JP4579562B2 - Data transmission system, data transmission method and apparatus - Google Patents

Description

  The present invention relates to a data transmission system, a data transmission method, and an apparatus, and more particularly, to a data transmission system, a data transmission method, and an apparatus that can prevent spoofing transmission by a third party.

Conventionally, data to be transmitted on the sender side is encrypted, and the encrypted data and the encryption key for decrypting the encrypted data are separated by separate lines (for example, a satellite communication line and a ground line). There is a technique for transmitting to the receiver side. (For example, refer to Patent Document 1).
On the receiver side, the encrypted data and the encryption key are received separately, and the original data can be decrypted by these. As described above, by transmitting the encrypted data and the encryption key through separate lines, the confidentiality of data transmission can be improved.

Japanese Patent No. 3052322 (page 2-3, Fig. 1-2)

  However, since the receiving side receives the data without authenticating the sender of the data, it is possible to authenticate the sender even if transmission is performed by a third party on behalf of the sender who is supposed to transmit the data. could not.

  The present invention has been made in order to solve the above-described problems, and can perform authentication on the transmission side reliably on the reception side, and impersonation transmission in which a third party transmits data on behalf of the original sender. It is an object of the present invention to provide a data transmission system, a data transmission method, and an apparatus that can prevent the above-described problem.

  The data transmission system according to the present invention includes at least a first conversion constant, a second conversion constant, or a third conversion constant between the activation device, the operation device, and the authentication device. A data transmission system that encrypts and transmits data using a conversion constant of 2, wherein the activation device includes transmission data, the first conversion constant, the second conversion constant, the third conversion constant, and the first conversion constant. First transmission means for storing pattern conversion constants corresponding to three conversion constants, and the second conversion constant, or the second conversion constant and the third conversion constant, and the transmission data as first A first encryption means for encrypting the transmission data into a second alternative value by encrypting the transmission data to the second alternative value by using the first conversion constant or the first conversion constant and the third conversion constant; The first alternative value and the first conversion constant First activation signal generation means for generating a first activation signal including the second activation signal generation means for generating a second activation signal including the second alternative value, the second conversion constant, and the pattern conversion constant; And a transmission means for transmitting the first activation signal and the second activation signal to the operating device, wherein the operating device is a pattern conversion constant corresponding to the third conversion constant and the third conversion constant. Second storage means for storing the first activation signal and the second activation signal, reading the first alternative value and the first conversion constant from the first activation signal, and the second activation First reading means for reading the second alternative value, the second conversion constant and the pattern conversion constant from the signal, and a pattern conversion constant read by the first reading means is replaced with the third conversion constant. 1 replacement means, First decryption means for decrypting the first substitute value and the second substitute value into the first decrypted data and the second decrypted data using the conversion constants used for encryption, respectively, First authentication means for authenticating to accept the first activation signal and the second activation signal based on the decrypted data and the second decrypted data; transmission data; the first conversion constant; Selection means for selecting the conversion constant and the third conversion constant; and the second conversion constant selected by the selection means, or the transmission data using the second conversion constant and the third conversion constant. The transmission data is encrypted to the second alternative value by using the first conversion constant encrypted by the selection means or the first conversion constant and the third conversion constant encrypted to the first alternative value. Second encryption means for performing the second encryption First authentication signal generating means for generating a first authentication signal including a first substitute value calculated by the encoding means and a first conversion constant selected by the selecting means, and calculated by the second encryption means A second authentication signal including a second converted value, a second conversion constant selected by the selection means, and a pattern conversion constant corresponding to the third conversion constant selected by the selection means. When the authentication signal generating means and the first authentication means are authenticated to accept the first activation signal and the second activation signal, the first authentication signal and the second authentication signal are transmitted to the authentication device. Transmitting means, wherein the authentication device stores the third conversion constant and a pattern conversion constant corresponding to the third conversion constant, and the first authentication signal and the second authentication. signal Receiving and reading the first substitution value and the first conversion constant from the first authentication signal, and reading the second substitution value, the second conversion constant and the pattern conversion constant from the second authentication signal. 2 reading means, a second reading means for replacing the pattern conversion constant read by the second reading means with the third conversion constant, a first substitution value read by the second reading means, and a second A second decryption means for decrypting the substitute value into the first decrypted data and the second decrypted data by the conversion constant used for the encryption, respectively, and the first decrypted by the second decryption means. And a second authentication means for authenticating to accept the first authentication signal and the second authentication signal based on the decrypted data and the second decrypted data.

Thus, according to the present invention, the second conversion constant obtained by encrypting the encrypted data included in the first signal (first activation signal, first authentication signal) is the second signal (second activation signal, second authentication signal). (2 authentication signal) is transmitted and the first conversion constant obtained by encrypting the encrypted data included in the second signal is included in the first signal and transmitted.
Further, the third conversion constant itself is not transmitted, and the pattern conversion constant corresponding to the third conversion constant is included in the second signal and transmitted. This pattern conversion constant is converted to a third conversion constant on the receiving side.
As a result, the receiving side can obtain the first conversion constant, the second conversion constant, and the third conversion constant, which are encryption keys, and can decrypt the encrypted data. Then, the first signal and the second signal can be respectively decrypted to authenticate the first signal and the second signal.

By transmitting in this way, even if a third party obtains one of the first signal or the second signal, each signal does not include all the conversion constants of the conversion constants, so that decoding is performed. It is not possible. Also, even if a third party acquires both the first signal and the second signal, the pattern conversion constant is unknown, so the encrypted data cannot be decrypted.
As described above, according to the present invention, even if a third party obtains the encrypted data illegally, the encrypted data cannot be decrypted significantly, and the confidentiality of the transmission data can be improved.

  Further, according to the present invention, the activation signal is transmitted from the activation device to the operation device, and the activation signal is authenticated by the operation device. Further, an authentication signal is transmitted from the controller device to the authentication device. However, in order to transmit the authentication signal, it is a condition that the activation signal is authenticated by the controller device. Therefore, a third party cannot send an authentication signal to the authentication device only by the operation device, and cannot perform spoofing transmission.

Further, when the authentication device performs authentication for accepting the first authentication signal and the second authentication signal, the authentication device outputs an output signal to an external device based on the first decrypted data or the second decrypted data. It is preferable to provide external output signal sending means for sending.
In addition, when the first authentication unit of the operation device is authenticated to accept the first activation signal and the second activation signal, the transmission unit of the operation device transmits the first authentication signal and the second authentication signal only within a predetermined time. It is preferable that the second authentication signal is transmitted.

  Further, the data transmission method of the present invention includes at least a first conversion constant, a second conversion constant, and a third conversion constant between the activation device, the operation device, and the authentication device. A data transmission method for encrypting and transmitting data using a second conversion constant, wherein the activation device uses the second conversion constant or the second conversion constant and the third conversion constant. A first encrypting transmission data to a first alternative value and encrypting the transmission data to a second alternative value using the first conversion constant or the first conversion constant and the third conversion constant An encryption step; a first activation signal generating step for generating a first activation signal including the first substitute value and the first conversion constant by the activation device; and the second substitution by the activation device. Value, second conversion constant And a second activation signal generating step for generating a second activation signal including the pattern conversion constant, a transmission step for transmitting the first activation signal and the second activation signal to the operating device by the activation device, The operating device receives the first activation signal and the second activation signal, reads the first substitute value and the first conversion constant from the first activation signal, and reads the second activation signal from the second activation signal. And the first conversion step of reading the second conversion constant and the pattern conversion constant, and the pattern conversion constant data in which the pattern conversion constant and the third conversion constant are associated with each other by the operating device. A first reading step for replacing the pattern conversion constant read in the first reading step with the third conversion constant; and the first reading step by the operating device. A first decryption step of decrypting the read first substitute value and second substitute value into first decrypted data and second decrypted data using a conversion constant used for encryption, respectively; A first authentication step for authenticating to accept the first activation signal and the second activation signal based on the first decoded data and the second decoded data calculated in the first decoding step by an apparatus; A selection step of selecting transmission data, the first conversion constant, the second conversion constant, and the third conversion constant by the operation device; and a second conversion selected in the selection step by the operation device. The first conversion constant selected by the selection step or the first conversion constant and the first conversion constant by encrypting the transmission data into the first alternative value using the constant, or the second conversion constant and the third conversion constant A second encryption step of encrypting the transmission data to a second alternative value using a conversion constant of 3, and the first alternative value and the selection step calculated in the second encryption step by the operating device A first authentication signal generation step for generating a first authentication signal including the first conversion constant selected in step 2, and a second alternative value calculated in the second encryption step by the operating device, selected in the selection step A second authentication signal generating step for generating a second authentication signal including a second conversion constant and a pattern conversion constant corresponding to the second conversion constant selected in the selection step; and the first authentication by the operating device. A transmitting step of transmitting a signal and the second authentication signal to the authentication device; and receiving the first authentication signal and the second authentication signal by the authentication device to determine whether the first authentication signal is received. A second reading step of reading the first alternative value, the first conversion constant, the second alternative value, the second conversion constant, and the pattern conversion constant from the second authentication signal; A second reading step of replacing the pattern conversion constant read in the second reading step with the third conversion constant based on the pattern conversion constant data in which the pattern conversion constant and the third conversion constant are associated with each other; The authentication device decrypts the first substitute value and the second substitute value read in the second reading step into the first decrypted data and the second decrypted data by the conversion constant used for encryption, respectively. And the first authentication signal based on the first decryption data and the second decryption data calculated in the second decryption step by the authentication device. And characterized by comprising a second authentication step of the authentication receiving the second authentication signal.

