JP2006211118A - Communication terminal, and method for each terminal to surely confirm connections among all other terminals in full-mesh network - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a method whereby its own terminal can surely confirm whether or not connections among the other terminals are normally established and data communication is carried out in a full-mesh network constructed by the connections among the terminals. <P>SOLUTION: The communication terminal forms a temporary community by establishing connections to a plurality of external terminals connected to a network in a full-mesh way, carries out authentication control in the case of establishing the connections, and shares a unique common key among the terminals after the establishment of the connections, and includes: an application 12; a common key encryption system encryption/decryption module 19; an SSS sharing coding module 13; an SSS decryption module 16; a database module 11; a message generating module 34; a message processing module 37; a message transmission/reception module 38; and a control module 10. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a method in which each terminal reliably confirms whether or not a connection between other participants is normally established and data communication is normally performed in multi-point communication of a full mesh type model.

  Conventionally, in a system such as multi-person chat in which a plurality of terminals participate on an IP network, a community is temporarily constructed by a plurality of terminals, and each terminal exchanges application data therein. At this time, each terminal must have a relationship (called a connection) in order to set up a session for transmitting and receiving data, and there are a plurality of models for establishing the connection. A generally popular model is a model that uses a server that manages connections as a component other than a community terminal, and each terminal constructs a connection only with that server (referred to as a central model).

  However, in the central model, in order to manage connections with a single server, if a failure occurs in that server, all connections in all communities built using that server will be disconnected, so communication will be interrupted. Will occur. In other words, the central model is generally a system that is vulnerable to a single point of failure and has low availability.

  Here, availability refers to availability, and is generally measured by the degree to which a system is hard to break, the difficulty of a failure, the repair speed when a failure occurs, and the like. Speaking of a highly available system, it refers to a system that rarely fails and can be used safely at any time. On the other hand, a system with low availability means a system that frequently fails and does not recover easily.

  In the central model, connections are managed collectively by the server, so in many cases, application data is sent to the server once, and after data processing such as mixing is performed, it is sent to other terminals. . Such a data transmission / reception method is suitable for applications where the amount of data is relatively small or applications that do not require strict real-time properties, but on the contrary, the amount of data to be transmitted / received, such as video conferences and voice calls, is large. It is unsuitable for applications that require strict real-time characteristics.

  On the other hand, as a connection model, there is a full mesh type model in which connections between terminals are directly constructed in a full mesh. Unlike the central model, this model does not require a server for managing connections collectively except for terminals that participate in the community, and each terminal itself manages a plurality of connections instead. In addition, since the management of the connection is distributed to each terminal, the availability is higher than that of the central model. As a result, even if a failure occurs in a certain terminal, the influence is minimized, and communication of the entire community is not cut off. Furthermore, in this model, since the application data is often transmitted directly to the terminal without going through the server, it is suitable for an application that requires strict real-time property.

  However, since the connection is not managed intensively, each terminal can directly confirm that the connection between its own terminal and the other terminal is established, but the connection between the other terminals is actually established. There is no way to know if it is. In the central model, since the server manages the connection in a lump, the server can directly know which terminal has actually established the connection.

As related documents, as shown below, Non-Patent Document 1 regarding a connection construction model and Non-Patent Documents 2 and 3 regarding Secret Sharing Schemes are disclosed.
J. Lennnox, H. Schulzrinne, “A Protocol for Reliable Decentralized Conferencing,” ACM International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV), Monterrey, California, June 2003. A. Shamir, “How to share a secret,” Communications of the ACM, page 612-613, 1979. Tatsuaki Okamoto, Hiroshi Yamamoto, “Contemporary Cryptographic Series / Mathematics of Information Science,” Industrial Book Publishing, page209-219 July 1997.

  As described above, since there is no centralized connection control organization in the full mesh model, even if it is possible to directly check whether the connection between the terminal itself and each terminal is connected, other participants There is no way to know if the connection between them is established normally and whether application data is exchanged.

  The present invention proposes a method in which each terminal reliably confirms whether or not the data communication is performed normally when the connection between other participants is normally established in multi-point communication of the full mesh type model. The purpose is to do.

  In order to solve the above-mentioned problems, the present invention of claim 1 establishes a temporary community by establishing a connection with a plurality of external terminals connected to a network to a full mesh. After authentication is established and the connection is established, each terminal shares a unique common key, generates application data, uses an application that processes application data received from an external terminal, and uses the common key. , A common key encryption / decryption module that encrypts / decrypts arbitrary data, and application data is distributedly encoded with a threshold (1 ≦ k ≦ n) of (k, n), and partial information of the application data SSS (Secret Sharing Schemes) distributed coding module that generates n shares, and application data SSS decoding module that restores original application data from multiple shares that are distributed and encoded, application data passed directly from the application, share of application data received from other terminals, and unique sharing with other terminals A database module that manages a common key that is being used, a terminal list that includes destination information of terminals participating in the community, a data comparison module that compares two application data and determines whether they match, A means for generating a message by giving a designated destination information and a transfer count to a share of application data passed from another module, and a means for generating a message including application data encrypted by a common key. Message generation module A message processing module having means for retrieving application data share, transfer count, and application data encrypted with a common key included in a message received from another terminal, and message destination information passed from the message generation module A message transmission / reception module having means for transmitting a message to the destination, means for receiving a message from another terminal, and means for passing the received message to the message processing module. On the other hand, means for requesting storage / acquisition of a list of participants participating in the community, application data, a common key shared among the participants, and a share in which application data is distributed and encoded, and SSS distribution Encoding module On the other hand, the means for requesting the application data received from the application to be distributed encoded by SSS at the requested threshold, and the share of the application data received from the SSS distributed encoding module to the message generation module, Means for requesting to generate a message by setting designated destination information and the number of transfers; means for requesting the SSS decryption module to restore the original application data from the acquired application data share; The data comparison module needs to compare the application data stored in the database module with the application data restored using the SSS decryption module from the share of application data received from other terminals. A means for requesting, a means for receiving the share of application data extracted from a message received from another terminal from the message processing module, the number of transfers, and the encrypted application data; A communication terminal characterized by comprising a control module comprising: a means for requesting the decryption module to encrypt or decrypt any data using a common key; .

  In the present invention of claim 2, when a terminal which is a communication terminal according to claim 1 transmits application data to all terminals participating in a community other than its own terminal, the application data is stored in the database module. In addition, the SSS distributed coding module is obtained by performing distributed coding with a threshold of ((total number of terminals participating in community-1), (total number of terminals participating in community-1)). The total number of terminals-1) The share of application data is sent to each of all terminals participating in the community excluding its own terminal in a message for each share. A message that includes the destination information and the transfer count set to 1 Step 1 is generated and transmitted for each of all terminals participating in the network, and each terminal receives the message transmitted in Step 1, and each terminal uses the message processing module to share and transfer Are transferred to the control module, and the control module refers to the transfer count, and if it is set to 1, a message including the share of the application data included in the message and the transfer count set to 0 Is generated and transferred to all terminals except the source terminal of the message and the own terminal, and the application data share is stored in the database module of the own terminal, and the message transferred in step 2 is The received control module of each terminal refers to the number of transfers as in step 2. When the transfer is finished and each terminal finishes the message transfer, each terminal excluding the message source terminal obtains the shares of (the total number of terminals participating in the community minus 1). The original application data is restored using the SSS decryption module and transferred to the application, and the application data is encrypted and decrypted using the common key shared with the source terminal. The encrypted data encrypted by the encryption module is sent back to the source terminal, and the source terminal in step 1 receives a common key that is uniquely shared between the source terminal and each terminal from all other terminals. It is obtained by receiving encrypted data encrypted by using step 3 and decrypting each received encrypted data with a corresponding common key. Step 4 for comparing the application data stored in the database module with the application data stored in the database module and confirming whether or not they match. A method for reliably confirming the connection is used as a solution.

  In the third aspect of the present invention, in the full mesh network according to the second aspect, each terminal surely connects connection connections between all other terminals, in which all terminals participating in the community perform the application data transmission step. This method is the solution.

