JPH0334640A - Method and device for confidential facsimile communication - Google Patents

Abstract

PURPOSE:To facilitate the confidential communication by enciphering an identifier by a first cipher key from a receiving terminal and transmitting it to a transmitting terminal, enciphering transmitting document information by a second cipher key in the transmitting terminal and transmitting it to the receiving terminal. CONSTITUTION:A cipher part 9 is provided with an enciphering circuit 13, a decoding circuit 14, a cipher key generating/managing circuit 15, and a pseudo random digit generating/ managing circuit 16. In this state, a random digit generated by a transmitting terminal is transmitted to a receiving terminal and based on its random digit, the same first cipher key is generated by both the transmitting and the receiving terminals, and identifier information of the receiving terminal is enciphered by a first cipher key and transmitted to the transmitting terminal. In the transmitting terminal, an identifier of the receiving terminal is decoded by using a first cipher key and a format is inspected, and thereafter, by displaying it on a display part 11, a transmitting terminal user certifies the receiving terminal to be the other proper party. Also, as for document information sent by a facsimile, based on the random digit and the identification number of the receiving side, a second cipher key is generated, and encipherment/decoding are executed by using it by the transmitting side/ receiving side, respectively. In such a way, tapping is prevented.

Description

DETAILED DESCRIPTION OF THE INVENTION (Field of Industrial Application) The present invention relates to a system and apparatus for preventing erroneous connections, spoofed unauthorized reception, and eavesdropping in facsimile communications.

(Prior art) In conventional facsimile communications, when a user sends document information using a facsimile machine that allows the recipient's address, such as a telephone number, to be registered and calls can be made by selecting a button, errors or misoperations on the part of the user may occur. The following method has been proposed as a method for confirming the other party when a destination address other than the target address is selected.

(1) The receiving terminal has a voice recording function, and before starting transmission, a message such as ``This is XX Shoji. Please send.'' is sent as an audio signal from the receiving terminal to the transmitting terminal. A method that prevents incorrect connections by having the receiver confirm the receiving terminal.

(2) In Phase B of the CCITT Recommendation 1.30 procedure, the name and other identifiers of the receiving terminal are sent to the sending terminal and displayed on the display of the facsimile machine, allowing the sender to confirm the receiving terminal, thereby preventing erroneous connections. method.

(Problems to be Solved by the Invention) However, the above method for preventing erroneous connections has the following problems.

Regarding the use of audio in (1) above, identification of homophones,
There is a problem in that voice recognition is hindered by ambient noise, and facsimile terminals do not necessarily have a recording function, and in order to provide a facsimile terminal with a recording function, it is necessary to modify the device.

Regarding the identifier display in (2) above, not all facsimile terminals have the function of displaying the information of Phase B of CCITT Recommendation T, 30 Procedure.

In addition, in both methods (1> and (2) above, the user can change the name and other identifiers arbitrarily, so it is possible to "spoof" receive information by pretending to be another user, or by tapping the line. No consideration is given to defense measures against ``eavesdropping'' of document information.

Summarizing these problems, there are challenges that need to be overcome.

(i) The connection partner can be reliably identified and erroneous connections can be prevented.

(ii) It is possible to prevent "spoofed" reception by setting information of another facsimile terminal.

(iii) Confidential communication is possible where it is practically impossible to decipher the document information even if the line where the document information is being transmitted is tapped.

(iv) When performing confidential communications, there is no need for the user to manage encryption keys using magnetic cards or the like.

Furthermore, in consideration of compatibility with current facsimile terminals, the following issues must also be considered.

(V) It is possible to send and receive document information even to facsimile terminals that do not take the above measures.

(vi) Confidential communication can be easily achieved without modifying existing facsimile terminals.

(Means and effects for solving the problems) The present invention is a method and apparatus invented in consideration of the above points.

Between facsimile terminals that perform confidential communication, this device is installed independently of the facsimile main body at the connection part of both terminals to the line network.

When a line is connected, this device sends a signal that allows the receiving terminal to recognize that this device is installed. The sending device is
Based on the recognition signal, it is recognized that the device is being used as a receiving terminal, and a confidential communication procedure begins.

