JPH08139718A - Cipher device and inter-terminal communication method using the cipher device - Google Patents

Abstract

PURPOSE: To reduce the load on a key management center, to facilitate ciphering of a secret key by means of an IC card, and to reduce the processing quantity and time even in a broadcast cipher communication mode. CONSTITUTION: A key manager 113 writes a secret key 126 into an external memory 111 and carries it to an IC card 106. When the secret key 126 is inputted to the card 106 from the memory 111, the key 126 is ciphered by a stored master key 121 and a card specific number 129. This ciphering result is outputted. A ciphered key 125 is written into an external memory 110 and managed by a user 130. When the user 130 performs the cipher communication with another user 131, the key 125 stored in the memory 110 is inputted to the card 106 and then coded and stored by the key 121 and the number 129. Then a session key is generated for the cipher communication and ciphered by the key 126. The session key is sent to the opposite party of communication, and the card 106 receives the ciphered session key and acquires a session key against the one that is decoded by the key 126.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a technique for encrypting and decrypting communication data in a communication control device, for example, a PC card type communication control device for encrypting communication data and key data used for the decryption. The present invention relates to a cryptographic device which is set to the above and is used for inter-terminal cryptographic communication, and an inter-terminal communication method using the same.

[0002]

2. Description of the Related Art With the spread and development of communication networks, some security measures are required to prevent theft of data during communication.

Among communication networks, particularly in a local area network (LAN), anyone using a protocol analyzer can intercept the data flowing on the LAN and take it into a file of its own for misuse. It has been pointed out that there are various security problems. Furthermore, when using a wireless LAN where part of the LAN communication path is wireless instead of a wired cable, if a receiving terminal is placed somewhere within a relatively wide range where radio waves reach, anyone can intercept communication data. There is also a problem of getting it.

In order to solve such a security problem, conventionally, when terminals connected to a LAN communicate with each other, the transmitting terminal side encrypts the communication data and transmits the ciphertext, and the receiving terminal side receives the ciphertext. There is proposed a method of encrypting LAN communication data, such as obtaining the original communication data by decrypting the encrypted text. As an encryption technique in such communication between terminals, a technique of providing a communication control device with an encryption function, for example, a method of realizing an encryption function on a LAN communication board has been proposed.

FIG. 8 is a diagram for explaining a conventional cipher communication method. In the figure, the key center 1002 is
User PC i1003 and user PC j1
004 and the LAN 1001 can communicate with each other. A secret parameter P1006 is secretly held in advance in the key center 1002. In this state, the user personal computer i1003 and the user personal computer j1
The encrypted communication between 004 is realized as follows.

Step 0 (preparation): Key manager 102
7 is stored in the ROM 1022 of the user's personal computer i1003 from the secret parameter P1006 by a predetermined procedure (here,
Secret parameter P1006 and user PC i1003
Key generation program 1005 using the numerical value i and
Secret key Ki10 calculated in
Write 11 in secret.

Here, the ROM 1022 has a property of retaining the stored information even when power is not supplied. Similarly, the secret key K calculated by the user PC j1004 from the secret parameter P1006 by a predetermined procedure.
Write j1015 in secret.

Step 1: User PC i1003
On the LAN encryption communication board 1028
A random number R is generated by the cipher control program 1010 in 022
i1017 is generated and transmitted to the user personal computer j1004 via the interface 1009. In addition, in FIG. 8, corresponds to the operation of the present step 1. ,
, And, similarly, the following steps 2 to 2, respectively.
It corresponds to the operation of 4.

Step 2: User personal computer j1004
Generates a random number Rj and sets a set 10 of the random number Ri and the random number Rj.
18 is transmitted to the key center 1002.

Step 3: The key center 1002 causes the key generation program 1005 to calculate the secret key Ki1011 and the secret key Kj1015 from the secret parameter P1006 by a predetermined procedure. Also, the session key Ks is generated by generating a random number. Then, in the key processing unit 1007 of the key center 1002, Ci = E (Ki, Ks) and Cj =
E (Kj, Ks) is calculated, and the calculated results Ci, C
The group 1019 of j is transmitted to the user personal computer j1004 via the interface 1008. Where E (K,
*) Indicates a conversion process for encrypting the data * with the key K.

Step 4: User personal computer j1004
Of the received set 1019 of Ci and Cj, Ci10
20 is transmitted to the user personal computer i1003. The user personal computer j1004 uses the secret key Kj1015 to enter Cj
Ks = D (Kj, Cj) is calculated for 1020 to obtain the session key Ks. Here, D (K, *) indicates a conversion process for decrypting the data * with the key K.

Step 5: The CPU 1021 of the user personal computer i1003 operates on the received Ci1020 under the control of the cipher control program 1010 to execute the cipher LSI.
1025 and secret key Ki1011, Ks = D
(Ki, Ci) is calculated, the session key Ks is obtained, and RA is obtained.
Set to M1023. Here, in the RAM 1023, the stored information is deleted when the power is not supplied,
It has the property.

Step 6: Encrypt communication is performed between the application program 1012 of the user personal computer i1003 and the user personal computer j1004 using the session key Ks.

Here, the encryption operation on the user personal computer i1003 side will be described in more detail. First, the application program 1012 in the personal computer board 1026
Puts the message to be encrypted in the shared RAM 1024. Then, the CPU 1021 controls the cryptographic LSI 1025 and the RAM under the control of the cryptographic control program 1010.
The message is encrypted using the session key Ks on 1023, and the result is transmitted to the user personal computer j1015 via the interface 1009 and the LAN 1001. When receiving this ciphertext, the user personal computer j10
At 15, the session key Ks can be used to decrypt the original message.

Consider a case where communication data on the LAN 1001 is intercepted by an unauthorized third party. Step 3
Only the key center 1002, the user personal computer i1003, and the user personal computer j1004 can decrypt the session key Ks from Ci = E (Ki, Ks) or Cj = E (Kj, Ks) communicated in. is there. Other than this, the secret parameter P1006,
Since neither private key Ki1011 nor private key Kj1015 is possessed, Ci = E (Ki, K
s), or the session key Ks cannot be obtained by decryption from Cj = E (Kj, Ks). Therefore, even if the encrypted communication text encrypted with the session key Ks is intercepted or decrypted, it cannot be returned to the original plaintext. That is, the privacy of communication is protected.

The above-mentioned prior art is described in, for example, the document "LA.
Actual evaluation and evaluation of N cryptographic communication system "(Yamaguchi et al.
F93-38, The Institute of Electronics, Information and Communication Engineers, March 1994.
Mon, PP 7-12).

[0017]

The key management method described above has an advantage that encrypted communication can be performed between any two personal computers connected to the LAN. However, this method has the following problems.

(1) The load on the key management center 1002 is heavy. That is, the key management center 1002 needs to operate every time an encrypted communication is attempted between two personal computers. This is because the key management center 1002 has a role of generating the session key Ks.

(2) The LAN cipher communication board 1028 is heavily mounted. That is, in the preparation stage of step 0, the key manager 1027 stores the secret key Ki1011 in the ROM1022.
It is designed to be written on. If you try to do this other than when the ROM 1022 is manufactured,
A rewritable memory that can retain data when the power is cut off must be used.

That is, the cipher control program 1010 in the same ROM 1022 may be read-only and capable of being stored and held when the power is cut off, whereas the secret key Ki101.
In order to write 1, it is necessary to use a rewritable memory that can be stored and held when the power is cut off, which is expensive and requires a large number of gates for mounting. Therefore, when the function of the LAN cipher communication board 1028 is to be realized by a small device such as a PC card, there is a high possibility that the cost becomes high or the area for mounting becomes insufficient. ing.