  In the data transmission system of the present invention, data encrypted with at least the first conversion constant or the second conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant is transmitted and received. A data transmission / reception device for storing the third conversion constant and a pattern conversion constant corresponding to the third conversion constant, the second conversion constant, or the second conversion constant, and A first activation signal including a first substitute value obtained by encrypting the transmission data using a third conversion constant, and a first conversion constant, and the first conversion constant, or the first conversion constant; A conversion constant and a second alternative value obtained by encrypting the transmission data using the third conversion constant, the second conversion constant, and a pattern conversion constant corresponding to the third conversion constant. Receiving unit for receiving the second activation signal Reading the first substitution value and the first conversion constant from the first activation signal, and reading the second substitution value, the second conversion constant and the pattern conversion constant from the second activation signal. Processing, processing for replacing the pattern conversion constant read by the reading processing with the third conversion constant, the first substitution value and the second substitution value by the conversion constant used for encryption, respectively. Decryption processing for decoding into decrypted data and second decrypted data, authentication for accepting the first activation signal and the second activation signal based on the first decrypted data and the second decrypted data Authentication processing, transmission data, selection processing for selecting the first conversion constant, the second conversion constant, and the third conversion constant, the second conversion constant selected by the selection processing, or the second Change Using the first conversion constant selected by the selection process or the first conversion constant and the third conversion constant by encrypting the transmission data into the first alternative value using the constant and the third conversion constant A first authentication signal including an encryption process for encrypting the transmission data to a second alternative value, the first alternative value calculated by the encryption process, and a first conversion constant selected by the selection process. To the first authentication signal generation process for generating the second alternative value calculated by the encryption process, the second conversion constant selected by the selection process, and the third conversion constant selected by the selection process A control unit that performs a second authentication signal generation process for generating a second authentication signal including a corresponding pattern conversion constant, a transmission process for transmitting the first authentication signal and the second authentication signal, and the first authentication signal; Said 2 A data transmission / reception apparatus including a transmission unit that transmits an authentication signal to the outside can be used.

  In this data transmission / reception apparatus, it is preferable that the control unit performs the transmission process only within a predetermined time when authentication for accepting the first activation signal and the second activation signal is performed.

  The data transmission system according to the present invention includes at least a first conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant between the activation device, the operation device, and the authentication device. Or a data transmission system that encrypts and transmits data using a second conversion constant, wherein the activation device includes transmission data, the first conversion constant, the second conversion constant, the third conversion constant, and First transmission means for storing a pattern conversion constant corresponding to the third conversion constant, and the second conversion constant, or the second conversion constant and the third conversion constant are used to store the transmission data. A first encryption means for encrypting the transmission data to a second alternative value by encrypting the transmission data to a first alternative value or using the first conversion constant or the first conversion constant and the third conversion constant; , The first substitution value and the first substitution First activation signal generation means for generating a first activation signal including a constant, and second activation signal generation for generating a second activation signal including the second alternative value, the second conversion constant, and the pattern conversion constant Means and a transmission means for transmitting the first activation signal and the second activation signal to the authentication device, wherein the operating device has a pattern corresponding to the third conversion constant and the third conversion constant. Second storage means for storing a conversion constant; selection means for selecting transmission data, the first conversion constant, the second conversion constant, and the third conversion constant; and a second selected by the selection means. Or the first conversion constant selected by the selection means by encrypting the transmission data into a first alternative value using the second conversion constant and the third conversion constant, or the first conversion constant. Conversion constant and the third Second encryption means for encrypting the transmission data to a second alternative value using the calculated number, a first alternative value calculated by the second encryption means, and a first selected by the selection means First authentication signal generating means for generating a first authentication signal including a conversion constant of: a second alternative value calculated by the second encryption means; a second conversion constant selected by the selection means; and Second authentication signal generating means for generating a second authentication signal including a pattern conversion constant corresponding to the third conversion constant selected by the selection means; and sending the first authentication signal and the second authentication signal to the authentication device. Transmitting means for transmitting, wherein the authentication device stores a third storage constant for storing the third conversion constant and a pattern conversion constant corresponding to the third conversion constant, the first activation signal, and the first 2 Receive activation signal The first substitute value and the first conversion constant are read from the first activation signal, and the second substitution value, the second conversion constant and the pattern conversion constant are read from the second activation signal. A first reading unit; a first reading unit that replaces the pattern conversion constant read by the first reading unit with the third conversion constant; and the first substitution value and the second substitution value are respectively encrypted. First decoding means for decoding the first decoded data and the second decoded data using the conversion constant used in the above, and based on the first decoded data and the second decoded data, A first authenticating means for authenticating to accept the first activation signal and the second activation signal; receiving the first authentication signal and the second authentication signal; The first conversion constant, the second recognition constant A second reading means for reading the second substitution value, the second conversion constant and the pattern conversion constant from the signal; and a pattern conversion constant read by the second reading means is replaced with the third conversion constant. 2 reading means, and the first substitute value and the second substitute value read by the second reading means are converted into the first decrypted data and the second decrypted data by the conversion constant used for encryption, respectively. A second decoding means for decoding, and a first decoding calculated by the second decoding means when the first authentication means is authenticated to accept the first activation signal and the second activation signal. It is good also as a structure provided with the 2nd authentication means to perform the authentication which receives the said 1st authentication signal and the said 2nd authentication signal based on encryption data and 2nd decoding data.

  Thus, since the authentication device does not authenticate the authentication signal from the operating device unless the activation signal from the activation device is authenticated, the authentication device can authenticate even if a third party sends the authentication signal to the authentication device only by the authentication device. It will never be done. Therefore, spoofing transmission by a third party can be prevented.

Further, when the authentication device performs authentication for accepting the first authentication signal and the second authentication signal, the authentication device outputs an output signal to an external device based on the first decrypted data or the second decrypted data. It is preferable to provide external output signal sending means for sending.
Further, the operation device and the authentication device can be configured to perform authentication when the first decrypted data and the second decrypted data match.
In addition, when the first authentication unit of the authentication device is authenticated to accept the first activation signal and the second activation signal, the external output signal sending unit outputs the output signal to the external device only within a predetermined time. It is suitable if it is configured to transmit.

  Further, the data transmission method of the present invention includes at least a first conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant between the activation device, the operation device, and the authentication device. Or a data transmission method for encrypting and transmitting data using a second conversion constant, wherein the activation device uses the second conversion constant, or the second conversion constant and the third conversion constant. Encrypting the transmission data into a first alternative value and encrypting the transmission data into a second alternative value using the first conversion constant or the first conversion constant and the third conversion constant 1 encryption step, a first activation signal generating step for generating a first activation signal including the first alternative value and the first conversion constant by the activation device, and the second activation signal by the activation device. Substitute value, second conversion constant And a second activation signal generating step for generating a second activation signal including the pattern conversion constant, a transmission step for transmitting the first activation signal and the second activation signal to the authentication device by the activation device, The authentication device receives the first activation signal and the second activation signal, reads the first substitute value and the first conversion constant from the first activation signal, and reads the second activation signal from the second activation signal. And a first reading step for reading the second conversion constant and the pattern conversion constant, and the authentication device based on pattern conversion constant data in which the pattern conversion constant and the third conversion constant are associated with each other. A first conversion step that replaces the pattern conversion constant read in the first reading step with the third conversion constant; and the authentication device performs the first reading step. A first decryption step of decrypting the first substitute value and the second substitute value read in step 1 into the first decrypted data and the second decrypted data using the conversion constants used for encryption, respectively, A first authentication step of performing authentication for accepting the first activation signal and the second activation signal based on the first decoded data and the second decoded data calculated by the first decoding step by an authentication device; A selection step of selecting transmission data, the first conversion constant, the second conversion constant, and the third conversion constant by the operation device; and a second step selected by the operation device in the selection step. The first conversion constant or the first conversion constant selected in the selection step by encrypting the transmission data into the first alternative value using the conversion constant, or the second conversion constant and the third conversion constant, and A second encryption step for encrypting the transmission data to a second alternative value using a third conversion constant; and the first alternative value and the selection calculated in the second encryption step by the operating device. A first authentication signal generation step for generating a first authentication signal including the first conversion constant selected in the step, a second alternative value calculated in the second encryption step by the operating device, and the selection step A second authentication signal generating step for generating a second authentication signal including a selected second conversion constant and a pattern conversion constant corresponding to the second conversion constant selected in the selection step; A transmitting step of transmitting an authentication signal and the second authentication signal to the authentication device; and receiving the first authentication signal and the second authentication signal by the authentication device to receive the first authentication signal. A second reading step of reading the first alternative value, the first conversion constant, the second alternative value, the second conversion constant, and the pattern conversion constant from the second authentication signal; and the authentication device A second reading step for reading the pattern conversion constant read in the second reading step with the third conversion constant based on the pattern conversion constant data in which the pattern conversion constant and the third conversion constant are associated with each other. The first substitute value and the second substitute value read in the second reading step by the authentication device are respectively converted into the first decrypted data and the second decrypted data by the conversion constant used for encryption. A second decryption step for decryption, and when the authentication device authenticates to accept the first activation signal and the second activation signal in the first authentication step. And a second authentication step for performing authentication for accepting the first authentication signal and the second authentication signal based on the first decrypted data calculated in the second decryption step and the second decrypted data. It is characterized by.

  In the data transmission system of the present invention, the transmission data encrypted with at least the first conversion constant or the second conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant is received. A data receiving device for storing the third conversion constant and a pattern conversion constant corresponding to the third conversion constant; the second conversion constant; or the second conversion constant; A first activation signal and a first authentication signal including a first substitute value obtained by encrypting the transmission data using a third conversion constant, and a first conversion constant; and the first conversion constant, Alternatively, the second conversion value obtained by encrypting the transmission data using the first conversion constant and the third conversion constant, the second conversion constant, and the pattern conversion corresponding to the third conversion constant A second activation that contains a constant A receiver for receiving a signal and a second authentication signal, reading the first substitute value and the first conversion constant from the first activation signal and the first authentication signal, and the second activation signal and the second authentication signal. A reading process for reading the second substitution value, the second conversion constant and the pattern conversion constant from the authentication signal; a process for reading the pattern conversion constant read by the reading process into the third conversion constant; A decryption process for decrypting the second substitute value and the second substitute value into the first decrypted data and the second decrypted data using the conversion constant used for the encryption, respectively, and the first decrypted data, An authentication process for authenticating to accept the first authentication signal and the second authentication signal when authentication to accept the first activation signal and the second activation signal is performed based on the second decrypted data; I do And control unit, it is possible to use data receiving apparatus having a.

  In this data receiving apparatus, when the control unit performs authentication for accepting the first activation signal and the second activation signal, the control unit performs authentication for accepting the first authentication signal and the second authentication signal only within a predetermined time. Such a configuration is preferable.

  According to the present invention, even if a third party transmits data on behalf of the original sender, the transmission data can be authenticated on the receiving side and spoofed transmission can be prevented, and data A transmission method and apparatus can be provided.

