JP3011151B2 - Cryptographic communication device - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cryptographic communication device for performing communication using a cipher in order to enhance the security of communication. The present invention relates to an encryption communication device.

[0002]

2. Description of the Related Art When communicating with another person using a communication device, if the plain text indicating the communication content is sent as it is to a transmission path, a third party who is not a legitimate communication partner can very easily transmit the communication content. Eavesdropping and falsification of communication contents are possible. Therefore, in order to prevent eavesdropping and tampering of communication contents, cryptographic communication devices have been widely used. The encryption communication device encrypts the plaintext and sends it to the transmission path, and also decrypts the received ciphertext into plaintext. When an encryption communication device is used, only a ciphertext that cannot be decrypted by a third party flows through a transmission line where there is a risk of eavesdropping and tampering. As a result, eavesdropping and falsification of the communication contents by a third party can be prevented.

[0003] The encryption methods that can be used by the above-mentioned encryption communication device include, for example, DES (Data Encryption Standard) encryption and IDEA (International Data Encryption Algorithm).
ithm) and public key cryptosystems such as RSA. The shared key encryption method uses the same encryption key for encryption and decryption. In the public key encryption method, the encryption key used for encryption and the encryption key used for decryption are used. The decryption key to be used is different.

[0004] Here, the public key cryptosystem requires a large amount of calculation for encryption and decryption, so that it can be used when the amount of data to be transmitted is relatively small, for example, during authentication. For example, when transmitting images, voices, and numerical data, the amount of data to be transmitted is large, and it is difficult to use it for actual data communication requiring high throughput. Therefore, a common key cryptosystem is generally used for actual data communication.

According to the shared key cryptosystem, when decrypting a ciphertext, the same decryption key as the encryption key used for encryption is required. Therefore, the encryption key must be unified. Therefore, usually, the encryption key (shared key) shared between the authorized communication devices is stored in the authorized communication device in advance.

[0006] By the way, all of the current encryption methods are not perfect, and only a very long time is required until a ciphertext is decrypted into a plaintext. Therefore, if there are many ciphertexts using the same encryption key, the ciphertext may be decrypted by a third party. Therefore, in order to increase the security of communication, it is better to change the encryption key for each communication. Thus, the encryption key generated for each communication is called a communication encryption key (session key). If the communication encryption key is sent to the transmission path as it is, there is a possibility that the communication encryption key itself may be eavesdropped. In this case, the third party can decrypt the cipher text generated using the communication encryption key, and cannot protect the secret of the communication contents.

Therefore, conventionally, the above-mentioned shared key is distributed in advance to an authorized communication device, and a certain data is sent out prior to the encrypted communication, and a communication encryption key is transmitted based on the data and the above-mentioned shared key. You are generating a key. In particular,
As shown in FIG. 8, in the negotiation performed prior to the encryption communication, the encryption communication device on the calling side performs processing in S51.
At a, a random number is generated, and at S52a, the random number is sent to the called-side cryptographic communication device. Further, the encryption communication device on the called side is S
When the random number is received at 51b, the received random number is encrypted with its own shared key to generate an encrypted random number at S52b. Further, the encryption communication device on the called side is S53b.
Sends the encrypted random number to the called-side cryptographic communication device.

[0008] On the other hand, the encryption communication device on the calling side performs S5
The random number generated in 1a is encrypted with its own shared key (S53a). Then, upon receiving the encrypted random number (S54a), the encryption communication device on the calling side compares the encrypted random number generated in S53a with the encrypted random number received in S54a, and It authenticates whether the encryption communication device is a legitimate encryption communication device (S55a). When the called cryptographic communication device is a legitimate cryptographic communication device, the received encrypted random number and the generated encrypted random number match because the shared keys of both devices match. This allows the calling-side cryptographic communication device to authenticate the called-side cryptographic communication device.

Similarly, in S61b, when the called-side cryptographic communication device generates a random number, the subsequent steps S62b to S62b
65b and S61a to S63a, both cryptographic communication devices perform the above-described S51a to S55a and S51
Operations similar to those of b to S53b are performed. In the steps after S61b, the operations of the calling side and the called side are interchanged. As a result, the called-side cryptographic communication device authenticates the calling-side cryptographic communication device.

In S55a and S65b, if both cryptographic communication devices determine that the communication partner is a legitimate communication partner, the calling cryptographic communication device uses its own shared key to receive the communication partner in S54a. The encrypted random number is further encrypted to generate a communication encryption key (S71a). On the other hand, the called-side cryptographic communication device uses its own shared key to
The encrypted random number transmitted in S53b is further encrypted (S71b).

The communication encryption key generated by the two encryption communication devices is obtained by encrypting the random number generated by the called party twice in step S51a with the shared key. Become identical. Also, the communication encryption key is generated based on an encrypted random number transmitted via the transmission path,
The communication encryption key itself is not transmitted. Therefore,
Even if a third party obtains an encrypted random number by eavesdropping on communication between the two encryption communication devices, a communication encryption key cannot be obtained without knowing the shared key. As a result, the encryption key for communication can be safely unified between the two encryption communication devices.

In FIG. 8, a case has been described where the communication encryption key is generated based on the random number generated by the calling-side encryption communication device. However, the communication encryption key is generated in S71a and S71b. When the communication encryption key is used from the encryption random numbers of S64b and S63a instead of the encryption random numbers of S54a and S53b, the communication encryption key is generated based on the random number generated by the called-side encryption communication device. Can be generated.

[0013]

However, in the above-mentioned conventional method, the operation of the cryptographic communication device differs between the calling side and the called side, so that the negotiation operation in each cryptographic communication device becomes complicated. As a result, it takes time to develop the cryptographic communication device, and there is a large room for failure.

For example, in FIG. 8, a communication encryption key is generated based on a random number generated by an encryption communication device on the calling side. Therefore, the cryptographic communication device generates a communication encryption key based on a random number generated by itself when calling, and generates a communication encryption key based on a random number received from a communication partner when called. .

As described above, the negotiation operation is different between the case where a call is made and the case where a call is received, so the developer of the cryptographic communication device sets the cryptographic communication device so that two types of negotiation operations can be performed. Need to be manufactured.

Further, since the negotiation operation differs between the calling side and the called side, each cryptographic communication device is either the calling side or the called side when generating the communication encryption key. Need to be identified.

Here, especially when each cryptographic communication device can perform one-to-many or many-to-many communication, such as when performing data communication, while the cryptographic communication device is calling another cryptographic communication device. In some cases, a call may be received from another cryptographic communication device. Therefore, if the negotiation is complicated, the possibility of erroneous identification becomes extremely high in this process.

If the calling side and the called side are erroneously identified, encrypted communication after negotiation becomes impossible. Therefore,
In order to prevent erroneous identification, the cryptographic communication device needs to identify whether or not it is the calling side by a complicated procedure.

As a result, the operation of the cryptographic communication device becomes complicated, and a program for describing the operation becomes longer. Therefore, there is more room for a defect, and the time required for developing the program becomes longer.