(3) There are many prior communications for performing the one-to-n broadcast encryption communication. That is, when attempting to share the session key Ks among n + 1 persons for broadcast encryption communication,
The process as shown in n + 1 for n + 1 personal computers
It is necessary to repeat the process repeatedly, which increases the processing amount and processing time as a whole.

An object of the present invention is to reduce the load on the key management center as much as possible in order to solve the above conventional problems, and
(EN) A cryptographic communication method between terminals that can be easily implemented by a small device such as a card, and that can reduce the processing amount and processing time even when performing one-to-n broadcast cryptographic communication, and such a method. It is to provide a cryptographic device to be used.

[0023]

In order to achieve the above object, in the present invention, first, a key manager writes a secret key in an external memory (for example, a floppy disk), and the external memory is used as an encryption device (for example, PC). Carry it to the card. Next, the private key in the external memory is input into the encryption device. The encryption device is an internal read-only memory ROM
Master key and unique number stored in
In the case of a card, the secret key is encrypted with a card unique number) and the encryption result is output. The encrypted private key output in this way is written in another external memory, and this external memory is entrusted to user management. Up to this point is the preliminary preparation stage.

After that, when it becomes necessary for the user and the other user to perform the encrypted communication, the encrypted secret key in the external memory managed by the user is input into the encryption device. The encryption device decrypts the secret key with the master key and the unique number, and stores the decryption result in, for example, the random access memory RAM. The same process is performed by the encryption device on the other side that performs encrypted communication.

The session key for performing encrypted communication is
It may be created by any cryptographic device that performs cryptographic communication. The cryptographic device that created the session key stores the session key and sends it to the cryptographic device on the other side to be encrypted by the secret key and encrypted. The encryption device, which has received the encrypted session key, decrypts with the secret key to obtain the session key. As a result, the session key is shared, and encrypted communication can be performed using the session key.

A public key cryptosystem may be used for encryption and decryption of the session key. In this case, the cryptographic device that created the session key receives the public key paired with the secret key, encrypts the session key by the public key cryptosystem using the public key, and sends it. As the means, the encryption function inside the encryption device may be used, or the encryption function outside the encryption device may be used.

After that, when the message to be transmitted is input, the encryption device encrypts the message with the stored session key and transmits the result to another terminal via the network. Alternatively, when an encrypted message is input, it decrypts with the stored session key and outputs the result. This realizes encrypted communication. Such an encryption device may be realized by a PC card (IC card) or the like. What is a PC card? JEIDA (Japan) / P
CMCIA (US) standard compliant memory or I / O
It's a card. The encryption device can also be realized in the form of a board used in a desktop personal computer.

[0028]

According to the present invention, the problems of the prior art can be solved. That is,

(1) The load on the key management center is relatively small. That is, it is not necessary for the key management center to operate each time encrypted communication is performed between the two parties. The key management center is required when setting the secret key in the encryption device (PC card or the like) in advance preparation, but at this time, the key management center only needs to operate offline and need not be connected to the LAN. .

(2) The implementation of the hardware required for LAN cipher communication control is relatively light. In other words, the present invention does not require a special rewritable memory for holding the secret key and a memory that can be stored and held when the power is cut off.

(3) There is relatively little prior communication for performing one-to-n broadcast encryption communication. In other words, in the present invention, session key sharing is not performed via the key management center, and session key sharing among 1 + n persons can be relatively easily realized by using broadcast communication that is easily realized in a LAN.

[0032]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a diagram showing a first embodiment of a cryptographic communication system to which the present invention is applied. In the figure, the user personal computer i107 is connected to the user personal computer j109 via the PC card 106, the wireless transceiver 103, the wireless transceiver 102, the LAN 101, the wireless transceiver 104, the wireless transceiver 105, and the PC card 108. Connected to allow communication. Here, the wireless transceiver 10
3 and the wireless transceiver 102, and the wireless transceiver 1
Communication between 04 and the wireless transceiver 105 is performed wirelessly.

The ROM 119 in the PC card 106 is a read-only memory that can store and hold data when the power is cut off. Internal information, that is, the device number Ni129, the master key Km121, and the cipher control program A12.
0 is written when the ROM 119 is manufactured. In particular, the master key Km121 is strictly managed before and after manufacturing so that the secret is not leaked. Also, P
It is difficult for the C card 106 to steal internal information by unauthorized means.

The encrypted communication between the user personal computer i107 and the user personal computer j109 is realized as follows.

(1) Advance Preparation The advance preparation is performed as in steps 1 to 7 below when the system is set up.

Step 1: The key manager 113 generates the key encryption key Ku126 and secretly writes the key encryption key Ku126 to the floppy disk 111.

Step 2: The key manager 113 sets the floppy disk 111 on the user personal computer i107 and gives a setup instruction. As a result, the cipher control program B122 of the user personal computer i107 is activated, and the setup operation is started. The key encryption key Ku126 in the floppy disk 111 is ready to be read by the user personal computer i107.

Step 3: First, the cipher control program B
122 is a key encryption key K from the floppy disk 111.
u126 is read and sent to the interface B117 of the PC card 106.

FIG. 6 shows a user PC i107 to PC.
The format of the data sent to the interface B117 of the card 106 is shown. In addition to this step, when sending data from the user personal computer i107 to the PC card 106, the format of FIG. 6 is used. In FIG.
Reference numeral 601 denotes a command instructing an operation to be executed by the PC card 106, and 602 denotes an information section which is processing target data. The PC card 106 basically operates according to the input data shown in FIG.

In this step 3, an encryption instruction is set as the command 601 and a key encryption key Ku126 is set as the information section 602 and sent to the interface B117 of the PC card 106.

Step 4: CPU1 of PC card 106
Upon receipt of the encryption instruction and the key encryption key Ku126 via the interface B117, the 14 activates the encryption control program A120 and starts the encryption operation. First, the cipher control program A120 uses the cipher LSI 116 and the device number Ni for the key encryption key Ku126.
An encryption process is performed using 129 and the master key Km121 to obtain an encrypted key encryption key Ci125.
That is, Ci = E (Ni + Km, Ku).

Here, + represents an exclusive OR for each bit. The cipher control program A120 is the CPU 1
Predetermined processing is executed through the operation of 14. The encryption LSI 116 executes the calculation of the encryption function E (*, *).

The cipher control program A120 sends the encrypted key cipher key Ci125 to the interface B117.

Step 5: The encryption control program B122 of the user personal computer i107 receives the encrypted key encryption key Ci125 and writes it on the floppy disk 110.

Step 6: The key manager 113 sets the floppy disk 111 in the user's personal computer j109 to cause the user's personal computer j109 and the PC card 108 to perform the same processes as in the above steps 2 to 5. As a result, the encrypted key encryption key Cj127 is written in the floppy disk 112. Here, Cj = E (Nj + Km, Ku).

Step 7: The floppy disk 111 and the floppy disk 112 are respectively stored in the user i13.
0 and the user j131 store it somewhere safe.

(2) Cryptographic Communication When the need for cryptographic communication arises in daily work after the system setup is completed, the next step 8
The processings of 15 are performed.

Step 8: The user i130 takes out the floppy disk 110 from the storage location and sets it in the user personal computer i107. Similarly, the user j131
The floppy disk 112 is taken out from the storage location and set in the user personal computer j109.

Step 9: The instruction to perform the encrypted communication is issued, for example, by the user i130 directly to the user personal computer i107 or from the application program 124 operated by the user i130. Here, it is assumed that the application program 124 issues a request for cryptographic communication, which activates the cryptographic control program B122 and starts cryptographic communication.

