JP5367040B2 - Communication system, first communication device, second communication device, communication method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform safe communication by making it possible to detect data alteration with less communication data under limited resources. <P>SOLUTION: In a communication system, a first communication device and a second communication device communicate. The first communication device exchanges shared authentication information different at every time of authentication with the second communication device, generates transmission side authentication information from the shared authentication information to transmit the generated authentication information to the second communication device, and generates message authentication information on the basis of transmission side security initialization information generated by performing a prescribed calculation to the shared authentication information and data to be transmitted to the second communication device. The first communication device transmits the data together with the message authentication information when it transmits the data to the second communication device. The second communication device determines whether there is data alteration or not based on reception side security initialization information obtained by the similar processing to the transmission side security initialization information and the received data and message authentication information. <P>COPYRIGHT: (C)2013,JPO&amp;INPIT

Description

The present invention relates to a communication system, a first communication device, a second communication device, a communication method, and a program.

  There has been proposed a network in which various information is wirelessly transmitted from an infinite number of wireless terminals, and the wireless is received and collected by a plurality of base stations. In such a network, a control signal may be transmitted to each wireless terminal according to the collected information. For example, wireless terminals are installed in devices such as various types of sensors and home appliances, and each wireless terminal transmits information representing the status and state of each device.

  The amount of information transmitted from these wireless terminals is very small. Also, the frequency with which information is transmitted is very low. In order to reduce the cost, the above network is not constructed using a broadband communication network, and is generally constructed using a narrowband communication network that facilitates cost reduction. For example, a maximum 9600 bps (Bits Per Second) communication band per wireless channel is divided at regular intervals and shared by tens of thousands of wireless terminals using a half-duplex communication method. In order to reduce costs, the wireless terminal is configured with the above-described network using a device having poor data storage capability (memory capacity, whether or not volatile, battery life, etc.), key update capability, and arithmetic processing capability.

  On the other hand, Non-Patent Document 1 describes that message authentication is performed on data transmitted and received between communication apparatuses using counter mode with cipher block chaining / message authentication code protocol (CCMP).

Takeshi Hattori and Masanobu Fujioka, “Wireless Broadband Textbook Revised Edition (High Speed IP Wireless)”, Impress R & D, 2008, p. 339

In the network constructed as described above, the number of accommodated wireless terminals is very large. Therefore, a slight increase / decrease in the amount of data transmitted by one wireless terminal becomes a very big problem in the entire network composed of a plurality of terminals.
Since the above network is premised on one-way communication from a wireless terminal to a base station or from a base station to a wireless terminal, it uses multiple transmission / reception data as in bidirectional communication. It is difficult to configure security functions.
In one-way communication, it is possible to perform independent encrypted communication by applying CCMP, but it is necessary to add counter information of sufficient length to transmission information in order to maintain sufficient security strength. The transmission data band is compressed by the additional information.
In general, when a security function using a plurality of times of transmission / reception data is configured, the computation processing capacity of the terminal is consumed for encryption and decryption processing, and the memory capacity and data processing speed of the wireless terminal are reduced. Causes a drop. Furthermore, in order to update the key in order to ensure security, it is necessary to secure a secure area for key updating and a processing function. As described above, if each terminal capability is enhanced in order to secure a data area for security, the cost increases.
Note that such a problem is not limited to the case where the communication terminal performs wireless communication, but may also occur in wired communication.

In view of the above circumstances, the present invention provides a communication system and a first communication device capable of detecting data falsification and performing communication safely with less communication data under limited resources in one-way communication An object of the present invention is to provide a second communication device, a communication method, and a program.

One aspect of the present invention is a communication system in which a first communication device and a second communication device communicate using shared authentication information shared to generate authentication information, wherein the first communication device The shared authentication information that is different each time is exchanged with the second communication device, and the transmission side authentication unit that generates the transmission side authentication information from the shared authentication information and transmits it to the second communication device, and Message authentication information is generated based on the transmission side security initialization information generated by performing a predetermined operation on the shared authentication information and the data transmitted to the second communication device, and the message includes the message A message authentication information giving unit for giving authentication information; and a data sending unit for sending the data to which the message authentication information is given to the second communication device. A receiving-side authentication unit that exchanges the shared authentication information with one communication device, receives the transmitting-side authentication information from the first communication device, and authenticates the transmitting-side authentication information using the shared authentication information; Receiving the data to which the message authentication information is attached from the first communication device, and performing the predetermined calculation on the shared authentication information used when authentication is successful in the receiving-side authentication unit. A security initialization information holding unit for storing the generated reception-side security initialization information, and the data and message authentication information received by the reception processing unit and the security initialization information holding unit. A message authentication information inspecting unit for determining whether the received data has been falsified based on the receiving side security initialization information; The receiving-side authentication unit generates receiving-side authentication information from the shared authentication information and transmits the receiving-side authentication information to the first communication device, and the transmitting-side authentication unit receives the receiving-side authentication information from the second communication device. Receiving and authenticating the receiving side authentication information using the shared authentication information.

  One aspect of the present invention is the communication system described above, wherein the first communication device further includes a sequence number assigning unit that assigns a sequence number to each data to be transmitted, and the message authentication information assigning unit Message authentication information is generated based on security initialization information, data transmitted to the second communication device, and the sequence number, and the data transmission unit includes the sequence number adding unit Adds the sequence number given to the data and transmits it to the second communication device, and the authentication information inspection unit receives the reception side security initialization information, and the data and message received by the reception processing unit. It is determined whether or not the received data has been tampered with based on authentication information and the sequence number. To.

  One aspect of the present invention is the communication system described above, wherein the first communication device further includes a transmission-side key information storage unit that stores message authentication key information, and the message authentication information provision unit is configured to transmit the message authentication information. The message authentication information is generated using the message authentication key information in the storage unit, and the second communication device further includes a reception side key information storage unit that stores the message authentication key information, and the message authentication information inspection unit Determines whether the received data has been tampered with using the message authentication key information in the receiving-side storage unit.

  One aspect of the present invention is the communication system described above, wherein the second communication device communicates with a plurality of the first communication devices, and the transmission-side authentication unit communicates with another second communication device. The first authentication information that can identify all the first communication devices including the first communication device and the shared authentication information are used to generate transmission-side authentication information, and the generated transmission-side authentication information is used as the second authentication information. The message authentication information adding unit transmits the message authentication information based on transmission-side security initialization information generated by performing a predetermined calculation on the first identification information and the shared authentication information. The receiving-side authentication unit generates between the first identification information of the first communication device that is a transmission source of the transmission-side authentication information and the first communication device that is a transmission source of the transmission-side authentication information. Using the shared authentication information exchanged before The sender authentication information is authenticated, and the message authentication information inspection unit receives the first identification information of the first communication device that is the transmission source of the data and the first communication device received from the first communication device in the receiver authentication unit. Judgment whether the received data has been falsified based on the reception side security initialization information generated by performing a predetermined calculation on the shared authentication information used when the authentication of the transmission side authentication information is successful It is characterized by.

  One aspect of the present invention is the communication system described above, in which the transmission-side authentication unit further transmits using the identification information of the second communication device in addition to the first identification information and the shared authentication information. Side authentication information is generated and transmitted to the second communication device, and the reception side authentication unit uses the identification information of the second communication device in addition to the first identification information and the shared authentication information. It is characterized by authenticating the transmitting side authentication information.

  One aspect of the present invention is the communication system described above, wherein the first communication device communicates with a plurality of the second communication devices, and the transmission-side authentication unit communicates with another first communication device. The first authentication information that can identify all the second communication devices including the second communication device and the shared authentication information are used to generate transmission-side authentication information, and the generated transmission-side authentication information is used as the second authentication information. The transmission side authentication unit authenticates the transmission side authentication information received from the first communication device using the first identification information and the shared authentication information, and provides the message authentication information. A transmission-side security initial generated by performing a predetermined operation on the first identification information of the second communication device that is the transmission destination of the data and the shared authentication information exchanged with the second communication device. Based on the authentication information The message authentication information inspecting unit is generated by performing the predetermined calculation on the first identification information and the shared authentication information used when authentication is successful in the receiving-side authentication unit. It is characterized in that it is determined whether or not the received data has been falsified based on the receiving side security initialization information.

  One aspect of the present invention is the communication system described above, wherein the reception-side authentication unit generates reception-side authentication information from the first identification information and the shared authentication information and transmits the reception-side authentication information to the first communication device. The transmitting side authentication unit receives the receiving side authentication information from the second communication device, and authenticates the receiving side authentication information using the first identification information and the shared authentication information. And

  One aspect of the present invention is a communication device that exchanges shared authentication information that differs every time authentication is performed with another communication device, and generates authentication information from the shared authentication information to generate the other communication device. An authentication request unit that transmits to the other authentication device that receives the other authentication information that is generated and transmitted from the shared authentication information by the other communication device, and that authenticates the other authentication information using the shared authentication information; Message authentication information based on security initialization information generated by performing a predetermined calculation common to the other communication device on the shared authentication information and data transmitted to the second communication device A message authentication information adding unit for generating the message authentication information to the data, and a data transmission unit for transmitting the data to which the message authentication information is added to the other communication device. And wherein the door.

  One aspect of the present invention is a communication device that exchanges shared authentication information that is different for each authentication with another communication device, receives authentication information from the other communication device, and receives the shared authentication information. An authentication unit that authenticates the authentication information using an authentication request unit that receives authentication in the other communication device by generating other authentication information from the shared authentication information and transmitting the generated authentication information to the other communication device; Receive from the other communication device, message authentication information generated based on security initialization information generated by performing a predetermined operation on the shared authentication information and transmitted data together with the transmitted data Security initialization information generated by performing the predetermined calculation common to the other device on the shared authentication information used when the authentication is successful in the processing unit and the authentication unit , And the data and message authentication information received by the receiving section, based on, characterized in that it comprises a message authentication information checking unit determines whether the received data has been tampered with.

  One aspect of the present invention is a communication method executed in a communication system in which a first communication device and a second communication device communicate with each other, and the first communication device and the second communication device are each authenticated. A shared authentication information exchanging step for exchanging different shared authentication information, and the first communication device generates transmission-side authentication information from the shared authentication information exchanged in the shared authentication information exchanging step and transmits it to the second communication device A transmitting side authentication requesting step, and a receiving side authentication step in which the second communication device receives the transmitting side authentication information from the first communication device and authenticates the transmitting side authentication information using the shared authentication information; The second communication device generates reception-side authentication information from the shared authentication information and transmits the reception-side authentication information to the first communication device; and the first communication device receives the reception-side authentication from the second communication device. Receiving the information and authenticating the receiving-side authentication information using the shared authentication information; and the first communication device performs a predetermined operation on the shared authentication information exchanged in the shared authentication information exchanging step. Message authentication information adding step for generating message authentication information based on the generated transmission-side security initialization information and data transmitted to the second communication device, and adding the message authentication information to the data A data transmission step of transmitting the data to which the message authentication information is attached to the second communication device; and the second communication device receives the data to which the message authentication information is attached from the first communication device. And the shared authentication information used when the authentication is successful in the receiving-side authentication step. Message authentication information for determining whether or not the received data has been tampered with based on the reception-side security initialization information generated by calculation and the data and message authentication information received in the reception step An inspection step.

  One aspect of the present invention is a communication method executed in a communication device, and exchanges shared authentication information that differs for each authentication with another communication device, and generates authentication information from the shared authentication information. Authentication request step transmitted to the other communication device, and other authentication information generated and transmitted from the shared authentication information by the other communication device, and the other authentication information using the shared authentication information. An authentication step for authenticating, security initialization information generated by performing a predetermined calculation common to the other communication device on the shared authentication information, data transmitted to the other communication device, Generating message authentication information based on the message authentication information and adding the message authentication information to the data; and adding the message authentication information to the data A data transmitting step of transmitting to the communication device, characterized by having a.

  One aspect of the present invention is a communication method executed in a communication device, wherein shared authentication information that is different for each authentication is exchanged with another communication device, and authentication information is received from the other communication device. An authentication step for authenticating the authentication information using the shared authentication information, and generating other authentication information from the shared authentication information and transmitting it to the other communication device to authenticate the other communication device. Receiving the authentication request step, and sending the message authentication information generated based on the security initialization information generated by performing a predetermined calculation on the shared authentication information and the transmitted data from the other communication device. A receiving step that is received together with the data to be received, and the shared authentication information used when the authentication is successful in the authentication step. A message authentication information checking step for determining whether or not the received data has been tampered with based on the security initialization information generated by performing the above and the data and message authentication information received in the receiving step; It is characterized by having.

  According to one aspect of the present invention, shared authentication information that is different for each authentication is exchanged with another communication device, and authentication information is generated from the shared authentication information to the other communication device. An authentication request procedure to be transmitted to the other communication device, an authentication procedure for receiving the other authentication information generated and transmitted from the shared authentication information and authenticating the other authentication information using the shared authentication information; Message authentication information based on security initialization information generated by performing a predetermined calculation common to the other communication device on the shared authentication information and data transmitted to the second communication device And generating a message authentication information to add the message authentication information to the data, and transmitting the data to which the message authentication information is added to the other communication device Is a program for executing the order, the.

  According to one aspect of the present invention, shared authentication information that is different for each authentication is exchanged with another communication device, and authentication information is received from the other communication device. An authentication procedure for authenticating the authentication information using an authentication request procedure for receiving authentication in the other communication device by generating other authentication information from the shared authentication information and transmitting it to the other communication device; Receive from the other communication device, message authentication information generated based on security initialization information generated by performing a predetermined operation on the shared authentication information and transmitted data together with the transmitted data And a security initial value generated by performing a predetermined calculation common to the other device on the shared authentication information used when the authentication is successful in the authentication procedure. A message authentication information inspection procedure for determining whether or not the received data has been tampered with based on the authentication information and the data and message authentication information received in the reception procedure. is there.

  According to the present invention, tampering of data can be detected and communication can be performed safely with less communication data between communication apparatuses that perform one-way communication under limited resources.

1 is a system configuration diagram illustrating a system configuration of a communication system 100. FIG. It is a figure which shows the data structure in each layer. 2 is a schematic block diagram illustrating a functional configuration of a wireless terminal 10. FIG. It is a block diagram showing the function structure of the transmission data generation part 105a shown in FIG. It is a block diagram showing the functional structure of the reception data acquisition part 105b shown in FIG. 2 is a schematic block diagram illustrating a functional configuration of a base station device 20. FIG. It is a block diagram showing the function structure of the 1st relay part 206a shown in FIG. It is a block diagram showing the function structure of the 2nd relay part 206b shown in FIG. It is a figure showing the outline of a terminal identification information table. It is a figure showing the outline of a key information table. 2 is a sequence diagram showing a sequence of mutual authentication processing in communication system 100. FIG. It is a sequence diagram showing the sequence of the uplink communication after mutual authentication is completed. It is a sequence diagram showing the sequence of the downstream communication after mutual authentication is completed. It is a figure which shows the production | generation of an authenticator and security initialization information. It is a figure which shows an upstream encryption process counter. It is a figure which shows the encryption process and decoding process of user data transmitted from the radio | wireless terminal. It is a figure which shows a downstream encryption process counter. It is a figure which shows the encryption process of a user data transmitted from the base station apparatus 20, and a decoding process. It is a figure which shows the example of the encryption process of counter mode. It is a figure which shows the example of the decoding process of counter mode. It is a figure which shows the production | generation process of the uplink message authentication code transmitted from the radio | wireless terminal. It is a figure which shows the production | generation process of the downlink message authentication code transmitted from the base station apparatus.