In recent years, for example, communication means, such as wireless communication and the Internet, in which a third party is more likely to intercept communication than a wired public telephone network has become widespread, and the importance of cryptographic communication devices is increasing. Is getting higher. Furthermore, as the communication speed increases, the time available for identification decreases, and as the number of simultaneously connectable communication partners increases, the possibility of erroneous identification increases.
As a result, product development of cryptographic communication devices is becoming more and more cumbersome, and there is a strong desire for cryptographic communication devices that can be easily developed.

The present invention has been made in view of the above-mentioned problems, and has as its object the purpose of which can be easily developed and
An object of the present invention is to realize a cryptographic communication device capable of negotiating cryptographic communication at high speed.

[0022]

According to a first aspect of the present invention, there is provided a cryptographic communication apparatus comprising: a cryptographic communication apparatus configured to perform a cryptographic communication using a shared cryptographic key set prior to a cryptographic communication; In a cryptographic communication device having cryptographic communication means for performing cryptographic communication with a communication device, a first transmission means for transmitting first transmission data to a communication partner, and a first transmission data receiving the first transmission data transmitted by the communication partner as first reception data. a first receiving means,-out based on both the said first transmission data and the first received data,
An operation that changes the operation result if the order of terms is changed
Accordingly, as the encryption key for the communication, calculation in one order
The first communication encryption key obtained and the second
Bei an encryption key generation means for generating a communication encryption key example, above
The encryption communication means uses the first communication encryption key,
The data to be transmitted to the communication partner is encrypted, and the second communication is performed.
Decrypts the data received from the communication partner using the
It is characterized in that-coding.

In the above configuration, at the time of negotiation prior to the cryptographic communication, the first transmitting means of the cryptographic communication device transmits the first transmission data, and the first receiving means of the other party's cryptographic communication device transmits the first transmission data. The data is received as first received data. On the other hand, the first transmission data transmitted by the first transmission unit in the encryption communication device of the communication partner is:
Received as first received data.

The encryption key generating means of the two encryption communication device, for example, etc. encryption and consolidated, in accordance with a predetermined calculation method, communication based on both the respective first transmission data and the first received data Generate an encryption key. Here, the first transmission data of both encryption communication devices is the same as the first reception data of the communication partner . Furthermore, as a calculation method, for example, as in the connection, the results calculated to switch the order of the terms are different calculation methods are adopted, and a first transmission data and the first received data, two communication encryption key Generated. here
Then, the encryption communication means uses the communication encryption key calculated in one order as the communication encryption key, and uses the communication encryption key calculated in the other order as the communication decryption key .
Communication decoding key both encrypted communication apparatus that matches the communication encryption key of the communication partner.

When the negotiation is completed, the encryption communication means of both encryption communication devices encrypts the plaintext with the above-mentioned communication encryption key and sends it out according to the shared key method such as DES, and receives it from the other party's encryption communication means. The ciphertext decrypted into plaintext using the communication encryption key. Here, the encryption key generation means employs a calculation method in which the calculation result changes by changing the order of the terms .
However, since the communication decryption key matches the communication encryption key of the communication partner, the encryption communication means of both encryption communication devices can perform encrypted communication without any problem.

In the above configuration, in the cipher communication, only the cipher text flows between the two cipher communication devices. Therefore,
Even if a third party who does not know the key for decrypting the ciphertext observes the data transmitted between the two cryptographic communication devices, the content of the communication cannot be grasped. As a result, communication contents can be kept secret from third parties.

In particular, the communication encryption key is generated based on the first transmission data and the first reception data transmitted for each encryption communication. Therefore, for example, the communication encryption key can be frequently changed by frequently changing the first transmission data transmitted by the two encryption communication devices, for example, for each encrypted communication. Thereby, the security of the communication content in the encrypted communication can be further improved.

By the way, for example, the first transmission data or the first transmission data
At the time of the negotiation, such as received data, data transmitted between the two cryptographic communication devices may be intercepted by a third party. Therefore, if a third party can guess the communication encryption key from these data, the security of the communication contents in the encrypted communication cannot be ensured. However, in the above configuration, the encryption key generation means calculates the communication encryption key from both the first transmission data and the first reception data, and the communication encryption key is not transmitted between the two encryption communication devices. . Therefore, if the calculation method can be concealed from a third party, the communication encryption key can be securely concealed from the third party.

Normally, an encryption algorithm is used to calculate a communication encryption key, and the key (encryption key) at that time is used.
It is only necessary to be able to obtain Therefore, for example, if the calculation method includes a step of encrypting each data using a shared key that is shared in advance between the legitimate cryptographic communication devices, the security of the calculation method is sufficiently ensured. it can. As a result,
Even if the data transmitted between the two cryptographic communication devices is observed during the negotiation, the third party cannot guess the communication content in the encrypted communication and can keep the security of the communication content secret from the third party.

Here, the encryption key generating means of both the encryption communication devices transmits the data by itself regardless of which encryption communication device has started communication, that is, regardless of which is the calling side. The communication encryption key is calculated based on both the first transmission data and the first reception data received from the communication partner. As a result, the operation of the calling-side cryptographic communication device
Is the same as the operation of the called-side cryptographic communication device. Therefore, unlike the past , it is determined whether or not the caller,
Your own communication without changing the operation according to the judgment result
Match the decryption key for communication with the communication encryption key of the
Can be

As a result, when the cryptographic communication device is developed, it is not necessary to separately design the operation when the cryptographic communication device makes a call and the operation when the cryptographic communication device receives a call. Can be developed. Therefore, it is possible to greatly reduce the labor required for developing the cryptographic communication device.

Further, according to a second aspect of the present invention, there is provided a cryptographic communication device for a shared communication key set prior to a cryptographic communication.
Cryptographic communication hand that performs cryptographic communication with another cryptographic communication device using
In a cryptographic communication device having a stage, a first transmission
First transmitting means for transmitting communication data, and
Receiving the received first transmission data as first reception data
A first receiving unit; a second transmitting unit for transmitting the second transmission data to the communication partner; a second receiving unit for receiving the second transmission data transmitted by the communication partner as the second reception data; First transmission data generating means for encrypting the second reception data with a key to generate the first transmission data; data obtained by encrypting the second transmission data with the shared key; If matches,
Authentication means to authenticate that the communication partner is a legitimate communication partner
And both the first transmission data and the first reception data.
Then, a different first communication encryption key is used as the communication encryption key.
Key generating means for generating a signal key and a second communication key
Wherein the cipher communication means comprises the first communication cipher.
Using a key, encrypt the data sent to the communication partner
Receiving from the communication partner using the second communication encryption key;
The decrypted data is decrypted .

In the above configuration, at the time of negotiation, the second transmitting means of the first cryptographic communication device transmits, for example, second transmission data generated by a random number or the like. The second receiver of the communication partner receives the second transmission data, and the first transmission data generator of the communication partner encrypts the second transmission data with the shared key. Thus, the generated first transmission data of the communication partner is returned by the first transmission unit of the communication partner.

On the other hand, in the encryption communication device on the side that has transmitted the second transmission data, the authentication means includes data obtained by encrypting the second transmission data with the shared key and the first reception data returned from the communication partner. If they match, the communication partner is authenticated as a legitimate communication partner.

