JP4781890B2 - Communication method and communication system - Google Patents

Description

  The present invention relates to a communication method and a communication apparatus suitable for data communication between a wireless terminal station and a wireless base station, and in particular, can perform authentication and encryption with high security between mutual wireless stations. It relates to what was made.

  2. Description of the Related Art Conventionally, in performing wireless terminal station authentication and encryption in a wireless communication system, common data that changes with time is generated between the wireless terminal station and the wireless base station. For example, in the case of authentication by CHAP (Challenge Handshake Authentication Protocol), as described in Non-Patent Document 1, the wireless base station transmits a different random challenge code to the wireless terminal station each time. A response code is generated from the random code and a key shared in advance between the radio base station and transmitted to the radio base station. The radio base station performs the same calculation, compares the transmitted response code with the result calculated by the radio base station, and if they match, gives authentication as a correct radio terminal station.

There is also a method in which time synchronization is performed between a wireless terminal station and a wireless base station, and a random code (one-time password) generated in conjunction with the time is used as a key. In this method, it is necessary to improve the accuracy of time synchronization, and GPS (Global Positioning System) may be used as the mechanism.
“User Authentication System”, [online], 2002, Information-technology Promotion Agency, Japan (searched on February 21, 2006), Internet <URL: http://www.ipa.go.jp/security/awareness/ administrator / remote / capter6 / 5.html>

  However, the following problems occur in the above-described conventional technology. In the case of CHAP, it is necessary to transmit a random challenge code as information necessary for generating an authentication code from the wireless base station to the wireless terminal station. Since the random code is transmitted in plain text, the challenge code and the response There is a security concern that the code can guess the key by dictionary attack. Further, since the challenge code is transmitted, there is a problem that a bandwidth for data transfer is consumed and extra time is required.

  On the other hand, in the case of the one-time password method, in order to generate common data that varies depending on the time between the wireless terminal station and the wireless base station in the authentication and encryption of the wireless terminal station, the wireless terminal station and the wireless base station It is necessary to have a clock between stations, and in order to synchronize the clock independently, it is necessary to maintain the accuracy of each clock. In addition, there is a method of installing GPS as a method of acquiring accurate time information, but there are problems of power consumption and installation space when installing in a wireless terminal station.

  In view of the above-described problems, the present invention provides a communication method and a communication apparatus capable of improving security without exchanging special information for authentication or encryption between apparatuses or adding a special apparatus. The purpose is to provide.

In order to solve the above-described problem, the present invention performs transmission / reception while guaranteeing using the parameters of each other when performing guaranteed transmission / reception between the first communication device and the second communication device. In the communication method, a frame number when a time slot allocation request is transmitted from the first communication device to the second communication device on each of the first communication device side and the second communication device side. Obtained as first common information, a frame number when an allocation slot is notified from the second communication device to the first communication device is obtained as second common information, and the first communication device And a first time that is a parameter that varies in a time-dependent manner in common between the first communication device and the second communication device from the first common information acquired by the second communication device. The variation parameter The first communication device and the second communication device that are generated and acquired by the first communication device and the second communication device, respectively, are common between the first communication device and the second communication device and depend on time. Then, a second time variation parameter that becomes a variable parameter is generated, respectively.

The present invention is characterized in that, as the second common information, in addition to the frame number when the assigned slot is notified, the notified slot number is further acquired .

The present invention, the first communication device, calculated by calculating a reference code by the first specific functions using the first time-varying parameter, the second communication device, wherein the first time varying determined by calculation authentication code by the first specific function using the parameter, and sends an authentication code calculated in the first communication device, the first communication device is transmitted from the second communication device that receives the authentication code, have rows authentication based on whether the received authentication code and the reference code match, the first communication device, the second specific using said second time varying parameters An authentication code is obtained by calculation using a function, and the obtained authentication code is transmitted to the second communication device, and the second communication device uses the second time variation parameter to determine the second unique function. By reference code Determined by calculation, the second communication device, characterized by performing authentication based on whether the first receiving the authentication code transmitted from the communication device, the received authentication code and the reference code matches Is a communication method.

According to the present invention, the first communication device obtains a first encryption key used for data encryption by a first unique encryption generation function using the first time variation parameter, and calculates the second The communication apparatus obtains a first encryption key used for data decryption by the first inherent encryption generation function using the first time variation parameter, and the first communication apparatus Data is encrypted with a first encryption key and transmitted to the second communication device, and the second communication device transmits the encrypted data received from the first communication device to the first encryption key. The first communication device uses the second time variation parameter to obtain a second encryption key to be used for data decryption by a second inherent encryption generation function, and the second communication key The communication device of the second time variation A second encryption key used for data encryption is obtained by calculation using the second unique encryption generation function using a parameter, and the second communication device encrypts data using the second encryption key. Transmitting to the first communication device, wherein the first communication device decrypts encrypted data received from the second communication device with the second encryption key. It is.

The present invention is a communication system that performs transmission / reception while performing guarantee using parameters that each other has when performing transmission / reception guaranteed between the first communication apparatus and the second communication apparatus, The communication device and the second communication device acquire, as first common information, a frame number when a time slot allocation request is transmitted from the first communication device to the second communication device . From the acquisition unit that acquires the frame number when the allocation slot is notified from the communication device to the first communication device as the second common information, and from the first common information acquired by the acquisition unit, the first From the first time variation parameter that is common between the first communication device and the second communication device and varies depending on time, and the second common information acquired by the acquisition unit, The first A communication unit comprising: a generation unit that generates a second time variation parameter that is a parameter that varies in common with the communication device and the second communication device, and that varies depending on time. System.

In the present invention, the acquisition unit further acquires the notified slot number in addition to the frame number when the allocation slot is notified as the second common information.

In the present invention, the first communication device is transmitted from the second communication device and a reference code calculating unit that calculates a reference code by a first specific function using the first time variation parameter. An authentication unit that performs authentication based on whether the received authentication code matches the reference code, and an authentication code by a second specific function using the second time variation parameter An authentication code calculation unit obtained by calculation; and a transmission unit for transmitting the authentication code to the second communication device, wherein the second communication device uses the first time variation parameter to An authentication code calculation unit that calculates an authentication code by a unique function, a transmission unit that transmits the authentication code to the first communication device, and the second time-varying parameter A reference code calculation unit that calculates a reference code by a second unique function, an authentication code transmitted from the first communication device, and whether the received authentication code matches the reference code And an authentication unit that performs authentication based on the authentication unit.

In the present invention, the first communication device obtains a first encryption key to be used for data encryption by a first unique encryption generation function using the first time variation parameter, and calculates the second An encryption key calculation unit that calculates a second encryption key to be used for data decryption by a second unique encryption generation function using the time variation parameter of the data, and encrypts the data with the first encryption key, and An encryption unit for transmitting to the second communication device; and a decryption unit for decrypting encrypted data received from the second communication device with the second encryption key. The communication apparatus obtains a first encryption key to be used for data decryption by the first inherent encryption generation function using the first time variation parameter, and uses the second time variation parameter. Said second intrinsic darkness An encryption key calculation unit for calculating a second encryption key used for data encryption by a generation function, and a decryption for decrypting encrypted data received from the first communication device with the first encryption key And an encryption unit that encrypts data using the second encryption key and transmits the encrypted data to the first communication device.