If the receiving terminal does not have this device installed, a normal signal is sent out, and the user not using the sending end is notified of this using the normal signal, and the document information is transferred using normal facsimile procedures.

Confidential communication procedures can be divided into the following two types depending on the degree of confidentiality required.

(a) A random number created at the sending terminal is sent to the receiving terminal, and based on the random number, the same first encryption key is generated at both the sending and receiving terminals. Identifier information (identification number, name, etc.) of the receiving terminal is encrypted with the first encryption key and transmitted to the transmitting terminal. At the transmitting terminal, the identifier of the receiving terminal is decrypted using the first encryption key, and the format is displayed on the display section of this device after inspection. This allows unused users of the transmitting terminal to authenticate the receiving terminal as the legitimate party and prevent mistakes. Connections can be prevented. Note that the random number takes a different value for each communication.

(b) For document information actually sent by facsimile, a second encryption key is generated based on the random number and the recipient's identification number, and the sender and receiver use it to encrypt/decrypt the information, respectively. By doing so, wiretapping can be prevented.

When implementing the above solution, the following assumptions are required.

■The encryption key generation method, encryption/decryption algorithm, etc. realized by this device are all confidential.

-Each device has a unique identification number, and one device cannot perform the same operations as other devices.

■It is fundamentally difficult to disassemble the inside of this device and analyze its mechanism (for example, chips, wiring, etc. will be destroyed during disassembly).

(Example) Hereinafter, one embodiment of the present invention will be described based on the drawings.

FIG. 1 is a block diagram showing the configuration of a secure facsimile communication device according to an embodiment of the present invention, FIG. 2 is a block diagram showing the configuration of the encryption section 9 of FIG. 1, and FIG. A diagram showing the applied connection form, FIG. 4 is the display section 11 of FIG.
FIG. 5 is a diagram showing an example of a transmission/reception protocol sequence.

First, the configuration of the apparatus of this embodiment will be explained.

In FIG. 1, a switch 1 is a switch that switches whether or not a facsimile confidential communication device (hereinafter referred to as the device) 100 is involved in communication.

The magnetic card reading unit 2 reads the identifier information from a magnetic card used when changing the identifier information unique to each of the devices 100. The modem 3 is in charge of the interface with the facsimile machine, and the modem 4 is in charge of the interface with the line network. The tone transmitting/receiving section 5 sends and receives tone control signals to and from the facsimile machine,
The tone transmitting/receiving section 6 sends and receives control signals in the form of tones to and from the line network. The central control section 7 controls other sections of the device according to their respective functions. The identifier information section 8 stores an identification number, a unique name, etc. unique to the device.

An identification number, a unique name, etc. exist in a specified format as an identifier (CIDB). The encryption unit 9 encrypts or decrypts document information, random numbers, and identifiers to be sent and received, generates encryption keys, and the like. The display control unit 10 controls the display on the display unit 11. The display unit 11 displays the name of the communication partner. The lamp 12 indicates to the user that the other party has not installed the device 100.

In FIG. 2, an encryption circuit 13 performs encryption based on a first encryption key KA and a second encryption key KCOM. The decryption circuit 14 decrypts the first encryption key KA and the second encryption key based on 0°2. The encryption key generation/management circuit 15 generates the first encryption @KA and the second encryption key KC using an encryption key generation algorithm common to the device 100.
Generate and save OM. Pseudo-random number generation/management circuit 1
6 generates and stores a random number R.

Next, the operation of the apparatus of this embodiment will be explained along with the communication procedure. Here, the sequence numbers described below are:
This corresponds to Figure 4.

