JP2013081028A - Communication system, communication device, encryption communication method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To transmit and receive securely encrypted information while securing security using less communication data under limited resources in the case one-way communication is performed respectively between a radio terminal and a base station device.SOLUTION: A radio terminal 10 generates secret information from a random number exchanged with a base station device 20, generates a terminal authenticator from the generated secret information to transmit the terminal authenticator to the base station device 20. The base station device 20 authenticates the received terminal authenticator. The radio terminal 10 generates uplink security initialization information from the secret information generated at the time of authentication, and encrypts user data to be transmitted with the use of a counter generated from the uplink security initialization information and key information. The counter is updated whenever user data is transmitted. The base station device 20 generates uplink security initialization information by use of the exchanged random number in the same way as the radio terminal 10 does, and decrypts the encrypted user data received from the radio terminal 10 with the use of a counter generated from the uplink security initialization information.

Description

  The present invention relates to a communication system, a communication device, an encrypted communication method, and a program.

  There has been proposed a network in which various information is wirelessly transmitted from an infinite number of wireless terminals, and the wireless is received and collected by a plurality of base stations. In such a network, a control signal may be transmitted to each wireless terminal according to the collected information. For example, wireless terminals are installed in devices such as various types of sensors and home appliances, and each wireless terminal transmits information representing the status and state of each device.

  The amount of information transmitted from these wireless terminals is very small. Also, the frequency with which information is transmitted is very low. In order to reduce the cost, the above network is not constructed using a broadband communication network, and is generally constructed using a narrowband communication network that facilitates cost reduction. For example, a maximum 9600 bps (Bits Per Second) communication band per wireless channel is divided at regular intervals and shared by tens of thousands of wireless terminals using a half-duplex communication method. In order to reduce costs, the wireless terminal is configured with the above-described network using a device having poor data storage capability (memory capacity, whether or not volatile, battery life, etc.), key update capability, and arithmetic processing capability.

  On the other hand, an encryption function or the like is necessary to protect information collected in such a network. As an encryption method for a wireless system, for example, there is a method using CCMP (counter mode with cipher block chaining / message authentication code protocol) in Non-Patent Document 1.

Takeshi Hattori and Masanobu Fujioka, “Wireless Broadband Textbook Revised Edition (High Speed IP Wireless)”, Impress R & D, 2008, p. 339

In the network constructed as described above, the number of accommodated wireless terminals is very large. Therefore, a slight increase / decrease in the amount of data transmitted by one wireless terminal becomes a very big problem in the entire network composed of a plurality of terminals.
Since the above network is premised on one-way communication from a wireless terminal to a base station or from a base station to a wireless terminal, it uses multiple transmission / reception data as in bidirectional communication. It is difficult to configure security functions.
In one-way communication, it is possible to perform independent encrypted communication by applying CCMP, but it is necessary to add counter information of sufficient length to transmission information in order to maintain sufficient security strength. The transmission data band is compressed by the additional information.
In general, when a security function using a plurality of times of transmission / reception data is configured, the computation processing capacity of the terminal is consumed for encryption and decryption processing, and the memory capacity and data processing speed of the wireless terminal are reduced. Causes a drop. Furthermore, in order to update the key in order to ensure security, it is necessary to secure a secure area for key updating and a processing function. As described above, if each terminal capability is enhanced in order to secure a data area for security, the cost increases.
Note that such a problem is not limited to the case where the communication terminal performs wireless communication, but may also occur in wired communication.

  In view of the above circumstances, the present invention provides a communication system, a communication device, and a communication device that can safely transmit and receive information while ensuring security with less communication data under limited resources in one-way communication. It is an object to provide an encrypted communication method and program.

One aspect of the present invention is a communication system in which a first communication device and a second communication device communicate using first shared authentication information shared to generate authentication information, the first communication device Exchanges the first shared authentication information different for each authentication with the second communication device, generates transmission-side authentication information from the first shared authentication information, and transmits it to the second communication device And receiving side authentication information from the second communication device, authenticating the receiving side authentication information using the first shared authentication information, and a sending side storage unit storing a counter A counter is generated from the transmission side security initialization information generated by performing a predetermined calculation on the first shared authentication information, written to the transmission side storage unit, and data is transmitted to the second communication device. The counter in the transmission-side storage unit A new transmission-side counter generation unit, an encryption unit that encrypts the data to be transmitted to the second communication device by a predetermined encryption process using the counter in the transmission-side storage unit, and the encryption unit A data transmission unit that transmits the encrypted data to the second communication device, and the second communication device exchanges the first shared authentication information with the first communication device, While generating the receiving side authentication information from the first shared authentication information and transmitting it to the first communication device, receiving the transmitting side authentication information from the first communication device, and using the first shared authentication information A reception-side authentication control unit that authenticates the transmission-side authentication information; a reception-side storage unit that stores a counter; a reception processing unit that receives the encrypted data from the first communication device; and the reception-side authentication control Authentication succeeded in the department A counter is generated from the reception side security initialization information generated by performing the predetermined calculation on the first shared authentication information generated at the time, and the counter is written in the reception side storage unit. A reception-side counter generation unit that updates the counter in the reception-side storage unit each time the encrypted data is received, and the counter in the reception-side storage unit that receives the encrypted data received by the reception processing unit And a decryption unit that decrypts the decryption process corresponding to the predetermined encryption process.
For example, when the first communication device corresponds to the wireless terminal 10 of the embodiment and the second communication device corresponds to the base station device 20 of the embodiment, the transmission side authentication control unit stores the transmission side storage in the authentication control unit 104 of the wireless terminal 10. Are the storage unit 112 of the wireless terminal 10, the transmission side counter generation unit is the counter generation unit 111 of the wireless terminal 10, the encryption unit is the encryption unit 114 of the wireless terminal 10, and the data transmission unit is the communication of the wireless terminal 10. Unit 101, the reception-side authentication control unit is the authentication control unit 205 of the base station device 20, the reception-side storage unit is the storage unit 222 of the base station device 20, and the reception processing unit is the first communication unit 201 of the base station device 20. The reception-side counter generation unit corresponds to the counter generation unit 221 of the base station device 20, and the decoding unit corresponds to the decoding unit 225 of the base station device 20.
For example, when the first communication device corresponds to the base station device 20 of the embodiment and the second communication device corresponds to the wireless terminal 10 of the embodiment, the transmission-side authentication control unit communicates with the authentication control unit 205 of the base station device 20 on the transmission side. The storage unit is in the storage unit 252 of the base station device 20, the transmission side counter generation unit is in the counter generation unit 251 of the base station device 20, the encryption unit is in the encryption unit 254 of the base station device 20, and the data transmission unit is in the base station In the first communication unit 201 of the station apparatus 20, the reception-side authentication control unit is the authentication control unit 104 of the wireless terminal 10, the reception-side storage unit is in the storage unit 142 of the wireless terminal 10, and the reception processing unit is the communication of the wireless terminal 10. In the unit 101, the reception side counter generation unit corresponds to the counter generation unit 141 of the wireless terminal 10, and the decoding unit corresponds to the decoding unit 145 of the base station apparatus 20.

One aspect of the present invention is the communication system described above, wherein the first communication device further includes a sequence number assigning unit that assigns a sequence number to each data to be transmitted, and the transmission-side counter generation unit includes the first counter Each time data is transmitted to the two communication devices, the counter in the transmission-side storage unit is updated corresponding to the sequence number assigned to the data to be transmitted, and the data transmission unit is updated by the encryption unit. The sequence number attached to the data is added to the encrypted data, and the sequence number assigned to the data is transmitted to the second communication device, and the reception-side counter generator is connected to the encrypted data. Each time the encrypted data is received, the counter in the reception-side storage unit is added to the encrypted data received from the first communication device. Update in correspondence to the sequence number, and wherein the.
For example, when the first communication device corresponds to the wireless terminal 10 of the embodiment, the sequence number assigning unit corresponds to the security sequence number assigning unit 113 of the wireless terminal 10.
For example, when the first communication device corresponds to the base station device 20 of the embodiment, the sequence number assigning unit corresponds to the security sequence number assigning unit 253 of the base station device 20.

  One aspect of the present invention is the communication system described above, wherein the encryption unit divides the data to be transmitted to generate divided data, and the generated divided data is stored in the counter in the transmission-side storage unit. The transmission side counter generation unit updates the counter in the transmission side storage unit every time the encryption unit encrypts the division data, and the data transmission unit The encrypted data obtained by arranging the divided data encrypted by the encryption unit in the order of generation is transmitted to the second communication device, and the decryption unit receives the encrypted data received by the reception processing unit The data is divided to generate the encrypted divided data, the generated encrypted data is decrypted using the counter in the reception-side storage unit, and the reception-side counter generation unit is Each time the issue unit decodes the divided data the encrypted updating the counter of the reception-side storage unit, characterized in that.

One aspect of the present invention is the communication system described above, wherein the first communication device further includes a transmission-side key information storage unit that stores encryption key information, and the encryption unit is included in the transmission-side storage unit. Encryption is performed using the encryption key information in the counter and the transmission side key information storage unit, and the second communication device further includes a reception side key information storage unit that stores the encryption key information, and the decryption unit The decryption is performed using the counter in the receiving side storage unit and the encryption key information in the receiving side key information storage unit.
For example, when the first communication device corresponds to the wireless terminal 10 of the embodiment and the second communication device corresponds to the base station device 20 of the embodiment, the transmission side key information storage unit receives the key information storage unit 102b of the wireless terminal 10 The side key information storage unit corresponds to the key information table storage unit 203 c of the base station device 20.
For example, when the first communication device corresponds to the base station device 20 of the embodiment and the second communication device corresponds to the wireless terminal 10 of the embodiment, the transmission side key information storage unit is stored in the key information table storage unit 203c of the base station device 20. The receiving side key information storage unit corresponds to the key information storage unit 102b of the wireless terminal 10.

One aspect of the present invention is the communication system described above, wherein the second communication device communicates with a plurality of the first communication devices and generates the first shared authentication information. The first communication device further includes a transmission side shared authentication information generation unit that generates different second shared authentication information for each authentication, and the transmission side authentication control unit includes the first shared authentication information. And first identification that can identify all the first communication devices including the first communication device that exchanges the second shared authentication information with the second communication device and communicates with other second communication devices. Information and the first shared authentication information are generated and transmitted to the second communication device, and the first identification information, the first shared authentication information, and the second shared authentication information are transmitted. Authenticating the receiver authentication information using shared authentication information, and The communication-side authentication control unit exchanges the first shared authentication information and the second shared authentication information with the first communication device, the first identification information of the first communication device, and the first The receiving side authentication information is generated from the first shared authentication information and the second shared authentication information exchanged with the communication device, transmitted to the first communication device, and received from the first communication device. The transmission side authentication information is authenticated using the first identification information of the first communication device and the first shared authentication information exchanged with the first communication device, and the transmission side counter generation The unit generates a counter from the transmission side security initialization information generated by performing a predetermined calculation on the first identification information and the first shared authentication information, and the reception side counter generation unit The first communication device that is the transmission source of the converted data The predetermined calculation is performed on the first identification information and the first shared authentication information generated when the authentication of the transmission side authentication information received from the first communication device is successful in the reception side authentication control unit. And generating a counter from the receiving-side security initialization information generated by performing the above.
For example, the first communication device corresponds to the wireless terminal 10 of the embodiment, and the second communication device corresponds to the base station device 20 of the embodiment.

  One aspect of the present invention is the communication system described above, wherein the transmission-side authentication control unit further generates second-side authentication information using second identification information that is identification information of the second communication device. The second authentication information is further used to authenticate the reception-side authentication information, and the reception-side authentication control unit further generates the reception-side authentication information using the second identification information, and the second identification The transmission side authentication information is further authenticated using the information, and the transmission side counter generation unit further calculates a counter from the transmission side security initialization information generated by performing the predetermined calculation on the second identification information. And the receiving side counter generating unit further generates a counter from the receiving side security initialization information generated by performing the predetermined calculation on the second identification information. To.

  One aspect of the present invention is the communication system described above, wherein the transmission-side authentication information control unit further uses the third identification information assigned to the first communication device each time authentication is performed to obtain the transmission-side authentication information. And generating the receiving side authentication information further using the third identification information, the receiving side authentication control unit further generating the receiving side authentication information using the third identification information, and Further authenticating the transmission side authentication information using third identification information, the transmission side counter generating unit further generates the transmission side security initialization information generated by performing the predetermined calculation on the third identification information The reception-side counter generation unit further performs a predetermined operation on the third identification information assigned to the first communication device that is the transmission source of the encrypted data. Counter for generating from said receiving side security initialization information generated I, characterized in that.

One aspect of the present invention is the communication system described above, wherein the first communication device communicates with a plurality of the second communication devices and generates the first shared authentication information. The second communication device further includes a reception side shared authentication information generation unit that generates different second shared authentication information for each authentication, and the transmission side authentication control unit includes the first shared authentication information. And first identification that can identify all the second communication devices including the second communication device that exchanges the second shared authentication information with the second communication device and communicates with other first communication devices. Information and the first shared authentication information exchanged with the second communication device and the second shared authentication information are used to generate and transmit the transmission side authentication information to the second communication device, The receiving side authentication information received from the second communication device, The reception side authentication control unit authenticates the reception side authentication information using the first identification information of the second communication device and the first shared authentication information exchanged with the second communication device. Exchanges the first shared authentication information and the second shared authentication information with the first communication device, and from the first identification information and the first shared authentication information of the first communication device. Receive side authentication information is generated and transmitted to the first communication device, and received from the first communication device using the first identification information, the first shared authentication information, and the second shared authentication information. The transmission side authentication information is authenticated, and the transmission side counter generation unit is configured to exchange the first identification information of the second communication device, which is the transmission destination of the data, with the first communication device exchanged with the second communication device. Generated by performing a predetermined calculation on the authentication information and the second shared authentication information A counter corresponding to the second communication device is generated from the transmission-side security initialization information, and the encryption unit stores the data to be transmitted to the second communication device in the transmission-side storage unit. Encrypted by a predetermined encryption process using the counter of a two-communication device, the reception-side counter generation unit is generated when authentication is successful in the first identification information and the reception-side authentication control unit A counter is generated from the reception side security initialization information generated by performing the predetermined calculation on the first shared authentication information and the second shared authentication information.
For example, the first communication device corresponds to the base station device 20 of the embodiment, and the second communication device corresponds to the wireless terminal 10 of the embodiment.

  One aspect of the present invention is the communication system described above, wherein the transmission-side authentication control unit further generates second-side authentication information using second identification information that is identification information of the first communication device. The second authentication information is further used to authenticate the reception-side authentication information, and the reception-side authentication control unit further generates the reception-side authentication information using the second identification information, and the second identification The transmission side authentication information is further authenticated using the information, and the transmission side counter generation unit further performs the predetermined calculation on the second identification information from the transmission side security initialization information generated from the transmission side security initialization information. A counter corresponding to the second communication device, and the reception-side counter generation unit further generates a counter from the reception-side security initialization information generated by performing the predetermined calculation on the second identification information. Generating a pointer, characterized in that.