Here, since the second transmission data and the second reception data are transmitted between the two cryptographic communication devices,
Third parties can observe these data. However, a third party who does not know the shared key cannot generate correct first transmission data from these data. Therefore, the data obtained by encrypting the second transmission data does not match the first transmission data, and the authentication unit determines that the communication partner is not a legitimate communication partner. In this case, the authentication unit rejects access by, for example, cutting off communication. As a result, both cryptographic communication devices can authenticate the communication partner, and can surely deny access from a third party.

When both cryptographic communication devices authenticate the communication partner,
The encryption key generation means includes a first transmission data and a first reception data.
Then, different first and second communication encryption keys are generated based on the first and second communication keys. Further, when the cryptographic communication is started between the two cryptographic communication devices , the cryptographic communication means starts the first communication.
Encrypts data sent to the communication partner using the trust encryption key
From the communication partner using the second communication encryption key.
Decrypt the received data.

In the above configuration, the first transmission data and the first transmission data
The received data is used for both generation of a communication encryption key and authentication of a communication partner. Therefore, data communication for generating a communication encryption key and data communication for authenticating a communication partner can be shared. Furthermore, the same first transmission data
Data and the first received data, two communication encryption keys
Generated. As a result, labor and time required for authentication and generation of a communication encryption key can be reduced as compared with the case where both data communications are performed separately. Therefore, it is possible to realize a cryptographic communication device that can safely communicate and can negotiate at high speed.

[0038] By the way, in the configuration of the invention according to claim 1 or 2, the method in which the encryption key generation means calculates the communication encryption key from the first transmission data and the first reception data,
For example, such consolidation, various methods are conceivable. In the calculation, for example, if both data are encrypted with a shared key, the risk that the communication encryption key is guessed can be reduced. Was <br/> However, the bit length of the computation result, the ratio of the first transmission data or bit length of the first received data, 1: ing fly 1
If, in order to increase the signal of the safety passage, an attempt to increase the length of the communication encryption key, it is necessary to send and receive a longer first transceiver data. Particularly, when a random number is generated by encryption and the first transmission data or the first reception data is generated based on the random number, the length of the random number that can be generated at one time is equal to the length of the data to be encrypted at one time. Limited to Therefore, the number of times required to generate a random number of a required length increases, and the effort and time required for generation tend to increase.

The length of the communication encryption key can be extended, for example, by repeating the bits of the operation result.
However, in this case, the information amount of the operation result does not increase, so that communication security cannot be improved.

On the other hand, the encrypted communication apparatus according to the third aspect of the present invention provides a shared communication set prior to the encrypted communication.
Encryption communication with other cryptographic communication devices using
Communication device in a cryptographic communication device having
A first transmitting means for transmitting the first transmission data to the
The first transmission data transmitted by the other party is referred to as first reception data.
And a first receiving means for receiving the communication encryption key.
And data based on Symbol first transmission data, to generate a first communication encryption key of the data based on the first received data linked in a predetermined order, the linked by interchanging the two data Key generation method for generating the communication key 2
And the cipher communication means encrypts data to be transmitted to a communication partner using the first communication encryption key,
The second communication encryption key is used to decrypt data received from a communication partner.

The linking may be performed by linking both data as a whole, or by splitting both data into blocks having a predetermined bit length and linking each block. Further, the first transmission data and the first reception data may be encrypted and then connected, or after the connection, the encryption may be performed to generate an encryption key for both communications.

In the above configuration, the order of the items is
In other words, if the operation results in a change
Since each communication encryption key is generated, the same as in claim 1
The caller or the called party
Without decryption key for own communication and communication
The encryption key can be matched and the encryption communication device can be opened.
It can greatly reduce the trouble when emitting.

Further, since each communication encryption key is generated by the concatenation, the first transmission data and the communication encryption key longer than the bit length of the first transmission data can be used without lowering the security of communication. Can be generated. Therefore, a communication encryption key can be generated in a simpler procedure and in a shorter time than other calculation methods.

Further, an encryption communication device according to a fourth aspect of the present invention.
Is set prior to cryptographic communication to solve the above problems.
Using a common communication encryption key that is
Communication device having encryption communication means for performing encryption communication with the device
A first transmission of transmitting the first transmission data to a communication partner.
Communication means and the first transmission data transmitted by the communication partner.
First receiving means for receiving as one received data, and a communication partner
A second transmitting means for transmitting the second transmission data;
The second transmission data transmitted by the hand is received as the second reception data.
Using a second receiving means for decrypting and a predetermined shared key.
The second received data is encrypted, and the first transmitted data is encrypted.
First transmission data generating means for generating the second transmission data;
Data encrypted with the shared key and the first received data.
If the communication partner matches the
Authentication means for authenticating that the
The data based on the first transmission data and the first reception data
Data based on the communication data in a predetermined order
Generate the communication encryption key for
Encryption key generator for generating a second communication encryption key
Generating means, wherein the cryptographic communication means comprises:
Data to be transmitted to the communication partner using the encryption key
Then, using the second communication encryption key, receiving from the communication partner.
The decrypted data is decrypted.

It should be noted that even if the entire data is connected,
Or both data into blocks of a given bit length
It may be divided and connected for each block. In addition, the first transmission
After encrypting the communication data and the first reception data,
Or after concatenation, encrypt and encrypt both communication encryption keys.
May be generated.

In the above configuration, similar to the third aspect, the connection
Therefore, since each communication encryption key has been generated ,
Without distinguishing between the calling and called parties,
Your own communication decryption key and your communication partner's
Can be matched when developing a cryptographic communication device.
The labor can be greatly reduced. In addition, the security of communication is reduced
Without transmitting the first transmission data and the first transmission data.
A communication encryption key longer than the bit length can be generated.
It is simpler procedure and shorter time than communication method.
Key can be generated.

Further, similar to claim 2, the first transmission data
The data and the first received data are used to generate a communication encryption key,
Used for both authentication of the peer. Therefore, communication
Data communication for generating the encryption key for
Can be shared with data communication to prove. Furthermore, the same
From the first transmission data and the first reception data of the
A trusted encryption key is generated. As a result, both data communications are separated.
Authentication and communication encryption key generation
The required labor and time can be reduced. Therefore, safely
High-speed encryption while communication is possible
A communication device can be realized.

[0048]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS FIG. 1 shows an embodiment of the present invention.
7 is as follows. That is, the cryptographic communication device according to the present embodiment is a device that encrypts a plaintext indicating communication contents into a ciphertext that is difficult to be decrypted by a third party, or decrypts a ciphertext into a plaintext, For example, as shown in FIG.
In the case of a communication system in which a local area network (LAN) 2a and a LAN 2b are connected via an area network (WAN) 1, an encryption communication device 3
a.3b is between each LAN 2a.2b and WAN1.
Each is provided.

In the communication system according to the present embodiment, one LAN 2a-side device (the LAN 2a and the encryption communication device 3a, etc.) and the other LAN 2b-side device (L
AN 2b and the cryptographic communication device 3b). Therefore, in the following, for convenience of explanation, L
In the device on the AN 2b side, members having the same functions as those on the LAN 2a side are referred to by reference numerals in which the last alphabetic character is changed from a to b, such as LAN 2b, and the description is omitted.