The activated cipher control program B122 is
The encrypted key encryption key Ci125 in the floppy disk 110 is read and sent to the interface B117 of the PC card 106. Specifically, the command 60 in FIG.
A command indicating a request for encrypted communication is set as 1, and data in a format in which the key encryption key Ci125 is set as the information unit 602 is sent to the interface B117 of the PC card 106.

Step 10: CPU of PC card 106
Upon receiving the request for encrypted communication and the key encryption key Ci125 via the interface B117, the 114 activates the encryption control program A120 and starts the operation of encrypted communication. First, the cipher control program A120 causes the cipher LSI 116 to encrypt the cipher key Ci12.
5, the device number Ni129 and the master key K
Decryption processing is performed using m121, and the key encryption key Ku1
You get 26. That is, Ku = D (Ni + Km, Ci). Here, the calculation of the decryption function D (*, *) is executed by the cryptographic LSI 116.

Then, the cipher control program A120
The obtained key encryption key Ku126 is set in the RAM 118.

Step 11: Similarly, the user personal computer j109 and the PC card 108 also perform the processing of Ku = D (Nj + Km, Cj) and set the obtained key encryption key Ku126 in the PC card 108.

In the user personal computer j109, the cipher control program on the receiving side operates to perform the above processing, but the trigger of the cipher control program may be whatever. For example, it is possible to always wait for a request for encrypted communication from another personal computer and activate it when the request is received. Alternatively, the user j131 may use the user personal computer j10.
Alternatively, the reception request for the encrypted communication may be directly issued to 9.

Step 12: The cryptographic control program A 120 of the PC card 106 generates a session key Ks by generating a random number or the like and sets it in the RAM 118.

Step 13: The encryption control program A 120 also includes the encryption LSI 116 and the key encryption key Ku 126.
Is used to encrypt the session key Ks to obtain C123. That is, C = E (Ku, Ks).

Further, the cipher control program A120 is
The obtained C123 is transferred to the PC via the interface A115, the wireless transceiver 103, the wireless transceiver 102, the LAN 101, the wireless transceiver 104, and the wireless transceiver 105.
Send to card 108.

Step 14: In the PC card 108, the encryption control program on the receiving side is operating. The encryption control program of the PC card 108 which has received the transmitted C123 decrypts the C123 and sets the session key Ks
Get. That is, Ks = D (Ku, C).

Step 15: Application program 124 of user personal computer i107 and user personal computer j
An encrypted communication is performed with the PC 109 using the session keys Ks in the PC cards 106 and 108 of both PCs.

The operation on the side of the user personal computer i107 will now be described in more detail. First, the application program 124 sends a message to be encrypted to the interface B117 of the PC card 106. In particular,
A command indicating that encryption processing is to be performed is set as the command 601 in FIG. 6, and the data in the format in which the message to be encrypted is set as the information section 602 is
It is sent to the interface B117 of the C card 106.

C of the PC card 106 that received this data
Under the control of the cryptographic control program A120, the PU 114 cryptographically processes the message using the cryptographic LSI 116 and the session key Ks on the RAM 118 to obtain a ciphertext. The obtained ciphertext is the interface A 115, the wireless transceiver 103, the wireless transceiver 102, and the LAN 10.
1, to the PC card 108 via the wireless transceiver 104 and the wireless transceiver 105.

Upon receiving this ciphertext, the PC card 108
Then, the session key Ks in the PC card 108 is used to decrypt the original message, and the result is decrypted by the user personal computer j.
Send to 109.

It can be seen that the privacy of communication is protected by this embodiment. It is assumed that C = E (Ku, Ks) communicated in step 13 is intercepted by an unauthorized third party on the LAN 1001.

Case 1: When power is supplied to the PC card: The floppy disk holds the key encryption key Ku126 required to decrypt the session key Ks from C = E (Ku, Ks). Only the disk 111, the PC card 106, and the PC card 108. If these cannot be accessed, the key encryption key Ku126 cannot be operated. That is, the floppy disk 111, the PC card 106,
Alternatively, the privacy of communication is protected because the ciphertext during communication cannot be decrypted by anyone other than the person who is permitted to access the PC card 108.

Case 2: When the power supply to the PC card is cut off The key encryption key Ku126 required to decrypt the session key Ks from C = E (Ku, Ks) is held. Only the floppy disks 111, 110, 112. Further, the key encryption key Ku in the floppy disk 110 is the master key K existing in the PC card 106.
It is recorded in an encrypted form (Ci = E (Ni + Km, Ku)) using m121 and the device number Ni129 as a key, and this key encryption key Ku cannot be decrypted without accessing the PC card 106. . The same applies to the floppy disk 112.

Therefore, the person who is permitted to access the floppy disk 111, the person who is permitted to access the PC card 106 and the floppy disk 110, and P
The privacy of communication is protected because only the person who is permitted to access the C card 108 and the floppy disk 112 can decrypt the ciphertext during communication even if it is intercepted.

In this embodiment, among the problems (1) to (3) of the prior art, (1) and (2) are solved. That is,

(1) In the system of FIG. 1 according to the present embodiment, an operation by a third party is performed every time an encrypted communication is attempted between two personal computers (between the user personal computer i107 and the user personal computer j109). The operation of the key management center 1002 in FIG. 8) is not required. This embodiment is relatively easy to implement in that no key management center is required.

(2) In the system of this embodiment shown in FIG. 1, the hardware (ROM 129) for holding the key at all times is as shown in FIG.
The ROM 1022 does not have to be a rewritable memory that can be stored and held when the power is cut off, and can be a read-only memory that can be stored and held when the power is cut off. The present embodiment is relatively easy to realize in that the memory that always holds the key does not have to be rewritable.

Next, a second embodiment of the present invention will be described.

FIG. 2 is a cryptographic communication system according to the second embodiment of the present invention. In the figure, the same numbers as in FIG. 1 indicate the same items. In the following, a part different from the first embodiment will be described in detail. In the present embodiment, in addition to the configuration shown in FIG. 1, user personal computers h205, P, so that broadcast encryption communication among three parties can be performed.
A C card 203, a wireless transceiver 202, and a wireless transceiver 201 are provided. The user personal computer h205
It is connected to the LAN 101 via the PC card 203, the wireless transceiver 202, and the wireless transceiver 201.

In the present embodiment, the user personal computer i10
7 to user personal computer j109 and user personal computer h
Broadcast encryption communication to 205 is realized as follows.

(1) Preliminary Preparation Preliminary preparation is performed as in steps 1 to 7 below when the system is set up.

Steps 1 to 5: These steps are the same as Steps 1 to 5 of the first embodiment, so description thereof will be omitted. By steps 1 to 5, the encrypted key encryption key Ci125 is written on the floppy disk 110. Here, Ci = E (Ni + Km, Ku).

Step 6-1: The key manager 113 sets the floppy disk 111 in the user's personal computer j109 to cause the user's personal computer j109 and the PC card 108 to perform the same processes as those in the above steps 2 to 5. . As a result, the encrypted key encryption key Cj127 is written in the floppy disk 112. Here, Cj = E (Nj + Km, Ku).

Step 6-2: The key manager 113 sets the floppy disk 111 in the user's personal computer h205 to cause the user's personal computer h205 and the PC card 203 to perform the same processes as those in the above steps 2 to 5. . As a result, the encrypted key encryption key Ch206 is written in the floppy disk 207. Here, Ch = E (Nh + Km, Ku).

Step 7: Floppy disk 110,
The floppy disk 112 and the floppy disk 207 are respectively a user i130 and a user j13.
1 and the user h208 store it somewhere safe.

(2) Cryptographic Communication When the need for cryptographic communication arises in daily business after the system setup is completed, the next step 8
The processings of 15 are performed.