  According to the present invention of claim 4, a temporary community is formed by establishing a connection with a plurality of external terminals connected to the network in a full mesh, and authentication control is performed when the connection is established. Is a terminal that shares a unique common key among terminals, generates application data, processes application data received from an external terminal, and encrypts any data using the common key. Application data is distributedly encoded with a common key encryption / decryption module to be decrypted and a threshold (1 ≦ k ≦ n) of (k, n) to generate n shares that are partial information of the application data. An SSS (Secret Sharing Schemes) distributed encoding module and a plurality of shells in which application data is distributed encoded SSS decryption module that restores the original application data from the network, the hash value of the application data, the share of application data received from other terminals, the common key that is uniquely shared with other terminals, and the community A database module that manages a terminal list including destination information of participating terminals, a hash module that converts application data into a hash value, and a data comparison that compares two hash values to determine whether they match. Generates a message that includes a hash value encrypted with a common key and a means for generating a message by assigning the specified destination information and the number of transfers to the share of the application data passed from the module and another module A message generation module comprising: A message processing module having means for extracting application data share, transfer count, hash value encrypted with a common key included in a message received from another terminal, and destination information of a message passed from the message generation module. A message transmission / reception module comprising: means for transmitting a message to the destination; means for receiving a message from another terminal; and means for passing the received message to the message processing module. A means for requesting storage / acquisition of a list of participants participating in the community, a hash value of application data, a common key shared among the participants, and a share in which application data is distributedly encoded, To SSS distributed coding module Then, a means for requesting application data received from the application to be distributed encoded by SSS with the requested threshold, and a share of application data received from the SSS distributed encoding module to the message generation module, Means for requesting to generate a message by setting designated destination information and the number of transfers; means for requesting the SSS decryption module to restore the original application data from the acquired application data share; , Request the data comparison module to compare the application data stored in the database module with the application data restored using the SSS decryption module from the share of application data received from other terminals SSS decryption with respect to the hash module, means for receiving from the message processing module a share of application data extracted from a message received from another terminal, the number of transfers, and an encrypted hash value A means for requesting application data restored using the encryption module to be converted into a hash value and a common key encryption / decryption module for encrypting or decrypting arbitrary data with a common key The communication terminal is provided with a control module including a means for requesting to be converted into a solution.

  According to a fifth aspect of the present invention, when the terminal, which is the communication terminal according to the fourth aspect, transmits the application data to all the terminals participating in the community except for the terminal itself, the hash of the application data is utilized using the hash module. The value is stored in the database module, and is distributedly encoded with the threshold of ((total number of terminals participating in community-1), (total number of terminals participating in community-1)) in the distributed encoding module. Since the share of the application data (total number of terminals participating in the community minus 1) obtained in this way is included in a message for each terminal that participates in the community other than its own terminal, Destination information of the terminal to which the share is transmitted, and the number of transfers set to 1. A message is generated and transmitted for each of all terminals participating in the community except for the terminal itself. The other terminals receive the message transmitted in step 1, and each terminal uses the message processing module. Then, the share and transfer count are taken out and passed to the control module. The control module refers to the transfer count, and when it is set to 1, the application data share contained in the message is set to 0. Generating a message including the number of times of transmission and transmitting the message to all terminals except the source terminal of the message and the own terminal, and storing the obtained share in the database module of the own terminal; The control module of each terminal that has received the message transferred in step 2 Refers to the number of transmissions and is set to 0, so the transfer is completed, and after the message transfer for all terminals is completed, each terminal obtained except the message source terminal (the total number of terminals participating in the community) -1) Restore the original application data using the SSS decryption module and pass it to the application, and convert the application data into a hash value by the hash module and share it with the source terminal The encrypted hash value encrypted by the common key cryptosystem encryption / decryption module using the common key is sent back to the source terminal, and from all terminals except the source terminal in step 1, The source terminal uses an encrypted hash value encrypted using a common key that is uniquely shared between the source terminal and each terminal. Step 3 for decrypting each received encrypted hash value with the corresponding common key, comparing the obtained hash value with the hash value stored in the database module, and confirming whether or not they match 4, and each of the terminals in the full mesh network reliably confirms connection connections between all other terminals.

  The present invention of claim 6 is such that each terminal in the full mesh network according to claim 5 confirms connection connections between all other terminals in a full mesh network according to claim 5, wherein the application data transmission step is performed by all terminals participating in the community. This method is the solution.

  In the present invention of claim 7, a temporary community is formed by establishing a connection to a plurality of external terminals connected to the network in a full mesh, and authentication control is performed at the time of establishing the connection. Is a terminal that shares a unique common key among terminals, generates application data, processes application data received from an external terminal, and encrypts any data using the common key. Application data is distributedly encoded with a common key encryption / decryption module to be decrypted and a threshold (1 ≦ k ≦ n) of (k, n) to generate n shares that are partial information of the application data. An SSS (Secret Sharing Schemes) distributed encoding module and a plurality of shells in which application data is distributed encoded SSS decryption module that restores the original application data from the application, application data directly passed from the application, share of application data received from other terminals, a common key that is uniquely shared with other terminals, A database module that manages a terminal list including destination information of terminals participating in the community, a data comparison module that compares two application data and determines whether they match, and an application passed from another module A message generation module having means for generating a message by assigning the specified destination information to the data share, the number of transfers, and a means for generating a message including application data encrypted with a common key, and the like Received from other terminals The message processing module having means for retrieving the application data share, the number of transfers, and the application data encrypted with the common key included in the message, and the destination information of the message passed from the message generation module, to the destination A message transmission / reception module comprising: means for transmitting a message; means for receiving a message from another terminal; and means for passing the received message to the message processing module. Participant list, application data, a common key shared among the participants, a share for which application data is distributed and encoded, a means for performing a storage / acquisition request, and an SSS distributed encoding module, application Means for requesting the application data received from the SSS to be distributed-encoded with the requested threshold, and destination information to be specified for the share of the application data received from the SSS distributed encoding module to the message generation module Means for requesting to generate a message by setting the number of transfers, means for requesting the SSS decryption module to restore the original application data from the acquired application data share, and a data comparison module A means for requesting a comparison between the application data stored in the database module and the application data restored using the SSS decryption module from the share of the application data received from other terminals, and a message place A means for receiving the share of application data extracted from messages received from other terminals, the number of transfers, and encrypted application data from the management module, and the common key encryption / decryption module A computer program for causing a computer to function as a communication terminal, comprising: a control module comprising: a means for requesting to encrypt or decrypt any data using a common key Means.

  In the present invention of claim 8, when the terminal which is the communication terminal of claim 1 transmits the application data to all the terminals participating in the community except for its own terminal, the application data is stored in the database module. In addition, the SSS distributed coding module is obtained by performing distributed coding with a threshold of ((total number of terminals participating in community-1), (total number of terminals participating in community-1)). The total number of terminals-1) The share of application data is sent to each of all terminals participating in the community excluding its own terminal in a message for each share. A message that includes the destination information and the transfer count set to 1 Step 1 is generated and transmitted for each of all terminals participating in the network, and each terminal receives the message transmitted in Step 1, and each terminal uses the message processing module to share and transfer Are transferred to the control module, and the control module refers to the transfer count, and if it is set to 1, a message including the share of the application data included in the message and the transfer count set to 0 Is generated and transferred to all terminals except the source terminal of the message and the own terminal, and the application data share is stored in the database module of the own terminal, and the message transferred in step 2 is The received control module of each terminal refers to the number of transfers as in step 2. When the transfer is finished and each terminal finishes the message transfer, each terminal excluding the message source terminal obtains the shares of (the total number of terminals participating in the community minus 1). The original application data is restored using the SSS decryption module and transferred to the application, and the application data is encrypted and decrypted using the common key shared with the source terminal. The encrypted data encrypted by the encryption module is sent back to the source terminal, and the source terminal in step 1 receives a common key that is uniquely shared between the source terminal and each terminal from all other terminals. It is obtained by receiving encrypted data encrypted by using step 3 and decrypting each received encrypted data with a corresponding common key. Step 4 for comparing the application data stored in the database module with the application data stored in the database module and confirming whether or not they match. A computer program for causing a computer to execute a method for reliably confirming the connection is established as a solution means. The present invention according to claim 9 establishes a temporary community by establishing a connection with a plurality of external terminals connected to the network to form a temporary community, and performs authentication control at the time of establishing the connection. Is a terminal that shares a unique common key among terminals, generates application data, processes application data received from an external terminal, and encrypts any data using the common key. Application data is distributedly encoded with a common key encryption / decryption module to be decrypted and a threshold (1 ≦ k ≦ n) of (k, n) to generate n shares that are partial information of the application data. An SSS (Secret Sharing Schemes) distributed encoding module and a plurality of shells in which application data is distributed encoded SSS decryption module that restores the original application data from the network, the hash value of the application data, the share of application data received from other terminals, the common key that is uniquely shared with other terminals, and the community A database module that manages a terminal list including destination information of participating terminals, a hash module that converts application data into a hash value, and a data comparison that compares two hash values to determine whether they match. Generates a message that includes a hash value encrypted with a common key and a means for generating a message by assigning the specified destination information and the number of transfers to the share of the application data passed from the module and another module A message generation module comprising: A message processing module having means for extracting application data share, transfer count, hash value encrypted with a common key included in a message received from another terminal, and destination information of a message passed from the message generation module. A message transmission / reception module comprising: means for transmitting a message to the destination; means for receiving a message from another terminal; and means for passing the received message to the message processing module. A means for requesting storage / acquisition of a list of participants participating in the community, a hash value of application data, a common key shared among the participants, and a share in which application data is distributedly encoded, To SSS distributed coding module Then, a means for requesting application data received from the application to be distributed encoded by SSS with the requested threshold, and a share of application data received from the SSS distributed encoding module to the message generation module, Means for requesting to generate a message by setting designated destination information and the number of transfers; means for requesting the SSS decryption module to restore the original application data from the acquired application data share; , Request the data comparison module to compare the application data stored in the database module with the application data restored using the SSS decryption module from the share of application data received from other terminals SSS decryption with respect to the hash module, means for receiving from the message processing module a share of application data extracted from a message received from another terminal, the number of transfers, and an encrypted hash value A means for requesting application data restored using the encryption module to be converted into a hash value and a common key encryption / decryption module for encrypting or decrypting arbitrary data with a common key A computer program for causing a computer to function as a communication terminal is provided as a solution means.