  According to the present invention, when performing guaranteed transmission / reception between the first communication apparatus and the second communication apparatus, the first communication is performed by performing transmission / reception while guaranteeing using the parameters that are included in each other. The common information which is common on both the device side and the second communication device side and fluctuates depending on the time is acquired, and the first communication is obtained from the common information acquired by the first communication device and the second communication device. A time variation parameter which is common between the device and the second communication device and which varies depending on time is generated. As the common information, a frame number for time division multiplex communication control or a slot number for time division multiplex communication control is used. As a result, it is not necessary to directly communicate data, and it is not necessary to install a high-accuracy clock or GPS, and a time-variable parameter that is a time-variable parameter that is common to both sides of communication is generated. Can do.

  According to the present invention, when performing transmission / reception between the first communication device and the second communication device, the first communication device is a communication that performs transmission / reception accompanied by authentication based on the parameters that each other has. Common information that varies in common with other communication devices and that varies depending on time is acquired, and a first time variation parameter that is a parameter that varies depending on time is generated from the acquired common information and generated. A reference code is obtained by calculation using a unique function using the first time variation parameter, and the second communication device acquires common information that is common with the first communication device and varies depending on time. Then, a second time variation parameter that is a parameter that varies depending on time is generated from the acquired common information, and an authentication code is obtained by calculation using a unique function using the generated second time variation parameter. The The authentication code is transmitted to the first communication device, the first communication device receives the authentication code transmitted from the second communication device, and performs authentication based on whether the received authentication code matches the reference code. Like to do. As described above, the first communication device and the second communication device share the common information that varies depending on the time, and the first and second parameters that vary from the acquired common information depending on the time. By generating the second time variation parameter and performing authentication, authentication with high security can be performed. In the present invention, since the challenge code is not transmitted in plain text, the security can be improved. In addition, since data communication for authentication is unnecessary, a communication band can be effectively secured, and a highly accurate clock and GPS are not required, so that the communication device can be reduced in size and power can be saved.

  According to the present invention, in communication in which data encrypted with an encryption key is transmitted / received between a first communication device and a second communication device, the first communication device communicates with the second communication device. Common information that fluctuates depending on time is acquired, a first time fluctuation parameter that is a parameter that fluctuates depending on time is generated from the acquired common information, and the generated first time fluctuation parameter is generated And the second communication device is common to the first communication device and fluctuates depending on time. And generating a second time variation parameter, which is a parameter that varies depending on time, from the acquired common information, and decrypting the data using a unique encryption key generation function using the generated second time variation parameter Encryption key used for The first communication device encrypts the data with the encryption key used for encryption and transmits it to the second communication device, and the second communication device receives the encrypted data received from the first communication device. Data is decrypted with an encryption key used for decrypting the data. As described above, the first communication device and the second communication device share the common information that varies depending on the time, and the first and second parameters that vary from the acquired common information depending on the time. Encryption with high security can be performed by generating the second time variation parameter and performing encryption. In the present invention, since information for generating a key is not transmitted in plain text, security can be improved. In addition, since data communication for key generation is unnecessary, a communication band can be effectively secured, and a highly accurate clock and GPS are not required, so that the communication device can be reduced in size and power can be saved.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
(First embodiment)
FIG. 1 shows an outline of a wireless communication system to which the present invention can be applied. In FIG. 1, 1 is a radio base station, 2a, 2b, 2c,... Are radio terminal stations, which correspond to the communication device, the first communication device, and the second communication device of the present invention. Become. The wireless base station 1 performs wireless communication with the wireless terminal stations 2a, 2b, 2c,... In the surrounding area 3 by a TDMA (Time Division Multiple Access) communication method. .

  The TDMA system performs data communication by time-dependent communication control. That is, in the TDMA communication system, as shown in FIG. 2, frames for every predetermined time are set for one communication path. Each frame is divided into a plurality of time slots. A time slot is assigned for each communication, and data is transmitted and received at the timing of the assigned time slot. As shown in FIG. 2, each frame is given a frame number. Each time slot is assigned a slot number.

  In FIG. 1, when a radio terminal station that communicates with the radio base station 1 among the radio terminal stations 2a, 2b, 2c,... Communicates with the radio base station 1, first, the radio base station 1 1 transmits a time slot allocation request. Upon receiving the time slot allocation request, the radio base station 1 determines whether there is an assignable time slot, and if there is an assignable time slot, the radio terminal station 2a, 2b, 2c,... Then, data communication is performed between the radio base station 1 and the radio terminal stations 2a, 2b, 2c,... Using the assigned time slot.

  In the first embodiment of the present invention, authentication processing is performed when communication is performed between the radio base station 1 and the radio terminal stations 2a, 2b, 2c,. Only when the validity is confirmed as a result of the authentication, the radio base station 1 and the radio terminal stations 2a, 2b, 2c,... Are connected, and the radio base station 1 and the radio terminal stations 2a, 2b,. Data communication is performed with 2c,.

  For authentication between the radio base station 1 and the radio terminal stations 2a, 2b, 2c,..., Both the radio base station 1 and the radio terminal stations 2a, 2b, 2c,. Information that varies depending on a common time is used. The information that varies depending on the time common to both parties performing the communication is specifically the frame number or slot number of the TDMA system.

  That is, in the first embodiment of the present invention, data communication is performed between the radio base station 1 and the radio terminal stations 2a, 2b, 2c,. In the TDMA communication system, frames and time slots are numbered as shown in FIG. The frame number of the TDMA communication system and the slot number of the time slot are values common to both wireless stations that perform communication when performing wireless communication. Also, the frame number and slot number change with time. Therefore, the frame number and the slot number can be time-variable parameters depending on the time common to both the radio base station 1 and the radio terminal stations 2a, 2b, 2c,.

  In the first embodiment of the present invention, a common time variation parameter for authentication is generated using a frame number and a slot number. A common time variation parameter may be generated using only the frame number, or a common time variation parameter may be generated using only the slot number. Furthermore, a common time variation parameter may be generated using both the frame number and the slot number.

  FIG. 3 shows an outline of the authentication processing according to the first embodiment of the present invention. For example, it is assumed that the wireless terminal station 2a communicates with the wireless base station 1. In this case, in FIG. 3, the time variation parameter T is generated from the frame number and slot number on the wireless terminal station 2a side (step ST1). Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST2).

  On the other hand, on the radio base station 1 side, a frame number and a slot number are acquired, and a time variation parameter T is generated from the acquired frame number and slot number (step ST3).

  When performing authentication, an authentication code v (v = f (T)) is sent from the wireless terminal station 2a to the wireless base station 1, and an authentication request is made (step ST4). In the radio base station 1, the reference code v ′ (v ′ = f (T)) is obtained by using the function f (t) similar to that on the radio terminal station 2a side using the time variation parameter T acquired in step ST3. Calculation is performed (step ST5). Then, the authentication code v (v = f (T)) sent from the wireless terminal station 2a is compared with the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1. (Step ST6). If the authentication code v (v = f (T)) sent from the wireless terminal station 2a matches the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1 Then, it is determined that the validity of the wireless terminal station 2a is confirmed in the wireless base station 1, and if they do not match, it is determined that the validity cannot be confirmed. This authentication result is transmitted from the radio base station 1 to the radio terminal station 2a (step ST7). When the authentication is established, data transmission / reception is performed between the radio base station 1 and the radio terminal station 2a (step ST8).

  Here, the function f (t) used for authentication is a function agreed in advance by both parties performing communication. Since information generated by this function flows to the outside by wireless communication, it is desirable to use a one-way function in consideration of confidentiality. Moreover, since a different value is output for each trial, the function depends on time. Further, the function f (t) may include a variable for specifying a device or a user, such as a terminal ID or a password. The function f (t) may include an arbitrary n number of variables in addition to a time-dependent parameter such as a frame number.

  As described above, in the first embodiment of the present invention, the time variation parameter is generated from the frame number and the slot number in both communication, and authentication is performed using this. By using a time variation parameter common to both of these, authentication with higher security can be performed.