Embodiments of the present invention will be described with reference to the drawings. 1 to 17 relate to one embodiment, FIG. 1 is an overall explanatory diagram of a transmission system, FIG. 2 is a configuration diagram of a D chip, FIG. 3 is a configuration diagram of an ID card, and FIG. 4 is a configuration of a card reader. FIG.
5 is an explanatory diagram of pattern conversion constant data, FIG. 6 is a flowchart of processing in the ID chip, FIG. 7 is an explanatory diagram of an encryption method in the ID chip, and FIG. 8 is an explanatory diagram of an activation signal.
9 is a flowchart of the process in the ID card, FIG. 10 is a flowchart of the process in the ID card, and FIGS. 11 and 12 are explanatory diagrams of the decoding method in the ID card.
13 is an explanatory diagram of an encryption method in a card reader, FIG. 14 is an explanatory diagram of an authentication signal, FIG. 15 is a flowchart of processing in the card reader, and FIGS. 16 and 17 are explanatory diagrams of a decryption method in the card reader.
18 to 20 are overall explanatory diagrams of a transmission system according to another embodiment. Further, the arrangement, processing procedure, configuration, and the like described below do not limit the present invention, and various modifications can be made in accordance with the spirit of the present invention.

The data transmission system S of the present invention will be schematically described with reference to FIG.
In the data transmission system S, first of all start signal C ₁ and the second activation signal C ₂ is encrypted signals are sequentially transmitted with a time difference from the activation device 1 to the operating unit 2. The controller device 2 performs authentication by decoding these signals.
As a result of the authentication, the first authentication signal S ₁ and the second authentication signal S ₂ are provided with a time difference from the controller device 2 to the authentication device 3 on condition that the signal from the activation device 1 is determined to be correct. Sent sequentially. When these signals are authenticated by the authentication device 3, an external output signal is output to the external device 4 when it is determined that the signal from the controller device 2 is correct. This external output signal is, for example, an authentication / non-authentication output, an On / Off output, a Logger output, or the like. Signal transmission between these is performed by infrared communication, radio wave, optical communication, or the like.
Thus, the present system S is configured to output an external output signal when double authentication is performed. Thus, for example, a third party without permission operating the operation unit 2, attempting to print a signal to the authentication device 3 can not transmit first authentication signals S ₁ and the second authentication signal S _2. Thereby, spoofing transmission by a third party can be prevented.

The activation device 1 includes an ID number (transmission data D) for specifying a user, conversion constants x and y (first conversion constant and second conversion constant) as encryption keys, and a pattern conversion constant z as an encryption key. Is registered. In addition, a conversion constant z ′ (third conversion constant) is registered in association with the pattern conversion constant z.
When the activation device 1 operates, the transmission data D is encrypted into encrypted data D (y, z ′) by a combination of conversion constants y and z ′, and encrypted data by a combination of the conversion constants x and z ′. D (x, z ′) is encrypted.
The first activation signal _{C 1,} encrypted data D (y, z'), include conversion constant x. The second activation signal _{C 2,} encrypted data D (x, z '), conversion constant y, include pattern conversion constant z. The first activation signal C ₁ and the second activation signal C ₂ are transmitted to the controller device 2 at different times.

The operation device 2 stores pattern conversion constant data in which the pattern conversion constant z and the conversion constant z ′ are associated with each other. The pattern conversion constant data includes a pattern conversion constant z that the activation device 1 has and a conversion constant z ′ corresponding thereto.
In the operating device 2, conversion constants x from the first start signal C _1, second start signal C ₂ from the conversion constants y, the pattern conversion constant z read. The read pattern conversion constant z is replaced with the conversion constant z ′ by referring to the pattern conversion constant data. The first activation signal C ₁ is conversion constant y, is decoded by z ', the transmission data D ₁ is calculated. The second activation signal C ₂ is the conversion constants x, decoded by z ', the transmission data D ₂ is calculated.
If the transmission data D ₁ and D ₂ calculated from the first activation signal C ₁ and the second activation signal C ₂ are equal, these signals are authenticated, and the calculated data is adopted as the transmission data D.

When authentication is performed, the operation device 2 is a predetermined time (e.g., 15 seconds) only becomes active, and can transmit the first authentication signal to the authentication device 3 S ₁ and the second authentication signal S _2. In this specification, the active state means that a predetermined process can be performed.
Within this activation time, the user operates the controller device 2 to transmit the first authentication signal S ₁ and the second authentication signal S ₂ to the authentication device 3 and operate the external device 4.
In the pattern conversion constant data of the controller device 2, a combination of the pattern conversion constant Z for generating the authentication signal and the conversion constant Z ′ is further registered. Note that the pattern conversion constant data for decoding the activation signal may be used without providing the pattern conversion constant data specially for generating the authentication signal.
When the user operates the controller device 2, the controller device 2 selects the transmission data D, the conversion constant X (first conversion constant), Y (second conversion constant), and the pattern conversion constant Z.

In the controller device 2, the transmission data D is encrypted into the encrypted data D (Y, Z ′) by a combination of conversion constants Y and Z ′ (third conversion constant), respectively, and a combination of the conversion constants X and Z ′. Is encrypted into encrypted data D (X, Z ′). The first authentication signal _{S 1,} the encrypted data D (Y, Z'), include conversion constant X. The second authentication signal _{S 2,} the encrypted data D (X, Z'), conversion constant Y, include pattern conversion constant Z. The first authentication signal S ₁ and the second authentication signal S ₂ are transmitted to the authentication device 3 at different times.

The authentication device 3 stores pattern conversion constant data indicating a combination of the pattern conversion constant Z and the conversion constant Z ′. This pattern conversion constant data includes pattern conversion constant data that the controller device 2 has.
In the authentication device 3, the conversion constants X from the first authentication signal S _1, a second authentication signal converted from the S ₂ constant Y, the pattern conversion constant Z is read. The read pattern conversion constant Z is replaced with the conversion constant Z ′ by referring to the pattern conversion constant data. The first authentication signals S ₁ is the conversion constants Y, decoded by Z', transmission data D ₁ is calculated. The second authentication signal S ₂ is the conversion constants X, is decoded by Z', transmission data D ₂ is calculated.
If the transmission data D ₁ and D ₂ calculated from the first authentication signal S ₁ and the second authentication signal S ₂ are equal, these signals are authenticated, and the calculated data is adopted as the transmission data D. When the transmission data D (personal ID number) is registered in the authentication device 3, an external output signal is output to the external device 4.

  The authentication device 3 may be included in the external device 4 or may be configured as a separate device. The external device 4 is, for example, a lock system, a power supply, a computer system, or the like. In the case of a lock system, the lock can be opened and closed only when an authentication signal or an On / Off signal is output. In the case of a power source, the power source can be configured to be turned on or off by an On / Off signal. In the case of a computer system, it can be configured to log in by a Logger signal.

In the above encryption example, the activation device 1 encrypts the transmission data D by the combination of the conversion constants y and z ′ and the combination of the conversion constants x and z ′, and the operating device 2 has the combination of the conversion constants Y and Z ′ and The transmission data D was encrypted by a combination of conversion constants X and Z ′.
However, the present invention is not limited to this, and the activation device 1 encrypts the transmission data D by a combination of conversion constants y and z ′ (D (y, z ′)) and encryption by only the conversion constant x (D (x)). Thus, the controller device 2 may perform encryption (D (Y, Z ′)) using a combination of conversion constants Y and Z ′ and encryption (D (X)) using only the conversion constant X.
In this case, the first activation signal C ₁ includes encrypted data D (y, z ′) and a conversion constant x, and the second activation signal C ₂ includes encryption data D (x), a conversion constant y, and a pattern. A conversion constant z is included. The first authentication signal S ₁ includes encrypted data D (Y, Z ′) and a conversion constant X, and the second authentication signal S ₂ includes encrypted data D (X), conversion constant Y, and pattern conversion. The constant Z is included.

The activation device 1 encrypts the transmission data D using only the conversion constant y (D (y)), and encrypts the transmission data D using the conversion constants x and z ′ (D (x, z ′)). The signal C ₁ includes encrypted data D (y) and a conversion constant x, and the second activation signal C ₂ includes encrypted data D (x, z ′), a conversion constant y, and a pattern conversion constant z. It can also be done. The controller device 2 performs encryption only with the conversion constant Y (D (Y)), and encryption with the conversion constants X and Z ′ (D (X, Z ′)), and the first authentication signal S ₁ includes encrypted data D (Y), contains the conversion constant X, the second authentication signal S ₂ the encrypted data D (X, Z'), conversion constant Y, also to include the pattern conversion constant Z it can.

As described above, in this data transmission method, encrypted transmission data is transmitted separately by two signals. Among these, the encryption key (conversion constant y or Y) of the encrypted data included in the first signal is transmitted by being included in the second signal, and the encryption key (conversion constant x or X) of the encrypted data included in the second signal is transmitted. Is included in the first signal and transmitted.
Further, the common encryption key (conversion constant z ′ or Z ′) of the encrypted data included in the first signal and the second signal itself is not sent, and the pattern conversion constant z or Z corresponding to the encryption key is the second signal. To be sent.

By transmitting in this way, even if a third party obtains one of the first signal or the second signal, each signal does not include all the conversion constants of the conversion constants, so that decoding is performed. It is not possible. Further, even if a third party acquires both the first signal and the second signal, the pattern conversion constant z or Z is unknown, so that the transmission data D cannot be decoded.
Further, as described above, it is not possible to operate the external device 4 by transmitting an operation signal to the authentication device 3 only by the operation device 2, and the operation device 2 must be activated unless the activation device 1 is necessarily activated. Cannot transmit a significant signal to the authentication device 3.
As described above, the system S is configured so that the external device 4 cannot be easily operated by impersonation by a third party.

Next, specific modes of the system S will be shown.
In the present embodiment, the activation device 1 is configured by a pairing ID chip 1 (hereinafter referred to as an ID chip 1) having an IC chip. The ID chip 1 is embedded in, for example, a watch or a periodical pocket worn by the user.
The operating device 2 can be configured as an ID card 2 equipped with an IC chip or a mobile phone.
The authentication device 3 can be configured as a card reader 3 equipped with a receiving head.
Signal transmission / reception between them can be performed using electromagnetic induction using an electromagnetic wave in which a signal component is mounted on an electromagnetic wave having a predetermined carrier frequency. Therefore, they can exchange signals without contact. Moreover, not only this but an electromagnetic coupling system, a microwave system, an optical system etc. may be sufficient.

