device 1 to the communication device 2 by a single transmission process.
 図4は、上述した実施の形態1における通信方法の手順を示すシーケンス図である。図5は、従来の秘密の共有方法(Diffie-Hellman鍵共有)における手順を示すシーケンス図である。実施の形態1における通信方法の場合、図4に示すように、情報(署名r)を共有するための通信装置1と通信装置2との間のやり取りは、通信装置1側から署名s及びハッシュ値の送信(S15)の1回で完了する。一方で従来の秘密の共有方法では、送信装置と受信装置との間で相互に公開できる値の交換が必要である。このようにして、少ない通信量(回数)にて秘密の状態で情報を共有することが可能である。 FIG. 4 is a sequence diagram showing the procedure of the communication method in the first embodiment described above. FIG. 5 is a sequence diagram showing a procedure in a conventional secret sharing method (Diffie-Hellman key sharing). In the case of the communication method according to the first embodiment, as shown in FIG. 4, the exchange between the communication device 1 and the communication device 2 for sharing information (signature r) is performed from the communication device 1 side by the signature s and the hash. It is completed in one transmission of value (S15). On the other hand, the conventional secret sharing method requires exchange of values that can be disclosed to each other between the transmission device and the reception device. In this way, it is possible to share information in a secret state with a small amount of communication (number of times).
 なお、アルゴリズム演算部15により出力される署名(r,s)はECDSAに基づき出力される数値情報であって得られる情報に条件がある。したがって上述の方法により署名rを秘密の情報共有できるが、署名rの用途としては内容に意味はないが秘匿されるべき鍵となるような数値情報、例えばハッシュ演算のシードがよい。以下に示すように、通信装置1をサーバとし、通信装置2をクライアントとして、通信装置2が通信システムにおける正当な装置であるかを認証する際に署名rをハッシュ演算のシードとして用いることが可能である。 Note that the signature (r, s) output by the algorithm calculation unit 15 is numerical information output based on ECDSA, and there is a condition on the information obtained. Therefore, the secret information can be shared with the signature r by the above-described method. However, for the purpose of the signature r, numerical information that is meaningless but serves as a key to be concealed, for example, a hash calculation seed is preferable. As shown below, when the communication device 1 is a server, the communication device 2 is a client, and the communication device 2 is authenticated as a valid device in the communication system, the signature r can be used as a seed for the hash calculation. It is.
 図6は、実施の形態1における通信方法を用いた認証処理手順の一例を示すフローチャートである。図6の処理手順の内、図3のフローチャートに示した処理手順と共通する手順については同一の符号を付して詳細な説明を省略する。 FIG. 6 is a flowchart illustrating an example of an authentication processing procedure using the communication method according to the first embodiment. Among the processing procedures of FIG. 6, the same procedures as those shown in the flowchart of FIG. 3 are denoted by the same reference numerals, and detailed description thereof is omitted.
 クライアントである通信装置2の制御部20は、認証のリクエストを通信部22からサーバである通信装置1へ送信する(ステップS201)。 The control unit 20 of the communication device 2 that is the client transmits an authentication request from the communication unit 22 to the communication device 1 that is the server (step S201).
 通信装置1の通信部12は認証のリクエストを受信し(ステップS101)、受信した時刻の時刻情報をシードとして乱数演算部13により乱数を発生させ(S11)、ハッシュ値を取得する(S12)。続けて制御部10は、アルゴリズム演算部15から署名(r,s)を取得し(S13)、署名rを記憶部11に記憶し(S14)、署名s及びハッシュ値をリクエストへの応答として通信装置2へ送信する(S15)。 The communication unit 12 of the communication device 1 receives the request for authentication (step S101), generates a random number by the random number calculation unit 13 using the time information of the received time as a seed (S11), and acquires a hash value (S12). Subsequently, the control unit 10 acquires the signature (r, s) from the algorithm calculation unit 15 (S13), stores the signature r in the storage unit 11 (S14), and communicates the signature s and the hash value as a response to the request. It transmits to the apparatus 2 (S15).
 通信装置2の制御部20は、通信部22により署名s及びハッシュ値を受信し(S21)、署名rを導出して取得する(S22)。制御部20は、取得した署名rを記憶部21に記憶し(S23)、署名rをシードとして記憶部21に記憶してあるパスワードのハッシュ値をハッシュ演算部24により演算して取得する(ステップS24)。制御部20は、ステップS24で得られたハッシュ値をサーバである通信装置1へ送信する(ステップS25)。 The control unit 20 of the communication device 2 receives the signature s and the hash value by the communication unit 22 (S21), and derives and acquires the signature r (S22). The control unit 20 stores the acquired signature r in the storage unit 21 (S23), and the hash calculation unit 24 calculates and acquires the password hash value stored in the storage unit 21 using the signature r as a seed (step S23). S24). The control unit 20 transmits the hash value obtained in step S24 to the communication device 1 that is a server (step S25).
