JP2001111540A - Cipher communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To shorten interrupt time of communication for key distribution by reducing memory quantity of terminals in a group cipher communication system. SOLUTION: In this cipher communication system consisting of a base station and plural (n) terminals, the base station generates and holds n pieces of mutually different cryptographic keys. A message is broadcasted by multiplexing and enciphering it through combination of the ciphering keys. The terminals hold (n-1) pieces of cryptographic keys, except for one cryptographic key which is different from each terminal among the n pieces of the cryptographic keys. Enciphered information is decoded by combination of keys held by the present terminal.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cryptographic communication system, and more particularly, to a cryptographic communication system for performing cryptographic communication between a plurality of terminals capable of simultaneously reporting from a base station.

[0002]

2. Description of the Related Art In a cryptographic communication system composed of a plurality of terminals capable of simultaneously broadcasting from a base station, when performing group cryptographic communication between specific terminals, only the terminals constituting the group are transmitted to the group. It is necessary to secretly deliver the encryption key in advance. In a conventional encryption communication system, a group encryption key is distributed using an individual encryption key. Alternatively, a method of storing a group key in a terminal from the beginning was adopted. Hereinafter, a conventional group key distribution method will be described.

The system shown in FIGS. 2 and 3 is a first example of a conventional system in which a group is formed by arbitrary plural terminals and closed encrypted communication is performed within the group. Here, the total number of terminals is 6, and the number of groups is 2. However, both the number of terminals and the number of groups can be expanded to arbitrary numbers.

First, as shown in FIG. 2, each terminal T _i (i
= 1 to 6) have individual encryption keys. For example, the terminal T ₁ has an individual encryption key K ₁ , the terminal T ₂ has an individual encryption key K ₂ ,..., The terminal T ₆ has an individual encryption key K ₆ , and so on. The base station B has individual encryption keys K ₁ , K ₂ , K ₃ ,..., K ₆ of all terminals. Here, the terminals T ₁ , T ₂ , T _{3 form a} group G ₁ and the terminals T ₄ ,
When T ₅ and T ₆ constitute the group G ₂ and perform closed secret communication within each group, the terminals T ₁ , T ₂ and T ₃ share the group encryption key K _G1 and the terminals T ₄ and T ₅ , T ₆ may share the group encryption key K _G2 .

A method for sharing a group encryption key is as follows. The cipher text obtained by encrypting the message M with the key K is K
(M). The base station B uses the group encryption key K
Generate _G1, K _G2, K ₄ and K ₁ (K _G1) to the terminal T _1, the K ₂ (K _G1) to the terminal T _2, the terminal T ₃ K ₃ and (K _G1), to the terminal T ₄ (K
The _G2), a K ₅ (K _G2) to the terminal T _5, and transmits to the terminal T ₆ K ₆ a (K _G2). Each terminal has its own individual encryption key K _i (i = 1 to 1).
By decrypting the group encryption key sent in 6), it is possible to have the group encryption key of the group to which the terminal belongs. A terminal outside the group or a third party intercepting the terminal cannot have the group encryption key.

FIG. 3 shows a state where each terminal shares a group encryption key by the above procedure. Here, the procedure for performing closed secret communication within the group is as follows. Each terminal or base station encrypts the transmission message with the group encryption key _KG1 or _KG2 of the destination group and transmits the message. When the transmission message m, K _G1 for group G ₁ (m) is, send K _G2 a (m) is for the group 2, the terminal receiving these messages, the group encryption key K _G1 or by decoding using K _G2, it is possible secret communication closed within the group.

[0007] As a second example of a conventional system in which a group is formed by arbitrary plural terminals and closed encrypted communication is performed within the group, the following method is also available. This is a method in which keys corresponding to all groups that can be configured in the terminal are written in advance. For example, when the number of target terminals is six, one corresponds to six, two corresponds to 15, three corresponds to twenty, four corresponds to 15, and five corresponds to six terminals corresponding to the number of terminals constituting the group. As a rule, there are sixty-one group configurations, one for six devices. Therefore, this method is to write 63 keys in the terminal in advance. In this method, even if a member of a group is added or deleted, delivery of a new group key is not required, so that communication interruption time is almost eliminated.

