JPH02256344A - Privacy communication controller - Google Patents

Abstract

PURPOSE:To attain the use of keys in response to the secrecy of information to be sent by utilizing two kinds of information, 1st key information stored in a 1st key means freely attachable and detachable to/from a device main body and 2nd key information stored in a 2nd key means built in the device main body. CONSTITUTION:A memory card 130 and a ROM 130B are used as keys in a sense in privacy communication and they store different information as the keys. With the memory card 130 loaded to a connector of a privacy equipment, the information stored on the memory card 130 is selected as communication key automatically. With no memory card 130 loaded, the information stored in the ROM 130B built in the equipment is selected automatically as the communication key. Only when the keys at both the privacy equipments at the sender side and the receiver side are coincident, a message is reproduced at the receiver side.

Description

[Detailed Description of the Invention] [Purpose of the Invention] [Field of Industrial Application] The present invention provides a method for performing confidential communication in a communication device such as a facsimile machine that transmits image information using a public communication line, for example. The present invention relates to a secure communication control device used for.

[Prior Art] Various means for encrypting/decoding communication information have been proposed in the past, and for facsimile machines, for example, one with a secret function is disclosed in Japanese Patent Laid-Open No. 59-221167. The technology of the issue is known.

In addition, when performing this type of secret communication, key information is used for encrypting and decoding (deciphering) messages. A technique disclosed in Japanese Patent Publication No. 166240/1988 is known.

[Problems to be Solved by the Invention] Conventionally, key information for secure communication has been stored in an IC card or the like that is detachable from a device. Therefore, messages sent on the receiving side cannot be deciphered unless the two operators are in possession of IC cards with matching key information.

By the way, the degree of confidentiality of information varies depending on the type of information.6 For example, some information may only be disclosed to specific individuals, while others may only be disclosed within a specific group. There is also information. Therefore, in order to conduct confidential communication both between specific individuals and between people within a group.

Each card has two cards, one storing the first key assigned to personal communications and the other storing the second key assigned to group communications, and the confidentiality level of the information at the time. Operators need to use different cards depending on the situation.

However, it is extremely troublesome to carry two cards at all times, and even when conducting confidential communication within a group with relatively low secrecy, a card is always required and a card selection operation is also required. This makes communication operations cumbersome.

The present invention enables different keys to be used depending on the confidentiality of information to be transmitted using a single key, and also reduces the troublesomeness of operators associated with confidential communication. The subject is

[Structure of the Invention: Means for Solving Problems] In order to solve the above problems, the present invention encrypts message information to be transmitted based on specific key information,
In a secure communication control device for decoding received encrypted message information: a first key means holding first key information; a support means for detachably supporting the first key means on the device body; a device body a second key means fixedly arranged inside the device and holding second key information different from the first key information; and identifying whether or not the first key means is attached to the device main body; When it is attached, messages are encrypted and decrypted based on the first key information held in the first key means, and when it is not attached, the message is encrypted and decrypted based on the first key information held in the second key means. Electronic control means are provided for encrypting and decoding messages based on the information.

[Effect] According to the present invention, the key information used in secure communication is.

First key information held in a first key means (e.g., a memory card) that is detachable from the apparatus main body, and second key information held in a second key means (e.g., ROM) built into the apparatus main body.
Two types of key information can be used. Of course, the first
If a plurality of key means are prepared, it is possible to use a plurality of types of first key information.

As for the key information actually used for secure communication, the first key information is automatically selected when the first key means is attached to the main body of the device, and the first key information is automatically selected when the first key means is not attached. Key information No. 2 is automatically selected.

The second key means is built into the main body of the device.

It holds a fixed key previously assigned to that device.

In general, the degree of confidentiality of information can be divided into two types: those that are allowed to be disclosed on an individual or small group level, and those that are allowed to be disclosed within a relatively large group. Regarding the latter, for example, groups such as each business department, each floor, each laboratory, etc. can be considered. Therefore, in the latter case, it is extremely inappropriate for a person other than the group to infiltrate the location where the communication equipment (for example, a facsimile) assigned to the group is located and operate it. Even if the key information is built into a secret device, there is little risk of the key information being leaked to a third party.Furthermore, since information such as messages that appear over the communication line is encrypted, there is no risk of information leaking from the communication line. There's no fear.

In other words, in the present invention, when performing highly confidential secret communication, by using the first key means (for example, a memory card) owned by each individual, information is transmitted to a third party who does not possess it. can be prevented from leaking. In addition, in the case of relatively low-confidential information that is allowed to be disclosed within a group, if communication is performed with the first key means removed from the device body, the second key information will be automatically transferred. Confidential communication is performed within a group that is selected and assigned in advance to that device. Therefore, when performing confidential communication within a group, there is no need for individuals to possess a key such as a card, and there is no need to operate a switch to change the key.
By using the key means, it is also possible to perform highly confidential and secret communications with limited operators on an individual basis.

