JPH01307341A - Mobile body data ciphered communication system - Google Patents

Abstract

PURPOSE:To attain ciphered data communication with high confidentiality and simple processing by using a resource key so as to generate a public key, generating further a common DES cryptographic key based on the exchanged public keys and each resource key and using the DES cryptographic key with high confidentiality so as to cipher or decipher the data. CONSTITUTION:The system consists of a mobile body communication equipment 1 corresponding to a portable terminal equipment of a teleterminal system or the like, a packet communication controller 2 corresponding to a radio base station and a packet exchange, and a subscriber equipment 3 corresponding to a host computer. Then the mobile body communication equipment 1 and the subscriber equipment 3 after the connection of the communication line transmit/receive the public key generated based respectively on the resource key as the communication data, generate the common DES cryptographic key based on the received public key, the data subject to cipher processing based on the DES cryptographic key is sent in the data communication between the mobile body communication equipment 1 and the subscriber equipment 3 and the received ciphered data is deciphered by using the DES cryptographic key. Thus, the ciphered data communication with high confidentiality and simple processing is attained.

Description

[Detailed Description of the Invention] [Summary] This invention aims to perform encrypted data communication with high confidentiality and easy processing with respect to mobile communication systems such as teleterminal systems, and to control packet communication with mobile communication devices. A wireless communication system in which a mobile communication device and a subscriber device are connected wirelessly, a packet communication control device and a subscriber device are connected, and data communication is performed between the mobile communication device and the subscriber device via the packet communication control device. After the mobile communication device and the subscriber device establish a communication path connection, they each exchange public keys generated based on the original key as communication data, and create a common DES encryption key based on the received public keys. the data communication between the mobile communication device and the subscriber device is encrypted based on the DES encryption key, and the received encrypted data is sent to the DB.
It is configured to decrypt using the S encryption key.

[Industrial application field]

The present invention relates to a communication system that is highly confidential and easy to process in mobile data communications.

[Conventional technology]

With the development of mobile communications such as car phones and personal radios, communication between host computers in companies and data communication terminals carried by outsourced workers such as route sales personnel has become increasingly important.
Directly and immediately on the go or on the go! There is an increasing need for mobile data access (for inventory inquiries, ordering and ordering). That is, it is not a method of acoustic coupling using a telephone line, but a method of wireless communication. In response to such requests,
For example, teleterminal systems are being put into practical use as a means of providing economical and high-quality mobile data communication channels using shared wireless networks.

Figure 6 shows a block diagram of the teleterminal system. In the figure, a mobile terminal 1a having a radio section, a communication control section, and a data processing section is wirelessly connected to a radio base station 2a consisting of a radio section and a communication control section. The wireless base station is connected to a packet switch 2b via a dedicated line, and the packet switch is further connected to a subscriber host computer 3a via a dedicated line. The packet switch is connected to multiple wireless base stations, multiple subscriber system host computers, and the like.

The packet switch is installed in the shared use center, and the packet switch and the wireless base station constitute shared use network equipment. A subscriber host computer generally uses FDP (IE Electrical DataP).
It is configured to perform inventory management, order processing, etc. A plurality of wireless base stations are placed in Obe City so that they can be wirelessly connected to mobile terminals within a 3 km radius. In order to avoid areas where communication is not possible, the areas where wireless base stations and wireless connections are made overlap in some areas, but the frequencies are different. In these overlapping areas, a mobile terminal can wirelessly connect to two or more wireless base stations by changing the frequency used.

In the above configuration, the mobile terminal can communicate with a desired host computer via a wireless base station and a packet switch.

FIG. 7 shows a communication procedure (method) when making a call from a mobile terminal and performing data communication with a host computer. When a call request is issued from an 458 band terminal, a qualification check is performed at the packet switch and a connection request is sent to the host computer. The host computer confirms the connection of the communication path, outputs a connectable signal to the packet switch, and the packet switch sends a call response signal to the mobile terminal via the wireless base station. When the mobile terminal receives the call response signal, a communication path connection is established between the mobile terminal and the host computer via the wireless base station and the packet switch. Data transmission and return data transmission are then performed as many times as necessary. When a disconnection request is issued from the mobile terminal after data communication is completed, the packet switch makes a disconnection determination, outputs a disconnection response to the mobile terminal, and outputs a disconnection instruction to the host computer, thereby disconnecting the communication path. Ru.