[0008]

However, in the first example of the related art, it is possible to perform closed confidential communication within a group. However, before transmitting a message, all terminals belonging to the group are required to have a group key. Is shared, so that when the number of terminals belonging to the group is large, it takes a long time to distribute the group key. In particular, when the addition or deletion of a constituent terminal frequently occurs after a group is formed, a new group key must be delivered to all terminals forming the group each time a terminal is added or deleted.

For example, when the number of terminals constituting a group is 1,000 and one terminal is added to the group, a new group key must be sent to 1001 using the individual encryption key of the terminal. However, there is a problem that the secret communication within the group cannot be performed until the group key distribution of the group is completed. For example, if the transmission speed between the base station and the terminal is 8 kbit / sec and the key length is 64
In the case of bits, the time required for new group key distribution is 100
One unit × 64 bits / 8 kbit / sec / 8 seconds. In other words, the communication is interrupted for about 8 seconds, so that if the number of terminals constituting the group increases, the interruption time further increases. As described above, the method in which one individual encryption key is written in the terminal in advance cannot cope with the case where the group configuration changes and the terminal is added or deleted.

In the second conventional example, if the total number of terminals is n, the number of keys to be pre-written in the terminal is (2 ⁿ -1). In this case, there is a problem that the required memory amount of the terminal becomes unrealistic.

SUMMARY OF THE INVENTION It is an object of the present invention to solve the above-mentioned problems and to provide a group cryptographic communication system which has almost no communication interruption time while suppressing the required memory amount of the terminal to a practical size.

[0012]

In order to solve the above-mentioned problems, the present invention comprises a base station and n (n is an integer of 2 or more) terminals capable of simultaneously broadcasting from the base station. In the cryptographic communication system, the base station includes a unit that generates n different encryption keys, a unit that holds the n encryption keys, and (n
-1) means for multiplexing a message with an arbitrary combination of not more than one encryption key to perform simultaneous notification, and wherein the terminal has one encryption key different from each of the n encryption keys. Multiplexing with an arbitrary combination of means for holding (n-1) encryption keys excluding the above, and (n-1) or less keys which the own terminal holds encrypted information broadcast from the base station. And a decoding means.

With this configuration, the encrypted message can be decrypted only by the terminals belonging to a specific group, the memory capacity of the terminals can be reduced, and the communication interruption time due to the distribution of the group key can be shortened.

[0014]

BEST MODE FOR CARRYING OUT THE INVENTION
A base station and n units capable of simultaneously broadcasting from the base station (n is 2
In the cryptographic communication system including the terminals of the above (integer), the base station generates means for generating n different encryption keys, means for holding the n keys, and (n
-1) means for multiplexing a message with an arbitrary combination of not more than one encryption key to perform simultaneous notification, wherein the terminals are different from each other among the n encryption keys.
Means for holding (n-1) encryption keys excluding one encryption key, and (n-1) or less keys for holding encrypted information broadcasted from the base station by its own terminal And a means for multiplex decoding in any combination of the above, and has an effect of encrypting a message so that it can be decrypted only by an arbitrary selected terminal group.

FIG. 1 shows an embodiment of the present invention.
This will be described in detail with reference to FIG.

(Embodiment) In an embodiment of the present invention, a base station multiplexes a message with a combination of encryption keys and transmits the multiplexed message, and each terminal transmits encryption information to its own encryption key. Is a cryptographic communication system that decrypts with a combination of.

FIG. 1 is a configuration diagram of a cryptographic communication system according to an embodiment of the present invention. In FIG. 1, base station B
Is a wireless base station capable of broadcasting to terminals.
The base station storage device 1-1 is a storage device that stores an individual encryption key of a terminal. Terminal T ₁ through T ₆ is a mobile radio terminal. The terminal storage devices 2-1 to 2-6 are storage devices for storing encryption keys. Group 1 (3-1) includes terminals 1, 2, 3
It is a group composed of Group 2 (3-2) is a group composed of terminals 4, 5, and 6. There are a total of six terminals, each of which is T ₁ , T ₂ , T ₃ ,..., T ₆ . The terminals T ₁ , T ₂ and T ₃ constitute a group G ₁ , and the terminals T ₄ , T ₅ and T ₆ constitute a group G ₂ .