 一方、サーバである通信装置1の制御部10は、記憶した署名rをシードとして記憶部11に記憶してある通信装置2の認証用のパスワードのハッシュ値をハッシュ演算部14により演算して取得する(ステップS16)。そして制御部10は、通信装置2から送信されたハッシュ値を通信部12により受信し(ステップS17)、ステップS16で取得したハッシュ値と、ステップS17で受信したハッシュ値とを比較することにより認証を実行する(ステップS18)。ステップS18の比較結果が一致する場合は認証成功であり、不一致である場合は認証失敗である。制御部10は、認証結果を返信し(ステップS19)、通信装置2側でこれを受信し(ステップS26)、認証処理を終了する。 On the other hand, the control unit 10 of the communication device 1 as a server obtains the hash value of the authentication password of the communication device 2 stored in the storage unit 11 by using the stored signature r as a seed by the hash calculation unit 14. (Step S16). And the control part 10 receives the hash value transmitted from the communication apparatus 2 by the communication part 12 (step S17), and authenticates by comparing the hash value acquired by step S16, and the hash value received by step S17. Is executed (step S18). If the comparison results in step S18 match, authentication is successful, and if they do not match, authentication fails. The control unit 10 returns an authentication result (step S19), receives this on the communication device 2 side (step S26), and ends the authentication process.
 このように認証処理においても、少ない通信量で安全に秘密のシードを共有し、安全に認証を実行することが可能である。しかも、ECDSA署名方式のアルゴリズムを用いることで情報量も軽減することができる。上述のECUのような組み込み系のプロセッサを用いる場合であっても、処理負荷を軽減し、記憶容量を節約することも可能である。また上述した方法では中間者攻撃に対する耐性も高い。 As described above, even in the authentication process, it is possible to securely share a secret seed with a small amount of communication and execute authentication safely. In addition, the amount of information can be reduced by using an algorithm of the ECDSA signature method. Even when an embedded processor such as the above-described ECU is used, it is possible to reduce the processing load and save the storage capacity. Further, the above-described method has high resistance against man-in-the-middle attacks.
 アルゴリズム演算部15,25は、ECDSA署名方式を用いる構成としたが、DSA、RSA暗号を用いるようにしてもよい。またアルゴリズム演算部15,25は、これらの署名アルゴリズムの代替となる新たな方式によって演算を行なってもよい。つまりアルゴリズム演算部15は、鍵情報及び任意のデータを入力した場合に、複数の情報の組を出力し、出力した数値情報を入力とする対応演算を実行すると前記組の他の情報を出力するアルゴリズムであれば他の方法であってもよい。そしてアルゴリズム演算部25はアルゴリズム演算部15に対応して、入力されたデータと、アルゴリズム演算部15が出力した数値情報と、対応する鍵情報とを入力した場合に、前記数値情報と組になる他の数値情報が出力されればよい。 The algorithm calculation units 15 and 25 are configured to use the ECDSA signature method, but may use DSA or RSA encryption. Further, the algorithm calculation units 15 and 25 may perform the calculation by a new method that substitutes for these signature algorithms. That is, the algorithm calculation unit 15 outputs a plurality of sets of information when key information and arbitrary data are input, and outputs other information of the set when a corresponding calculation is performed using the output numerical information as input. Any other method may be used as long as it is an algorithm. The algorithm calculation unit 25 is paired with the numerical information when the input data, the numerical information output by the algorithm calculation unit 15 and the corresponding key information are input corresponding to the algorithm calculation unit 15. Other numerical information may be output.
 (実施の形態2)
 図7は、実施の形態2における通信システムの構成を示すブロック図である。実施の形態2における通信システムは、通信装置1、通信装置2a,2b,2cを含む。通信装置1及び通信装置2a,2b,2cはいずれもECUであり、通信バス3により接続されている。通信装置1の内部構成の詳細は、記憶部11に記憶されている情報以外は実施の形態1における通信装置1と同様である。通信装置2a,2b,2cの内部構成の詳細は、各々の記憶部21に記憶されている情報以外は実施の形態2と同様である。したがって実施の形態1と共通する構成については同一の符号を付して詳細な説明を省略する。 (Embodiment 2)
FIG. 7 is a block diagram showing a configuration of a communication system in the second embodiment. The communication system in the second embodiment includes a communication device 1 and communication devices 2a, 2b, and 2c. The communication device 1 and the communication devices 2a, 2b, and 2c are all ECUs and are connected by a communication bus 3. The details of the internal configuration of the communication device 1 are the same as those of the communication device 1 according to the first embodiment except for the information stored in the storage unit 11. The details of the internal configuration of the communication devices 2a, 2b, and 2c are the same as those in the second embodiment except for the information stored in each storage unit 21. Therefore, the same reference numerals are given to configurations common to the first embodiment, and detailed description thereof is omitted.
 実施の形態2における通信装置1の記憶部11は、複数の署名鍵情報1Ka,1Kb,1Kcを予め記憶している。署名鍵情報1Kaは、通信装置2aとの間で秘密の情報を共有するための鍵情報であり、署名鍵情報1Kbは、通信装置2bとの間で秘密の情報を共有するための鍵情報であり、署名鍵情報1Kcは、通信装置2cとの間で秘密の情報を共有するための鍵情報である。 The storage unit 11 of the communication device 1 according to the second embodiment stores a plurality of signature key information 1Ka, 1Kb, and 1Kc in advance. The signature key information 1Ka is key information for sharing secret information with the communication device 2a, and the signature key information 1Kb is key information for sharing secret information with the communication device 2b. The signature key information 1Kc is key information for sharing secret information with the communication device 2c.