  FIG. 1 is a system configuration diagram illustrating a system configuration of the communication system 100. The communication system 100 includes a plurality of wireless terminals 10 (10-1-1, 10-1-2,..., 10-2-1, 10-2-2,...), A plurality of base station apparatuses 20. (20-1, 20-2,...), A terminal information management device 30, a location information management device 40, and a terminal device 50. The base station device 20, the terminal information management device 30, the location information management device 40, and the terminal devices 50 (50-1, 50-2,...) Are all connected to the network 60. The network 60 may be configured as a wired IP communication network, for example, or may be configured in another manner.

  Each of the plurality of wireless terminals 10 wirelessly communicates with the base station device 20 corresponding to its own device. The plurality of base station devices 20 wirelessly communicate with the plurality of wireless terminals 10 corresponding to the respective devices, and relay data between the devices connected to the network 60 (for example, the terminal device 50) and the wireless terminals 10. For example, the plurality of wireless terminals 10-1 (10-1-1, 10-1-2,...) And the base station device 20-1 perform wireless communication with each other, and the plurality of wireless terminals 10-2 (10 -2-1, 10-2-2, ...) and the base station apparatus 20-2 perform wireless communication with each other.

  Each wireless terminal 10 is provided with two pieces of identification information called MAC-ID (third identification information) and NET-ID (first identification information). The MAC-ID is identification information for uniquely identifying each wireless terminal 10 among a plurality of wireless terminals 10 with which the base station device 20 communicates wirelessly. That is, the MAC-ID is information on the second layer in the OSI reference model. Therefore, a duplicate MAC-ID is not assigned to the wireless terminal 10 with which one base station apparatus 20 communicates wirelessly. However, since the MAC-ID is dynamically assigned from the base station to the wireless terminal, the same MAC-ID is duplicated in different wireless terminals 10 between one base station apparatus 20 and another base station apparatus 20. May be assigned.

  The NET-ID is identification information for uniquely identifying all the wireless terminals 10 installed in the communication system 100. That is, the NET-ID is information on the third layer (layer 3) in the OSI reference model. Therefore, a duplicate NET-ID is not assigned to the wireless terminal 10 installed in the communication system 100.

In the communication system 100, communication data is transmitted using the NET-ID and the MAC-ID between the wireless terminal 10 and the base station apparatus 20 by transmitting the communication data using the MAC-ID without using the NET-ID. The amount of communication data is reduced compared to the case where is transmitted. Communication data is data transmitted and received between the wireless terminal 10 and the base station apparatus 20.
Hereinafter, details of the communication system 100 will be described.

FIG. 2 is a diagram illustrating a data structure in each layer when the radio terminal 10 and the base station apparatus 20 transmit user data.
User data generated by various applications in the application layer (seventh layer in the OSI reference model) is data transmitted from the wireless terminal 10 or data transmitted to the wireless terminal 10. In processing in the CNT (control) layer of layer 3 (third layer in the OSI reference model: hereinafter also referred to as “L3”), a security sequence number and an L3 header are added to user data, and the user data portion is After the encryption, a message authentication code (MAC) is generated based on the encrypted user data and is added to the encrypted user data (Encryption then MAC). The L3 header includes data length and message type information. The message authentication code is information for detecting falsification of data on the receiving side. Hereinafter, data including a security sequence number, an L3 header, encrypted user data (hereinafter referred to as “encrypted user data”), and a message authentication code is referred to as L3 data.

In processing in the MAC (Media Access Control) layer of Layer 2 (second layer in the OSI reference model: hereinafter also referred to as “L2”), the L3 data generated in the processing of the CNT layer is fixed length from the top by fragmentation. An L2 header and a CRC (Cyclic Redundancy Check) value are added to the data that is divided and fragmented. The L2 header includes information such as the data length.
In processing in the PHY (physical) layer of layer 1 (first layer in the OSI reference model: hereinafter also referred to as “L1”), data generated in the MAC layer processing is transmitted by radio.

  Hereinafter, the direction from the radio terminal 10 to the base station apparatus 20 is referred to as upstream, and the direction from the base station apparatus 20 to the radio terminal 10 is referred to as downstream.

  FIG. 3 is a schematic block diagram illustrating a functional configuration of the wireless terminal 10. The wireless terminal 10 includes a CPU (Central Processing Unit), a memory, an auxiliary storage device, and the like connected by a bus, and executes a communication program. By executing the communication program, the wireless terminal 10 functions as an apparatus including the communication unit 101, the storage unit 102, the NW authentication random number generation unit 103, the authentication control unit 104, and the data processing unit 105. Note that all or part of the functions of the wireless terminal 10 may be realized by using hardware such as an application specific integrated circuit (ASIC), a programmable logic device (PLD), or a field programmable gate array (FPGA).

  The communication unit 101 performs wireless communication with the base station device 20. Specifically, the communication unit 101 modulates the communication data generated by the authentication control unit 104 and the data processing unit 105 and transmits a radio signal to the base station apparatus 20. In addition, the communication unit 101 receives the radio signal transmitted from the base station apparatus 20, restores the communication data by demodulating, and transfers the communication data to the authentication control unit 104 and the data processing unit 105. That is, the data generated in the MAC layer in FIG. 2 is an example of communication data, and the communication unit 101 performs PHY layer processing.

  The storage unit 102 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The storage unit 102 functions as a terminal identification information storage unit 102a and a key information storage unit 102b. The terminal identification information storage unit 102a includes the MAC-ID and NET-ID assigned to the own device (wireless terminal 10), and a base station ID (second identification) that is identification information of the base station device 20 with which the own device communicates wirelessly. Information). The base station ID is identification information used only for wireless communication with the base station device 20. The key information storage unit 102b includes authentication key information used by the own device (wireless terminal 10) for authentication processing and communication with the base station device 20, encryption key information used for encryption and decryption of user data, and manipulation of user data. And message authentication key information used to generate a message authentication code for detection.

The NW authentication random number generation unit 103 generates an NW (network) authentication random number (second shared authentication information) that is a random number used by the authentication control unit 104 for authentication processing for authenticating the base station device 20.
The authentication control unit 104 performs mutual authentication processing between the wireless terminal 10 and the base station device 20. Specifically, the authentication control unit 104 generates a mutual authentication request including the NW authentication random number generated by the NW authentication random number generation unit 103 and transmits it to the base station apparatus 20. By this processing, authentication processing between the wireless terminal 10 and the base station device 20 is started. Further, the authentication control unit 104 performs a calculation based on the MAC-ID, the NET-ID, the authentication key information, a terminal authentication random number transmitted from a base station, which will be described later, and the terminal authenticator as the calculation result By transmitting to the device 20, authentication by the base station device 20 is received. Further, the authentication control unit 104 performs a calculation based on the MAC-ID, the NET-ID, the authentication key information, a random number for NW authentication, a random number for terminal authentication, and the like, and NW authentication that is the same calculation result by the base station device 20 The base station device 20 is authenticated by comparing (collating) with the child.

  When transmitting data to the base station apparatus 20 in the mutual authentication process, the authentication control unit 104 transmits data using the MAC-ID and the NET-ID when transmitting the mutual authentication request. On the other hand, when transmitting data other than the mutual authentication request, the authentication control unit 104 transmits data using MAC-ID without using NET-ID. Specifically, the authentication control unit 104 may transmit data as follows, for example.

  The authentication control unit 104 transmits a bandwidth allocation request to the base station device 20 in advance. In response to the bandwidth allocation request, the base station device 20 allocates a bandwidth and a MAC-ID to the wireless terminal 10, and stores the bandwidth and the MAC-ID in association with each other. The base station apparatus 20 transmits a band allocation response indicating the allocated band. The allocated band may be specified by time, for example, may be specified by frequency, or may be specified by time and frequency. The association between the bandwidth allocation request and the bandwidth allocation response is realized by using a specific frequency or time allocation or identification information associated therewith. At this time, the base station apparatus 20 transmits data including the MAC-ID together with the band allocation response. The authentication control unit 104 receives the band allocation response, and transmits data to be transmitted in the mutual authentication process to the base station apparatus 20 in the band allocated to the own apparatus. In this way, the band used by the wireless terminal 10 is associated with the MAC-ID.

  When transmitting the mutual authentication request, the authentication control unit 104 transmits data including the NET-ID in a band allocated to the own device. When the base station apparatus 20 receives this data, the base station apparatus 20 associates the MAC-ID stored in association with the band used for transmission of the received data with the NET-ID included in the received data and associates the terminal with the terminal. Register in the identification information table. Further, when transmitting data other than the mutual authentication request, the authentication control unit 104 transmits data including the MAC-ID but not the NET-ID in a band allocated to the own apparatus. In this way, the data transmitted by the authentication control unit 104 is associated with the MAC-ID and NET-ID.

  The data processing unit 105 generates data to be transmitted to the terminal device 50 via the network 60 (hereinafter referred to as “uplink communication data”) and outputs the data to the communication unit 101. In addition, the data processing unit 105 receives data (hereinafter referred to as “downlink communication data”) transmitted from the terminal device 50 via the network 60 by the communication unit 101. As is clear from this description, the uplink communication data and the downlink communication data are a type of the above communication data. The data processing unit 105 includes a transmission data generation unit 105a and a reception data acquisition unit 105b.

  The transmission data generation unit 105 a encrypts user data output from the external device Z, generates uplink communication data to be transmitted to the terminal device 50 via the network 60, and outputs the uplink communication data to the communication unit 101. The transmission data generation unit 105a uses MAC-ID as identification information indicating the transmission source of the uplink communication data without using NET-ID. For example, the transmission data generation unit 105a may transmit the uplink communication data using the MAC-ID and the band assigned to the own device in advance. Uplink communication data is transmitted, for example, by an external device Z (Z-1-1, Z-1-2,..., Z-2-1, Z-2-2,...) To which the wireless terminal 10 is connected. Contains generated data.

  The reception data acquisition unit 105b receives the downlink communication data transmitted from the terminal device 50 by the communication unit 101 via the network 60, and decrypts the encrypted user data included in the downlink communication data. When identification information indicating a transmission destination is set in the downlink communication data, MAC-ID is used without using NET-ID. For example, the reception data acquisition unit 105b receives from the base station device 20 a bandwidth allocation notification that includes a MAC-ID that is assigned to the own device in advance and that does not contain a NET-ID, and is assigned to the own device in response to this notification. Downlink communication data may be received in the band. The reception data acquisition unit 105b outputs user data included in the acquired downlink communication data to the external device Z.

  FIG. 4 is a block diagram showing a configuration of transmission data generation section 105a shown in FIG. The transmission data generation unit 105 a includes a layer 3 transmission processing unit 110 and a layer 2 transmission processing unit 120.

  The layer 3 transmission processing unit 110 includes a counter generation unit 111, a storage unit 112, a security sequence number adding unit 113, an encryption unit 114, and a message authentication code adding unit 115.

  The counter generation unit 111 generates an upstream encryption processing counter used by the encryption unit 114 to encrypt user data to be transmitted. Further, the counter generation unit 111 updates the uplink encryption processing counter each time the transmission data generation unit 105a generates and transmits uplink communication data. The storage unit 112 stores the uplink encryption processing counter generated by the counter generation unit 111.

  The security sequence number assigning unit 113 assigns the uplink security sequence number and the L3 header to the user data output from the external device Z. The encryption unit 114 encrypts user data using the encryption key information stored in the key information storage unit 102 b and the uplink encryption processing counter stored in the storage unit 112. The message authentication code assigning unit 115 receives the upstream security initialization information, the upstream security sequence number, and the encrypted user data as input, and uses the message authentication key information stored in the key information storage unit 102b to transmit the upstream message. Generate an authentication code. The message authentication code assigning unit 115 outputs the L3 data including the uplink security sequence number, the L3 header, the encrypted user data, and the uplink message authentication code to the layer 2 transmission processing unit 120.

  The layer 2 transmission processing unit 120 includes a fragment unit 121 and a CRC adding unit 122. The fragment unit 121 generates fragment data by dividing (fragmenting) the L3 data input from the layer 3 transmission processing unit 110, and adds an L2 header to each of the fragment data. The L2 header includes a fragment number indicating how many pieces of fragment data are generated from one piece of L3 data. The CRC adding unit 122 calculates a CRC value from the L2 header and fragment data input from the fragment unit 121, and outputs uplink communication data in which the CRC value is added to the L2 header and fragment data to the communication unit 101.

  FIG. 5 is a block diagram illustrating a functional configuration of the reception data acquisition unit 105b illustrated in FIG. The reception data acquisition unit 105 b includes a layer 2 reception processing unit 130 and a layer 3 reception processing unit 140.

The layer 2 reception processing unit 130 includes a CRC inspection unit 131.
The CRC checking unit 131 checks the CRC value given to the downlink communication data input from the communication unit 101. When the CRC check result is OK, the layer 2 reception processing unit 130 determines that the L3 reception processing unit 130 determines the L3 based on the fragment data acquired from the downlink communication data and the fragment number acquired from the L2 header added to the fragment data. Restore data. Then, the layer 2 reception processing unit 130 outputs the restored L3 data to the layer 3 reception processing unit 140.

The layer 3 reception processing unit 140 includes a counter generation unit 141, a storage unit 142, a security sequence number inspection unit 143, a message authentication code inspection unit 144, and a decryption unit 145.
The counter generation unit 141 generates a downlink encryption processing counter used for the decryption unit 145 to decrypt the encrypted user data included in the downlink communication data. Further, the counter generation unit 141 updates the downlink encryption processing counter every time downlink communication data from the base station 20 is received. The storage unit 142 stores the downlink encryption processing counter generated by the counter generation unit 141.

  The security sequence number inspection unit 143 inspects the downlink security sequence number set in the L3 data input from the layer 2 reception processing unit 130, and outputs the L3 data to the message authentication code inspection unit 144 if the inspection is OK. To do.