Step 8: The processing in the user personal computer i107 and the user personal computer j109 is the same as in the first embodiment. In this embodiment, in addition, the user h208
Similarly, the floppy disk 207 is taken out from the storage location and set in the user personal computer h205.

Steps 9 and 10: The same processing as steps 9 and 10 of the first embodiment. As a result, the key encryption key Ku126 is set in the RAM 118 in the PC card 106.

Step 11-1: User personal computer j10
9 and the PC card 108 similarly, Ku = D (Nj + Km, Cj) is processed, and the obtained key encryption key Ku126 is set in the PC card 108.

Step 11-2: User personal computer h20
5 and the PC card 203 similarly perform the processing of Ku = E (Nh + Km, Ch) and set the obtained key encryption key Ku126 in the PC card 203.

Steps 12 and 13: The same processing as steps 12 and 13 of the first embodiment. However, in the present embodiment, the C123 and the PC card 108 and P
Send to C card 203. C123 is C = E (K
u, Ks).

Step 14: The processing in the PC card 108 is the same as that in the first embodiment. Further, the PC card 203 performs similar processing. That is, PC
In the card 203, C123 is decrypted to obtain the session key Ks. Ks is Ks = D (Ku, C).

Step 15: Application program 124 of user personal computer i107 and user personal computer j
109 and the user personal computer h205 perform encrypted communication using the session key Ks in each of the PC cards 106, 108 and 203.

The operation on the side of the user personal computer i107 will be described in more detail. First, the application program 124 sends a message to be encrypted to the interface B117 of the PC card 106. In particular,
As the command 601 in FIG. 6, a command indicating that encryption processing is performed and transmission by broadcast communication is set, and data in a format in which a message to be encrypted is set as the information section 602 is sent to the interface B117 of the PC card 106.

C of the PC card 106 that received this data
Under the control of the cryptographic control program A120, the PU 114 cryptographically processes the message using the cryptographic LSI 116 and the session key Ks on the RAM 118 to obtain a ciphertext. The obtained ciphertext is the interface A115, the wireless transceiver 103, the wireless transceiver 102, and the LAN.
Broadcast communication is performed to the PC cards 108 and 203 via 101.

Upon receiving this ciphertext, the user personal computer j
At 109, the session key Ks in the PC card 108 can be used to decrypt the original message. Similarly, when the user personal computer h205 receives this ciphertext, it can decrypt the original message using the session key Ks in the PC card 203.

According to this embodiment, the conventional problems (1)
(3) of (3) is solved. That is, (3) there is little prior communication for performing one-to-n broadcast encryption communication. That is, the session key Ks is used for broadcast encryption communication.
In order to share C.sub.1 among 1 + n persons, the encrypted C123 only needs to be communicated once in advance as in step 13 above.

Next, a third embodiment of the present invention will be described.

FIG. 3 shows a cryptographic communication system according to the third embodiment of the present invention. The hardware configuration shown in FIG.
1 is almost the same as that of the first embodiment, and the same reference numerals as in FIG. 1 indicate the same elements. However, in FIG. 3, the floppy disk held by the key manager 113 is 311
And 317 and 2 sheets. Information written in various memories, that is, the cryptographic control program A30
1, the encryption control program B302 and the information written on the floppy disks 311 and 317 are different from those in FIG.

In this state, the user personal computer i10
The encrypted communication between the personal computer 7 and the user personal computer j109 is realized as follows.

(1) Preliminary Preparation The preparatory preparation is performed in the following steps 1 to 7 when the system is set up.

Step 1: The key manager 113 uses the secret key S
i306, a public key Pi 307, an authenticator Qi 309, and a key file Fi information including a parent key P 310 is generated,
The key file is secretly written on the floppy disk 311. Here, Qi = RSA (S, i || Pi).

I is a numerical value for specifying the user i130 (the owner of the floppy disk 110 described later). The secret key Si 306 and the public key Pi 307 are a set of a secret key and a public key of the RSA encryption (encryption method proposed by Rivest, Shamir, Adleman) which is a public key encryption method. Also, the private key S and the public key (parent key) P310
Is another set of private key and public key of RSA encryption. Only the key manager 113 knows the secret key S. The function RSA (X, Y) uses the key X to RSA the data Y
A conversion process is shown, and A || B represents the concatenation of the data A and B.

Step 2: The key manager 113 sets the floppy disk 311 in the user personal computer i107 and gives a setup instruction. As a result, the cipher control program B302 of the user personal computer i107 is activated, and the setup operation is started.

Step 3: Cryptographic control program B302
From the floppy disk 311 to the private key Si 306,
Public key Pi307, authenticator Qi309, and parent key P3
The key file information Fi consisting of 10 is read and sent to the interface B117 of the PC card 106. Note that Fi
= Si || Pi || Qi || P.

User PC i107 to PC card 1
The format of the data sent to 06 is the same as that of FIG. 6 of the first embodiment. Here, an encryption instruction is set as the command 601, the key file information Fi is set as the information section 602, and the interface B of the PC card 106 is set.
To 117.

Step 4: CPU1 of PC card 106
When the encryption instruction and the key file information Fi are received via the interface B117, the 14 activates the encryption control program A301 and starts the operation. First,
The encryption control program A301 performs encryption processing on the key file information Fi using the encryption LSI 116, the device number Ni129, and the master key Km121, and obtains encrypted key file information Ci303. That is, Ci = E (Ni + Km, Fi).

Here, + represents an exclusive OR for each bit. The cipher control program A301 corresponds to the CPU1
Predetermined processing is executed through the operation of 14. The encryption LSI 116 executes the calculation of the encryption function E (*, *).

The cipher control program A301 transfers the encrypted key file information Ci303 to the interface B11.
Send to 7.

Step 5: The cipher control program B302 of the user personal computer i107 receives the encrypted key file information Ci303, and the floppy disk 110
Write in.

Step 6: The key manager 113 uses the secret key S
j312, a public key Pj313, an authenticator Qj315, and a parent key P316 are generated, and key file information Fj is generated.
The key file is secretly written on the floppy disk 317. Then, the key manager 113 sets the floppy disk 317 in the user's personal computer j109 to cause the user's personal computer j109 and the PC card 108 to perform the same processes as in steps 2 to 5.

As a result, the encrypted key file information Cj305 is written on the floppy disk 112. Here, Cj = E (Nj + Km, Fj). The key file information Fj is Fj = Sj ||
Pj || Qj || P. Also, the authenticator Qj315
Is calculated by Qj = RSA (S, j || Pj). j is a user j131 (floppy disk 112
Is a numerical value that identifies the owner).

Step 7: The floppy disk 110 and the floppy disk 112 are stored in the respective user i13.
0 and the user j131 store it somewhere safe.

(2) Cryptographic Communication When the need for cryptographic communication arises in daily work after the system setup is completed, the next step 8
The processings of 15 are performed.

Step 8: The user i130 takes out the floppy disk 110 from the storage location and sets it in the user personal computer i107. Similarly, the user j131
The floppy disk 112 is taken out from the storage location and set in the user personal computer j109.

Step 9: The instruction to perform the encrypted communication is issued, for example, by the user i130 directly to the user personal computer i107 or from the application program 124 operated by the user i130. Here, it is assumed that the application program 124 issues a request for cryptographic communication, which activates the cryptographic control program B302 and starts cryptographic communication.

The activated cipher control program B302 is
The encrypted key file information Ci303 in the floppy disk 110 is read and sent to the interface B117 of the PC card 106. Specifically, a command indicating a request for encrypted communication is set as the command 601 in FIG.
The data of the format in which the key file information Ci 303 is set as the information section 602 is sent to the interface B 117 of the PC card 106.