  One aspect of the present invention is the communication system described above, wherein the transmission-side authentication control unit generates the transmission-side authentication information by further using third identification information assigned to the second communication device each time authentication is performed. And further authenticating the receiving-side authentication information using the third identification information, and the receiving-side authentication control unit further generates the receiving-side authentication information using the third identification information, and The transmission side authentication information is further authenticated using three identification information, and the transmission side counter generation unit further performs the predetermined calculation on the third identification information from the transmission side security initialization information generated. A counter corresponding to the second communication device is generated, and the reception-side counter generation unit further performs the predetermined calculation on the third identification information, and the reception-side security initialization is generated Generating a counter from the broadcast, to characterized in that.

  One aspect of the present invention is the communication system described above, wherein the encryption unit performs encryption in a counter mode using the counter in the transmission-side storage unit, and the decryption unit is in the reception-side storage unit. The decoding is performed in the counter mode using the counter.

  One aspect of the present invention is the communication system described above, wherein one or both of the first shared authentication information and the second shared authentication information is generated based on a random number generated at each authentication. It is information.

  One aspect of the present invention is to exchange shared authentication information different for each authentication with another communication device, generate transmission-side authentication information from the shared authentication information, and transmit it to the other communication device. Receiving authentication information from the other communication device and authenticating the receiving authentication information using the shared authentication information; a storage unit storing a counter; and the other authentication information in the shared authentication information A counter is generated from the security initialization information generated by performing a predetermined calculation common to the communication device, written to the storage unit, and whenever the data is transmitted to the other communication device, the counter in the storage unit is The counter generation unit to be updated and the data to be transmitted to the other communication device are encrypted using an encryption process corresponding to the decryption process in the other communication device using the counter in the storage unit. A unit, by the encrypting unit is a communication apparatus characterized by comprising: a data transmitting unit that transmits the data encrypted to the other communication apparatus.

  One aspect of the present invention is to exchange shared authentication information different for each authentication with another communication device, generate reception-side authentication information from the shared authentication information, and transmit it to the other communication device. An authentication control unit that receives transmission-side authentication information from the other communication device and authenticates the transmission-side authentication information using the shared authentication information, a storage unit that stores a counter, and the encryption from the other communication device And a security initialization generated by performing a predetermined calculation common to the other device on the shared authentication information generated when authentication is successful in the authentication control unit. A counter generation unit that generates a counter from information and writes the counter to the storage unit, and the reception processing unit updates the counter in the previous storage unit each time the reception processing unit receives the encrypted data. And a decryption unit that decrypts the encrypted data received by the decryption process corresponding to the encryption process in the other communication device using the counter in the storage unit. .

  One aspect of the present invention is an encrypted communication method executed in a communication system in which a first communication device and a second communication device communicate using shared authentication information shared to generate authentication information, The first authentication device and the second communication device exchange the shared authentication information that is different for each authentication, and the first communication device exchanges in the shared authentication information exchange step. Generates transmission-side authentication information from shared authentication information and transmits it to the second communication device, receives reception-side authentication information from the second communication device, and authenticates the reception-side authentication information using the shared authentication information Transmitting-side authentication control step, and the second communication device generates receiving-side authentication information from the shared authentication information exchanged in the shared authentication information exchanging step to the first communication device. A receiving side authentication control step of receiving the transmitting side authentication information from the first communication device and authenticating the transmitting side authentication information using the shared authentication information; and Transmission-side counter generation that generates a counter from the transmission-side security initialization information generated by performing a predetermined operation on the shared authentication information exchanged in the authentication information exchange step and writes the counter to the transmission-side storage unit included in the first communication device A transmission-side counter update step for updating the counter in the transmission-side storage unit each time data is transmitted to the second communication device; and the data to be transmitted to the second communication device in the transmission-side storage unit An encryption step for encrypting by a predetermined encryption process using the counter, and the data encrypted in the encryption step. In the data transmission step, the second communication device receives the encrypted data from the first communication device, and the reception-side authentication control step. Generating a counter from the reception side security initialization information generated by performing the predetermined operation on the shared authentication information generated at the time, and generating the reception side counter to be written in the reception side storage unit included in the second communication device A reception side counter update step for updating the counter in the reception side storage unit each time the encrypted data received in the reception step is received, and the encrypted data received in the reception step Data is decrypted by a decryption process corresponding to the predetermined encryption process using the counter in the reception-side storage unit And a decrypting step.

  One aspect of the present invention is an encrypted communication method executed in a communication device, in which shared authentication information that is different for each authentication is exchanged with another communication device, and the authentication information is transmitted from the shared authentication information. Generating and transmitting to the other communication device, receiving the receiving side authentication information from the other communication device, and authenticating the receiving side authentication information using the shared authentication information; and the sharing A counter generation step of generating a counter from the security initialization information generated by performing a predetermined calculation common to the other communication device on the authentication information and writing it to the storage unit; and each time data is transmitted to the other communication device A counter updating step for updating the counter in the storage unit, and the data to be transmitted to the other communication device using the counter in the storage unit. And an encryption step for encrypting by an encryption process corresponding to the decryption process in the present invention, and a data transmission step for transmitting the data encrypted in the encryption step to the other communication device. This is an encrypted communication method.

  One aspect of the present invention is an encrypted communication method executed in a communication device, in which shared authentication information that is different for each authentication is exchanged with another communication device, and the reception side authentication information is obtained from the shared authentication information. Generating and transmitting to the other communication device, receiving the transmission side authentication information from the other communication device, and authenticating the transmission side authentication information using the shared authentication information; A reception step of receiving the encrypted data from the communication device of the communication device, and the common authentication information generated when the authentication is successful in the authentication control step by performing a predetermined operation common to the other device A counter generation step of generating a counter from the generated security initialization information and writing it to the storage unit, and every time the encrypted data is received from the other communication device, A counter updating step for updating the counter; and a decryption process for decrypting the encrypted data received in the receiving step by a decryption process corresponding to an encryption process in the other communication device, using the counter in the storage unit. And an encrypted communication method.

  According to an aspect of the present invention, a shared authentication information that is different for each authentication is exchanged with another communication device in a computer of the communication device, and sender authentication information is generated from the shared authentication information to generate the other communication. An authentication control procedure for receiving the receiving side authentication information from the other communication device and authenticating the receiving side authentication information using the shared authentication information, and sending the other authentication device to the shared authentication information A counter generation procedure for generating a counter from security initialization information generated by performing a predetermined calculation common to the memory and writing the counter to the storage unit, and the counter in the storage unit every time data is transmitted to the other communication device And a counter update procedure for updating the data, and an encryption process corresponding to a decryption process in the other communication apparatus using the counter in the storage unit to transmit the data to be transmitted to the other communication apparatus And encryption procedure more encryption, is a program for causing to execute a data transmission step of transmitting the encrypted the data to the other communication apparatus in the encryption procedure.

  According to an aspect of the present invention, a shared authentication information that is different for each authentication is exchanged with a computer of a communication device with another communication device, and reception-side authentication information is generated from the shared authentication information to generate the other communication. An authentication control procedure for transmitting to the device, receiving the sender authentication information from the other communication device, and authenticating the sender authentication information using the shared authentication information, and the encrypted from the other communication device. A reception procedure for receiving received data, and a counter from security initialization information generated by performing a predetermined calculation common to the other device on the shared authentication information generated when authentication is successful in the authentication control procedure. Generation procedure for generating and writing to the storage unit, and a counter update procedure for updating the counter in the previous storage unit each time the encrypted data is received from the other communication device A decrypting procedure for decrypting the encrypted data received in the receiving procedure by a decrypting process corresponding to an encrypting process in the other communication device using the counter in the storage unit. It is a program.

  According to the present invention, a communication device that performs one-way communication is used to generate authentication information, and a counter generated based on shared authentication information that is different for each authentication is used for encryption and decryption. Therefore, it is possible to safely encrypt and transmit information while ensuring security with less communication data under the available resources.

1 is a system configuration diagram illustrating a system configuration of a communication system 100. FIG. It is a figure which shows the data structure in each layer. 2 is a schematic block diagram illustrating a functional configuration of a wireless terminal 10. FIG. It is a block diagram showing the function structure of the transmission data generation part 105a shown in FIG. It is a block diagram showing the functional structure of the reception data acquisition part 105b shown in FIG. 2 is a schematic block diagram illustrating a functional configuration of a base station device 20. FIG. It is a block diagram showing the function structure of the 1st relay part 206a shown in FIG. It is a block diagram showing the function structure of the 2nd relay part 206b shown in FIG. It is a figure showing the outline of a terminal identification information table. It is a figure showing the outline of a key information table. 2 is a sequence diagram showing a sequence of mutual authentication processing in communication system 100. FIG. It is a sequence diagram showing the sequence of the uplink communication after mutual authentication is completed. It is a sequence diagram showing the sequence of the downstream communication after mutual authentication is completed. It is a figure which shows the production | generation of an authenticator and security initialization information. It is a figure which shows an upstream encryption process counter. It is a figure which shows the encryption process and decoding process of user data transmitted from the radio | wireless terminal. It is a figure which shows a downstream encryption process counter. It is a figure which shows the encryption process of a user data transmitted from the base station apparatus 20, and a decoding process. It is a figure which shows the example of the encryption process of counter mode. It is a figure which shows the example of the decoding process of counter mode. It is a figure which shows the production | generation process of the uplink message authentication code transmitted from the radio | wireless terminal. It is a figure which shows the production | generation process of the downlink message authentication code transmitted from the base station apparatus.

  FIG. 1 is a system configuration diagram illustrating a system configuration of the communication system 100. The communication system 100 includes a plurality of wireless terminals 10 (10-1-1, 10-1-2,..., 10-2-1, 10-2-2,...), A plurality of base station apparatuses 20. (20-1, 20-2,...), A terminal information management device 30, a location information management device 40, and a terminal device 50. The base station device 20, the terminal information management device 30, the location information management device 40, and the terminal devices 50 (50-1, 50-2,...) Are all connected to the network 60. The network 60 may be configured as a wired IP communication network, for example, or may be configured in another manner.

  Each of the plurality of wireless terminals 10 wirelessly communicates with the base station device 20 corresponding to its own device. The plurality of base station devices 20 wirelessly communicate with the plurality of wireless terminals 10 corresponding to the respective devices, and relay data between the devices connected to the network 60 (for example, the terminal device 50) and the wireless terminals 10. For example, the plurality of wireless terminals 10-1 (10-1-1, 10-1-2,...) And the base station device 20-1 perform wireless communication with each other, and the plurality of wireless terminals 10-2 (10 -2-1, 10-2-2, ...) and the base station apparatus 20-2 perform wireless communication with each other.

  Each wireless terminal 10 is provided with two pieces of identification information called MAC-ID (third identification information) and NET-ID (first identification information). The MAC-ID is identification information for uniquely identifying each wireless terminal 10 among a plurality of wireless terminals 10 with which the base station device 20 communicates wirelessly. That is, the MAC-ID is information on the second layer in the OSI reference model. Therefore, a duplicate MAC-ID is not assigned to the wireless terminal 10 with which one base station apparatus 20 communicates wirelessly. However, since the MAC-ID is dynamically assigned from the base station to the wireless terminal, the same MAC-ID is duplicated in different wireless terminals 10 between one base station apparatus 20 and another base station apparatus 20. May be assigned.

  The NET-ID is identification information for uniquely identifying all the wireless terminals 10 installed in the communication system 100. That is, the NET-ID is information on the third layer (layer 3) in the OSI reference model. Therefore, a duplicate NET-ID is not assigned to the wireless terminal 10 installed in the communication system 100.

In the communication system 100, communication data is transmitted using the NET-ID and the MAC-ID between the wireless terminal 10 and the base station apparatus 20 by transmitting the communication data using the MAC-ID without using the NET-ID. The amount of communication data is reduced compared to the case where is transmitted. Communication data is data transmitted and received between the wireless terminal 10 and the base station apparatus 20.
Hereinafter, details of the communication system 100 will be described.

FIG. 2 is a diagram illustrating a data structure in each layer when the radio terminal 10 and the base station apparatus 20 transmit user data.
User data generated by various applications in the application layer (seventh layer in the OSI reference model) is data transmitted from the wireless terminal 10 or data transmitted to the wireless terminal 10. In processing in the CNT (control) layer of layer 3 (third layer in the OSI reference model: hereinafter also referred to as “L3”), a security sequence number and an L3 header are added to user data, and the user data portion is After the encryption, a message authentication code (MAC) is generated based on the encrypted user data and is added to the encrypted user data (Encryption then MAC). The L3 header includes data length and message type information. The message authentication code is information for detecting falsification of data on the receiving side. Hereinafter, data including a security sequence number, an L3 header, encrypted user data (hereinafter referred to as “encrypted user data”), and a message authentication code is referred to as L3 data.

In processing in the MAC (Media Access Control) layer of Layer 2 (second layer in the OSI reference model: hereinafter also referred to as “L2”), the L3 data generated in the processing of the CNT layer is fixed length from the top by fragmentation. An L2 header and a CRC (Cyclic Redundancy Check) value are added to the data that is divided and fragmented. The L2 header includes information such as the data length.
In processing in the PHY (physical) layer of layer 1 (first layer in the OSI reference model: hereinafter also referred to as “L1”), data generated in the MAC layer processing is transmitted by radio.

  Hereinafter, the direction from the radio terminal 10 to the base station apparatus 20 is referred to as upstream, and the direction from the base station apparatus 20 to the radio terminal 10 is referred to as downstream.

  FIG. 3 is a schematic block diagram illustrating a functional configuration of the wireless terminal 10. The wireless terminal 10 includes a CPU (Central Processing Unit), a memory, an auxiliary storage device, and the like connected by a bus, and executes a communication program. By executing the communication program, the wireless terminal 10 functions as an apparatus including the communication unit 101, the storage unit 102, the NW authentication random number generation unit 103, the authentication control unit 104, and the data processing unit 105. Note that all or part of the functions of the wireless terminal 10 may be realized by using hardware such as an application specific integrated circuit (ASIC), a programmable logic device (PLD), or a field programmable gate array (FPGA).

  The communication unit 101 performs wireless communication with the base station device 20. Specifically, the communication unit 101 modulates the communication data generated by the authentication control unit 104 and the data processing unit 105 and transmits a radio signal to the base station apparatus 20. In addition, the communication unit 101 receives the radio signal transmitted from the base station apparatus 20, restores the communication data by demodulating, and transfers the communication data to the authentication control unit 104 and the data processing unit 105. That is, the data generated in the MAC layer in FIG. 2 is an example of communication data, and the communication unit 101 performs PHY layer processing.

  The storage unit 102 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The storage unit 102 functions as a terminal identification information storage unit 102a and a key information storage unit 102b. The terminal identification information storage unit 102a includes the MAC-ID and NET-ID assigned to the own device (wireless terminal 10), and a base station ID (second identification) that is identification information of the base station device 20 with which the own device communicates wirelessly. Information). The base station ID is identification information used only for wireless communication with the base station device 20. The key information storage unit 102b includes authentication key information used by the own device (wireless terminal 10) for authentication processing and communication with the base station device 20, encryption key information used for encryption and decryption of user data, and manipulation of user data. And message authentication key information used to generate a message authentication code for detection.

