JPH0918473A - Data transmitter - Google Patents

Abstract

PURPOSE: To keep the secrecy of data even if the data is intercepted by rearranging packet data to be transmitted in a random order on purpose, ciphering only the transmission control information part of a fixed length, transmitting the part and decoding the part in a reception control part. CONSTITUTION: The packet data for which a transmission request is performed from a packet transmission order control part 11 is located at the head of a packet and only communication control information 611 having shorter fixed length as compared with the whole of packet data is ciphered. Namely, only the communication control information 611 transmitted by a ciphering device 60 is ciphered, ciphering communication control information 621 is generated, a user data area 612 is used as it is and ciphered packet data 62 is generated. This ciphered packet data 62 is transmitted from a transmission side data transmitter 1 and is transmitted to a network 5 to be connected by radio or a wire. The packet data transmitted by this network 5 is notified to a reception side data transmitter 2, is transmitted to the decoding part 4 of a data reception control part 20 and the decoding of the ciphered part is performed.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data transmission device for transmitting packet data using a wireless or wired transmission line.

[0002]

2. Description of the Related Art FIG.
3 is a configuration example of a cryptographic processing method in packet communication shown in 3, wherein 100 is a transmitting side packet terminal device, and 101
Is an encryption unit, 102 is a key storage unit, and 103 is a packet assembly unit. 110 is a receiving-side packet terminal device, 111 is a decryption unit, 112 is a key storage unit, and 113 is a packet decomposition unit. Reference numeral 120 denotes a packet terminal device 100 on the transmitting side and a packet terminal device 110 on the receiving side.
It is a packet-switched network that transmits packets between.

Next, the operation will be described. When the transmitting-side packet terminal device 100 encrypts and transmits data,
The data is transmitted to the encryption unit 101, the key identification code is extracted from the key table provided in the key storage unit 102, and the transmitted data is encrypted using a required initial value. The sender identification code that identifies the terminal itself, the key identification code, the required initial value, and the encrypted data are transmitted to the packet assembling unit 103. The packet assembling unit 103 adds a data length to the transmitted sender identification code, key identification code, required initial value and encrypted data, assembles a packet, and transmits the packet to the packet switching network 120. Receiving side packet terminal device 110
When the packet is received from the packet switching network 120,
The packet disassembly unit 113 disassembles the packet and transmits the sender identification code and the key identification code included in the data section to the key storage unit 112, and at the same time, the initial value and the encrypted data are decrypted by the decryption unit 11
Transmit to 1. The key storage unit 112 extracts the same key as the key used in the transmitting-side packet terminal device 100 from the sender identification code and the key identification code, and transfers it to the decryption unit 111. The decryption unit 111 decrypts the encrypted data using the initial value transmitted from the packet decomposition unit and the key transmitted from the key storage unit, and the data in the transmitting packet terminal device 100 is obtained.

[0004]

As described above, the conventional data transmission device using the encryption processing method in the data communication is as follows.
Since it is necessary to encrypt the data to be transmitted, when transmitting long data or data with a large traffic volume, the encryption process at the data transmission device on the transmission side becomes large, and the transmission at the device on the transmission side becomes large. There is a problem that the processing delay is increased and at the same time the processing addition of the CPU and the like in the transmission side device is increased. Also, the decoding process is increased in the reception side data transmission device, and at the same time the transmission processing delay in the reception side device is increased. There is a problem that the processing load of the CPU and the like in the receiving side device is increased.

The present invention has been made in order to solve the above problems, and in order to prevent the leakage of communication data on a transmission line, the data encryption portion which has a large amount of processing and causes a transmission delay is limited. Moreover, it is an object of the present invention to realize communication in which user data is kept secret by a simple method that does not rely on encryption.

[0006]

In the data transmission apparatus according to the present invention, the transmission side data transmission apparatus has a function of selecting and encrypting communication control information defined by a communication protocol used for data transmission. , The packet data having the encrypted communication control information as the head can be transmitted, and the receiving side data transmission device has a function of selecting and decoding the communication control information at the head of the received packet data, It is configured so that the reception protocol processing can be performed on the packet data in which the communication control information is decoded.

The transmission side data transmission apparatus generates packet data in which a transmission sequence number is added to communication control information by communication protocol processing for the generated transmission request user data, and generates the generated packet data until an appropriate packet transmission timing. It is configured to have a hold function so that a plurality of packet data held at the transmission timing can be rearranged in a random order and sent, and the receiving side data transmission device adds the packet data to the communication control information of the received packet data. By the transmission sequence number, the transmission side data transmission apparatus has a function of returning to the order in which the transmission request user data is generated, so that the reception side data can be transferred in the correct order.

In the data transmission device on the transmission side, packet data in which a transmission sequence number is added to communication control information is generated by transmission protocol user data for the generated transmission request user data, and a random transmission delay is generated with respect to the generated packet data. It has a function to determine the time, and by transmitting the packet data after the specified delay time has elapsed, the packet data can be rearranged in a random order and then transmitted. A function to restore the order in which the transmission request user data was generated in the transmission side data transmission device by the transmission sequence number added to the communication control information of the packet data, so that it can be transferred in the correct order to the receiving side outpatient user. Is.