 通信装置2aの記憶部21は予め、署名鍵情報1Kaに対応する検証鍵情報2Kaを記憶している。通信装置2bの記憶部21は予め、署名鍵情報1Kbに対応する検証鍵情報2Kbを記憶している。通信装置2cの記憶部21は予め、署名鍵情報1Kcに対応する検証鍵情報2Kcを記憶している。 The storage unit 21 of the communication device 2a stores in advance verification key information 2Ka corresponding to the signature key information 1Ka. The storage unit 21 of the communication device 2b stores verification key information 2Kb corresponding to the signature key information 1Kb in advance. The storage unit 21 of the communication device 2c stores verification key information 2Kc corresponding to the signature key information 1Kc in advance.
 通信装置1と通信装置2aとの間の通信処理、通信装置1と通信装置2bとの間の通信処理、通信装置1と通信装置2cとの間の通信処理は夫々が、実施の形態1における通信装置1と通信装置2との間の通信処理と同様の手順(図3)で行なわれる。 The communication process between the communication apparatus 1 and the communication apparatus 2a, the communication process between the communication apparatus 1 and the communication apparatus 2b, and the communication process between the communication apparatus 1 and the communication apparatus 2c are each in the first embodiment. The same procedure (FIG. 3) as the communication process between the communication device 1 and the communication device 2 is performed.
 ただし、対応する鍵の情報を通信装置1と通信装置2a,2b,2cとのいずれかの組毎に相互に記憶しているから、その対応する鍵情報以外では同一の情報(署名r)の出力ができないので秘密の情報の共有ができないようにしてある。図8は、実施の形態2の通信システムにて実施される通信方法の概要を示す説明図である。図8は、各通信装置1,2a,2b,2cで保有している鍵情報の対応関係と送受信される情報の流れを示す。実施の形態2において通信装置1と通信装置2aとの間で秘密の情報を共有する場合、通信装置1の制御部10は複数の署名鍵情報1Ka,1Kb,1Kcの内の通信装置2a用の署名鍵情報1Kaを用いてアルゴリズム演算部15により署名(r,s)を取得する。通信装置1の制御部10は、署名(r,s)を取得する際に入力したデータ(ハッシュ値)及び署名sを通信部12から通信バス3へ送出する。 However, since the corresponding key information is stored for each pair of the communication device 1 and the communication devices 2a, 2b, and 2c, the same information (signature r) other than the corresponding key information is stored. Since output is not possible, secret information cannot be shared. FIG. 8 is an explanatory diagram showing an outline of a communication method performed in the communication system according to the second embodiment. FIG. 8 shows the correspondence between the key information held in each communication device 1, 2a, 2b, 2c and the flow of information transmitted and received. When the secret information is shared between the communication device 1 and the communication device 2a in the second embodiment, the control unit 10 of the communication device 1 is for the communication device 2a among the plurality of signature key information 1Ka, 1Kb, 1Kc. The signature (r, s) is acquired by the algorithm calculation unit 15 using the signature key information 1Ka. The control unit 10 of the communication device 1 sends the data (hash value) and the signature s input when acquiring the signature (r, s) from the communication unit 12 to the communication bus 3.
 送出されたデータ(ハッシュ値)及び署名sは、通信バス3に接続している全ての通信装置2a,2b,2cの通信部22にて受信することが可能である。しかしながらデータ及び署名sを出力するために使用した署名鍵情報1Kaに対応する検証鍵情報2Kaを用いて演算する通信装置2aのみがアルゴリズム演算部25によって署名rを取得し、通信装置1と秘密の情報(情報r)を共有することができる。通信装置2b,2cにおいても署名鍵情報1Kaに基づくデータ及び署名sを受信することができるが、対応する検証鍵情報2Kaを所有していないので通信装置1と共通の署名rを取得することはできない。 The transmitted data (hash value) and signature s can be received by the communication units 22 of all the communication devices 2a, 2b, 2c connected to the communication bus 3. However, only the communication device 2a that operates using the verification key information 2Ka corresponding to the signature key information 1Ka used to output the data and the signature s acquires the signature r by the algorithm operation unit 25, and the communication device 1 and the secret key information 1Ka are secret. Information (information r) can be shared. The communication devices 2b and 2c can also receive the data based on the signature key information 1Ka and the signature s. However, since the corresponding verification key information 2Ka is not owned, obtaining the common signature r with the communication device 1 is not possible. Can not.
 通信装置1と通信装置2bとの間の通信処理、通信装置1と通信装置2cとの間の通信処理も同様である。 The communication process between the communication apparatus 1 and the communication apparatus 2b and the communication process between the communication apparatus 1 and the communication apparatus 2c are the same.