The NW authentication random number generation unit 103 generates an NW (network) authentication random number (second shared authentication information) that is a random number used by the authentication control unit 104 for authentication processing for authenticating the base station device 20.
The authentication control unit 104 performs mutual authentication processing between the wireless terminal 10 and the base station device 20. Specifically, the authentication control unit 104 generates a mutual authentication request including the NW authentication random number generated by the NW authentication random number generation unit 103 and transmits it to the base station apparatus 20. By this processing, authentication processing between the wireless terminal 10 and the base station device 20 is started. Further, the authentication control unit 104 performs a calculation based on the MAC-ID, the NET-ID, the authentication key information, a terminal authentication random number transmitted from a base station, which will be described later, and the terminal authenticator as the calculation result By transmitting to the device 20, authentication by the base station device 20 is received. Further, the authentication control unit 104 performs a calculation based on the MAC-ID, the NET-ID, the authentication key information, a random number for NW authentication, a random number for terminal authentication, and the like, and NW authentication that is the same calculation result by the base station device 20 The base station device 20 is authenticated by comparing (collating) with the child.

  When transmitting data to the base station apparatus 20 in the mutual authentication process, the authentication control unit 104 transmits data using the MAC-ID and the NET-ID when transmitting the mutual authentication request. On the other hand, when transmitting data other than the mutual authentication request, the authentication control unit 104 transmits data using MAC-ID without using NET-ID. Specifically, the authentication control unit 104 may transmit data as follows, for example.

  The authentication control unit 104 transmits a bandwidth allocation request to the base station device 20 in advance. In response to the bandwidth allocation request, the base station device 20 allocates a bandwidth and a MAC-ID to the wireless terminal 10, and stores the bandwidth and the MAC-ID in association with each other. The base station apparatus 20 transmits a band allocation response indicating the allocated band. The allocated band may be specified by time, for example, may be specified by frequency, or may be specified by time and frequency. The association between the bandwidth allocation request and the bandwidth allocation response is realized by using a specific frequency or time allocation or identification information associated therewith. At this time, the base station apparatus 20 transmits data including the MAC-ID together with the band allocation response. The authentication control unit 104 receives the band allocation response, and transmits data to be transmitted in the mutual authentication process to the base station apparatus 20 in the band allocated to the own apparatus. In this way, the band used by the wireless terminal 10 is associated with the MAC-ID.

  When transmitting the mutual authentication request, the authentication control unit 104 transmits data including the NET-ID in a band allocated to the own device. When the base station apparatus 20 receives this data, the base station apparatus 20 associates the MAC-ID stored in association with the band used for transmission of the received data with the NET-ID included in the received data and associates the terminal with the terminal. Register in the identification information table. Further, when transmitting data other than the mutual authentication request, the authentication control unit 104 transmits data including the MAC-ID but not the NET-ID in a band allocated to the own apparatus. In this way, the data transmitted by the authentication control unit 104 is associated with the MAC-ID and NET-ID.

  The data processing unit 105 generates data to be transmitted to the terminal device 50 via the network 60 (hereinafter referred to as “uplink communication data”) and outputs the data to the communication unit 101. In addition, the data processing unit 105 receives data (hereinafter referred to as “downlink communication data”) transmitted from the terminal device 50 via the network 60 by the communication unit 101. As is clear from this description, the uplink communication data and the downlink communication data are a type of the above communication data. The data processing unit 105 includes a transmission data generation unit 105a and a reception data acquisition unit 105b.

  The transmission data generation unit 105 a encrypts user data output from the external device Z, generates uplink communication data to be transmitted to the terminal device 50 via the network 60, and outputs the uplink communication data to the communication unit 101. The transmission data generation unit 105a uses MAC-ID as identification information indicating the transmission source of the uplink communication data without using NET-ID. For example, the transmission data generation unit 105a may transmit the uplink communication data using the MAC-ID and the band assigned to the own device in advance. Uplink communication data is transmitted, for example, by an external device Z (Z-1-1, Z-1-2,..., Z-2-1, Z-2-2,...) To which the wireless terminal 10 is connected. Contains generated data.

  The reception data acquisition unit 105b receives the downlink communication data transmitted from the terminal device 50 by the communication unit 101 via the network 60, and decrypts the encrypted user data included in the downlink communication data. When identification information indicating a transmission destination is set in the downlink communication data, MAC-ID is used without using NET-ID. For example, the reception data acquisition unit 105b receives from the base station device 20 a bandwidth allocation notification that includes a MAC-ID that is assigned to the own device in advance and that does not contain a NET-ID, and is assigned to the own device in response to this notification. Downlink communication data may be received in the band. The reception data acquisition unit 105b outputs user data included in the acquired downlink communication data to the external device Z.

  FIG. 4 is a block diagram showing a configuration of transmission data generation section 105a shown in FIG. The transmission data generation unit 105 a includes a layer 3 transmission processing unit 110 and a layer 2 transmission processing unit 120.

  The layer 3 transmission processing unit 110 includes a counter generation unit 111, a storage unit 112, a security sequence number adding unit 113, an encryption unit 114, and a message authentication code adding unit 115.

  The counter generation unit 111 generates an upstream encryption processing counter used by the encryption unit 114 to encrypt user data to be transmitted. Further, the counter generation unit 111 updates the uplink encryption processing counter each time the transmission data generation unit 105a generates and transmits uplink communication data. The storage unit 112 stores the uplink encryption processing counter generated by the counter generation unit 111.

  The security sequence number assigning unit 113 assigns the uplink security sequence number and the L3 header to the user data output from the external device Z. The encryption unit 114 encrypts user data using the encryption key information stored in the key information storage unit 102 b and the uplink encryption processing counter stored in the storage unit 112. The message authentication code assigning unit 115 receives the upstream security initialization information, the upstream security sequence number, and the encrypted user data as input, and uses the message authentication key information stored in the key information storage unit 102b to transmit the upstream message. Generate an authentication code. The message authentication code assigning unit 115 outputs the L3 data including the uplink security sequence number, the L3 header, the encrypted user data, and the uplink message authentication code to the layer 2 transmission processing unit 120.

  The layer 2 transmission processing unit 120 includes a fragment unit 121 and a CRC adding unit 122. The fragment unit 121 generates fragment data by dividing (fragmenting) the L3 data input from the layer 3 transmission processing unit 110, and adds an L2 header to each of the fragment data. The L2 header includes a fragment number indicating how many pieces of fragment data are generated from one piece of L3 data. The CRC adding unit 122 calculates a CRC value from the L2 header and fragment data input from the fragment unit 121, and outputs uplink communication data in which the CRC value is added to the L2 header and fragment data to the communication unit 101.

  FIG. 5 is a block diagram illustrating a functional configuration of the reception data acquisition unit 105b illustrated in FIG. The reception data acquisition unit 105 b includes a layer 2 reception processing unit 130 and a layer 3 reception processing unit 140.

The layer 2 reception processing unit 130 includes a CRC inspection unit 131.
The CRC checking unit 131 checks the CRC value given to the downlink communication data input from the communication unit 101. When the CRC check result is OK, the layer 2 reception processing unit 130 determines that the L3 reception processing unit 130 determines the L3 based on the fragment data acquired from the downlink communication data and the fragment number acquired from the L2 header added to the fragment data. Restore the data. Then, the layer 2 reception processing unit 130 outputs the restored L3 data to the layer 3 reception processing unit 140.

The layer 3 reception processing unit 140 includes a counter generation unit 141, a storage unit 142, a security sequence number inspection unit 143, a message authentication code inspection unit 144, and a decryption unit 145.
The counter generation unit 141 generates a downlink encryption processing counter used for the decryption unit 145 to decrypt the encrypted user data included in the downlink communication data. Further, the counter generation unit 141 updates the downlink encryption processing counter every time downlink communication data from the base station 20 is received. The storage unit 142 stores the downlink encryption processing counter generated by the counter generation unit 141.

  The security sequence number inspection unit 143 inspects the downlink security sequence number set in the L3 data input from the layer 2 reception processing unit 130, and outputs the L3 data to the message authentication code inspection unit 144 if the inspection is OK. To do.

  The message authentication code checking unit 144 checks the downlink message authentication code set in the L3 data input from the security sequence number checking unit 143. If the check is OK, the message authentication code checking unit 144 outputs the L3 data to the decoding unit 145. Specifically, the message authentication code checking unit 144 generates a downlink message authentication code using the same algorithm as the message authentication code adding unit 255 of the base station device 20 based on the received L3 data. The message authentication code checking unit 144 compares the downlink message authentication code generated by itself with the downlink message authentication code set in the received L3 data. If the two match, the message authentication code checking unit 144 determines that the encrypted user data of the received L3 data has not been tampered with, and sets the check result to OK. On the other hand, if the two do not match, the message authentication code checking unit 144 determines that the encrypted user data of the received L3 data has been tampered with, and sets the check result to NG. The decryption unit 145 stores the encrypted user data included in the L3 data input from the message authentication code checking unit 144 and the encryption key information stored in the key information storage unit 102b and the storage unit 142. And the decrypted user data is output to the external device Z.

  FIG. 6 is a schematic block diagram illustrating a functional configuration of the base station apparatus 20. The base station device 20 includes a CPU, a memory, an auxiliary storage device, and the like connected by a bus and executes a relay program. By executing the relay program, the base station device 20 functions as a device including the first communication unit 201, the second communication unit 202, the storage unit 203, the terminal authentication random number generation unit 204, the authentication control unit 205, and the relay unit 206. . Note that all or part of the functions of the base station device 20 may be realized using hardware such as an ASIC, PLD, or FPGA.

  The first communication unit 201 performs wireless communication with the wireless terminal 10. Specifically, the first communication unit 201 modulates communication data output from the authentication control unit 205 and the second relay unit 206 b and transmits the modulated communication data to the wireless terminal 10. Further, the first communication unit 201 receives the radio signal transmitted from the radio terminal 10 and demodulates it to restore the communication data, and transfers it to the authentication control unit 205 and the first relay unit 206a.

  The second communication unit 202 communicates with the network 60. Specifically, the second communication unit 202 converts the communication data output from the first relay unit 206 a and transmits it to the network 60. The second communication unit 202 receives a signal transmitted from the network 60 to the wireless terminal 10 and converts the signal to transfer the communication data to the second relay unit 206b.

  The storage unit 203 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The storage unit 203 functions as a base station identification information storage unit 203a, a terminal identification information table storage unit 203b, and a key information table storage unit 203c. The base station identification information storage unit 203a stores a base station ID assigned to the own device (base station device 20). As described above, the base station ID is identification information used only in wireless communication with the terminal device 10. The base station ID is identification information for uniquely identifying all base station apparatuses 20 installed in the communication system 100. Therefore, the base station apparatus 20 installed in the communication system 100 is not assigned a duplicate base station ID. When the network 60 is configured by a wired IP communication network, the base station identification information storage unit 203a uses the IP assigned to the own apparatus (base station apparatus 20) as identification information for communication with the network 60. Remember the address.

  The terminal identification information table storage unit 203b stores a terminal identification information table. The key information table storage unit 203c stores a key information table. FIG. 9 is a diagram illustrating an outline of the terminal identification information table. The terminal identification information table has a terminal identification information record 21 in which the NET-ID and the MAC-ID of the wireless terminal 10 are associated with each wireless terminal 10 communicating with its own device (base station device 20). FIG. 10 is a diagram showing an outline of the key information table. The key information table communicates the key information record 22 in which the NET-ID, the authentication key information, the encryption key information, and the message authentication key information of the wireless terminal 10 are associated with the own device (base station device 20). Have every.

  Returning to FIG. 6, the description of the configuration of the base station apparatus 20 will be continued. The terminal authentication random number generation unit 204 generates a terminal authentication random number (first shared authentication information) that is a random number used by the authentication control unit 205 for authentication processing for authenticating the wireless terminal 10.

  The authentication control unit 205 performs mutual authentication processing between the wireless terminal 10 and the base station device 20. Specifically, the authentication control unit 205 performs a calculation based on the MAC-ID, the NET-ID, the authentication key information, the NW authentication random number, the terminal authentication random number, and the like. By transmitting the authentication random number to the wireless terminal 10, the wireless terminal 10 is authenticated. The authentication control unit 205 performs a calculation based on the MAC-ID, the NET-ID, the authentication key information, the terminal authentication random number, and the like, and compares (collates) with a terminal authenticator that is the same calculation result by the wireless terminal 10. By doing so, the wireless terminal 10 is authenticated.

  When transmitting data to the wireless terminal 10 in the mutual authentication process, the authentication control unit 205 transmits the data using the MAC-ID and not using the NET-ID. Specifically, the authentication control unit 205 may transmit data as follows, for example. The authentication control unit 205 allocates a band to the wireless terminal 10 in advance according to a band allocation request, and stores the band and the MAC-ID in association with each other. The authentication control unit 205 transmits a bandwidth allocation response indicating the allocated bandwidth to the wireless terminal 10. At this time, the authentication control unit 205 transmits a band allocation response as data including the MAC-ID but not the NET-ID. The wireless terminal 10 receives the bandwidth allocation response and stores the bandwidth allocated to the own device. Then, the authentication control unit 205 transmits data to be transmitted by mutual authentication processing to the wireless terminal 10 in a band allocated to the wireless terminal 10. In this way, the data transmitted by the authentication control unit 205 is associated with the MAC-ID. As described above, since the NET-ID is not included in the bandwidth allocation response, the data transmitted by the authentication control unit 205 is not associated with the NET-ID. Details of the mutual authentication process will be described later.

The relay unit 206 includes a first relay unit 206a and a second relay unit 206b.
The first relay unit 206 a decrypts the encrypted user data included in the uplink communication data transmitted from the wireless terminal 10 to the terminal device 50 connected to the network 60 and relays it to the terminal device 50 connected to the network 60. To do. The uplink communication data transmitted from the wireless terminal 10 to the terminal device 50 connected to the network 60 is associated with the MAC-ID as identification information representing the wireless terminal 10 that is the transmission source. Based on the terminal identification information table, the first relay unit 206a searches for NET-ID corresponding to the MAC-ID associated with the uplink communication data or identification information equivalent to the NET-ID. Then, the first relay unit 206a gives and relays the searched NET-ID or identification information equivalent to the NET-ID to the upstream communication data as identification information indicating the data transmission source.

  The identification information equivalent to the NET-ID is identification information that can uniquely identify all the wireless terminals 10 installed in the communication system 100. As a specific example of identification information equivalent to NET-ID, there is a service ID. The service ID is identification information used in the network 60. The service ID may have a larger data amount than the NET-ID. The service ID may be recorded together with the NET-ID and the MAC-ID in the record 21 of the terminal identification information table, for example. Specific examples of the service ID include a Uniform Resource Locator (URL) and a Fully Qualified Domain Name (FQDN).

  The second relay unit 206 b encrypts user data transmitted from the terminal device 50 connected to the network 60 to the wireless terminal 10 and transmits downlink communication data including the encrypted user data to the wireless terminal 10. In downlink communication data transmitted to the wireless terminal 10 from the terminal device 50 connected to the network 60, NET-ID or identification information (service ID) equivalent to NET-ID is used as identification information indicating the destination wireless terminal 10. It is included. The second relay unit 206b searches for the MAC-ID corresponding to the NET-ID or the service ID based on the terminal identification information table. The second relay unit 206b relays downlink communication data using the searched MAC-ID.

