JP2006238200A - Mechanism for generating session key - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a mechanism for generating a session key in which communication stability is ensured and security is improved by synchronizing deviation of session key generation parameters between communication terminals. <P>SOLUTION: When plain text transmission data are input to an error-detecting code inserting means 3, the error-detecting code inserting means 3 detects an error-detecting code from the plain text transmission data and inserts the error-detecting code into the plain text transmission data. A unidirectional hash computing means 2 acquires a session key generation parameter from a terminal information acquiring means 2 and generates a session key by multiplying a unidirectional hash function by a binary stream resulting from linking the session key generation parameter and a common key. A concealment means 4 conceals the plain text transmission data in which the error-detecting code is inserted, with this session key and outputs the concealed transmission data to a transmission means. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a session key generation mechanism used for secret communication between communication terminals, and more particularly to a session key generation mechanism for performing secret communication within a group composed of a plurality of communication terminals.

Conventionally, as a session key generation mechanism used for secret communication between communication terminals, a one-way hash for a combination of the session key generation parameter and the common key is obtained by processing the date / time information as a session key generation parameter. A configuration is known in which a session key is generated by multiplying a function (see, for example, Patent Document 1). FIG. 8 is a block diagram showing a schematic configuration of a conventional session key generation mechanism that is substantially the same as that of Patent Document 1. In FIG. In the session key generation mechanism shown in FIG. 8, the hash processing unit 20 includes information in which the accuracy of date and time information is roughly summarized by the session identification information generation unit 21, a shared key, and a counter value combined by the counting unit 22. Based on the above, the session strength is generated by the key strength determination means 23. According to such a session key generation mechanism, a session key can be generated without performing communication for sharing a session key between communication terminals, so that communication costs can be reduced.
JP 2002-290391 A

  However, the conventional session key generation mechanism as shown in FIG. 8 has a problem that the session key cannot be decrypted when the date / time information shifts between the communication terminals. Therefore, as a method of dealing with the date / time information shift between the communication terminals, it is conceivable to make the accuracy of the date / time information more general. For example, if the accuracy of the date / time information is changed from minutes to weeks, the probability that the date / time information shifts between the communication terminals will be reduced. However, if the accuracy of the date and time information is roughly set in this way, the same session key will be used for a long time, and as a result, the attacker is likely to succeed in decryption. Will fall.

  In the conventional session key generation mechanism as shown in FIG. 8, only the date / time information is considered as session identification information in the session key generation parameter. Therefore, when performing secret communication with the same common key among three or more communication terminals, if two or more secret communication sessions are established at the same time, the secret communication is performed using the same session key. Will do. In such a case, the attacker can obtain the concealed information using a larger number of the same session keys, and as a result, the security of the session key is lowered.

  The present invention has been made in view of the above points, and provides a highly secure session key generation mechanism while ensuring the stability of communication by synchronizing the deviation of session key generation parameters between communication terminals. For the purpose.

  The session key generation mechanism of the present invention is a session key generation mechanism that realizes a secret communication between communication terminals, a terminal information acquisition unit that extracts a session key generation parameter from information held by a communication terminal, a common key, and the terminal A one-way hash calculation unit that generates a session key by performing a one-way hash calculation on the session key generation parameter extracted by the information acquisition unit, and an error detection code is inserted by inserting an error detection code into plaintext transmission data Error detection code insertion means for outputting plaintext transmission data, concealment means for concealing plaintext transmission data with error detection code using a session key, and decoding means for decoding plain reception data and outputting plaintext reception data with error detection code Error in the plaintext received data is detected from the error detection code of the plaintext received data with the error detection code. An error detection means for outputting the data, and employs a configuration that includes a synchronization means for correcting the session key generation parameter from the detection result. With such a configuration, it is possible to conceal communication contents between two communication terminals at a high level.

  According to the session key generation mechanism of the present invention, the session key is generated based on information that can be acquired from the local communication terminal and information that is necessary for normal communication that is not concealed. There is no communication cost. As a result, a session key that is safer than before can be generated without communication cost, and higher communication stability can be ensured. In addition, the calculation is configured by several times of rearrangement and combination of binary strings and one-time one-way hash, so that the calculation cost for generating the session key can be reduced. Further, even when communication occurs at the same time, the session key can be made different depending on who communicated with whom, so that the security of the key is not lowered. In addition, special hardware such as GPS is not required to synchronize the time, and communication can be performed even if the time is shifted by several minutes.