Other objects and features of the present invention will become apparent from the following description of embodiments with reference to the drawings.

[Embodiment] FIG. 1 shows the overall configuration of one communication system when facsimile transmission (4) is carried out using the security device of the embodiment.

Referring to FIG. 1, facsimile machines (FAX) that communicate with each other are connected to a public telephone line that is connected to an exchange, and there is a connection between each facsimile machine connected to the telephone line and the exchange. , a concealment device is inserted. Each of the facsimiles shown here is a generally commercially available device equipped with G3 mode specified by CCITT, and has not been modified in any way.

That is, by simply inserting the security device of the embodiment onto a telephone line, secure communication can be performed using an existing facsimile device.

FIG. 2 shows an outline of the configuration of the concealment devices provided on the transmitting side and the receiving side. Referring to FIG. 2, the concealing devices on the transmitting side and the receiving side have the same configuration. That is, each secret device is equipped with two modems (modulator/demodulator), a control module (CPU), and a unit having signal bypass, encryption, and decryption functions in the mTJ.

When performing confidential communication, the sending side inputs the image information sent over the line by the facsimile via a modem, and the encrypted information is sent over the line via another modem. , input cursed encrypted information onto the line through a modem, decrypt it and reproduce the transmitted image information, and then transmit the reproduced information to the line connected to the facsimile via another modem. send to,
Thus, each facsimile machine performs only normal operations, but on the line between the two secure devices.

The signal is encrypted and secret communication is performed.

Referring to FIG. 13, which shows the appearance of one of the concealment devices shown in FIG. .9. O, # and *
A numeric keypad ST with each key, and a mode switch SA
, SB, SC, SD.

SE, a numeric display DPI, and a display DP2 are provided. Note that each of the mode switches 5A to 5E has a built-in display lamp (light emitting diode). There is also a switch SCH on the front of the device.

Buzzer BZ and two outlets J1. Equipped with J2. Jl is connected to a public telephone line, and J2 is connected to a facsimile. A connector 51 is provided on the side of the device. Memory card 1 for this connector 51
30 is removable.

Next, the configuration of the secret device shown in FIG. 3 will be explained. A relay RY2 is inserted between the public telephone lines 1@LNI and LN2 connected to the exchange via the socket Jl and the lines LFI and LF2 connected to the own facsimile machine. Lines LFI and LF2 on the facsimile side are connected to a common contact of relay RY2, and telephone lines LNI and LN2 are connected to one contact of RY2. In addition, the other contact of relay RY2 is connected to the line Li inside the concealment device.
B is connected. In this example, when relay RY2 is off, lines LNI and LN2 are connected to lines LF1 and LF2, and when RY2 is on, lines LFI and LF2 are connected to line LiB.

Furthermore, the 1+1 talk lines LNI and LN2 are connected to the line Li inside the concealed device via the normally open contact of relay RYI.
Connected to A. Further, the telephone lines LNI and LN2 include a polarity reversal detection circuit 210 and a call detection circuit 22.
0 is connected, and a current supply circuit 230 is connected to the line LiB inside the concealment device.

Other components of the secret device include a microcomputer (CPU) 100. ROMI 10°RAM12
0. Memory card 130. ROM (inner m key) 130B,
Power supply 140. Random number generation circuit 150° input/output interface (Ilo) 180. Modem 300, 400. Buffer circuit 500. An encryption/decryption processing circuit 600 is provided.

The two modems 300 and 400 each have a CCITT V
27ter, that is, a communication function compliant with the G3 standard.

What is the data bus of the microcomputer 100?

Data bus DB of modem 300 via buffer 500
M1 and the data bus DBM2 of the modem 400. Therefore, the microcomputer 100 can communicate with a facsimile on its own side via the modem 300 or with a facsimile on the other side via the modem 400. In addition, the internal data bus (2) allows
A buffer 500 and an encryption/decryption processing circuit 600 are connected. By controlling the buffer circuit 500, the data bus (2) is connected to the data bus DBM1 . Alternatively, it can be connected to the data bus DBM2 of the modem 400.

Therefore, 1. For example, when a facsimile machine on the own side sends a message, the image information to be encrypted is transferred from the line LiB to the modem 30.
0, is demodulated, appears on the data bus of the microcomputer 100 from the data bus DBM1 through the buffer 500, and is input to the X of the encryption/decryption processing circuit 600.
be applied to the terminals of the group. The circuit 600 encrypts the data applied to the terminals of the X group and outputs it to the data bus (2) via the terminals of the Y group. This encrypted data is passed through the buffer 500 to the data bus D.
It is output to BM2. It is then modulated by mode IS 400 and sent out from line LiA to telephone lines LNI and LN2.