  Next, the authentication process according to the first embodiment of the present invention will be described in more detail. 4 and 5 show a more specific sequence of authentication processing according to the first embodiment of the present invention.

  FIG. 4 shows an example in which authentication is performed by generating a common time variation parameter for both using the frame number at the time when the time slot allocation request is made.

  In FIG. 4, each frame is divided into a plurality of time slots. A beacon is broadcast from the radio base station 1 in the first time slot SS of each frame. The wireless terminal stations 2a, 2b, 2c,... Can maintain frame synchronization by receiving this beacon.

  The time slot CS is a control time slot. The frame number is transmitted, for example, included in this control time slot. Time slots S1, S2,... Are communication time slots. The time slot AS is a time slot for access. A time slot allocation request from the wireless terminal stations 2a, 2b, 2c,... To the wireless base station 1 is made using this access time slot AS.

  In FIG. 4, for example, it is assumed that the wireless terminal station 2 a communicates with the wireless base station 1. In this case, the wireless terminal station 2a transmits a time slot allocation request to the wireless base station 1 using the access time slot AS (step ST11).

  When receiving the time slot allocation request from the radio terminal station 2a in step ST11, the radio base station 1 determines whether the time slot can be allocated. If the allocation is possible, the radio base station 1 sets the allocation slot to the radio terminal station 2a. (Step ST12).

  Then, the wireless terminal station 2a acquires the frame number when the time slot allocation request is transmitted, and generates the time variation parameter T from the frame number (step ST13). In this case, since the frame at the time when the time slot allocation request is transmitted (the time at step ST11) is the frame k, the time variation parameter T is generated by the frame number corresponding to the frame k. Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST14).

  On the other hand, in the radio base station 1, the frame number when the time slot allocation request from the radio terminal station 2a is received is acquired, and the time variation parameter T is generated from the acquired frame number (step ST15). In this case, since the frame at the time when the time slot allocation request is transmitted (the time at step ST11) is the frame k, the time variation parameter T is generated by the frame number corresponding to the frame k. Then, using this time variation parameter T, a reference code v ′ (v ′ = f (T)) is calculated by a unique function f (t) similar to step ST14 (step ST16).

  At the time of authentication, the authentication code v (v = f (T)) obtained in step ST14 is transmitted from the wireless terminal station 2a to the wireless base station 1 using the allocated time slot Sm ( Step ST17).

  When the wireless base station 1 receives the authentication code v sent from the wireless terminal station 2a, the wireless base station 1 compares the reference code v ′ obtained by the wireless base station 1 in step ST16 with the received authentication code v, Authentication is performed (step ST18). Here, if the received authentication code v and the reference code v ′ match, it is determined that the validity is confirmed. If the received authentication code v and the reference code v ′ do not match, the validity is confirmed. It is determined that it is not possible.

  The next allocation slot is notified from the radio base station 1 to the radio terminal station 2a (step ST19), and an authentication response notification is transmitted to the radio terminal station 2a using the allocated time slot Sm (step ST20). ).

  If the validity is confirmed as a result of the authentication, the radio base station 1 notifies the radio terminal station 2a of the allocation slot (step ST21), and the radio base station 1 uses the allocated slot. Data is transmitted / received to / from the wireless terminal station 2a (step ST22).

  FIG. 5 shows an example in which authentication is performed by generating a common time variation parameter using the frame number and slot number when the slot assignment is notified.

  In FIG. 5, for example, it is assumed that the wireless terminal station 2 a communicates with the wireless base station 1. In this case, the wireless terminal station 2a transmits a time slot allocation request to the wireless base station 1 using the access time slot AS (step ST31).

  When the radio base station 1 receives the time slot allocation request from the radio terminal station 2a in step ST31, the radio base station 1 determines whether the time slot can be allocated. If the allocation is possible, the radio base station 1 sets the allocation slot to the radio terminal station 2a. (Step ST32).

  Then, in the wireless terminal station 2a, the frame number at the time of receiving the time slot assignment notification to the wireless terminal station 2a and the notified slot number are acquired, and the time variation parameter T is generated from the acquired frame number and slot number. (Step ST33).

  In this case, as shown in FIG. 5, since the frame at the time of receiving the time slot assignment notification (step ST32) is (k + 1), the frame number corresponding to the frame (k + 1) is acquired. Since the assigned time slot is Sm, the slot number corresponding to the time slot Sm is acquired. As a result, the time variation parameter T is generated.

  Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST34).

  On the other hand, the radio base station 1 acquires the frame number at the time of transmitting the time slot allocation notification and the notified slot number, and generates the time variation parameter T from the frame number and the slot number (step ST35).

  In this case, as shown in FIG. 5, since the frame at the time of receiving the time slot assignment notification (step ST32) is (k + 1), the frame number corresponding to the frame (k + 1) is acquired. Since the assigned time slot is Sm, the slot number corresponding to the time slot Sm is acquired. As a result, the time variation parameter T is generated.

  Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST36).

  At the time of authentication, the wireless terminal station 2a transmits the authentication code v (v = f (T)) obtained in step ST34 to the wireless base station 1 using the assigned time slot Sm ( Step ST37).

  When the wireless base station 1 receives the authentication code v sent from the wireless terminal station 2a, the wireless base station 1 compares the reference code v ′ obtained on the wireless base station 1 side with the received authentication code v in step ST36. Authentication is performed (step ST38). Here, if the received authentication code v and the reference code v ′ match, it is determined that the validity is confirmed. If the received authentication code v and the reference code v ′ do not match, the validity is confirmed. It is determined that it is not possible.

  The next allocation slot is notified from the radio base station 1 to the radio terminal station 2a (step ST39), and an authentication response notification is transmitted to the radio terminal station 2a using the allocated time slot Sn (step ST40). ).

  If the validity is confirmed as a result of the authentication, the radio base station 1 notifies the radio terminal station 2a of the assigned slot (step ST41), and the radio base station 1 uses the assigned slot. Data is transmitted / received to / from the wireless terminal station 2a (step ST42).

  In FIG. 6, as described above, the wireless base station 1 and the wireless terminal stations 2a and 2b are configured to generate a common time variation parameter for both communicating from the frame number and the slot number, and to perform authentication using the parameter. It is a functional block diagram based on operation | movement of 2c, 2d, ....

  In FIG. 6, the radio base station 1 includes a transmission / reception unit 11, a communication control unit 12, a data processing unit 13, and a slot management unit 14.

  The transceiver unit 11 includes a circuit that modulates transmission data and transmits it at a desired carrier frequency, and a circuit that receives a signal at a desired carrier frequency and demodulates the received signal. The communication control unit 12 controls data transmission / reception by the TDMA communication method. The data processing unit 13 processes data transmitted / received to / from the wireless terminal stations 2a, 2b, 2c,. The slot management unit 14 manages time slots used in the area 3 around the radio base station 1.

  The communication control unit 12 includes a frame number acquisition unit 15 and a slot number acquisition unit 16. The frame number and slot number can be acquired by the frame number acquisition unit 15 and the slot number acquisition unit 16. The frame number acquisition unit 15 and the slot number acquisition unit 16 serve as a time variation information acquisition unit that acquires common information that varies depending on time.

  The frame number and slot number acquired by the frame number acquisition unit 15 and the slot number acquisition unit 16 are stored in the storage unit 17. Then, the time variation parameter generation unit 18 generates a time variation parameter T from the acquired frame number and slot number. The reference code calculation unit 19 calculates the reference code v ′ (v ′ = f (T)) by using the unique function f (t) using the time variation parameter T generated by the time variation parameter generation unit 18. The At the time of authentication, the parameter evaluation unit 20 compares the reference code v ′ obtained at the radio base station 1 by the time variation parameter generation unit 18 and the reference code calculation unit 19 with the received authentication code v to perform authentication. .