  FIG. 7 is a block diagram illustrating a functional configuration of the first relay unit 206a illustrated in FIG. The first relay unit 206a includes a layer 2 reception processing unit 210, a layer 3 reception processing unit 220, and a relay setting unit 230.

The layer 2 reception processing unit 210 includes a CRC inspection unit 211.
The CRC checking unit 211 checks the CRC value given to the uplink communication data input from the first communication unit 201. When the check result is OK, the layer 2 reception processing unit 210 combines the fragment data of the same MAC-ID in the order of the fragment number and restores the L3 data. Then, the layer 2 reception processing unit 210 outputs the restored L3 data and the MAC-ID corresponding to the band that received the uplink communication data to the layer 3 reception processing unit 220.

The layer 3 reception processing unit 220 includes a counter generation unit 221, a storage unit 222, a security sequence number inspection unit 223, a message authentication code inspection unit 224, and a decryption unit 225.
The counter generation unit 221 generates, for each MAC-ID, an upstream encryption processing counter that is used by the decryption unit 225 to decrypt the encrypted user data included in the upstream communication data. Further, every time the upstream communication data is received from the wireless terminal 10, the counter generation unit 221 updates the upstream encryption processing counter corresponding to the MAC-ID of the wireless terminal 10. The storage unit 222 stores the uplink encryption processing counter generated by the counter generation unit 221 in association with the MAC-ID.

  The security sequence number inspection unit 223 inspects the uplink security sequence number set in the L3 data. If the inspection is OK, the security sequence number inspection unit 223 outputs the L3 data and the MAC-ID to the message authentication code inspection unit 224.

  The message authentication code checking unit 224 checks the upstream message authentication code set in the L3 data input from the security sequence number checking unit 223, and if the check is OK, the L3 data and the MAC-ID are decrypted by the decoding unit 225. Output to. Specifically, the message authentication code checking unit 224 generates an uplink message authentication code using the same algorithm as the message authentication code providing unit 115 of the wireless terminal 10 based on the received L3 data. The message authentication code checking unit 224 compares the upstream message authentication code generated by itself with the upstream message authentication code set in the received L3 data. If they match, the message authentication code checking unit 224 determines that the encrypted user data of the received L3 data has not been tampered with, and sets the check result to OK. On the other hand, if the two do not match, the message authentication code checking unit 224 determines that the encrypted user data of the received L3 data has been tampered with, and sets the check result to NG. The decryption unit 225 converts the encrypted user data included in the L3 data input from the message authentication code inspection unit 224 into the encryption key information stored in the key information table storage unit 203c corresponding to the MAC-ID. Then, decryption is performed using the uplink encryption processing counter stored in the storage unit 222 corresponding to the MAC-ID, and the decrypted user data and the MAC-ID are output to the relay setting unit 230. Note that, when the destination of the received data is the base station device 20, the decoding unit 225 outputs the decoded data to an upper layer processing unit (not shown) included in the base station device 20.

  The relay setting unit 230 searches NET-ID corresponding to the MAC-ID or identification information equivalent to the NET-ID based on the terminal identification information table. The relay setting unit 230 then relays the retrieved NET-ID or identification information equivalent to the NET-ID to the upstream communication data as identification information indicating the data transmission source.

FIG. 8 is a block diagram illustrating a functional configuration of the second relay unit 206b illustrated in FIG. The second relay unit 206b includes a relay data acquisition unit 240, a layer 3 transmission processing unit 250, and a layer 2 transmission processing unit 260.
The relay data acquisition unit 240 receives input of downlink communication data transmitted from the network 60 to the wireless terminal 10 from the second communication unit 202. The relay data acquisition unit 240 searches for the MAC-ID corresponding to the NET-ID included in the downlink communication data or the identification information (service ID) equivalent to the NET-ID based on the terminal identification information table. The relay data acquisition unit 240 outputs the user data acquired from the data input from the second communication unit 202 and the searched MAC-ID to the layer 3 transmission processing unit 250.
Note that user data input to the layer 3 transmission processing unit 250 is not limited to user data transmitted from the network 60 to the wireless terminal 10. For example, even if the upper layer processing unit (not shown) included in the base station device 20 outputs user data to be transmitted to the radio terminal 10 and the MAC-ID of the destination radio terminal 10 to the layer 3 transmission processing unit 250. Good.

The layer 3 transmission processing unit 250 includes a counter generation unit 251, a storage unit 252, a security sequence number adding unit 253, an encryption unit 254, and a message authentication code adding unit 255.
The counter generation unit 251 generates a downlink encryption processing counter used by the encryption unit 254 for encrypting user data for each MAC-ID. Each time the second relay unit 206b transmits and transmits downlink communication data addressed to the wireless terminal 10, the counter generation unit 251 updates the downlink encryption processing counter corresponding to the MAC-ID of the wireless terminal 10. The storage unit 252 stores the downlink encryption processing counter generated by the counter generation unit 251 in association with the MAC-ID.

  The security sequence number assigning unit 253 assigns the downlink security sequence number and the L3 header to the user data output from the relay data acquiring unit 240, and outputs the user data together with the MAC-ID to the encrypting unit 254. The encryption unit 254 includes the encryption key information registered in the key information table in the key information table storage unit 203c corresponding to the MAC-ID, and the downlink stored in the storage unit 252 corresponding to the MAC-ID. The user data is encrypted using the encryption processing counter, and the generated encrypted user data is output to the message authentication code adding unit 255 together with the MAC-ID. The message authentication code giving unit 255 receives the downlink security initialization information, the downlink security sequence number, and the encrypted user data as inputs, and registers them in the key information table in the key information table storage unit 203c corresponding to the MAC-ID. A downlink message authentication code is generated using the message authentication key information. The message authentication code giving unit 255 outputs L3 data including the downlink security sequence number, the L3 header, the encrypted user data, and the downlink message authentication code to the layer 2 transmission processing unit 260 together with the MAC-ID.

  The layer 2 transmission processing unit 260 includes a fragment unit 261 and a CRC adding unit 262. The fragment unit 261 generates fragment data by dividing (fragmenting) the L3 data input from the layer 3 transmission processing unit 250, and adds an L2 header to each of the fragment data. The L2 header includes a fragment number. The CRC adding unit 262 calculates a CRC value from the L2 header and fragment data input from the fragment unit 261. The CRC adding unit 262 outputs the downlink communication data in which the CRC value is added to the L2 header and the fragment data to the first communication unit 201. The first communication unit 201 transmits downlink communication data in a band corresponding to MAC-ID.

  The terminal information management device 30 is configured using an information processing device such as a mainframe, a workstation, or a personal computer. The terminal information management device 30 associates the NET-IDs of all the wireless terminals 10 installed in the communication system 100 with the authentication key information, encryption key information, and message authentication key information assigned to the wireless terminals 10. Remember. The terminal information management device 30 also includes NET-IDs of all the wireless terminals 10 installed in the communication system 100 and identification information (hereinafter referred to as terminal devices 50) that are destinations to which each wireless terminal 10 transmits uplink communication data. "Host name") and stored in association with each other. Further, the terminal information management device 30 stores the NET-IDs of all the wireless terminals 10 installed in the communication system 100 and the service IDs representing the wireless terminals 10 in the network 60 in association with each other. When the terminal information management device 30 receives an inquiry (terminal information request) based on the NET-ID from the base station device 20, the terminal information management device 30 obtains the authentication key information and encryption key information corresponding to the NET-ID, the host name, and the service ID from the terminal information. A response is sent back to the base station apparatus 20.

  The position information management device 40 is configured using an information processing device such as a mainframe, a workstation, or a personal computer. The location information management device 40 stores the service IDs of all the wireless terminals 10 installed in the communication system 100 in association with the IP addresses of the base station devices 20 with which the wireless terminals 10 are performing wireless communication. . The data stored in the location information management device 40 can identify where the wireless terminal 10 is located, that is, which base station device 20 is under control. Upon receiving an IP address inquiry (DNS reference request) based on the service ID from the terminal device 50, the location information management device 40 uses the IP address of the base station device 20 corresponding to the service ID as the DNS reference response. Reply to The location information management device 40 stores the host name and IP address of the terminal device 50 installed in the communication system 100 in association with each other. Upon receiving an IP address inquiry (DNS reference request) based on the host name from the base station apparatus 20, the location information management apparatus 40 returns an IP address corresponding to the host name to the base station apparatus 20 as a DNS reference response. .

  The terminal device 50 is configured using an information processing device such as a mainframe, a workstation, or a personal computer. The terminal device 50 receives the uplink communication data transmitted from the wireless terminal 10 via the base station device 20. The terminal device 50 specifies the IP address of the base station device 20 to which the wireless terminal 10 is connected based on the service ID of the wireless terminal 10 that is the data transmission destination to the location information management device 40, whereby the base station device 20. It is possible to transmit data to the wireless terminal 10 via. Thereby, downlink communication data such as a control signal for the external device Z connected to each wireless terminal 10 is transmitted to the wireless terminal 10.

  FIG. 11 is a sequence diagram showing a sequence of mutual authentication processing in the communication system 100. The mutual authentication process is a preprocess that is performed when the wireless terminal 10 starts transmission / reception of data with the base station apparatus 20. After authenticating each other as a valid device by mutual authentication processing, the wireless terminal 10 and the base station device 20 start data transmission / reception. For example, transmission of uplink communication data by the wireless terminal 10 is started after the mutual authentication process. Hereinafter, a flow of mutual authentication processing performed by the wireless terminal 10 and the base station device 20 of the communication system 100 will be described.

  First, when the radio signal of the base station device 20 can be received by the radio terminal 10 and a communicable base station ID can be acquired, the terminal identification information storage unit 102a of the radio terminal 10 stores the communicable base. The base station ID of the station device 20 is recorded.

  Next, the authentication control unit 104 of the wireless terminal 10 attempting to connect to the communication system 100 via the base station device 20 sends a MAC-ID assignment request (synonymous with the above-described bandwidth assignment request) to the base station device 20. Transmit (step S101). At this point, the NET-ID is assigned to the wireless terminal 10, but the MAC-ID is not assigned. Therefore, at this time, the NET-ID is recorded in the terminal identification information storage unit 102a of the wireless terminal 10, but the MAC-ID is not recorded.

  When receiving the MAC-ID assignment request from the wireless terminal 10, the authentication control unit 205 of the base station apparatus 20 is still assigned to the other wireless terminal 10 that is currently performing wireless communication with the own device (base station apparatus 20). A MAC-ID that is not yet generated is generated. Then, the authentication control unit 205 transmits a MAC-ID assignment response including the generated MAC-ID (step S102). The wireless terminal 10 that is the transmission source of the MAC-ID assignment request receives the MAC-ID assignment response transmitted from the base station apparatus 20. For example, the authentication control unit 104 of the wireless terminal 10 receives the MAC-ID assignment response first received after transmitting the MAC-ID assignment request when the MAC-ID is not yet assigned to the own device (wireless terminal 10). May be determined to be data addressed to the own device. Further, the authentication control unit 104 of the wireless terminal 10 transmits the MAC-ID allocation request with identification information, and the authentication control unit 205 of the base station device 20 returns a MAC-ID allocation response with the same identification information. The authentication control unit 104 of the wireless terminal 10 may determine that the MAC-ID assignment response to which the same identification information is assigned is data addressed to the own device. The method by which the authentication control unit 104 of the wireless terminal 10 determines the MAC-ID assignment response addressed to its own device may be another method.

  Upon receiving the MAC-ID assignment response addressed to the own device, the authentication control unit 104 of the wireless terminal 10 uses the MAC-ID included in the MAC-ID assignment response as the MAC-ID assigned to the own device (wireless terminal 10). Write to the terminal identification information storage unit 102a.

  Next, the NW authentication random number generation unit 103 of the wireless terminal 10 generates an NW authentication random number (step S103). Next, the authentication control part 104 produces | generates a mutual authentication request | requirement, and transmits to the base station apparatus 20 (step S104). The mutual authentication request includes a random number for NW authentication and is transmitted using the NET-ID and MAC-ID assigned to the own device (wireless terminal 10).

  Upon receiving the mutual authentication request, the authentication control unit 205 of the base station apparatus 20 acquires the NET-ID and MAC-ID used for transmitting the received mutual authentication request, and acquires the acquired NET-ID and MAC-ID. The associated record 21 is generated. The authentication control unit 205 writes the generated record 21 in the terminal identification information table. The authentication control unit 205 transmits a terminal information request including the acquired NET-ID to the terminal information management apparatus 30 (step S105). When receiving the terminal information request, the terminal information management apparatus 30 searches for authentication key information, encryption key information, a host name of the terminal apparatus 50, and a service ID corresponding to the NET-ID included in the terminal information request. Then, the terminal information management device 30 generates a terminal information response including the searched authentication key information, encryption key information, host name of the terminal device 50, and service ID, and the base station device 20 that is the transmission source of the terminal information request (Step S106).

  When receiving the terminal information response, the authentication control unit 205 of the base station apparatus 20 acquires authentication key information and personal identification key information from the terminal information response. Then, the authentication control unit 205 generates a record 22 in which the NET-ID included in the mutual authentication request received in step S104 is associated with the acquired authentication key information and password key information, and writes the record 22 in the key information table.

  The terminal authentication random number generation unit 204 generates a terminal authentication random number (step S107). The authentication control unit 205 generates an NW authenticator and downlink security initialization information, and stores the downlink security initialization information (step S108). An example of a method for generating the NW authenticator and downlink security initialization information is as follows. First, the authentication control unit 205 uses the NET-ID, MAC-ID, NW authentication random number included in the mutual authentication request received in step S104, the base station ID of the own device (base station device 20), and terminal authentication. Secret information for generating an NW authenticator is calculated using a random number and authentication key information corresponding to the NET-ID. The authentication control unit 205 generates an NW authenticator and downlink security initialization information used to generate a downlink encryption processing counter from the calculated secret information for generating the NW authenticator. For example, the authentication control unit 205 handles all or a predetermined part of the calculated secret information for generating the NW authenticator as an NW authenticator. Further, the authentication control unit 205 stores all or a predetermined part of the calculated secret information for generating the NW authenticator as downlink security initialization information. In the above process, the NW authenticator and the downlink security initialization information are processed so as to be different data. More preferably, a part of the calculated secret information for generating the NW authenticator is handled as an NW authenticator, and another part not overlapping with the NW authenticator is handled as downlink security initialization information. In this way, the NW authenticator and the downlink security initialization information are generated, and the downlink security initialization information is stored. Specific methods for calculating secret information include keyed hash and block cipher.

  A more detailed specific example of the method for calculating the NW authenticator and downlink security initialization information will be described with reference to FIG. In the specific example described below, the NET-ID is 48 bits, the MAC-ID is 16 bits, the base station ID is 32 bits, and both the NW authentication random number and the terminal authentication random number are 128 bits. The authentication key information is 128 bits. First, the authentication control unit 205 generates a 128-bit bit string arranged in the following order as a first input. “0” for 1 bit, “0” for 31 bits, NET-ID for 48 bits, MAC-ID for 16 bits, base station ID for 32 bits. The first one bit of “0” is a bit indicating that the operation is an NW authenticator. The next 31 bits “0” is a bit string for padding. The second input and the third input are a random number for NW authentication and a random number for terminal authentication, respectively.