The operation of the cryptographic communication system configured as described above according to the embodiment of the present invention will be described. The encryption key K _A as a whole _{system, K B, K C, K} D, K E, there are six K _F, but five of six is written to each terminal in advance, the write pattern Different for all terminals.

Specific writing patterns are as follows.
You. Key K_A~ K_FCorresponds to the complement of each terminal. Toes
, T₁The complement of T₁’, T₁’= {T_Two, T_Three, T_Four, T_Five, T₆} And K_AIs T₁’5 terminals
You. Similarly, T_TwoThe complement of T_Two’, T_Two’= {T₁, T_Three, T_Four, T_Five, T₆} And K_BIs T_Two’. Hereinafter, K_CIs
T_Three’, K_DIs T_Four’, K _EIs T_Five’, K_FIs T₆’
Has been written. As a result, the terminal T₁Has a key K_B~ K_Fof
Five encryption keys are written. Hereinafter, the terminal 2 has the key K_A,
K_C~ K_F, Terminal 3 has a key K_A, K_B, K_D~ K_FTo the terminal 4
Is the key K_A~ K_C, K_E, K_F, Terminal 5 has a key K_A~ K_D,
K_FThe terminal 6 has a key K_B~ K_FHas been written. Figure 1
In each terminal T₁~ T₆Is a total of 5
The key is written, but the key
The turns are all different.

Next, the encrypted message for group 1
The method of sending is described. In the following, K (m)
Suppose that the message m is encrypted with the encryption key K. Guru
Group 1 is terminal T₁, T_Two, T_ThreeSince it is composed of
The desired encrypted message belongs to Group 1.
T₁, T_Two, T_ThreeIs a decodable message. This
Here, T belonging to group 1₁, T_Two, T_ThreeIs decryptable
A message is a T that belongs to the complement of group 1_Four,
T_Five, T₆Is an undecodable message. Where the end
End T_FourThe key that cannot be decrypted is the key K_DEncrypted with
Message. This is the key K for the entire system._A
~ K_FTerminal T in_FourKey not written only in K_DIs
Because. Similarly, terminal T_FiveOnly those that cannot be decrypted
The message is key K _EMessage encrypted with
End T₆The key that cannot be decrypted is the key K_FEncrypted with
Message.

Therefore, the message m is assigned to the key K_FWith encryption
And then it is keyed_EAnd encrypt it with the key K_Dso
The encrypted message is sent to the terminal T_Four, T_Five, T₆Any of
Even the terminal cannot decode, in other words, the terminal T₁,
T_Two, T_ThreeCan be decoded. That is, K_D(K
_E(K_F(m))) is an encrypted message to group 1.
Key K_A~ K_FThe base station with
If you want to send a page, _D(K_E(K_F(m)))
Broadcast. Terminal that received the message
T₁, T_Two, T_ThreeIs the key K_D, K_E, K_FCan be decrypted using
I just need.

[0022] Similarly, the decoding possible messages only in Group 2 is _{K C (K B (K A} (m))). When the base station wants to send a message to the group 2, K _C (K _B (K
_A (m))) may be created and broadcast. The terminals T ₄ , T ₅ , and T ₆ that have received the message may perform decryption using the keys K _A , K _B , and K _C.

As described above, by using the key writing pattern in the present embodiment, it is possible to perform closed secret communication within the group 1 or the group 2 without using the group encryption key.

In the above description, the example of the six terminals shown in FIG. 1 has been described, but this can be generalized. The method is described below.

The terminals of the entire system are represented by T ₁ , T ₂ , T ₃ ,.
·, And T _n. The key K ₁ ′ is written in T ₁ ′ = {T ₂ , T ₃ ,..., T _n }. The key K ₂ ′ is written in T ₂ ′ = {T ₁ , T ₃ , T ₄ ,..., T _n }. ... key K _n 'the _{T n' = {T 2,} T 3, ···, T n-1} Prefer written to.