  That is, according to the session key generation mechanism of the present invention, it is possible to generate a session key that is safer than that of the conventional technique without any communication cost, and it is possible to ensure higher communication stability than that of the conventional technique. Therefore, it is possible to conceal a voice call using a mobile communication terminal having a narrow communication band and a low calculation capability. Furthermore, according to the session key generation mechanism of the present invention, since it is not necessary to change the existing protocol, the secret communication can be easily performed even in the existing communication terminal. As a result, it is possible to provide a secure session key generation mechanism that does not require communication for session key sharing between communication terminals and has high communication stability in a secret communication system between communication terminals using common key cryptography. Become.

<< Summary of Invention >>
The session key generation mechanism of the present invention uses, as parameters for session key generation, secret key information shared within a communication terminal group, terminal awareness information uniquely conscious of communication terminals, and the same value among all communication terminals. Uses the same value information between terminals and session information that is the same and changes between sessions between the two parties communicating, and multiplies the combined information by a one-way hash function to obtain the session key. Generate. In addition, as a parameter for generating a session key, the communication station's own station number, partner number, group shared key, and time information are used. Furthermore, the time is synchronized by finely adjusting the time until the decoding is successful when a decoding error is detected. As a result, a highly confidential session key can be generated without incurring communication costs.

  Hereinafter, some embodiments of a session key generation mechanism according to the present invention will be described in detail with reference to the drawings. In the drawings used in the embodiments, the same components are denoted by the same reference numerals, and redundant description is omitted as much as possible.

Embodiment 1
FIG. 1 is a block diagram showing a schematic configuration of a session key generation mechanism according to Embodiment 1 of the present invention. The session key generation mechanism according to Embodiment 1 shown in FIG. 1 generates a session key using terminal information acquisition means 1 that extracts a session key generation parameter from information held by a communication terminal, and a common key and a session key generation parameter. Directional hash calculation means 2, error detection code insertion means 3 that inserts an error detection code into plaintext transmission data and outputs plaintext transmission data with an error detection code, and plaintext transmission data with an error detection code is concealed with a session key The encryption means 4 for decoding, the decoding means 5 for decoding the confidential reception data and outputting the plaintext reception data including the error detection code, and detecting the error of the plaintext reception data from the error detection code of the plaintext reception data including the error detection code And error detection means 6 for outputting the detection result and the plaintext received data, and the same for correcting the session key generation parameter from the detection result. Has a configuration in which a unit 7.

  Next, the function of each component of the session key generation mechanism in Embodiment 1 shown in FIG. 1 will be described. The terminal information acquisition unit 1 uses, as session key generation parameters, first information a that uniquely identifies the calling terminal, second information b that uniquely identifies the called terminal, and two terminals that perform communication. The third information c that is the same and changes for each session is extracted, and the first information a, the second information b, and the third information c, which are respectively connected in the order of binary strings, are obtained as session key generation parameters. And The first information a and the third information c are obtained from the storage device or built-in hardware of the communication terminal, and the second information b is information obtained from the counterpart terminal when the session is established. Communication for acquiring the second information b and the third information c is not performed.

  The one-way hash calculation means 2 performs a one-way hash calculation on the concatenated session key generation parameter and the common key k as a binary string to generate a session key.

  The error detection code inserting means 3 calculates an error detection code from the plaintext transmission data to be concealed, and uses the error detection code inserted into the plaintext transmission data as plaintext transmission data with the error detection code.

  The concealment unit 4 conceals the plaintext transmission data with the error detection code based on the common key encryption with the session key generated by the session key generation parameter acquired from the terminal information acquisition unit 1 and the common key, and the confidential transmission data Is output.

  Based on the common key encryption, the decrypting means 5 decrypts the received confidential reception data with the session key generated by the session key generation parameter corrected by the synchronizing means 7 and the common key, and receives plaintext with an error detection code. Output data.

  The error detection means 6 evaluates the validity of the plaintext received data. The error detection means 6 extracts an error detection code from the plaintext reception data including the error detection code, compares the error detection code with the error detection code calculated from the plaintext reception data, and if both are the same, the decoding is successful. If they are different, a decoding failure is output to the synchronization means 7, respectively. At this time, if the decoding is successful, plaintext received data obtained by removing the error detection code from the plaintext received data with the detection code is output.

