JP2003163658A - Key delivering and authenticating method for multiaddress cipher communication - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce a processing sequence and a circuit part required for setting a secret key for multiaddress communication. <P>SOLUTION: While a host and a receiver communicate with each other by using personal secret keys, a multiaddress secret key is delivered from the host and it is authenticated between the receiver. The host generates the multiaddress secret key, calculates encoding data by using the personal secret key, and thereafter encodes the multiaddress secret key by using the encoding data and delivers it to the receiver. The receiver calculates the encoding data by using the personal secret key, and thereafter decodes an encoded multiaddress secret key received from the host. Thereafter, based on right/wrong judgment by the receiver, it is judged whether both of the host device and the receiver can receive the keys normally, thereby authentication processing to the secret key for multiaddress communication is carried out. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a key distribution / authentication method for broadcast cryptographic communication, and more particularly to a method for distributing a secret key for broadcast cryptographic communication and authenticating the secret key.

[0002]

2. Description of the Related Art Conventional encrypted communication, in particular, a system having a large number of unspecified receiver terminals (hereinafter, simply called receivers) is used for communicating secret data.

Generally, when a host device (hereinafter, simply referred to as a host) and a receiver are connected in a one-to-one wired manner,
Encryption is not important, but in the case where a large number of recipients are present in a recent network, or the presence of an eavesdropper becomes a problem in wireless communication and the like, data encryption is required.

This encryption system includes a conventional encryption method and a public key encryption method, and the latter is widely used because it is not necessary to secretly deliver the key. However, the public key cryptosystem requires high technology and the processing speed is low when handling a large amount of data, so that the conventional cryptosystem is often used.

Furthermore, when communicating with one host and a plurality of receivers, it may be convenient to use a broadcast communication in which the host simultaneously sends the same data to all the units. From the state where the host and the individual recipients perform encrypted communication using different individual communication private keys (Ka),
In order to carry out the broadcast encrypted communication, it is necessary to deliver a separate broadcast communication private key (Ka) to each recipient.

The conventional processing flow and the configurations of the host and the receiver used in the flow will be described with reference to FIGS. 6 to 8 below.

FIG. 6 is a processing flow chart for explaining such a conventional example. As shown in FIG. 6, the conventional processing flow includes a private key protection and cancellation processing step and a private key authentication processing step. When a connection between a host and a recipient is established, After the private key protection / release processing step, the private key authentication processing step is performed. Here, a flow is shown in which the host delivers the private key Kb for broadcast communication to one recipient. When there are a plurality of recipients, the following processing is sequentially repeated. That is, the processing is repeated for the number of recipients.

First, the host starts processing (start)
Then, a secret key Kb for broadcast communication is generated (state S2
0), and then a random number for delivering the secret key Kb is generated (state S21). Next, the host calculates the protection data using the random number generated in the state S21 and the private key Ka for individual communication (state S23), and then protects the private key Kb (state S24). The protection process of the secret key Kb is performed by the exclusive OR (XOR) process of the protection data and the secret key Kb. Next, when the private key protection process on the host side is completed, the process proceeds to the private key authentication process, and a random number for authentication is generated (state S12). Then, the authentication result R is calculated (state S14), and the result is compared with the authentication result R'from the receiver, which will be described later, to determine whether or not the reception is normal (state S17). If the authentication result in this state S17 is correct, the process is terminated (stop), but if not, the process is re-executed from the beginning.

On the other hand, the receiver starts processing (start)
Then, after receiving a random number from the host (state S22), the protection data is calculated from the received random number and the private key Ka for individual communication (state S26). Further, the recipient receives the reception key Kb protected by the host after a predetermined time.
Is received (state S25), the protection of the received secret key Kb is released using the protection data calculated in state S26 (state S27). This state S27
Thus, the receiver side obtains the private key Kb for broadcast communication. Next, when the private key protection / cancellation step on the receiver side is completed, the authentication process is started. Also at this time, the receiver receives the random number from the host (state S13) and calculates the authentication result R'by the same processing as the state S14 on the host side (state S15). When the calculation of the authentication result R'is performed, the authentication result R'is transmitted to the host (state S16), and the authentication process on the receiver side is completed (sto).
p)

The above processing operation will be described more specifically.
First, upon delivery of the secret key Kb for broadcast communication, the host starts operation from start and performs the processing on the left side of FIG. 6, and the receiver starts from start and performs the processing on the right side of FIG. The host generates a secret key Kb for broadcast communication and generates a random number, and first transmits only the random number to the receiver (state S22). The host and the recipient respectively use random numbers to calculate the protection data from the private key Ka for individual communication (states S23 and S26). Host is in state S
Using the protection data calculated in step 23, the broadcast communication secret key Kb is protected and then transmitted to the recipient (state S2).
5). On the other hand, the receiver obtains the broadcast communication secret key Kb by using the protection data calculated in the state S26 to cancel the protection of the protected broadcast communication secret key Kb by the host.