 実施の形態2で説明したように、送信側である通信装置1から受信側である他の通信装置2a,2b,2cへ、任意のデータ(ハッシュ値)、及び、署名(r,s)の内の署名sを送信する。この一回の送信により、通信装置1と複数の通信装置2a,2b,2c夫々との組毎に、秘密の情報を共有することができる。 As described in the second embodiment, arbitrary data (hash value) and signature (r, s) are transmitted from the communication device 1 on the transmission side to the other communication devices 2a, 2b, and 2c on the reception side. Send the signature s. With this one-time transmission, secret information can be shared for each set of the communication device 1 and each of the plurality of communication devices 2a, 2b, and 2c.
 なお、通信装置1の記憶部11に記憶される署名鍵情報1Ka,1Kb,1Kcの記憶、及び通信装置2a,2b,2cの各記憶部21に記憶される検証鍵情報2Ka,2Kb,2Kcの記憶のタイミングは種々のタイミングが考えられる。例えば、通信装置1,2a,2b,2cが夫々単体で組み立てられるタイミングでもよいし、通信システムの構築時にいずれの通信装置間で通信を行なうかが決定されるタイミングであってもよい。 Note that the signature key information 1Ka, 1Kb, 1Kc stored in the storage unit 11 of the communication device 1 and the verification key information 2Ka, 2Kb, 2Kc stored in each storage unit 21 of the communication devices 2a, 2b, 2c are stored. Various timings can be considered for the storage. For example, the timing at which the communication devices 1, 2 a, 2 b, and 2 c are individually assembled may be the timing at which which communication device is to be communicated when the communication system is constructed.
 実施の形態1及び2では、本発明に係る通信システムを例えば車載ネットワークにおけるECU間の通信に適用した。しかしながらこれに限らず、産業機器ネットワークにおけるHMI(Human Machine Interface )、PLC(Programmable Logic Controller )、コントローラ、保守用治具等を含む各種電子機器又は装置間の通信に適用してもよいことは勿論である。 In Embodiments 1 and 2, the communication system according to the present invention is applied to communication between ECUs in an in-vehicle network, for example. However, the present invention is not limited to this, and may be applied to communication between various electronic devices or devices including HMI (Human Machine Interface), PLC (Programmable Logic Controller), controller, maintenance jig, etc. in industrial equipment networks. It is.
 (変形例)
 実施の形態1及び2では、1つの送信側の通信装置と1又は複数の受信側の通信装置との間で秘密の情報(署名r)を同じタイミングで共有した。変形例においては更に、ある手順又は処理を介して秘密の情報を求めることで、本発明の通信で共有した値(署名r)とは別の情報を特定の装置間で共有する。 (Modification)
In the first and second embodiments, secret information (signature r) is shared at the same timing between one transmission-side communication device and one or more reception-side communication devices. In the modified example, by obtaining secret information through a certain procedure or process, information different from the value (signature r) shared in the communication of the present invention is shared between specific devices.
 図9は、変形例にて実施される通信方法の概要を示す説明図である。変形例では図9に示すように、同一の検証鍵情報2Kaを記憶している通信装置2であっても、検証鍵情報2Kaのみを記憶している通信装置2aの他に、「加工2」を知る通信装置2d,2f、「加工1」を知る通信装置2eが存在する。更に、「加工2」及び「加工1」の両方を知る通信装置2gが存在する。送信側である通信装置1では「加工1」を知っている。「加工1」及び「加工2」は、特定の演算手順又はアルゴリズムであって、情報を共有する装置間で予め、他に知られることなく各々の記憶部21に記憶されるものである。 FIG. 9 is an explanatory diagram showing an outline of a communication method implemented in the modified example. In the modified example, as shown in FIG. 9, even if the communication device 2 stores the same verification key information 2Ka, in addition to the communication device 2a that stores only the verification key information 2Ka, “processing 2” There are communication devices 2d and 2f that know the “processing 1” and a communication device 2e that knows “processing 1”. Further, there is a communication device 2g that knows both “processing 2” and “processing 1”. The communication apparatus 1 on the transmission side knows “processing 1”. “Processing 1” and “Processing 2” are specific calculation procedures or algorithms, and are stored in each storage unit 21 in advance without being otherwise known between devices that share information.
 図9の例では、通信装置1は署名鍵情報1Kaにより署名rを秘密の情報として取得できるのみならず、「情報r」に対する「加工1」の処理によって「情報r1」を取得することができる。通信装置2aは、署名鍵情報1Kaに対応する検証鍵情報2Kaと通信装置1から送信されるデータ及び情報sとによって「情報r」を取得することができる。一方で通信装置2b,2cは、署名鍵情報1Kaに対応する検証鍵情報2Kaを記憶していないので、通信装置1から送信されるデータ及び情報sとによって通信装置2aと同一の「情報r」を取得することができない。そして、通信装置2e及び通信装置2gは、検証鍵情報2Kaに基づき「情報r」を取得することができるのみならず、「情報r」に対する「加工1」の処理によって「情報r1」を取得することができる。これにより、通信装置2e及び通信装置2gは、通信装置1との間で通信装置2a,2b,2c,2d,2fには知り得ない「情報r1」を共有することができる。通信装置2d、通信装置2f及び通信装置2gは、検証鍵情報2Kaに基づき通信装置1及び通信装置2a等と共通の「情報r」を取得することができるのみならず、「情報r」に対する「加工2」の処理によって「情報r2」を取得することができる。通信装置2d、通信装置2f及び通信装置2gは、通信装置2a,2b,2c,2e、更には送信装置である通信装置1にも知り得ない「情報r2」を共有することができる。 