  The message authentication code checking unit 144 checks the downlink message authentication code set in the L3 data input from the security sequence number checking unit 143. If the check is OK, the message authentication code checking unit 144 outputs the L3 data to the decoding unit 145. Specifically, the message authentication code checking unit 144 generates a downlink message authentication code using the same algorithm as the message authentication code adding unit 255 of the base station device 20 based on the received L3 data. The message authentication code checking unit 144 compares the downlink message authentication code generated by itself with the downlink message authentication code set in the received L3 data. If the two match, the message authentication code checking unit 144 determines that the encrypted user data of the received L3 data has not been tampered with, and sets the check result to OK. On the other hand, if the two do not match, the message authentication code checking unit 144 determines that the encrypted user data of the received L3 data has been tampered with, and sets the check result to NG. The decryption unit 145 stores the encrypted user data included in the L3 data input from the message authentication code checking unit 144 and the encryption key information stored in the key information storage unit 102b and the storage unit 142. And the decrypted user data is output to the external device Z.

  FIG. 6 is a schematic block diagram illustrating a functional configuration of the base station apparatus 20. The base station device 20 includes a CPU, a memory, an auxiliary storage device, and the like connected by a bus and executes a relay program. By executing the relay program, the base station device 20 functions as a device including the first communication unit 201, the second communication unit 202, the storage unit 203, the terminal authentication random number generation unit 204, the authentication control unit 205, and the relay unit 206. . Note that all or part of the functions of the base station device 20 may be realized using hardware such as an ASIC, PLD, or FPGA.

  The first communication unit 201 performs wireless communication with the wireless terminal 10. Specifically, the first communication unit 201 modulates communication data output from the authentication control unit 205 and the second relay unit 206 b and transmits the modulated communication data to the wireless terminal 10. Further, the first communication unit 201 receives the radio signal transmitted from the radio terminal 10 and demodulates it to restore the communication data, and transfers it to the authentication control unit 205 and the first relay unit 206a.

  The second communication unit 202 communicates with the network 60. Specifically, the second communication unit 202 converts the communication data output from the first relay unit 206 a and transmits it to the network 60. The second communication unit 202 receives a signal transmitted from the network 60 to the wireless terminal 10 and converts the signal to transfer the communication data to the second relay unit 206b.

  The storage unit 203 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The storage unit 203 functions as a base station identification information storage unit 203a, a terminal identification information table storage unit 203b, and a key information table storage unit 203c. The base station identification information storage unit 203a stores a base station ID assigned to the own device (base station device 20). As described above, the base station ID is identification information used only in wireless communication with the terminal device 10. The base station ID is identification information for uniquely identifying all base station apparatuses 20 installed in the communication system 100. Therefore, the base station apparatus 20 installed in the communication system 100 is not assigned a duplicate base station ID. When the network 60 is configured by a wired IP communication network, the base station identification information storage unit 203a uses the IP assigned to the own apparatus (base station apparatus 20) as identification information for communication with the network 60. Remember the address.

  The terminal identification information table storage unit 203b stores a terminal identification information table. The key information table storage unit 203c stores a key information table. FIG. 9 is a diagram illustrating an outline of the terminal identification information table. The terminal identification information table has a terminal identification information record 21 in which the NET-ID and the MAC-ID of the wireless terminal 10 are associated with each wireless terminal 10 communicating with its own device (base station device 20). FIG. 10 is a diagram showing an outline of the key information table. The key information table communicates the key information record 22 in which the NET-ID, the authentication key information, the encryption key information, and the message authentication key information of the wireless terminal 10 are associated with the own device (base station device 20). Have every.

  Returning to FIG. 6, the description of the configuration of the base station apparatus 20 will be continued. The terminal authentication random number generation unit 204 generates a terminal authentication random number (first shared authentication information) that is a random number used by the authentication control unit 205 for authentication processing for authenticating the wireless terminal 10.

  The authentication control unit 205 performs mutual authentication processing between the wireless terminal 10 and the base station device 20. Specifically, the authentication control unit 205 performs a calculation based on the MAC-ID, the NET-ID, the authentication key information, the NW authentication random number, the terminal authentication random number, and the like. By transmitting the authentication random number to the wireless terminal 10, the wireless terminal 10 is authenticated. The authentication control unit 205 performs a calculation based on the MAC-ID, the NET-ID, the authentication key information, the terminal authentication random number, and the like, and compares (collates) with a terminal authenticator that is the same calculation result by the wireless terminal 10. By doing so, the wireless terminal 10 is authenticated.

  When transmitting data to the wireless terminal 10 in the mutual authentication process, the authentication control unit 205 transmits the data using the MAC-ID and not using the NET-ID. Specifically, the authentication control unit 205 may transmit data as follows, for example. The authentication control unit 205 allocates a band to the wireless terminal 10 in advance according to a band allocation request, and stores the band and the MAC-ID in association with each other. The authentication control unit 205 transmits a bandwidth allocation response indicating the allocated bandwidth to the wireless terminal 10. At this time, the authentication control unit 205 transmits a band allocation response as data including the MAC-ID but not the NET-ID. The wireless terminal 10 receives the bandwidth allocation response and stores the bandwidth allocated to the own device. Then, the authentication control unit 205 transmits data to be transmitted by mutual authentication processing to the wireless terminal 10 in a band allocated to the wireless terminal 10. In this way, the data transmitted by the authentication control unit 205 is associated with the MAC-ID. As described above, since the NET-ID is not included in the bandwidth allocation response, the data transmitted by the authentication control unit 205 is not associated with the NET-ID. Details of the mutual authentication process will be described later.

The relay unit 206 includes a first relay unit 206a and a second relay unit 206b.
The first relay unit 206 a decrypts the encrypted user data included in the uplink communication data transmitted from the wireless terminal 10 to the terminal device 50 connected to the network 60 and relays it to the terminal device 50 connected to the network 60. To do. The uplink communication data transmitted from the wireless terminal 10 to the terminal device 50 connected to the network 60 is associated with the MAC-ID as identification information representing the wireless terminal 10 that is the transmission source. Based on the terminal identification information table, the first relay unit 206a searches for NET-ID corresponding to the MAC-ID associated with the uplink communication data or identification information equivalent to the NET-ID. Then, the first relay unit 206a gives and relays the searched NET-ID or identification information equivalent to the NET-ID to the upstream communication data as identification information indicating the data transmission source.

  The identification information equivalent to the NET-ID is identification information that can uniquely identify all the wireless terminals 10 installed in the communication system 100. As a specific example of identification information equivalent to NET-ID, there is a service ID. The service ID is identification information used in the network 60. The service ID may have a larger data amount than the NET-ID. The service ID may be recorded together with the NET-ID and the MAC-ID in the record 21 of the terminal identification information table, for example. Specific examples of the service ID include a Uniform Resource Locator (URL) and a Fully Qualified Domain Name (FQDN).

  The second relay unit 206 b encrypts user data transmitted from the terminal device 50 connected to the network 60 to the wireless terminal 10 and transmits downlink communication data including the encrypted user data to the wireless terminal 10. In downlink communication data transmitted to the wireless terminal 10 from the terminal device 50 connected to the network 60, NET-ID or identification information (service ID) equivalent to NET-ID is used as identification information indicating the destination wireless terminal 10. It is included. The second relay unit 206b searches for the MAC-ID corresponding to the NET-ID or the service ID based on the terminal identification information table. The second relay unit 206b relays downlink communication data using the searched MAC-ID.

  FIG. 7 is a block diagram illustrating a functional configuration of the first relay unit 206a illustrated in FIG. The first relay unit 206a includes a layer 2 reception processing unit 210, a layer 3 reception processing unit 220, and a relay setting unit 230.

The layer 2 reception processing unit 210 includes a CRC inspection unit 211.
The CRC checking unit 211 checks the CRC value given to the uplink communication data input from the first communication unit 201. When the inspection result is OK, the layer 2 reception processing unit 210 combines the fragment data of the same MAC-ID in the order of the fragment number and restores the L3 data. Then, the layer 2 reception processing unit 210 outputs the restored L3 data and the MAC-ID corresponding to the band that received the uplink communication data to the layer 3 reception processing unit 220.

The layer 3 reception processing unit 220 includes a counter generation unit 221, a storage unit 222, a security sequence number inspection unit 223, a message authentication code inspection unit 224, and a decryption unit 225.
The counter generation unit 221 generates, for each MAC-ID, an upstream encryption processing counter that is used by the decryption unit 225 to decrypt the encrypted user data included in the upstream communication data. Further, every time the upstream communication data is received from the wireless terminal 10, the counter generation unit 221 updates the upstream encryption processing counter corresponding to the MAC-ID of the wireless terminal 10. The storage unit 222 stores the uplink encryption processing counter generated by the counter generation unit 221 in association with the MAC-ID.

  The security sequence number inspection unit 223 inspects the uplink security sequence number set in the L3 data. If the inspection is OK, the security sequence number inspection unit 223 outputs the L3 data and the MAC-ID to the message authentication code inspection unit 224.

  The message authentication code checking unit 224 checks the upstream message authentication code set in the L3 data input from the security sequence number checking unit 223, and if the check is OK, the L3 data and the MAC-ID are decrypted by the decoding unit 225. Output to. Specifically, the message authentication code checking unit 224 generates an uplink message authentication code using the same algorithm as the message authentication code providing unit 115 of the wireless terminal 10 based on the received L3 data. The message authentication code checking unit 224 compares the upstream message authentication code generated by itself with the upstream message authentication code set in the received L3 data. If they match, the message authentication code checking unit 224 determines that the encrypted user data of the received L3 data has not been tampered with, and sets the check result to OK. On the other hand, if the two do not match, the message authentication code checking unit 224 determines that the encrypted user data of the received L3 data has been tampered with, and sets the check result to NG. The decryption unit 225 converts the encrypted user data included in the L3 data input from the message authentication code inspection unit 224 into the encryption key information stored in the key information table storage unit 203c corresponding to the MAC-ID. Then, decryption is performed using the uplink encryption processing counter stored in the storage unit 222 corresponding to the MAC-ID, and the decrypted user data and the MAC-ID are output to the relay setting unit 230. Note that, when the destination of the received data is the base station device 20, the decoding unit 225 outputs the decoded data to an upper layer processing unit (not shown) included in the base station device 20.

  The relay setting unit 230 searches NET-ID corresponding to the MAC-ID or identification information equivalent to the NET-ID based on the terminal identification information table. The relay setting unit 230 then relays the retrieved NET-ID or identification information equivalent to the NET-ID to the upstream communication data as identification information indicating the data transmission source.

FIG. 8 is a block diagram illustrating a functional configuration of the second relay unit 206b illustrated in FIG. The second relay unit 206b includes a relay data acquisition unit 240, a layer 3 transmission processing unit 250, and a layer 2 transmission processing unit 260.
The relay data acquisition unit 240 receives input of downlink communication data transmitted from the network 60 to the wireless terminal 10 from the second communication unit 202. The relay data acquisition unit 240 searches for the MAC-ID corresponding to the NET-ID included in the downlink communication data or the identification information (service ID) equivalent to the NET-ID based on the terminal identification information table. The relay data acquisition unit 240 outputs the user data acquired from the data input from the second communication unit 202 and the searched MAC-ID to the layer 3 transmission processing unit 250.
Note that user data input to the layer 3 transmission processing unit 250 is not limited to user data transmitted from the network 60 to the wireless terminal 10. For example, even if the upper layer processing unit (not shown) included in the base station device 20 outputs user data to be transmitted to the radio terminal 10 and the MAC-ID of the destination radio terminal 10 to the layer 3 transmission processing unit 250. Good.

The layer 3 transmission processing unit 250 includes a counter generation unit 251, a storage unit 252, a security sequence number adding unit 253, an encryption unit 254, and a message authentication code adding unit 255.
The counter generation unit 251 generates a downlink encryption processing counter used by the encryption unit 254 for encrypting user data for each MAC-ID. Each time the second relay unit 206b transmits and transmits downlink communication data addressed to the wireless terminal 10, the counter generation unit 251 updates the downlink encryption processing counter corresponding to the MAC-ID of the wireless terminal 10. The storage unit 252 stores the downlink encryption processing counter generated by the counter generation unit 251 in association with the MAC-ID.

  The security sequence number assigning unit 253 assigns the downlink security sequence number and the L3 header to the user data output from the relay data acquiring unit 240, and outputs the user data together with the MAC-ID to the encrypting unit 254. The encryption unit 254 includes the encryption key information registered in the key information table in the key information table storage unit 203c corresponding to the MAC-ID, and the downlink stored in the storage unit 252 corresponding to the MAC-ID. The user data is encrypted using the encryption processing counter, and the generated encrypted user data is output to the message authentication code adding unit 255 together with the MAC-ID. The message authentication code giving unit 255 receives the downlink security initialization information, the downlink security sequence number, and the encrypted user data as inputs, and registers them in the key information table in the key information table storage unit 203c corresponding to the MAC-ID. A downlink message authentication code is generated using the message authentication key information. The message authentication code giving unit 255 outputs L3 data including the downlink security sequence number, the L3 header, the encrypted user data, and the downlink message authentication code to the layer 2 transmission processing unit 260 together with the MAC-ID.

  The layer 2 transmission processing unit 260 includes a fragment unit 261 and a CRC adding unit 262. The fragment unit 261 generates fragment data by dividing (fragmenting) the L3 data input from the layer 3 transmission processing unit 250, and adds an L2 header to each of the fragment data. The L2 header includes a fragment number. The CRC adding unit 262 calculates a CRC value from the L2 header and fragment data input from the fragment unit 261. The CRC adding unit 262 outputs the downlink communication data in which the CRC value is added to the L2 header and the fragment data to the first communication unit 201. The first communication unit 201 transmits downlink communication data in a band corresponding to MAC-ID.

  The terminal information management device 30 is configured using an information processing device such as a mainframe, a workstation, or a personal computer. The terminal information management device 30 associates the NET-IDs of all the wireless terminals 10 installed in the communication system 100 with the authentication key information, encryption key information, and message authentication key information assigned to the wireless terminals 10. Remember. The terminal information management device 30 also includes NET-IDs of all the wireless terminals 10 installed in the communication system 100 and identification information (hereinafter referred to as terminal devices 50) that are destinations to which each wireless terminal 10 transmits uplink communication data. "Host name") and stored in association with each other. Further, the terminal information management device 30 stores the NET-IDs of all the wireless terminals 10 installed in the communication system 100 and the service IDs representing the wireless terminals 10 in the network 60 in association with each other. When the terminal information management device 30 receives an inquiry (terminal information request) based on the NET-ID from the base station device 20, the terminal information management device 30 obtains the authentication key information and encryption key information corresponding to the NET-ID, the host name, and the service ID from the terminal information. A response is sent back to the base station apparatus 20.