Next, in the method of authenticating the private key for broadcast communication, the host generates a new random number and sends it to the receiver.
Based on the protected secret key Kb sent and received with this random number,
The host and the recipient respectively calculate the authentication result (states S14, S15). At this time, the receiver sends the authentication calculation result R ′ to the host (state S16).
The host compares the authentication result R calculated by itself with the authentication result R ′ from the receiver, so that the secret key K on the receiver side.
It can be determined whether b has been successfully received.

Through the above processing, the secret key K for one recipient
When the delivery of b is completed, the host repeats the above-mentioned processing in sequence for the number of recipients, and completes the private key protection / cancellation processing and the authentication processing upon connection.

FIG. 7 is a block diagram of the host side device in FIG. As shown in FIG. 7, the conventional host-side device has a data register 63 for storing transmission data other than a random number and a secret key for a receiver, and a secret key for generating a secret key Kb for broadcast communication. A generator 64 and a random number generator 65 for generating a random number used for data transmission and authentication are provided. Here, the transmission data of the data register 63 collectively represents the transmission data other than the secret key Kb and the random number. These data, secret key, or random number are temporarily stored in the transmission register 67 via a selector 67 that is switched by a control signal or software.

On the other hand, the broadcast communication secret key Kb output from the secret key generation device 64 is held in the broadcast communication secret key holding register 69, and is also used for communicating with the host device and an individual receiving terminal. The communication private key Ka is held in advance in the individual communication private key holding register 70. These secret keys Ka and Kb are input to the cryptographic data calculation device 72 via the selector 71 which is controlled in the same manner as the selector 67 by broadcast communication or individual communication. The encryption data calculation device 72 creates encryption data by using the random number output from the random number generation device 65, and outputs it to the encryption device 75. The encryption device 75 uses the encryption data created by the encryption data calculation device 72 to combine the transmission data held in the transmission data register 66 to create encrypted data for transmission. .

Furthermore, the private key holding register for individual communication 7
The private key Ka for individual communication stored in 0, together with the random number output from the random number generator 65, is included in the protection authentication unit 8
1 is supplied to the protection data calculation device 73 for forming 1, and the protection data 74 is created there. Then, the protection device 75 receives the protection data 74 and the transmission register 66.
The protection data 78 is generated by combining the transmission data output from the
Is output. Further, the transmission data output from the transmission register 66 is supplied to the authentication device 77 together with the random number from the random number generation device 65, and the output of the authentication device 77 is used to calculate the authentication result.

The encrypted data encrypted by the encryption device 75 and the protected data 78 created by the protection device 76 are selected by the selector 79 and transmitted as transmission data to the receiving terminal. At this time, the transmission data held in the transmission data register 66 is determined by the correctness determination device 68 formed by a normal CRC mechanism (cyclic redundancy check) or the like, and when it is determined to be correct, the selector 79 is used.
The transmission data 80 selected by is output as it is,
On the contrary, when it is determined that the transmission data is incorrect, the transmission data 80
Output is stopped.

As described above, in the conventional host, the protection authentication unit 81 including the protection data calculation device 73, the protection device 76, the authentication device 77, etc. is provided, and the transmission data 80 is transmitted to the receiver. .

FIG. 8 is a block diagram of the receiver side device in FIG. As shown in FIG. 8, the conventional recipient configuration is
In order to decode the received data 82 from the host, the decoding device 83 which performs the exclusive OR (XOR) processing of the decoding data and the received data 82, which will be described later, and the received data for temporarily storing this decoded reception data A register 84, a correctness determination device 85 that determines whether the received data decrypted by a CRC mechanism or the like is correct, a protection authentication unit 94, and a broadcast communication secret key Kb whose protection has been released by the protection authentication unit 94. The broadcast communication secret key Kb register 86, the individual communication secret key Ka register 87 for storing the individual communication secret key Ka, the selector 88, and the decryption data calculation device 89 are provided. This protection authentication unit 94
Is a protection data calculation device 90 that calculates protection data using the random number from the reception data register 84 and the private key Ka from the individual communication private key Ka register 87;
The received data 82 is released based on the protection data, and the authentication operation is performed using the protection release device 91 that extracts the broadcast secret key (Kb) 92 therein and the extracted secret key (Kb) 92. The authentication device 93 and the like are configured. Further, the authentication device 93 calculates the authentication result according to the authentication data calculation method, and the selector 88 selects an appropriate key Kb or Kb according to the broadcast communication or the individual communication and is controlled by the upper software. .