  It should be noted that when there is a deviation in the value of the third information c (that is, the third information c that is the same between the two terminals that perform communication and changes for each session) between the communication terminals that have established a session, the information is concealed. Because there is a difference between the session key used for decryption and the session key used for decryption, decryption fails. The synchronization means 7 ensures the stability of communication by correcting the session key generation parameter. When the error detection result output from the error detection unit 6 is successful in decoding, the synchronization unit 7 adds the correction value o to the third information c and outputs a session key generation parameter. The unit of the correction value o is the same as the unit of the third information c, and its initial value is 0. If the detection result is a decoding failure, if the correction value o is 0, the minimum unit is substituted for the correction value o. If the correction value o is positive, the sign of the correction value o is negative, and if the correction value o is negative. For example, the sign of the correction value o is made positive and the minimum unit is added.

  For example, when the third information c and the correction value o are integers, the correction value o is set to o = 0, 1, −1, 2, −2, 3, −3. To change. When the deviation of the third information c between the communication terminals is −2, when the decryption is performed with the session key generated using the session key generation parameter corrected by o = −2, the error detection means 6 subsequently succeeds in decryption. Since it is output, the correction value o becomes o = −2, and the value is fixed.

  Next, the operation at the time of concealment using the session key generation mechanism in Embodiment 1 shown in FIG. 1 is demonstrated using a flowchart. FIG. 2 is a flowchart showing an operation at the time of concealment in the session key generation mechanism shown in FIG. Therefore, the flow of the flowchart will be described with reference to FIGS. First, when plaintext transmission data is input to the error detection code insertion means 3 (step S1), the error detection code insertion means 3 calculates an error detection code from the plaintext transmission data (step S2), It inserts into plaintext transmission data (step S3).

  Further, the one-way hash calculation unit 2 acquires a session key generation parameter from the terminal information acquisition unit 1, and applies a session key generation parameter and a common key concatenated as a binary string to the one-way hash function. Generate a key. That is, if the one-way hash function is represented by f and the concatenation of binary strings is represented by &, the session key s is generated by s = f (a & b & c & k) (step S4). However, a is 1st information, b is 2nd information, c is 3rd information, k is a common key. The plaintext transmission data including the error detection code is concealed with the session key s (step S5), and the confidential transmission data is output to the transmission means (step S6).

  Next, an operation at the time of decryption using the session key generation mechanism in Embodiment 1 shown in FIG. 1 will be described. FIG. 3 is a flowchart showing an operation at the time of decryption in the session key generation mechanism shown in FIG. In FIG. 3, first, the correction value o is initialized to 0 (step S11). When the secret reception data is input from the receiving unit to the decoding unit 5 (step S12), the one-way hash calculation unit 2 includes the third information c to which the correction value o is added by the synchronization unit 7. The session key generation parameter concatenated as a binary string is multiplied by a one-way hash function to generate a session key. That is, if the one-way hash function is represented by f and the concatenation of binary strings is represented by &, the session key s is generated by s = f (a & b & (c + o) & k) (step S13). However, a is 1st information, b is 2nd information, c is 3rd information, o is a correction value, k is a common key.

  Then, the decryption means 5 decrypts the secret reception data with the session key s (step S14), and outputs the plaintext reception data with the error detection code to the error detection means 6 to check whether the plaintext reception data is valid. (Step S15). When the plaintext received data is valid (in the case of OK in step S15), the error detection code is removed from the plaintext received data with the error detection code as having been successfully decoded, and the plaintext received data is received from the error detecting means 6. Output (step S16).

  On the other hand, if a difference occurs in the value of the third information c between the communication terminals that have established a session in step S15, a difference occurs between the session key used for concealment and the session key used for decryption. Therefore, if the plaintext received data is not valid (NG in step S15), decryption fails and the plaintext received data becomes invalid data, and the third information c is synchronized between communication terminals that have established a session. For this purpose, a process for changing the correction value o is performed. That is, it is determined whether or not the correction value o is 0 (step S17).

  If the correction value o is 0 (YES in step S17), 1 is substituted for the correction value o (step S18), and the process returns to step S13 again to generate a session key (step S13). The secret reception data is decrypted with the regenerated session key s (step S14). At this point, if the correction value o = 1 and the synchronization of the third information c is successful, the plaintext received data is successfully decoded by the validity check (in the case of OK in step S15), and the plaintext received data with the error detection code is included. The error detection code is removed from the data and plaintext received data is output (step S16).