Conversely, when the local facsimile receives data, the encrypted image information to be decoded is input to the modem 400 from the line LiA, demodulated, and sent from the data bus DBM2 through the buffer 500 to the data bus ( 2), which is applied to the Y group terminal of the encryption/decryption processing circuit 600, decodes the information and outputs the decrypted information to the X group terminal. This information is applied to the modem 300 through the data bus of the microcomputer 100, through the buffer 500, and through the data bus DBM1. The modem 300 modulates the information and sends it to the local facsimile lines LFI and LF2 via the line LiB.

The memory card 130 and the ROM 130B are each used as a type of key in secret communication, and hold different information as keys. As will be described later, in this embodiment, when the memory card 130 is attached to the connector 51 of the concealed device, the memory card 130
The information stored in the device is automatically selected as the communication key, and when the memory card 130 is not installed, the information stored in the ROM 130B built into the device is automatically selected as the communication key. A normal message can be reproduced on the receiving side only if the keys in the secret devices on both the sending and receiving sides match.

Next, the configuration of each circuit will be explained in more detail.

Details of each circuit in FIG. 3 are shown in FIGS. 5a and 5b.

Figure 5c, Figure 5d, Figure 6a, Figure FGb, Figure 7a,
It is shown in FIGS. 7b, 8 and 9.

First, explanation will be given with reference to FIG. 5a. This circuit includes a microcomputer 100 and its peripheral circuit elements. Microcomputer 100 used here
is HD63BO3R. Latch LTI functions as an address latch that extracts the lower 8 bits of address information (A7-AO) superimposed as a signal on the data bus of microcomputer 100. The address bus contains the upper 8
The 16-bit signal with the lower 8 bits (AD7-ADO) output from the bit (AD15-ΔD8) address latch LTI is cursed.

Various chip select signals selected by each of the various peripheral circuits connected to the microcomputer 100 are sent to the decoder DE2 and various logic gates (G5°G6.G7.G8.G
9) is generated by an address decoder consisting of: That is, when an address previously assigned to each peripheral circuit is cursed on the address bus, the corresponding chip select signal is decoded and becomes active.

In FIG. 5b, ROMI 1 O, RAMI 20 and memory card 130 are shown. These circuits are
It is connected to the microcomputer lOO via an address bus, a data bus, and a control bus. D
El is a decoder.

In Figure 5c, an input/output interface 180 is shown. This circuit includes a microcomputer 100
An integrated circuit 181 connected to the address bus, data bus and control bus of the board, and a switch 5WI-8W6° light emitting diode LEDI-LE connected to the board.
D7. Buzzer BZ.

A numeric keypad ST and a display DPI are connected.

Note that the switches SW1 to SW6 are the switches S in FIG.
It corresponds to A, SB, SC, SD, SE and SCH.

FIG. 5d shows a power supply circuit 140 and a random number generation circuit 150.
It is shown. The power supply circuit 140 is a commercial AC power supply (A
It has the function of converting the power of ClooV) into various DC voltages, and does not have any particularly new configuration.

On the other hand, the random number generation circuit 150 constitutes an analog voltage comparison circuit. The voltage of one of the two comparison input terminals is stabilized, and the ripple voltage output from the power supply circuit 140 is applied to the other input terminal. This pulsating voltage is a smoothed version of an alternating current (50 Hz) waveform that has been rectified after rectification, and the voltage is constantly changing slightly and contains various noises mixed into the power supply line. The threshold level of the analog voltage comparison circuit is set to an intermediate level in the range in which the level of the ripple signal changes.

Therefore, a pulse signal RMD with small periodicity appears at the output terminal of the comparison circuit. By sequentially sampling this signal RMD, nearly random random number data can be obtained, although it depends on the sampling period. In this embodiment, the random number data generated in this manner is used as a key code when performing secret communication.

Reference is now made to Figure 6a. This circuit includes a polarity reversal detection circuit 21O1 call detection circuit 220 and a relay RY
I,RY2 is shown. Relays RYI and RY2 are controlled on/off by signals NCU-RL 1 and NCU-RL2 output from microcomputer 100, respectively.

The polarity reversal detection circuit 210 is a telephone line LNI.

In order to detect the current on the line LNI, which identifies the presence or absence of current flowing through LN2 and the direction of the current, photocouplers Pc1 and PO2 each consisting of one light emitting diode and a phototransistor are provided. The light emitting diodes of each photocoupler are interposed on the line LNI with opposite polarities, so if current flows in one direction, P
CI turns on and PO2 turns off, and when current flows in the other direction, PCI turns off and PO2 turns on. When no current flows, both photocouplers Pct and PC2 are turned off.

In a telephone line, when the line is on-hook, that is, the line is released, no current flows through the line, and when the line goes off-hook, current flows. Therefore, in this embodiment, the off-hook signal is configured to become active when current is flowing in either direction.

The two signals POLI and POL2 are turned on/off depending on the direction of the current. Since the polarity of the voltage on the Wi communication lines LNI and LN2 is reversed by the exchange, this function is provided to check the polarity of the line at that time. This function changes the polarity of the voltage supplied to the lines LFI and LF2 on the facsimile side to the 111 line LNI when the local facsimile is disconnected from the lines LNI and LN2 and connected to the secure device.