  The authentication control unit 205 executes an authenticator calculation process using the first input, the second input, the third input, and the authentication key information. A specific example of the authenticator calculation process includes CMAC (Cipher-based Message Authentication Code) using 128-bit block cipher. Specific examples of block ciphers used in CMAC include Camellia and AES (Advanced Encryption Standard). As a calculation result of such an authenticator calculation process, 128-bit NW authenticator generation secret information is calculated. The authentication control unit 205 generates an NW authenticator and downlink security initialization information from the obtained secret information for generating the NW authenticator. For example, the authentication control unit 205 generates the upper 64 bits of the secret information for generating the NW authenticator as an NW authenticator, and generates the lower 64 bits as downlink security initialization information. The authentication control unit 205 writes the downlink security initialization information and the MAC-ID in association with each other in the storage unit 252 of the second relay unit 206b. This completes the description of the specific example of the NW authenticator calculation method, and the description returns to the mutual authentication processing sequence.

  When the NW authenticator is generated, the authentication control unit 205 generates a base station authentication response and transmits it to the wireless terminal 10 (step S109). The base station authentication response includes an NW authenticator and a terminal authentication random number. The base station authentication response is transmitted using the MAC-ID assigned to the wireless terminal 10 that has transmitted the mutual authentication request and without using the NET-ID.

  Upon receiving the base station authentication response, the authentication control unit 104 of the wireless terminal 10 performs base station authentication processing (step S110). The base station authentication process is as follows. First, the authentication control unit 104 calculates the NW authenticator and downlink security initialization information by performing the same calculation as the authentication control unit 205 of the base station apparatus 20. At this time, among the values used by the authentication control unit 104 in the calculation, the terminal authentication random number is a value included in the base station authentication response, and other values (NW authentication random number, key information, MAC-ID, NET -ID, base station ID) is a value held in the own device (wireless terminal 10). The authentication control unit 104 compares the calculated NW authenticator with the NW authenticator included in the received base station authentication response. If they match, the authentication control unit 104 authenticates that the base station device 20 is a valid device, and writes the downlink security initialization information to the storage unit 142 of the received data acquisition unit 105b. On the other hand, if the two do not match, the authentication control unit 104 does not authenticate that the base station device 20 is a valid device. Further, the authentication control unit 104 performs the same operation as the authentication control unit 205 of the base station apparatus 20 based on the secret information for generating the NW authenticator obtained in the process of calculating the NW authenticator, thereby performing downlink security initialization. Calculate information. If the length of the NW authenticator is sufficiently long and the NW authenticator matches between the wireless terminal 10 and the base station device 20, the downlink security initialization information also matches with a very high probability between both devices. . Therefore, it is possible to safely share downlink security initialization information between both devices.

  Next, the authentication control unit 104 of the wireless terminal 10 generates a terminal authenticator and uplink security initialization information, and stores the uplink security initialization information (step S111). An example of a method for generating a terminal authenticator and uplink security initialization information is as follows. First, the authentication control unit 104 receives the NET-ID, the MAC-ID, the base station ID, the authentication key information stored in the key information storage unit 102b, and the base station authentication response stored in the terminal identification information storage unit 102a. Secret information for generating a terminal authenticator is calculated using the included terminal authentication random number. The authentication control unit 104 handles all or a predetermined part of the calculated secret information for generating a terminal authenticator as a terminal authenticator. Further, the authentication control unit 104 stores all or a predetermined part of the calculated secret information for generating the terminal authenticator as uplink security initialization information. In the above process, the terminal authenticator and the upstream security initialization information are processed so as to be different data. More preferably, a part of the calculated secret information for generating a terminal authenticator is handled as a terminal authenticator, and another part not overlapping with the terminal authenticator is handled as uplink security initialization information. In this way, the terminal authenticator and the uplink security initialization information are generated, and the uplink security initialization information is stored.

  A more detailed specific example of the method for calculating the terminal authenticator will be described with reference to FIG. In the specific example described below, the NET-ID is 48 bits, the MAC-ID is 16 bits, the base station ID is 32 bits, and the terminal authentication is performed, as in the specific example in the method for calculating the NW authenticator. The random number for use is 128 bits, and the authentication key information is 128 bits. First, the authentication control unit 104 generates a 128-bit bit string arranged in the following order as a first input. “1” for 1 bit, “0” for 31 bits, NET-ID for 48 bits, MAC-ID for 16 bits, and base station ID for 32 bits. “1” for the first one bit is a bit indicating that the terminal authenticator is operated. The next 31 bits “0” is a bit string for padding. The second input is a terminal authentication random number.

  The authentication control unit 104 executes an authenticator calculation process using the first input, the second input, and the authentication key information. A specific example of the authenticator calculation process includes CMAC (Cipher-based Message Authentication Code) using 128-bit block cipher. Specific examples of block ciphers used in CMAC include Camellia and AES. As a calculation result of such an authenticator calculation process, 128-bit secret information for generating a terminal authenticator is calculated. The authentication control unit 104 generates a terminal authenticator and uplink security initialization information used for generating an uplink encryption processing counter from the obtained secret information for generating a terminal authenticator. For example, the authentication control unit 104 generates the upper 64 bits of the secret information for generating the terminal authenticator as the terminal authenticator, and generates the lower 64 bits as the uplink security initialization information. In the generation of the terminal authenticator, NW authentication random numbers may be further used. The authentication control unit 104 writes the upstream security initialization information in the storage unit 112 of the transmission data generation unit 105a. This completes the description of the specific example of the terminal authenticator calculation method, and the description returns to the mutual authentication processing sequence.

  When the terminal authenticator is generated, the authentication control unit 104 generates a terminal authentication response and transmits it to the base station apparatus 20 (step S112). The terminal authentication response includes a terminal authenticator. The terminal authentication response is transmitted using the MAC-ID of the own device (wireless terminal 10) and not using the NET-ID.

  Upon receiving the terminal authentication response, the authentication control unit 205 of the base station device 20 performs terminal authentication processing (step S113). The terminal authentication process is as follows. First, the authentication control unit 205 calculates a terminal authenticator and uplink security initialization information by performing the same calculation as the authentication control unit 104 of the wireless terminal 10. At this time, all values (terminal authentication random number, key information, MAC-ID, NET-ID, base station ID) used by the authentication control unit 205 in the calculation are held in the own apparatus (base station apparatus 20). Value. The authentication control unit 205 compares the calculated terminal authenticator with the terminal authenticator included in the received terminal authentication response. If the two match, the authentication control unit 205 authenticates that the wireless terminal 10 is a legitimate device and associates the upstream security initialization information with the MAC-ID in the storage unit 222 of the second relay unit 206b. Write. On the other hand, if the two do not match, the authentication control unit 205 does not authenticate that the wireless terminal 10 is a valid device. Further, the authentication control unit 205 performs the same operation as the authentication control unit 104 of the wireless terminal 10 based on the secret information for generating the terminal authenticator obtained in the process of calculating the terminal authenticator, thereby performing uplink security initialization information. Is calculated. When the length of the terminal authenticator is sufficiently long and the terminal authenticator matches between the wireless terminal 10 and the base station device 20, the uplink security initialization information also matches with a very high probability between the two devices. . Therefore, it is possible to safely share upstream security initialization information between both devices.

  When authenticating that the wireless terminal 10 is a valid device in the terminal authentication process, the authentication control unit 205 transmits a terminal registration request to the location information management device 40 (step S114). The terminal registration request includes the IP address of the own device (base station device 20) and the service ID of the wireless terminal 10 authenticated by the terminal authentication process in step S113. When receiving the terminal registration request, the location information management device 40 stores the service ID included in the terminal registration request and the IP address of the base station device 20 in association with each other. Then, the location information management device 40 transmits a terminal registration response indicating that the registration of the service ID and the IP address of the base station device 20 is completed to the base station device 20 (step S115).

  With the above processing, generation of shared information (uplink security initialization information and downlink security initialization information) based on secret information between the wireless terminal 10 and the base station apparatus 20 is completed, and mutual information performed between the two is performed. Authentication is completed (step S116).

After this processing, the wireless terminal 10 can communicate with the terminal device 50 connected to the network 60 by way of the base station device 20 that has performed mutual authentication.
In the case of uplink communication, the transmission data generation unit 105a of the wireless terminal 10 generates uplink communication data including encrypted user data and transmits the uplink communication data to the base station apparatus 20 (step S117). As information indicating the transmission source of the uplink communication data, NET-ID is not used, but MAC-ID is used. The first relay unit 206a of the base station device 20 decrypts the encrypted user data included in the uplink communication data, and transmits the uplink communication data of the IP signal in which the decrypted user data is set to the network 60. The uplink communication data of the IP signal transmitted by the first relay unit 206a reaches the terminal device 50 via the network 60 (step S118).

  In the case of downlink communication, the terminal device 50 transmits downlink communication data addressed to the wireless terminal 10 via the network 60 using an IP signal (step S119). A service ID is assigned to the downlink communication data of the IP signal. The second relay unit 206b of the base station apparatus 20 converts the service ID assigned to the downlink communication data of the IP signal into a MAC-ID, and encrypts user data set in the downlink communication data. The first communication unit 201 of the base station device 20 transmits the downlink communication data set with the encrypted user data to the wireless terminal 10 (step S120). As information indicating the transmission source of downlink communication data, NET-ID is not used, but MAC-ID is used.

  Note that the MAC-ID that is the information of the second layer of the OSI reference model can be configured to have a smaller data amount than the NET-ID that is the information of the third layer. When configured in this way, the amount of communication data can be more effectively reduced.

  FIG. 12 is a sequence diagram showing an upstream communication sequence after mutual authentication is completed, and shows details of steps S117 and S118 of FIG.

  First, the external device Z generates data and outputs it to the wireless terminal 10. When the transmission data generation unit 105a of the wireless terminal 10 receives user data input from the external device Z, the security sequence number assigning unit 113 assigns an uplink security sequence number. The uplink security sequence number is a 16-bit number that increases by a predetermined value, and is reset to an initial value, for example, “0” at the time of mutual authentication. In other words, the initial uplink security sequence number is assigned in the case of the first uplink user data transmission after mutual authentication, and the previous transmission in the case of the uplink user data transmission for the second and subsequent times after mutual authentication. An uplink security sequence number having a value obtained by adding a predetermined value (for example, 1) to the uplink security sequence number assigned to the user data in the uplink direction is assigned.

  The counter generation unit 111 generates an uplink encryption processing counter when it is the first transmission of user data in the uplink direction after mutual authentication with the base station apparatus 20 is performed. The encryption unit 114 encrypts user data using the encryption key information stored in the key information storage unit 102 b and the uplink encryption processing counter stored in the storage unit 112. A specific configuration of the upstream encryption processing counter and encryption processing will be described.

  FIG. 15 is a diagram illustrating the configuration of the uplink encryption processing counter. The first 8 bits of the upstream encryption processing counter are a predetermined value common to the upstream encryption processing counter and are “10000000”. The next 64 bits are upstream security initialization information. Uplink security initialization information is read from the storage unit 112. The next 32 bits are reserved for future expansion of the upstream security sequence number, and are all “0”. The next 16 bits are information generated in step S116 upon completion of mutual authentication, which is the uplink security sequence number, and the uplink security sequence number assigned by the security sequence number assigning unit 113. The next 8 bits are an upstream encryption processing block counter, and an initial value “0” is set.

  As shown in FIG. 16, the encryption unit 114 performs 128-bit block encryption on 128-bit encryption key information, a 128-bit upstream encryption processing counter, and user data (upstream plaintext) divided into 128-bit units. Using the processing in the counter mode, 128-bit unit encrypted user data (upstream ciphertext) is generated. Specific examples of the 128-bit block cipher include Camellia and AES.

FIG. 19 is a diagram showing an example of encryption processing using the counter mode.
As shown in the figure, the encryption unit 114 divides the upstream plaintext, which is user data to be encrypted, into fixed lengths of 128 bits. The separated plaintext is described as plaintext data (1), plaintext data (2),.

  Using the encryption key information, the encryption unit 114 encrypts the upstream encryption processing counter stored in the storage unit 112 by 128-bit block encryption processing to generate a 128-bit encryption counter (1). The encryption unit 114 generates 128-bit encrypted data (1) by exclusive OR of the encryption counter (1) and the plaintext data (1). When the encrypted data (1) is generated, the counter generation unit 111 adds 1 to the value of the upstream encryption processing block counter in the upstream encryption processing counter currently stored in the storage unit 112 and updates it.

Subsequently, the encryption unit 114 encrypts the encryption key information and the upstream encryption processing counter stored in the storage unit 112 by a 128-bit block encryption process to generate a 128-bit encryption counter (2). The encryption unit 114 generates 128-bit encrypted data (2) by exclusive OR of the encryption counter (2) and the plaintext data (2). When the encrypted data (2) is generated, the counter generation unit 111 adds 1 to the value of the upstream encryption processing block counter in the upstream encryption processing counter currently stored in the storage unit 112 and updates it.
The above processing is executed for all plaintext data (1), (2),... Generated from the upstream plaintext, and the encrypted data (1), (2),. Data (upstream ciphertext) is generated.
The upstream encryption processing block counter has 8 bits and can encrypt user data up to 256 (2 to the 8th power) blocks.

  Returning to FIG. 12, the description of the uplink communication sequence will be continued. The encryption unit 114 outputs the uplink security sequence number and the encrypted user data to the message authentication code adding unit 115. The message authentication code giving unit 115 receives the upstream security initialization information, the upstream security sequence number, and the encrypted user data as input, and generates the upstream message authentication code using the message authentication key information as a key. Then, the message authentication code giving unit 115 outputs L3 data including the uplink security sequence number, the L3 header, the encrypted user data, and the uplink message authentication code to the layer 2 transmission processing unit 120.

  The fragment unit 121 of the layer 2 transmission processing unit 120 divides L3 data by a fixed length (fragmentation) to generate fragment data, adds an L2 header to each fragment data, and outputs the fragment data to the CRC adding unit 122. The CRC adding unit 122 calculates a CRC value from the L2 header and fragment data output from the fragment unit 121, generates uplink communication data in which the CRC value is added to the L2 header and fragment data, and outputs the uplink communication data to the communication unit 101 ( Step S201). The communication unit 101 transmits uplink communication data in which encrypted user data is set to the base station apparatus 20 in the transmission time slot of the allocated band (step S202). As information representing the transmission source of transmission data, NET-ID is not used, but MAC-ID is used.

  When the first communication unit 201 of the base station apparatus 20 receives the uplink communication data from the wireless terminal 10, the uplink communication data is input to the first relay unit 206a, and the CRC checking unit 211 of the first relay unit 206a The CRC value set in the uplink communication data input from one communication unit 201 is checked, and if the check is NG, NACK is returned to the radio terminal 10. If the check is OK, the CRC checker 211 returns an ACK to the wireless terminal 10, and combines the fragment data of the same MAC-ID in the order of the fragment number to restore the L3 data. Then, the CRC inspection unit 211 outputs the restored L3 data and the MAC-ID corresponding to the band in which the uplink communication data is received to the layer 3 reception processing unit 220.