First, when both the transmitting and receiving terminals start communication, the switch 1 of the device 100 in FIG. 1 is in a connected state. That is, the device 100 is not involved in confidential communication (sequence 1). The sending facsimile machine is connected to the receiving facsimile machine via the line in the normal procedure. If the facsimile machine on the receiving side is capable of receiving data, it transmits a called terminal identification signal (CED: 2100 Hz) after the line is connected (sequence 2). The called terminal identification signal from the receiving facsimile machine is transmitted to the tone transmitting/receiving section 5 of the receiving facsimile machine.
When reception is detected, the switch 1 is disconnected under the control of the central control unit 7 based on the detection signal, and the tone transmitting/receiving unit 6 outputs a called terminal identification signal (e.g. 1400Hz) to the transmitting terminal (sequence 3). This device-specific called terminal identification signal is transmitted to the tone transmitting/receiving section 6 by the transmitting device.
By detecting this, it is recognized that the receiving side is using this device, and based on this detection signal, the switch l is disconnected by a signal from the tone transmitting/receiving section 6 under control from the central control section 7. If this device is not installed on the receiving side, the tone emitting/receiving section 6 of the device on the sending side will detect this because it will send a normal called terminal identification signal, and the central control will be controlled by the detection signal. The lamp 12 is turned on under the control of the section 7, and a message to that effect is displayed on the display section 11 via the display control section 10. The user decides whether or not to disconnect according to the lamp display and projected message.

The transmitting side that has received the called terminal identification signal unique to this device transmits the random number R generated by the random number generation/management circuit 16 inside the cryptographic section 9 under the control of the central control section 7 to the receiving side via the modem 4. At the same time as sending the random number R to this device, the sending device stores the random number R in the random number generation/management unit 16 (sequence 4).
.

The device on the receiving side sends the random number R sent from the device on the sending side to the random number generation/management unit 16 of the encryption unit 9 via the modem 4.
At the same time, the encryption key (KA) is stored in
generate.

In addition, this device on the sending side also uses the same algorithm as the encryption key (K).
A) is generated.

The encryption circuit 13 of the receiving device reads out its own identifier (ID) recorded in the identifier information section 8, and encrypts it in the encryption section 13 based on the above-mentioned encryption key (KA). The information (EKA(I Da)) is transmitted to the sending device via the modem 4 (sequence 5).

This device on the sending side receives the information encrypted by the receiving side (E#1A(
ID. inspect.

If the format is correct, the identification number of the receiving device,
Extract the unique name and save it in the encryption key generation/management circuit 15,
An acknowledgment code ACK as a confirmation signal is transmitted from the encryption circuit 13 to the receiving side via the modem 4 (sequence 6).
).

If the decoded information is incorrect, error processing such as displaying an error message on the display section lo and disconnection is performed.

The obtained unique name on the receiving side is displayed on the display section 11 via the central control section 7 and the display control section 10 on the transmitting side. The user of the sending terminal sees this and confirms the validity of the receiving terminal as the other party.

Based on the receiving device identifier (IDB) stored in the encryption key generation/management circuit 15 and the random number R stored in the random number generation/management section 16, the sending device generates the encryption key ( KCoM) is generated by the encryption key generation/management unit 15 and stored. Similarly, the same encryption key (KCOM) is generated and stored by the encryption key generation/management unit 15 in the receiving and receiving devices.

In the above sequences 2 to 6, the facsimile machine on the receiving side sends the called terminal identification signal (CED: 21QO
Hz) The transmission state is maintained.

After transmitting the acknowledgment code ACK via the modem 4, the transmitting device puts the switch 1 into the connected state. When this device on the receiving side detects the acknowledgment code ACK via the modem 4 in the decoding circuit 14 of the encryption unit 9, the switch 1 is brought into the connected state via the central control unit 7.

In this state, the called terminal identification signal (CED: 2100 Hz) sent from the receiving facsimile device is received by the sending facsimile device, and document information can be exchanged (sequence 7).

In actual facsimile transmission and reception of documents, the transmitting machine receives the reception readiness confirmation signal (CFR) from the receiving machine, that is, after completing phase B, the transmitting machine receives the CCITT Recommendation T from the sending facsimile machine. The encryption key generation/management unit 1 engraves only the actual document information that communicates at the encoded transmission speed of 4800/9600 bps.
The encryption key (KcOM) stored in step 5 is used to encrypt the document information received from the sending facsimile device via the modem 3 using the encryption circuit of the encryption unit 9. 13, the document information is encrypted using an encryption key (KCOM), and the encrypted document information is transmitted via the modem 4. The device on the receiving side receives the encrypted document information via the modem 4, and uses the decryption circuit 14 of the encryption section 9 to extract the encryption key (KKOIJ).
), and the decrypted document information is sent to modem 3.
(Sequence 8).