Used to match LN2.

The call detection circuit 220 is a telephone line LNI.

It has the ability to detect cursed call signals on LN2. Since the calling signal is an alternating current signal, in this circuit, the signal whose direct current component is blocked by a capacitor is passed through a full-wave rectifier circuit to be rectified, and when a signal of a predetermined level or higher appears at the rectified output, the incoming call signal is turned on. It is composed of:

In FIG. 6b, a current supply circuit 230 is shown. This circuit connects the local facsimile to the telephone line LNI, L
When disconnected from N2 and connected to line LiB on the hidden side, the lines LFI and LF2 of the facsimile machine on the local side
It has the function of supplying voltage to In order to match the polarity of the voltage with the polarity of the telephone lines LN1 and LN2 at that time, the polarity signals POL1 and POL2 output from the polarity reversal detection circuit 210 described above are used.

Therefore, even if an existing facsimile machine monitors the voltage and current of the line connected to it and performs control according to its status, the connection of the facsimile line can be hidden from the telephone line. There is no risk of any problems arising from switching to the fl! Normally, a voltage of 48V appears on the talk lines LNI and LN2, but the current supply circuit 230 is designed to supply a voltage of 28V.

In Figure 7a, a modem 300 is shown.

Most of the circuitry of this modem is comprised of a single-chip integrated circuit (R48PCJ) 310. This integrated circuit 310 has functions compliant with CCITT (7) V27 and 6r. Basically, the functions of the integrated circuit 310 are to convert the digital signal applied to its data terminal (D7-Do) into a serial signal, perform modulation, and output it to the serial transmission output terminal TXOUT, and the function to output the serial signal to the serial reception output terminal TXOUT. The serial signal applied to the terminal RXIN is demodulated, converted to parallel data, and sent to the data terminal (D7-D
There is a function to output to O).

The signal output from the serial transmission output terminal TXOUT of the integrated circuit 310 passes through the signal processing circuit 320, passes through the transformer 330, and is output to the line LiB. Further, the signal input from the line LiB passes through the transformer 330, passes through the signal processing circuit 320, and is applied to the serial reception signal input terminal RXIN of the integrated circuit 310. integrated circuit 31
0 data terminal (D7-DO) is the data bus DBM.
Connected to 1.

In Figure 7b, modem 400 is shown.

Most of the circuitry of this modem is comprised of a single-chip integrated circuit 410. This integrated circuit 410 is the same as the integrated circuit 310 described above.

The signal output from the serial transmission output terminal TXOUT of the integrated circuit 410 passes through the signal processing circuit 420, passes through the transformer 430, and is output to the line LiA, and the signal input to the line LiA.

Passes through the transformer 430, passes through the signal processing circuit 420,
It is applied to the serial reception input terminal RXIN of integrated circuit 410. A data terminal (D7-Do) of integrated circuit 410 is connected to data bus DBM2.

Further, the logical sum of the interrupt request signal IRQI outputted by the modem 300 shown in FIG. 7a and the interrupt request signal IRQ2 outputted by the modem 400 shown in FIG. 7b is outputted from the logic gate G15. is microcomputer 10
0 is applied to the interrupt request input terminal INT.

Referring to FIG. 8, a buffer circuit 500 is shown, which includes an integrated circuit (748C245) 51 each functioning as a bidirectional three-state bus buffer.
0,520 and 530. integrated circuit 51
The A group terminal of 0 is the data bus DB of modem 400.
M2, the A group terminal of the integrated circuit 520 is connected to the data bus DBMl of the modem 300, and the A group terminal of the integrated circuit 530 is connected to the microcomputer l.
Connected to the OO data bus. In addition, the integrated circuit 5
The terminals of each B group 10, 520, and 530 are commonly connected to the internal data bus (2).

Therefore, by controlling the integrated circuits 510 and 530, the data bus of the microcomputer 100, the internal data bus (2), and the data bus DBM2 of the modem 400 are
By controlling the integrated circuits 520 and 530, data can be transmitted between the data bus (2) of the microcomputer 100, the internal data bus (2), and the modem 300. data bus D
Data can be transmitted in either direction between the three parties with the BMI.

FIG. 9 shows a specific configuration of the encryption/decryption processing circuit 600. Referring to FIG. 9, this circuit can be broadly divided into a key code holding circuit 61, an encryption circuit 6, and an encryption circuit 6.
20 and a decoding circuit 630.

First, the key code holding circuit 610 will be explained. This circuit is composed of a FROM (programmable ROM) 611 and two latches 612 and 613. FROM61
Master key information is applied from the microcomputer 100 to the address terminals (AO to A7) of No. 1. F.R.O.
In the M611, different key codes are stored in advance for each address, and by giving address information, the 8-bit key code existing at that address can be determined.

Output to data terminals (DO to D7).

Information output by FROM 611 by controlling latch control signals KLTI- and KLT2.