As described above, the conventional receiver creates the decryption data and the protection data by using the secret key and the random number.

That is, when the received data 82 is the broadcast communication secret key Kb, it is input to the protection canceling device 91 instead of the decrypting device 83. Therefore, the protection release device 91
Since the protection is released using the protection data calculated by the protection data calculation device 90, the secret key (K
b) 92 is stored in the private key Kb register 86 for broadcast communication. The secret key (Kb) 92 is also supplied to the authentication device 93, and the authentication result is calculated.

As described above, in the conventional method for protecting / deactivating the private key for broadcast communication and the authentication method, in order to deliver the private key Kb for broadcast communication to one receiver and judge whether it is correct or not,
The host sends three pieces of data and the receiver needs to send one piece of data to the host. Therefore, when the host and the recipient are alternately communicating in time division, the communication is performed four times.

[0022]

In the above-mentioned conventional key distribution / authentication method for broadcast communication, the private key for broadcast communication is distributed through a completely separate communication path. For this reason, in order to deliver and authenticate the private key, it is necessary for each recipient to make a plurality of communications. Furthermore, both the host and the receiver must be equipped with a device dedicated to the delivery and authentication of the private key for broadcast communication.

As a result, the advantages of broadcast communication cannot be fully utilized. That is, since it takes time to set the private key before performing the broadcast communication, there is a possibility that an alternative method such as individual delivery without using the broadcast communication may be used.

In this case, the broadcast communication protocol becomes useless, and when the number of recipients increases, it may cause a large time loss.

The main object of the present invention is to reduce the processing procedure and the circuit unit for setting the private key for broadcast communication by using the existing encrypted communication channel and the right / wrong judgment criterion. Another object of the present invention is to provide a key distribution / authentication method for broadcast communication, which makes it easier to use.

[0026]

According to the key distribution / authentication method for broadcast cryptographic communication of the present invention, a single host device and a plurality of receiver terminals communicate using a private key for individual communication. At this time, in the key distribution / authentication method for broadcast encryption communication, the host device delivers the broadcast communication private key, and the broadcast communication private key is authenticated with the recipient terminal. The device generates a first secret key for broadcast communication
State, a second state in which encryption data is calculated using the individual communication private key, and a third state in which the broadcast communication private key is encrypted using the encryption data. , A fourth state for delivering the encrypted private key for broadcast communication to the recipient terminal, while the recipient terminal uses the private key for individual communication to encrypt data. A fifth state for calculating
And a sixth state for decrypting the encrypted private key for broadcast communication transferred from the host device in the state of, using the encryption data obtained in the fifth state, A configuration for executing an authentication process for the broadcast secret key by determining whether or not both the host device and the receiver terminal have normally received based on the correctness determination of the receiver terminal To be done.

In the authentication processing of the present invention, a seventh state for determining whether the broadcast secret key decrypted on the receiver terminal side is correct or not, and the receiver terminal confirming whether the secret key is correct or not. An eighth state in which the determination result is transferred to the host device as normal reception information, and a ninth state in which it is determined whether or not normal reception is possible based on the correctness determination result obtained in the seventh state are provided. The host device can also be formed to have a tenth state for determining whether or not the normal reception has been performed similarly to the receiver terminal.

The host device according to the present invention is
A random number generator for generating a random number; a broadcast secret key for generating the broadcast secret key; a data register for holding the random number and data other than the broadcast secret key; A transmission data register for selecting a random number, the broadcast secret key, and other data to hold transmission data, a broadcast secret key holding register for holding the broadcast secret key, and the individual An individual communication private key holding register holding a communication private key, and encryption data for selecting either the broadcast communication private key or the individual communication private key to create encryption data by the random number. Whether the output of the transmission data register is encrypted by the output of the calculation device and the encryption data calculation device and the output of the transmission data register are correct It is formed and a right or wrong judgment apparatus for performing a constant.

Further, the receiver terminal according to the present invention is
A decryption device that decrypts the received data based on the decryption data, a receive data register that holds the data decrypted by the decryption device, and a broadcast device that holds the broadcast secret key obtained via the decryption device. A private key holding register for information, a private key holding register for individual communication that holds a private key for individual communication, one of the private key holding register for broadcast and the private key of the private key holding register for individual communication, and And a decoding data calculation device for calculating the decoded data for the decoding device by the output of the reception data register.