[Problem to be solved by the invention]

In the above-mentioned teleterminal system, since the mobile terminal and the wireless base station are wirelessly connected, the data communication between them is inherently vulnerable to eavesdropping or leakage. When conducting route sales using a teleterminal system, this creates an environment in which important and highly confidential data for companies, such as inventory data in the host computer and ordering data between mobile terminals and the host computer, can be easily intercepted. However, there is a problem with data confidentiality. In addition, there may be cases where incorrect data is mixed in.

Although the teleterminal system has been exemplified above, problems similar to those described above also occur in other mobile data communication systems.

Encrypted communication is one of the means for improving the confidentiality of data communication, but encrypted communication is hardly applied in mobile data communication systems such as teleterminal systems. One of the reasons for this is that highly confidential encrypted communication requires a fairly complex circuit, but installing such a circuit on the mobile device side such as a mobile terminal is difficult due to cost and size. can be difficult. Furthermore, especially when data communication is performed between a large number of mobile terminals and a large number of host computers, such as in a teleterminal system, it is particularly difficult to perform complex encryption between each mobile terminal and the host computer.

Encryption technologies include "public key encryption" used between large-scale host combinators, and rDE 5 (Data Encryption) used between relatively simple devices.
5 standard) method" etc. are known. In the public key method, an encryption key is generated from the distributed public key for each data communication, and encrypted data communication is performed based on this encryption key. On the other hand, the DES method is a method that has strong encryption strength and can perform encryption and decryption processing with a relatively simple circuit, and performs encrypted data communication using a fixed key.

When these encryption methods are used in mobile data communications such as teleterminal systems, the following problems arise. First, in the public key method, it takes a considerable amount of time to generate and decrypt an encryption key, and it is virtually impossible for a small device such as a mobile terminal to generate and decrypt an encryption key for each data communication. On the other hand, since the DES method uses a fixed key, if the same fixed key is used for a long time, there is a possibility that the data will be decrypted by eavesdropping. Therefore, it is necessary to change the fixed keys frequently, but in a teleterminal system where many mobile terminals are connected to one host computer, it is necessary to change the fixed keys of the host computer and many mobile terminals at the same time. is virtually impossible, requires difficult work, and requires complex management. Therefore, conventional cryptographic techniques cannot be applied directly.

As described above, an object of the present invention is to enable encrypted data communication that is highly confidential and easy to process in a mobile data communication system such as a teleterminal system.

[Means for Solving the Problems and Operations] FIG. 2 shows a block diagram of a mobile data encryption communication system to which the present invention is applied. In the figure, ■ indicates a mobile communication device corresponding to a mobile terminal, etc. of the teleterminal system in Fig. 6;
Reference numeral 3 indicates a packet communication control device corresponding to the wireless base station and packet switch in FIG. 6, and 3 indicates a subscriber device corresponding to the host computer in FIG. Mobile communication device 1 and packet communication control device 2 are wirelessly connected.

FIG. 1(a) shows a mobile communication device 1 and a subscriber device 3.
1 is a principle block diagram of a communication processing method of a mobile data encrypted communication system of the present invention, which is incorporated in each of the following.

After the mobile communication device and the subscriber device establish a communication path connection, the public keys X, which are generated based on the original keys α and β, respectively;
Send and receive Y. Next, a common DES encryption key 2 is generated based on the respective received public keys. Thereafter, data communication between the mobile communication device and the subscriber device is
Data encrypted based on the S encryption key is transmitted, and received encrypted data is decrypted using the DES encryption key.

In other words, the generation of a public key, which is highly confidential but requires a lot of calculation time, is performed only once at the beginning of communication, and encryption or decryption in each data communication is performed by simple calculations based on the public key. This is done based on the encryption key. This enables simple and high-speed encrypted data communication while maintaining high confidentiality.

As a second embodiment of the present invention, a block diagram of the principle of a communication method incorporated in each of the mobile communication device 1 and the subscriber device 3 is shown in FIG. 1(b).

In FIG. 1(b), first, a communication path connection is established between the mobile communication device and the subscriber device, and a public key is transmitted and received using a first wireless channel. disconnect the communication path through the channel. Next, a communication path connection is established through a second channel, and a DES encryption key generated using the public key received through the first channel is used to communicate between the mobile communication device and the mobile communication device through the second channel. Encrypts and decrypts data sent and received from subscriber devices.

According to this configuration, the channel used to generate the DBS encryption key and the channel used for encrypted data communication are different, so even if a situation occurs where the public key is intercepted and the DBS encryption key is decrypted, Furthermore, decrypting encrypted data by different channels is difficult.