  The wireless terminal stations 2a, 2b, 2c,... Have a transmission / reception unit 31, a communication control unit 32, and a data processing unit 33.

  The transmission / reception unit 31 includes a circuit that modulates transmission data and transmits it at a desired carrier frequency, and a circuit that receives a signal at a desired carrier frequency and demodulates the received signal. The communication control unit 32 controls transmission / reception of data by the TDMA communication method. The data processing unit 33 performs processing of data transmitted / received to / from the radio base station 1.

  The communication control unit 32 includes a frame number acquisition unit 35 and a slot number acquisition unit 36. The frame number acquisition unit 35 and the slot number acquisition unit 36 can acquire the frame number and the slot number.

  The frame number and slot number acquired by the frame number acquisition unit 35 and the slot number acquisition unit 36 are stored in the storage unit 37. Then, the time variation parameter generation unit 38 generates the time variation parameter T from the acquired frame number and slot number. The authentication code calculation unit 39 calculates the authentication code v (v = f (T)) by using the unique function f (t) using the time variation parameter T generated by the time variation parameter generation unit 38.

  At the time of authentication, the authentication code v (v = f (T)) obtained by the authentication code calculation unit 39 on the wireless terminal stations 2a, 2b, 2c,... Is transmitted to the wireless base station 1. Then, the parameter evaluation unit 20 on the radio base station 1 side sends the reference code v ′ obtained by the reference code calculation unit 19 on the radio base station 1 side and the radio terminal stations 2a, 2b, 2c,. The authentication code v is compared, and authentication is performed using the comparison result.

  As described above, according to the first embodiment of the present invention, a common time variation parameter is generated by both parties performing communication from the frame number and slot number, and authentication is performed using this. Like to do. By using such a time variation parameter, authentication with higher safety can be performed. In the first embodiment of the present invention, data such as a challenge code and time information is not directly communicated in advance, the time required for transmission / reception can be shortened, and the traffic volume is not increased. Also, there is no security concern because the parameters are not communicated and exchanged directly. Further, since the radio base station 1 and each radio terminal station 2a, 2b, 2c,... Use the frame number and slot number used for connection as time information, the radio terminal does not have a highly accurate time synchronization mechanism. The station can be reduced in size and power consumption.

(Second Embodiment)
FIG. 7 shows an outline of the authentication processing according to the second embodiment of the present invention. In the first embodiment described above, one-way authentication is performed in which an authentication request is sent from the wireless terminal stations 2a, 2b, 2c,... To the wireless base station 1, and authentication is performed on the wireless base station 1 side. On the other hand, in this embodiment, bidirectional authentication between terminal authentication on the radio base station 1 side and base station authentication on the radio terminal stations 2a, 2b, 2c,.

  In FIG. 7, for example, it is assumed that the wireless terminal station 2 a communicates with the wireless base station 1. In this case, the time variation parameter T is generated from the frame number and slot number on the wireless terminal station 2a side (step ST51). Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST52).

  On the other hand, on the radio base station 1 side, a frame number and a slot number are acquired, and a time variation parameter T is generated from the acquired frame number and slot number (step ST53).

  When authenticating the wireless terminal station, an authentication code v (v = f (T)) is sent from the wireless terminal station 2a to the wireless base station 1, and an authentication request is made (step ST54). In the radio base station 1, the reference code v ′ (v ′ = f (T)) is obtained by using the function f (t) similar to that on the radio terminal station 2a side using the time variation parameter T acquired in step ST53. Calculation is performed (step ST55). Then, the authentication code v (v = f (T)) sent from the wireless terminal station 2a is compared with the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1. (Step ST56). If the authentication code v (v = f (T)) sent from the wireless terminal station 2a matches the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1 Then, it is determined that the validity of the wireless terminal station 2a is confirmed in the wireless base station 1, and if they do not match, it is determined that the validity cannot be confirmed. Then, the authentication result is transmitted from the radio base station 1 to the radio terminal station 2a (step ST57).

  When performing authentication of the radio base station, an authentication code w (w = g (T)) is calculated from the unique function g (t) using the time variation parameter T generated in step ST53 ( Step ST58). Then, an authentication code w (w = g (T)) is sent from the wireless base station 1 to the wireless terminal station 2a, and an authentication request is made (step ST59).

  In the wireless terminal station 2a, the reference code w ′ (w ′ = g (T)) is obtained from the unique function g (t) similar to that on the wireless base station 1 side using the time variation parameter T acquired in step ST51. Calculation is performed (step ST60). Then, the authentication code w (w = g (T)) sent from the radio base station 1 and the reference code w ′ (w ′ = g (T)) obtained by the radio terminal station 2a in step ST60 are obtained. Comparison is made (step ST61). If the authentication code w (w = g (T)) sent from the wireless base station 1 and the reference code w ′ (w ′ = g (T)) obtained on the wireless terminal station 2a side match. If it does not match, it is determined that the correctness cannot be confirmed. The authentication result is transmitted from the wireless terminal station 2a to the wireless base station 1 (step ST62). When bidirectional authentication is established between the radio base station 1 and the radio terminal station 2a, data transmission / reception is performed between the radio base station 1 and the radio terminal station 2a (step ST63).

  Here, the function g (t) used for authentication is a function agreed in advance by both parties performing communication. Since information generated by this function flows to the outside by wireless communication, it is desirable to use a one-way function in consideration of confidentiality. Moreover, since a different value is output for each trial, the function depends on time. Further, the function g (t) may include a variable for specifying a device or a user, such as a terminal ID or a password. The function g (t) may include an arbitrary n number of variables in addition to a time-dependent parameter such as a frame number.

  In the example of FIG. 7, the same timing is used for terminal station authentication on the radio base station 1 side and base station authentication on the radio terminal stations 2a, 2b, 2c,... (Timing of steps ST51 and ST53). The authentication code and the reference code are obtained by using the time variation parameter acquired in step 1. However, as shown in FIG. 8, the timing for acquiring the time variation parameter differs between the terminal station authentication and the base station authentication. You may make it.

  In FIG. 8, for example, it is assumed that the wireless terminal station 2 a communicates with the wireless base station 1. In this case, the time variation parameter T is generated from the frame number and slot number on the wireless terminal station 2a side (step ST71). Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST72).

  On the other hand, on the radio base station 1 side, a frame number and a slot number are acquired, and a time variation parameter T is generated from the acquired frame number and slot number (step ST73).

  When authenticating the wireless terminal station, an authentication code v (v = f (T)) is sent from the wireless terminal station 2a to the wireless base station 1, and an authentication request is made (step ST74). In the radio base station 1, the reference code v ′ (v ′ = f (T)) is obtained by using the function f (t) similar to that on the radio terminal station 2a side using the time variation parameter T acquired in step ST73. Calculation is performed (step ST75). Then, the authentication code v (v = f (T)) sent from the wireless terminal station 2a and the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1 in step ST75 are obtained. Comparison is made (step ST76). If the authentication code v (v = f (T)) sent from the wireless terminal station 2a matches the reference code v ′ (v ′ = f (T)) obtained on the wireless base station 1 side. For example, it is determined that the validity of the wireless terminal station 2a is confirmed in the wireless base station 1, and if they do not match, it is determined that the validity cannot be confirmed. Then, the authentication result is transmitted from the wireless base station 1 to the wireless terminal station 2a (step ST77).