Step 10: CPU of PC card 106
Upon receiving the request for encrypted communication and the key file information Ci 303 via the interface B 117, the 114 activates the encrypted control program A 301 and starts the operation of encrypted communication. First, the cipher control program A301
Uses the device number Ni129 and the master key Km121 to decrypt the encrypted key file information Ci303 by the encryption LSI 116 to obtain the key file information Fi. That is, Fi = D (Ni + Km, Ci). Here, the calculation of the decryption function D (*, *) is executed by the cryptographic LSI 116.

The cipher control program A301 is
The obtained key file information Fi is used as the encryption control program B30.
Return to 2.

Step 11: User PC i107
Sends the authenticator Qi310 to the user personal computer j109. Specifically, the user personal computer i107 sends to the PC card 106 a command instructing the transmission of the authenticator and data in the format of FIG.
0 for wireless transceiver 103, wireless transceiver 102, LA
N101, wireless transceiver 104, wireless transceiver 105,
And user PC through the PC card 108
Send to 109.

Step 12: User personal computer j109
Generates a session key Ks by generating a random number or the like, and P
Set it on the C card 108.

Step 13: User personal computer j109
Is the session key Ks, the authenticator Qi310 received from the user personal computer i107, and the floppy disk 317.
Using the parent key P in the above, data C304 is created as follows. That is, i || Pi = RSA (P, Qi) C = RSA (Pi, Ks). The user personal computer j109 uses the created C304.
To the user personal computer i107.

Step 14: Cryptographic control program B30
2 decrypts the received C304 and decrypts the session key Ks
Get. That is, RSA (Pi, Ks) = C Ks = RSA (Si, RSA (Pi, Ks)).

Further, the cipher control program B302 is
The session key Ks thus obtained is sent to the interface B117. The cipher control program A301 receives the session key Ks via the interface B117,
Set to 18.

Step 15: Application program 124 of user personal computer i107 and user personal computer j
An encrypted communication is performed with the PC 109 using the session keys Ks in the PC cards 106 and 108 of both PCs.

The operation on the side of the user personal computer i107 will be described in more detail. First, the application program 124 sends a message to be encrypted to the PC card 106. Specifically, as the command 601 of FIG. 6, a command indicating encryption processing and transmission is set,
Data of a format in which a message to be encrypted is set as the information unit 602 is sent to the interface B117 of the PC card 106.

C of the PC card 106 that received this data
Under the control of the cryptographic control program A120, the PU 114 cryptographically processes the message using the cryptographic LSI 116 and the session key Ks on the RAM 118 to obtain a ciphertext. The obtained ciphertext is the interface A 115, the wireless transceiver 103, the wireless transceiver 102, and the LAN 10.
1, to the PC card 108 via the wireless transceiver 104 and the wireless transceiver 105.

Upon receiving this ciphertext, the PC card 108
Then, the session key Ks in the PC card 108 is used to decrypt the original message, and the result is decrypted by the user personal computer j.
Send to 109.

This embodiment brings about an advantage of key management using public key cryptography. That is, generally, n people each have a key file (a user i has a set of a secret key Si, a public key key Pi, an authenticator Qi, and a parent key P. Here, i = 1 to 1
n. ), Any two users perform encrypted communication, and communication privacy is protected for other users.

Next, a fourth embodiment of the present invention will be described.

FIG. 4 is a cryptographic communication system according to the fourth embodiment of the present invention. In this embodiment, the broadcast encryption communication between the three parties is made possible in the above-mentioned third embodiment. 4, the same numbers as those in FIG. 3 indicate the same things. In the following, a part different from the third embodiment will be described in detail.

In addition to the configuration shown in FIG. 3, the user personal computer h40 shown in FIG.
3, a PC card 401, a wireless transceiver 413, and a wireless transceiver 412 are provided. User personal computer h40
3 is connected to the LAN 101 via the PC card 401, the wireless transceiver 413, and the wireless transceiver 412.

In this embodiment, the user personal computer i10
7 to user personal computer j109 and user personal computer h
Broadcast encryption communication to 403 is realized as follows.

(1) Advance Preparation The advance preparation is performed as in steps 1 to 7 below when the system is set up.

Steps 1-5: Since the steps are the same as Steps 1-5 of the third embodiment, the description thereof will be omitted. Through steps 1 to 5, the encrypted key file information Ci303 is written on the floppy disk 110. Here, Ci = E (Ni + Km, Fi). The key file information Fi is the private key Si306, the public key Pi307, the authenticator Qi309, and the parent key P31.
Consists of zero. That is, Fi = Si || Pi || Qi ||
P. Also, the authenticator Qi309 is Qi = RS
Calculated by A (S, i || Pi).

Step 6-1: The key manager 113 sets the floppy disk 317 in the user's personal computer j109 to cause the user's personal computer j109 and the PC card 108 to perform the same processes as in the above steps 2 to 5. . As a result, the encrypted key file information Cj305 is written on the floppy disk 112. Here, Cj = E (Nj + Km, Fj). The key file Fj includes a secret key Sj312, a public key Pj313, an authenticator Qj315, and a master key P316. That is, Fj = Sj || Pj || Qj || P
Is. Also, the authenticator Qj315 is Qj = RSA.
It is calculated by (S, j || Pj).

Step 6-2: The key manager 113 sets the floppy disk 407 in the user personal computer j109 and causes the user personal computer j109 and the PC card 108 to perform the same processes as in the above steps 2 to 5.
Further, similarly, the floppy disk 407 is set in the user personal computer h403, and the user personal computer h403 and the PC card 401 are made to perform the same processing as the above steps 2 to 5. As a result, the encrypted key file information Cr 305 is written in both the floppy disk 112 and the floppy disk 405. Here, Cr = E (Nh + Km, Fr).

The key file Fr includes a secret key Sr408, a public key Pr409, an authenticator Qr410, and a parent key P41.
Consists of one. That is, Fr = Sr || Pr || Qr |
| P. Also, the authenticator Qr410 is Qr = RSA
It is calculated by (S, r || Pr).

Step 7: Floppy disk 110,
The floppy disk 112 and the floppy disk 404 are respectively a user i130 and a user j13.
1 and the user h406 store it somewhere safe.

(2) Cryptographic Communication After the system setup is completed, in daily business, the user i130 has a plurality of users having the role r, that is, the user j131 and the user h406.
When it becomes necessary to perform broadcast encryption communication with, the following steps 8 to 15 are performed.

Step 8: The user i130 takes out the floppy disk 110 from the storage location and sets it in the user personal computer i107. Similarly, the user j131
The floppy disk 112 is taken out from the storage location and set in the user personal computer j109. Similarly, the user h406 also takes out the floppy disk 404 from the storage location and sets it in the user personal computer h403.

Step 9: The user personal computer j109
The encrypted key file information Cr305 is read from the floppy disk 112.

Step 10: User personal computer j109
Cooperates with the PC card 108 to decrypt the encrypted key file information Fr305 and obtain the key file Fr. That is, Fr = D (Nj + Km, Cr).

Step 11: User personal computer j109
Sends the authenticator Qr415 to the user personal computer i107.

Step 12: Cryptographic control program B30
2 generates a session key Ks by generating a random number or the like,
Send to interface B117. Cryptographic control program A
301 receives the session key Ks, RAM118
Set to.

Step 13: User PC i107
Obtains data C414 as follows. That is, r || Pr = RSA (P, Qr) C = RSA (Pr, Ks). The user personal computer i107 uses the requested C414
User personal computer j109 and user personal computer h403
Broadcast to.

Step 14: The user personal computer j109 and the user personal computer h403 decrypt C304 to obtain the session key Ks. That is, RSA (Pr, Ks) = C Ks = RSA (Sr, RSA (Pr, Ks)). User computer j109 and user computer h4
03 uses the session key Ks for each PC card 10
Set to 8,401.