FIG. 2 shows a configuration diagram of the ID chip 1. The ID chip 1 has a configuration in which an IC chip 1 a is connected to a resonance circuit composed of an antenna 130 and a capacitor 140. The IC chip 1a includes a CPU 100, a storage unit 110, and a modulation / demodulation signal processing unit 120.
The modulation / demodulation signal processing unit 120 rectifies and smoothes the signal supplied from the antenna 130, supplies the signal to each unit as power, and extracts and demodulates the high-frequency component of the signal. The demodulated signal is supplied to the CPU 100 and processed. Further, in response to a signal supplied from the CPU 100, a predetermined switching element is turned on or off. When the switching element is in an on state, the signal is transmitted to the outside by being connected to the antenna 130. The modulation / demodulation signal processing unit 120 and the antenna 130 function as transmission means.
The storage unit 110 as a storage means is composed of an EEPROM, a ROM, a RAM, and the like, and stores a control program 111 of the CPU 100, pattern conversion constant data 112, ID number data 113, and the like, and is configured to function as a work area. . The pattern conversion constant data 112 stores a pattern conversion constant z, a conversion constant z ′ corresponding thereto, and other conversion constants x and y. The ID number data 113 has an ID number for specifying a user. Since these data are stored in a nonvolatile memory, the data can be held even when power is not supplied.

The CPU 100 controls data input / output, data transmission, data encryption, signal generation processing, and the like. The CPU 100 functions as an encryption unit, a first activation signal generation unit, a second activation signal generation unit, a transmission / reception unit, and the like. Further, processing for rewriting the ID number data 113 and the pattern conversion constant data 112 is performed based on an external command. The CPU 100 performs the first activation signal C ₁ and the second activation described above based on the ID number, the conversion constants x, y, z ′ and the pattern conversion constant z stored in the storage unit 110 as data encryption and signal generation processing. generating a signal _{C 2.}
Note that the conversion constants x, y, z ′ and the pattern conversion constant z may be selected from a plurality of values, or one set value may be used.
The ID chip 1 of this example is a passive type that does not have a battery mounted thereon, but is not limited thereto, and may be an active type that has a dedicated battery mounted thereon.

FIG. 3 shows a configuration diagram of the ID card 2. The ID card 2 has a configuration in which antennas 230 and 234, a capacitor 244, and an IC chip connected thereto are sandwiched between two resinous thin plates.
The IC chip includes a modulation / demodulation signal processing unit 220 connected to an antenna 230, a modulation / demodulation signal processing unit 224 connected to a resonance circuit including an antenna 234 and a capacitor 244, a CPU 200 functioning as a control unit, and an input as an operation panel. A display unit 202 that performs display using an LED, and a storage unit 210.

The input unit 201 includes a numeric keypad, a switch specialized for a certain function, such as an “OPN” (open) switch, a “CLS” (closed) switch, a registration switch, and a transmission switch, and other input switches. .
The display unit 202 performs LED display according to the output of the CPU 200. The storage unit 210 as a storage means is composed of an EEPROM, a ROM, a RAM, etc., and stores data such as a control program 211 of the CPU 200, pattern conversion constant data 212, ID number data 213, etc., and functions as a work area. It is configured. The ID number data 213 has an ID number for specifying a user. Since these data are stored in a nonvolatile memory, the data can be held even when power is not supplied. The pattern conversion constant data 212 has at least a pattern conversion constant z stored in the ID chip 1 and a conversion constant z ′ corresponding thereto.

The CPU 200 controls data input / output, data transmission, conversion constant selection processing, data encryption / decryption, signal generation processing, and the like. The CPU 200 functions as reading means, replacement means, decryption means, authentication means, selection means, encryption means, first authentication signal generation means, second authentication signal generation means, transmission / reception means, and the like.
The modulation / demodulation signal processing unit 220 is used for data transmission / reception with the ID chip 1. The modulation / demodulation signal processing unit 224 is used for data transmission / reception with the card reader 3. The modulation / demodulation signal processing unit 224 has the same function as the modulation / demodulation signal processing unit 120.
The CPU 200 generates a command to be transmitted to the ID chip 1 and sends it to the modulation / demodulation signal processing unit 220. The modulation / demodulation signal processing unit 220 modulates a command on a carrier wave having a predetermined frequency, and outputs the generated modulated wave from the antenna 230 to the ID chip 1 as an electromagnetic wave. Further, the modulation / demodulation signal processing unit 220 demodulates the modulated wave transmitted from the ID chip 1 via the antenna 230 and outputs the demodulated data to the CPU 200.
The antenna 230 radiates a predetermined electromagnetic wave, and detects whether or not the ID chip 1 is approached based on a change in load with respect to the electromagnetic wave. When the ID chip 1 comes close, the antenna 230 transmits / receives data to / from the ID chip 1.

In the ID card 2, the first activation signal C ₁ and the second activation signal C ₂ are received from the ID chip 1 via the antenna 230, the high frequency component is extracted by the modulation / demodulation signal processing unit 220, and the first activation signal C _{The first} and second activation signals C ₂ are read and supplied to the CPU 200. Then, CPU 200, as a decoding process, and decoded as described below the first start signal C ₁ and the second activation signal C ₂ supplied performs an authentication process. When it is determined that a correct signal has been received by authentication, timer processing is started.
As data encryption and signal generation processing, the CPU 200 performs the above-described first authentication signal S ₁ and the first authentication signal based on the ID number stored in the storage unit 210, the selected conversion constants X, Y, Z ′, and the pattern conversion constant Z. generating a second authentication signal _{S 2.} The conversion constants X, Y, Z ′ and the pattern conversion constant Z are configured to be randomly selected from a plurality of times each time a signal is generated.
Then, the generated signal is processed by the modulation / demodulation signal processing unit 224, and the first authentication signal S ₁ and the second authentication signal S ₂ are transmitted to the card reader 3 via the antenna 234.

These processes can be performed within a predetermined time (in this example, 15 seconds) in the above-described timer process. Therefore, when the predetermined time elapses, the transmission process is aborted by the interrupt process even during transmission. Thus, the signal from the ID chip 1, the ID card 2 used for the activation time creation for generating and transmitting process of the first authentication signal S ₁ and second authentication signal S _2.
In this example, the ID number for loading on the first authentication signal S ₁ and the second authentication signal S ₂ is read from the storage unit 210 and used. However, the ID number is not limited to this and is received from the ID chip 1. it may be use the ID number obtained by decoding the first start signal C ₁ and the second activation signal C _2.
Moreover, although the ID card 2 of this example is a passive type in which no battery is mounted, the present invention is not limited to this and may be an active type in which a dedicated battery is mounted.

  In FIG. 3, an example of a card type is shown as the operating device 2, but the operating device 2 may be configured as a mobile phone as described above. In this case, the input unit 201 and the display unit 202 in FIG. 3 can be input buttons and a display screen of a mobile phone.

FIG. 4 shows a configuration diagram of the card reader 3. The card reader 3 includes a CPU 300 that functions as a control unit, an antenna 330, a modulation / demodulation signal processing unit 320 connected to the antenna 330, an input unit 301 that is an operation panel, a display unit 302 that is an LCD display, and a storage Unit 310, interface unit 303 with external device 4, and power source 350 that supplies power to them.
The CPU 300 performs data input / output control, data reception control, data reading processing, data decryption, authentication processing, control of signal output to the external device 4, and the like. The CPU 300 functions as a reading unit, a reading unit, a decoding unit, an authentication unit, a transmission / reception unit, an external output signal sending unit, and the like.
The input unit 301 includes various input switches, and includes a numeric keypad, alphabetic keys, a switch specialized for a specific function (for example, a power ON / OFF switch, a door opening / closing switch, etc.).

The display unit 302 displays decrypted data, input data at the time of operation, and the like according to the output from the CPU 300.
The storage unit 310 serving as a storage unit includes an EEPROM, a ROM, a RAM, and the like, and stores data such as a control program 311 of the CPU 300, pattern conversion constant data 312 and ID number data 313 for storing a plurality of user ID numbers. And is configured to function as a work area. Since these data are stored in a nonvolatile memory, the data can be held even when power is not supplied.
In the pattern conversion constant data 312, a plurality of combinations of the pattern conversion constant Z and the corresponding conversion constant Z ′ are registered in the same manner as the pattern conversion constant data 212 of the ID card 2. FIG. 5 illustrates pattern conversion constant data 212 and 312. In this example, 26 combinations from a to z are registered. For example, “3399” (conversion constant Z ′) is associated with “g” (pattern conversion constant Z). The pattern conversion constant data 312 includes at least a pattern conversion constant Z included in the pattern conversion constant data 212 and a conversion constant Z ′ corresponding thereto.
The modem signal processor 320 has the same function as the modem signal processor 220 provided in the ID card 2.

The first authentication signal S ₁ and the second authentication signal S ₂ received from the ID card 2 by the antenna 330 are demodulated by the modulation / demodulation signal processing unit 320 and output to the CPU 300 as demodulated data. CPU300 as decoding, and decoded to below the first start signal C ₁ and the second activation signal C ₂ supplied performs an authentication process.
If it is determined that the correct signal is received as a result of the authentication, the CPU 300 outputs a predetermined signal to the external device 4.

  In this embodiment, an electronic lock is applied as the external device 4. The external device 4 is connected to the interface unit 303, performs an unlocking operation of the electronic lock by the unlocking drive signal (Off signal) from the card reader 3, and performs an unlocking operation of the electronic lock by the locking drive signal (On signal). I do. It is also possible to connect a plurality of electronic locks as the external device 4.

Next, driving power sources for the ID chip 1 and the ID card 2 will be described. In this embodiment, the card reader 3 is provided with a dedicated power supply 350, but the ID chip 1 and the ID card 2 are provided with passive IC chips that do not have a dedicated power supply.
In the present embodiment, power supply is performed as follows. First, when the ID card 2 is brought close to the card reader 3, the ID card 2 receives the electromagnetic wave radiated from the antenna 330 of the card reader 3 through the antenna 234 and charges the paper capacitor in the ID card 2. .
Next, when the ID chip 1 is brought close to the charged ID card 2, the ID chip 1 receives the electromagnetic wave radiated from the antenna 230 of the ID card 2 via the antenna 130, and the ID chip 1 is charged in the ID chip 1. To charge.
Alternatively, the ID chip 1 can be charged by bringing the ID chip 1 close to the card reader 3 directly.
In this way, the ID card 2 and the ID chip 1 are secured with a driving power source and can perform predetermined processing.