  When authenticating the radio base station, the radio base station 1 generates a time variation parameter T from the frame number and slot number (step ST78). Using the time variation parameter T generated in step ST78, an authentication code w (w = g (T)) is calculated by a unique function g (t) (step ST79). Further, the wireless terminal station 2a generates a time variation parameter T from the frame number and slot number (step ST80).

  Then, an authentication code w (w = g (T)) is sent from the wireless base station 1 to the wireless terminal station 2a, and an authentication request is made (step ST81).

  In the wireless terminal station 2a, the reference code w ′ (w ′ = g (T)) is obtained from the unique function g (t) similar to that on the wireless base station 1 side using the time variation parameter T acquired in step ST80. Calculation is performed (step ST82). Then, the authentication code w (w = g (T)) sent from the radio base station 1 is compared with the reference code w ′ (w ′ = g (T)) obtained by the radio terminal station 2a. (Step ST83). The authentication code w (w = g (T)) sent from the wireless base station 1 matches the reference code w ′ (w ′ = g (T)) obtained by the wireless terminal station 2a in step ST82. If so, it is determined that the validity has been confirmed. If they do not match, it is determined that the validity cannot be confirmed. Then, this authentication result is transmitted from the wireless terminal station 2a to the wireless base station 1 (step ST84). When two-way authentication is established between the radio base station 1 and the radio terminal station 2a, data transmission / reception is performed between the radio base station 1 and the radio terminal station 2a (step ST85).

  FIG. 9 is a functional block diagram based on the operations of the radio base station 1 and the radio terminal stations 2a, 2b, 2c,... In the second embodiment of the present invention.

  As shown in FIG. 9, in the second embodiment of the present invention, the wireless base station 1 includes a terminal authentication reference code calculation unit 21, a base station authentication authentication code so that bidirectional authentication can be performed. A calculation unit 22 is provided. The terminal authentication reference code calculation unit 21 uses the terminal authentication function f (t) from the time variation parameter T generated by the time variation parameter generation unit 18 to perform terminal authentication reference code v ′ (v ′ = f). (T)). The base station authentication authentication code calculation unit 22 uses the time variation parameter T generated by the time variation parameter generation unit 18 by the base station authentication function g (t) to authenticate the authentication code w (w = w = g (T)).

  Further, the wireless terminal stations 2a, 2b, 2c,... Are provided with a terminal authentication authentication code calculation unit 41, a base station authentication reference code calculation unit 42, and a parameter evaluation unit 43. The terminal authentication authentication code calculation unit 41 uses the terminal authentication function f (t) from the time variation parameter T generated by the time variation parameter generation unit 38 to perform the terminal authentication authentication code v (v = f (T )). The base station authentication reference code calculation unit 42 uses the time variation parameter T generated by the time variation parameter generation unit 38 and the base station authentication reference code w ′ (w) using the base station authentication function g (t). '= G (T)).

  In the second embodiment of the present invention, when authenticating the terminal station, the authentication code v (v = f (T)) obtained by the terminal authentication authentication code calculation unit 41 of the wireless terminal station 2 is wireless. The data is transmitted from the terminal station 2 to the radio base station 1. Then, in the parameter evaluation unit 20 of the radio base station 1, the authentication code v (v = f (T)) from the radio terminal station 2 and the reference code v ′ (v ′ = v ′ = terminal authentication reference code calculation unit 21). f (T)) and the wireless terminal station is authenticated based on the comparison result.

  When authenticating the radio base station, the authentication code w (w = g (T)) obtained by the base station authentication code calculating unit 22 of the radio base station 1 is obtained from the radio base station 1 to the radio terminal station 2a, 2b, 2c,... Then, in the parameter evaluation unit 43, the authentication code w (w = g (T)) from the radio base station 1 and the reference code w ′ (w ′ = g (T)) from the base station authentication reference code calculation unit 42 ) And the wireless base station is authenticated based on the comparison result.

  Other configurations are the same as those in the first embodiment described above, and a description thereof is omitted.

(Third embodiment)
FIG. 10 shows an outline of the authentication processing according to the third embodiment of the present invention. In the first and second embodiments described above, a common time variation parameter is generated from both the frame number and the slot number, and authentication is performed using this. In this embodiment, an encryption key is generated using the common time variation parameter, and data is transmitted and received after being encrypted.

  In FIG. 10, for example, it is assumed that the wireless terminal station 2 a communicates with the wireless base station 1. In this case, the time variation parameter T is generated from the frame number and slot number on the wireless terminal station 2a side (step ST101). Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST102).

  On the other hand, on the radio base station 1 side, a frame number and a slot number are acquired, and a time variation parameter T is generated from the acquired frame number and slot number (step ST103).

  When performing authentication, an authentication code v (v = f (T)) is sent from the wireless terminal station 2a to the wireless base station 1, and an authentication request is made (step ST104). In the radio base station 1, the reference code v ′ (v ′ = f (T)) is obtained by using the function f (t) similar to that on the radio terminal station 2a side using the time variation parameter T acquired in step ST103. Calculation is performed (step ST105). Then, the authentication code v (v = f (T)) sent from the wireless terminal station 2a is compared with the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1. (Step ST106).

  If the authentication code v (v = f (T)) sent from the wireless terminal station 2a matches the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1 It is determined that the legitimacy has been confirmed. If they do not match, it is determined that the legitimacy cannot be confirmed. Then, the authentication result is transmitted from the wireless base station 1 to the wireless terminal station 2a (step ST107).

  Then, on the wireless terminal station 2a side, an encryption key k (k = p (T)) is obtained by calculation of a predetermined encryption key generation function p (t) using the time variation parameter T generated in step ST101. (Step ST108). Similarly, on the radio base station 1 side, the encryption key k ′ (k ′ = k = p () is calculated by calculating a predetermined encryption key generation function p (t) using the time variation parameter T generated in step ST103. T)) is obtained (step ST109).

  When the authentication is established, encrypted data is transmitted / received between the wireless base station 1 and the wireless terminal station 2a (step ST110). At this time, data transmitted from the wireless terminal station 2a to the wireless base station 1 is encrypted with the encryption key k obtained in step ST108. Then, in the radio base station 1, this encrypted data is decrypted with the encryption key k 'obtained in step ST109. Data transmitted from the wireless base station 1 to the wireless terminal station 2a is encrypted with the encryption key k 'obtained in step ST109. Then, in the wireless terminal station 2a, this encrypted data is decrypted with the encryption key k obtained in step ST108.

  Here, the function p (t) used for generating the encryption key is a function agreed in advance by both parties performing communication, has a variable depending on time, and generates a different encryption key for each trial. This may be a one-way function or a bidirectional function, but it is desirable to use a one-way function from the viewpoint of security.

  In the example of FIG. 10, the encryption key is obtained using the time variation parameter used at the time of authentication. However, as shown in FIG. 11, the time variation parameter is acquired at the time of authentication and at the time of encryption. You may make it differ timing.

  In FIG. 11, for example, it is assumed that the wireless terminal station 2 a communicates with the wireless base station 1. In this case, the time variation parameter T is generated from the frame number and slot number on the wireless terminal station 2a side (step ST121). Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST122).

  On the other hand, on the wireless base station 1 side, a frame number and a slot number are acquired, and a time variation parameter T is generated from the acquired frame number and slot number (step ST123).

  When performing authentication, an authentication code v (v = f (T)) is sent from the wireless terminal station 2a to the wireless base station 1, and an authentication request is made (step ST124). In the radio base station 1, the reference code v ′ (v ′ = f (T)) is obtained by using the function f (t) similar to that on the radio terminal station 2a side using the time variation parameter T acquired in step ST123. Calculation is performed (step ST125). Then, the authentication code v (v = f (T)) sent from the wireless terminal station 2a is compared with the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1. (Step ST126).