  On the other hand, when decoding fails in step S15 (in the case of NG in step S15), the process of changing the correction value o is performed again. Here, since the correction value o = 1, the correction value o is not 0 (in the case of NO in step S17), it is determined whether or not the correction value o is negative (step S19), and the correction value o. Is not negative (in the case of NO in step S19), the sign of the correction value o is inverted to o = −o (step S20), and the process returns to step S13 again to generate a session key (step S13). If decoding fails even when o = −o, the correction value o is negative as a result of determining whether or not the correction value o is negative in step S19 (in the case of YES in step S19). The sign of the value o is inverted and 1 is added to -o (step S21), the correction value o = 2 is set, and the process returns to step S13.

  FIG. 4 is a flowchart showing a modification of the operation at the time of decryption using the session key generation mechanism shown in FIG. That is, the decryption operation using the session key generation mechanism according to the first embodiment shown in FIG. 1 may be performed as shown in the modified example of FIG. In the flowchart of FIG. 4, the same steps as those in the flowchart of FIG. 3 are given the same step numbers. Therefore, in the flowchart of FIG. 4, description of the same steps as those of the flowchart of FIG. 3 is omitted, and only different steps are described. That is, steps S12 to S21 in the flowchart in FIG. 4 are the same as those in the flowchart in FIG.

  In the decoding operation shown in the flowchart of FIG. 3, the correction value o is changed until one succeeds in the confidential reception data, and decoding is attempted. In the decoding operation shown in the flowchart of FIG. The decryption process is performed only once on the input of the secret reception data (step S12). If the decryption fails, the correction value o is changed (step S21), and then the fixed data is output (step S22). ).

  That is, in the decoding operation of the flowchart shown in FIG. 4, one piece of secret received data is decoded only once, and fixed data is output while changing the value of the correction value o until the decoding is successful. In other words, when the value of the third information c is corrected by the value of the correction value o and a correct session key can be generated, plaintext reception data is output. As described above, in the decoding operation shown in FIG. 3, since decoding is attempted until one secret reception data is successful, the calculation cost is higher and the real-time property is lower than the decoding operation shown in FIG. It is effective when lack of data such as sentences and programs is not allowed. On the other hand, in the decoding operation shown in FIG. 4, one piece of confidential received data is tried to be decoded only once, and when decoding fails, fixed data is output. That is, the decoding operation shown in FIG. 4 is effective when the real-time property is given priority over the completeness of data such as a voice call because the calculation cost is low and the real-time property is high.

  According to the session key generation mechanism in the first embodiment, the correction value o is set to the correction value o such that o = 1, −1, 2, −2, 3, −3... Until the decryption is successful. Even when a change occurs in the value of the third information c between the communication terminals that have changed and established the session, communication can be performed while correcting the value of the third information c.

<< Embodiment 2 >>
Next, the session key generation mechanism according to Embodiment 2 of the present invention will be described. The session key generation mechanism according to the second embodiment will be described with respect to an embodiment in which concealment is performed for a voice call in VoIP (Voice over Internet Protocol) such as an Internet telephone. In VoIP applied by the session key generation mechanism of the second embodiment, UDP (User Datagram Protocol) is used as a transport layer protocol, and RFC (Request For Comments) of IETF (Internet Engineering Task Force) recommendation as a session layer protocol. RTP (Real-time Transport Protocol) conforming to 3261 is used. As an audio data format to be transmitted / received over RTP, G.I. A sampling frequency of 8Khz conforming to 711, a quantization bit number of 8 bits, and a data frame length of 160 bytes are used. Further, SIP (Session Initiation Protocol) compliant with RFC 1889 of IETF recommendation is used for call control. Further, an ECB (Electric Code Book) mode of AES (Advanced Encryption Standard) 128 recommended by NIST (National Institute of Technology) is used as a common key encryption used for concealment and decryption.