The WAN 1 is a network that can communicate over a wide range, such as a public telephone network or the Internet. In many WANs, an unspecified number of users can be connected to a line, and can join by a relatively simple procedure, for example, by subscribing to a WAN operator. Therefore, these WANs are defined as WAN1 according to the present embodiment.
Is adopted, the LA can be more easily compared to a case where the LANs 2a and 2b are extended to a place where both LANs 2a and 2b are arranged.
Communication between N2a and N2b becomes possible, and the communication system according to the present embodiment can be realized.

However, since the transmission path of the data flowing on the WAN 1 is longer than the transmission path in the LANs 2a and 2b, the data is not an authorized user as compared with the data flowing in the LANs 2a and 2b. Eavesdropping and tampering are easily performed by third parties.

In particular, when wireless communication is performed on at least a part of the transmission path as in a portable telephone or a personal handyphone system, a third party can relatively easily intercept data flowing on the WAN 1. Further, when there is a possibility that a communication device of a third party is used as a transmission path as in the Internet, there is a risk that the data may be eavesdropped or tampered with the communication device.

On the other hand, the LAN 2a is composed of authorized terminals 21a which can communicate with each other. The terminal 21a
Is a computer, etc., and according to the instruction of the user,
Sends data to another terminal 21a,
Or receive data from Further, the LAN 2a is connected to the encryption communication device 3a,
a is connected to another LAN 2b via the cryptographic communication device 3a.
Can communicate with the terminal 21b.

Each of the terminals 21a is usually installed in a place where it is difficult for a third party to operate, such as in a company. In addition, installation locations such as network wiring and relay facilities for connecting the terminals 21a are also limited. Further, the terminal 21a and W
An encryption communication device 3a is provided between the terminal 21a and the AN1, and even if a third party tries to access the terminal 21a via the WAN1, the terminal 21a cannot be directly accessed. Therefore,
The data flowing through the LAN 2a is much more difficult to eavesdrop or tampering by a third party than the data flowing through the WAN1.

On the other hand, the encryption communication device 3a according to the present embodiment
For example, as shown in FIG. 1, a WAN interface unit 31 for mutually converting internal data processed in the cryptographic communication device 3a and data flowing on the WAN 1, and a data interface between the internal data and data flowing on the LAN 2a. A LAN interface unit 32 for conversion, a storage unit 33 for storing data necessary for encryption and decryption, and a control unit 34 for controlling both the interface units 31 and 32 and the storage unit 33 are provided. In the following, the above-mentioned interface units 31 and 32 are respectively referred to as WAN / I / F
Unit 31 or the LAN / I / F unit 32.
The WAN I / F unit 31 corresponds to the first and second transmitting means and the first and second receiving means described in the claims.

The WAN I / F unit 31 is an interface selected according to the WAN 1 such as a modem or an R / T point interface. When data is sent from the WAN 1 side, the WAN I / F unit 31 transmits the data. Upon receiving and performing physical and logical conversions, the data can be converted into a data format that can be processed by the control unit 34. LAN2a
In response to a request from the side, the encryption communication device 3a
When sending data to the WAN 1, the data format that can be processed by the control unit 34 can be converted to a data format that can be transmitted on the WAN 1. Further, for example, when the WAN 1 is a public telephone line network, a call or an incoming call is made before data communication, and the encrypted communication device 3b of the communication partner and the encrypted communication device 3 are communicated.
If it is necessary to establish a connection with b, the connection can be established after calling or receiving a call. If it is not necessary to establish a connection with the cryptographic communication device 3b prior to communication, as in the case where the Internet is used as the WAN1, the WAN 1
The I / F unit 31 directly transmits and receives data.

The LAN / I / F unit 32 is, for example,
An interface selected according to the LAN 2a, such as an Ethernet (trademark: Xerox Corporation) interface. For example, when data is received from a device in the LAN 2a such as the terminal 21a, the data can be processed by the control unit 34. Can be converted to model. When the cryptographic communication device 3a needs to send data to devices in the LAN 2a, for example, when receiving data from the WAN 1, the data is converted into a data format that can be transmitted on the LAN 2a. Can be sent out.

On the other hand, the storage unit 33 stores, for example, a ROM (R
ead-Only Memory) and RAM (Random access Memory)
) And the like, and the cryptographic communication devices 3a and 3b
A shared key area (authentication means) 41 for storing a shared key O shared in advance between authorized users, and a transmission encrypted random number area (first area) for storing an encrypted random number to be transmitted to a communication partner.
(Transmitting means) 42 and a received encrypted random number area (first receiving means) 43 for storing an encrypted random number generated based on a random number received from a communication partner. The storage unit 3
The area 3 is provided with an area for storing a program of the control unit 34, a work area used when the control unit 34 operates, and the like.

The control unit 34 includes an encryption processing unit 51 for performing encryption and decryption processing between the WAN / I / F unit 31 and the LAN / I / F unit 32.
An encryption key generation unit 52 that generates a communication encryption key and instructs the encryption processing unit 51 is provided. Note that the encryption processing unit 5
1 and the encryption key generation unit 52 are functional modules realized by the control unit 34 executing a predetermined program. Further, the encryption processing unit 51 corresponds to the encryption communication unit and the first transmission data generation unit described in the claims, and the encryption key generation unit 52 corresponds to the encryption key generation unit. Further, the authentication means corresponds to the control unit 34.

The cryptographic processing unit 51 is a processing unit for performing cryptographic processing using a shared key system.
When data is received from the I / F unit 31, the data is decrypted based on the communication encryption key (decryption key) given from the encryption key generation unit 52, and transmitted to the LAN I / F unit 32. On the other hand, when data is received from the LAN / I / F unit 32, the data is encrypted based on the communication encryption key (encryption key) given from the encryption key generation unit 52, and the WA
It can be sent to the N.I / F unit 31.

Further, the encryption processing unit 51 can generate an encrypted random number by encrypting the random number received from the communication partner or the random number generated by itself with the shared key O at the time of negotiation prior to the encrypted communication. These encrypted random numbers are stored in the encrypted random number areas 42 and 43, respectively, and are used for authentication of a communication partner and generation of a communication encryption key, as described later.

Further, the encryption processing unit 51 according to this embodiment
Can generate a random number at the time of the negotiation and provide the random number to the encryption key generation unit 52. When a plaintext is encrypted, a ciphertext is generated which is completely different from the plaintext and is difficult to guess from the ciphertext. Therefore,
For example, by encrypting arbitrary data such as sequentially increasing or decreasing values or data indicating a date, the encryption processing unit 51
Can generate very good random numbers, for which it is difficult to predict the next value to be generated. Thus, different data can be transmitted to the communication partner for each communication without providing a member for generating a random number separately.

Here, as an example of the encryption processing unit 51, I
The operation of the encryption processing unit 51 when using the DEA encryption method will be briefly described. That is, as shown in FIG. 3, the IDEA encryption method is a block encryption method in which an input plain text is divided into blocks each having a predetermined length, and each block is encrypted using a designated encryption key. . I
In the DEA encryption system, the length of the encryption key is set to 128 bits, and one block is 64 bytes using the encryption key.
The bit plaintext is converted into a 64-bit ciphertext.