They can be held in latches 612 and 613, respectively. When outputting latch control signal KLT1 and KLT2
By changing the master key given to FROM 611 when outputting , the data held in latch 612 and the data held in latch 613 become different values.

The 8-bit data held in latch 612 is applied as key code KA, and the 8-bit data held in latch 613 is applied as key code KB to encryption circuit 620 and decryption circuit 630, respectively.

Next, the encryption circuit 620 will be explained. This circuit consists of 4-bit full adders 621, 622 . It consists of exclusive OR circuits 623, 624° and a three-state output buffer 625. Full adder 62
The input terminal of Group A of 1 is connected to the input terminal via the data bus.
Information on the lower 4 bits of information X to be encrypted (XO-X3
) is applied, and the key code K is applied to the B group input terminal.
The lower 4 bits of A (3 to KO-) are applied. Also,
The input terminal of group A of the full adder 622 receives the upper 4 bits (X4
-X7) is applied, and the upper 4 bits of the key code KA (7 to K4-) are applied to the input terminal of the B group.

The carry output of full adder 621 is applied to the input terminal of full adder 622.

The output terminals of each group E of full adders 621 and 622 are applied to the input terminals of group A of exclusive OR circuits 623 and 624, respectively.

Furthermore, the lower 4 bits (11 to K8-) of the key code KB are applied to the B group input terminal of the exclusive OR circuit 623, and the key code KB is applied to the B group input terminal of the exclusive OR circuit 624. The upper 4 bits of (K l 2-K
15) is applied.

4 output from the output terminal Y of the exclusive OR circuit 623
bit signal and 4 output from output terminal Y of 624
The bit signal passes through the buffer 625 and is output as 8-bit encrypted information Y to the internal data bus (2).

Next, the decoding circuit 630 will be explained. This circuit consists of 4-bit full adders 633, 634 . exclusive OR circuit 631,
632. It consists of a three-state output buffer 635 and a group of inverters.

The input terminal of the Δ group of the exclusive OR circuit 631 is
The lower 4 bits (YO-Y3) of the encrypted information Y are applied from the internal data bus (2), and the [! The lower 4 bits of code KB (K8-K
ll) is applied. Also.

The input terminal of the A group of the exclusive OR circuit 632 is
The upper 4 bits (Y4-Y7) of the encrypted information Y are
It is applied from the internal data bus (2), and the upper 4 bits of the key code KB (K12-K
15) is applied.

The signals output from the output terminals of each group E of the exclusive OR circuits 631 and 632 are sent to the full adder 63.
3 and 634 to the B group input terminals. A key code K is input to the input terminal of group A of the full adder 633.
A signal obtained by inverting the lower 4 bits of A (3 for KO-) is applied to the input terminal of group A of the full adder 634, and a signal obtained by inverting each of the upper 4 bits of key code KA (7 for K4-) is applied to the input terminal of group A of the full adder 634. A signal is applied.

The 4-bit information output by the full adder 633 and the full adder 6
The 4-bit information outputted by the microcomputer 34 is outputted to the data bus of the microcomputer 100 as decoded 8-bit information X via the buffer 635.

It should be noted that the encryption processing method performed by the encryption circuit 620 and the decryption circuit 630 is basically known in the past, so there is no need to explain it.
Note that FIG. 4 shows a simplified version of the processing of the encryption/decryption processing circuit 600 shown in FIG. 9, so please refer to it.

FIG. 10 shows the internal structure of a memory card 130 used in this embodiment. Referring to FIG. 10, this memory card is equipped with a read/write memory (RAM), a battery, a control circuit, and a connector 134. cage, connector 1
34, each terminal of the six connectors 134, which can be attached to and detached from the main body (connector 51) of the concealment device, includes:
Wt source line Vcc), card set signal terminal (C
8T), chip select signal terminal (CS), write control output (WPOUT), write control input (WE), output enable input (OE), address bus (AO-A12) and data bus (Do-07) are assigned. It is being RAM
131, 10 codes unique to this memory card (allocated in advance) are written. In this embodiment, the ID code stored in the memory card 130 and the ROM 130 are
One of the ID codes stored in B is selectively used. The selection is automatically determined depending on whether or not the memory card 130 is attached to the main body of the apparatus.

Next, the actual communication operation of a facsimile machine that performs 0 communication will be explained with reference to FIG. 11a.

The operation of the concealment device is shown in FIGS. 11b, 11c, 1id, 1ie, 11f, and 11g.
Figure 2a, Figure 12b, Figure 12e.

12d, 12e, 12f, 12g, 12h, 12i, 12j and 12. Note that the processing content of the facsimile machine itself is the same as that of conventional machines, so that portion will be briefly explained.

The contents of the processing will be explained below with reference to each episode, but the explanation will be as shown in FIG.

It is assumed that a communication system is configured. Furthermore, in the following description, abbreviations determined by CCITT recommendations are used for symbols (shown in parentheses) for signals transmitted in one communication process. Furthermore, the facsimile will be described as operating in automatic mode on both the calling and called sides.