In addition, 300bps (or 2400bps is also possible)
This embodiment does not encrypt the control signal sent in the . Specifically, when transmitting document information at 4800/9600 bps, the modem 3 or modem 4 of this transmitting and receiving device detects the training signal and switches the switch l to the disconnected state via the central control unit 7. This device is placed between the sending and receiving facsimile devices. But 300bps (or 2400bps is also possible)
As for the control signal sent by the device, the preamble signal is detected by the modem 3 or modem 4 of this device, which transmits and receives it, and the unencrypted control signal is sent to the device by connecting the switch 1 via the central control section 7. The information is sent and received directly between the sending and receiving facsimile machines without going through the facsimile machine.

Here, the section in which encrypted information is exchanged is between the apparatuses on both the sending and receiving sides, and information is exchanged between the apparatus and the facsimile machine using unencrypted facsimile information.

When the transmission of the document information is completed, a disconnection command signal from the sending facsimile device is directly exchanged between the sending and receiving facsimile devices without going through this device (sequence 9).

The facsimile machines on both the sending and receiving sides disconnect the lines. At this point, the device is in an initial state (sequence 10).

In the above sequence, the central control unit 7 shown in FIG. 1 manages the communication protocol and monitors and gives instructions to each part.

In this system, the following management needs to be performed as an operational measure in addition to the operation of this embodiment in terms of security management.

(a) The identifier (ID) possessed by this device is set by the manufacturer in the identifier information section 8 when the device is shipped, and the manufacturer similarly changes the identifier when changing the device. In the modification process, the personal encryption key referred to in section (b) below is used, and only the unique name in the identifier is modified. A unique identification number is given to every device. Therefore, it is difficult to perform "spoofed" reception at another terminal.

(b) The identification number constituting the identifier (IDII) held by this device is unique for each device, and the device has a unique encryption key using the identification number as the initial value of the encryption key generation algorithm. Using this unique encryption key, the above (a)
Change the identifier (ID,) of. Specifically, this device has a magnetic card for changing identifier information, the manufacturer records data encrypted with the identifier information using the encryption key on the magnetic card, and the magnetic card is transferred to the user of the device. The user then inserts this magnetic card into the magnetic card reading section 2 and executes a change command to decrypt it inside this device using the personal encryption key and inspect the format. If it is correct, the user reads the identifier information section 8. Write new identifier information to .

Even if another user obtains this magnetic card, the encryption key is different, so the update process cannot be performed on other devices, and the same device can only be used once.

Further, random data is not written to the identifier information section 8 in order to perform a format check.

In addition to the magnetic card, the above functions can also be achieved by replacing the ROM.

(Effects of the Invention) As explained above, according to the present invention, the following effects can be achieved.

(a) If the device is incorrectly connected to a facsimile terminal that does not have this device, the device will transmit the called terminal identification signal (210 Hz) before receiving the called terminal identification signal (for example, 1400 Hz) unique to this device.
0Hz), it is detected that the receiving side is not the present device, and the present device notifies the sender of this fact through the lamp and display section. Whether or not to disconnect the line is left to the sender's discretion.

If you make a mistake in connecting to a facsimile terminal equipped with this device,
Since the unique name of the other party is displayed on the display unit, it is determined that there is an erroneous connection, and the user determines whether or not to disconnect.

(b) A facsimile terminal that does not have this device cannot perform "spoofed" reception.

Even assuming that a facsimile terminal equipped with this device receives "spoofed" reception, due to the above prerequisites, each device has its own unique identifier (IDs), and the user of this device can forge that identifier. and cannot be updated without permission. For this reason, "spoofing" reception is impossible even if it is intentional.

(C) Since the actual facsimile information is encrypted, it cannot be decoded even if it is intercepted. Specifically, an encryption key is generated for each communication, the encryption algorithm is secret, and the key is always different due to random numbers, so the decryption time becomes enormous.