  According to a tenth aspect of the present invention, when the terminal, which is the communication terminal according to the fourth aspect, transmits the application data to all terminals participating in the community except for the own terminal, the hash of the application data is utilized using the hash module. The value is stored in the database module, and is distributedly encoded with the threshold of ((total number of terminals participating in community-1), (total number of terminals participating in community-1)) in the distributed encoding module. Since the share of the application data (total number of terminals participating in the community minus 1) obtained in this way is included in a message for each terminal that participates in the community other than its own terminal, Destination information of the terminal to which the share is transmitted, and the number of transfers set to 1. Message is generated and transmitted for each of all terminals participating in the community except for the terminal itself, and the other terminals receive the message transmitted in step 1, and each terminal receives the message processing module. Use it to retrieve the share and transfer count, and pass them to the control module. The control module refers to the transfer count, and if it is set to 1, sets the application data share contained in the message to 0 Generating a message including the number of times the transfer has been performed, transmitting the message to all terminals except the source terminal of the message and the own terminal, and storing the obtained share in the database module of the own terminal; The control module of each terminal that has received the message transferred in step 2 is the same as step 2. Refers to the number of transfers, and is set to 0, so the transfer is completed, and after the message transfer of all terminals is completed, each terminal except the message source terminal has obtained (the total number of terminals participating in the community -1) Restore the original application data using the SSS decryption module and pass it to the application, and convert the application data into a hash value by the hash module and share it with the source terminal The encrypted hash value encrypted by the common key cryptosystem encryption / decryption module using the common key is sent back to the source terminal, and from all terminals except the source terminal in step 1, The source terminal uses an encrypted hash value encrypted by using a common key that is uniquely shared between the source terminal and each terminal. And decrypting each received encrypted hash value with the corresponding common key, comparing the obtained hash value with the hash value stored in the database module, and confirming whether or not they match Step 4 is a solving means comprising a computer program for causing a computer to execute a method for surely confirming connection connections between all other terminals in a full mesh network.

  As described above, according to the present invention, the connection between other terminals is normal because the source terminal does not directly transmit the application data to the other terminals but through the other terminals through the steps 1 to 4. Otherwise, in step 3, the other terminals cannot obtain all the shares that are partial information of the application data generated by the source terminal, and eventually restore the same application data generated by the source terminal. The application data in step 4 cannot be compared. Therefore, each terminal transmits application data to other terminals through step 1 to step 4, so that the source terminal finally confirms whether the connection and data communication between the other terminals are normal. Can be confirmed.

  Further, according to the present invention, the message including the data sent back to the source terminal in Step 4 is encrypted using a common key that is uniquely shared between the source terminal and the other terminals. Thus, it can be uniquely authenticated that the message is from a terminal participating in the community.

  Further, according to the present invention, in step 1, the application data is not directly transmitted to another terminal, but is once decomposed into partial information (share), and further via the other terminal, the source terminal Since the data is transmitted to all terminals except for, even if the share is eavesdropped by an unauthorized terminal other than the terminal participating in the community, the original application data must be obtained because it is partial information of the application. Therefore, it is possible to improve the security level for data communication within the community.

  Further, according to the present invention, when another terminal sends back application data in step 3, the message including the application data is not encrypted as it is using the common key, but the hash value of the application data is used. Since the message including the hash value is encrypted with the common key after being obtained, the amount of data to be sent back to the source terminal can be reduced, and the bandwidth required for data communication can be suppressed.

  Further, according to the present invention, since application data is stored in the database as a hash value in step 1, the capacity required for storing data in each terminal can be suppressed.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a diagram showing a network configuration representing a relationship between terminals according to an embodiment of the present invention.

  Terminal 1, terminal 2, and terminal 3 are connected to network 1000 and can communicate with each other. In the state of FIG. 1, it is assumed that no connection is established between the terminals. The network 1000 is an infrastructure for exchanging arbitrary information, and represents, for example, the Internet or a private network.

[First Embodiment]
FIG. 2 is a diagram illustrating a configuration of common functional modules included in each of the terminal 1, the terminal 2, and the terminal 3 illustrated in FIG.

  Here, the community is formed by establishing a connection in a full mesh between a plurality of terminals, and a one-to-one connection constructed between at least two terminals is required.

  The control module 10 includes a database module 11, a secret sharing scheme (hereinafter referred to as SSS) distributed encoding module 13, a message generation module 14, a data comparison module 15, an SSS decryption module 16, a message processing module 17, and a common key. It has an interface with the encryption system encryption / decryption module 19.

  The control module 10 requests the database module 11 to save and acquire a list of participants participating in the community, application data, a common key shared among the participants, and a share in which application data is distributedly encoded. I do.

  The control module 10 requests the SSS distributed encoding module 13 to perform the application encoding received by the SSS distributed encoding module 13 from the application 12 using the SSS with the specified threshold.

  The control module 10 requests the message generation module 14 to generate a message including the share of the application received from the SSS distributed encoding module 13 or the control module 10, the designated number of transfers, and the requested destination information.

  Further, the control module 10 requests the message generation module 14 to generate a message including application data encrypted with the common key and designated destination information.

  In addition, the control module 10 requests the data comparison module 15 to compare the application data previously generated by the application 12 and stored in the database module 11 with the application data received from another terminal.

  Further, the control module 10 requests the SSS decryption module 16 to restore the original application data from a plurality of shares of the acquired application data.

  Further, the control module 10 receives from the message processing module 17 the share extracted from the message received from another terminal, the number of transfers, and the application data encrypted with the common key.

  Further, the control module 10 requests the common key encryption / decryption module 19 to encrypt or decrypt arbitrary data using the common key.

  The database module 11 has an interface with the control module 10 and the application 12. The database module 11 manages a common key shared among terminals, a list of participants (mainly including destination information), a share obtained by distributing and encoding application data received from each terminal, and the application data itself.

  The application 12 is an arbitrary application that inputs and outputs application data, such as a voice application that inputs and outputs voice data. However, these application data include identification information (ID) for identifying which terminal has generated the application data.

  The application 12 has an interface with the database module 11 and the SSS distributed encoding module 13.

  The application 12 has the database module 11 store application data to be output each time.

  The application 12 has the application data output each time to the SSS distributed encoding module 13 be distributed and encoded by the SSS distributed encoding module 13 with a threshold value preset in the SSS distributed encoding module 13 by the control module 10. .

  The SSS distributed encoding module 13 has an interface with the control module 10, the application 12, and the message generation module 14. The SSS distributed encoding module 13 distributes and encodes application data with a threshold (1 ≦ k ≦ n) of (k, n), and generates n shares that are partial information of the application data.

  The SSS distributed encoding module 13 performs distributed encoding on the data received from the application 12 with the thresholds ((total number of terminals in community-1), (total number of terminals in community-1)) specified by the control module 10. Then, it is requested that the obtained (total number of terminals in community-1)) shares be passed to the message generation module 14.

  The message generation module 14 has an interface with the control module 10, the SSS distributed coding module 13, and the message transmission / reception module 18.

  The message generation module 14 receives the destination information of all terminals participating in the community excluding its own terminal from the control module 10, and receives from the SSS distributed coding module 13 (total number of terminals in community −1) shares respectively. Then, it is requested to generate a message by giving destination information of another terminal and the designated transfer count. As a result, (total number of terminals in community-1) messages are generated.

  In addition, when the message generation module 14 receives a share from the SSS distributed encoding module 13, the message generation module 14 sets the number of transfers to 1 when generating a message. On the other hand, when the share is directly passed from the control module 10, the number of transfers is set to 0, the requested destination information is added, and a message is generated.

  Further, the message generation module 14 is requested by the control module 10 to generate a message by adding the designated destination information to the application data encrypted with the common key.