  The position information management device 40 is configured using an information processing device such as a mainframe, a workstation, or a personal computer. The location information management device 40 stores the service IDs of all the wireless terminals 10 installed in the communication system 100 in association with the IP addresses of the base station devices 20 with which the wireless terminals 10 are performing wireless communication. . The data stored in the location information management device 40 can identify where the wireless terminal 10 is located, that is, which base station device 20 is under control. Upon receiving an IP address inquiry (DNS reference request) based on the service ID from the terminal device 50, the location information management device 40 uses the IP address of the base station device 20 corresponding to the service ID as the DNS reference response. Reply to The location information management device 40 stores the host name and IP address of the terminal device 50 installed in the communication system 100 in association with each other. Upon receiving an IP address inquiry (DNS reference request) based on the host name from the base station apparatus 20, the location information management apparatus 40 returns an IP address corresponding to the host name to the base station apparatus 20 as a DNS reference response. .

  The terminal device 50 is configured using an information processing device such as a mainframe, a workstation, or a personal computer. The terminal device 50 receives the uplink communication data transmitted from the wireless terminal 10 via the base station device 20. The terminal device 50 specifies the IP address of the base station device 20 to which the wireless terminal 10 is connected based on the service ID of the wireless terminal 10 that is the data transmission destination to the location information management device 40, whereby the base station device 20. It is possible to transmit data to the wireless terminal 10 via. Thereby, downlink communication data such as a control signal for the external device Z connected to each wireless terminal 10 is transmitted to the wireless terminal 10.

  FIG. 11 is a sequence diagram showing a sequence of mutual authentication processing in the communication system 100. The mutual authentication process is a preprocess that is performed when the wireless terminal 10 starts transmission / reception of data with the base station apparatus 20. After authenticating each other as a valid device by mutual authentication processing, the wireless terminal 10 and the base station device 20 start data transmission / reception. For example, transmission of uplink communication data by the wireless terminal 10 is started after the mutual authentication process. Hereinafter, a flow of mutual authentication processing performed by the wireless terminal 10 and the base station device 20 of the communication system 100 will be described.

  First, when the radio signal of the base station device 20 can be received by the radio terminal 10 and a communicable base station ID can be acquired, the terminal identification information storage unit 102a of the radio terminal 10 stores the communicable base. The base station ID of the station device 20 is recorded.

  Next, the authentication control unit 104 of the wireless terminal 10 attempting to connect to the communication system 100 via the base station device 20 sends a MAC-ID assignment request (synonymous with the above-described bandwidth assignment request) to the base station device 20. Transmit (step S101). At this point, the NET-ID is assigned to the wireless terminal 10, but the MAC-ID is not assigned. Therefore, at this time, the NET-ID is recorded in the terminal identification information storage unit 102a of the wireless terminal 10, but the MAC-ID is not recorded.

  When receiving the MAC-ID assignment request from the wireless terminal 10, the authentication control unit 205 of the base station apparatus 20 is still assigned to the other wireless terminal 10 that is currently performing wireless communication with the own device (base station apparatus 20). A MAC-ID that is not yet generated is generated. Then, the authentication control unit 205 transmits a MAC-ID assignment response including the generated MAC-ID (step S102). The wireless terminal 10 that is the transmission source of the MAC-ID assignment request receives the MAC-ID assignment response transmitted from the base station apparatus 20. For example, the authentication control unit 104 of the wireless terminal 10 receives the MAC-ID assignment response first received after transmitting the MAC-ID assignment request when the MAC-ID is not yet assigned to the own device (wireless terminal 10). May be determined to be data addressed to the own device. Further, the authentication control unit 104 of the wireless terminal 10 transmits the MAC-ID allocation request with identification information, and the authentication control unit 205 of the base station device 20 returns a MAC-ID allocation response with the same identification information. The authentication control unit 104 of the wireless terminal 10 may determine that the MAC-ID assignment response to which the same identification information is assigned is data addressed to the own device. The method by which the authentication control unit 104 of the wireless terminal 10 determines the MAC-ID assignment response addressed to its own device may be another method.

  Upon receiving the MAC-ID assignment response addressed to the own device, the authentication control unit 104 of the wireless terminal 10 uses the MAC-ID included in the MAC-ID assignment response as the MAC-ID assigned to the own device (wireless terminal 10). Write to the terminal identification information storage unit 102a.

  Next, the NW authentication random number generation unit 103 of the wireless terminal 10 generates an NW authentication random number (step S103). Next, the authentication control part 104 produces | generates a mutual authentication request | requirement, and transmits to the base station apparatus 20 (step S104). The mutual authentication request includes a random number for NW authentication and is transmitted using the NET-ID and MAC-ID assigned to the own device (wireless terminal 10).

  Upon receiving the mutual authentication request, the authentication control unit 205 of the base station apparatus 20 acquires the NET-ID and MAC-ID used for transmitting the received mutual authentication request, and acquires the acquired NET-ID and MAC-ID. The associated record 21 is generated. The authentication control unit 205 writes the generated record 21 in the terminal identification information table. The authentication control unit 205 transmits a terminal information request including the acquired NET-ID to the terminal information management apparatus 30 (step S105). When receiving the terminal information request, the terminal information management apparatus 30 searches for authentication key information, encryption key information, a host name of the terminal apparatus 50, and a service ID corresponding to the NET-ID included in the terminal information request. Then, the terminal information management device 30 generates a terminal information response including the searched authentication key information, encryption key information, host name of the terminal device 50, and service ID, and the base station device 20 that is the transmission source of the terminal information request (Step S106).

  When receiving the terminal information response, the authentication control unit 205 of the base station apparatus 20 acquires authentication key information and personal identification key information from the terminal information response. Then, the authentication control unit 205 generates a record 22 in which the NET-ID included in the mutual authentication request received in step S104 is associated with the acquired authentication key information and password key information, and writes the record 22 in the key information table.

  The terminal authentication random number generation unit 204 generates a terminal authentication random number (step S107). The authentication control unit 205 generates an NW authenticator and downlink security initialization information, and stores the downlink security initialization information (step S108). An example of a method for generating the NW authenticator and downlink security initialization information is as follows. First, the authentication control unit 205 uses the NET-ID, MAC-ID, NW authentication random number included in the mutual authentication request received in step S104, the base station ID of the own device (base station device 20), and terminal authentication. Secret information for generating an NW authenticator is calculated using a random number and authentication key information corresponding to the NET-ID. The authentication control unit 205 generates an NW authenticator and downlink security initialization information used to generate a downlink encryption processing counter from the calculated secret information for generating the NW authenticator. For example, the authentication control unit 205 handles all or a predetermined part of the calculated secret information for generating the NW authenticator as an NW authenticator. Further, the authentication control unit 205 stores all or a predetermined part of the calculated secret information for generating the NW authenticator as downlink security initialization information. In the above process, the NW authenticator and the downlink security initialization information are processed so as to be different data. More preferably, a part of the calculated secret information for generating the NW authenticator is handled as an NW authenticator, and another part not overlapping with the NW authenticator is handled as downlink security initialization information. In this way, the NW authenticator and the downlink security initialization information are generated, and the downlink security initialization information is stored. Specific methods for calculating secret information include keyed hash and block cipher.

  A more detailed specific example of the method for calculating the NW authenticator and downlink security initialization information will be described with reference to FIG. In the specific example described below, the NET-ID is 48 bits, the MAC-ID is 16 bits, the base station ID is 32 bits, and both the NW authentication random number and the terminal authentication random number are 128 bits. The authentication key information is 128 bits. First, the authentication control unit 205 generates a 128-bit bit string arranged in the following order as a first input. “0” for 1 bit, “0” for 31 bits, NET-ID for 48 bits, MAC-ID for 16 bits, base station ID for 32 bits. The first one bit of “0” is a bit indicating that the operation is an NW authenticator. The next 31 bits “0” is a bit string for padding. The second input and the third input are a random number for NW authentication and a random number for terminal authentication, respectively.

  The authentication control unit 205 executes an authenticator calculation process using the first input, the second input, the third input, and the authentication key information. A specific example of the authenticator calculation process includes CMAC (Cipher-based Message Authentication Code) using 128-bit block cipher. Specific examples of block ciphers used in CMAC include Camellia and AES (Advanced Encryption Standard). As a calculation result of such an authenticator calculation process, 128-bit NW authenticator generation secret information is calculated. The authentication control unit 205 generates an NW authenticator and downlink security initialization information from the obtained secret information for generating the NW authenticator. For example, the authentication control unit 205 generates the upper 64 bits of the secret information for generating the NW authenticator as an NW authenticator, and generates the lower 64 bits as downlink security initialization information. The authentication control unit 205 writes the downlink security initialization information and the MAC-ID in association with each other in the storage unit 252 of the second relay unit 206b. This completes the description of the specific example of the NW authenticator calculation method, and the description returns to the mutual authentication processing sequence.

  When the NW authenticator is generated, the authentication control unit 205 generates a base station authentication response and transmits it to the wireless terminal 10 (step S109). The base station authentication response includes an NW authenticator and a terminal authentication random number. The base station authentication response is transmitted using the MAC-ID assigned to the wireless terminal 10 that has transmitted the mutual authentication request and without using the NET-ID.

  Upon receiving the base station authentication response, the authentication control unit 104 of the wireless terminal 10 performs base station authentication processing (step S110). The base station authentication process is as follows. First, the authentication control unit 104 calculates the NW authenticator and downlink security initialization information by performing the same calculation as the authentication control unit 205 of the base station apparatus 20. At this time, among the values used by the authentication control unit 104 in the calculation, the terminal authentication random number is a value included in the base station authentication response, and other values (NW authentication random number, key information, MAC-ID, NET -ID, base station ID) is a value held in the own device (wireless terminal 10). The authentication control unit 104 compares the calculated NW authenticator with the NW authenticator included in the received base station authentication response. If they match, the authentication control unit 104 authenticates that the base station device 20 is a valid device, and writes the downlink security initialization information to the storage unit 142 of the received data acquisition unit 105b. On the other hand, if the two do not match, the authentication control unit 104 does not authenticate that the base station device 20 is a valid device. Further, the authentication control unit 104 performs the same operation as the authentication control unit 205 of the base station apparatus 20 based on the secret information for generating the NW authenticator obtained in the process of calculating the NW authenticator, thereby performing downlink security initialization. Calculate information. If the length of the NW authenticator is sufficiently long and the NW authenticator matches between the wireless terminal 10 and the base station device 20, the downlink security initialization information also matches with a very high probability between both devices. . Therefore, it is possible to safely share downlink security initialization information between both devices.

  Next, the authentication control unit 104 of the wireless terminal 10 generates a terminal authenticator and uplink security initialization information, and stores the uplink security initialization information (step S111). An example of a method for generating a terminal authenticator and uplink security initialization information is as follows. First, the authentication control unit 104 receives the NET-ID, the MAC-ID, the base station ID, the authentication key information stored in the key information storage unit 102b, and the base station authentication response stored in the terminal identification information storage unit 102a. Secret information for generating a terminal authenticator is calculated using the included terminal authentication random number. The authentication control unit 104 handles all or a predetermined part of the calculated secret information for generating a terminal authenticator as a terminal authenticator. Further, the authentication control unit 104 stores all or a predetermined part of the calculated secret information for generating the terminal authenticator as uplink security initialization information. In the above process, the terminal authenticator and the upstream security initialization information are processed so as to be different data. More preferably, a part of the calculated secret information for generating a terminal authenticator is handled as a terminal authenticator, and another part not overlapping with the terminal authenticator is handled as uplink security initialization information. In this way, the terminal authenticator and the uplink security initialization information are generated, and the uplink security initialization information is stored.

  A more detailed specific example of the method for calculating the terminal authenticator will be described with reference to FIG. In the specific example described below, the NET-ID is 48 bits, the MAC-ID is 16 bits, the base station ID is 32 bits, and the terminal authentication is performed, as in the specific example in the method for calculating the NW authenticator. The random number for use is 128 bits, and the authentication key information is 128 bits. First, the authentication control unit 104 generates a 128-bit bit string arranged in the following order as a first input. “1” for 1 bit, “0” for 31 bits, NET-ID for 48 bits, MAC-ID for 16 bits, and base station ID for 32 bits. “1” for the first one bit is a bit indicating that the terminal authenticator is operated. The next 31 bits “0” is a bit string for padding. The second input is a terminal authentication random number.

  The authentication control unit 104 executes an authenticator calculation process using the first input, the second input, and the authentication key information. A specific example of the authenticator calculation process includes CMAC (Cipher-based Message Authentication Code) using 128-bit block cipher. Specific examples of block ciphers used in CMAC include Camellia and AES. As a calculation result of such an authenticator calculation process, 128-bit secret information for generating a terminal authenticator is calculated. The authentication control unit 104 generates a terminal authenticator and uplink security initialization information used for generating an uplink encryption processing counter from the obtained secret information for generating a terminal authenticator. For example, the authentication control unit 104 generates the upper 64 bits of the secret information for generating the terminal authenticator as the terminal authenticator, and generates the lower 64 bits as the uplink security initialization information. In the generation of the terminal authenticator, NW authentication random numbers may be further used. The authentication control unit 104 writes the upstream security initialization information in the storage unit 112 of the transmission data generation unit 105a. This completes the description of the specific example of the terminal authenticator calculation method, and the description returns to the mutual authentication processing sequence.

  When the terminal authenticator is generated, the authentication control unit 104 generates a terminal authentication response and transmits it to the base station apparatus 20 (step S112). The terminal authentication response includes a terminal authenticator. The terminal authentication response is transmitted using the MAC-ID of the own device (wireless terminal 10) and not using the NET-ID.

  Upon receiving the terminal authentication response, the authentication control unit 205 of the base station device 20 performs terminal authentication processing (step S113). The terminal authentication process is as follows. First, the authentication control unit 205 calculates a terminal authenticator and uplink security initialization information by performing the same calculation as the authentication control unit 104 of the wireless terminal 10. At this time, all values (terminal authentication random number, key information, MAC-ID, NET-ID, base station ID) used by the authentication control unit 205 in the calculation are held in the own apparatus (base station apparatus 20). Value. The authentication control unit 205 compares the calculated terminal authenticator with the terminal authenticator included in the received terminal authentication response. If the two match, the authentication control unit 205 authenticates that the wireless terminal 10 is a legitimate device and associates the upstream security initialization information with the MAC-ID in the storage unit 222 of the second relay unit 206b. Write. On the other hand, if the two do not match, the authentication control unit 205 does not authenticate that the wireless terminal 10 is a valid device. Further, the authentication control unit 205 performs the same operation as the authentication control unit 104 of the wireless terminal 10 based on the secret information for generating the terminal authenticator obtained in the process of calculating the terminal authenticator, thereby performing uplink security initialization information. Is calculated. When the length of the terminal authenticator is sufficiently long and the terminal authenticator matches between the wireless terminal 10 and the base station device 20, the uplink security initialization information also matches with a very high probability between the two devices. . Therefore, it is possible to safely share upstream security initialization information between both devices.