  FIG. 5 is a schematic data flow diagram of the session key generation mechanism applied to the second embodiment of the present invention. As shown in FIG. 5, the session key generation mechanism according to the second embodiment includes precision rounding means 11 for rounding up the date / time / minute / second information acquired from the real-time clock to the date / time information (hereinafter referred to as rounding). SHA (Secure Hash Algorithm) 1-way hash calculation to generate 128-bit session key from common key, date / time information, own station URI (Uniform Resource Identifier) that uniquely specifies communication terminal, and partner URI Means 12, a 16-bit CRC (Cyclic Redundancy Check) insertion means 13 for inserting an error detection code into 160-byte plaintext data, and a 160-byte plaintext data frame into which the 16-bit CRC insertion means 13 is inserted as a session key AES128 concealment means 14 for concealment and plain speech data containing 16-bit CRC by decrypting the concealed speech data AES128 decoding means 15 for outputting, CRC error detecting means 16 for detecting plaintext voice data errors from plaintext voice data containing 16-bit CRC, and outputting detection results and plaintext voice data, and correcting the date and time information from the detection results. The time synchronization means 17 is provided.

  Next, the function of each component of the session key generation mechanism in Embodiment 2 shown in FIG. 5 will be described. In the session key generation mechanism according to the second embodiment, the local URI is used on the calling side and the partner URI is used on the called side as information for uniquely identifying the calling terminal. As information for uniquely identifying the called terminal, the local URI is used on the called side and the partner URI is used on the calling side. In addition, time information of a built-in real-time clock is used as information that is the same between two terminals that perform communication and changes for each session.

  The SHA1 one-way hash calculation means 12 concatenates the calling URI, the incoming call URI, the date / time information, and the common key as a binary string, performs the SHA1 one-way hash calculation, and obtains a 160-bit hash value. . This hash value is truncated to 128 bits to generate a session key.

  The time synchronization unit 17 outputs the date and time information obtained by adding the correction value o in units of minutes to the date and time information from the precision rounding unit 11 to the SHA1 one-way hash calculation unit 12. Further, when the detection result from the CRC error detection means 16 is a decoding failure, the value of the correction value o changes as o = 0, 1, -1, 2, -2, 3, and -3 every time the decoding fails. And attempt to synchronize date and time information between communication terminals.

  Next, the flow of operation at the time of concealment in Embodiment 2 of the present invention will be described. FIG. 6 is a data flow diagram at the time of concealment in the second embodiment of the present invention. As shown in FIG. 6, the plaintext audio data output from the speech encoder is transmitted after being divided every 160 bytes. Zero is set in the 10th and 80th bytes of the plaintext audio data, and this is stored in the memory as temporary audio data (step S31). Then, a 16-bit CRC is calculated for the temporary audio data (step S32), and the upper 8 bits of the calculation result are set to the 10th byte of the temporary audio data and the lower 8 bits are set to the 80th byte of the temporary audio data ( In step S33), this is regarded as voice data with CRC. Next, the CRC-containing voice data is concealed with the session key using the AES128 concealing unit 14, and the secret voice data is output to the RTP protocol stack (step S34).

In the second embodiment, the CRC value is inserted at a fixed position of the audio data. However, the resistance to decryption can be further improved by changing the insertion position with the common key. For example, if the common key k, CRC upper 8 bit insertion position i, CRC lower 8 bit insertion position j,
i = k mod 160
j = (k + 80) mod 160
The insertion position may be determined as follows.

  Next, the flow of operation at the time of decoding in Embodiment 2 of the present invention will be described. FIG. 7 is a data flow diagram at the time of decoding in Embodiment 2 of the present invention. As shown in FIG. 7, the AES128 decrypting means 15 decrypts the secret voice data received from the RTP protocol stack with the session key, and stores it in the memory as CRC-added voice data (step S41). Next, the CRC audio data with zero set at the 10th and 80th bytes is stored in the memory as plain text audio data (step S42).

  Further, a 16-bit CRC is calculated for the plaintext audio data in the previous stage (step S43). Also, a CRC value is extracted from the 10th and 80th bytes of the voice data with CRC (step S44). Then, the CRC value calculated in step S43 is compared with the CRC value extracted from the speech data with CRC in step S44, and the comparison result is output to the time synchronization means (step S45). Here, if both CRC values match in the comparison result, decoding is successful, and if both CRC values do not match, decoding fails. Then, the switching means outputs the plaintext voice data stored in step S42 to the voice decoder if the comparison result is successful decoding, and outputs the silence data to the voice decoder if the decoding fails (step S46).

<Summary>
The session key generation mechanism of the first embodiment and the second embodiment described above can be effectively used for the intra-group secret communication in the mobile phone system. In other words, the current mobile phone system is also concealed, but these do not guarantee the concealment between the mobile terminals. In order to guarantee this, it is necessary to add a concealment device using secret information shared between portable terminals. However, if the same secret information is used every time it is concealed, there is a high risk of being deciphered. Therefore, it is necessary to conceal using a session key for each communication from the secret information. However, the conventional method of concealment has a concern that a communication cost and a calculation cost are high for generating and sharing a session key, and that safety and stability are lacking.