In the example of FIG. 9, the communication device 1 can acquire not only the signature r as secret information by the signature key information 1Ka but also “information r1” by the process “processing 1” for “information r”. . The communication device 2a can acquire “information r” from the verification key information 2Ka corresponding to the signature key information 1Ka, the data transmitted from the communication device 1, and the information s. On the other hand, since the communication devices 2b and 2c do not store the verification key information 2Ka corresponding to the signature key information 1Ka, the same “information r” as that of the communication device 2a is transmitted by the data and information s transmitted from the communication device 1. Can not get. Then, the communication device 2e and the communication device 2g not only can acquire “information r” based on the verification key information 2Ka, but also acquire “information r1” by processing “processing 1” for “information r”. be able to. Accordingly, the communication device 2e and the communication device 2g can share “information r1” that cannot be known to the communication devices 2a, 2b, 2c, 2d, and 2f with the communication device 1. The communication device 2d, the communication device 2f, and the communication device 2g can not only acquire “information r” common to the communication device 1 and the communication device 2a based on the verification key information 2Ka, but also “ “Information r2” can be acquired by the processing of “Process 2”. The communication device 2d, the communication device 2f, and the communication device 2g can share “information r2” that cannot be known to the communication devices 2a, 2b, 2c, and 2e, and the communication device 1 that is a transmission device.
 このように、通信装置1、及び通信装置2a~2gを含むシステムにおいては、事前の合意によって、他には知られない秘密の情報を任意の組で共有することが可能になる。 As described above, in the system including the communication device 1 and the communication devices 2a to 2g, it becomes possible to share secret information that is not known elsewhere in an arbitrary set by prior agreement.
 (実施の形態3)
 本発明は、インターネット等の公衆通信網を介して相互に通信するPC(Personal Computer )、サーバコンピュータ等の通信装置間に適用することも可能であり、1対1又は1対複数で秘密の情報を共有する通信に適用することが可能である。 (Embodiment 3)
The present invention can also be applied between communication devices such as a PC (Personal Computer) and a server computer that communicate with each other via a public communication network such as the Internet, and is one-to-one or one-to-multiple secret information. It is possible to apply to communication sharing.
 実施の形態3では、サーバクライアントシステムに本発明を適用した例を示す。図10は、実施の形態3における通信システムの構成を示すブロック図である。実施の形態3における通信システムは、中央装置4及び端末装置5を含む。中央装置4はサーバコンピュータであり、端末装置5はPCである。中央装置4及び端末装置5間は、インターネット等の公衆通信網であるネットワークNを介して通信が可能である。 Embodiment 3 shows an example in which the present invention is applied to a server client system. FIG. 10 is a block diagram showing a configuration of a communication system in the third embodiment. The communication system in the third embodiment includes a central device 4 and a terminal device 5. The central device 4 is a server computer, and the terminal device 5 is a PC. Communication between the central device 4 and the terminal device 5 is possible via a network N which is a public communication network such as the Internet.
 中央装置4は、制御部40、記憶部41、一時記憶部42及び通信部43を備える。 The central device 4 includes a control unit 40, a storage unit 41, a temporary storage unit 42, and a communication unit 43.
 制御部40は、CPUを用いる。制御部40は、記憶部41に記憶されているアルゴリズムPプログラム411を読み出して実行することにより、汎用サーバコンピュータを本発明における送信装置として機能させる。一時記憶部42は、DRAM等のRAMを用い、制御部40の処理によって生成される情報を一時的に記憶する。 The control unit 40 uses a CPU. The control unit 40 reads and executes the algorithm P program 411 stored in the storage unit 41, thereby causing the general-purpose server computer to function as the transmission device in the present invention. The temporary storage unit 42 uses a RAM such as a DRAM and temporarily stores information generated by the processing of the control unit 40.
 記憶部41は、ハードディスク、フラッシュメモリ等の不揮発性メモリを用い、上述したアルゴリズムPプログラム411と、予め署名鍵情報4Kとを記憶している。アルゴリズムPプログラム411は、図1に示したアルゴリズムP、即ちECDSA署名方式による署名検証アルゴリズムに基づく演算を実現するプログラムである。 The storage unit 41 uses a nonvolatile memory such as a hard disk or a flash memory, and stores the algorithm P program 411 and the signature key information 4K in advance. The algorithm P program 411 is a program that realizes an operation based on the algorithm P shown in FIG. 1, that is, the signature verification algorithm based on the ECDSA signature scheme.
 通信部43は、ネットワークカードを用いてネットワークNを介した端末装置5との通信を実現する。通信部45が実現する通信は、有線通信又は無線通信のいずれであってもよい。 The communication unit 43 implements communication with the terminal device 5 via the network N using a network card. The communication realized by the communication unit 45 may be either wired communication or wireless communication.
 端末装置5は、制御部50、記憶部51、一時記憶部52、及び通信部53を備える。 The terminal device 5 includes a control unit 50, a storage unit 51, a temporary storage unit 52, and a communication unit 53.