Further, according to the key distribution / authentication method for broadcast encryption communication of the present invention, when a single host device and a plurality of receiver terminals are communicating using a private key for individual communication, the host In the key distribution / authentication method for broadcast encryption communication, the broadcast communication secret key is delivered from the device, and the broadcast communication secret key is authenticated with the receiver terminal. A first state for generating a broadcast communication private key, a second state for calculating encryption data using the individual communication private key, and a broadcast communication using the encryption data A third state that encrypts the private key,
And a fourth state for delivering the encrypted private key for broadcast communication to the receiver terminal, while the receiver terminal uses the private key for individual communication to transmit the encrypted data. A fifth state to be calculated, and the encrypted private key for broadcast communication transferred from the host device in the fourth state, using the encryption data obtained in the fifth state. And a sixth state for performing decryption, the encryption / decryption processing step is executed, and in the subsequent authentication processing step, the host device, following the fourth state, generates a random number, a seventh state, An eighth state in which the random number obtained in the seventh state is transferred to the receiver terminal;
Calculating the first authentication result by the encrypted secret key for broadcast communication and the random number obtained in the state
Of the first authentication result and the second authentication result from the receiver terminal are compared to determine whether or not normal reception is performed, while the receiver terminal is An eleventh calculation of the second authentication result on the receiver side by the broadcast communication secret key decrypted in the sixth state and the random number transferred from the host device in the eighth state. State and a twelfth state for transferring the second authentication result obtained in the eleventh state to the host device.

Further, according to the key distribution / authentication method for broadcast encryption communication of the present invention, when a single host device and a plurality of receiver terminals are communicating using a private key for individual communication, the host In the key distribution / authentication method for broadcast encryption communication, the broadcast communication secret key is delivered from the device, and the broadcast communication secret key is authenticated with the receiver terminal. A first state for generating a secret key for broadcast communication, a second state for generating a random number, a third state for transferring the random number generated in the second state to the receiver terminal, A fourth state in which protection data is calculated using the random number generated in the second state and the private key for individual communication, and the private key for broadcast communication is protected using the protection data. Fifth state and protected And a sixth state for transferring the broadcast communication secret key to the receiver terminal, while the receiver terminal calculates protection data using the random number from the host and the individual communication secret key. And a seventh state for releasing the protection of the protected broadcast secret key transferred from the host device by using the protection data obtained in the seventh state. And executing the encryption / decryption processing step, and in the subsequent authentication processing step, the receiving terminal determines whether the unprotected broadcast communication private key is correct.
State, a determination result in the ninth state is transferred to the host as normal reception information, and a determination result in the ninth state is used to determine whether normal reception is possible. 11 states, the host device based on the normal reception information obtained from the receiving terminal in the 10th state and the broadcast secret key protected in the 5th state. And a twelfth state for determining whether or not normal reception is possible.

[0032]

BEST MODE FOR CARRYING OUT THE INVENTION The present invention is a secret key for broadcast cryptographic communication in the state where a single host and a plurality of receivers individually perform conventional cryptographic communication using the private key for individual communication. In the delivery and authentication of, the encrypted communication path and the received data determination mechanism already established between the host and the receiver are used.

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a process flow diagram for explaining a first embodiment of a key distribution and its authentication procedure of the present invention. As shown in FIG. 1, this embodiment includes an encryption / decryption processing step by a host (left side) and a recipient (right side), and an authentication processing step. First, the code
At the decryption processing step, the host starts processing (sta
rt), a secret key Kb for broadcast cryptographic communication is generated (state S1), and encrypted using the secret key Ka for already established individual cryptographic communication (states S2, S).
After 3), the encrypted secret key Kb is transmitted to the receiver (state S4). On the other hand, the receiver calculates the encryption data using the individual encryption private key Ka (state S7),
The secret key Kb transferred from the host in the state S4 is decrypted (state S8).

Then, in the authentication processing step,
Take action from the recipient, not the host. That is, the recipient uses the existing correctness determination mechanism used when forming the communication path of the private encryption private communication,
Whether the reception is correct or not is determined (state S9), and the reception normal reception information is returned to the host (state S5). Then, the host and the receiver judge whether or not the normal reception is possible (states S6 and S10). When the normal reception is possible, the process is completed (stop). On the contrary, when the normal reception is not possible, , Will be re-executed.