  The data comparison module 15 has an interface with the control module 10.

  The data comparison module 15 is requested by the control module 10 to compare application data previously generated by the application 12 and stored in the database module 11 with application data received from another terminal.

  The SSS decryption module 16 has an interface with the control module 10 and the application 12.

  The SSS decryption module 16 is requested by the control module 10 to restore one application data from a plurality of shares using the SSS.

  The SSS decryption module 16 passes the restored application data to the application 12.

  The message processing module 17 has an interface with the control module 10 and the message transmission / reception module 18.

  The message processing module 17 extracts the application data share and transfer count from the message received from the other terminal by the message transmission / reception module 18 and passes it to the control module 10.

  The message transmission / reception module 18 not only has an interface with the message generation module 14 and the message processing module 17, but is directly connected to an external terminal via a network.

  The message transmission / reception module 18 transmits the message passed from the message generation module 14 to another terminal with reference to the destination information of the message.

  The message transmission / reception module 18 passes the received message to the message processing module 17.

  The common key encryption / decryption module 19 has an interface with the control module 10.

  The common key encryption / decryption module 19 receives a common key from the control module 10 and is requested to perform encryption or decryption using the key.

  A terminal having these functions can also be realized by a computer operating with a computer program. The computer program, that is, the computer program that causes the computer to function as this terminal is stored in a computer-readable recording medium such as a semiconductor memory, a magnetic disk, an optical disk, a magneto-optical disk, or a magnetic tape, or a communication network such as the Internet. And can be widely distributed.

  Terminals 20 and 21 are two terminals 1 to 3 shown in FIG.

  FIG. 3 is a diagram illustrating a state in which a connection 50 is already established between the terminal 1 and the terminal 2, a connection 51 is established between the terminal 2 and the terminal 3, and a connection 52 is established between the terminal 3 and the terminal 1. .

  In FIG. 3, not only a full mesh connection is established among the terminal 1, the terminal 2, and the terminal 3, but also authentication is performed when each connection is established, and a common key (1-1) is already established between the terminal 1 and the terminal 2. -2), the common key (1-2-3) is shared between the terminal 2 and the terminal 3, and the common key (1-3-1) is shared between the terminal 3 and the terminal 1. It shall be. In the first embodiment, an example will be described in which the terminal 1 confirms whether a connection is normally established between the terminal 2 and the terminal 3. The process of the first embodiment described below is performed while the terminal 2 and the terminal 3 are also exchanging application data.

  After the connection is established, the following settings are internally performed in the terminal 1 prior to data communication between the terminals. Here, the terminal 1 will be described as an example.

  In the terminal 1, the control module 10 requests the participant list from the database module 11. Then, the number of participants and the destination of the participant are acquired from the participant list.

  Since the total number of participants is 3, in order to transmit the application data to the terminal 2 and the terminal 3 except for itself, the application data is distributedly encoded by the secret sharing method with the threshold of (2, 2). , The SSS distributed encoding module 13 is set. As a result, the SSS distributed encoding module 13 distributes and encodes application data received from the application each time with a threshold value of (2, 2), and is set to the control content that passes the two shares to the message generation module 14. .

  Next, the control module 10 uses the destination information already acquired from the database module 11 so that the message transmission / reception module 18 transmits the message including the share of the application data to the correct destination, and each share is transferred to the terminal 2 or the terminal The message generation module 14 is requested to generate a message including the destination information 3. At this time, the message generation module 14 is requested to set the transfer count to 1.

  The message generation module 14 receives a request from the control module 10 and generates a message including one share of the two shares received from the SSS distributed encoding module 13 each time and the destination information of the terminal 2, and the other And a message including the destination information of the terminal 3 are generated. That is, in the first embodiment, two messages are generated for each piece of application data.

  The preparation for exchanging application data between the terminals has been described above. Actual data exchange will be described with reference to FIG.

  FIG. 4 shows two shares (1-1-2) and shares (1-1-3) obtained by distributing and encoding application data AD1 of the terminal 1 with a threshold of (2, 2), respectively. 2 is a diagram illustrating a state in which the terminal 1 transmits to the terminal 2 and the terminal 3 (messages 100 and 101).

  In the terminal 1, application data AD1 generated by the application 12 is distributed and encoded into two shares (1-1-2) and shares (1-1-3) through the SSS distributed encoding module 13. Then, the message generation module 14 generates a message 100 including the destination information and share (1-1-2) of the terminal 2, and a message 101 including the destination information and share (1-1-3) of the terminal 3. . The message generation module 14 sets the application data share transfer count to 1 when each message is generated.

  The two messages 100 and 101 are passed to the message transmission / reception module 18, and the message transmission / reception module 18 sees the destination information of each message, and the message 100 is transmitted to the terminal 2 and the message 101 is transmitted to the terminal 3.

  Further, the application data AD1 of the terminal 1 is stored in the database module 11 as it is.

  On the other hand, the message transmission / reception module 18 of the terminal 2 receives the message 100 from the terminal 1 and passes it to the message processing module 17. The message processing module 17 extracts the share (1-1-2) and the transfer count from the message 100 and passes them to the control module 10.

  The control module 10 of the terminal 2 stores the share (1-1-2) in the database module 11. Further, it is determined whether or not the share (1-1-2) is transferred with reference to the transfer count. Since it was set to 1 here, it must be transferred again. The control module 10 sends it to the message generation module 14 in order to transfer the share (1-1-2) to all terminals (that is, the terminal 3) except for the own terminal and the source terminal of the message 100. hand over. It also requests that the number of transfers be zero.

  The message generation module 14 sets the transfer count to 0, and generates the message 102 including the share (1-1-2) and the destination information of the terminal 3. The generated message 102 is transferred to the message transmission / reception module 18 and transmitted to the terminal 3 (message 102 in FIG. 5).

  Similarly, the terminal 3 similarly processes the message 101, sets the transfer count to 0, and transmits the message 103 including the share (1-1-3) to the terminal 2.

  FIG. 5 shows message 102 including shares (1-1-2) and (1-1-3) included in each message after terminal 2 and terminal 3 receive messages 100 and 101 from terminal 1, respectively. , 103 are transmitted to terminal 3 and terminal 2.

  The message transmission / reception module 18 of the terminal 2 receives the message 103, and the message processing module 17 extracts the number of transfers and the share (1-1-3) from the message in the same way as the message 100, and passes them to the control module 10. The control module 10 sees that the transfer count is set to 0, and determines not to transfer the share. The control module 10 uses the acquired share (1-1-3) and the share (1-1-2) stored in the database module 11 to restore the original application data AD1. The SSS decryption module 16 is requested to perform decryption.

  The SSS decryption module 16 restores the original application data AD1 using the two shares (1-1-2) and (1-1-3), and then passes the application data AD1 to the application 12. Further, in order to confirm whether the terminal 1 has established a connection between the terminal 2 and the terminal 3 and the data communication is normally performed, the application data is generated in order to generate data necessary for the terminal 1. AD1 is also returned to the control module 10.

  The control module 10 of the terminal 2 refers to the ID included in the application data AD1, and determines that it is application data of the terminal 1. Then, in order to enable the terminal 1 to confirm that data communication between the terminal 2 and the terminal 3 is normally performed, the application data AD1 is shared with the terminal 1 by the common key (1-1 -2), the common key encryption / decryption module 19 is used for encryption. Then, in order to transmit the obtained encrypted data (1-2) to the terminal 1, it is transmitted using the message generation module 14 and the message transmission / reception module 18 (message 104 in FIG. 6).

  Similarly, the terminal 3 performs the same processing as the terminal 2, encrypts the restored application data AD1 using the common key (1-3-1), and encrypts the obtained encrypted data (1-3) to the terminal 1 (Message 105 in FIG. 6).

  FIG. 6 is a diagram illustrating a state in which the terminal 2 and the terminal 3 transmit the messages 104 and 105 including the encrypted data (1-2) and (1-3) to the terminal 1, respectively.

  When the terminal 1 receives the message 104 from the terminal 2, the terminal 1 obtains encrypted data (1-2) via the message transmission / reception module 18 and the message processing module 17.

  The control module 10 of the terminal 1 decrypts the encrypted data (1-2) using the common key (1-1-2) via the common key cryptosystem encryption / decryption module to obtain application data. Obtain AD1 ′.

  The data comparison module 15 is used to compare whether the application data AD1 'is equal to the application data AD1 stored in the database module 11. If the comparison result is normal (AD1 = AD1 '), it can be confirmed that the data communication in the direction from the terminal 3 to the terminal 2 is normal.

  Similarly, the terminal 1 receives the message 105 from the terminal 3 and compares it with the application data AD1 in the same manner. If the comparison result is normal, it can be confirmed that the data communication in the direction from the terminal 2 to the terminal 3 is normal.