On the calling side's facsimile, when it detects a dial tone from the exchange, it dials the number of the other party (equivalent to going off the hook and picking up the handset).
(see figure).

When the called side detects a ring tone from the exchange, it goes off the hook and then sends a called station identification signal (CEr) on the line indicating that it is a facsimile. The side continues to send out a calling tone (CNG) indicating that the calling party is a facsimile machine until it detects this signal (CED).

After detecting the signal (CED), the calling side enters facsimile communication mode. After sending the signal (CED), the called side sends a digital identification signal (DIS) indicating that the called device has CCITT standard capabilities. That is, the signal (DIS) notifies the calling party in which mode (Gl, G2, G3, etc.) the called party's facsimile is capable of communication.

The calling party receives the digital identification signal (
Based on the content of the DIS, it checks whether it matches the communication capabilities of the local facsimile, determines the communication mode that suits the communication capabilities of both parties, and returns a digital command signal (Do8) in response to the DIS signal to the called party. do. Following this, a training check signal (
TCP). After receiving the signal (DC3), the called side receives the signal (TCP) in the specified mode,
A signal (CFR or FTT) indicating the reception result is returned.

On the calling side, based on the returned reception result, if the communication condition is good, it moves on to the next message sending step; if the condition is bad, it changes the communication mode (generally lowers the communication speed) and sends the signal again. (TCP).

When the calling party receives the signal (CFR), it sends out a training signal to synchronize the called party, and then sends a message. The called side receives the message after synchronizing with the training signal.

On the called side, after the calling side sends one page of the manuscript, reception continues until it detects a signal (RTC) sent to indicate the end of the document.

When a 1-page manuscript is sent, the calling side detects whether it is the final manuscript, and if it is not the final manuscript, a multi-page signal (
After sending the MPS), the reception confirmation signal (MCF) or retraining signal (RTP, RTN) is sent from the receiving side.
). Then, depending on the received signal, the user selects whether to change the transmission mode, send training, or disconnect the line.

If it is the final document, the procedure is interrupted by 1 interrupt, and it is determined whether or not to change the mode. If the mode is not to be changed, a procedure end signal (EOP) is sent and a circuit disconnection operation is started. When changing the mode, the signals (MCF, R
TP or RTN), it waits until it receives a digital identification signal (DIS).

On the called side, 1 signal from the calling side (MPS).

When either (EOP) or (EOM: end of message) is received, a signal (MCF) or (RTP) is received.

(RTN), returns to command receiving state. Otherwise, the circuit will be disconnected.

Next, the operation of the concealment device will be explained.

First, it is determined whether the local facsimile belongs to the calling party or the called party. That is, in FIG. 12a, in step A52, the (incoming call) signal output from the call detection circuit 220 is checked, and in step A55, the hook signal output from the polarity detection circuit 210 is checked,
The calling party or the called party is detected by identifying which one comes first: incoming call detection or hook-off detection. If it is the called side, the incoming call signal is detected first, so 1 is stored in register C1 in step Δ53.0If it is the calling side, 1 is stored in register C1 in step A54 when the incoming call signal is not detected. 0 is stored and hook-off is detected, so proceed to the next process. Therefore.

In subsequent processing, by referring to register C1, it is possible to identify whether the local facsimile is the calling party or the called party.

Next, in step A58, the state of switch SW4 is referred to. The switch SW4 is operated according to the operator's intention for confidential communication. If switch SW4 is on, it is assumed that there is an intention to conduct confidential communication, and the next step is step 7.
If SW4 is off, the process returns to step A55.

If the switch SW4 remains off, the process does not proceed to step 72 and subsequent steps, so this device does not perform the concealment operation.

Normal communication takes place between facsimiles.

In the next step A72, the card installation signal C8T output from the memory card 130 is referred to via the input port P16 to identify whether or not the memory card 130 is installed in the secret device. The signal C3T is H (high level) when the card 130 is attached to the connector of the concealed device, and is L (low level) otherwise. Detect presence.

If the presence of the card is detected in step A72, the key information written in the memory card 130 is read out and held as a master key in step A73. Note that since the memory card 130 is located at a predetermined memory address of the microprocessor 100, the memory card 130
The operation of reading out the key information in the memory is similar to the operation of accessing general memory.

If card mounting heat is detected in step A72, the key information written in the ROM 130B is read out in step A74, and the data is held as a master key.

Different key information is stored in the memory card 130 and the ROM 130B in advance. Therefore.

The master key to be used is automatically switched depending on whether or not the memory card 130 is attached to the secret device. R
The key information of OM130B is for the same group (for each business division,
Concealed device groups assigned to each floor, each laboratory, etc. are all set to have the same content, and the contents are set to differ between devices in different groups.