Step 15: Application program 124 of user personal computer i107 and user personal computer j
109 and the user personal computer h403, the session key K in the respective PC cards 106, 108, 401.
s is used for encrypted communication.

The operation on the side of the user personal computer i107 will be described in more detail. First, the application program 124 sends a message to be encrypted to the interface B117. Then, the CPU 114 controls the cryptographic LSI 11 under the control of the cryptographic control program A120.
6 and the session key Ks on the RAM 118, the message is encrypted and a ciphertext is obtained. The obtained ciphertext is transmitted by broadcast communication via the interface A115, the wireless transceiver 103, the wireless transceiver 102, and the LAN 101. The PC card 108 receives this ciphertext via the wireless transceiver 104 and the wireless transceiver 105. Similarly, the PC card 401, via the wireless transceiver 412 and the wireless transceiver 413,
Receive this ciphertext.

Upon receiving this ciphertext, the PC card 10
8 and the PC card 401 can be decrypted into the original message by using the internal session key Ks.

According to this embodiment, one-to-n broadcast encryption communication can be performed between n persons who are given a common key file in advance and one person who does not have a common key file.

FIG. 5 is a diagram showing a modification of the above-mentioned first embodiment. 5, the same numbers as in FIG. 1 indicate the same things. In the system of FIG. 5, an administrator personal computer 502 is provided, and the PC card 10 of FIG.
A PC card 501 having the same hardware configuration as that of No. 6 is connected to the administrator personal computer 502.

This modification is a modification relating to the advance preparation process of the first embodiment. In this modification, steps 1 to 5 of the first embodiment are replaced by the following.

Step 1-1: The key manager 113 operates the key management program 511 on the manager personal computer 502. The key management program 511 generates the encryption key Ku and sends the encryption key Ku to the interface B510.

Step 1-2: The encryption control program A 509 which has received the encryption key Ku performs the encryption process on the encryption key Ku using the encryption LSI 505, the device number Nm 506 and the master key Km 507, The encrypted key encryption key B513 is obtained. That is, B = E (Nm + Km, Ku).

Here, + represents an exclusive OR for each bit. Also, the cipher control program A 509 is the CPU 5
The processing is executed through the operation of 03. The encryption LSI 505 executes the calculation of the encryption function E (*, *).

The encryption control program A509 sends the encrypted key encryption key B513 and the device number Nm506 to the interface B510.

Step 1-3: Key management program 511
Is the encrypted key encryption key B513 and the device number Nm5.
06 is written on the floppy disk 512.

Step 2: The key manager 113 sets the floppy disk 512 in the user personal computer i107.

Step 3: Cryptographic control program B302
Is the encrypted key encryption key Bi513 and the device number Nm.
506 is received and sent to the interface B117.

Step 4: Cryptographic control program A301
Is the encrypted key encryption key B513 and the device number Nm5.
06, encryption LSI 116, device number Ni12
An encryption process is performed using 9 and the master key Km121 to obtain an encrypted key file Ci303. That is, Ku = D (Nm + Km, B) Ci = E (Ni + Km, Ku).

Here, + represents an exclusive OR for each bit. Further, the cipher control program A301 is the CPU1
Predetermined processing is executed through the operation of 14. The encryption LSI 116 executes the calculation of the encryption function E (*, *).

The cipher control program A301 sends the encrypted key file Ci303 to the interface B117.

Step 5: Encryption control program B302
Receives the encrypted key file Ci 303 and writes it to the floppy disk 110.

Subsequent operations are the same as step 7 onward in the first embodiment.

According to this modification, the floppy disk 51
2. In the user personal computer i107, the key encryption key Ku does not appear in plain text for a moment. In particular, in the first embodiment, the key encryption key Ku was present in the plaintext form in steps 2 and 3, but in the present modification, the key encryption key Ku is not in the plaintext form and is encrypted. Existing in the form of a key encryption key B513.

This is a desirable condition for constructing the encryption system, that is, an area considered to be strictly protected, that is, the PC card 501 and the administrator personal computer 502 on the administrator 113 side, and the user i13.
The condition that the key is not exposed in the naked form for a moment except for the 0 side PC card 106 is satisfied. As a result, the safety regarding protection of communication privacy is significantly improved.

The same modifications can be applied to the second, third, and fourth embodiments of the present invention to greatly improve the safety of communication privacy protection.

FIG. 7 shows another modification of the above-mentioned first embodiment. 7, the same numbers as in FIG. 1 indicate the same things. The difference between FIG. 7 and FIG. 1 is the interface to which the wireless transceivers 103 and 105 are connected. In FIG. 1, since the PC cards 106 and 108 function as a communication control device, the wireless transceivers 103 and 1
05 are connected to the interfaces of the PC cards 106 and 108, respectively. On the other hand, in FIG. 7, the functions of the communication control device are provided on the side of the personal computers 107 and 109, and the wireless transceivers 103 and 105 are directly connected to the personal computers 107 and 109.

The operation of the modification of FIG. 7 is the same as that of the embodiment of FIG. 1 described above. However, although communication between the personal computer i107 and the LAN 101 is performed via the PC card 106 in FIG. 1, the personal computer i107 is directly connected to the LAN 101 via the wireless transceivers 103 and 102 in FIG.
Communicate with. The same applies to the personal computer j side.

FIG. 9 shows another modification. The operation of the modification of FIG. 9 is similar to that of the embodiment of FIG. 1 described above. However, in FIG. 1, the part that executes the encryption is the PC card 106 externally connected to the personal computer 107, but in FIG. 9, the same function is realized by the board 106 mounted inside the personal computer 107. Further, in FIG. 7, the encrypted Ku 125 is held in the floppy 110, but in FIG. 9, it is held in the hard disk 110 connected to the personal computer 107. Further, although the transceiver 103 and the transceiver 105 communicate with each other via the LAN 101 in FIG. 7, in FIG.
It is possible to communicate directly without going through the LAN 101.

In the above embodiments and modifications, the terminal is connected to the LAN via the radio or directly connected, but it is also possible to connect by wire instead of wireless. The operation is the same.

[0166]

According to the present invention, the LAN encryption communication function can be realized while minimizing the addition of the gate amount for newly adding the encryption function in the PC card whose mounting capacity is relatively limited. Further, by using the LAN encrypted communication function, it is possible to realize an encrypted communication system having desirable characteristics for encrypted communication, that is, the load on the key management center is small and the one-to-n broadcast encrypted communication is easy. .

[Brief description of drawings]

FIG. 1 is a diagram showing a system according to a first embodiment of the present invention.

FIG. 2 is a diagram showing a system according to a second embodiment of the present invention.

FIG. 3 is a diagram showing a system according to a third embodiment of the present invention.

FIG. 4 is a diagram showing a system of a fourth exemplary embodiment of the present invention.

FIG. 5 is a diagram showing a modification of the first embodiment.

FIG. 6 is a diagram showing a format of data transmitted from a user personal computer to a PC card.

FIG. 7 is a diagram showing another modification of the first embodiment.

FIG. 8 is a diagram showing a conventional cryptographic communication method.

FIG. 9 is a diagram showing another modification of the first embodiment.