More specifically, the encryption processing unit 51 performs an odd round in which data inputted using four internal keys is agitated, and performs an odd round between each odd round. The even round with stirring is alternately repeated. For example, in the first odd round O1, the internal key K
Using 1 to K4, the plaintext is agitated and delivered to the next even-numbered round E1. In the even-numbered round E1, the delivered data is agitated by the internal keys K5 and K6 and delivered to the next odd-numbered round O2. After eight odd rounds and even rounds are performed, a final odd round O9 is performed to generate a 64-bit cipher text using the internal keys K49 to K52.

In the IDEA encryption system, the internal keys K1 to K1
K52 is generated from the given 128-bit encryption key according to the scheduling (order) shown in FIG.
That is, as shown in FIG.
Generates the first to eighth internal keys K1 to K8 by dividing the given 128-bit encryption key in units of 16 bits.

Subsequently, as shown in FIG. 4B, the encryption processing unit 51 bit-shifts the encryption key by a predetermined offset (25 bits). Note that the bits protruding from the least significant bit by the bit shift become the most significant bits, so that the effective bit length of the encryption key is kept at 128 bits. The encryption key after the bit shift is divided every 16 bits, and ninth to sixteenth internal keys K9 to K16 are generated.

The same bit shift and bit division are repeated five more times. Eight internal keys are generated for each bit shift, ie, each time the offset based on the bit position in a given encryption key increases by 25 bits. Thereby, the encryption processing unit 51 generates the seventeenth to fifty-second internal keys K17 to K52. In addition, as shown in FIG.
In the case of bits, internal keys K41 to K48 are generated, and the number of internal keys not generated is four. Therefore, at the time of the last bit shift (the offset is 150 bits), as shown in FIG. 4D, four internal keys K49 to K52 are generated from the upper 64 bits of the 128 bits.

On the other hand, since the encryption process is a reversible process, the decryption process is performed in the reverse order of the encryption process.
However, in the shared key cryptosystem like the IDEA cryptosystem, the ciphertext cannot be decrypted to the original plaintext unless the encryption key used for encryption and the key used for decryption are common.

Since the encryption processing unit 51 is a shared key system, all encryption keys given to the encryption processing unit 51 are shared keys in a broad sense. However, for convenience of description, hereinafter, only the encryption key shared between the respective encryption communication devices 3a and 3b is referred to as a shared key O, and is referred to as an encryption key (encryption key for communication) used in the encryption communication. Distinguish. Also, in the above,
As an example of the encryption processing in the encryption processing unit 51, IDE
Although the A-encryption method has been described, the same effect as in the present embodiment can be obtained by adopting another encryption method such as the DES encryption method as long as it is a shared key encryption method.

On the other hand, the encryption key generation unit 52 according to the present embodiment
Communicates with the other party's cryptographic communication device 3b and negotiates with the other party's cryptographic communication device 3b in a procedure described later, prior to the cryptographic communication. Thereby, the encryption key generation unit 52 converts the transmitted encrypted random number into
The received encrypted random number is stored in the received encrypted random number area 43 while being stored in the transmission encrypted random number area 42.
Further, the encryption key generation unit 52 determines, based on both encrypted random numbers,
A communication encryption key and a communication decryption key used at the time of encrypted communication can be generated and notified to the encryption processing unit 51.

Here, the negotiation procedure in the communication system having the above configuration will be described by taking as an example a case where the cryptographic communication device 3a calls the cryptographic communication device 3b. In the following, for convenience of explanation, a case where the cryptographic communication device 3a calls the cryptographic communication device 3b will be described as an example, and the cryptographic communication device 3a is referred to as a calling side and the cryptographic communication device 3b is referred to as a called side. However, since the operations of the two cryptographic communication devices 3a and 3b are symmetric, the same applies to the case where the cryptographic communication device 3b calls.

That is, in the communication system shown in FIG. 2, for example, when the terminal 21a of one LAN 2a communicates with the terminal 21b of the other LAN 2b, the terminal 21a
Sends data to the terminal 21b over the LAN 2a. The encryption communication device 3a determines that the data is data to be transmitted to the LAN 2b based on, for example, the address of the terminal 21b added to the data,
The communication with the encryption communication device 3b is started via the WAN1.

For example, when the WAN 1 is a public telephone line or the like, the encryption communication device 3a calls the encryption communication device 3b by dialing the telephone number of the encryption communication device 3b prior to communication. Thereby, both encryption communication devices 3a
3b becomes communicable. When the destination address can be specified for each data by adding a destination address to the data, such as when the WAN 1 is the Internet, the encryption communication device 3a transfers the data to the address indicating the encryption communication device 3b. If sent, communication is started.

When both cryptographic communication devices 3a and 3b can communicate, the calling cryptographic communication device 3a generates a random number A1 in step S1a shown in FIG. The random number A1 is transmitted to the device 3b. In the following, the steps performed by the encryption communication device 3a on the calling side include, for example, a at the end of the code, such as S1a.
The steps executed by the called-side cryptographic communication device 3b are referred to by appending b to the end of the code, as in S1b.

On the other hand, the encrypted communication device 3b on the called side
At b, when the random number A1 is received from the cryptographic communication device 3a,
In S2b, the random number A1 is encrypted using the shared key O shared in advance. Thereby, the encrypted random number A2
Is generated. Further, in S3b, the encryption communication device 3b sends back the generated encrypted random number A2 to the encryption communication device 3a on the calling side.

By the way, the encryption communication device 3a on the calling side
In S2a, the self-generated random number A1 is encrypted using the shared key O shared in advance to generate an encrypted random number A3 (S3a). The encrypted random number A3 is stored in the received encrypted random number area 43 shown in FIG.

Further, the caller's encryption communication device 3b
4a, the called-side cryptographic communication device 3b
Upon receiving the encrypted random number A2 generated in step S5a, the encrypted random number A3 generated by itself in step S3a is received in step S5a.
A comparison is made with the received encrypted random number A2. Here, the shared key O is unified among authorized users, for example, by distributing the shared key O in advance. In addition, the two cryptographic communication devices 3a and 3b encrypt the random number A1 generated by the caller's cryptographic communication device 3a with the shared key O to generate an encrypted random number A2.
Generate A3. Therefore, the called-side cryptographic communication device 3
If a is a legitimate cryptographic communication device, the received encrypted random number A2 should match the encrypted random number A3 generated by itself. Therefore, when the encrypted random numbers A2 and A3 match, the cryptographic communication device 3a determines that the called-side cryptographic communication device 3b is a legitimate cryptographic communication device. As a result, the calling-side encrypted communication device 3a can authenticate the called-side encrypted communication device 3b. For example, as shown in FIG. 5, the random number A1 is "firt83ao?>&#$" And the encrypted random number A2 is "si2Fe @
In the case of \ W! X5 ", the encrypted random number A3 is also" si2Fe @ \ W! X5 ".

If the two encrypted random numbers B1 do not match in S5a, the cryptographic communication device 3a determines that the called-side cryptographic communication device 3b is not a legitimate cryptographic communication device and performs the subsequent processing. Do not do. Thus, even if a third party who does not know the shared key O attempts to access the encrypted communication device 3b, the encrypted communication device 3a can reject the access.

Further, the calling side and the called side are switched, and
Steps similar to those of S1a to S5a and S1b to S3b are performed (S11b to S15b and S11a to S11b).
S13a). In these steps, both cryptographic communication devices 3
a.3b generates encrypted random numbers B2 and B3 based on the random number B1 generated by the called-side cryptographic communication device 3b. As a result, the called-side encrypted communication device 3b can authenticate the calling-side encrypted communication device 3a.