  Similarly, the terminal 2 and the terminal 3 perform the same processing as the terminal 1. By transmitting application data via another terminal, is connection established between terminal 1 and terminal 3 for terminal 2 and between terminal 1 and terminal 2 for terminal 3 and data communication is normally performed? It is possible to confirm with certainty.

  As described above, since the source terminal does not directly send application data to other terminals, but transmits the application data via other terminals, the connection between the other terminals is not normal and the data communication is not normal. It is not possible to obtain all shares that are partial information of application data generated by the transmission source terminal, and it is impossible to restore the same application data generated by the transmission source terminal. The application data obtained by decrypting the encrypted data sent back to the source terminal cannot be compared with the application data stored in the source terminal. Therefore, each terminal transmits application data to other terminals as in the first embodiment, so that the source terminal finally determines whether the connection and data communication between other terminals are normal. It can be confirmed reliably.

  In addition, the application data is not sent back to the sender terminal as it is, but the terminal that participates in the community by encrypting and sending it back using a common key that is uniquely shared between the sender terminal and other terminals. The message can be uniquely authenticated.

  In addition, application data is not sent directly to other terminals, but once it is broken down into partial information (shares) and sent to all terminals except the source terminal via other terminals. Even if the share is eavesdropped by an unauthorized terminal other than the terminal participating in the community, it is partial information of the application, so the original application data cannot be obtained, and security against data communication within the community It is possible to improve the level.

As described above, a computer program for causing a terminal operated by a computer to execute a method for reliably confirming connection connections between all other terminals in a full mesh network is stored in the recording medium described above. It can be transmitted via a communication network. [Second Embodiment]
FIG. 7 is a diagram illustrating the configuration of the common functional modules included in each of the terminal 1, the terminal 2, and the terminal 3 illustrated in FIG.

  The control module 30 includes a database module 31, an SSS distributed encoding module 33, a message generation module 34, a data comparison module 35, an SSS decryption module 36, a message processing module 37, a common key cryptosystem encryption / decryption module 39, a hash It has an interface with the module 42.

  The control module 30 stores, in the database module 31, a list of participants participating in the community, a hash value of application data, a common key shared among the participants, and a share in which application data is distributedly encoded. -Request acquisition.

  The control module 30 requests the SSS distributed encoding module 33 to perform application encoding received by the SSS distributed encoding module 33 from the application 32 using SSS with the specified threshold.

  The control module 30 requests the message generation module 34 to make a setting at the time of message generation to transmit to the destination that requests the share of the application received from the SSS distributed coding module.

  Further, the control module 30 requests the message generation module 34 to generate a message including the share of the application received from the SSS distributed encoding module or the control module 30, the designated number of transfers, and the requested destination information.

  The control module 30 requests the message generation module 34 to generate a message including the hash value of the application data encrypted with the common key and the specified destination information.

  In addition, the control module 30 compares the hash value previously generated by the application 32 using the hash module 42 and stored in the database module 31 with the hash value received from another terminal. Ask to do.

  In addition, the control module 30 requests the SSS decryption module 36 to restore the original application data from a plurality of shares of the acquired application data.

  Further, the control module 30 receives from the message processing module 37 the share extracted from the message received from another terminal, the number of transfers, and the hash value encrypted with the common key.

  Further, the control module 30 requests the common key encryption / decryption module 39 to encrypt or decrypt arbitrary data using the common key.

  The control module 30 requests the hash module 42 to convert the application data into a hash value.

  The database module 31 has an interface with the control module 30 and the hash module 42. The database module 31 manages a common key shared among terminals, a list of participants (mainly including destination information), a share obtained by distributing and encoding application data received from each terminal, and a hash value of application data To do.

  The application 32 is an arbitrary application that inputs and outputs data, such as an audio application that inputs and outputs audio data. However, these application data include an ID for identifying which terminal has generated the application data.

  The application 32 has an interface with the SSS distributed encoding module 33 and the hash module 42.

  The application 32 causes the SSS distributed encoding module 33 to perform distributed encoding of the application data to be output every time with the threshold set in the SSS distributed encoding module 33 by the control module 30.

  The application 32 causes the hash module 42 to convert the application data to be output each time into a hash value and store it in the database module 31.

  The SSS distributed encoding module 33 has an interface with the control module 30, the application 32, and the message generation module 34.

  The SSS distributed encoding module 33 performs distributed encoding on the data received from the application 32 with the thresholds ((total number of terminals in community-1), (total number of terminals in community-1)) specified by the control module 30. The message generation module 34 is requested to pass the obtained shares (the total number of terminals in the community minus 1).

  The message generation module 34 has an interface with the control module 30, the SSS distributed encoding module 33, and the message transmission / reception module 38.

  The message generation module 34 receives, from the control module 30, destination information of all terminals participating in the community excluding its own terminal, and receives from the SSS distributed coding module 33 (total number of terminals in community-1) shares. Then, it is requested to generate a message by giving destination information of another terminal and the designated transfer count. As a result, (total number of terminals in community-1) messages are generated.

  Further, when the message generation module 34 receives a share from the SSS distributed encoding module 33, the message generation module 34 sets the number of transfers to 1 at the time of message generation. On the other hand, when the share is directly passed from the control module 30, the number of transfers is set to 0, the requested destination information is added, and a message is generated.

  Further, the message generation module 34 is requested by the control module 30 to generate a message by giving the hash value of the application data encrypted with the common key and the specified destination information.

  The data comparison module 35 has an interface with the control module 30.

  The data comparison module 35 is requested by the control module 30 to compare the hash value generated by the application 32 using the hash module 42 and stored in the database module 31 with the hash value received from another terminal. The

  The SSS decryption module 36 has an interface with the control module 30 and the application 32.

  The SSS decryption module 36 is requested by the control module 30 to restore one application data from a plurality of shares using the SSS.

  The SSS decryption module 36 passes the restored application data to the application 32.

  The message processing module 37 has an interface with the control module 30 and the message transmission / reception module 38.

  The message processing module 37 extracts the application data share, the number of transfers, and the hash value encrypted with the common key from the message received by the message transmission / reception module 38 from another terminal to the control module 30.

  The message transmission / reception module 38 not only has an interface with the message generation module 34 and the message processing module 37, but is directly connected to an external terminal via a network.

  The message transmission / reception module 38 transmits the message passed from the message generation module 34 to other terminals with reference to the destination information of the message.

  The message transmission / reception module 38 passes the received message to the message processing module 37.

  The common key encryption / decryption module 39 has an interface with the control module 30.

  The common key encryption / decryption module 39 receives a common key from the control module 30 and is requested to perform encryption or decryption using the key.

  The hash module 42 has an interface with the control module 30, the database module 31, and the application 32.

  The hash module 42 is requested by the control module 30 to convert the application data into a hash value.

  Further, the hash module 42 converts application data received from the application 32 into a hash value and stores it in the database module 31.

  A terminal having these functions can also be realized by a computer, and a computer program that causes the computer to function as this terminal can be read by a computer such as a semiconductor memory, a magnetic disk, an optical disk, a magneto-optical disk, and a magnetic tape. It can be stored in a simple recording medium or transmitted through a communication network such as the Internet and widely distributed.

  Terminals 40 and 41 represent two terminals 1 to 3 shown in FIG.

  FIG. 8 is a diagram illustrating a state in which a connection 60 is already established between the terminal 1 and the terminal 2, a connection 61 is established between the terminal 2 and the terminal 3, and a connection 62 is established between the terminal 3 and the terminal 1. .

  In FIG. 8, not only a full mesh connection is established among the terminal 1, the terminal 2, and the terminal 3, but also authentication is performed when the connection is established, and a common key (2-1) has already been established between the terminal 1 and the terminal 2. -2), the common key (2-2-3) is shared between the terminal 2 and the terminal 3, and the common key (2-3-1) is shared between the terminal 3 and the terminal 1. It shall be. In the second embodiment, an example in which the terminal 1 confirms whether or not the connection is normally established between the terminal 2 and the terminal 3 will be described. The process of the second embodiment described below is performed while the terminal 2 and the terminal 3 are also exchanging application data.

  After the connection is established, the following settings are internally performed in the terminal 1 prior to data communication between the terminals. Here, the terminal 1 will be described as an example.

  In the terminal 1, the control module 30 requests the participant list from the database module 31. Then, the number of participants and the destination of the participant are acquired from the participant list.