  The security sequence number checking unit 223 checks the uplink security sequence number set in the restored L3 data. Specifically, the security sequence number inspection unit 223 holds the latest number among the uplink security sequence numbers of the L3 data generated based on the uplink communication data previously received from the wireless terminal 10 having the same MAC-ID. If the upstream security sequence number set in the restored L3 data is newer than the latest stored security sequence number, it is determined to be OK, and if it is the same or older, it is determined to be NG. The security sequence number inspection unit 223 outputs the L3 data and the MAC-ID to the message authentication code inspection unit 224 if the inspection is OK, and discards it if it is NG.

  The message authentication code checking unit 224 checks the upstream message authentication code set in the L3 data input from the security sequence number checking unit 223. The message authentication code checking unit 224 outputs the L3 data and the MAC-ID to the decoding unit 225 if the check of the uplink message authentication code is OK, and discards the check if the check is NG.

  In the case of the first transmission of user data in the upstream direction after performing mutual authentication with the wireless terminal 10, the counter generation unit 221 performs an upstream encryption processing counter by the same process as the counter generation unit 111 of the wireless terminal 10. (FIG. 15) is generated and written in the storage unit 222 in association with the MAC-ID. However, the uplink security initialization information stored in the storage unit 222 corresponding to the MAC-ID is set in the uplink security initialization information of the uplink encryption processing counter. Further, the uplink security sequence number set in the L3 data is set in the uplink security sequence number of the uplink encryption processing counter. Also, an initial value “0” is set in the upstream encryption processing block counter of the upstream encryption processing counter.

  The decryption unit 225 reads the encryption key information stored in the key information table in the key information table storage unit 203c in association with the MAC-ID, and associates the encryption key information with the MAC-ID in the storage unit 112. The encrypted user data set in the L3 data is decrypted using the stored upstream encryption processing counter. A specific decoding process will be described.

  As shown in FIG. 16, the decryption unit 225 uses 128-bit block encryption processing in the counter mode, and uses 128-bit encryption key information, a 128-bit upstream encryption processing counter, and a cipher divided into 128-bit units. Plaintext user data (upstream plaintext) divided into 128-bit units is generated from the encrypted user data (upstream ciphertext). The 128-bit block encryption process used by the decryption unit 225 is the same as the 128-bit block encryption process used by the encryption unit 114 of the wireless terminal 10.

FIG. 20 is a diagram illustrating an example of decryption processing using the counter mode, and illustrates processing for decrypting the encrypted user data generated by the encryption processing illustrated in FIG.
As shown in the figure, the decryption unit 225 divides uplink ciphertext, which is encrypted user data to be decrypted, into fixed lengths of 128 bits. The separated upstream ciphertexts are described as encrypted data (1), encrypted data (2),.

  Using the encryption key information, the decryption unit 225 encrypts the upstream encryption processing counter stored in the storage unit 222 in association with the MAC-ID by a 128-bit block encryption process, and uses a 128-bit encryption counter (1 ) Is generated. The decryption unit 225 generates 128-bit plaintext data (1) by exclusive OR of the encryption counter (1) and the encrypted data (1). When the plaintext data (1) is generated, the counter generation unit 221 adds 1 to the value of the uplink encryption processing block counter in the uplink encryption processing counter currently stored in the storage unit 222 in association with the MAC-ID. And update.

Subsequently, using the encryption key information registered in the key information table in the key information table storage unit 203c corresponding to the MAC-ID, the decryption unit 225 stores the MAC-ID in association with the MAC-ID. The upstream encryption processing counter is encrypted by 128-bit block encryption processing to generate a 128-bit encryption counter (2). The decryption unit 225 generates 128-bit plaintext data (2) by exclusive OR of the encryption counter (2) and the encrypted data (2). When the plaintext data (2) is generated, the counter generation unit 221 adds 1 to the value of the upstream encryption processing block counter in the upstream encryption processing counter currently stored in the storage unit 222 in association with the MAC-ID. And update.
The above processing is executed for all ciphertext data (1), (2),... Generated from the uplink ciphertext, and the generated plaintext data (1), (2),. User data (upstream plain text) is generated.

  Returning to FIG. 12, the description of the uplink communication sequence will be continued. The decoding unit 225 of the base station apparatus 20 outputs the user data and MAC-ID decoded as described above to the relay setting unit 230. The relay setting unit 230 searches NET-ID corresponding to MAC-ID or identification information equivalent to NET-ID based on the terminal identification information table (step S203). Then, the relay setting unit 230 searches the terminal identification information table based on the MAC-ID, and acquires the corresponding service ID and host name. The relay setting unit 230 assigns a service ID to the upstream communication data as information indicating the transmission source (step S204). In addition, the relay setting unit 230 transmits a DNS reference request in which the host name is set to the location information management device 40 (step S205). The location information management device 40 returns a DNS reference response in which the IP address corresponding to the host name is set to the base station device 20 (step S206). The relay setting unit 230 of the base station device 20 assigns the IP address acquired from the DNS reference response to the uplink communication data as the transmission destination address (step S207). Then, the relay setting unit 230 transmits the uplink communication data of the IP signal including the user data for which the service ID is set to the network 60 (Step S208). The uplink communication data transmitted by the first relay unit 206a reaches the terminal device 50 via the network 60.

Note that, when the wireless terminal 10 transmits user data again before the session is disconnected, the same processing as in steps S202 and S207 to S208 described above is performed.
In this case, the counter generation unit 111 of the wireless terminal 10 assigns the uplink security sequence number of the uplink encryption processing counter already stored in the storage unit 112 to the new transmission target user data by the security sequence number assigning unit 113. An uplink security sequence number is set, and an initial value “0” is set in the uplink encryption processing block counter and updated.
Further, the counter generation unit 221 of the base station device 20 is generated from the newly received uplink communication data with the uplink security sequence number of the uplink encryption processing counter already stored in the storage unit 222 corresponding to the MAC-ID. The upstream security sequence number in the L3 data is set, and the initial value “0” is set in the upstream encryption processing block counter and updated.

FIG. 13 is a sequence diagram showing a downstream communication sequence after the mutual authentication is completed, and shows details of steps S119 and S120 of FIG.
First, the terminal device 50 generates transmission data to be transmitted to the wireless terminal 10 (step S301). The terminal device 50 transmits an IP address inquiry (DNS reference request) based on the service ID of the data transmission destination wireless terminal 10 to the location information management device 40 (step S302). The terminal device 50 acquires the IP address of the base station device 20 to which the wireless terminal 10 is connected as a DNS reference response from the location information management device 40 (step S303). The terminal device 50 transmits data to the wireless terminal 10 via the base station device 20 by transmitting data to the acquired IP address of the base station device 20 (step S304). When the relay data acquisition unit 240 of the second relay unit 206b of the base station device 20 acquires the service ID and user data from the downlink communication data of the IP signal received from the terminal device 50, the relay data acquisition unit 240 creates a terminal identification information table based on the service ID. Search and obtain the corresponding MAC-ID (step S305). The relay data acquisition unit 240 outputs the acquired MAC-ID together with user data to the layer 3 transmission processing unit 250 (step S306).

  The security sequence number assigning unit 253 of the layer 3 transmission processing unit 250 assigns a downlink security sequence number to the user data input from the relay data acquisition unit 240. The downlink security sequence number is a 16-bit number that increases by a predetermined value, and is reset to an initial value, for example, “0” at the time of mutual authentication. That is, after the mutual authentication with the wireless terminal 10 specified by the MAC-ID input from the relay data acquisition unit 240, in the case of the first transmission of user data in the downlink direction, the initial downlink security sequence number is given. The In the case of transmission of downlink user data for the second and subsequent times after mutual authentication, a predetermined value (for example, a downlink security sequence number assigned to downlink user data previously transmitted to the wireless terminal 10 specified by the MAC-ID (for example, A downlink security sequence number having a value obtained by adding 1) is assigned.

  The counter generation unit 251 generates a downlink encryption processing counter in the case of transmission of user data in the first downlink direction after mutual authentication with the wireless terminal 10 specified by the MAC-ID, and associates it with the MAC-ID. Write to the storage unit 252. The encryption unit 254 stores the encryption key information stored in association with the MAC-ID in the key information table in the key information table storage unit 203c, and the downlink stored in the storage unit 252 in association with the MAC-ID. The user data is encrypted using the encryption processing counter.

  FIG. 17 is a diagram illustrating the configuration of the downstream encryption processing counter. The first 8 bits of the downstream encryption processing counter are predetermined values common to the downstream encryption processing counter, and are all “0”. The next 64 bits are downlink security initialization information, and downlink security initialization information read from the storage unit 252 is set corresponding to the MAC-ID. The next 32 bits are reserved for future expansion of the downlink security sequence number, and are all “0”. The next 16 bits are the downlink security sequence number assigned by the security sequence number assigning unit 253. The next 8 bits are a downstream encryption processing block counter, and an initial value “0” is set.

  As shown in FIG. 18, the encryption unit 254 performs 128-bit block encryption processing in a counter mode with 128-bit encryption key information, a 128-bit downstream encryption processing counter, and 128-byte user data (downstream plaintext). Is used to generate encrypted user data (downstream ciphertext) divided into 128-bit units. Specific examples of the 128-bit block cipher include Camellia and AES.

  For example, the encryption unit 254 performs the encryption process illustrated in FIG. The encryption unit 254 divides the downlink plaintext, which is user data to be encrypted, into fixed lengths of 128 bits, and generates plaintext data (1), plaintext data (2),. Using the encryption key information, the encryption unit 254 encrypts the downlink encryption processing counter stored in the storage unit 252 in association with the MAC-ID by 128-bit block encryption processing, and uses a 128-bit encryption counter ( 1) is generated. The encryption unit 254 generates 128-bit encrypted data (1) by exclusive OR of the encryption counter (1) and the plaintext data (1). When the encrypted data (1) is generated, the counter generation unit 251 sets 1 to the value of the downlink encryption processing block counter in the downlink encryption processing counter currently stored in the storage unit 252 in association with the MAC-ID. Add and update.

Subsequently, the encryption unit 254 encrypts the encryption key information and the downlink encryption processing counter stored in association with the MAC-ID in the storage unit 252 by 128-bit block encryption processing, and thereby encrypts the 128-bit encryption counter. (2) is generated. The encryption unit 254 generates 128-bit encrypted data (2) by exclusive OR of the encryption counter (2) and the plaintext data (2). When the encrypted data (2) is generated, the counter generation unit 251 sets 1 to the value of the downstream encryption processing block counter in the downstream encryption processing counter stored in the storage unit 252 in association with the MAC-ID. Add and update.
The above processing is executed for all plaintext data (1), (2),... Generated from the downlink plaintext, and the encrypted data (1), (2),. Data (downstream ciphertext) is generated.

  Returning to FIG. 13, the description of the downlink communication sequence will be continued. The encryption unit 254 outputs the encrypted user data to which the downlink security sequence number is added and the MAC-ID to the message authentication code adding unit 255. The message authentication code assigning unit 255 receives the downlink security initialization information, the downlink security sequence number, and the encrypted user data, and generates the downlink message authentication code using the message authentication key information as a key. The message authentication code giving unit 255 outputs the L3 data including the downlink security sequence number, the L3 header, the encrypted user data, and the downlink message authentication code, and the MAC-ID to the layer 2 transmission processing unit 260.

  The fragment unit 261 of the layer 2 transmission processing unit 260 divides the L3 data by a fixed length to generate fragment data, adds an L2 header to each fragment data, and outputs the fragment data together with the MAC-ID to the CRC adding unit 262. The CRC adding unit 262 calculates a CRC value from the L2 header and fragment data output from the fragment unit 261, and adds the CRC value to the L2 header and fragment data to generate downlink communication data. The CRC adding unit 262 outputs the generated downlink communication data to the first communication unit 201. The first communication unit 201 transmits downlink communication data in which encrypted user data is set using a band assigned to the wireless terminal 10 having the MAC-ID (step S307).

  The communication unit 101 of the wireless terminal 10 outputs the downlink communication data received from the base station device 20 to the reception data acquisition unit 105b. The CRC checker 131 checks the CRC value set in the downlink communication data input from the communication unit 101. If the check is NG, the CRC checker 131 returns a NACK to the base station apparatus 20. If the check is OK, the CRC checker 131 returns an ACK to the base station device 20, and based on the fragment data acquired from the downlink communication data and the fragment number of the fragment data acquired from the L2 header, Restore L3 data. Then, the CRC checking unit 131 outputs the restored L3 data to the layer 3 reception processing unit 140.

  The security sequence number inspection unit 143 of the layer 3 reception processing unit 140 inspects the downlink security sequence number set in the restored L3 data. Specifically, the security sequence number checking unit 143 holds the latest number of the uplink security sequence numbers of the L3 data generated based on the downlink communication data previously received from the base station apparatus 20, and restored L3. If the downlink security sequence number set in the data is newer than the latest security sequence number held, it is determined to be OK, and if it is the same or older, it is determined to be NG. The security sequence number inspection unit 143 outputs the L3 data to the message authentication code inspection unit 144 if the inspection is OK, and discards it if it is NG.

  The message authentication code checking unit 144 checks the downlink message authentication code set in the L3 data input from the security sequence number checking unit 143. The message authentication code checking unit 144 outputs the L3 data and the MAC-ID to the decoding unit 145 if the downlink message authentication code is checked, and discards it if the checking is NG.

  When the first user data is received after mutual authentication with the base station device 20, the counter generation unit 141 performs a downlink encryption processing counter (by the same processing as the counter generation unit 251 of the base station device 20). 17) is generated and written to the storage unit 142. However, the downlink security initialization information stored in the storage unit 142 is set in the downlink security initialization information of the downlink encryption processing counter. Further, the downlink security sequence number set in the L3 data is set in the downlink security sequence number of the downlink encryption processing counter.

  When the decryption unit 145 reads the encryption key information stored in the key information storage unit 102b, the decryption unit 145 sets the L3 data using the encryption key information and the downstream encryption processing counter stored in the storage unit 142. Decrypt encrypted user data.

  As shown in FIG. 18, the decryption unit 145 uses 128-bit block encryption processing in the counter mode, and uses 128-bit encryption key information, a 128-bit downstream encryption processing counter, and an encryption divided into 128-bit units. Plaintext user data (downstream plaintext) divided into 128-bit units is generated from the encrypted user data (downstream ciphertext). The 128-bit block encryption process used by the decryption unit 145 is the same as the 128-bit block encryption process used by the encryption unit 254 of the base station apparatus 20.

  For example, when the encryption unit 254 of the base station apparatus 20 performs the encryption process illustrated in FIG. 19, the decryption unit 145 performs the decryption process illustrated in FIG. The decryption unit 145 divides the downlink ciphertext, which is encrypted user data, by a fixed length of 128 bits. The delimited ciphertexts are described as encrypted data (1), encrypted data (2),.

  Using the encryption key information, the decryption unit 145 encrypts the downlink encryption processing counter stored in the storage unit 142 by 128-bit block encryption processing, and generates a 128-bit encryption counter (1). The decryption unit 145 generates 128-bit plaintext data (1) by exclusive OR of the encryption counter (1) and the encrypted data (1). When the plaintext data (1) is generated, the counter generation unit 141 updates the value by adding 1 to the value of the downlink encryption processing block counter in the downlink encryption processing counter currently stored in the storage unit 142.