  If the authentication code v (v = f (T)) sent from the wireless terminal station 2a matches the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1 It is determined that the legitimacy has been confirmed. If they do not match, it is determined that the legitimacy cannot be confirmed. Then, the authentication result is transmitted from the radio base station 1 to the radio terminal station 2a (step ST127).

  Then, on the wireless terminal station 2a side, a time variation parameter T is generated from the frame number and slot number (step ST128). On the radio base station 1 side, a time variation parameter T is generated from the frame number and slot number (step ST129).

  On the wireless terminal station 2a side, an encryption key k (k = p (T)) is obtained by calculating a predetermined encryption key generation function p (t) using the time variation parameter T generated in step ST128 ( Step ST130). Similarly, on the radio base station 1 side, the encryption key k ′ (k ′ = k = p () is calculated by calculating a predetermined encryption key generation function p (t) using the time variation parameter T generated in step ST129. T)) is obtained (step ST131). When the authentication is established, encrypted data is transmitted / received between the wireless base station 1 and the wireless terminal station 2a (step ST132).

  Next, the encryption processing according to the third embodiment of the present invention will be described in more detail. FIG. 12 shows a more specific sequence of the encryption processing according to the third embodiment of the present invention.

  In FIG. 12, for example, it is assumed that the wireless terminal station 2 a communicates with the wireless base station 1. In this case, the wireless terminal station 2a transmits a time slot allocation request to the wireless base station 1 using the access time slot AS (step ST151).

  When receiving the time slot assignment request from the wireless terminal station 2a in step ST151, the wireless base station 1 determines whether the time slot can be assigned. If the assignment is possible, the wireless base station 1 assigns the assigned slot to the wireless terminal station 2a. (Step ST152).

  Then, the wireless terminal station 2a acquires the frame number when the time slot assignment request is transmitted, and generates the time variation parameter T from the frame number (step ST153). In this case, since the frame at the time when the time slot allocation request is transmitted (the time of step ST151) is the frame k, the time variation parameter T is generated by the frame number corresponding to the frame k. Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST154).

  On the other hand, in the radio base station 1, the frame number when the time slot allocation request from the radio terminal station 2a is received is acquired, and the time variation parameter T is generated from the acquired frame number (step ST155). In this case, since the frame at the time of receiving the time slot allocation request (the time of step ST151) is frame k, the time variation parameter T is generated by the frame number corresponding to this frame k. Then, using this time variation parameter T, a reference code v ′ (v ′ = f (T)) is calculated by a unique function f (t) similar to step ST154 (step ST156).

  At the time of authentication, the wireless terminal station 2a transmits the authentication code v (v = f (T)) obtained in step ST154 to the wireless base station 1 using the assigned time slot Sm (step 154). ST157).

  When the wireless base station 1 receives the authentication code v sent from the wireless terminal station 2a, the wireless base station 1 compares the reference code v ′ obtained by the wireless base station 1 in step ST156 with the received authentication code v, Authentication is performed (step ST158). Here, if the received authentication code v and the reference code v ′ match, it is determined that the validity is confirmed. If the received authentication code v and the reference code v ′ do not match, the validity is confirmed. It is determined that it is not possible.

  The radio base station 1 notifies the radio terminal station 2a of the next allocation slot (step ST159). The notification of the authentication response is transmitted to the wireless terminal station 2a using the assigned time slot Sn (step ST160).

  After the authentication is established, the wireless terminal station 2a uses the encryption key generation function p (t) to obtain the encryption key k (k = p (T)) using the time variation parameter T obtained in step ST153 at the time of authentication. It is obtained (step ST161). Further, in the radio base station 1, the encryption key k ′ (k ′ = k = p (T)) is obtained by the encryption key generation function p (t) using the time variation parameter T obtained in step ST155 at the time of authentication. It is obtained (step ST162).

  Thereafter, the allocation slot is notified from the radio base station 1 to the radio terminal station 2a (step ST163), and an encryption key k or k is transmitted between the radio base station 1 and the radio terminal station 2a using the allocated slot. The data encrypted by 'is transmitted / received (step ST164).

  FIG. 13 shows an example in which the time variation parameter is acquired at the timing of the authentication response message to obtain the encryption key.

  In FIG. 13, for example, it is assumed that the wireless terminal station 2 a communicates with the wireless base station 1. In this case, the wireless terminal station 2a transmits a time slot allocation request to the wireless base station 1 using the access time slot AS (step ST171).

  When receiving the time slot allocation request from the radio terminal station 2a in step ST171, the radio base station 1 determines whether the time slot can be allocated. If the allocation is possible, the radio base station 1 sets the allocation slot to the radio terminal station 2a. (Step ST172).

  Then, the wireless terminal station 2a acquires the frame number when the time slot assignment request is transmitted, and generates the time variation parameter T from the frame number (step ST173). In this case, since the frame at the time when the time slot allocation request is transmitted (the time of step ST171) is frame k, the time variation parameter T is generated by the frame number corresponding to this frame k. Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST174).

  On the other hand, in the radio base station 1, the frame number when the time slot allocation request from the radio terminal station 2a is received is acquired, and the time variation parameter T is generated from the acquired frame number (step ST175). In this case, since the frame at the time when the time slot allocation request is transmitted (the time of step ST171) is frame k, the time variation parameter T is generated by the frame number corresponding to this frame k. Then, using this time variation parameter T, a reference code v ′ (v ′ = f (T)) is calculated by a unique function f (t) similar to step ST174 (step ST176).

  At the time of authentication, the wireless terminal station 2a transmits the authentication code v (v = f (T)) obtained in step ST174 to the wireless base station 1 using the assigned time slot Sm (step 174). ST177).

  When the wireless base station 1 receives the authentication code v transmitted from the wireless terminal station 2a, the wireless base station 1 compares the reference code v ′ obtained by the wireless base station 1 in step ST176 with the received authentication code v, Authentication is performed (step ST178). Here, if the received authentication code v and the reference code v ′ match, it is determined that the validity is confirmed. If the received authentication code v and the reference code v ′ do not match, the validity is confirmed. It is determined that it is not possible.

  The radio base station 1 notifies the radio terminal station 2a of the next allocation slot (step ST179). The notification of the authentication response is transmitted to the wireless terminal station 2a using the assigned time slot Sn (step ST180).

  In step ST179, the wireless terminal station 2a generates a time variation parameter T from the frame number when the assigned slot is notified and the notified slot number (step ST181). In this case, since the allocation slot is notified by the frame (k + 2), the time variation parameter is generated by the frame number corresponding to the frame (k + 2). Since the assigned time slot is Sn, the time variation parameter is generated by the slot number corresponding to Sn. Similarly, in radio base station 1, in step ST179, time variation parameter T is generated from the frame number when the assigned slot is transmitted and the notified slot number (step ST182).

  Then, in the wireless terminal station 2a, the encryption key k (k = p (T)) is obtained by the encryption key generation function p (t) using the time variation parameter T obtained in step ST181 (step ST183). . Further, in the radio base station 1, the encryption key k ′ (k ′ = k = p (T)) is obtained by the encryption key generation function p (t) using the time variation parameter T obtained in step ST182. (Step ST184).

  If the validity is confirmed as a result of authentication, the radio base station 1 notifies the radio terminal station 2a of the assigned slot (step ST185), and the radio base station 1 uses the assigned slot. Data encrypted with the encryption key k or k ′ is transmitted / received to / from the wireless terminal station 2a (step ST186).