In FIG. 5, for convenience of explanation, the above steps S1a to S5a and S1b to S3b are replaced by the above steps S11b to S15b and S11a to S13a.
Although described as being performed earlier, each of these steps can be performed in parallel. For example, as shown in FIG. 5, when the random number B1 is "s8e8z # a = Cs" and the encrypted random number B2 is "lk3% uyx23", the encrypted random number B3 is also "lk3% uyx".
23 ".

As a result, the caller's cryptographic communication device 3a
Is the encrypted random number B generated by the calling-side cryptographic communication device 3a.
2 can be stored in the transmission encrypted random number area 42 shown in FIG. 1, and the communication partner, that is, the encrypted random number A2 generated by the called-side encrypted communication device 3b can be stored in the reception encrypted random number area 43. Similarly, the encryption random number A2 generated by the encryption communication device 3b is stored in the transmission encryption random number region 42 of the encryption communication device 3b on the called side, and the encryption random number region 43 of the calling side is stored in the reception encryption random number region 43. The encrypted random number B2 generated by the communication device 3a is stored. Therefore, in both encryption communication devices 3a and 3b,
The encryption random number stored in its own transmission encryption random number area 42 matches the encryption random number stored in the communication partner's reception encryption random number area 43.

When both the encryption communication devices 3a and 3b succeed in the authentication by the communication partner, a communication encryption key used for the encryption communication is generated based on the two encrypted random numbers A2 and B2 as shown in FIG. Is done. That is, the encryption communication device 3a on the calling side encrypts the encrypted random number B2 generated by itself (calling side) with the shared key O in S21a to generate encrypted data B4. In S22a, the received encrypted random number A2 is encrypted with the shared key O to generate encrypted data A5.

Further, in S23a, the encrypted communication device 3a sets both encrypted data A5 and B5 so that the encrypted data B4 is lower and the encrypted data A5 is higher.
4 to generate a communication encryption key C1. Also,
In S24a, the two encrypted data B are set so that the encrypted data B4 is higher and the encrypted data A5 is lower.
4. A5 is concatenated to generate a communication decryption key C2.

On the other hand, in the called-side cryptographic communication device 3b, S
At 21b to S24b, the same processing as at S21a to S24a is performed, and both encrypted data B5 and A4,
And a communication encryption key C3 and a communication decryption key C4.
Is generated.

Here, the shared keys O for generating the respective encrypted data are the same in both the encrypted communication devices 3a and 3b. Also, as described above, the two encryption communication devices 3a and 3b
In this example, the encrypted random number stored in the transmission encrypted random number area 42 of the communication partner is the same as the encryption random number stored in the reception encrypted random number area 43 of the communication partner. Therefore,
In both encryption communication devices 3a and 3b, the generated communication encryption key is the same as the communication decryption key of the communication partner,
The communication decryption key is the same as the communication encryption key of the communication partner.

For example, as shown in FIG. 6, encrypted data B4 and A5
Are "oe [9w8yx" and "Pia; l # O &3h", respectively, the communication encryption key C1 is "Pia; l # O & 3hoe [9w8yx", and the communication decryption key C2 is "oe [ 9w8yxPia; l # O & 3h ". Similarly, in the called-side encrypted communication device 3b, the encrypted data A4 and B5 are "Pia; l # O &3h" and "oe [9w8yx".
Therefore, the communication encryption key C3 is "oe [9w8yxPia; l # O
& 3h ", which matches the communication decryption key C2 on the calling side.
Further, the communication decryption key C4 becomes "Pia; l # O & 3hoe [9w8yx"", which matches the communication encryption key C1 on the calling side.

When the negotiation is completed, each encryption communication device 3a (3b) encrypts the data received from the LAN 2a (2b) with the communication encryption key C1 (C3) and sends it to the WAN 1. On the other hand, each encryption communication device 3a (3
b) decrypts the data received from WAN1 with the communication decryption key C2 (C4) and sends it to the LAN 2a (2b). By the negotiation, since the communication decryption key matches the communication encryption key of the communication partner, the two encryption communication devices 3a and 3b can decrypt the received ciphertext into correct plaintext. Therefore, the terminal 21a of the LAN 2a
And the terminal 21b of the LAN 2b can perform encrypted communication without any trouble.

Here, at the time of the encrypted communication, the data flowing through the WAN 1 is a cipher text encrypted with the communication encryption key set in the negotiation. Further, each communication encryption key is changed for each communication. Therefore, a third party who does not know the encryption key for communication in the current encryption communication can use WA
Even if the data on N1 is observed, the communication contents cannot be grasped. Further, even if the data is falsified, the falsified data cannot be decrypted. Even if the falsified data is accidentally decoded, it does not become a meaningful plain text. Therefore, the users of the cryptographic communication devices 3a and 3b can easily find the falsified data. As a result, the communication contents in the encrypted communication can be reliably protected from observation or tampering by a third party.

By the way, at the time of negotiation, WAN1
If the third party can easily guess the communication encryption key based on the data flowing through the communication, the third party can falsify or observe the communication contents even if the communication contents are encrypted. However, the data flowing through WAN1 at the time of negotiation is a random number A.
1 and B1 and the encrypted random numbers A2 and B2, and the communication encryption keys C1 to C4 are generated from data obtained by encrypting both encrypted random numbers with the shared key O. Therefore, even if a third party who does not know the shared key O observes the random number and the encrypted random number, the encrypted data B4 and A5 (A4 and B5) cannot be generated. As a result, the third party communicates with both cryptographic communication devices 3a.
The communication encryption key of 3b cannot be guessed, and the communication contents in the encrypted communication can be reliably protected.

In the above description, both encryption communication devices 3a
(3b) has been described as an example in which both encrypted data B4 and A5 (A4 and B5) are connected to generate each communication encryption key, but the present invention is not limited to this, and various calculation methods can be applied. . Regardless of the calculation method, if a communication encryption key is generated from both encrypted data, the same effect as in the present embodiment can be obtained.

For example, as another calculation method, if a binary operation, such as a product, a sum, or an exclusive OR for each bit, is used, the operation result of which is the same even if the order of the items is changed, is adopted.
The communication encryption key and the communication decryption key are the same. Therefore, in this case, the communication encryption key can be generated in a simpler procedure than in the case where the order of the terms is changed and calculation is performed. The binary operation may be an operation for each bit or an operation for making the entire encrypted data one numerical value.

Here, if the sum or the product is used in the above calculation methods, the bit of the communication encryption key may be biased to one of 0 or 1. Further, if the operation method is complicated, the operation circuit becomes complicated and the operation time becomes long. Therefore, when using these binary operations, it is better to use exclusive OR for each bit. As a result, the operation time can be reduced as compared with the case where another binary operation is used. Further, when the arithmetic circuit is realized by hardware, the circuit scale can be reduced.

However, in the above-described binary operation, the length of the encrypted data is equal to the length of the communication encryption key. Therefore, for example, when the length of a random number that can be generated at one time is limited, such as when a random number is generated using the cryptographic processing unit 51, a cryptographic key having a length required as a communication encryption key is used. In order to generate coded data, it is necessary to generate random numbers in a plurality of times. As a result, the procedure at the time of negotiation becomes complicated, and the required time is lengthened. In particular, IDEA
In the encryption method, the length of a ciphertext that can be generated at one time is shorter than the length of the encryption key.
Random numbers must be generated multiple times.