〔Example〕

As an embodiment of the present invention, the case of the teleterminal system shown in FIG. 6 will be described as an example.

3(a) and 3(b) respectively show data format diagrams of a call request packet and a data transmission packet in the telemeter system of FIG. 6.

A first embodiment of the present invention will be described with reference to FIG.

FIG. 4 shows a communication method between the mobile terminal 1as wireless base station 2a, the packet switch 2b, and the host computer 3a when a call request is output from the mobile terminal 1a. Therefore, the mobile terminal 1as, the wireless base station 2as, the packet switch 2b, and the host computer 3a are configured as a circuit capable of the following operations described with reference to FIG.

FIG. 4 shows processing methods for establishing a communication path connection, generating one encryption key, encrypting data communication, and disconnecting a communication path, broadly speaking. However, these communications are performed using one channel (one radio frequency band).

Establishing A0 communication channel connection From the mobile terminal 1a, transmit its own terminal ID (identification) code to the transmitting device ID according to the data format shown in FIG. 3(a).
, makes a call request using the ID code of the destination host computer as the receiving device ID. The wireless base station 2a receives the call request and transmits the received data to the packet switch 2.
b performs a qualification check. That is, it checks whether the sending source and receiving destination are normal. If the qualification check is correct, a "connection request" is sent from the packet switch 2b to the corresponding host computer 3a.

The host computer 3a receives the "connection request" and returns a "connection confirmation" if the connection is possible. This return number is
It is transmitted as a "call response" indicating that connection to the mobile terminal 1a is possible via the packet switch 2b and the wireless base station 2a.

Through the above steps, the communication path connection is established.

Note that on the wireless network, as shown in FIGS. 3(a) and 3(b), Guardpid (
GB), bit synchronization signal (BS), frame synchronization signal (
FS), CRC check code, and error correction parity are added as packet data. In the teleterminal system, usable communication channels are specified in the radio section by a control channel signal (C) from a radio base station, and each terminal can freely select a communication channel to make a call. Furthermore, each channel is divided into slots for each packet, and the mobile terminal uses these slots to perform data communication.

B. Encryption key generation The mobile terminal 1as host combinator 3a performs the following calculation from the randomly generated primitive keys α and β, respectively.
Generate public mx and y, respectively.

X=M"...(1) Y=M-...(2) Next, the generated public keys X and Y are mutually sent and received,
exchange. In this case, public 1! x and y are respectively set in the user data section of the data transmission packet shown in FIG. 3(b) and transmitted. .

Furthermore, the mobile terminal 1 a 1 host convenitor 3 a is
own primitive silver α, β and received public keys X, Y, respectively.
i: Also, DES encryption key 2. ．． 22 is generated.

Z1=Y"=Mri...(3) 22=X'=M&"...(4) Equations (3), (4
), Z+ −Z2, that is, D
ES code 1! Zl, z, and ha are equal. Therefore, when the mobile terminal 1a sends encrypted data to the host computer 3a using the DBS encryption key sound 1, the host combination 5-3a cannot decode (decipher) the received data using the DES encryption key sound 2. can. The same applies when transmitting encrypted data from the host computer 3a to the mobile terminal 1a. In this way, the DBS encryption keys Z, , Z21 are shared (7) DBS encryption key Z = Z + = 22.

C1 Encrypted Data Communication As described above, once the common DES encryption key 2 is generated, the mobile terminal 1a uses this encryption key 1! The transmission data is encrypted using Z1, and the encrypted data is transmitted.

The encrypted data is set in the user data section shown in FIG. 3(b). On the other hand, the host computer 3a uses the code 1! z
The received encrypted data is decrypted using cipher 1!2, and the returned data is decrypted using cipher 1! Encrypt using z2. The encrypted data in this case is also set in the user data section of FIG. 3(b). The mobile terminal 1a decrypts the received and returned encrypted data using the encryption key Z.

Since the user data portion in packet exchange is 16 bytes, the above encrypted data communication is repeated depending on the length of the transmitted data.

When the encrypted data communication for which communication path D1 is desired to be disconnected is completed, a disconnection request is output from the mobile terminal 1a, and the communication path is disconnected by the same process as the conventional method described with reference to FIG.

In the above embodiment, the public keys X and Y themselves may be intercepted, but even if the public keys X and Y are intercepted,
As long as the secrecy of primitive silver α and β is maintained, these X and Y
To calculate the common DES encryption key 2 from
Encrypted data is virtually never decrypted by a third party. That is, if a public key is generated using primitive silver, a common DBS encryption key is generated using the mutually exchanged public key and primitive silver, and encrypted data communication is performed using this DES encryption key, Enables highly confidential encrypted data communication. In order to further improve confidentiality, primitive silver α
, β are randomly selected to have different values each time a communication path connection is started, and the public keys X and Y also have new values each time.