As described above, by using the method and apparatus of the present invention, important documents that cannot be sent using current facsimile communication can be sent.
You can safely send to the other party's facsimile terminal without making a connection error.

[Brief explanation of drawings]

FIG. 1 is a block diagram showing the configuration of an apparatus according to an embodiment of the present invention, FIG. 2 is a block diagram showing the configuration of the encryption section in FIG. 1,
Fig. 3 is a diagram showing a connection form to which this device is applied, Fig. 4 is a diagram showing an example of the display on the display section of Fig. 1, and Fig. 5 is an example of a protocol sequence for facsimile communication using this device. FIG. 1...Switch, 2...Switch, 3.
4...Modem, 5.6...Tone sending/receiving section, 7...Central control section, 8...Identification low information section, 9
... Encryption section, lO... Display control section, 11
...Display section, 12...Lamp, 13...
- Encryption unit, 14...Decryption unit, 15...
Encryption key generation/management unit, 16... Pseudo-random number generation/management unit, 100... Facsimile confidential communication device.

Claims (6)

[Claims] (1) By sending the random numbers necessary for generating the encryption key for secure communication from the sending terminal to the receiving terminal, the
generating and matching encryption keys, and encrypting an identifier for identifying the receiving terminal from the receiving terminal with the first encryption key and transmitting it to the sending terminal; the sending terminal decrypts it with the first encryption key and displays it; Then, the sending terminal and the receiving terminal generate and match a second encryption key using the random number and the identification number in the identifier, and the sending terminal encrypts the transmitted document information with the second encryption key and transmits it to the receiving terminal. . A secure facsimile communication method, wherein the receiving terminal decrypts the encrypted document information using the second encryption key. (2) The sending terminal sends random numbers necessary to generate an encryption key for confidential communication to the receiving terminal, so that the encryption keys of both the sending and receiving terminals are generated and matched, and the sending terminal encrypts the transmitted document information with the encryption key. 1. A secure facsimile communication method, characterized in that the encrypted document information is encoded and transmitted to a receiving terminal, and the receiving terminal decrypts the encrypted document information using the encryption key. (3) The sending terminal sends random numbers necessary for generating an encryption key for confidential communication to the receiving terminal, so that the encryption keys of both sending and receiving terminals are generated and matched, and the receiving terminal transmits the identifier that identifies the receiving terminal to the receiving terminal. A secure facsimile communication method characterized in that the information is encrypted with a key and sent to a sending terminal, and the sending terminal decrypts it with the encryption key and displays it. (4) A switch that switches whether or not to be involved in facsimile communication depending on whether or not confidential communication is to be performed, a line control unit that is in charge of connection to the facsimile device or line network, and transmission and reception of a specific frequency for communication control. A tone transmitting/receiving section that is in charge of analysis, an identifier information section that stores its own unique identifier, an encryption section that encrypts or decrypts document information and the identifier, and displays the receiving terminal's identifier, processing status, etc. A facsimile confidential communication device comprising: a display section; a display control section that controls display on the display section; and a central control section that controls each of the above components. (5) A switch that switches whether or not to be involved in facsimile communication depending on whether or not confidential communication is to be performed, a line control unit that is in charge of connection to the facsimile device or line network, and transmission and reception of a specific frequency for communication control. The above components include a tone transmitting/receiving section that is in charge of analysis, an encryption section that encrypts or decrypts document information, a display section that displays processing status, etc., and a display control section that controls the display of the display section. A facsimile confidential communication device consisting of a central control unit and a central control unit. (6) A switch that switches whether or not to be involved in facsimile communication depending on whether confidential communication is to be performed, a line control unit that is in charge of connection to the facsimile device or line network, and transmission and reception of a specific frequency for communication control. A tone transmitting/receiving section that is in charge of analysis, an identifier information section that stores its own unique identifier, an encryption section that encrypts or decrypts the identifier, and a display that displays the receiving terminal's identifier and the processing status of the device. A facsimile confidential communication device comprising: a display control section that controls the display of the display section; and a central control section that controls each of the above components.