Next, the operation of the system S will be described.
FIG. 6 shows the flow of processing in the ID chip 1. When the ID chip 1 is brought close to the charged ID card 2, the ID chip 1 receives an electromagnetic wave radiated from the ID card 2 and a data transmission request command. As a result, the ID chip 1 is driven and processing is started. First, the CPU 100 reads the ID number from the storage unit 110 (step S10). Further, the conversion constants x, y, z ′ and the pattern conversion constant z stored in the storage unit 110 are read (step S11). The conversion constants x and y may be selected randomly within a predetermined number of digits (for example, 4 digits).
Then, encryption processing is performed based on the data read in step S12. In this example, as shown in FIG. 7, the ID number A is encrypted into ID number alternative values Ax and Ay by the first equation (Ax = A + y + z ′) and the second equation (Ay = A + x + z ′), respectively.
For example, when the ID number A is “12345678”, the conversion constant x is “1122”, the conversion constant y is “3344”, and the conversion constant z ′ is “3399”, the ID number alternative value Ax is “12354221”, the ID number The substitute value Ay is “12335099”.

When encryption is performed in step S12, a first activation signal generation process is performed in step S13, and a second activation signal generation process is performed in step S14. In this example, as shown in FIG. 8, the first activation signal C ₁ and the second activation signal C ₂ are each composed of five data areas of packets 0 to 4 whose sizes are designated. A signal is generated by arranging predetermined data in a predetermined area.
Packet 0 is a communication number storage area and is a number automatically generated for a transmission signal. The same number is assigned to the pair of activation signals (C ₁ , C ₂ ).
Packet 1 is a signal type storage area. In this example, ₁ is assigned to the activation signal (C ₁ , C ₂ ), and 2 is assigned to the authentication signal (S ₁ , S ₂ ).

Packet 2, if the first start signal C ₁ conversion constant x is the case of the second start signal C ₂ which is a region where conversion constant y is stored.
Packet 3 is a storage area for pattern conversion constant z. In this example, the pattern conversion constant z is not stored in the first start signal C _1, are stored only in the second start signal C _2. In the example of FIG. 8, “g” is stored as the pattern conversion constant z. “G” of the pattern conversion constant z corresponds to “3399” of the conversion constant z ′.
The packet 4 is an area where ID number alternative values Ax and Ay are stored. The first activation signal C ₁ of packet 4 stored ID number substitute value Ax, ID number substitute value Ay is the second start signal C ₂ of the packet 4 is stored.
When there is no data to be arranged so that the first activation signal C ₁ of packet 3 is blank data or predetermined scramble data is placed.

When the activation signal is generated in steps S13 and S14, the first activation signal C ₁ and the second activation signal C ₂ are transmitted from the antenna 130 to the ID card 2 in steps S15 and S16, respectively, and the process ends.

Next, the flow of processing in the ID card 2 will be described with reference to FIGS.
The ID card 2 radiates electromagnetic waves for detecting the ID chip 1. CPU 200 radiates electromagnetic waves from antenna 230 at a predetermined cycle based on the control program (step S20).
The activation signals C ₁ and C ₂ from the ID chip 1 at step S21, it is judged whether sent, and waits until it is determined that has been transmitted (step S21; No). If it is determined that has been transmitted (step S21; Yes), the process proceeds to step S22, reads the first activation signal _{C 1.} Further, it reads the second activation signal _{C 2} at step S23.
When reading the activation signal, in step S24, with the second start signal C ₂ of packets 3 reads the pattern conversion constant z, based on the read pattern conversion constant z ( "g"), stored in that pattern conversion The conversion constant z ′ (“3399”) is read from the constant data 212.
Then, in step S25, the first activation signal _{C 1} conversion from the packet 2 constant x, reads the ID number substitute value Ax from the packet 4, the conversion constants y from the packet 2 of the second start signal _{C 2,} the ID number from the packet 4 The substitute value Ay is read.

When the conversion constants x, y, z ′ and the ID number substitute values Ax, Ay are read, the ID numbers are obtained from the first activation signal C ₁ and the second activation signal C ₂ in steps S26 and S27, respectively. Decrypt. As shown in FIG. 11, the CPU 200 calculates decoded values A1 and A2 from the first expression (A1 = Ax−yz ′) and the second expression (A2 = Ay−x−z ′), respectively.
In the example shown in FIG. 12, the conversion constants x, y, and z ′ are “1122”, “3344”, and “3399”, respectively, and the ID number substitute values Ax and Ay are “12354221” and “123350199”, respectively. In this case, the decoded value A1 is calculated as “12345678”, and the decoded value A2 is calculated as “12345678”.

When the decrypted values A1 and A2 are calculated, authentication processing of the decrypted values A1 and A2 is performed in step S28. In this process, it is determined whether or not the two decoded values match. If they do not match, the process ends. On the other hand, if they match, it is determined that the correct activation signal (C ₁ , C ₂ ) has been transmitted, and the process proceeds to step S29 to start the activation timer. The start timer of this example is set to 15 seconds. When this activation timer expires, the main process shown in FIGS. 9 and 10 is forcibly terminated even during the process by the interrupt process.

In the authentication process of step S28, it is determined whether or not the decrypted values A1 and A2 match. If they match, the matched decrypted value A1 (= A2) is the ID number data 213 in the storage unit 210. It may be determined whether or not it is registered (see step S48 described later).
In this case, if the decrypted values A1 and A2 do not match or are not registered even if they match, the processing is terminated as it is. On the other hand, if they match and are registered, it is determined that the correct activation signal (C ₁ , C ₂ ) has been transmitted, and the process can proceed to step S29.
With this configuration, for example, when users have lost such an ID chip 1, it is possible not accept the ID card 2, the start signal from the ID chip 1 (C _{1, C 2).} That is, by erasing the ID number stored in the lost ID chip 1 from the ID number data 213 of the ID card 2, the activation signal (C ₁ , C ₂ ) including the ID number of the lost ID chip 1 is received. However, it is not authenticated in step S28. Thereby, even when a third party illegally acquires the ID chip 1 and the ID card 2, spoofing transmission can be prevented.
If the ID chip 1 is lost, a new ID chip 1 is issued, and the new ID number that is the same as the ID chip 1 and the ID card 2 is rewritten and registered as the ID number data 113 and 213. You can do it.

When the activation timer starts in step S29, the authentication signal generation / transmission processing in steps S30 to S36 is continued.
In step S30, the CPU 200 reads the ID number from the storage unit 210 (step S30).
In step S31, when the user inputs unlocking or locking data from the input unit 201 (pressing the OPN (open) switch or CLS (closed) switch), the display unit 302 displays that effect ("OPEN" or " CLOSE "is displayed). Next, the sender performs a switch operation for designating the pattern conversion constant Z (for example, Z = “g”), and presses the transmission switch of the input unit 201.
Thus, the CPU 200 randomly selects conversion constants X and Y having a predetermined number of digits (for example, 4 digits) by random numbers at the timing when the transmission switch is pressed. Further, the conversion constant Z ′ corresponding to the designated pattern conversion constant Z is read from the storage unit 210. The pattern conversion constant Z and the conversion constant Z ′ may be automatically selected by the CPU 200.
In step S30, the CPU 200 automatically selects the pattern conversion constant Z from the storage unit 210 without operating the input unit 201 or the like, and reads the conversion constant Z ′, the ID number, and the like. X and Y may be automatically selected.

In step S32, encryption processing is performed based on these data. In this example, as shown in FIG. 13, the ID number A is encrypted into ID number alternative values Ax and Ay by the first equation (Ax = A + Y + Z ′) and the second equation (Ay = A + X + Z ′), respectively.
For example, when the ID number A is “12345678”, the conversion constant X is “1122”, the conversion constant Y is “3344”, and the conversion constant Z ′ is “3399”, the ID number alternative value Ax is “12354221”, the ID number The substitute value Ay is “12335099”.

When encryption is performed in step S32, first authentication signal generation processing is performed in step S33, and second authentication signal generation processing is performed in step S34. In this example, as shown in FIG. 14, consisting of 6 of the data area of the first authentication signal S ₁ and second authentication signal S ₂ packets 0-5 to size each of which it is specified. A signal is generated by arranging predetermined data in a predetermined area.
Packet 0 is a communication number storage area and is a number automatically generated for a transmission signal. The same number is assigned to the pair of authentication signals (S ₁ , S ₂ ).
Packet 1 is a signal type storage area. In this example, 2 is assigned to the authentication signals (S ₁ , S ₂ ).
Packet 2, if the first authentication signals S ₁ conversion constant X is, in the case of the second authentication signal S ₂ is an area conversion constant Y is stored.

The packet 3 is a storage area for the pattern conversion constant Z. In the case of this example, the pattern conversion constant Z (“g” in FIG. 14) is not stored in the first authentication signal S ₁ but is stored only in the second authentication signal S ₂ . “G” of the pattern conversion constant z corresponds to “3399” of the conversion constant z ′.
The packet 4 is an area where ID number alternative values Ax and Ay are stored. The first authentication signals S ₁ packet 4 stored ID number substitute value Ax, ID number substitute value Ay the second authentication signal S ₂ of the packet 4 is stored.
The packet 5 is an ON / OFF signal storage area indicating unlocking or locking. The signal includes “1” indicating unlocking and “0” indicating locking. When operating a plurality of electronic locks, it is preferable to provide a packet area for distinguishing each electronic lock. For this example, ON / OFF signals are stored only in the first authentication signal _{S 1.}
When there is no data to be arranged as in the first authentication signals S ₁ packet 3 is blank data or predetermined scramble data is placed.

When the authentication signal is generated in steps S33 and S34, the first authentication signal S ₁ and the second authentication signal S ₂ are transmitted from the antenna 234 to the card reader 3 in steps S35 and S36, respectively, and the process is terminated.
As described above, in the ID card 2, the first authentication signal S ₁ and the second authentication signal S ₂ are transmitted to the card reader 3 only when the first activation signal C ₁ and the second activation signal C ₂ are authenticated. It is comprised so that.