  FIG. 14 is a functional block diagram based on the operations of the radio base station 1 and the radio terminal stations 2a, 2b, 2c,... According to the third embodiment of the present invention.

  In the third embodiment of the present invention, the wireless base station 1 is provided with an encryption / decryption unit 25 for the transmission / reception data of the data processing unit 13 so that the transmission / reception data can be encrypted. An encryption key for encryption and decryption of the encryption / decryption unit 25 is generated by the encryption key calculation unit 26. The encryption key calculation unit 26 is supplied with the time variation parameter T generated by the time variation parameter generation unit 18, and the encryption key calculation unit 26 uses the encryption generation function p (T) to generate the encryption key k ′ (k '= P (T)) is obtained.

  Further, the wireless terminal stations 2a, 2b, 2c,... Are provided with an encryption / decryption unit 45 for transmission / reception data of the data processing unit 33. Then, an encryption key for encryption and decryption of the encryption / decryption unit 45 is generated by the encryption key calculation unit 46. The encryption key calculation unit 46 is supplied with the time variation parameter T generated by the time variation parameter generation unit 38, and the encryption key calculation unit 46 uses the encryption generation function p (T) to generate the encryption key k (k ′ = P (T)).

  Other configurations are the same as those in the first embodiment described above, and a description thereof is omitted.

(Fourth embodiment)
FIG. 15 shows an outline of the authentication processing according to the fourth embodiment of the present invention. In the above-described third embodiment, the radio terminal station 1 to the radio terminal stations 2a, 2b, 2c,... Also communicate with the radio base station 1 from the radio terminal stations 2a, 2b, 2c,. The same encryption key is also used for downlink communication. On the other hand, in this embodiment, different encryption keys are used for uplink communication and downlink communication.

  In FIG. 15, for example, it is assumed that the wireless terminal station 2 a communicates with the wireless base station 1. In this case, the time variation parameter T is generated from the frame number and slot number on the wireless terminal station 2a side (step ST191). Then, using this time variation parameter T, an authentication code v (v = f (T)) is calculated by a unique function f (t) (step ST192).

  On the other hand, on the radio base station 1 side, a frame number and a slot number are acquired, and a time variation parameter T is generated from the acquired frame number and slot number (step ST193).

  When performing authentication, an authentication code v (v = f (T)) is sent from the wireless terminal station 2a to the wireless base station 1, and an authentication request is made (step ST194). In the radio base station 1, the reference code v ′ (v ′ = f (T)) is obtained from the unique function f (t) similar to that on the radio terminal station 2a side using the time variation parameter T acquired in step ST193. Calculation is performed (step ST195). Then, the authentication code v (v = f (T)) sent from the wireless terminal station 2a is compared with the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1. (Step ST196).

  If the authentication code v (v = f (T)) sent from the wireless terminal station 2a matches the reference code v ′ (v ′ = f (T)) obtained by the wireless base station 1 It is determined that the legitimacy has been confirmed. If they do not match, it is determined that the legitimacy cannot be confirmed. Then, the authentication result is transmitted from the wireless base station 1 to the wireless terminal station 2a (step ST197).

  On the wireless terminal station 2a side, an uplink encryption key k (k = p (T)) is calculated by calculating a predetermined encryption key generation function p (t) using the time variation parameter T generated in step ST191. ) Is determined (step ST198). Also, a downlink encryption key m ′ (m ′ = q (T)) is obtained by calculating a predetermined encryption key generation function q (t) using the time variation parameter T (step ST199).

  Similarly, on the radio base station 1 side, a downlink encryption key m (m = q (T) is calculated by calculating a predetermined encryption key generation function q (t) using the time variation parameter T generated in step ST193. )) Is obtained (step ST200). Also, an uplink encryption key k ′ (k ′ = p (T)) is obtained using the time variation parameter T (step ST201).

  When the authentication is established, encrypted data is transmitted / received between the radio base station 1 and the radio terminal station 2a (step ST202). At this time, uplink data transmitted from the wireless terminal station 2a to the wireless base station 1 is encrypted with the encryption key k obtained in step ST198. Then, in the radio base station 1, this encrypted data is decrypted with the encryption key k 'obtained in step ST201.

  The downlink data transmitted from the wireless base station 1 to the wireless terminal station 2a is encrypted with the encryption key m obtained in step ST200. Then, in the wireless terminal station 2a, this encrypted data is decrypted with the encryption key m 'obtained in step ST199.

  Here, the functions p (t) and q (t) used for generating the encryption key are functions agreed in advance by both parties that perform communication, have time-dependent variables, and differ in each trial. Generate a key. This may be a one-way function or a bidirectional function, but it is desirable to use a one-way function from the viewpoint of security.

  FIG. 16 is a functional block diagram based on the operations of the radio base station 1 and the radio terminal stations 2a, 2b, 2c,... According to the fourth embodiment of the present invention.

  In the fourth embodiment of the present invention, the radio base station 1 includes a decoding unit 51 that performs decoding of data in uplink communication from the radio terminal stations 2a, 2b, 2c,. An uplink encryption key calculation unit 52 for obtaining an encryption key in uplink communication, and encryption for performing data encryption in downlink communication from the radio base station 1 to the radio terminal stations 2a, 2b, 2c,. And a downlink encryption key calculation unit 54 for obtaining a downlink encryption key. The time variation parameter T is supplied from the time variation parameter generation unit 18 to the uplink encryption key calculation unit 52 and the downlink encryption key calculation unit 54.

  The upstream encryption key calculation unit 52 obtains the encryption key k ′ (k ′ = p (T)) using the time variation parameter T and the function p (t) for generating the encryption key. In the downstream encryption key calculation unit 54, the encryption key m (m = q (T)) is obtained by the function q (t) for generating the encryption key using the time variation parameter T.

  The uplink reception data is decrypted by the decryption unit 51 using the encryption key k ′ (k ′ = p (T)) from the upstream encryption key calculation unit 52 and sent to the reception data processing unit 55. Downlink transmission data is sent from the transmission data processing circuit 56, encrypted by the encryption unit 53 using the encryption key m (m = q (T)) from the downlink encryption key calculation unit 54, and transmitted.

  The wireless terminal stations 2a, 2b, 2c,... Include an encryption unit 61 that performs data encryption in uplink communication from the wireless terminal stations 2a, 2b, 2c,. An uplink encryption key calculation unit 62 that obtains an encryption key in the communication of, and a decryption unit 63 that decrypts data in downlink communication from the wireless base station 1 to the wireless terminal stations 2a, 2b, 2c,. A downlink encryption key calculation unit 64 for obtaining a downlink encryption key is provided. The time variation parameter T is supplied from the time variation parameter generation unit 38 to the uplink encryption key calculation unit 62 and the downlink encryption key calculation unit 64.

  In the encryption key calculation unit 62, the encryption key k (k = p (T)) is obtained by the function p (t) for generating the encryption key using the time variation parameter T. In the downstream encryption key calculation unit 64, the encryption key m ′ (m ′ = q (T)) is obtained by the function q (t) for generating the encryption key using the time variation parameter T.

  Uplink transmission data is sent from the transmission data processing unit 65, encrypted by the encryption unit 61 using the encryption key k (k = p (T)) from the upstream encryption key calculation unit 62, and transmitted. . The downlink reception data is decrypted by the decryption unit 63 using the encryption key m ′ (m ′ = q (T)) from the downlink encryption key calculation unit 64 and supplied to the reception data processing unit 66.

  Other configurations are the same as those of the third embodiment described above, and a description thereof is omitted.

  As described above, the example of authentication and encryption in the case of performing wireless communication between the wireless base station and the wireless terminal station has been described. However, the present invention is not limited to wireless communication, and common information that varies depending on time is used. It can be applied to the communication used.