 制御部50は、CPUを用いる。制御部50は、記憶部51に記憶されているアルゴリズムQプログラム511を読み出して実行することにより、汎用PCを本発明における受信装置として機能させる。一時記憶部52は、DRAM等のRAMを用い、制御部50の処理によって生成される情報を一時的に記憶する。 The control unit 50 uses a CPU. The control unit 50 reads and executes the algorithm Q program 511 stored in the storage unit 51, thereby causing the general-purpose PC to function as the receiving device in the present invention. The temporary storage unit 52 uses a RAM such as a DRAM and temporarily stores information generated by the processing of the control unit 50.
 記憶部51は、ハードディスク又はフラッシュメモリ等の不揮発性の記憶媒体を用い、上述したアルゴリズムQプログラム511と、署名鍵情報4Kに対応する検証鍵情報5Kとを記憶している。アルゴリズムQプログラム511は、中央装置4におけるアルゴリズムPプログラム411に基づく演算と対応する演算を実現するプログラムである。 The storage unit 51 uses a non-volatile storage medium such as a hard disk or a flash memory, and stores the algorithm Q program 511 and the verification key information 5K corresponding to the signature key information 4K. The algorithm Q program 511 is a program that realizes an operation corresponding to an operation based on the algorithm P program 411 in the central apparatus 4.
 通信部53は、ネットワークカードを用いてネットワークNを介した中央装置4との通信を実現する。通信部53が実現する通信は、有線通信又は無線通信のいずれであってもよい。 The communication unit 53 realizes communication with the central device 4 via the network N using a network card. The communication realized by the communication unit 53 may be either wired communication or wireless communication.
 実施の形態3の通信システムにおいて、中央装置4及び端末装置5間で行なわれる署名鍵情報4K及び検証鍵情報5Kを用いた秘密の情報(署名r)の共有のための処理は、実施の形態1における通信装置1及び通信装置2間で行なわれる処理内容(図3)と同様である。したがって詳細な説明は省略する。また実施の形態3で示した中央装置4及び端末装置5間での処理に、実施の形態2及び変形例も適用できることは勿論である。 In the communication system of the third embodiment, the process for sharing secret information (signature r) using the signature key information 4K and the verification key information 5K performed between the central device 4 and the terminal device 5 is performed in the embodiment. 1 is the same as the processing content (FIG. 3) performed between the communication device 1 and the communication device 2 in FIG. Therefore, detailed description is omitted. Of course, the second embodiment and the modification can be applied to the processing between the central device 4 and the terminal device 5 shown in the third embodiment.
 実施の形態3で示したように、本発明に係る通信システムは、PC及びサーバコンピュータによるサーバクライアントシステムに対しても適用可能である。また、実施の形態3で示したように、ソフトウェアに基づく処理によっても実現できる。 As shown in the third embodiment, the communication system according to the present invention can be applied to a server client system using a PC and a server computer. Further, as shown in the third embodiment, it can also be realized by processing based on software.
 今回開示された実施形態はすべての点で例示であって、制限的なものではないと考えられるべきである。本発明の範囲は、上記した意味ではなく、請求の範囲によって示され、請求の範囲と均等の意味及び範囲内でのすべての変更が含まれることが意図される。 It should be considered that the embodiment disclosed this time is illustrative in all respects and not restrictive. The scope of the present invention is defined not by the above-described meaning but by the scope of claims, and is intended to include all modifications within the meaning and scope equivalent to the scope of claims.
 1 通信装置(送信装置)
 11 記憶部(送信側記憶部)
 12 通信部(送信部)
 15 アルゴリズム演算部(送信側演算部)
 1K,1Ka,1Kb,1Kc 署名鍵情報(所定の鍵情報)
 2,2a,2b,2c 通信装置(受信装置)
 21 記憶部(受信側記憶部)
 22 通信部(受信部)
 25 アルゴリズム演算部(受信側演算部)
 2K,2Ka,2Kb,2Kc 検証鍵情報(対応鍵情報)
 4 中央装置(送信装置)
 40 制御部(送信側演算部)
 411 アルゴリズムPプログラム(送信側演算部)
 41 記憶部(送信側記憶部)
 43 通信部(送信部)
 4K 署名鍵情報(所定の鍵情報)
 5 端末装置(受信装置)
 50 制御部(受信側演算部)
 511 アルゴリズムQプログラム(受信側演算部)
 51 記憶部(受信側記憶部)
 53 通信部(受信部) 1 Communication device (transmitting device)
11 Storage unit (transmission side storage unit)
12 Communication unit (transmission unit)
15 Algorithm computation unit (transmission side computation unit)
1K, 1Ka, 1Kb, 1Kc Signature key information (predetermined key information)
2, 2a, 2b, 2c Communication device (receiving device)
21 storage unit (reception side storage unit)
22 Communication unit (receiving unit)
25 Algorithm operation part (reception side operation part)
2K, 2Ka, 2Kb, 2Kc Verification key information (corresponding key information)
4 Central unit (transmitting unit)
40 Control unit (transmission side calculation unit)
411 Algorithm P program (transmission side computing unit)
41 Storage unit (transmission side storage unit)
43 Communication part (transmission part)
4K signature key information (predetermined key information)
5 Terminal device (receiving device)
50 Control unit (receiver side calculation unit)
511 Algorithm Q program (receiver side calculation unit)
51 storage unit (reception side storage unit)
53 Communication unit (receiving unit)