On the other hand, as shown in this embodiment,
If the concatenation is used, a communication encryption key can be generated from encrypted data that is half the length of the communication encryption key. As described above, by using an operation in which the length of the operation result is longer than the length of each term, the number of times of generation of random numbers required to generate the communication encryption key can be reduced. Therefore, the procedure at the time of negotiation can be simplified, and the required time can be reduced.

Here, if the communication encryption key is generated by an operation in which the operation result changes if the order of the terms is changed, as in the case of concatenation, the two communication encryption keys are generated from the same encrypted data. Is generated. In this case, if the communication encryption key generated in one order is used for encryption and the communication encryption key generated in the other order is used for decryption, It is possible to match the communication decryption key of the communication partner with the communication encryption key of the communication partner without distinguishing whether the communication partner is the communication side.

In the present embodiment, when linking the encrypted data, the entire encrypted data is linked together, but the present invention is not limited to this. The encrypted data may be divided into blocks each having a predetermined bit, and the blocks may be connected to each other. Further, in the present embodiment, both encrypted data are connected after encrypting both encrypted random numbers to generate encrypted data. However, the present invention is not limited to this. Further, it may be encrypted. However, when encryption is performed after linking, encryption cannot be performed unless both encrypted random numbers are available. On the other hand, in the case of linking after encryption, encrypted data can be generated when one of the encrypted random numbers is obtained. Therefore, the time from acquisition of both encrypted random numbers to generation of a communication encryption key can be further reduced.

In the present embodiment, step S in FIG.
As described in 1a and S2a and S11b and S12b, a case has been described in which both cryptographic communication devices 3a and 3b generate and transmit random numbers, but the present invention is not limited to this.
For example, a date, a time, a sequence number, or the like may be used. If the two cryptographic communication devices 3a and 3b transmit different data for each communication, the same effect as in the present embodiment can be obtained.

Note that the encryption communication device 3a according to this embodiment
(3b), as shown in FIG. 1, the transmission encrypted random number area 4
2 and a received encrypted random number area 43, and the encrypted random number B
Although 2.A3 (A2.B3) is directly stored, it is not limited to this. For example, encrypted data or random numbers may be used. As long as the data indicates both encrypted random numbers, that is, data for which a communication encryption key can be generated, the same effect as in the present embodiment can be obtained.

Further, in FIG. 2, each LAN 2a (2b)
And the WAN 1 and the encryption communication device 3a (3b),
Each case has been described, and the case where plaintext is transmitted in the LAN 2a (2b) has been described as an example, but the present invention is not limited to this. If the cryptographic communication devices 3a and 3b are arranged between authorized terminals, the communication contents can be concealed between the cryptographic communication devices 3a and 3b, so that substantially the same effects as in the present embodiment can be obtained.

For example, as shown in FIG.
Instead of (21b), a terminal 22a (22b) to which the function of the encryption communication device 3a (3b) is added may be provided. Further, the encryption communication device 3a (3b) may be provided before the terminal 21a (21b) is connected to the LAN 2a (2b). In both of these configurations, the terminal 21a (21b) and the LA
N2a (2b) or terminal 22a (22b)
Within the LAN2, the conversion between plaintext and ciphertext is performed.
A ciphertext flows over a (2b). As a result, even if the third party can observe the data flowing through the LAN 2a (2b), the communication contents can be kept secret from the third party, and the security can be further improved.

In the present embodiment, devices on the LAN 2a side (for example, the LAN 2a and the encryption communication device 3a)
Although the case where the LAN 2b side device has the same configuration has been described as an example, the present invention is not limited to this. For example, LA
On the N2a side, as shown in FIG. 2, the cryptographic communication device 3a and the terminal 21a may be separated, and on the LAN 2b side, as shown in FIG. 7, the cryptographic communication device 3b and the terminal 22b may be integrated. . In any case, from the part where the plaintext data is processed on the LAN 2a side, such as the part in the LAN 2a shown in FIG. 2 and the part in the terminal 22a shown in FIG. As long as the cryptographic communication device 3a and the cryptographic communication device 3b are interposed between the parts to be processed, the same effects as in the present embodiment can be obtained.

Furthermore, in this embodiment, data communication between computers is assumed, and each terminal 21a, 21b, 22a
The case where the computer 22b is a computer connected to the LANs 2a and 2b has been described as an example, but the present invention is not limited to this. For example, the terminal may be a telephone or a facsimile directly connected to a public telephone network without going through a LAN. If the cryptographic communication device is arranged in the transmission path between the terminals, regardless of the content of the data transmitted between the terminals,
Similar effects can be obtained. However, since the encryption communication device performs encryption / decryption by digital processing, it is necessary to convert an analog signal and a digital signal when inputting / outputting an analog signal.

[0103]

According to the first aspect of the present invention, there is provided an encryption communication device comprising:
As described above, the first transmission means for transmitting the first transmission data to the communication partner, the first reception means for receiving the first transmission data transmitted by the communication partner as the first reception data, and the first transmission data When based-out in both the first received data,
An operation that changes the operation result if the order of terms is changed
Accordingly, as the encryption key for the communication, calculation in one order
The first communication encryption key obtained and the second
Bei an encryption key generation means for generating a communication encryption key example, above
The encryption communication means uses the first communication encryption key,
The data to be transmitted to the communication partner is encrypted, and the second communication is performed.
Decrypts the data received from the communication partner using the
This is a configuration for encoding.

In the above configuration, the first and second communication encryption keys are based on both the first transmission data transmitted by itself and the first reception data received from the communication partner.
Generated by arithmetic . Therefore, the operation of the calling side encrypted communication device becomes the same as the operation of the cryptographic communication device of the called side. As a result, whether you are the calling or called party
Without distinguishing between the communication decryption key and the communication
This makes it possible to match with the communication encryption key of the other party, and it is possible to greatly reduce the labor required for developing the encryption communication device.

According to the second aspect of the present invention, as described above, the first transmitting means and the first receiving means are provided.
In addition to the communication means, a second transmission means for transmitting the second transmission data to the communication partner, a second reception means for receiving the second transmission data transmitted by the communication partner as the second reception data, First transmission data generating means for encrypting the second reception data with a key to generate the first transmission data; data obtained by encrypting the second transmission data with the shared key; If matches,
An authentication unit that authenticates that the communication partner is a legitimate communication partner; and an authentication unit based on both the first transmission data and the first reception data.
Different first communication encryption key and second communication encryption key
Encryption key generation means for generating
Is transmitted to a communication partner using the first communication encryption key.
And encrypts the data to be encrypted using the second communication encryption key.
And decrypts data received from the communication partner .

In the above configuration, the same first transmission data and the same
And two communication encryption keys are generated from the first received data.
In addition, data communication for generating a communication encryption key and data communication for authenticating a communication partner can be shared. As a result, it is possible to realize an encrypted communication device that can perform negotiation at a higher speed than in the case where both data communications are performed separately, while enabling secure communication.