  However, the session key generation mechanism of the present invention does not require communication costs for generating and sharing session keys, and the calculation cost is extremely low. Also, communication stability is ensured by synchronizing information by detecting a decoding error. In other words, since no communication is required to realize the session key generation mechanism of the present invention, the concealment function can be realized without modifying the existing communication protocol. In addition, since the session key generation mechanism of the present invention does not cause key exchange or encryption parameter communication, it is difficult for a communication observer to determine whether or not confidential communication is being performed. The communication security is extremely high.

  The superordinate concept in the session key generation mechanism of the present invention is that the session key is secretly shared by the group, the information uniquely identifying the own communication terminal, and the same for each session between the two communicating parties. It is generated by applying a one-way hash function to the combination of “changing information”. Since all of this information can be acquired locally at the terminal, communication for acquiring the information is not necessary. Also, the calculation cost of the one-way hash function is lower than that of the power operation. Note that “information that is the same between two communicating parties and changes for each session”, such as time, may vary between communication terminals. In that case, a difference occurs in the session key used between the communication terminals, and communication becomes impossible. Therefore, when consecutive decoding errors exceeding a certain threshold are detected, the called side adjusts the time until the decoding error does not occur so as to match the time of the calling side. Thereby, it is possible to recover from a communication failure due to an information shift and to secure the stability of communication.

  Since the session key generation mechanism of the present invention does not require any change to the existing protocol, it can be used for an existing communication terminal and can generate a secure session key without communication cost, and Since high communication stability can be ensured, it can be effectively used for concealing a voice call in a mobile communication terminal having a narrow communication band and low calculation capability.

The block diagram which shows schematic structure of the session key generation mechanism which concerns on Embodiment 1 of this invention. The flowchart which shows the operation | movement at the time of concealment in the session key generation mechanism shown in FIG. The flowchart which shows the operation | movement at the time of the decoding in the session key generation mechanism shown in FIG. The flowchart which shows the modification of the operation | movement at the time of the decoding using the session key generation mechanism shown in FIG. Schematic data flow diagram of session key generation mechanism applied to Embodiment 2 of the present invention Data flow diagram at the time of concealment in Embodiment 2 of the present invention Data flow diagram at the time of decoding in Embodiment 2 of the present invention Block diagram showing schematic configuration of conventional session key generation mechanism

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Terminal information acquisition means 2 Unidirectional hash calculation means 3 Error detection code insertion means 4 Concealment means 5 Decoding means 6 Error detection means 7 Synchronization means 11 Precision rounding means 12 SHA1 One-way hash calculation means 13 16-bit CRC insertion means 14 AES128 concealment means 15 AES128 decryption means 16 CRC error detection means 17 Time synchronization means

Claims (4)

A session key generation mechanism for realizing secret communication between communication terminals,
Terminal information acquisition means for extracting session key generation parameters from information held by the communication terminal;
One-way hash calculation means for generating a session key by performing a one-way hash calculation on the common key and the session key generation parameter extracted by the terminal information acquisition means;
Error detection code insertion means for inserting an error detection code into plaintext transmission data and outputting plaintext transmission data with an error detection code;
Concealment means for concealing the plaintext transmission data containing the error detection code with the session key;
Decoding means for decoding the secret reception data and outputting plaintext reception data with an error detection code;
Error detection means for detecting an error in plaintext received data from an error detection code of the plaintext received data with the error detection code, and outputting a detection result and the plaintext received data;
Synchronization means for correcting the session key generation parameter from the detection result;
A session key generation mechanism comprising: The session key generation parameter is:
First information for uniquely identifying the calling terminal;
Second information for uniquely identifying the called terminal;
Third information that is the same between two communication terminals that perform communication and changes for each session;
The session key generation mechanism according to claim 1, wherein:   3. The third information is corrected according to claim 2, wherein the third information is corrected based on an error determination result in the error detection means even if a deviation occurs between the two communication terminals in the third information. Session key generation mechanism.   The session key generation mechanism according to any one of claims 1 to 3, wherein the session key generation parameter is acquired using only information in the communication terminal.

Images