  When authenticating that the wireless terminal 10 is a valid device in the terminal authentication process, the authentication control unit 205 transmits a terminal registration request to the location information management device 40 (step S114). The terminal registration request includes the IP address of the own device (base station device 20) and the service ID of the wireless terminal 10 authenticated by the terminal authentication process in step S113. When receiving the terminal registration request, the location information management device 40 stores the service ID included in the terminal registration request and the IP address of the base station device 20 in association with each other. Then, the location information management device 40 transmits a terminal registration response indicating that the registration of the service ID and the IP address of the base station device 20 is completed to the base station device 20 (step S115).

  With the above processing, generation of shared information (uplink security initialization information and downlink security initialization information) based on secret information between the wireless terminal 10 and the base station apparatus 20 is completed, and mutual information performed between the two is performed. Authentication is completed (step S116).

After this processing, the wireless terminal 10 can communicate with the terminal device 50 connected to the network 60 by way of the base station device 20 that has performed mutual authentication.
In the case of uplink communication, the transmission data generation unit 105a of the wireless terminal 10 generates uplink communication data including encrypted user data and transmits the uplink communication data to the base station apparatus 20 (step S117). As information indicating the transmission source of the uplink communication data, NET-ID is not used, but MAC-ID is used. The first relay unit 206a of the base station device 20 decrypts the encrypted user data included in the uplink communication data, and transmits the uplink communication data of the IP signal in which the decrypted user data is set to the network 60. The uplink communication data of the IP signal transmitted by the first relay unit 206a reaches the terminal device 50 via the network 60 (step S118).

  In the case of downlink communication, the terminal device 50 transmits downlink communication data addressed to the wireless terminal 10 via the network 60 using an IP signal (step S119). A service ID is assigned to the downlink communication data of the IP signal. The second relay unit 206b of the base station apparatus 20 converts the service ID assigned to the downlink communication data of the IP signal into a MAC-ID, and encrypts user data set in the downlink communication data. The first communication unit 201 of the base station device 20 transmits the downlink communication data set with the encrypted user data to the wireless terminal 10 (step S120). As information indicating the transmission source of downlink communication data, NET-ID is not used, but MAC-ID is used.

  Note that the MAC-ID that is the information of the second layer of the OSI reference model can be configured to have a smaller data amount than the NET-ID that is the information of the third layer. When configured in this way, the amount of communication data can be more effectively reduced.

  FIG. 12 is a sequence diagram showing an upstream communication sequence after mutual authentication is completed, and shows details of steps S117 and S118 of FIG.

  First, the external device Z generates data and outputs it to the wireless terminal 10. When the transmission data generation unit 105a of the wireless terminal 10 receives user data input from the external device Z, the security sequence number assigning unit 113 assigns an uplink security sequence number. The uplink security sequence number is a 16-bit number that increases by a predetermined value, and is reset to an initial value, for example, “0” at the time of mutual authentication. In other words, the initial uplink security sequence number is assigned in the case of the first uplink user data transmission after mutual authentication, and the previous transmission in the case of the uplink user data transmission for the second and subsequent times after mutual authentication. An uplink security sequence number having a value obtained by adding a predetermined value (for example, 1) to the uplink security sequence number assigned to the user data in the uplink direction is assigned.

  The counter generation unit 111 generates an uplink encryption processing counter when it is the first transmission of user data in the uplink direction after mutual authentication with the base station apparatus 20 is performed. The encryption unit 114 encrypts user data using the encryption key information stored in the key information storage unit 102 b and the uplink encryption processing counter stored in the storage unit 112. A specific configuration of the upstream encryption processing counter and encryption processing will be described.

  FIG. 15 is a diagram illustrating the configuration of the uplink encryption processing counter. The first 8 bits of the upstream encryption processing counter are a predetermined value common to the upstream encryption processing counter and are “10000000”. The next 64 bits are upstream security initialization information. Uplink security initialization information is read from the storage unit 112. The next 32 bits are reserved for future expansion of the upstream security sequence number, and are all “0”. The next 16 bits are information generated in step S116 upon completion of mutual authentication, which is the uplink security sequence number, and the uplink security sequence number assigned by the security sequence number assigning unit 113. The next 8 bits are an upstream encryption processing block counter, and an initial value “0” is set.

  As shown in FIG. 16, the encryption unit 114 performs 128-bit block encryption on 128-bit encryption key information, a 128-bit upstream encryption processing counter, and user data (upstream plaintext) divided into 128-bit units. Using the processing in the counter mode, 128-bit unit encrypted user data (upstream ciphertext) is generated. Specific examples of the 128-bit block cipher include Camellia and AES.

FIG. 19 is a diagram illustrating an example of encryption processing using the counter mode.
As shown in the figure, the encryption unit 114 divides the upstream plaintext, which is user data to be encrypted, into fixed lengths of 128 bits. The separated plaintext is described as plaintext data (1), plaintext data (2),.

  Using the encryption key information, the encryption unit 114 encrypts the upstream encryption processing counter stored in the storage unit 112 by 128-bit block encryption processing to generate a 128-bit encryption counter (1). The encryption unit 114 generates 128-bit encrypted data (1) by exclusive OR of the encryption counter (1) and the plaintext data (1). When the encrypted data (1) is generated, the counter generation unit 111 adds 1 to the value of the upstream encryption processing block counter in the upstream encryption processing counter currently stored in the storage unit 112 and updates it.

Subsequently, the encryption unit 114 encrypts the encryption key information and the upstream encryption processing counter stored in the storage unit 112 by a 128-bit block encryption process to generate a 128-bit encryption counter (2). The encryption unit 114 generates 128-bit encrypted data (2) by exclusive OR of the encryption counter (2) and the plaintext data (2). When the encrypted data (2) is generated, the counter generation unit 111 adds 1 to the value of the upstream encryption processing block counter in the upstream encryption processing counter currently stored in the storage unit 112 and updates it.
The above processing is executed for all plaintext data (1), (2),... Generated from the upstream plaintext, and the encrypted data (1), (2),. Data (upstream ciphertext) is generated.
The upstream encryption processing block counter has 8 bits and can encrypt user data up to 256 (2 to the 8th power) blocks.

  Returning to FIG. 12, the description of the uplink communication sequence will be continued. The encryption unit 114 outputs the uplink security sequence number and the encrypted user data to the message authentication code adding unit 115. The message authentication code giving unit 115 receives the upstream security initialization information, the upstream security sequence number, and the encrypted user data as input, and generates the upstream message authentication code using the message authentication key information as a key. Then, the message authentication code giving unit 115 outputs L3 data including the uplink security sequence number, the L3 header, the encrypted user data, and the uplink message authentication code to the layer 2 transmission processing unit 120.

  The fragment unit 121 of the layer 2 transmission processing unit 120 divides L3 data by a fixed length (fragmentation) to generate fragment data, adds an L2 header to each fragment data, and outputs the fragment data to the CRC adding unit 122. The CRC adding unit 122 calculates a CRC value from the L2 header and fragment data output from the fragment unit 121, generates uplink communication data in which the CRC value is added to the L2 header and fragment data, and outputs the uplink communication data to the communication unit 101 ( Step S201). The communication unit 101 transmits uplink communication data in which encrypted user data is set to the base station apparatus 20 in the transmission time slot of the allocated band (step S202). As information representing the transmission source of transmission data, NET-ID is not used, but MAC-ID is used.

  When the first communication unit 201 of the base station apparatus 20 receives the uplink communication data from the wireless terminal 10, the uplink communication data is input to the first relay unit 206a, and the CRC checking unit 211 of the first relay unit 206a The CRC value set in the uplink communication data input from one communication unit 201 is checked, and if the check is NG, NACK is returned to the radio terminal 10. If the check is OK, the CRC checker 211 returns an ACK to the wireless terminal 10, and combines the fragment data of the same MAC-ID in the order of the fragment number to restore the L3 data. Then, the CRC inspection unit 211 outputs the restored L3 data and the MAC-ID corresponding to the band in which the uplink communication data is received to the layer 3 reception processing unit 220.

  The security sequence number checking unit 223 checks the uplink security sequence number set in the restored L3 data. Specifically, the security sequence number inspection unit 223 holds the latest number among the uplink security sequence numbers of the L3 data generated based on the uplink communication data previously received from the wireless terminal 10 having the same MAC-ID. If the upstream security sequence number set in the restored L3 data is newer than the latest stored security sequence number, it is determined to be OK, and if it is the same or older, it is determined to be NG. The security sequence number inspection unit 223 outputs the L3 data and the MAC-ID to the message authentication code inspection unit 224 if the inspection is OK, and discards it if it is NG.

  The message authentication code checking unit 224 checks the upstream message authentication code set in the L3 data input from the security sequence number checking unit 223. The message authentication code checking unit 224 outputs the L3 data and the MAC-ID to the decoding unit 225 if the check of the uplink message authentication code is OK, and discards the check if the check is NG.

  In the case of the first transmission of user data in the upstream direction after performing mutual authentication with the wireless terminal 10, the counter generation unit 221 performs an upstream encryption processing counter by the same process as the counter generation unit 111 of the wireless terminal 10. (FIG. 15) is generated and written in the storage unit 222 in association with the MAC-ID. However, the uplink security initialization information stored in the storage unit 222 corresponding to the MAC-ID is set in the uplink security initialization information of the uplink encryption processing counter. Further, the uplink security sequence number set in the L3 data is set in the uplink security sequence number of the uplink encryption processing counter. Also, an initial value “0” is set in the upstream encryption processing block counter of the upstream encryption processing counter.

  The decryption unit 225 reads the encryption key information stored in the key information table in the key information table storage unit 203c in association with the MAC-ID, and associates the encryption key information with the MAC-ID in the storage unit 112. The encrypted user data set in the L3 data is decrypted using the stored upstream encryption processing counter. A specific decoding process will be described.

  As shown in FIG. 16, the decryption unit 225 uses 128-bit block encryption processing in the counter mode, and uses 128-bit encryption key information, a 128-bit upstream encryption processing counter, and a cipher divided into 128-bit units. Plaintext user data (upstream plaintext) divided into 128-bit units is generated from the encrypted user data (upstream ciphertext). The 128-bit block encryption process used by the decryption unit 225 is the same as the 128-bit block encryption process used by the encryption unit 114 of the wireless terminal 10.

FIG. 20 is a diagram illustrating an example of decryption processing using the counter mode, and illustrates processing for decrypting the encrypted user data generated by the encryption processing illustrated in FIG.
As shown in the figure, the decryption unit 225 divides uplink ciphertext, which is encrypted user data to be decrypted, into fixed lengths of 128 bits. The separated upstream ciphertexts are described as encrypted data (1), encrypted data (2),.

  Using the encryption key information, the decryption unit 225 encrypts the upstream encryption processing counter stored in the storage unit 222 in association with the MAC-ID by a 128-bit block encryption process, and uses a 128-bit encryption counter (1 ) Is generated. The decryption unit 225 generates 128-bit plaintext data (1) by exclusive OR of the encryption counter (1) and the encrypted data (1). When the plaintext data (1) is generated, the counter generation unit 221 adds 1 to the value of the uplink encryption processing block counter in the uplink encryption processing counter currently stored in the storage unit 222 in association with the MAC-ID. And update.

Subsequently, using the encryption key information registered in the key information table in the key information table storage unit 203c corresponding to the MAC-ID, the decryption unit 225 stores the MAC-ID in association with the MAC-ID. The upstream encryption processing counter is encrypted by 128-bit block encryption processing to generate a 128-bit encryption counter (2). The decryption unit 225 generates 128-bit plaintext data (2) by exclusive OR of the encryption counter (2) and the encrypted data (2). When the plaintext data (2) is generated, the counter generation unit 221 adds 1 to the value of the upstream encryption processing block counter in the upstream encryption processing counter currently stored in the storage unit 222 in association with the MAC-ID. And update.
The above processing is executed for all ciphertext data (1), (2),... Generated from the uplink ciphertext, and the generated plaintext data (1), (2),. User data (upstream plain text) is generated.

  Returning to FIG. 12, the description of the uplink communication sequence will be continued. The decoding unit 225 of the base station apparatus 20 outputs the user data and MAC-ID decoded as described above to the relay setting unit 230. The relay setting unit 230 searches NET-ID corresponding to MAC-ID or identification information equivalent to NET-ID based on the terminal identification information table (step S203). Then, the relay setting unit 230 searches the terminal identification information table based on the MAC-ID, and acquires the corresponding service ID and host name. The relay setting unit 230 assigns a service ID to the upstream communication data as information indicating the transmission source (step S204). In addition, the relay setting unit 230 transmits a DNS reference request in which the host name is set to the location information management device 40 (step S205). The location information management device 40 returns a DNS reference response in which the IP address corresponding to the host name is set to the base station device 20 (step S206). The relay setting unit 230 of the base station device 20 assigns the IP address acquired from the DNS reference response to the uplink communication data as the transmission destination address (step S207). Then, the relay setting unit 230 transmits the uplink communication data of the IP signal including the user data for which the service ID is set to the network 60 (Step S208). The uplink communication data transmitted by the first relay unit 206a reaches the terminal device 50 via the network 60.

Note that, when the wireless terminal 10 transmits user data again before the session is disconnected, the same processing as in steps S202 and S207 to S208 described above is performed.
In this case, the counter generation unit 111 of the wireless terminal 10 assigns the uplink security sequence number of the uplink encryption processing counter already stored in the storage unit 112 to the new transmission target user data by the security sequence number assigning unit 113. An uplink security sequence number is set, and an initial value “0” is set in the uplink encryption processing block counter and updated.
Further, the counter generation unit 221 of the base station device 20 is generated from the newly received uplink communication data with the uplink security sequence number of the uplink encryption processing counter already stored in the storage unit 222 corresponding to the MAC-ID. The upstream security sequence number in the L3 data is set, and the initial value “0” is set in the upstream encryption processing block counter and updated.

FIG. 13 is a sequence diagram showing a downstream communication sequence after the mutual authentication is completed, and shows details of steps S119 and S120 of FIG.
First, the terminal device 50 generates transmission data to be transmitted to the wireless terminal 10 (step S301). The terminal device 50 transmits an IP address inquiry (DNS reference request) based on the service ID of the data transmission destination wireless terminal 10 to the location information management device 40 (step S302). The terminal device 50 acquires the IP address of the base station device 20 to which the wireless terminal 10 is connected as a DNS reference response from the location information management device 40 (step S303). The terminal device 50 transmits data to the wireless terminal 10 via the base station device 20 by transmitting data to the acquired IP address of the base station device 20 (step S304). When the relay data acquisition unit 240 of the second relay unit 206b of the base station device 20 acquires the service ID and user data from the downlink communication data of the IP signal received from the terminal device 50, the relay data acquisition unit 240 obtains the terminal identification information table based on the service ID. Search and obtain the corresponding MAC-ID (step S305). The relay data acquisition unit 240 outputs the acquired MAC-ID together with user data to the layer 3 transmission processing unit 250 (step S306).