In addition, the generation of public keys and DES encryption keys, which require a relatively large amount of calculation and time, are not performed every time encrypted data communication is performed, but are performed at the initial stage of communication. Since encrypted data communication is carried out using
Even with encrypted data communication, the communication time does not become that long.

Furthermore, since public key generation and DBS encryption key generation are performed only at the initial stage, a little bit of calculation time is required, and in particular,
There is no need to provide a high-speed arithmetic circuit in the mobile terminal, and there is no need for the mobile terminal to be large-scale or expensive.

Even with encrypted data communication, the data in the user data section is just data for radio base stations and packet switches, regardless of whether it is encrypted or not, so there is no need to make any changes to these radio base stations or packet switches.

The above encrypted data is shared between the mobile terminal 1a and the wireless base station 2a.
Not only is there confidentiality against theft in the wireless section between the wireless base station and the host computer, but there is also security against theft in the communication path between the wireless base station and the host computer.

A second embodiment of the present invention will be described with reference to FIG.

The second embodiment further improves confidentiality. For this reason, the communication channel related to public key exchange and the channel used for DES encrypted communication are made different. In packet switching, the mobile terminal and the host computer can use a plurality of channels, so they can use different channels in this way. Communication path connection establishment, public key generation, public key exchange, DBS encryption key generation, communication path disconnection, DE
Each process of S encrypted data communication is the same as in the first embodiment.

In the second embodiment, in the unlikely event that the public key is intercepted and the DE
Even if the S encryption key is decrypted, the DBS encrypted data communication is carried out on another channel that can be arbitrarily selected by the mobile terminal, so the encrypted data will not be decrypted or read. Therefore, it is not necessary to generate and exchange a public key, and generate a DBS encryption key every time a communication is made, and it is possible to reduce the number of times, for example, once every 10 times, thereby reducing the time required for encryption key generation and communication. .

Although the above embodiments have been described by exemplifying a teleterminal system, the present invention can also be applied to personal wireless and other mobile data encrypted communication systems.

〔Effect of the invention〕

As described above, according to the present invention, a public key is generated using a source key, and a common DBS encryption key is generated using the exchanged public key and each source key, and this highly confidential DBS Since data is encrypted and decrypted using a cryptographic key, it is possible to maintain extremely high confidentiality of data even if data is communicated via a wireless link.

Further, according to the present invention, by using a different channel for generating an encryption key and a channel for communicating encrypted data, data confidentiality can be further improved.

[Brief explanation of the drawing]

FIGS. 1(a) and 1(b) are block diagrams of the principle of the communication processing method of the mobile data encrypted communication system of the present invention, and FIG. b) is a packet data format diagram of an embodiment of the present invention; FIGS. 4 and 5 are diagrams showing encrypted communication methods of the first and second embodiments of the present invention; FIGS. 1 and 6 are teleterminal FIG. 7 is a system configuration diagram showing a data communication method used in a conventional teleterminal system. (Explanation of symbols) ■...Mobile communication device, 2...Packet communication control device, 3...Subscriber device, la...Mobile terminal, 2a
...Radio base station, 2b...Packet switch, 3a
...Host computer.

Claims (1)

[Claims] 1. Mobile communication device (1) and packet communication control device (2)
) are wirelessly connected, the packet communication control device (2) and the subscriber device (3) are connected, and data communication is performed between the mobile communication device and the subscriber device via the packet communication control device. In a communication method, after establishing a communication path connection, the mobile communication device and the subscriber device exchange public keys (X, Y) generated based on respective primitive keys (α, β) as communication data. , a common DES encryption key (
Z), transmits data encrypted based on the DES encryption key for data communication between the mobile communication device and the subscriber device, and decrypts the received encrypted data using the DES encryption key. A mobile data encrypted communication system characterized by being configured to. 2. Establishing a communication path connection and transmitting/receiving a public key between the mobile communication device and the subscriber device using a first wireless channel, and after disconnecting the communication path via the first channel, A communication path connection is established through a channel, and a DES encryption key generated using a public key received through a first channel is used to connect the mobile communication device and the subscriber device through a second channel. 2. The mobile data encrypted communication system according to claim 1, characterized in that the mobile data encrypted communication system is configured to encrypt and decrypt data sent and received between.