In other words, when using the keys in the ROM 130B, the master keys match within the same group, but the master keys do not match between devices in different groups.If the master keys do not match, the encryption cannot be decrypted, so There is no risk that encrypted transmitted information will be leaked to the device.

After determining the master key, the process proceeds to step A59, where relay RYI is turned on, and the value of register C1 is checked at step A60, and processing is performed on the calling or called side.

If the local station is the called party, in step A69, the switch (F
AX-3W: Check 5WI) to identify whether the local facsimile mode is manual or automatic. If manual, proceed to step Δ70, turn on relay RY2, and connect lines LF1 and LF2 of the own facsimile to line LiB in the secret device.

In step A71, a signal (C
ED) is sent.

If the facsimile at the own station is in the automatic mode, the process advances to step G51 in FIG.
Turn on relay RY2 and connect your own facsimile line LFI.
, LF2 are connected to the line LiB in the hidden device.

Next, check the status of the secret switch (SW2).

If the switch is on, it is assumed that you wish to remain confidential, and register M
Store ACTC in r, otherwise NA in Mr.
0 to store CTC Next, the process advances to step G61, and the state is set so that the signal (DIS) can be received.

Next, the process proceeds to step H51 in FIG. 12h, where the register M
The contents of r are sent to the other station.

Here, a case where the local station is the calling side will be explained. In that case, the process proceeds to step B51 shown in FIG. 12b.

First, wait until the signal (CED) is detected.
ED), the process proceeds to step B56. If the called station is a normal facsimile, DIS or DTC is sent here, but if the called station's concealment device is operating, Following the signal (CED), instead of DIS or DTC, the contents of 1Mr are sent in step H51 of FIG. 12h.

In that case, when the predetermined time Tx2 has elapsed, step B5
7 to step 858, relay RY2 is turned on to switch the line connection, and step B59 is to turn on the secrecy switch (S
W2) and register Mt according to the result.
Set the contents of Then, since the contents of the register Mr are received, the process proceeds from step B66 to step C51 in FIG.
Proceed to.

In step C55, the signal RD output from the random number generation circuit is
Repeatedly sample the level of M.

A random number code R is thereby generated. Step C56
Now, the generated random number code R is given as input X to the encryption/decryption processing circuit 600, and the master key obtained from the memory card 130 or ROM 130B is given to the encryption/decryption processing circuit 600. In the next step C57, key codes KA and KB corresponding to are generated, and information Ct obtained by encrypting the random number R is generated.
Information Xt obtained by adding a code Ct to the CTC is sent to the called station.

The called station receives information Xt from one calling station at step 152 in FIG. 12h. And Xt is NAC
If it is not a TC, the process advances to step 156. Step H
At 56, the called station's memory card 130 or ROM 13
Encryption/decryption processing circuit 60 for master key obtained from 0B
0 and the key codes KA and KB corresponding to the master key
generate.

Then, the received code is encrypted/decrypted by the processing circuit 600.
cipher input Y, and decrypt the cipher.

The decoded information R' is output to the data bus.

In the next step H57, the decoded information R' is
A key code KA is given to the encryption/decryption processing circuit 600 as a master key and corresponds to the master key.

Generate KB 6 Then, input information R' to the encryption/decryption processing circuit 600 as input information X.

It encrypts it and sends the t5 coded code Xr to the calling station.

When the calling station receives the code Xr in step C58, it proceeds to step C59. In step C59, the code Xr is input to the coder Y of the encryption/decryption processing circuit 600, and! &The same value as the random number sent initially is given to the encryption/decryption processing circuit 600 as a master key, and the code Xr is decrypted. The information R''' decoded in this way is R'' = D r (E r'(R')
) ... = (1) However, R'': R decrypted by the called side Er'': Encryption function of the called side Dr: Decryption function of the calling side, so the calling side and the called side If all of the encryption and decryption conditions match, R′″ is the initially sent random number R
is equal to If the ID codes stored in the memory card of the first party and the memory card of the called party are different, R and R'' do not match.

The calling station side compares R and R'' in step C60.

If they match, the process advances to step C62 and the register R
Store 1 in f and send it to the called party. If they do not match, the transmission of the cipher and the comparison with the returned cipher are repeated three times. If there is no match after three checks, the secure communication operation is prohibited.

When the called side receives Rf in step H58 of FIG. 12h, the process proceeds to step 1161 and subsequent steps.

Until secure communication becomes possible as described above, the facsimile at the called station transmits a digital identification signal (D
IS) continues to be sent, and the facsimile on the calling side continues to wait for that signal.

Then, when the called station side security device proceeds to step H65, it has already received the digital identification signal (D
IS) is being received, so the signal is transmitted to the other party's (calling) station.

Once secure communication is possible in this way, information is transmitted using the same procedure as normal facsimile communication, but in that case, the secure device is connected to the local facsimile machine and the other party's (secure device). ), and the information sent by the local facsimile is
Information is sent to the other party's station via the secret device, and information sent from the other party's station is sent to the facsimile of the own station via the secret device.