Next, the flow of processing in the card reader 3 will be described based on FIG.
The card reader 3 radiates electromagnetic waves for detecting the ID card 2. CPU 300 radiates electromagnetic waves from antenna 330 at a predetermined cycle based on the control program (step S40).
The authentication signals S ₁ and S ₂ from the ID card 2 in step S41, it is judged whether sent, and waits until it is determined that has been transmitted (step S41; No). If it is determined that has been transmitted (step S41; Yes), the process proceeds to step S42, reads the first authentication signal _{S 1.} Further, it reads the second authentication signal _{S 2} in step S43. The card reader 3 distinguishes according to the type of the packet 1 that the received signal is an authentication signal and not an activation signal. That is, when the packet 1 is “2”, it is determined that the signal is an authentication signal.

When reading the authentication signal, in step S44, with reading the pattern conversion constant Z from the second authentication signal S ₂ of packets 3, read pattern conversion constant Z (the "g") in the original, stored and that the pattern in terms The conversion constant Z ′ (“3399”) is read from the constant data 312.
Then, in step S45, the conversion constants X from the packet 2 of the first authentication signal _{S 1,} reads the ID number substitute value Ax from the packet 4, the conversion constants Y from the packet 2 of the second authentication signal _{S 2,} the ID number from the packet 4 The substitute value Ay is read.

When the conversion constants X, Y, Z ′ and the ID number substitute values Ax, Ay are read, the ID numbers are respectively obtained from the first authentication signal S ₁ and the second authentication signal S ₂ in steps S46 and S47 based on these values. Decrypt. As shown in FIG. 16, the CPU 300 calculates decoded values A1 and A2 from the first expression (A1 = Ax−Y−Z ′) and the second expression (A2 = Ay−X−Z ′), respectively.
In the example shown in FIG. 17, the conversion constants X, Y, and Z ′ are “1122”, “3344”, and “3399”, respectively, and the ID number alternative values Ax and Ay are “12354221” and “123350199”, respectively. In this case, the decoded value A1 is calculated as “12345678”, and the decoded value A2 is calculated as “12345678”.

When the decrypted values A1 and A2 are calculated, authentication processing is performed in step S48. First, it is determined whether or not the decoded values A1 and A2 match. In addition, it is determined whether or not the matched decrypted value A1 (= A2) is registered in the ID number data 313 of the storage unit 310.
If the decoded values A1 and A2 do not match or are not registered even if they match, the process proceeds to step S50, and an error is displayed on the display unit 302. Moreover, you may comprise so that an error may be alert | reported with a lamp | ramp.
On the other hand, if they match and are registered, it is determined that the correct authentication signal (S ₁ , S ₂ ) has been transmitted, and the process proceeds to step S 49 where an output signal is transmitted to the external device 4. CPU300 reads the ON / OFF signal from the first authentication signals _{S 1} packet 5, and sends an output signal in response to this value.

Also, if a plurality of ID numbers are registered for a plurality of users in the ID number data 313 of the card reader 3, a plurality of people can share the card reader 3. Further, when the user loses the ID card 2 or the like, the authentication signal (S ₁ , S ₂ ) is received from the lost ID card 2 by deleting the ID number of the ID card 2 from the ID number data 313. Even in this case, authentication is not performed in step S48. Thereby, even when a third party illegally acquires the ID chip 1 and the ID card 2, spoofing transmission can be prevented.

In the above-described embodiment, only the user ID number is encrypted and transmitted. However, the present invention is not limited to this, and the encrypted signal (start signal, authentication signal) may be encrypted data other than the ID number. A plurality of data may be set. For example, a data area (packet) can be further provided in the authentication signal, and a plurality of data can be encrypted and arranged in this data area.
When a plurality of data is encrypted / decrypted, the data may be encrypted / decrypted with the same combination of conversion constants, or a combination of different conversion constants (X _n , Y _n , Z _n ′) may be used for encryption / decryption. For example, when encrypting and decrypting three pieces of data, combinations of conversion constants (X ₁ , Y ₁ , Z ₁ ′), (X ₂ , Y ₂ , Z ₂ ′), (X ₃ , Y ₃ , Z ₃ ′) can be used. These conversion constants are also included in the authentication signal and transmitted / received.

In the above embodiment, the data encryption method is such that the conversion constants X and Z ′ (or x and z ′) and the conversion constants Y and Z ′ (or y and z ′) are added. However, the present invention is not limited to this, and as long as the conversion constant X, Y, Z ′ (or x, y, z ′) is used as an encryption key, it is a matter of course that subtraction or other calculation methods may be used. .
Also, as described above, data is encrypted for one signal by a combination of conversion constants X and Z ′ (or x and z ′), and for the other signal, it is encrypted only by a conversion constant Y (or y). You may encrypt by the method to do. Alternatively, the data may be encrypted by using a conversion constant X (or x) only for one signal and encrypted by a conversion constant Y and Z ′ (y and z ′) for the other signal. Good.
For example, when data is added using only the conversion constant X for one signal and addition using the conversion constants Y and Z ′ for the other signal, the ID number A is expressed by the first equation (Ax = A + Y + Zy ′) and the second It is encrypted by the formula (Ay = A + X).

In the above embodiment, the first activation signal C ₁ is transmitted before the second start signal C _2, although the first authentication signals S ₁ has been transmitted before the second authentication signal S ₂ Not limited to this, the order may be reversed.

In the above embodiment, the ID card 2 is activated by receiving the activation signal (C ₁ , C ₂ ) from the ID chip 1, and can transmit the authentication signal (S ₁ , S ₂ ) to the card reader 3. It is comprised so that. However, the present invention is not limited to this, and as shown in FIG. 18, first, when the activation signal (C ₁ , C ₂ ) is transmitted from the ID chip 1 to the card reader 3 and this signal is authenticated by the card reader 3, authentication signal from only time the card reader 3 the ID card 2 _{(S 1,} S ₂₎ may be configured to allow accepted. The activation signal (C ₁ , C ₂ ) transmission / reception process, decoding process, and the like are the same as in the above embodiment.
That is, first, the ID chip 1 is brought close to the card reader 3 and an activation signal (C ₁ , C ₂ ) is transmitted from the ID chip 1 to the card reader 3. The card reader 3 receives and decodes this signal, and determines whether or not the ID numbers match and are registered. As a result of the determination, the ID chip 1 is authenticated when it matches and is registered. When authenticated, the card reader 3 is activated for a predetermined time (for example, 15 seconds). During this activated period, the card reader 3 can accept authentication signals (S ₁ , S ₂ ) from the ID card 2 or can perform authentication processing.
In this case, the ID chip 1 and the card reader 3 store the same pattern conversion constant z and conversion constant z ′, and the ID card 2 and the card reader 3 have the same pattern conversion constant Z and conversion constant Z ′.

Thus, simply by sending an authentication signal is brought close to the ID card 2 into the card reader 3 _(S 1, _{S 2),} the card reader 3 does not authenticate the authentication signal _(S 1, S _2). Since the ID card 2 is not authenticated, the card reader 3 does not send an external output signal to the external device 4. Authentication signal (S ₁ , S ₂ ) transmission / reception processing, decryption processing, and the like are the same as those in the above embodiment.
If the ID card 2 comes close to the card reader 3 within this activated period, the card reader 3 accepts authentication signals (S ₁ , S ₂ ) transmitted from the ID card 2 and performs an authentication process. As a result of authentication, if it is determined that the authentication signal (S ₁ , S ₂ ) is from the regular ID card 2, the card reader 3 outputs an external output corresponding to the authentication signal (S ₁ , S ₂ ) to the external device 4. Send a signal. In this case, it is not necessary to activate the ID card 2 by the ID chip 1.
As described above, even if the card reader 3 is not activated by the ID chip 1, even if the authentication signal (S ₁ , S ₂ ) is transmitted from the ID card 2 to the card reader 3, the card reader 3 does not authenticate the card reader 3. The signals (S ₁ , S ₂ ) are invalidated. Therefore, even if a third party illegally acquires only the ID card 2, the card reader 3 and the external device 4 cannot be operated. Even in such a form, it is possible to prevent spoofing transmission and enhance security.

Further, in the above embodiment, when the first activation signal C ₁ and the second activation signal C ₂ are transmitted from the ID chip 1 to the ID card 2 or the card reader 3 and these signals are authenticated, the ID card 2 Alternatively, the card reader 3 is activated.
However, the present invention is not limited to this, and the signal transmitted from the ID chip 1 to the ID card 2 or the card reader 3 is not a startup signal (C ₁ , C ₂ ), but a general signal or an encrypted signal. There may be.
For example, in the form shown in FIG. 19, the activation signal W as an activation signal is transmitted from the ID chip 1 (activation device) to the ID card 2 (operation means), and the ID card 2 receives the activation signal W only for a predetermined time. When activated, the authentication signal (S ₁ , S ₂ ) can be transmitted from the ID card 2 to the card reader 3. In this case, the card reader 3 has at least pattern conversion constant data that the ID card 2 has.
The activation signal W can be a setting signal such as a signal representing a number unique to the ID chip 1. Further, this setting signal may be transmitted after being encrypted by a known encryption method. For example, the encryption key may be stored in common in the ID chip 1 and the ID card 2 and may be encrypted and decrypted with this encryption key, or the encryption key may be included in the activation signal W and transmitted. Good.
The ID card 2 may be configured to be able to transmit the authentication signals (S ₁ , S ₂ ) for a predetermined time by simply receiving the activation signal W, or the activation signal W or its decrypted data may be transmitted to the ID card. 2, it may be possible to transmit the authentication signals (S ₁ , S ₂ ) for a predetermined time when it is determined that the predetermined registration data stored in 2 is included.

In the form shown in FIG. 20, the activation signal W as an activation signal is transmitted from the ID chip 1 to the card reader 3, and when this is received, the card reader 3 is activated for a predetermined time. The authentication signals (S ₁ , S ₂ ) to be received can be processed. In this case, the card reader 3 has at least pattern conversion constant data that the ID card 2 has.
As the activation signal W, a predetermined setting signal can be used as in the case of FIG.
Further, the card reader 3 may be configured to be able to process the authentication signals (S ₁ , S ₂ ) for a predetermined time by simply receiving the activation signal W, or the activation signal W or its decrypted data may be processed. When it is determined that the predetermined registration data stored in the card reader 3 is included, the authentication signals (S ₁ , S ₂ ) may be processed for a predetermined time.