That is, each terminal has (n-1) keys written therein. Next destination group G to send the message to
_{Assume that} the constituent terminals of _s are T _s1 , T _s2 ,..., T _sn . And complement G _s of G _s', ie _{T 1, T 2, T 3} , ···,
T _n from _{T s1, T s2, ···,} T sn remaining except for T _z1, T _z2, ···, and T _zn.

[0027] _{T z1 ', T z2',} ···, ' each of the key that has been written in the _{K z1' T zn, K z2} ', ···, K zn'
Then, a message that can be decoded only by G _s and cannot be decoded by other than G _s is represented by K _zn ′ (K _zn−1 ′ (·· (K _z2 ′ (K _z1 ′ (m))) ·
If the base station performs such encryption and broadcasts, it can be decrypted only by the terminal corresponding to the destination, so that closed secret communication within the group can be performed. If there are added or removed to the configuration terminal of the destination group, that is, even if one after another change the contents of G _s, since there is no need to deliver the key to each terminal, the communication interruption time little is conventionally of the This is the same as Example 2.

On the other hand, assuming that the number of terminals in the entire system is n, the number of keys pre-written in the terminals is (n-1)
Individual. For example, in the case of n = 1000 and a key length of 64 bits, the amount of memory required for the terminal is 999 × 64 bits 、 64 kbit, which is within a range that can be sufficiently realized even if an IC card is assumed.

As described above, in the embodiment of the present invention,
The cryptographic communication system is configured so that the message is multiplexed and encrypted at the base station using a combination of encryption keys and transmitted, and the encrypted information is decrypted at each terminal using the combination of encryption keys. Therefore, a small key memory and a short key delivery time are used. Thus, group encrypted communication can be performed.

[0030]

As is apparent from the above description, according to the present invention, a cryptographic communication system comprising a base station and n terminals (n is an integer of 2 or more) capable of simultaneously broadcasting from the base station is provided. The base station multiplexes the message with an arbitrary combination of means for generating n different encryption keys, means for holding the n encryption keys, and (n-1) or less encryption keys. A terminal for holding (n-1) encryption keys excluding one encryption key different from each other among the n encryption keys, and a base station. Own terminal holds the encrypted information broadcast from
-1) Since it is configured to have a means for multiplex decoding with any combination of keys not more than the number of keys, it is possible to perform closed secret communication within any group without distributing the group encryption key. Is obtained.

Further, since the required memory amount of the terminal can be in proportion to the number of terminals of the entire system, it can be kept within a feasible range, and even if members forming a group are added or deleted. Since there is no need to redistribute the group key, there is an effect that there is almost no communication interruption time.

In addition, since the ciphertext is created by repeating encryption using a common key, the required processing capacity can be kept within a feasible range.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a cryptographic communication system according to an embodiment of the present invention;

FIG. 2 is a diagram showing a pre-key writing pattern in a conventional cryptographic communication system;

FIG. 3 is a diagram showing a pattern after group key distribution in a conventional cryptographic communication system.

[Explanation of symbols]

1-1 Base station storage device 2-1 to 2-6 Terminal storage device 3-1 Group 1 3-2 Group 2 B Base station T _{1 to} T ₆ Terminal K _{1 to} K ₆ Individual encryption key K _{A to} K _F Individual encryption key _KG1 , _KG2 group key

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5J104 AA01 AA16 BA03 EA01 MA06 NA02 NA35 PA02 5K067 AA15 BB04 CC14 EE22 HH36 KK15

Claims (1)

[Claims] 1. In a cryptographic communication system comprising a base station and n (n is an integer of 2 or more) terminals capable of simultaneously broadcasting from the base station, the base station comprises n different ciphers. Means for generating a key, means for holding the n number of encryption keys, and means for multiplexing and encrypting a message with an arbitrary combination of (n-1) or less encryption keys and performing a broadcast notification. The terminal holds (n-1) encryption keys excluding one different encryption key for each terminal among the n encryption keys, and an encryption broadcasted from the base station. Means for multiplexly decrypting the obtained information with an arbitrary combination of (n-1) or less keys held by the terminal.