Image information is encrypted or decrypted during mediation. In that case, the information to be encrypted is applied to the input terminal X of the encryption/decryption processing circuit 600, and the information to be decrypted is applied to the input terminal Y. Furthermore, the master key code of the encryption/decryption processing circuit 600 has already been transferred, confirmed and verified between the local station and the other station.

Random numbers are used at both stations. In other words, a different value is used for the key used in secret communication, that is, the session key, for each communication. Therefore.

Extremely safe.

Note that in the above embodiment, encryption/decryption is performed by arithmetic addition and exclusive OR operations, but the encryption method can also be used with various conventionally known methods. The invention can be carried out in the same way. For example, a method such as a stream cipher that updates the key value sequentially by counting up the key value may be used, or a method that uses the immediately preceding encrypted data as the key. may also be used.

Further, in the embodiment, confidential communication was explained when facsimile machines communicate with each other. However, the device of the present invention can be used not only for facsimiles but also for any device that communicates using the same communication procedure. It is possible to do so.

[Effect] As described above, according to the present invention, the key information used in secure communication is the first key information held in the first key means (memory card 130) that is detachable from the device main body. Two types of second key information held in the second key means (ROM 130B) built into the main body of the device can be used. Of course, if a plurality of first key means are prepared, a plurality of types of first key information can be used. As for the key information actually used for secure communication, the first key information is automatically selected when the first key means is attached to the main body of the device, and the first key information is automatically selected when the first key means is not attached. Since key information No. 2 is automatically selected, there is no need to operate a switch to select S.

When conducting highly confidential secret communications, by using the first key means owned by each individual, it is possible to completely prevent information from leaking to a third party who does not possess it. In addition, in the case of relatively low-confidence information that should not be allowed to be disclosed within a group, if communication is carried out with the first key removed from the device, the second key will automatically be released.
key information is selected, and confidential communication is performed within a group pre-assigned to that device. Therefore,
When performing confidential communication within a group, there is no need for individuals to carry a key such as a card, and there is no need to operate a switch to change the key. Moreover, if the first key means is used in accordance with the degree of confidentiality of information, it is also possible to perform confidential communication with a high degree of confidentiality with only one person (m) with a limited number of operators.

[Brief explanation of drawings]

FIG. 1 is a block diagram showing the configuration of the entire communication system using the security device of the embodiment. FIG. 2 is a block diagram showing the outline of the configuration of the secret devices provided on the transmitting side and the receiving side, respectively. FIG. 3 is a block diagram showing the configuration of one secret device of the embodiment. FIG. 4 is a block diagram schematically showing the functions of the encryption/decryption processing circuit 600. Figures 5a, 5b, 5c, 5d, 6a,
Figures 6b, 7a, 7b, and 8. FIGS. 9 and 10 are block diagrams showing the detailed configuration of each part shown in FIG. 4. FIG. 11a, 11b, 1ie, 11d, 1ie, 11f, and itg are flowcharts showing the contents of facsimile communication processing. Figures 12a, 12b, 12c, 12d, 12e, 12f, 12g, 12h, 1
Figures 2i, 12j, and 12 are flowcharts showing the operation of the concealment device. FIG. 13 is a perspective view showing the appearance of the concealment device of the embodiment. 51: Connector (supporting means) 100: Microcomputer (electronic control means) 110
: ROM 120 : RAM 130: Memory card (first key means) 130B: ROM (second key means) 134: Connector 140: IT source 150: Random number generation circuit 180: Input/output interface 210: Polarity reversal detection circuit 220: Call detection circuit 230: Current supply circuit 300, 400: Modem 310
．． 410: Integrated circuit 320.420: Signal processing circuit 330.430: Transformer 500: Buffer circuit 600: Encryption/decryption processing circuit 610: FI code holding circuit 611: PROM 612, 613: Latch 62
0: Encryption circuit 621.622: Full adder 623.
624: Exclusive OR circuit 625: Buffer 630: Decoding circuit 631.6
32: Exclusive OR circuit 633.634: Full adder 635: Buffer RYI, RY2: Relay LNI
, LN2: Public telephone line LFI, LF2: Line LiA, LiB: Line LTI:
Latch DEI, D[E2: Decoder 5WI-8
W6: Switch LEDl-LED7: Light emitting diode BZ: Buzzer PCI, PO2: Photocoupler

Claims (1)

[Claims] In a secure communication control device that encrypts message information to be transmitted and decrypts encrypted message information to be received based on specific key information: a first key holding first key information; means; support means for removably supporting the first key means on the device body; a second key fixedly arranged inside the device body and holding second key information different from the first key information; key means; and identifying whether or not the first key means is attached to the device main body,
When it is attached, messages are encrypted and decrypted based on the first key information held in the first key means, and when it is not attached, the message is encrypted and decrypted based on the first key information held in the second key means.
A secure communication control device comprising: electronic control means for encrypting and decoding messages based on key information of the electronic control means;