  The security sequence number assigning unit 253 of the layer 3 transmission processing unit 250 assigns a downlink security sequence number to the user data input from the relay data acquisition unit 240. The downlink security sequence number is a 16-bit number that increases by a predetermined value, and is reset to an initial value, for example, “0” at the time of mutual authentication. That is, after the mutual authentication with the wireless terminal 10 specified by the MAC-ID input from the relay data acquisition unit 240, in the case of the first transmission of user data in the downlink direction, the initial downlink security sequence number is given. The In the case of transmission of downlink user data for the second and subsequent times after mutual authentication, a predetermined value (for example, a downlink security sequence number assigned to downlink user data previously transmitted to the wireless terminal 10 specified by the MAC-ID (for example, A downlink security sequence number having a value obtained by adding 1) is assigned.

  The counter generation unit 251 generates a downlink encryption processing counter in the case of transmission of user data in the first downlink direction after mutual authentication with the wireless terminal 10 specified by the MAC-ID, and associates it with the MAC-ID. Write to the storage unit 252. The encryption unit 254 stores the encryption key information stored in association with the MAC-ID in the key information table in the key information table storage unit 203c, and the downlink stored in the storage unit 252 in association with the MAC-ID. The user data is encrypted using the encryption processing counter.

  FIG. 17 is a diagram illustrating the configuration of the downstream encryption processing counter. The first 8 bits of the downstream encryption processing counter are predetermined values common to the downstream encryption processing counter, and are all “0”. The next 64 bits are downlink security initialization information, and downlink security initialization information read from the storage unit 252 is set corresponding to the MAC-ID. The next 32 bits are reserved for future expansion of the downlink security sequence number, and are all “0”. The next 16 bits are the downlink security sequence number assigned by the security sequence number assigning unit 253. The next 8 bits are a downstream encryption processing block counter, and an initial value “0” is set.

  As shown in FIG. 18, the encryption unit 254 performs 128-bit block encryption processing in a counter mode with 128-bit encryption key information, a 128-bit downstream encryption processing counter, and 128-byte user data (downstream plaintext). Is used to generate encrypted user data (downstream ciphertext) divided into 128-bit units. Specific examples of the 128-bit block cipher include Camellia and AES.

  For example, the encryption unit 254 performs the encryption process illustrated in FIG. The encryption unit 254 divides the downlink plaintext, which is user data to be encrypted, into fixed lengths of 128 bits, and generates plaintext data (1), plaintext data (2),. Using the encryption key information, the encryption unit 254 encrypts the downlink encryption processing counter stored in the storage unit 252 in association with the MAC-ID by 128-bit block encryption processing, and uses a 128-bit encryption counter ( 1) is generated. The encryption unit 254 generates 128-bit encrypted data (1) by exclusive OR of the encryption counter (1) and the plaintext data (1). When the encrypted data (1) is generated, the counter generation unit 251 sets 1 to the value of the downlink encryption processing block counter in the downlink encryption processing counter currently stored in the storage unit 252 in association with the MAC-ID. Add and update.

Subsequently, the encryption unit 254 encrypts the encryption key information and the downlink encryption processing counter stored in association with the MAC-ID in the storage unit 252 by 128-bit block encryption processing, and thereby encrypts the 128-bit encryption counter. (2) is generated. The encryption unit 254 generates 128-bit encrypted data (2) by exclusive OR of the encryption counter (2) and the plaintext data (2). When the encrypted data (2) is generated, the counter generation unit 251 sets 1 to the value of the downstream encryption processing block counter in the downstream encryption processing counter stored in the storage unit 252 in association with the MAC-ID. Add and update.
The above processing is executed for all plaintext data (1), (2),... Generated from the downlink plaintext, and the encrypted data (1), (2),. Data (downstream ciphertext) is generated.

  Returning to FIG. 13, the description of the downlink communication sequence will be continued. The encryption unit 254 outputs the encrypted user data to which the downlink security sequence number is added and the MAC-ID to the message authentication code adding unit 255. The message authentication code assigning unit 255 receives the downlink security initialization information, the downlink security sequence number, and the encrypted user data, and generates the downlink message authentication code using the message authentication key information as a key. The message authentication code giving unit 255 outputs the L3 data including the downlink security sequence number, the L3 header, the encrypted user data, and the downlink message authentication code, and the MAC-ID to the layer 2 transmission processing unit 260.

  The fragment unit 261 of the layer 2 transmission processing unit 260 divides the L3 data by a fixed length to generate fragment data, adds an L2 header to each fragment data, and outputs the fragment data together with the MAC-ID to the CRC adding unit 262. The CRC adding unit 262 calculates a CRC value from the L2 header and fragment data output from the fragment unit 261, and adds the CRC value to the L2 header and fragment data to generate downlink communication data. The CRC adding unit 262 outputs the generated downlink communication data to the first communication unit 201. The first communication unit 201 transmits downlink communication data in which encrypted user data is set using a band assigned to the wireless terminal 10 having the MAC-ID (step S307).

  The communication unit 101 of the wireless terminal 10 outputs the downlink communication data received from the base station device 20 to the reception data acquisition unit 105b. The CRC checker 131 checks the CRC value set in the downlink communication data input from the communication unit 101. If the check is NG, the CRC checker 131 returns a NACK to the base station apparatus 20. If the check is OK, the CRC checker 131 returns an ACK to the base station device 20, and based on the fragment data acquired from the downlink communication data and the fragment number of the fragment data acquired from the L2 header, Restore L3 data. Then, the CRC checking unit 131 outputs the restored L3 data to the layer 3 reception processing unit 140.

  The security sequence number inspection unit 143 of the layer 3 reception processing unit 140 inspects the downlink security sequence number set in the restored L3 data. Specifically, the security sequence number checking unit 143 holds the latest number of the uplink security sequence numbers of the L3 data generated based on the downlink communication data previously received from the base station apparatus 20, and restored L3. If the downlink security sequence number set in the data is newer than the latest security sequence number held, it is determined to be OK, and if it is the same or older, it is determined to be NG. The security sequence number inspection unit 143 outputs the L3 data to the message authentication code inspection unit 144 if the inspection is OK, and discards it if it is NG.

  The message authentication code checking unit 144 checks the downlink message authentication code set in the L3 data input from the security sequence number checking unit 143. The message authentication code checking unit 144 outputs the L3 data and the MAC-ID to the decoding unit 145 if the downlink message authentication code is checked, and discards it if the checking is NG.

  When the first user data is received after mutual authentication with the base station device 20, the counter generation unit 141 performs a downlink encryption processing counter (by the same processing as the counter generation unit 251 of the base station device 20). 17) is generated and written to the storage unit 142. However, the downlink security initialization information stored in the storage unit 142 is set in the downlink security initialization information of the downlink encryption processing counter. Further, the downlink security sequence number set in the L3 data is set in the downlink security sequence number of the downlink encryption processing counter.

  When the decryption unit 145 reads the encryption key information stored in the key information storage unit 102b, the decryption unit 145 sets the L3 data using the encryption key information and the downstream encryption processing counter stored in the storage unit 142. Decrypt encrypted user data.

  As shown in FIG. 18, the decryption unit 145 uses 128-bit block encryption processing in the counter mode, and uses 128-bit encryption key information, a 128-bit downstream encryption processing counter, and an encryption divided into 128-bit units. Plaintext user data (downstream plaintext) divided into 128-bit units is generated from the encrypted user data (downstream ciphertext). The 128-bit block encryption process used by the decryption unit 145 is the same as the 128-bit block encryption process used by the encryption unit 254 of the base station apparatus 20.

  For example, when the encryption unit 254 of the base station apparatus 20 performs the encryption process illustrated in FIG. 19, the decryption unit 145 performs the decryption process illustrated in FIG. The decryption unit 145 divides the downlink ciphertext, which is encrypted user data, by a fixed length of 128 bits. The delimited ciphertexts are described as encrypted data (1), encrypted data (2),.

  Using the encryption key information, the decryption unit 145 encrypts the downlink encryption processing counter stored in the storage unit 142 by 128-bit block encryption processing, and generates a 128-bit encryption counter (1). The decryption unit 145 generates 128-bit plaintext data (1) by exclusive OR of the encryption counter (1) and the encrypted data (1). When the plaintext data (1) is generated, the counter generation unit 141 updates the value by adding 1 to the value of the downlink encryption processing block counter in the downlink encryption processing counter currently stored in the storage unit 142.

Subsequently, the decryption unit 145 encrypts the encryption key information and the downlink encryption processing counter stored in the storage unit 142 by 128-bit block encryption processing, and generates a 128-bit encryption counter (2). The decryption unit 145 generates 128-bit plaintext data (2) by exclusive OR of the encryption counter (2) and the encrypted data (2). When the plaintext data (2) is generated, the counter generation unit 141 updates the value by adding 1 to the value of the downlink encryption processing block counter in the downlink encryption processing counter currently stored in the storage unit 142.
The above processing is executed for all encrypted data (1), (2),... Generated from the downstream ciphertext, and the generated plaintext data (1), (2),. User data (downstream plaintext) is generated. The decryption unit 145 outputs the user data decrypted as described above to the external device Z.

In addition, when the terminal device 50 transmits user data again before the session is disconnected, the same processing as in steps SS301 and 305 to S307 described above is performed.
In this case, the counter generation unit 251 of the base station apparatus 20 adds the security sequence number assigning unit 253 to the downlink security sequence number of the downlink encryption processing counter already stored in the storage unit 252 in correspondence with the destination MAC-ID. Is set to the downlink security sequence number assigned to the user data transmitted from the terminal device 50, and the initial value “0” is set to the downlink encryption processing block counter for updating.
Further, the counter generation unit 141 of the wireless terminal 10 adds the downlink security sequence in the L3 data generated from the newly received downlink communication data to the downlink security sequence number of the downlink encryption processing counter already stored in the storage unit 142. A number is set, and an initial value “0” is set in the downstream cipher processing block counter and updated.

  FIG. 21 is a diagram illustrating a process for generating an uplink message authentication code transmitted from the wireless terminal 10. As shown in FIG. 21, the message authentication code assigning unit 115 performs an upstream message authentication code generation process using two input values (input 1 and input 2) and 128-bit message authentication key information, thereby performing an upstream message. Generate an authentication code. A specific example of the upstream message authentication code generation process is CMAC (Cipher-based Message Authentication Code) using 128-bit block cipher. Specific examples of block ciphers used in CMAC include Camellia and AES. The message authentication code assigning unit 115 generates a 128-bit bit string arranged as the input 1 in the following order. 8-bit bit string “10000000”, 64-bit upstream security initialization information, 32-bit “0”, 16-bit upstream security sequence number, and 8-bit “0”. The first 8-bit bit string is a bit string indicating that the message is an upstream message authentication code operation. Both “0” for 32 bits and “0” for 8 bits are bit strings for padding.

  FIG. 22 is a diagram illustrating a generation process of a downlink message authentication code transmitted from the base station apparatus 20. As shown in FIG. 22, the message authentication code assigning unit 255 performs a downlink message authentication code generation process using two input values (input 1 and input 2) and 128-bit message authentication key information, thereby generating a downlink message. Generate an authentication code. A specific example of the downlink message authentication code generation process is CMAC (Cipher-based Message Authentication Code) using 128-bit block cipher. Specific examples of block ciphers used in CMAC include Camellia and AES. The message authentication code assigning unit 255 generates a 128-bit bit string arranged as the input 1 in the following order. 8-bit bit string “00000000”, 64-bit downlink security initialization information, 32-bit “0”, 16-bit downlink security sequence number, and 8-bit “0”. The first bit string for 8 bits is a bit string indicating that it is an operation of a downlink message authentication code. Both “0” for 32 bits and “0” for 8 bits are bit strings for padding.

In the communication system 100 configured as described above, shared authentication information (random number for terminal authentication, random number for NW authentication) is generated each time mutual authentication at the start of a session between the wireless terminal 10 and the base station device 20, and the random number is generated. A part of the secret information generated from is sent as authentication information (terminal authenticator, NW authenticator) and mutual authentication is performed. Then, security initialization information (uplink security initialization information, downlink security initialization information) is generated from the remaining portion of the secret information not used as authentication information, and the security initialization information and security sequence number (for example, uplink security The user data is encrypted in the counter mode using the counter generated from the sequence number and the downlink security sequence number). Therefore, while the session continues, only a small amount of shared information (16-bit security sequence number) is exchanged between the wireless terminal 10 and the base station apparatus 20, and user data is securely encrypted for transmission / reception. can do.
Similarly, a message authentication code is generated using the security initialization information and the security sequence number, and alteration of user data is detected. Therefore, while the session continues, only a small amount of shared information (for example, a 64-bit message authentication code and a 16-bit security sequence number) is exchanged between the wireless terminal 10 and the base station apparatus 20, and the user Data can be securely encrypted and sent and received.

  In this embodiment, the secret information for generating the terminal authenticator and the NW authenticator generating are generated by using the MAC-ID that is the information of the OSI reference model second layer and the NET-ID of the OSI reference model third layer. Secret information for generating a terminal authenticator, a terminal authenticator and uplink security initialization information from the secret information for generating a terminal authenticator, and an NW authenticator and downlink security initialization information from the secret information for generating an NW authenticator ing. Thus, the identification information of L2 and the identification information of L3, which are different layers in the OSI reference model, are used in the authentication process and the encryption process. Therefore, safe authentication processing, encryption processing, and falsification detection processing can be performed against an attack that misrepresents the correspondence between the identification information of L2 and the identification information of L3.

In addition, in conventional technologies such as SSL (Secure Socket Layer) and 3GPP (Third Generation Partnership Project), different random numbers are used in authentication processing and encryption processing between terminals, and these random numbers are shared between terminals. ing. However, this can only be realized if the previous state can be stored even when the power is off. On the other hand, in the present embodiment, even in a communication system that cannot take over information when the power is turned off, it is possible to safely encrypt user data and detect tampering.
Further, the amount of information shared between the wireless terminal and the base station for encryption and tampering detection is small, and the wireless band is not consumed. Therefore, it is possible to save a radio band between radio apparatuses, and it is particularly effective in a radio system having a narrow band.

Further, tamper-proof communication using an upstream message authentication code and a downstream message authentication code is performed by the Encryption then MAC method. Therefore, it becomes possible to prevent tampering more effectively. Further, by configuring the encryption key information and the message authentication key information as different keys, it becomes possible to more effectively prevent tampering. In the communication system 100, message authentication key information is fixedly assigned to each wireless terminal 10. Therefore, it appears that the effect of preventing falsification is reduced compared to a system that can update message authentication key information. However, since the security initialization information and security sequence number generated in the mutual authentication process are used as the input when generating the message authentication code, even if fixed key information is used, tampering prevention is effective. It becomes possible to improve.
Similarly, in the encryption process, even if the encryption key is fixed, the security initialization information and the security sequence number generated in the mutual authentication process are used as the input of the encryption process. It is possible to improve the encryption effect even when using.