Next, the outline processing operation described above will be described more specifically. In FIG. 1, when the host starts processing for delivering the secret key Kb for broadcast communication, the secret key Kb used for broadcast encryption communication is generated in state S1 and then the existing individual encryption code is generated in state S2. The encryption data is calculated using the communication secret key Ka. At this time,
The data used for encryption is calculated using the known random number and the encryption key Ka. Further, when the encryption data is calculated in the state S2, the host uses this encryption data to encrypt the broadcast encryption secret key Kb in the state S3. Then, in the authentication processing step, the host receives the normal reception information from the receiver in the state S5.
Based on this normal reception information, the host determines in state S6 whether the receiver has normally received. If received normally, the authentication process ends, but if not received, the process from the state S1 is executed again.

On the other hand, the receiver starts processing (start)
Then, in state S7, the encrypted data is calculated using the existing individual encryption communication key Ka. The state S7 for calculating this encrypted data is the same as the above-described state S2 on the host side. Next, in state S8, the receiver decrypts the encrypted broadcast secret key Kb received from the host and completes the encryption / decryption step. Next, in the authentication processing step, the recipient receives the secret key K decrypted in state S8 in state S9.
Whether or not b is correct is determined by using a CRC mechanism or the like. Then, based on the correctness determination in state S9, state S10
At, it is determined whether the reception was normal. Also in this case, as in the case of the host,
Although the authentication processing is ended (stop), when the reception is not normally performed, the processing from the state S7 is executed again.

As described above, when the host completes the delivery of the secret key Kb to one recipient, the same processing is sequentially repeated for a plurality of recipients. That is, the process shown in the flow of FIG. 1 is repeated for the number of recipients.

FIG. 2 is a block diagram of the host side device in FIG. As shown in FIG. 2, the device on the host side includes a data register 16 for storing a broadcast communication secret key and transmission data other than random numbers, and a secret key Kb generation device for generating a broadcast encryption communication secret key Kb. 17, a random number generator 18 for generating a random number, and a selector 22 for selecting the data to be transmitted from the normal data from the data register 16, the secret key Kb, and the random number. The selector 22 is controlled by higher-level software that assembles a packet format defined in the communication protocol. The host also has a transmission data register 23 for temporarily storing the transmission data selected by the selector 22, and a secret key K.
Broadcast communication secret key Kb holding register 24 that holds the broadcast communication secret key Kb transferred from the b generator 17
And a private key Ka holding register 25 for individual communication that holds the private key Kb for individual communication. The transmission data register 23 can be omitted. further,
The host is provided with a selector 26 for selecting an appropriate key Kb or Ka depending on whether it is a broadcast communication or an individual communication, and is controlled by the host software.

Further, the host uses the encryption data calculator 28 for calculating the encryption data by the selected secret key and the random number from the random number generator 18, and the encryption data 29 inside. The encryption device 31 for executing the encryption of the transmission data 30 and the CRC for the transmission data 30.
A correctness determination device 32 that outputs correctness determination data after calculating the correctness determination data using a mechanism or the like.

Next, the actual data flow will be described. First, when the secret key Kb generator 17 generates the secret key Kb for broadcast communication, the host is set by the host software to select the data 20 of the secret key Kb by the selector 22. The secret key Kb data is temporarily stored in the transmission data register 23. On the other hand, selector 2
6 selects the individual communication secret key (Ka) 25 as a key for encryption by the same higher-level software. The selected key data 27 is input to the encryption data calculation device 28 together with the random number 21 generated by the random number generation device 18. The calculated encryption data 29 is subjected to exclusive OR (XOR) processing with the output 30 of the transmission data register 23 in the encryption device 31, and the transmission data 3
It becomes 3. Further, the output 30 of the register for transmission data
Is also input to the existing correctness determination device 32 to calculate correctness determination data. This correctness determination data is added to the above-mentioned transmission data and output outside the host, that is, to the receiver.

FIG. 3 is a block diagram of the receiver side device in FIG. As shown in FIG. 3, the receiver side device includes a decoding device 35 for decoding the reception data 34 from the host using the decoding data 41, and a reception data register for temporarily storing the decoded reception data 42. 43, a correctness determination device 45 for inputting the decrypted received data 42 and making a correctness determination by using a general CRC mechanism, and a broadcast communication secret key register 36 for storing a broadcast communication secret key Kb. , An individual communication private key register 37 for storing the individual communication private key Ka, and a selector controlled by higher-level software to select an appropriate key Kb or Ka depending on whether the communication is broadcast or individual. And 38. Each of the registers 35, 36 and 37 can be realized by an ordinary shift register or other memory means.