  Since the total number of participants is 3, in order to transmit the application data to the terminal 2 and the terminal 3 except for itself, the application data is distributedly encoded by the secret sharing method with the threshold of (2, 2). The SSS distributed encoding module 33 is set. As a result, the SSS distributed encoding module 33 distributes and encodes the application data received from the application 32 with the threshold value (2, 2) each time, and is set to the control content that passes the two shares to the message generation module 34. The

  Next, the control module 30 uses the destination information already acquired from the database module 31 so that the message transmission / reception module 38 transmits the message including the share of the application data to the correct destination. The message generation module 34 is requested to generate a message including the destination information 3. At this time, the message generation module 34 is requested to set the transfer count to 1.

  The message generation module 34 receives a request from the control module 30 and generates a message including one share of the two shares received from the SSS distributed encoding module 33 each time and the destination information of the terminal 2, and the other And a message including the destination information of the terminal 3 are generated. That is, in the second embodiment, two messages are generated each time for one application data.

  The preparation for exchanging application data between the terminals has been described above. Actual data exchange will be described with reference to FIG.

  FIG. 9 shows two shares (2-1-2) and shares (2-1-3) obtained by distributedly encoding application data AD1 of the terminal 1 with a threshold of (2, 2). It is the figure which showed a mode that the terminal 1 transmitted with respect to the terminal 3 (message 200,201).

  In the terminal 1, application data AD1 generated by the application 32 is distributed and encoded into two shares (2-1-2) and shares (2-1-3) through the SSS distributed encoding module 33. Then, the message generation module 34 generates the message 200 including the destination information and share (2-1-2) of the terminal 2, and the message 201 including the destination information and share (2-1-3) of the terminal 3. . The message generation module 34 sets the application data share transfer count to 1 when each message is generated.

  The two messages 200 and 201 are transferred to the message transmission / reception module 38. The message transmission / reception module 38 looks at the destination information of each message, and the message 200 is transmitted to the terminal 2 and the message 201 is transmitted to the terminal 3.

  The application data AD1 of the terminal 1 is converted as a hash value HD1 via the hash module 42 and stored in the database module 31.

  On the other hand, the message transmission / reception module 38 of the terminal 2 receives the message 200 from the terminal 1 and passes it to the message processing module 37. The message processing module 37 extracts the share (2-1-2) and the transfer count from the message 200 and passes them to the control module 30.

  The control module 30 of the terminal 2 stores the share (2-1-2) in the database module 31. In addition, referring to the number of transfers, it is determined whether to transfer the share (2-1-2). Since it was set to 1 here, it must be transferred again. The control module 30 sends it to the message generation module 34 in order to transfer the share (2-1-2) to all terminals (that is, the terminal 3) except for the own terminal and the source terminal of the message 200. hand over. It also requests that the number of transfers be zero.

  The message generation module 34 sets the transfer count to 0, and generates the message 202 including the share (2-1-2) and the destination information of the terminal 3. The generated message 202 is transferred to the message transmission / reception module 38 and transmitted to the terminal 3 (message 202 in FIG. 10).

  Similarly, the terminal 3 similarly processes the message 201, sets the number of transfers to 0, and transmits the message 203 including the share (2-1-3) to the terminal 2.

  FIG. 10 shows a message 202 including shares (2-1-2) and (2-1-3) included in the respective messages after the terminals 2 and 3 receive the messages 200 and 201 from the terminal 1, respectively. , 203 is transmitted to terminal 3 and terminal 2.

  The message transmission / reception module 38 of the terminal 2 receives the message 203, and the message processing module 37 extracts the number of transfers and the share (2-1-3) from the message in the same manner as the message 200, and passes them to the control module 30. The control module 30 sees that the number of transfers is set to 0, and determines not to transfer the share. The control module 30 uses the acquired share (2-1-3) and the share (2-1-2) stored in the database module 31 to restore the original application data AD1. The SSS decryption module 36 is requested to perform decryption.

  The SSS decryption module 36 restores the original application data AD1 using the two shares (2-1-2) and (2-1-3), and then passes the application data AD1 to the application 32. Further, in order to confirm whether the terminal 1 has established a connection between the terminal 2 and the terminal 3 and the data communication is normally performed, the application data is generated in order to generate data necessary for the terminal 1. AD1 is also returned to the control module 30.

  The control module 30 of the terminal 2 refers to the ID included in the application data AD1, and determines that it is application data of the terminal 1. After the terminal 1 obtains the hash value of the application data AD1 using the hash module 42 so that the terminal 1 can confirm that the data communication between the terminal 2 and the terminal 3 is normally performed. The hash value is encrypted by the common key cryptosystem encryption / decryption module 39 using the common key (2-1-2) shared with the terminal 1. Then, in order to transmit the obtained encrypted hash value (2-2) to the terminal 1, it is transmitted using the message generation module 34 and the message transmission / reception module 38 (message 204 in FIG. 11).

  Similarly, the terminal 3 performs the same process as the terminal 2, encrypts the hash value of the restored application data AD1 with the common key (2-3-1), and uses the obtained encrypted hash value (2-3) as the terminal. 1 (message 205 in FIG. 11).

  FIG. 11 is a diagram illustrating a state in which the terminal 2 and the terminal 3 transmit messages 204 and 205 including the encrypted hash values (2-2) and (2-3) to the terminal 1, respectively.

  When the terminal 1 receives the message 204 from the terminal 2, the terminal 1 obtains an encrypted hash value (2-2) via the message transmission / reception module 38 and the message processing module 37.

  The control module 30 of the terminal 1 decrypts the encrypted hash value (2-2) using the common key (2-1-2) through the common key encryption / decryption module 39, A hash value HD1 ′ is obtained.

  It is compared using the data comparison module 35 whether or not the hash value HD1 'and the hash value HD1 stored in the database module 31 are equal. If the comparison result is normal (HD1 = HD1 ′), it can be confirmed that the data communication in the direction from the terminal 3 to the terminal 2 is normal.

  Similarly, the terminal 1 receives the message 205 from the terminal 3 and compares it with the data 1 in the same manner. If the comparison result is normal, it can be confirmed that the data communication in the direction from the terminal 2 to the terminal 3 is normal.

  Similarly, the terminal 2 and the terminal 3 perform the same processing as the terminal 1. By transmitting application data via another terminal, is connection established between terminal 1 and terminal 3 for terminal 2 and between terminal 1 and terminal 2 for terminal 3 and data communication is normally performed? It is possible to confirm with certainty.

  As described above, since the source terminal does not send application data directly, but transmits it via another terminal, the connection between the other terminals is not normal and the data communication is not normal. It is also impossible to restore the same application data as generated. The hash value of the application data obtained by decrypting the encrypted data sent back to the source terminal cannot be compared with the hash value of the application data stored in the source terminal. Therefore, each terminal transmits the hash value of the application data to other terminals as in the second embodiment, so that the source terminal finally has a normal connection and data communication between the other terminals. You can be sure whether or not.

  In addition, the application data is not sent back to the sender terminal as it is, but the terminal that participates in the community by encrypting and sending it back using a common key that is uniquely shared between the sender terminal and other terminals. The message can be uniquely authenticated.

  In addition, application data is not sent directly to other terminals, but once it is broken down into partial information (shares) and sent to all terminals except the source terminal via other terminals. In addition, even if the share is eavesdropped by an unauthorized terminal other than the terminal participating in the community, the original application data cannot be obtained because it is partial information of the application. It is possible to improve the security level.

  In addition, when other terminals send back application data, a message including application data is not encrypted as it is using a common key, but a hash value of application data is obtained and the hash value is included. Since the message is encrypted with the common key, the amount of data sent back to the source terminal can be reduced, and the bandwidth required for data communication can be suppressed.

  In addition, since the source terminal stores application data as a hash value in the database module, the capacity required for storing data in each terminal can be reduced.

  Further, in this way, a computer program that causes a terminal operating by a computer to execute a method for surely confirming connection connections between all other terminals in a full mesh network is stored in the recording medium described above, It can be transmitted via a communication network.

It is a figure which shows the structure of the network which concerns on embodiment of this invention. It is a figure which shows the example of the internal module structure in the terminal 1 to the terminal 3 shown by FIG. 1, and is a figure which concerns on 1st Embodiment. It is a figure which shows the state by which the connection is established between the terminal 1, the terminal 2, and the terminal 3 on the one-to-one basis, and is a figure which concerns on 1st Embodiment. 3 is a diagram illustrating a state in which the terminal 1 transmits a message to the terminals 2 and 3 in FIG. In FIG. 3, it is a figure which shows a mode that the terminal 2 and the terminal 3 each transmit a message to each other. 3 is a diagram illustrating a state in which the terminal 2 and the terminal 3 transmit a message to the terminal 1 in FIG. It is a figure which shows the example of the internal module structure in the terminal 1-the terminal 3 shown by FIG. 1, and is a figure which concerns on 2nd Embodiment. It is a figure which shows the state by which the connection is established between the terminal 1, the terminal 2, and the terminal 3 on the one-to-one basis, and is a figure which concerns on 2nd Embodiment. In FIG. 8, it is a figure which shows a mode that the terminal 1 transmits a message with respect to the terminal 2 and the terminal 3. FIG. In FIG. 8, terminal 2 and terminal 3 are each a figure which shows a mode that a message transmits each other. FIG. 8 is a diagram illustrating a state in which the terminal 2 and the terminal 3 transmit a message to the terminal 1 in FIG.