<Modification>
The wireless terminal 10 may be replaced with a wired terminal that performs wired communication. In this case, communication between the wired terminal and the base station apparatus 20 is realized by wired communication. Even in such a configuration, in the wired communication between the base station apparatus 20 and the wired terminal that encrypts and transmits / receives data, it is possible to transmit and receive information necessary for encryption and decryption while ensuring security. By reducing the amount of data, the communication band can be reduced.
Moreover, although the mutual authentication process which mutually authenticates about the authentication process performed between the radio | wireless terminal 10 and the base station apparatus 20 was demonstrated, the case where the user data to transmit / receive was encrypted was demonstrated, the radio | wireless terminal 10 or a base station Either one of the devices 20 may be authenticated, and only user data transmitted by the authenticated wireless terminal 10 or the base station device 20 may be encrypted and transmitted.

In the above, the wireless terminal 10 and the base station apparatus 20 generate secret information for generating an NW authenticator and secret information for generating a terminal authenticator using the same authentication key information. Different authentication key information may be used. However, the authentication key information for the wireless terminal 10 to generate the secret information for generating the terminal authenticator and the authentication key information for the base station apparatus 20 to generate the secret information for generating the terminal authenticator are the same. The authentication key information for the wireless terminal 10 to generate the secret information for generating the NW authenticator and the authentication key information for the base station apparatus 20 to generate the secret information for generating the NW authenticator are the same.
Further, the authentication key information and the encryption key information may be the same. Further, the authentication key information and the message authentication key information may be the same. Further, the encryption key information and the message authentication key information may be the same. Further, the authentication key information, the encryption key information, and the message authentication key information may be the same.
The above authentication key information, encryption key information, and message authentication key information are secret keys.

In the above, as shown in FIG. 14A, the first input used to generate the secret information for generating the NW authenticator includes the NET-ID, the MAC-ID, and the base station ID. However, the first input may include only NET-ID, NET-ID and MAC-ID, or NET-ID and base station ID.
In the above, as shown in FIG. 14B, the first input used for generating the secret information for generating the terminal authenticator includes the NET-ID, the MAC-ID, and the base station ID. However, the first input may include only NET-ID, NET-ID and MAC-ID, or NET-ID and base station ID.

In the above, the MAC-ID assigned to the wireless terminal 10 is used for generating the secret information for generating the NW authenticator and the secret information for generating the terminal authenticator every time mutual authentication at the start of the session. Other identification information assigned to the wireless terminal 10 may be used each time authentication is performed (every session is started).
Further, in the above, every time mutual authentication at the start of a session between the wireless terminal 10 and the base station device 20, a random number for terminal authentication and a random number for NW authentication are generated and exchanged, but instead of those values, Information generated based on the random number, such as a value obtained by performing a predetermined operation on the random number or a combination of the random number and the predetermined information may be used. For example, it may be a combination of a random number and identification information assigned to the wireless terminal 10 each time authentication is performed.

In the above, at the time of authentication, the terminal authenticator and the upstream security initialization information are generated from the secret information for generating the terminal authenticator, and the NW authenticator and the downstream security initialization information are generated from the secret information for generating the NW authenticator. However, when the user data is encrypted for the first time after mutual authentication or when the encrypted user data is decrypted, secret information for generating the NW authenticator is generated and downlink security initialization information is generated. Alternatively, the upstream security initialization information may be generated by generating secret information for generating a terminal authenticator.
That is, when the wireless terminal 10 transmits user data for the first time after mutual authentication with the base station apparatus 20, the counter generation unit 111 generates secret information for generating a terminal authenticator as in the authentication control unit 104. The upstream security initialization information is generated from the generated secret information. When the base station apparatus 20 receives user data for the first time after mutual authentication with the wireless terminal 10, the counter generation unit 221 generates and generates secret information for generating a terminal authenticator in the same manner as the authentication control unit 205. Upstream security initialization information is generated from the secret information.
In addition, when the base station device 20 transmits user data for the first time after mutual authentication with the wireless terminal 10, the counter generation unit 251 generates secret information for generating an NW authenticator similar to the authentication control unit 205. Downlink security initialization information is generated from the generated secret information. When the wireless terminal 10 receives user data for the first time after mutual authentication with the base station apparatus 20, it generates secret information for generating an NW authenticator in the same manner as the authentication control unit 104, and uplink security is generated from the generated secret information. Generate initialization information.
Alternatively, NW authenticator generation secret information generated at the time of authentication and terminal authenticator generation secret information are stored, and when user data is encrypted for the first time after mutual authentication, or an encrypted user When decrypting the data, the downlink security initialization information may be generated from the secret information for generating the NW authenticator, or the uplink security initialization information may be generated from the secret information for generating the terminal authenticator.

Further, a method different from the above embodiment may be used for generating secret information for generating a terminal authenticator and generating secret information for generating an NW authenticator. For example, a one-way function such as a hash function may be used as the encryption method.
Further, a method different from the above embodiment may be used for encryption and decryption of user data.

  Further, the MAC-ID is not given to the wireless terminal 10 by the base station device 20, but the wireless terminal 10 may store the MAC-ID in advance. In this case, before starting wireless communication with the base station apparatus 20, the terminal identification information storage unit 102a of the wireless terminal 10 stores in advance the MAC-ID assigned to the own apparatus (non-wireless terminal 10). . Also, the processing of the MAC-ID assignment request (step S101) and the MAC-ID assignment response (step S102) is not necessary, and the authentication control unit 205 uses the MAC-ID and NET-ID included in the mutual authentication request (step S104). Correspondingly record in the terminal identification information table.

  In the above description, Encryption then MAC for generating a message authentication code based on encrypted user data has been described. However, Encryption and MAC or MAC then Encryption may be used. Further, a message authentication code may be given without encrypting user data.

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes designs and the like that do not depart from the gist of the present invention.

DESCRIPTION OF SYMBOLS 100 ... Communication system, 10 ... Wireless terminal, 20 ... Base station apparatus, 30 ... Terminal information management apparatus, 40 ... Location information management apparatus, 50 ... Terminal apparatus, 101 ... Communication part, 102 ... Memory | storage part, 102a ... Terminal identification information Storage unit 102b Key information storage unit 103 Random number generation unit 104 Authentication control unit (authentication unit) 105 Transmission data generation unit 106 Reception data acquisition unit 107 Upper layer processing unit 109 Data Processing unit, 110 ... Layer 3 transmission processing unit, 111 ... Counter generation unit, 112 ... Storage unit, 113 ... Security sequence number assignment unit, 114 ... Encryption unit, 115 ... Message authentication code addition unit, 120 ... Layer 2 transmission processing , 121... Fragment part, 122... CRC adding part, 130. RC check unit, 140 ... layer 3 reception processing unit, 141 ... counter generation unit, 142 ... storage unit, 143 ... security sequence number check unit, 144 ... message authentication code check unit, 145 ... decryption unit, 201 ... first communication unit 202 ... second communication unit, 203 ... storage unit, 203a ... base station identification information storage unit, 203b ... terminal identification information table storage unit (identification information storage unit), 203c ... key information table storage unit, 204 ... random number generation unit 205 ... Authentication control unit (authentication unit), 206 ... First relay unit, 207 ... Second relay unit, 209 ... Relay unit, 210 ... Layer 2 reception processing unit, 211 ... CRC check unit, 220 ... Layer 3 reception processing 221 ... Counter generation unit 222 ... Storage unit 223 ... Security sequence number checking unit 224 ... Message authentication Verification code checking unit, 225 ... decoding unit, 230 ... relay setting unit, 240 ... relay data acquisition unit, 250 ... layer 3 transmission processing unit, 251 ... counter generation unit, 252 ... storage unit, 253 ... security sequence number assigning unit, 254 ... Encryption section, 255 ... Message authentication code assignment section, 260 ... Layer 2 transmission processing section, 261 ... Fragment section, 262 ... CRC assignment section

Claims (18)