According to the third aspect of the present invention, as described above, the first transmitting means and the first receiving means according to the first aspect are provided.
In addition to the communication means, data based on the first transmission data and data based on the first reception data are connected in a predetermined order to generate a first communication encryption key, and the two data are exchanged. and a cryptographic key generating means for generating a second communication encryption key linked Te, cryptographic communication means using the first communication encryption key to encrypt the data to be transmitted to the communication partner, The second communication encryption key is used to decrypt data received from a communication partner.

In the above configuration, since each communication encryption key is generated by concatenation, a communication encryption key longer than the bit length of the first transmission data and the first reception data can be obtained without lowering the security of communication. Keys can be generated. therefore,
In addition to the effect of the first aspect, there is an effect that a communication encryption key can be generated in a simpler procedure and in a shorter time than other calculation methods.

[0109] cryptographic communication device according to a fourth aspect of the present invention, as described above, the first transmission means and the first receiving claim 1, wherein
Communication means, and the second transmission means and the second reception means according to claim 2.
Communication means, first transmission data generation means, and authentication means;
The data based on the first transmission data and the first reception data
The first communication is performed by linking data based on data in a predetermined order.
Generate an encryption key for
Encryption key generation means for generating a second communication encryption key by concatenation
Wherein the cryptographic communication means stores the first communication encryption key
Data to be transmitted to the communication partner using
The data received from the communication partner is
This is a configuration for decoding data.

Therefore, in the same manner as in claim 3, the call originates by itself.
Simple without distinguishing between the caller and the callee
Procedure and in a short period of time,
The communication encryption key of the communication partner can be matched,
It would greatly reduce the time and effort required to develop a cryptographic communication device.
This has the effect of

In addition, similar to the second aspect, in the above configuration,
Is, from the same first transmission data and first reception data,
Two communication encryption keys are generated and a communication encryption key is generated.
Data communication to generate the
Can be shared with data communication. As a result, secure communication
It is possible, but compared to performing both data communications separately.
In all, it is possible to realize a high-speed cryptographic communication device with negotiation.
It also has the effect of cutting.

[Brief description of the drawings]

FIG. 1 illustrates an embodiment of the present invention, and is a block diagram illustrating a main part of an encryption communication device.

FIG. 2 is a block diagram showing a communication system having the encryption communication device.

FIG. 3 is a block diagram illustrating an example of an encryption processing unit of the encryption communication device.

FIG. 4 is an explanatory diagram showing key scheduling of an internal key generated by the encryption processing unit.

FIG. 5 is a flowchart showing an operation of the cryptographic communication device at the time of negotiation, and shows an operation when the cryptographic communication device performs authentication.

FIG. 6 is a flowchart showing an operation of the encryption communication device at the time of negotiation, and shows an operation when the encryption communication device generates a communication encryption key.

FIG. 7 is a block diagram showing a modification of the communication system.

FIG. 8 is a flowchart showing an operation at the time of negotiation in a conventional cryptographic communication device.

[Explanation of symbols]

31 WAN / I / F unit (first and second transmission means, first and second reception means) 34 control unit (authentication means) 41 shared key area (authentication means) 42 transmission encrypted random number area (first transmission means) ) 43 Received encrypted random number area (first receiving means) 51 Cryptographic processing section (cryptographic communication means, first transmission data generating means) 52 cryptographic key generating section (cryptographic key generating means)

──────────────────────────────────────────────────続 き Continuation of front page (56) References JP-A-4-129441 (JP, A) JP-A-5-75598 (JP, A) JP-A-9-74408 (JP, A) JP-A-10- 51439 (JP, A) JP-A-4-35538 (JP, A) (58) Fields investigated (Int. Cl. ⁷ , DB name) G09C 1/00-5/00 H04K 1/00-3/00 H04L 9/00

Claims (4)

(57) [Claims] A cryptographic communication apparatus having cryptographic communication means for performing cryptographic communication with another cryptographic communication apparatus using a shared communication encryption key set prior to cryptographic communication, wherein the first transmission data is transmitted to a communication partner. A first transmission unit for transmitting the first transmission data transmitted by the communication partner as first reception data; and a first reception unit for receiving the first transmission data and the first reception data based on both the first transmission data and the first reception data.
If you change the order of the terms,
By the calculation, as the communication encryption key, in one order
The calculated first communication encryption key and the other
Encryption key generation means for generating an encryption key for communication
For example, the encryption communication means, using the first communication encryption key
To encrypt the data to be transmitted to the communication partner,
Data received from the communication partner using the communication encryption key
Encryption communication device, wherein the decoding child a. 2. Shared communication set prior to encrypted communication
Encryption communication with other cryptographic communication devices using
Transmitting means for transmitting first transmission data to a communication partner in a cryptographic communication device having signal communication means
And the first transmission data transmitted by the communication partner.
First receiving means for receiving the second transmission data to the communication partner; second receiving means for receiving the second transmission data transmitted by the communication partner as the second reception data; First transmission data generating means for generating the first transmission data by encrypting the second reception data with the obtained shared key; data obtained by encrypting the second transmission data with the shared key; If the received data matches, authentication means for communication partner authenticated as an authorized communication counterpart, based on both the said first transmission data and the first received data
A different first communication encryption key as the communication encryption key.
Encryption key generation means for generating a key and a second communication encryption key;
Wherein the encryption communication means uses the first communication encryption key.
To encrypt the data to be transmitted to the communication partner,
Data received from the communication partner using the communication encryption key
A cryptographic communication device for decrypting a password. 3. Shared communication set prior to encrypted communication
Encryption communication with other cryptographic communication devices using
Transmitting means for transmitting first transmission data to a communication partner in a cryptographic communication device having signal communication means
And the first transmission data transmitted by the communication partner.
A first receiving means for receiving a data, as the encryption key for the communication, the upper SL and data based on the first transmission data, the first communication encryption by the data based on the first received data linked in a predetermined order An encryption key generating means for generating a key, exchanging the two data and connecting them to generate a second communication encryption key , wherein the encryption communication means uses the first communication encryption key to generate a second communication encryption key. , encrypts the data to be sent to the communication partner, the second using an encryption key for communication, cryptographic communication device you wherein decoding the received from the communication partner data. 4. Shared communication set prior to encrypted communication
Encryption communication with other cryptographic communication devices using
Transmitting means for transmitting first transmission data to a communication partner in a cryptographic communication device having signal communication means
And the first transmission data transmitted by the communication partner.
First receiving means for receiving as data, and second transmitting means for transmitting second transmission data to a communication partner
And the second transmission data transmitted by the communication partner as the second reception data.
Receiving means for receiving the second received data, and encrypting the second received data with a predetermined shared key.
First transmission data for generating the first transmission data
Generating means, and data obtained by encrypting the second transmission data with the shared key
And the first received data, the communication phase
An authentication means for authenticating that the hand is a legitimate communication partner; and a communication encryption key based on the first transmission data.
Data and data based on the first received data are predetermined
To generate the first communication encryption key
Then, the two data are exchanged and connected to form a second communication password.
Encryption key generation means for generating an encryption key, wherein the encryption communication means uses the first communication encryption key.
To encrypt the data to be transmitted to the communication partner,
Data received from the communication partner using the communication encryption key
A cryptographic communication device for decrypting a password.