  The present invention is not limited to the above-described embodiments, and various modifications and applications can be made without departing from the gist of the present invention.

  The present invention can be used to perform highly secure authentication and encryption in various communications using time-dependent common information, such as the TDMA system.

It is a block diagram which shows the outline | summary of the radio | wireless system which can apply this invention. It is explanatory drawing of a TDMA system. It is a sequence diagram which shows the outline | summary of an example of the authentication process in the 1st Embodiment of this invention. It is a sequence diagram used for description of the other example of the authentication process in the 1st Embodiment of this invention. It is a sequence diagram used for description of the further another example of the authentication process in the 1st Embodiment of this invention. It is a functional block diagram of a 1st embodiment of the present invention. It is a sequence diagram which shows the outline | summary of an example of the authentication process in the 2nd Embodiment of this invention. It is a sequence diagram which shows the outline | summary of the other example of the authentication process in the 2nd Embodiment of this invention. It is a functional block diagram of the 2nd Embodiment of this invention. It is a sequence diagram which shows the outline | summary of an example of the encryption process in the 3rd Embodiment of this invention. It is a sequence diagram which shows the outline | summary of the other example of the encryption process in the 3rd Embodiment of this invention. It is a sequence diagram used for description of the further another example of the encryption process in the 3rd Embodiment of this invention. It is a sequence diagram used for description of the further another example of the encryption process in the 3rd Embodiment of this invention. It is a functional block diagram of the 3rd Embodiment of this invention. It is a sequence diagram which shows the outline | summary of an example of the encryption process in the 4th Embodiment of this invention. It is a functional block diagram of the 4th Embodiment of this invention.

Explanation of symbols

1: wireless base stations 2a, 2b, 2c,...: Each wireless terminal station 11: transmission / reception unit 12: communication control unit 13: data processing unit 15: frame number acquisition unit 16: slot number acquisition unit 18: time variation parameter generation unit 19: reference code calculation unit 20: parameter evaluation unit 21: terminal authentication reference code calculation unit 22: base station authentication authentication code calculation unit 25: decryption unit 26: encryption key calculation unit 31: transmission / reception unit 32: communication control unit 33: Data processing unit 35: Frame number acquisition unit 36: Slot number acquisition unit 38: Time variation parameter generation unit 39: Authentication code calculation unit 41: Authentication code calculation unit 42 for terminal authentication: Reference code calculation unit 43 for base station authentication Parameter evaluation unit 45: decryption unit 46: encryption key calculation unit 51: decryption unit 52: encryption key calculation unit 53: encryption unit 54: encryption key calculation unit 61: encryption unit 62: Encryption key calculation unit 63: Decryption unit 64: Encryption key calculation unit

Claims (8)

When performing guaranteed transmission / reception between the first communication device and the second communication device, a communication method for performing transmission / reception while guaranteeing using parameters that each other has,
The frame number when the first communication device side and the second communication device side transmit a time slot allocation request from the first communication device to the second communication device is used as the first common information. Obtaining the frame number when the assigned slot is notified from the second communication device to the first communication device as second common information,
A parameter that is common between the first communication device and the second communication device from the first common information acquired by the first communication device and the second communication device and varies depending on time. Each of the first time variation parameters to be
A parameter that is common between the first communication device and the second communication device from the second common information acquired by the first communication device and the second communication device and varies depending on time. A second time variation parameter is generated, respectively.   The communication method according to claim 1, further comprising: acquiring the notified slot number as the second common information in addition to the frame number when the assigned slot is notified. The first communication device obtains a reference code by calculation using a first specific function using the first time variation parameter,
The second communication device obtains an authentication code by calculation using the first unique function using the first time variation parameter, transmits the obtained authentication code to the first communication device,
The first communication device receives an authentication code transmitted from the second communication device, performs authentication based on whether the received authentication code matches the reference code,
The first communication device obtains an authentication code by calculation using a second unique function using the second time variation parameter, and transmits the obtained authentication code to the second communication device,
The second communication device obtains a reference code by calculation using the second intrinsic function using the second time variation parameter,
The second communication device receives an authentication code transmitted from the first communication device, and performs authentication based on whether the received authentication code matches the reference code.
The communication method according to claim 1 or 2. The first communication device calculates a first encryption key used for data encryption by a first unique encryption generation function using the first time variation parameter,
The second communication device calculates a first encryption key used for data decryption by the first inherent encryption generation function using the first time variation parameter, and
The first communication device encrypts data with the first encryption key and transmits the encrypted data to the second communication device,
The second communication device decrypts the encrypted data received from the first communication device with the first encryption key;
The first communication device calculates a second encryption key used for data decryption by a second inherent encryption generation function using the second time variation parameter, and
The second communication device calculates a second encryption key to be used for data encryption by the second inherent encryption generation function using the second time variation parameter, and
The second communication device encrypts data with the second encryption key and transmits the data to the first communication device,
The communication according to claim 1, wherein the first communication device decrypts encrypted data received from the second communication device with the second encryption key. Method. A communication system that performs transmission and reception while guaranteeing using parameters that each other has when performing guaranteed transmission and reception between the first communication device and the second communication device,
The first communication device and the second communication device are:
A frame number when a time slot allocation request is transmitted from the first communication apparatus to the second communication apparatus is acquired as first common information, and the second communication apparatus transmits the frame number to the first communication apparatus. An acquisition unit that acquires the frame number when the allocation slot is notified as second common information;
From the first common information acquired by the acquisition unit, a first time variation parameter that is common between the first communication device and the second communication device and is a parameter that varies depending on time. And a second time that is a parameter that varies between the first communication device and the second communication device and varies depending on the time, based on the second common information acquired by the acquisition unit. A generator for generating each of the fluctuation parameters;
A communication system comprising:   The communication system according to claim 5, wherein the acquisition unit further acquires the notified slot number as the second common information in addition to the frame number when the allocation slot is notified. . The first communication device is:
A reference code calculator that calculates a reference code by a first specific function using the first time variation parameter;
An authentication unit that receives an authentication code transmitted from the second communication device and performs authentication based on whether the received authentication code matches the reference code;
An authentication code calculation unit for calculating an authentication code by a second specific function using the second time variation parameter;
A transmission unit that transmits the authentication code to the second communication device;
The second communication device is:
An authentication code calculation unit for calculating an authentication code by the first unique function using the first time variation parameter;
A transmission unit for transmitting the authentication code to the first communication device;
A reference code calculation unit for calculating a reference code by the second unique function using the second time variation parameter;
6. An authentication unit that receives an authentication code transmitted from the first communication device and performs authentication based on whether the received authentication code matches the reference code. Or the communication system of 6. The first communication device is:
Using the first time variation parameter, a first encryption key used for data encryption is calculated by a first unique encryption generation function, and a second unique parameter is obtained using the second time variation parameter. An encryption key calculation unit for calculating a second encryption key to be used for data decryption by an encryption generation function;
An encryption unit that encrypts data using the first encryption key and transmits the encrypted data to the second communication device;
A decryption unit for decrypting encrypted data received from the second communication device with the second encryption key;
The second communication device is:
Using the first time variation parameter, a first encryption key used for data decryption is obtained by calculation using the first unique encryption generation function, and the second time variation parameter is used to calculate the second encryption key. An encryption key calculation unit for calculating a second encryption key used for data encryption by a unique encryption generation function;
A decryption unit for decrypting encrypted data received from the first communication device with the first encryption key;
The communication system according to claim 5, further comprising: an encryption unit that encrypts data using the second encryption key and transmits the encrypted data to the first communication device.

Images