Next, the actual data flow will be described. First, the receiver inputs the received data 34 into the decoding device 35, and the decoding data 41 used for decoding at this time is calculated by the decoding data calculation device 40. Further, as the private key 39 input to the decryption data calculation device 40, the private key Ka for individual communication is selected by the selector 38 by the upper software.

Next, the data 42 decrypted by the decryption device 35 is temporarily stored in the received data register 43 except for the secret key Kb, and in the case of the broadcast secret key Kb, the broadcast secret. It is stored in the key register 36. The decoded data 42 is also supplied to the existing correctness determination device 45, and a correctness determination mechanism such as a CRC mechanism determines whether or not the reception is normally performed.

As described above, according to this embodiment,
There are the following merits. That is, in the conventional process, as described above, the private key Kb is delivered to one receiver, and in order to judge the correctness, the host sends three data and the receiver sends one data to the host. When the data is being transmitted and the host and the receiver are alternately communicating in a time division manner, the communication is performed four times. On the other hand,
When the processing flow shown in is used, the host sends one piece of data to the recipient, and the recipient returns one piece of data to the host, thereby delivering the private key Kb for broadcast communication and determining whether it is correct or not (authentication). Can be terminated. That is, 2
Only need to communicate once.

In short, according to the present embodiment, the time required for delivering the secret key Kb to one receiver and determining the correctness can be reduced to 4 communications (conventional) -2 communications (present invention) = 2 communications. . This means that if the number of recipients is N, then 2 communications x
The time of N can be reduced.

Further, by using the configuration of the host shown in FIG. 2, the existing encryption / decryption device and correctness determination device can be used to deliver the secret key Kb for broadcast encryption communication. Therefore, regarding the configuration of the host, the configuration of the protection authentication unit 81 in FIG. 7 can be omitted.
This means that at least the number of registers for the number of bits of the private key Ka for individual communication and the number of registers for the number of random number bits can be reduced.

For example, if the length of a general secret key is 64 bits and the length of a random number is 128 bits, then 6
4 + 128 = 192 bits of registers can be reduced.

Further, by using the configuration of the receiver shown in FIG. 3, the configuration of the protection authentication unit 94 in FIG. 8 can be omitted. This can realize at least a reduction in the number of registers corresponding to the number of bits of the private key Ka for individual communication and a reduction in the number of registers corresponding to the number of random number bits.

Similar to the above-mentioned host, in the configuration of the receiver as well, when the length of the general secret key is 64 bits and the length of the random number is 128 bits, 64 + 128 = 19.
The number of registers for 2 bits can be reduced.

In the present embodiment based on FIGS. 1 to 3 described above, with regard to delivery of the common key for broadcast communication and determination of correctness,
Although it has been described that the existing processing system and configuration are used, the present invention can be applied only to delivery if the correctness determination system and configuration cannot be changed for some reason.

FIG. 4 is a processing flow chart for explaining the second embodiment of the key distribution and the authentication procedure thereof according to the present invention. As shown in FIG. 4, this embodiment is similar to the states S1 to S4 and S7, S8 in FIG. 1 described above regarding the encryption / decryption processing, and the authentication processing is
The state S12 to S17 of the conventional example shown in FIG. 6 are used. Therefore, regarding the configuration, when the host transmits the private key Kb data for broadcast communication of FIG. 2, not only the signal 30 as the register output but also the encryption device 31 of FIG. Input into the device equivalent to and calculate the value for authentication. On the other hand, the receiver decrypts the received data 34 of FIG. 3 by the decryption device 35 and then inputs the value for authentication into the device similar to the authentication device 93 in FIG. 8 instead of the existing correctness determination device 45. calculate. Below, the process is executed according to the flow shown in FIG.

In summary, this embodiment is a combination of the encryption / composite step of FIG. 1 and the conventional authentication step of FIG. As a result, compared with the above-mentioned conventional example, the time is reduced. That is, the host transmits twice and the receiver transmits once. In other words, communication is required 3 times in total, 4 communication (conventional) -3 communication (invention)
= 1 No more communication reduction. However, in terms of components, since the existing device is used, a reduction substantially equivalent to that of the first embodiment can be achieved.

In the second embodiment described above, the present invention is applied only to delivery. However, if the delivery system and configuration cannot be changed for some reason, the present invention can be applied only to correctness determination.