In addition, as shown in FIGS. 19 and 20, the activation of the ID card 2 or the card reader 3 by transmitting the activation signal W to the ID card 2 or the card reader 3 is not limited to the activation of the ID card 2 or the card reader 3. A signal for activating 3 may be input.
For example, the personal authentication number is input from the input unit 201 or 301 of the ID card 2 or the card reader 3, and if the personal authentication number is registered, the authentication is performed. Thus, the authentication signal (S ₁ , S ₂ ) is received for a predetermined time. Can be transmitted, and the authentication signals (S ₁ , S ₂ ) can be processed.
Furthermore, it may be configured to perform fingerprint authentication, voice authentication, retina authentication, etc. by inputting data such as fingerprints, voices, retinas, etc. to the ID card 2 or the card reader 3.
Even in such a form, it is possible to prevent spoofing transmission and enhance security.

It is the whole transmission system explanatory drawing. It is a block diagram of an ID chip. It is a block diagram of an ID card. It is a block diagram of a card reader. It is explanatory drawing of pattern conversion constant data. It is a flowchart of the process in an ID chip. It is explanatory drawing of the encryption method in an ID chip. It is explanatory drawing of a starting signal. It is a flowchart of the process in an ID card. It is a flowchart of the process in an ID card. It is explanatory drawing of the decoding method in an ID card. It is explanatory drawing of the decoding method in an ID card. It is explanatory drawing of the encryption method in a card reader. It is explanatory drawing of an authentication signal. It is a flowchart of the process in a card reader. It is explanatory drawing of the decoding method in a card reader. It is explanatory drawing of the decoding method in a card reader. It is whole explanatory drawing of the transmission system which concerns on another Example. It is whole explanatory drawing of the transmission system which concerns on another Example. It is whole explanatory drawing of the transmission system which concerns on another Example.

Explanation of symbols

1 ID chip (starting device), 1a IC chip, 2 ID card (operation device), 3 card reader (authentication device), 4 external device, 100 CPU, 110 storage unit, 111 control program, 112 pattern conversion constant data, 113 ID number data, 120 modulation / demodulation signal processing unit, 130 antenna, 140 capacitor, 200 CPU, 201 input unit, 202 display unit, 210 storage unit, 211 control program, 212 pattern conversion constant data, 213 ID number data, 220, 224 modulation / demodulation Signal processing unit, 230, 234 antenna, 244 capacitor, 300 CPU, 301 input unit, 302 display unit, 303 interface unit, 310 storage unit, 311 control program, 312 pattern conversion constant data, 313 ID number data, 320 modulation / demodulation signal Processing unit, 330 antenna, 350 power, Ax, Ay ID number substitute value, _{C 1} first start signal, _{C 2} second activation signal, S data transmission system, _{S 1} first authentication signal, _{S 2} second authentication signal, x, y, X, Y, z 'conversion constant, z, Z pattern conversion constant, W start signal

Claims (14)