Explanation of symbols

1, 2, 3, 20, 21, 40, 41... Terminal (communication terminal)
10, 30 ... Control module 11, 31 ... Database module 12, 32 ... Application 13, 33 ... SSS distributed coding module 14, 34 ... Message generation module 15, 35 ... Data Comparison module 16, 36 ... SSS decryption module 17, 37 ... Message processing module 18, 38 ... Message transmission / reception module 19, 39 ... Common key encryption / decryption module 42 ... Hash module 50, 51, 52, 60, 61, 62 ... connection 100, 101, 102, 103, 104, 105, 200, 201, 202, 203, 204, 205 ... message 1000 ... network

Claims (10)

By establishing a full mesh connection with multiple external terminals connected to the network, a temporary community is formed, and authentication control is performed at the time of establishing a connection. A terminal sharing a key,
An application that generates application data and processes application data received from an external terminal;
A common key encryption / decryption module that encrypts / decrypts arbitrary data using a common key;
An SSS (Secret Sharing Schemes) distributed encoding module that performs distributed encoding of application data with a threshold (1 ≦ k ≦ n) of (k, n) and generates n shares that are partial information of the application data;
An SSS decoding module that restores original application data from a plurality of shares in which application data is distributed and encoded;
A terminal list that includes application data passed directly from the application, application data received from other terminals, a common key that is uniquely shared with other terminals, and destination information of terminals participating in the community, A database module that manages
A data comparison module that compares two application data and determines whether they match,
A means for generating a message by giving a designated destination information and a transfer count to a share of application data passed from another module, and a means for generating a message including application data encrypted with a common key. A message generation module having
A message processing module having means for retrieving application data share, transfer count, and application data encrypted with a common key included in a message received from another terminal;
Based on message destination information passed from the message generation module, means for transmitting a message to the destination, means for receiving a message from another terminal, and means for passing the received message to the message processing module A message sending and receiving module,
Means for making a request to store and retrieve a list of participants participating in the community, application data, a common key shared among the participants, and a share in which application data is distributedly encoded to the database module ,
Means for requesting the SSS distributed encoding module to perform application encoding received from the application by SSS with the requested threshold value;
Means for requesting the message generation module to generate a message by setting the destination information to be specified and the number of transfers to the share of the application data received from the SSS distributed encoding module;
Means for requesting the SSS decryption module to restore the original application data from the acquired application data share;
Means for requesting data comparison module to compare application data stored in database module with application data restored using share of application data received from other terminal using SSS decryption module When,
Means for receiving, from the message processing module, the share of the application data extracted from the message received from another terminal, the number of transfers, and the encrypted application data;
A control module comprising: means for requesting the common key encryption / decryption module to encrypt or decrypt arbitrary data using the common key. Communication terminal. When a terminal that is a communication terminal according to claim 1 transmits application data to all terminals that participate in a community other than its own terminal,
In addition to storing the application data in the database module, the SSS distributed encoding module distributes with threshold values of ((total number of terminals participating in community-1), (total number of terminals participating in community-1)). In order to transmit the share of the application data obtained by encoding (total number of terminals that participate in the community minus 1) pieces of application data to each of the terminals that participate in the community other than the own terminal in a message. Generating and transmitting a message including a share, destination information of a terminal to which the share is transmitted, and a transfer count set to 1 for each of all terminals participating in the community except for the own terminal; and ,
Each of the other terminals receives the message transmitted in step 1, and each of the terminals uses the message processing module to extract the share and the transfer count, and passes them to the control module. The control module refers to the transfer count. If it is set to 1, a message including the share of application data included in the message and the number of transfers set to 0 is generated, and all terminals except the source terminal of the message and its own terminal The application data share is stored in the database module of the terminal,
The control module of each terminal that has received the message transferred in step 2 refers to the transfer count as in step 2 and is set to 0, so that the transfer ends, and when each terminal ends the transfer of the message. In addition to restoring the original application data using the SSS decryption module and passing it to the application, the shares obtained by each terminal excluding the message source terminal (the total number of terminals participating in the community minus 1) are used. Step 3 of sending back the encrypted data obtained by encrypting the application data using the common key encryption / decryption module using a common key shared with the source terminal to the source terminal;
The source terminal in step 1 receives encrypted data encrypted in step 3 from all other terminals using a common key that is uniquely shared between the source terminal and each terminal. And comparing the application data obtained by decrypting the encrypted data with the corresponding common key and the application data stored in the database module, and confirming whether or not they match. In a full mesh network, each terminal reliably confirms connection connections between all other terminals.   The method for reliably connecting connection connections among all other terminals in the full mesh network according to claim 2, wherein all terminals participating in the community perform the application data transmission step. By establishing a full mesh connection with multiple external terminals connected to the network, a temporary community is formed, authentication control is performed at the time of connection establishment, and a unique common among the terminals after connection establishment A terminal sharing a key,
An application that generates application data and processes application data received from an external terminal;
A common key encryption / decryption module that encrypts / decrypts arbitrary data using a common key;
An SSS (Secret Sharing Schemes) distributed encoding module that performs distributed encoding of application data with a threshold (1 ≦ k ≦ n) of (k, n) and generates n shares that are partial information of the application data;
An SSS decoding module that restores original application data from a plurality of shares in which application data is distributed and encoded;
A hash value of application data, a share of application data received from other terminals, a common key uniquely shared with other terminals, and a terminal list including destination information of terminals participating in the community, A database module to manage,
A hash module that converts application data into a hash value;
A data comparison module that compares two hash values and determines whether they match,
Means for generating a message by assigning the specified destination information to the share of application data passed from another module, the number of transfers, and means for generating a message including a hash value encrypted with a common key; A message generation module having
A message processing module having means for extracting the share of application data, the number of transfers, and a hash value encrypted with a common key, included in a message received from another terminal;
Based on message destination information passed from the message generation module, means for transmitting a message to the destination, means for receiving a message from another terminal, and means for passing the received message to the message processing module A message sending and receiving module,
A request to store / retrieve the database module for a list of participants participating in the community, a hash value of application data, a common key shared among the participants, and a share in which application data is distributed and encoded. Means to do,
Means for requesting the SSS distributed encoding module to perform application encoding received from the application by SSS with the requested threshold value;
Means for requesting the message generation module to generate a message by setting the destination information to be specified and the number of transfers to the share of the application data received from the SSS distributed encoding module;
Means for requesting the SSS decryption module to restore the original application data from the acquired application data share;
Means for requesting data comparison module to compare application data stored in database module with application data restored using share of application data received from other terminal using SSS decryption module When,
Means for receiving, from the message processing module, a share of application data extracted from a message received from another terminal, the number of transfers, and an encrypted hash value;
Means for requesting the hash module to convert the application data restored using the SSS decryption module into a hash value;
A communication terminal comprising: a control module comprising: a means for requesting a common key cryptosystem encryption / decryption module to encrypt or decrypt arbitrary data with a common key. When a terminal which is a communication terminal according to claim 4 transmits application data to all terminals participating in the community except for its own terminal,
The hash value of application data is stored in the database module using the hash module, and ((total number of terminals participating in the community −1)) ((all terminals participating in the community)) is stored in the distributed encoding module. The share of the application data (total number of terminals participating in the community minus 1) obtained by distributed encoding with the threshold of (number-1)) is 1 for each of all terminals participating in the community except for the own terminal. In order to send a message including each share, a message including the share, destination information of the terminal to which the share is transmitted, and the number of transfers set to 1 is sent to all the terminals participating in the community except for the own terminal. Step 1 to generate and send for each,
Each of the other terminals receives the message transmitted in step 1, and each of the terminals uses the message processing module to extract the share and the transfer count, and passes them to the control module. The control module refers to the transfer count. If it is set to 1, a message including the share of the application data included in the message and the number of transfers set to 0 is generated, and the message is transmitted to all terminals except the source terminal and the own terminal. And sending the obtained share to the database module of its own terminal, and
The control module of each terminal that has received the message transferred in step 2 refers to the number of transfers as in step 2 and is set to 0, so that the transfer is completed and the message transfer of all terminals is completed. Thereafter, the original application data is restored to the application by using the SSS decryption module for the shares of (the total number of terminals participating in the community −1) obtained by each terminal except the message source terminal. And the application data is converted into a hash value by the hash module, and the encrypted hash value encrypted by the common key encryption / decryption module using the common key shared with the source terminal is obtained. , Step 3 sent back to the originating terminal,