FIG. 5 is a processing flow chart for explaining the third embodiment of the key distribution and the authentication procedure of the present invention. As shown in FIG. 5, in the present embodiment, delivery (encryption /
Uses the conventional method for decryption processing) to determine correctness (authentication processing)
This is a case where the present invention is applied only to. Explaining the changes in the configuration, when the host transmits the secret key Kb in FIG. 7, the host does not input the data to be transmitted to the authentication device 77, but inputs it to the existing correctness determination device 68. in this case,
The correctness determination data may be added to the protected data 78 protected by the protection device 76 of FIG. 7 and transmitted.

That is, the receiver inputs the output 92 of the protection canceling device 91 shown in FIG. 8 to the correctness determination device 85 shown in FIG. Below is FIG.
The process is executed according to the flow shown in.

In short, this embodiment is a combination of the private key protection / cancellation processing step of FIG. 6 and the authentication processing step of FIG. As a result, the number of constituent elements is reduced as compared with the above-described conventional example. That is, in addition to the existing encryption / decryption device, a protection device and a protection release device for the secret key Kb are required. However, in terms of time reduction, the host sends twice and the receiver sends one reply. That is, since the communication is performed 3 times in total, reduction of 4 communication (conventional) -3 communication (invention) = 1 communication can be expected.

Although the three embodiments have been described above, other than these, it is also possible to realize them without using the specific device configuration as shown in FIGS. For example, in FIG.
All the processing of (1) may be realized by software. In that case, in terms of shortening the processing time rather than reducing the number of components,
An effect equivalent to that of the first embodiment described above can be expected.

[0058]

As described above, the key distribution / authentication method for broadcast cryptographic communication according to the present invention provides a secret key required for the broadcast cryptographic communication and an already established cryptographic communication channel and By using the correctness determination mechanism, the encryption processing procedure for new setting of the private key for broadcast encrypted communication, the authentication procedure for determining the correctness and the circuit unit can be eliminated, and the broadcast encrypted communication can be used more effectively. There is an effect that it can be made easier.

[Brief description of drawings]

FIG. 1 is a process flow chart for explaining a first embodiment of a key distribution and its authentication procedure of the present invention.

FIG. 2 is a block diagram of a host-side device in FIG.

FIG. 3 is a block diagram of a receiver-side device in FIG.

FIG. 4 is a process flow diagram for explaining a second embodiment of a key distribution and its authentication procedure of the present invention.

FIG. 5 is a processing flow diagram for explaining a third embodiment of the key distribution and the authentication procedure thereof according to the present invention.

FIG. 6 is a process flow diagram for explaining a conventional example.

7 is a block diagram of a host-side device in FIG.

FIG. 8 is a block diagram of a receiver-side device in FIG.

[Explanation of symbols]

16 data section 17 Private key (Kb) generator 18 Random number generator 23 Transmit data register 24 Broadcast Communication Private Key (Kb) Register 25 Private key (Ka) register for individual communication 28 Encryption Data Calculation Device 31 Encryption device 32 Right / False Judging Device 35 Decoding device 36 Broadcast Communication Secret Key (Kb) Register 37 Private Key (Ka) Register for Individual Communication 40 Decoding data calculation device 43 Receive data register 45 Correctness determination device

   ─────────────────────────────────────────────────── ─── Continued front page    F term (reference) 5J104 AA16 BA03 EA04 EA17 EA18                       JA03 NA02 PA07                 5K067 AA34 BB02 BB21 DD17 DD51                       EE12 HH22 HH24 HH36

Claims (6)