A communication system in which a first communication device and a second communication device communicate using shared authentication information shared to generate authentication information,
The first communication device is
While exchanging the shared authentication information different for each authentication with the second communication device, generating a transmission side authentication information from the shared authentication information and transmitting to the second communication device,
Generate message authentication information based on the transmission side security initialization information generated by performing a predetermined operation on the shared authentication information and the data transmitted to the second communication device, A message authentication information giving unit for giving message authentication information;
A data transmission unit that transmits the data to which the message authentication information is attached to the second communication device;
With
The second communication device is
Receiving side authentication for exchanging the shared authentication information with the first communication device, receiving the transmitting side authentication information from the first communication device, and authenticating the transmitting side authentication information using the shared authentication information And
A reception processing unit that receives data to which the message authentication information is attached from the first communication device;
A security initialization information holding unit for storing the reception side security initialization information generated by performing the predetermined calculation on the shared authentication information used when authentication is successful in the reception side authentication unit;
Whether the received data has been tampered with based on the data and message authentication information received by the reception processing unit and the receiving side security initialization information stored in the security initialization information holding unit A message authentication information inspection unit for determining;
With
The receiver authentication unit
Generate receiving side authentication information from the shared authentication information and send it to the first communication device,
The sender authentication unit
Receiving the receiving side authentication information from the second communication device, authenticating the receiving side authentication information using the shared authentication information ,
The second communication device communicates with a plurality of the first communication devices,
The transmission side authentication unit uses the first identification information that can identify all the first communication devices including the first communication device that communicates with another second communication device, and the shared authentication information. Generating authentication information, transmitting the generated transmitting side authentication information to the second communication device,
The message authentication information giving unit generates the message authentication information based on transmission-side security initialization information generated by performing a predetermined calculation on the first identification information and the shared authentication information,
The receiving-side authentication unit is exchanged between the first identification information of the first communication device that is a transmission source of the transmission-side authentication information and the first communication device that is a transmission source of the transmission-side authentication information. Authenticate the sender authentication information using shared authentication information,
The message authentication information inspecting unit successfully authenticates the first identification information of the first communication device that is the transmission source of the data and the transmission side authentication information received from the first communication device by the reception side authentication unit. Determining whether or not the received data has been falsified based on the receiving side security initialization information generated by performing a predetermined operation on the shared authentication information used when
A communication system characterized by the above. The transmission side authentication unit further generates transmission side authentication information using the identification information of the second communication device in addition to the first identification information and the shared authentication information, and transmits it to the second communication device. ,
The receiving-side authentication unit authenticates the transmitting-side authentication information using the identification information of the second communication device in addition to the first identification information and the shared authentication information;
The communication system according to claim 1. A communication system in which a first communication device and a second communication device communicate using shared authentication information shared to generate authentication information,
The first communication device is
While exchanging the shared authentication information different for each authentication with the second communication device, generating a transmission side authentication information from the shared authentication information and transmitting to the second communication device,
Generate message authentication information based on the transmission side security initialization information generated by performing a predetermined operation on the shared authentication information and the data transmitted to the second communication device, A message authentication information giving unit for giving message authentication information;
A data transmission unit that transmits the data to which the message authentication information is attached to the second communication device;
With
The second communication device is
Receiving side authentication for exchanging the shared authentication information with the first communication device, receiving the transmitting side authentication information from the first communication device, and authenticating the transmitting side authentication information using the shared authentication information And
A reception processing unit that receives data to which the message authentication information is attached from the first communication device;
A security initialization information holding unit for storing the reception side security initialization information generated by performing the predetermined calculation on the shared authentication information used when authentication is successful in the reception side authentication unit;
Whether the received data has been tampered with based on the data and message authentication information received by the reception processing unit and the receiving side security initialization information stored in the security initialization information holding unit A message authentication information inspection unit for determining;
With
The receiver authentication unit
Generate receiving side authentication information from the shared authentication information and send it to the first communication device,
The sender authentication unit
Receiving the receiving side authentication information from the second communication device, authenticating the receiving side authentication information using the shared authentication information ,
The first communication device communicates with a plurality of the second communication devices,
The transmission-side authentication unit uses first identification information that can identify all the second communication devices including the second communication device that communicates with another first communication device, and the shared authentication information. Generating authentication information, transmitting the generated transmitting side authentication information to the second communication device,
The receiving-side authentication unit authenticates the transmitting-side authentication information received from the first communication device using the first identification information and the shared authentication information,
The message authentication information adding unit is generated by performing a predetermined calculation on the first identification information of the second communication device that is the transmission destination of the data and the shared authentication information exchanged with the second communication device. Generating the message authentication information based on the transmitted security initialization information,
The message authentication information inspecting unit is a receiver side security initialization generated by performing the predetermined operation on the first identification information and the shared authentication information used when authentication is successful in the receiver side authentication unit. Determining whether the received data has been tampered with based on the information;
A communication system characterized by the above. The first communication device is
A sequence number giving unit for giving a sequence number to each data to be transmitted;
The message authentication information adding unit generates message authentication information based on transmission-side security initialization information, data transmitted to the second communication device, and the sequence number,
The data transmission unit adds the sequence number assigned to the data by the sequence number assigning unit to the data and transmits the data to the second communication device,
Whether the received data has been falsified based on the receiving side security initialization information, the data and message authentication information received by the reception processing unit, and the sequence number. The communication system according to any one of claims 1 to 3, wherein the communication system is determined. The first communication device is
A transmission side key information storage unit for storing message authentication key information;
The message authentication information giving unit generates the message authentication information using the message authentication key information in the transmission side storage unit,
The second communication device is
A receiving side key information storage unit for storing the message authentication key information;
The message authentication information inspecting unit determines whether or not the received data has been tampered with using the message authentication key information in the receiving side storage unit;
The communication system according to any one of claims 1 to 4, wherein the communication system is characterized. The receiving side authentication unit generates receiving side authentication information from the first identification information and the shared authentication information and transmits the receiving side authentication information to the first communication device,
The transmission side authentication unit receives the reception side authentication information from the second communication device, and authenticates the reception side authentication information using the first identification information and the shared authentication information.
Communication system according to any one of claims 1 to 5, characterized in that. A first communication device for communicating with a second communication device,
An authentication request unit for exchanging shared authentication information with the second communication device every time authentication is performed, and generating transmission-side authentication information from the shared authentication information and transmitting it to the second communication device;
An authentication unit for the second communication apparatus receives a reception side authentication information generating and transmitting from the shared authentication information to authenticate the reception side authentication information using the shared authentication information,
Generate message authentication information based on security initialization information generated by performing a predetermined calculation common to the second communication device on the shared authentication information and data transmitted to the second communication device A message authentication information giving unit for giving the message authentication information to the data;
A data transmission unit that transmits the data to which the message authentication information is attached to the second communication device;
Equipped with a,
The second communication device communicates with a plurality of the first communication devices,
The authentication unit uses the first identification information that can identify all the first communication devices including the first communication device that communicates with another second communication device, and the transmission side authentication information using the shared authentication information. And transmitting the generated sender authentication information to the second communication device,
The message authentication information adding unit generates the message authentication information based on transmission-side security initialization information generated by performing a predetermined calculation on the first identification information and the shared authentication information.
A first communication device characterized by that. A first communication device for communicating with a second communication device,
An authentication request unit for exchanging shared authentication information with the second communication device every time authentication is performed, and generating transmission-side authentication information from the shared authentication information and transmitting it to the second communication device;
An authentication unit for the second communication apparatus receives a reception side authentication information generating and transmitting from the shared authentication information to authenticate the reception side authentication information using the shared authentication information,
Generate message authentication information based on security initialization information generated by performing a predetermined calculation common to the second communication device on the shared authentication information and data transmitted to the second communication device A message authentication information giving unit for giving the message authentication information to the data;
A data transmission unit that transmits the data to which the message authentication information is attached to the second communication device;
Equipped with a,
The first communication device communicates with a plurality of the second communication devices,
The authentication unit uses the first identification information that can identify all the second communication devices including the second communication device communicating with the other first communication device, and the transmission side authentication information using the shared authentication information. And sending the generated sender authentication information to the second communication device,
The message authentication information adding unit is generated by performing a predetermined calculation on the first identification information of the second communication device that is the transmission destination of the data and the shared authentication information exchanged with the second communication device. Generating the message authentication information based on the sender security initialization information
A first communication device characterized by that. A second communication device communicating with the first communication device,
As well as exchanged between different shared authentication information every time authentication the first communication device receives the transmission side authentication information from the first communication device, authenticating the sender authentication information using the shared authentication information An authenticator to
An authentication request unit for receiving the authentication in the first communication device by generating and transmitting reception side authentication information from the shared authentication information to the first communication device,
Receive from the first communication device, together with the transmitted data, the message initialization information generated based on the security initialization information generated by performing a predetermined operation on the shared authentication information and the transmitted data A processing unit;
Security initialization information generated by performing the predetermined calculation common to the first communication device on the shared authentication information used when authentication is successful in the authentication unit, and the reception processing unit A message authentication information inspection unit that determines whether the received data has been tampered with based on the data and the message authentication information;
Equipped with a,
The second communication device communicates with a plurality of the first communication devices,
The first communication device uses the first identification information that can identify all the first communication devices including the first communication device that communicates with another second communication device, and the shared authentication information. Generating authentication information, transmitting the generated transmitting side authentication information to the second communication device,
The first communication device generates the message authentication information based on transmission-side security initialization information generated by performing a predetermined calculation on the first identification information and the shared authentication information,
The receiving-side authentication unit is exchanged between the first identification information of the first communication device that is a transmission source of the transmission-side authentication information and the first communication device that is a transmission source of the transmission-side authentication information. Authenticate the sender authentication information using shared authentication information,
The message authentication information inspecting unit successfully authenticates the first identification information of the first communication device that is the transmission source of the data and the transmission side authentication information received from the first communication device by the reception side authentication unit. Determining whether or not the received data has been falsified based on the receiving side security initialization information generated by performing a predetermined operation on the shared authentication information used when
A second communication device characterized by that. A second communication device communicating with the first communication device,
As well as exchanged between different shared authentication information every time authentication the first communication device receives the transmission side authentication information from the first communication device, authenticating the sender authentication information using the shared authentication information An authenticator to
An authentication request unit for receiving the authentication in the first communication device by generating and transmitting reception side authentication information from the shared authentication information to the first communication device,
Receive from the first communication device, together with the transmitted data, the message initialization information generated based on the security initialization information generated by performing a predetermined operation on the shared authentication information and the transmitted data A processing unit;
Security initialization information generated by performing the predetermined calculation common to the first communication device on the shared authentication information used when authentication is successful in the authentication unit, and the reception processing unit A message authentication information inspection unit that determines whether the received data has been tampered with based on the data and the message authentication information;
Equipped with a,
The first communication device communicates with a plurality of the second communication devices,
The first communication device uses the first identification information that can identify all the second communication devices including the second communication device that communicates with other first communication devices, and the shared authentication information. Generating authentication information, transmitting the generated transmitting side authentication information to the second communication device,
The receiving-side authentication unit authenticates the transmitting-side authentication information received from the first communication device using the first identification information and the shared authentication information,
The first communication device is generated by performing a predetermined operation on the first identification information of the second communication device that is the transmission destination of the data and the shared authentication information exchanged with the second communication device. Generating the message authentication information based on the sender security initialization information;
The message authentication information inspecting unit is a receiver side security initialization generated by performing the predetermined operation on the first identification information and the shared authentication information used when authentication is successful in the receiver side authentication unit. Determining whether the received data has been tampered with based on the information;
A second communication device characterized by that. A communication method executed in a communication system in which a first communication device and a second communication device communicate with each other,
The first communication device and the second communication device are
A shared authentication information exchange step for exchanging different shared authentication information for each authentication;
The first communication device is
A transmission side authentication request step of generating transmission side authentication information from the shared authentication information exchanged in the shared authentication information exchange step and transmitting it to the second communication device;
The second communication device is
A receiving side authentication step of receiving the transmitting side authentication information from the first communication device and authenticating the transmitting side authentication information using the shared authentication information;
The second communication device generates receiving side authentication information from the shared authentication information and transmits it to the first communication device;
The first communication device receives the receiving side authentication information from the second communication device and authenticates the receiving side authentication information using the shared authentication information;
The first communication device is
Message authentication based on transmission-side security initialization information generated by performing a predetermined operation on the shared authentication information exchanged in the shared authentication information exchange step, and data transmitted to the second communication device A message authentication information giving step for generating information and giving the message authentication information to the data;
A data transmission step of transmitting the data provided with the message authentication information to the second communication device;
The second communication device is
A receiving step of receiving data to which the message authentication information is attached from the first communication device;
Receiving side security initialization information generated by performing the predetermined calculation on the shared authentication information used when authentication is successful in the receiving side authentication step, and the data and message authentication information received in the receiving step And a message authentication information inspection step for determining whether or not the received data has been tampered with based on :
The second communication device communicates with a plurality of the first communication devices,
In the transmitting side authentication step, using the first identification information that can identify all the first communication devices including the first communication device that communicates with another second communication device, and the shared authentication information, the transmitting side Generating authentication information, transmitting the generated transmitting side authentication information to the second communication device,
In the message authentication information giving step, the message authentication information is generated based on the transmission side security initialization information generated by performing a predetermined calculation on the first identification information and the shared authentication information,
In the receiving side authentication step, the first identification information of the first communication device that is the transmission source of the transmission side authentication information is exchanged between the first communication device that is the transmission source of the transmission side authentication information. Authenticate the sender authentication information using shared authentication information,
In the message authentication information checking step, the first identification information of the first communication device that is the transmission source of the data and the transmission side authentication information received from the first communication device in the reception side authentication step are successfully authenticated. Determining whether or not the received data has been falsified based on the receiving side security initialization information generated by performing a predetermined operation on the shared authentication information used when
A communication method characterized by the above. A communication method executed in a communication system in which a first communication device and a second communication device communicate with each other,
The first communication device and the second communication device are
A shared authentication information exchange step for exchanging different shared authentication information for each authentication;
The first communication device is
A transmission side authentication request step of generating transmission side authentication information from the shared authentication information exchanged in the shared authentication information exchange step and transmitting it to the second communication device;
The second communication device is
A receiving side authentication step of receiving the transmitting side authentication information from the first communication device and authenticating the transmitting side authentication information using the shared authentication information;
The second communication device generates receiving side authentication information from the shared authentication information and transmits it to the first communication device;
The first communication device receives the receiving side authentication information from the second communication device and authenticates the receiving side authentication information using the shared authentication information;
The first communication device is
Message authentication based on transmission-side security initialization information generated by performing a predetermined operation on the shared authentication information exchanged in the shared authentication information exchange step, and data transmitted to the second communication device A message authentication information giving step for generating information and giving the message authentication information to the data;
A data transmission step of transmitting the data provided with the message authentication information to the second communication device;
The second communication device is
A receiving step of receiving data to which the message authentication information is attached from the first communication device;
Receiving side security initialization information generated by performing the predetermined calculation on the shared authentication information used when authentication is successful in the receiving side authentication step, and the data and message authentication information received in the receiving step When it has been, and a message authentication information checking step of determining whether the received data is falsified based on,
The first communication device communicates with a plurality of the second communication devices,
In the transmitting side authentication step, using the first identification information that can identify all the second communication devices including the second communication device that communicates with another first communication device, and the shared authentication information, the transmitting side Generating authentication information, transmitting the generated transmitting side authentication information to the second communication device,
In the receiving side authentication step, authenticate the transmitting side authentication information received from the first communication device using the first identification information and the shared authentication information;
In the message authentication information giving step, the first authentication information of the second communication device that is the transmission destination of the data and the shared authentication information exchanged with the second communication device are generated by performing a predetermined calculation. Generating the message authentication information based on the transmitted security initialization information,
Receiving side security initialization generated by performing the predetermined calculation on the first identification information and the shared authentication information used when the authentication is successful in the receiving side authentication step in the message authentication information checking step. Determining whether the received data has been tampered with based on the information;
A communication method characterized by the above. A communication method executed in a first communication device that communicates with a second communication device ,
An authentication request step of exchanging shared authentication information different for each authentication with the second communication device, generating transmission-side authentication information from the shared authentication information, and transmitting it to the second communication device;
An authentication step of the second communication apparatus receives a reception side authentication information generating and transmitting from the shared authentication information to authenticate the reception side authentication information using the shared authentication information,
Generate message authentication information based on security initialization information generated by performing a predetermined calculation common to the second communication device on the shared authentication information and data transmitted to the second communication device A message authentication information giving step for giving the message authentication information to the data;
A data transmission step of transmitting the data provided with the message authentication information to the second communication device;
I have a,
The second communication device communicates with a plurality of the first communication devices,
In the authentication step, transmission-side authentication information using first identification information that can identify all the first communication devices including the first communication device that communicates with another second communication device, and the shared authentication information And transmitting the generated sender authentication information to the second communication device,
In the message authentication information providing step, the message authentication information is generated based on transmission side security initialization information generated by performing a predetermined calculation on the first identification information and the shared authentication information.
A communication method characterized by the above. A communication method executed in a first communication device that communicates with a second communication device ,
An authentication request step of exchanging shared authentication information different for each authentication with the second communication device, generating transmission-side authentication information from the shared authentication information, and transmitting it to the second communication device;
An authentication step of the second communication apparatus receives a reception side authentication information generating and transmitting from the shared authentication information to authenticate the reception side authentication information using the shared authentication information,
Generate message authentication information based on security initialization information generated by performing a predetermined calculation common to the second communication device on the shared authentication information and data transmitted to the second communication device A message authentication information giving step for giving the message authentication information to the data;
A data transmission step of transmitting the data provided with the message authentication information to the second communication device;
I have a,
The first communication device communicates with a plurality of the second communication devices,
In the authentication step, using the first identification information that can identify all the second communication devices including the second communication device that communicates with the other first communication device, and the shared authentication information, the transmission side authentication information And sending the generated sender authentication information to the second communication device,
In the message authentication information giving step, the first authentication information of the second communication device that is the transmission destination of the data and the shared authentication information exchanged with the second communication device are generated by performing a predetermined calculation. Generating the message authentication information based on the sender security initialization information
A communication method characterized by the above. A communication method executed in a second communication device that communicates with the first communication device ,
As well as exchanged between different shared authentication information every time authentication the first communication device receives the transmission side authentication information from the first communication device, authenticating the sender authentication information using the shared authentication information An authentication step to
An authentication requesting step of receiving the authentication in the first communication device by generating and transmitting reception side authentication information from the shared authentication information to the first communication device,
Receive from the first communication device, together with the transmitted data, the message initialization information generated based on the security initialization information generated by performing a predetermined operation on the shared authentication information and the transmitted data Steps,
Security initialization information generated by performing a predetermined calculation common to the first communication device on the shared authentication information used when authentication is successful in the authentication step, the data received in the reception step, and A message authentication information check step for determining whether the received data has been tampered with based on message authentication information;
I have a,
The second communication device communicates with a plurality of the first communication devices,
The first communication device uses the first identification information that can identify all the first communication devices including the first communication device that communicates with another second communication device, and the shared authentication information. Generating authentication information, transmitting the generated transmitting side authentication information to the second communication device,
The first communication device generates the message authentication information based on transmission-side security initialization information generated by performing a predetermined calculation on the first identification information and the shared authentication information,
In the receiving side authentication step, the first identification information of the first communication device that is the transmission source of the transmission side authentication information is exchanged between the first communication device that is the transmission source of the transmission side authentication information. Authenticate the sender authentication information using shared authentication information,
In the message authentication information checking step, the first identification information of the first communication device that is the transmission source of the data and the transmission side authentication information received from the first communication device in the reception side authentication step are successfully authenticated. Determining whether or not the received data has been falsified based on the receiving side security initialization information generated by performing a predetermined operation on the shared authentication information used when
A communication method characterized by the above. A communication method executed in a second communication device that communicates with the first communication device ,
As well as exchanged between different shared authentication information every time authentication the first communication device receives the transmission side authentication information from the first communication device, authenticating the sender authentication information using the shared authentication information An authentication step to
An authentication requesting step of receiving the authentication in the first communication device by generating and transmitting reception side authentication information from the shared authentication information to the first communication device,
Receive from the first communication device, together with the transmitted data, the message initialization information generated based on the security initialization information generated by performing a predetermined operation on the shared authentication information and the transmitted data Steps,
Security initialization information generated by performing a predetermined calculation common to the first communication device on the shared authentication information used when authentication is successful in the authentication step, the data received in the reception step, and A message authentication information check step for determining whether the received data has been tampered with based on message authentication information;
I have a,
The first communication device communicates with a plurality of the second communication devices,
The first communication device uses the first identification information that can identify all the second communication devices including the second communication device that communicates with other first communication devices, and the shared authentication information. Generating authentication information, transmitting the generated transmitting side authentication information to the second communication device,
In the receiving side authentication step, authenticate the transmitting side authentication information received from the first communication device using the first identification information and the shared authentication information;
The first communication device is generated by performing a predetermined operation on the first identification information of the second communication device that is the transmission destination of the data and the shared authentication information exchanged with the second communication device. Generating the message authentication information based on the sender security initialization information;
Receiving side security initialization generated by performing the predetermined calculation on the first identification information and the shared authentication information used when the authentication is successful in the receiving side authentication step in the message authentication information checking step. A communication method , comprising: determining whether the received data has been falsified based on information . A program for operating a computer as the first communication device according to claim 7 or 8.   The program for operating a computer as a 2nd communication apparatus of Claim 9 or 10.

Images