The source terminal receives the encrypted hash value encrypted in step 3 using a common key that is uniquely shared between the source terminal and each terminal from all terminals except the source terminal in step 1 Step 4 for decrypting each received encrypted hash value with a corresponding common key, comparing the obtained hash value with the hash value stored in the database module, and confirming whether or not they match. A method for reliably confirming connection connections between all other terminals in a full-mesh network.   6. The method of reliably confirming connection connections between all other terminals in a full mesh network according to claim 5, wherein the application data transmission step is performed by all terminals participating in the community. By establishing a full mesh connection with multiple external terminals connected to the network, a temporary community is formed, authentication control is performed at the time of connection establishment, and a unique common among the terminals after connection establishment A terminal sharing a key,
An application that generates application data and processes application data received from an external terminal;
A common key encryption / decryption module that encrypts / decrypts arbitrary data using a common key;
An SSS (Secret Sharing Schemes) distributed encoding module that performs distributed encoding of application data with a threshold (1 ≦ k ≦ n) of (k, n) and generates n shares that are partial information of the application data;
An SSS decoding module that restores original application data from a plurality of shares in which application data is distributed and encoded;
A terminal list that includes application data passed directly from the application, application data received from other terminals, a common key that is uniquely shared with other terminals, and destination information of terminals participating in the community, A database module that manages
A data comparison module that compares two application data and determines whether they match,
A means for generating a message by giving a designated destination information and a transfer count to a share of application data passed from another module, and a means for generating a message including application data encrypted by a common key. A message generation module having
A message processing module having means for retrieving application data share, transfer count, and application data encrypted with a common key included in a message received from another terminal;
Based on message destination information passed from the message generation module, means for transmitting a message to the destination, means for receiving a message from another terminal, and means for passing the received message to the message processing module A message sending and receiving module,
Means for making a request to store and retrieve a list of participants participating in the community, application data, a common key shared among the participants, and a share in which application data is distributedly encoded, to the database module ,
Means for requesting the SSS distributed encoding module to perform application encoding received from the application by SSS with the requested threshold value;
Means for requesting the message generation module to generate a message by setting the destination information to be specified and the number of transfers to the share of the application data received from the SSS distributed encoding module;
Means for requesting the SSS decryption module to restore the original application data from the acquired application data share;
Means for requesting data comparison module to compare application data stored in database module with application data restored using share of application data received from other terminal using SSS decryption module When,
Means for receiving, from the message processing module, the share of the application data extracted from the message received from another terminal, the number of transfers, and the encrypted application data;
A control module comprising: means for requesting the common key encryption / decryption module to encrypt or decrypt arbitrary data using the common key. A computer program for causing a computer to function as a communication terminal. When a terminal that is a communication terminal according to claim 1 transmits application data to all terminals that participate in a community other than its own terminal,
In addition to storing the application data in the database module, the SSS distributed encoding module distributes with threshold values of ((total number of terminals participating in community-1), (total number of terminals participating in community-1)). In order to transmit the share of the application data obtained by encoding (total number of terminals that participate in the community minus 1) pieces of application data to each of the terminals that participate in the community other than the own terminal in a message. Generating and transmitting a message including a share, destination information of a terminal to which the share is transmitted, and a transfer count set to 1 for each of all terminals participating in the community except for the own terminal; and ,
Each of the other terminals receives the message transmitted in step 1, and each of the terminals uses the message processing module to extract the share and the transfer count, and passes them to the control module. The control module refers to the transfer count. If it is set to 1, a message including the share of application data included in the message and the number of transfers set to 0 is generated, and all terminals except the source terminal of the message and its own terminal The application data share is stored in the database module of the terminal,
The control module of each terminal that has received the message transferred in step 2 refers to the transfer count as in step 2 and is set to 0, so that the transfer ends, and when each terminal ends the transfer of the message. In addition to restoring the original application data using the SSS decryption module and passing it to the application, the shares obtained by each terminal excluding the message source terminal (the total number of terminals participating in the community minus 1) are used. Step 3 of sending back the encrypted data obtained by encrypting the application data using the common key encryption / decryption module using a common key shared with the source terminal to the source terminal;
The source terminal in step 1 receives encrypted data encrypted in step 3 from all other terminals using a common key that is uniquely shared between the source terminal and each terminal. And comparing the application data obtained by decrypting the encrypted data with the corresponding common key and the application data stored in the database module, and confirming whether or not they match. A computer program for causing a computer to execute a method for reliably confirming connection connections between all other terminals in a full mesh network. By establishing a full mesh connection with multiple external terminals connected to the network, a temporary community is formed, and authentication control is performed at the time of establishing a connection. A terminal sharing a key,
An application that generates application data and processes application data received from an external terminal;
A common key encryption / decryption module that encrypts / decrypts arbitrary data using a common key;
An SSS (Secret Sharing Schemes) distributed encoding module that performs distributed encoding of application data with a threshold (1 ≦ k ≦ n) of (k, n) and generates n shares that are partial information of the application data;
An SSS decoding module that restores original application data from a plurality of shares in which application data is distributed and encoded;
A hash value of application data, a share of application data received from other terminals, a common key uniquely shared with other terminals, and a terminal list including destination information of terminals participating in the community, A database module to manage,
A hash module that converts application data into a hash value;
A data comparison module that compares two hash values and determines whether they match,
Means for generating a message by assigning the specified destination information to the share of application data passed from another module, the number of transfers, and means for generating a message including a hash value encrypted with a common key; A message generation module having
A message processing module having means for extracting the share of application data, the number of transfers, and a hash value encrypted with a common key, included in a message received from another terminal;
Based on message destination information passed from the message generation module, means for transmitting a message to the destination, means for receiving a message from another terminal, and means for passing the received message to the message processing module A message sending and receiving module,
A request to store / retrieve the database module for a list of participants participating in the community, a hash value of application data, a common key shared among the participants, and a share in which application data is distributed and encoded. Means to do,
Means for requesting the SSS distributed encoding module to perform application encoding received from the application by SSS with the requested threshold value;
Means for requesting the message generation module to generate a message by setting the destination information to be specified and the number of transfers to the share of the application data received from the SSS distributed encoding module;
Means for requesting the SSS decryption module to restore the original application data from the acquired application data share;
Means for requesting data comparison module to compare application data stored in database module with application data restored using share of application data received from other terminal using SSS decryption module When,
Means for receiving, from the message processing module, a share of application data extracted from a message received from another terminal, the number of transfers, and an encrypted hash value;
Means for requesting the hash module to convert the application data restored using the SSS decryption module into a hash value;
As a communication terminal, comprising a control module comprising a means for requesting a common key cryptosystem encryption / decryption module to encrypt or decrypt any data with a common key A computer program that causes a computer to function. When a terminal which is a communication terminal according to claim 4 transmits application data to all terminals participating in the community except for its own terminal,
The hash value of application data is stored in the database module using the hash module, and ((total number of terminals participating in the community −1)) ((all terminals participating in the community)) is stored in the distributed encoding module. The share of the application data (total number of terminals participating in the community minus 1) obtained by distributed encoding with the threshold of (number-1)) is 1 for each of all terminals participating in the community except for the own terminal. In order to send a message including each share, a message including the share, destination information of the terminal to which the share is transmitted, and the number of transfers set to 1 is sent to all the terminals participating in the community except for the own terminal. Step 1 to generate and send for each,
Each of the other terminals receives the message transmitted in step 1, and each of the terminals uses the message processing module to extract the share and the transfer count, and passes them to the control module. The control module refers to the transfer count. If it is set to 1, a message including the share of the application data included in the message and the number of transfers set to 0 is generated, and the message is transmitted to all terminals except the source terminal and the own terminal. And sending the obtained share to the database module of its own terminal, and
The control module of each terminal that has received the message transferred in step 2 refers to the number of transfers as in step 2 and is set to 0, so that the transfer is completed and the message transfer of all terminals is completed. Thereafter, the original application data is restored to the application by using the SSS decryption module for the shares of (the total number of terminals participating in the community −1) obtained by each terminal except the message source terminal. And the application data is converted into a hash value by the hash module, and the encrypted hash value encrypted by the common key encryption / decryption module using the common key shared with the source terminal is obtained. , Step 3 sent back to the originating terminal,
The source terminal receives the encrypted hash value encrypted in step 3 using a common key that is uniquely shared between the source terminal and each terminal from all terminals except the source terminal in step 1 Step 4 for decrypting each received encrypted hash value with a corresponding common key, comparing the obtained hash value with the hash value stored in the database module, and confirming whether or not they match. A computer program for causing a computer to execute a method for surely confirming connection connections between all other terminals in a full mesh network.

Images