Subsequently, the decryption unit 145 encrypts the encryption key information and the downlink encryption processing counter stored in the storage unit 142 by 128-bit block encryption processing, and generates a 128-bit encryption counter (2). The decryption unit 145 generates 128-bit plaintext data (2) by exclusive OR of the encryption counter (2) and the encrypted data (2). When the plaintext data (2) is generated, the counter generation unit 141 updates the value by adding 1 to the value of the downlink encryption processing block counter in the downlink encryption processing counter currently stored in the storage unit 142.
The above processing is executed for all encrypted data (1), (2),... Generated from the downstream ciphertext, and the generated plaintext data (1), (2),. User data (downstream plaintext) is generated. The decryption unit 145 outputs the user data decrypted as described above to the external device Z.

In addition, when the terminal device 50 transmits user data again before the session is disconnected, the same processing as in steps SS301 and 305 to S307 described above is performed.
In this case, the counter generation unit 251 of the base station apparatus 20 adds the security sequence number assigning unit 253 to the downlink security sequence number of the downlink encryption processing counter already stored in the storage unit 252 in correspondence with the destination MAC-ID. Is set to the downlink security sequence number assigned to the user data transmitted from the terminal device 50, and the initial value “0” is set to the downlink encryption processing block counter for updating.
Further, the counter generation unit 141 of the wireless terminal 10 adds the downlink security sequence in the L3 data generated from the newly received downlink communication data to the downlink security sequence number of the downlink encryption processing counter already stored in the storage unit 142. A number is set, and an initial value “0” is set in the downstream cipher processing block counter and updated.

  FIG. 21 is a diagram illustrating a process for generating an uplink message authentication code transmitted from the wireless terminal 10. As shown in FIG. 21, the message authentication code assigning unit 115 performs an upstream message authentication code generation process using two input values (input 1 and input 2) and 128-bit message authentication key information, thereby performing an upstream message. Generate an authentication code. A specific example of the upstream message authentication code generation process is CMAC (Cipher-based Message Authentication Code) using 128-bit block cipher. Specific examples of block ciphers used in CMAC include Camellia and AES. The message authentication code assigning unit 115 generates a 128-bit bit string arranged as the input 1 in the following order. 8-bit bit string “10000000”, 64-bit upstream security initialization information, 32-bit “0”, 16-bit upstream security sequence number, and 8-bit “0”. The first 8-bit bit string is a bit string indicating that the message is an upstream message authentication code operation. Both “0” for 32 bits and “0” for 8 bits are bit strings for padding.

  FIG. 22 is a diagram illustrating a generation process of a downlink message authentication code transmitted from the base station apparatus 20. As shown in FIG. 22, the message authentication code assigning unit 255 performs a downlink message authentication code generation process using two input values (input 1 and input 2) and 128-bit message authentication key information, thereby generating a downlink message. Generate an authentication code. A specific example of the downlink message authentication code generation process is CMAC (Cipher-based Message Authentication Code) using 128-bit block cipher. Specific examples of block ciphers used in CMAC include Camellia and AES. The message authentication code assigning unit 255 generates a 128-bit bit string arranged as the input 1 in the following order. 8-bit bit string “00000000”, 64-bit downlink security initialization information, 32-bit “0”, 16-bit downlink security sequence number, and 8-bit “0”. The first bit string for 8 bits is a bit string indicating that it is an operation of a downlink message authentication code. Both “0” for 32 bits and “0” for 8 bits are bit strings for padding.

In the communication system 100 configured as described above, shared authentication information (random number for terminal authentication, random number for NW authentication) is generated each time mutual authentication at the start of a session between the wireless terminal 10 and the base station device 20, and the random number is generated. A part of the secret information generated from is sent as authentication information (terminal authenticator, NW authenticator) and mutual authentication is performed. Then, security initialization information (uplink security initialization information, downlink security initialization information) is generated from the remaining portion of the secret information not used as authentication information, and the security initialization information and security sequence number (for example, uplink security The user data is encrypted in the counter mode using the counter generated from the sequence number and the downlink security sequence number). Therefore, while the session continues, only a small amount of shared information (16-bit security sequence number) is exchanged between the wireless terminal 10 and the base station apparatus 20, and user data is securely encrypted for transmission / reception. can do.
Similarly, a message authentication code is generated using the security initialization information and the security sequence number, and alteration of user data is detected. Therefore, while the session continues, only a small amount of shared information (for example, a 64-bit message authentication code and a 16-bit security sequence number) is exchanged between the wireless terminal 10 and the base station apparatus 20, and the user Data can be securely encrypted and sent and received.

  In this embodiment, the secret information for generating the terminal authenticator and the NW authenticator generating are generated by using the MAC-ID that is the information of the OSI reference model second layer and the NET-ID of the OSI reference model third layer. Secret information for generating a terminal authenticator, a terminal authenticator and uplink security initialization information from the secret information for generating a terminal authenticator, and an NW authenticator and downlink security initialization information from the secret information for generating an NW authenticator ing. Thus, the identification information of L2 and the identification information of L3, which are different layers in the OSI reference model, are used in the authentication process and the encryption process. Therefore, safe authentication processing, encryption processing, and falsification detection processing can be performed against an attack that misrepresents the correspondence between the identification information of L2 and the identification information of L3.

Also, in conventional technologies such as SSL (Secure Socket Layer) and 3GPP (Third Generation Partnership Project), different random numbers are used in authentication processing and encryption processing between terminals, and these random numbers are shared between terminals. ing. However, this can only be realized if the previous state can be stored even when the power is off. On the other hand, in the present embodiment, even in a communication system that cannot take over information when the power is turned off, it is possible to safely encrypt user data and detect tampering.
In addition, the amount of information shared between the wireless terminal and the base station for encryption and falsification detection is small, and the wireless band is not consumed. Therefore, it is possible to save a radio band between radio apparatuses, and it is particularly effective in a radio system having a narrow band.

Further, tamper-proof communication using an upstream message authentication code and a downstream message authentication code is performed by the Encryption then MAC method. Therefore, it becomes possible to prevent tampering more effectively. Further, by configuring the encryption key information and the message authentication key information as different keys, it becomes possible to more effectively prevent tampering. In the communication system 100, message authentication key information is fixedly assigned to each wireless terminal 10. Therefore, it appears that the effect of preventing falsification is reduced compared to a system that can update message authentication key information. However, since the security initialization information and security sequence number generated in the mutual authentication process are used as the input when generating the message authentication code, even if fixed key information is used, tampering prevention is effective. It becomes possible to improve.
Similarly, in the encryption process, even if the encryption key is fixed, the security initialization information and the security sequence number generated in the mutual authentication process are used as the input of the encryption process. It is possible to improve the encryption effect even when using.

<Modification>
The wireless terminal 10 may be replaced with a wired terminal that performs wired communication. In this case, communication between the wired terminal and the base station apparatus 20 is realized by wired communication. Even in such a configuration, in the wired communication between the base station apparatus 20 and the wired terminal that encrypts and transmits / receives data, it is possible to transmit and receive information necessary for encryption and decryption while ensuring security. By reducing the amount of data, the communication band can be reduced.
Moreover, although the mutual authentication process which mutually authenticates about the authentication process performed between the radio | wireless terminal 10 and the base station apparatus 20 was demonstrated, the case where the user data to transmit / receive was encrypted was demonstrated, the radio | wireless terminal 10 or a base station Either one of the devices 20 may be authenticated, and only user data transmitted by the authenticated wireless terminal 10 or the base station device 20 may be encrypted and transmitted.

In the above, the wireless terminal 10 and the base station apparatus 20 generate secret information for generating an NW authenticator and secret information for generating a terminal authenticator using the same authentication key information. Different authentication key information may be used. However, the authentication key information for the wireless terminal 10 to generate the secret information for generating the terminal authenticator and the authentication key information for the base station apparatus 20 to generate the secret information for generating the terminal authenticator are the same. The authentication key information for the wireless terminal 10 to generate the secret information for generating the NW authenticator and the authentication key information for the base station apparatus 20 to generate the secret information for generating the NW authenticator are the same.
Further, the authentication key information and the encryption key information may be the same. Further, the authentication key information and the message authentication key information may be the same. Further, the encryption key information and the message authentication key information may be the same. Further, the authentication key information, the encryption key information, and the message authentication key information may be the same.
The above authentication key information, encryption key information, and message authentication key information are secret keys.

In the above, as shown in FIG. 14A, the first input used to generate the secret information for generating the NW authenticator includes the NET-ID, the MAC-ID, and the base station ID. However, the first input may include only NET-ID, NET-ID and MAC-ID, or NET-ID and base station ID.
In the above, as shown in FIG. 14B, the first input used for generating the secret information for generating the terminal authenticator includes the NET-ID, the MAC-ID, and the base station ID. However, the first input may include only NET-ID, NET-ID and MAC-ID, or NET-ID and base station ID.

In the above, the MAC-ID assigned to the wireless terminal 10 is used for generating the secret information for generating the NW authenticator and the secret information for generating the terminal authenticator every time mutual authentication at the start of the session. Other identification information assigned to the wireless terminal 10 may be used each time authentication is performed (every session is started).
Further, in the above, every time mutual authentication at the start of a session between the wireless terminal 10 and the base station device 20, a random number for terminal authentication and a random number for NW authentication are generated and exchanged, but instead of those values, Information generated based on the random number, such as a value obtained by performing a predetermined operation on the random number or a combination of the random number and the predetermined information may be used. For example, it may be a combination of a random number and identification information assigned to the wireless terminal 10 each time authentication is performed.

In the above, at the time of authentication, the terminal authenticator and the upstream security initialization information are generated from the secret information for generating the terminal authenticator, and the NW authenticator and the downstream security initialization information are generated from the secret information for generating the NW authenticator. However, when the user data is encrypted for the first time after mutual authentication or when the encrypted user data is decrypted, secret information for generating the NW authenticator is generated and downlink security initialization information is generated. Alternatively, the upstream security initialization information may be generated by generating secret information for generating a terminal authenticator.
That is, when the wireless terminal 10 transmits user data for the first time after mutual authentication with the base station apparatus 20, the counter generation unit 111 generates secret information for generating a terminal authenticator as in the authentication control unit 104. The upstream security initialization information is generated from the generated secret information. When the base station apparatus 20 receives user data for the first time after mutual authentication with the wireless terminal 10, the counter generation unit 221 generates and generates secret information for generating a terminal authenticator in the same manner as the authentication control unit 205. Upstream security initialization information is generated from the secret information.
In addition, when the base station device 20 transmits user data for the first time after mutual authentication with the wireless terminal 10, the counter generation unit 251 generates secret information for generating an NW authenticator similar to the authentication control unit 205. Downlink security initialization information is generated from the generated secret information. When the wireless terminal 10 receives user data for the first time after mutual authentication with the base station apparatus 20, it generates secret information for generating an NW authenticator in the same manner as the authentication control unit 104, and uplink security is generated from the generated secret information. Generate initialization information.
Alternatively, NW authenticator generation secret information generated at the time of authentication and terminal authenticator generation secret information are stored, and when user data is encrypted for the first time after mutual authentication, or an encrypted user When decrypting the data, the downlink security initialization information may be generated from the secret information for generating the NW authenticator, or the uplink security initialization information may be generated from the secret information for generating the terminal authenticator.

Further, a method different from the above embodiment may be used for generating secret information for generating a terminal authenticator and generating secret information for generating an NW authenticator. For example, a one-way function such as a hash function may be used as the encryption method.
Further, a method different from the above embodiment may be used for encryption and decryption of user data.

  Further, the MAC-ID is not given to the wireless terminal 10 by the base station device 20, but the wireless terminal 10 may store the MAC-ID in advance. In this case, before starting wireless communication with the base station apparatus 20, the terminal identification information storage unit 102a of the wireless terminal 10 stores in advance the MAC-ID assigned to the own apparatus (non-wireless terminal 10). . Also, the processing of the MAC-ID assignment request (step S101) and the MAC-ID assignment response (step S102) is not necessary, and the authentication control unit 205 uses the MAC-ID and NET-ID included in the mutual authentication request (step S104). Correspondingly record in the terminal identification information table.

  In the above description, Encryption then MAC for generating a message authentication code based on encrypted user data has been described. However, Encryption and MAC or MAC then Encryption may be used.

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes designs and the like that do not depart from the gist of the present invention.

DESCRIPTION OF SYMBOLS 100 ... Communication system, 10 ... Wireless terminal, 20 ... Base station apparatus, 30 ... Terminal information management apparatus, 40 ... Location information management apparatus, 50 ... Terminal apparatus, 101 ... Communication part, 102 ... Memory | storage part, 102a ... Terminal identification information Storage unit, 102b ... Key information storage unit, 103 ... NW authentication random number generation unit, 104 ... Authentication control unit, 105 ... Data processing unit, 105a ... Transmission data generation unit, 105b ... Reception data acquisition unit, 110 ... Layer 3 transmission Processing unit 111 ... Counter generation unit 112 112 Storage unit 113 Security unit number assignment unit 114 Encryption unit 115 Message authentication code addition unit 120 Layer 2 transmission processing unit 121 Fragment unit 122 ... CRC assigning unit, 130 ... Layer 2 reception processing unit, 131 ... CRC inspection unit, 140 ... R Ear 3 reception processing unit, 141 ... counter generation unit, 142 ... storage unit, 143 ... security sequence number inspection unit, 144 ... message authentication code inspection unit, 145 ... decryption unit, 201 ... first communication unit, 202 ... second communication 203, storage unit, 203a, base station identification information storage unit, 203b, terminal identification information table storage unit, 203c, key information table storage unit, 204 ... terminal authentication random number generation unit, 205 ... authentication control unit, 206 ... Relay unit, 206a ... first relay unit, 206b ... second relay unit, 210 ... layer 2 reception processing unit, 211 ... CRC inspection unit, 220 ... layer 3 reception processing unit, 221 ... counter generation unit, 222 ... storage unit, 223 ... Security sequence number inspection unit, 224 ... Message authentication code inspection unit, 225 ... Decryption unit, DESCRIPTION OF SYMBOLS 30 ... Relay setting part, 240 ... Relay data acquisition part, 250 ... Layer 3 transmission process part, 251 ... Counter production | generation part, 252 ... Memory | storage part, 253 ... Security sequence number assignment part, 254 ... Encryption part, 255 ... Message authentication Code assigning unit, 260 ... Layer 2 transmission processing unit, 261 ... Fragment unit, 262 ... CRC assigning unit

Claims (19)