Claims (4)

  1.  送信装置と受信装置との間で情報を送受信する通信システムにおいて、
     前記送信装置は、
     所定の鍵情報を予め記憶している送信側記憶部と、
     任意のデータ及び前記所定の鍵情報を入力として、複数の情報の組を一意に出力する第1アルゴリズムに基づき演算する送信側演算部と、
     前記データ及び前記送信側演算部により出力された前記組に含まれる複数の情報の内の所定の情報を前記受信装置へ送信する送信部と
     を備え、
     前記受信装置は、
     前記所定の鍵情報に一意に対応する対応鍵情報を予め記憶している受信側記憶部と、
     前記送信部により送信された前記データ及び前記所定の情報を受信する受信部と、
     前記受信部により受信したデータ及び所定の情報並びに前記対応鍵情報を入力として、第1アルゴリズムに基づき出力された前記組に含まれる複数の情報の内の他の情報を出力する第2アルゴリズムに基づき演算する受信側演算部と
     を備えることを特徴とする通信システム。     In a communication system that transmits and receives information between a transmission device and a reception device,
    The transmitter is
    A transmission-side storage unit that stores predetermined key information in advance;
    Arbitrary data and the predetermined key information as inputs, a transmission side calculation unit that calculates based on a first algorithm that uniquely outputs a plurality of sets of information;
    A transmission unit that transmits predetermined information of the plurality of pieces of information included in the set output by the data and the transmission side calculation unit to the reception device;
    The receiving device is:
    A receiving-side storage unit that previously stores corresponding key information uniquely corresponding to the predetermined key information;
    A receiver that receives the data and the predetermined information transmitted by the transmitter;
    Based on the second algorithm that outputs the other information of the plurality of pieces of information included in the set output based on the first algorithm, using the data received by the receiving unit, the predetermined information, and the corresponding key information as inputs. A communication system comprising: a receiving-side computing unit that computes.
  2.  前記受信装置を複数含み、
     前記送信装置は、
     複数の受信装置夫々に対応する異なる鍵情報を前記送信側記憶部に記憶しておき、
     複数の受信装置は、前記異なる鍵情報夫々に対応する対応鍵情報を予め前記受信側記憶部に記憶している
     ことを特徴とする請求項1に記載の通信システム。     Including a plurality of the receiving devices;
    The transmitter is
    Store different key information corresponding to each of a plurality of receiving devices in the transmission side storage unit,
    The communication system according to claim 1, wherein the plurality of receiving devices store corresponding key information corresponding to each of the different key information in the receiving-side storage unit in advance.
  3.  前記所定の鍵情報は署名鍵であり、前記対応鍵情報は検証鍵であり、
     第1アルゴリズムは署名及び比較用署名を出力する署名生成アルゴリズムであり、第2アルゴリズムは、前記検証鍵及び前記署名に基づき前記比較用署名を出力する署名検証アルゴリズムであり、
     前記送信部は、前記データ及び署名生成アルゴリズムにより出力される署名を送信するようにしてある
     ことを特徴とする請求項1に記載の通信システム。     The predetermined key information is a signature key, and the corresponding key information is a verification key;
    The first algorithm is a signature generation algorithm that outputs a signature and a comparison signature, and the second algorithm is a signature verification algorithm that outputs the comparison signature based on the verification key and the signature,
    The communication system according to claim 1, wherein the transmission unit transmits the data and a signature output by a signature generation algorithm.
  4.  送信装置と受信装置との間で情報を送受信する通信方法において、
     前記送信装置は、
     所定の鍵情報を予め記憶しておき、
     任意のデータ及び前記所定の鍵情報を入力として、複数の情報の組を一意に出力する第1アルゴリズムに基づき演算し、
     前記データ及び演算により出力された前記組に含まれる複数の情報の内の所定の情報を前記受信装置へ送信し、
     前記受信装置は、
     前記所定の鍵情報に一意に対応する対応鍵情報を予め記憶しておき、
     前記送信部により送信された前記データ及び前記所定の情報を受信し、
     受信された前記データ及び所定の情報、並びに前記対応鍵情報を入力として、前記第1アルゴリズムに基づき出力された前記組に含まれる複数の情報の内の他の情報を出力する第2アルゴリズムに基づき演算する
     ことを特徴とする通信方法。     In a communication method for transmitting and receiving information between a transmission device and a reception device,
    The transmitter is
    Predetermined key information is stored in advance,
    Arbitrary data and the predetermined key information are input, and calculation is performed based on a first algorithm that uniquely outputs a plurality of sets of information,
    Transmitting predetermined information of the plurality of pieces of information included in the set output by the data and calculation to the receiving device;
    The receiving device is:
    Corresponding key information uniquely corresponding to the predetermined key information is stored in advance,
    Receiving the data and the predetermined information transmitted by the transmitter;
    Based on the second algorithm that receives the received data and the predetermined information, and the corresponding key information as input, and outputs other information of the plurality of information included in the set output based on the first algorithm A communication method characterized by computing.
PCT/JP2016/080681 2015-10-28 2016-10-17 Communication system and communication method WO2017073389A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015-212204 2015-10-28
JP2015212204A JP2017085368A (en) 2015-10-28 2015-10-28 Communication system and communication method