Data is encrypted between at least the first conversion constant or the second conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant between the activation device, the operation device, and the authentication device. A data transmission system for transmitting data
The activation device includes:
First storage means for storing transmission data, the first conversion constant, the second conversion constant, the third conversion constant, and a pattern conversion constant corresponding to the third conversion constant;
Using the second conversion constant, or the second conversion constant and the third conversion constant, the transmission data is encrypted as a first alternative value, and the first conversion constant, or the first conversion constant. And a first encryption means for encrypting the transmission data to a second alternative value using the third conversion constant;
First activation signal generating means for generating a first activation signal including the first substitute value and the first conversion constant;
Second activation signal generation means for generating a second activation signal including the second alternative value, the second conversion constant, and the pattern conversion constant;
Transmission means for transmitting the first activation signal and the second activation signal to the operating device,
The operating device is:
Second storage means for storing the third conversion constant and a pattern conversion constant corresponding to the third conversion constant;
Receiving the first activation signal and the second activation signal, reading the first substitution value and the first conversion constant from the first activation signal, and reading the second substitution value from the second activation signal; First reading means for reading the second conversion constant and the pattern conversion constant;
First replacement means for replacing the pattern conversion constant read by the first reading means with the third conversion constant;
First decryption means for decrypting the first substitute value and the second substitute value into first decrypted data and second decrypted data, respectively, using conversion constants used for encryption;
First authentication means for performing authentication for accepting the first activation signal and the second activation signal based on the first decoded data and the second decoded data;
Selection means for selecting transmission data, the first conversion constant, the second conversion constant, and the third conversion constant;
The second conversion constant selected by the selection means, or the second conversion constant and the third conversion constant are used to encrypt the transmission data into a first alternative value and select the first conversion value selected by the selection means. A second encryption means for encrypting the transmission data to a second alternative value using one conversion constant, or the first conversion constant and the third conversion constant;
First authentication signal generation means for generating a first authentication signal including the first substitute value calculated by the second encryption means and the first conversion constant selected by the selection means;
A second substitution value calculated by the second encryption means, a second conversion constant selected by the selection means, and a pattern conversion constant corresponding to the third conversion constant selected by the selection means. Second authentication signal generating means for generating two authentication signals;
Transmission means for transmitting the first authentication signal and the second authentication signal to the authentication device when the first authentication means is authenticated to accept the first activation signal and the second activation signal. ,
The authentication device
Third storage means for storing the third conversion constant and a pattern conversion constant corresponding to the third conversion constant;
The first authentication signal and the second authentication signal are received and the first alternative value and the first conversion constant are received from the first authentication signal, the second alternative value is obtained from the second authentication signal, the second A second reading means for reading the conversion constant of 2 and the pattern conversion constant;
Second replacement means for replacing the pattern conversion constant read by the second reading means with the third conversion constant;
A second decoding unit that decrypts the first substitute value and the second substitute value read by the second reading unit into first decrypted data and second decrypted data, respectively, using a conversion constant used for encryption; Decryption means;
And second authentication means for performing authentication for accepting the first authentication signal and the second authentication signal based on the first decrypted data and the second decrypted data calculated by the second decryption means. A data transmission system characterized by that.   When the authentication device performs authentication for accepting the first authentication signal and the second authentication signal, the authentication device sends an output signal to an external device based on the first decrypted data or the second decrypted data. 2. The data transmission system according to claim 1, further comprising external output signal transmission means.   The data transmission system according to claim 1, wherein the operation device and the authentication device perform authentication when the first decrypted data and the second decrypted data match.   When the first authentication unit of the controller device is authenticated to accept the first activation signal and the second activation signal, the transmission unit of the controller device transmits the first authentication signal and the first signal only within a predetermined time. 2. The data transmission system according to claim 1, wherein two authentication signals are transmitted. Data is encrypted with at least the first conversion constant or the second conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant between the activation device, the operation device, and the authentication device. A data transmission method for transmitting
The starter encrypts the transmission data into a first alternative value using the second conversion constant, or the second conversion constant and the third conversion constant, or the first conversion constant, or A first encryption step of encrypting the transmission data to a second alternative value using a first conversion constant and the third conversion constant;
A first activation signal generating step of generating a first activation signal including the first substitute value and the first conversion constant by the activation device;
A second activation signal generating step for generating a second activation signal including the second substitute value, the second conversion constant, and the pattern conversion constant by the activation device;
A transmission step of transmitting the first activation signal and the second activation signal to the operating device by the activation device;
The operating device receives the first activation signal and the second activation signal, reads the first alternative value and the first conversion constant from the first activation signal, and reads the first activation signal and the second conversion constant from the second activation signal. A first reading step of reading an alternative value of 2, the second conversion constant, and the pattern conversion constant;
A first conversion unit that replaces the pattern conversion constant read in the first reading step with the third conversion constant based on the pattern conversion constant data in which the pattern conversion constant and the third conversion constant are associated with each other by the operating device; A replacement step;
The operation device decrypts the first substitute value and the second substitute value read in the first reading step into the first decrypted data and the second decrypted data by the conversion constant used for encryption, respectively. A first decoding step to
A first authentication step of performing authentication for accepting the first activation signal and the second activation signal based on the first decoded data and the second decoded data calculated in the first decoding step by the operating device. When,
A selection step of selecting transmission data, the first conversion constant, the second conversion constant, and the third conversion constant by the operation device;
Using the second conversion constant selected in the selection step or the second conversion constant and the third conversion constant by the operation device, the transmission data is encrypted as a first alternative value and selected in the selection step. A second encryption step of encrypting the transmission data to a second alternative value using the first conversion constant or the first conversion constant and the third conversion constant;
A first authentication signal generating step of generating a first authentication signal including the first substitute value calculated in the second encryption step and the first conversion constant selected in the selection step by the operating device;
A pattern conversion constant corresponding to the second substitution value calculated in the second encryption step, the second conversion constant selected in the selection step, and the second conversion constant selected in the selection step by the operation device. A second authentication signal generating step for generating a second authentication signal including:
A transmission step of transmitting the first authentication signal and the second authentication signal to the authentication device by the operation device;
The authentication device receives the first authentication signal and the second authentication signal, and from the first authentication signal, the first substitute value and the first conversion constant, and from the second authentication signal, the second A second reading step of reading the substitute value, the second conversion constant, and the pattern conversion constant;
A second conversion unit that replaces the pattern conversion constant read in the second reading step with the third conversion constant based on the pattern conversion constant data in which the pattern conversion constant is associated with the third conversion constant by the authentication device; A replacement step;
The authentication device decrypts the first substitute value and the second substitute value read in the second reading step into the first decrypted data and the second decrypted data by the conversion constant used for encryption, respectively. A second decoding step,
Second authentication step of performing authentication for accepting the first authentication signal and the second authentication signal based on the first decrypted data and the second decrypted data calculated in the second decrypting step by the authenticating device. And a data transmission method. A data transmission / reception device for transmitting / receiving data encrypted by at least the first conversion constant or the second conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant,
A storage unit for storing the third conversion constant and a pattern conversion constant corresponding to the third conversion constant;
The first conversion value includes the first conversion constant, the first conversion value encrypted using the second conversion constant, or the second conversion constant and the third conversion constant, and the first conversion constant. A second substitution value obtained by encrypting the transmission data using the start signal and the first conversion constant, or the first conversion constant and the third conversion constant, and the second conversion constant; A receiving unit for receiving a second activation signal including a pattern conversion constant corresponding to the third conversion constant;
Reading process for reading the first substitution value and the first conversion constant from the first activation signal and reading the second substitution value, the second conversion constant and the pattern conversion constant from the second activation signal ,
A process of replacing the pattern conversion constant read by the reading process with the third conversion constant;
A decryption process for decrypting the first substitute value and the second substitute value into the first decrypted data and the second decrypted data using the conversion constants used for encryption,
An authentication process for authenticating to accept the first activation signal and the second activation signal based on the first decrypted data and the second decrypted data;
A selection process for selecting transmission data, the first conversion constant, the second conversion constant, and the third conversion constant;
Using the second conversion constant selected by the selection process, or the second conversion constant and the third conversion constant, the transmission data is encrypted into a first alternative value and the first conversion value is selected by the selection process. An encryption process for encrypting the transmission data to the second alternative value using the conversion constant or the first conversion constant and the third conversion constant;
A first authentication signal generation process for generating a first authentication signal including the first substitute value calculated by the encryption process and the first conversion constant selected by the selection process;
Second authentication including a second substitution value calculated by the encryption process, a second conversion constant selected by the selection process, and a pattern conversion constant corresponding to the third conversion constant selected by the selection process A second authentication signal generation process for generating a signal;
A control unit for performing transmission processing for transmitting the first authentication signal and the second authentication signal;
A data transmission / reception apparatus comprising: a transmission unit configured to transmit the first authentication signal and the second authentication signal to the outside.   The data transmission / reception apparatus according to claim 6, wherein the control unit performs the transmission process only within a predetermined time when authentication for accepting the first activation signal and the second activation signal is performed. Data is encrypted between at least the first conversion constant or the second conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant between the activation device, the operation device, and the authentication device. A data transmission system for transmitting data
The activation device includes:
First storage means for storing transmission data, the first conversion constant, the second conversion constant, the third conversion constant, and a pattern conversion constant corresponding to the third conversion constant;
Using the second conversion constant, or the second conversion constant and the third conversion constant, the transmission data is encrypted as a first alternative value, and the first conversion constant, or the first conversion constant. And a first encryption means for encrypting the transmission data to a second alternative value using the third conversion constant;
First activation signal generating means for generating a first activation signal including the first substitute value and the first conversion constant;
Second activation signal generation means for generating a second activation signal including the second alternative value, the second conversion constant, and the pattern conversion constant;
Transmission means for transmitting the first activation signal and the second activation signal to the authentication device,
The operating device is:
Second storage means for storing the third conversion constant and a pattern conversion constant corresponding to the third conversion constant;
Selection means for selecting transmission data, the first conversion constant, the second conversion constant, and the third conversion constant;
The second conversion constant selected by the selection means, or the second conversion constant and the third conversion constant are used to encrypt the transmission data into a first alternative value and select the first conversion value selected by the selection means. A second encryption means for encrypting the transmission data to a second alternative value using one conversion constant, or the first conversion constant and the third conversion constant;
First authentication signal generation means for generating a first authentication signal including the first substitute value calculated by the second encryption means and the first conversion constant selected by the selection means;
A second substitution value calculated by the second encryption means, a second conversion constant selected by the selection means, and a pattern conversion constant corresponding to the third conversion constant selected by the selection means. Second authentication signal generating means for generating two authentication signals;
Transmitting means for transmitting the first authentication signal and the second authentication signal to the authentication device;
The authentication device
Third storage means for storing the third conversion constant and a pattern conversion constant corresponding to the third conversion constant;
Receiving the first activation signal and the second activation signal, reading the first substitution value and the first conversion constant from the first activation signal, and reading the second substitution value from the second activation signal; First reading means for reading the second conversion constant and the pattern conversion constant;
First replacement means for replacing the pattern conversion constant read by the first reading means with the third conversion constant;
First decryption means for decrypting the first substitute value and the second substitute value into first decrypted data and second decrypted data, respectively, using conversion constants used for encryption;
First authentication means for performing authentication for accepting the first activation signal and the second activation signal based on the first decoded data and the second decoded data;
The first authentication signal and the second authentication signal are received and the first alternative value and the first conversion constant are received from the first authentication signal, the second alternative value is obtained from the second authentication signal, the second A second reading means for reading the conversion constant of 2 and the pattern conversion constant;
Second replacement means for replacing the pattern conversion constant read by the second reading means with the third conversion constant;
A second decoding unit that decrypts the first substitute value and the second substitute value read by the second reading unit into first decrypted data and second decrypted data, respectively, using a conversion constant used for encryption; Decryption means;
When the first authentication means is authenticated to accept the first activation signal and the second activation signal, the first decoded data and the second decoded data calculated by the second decoding means A data transmission system comprising: second authentication means for performing authentication based on the first authentication signal and the second authentication signal.   When the authentication device performs authentication for accepting the first authentication signal and the second authentication signal, the authentication device sends an output signal to an external device based on the first decrypted data or the second decrypted data. 9. The data transmission system according to claim 8, further comprising external output signal transmission means.   9. The data transmission system according to claim 8, wherein the operating device and the authentication device perform authentication when the first decrypted data and the second decrypted data match.   When the first authentication unit of the authentication device is authenticated to accept the first activation signal and the second activation signal, the external output signal transmission unit transmits the output signal to the external device only within a predetermined time. The data transmission system according to claim 8. Data is encrypted between at least the first conversion constant or the second conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant between the activation device, the operation device, and the authentication device. A data transmission method for transmitting data
The starter encrypts the transmission data into a first alternative value using the second conversion constant, or the second conversion constant and the third conversion constant, or the first conversion constant, or A first encryption step of encrypting the transmission data to a second alternative value using a first conversion constant and the third conversion constant;
A first activation signal generating step of generating a first activation signal including the first substitute value and the first conversion constant by the activation device;
A second activation signal generating step for generating a second activation signal including the second substitute value, the second conversion constant, and the pattern conversion constant by the activation device;
A transmission step of transmitting the first activation signal and the second activation signal to the authentication device by the activation device;
The authentication device receives the first activation signal and the second activation signal, reads the first alternative value and the first conversion constant from the first activation signal, and reads the first activation signal and the second conversion constant from the second activation signal. A first reading step of reading an alternative value of 2, the second conversion constant, and the pattern conversion constant;
A first conversion unit that replaces the pattern conversion constant read in the first reading step with the third conversion constant based on the pattern conversion constant data in which the pattern conversion constant and the third conversion constant are associated with each other by the authentication device. A replacement step;
The authentication device decrypts the first substitute value and the second substitute value read in the first reading step into the first decrypted data and the second decrypted data by the conversion constant used for encryption, respectively. A first decoding step to
A first authentication step for authenticating the first activation signal and the second activation signal by the authentication device based on the first decoded data and the second decoded data calculated in the first decoding step. When,
A selection step of selecting transmission data, the first conversion constant, the second conversion constant, and the third conversion constant by the operation device;
Using the second conversion constant selected in the selection step or the second conversion constant and the third conversion constant by the operation device, the transmission data is encrypted as a first alternative value and selected in the selection step. A second encryption step of encrypting the transmission data to a second alternative value using the first conversion constant or the first conversion constant and the third conversion constant;
A first authentication signal generating step of generating a first authentication signal including the first substitute value calculated in the second encryption step and the first conversion constant selected in the selection step by the operating device;
A pattern conversion constant corresponding to the second substitution value calculated in the second encryption step, the second conversion constant selected in the selection step, and the second conversion constant selected in the selection step by the operation device. A second authentication signal generating step for generating a second authentication signal including:
A transmission step of transmitting the first authentication signal and the second authentication signal to the authentication device by the operation device;
The authentication device receives the first authentication signal and the second authentication signal, and from the first authentication signal, the first substitute value and the first conversion constant, and from the second authentication signal, the second A second reading step of reading the substitute value, the second conversion constant, and the pattern conversion constant;
A second conversion unit that replaces the pattern conversion constant read in the second reading step with the third conversion constant based on the pattern conversion constant data in which the pattern conversion constant is associated with the third conversion constant by the authentication device; A replacement step;
The authentication device decrypts the first substitute value and the second substitute value read in the second reading step into the first decrypted data and the second decrypted data by the conversion constant used for encryption, respectively. A second decoding step,
When the authentication device is authenticated to accept the first activation signal and the second activation signal in the first authentication step, the first decrypted data calculated in the second decryption step and a second A data transmission method comprising: a second authentication step of performing authentication for accepting the first authentication signal and the second authentication signal based on decrypted data. A data receiving device that receives transmission data encrypted by at least the first conversion constant or the second conversion constant among the first conversion constant, the second conversion constant, and the third conversion constant,
A storage unit for storing the third conversion constant and a pattern conversion constant corresponding to the third conversion constant;
The first conversion value includes the first conversion constant, the first conversion value encrypted using the second conversion constant, or the second conversion constant and the third conversion constant, and the first conversion constant. A second substitution value obtained by encrypting the transmission data using the activation signal, the first authentication signal, and the first conversion constant, or the first conversion constant and the third conversion constant; A receiving unit that receives a second activation signal and a second authentication signal, each of which includes a conversion constant of the second conversion signal and a pattern conversion constant corresponding to the third conversion constant;
The first substitution value and the first conversion constant are read from the first activation signal and the first authentication signal, and the second substitution value and the second substitution value are obtained from the second activation signal and the second authentication signal. A reading process for reading the conversion constants and the pattern conversion constants,
A process of replacing the pattern conversion constant read by the reading process with the third conversion constant;
A decryption process for decrypting the first substitute value and the second substitute value into the first decrypted data and the second decrypted data using the conversion constants used for encryption,
When authentication for accepting the first activation signal and the second activation signal is performed based on the first decoded data and the second decoded data, the first authentication signal and the second authentication signal And a control unit for performing authentication processing for performing authentication for accepting the data.   The control unit performs authentication for accepting the first authentication signal and the second authentication signal only within a predetermined time when authentication for accepting the first activation signal and the second activation signal is performed. Item 14. The data receiving device according to Item 13.

Images