[Explanation of symbols]

101 ... Local area network LAN, 102 ... Wireless transceiver, 103 ... Wireless transceiver, 104 ... Wireless transceiver, 10
5 ・ ・ ・ Wireless transceiver, 106 ・ ・ ・ PC card, 107 ・ ・ ・ User PC i, 108 ・ ・ ・ PC card, 109 ・ ・ ・ User PC j, 110 ・
..Floppy disk, 111 ... Floppy disk, 11
2 ... Floppy disk, 114 ... CPU in PC card 106,
115 ... Interface A in PC card 106, 116 ... Cryptographic LSI in PC card 106, 117 ... Interface B in PC card 106, 118 ... RAM in PC card 106, 119 ...・ PC card 10
ROM in 6 120 ... Cryptographic control program in ROM 119 121 ...
..Master key Km in ROM119, 122 ... User computer j107
Cryptographic control program B, 123 ... Communication text C, 124 ... Application program in user personal computer j107, 12
5 ... Encrypted key encryption key in floppy disk 110, 126 ... Encrypted key encryption key in floppy disk 111, 127 ... Encrypted key in floppy disk 112 Encryption key, 128 ... Device number Nj, 1 in PC card 108
29: Device number Ni in ROM119.

Claims (18)

[Claims] 1. A cryptographic device equipped with a communication control function, which is mounted on a terminal body and used for inter-terminal cryptographic communication, comprising: first interface means for inputting / outputting data to / from a mounted terminal; Second interface means for connecting to a network and communicating with another terminal via the communication network; storage means for storing a master key and a unique number unique to the encryption device; and the first interface means When a secret key and an encryption instruction are input from the terminal via, the secret key is encrypted with the master key and a unique number, and the encrypted secret key is transmitted via the first interface means. Means for outputting to the terminal, and when the encrypted secret key and the decryption instruction are input from the terminal via the first interface means, Means for decrypting the encrypted secret key with the master key and unique number to obtain the secret key, storing the secret key, and generating a session key, and encrypting the generated session key with the secret key And transmits the encrypted session key to another terminal via the second interface means and the communication network, and performs encrypted communication with the other terminal using the session key. A cryptographic device comprising means. 2. An encryption device equipped with a communication control function, which is mounted on a terminal body and used for inter-terminal encrypted communication, comprising: first interface means for inputting / outputting data to / from the mounted terminal; Second interface means for connecting to a network and communicating with another terminal via the communication network; storage means for storing a master key and a unique number unique to the encryption device; and the first interface means When a secret key and an encryption instruction are input from the terminal via, the secret key is encrypted with the master key and a unique number, and the encrypted secret key is transmitted via the first interface means. Means for outputting to the terminal, and when the encrypted secret key and the decryption instruction are input from the terminal via the first interface means, Means for decrypting the encrypted private key with the master key and the unique number to obtain the private key, and storing the private key; and another terminal via the communication network and the second interface means. When an encrypted session key is input, a means for decrypting the encrypted session key using the secret key to obtain a session key, storing the session key, and the other means using the session key And a means for performing encrypted communication with the terminal of the encryption device. 3. The encryption device according to claim 1, wherein the storage unit storing the master key and the unique number is a read-only memory. 4. The encryption device according to claim 1, wherein the master keys having the same value are stored in a plurality of encryption devices that communicate with each other. 5. The transmission of the encrypted session key to another terminal and the transmission of the encrypted message to another terminal are transmissions to a plurality of terminals by broadcast communication. Cryptographic device as described. 6. The encryption device according to claim 1, wherein the session key encryption and decryption methods are public key encryption methods. 7. An encryption device equipped with a communication control function, which is mounted on a terminal body and used for inter-terminal encrypted communication, and a first interface means for inputting / outputting data to / from the mounted terminal, and communication. Second interface means for connecting to a network and communicating with another terminal via the communication network; storage means for storing a master key and a unique number unique to the encryption device; and the first interface means When a secret key and an encryption instruction are input from the terminal via, the secret key is encrypted with the master key and a unique number, and the encrypted secret key is transmitted via the first interface means. Means for outputting to the terminal, and when the encrypted secret key and the decryption instruction are input from the terminal via the first interface means, Means for decrypting the encrypted private key with the master key and the unique number to obtain the private key, and storing the private key, and an encrypted session key is input, and the session key is the public key encryption. Means for passing the encrypted session key and the secret key to an encryption function external to the encryption device and entrusting the decryption of the session key and storing the decryption result; An encryption device comprising means for performing encrypted communication with the other terminal using a key. 8. A terminal device equipped with the encryption device according to claim 1 and performing encrypted communication in cooperation with the encryption device, wherein a secret key and an encryption key possessed only by a key manager are prepared in advance. Means for inputting an encryption instruction to the encryption device, and as a result, outputting the encrypted private key returned from the encryption device to an external storage device, and when performing encrypted communication, the encryption of the external storage device is performed. The private key is read and input to the encryption device, and the encryption device decrypts the encrypted private key, generates the session key, encrypts the session key, and encrypts the session key. Means for instructing to send to another terminal, and means for inputting a message to be sent to another terminal to the encryption device and instructing to encrypt the message with the session key and to send the message. Special To the terminal device. 9. A terminal device equipped with the cryptographic device according to claim 2 and performing cryptographic communication in collaboration with the cryptographic device, wherein as a preliminary preparation, a secret key and a cryptographic key possessed only by a key manager. Means for inputting an encryption instruction to the encryption device, and as a result, outputting the encrypted private key returned from the encryption device to an external storage device, and when performing encrypted communication, the encryption of the external storage device is performed. The secret key is read and input to the encryption device, and means for instructing the encryption device to decrypt the encrypted secret key, and the encrypted message transmitted from another terminal are transmitted by the encryption device. And a means for receiving the decrypted message when the decrypted message is received and decrypted. 10. A first terminal i connected to a communication network via a first encryption device having a communication control function, and a first terminal i connected to the communication network via a second encryption device having a communication control function. A method for performing encrypted communication with the second terminal j, wherein, as a preliminary preparation, the secret key Ku owned only by the key manager is stored in the first terminal i.
, The first terminal i receives the input private key Ku
Is input to the first cryptographic device, the first cryptographic device encrypts using a master key Km unique to the system and a unique number Ni unique to the cryptographic device, which is stored in advance. A step of returning the encrypted secret key Ci to the first terminal i, and the first terminal i outputting the encrypted secret key Ci to an external storage device; and a secret possessed only by the key administrator. Use the key Ku for the second terminal j
And the second terminal j uses the input secret key Ku
Is input to the second cryptographic device, the second cryptographic device encrypts using a master key Km unique to the system and a unique number Nj unique to the cryptographic device, which is stored in advance. Returning the encrypted secret key Cj to the second terminal j, and the second terminal j outputting the encrypted secret key Cj to an external storage device. , In the first terminal i, the encrypted secret key C
reading i and sending it to the first cryptographic device; and in the first cryptographic device, the encrypted secret key Ci
Using the master key Km and the unique number Ni to obtain the secret key Ku, and in the second terminal j, the encrypted secret key C
reading j and sending it to the second cryptographic device, the encrypted secret key Cj being encrypted by the second cryptographic device.
Using the master key Km and the unique number Nj to obtain a secret key Ku, the first encryption device generates a session key Ks, and the generated session key Ks is the secret key Ku. Encrypted with
Transmitting the encrypted session key C to the second encryption device via the communication network; the second encryption device decrypts the received encrypted session key C with the secret key Ku. Session key K
An inter-terminal communication method comprising: a step of obtaining s; and a step of performing encrypted communication between the first terminal and the second terminal using the session key Ks. 11. A first terminal i connected to a communication network via a first encryption device having a communication control function, and a first terminal i connected to the communication network via a second encryption device having a communication control function. A method for performing encrypted communication with the second terminal j, in which a secret key Ku that should be possessed only by the key manager is generated by the administrator computer as a preparation, and the master key Km unique to the system is generated. And a device number Nm unique to the administrator computer, and the encrypted secret key B and the device number Nm are output to a first external storage device, and the first external storage device. To the first terminal i,
The encrypted secret key B and the device number Nm stored in the first external storage device are read out by the first terminal i and input to the first encryption device,