Publications (1)

Publication Number Publication Date
WO2017073389A1 true WO2017073389A1 (en) 2017-05-04

Family

ID=58630101

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/080681 WO2017073389A1 (en) 2015-10-28 2016-10-17 Communication system and communication method

Country Status (2)

Country Link
JP (1) JP2017085368A (en)
WO (1) WO2017073389A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114697124A (en) * 2017-11-28 2022-07-01 维萨国际服务协会 System and method for protecting against relay attacks

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005502217A (en) * 2000-12-15 2005-01-20 オラクル・インターナショナル・コーポレイション Method and apparatus for delegating a digital signature to a signature server
JP2014225746A (en) * 2013-05-15 2014-12-04 トヨタ自動車株式会社 Electronic signature verification method and electronic signature verification system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8918648B2 (en) * 2010-02-25 2014-12-23 Certicom Corp. Digital signature and key agreement schemes

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005502217A (en) * 2000-12-15 2005-01-20 オラクル・インターナショナル・コーポレイション Method and apparatus for delegating a digital signature to a signature server
JP2014225746A (en) * 2013-05-15 2014-12-04 トヨタ自動車株式会社 Electronic signature verification method and electronic signature verification system

Also Published As

Publication number Publication date
JP2017085368A (en) 2017-05-18

Similar Documents

Publication Publication Date Title
CN109347835B (en) Information transmission method, client, server, and computer-readable storage medium
US10554636B2 (en) Lightweight encrypted communication protocol
US20230106151A1 (en) Multi-party threshold authenticated encryption
US20230142978A1 (en) Lightweight authentication protocol using device tokens
US10708072B2 (en) Mutual authentication of confidential communication
CN108886468B (en) System and method for distributing identity-based key material and certificates
CN109600350B (en) System and method for secure communication between controllers in a vehicle network
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
CN105577384B (en) Method for protecting a network
US10938555B2 (en) Method and assembly for establishing a secure communication between a first network device (initiator) and a second network device (responder)
WO2017167771A1 (en) Handshake protocols for identity-based key material and certificates
CN110198295A (en) Safety certifying method and device and storage medium
US20130046984A1 (en) Establishing a Secured Communication Session
CN104378374A (en) SSL-based method and system for establishing communication
CN109309566B (en) Authentication method, device, system, equipment and storage medium
JP6758476B2 (en) Systems and methods to obtain common session keys between devices
CN113098681B (en) Port order enhanced and updatable blinded key management method in cloud storage
CN108075896B (en) System and method for building self-authentication messages using identity-based cryptography
WO2017073389A1 (en) Communication system and communication method
KR20080005344A (en) System for authenticating user's terminal based on authentication server
CN112822015B (en) Information transmission method and related device
JP6067474B2 (en) Electronic signature verification method and electronic signature verification system
CN117375840A (en) Short authentication data realization method, system, electronic equipment and program product
CN116032479A (en) Data transmission method, device and storage medium
KR20200072721A (en) Security apparatus for data communication between body area network node and electronic control unit of smart vehicle

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16859619

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16859619

Country of ref document: EP

Kind code of ref document: A1