[Claims] 1. When a single host device and a plurality of receiver terminals are communicating using a private key for individual communication, the private key for broadcast communication is delivered from the host device, and the private key for broadcast communication is delivered. In a key distribution / authentication method for broadcast encryption communication for authenticating a secret key with the recipient terminal, the host device comprises:
A first state for generating the broadcast secret key;
A second state in which encryption data is calculated using the individual communication private key; a third state in which the broadcast communication private key is encrypted using the encryption data; And a fourth state for delivering the broadcast communication secret key to the receiver terminal, while the receiver terminal calculates encryption data using the individual communication secret key. Decrypt the encrypted private key for broadcast communication transferred from the host device in the 5th state and the 4th state using the encryption data obtained in the 5th state A sixth state, and by judging whether or not both the host device and the receiver terminal have normally received based on the correctness judgment of the receiver terminal, the broadcast secret key Authentication process Key delivery and authentication method for broadcast encryption communication, characterized in that the run. 2. The authentication process includes a seventh state in which a right / wrong judgment is made with respect to the broadcast secret key decrypted at the receiver terminal side, and a right / wrong judgment result from the receiver terminal. The host device includes an eighth state for transferring to the host device as normal reception information, and a ninth state for judging whether or not normal reception has been successful based on the correctness determination result obtained in the seventh state. Also determines whether or not the same normal reception as that of the receiver terminal has been performed.
The key distribution / authentication method for broadcast cryptographic communication according to claim 1, comprising a 0 state. 3. The host device other than a random number generator for generating a random number, a broadcast communication secret key generator for generating the broadcast communication secret key, the random number and the broadcast communication secret key. Data register, a transmission data register for selecting the random number, the broadcast secret key, and other data to hold transmission data, and a broadcast data holding secret key for holding the broadcast data. A private key holding register for broadcast communication, a private key holding register for individual communication holding the private key for individual communication, and either the private key for broadcast communication or the private key for individual communication is selected and encrypted by the random number. By the encryption data calculation device that creates the encryption data and the output of the encryption data calculation device,
The key for broadcast encryption communication according to claim 1, further comprising: an encryption device that encrypts an output of the transmission data register, and a correctness determination device that determines whether the output of the transmission data register is correct. Delivery and authentication method. 4. The receiver terminal is obtained via a decoding device that decodes the received data based on the decoding data, a received data register that holds the data decoded by the decoding device, and the decoding device. A broadcast secret key holding register holding the broadcast secret key, an individual communication secret key holding register holding an individual communication secret key, the broadcast secret key holding register and the individual communication The key for broadcast encryption communication according to claim 1, further comprising one of the secret keys of the secret key holding register and a decryption data calculation device for calculating the decrypted data for the decryption device by the output of the reception data register. Delivery and authentication method. 5. When a single host device and a plurality of receiver terminals are communicating using a private key for individual communication, the private key for broadcast communication is delivered from the host device and used for the broadcast communication. In a key distribution / authentication method for broadcast encryption communication for authenticating a secret key with the recipient terminal, the host device comprises:
A first state for generating the broadcast secret key;
A second state in which encryption data is calculated using the individual communication private key; a third state in which the broadcast communication private key is encrypted using the encryption data; And a fourth state for delivering the broadcast communication secret key to the receiver terminal, while the receiver terminal calculates encryption data using the individual communication secret key. Decrypt the encrypted private key for broadcast communication transferred from the host device in the 5th state and the 4th state using the encryption data obtained in the 5th state The encryption / decryption processing step is executed by providing a sixth state, and in the subsequent authentication processing step, the host device follows the fourth state, a seventh state for generating a random number, and the seventh state. of An eighth state in which the random number obtained in Tate is transferred to the receiver terminal, the encrypted secret key for broadcast communication obtained in the third state, and the random number make a first authentication result. And a tenth state for comparing the first authentication result and the second authentication result from the receiver terminal to determine whether or not the signal is normally received. The receiver terminal uses the broadcast secret key decrypted in the sixth state and the random number transferred from the host device in the eighth state to obtain the second authentication result on the receiver side. For broadcast cryptographic communication, characterized by comprising an eleventh state for computing the above, and a twelfth state for transferring the second authentication result obtained in the eleventh state to the host device. Key delivery Proof method. 6. When a single host device and a plurality of receiver terminals are communicating using a private key for individual communication, the private key for broadcast communication is delivered from the host device and used for the broadcast communication. In a key distribution / authentication method for broadcast encryption communication for authenticating a secret key with the recipient terminal, the host device comprises:
A first state for generating the broadcast secret key;
A second state in which a random number is generated, a third state in which the random number generated in the second state is transferred to the receiver terminal, the random number generated in the second state, and the individual communication A fourth state in which protection data is calculated using a private key for communication, and a fifth state in which the private key for broadcast communication is protected using the protection data,
A sixth state for transferring the protected private key for broadcast communication to the receiver terminal, while the receiver terminal is protected by using the random number from the host and the private key for individual communication. The seventh state for calculating the use data and the protection data obtained in the seventh state are used to release the protection of the protected broadcast secret key transferred from the host device. An eighth state is provided for executing the encryption / decryption processing step, and in the subsequent authentication processing step, the receiving terminal is in a ninth state for judging whether or not the unprotected protection key for broadcast communication is correct. And whether the normal reception was performed by using the judgment result in the ninth state and the tenth state in which the judgment result in the ninth state is transferred to the host as normal reception information. An 11th state for determining whether or not the host device has the normal reception information obtained from the receiving terminal in the 10th state and the broadcast communication protected in the 5th state. A key distribution / authentication method for broadcast cryptographic communication, comprising: a twelfth state for determining whether or not normal reception is possible based on a secret key.