A communication system in which a first communication device and a second communication device communicate using first shared authentication information shared to generate authentication information,
The first communication device is
The first shared authentication information, which is different for each authentication, is exchanged with the second communication device, transmission side authentication information is generated from the first shared authentication information, and transmitted to the second communication device. , Receiving side authentication information from the second communication device, and using the first shared authentication information to authenticate the receiving side authentication information,
A transmission side storage unit for storing a counter;
A counter is generated from the transmission side security initialization information generated by performing a predetermined calculation on the first shared authentication information and written to the transmission side storage unit, and whenever data is transmitted to the second communication device, A transmission-side counter generation unit that updates the counter in the transmission-side storage unit;
An encryption unit that encrypts the data to be transmitted to the second communication device by a predetermined encryption process using the counter in the transmission-side storage unit;
A data transmission unit that transmits the data encrypted by the encryption unit to the second communication device;
With
The second communication device is
The first shared authentication information is exchanged with the first communication device, receiving side authentication information is generated from the first shared authentication information, and transmitted to the first communication device. Receiving side authentication information from the device, receiving side authentication control unit for authenticating the sending side authentication information using the first shared authentication information;
A receiving side storage unit for storing a counter;
A reception processing unit for receiving the encrypted data from the first communication device;
A counter is generated from the reception side security initialization information generated by performing the predetermined operation on the first shared authentication information generated when authentication is successful in the reception side authentication control unit, and the reception side storage A reception-side counter generation unit that updates the counter in the reception-side storage unit each time the reception processing unit receives the encrypted data;
A decryption unit that decrypts the encrypted data received by the reception processing unit by a decryption process corresponding to the predetermined encryption process using the counter in the reception-side storage unit;
Comprising
A communication system characterized by the above. The first communication device is
A sequence number giving unit for giving a sequence number to each data to be transmitted;
The transmission-side counter generation unit updates the counter in the transmission-side storage unit corresponding to the sequence number assigned to the data to be transmitted each time data is transmitted to the second communication device.
The data transmission unit adds the sequence number added to the data by the sequence number adding unit to the data encrypted by the encryption unit, and transmits the data to the second communication device.
The reception-side counter generation unit sets the counter in the reception-side storage unit to the encrypted data received from the first communication device each time the reception processing unit receives the encrypted data. Update to correspond to the given sequence number,
The communication system according to claim 1. The encryption unit divides the data to be transmitted to generate divided data, and the generated divided data is encrypted using the counter in the transmission-side storage unit,
The transmission-side counter generation unit updates the counter in the transmission-side storage unit every time the encryption unit encrypts the divided data,
The data transmission unit transmits the encrypted data in which the divided data encrypted by the encryption unit is arranged in the generation order to the second communication device,
The decryption unit divides the encrypted data received by the reception processing unit to generate the encrypted divided data, and the generated encrypted data is stored in the counter in the reception-side storage unit. Decrypt using
The reception-side counter generation unit updates the counter in the reception-side storage unit every time the decryption unit decrypts the encrypted divided data.
The communication system according to claim 1 or 2, characterized by the above. The first communication device is
A transmission side key information storage unit for storing encryption key information;
The encryption unit performs encryption using the counter in the transmission side storage unit and the encryption key information in the transmission side key information storage unit,
The second communication device is
A receiving side key information storage unit for storing the encryption key information;
The decryption unit performs decryption using the counter in the reception-side storage unit and the encryption key information in the reception-side key information storage unit.
The communication system according to any one of claims 1 to 3, characterized in that: The second communication device communicates with a plurality of the first communication devices,
A receiving side shared authentication information generating unit for generating the first shared authentication information;
The first communication device further includes a transmission side shared authentication information generating unit that generates second shared authentication information that is different for each authentication.
The transmission-side authentication control unit exchanges the first shared authentication information and the second shared authentication information with the second communication device and communicates with the other second communication device. The first authentication information that can identify all the included first communication devices and the first shared authentication information are generated and transmitted to the second communication device. Authenticating the receiving side authentication information using identification information, the first shared authentication information and the second shared authentication information;
The receiving-side authentication control unit exchanges the first shared authentication information and the second shared authentication information with the first communication device, the first identification information of the first communication device, and the first Receiving-side authentication information is generated from the first shared authentication information and the second shared authentication information exchanged with one communication device, transmitted to the first communication device, and received from the first communication device; Authenticating the sender authentication information using the first identification information of the first communication device and the first shared authentication information exchanged with the first communication device,
The transmission-side counter generation unit generates a counter from transmission-side security initialization information generated by performing a predetermined calculation on the first identification information and the first shared authentication information,
The reception-side counter generation unit includes the first identification information of the first communication device that is the transmission source of the encrypted data, and the transmission side received from the first communication device by the reception-side authentication control unit. Generating a counter from the reception side security initialization information generated by performing the predetermined calculation on the first shared authentication information generated when authentication of authentication information is successful;
The communication system according to any one of claims 1 to 4, characterized in that: The transmission-side authentication control unit generates the transmission-side authentication information by further using second identification information that is identification information of the second communication device, and further uses the second identification information to generate the reception-side authentication information. Authenticate
The receiving side authentication control unit generates the receiving side authentication information by further using the second identification information, and further authenticates the transmitting side authentication information by further using the second identification information,
The transmission-side counter generation unit further generates a counter from the transmission-side security initialization information generated by performing the predetermined calculation on the second identification information,
The receiving side counter generating unit further generates a counter from the receiving side security initialization information generated by performing the predetermined calculation on the second identification information,
The communication system according to claim 5. The transmission-side authentication information control unit generates the transmission-side authentication information by further using third identification information assigned to the first communication device for each authentication, and further uses the third identification information to receive the reception Side authentication information,
The receiving side authentication control unit generates the receiving side authentication information further using the third identification information, and further uses the third identification information to authenticate the transmitting side authentication information,
The transmission side counter generation unit further generates a counter from the transmission side security initialization information generated by performing the predetermined calculation on the third identification information,
The reception-side counter generation unit further generates the reception-side security generated by performing a predetermined operation on the third identification information assigned to the first communication device that is the transmission source of the encrypted data. Generate a counter from the initialization information,
The communication system according to claim 5 or 6, characterized by the above. The first communication device communicates with a plurality of the second communication devices,
A transmission side shared authentication information generating unit for generating the first shared authentication information;
The second communication device further includes a receiving-side shared authentication information generating unit that generates second shared authentication information that is different for each authentication.
The transmission-side authentication control unit exchanges the first shared authentication information and the second shared authentication information with the second communication device, and communicates with the other first communication device. Sender authentication using first identification information that can identify all the included second communication devices, and the first shared authentication information and the second shared authentication information exchanged with the second communication device The information is generated and transmitted to the second communication device, and the reception-side authentication information received from the second communication device is the first identification information of the second communication device and the second communication device. Authenticating the receiver authentication information with the first shared authentication information exchanged between,
The receiving-side authentication control unit exchanges the first shared authentication information and the second shared authentication information with the first communication device, and the first identification information of the first communication device and the first While generating the receiving side authentication information from the shared authentication information and transmitting it to the first communication device, using the first identification information, the first shared authentication information and the second shared authentication information, Authenticate the sender authentication information received from the first communication device,
The transmission-side counter generation unit includes the first identification information of the second communication device that is the transmission destination of the data, the first shared authentication information and the second shared authentication information exchanged with the second communication device, A counter corresponding to the second communication device is generated from the transmission side security initialization information generated by performing a predetermined calculation on the
The encryption unit encrypts the data to be transmitted to the second communication device by a predetermined encryption process using the counter of the second communication device stored in the transmission side storage unit,
The reception-side counter generation unit performs the predetermined calculation on the first identification information and the first shared authentication information and the second shared authentication information generated when authentication is successful in the reception-side authentication control unit. To generate a counter from the received-side security initialization information generated by
The communication system according to any one of claims 1 to 4, characterized in that: The transmission side authentication control unit generates the transmission side authentication information by further using second identification information that is identification information of the first communication device, and further uses the second identification information to generate the reception side authentication information. Authenticate
The receiving side authentication control unit generates the receiving side authentication information by further using the second identification information, and further authenticates the transmitting side authentication information by further using the second identification information,
The transmission side counter generation unit further generates a counter corresponding to the second communication device from the transmission side security initialization information generated by performing the predetermined calculation on the second identification information,
The receiving side counter generating unit further generates a counter from the receiving side security initialization information generated by performing the predetermined calculation on the second identification information,
The communication system according to claim 8. The transmission side authentication control unit generates the transmission side authentication information by further using third identification information assigned to the second communication device each time authentication is performed, and further uses the third identification information to form the reception side. Authenticate authentication information,
The receiving side authentication control unit generates the receiving side authentication information further using the third identification information, and further uses the third identification information to authenticate the transmitting side authentication information,
The transmission side counter generation unit further generates a counter corresponding to the second communication device from the transmission side security initialization information generated by performing the predetermined calculation on the third identification information,
The reception side counter generation unit further generates a counter from the reception side security initialization information generated by performing the predetermined calculation on the third identification information,
The communication system according to claim 8 or 9, characterized by the above. The encryption unit performs encryption in a counter mode using the counter in the transmission side storage unit,
The decoding unit performs decoding in the counter mode using the counter in the receiving side storage unit.
The communication system according to any one of claims 1 to 10, wherein: One or both of the first shared authentication information and the second shared authentication information is information generated based on a random number generated each time authentication is performed.
The communication system according to any one of claims 1 to 11, wherein: Different shared authentication information is exchanged with another communication device every time authentication is performed, and transmitting side authentication information is generated from the shared authentication information and transmitted to the other communication device, and received from the other communication device. Side authentication information, and authenticating the receiving side authentication information using the shared authentication information; and
A storage unit for storing a counter;
A counter is generated from the security initialization information generated by performing a predetermined calculation common to the other communication device on the shared authentication information, written to the storage unit, and data is transmitted to the other communication device. A counter generation unit for updating the counter in the storage unit;
An encryption unit that encrypts the data to be transmitted to the other communication device using the counter in the storage unit by an encryption process corresponding to a decryption process in the other communication device;
A data transmission unit that transmits the data encrypted by the encryption unit to the other communication device;
A communication apparatus comprising: Different shared authentication information is exchanged with another communication device every time authentication is performed, receiving side authentication information is generated from the shared authentication information, transmitted to the other communication device, and transmitted from the other communication device. Receiving authentication information, and authenticating the sender authentication information using the shared authentication information;
A storage unit for storing a counter;
A reception processing unit that receives the encrypted data from the other communication device;
A counter is generated from the security initialization information generated by performing a predetermined calculation common to the other device on the shared authentication information generated when the authentication is successful in the authentication control unit, and written to the storage unit A counter generation unit that updates the counter in the previous storage unit each time the reception processing unit receives the encrypted data;
A decryption unit that decrypts the encrypted data received by the reception processing unit by a decryption process corresponding to the encryption process in the other communication device using the counter in the storage unit;
A communication apparatus comprising: An encryption communication method executed in a communication system in which a first communication device and a second communication device communicate using shared authentication information shared to generate authentication information,
The first communication device and the second communication device are
A shared authentication information exchanging step for exchanging the shared authentication information different for each authentication;
The first communication device is
Sending side authentication information is generated from the shared authentication information exchanged in the shared authentication information exchanging step and transmitted to the second communication device, and receiving side authentication information is received from the second communication device, and the shared authentication information is received. A sender authentication control step for authenticating the receiver authentication information using
The second communication device is
Generating and transmitting the receiving side authentication information from the shared authentication information exchanged in the shared authentication information exchanging step to the first communication device; receiving the transmitting side authentication information from the first communication device; and A receiving side authentication control step for authenticating the transmitting side authentication information using information; and
The first communication device is
A transmission side that generates a counter from the transmission side security initialization information generated by performing a predetermined calculation on the shared authentication information exchanged in the shared authentication information exchange step and writes the counter to the transmission side storage unit included in the first communication device A counter generation step;
A transmission side counter update step of updating the counter in the transmission side storage unit each time data is transmitted to the second communication device;
An encryption step of encrypting the data to be transmitted to the second communication device by a predetermined encryption process using the counter in the transmission-side storage unit;
A data transmission step of transmitting the data encrypted in the encryption step to the second communication device;
The second communication device is
Receiving the encrypted data from the first communication device; and
A counter is generated from the reception side security initialization information generated by performing the predetermined calculation on the shared authentication information generated when authentication is successful in the reception side authentication control step, and the second communication device includes A reception side counter generation step to be written in the reception side storage unit;
A reception side counter update step of updating the counter in the reception side storage unit every time the encrypted data received in the reception step is received;
A decryption step of decrypting the encrypted data received in the reception step by a decryption process corresponding to the predetermined encryption process using the counter in the reception-side storage unit;
An encrypted communication method characterized by comprising: An encrypted communication method executed in a communication device,
Different shared authentication information is exchanged with another communication device every time authentication is performed, and transmitting side authentication information is generated from the shared authentication information and transmitted to the other communication device, and received from the other communication device. Authentication control step of receiving side authentication information and authenticating the reception side authentication information using the shared authentication information;
A counter generation step of generating a counter from the security initialization information generated by performing a predetermined calculation common to the other communication device to the shared authentication information and writing it to a storage unit;
A counter update step of updating the counter in the storage unit each time data is transmitted to the other communication device;
An encryption step of encrypting the data to be transmitted to the other communication device by an encryption process corresponding to a decryption process in the other communication device, using the counter in the storage unit;
A data transmission step of transmitting the data encrypted in the encryption step to the other communication device;
An encrypted communication method characterized by comprising: An encrypted communication method executed in a communication device,
Different shared authentication information is exchanged with another communication device every time authentication is performed, receiving side authentication information is generated from the shared authentication information, transmitted to the other communication device, and transmitted from the other communication device. Authentication control step of receiving side authentication information and authenticating the transmission side authentication information using the shared authentication information;
Receiving the encrypted data from the other communication device; and
A counter that generates a counter from security initialization information generated by performing a predetermined calculation common to the other apparatus on the shared authentication information generated when authentication is successful in the authentication control step, and writes the counter to the storage unit Generation step;
A counter update step of updating the counter in the previous storage unit each time the encrypted data is received from the other communication device;
A decryption step of decrypting the encrypted data received in the reception step by a decryption process corresponding to an encryption process in the other communication device using the counter in the storage unit;
An encrypted communication method characterized by comprising: In the computer of the communication device,
Different shared authentication information is exchanged with another communication device every time authentication is performed, and transmitting side authentication information is generated from the shared authentication information and transmitted to the other communication device, and received from the other communication device. Authentication control procedure for receiving side authentication information and authenticating the reception side authentication information using the shared authentication information;
A counter generation procedure for generating a counter from the security initialization information generated by performing a predetermined calculation common to the other communication device to the shared authentication information and writing it to a storage unit;
A counter update procedure for updating the counter in the storage unit each time data is transmitted to the other communication device;
Using the counter in the storage unit, an encryption procedure for encrypting the data to be transmitted to the other communication device by an encryption process corresponding to the decryption process in the other communication device;
A data transmission procedure for transmitting the data encrypted in the encryption procedure to the other communication device;
A program characterized by having executed. In the computer of the communication device,
Different shared authentication information is exchanged with another communication device every time authentication is performed, receiving side authentication information is generated from the shared authentication information, transmitted to the other communication device, and transmitted from the other communication device. Authentication control procedure for receiving side authentication information and authenticating the transmission side authentication information using the shared authentication information;
A receiving procedure for receiving the encrypted data from the other communication device;
A counter that generates a counter from security initialization information generated by performing a predetermined calculation common to the other apparatus on the shared authentication information generated when authentication is successful in the authentication control procedure, and writes the counter to the storage unit Generation procedure,
A counter update procedure for updating the counter in the previous storage unit each time the encrypted data is received from the other communication device;
A decryption procedure for decrypting the encrypted data received in the reception procedure by a decryption process corresponding to an encryption process in the other communication device using the counter in the storage unit;
A program characterized by having executed.

Images