Of the encryption device decrypts the encrypted secret key B by using the master key Km unique to the system and the device number Nm which are stored in advance inside the encryption device to obtain the secret key Ku, and the secret key Ku Is encrypted using the master key Km and a unique number Ni unique to the encryption device, and the encrypted secret key Ci is returned to the first terminal i, and the first terminal i is encrypted. Outputting the secret key Ci to a second external storage device, connecting the first external storage device to the second terminal j,
The encrypted secret key B and the device number Nm stored in the first external storage device are read by the second terminal j and input to the second encryption device,
Of the encryption device decrypts the encrypted secret key B by using the master key Km unique to the system and the device number Nm which are stored in advance inside the encryption device to obtain the secret key Ku, and the secret key Ku Is encrypted using the master key Km and a unique number Nj unique to the encryption device, the encrypted secret key Cj is returned to the second terminal j, and the second terminal j is encrypted. And outputting the secret key Cj to the third external storage device. When performing encrypted communication, in the first terminal i, the encrypted secret key Ci from the second external storage device is transmitted. Reading and sending the encrypted secret key Ci to the first cryptographic device;
Using the master key Km and the unique number Ni to obtain the secret key Ku, and in the second terminal j, the encrypted secret key Cj from the third external storage device. Reading and sending to the second encryption device, the encrypted secret key Cj in the second encryption device
Using the master key Km and the unique number Nj to obtain a secret key Ku, the first encryption device generates a session key Ks, and the generated session key Ks is the secret key Ku. Encrypted with
Transmitting the encrypted session key C to the second encryption device via the communication network; the second encryption device decrypts the received encrypted session key C with the secret key Ku. Session key K
An inter-terminal communication method comprising: a step of obtaining s; and a step of performing encrypted communication between the first terminal and the second terminal using the session key Ks. 12. A cryptographic device with a communication control function, which is mounted on a terminal body and used for inter-terminal cryptographic communication, comprising: first interface means for inputting / outputting data to / from a mounted terminal; Second interface means for connecting to a network and communicating with another terminal via the communication network; storage means for storing a master key and a unique number unique to the encryption device; and the first interface means When the encrypted private key and the decryption instruction are input from the terminal via the terminal, the encrypted private key is decrypted with the master key and a unique number to obtain the private key, and the secret A means for storing a key, a session key is generated, the generated session key is encrypted with the secret key, and the encrypted session key is stored in the second Means for transmitting to another terminal via the over face means and the communication network, the cryptographic apparatus characterized by comprising a means for performing encrypted communication with the other terminal using the session key. 13. A cryptographic device having a communication control function, which is mounted on a terminal body and used for inter-terminal cryptographic communication, comprising: first interface means for inputting / outputting data to / from a mounted terminal; Second interface means for connecting to a network and communicating with another terminal via the communication network; storage means for storing a master key and a unique number unique to the encryption device; and the first interface means When the encrypted private key and the decryption instruction are input from the terminal via the terminal, the encrypted private key is decrypted with the master key and a unique number to obtain the private key, and the secret When the encrypted session key is input from another terminal via the means for storing the key and the communication network and the second interface means, Means for decrypting the encrypted session key using a secret key to obtain the session key, and means for storing the session key; and means for performing encrypted communication with the other terminal using the session key. An encryption device comprising: 14. A cryptographic device mounted on a terminal body for use in inter-terminal cryptographic communication, comprising a first interface means for inputting / outputting data to / from a mounted terminal, a master key and a cryptographic device. When a secret key and an encryption instruction are input from the terminal through the storage unit that stores the unique number and the first interface unit, the secret key is encrypted with the master key and the unique number. Means for returning the encrypted secret key to the terminal via the first interface means, and an instruction for the encrypted secret key and decryption from the terminal via the first interface means. When input, the encrypted private key is decrypted with the master key and the unique number to obtain the private key, a means for storing the private key, and a session key are generated. Together, the generated session key is encrypted with the secret key, a means for returning the encrypted session key to the terminal, and a message and an encryption instruction are input from the terminal via the first interface means. And a means for encrypting the encrypted message with the session key and returning the encrypted message to the terminal. 15. A terminal device equipped with the encryption device according to claim 14 and performing encrypted communication in cooperation with the encryption device, wherein a secret key and an encryption key possessed only by a key manager are prepared in advance. Means for inputting an encryption instruction to the encryption device, and as a result, outputting the encrypted private key returned from the encryption device to an external storage device, and when performing encrypted communication, the encryption of the external storage device is performed. A means for reading out the private key and inputting it to the encryption device, and for instructing the encryption device to decrypt the encrypted private key, generate a session key, and encrypt the session key; A means for transmitting the encrypted session key returned from the terminal to another terminal with which communication is to be performed, and a message to be transmitted to the other terminal is input to the encryption device to obtain the encrypted message, and the other terminal Send to A terminal device comprising: means for communicating. 16. A cryptographic device mounted on a terminal body for use in inter-terminal cryptographic communication, comprising: first interface means for inputting / outputting data to / from a mounted terminal; a master key and a cryptographic device. When a secret key and an encryption instruction are input from the terminal through the storage unit that stores the unique number and the first interface unit, the secret key is encrypted with the master key and the unique number. Means for returning the encrypted secret key to the terminal via the first interface means, and an instruction for the encrypted secret key and decryption from the terminal via the first interface means. When input, the encrypted secret key is decrypted with the master key and the unique number to obtain the secret key, a means for storing the secret key, and the first interface. When the encrypted session key is input via the access means, the encrypted session key is decrypted with the secret key, the means for storing the obtained session key, and the first interface means are used. A cryptographic device comprising means for decrypting with the session key when an encrypted message is input from the terminal and returning the decrypted message to the terminal. 17. A terminal device equipped with the encryption device according to claim 16 and performing encrypted communication in cooperation with the encryption device, wherein a secret key and an encryption key possessed only by a key manager are prepared in advance. Means for inputting an encryption instruction to the encryption device, and as a result, outputting the encrypted private key returned from the encryption device to an external storage device, and when performing encrypted communication, the encryption of the external storage device is performed. When a secret key is read and input to the encryption device, a means for instructing the encryption device to decrypt the encrypted secret key, and an encrypted session key from another terminal are received, A means for inputting the encrypted session key to the encryption device and instructing decryption, and when an encrypted message transmitted from another terminal is received, the encrypted message is transferred to the encryption device. Enter the device And a means for instructing the decryption to receive the decrypted message, and a means for receiving the decrypted message. 18. A first interface means mounted on a terminal body for inputting and outputting data to and from the terminal, and for connecting to a communication network to communicate with another terminal via the communication network. A communication control device comprising second interface means, storage means for storing a master key unique to the system and a device unique number unique to the communication control device; and the terminal via the first interface means. When the private key and the encryption instruction are input from the device, the private key is encrypted with the master key and the device unique number, and the encrypted private key is output to the terminal via the first interface means. Means for inputting the encrypted secret key and a decryption instruction from the terminal via the first interface means. The secret key is decrypted with the master key and the device unique number to obtain the secret key, a means for storing the secret key, a session key is generated, and the generated session key is encrypted with the secret key, A means for transmitting the encrypted session key to another terminal via the second interface means and the communication network; and an encryption from another terminal via the communication network and the second interface means. When the session key is input, the secret key is used to decrypt the encrypted session key to obtain the session key, the means for storing the session key, and the terminal via the first interface means. Message and send instructions from, encrypt with the session key and The means for transmitting to another terminal via the second interface means and the communication network; and the encrypted message when the encrypted message is input from the other terminal via the communication network and the second interface means. And a means for decrypting the encrypted message with the session key to obtain the message, and outputting the obtained message to the terminal via the first interface means.