In a data transmission apparatus that realizes packet data transmission / reception by a communication protocol that allows fixed length data information for transmitting generated transmission request user data and variable length packet data for transmission of short communication control information, The data transmission device on the side is configured to add random data to the packet data of the data information and the communication control information transmitted by the protocol processing so that the packet data has a fixed length, and to transmit the data on the receiving side. The apparatus is configured to have a function of recognizing the communication control information based on the control information of the received packet data of the same length and at the same time recognizing the presence or absence of user data and processing.

Assembling of a plurality of sub data areas capable of storing a plurality of sub user data as packet data transmitted between the transmitting side data transmitting apparatus and the receiving side data transmitting apparatus and the sub user data stored in each sub data area. An assembly sequence number area is provided as control information for storing the sequence, and a function of dividing the transmission request user data generated in the transmission side data transmission device into sub user data of a certain length is provided, and the sub data area of the packet data is randomized. The receiver side data transmission device is configured to have a function of storing the registered order in the assembling order number area at the same time as it is registered in, and to transmit according to a communication protocol for transmitting packet data including a sub data area and communication control information. Receives packet data according to the communication protocol and communicates the packet data. By assembling the storage sub-user data in the sub data area in this order by the assembly sequence number information area in the control information, which is constituted so as to restore the original user data.

The packet data transmitted between the transmitting-side data transmitting apparatus and the receiving-side data transmitting apparatus has a plurality of sub-data areas capable of storing a plurality of sub-user data. Each has a random number generation function based on the same algorithm, and a function to notify the initial value that is the source of random number generation as communication control information between the transmission side data transmission device and the reception side data transmission device, and to confirm delivery by the response The sub-data area of the packet data determined by the random number generated by the built-in random number generation function by providing the function of dividing the transmission request user data generated into the sub-user data of a fixed length To send the completed packet data according to the communication protocol. However, the receiving-side data transmission device receives the packet data according to the communication protocol, and by assembling in order from the sub-user data registered in the sub-data area in the packet data determined by the random number generated by the built-in random number generation function, It is configured to restore the original user data.

The data transmission device on the transmitting side is provided with a function of generating random key information for each user data packet to be transmitted, and the key information is used to perform a simple reversible conversion (for example, exclusive exclusion) for each sub-user data. Logical sum)
Is configured to have the function of transmitting the key information as a part of the communication control information, and the receiving side data transmission device transmits the received user data packet as the communication control information. And a function for recognizing the key information, and a function for performing simple reverse conversion (for example, exclusive OR) for each sub-user data by using the key information. It is configured to restore the same sub-user data.

[0013]

In the data transmission apparatus according to the present invention, the data transmission apparatus can be realized by limiting the encryption processing and the decryption processing, which have a large data processing load, to only a part of the transmission data, and by implementing other user data concealment means. High throughput can be realized with a small processing load. A data transmission device having a communication form that can be easily intercepted by a third party such as wireless data transmission, or a communication form that can be easily intercepted by a third party having specific knowledge and technology such as wired LAN or public network communication. By applying the above, it is possible to easily and economically realize the communication in which the user data is kept secret.

[0014]

【Example】

Embodiment 1 FIG. FIG. 1 shows an embodiment of a network of data transmission devices configured according to the present invention, 1 and 2 are data transmission devices according to the present invention, and 3 is a data transmission control unit in the data transmission devices 1 and 2. Reference numeral 4 is a data reception control unit in the data transmission devices 1 and 2, and reference numeral 5 is a network connected by wireless or wire. Reference numeral 10 is an encryption unit in the data transmission control unit 3, 11 is a packet transmission order control unit, 12 is a packet data reconstruction unit, 13 is a transmission protocol control unit, and 14 is a user data order conversion unit. Is. 20
Is a decoding unit in the data reception control unit 4, 21 is a packet reception order control unit, 23 is a reception protocol control unit, and 24 is a user data assembling unit.

Next, the operation will be described. As shown in FIG.
When data is transmitted from the data transmission device 1 to the data transmission device 2 via the wireless or wired network 5, the transmission side data transmission device 1 transmits from an externally connected device or an application in the data transmission device. Request user data is generated. The generated transmission request user data is transmitted to the user data order conversion unit 14 in the data transmission control unit 3.

When the user data is transmitted in a packet of a certain size or more, when the third party intercepts the packet, it is necessary to pay attention only to the contents of the packet which seems to be transmitting the user data. Will be leaked. The user data order conversion unit 14 divides the user data unit of the packet to be transmitted into smaller sub-users and rearranges them at random to prevent leakage of user data to a third party.

Next, one embodiment of the user data order conversion unit 14 will be specifically described with reference to FIG. 30 is generated transmission request user data, 31 is a format example of a user data packet defined to transmit data, and 34 is a random number generator. The transmission request user data 30 is decomposed into sub-user data 301, 302, 303 to 30X in order to conceal the user data by randomizing the construction order in the packet data. The user data packet 31 is composed of a user data area 32 and communication control information 33. The user data area 32 has a plurality of sub data areas 321, 322, 323 to 32 capable of storing divided sub user data 301 to 30X.
The communication control information 33 is composed of Y, and the communication control information 33 is an assembly sequence number area 332 showing the correspondence between the protocol information area 331 used in the communication protocol, the packet data storage sequence of the decomposed sub-user data, and the sequence in the original user data 30.
Consists of

First, the transmission request user data 30 is decomposed into sub user data 301 to 30X having a size that can be stored in the sub data areas 321 to 32Y of the packet data 31. Next, the top 301 of the decomposed sub-user data
From the random number generator 34, and the user data area 32 of the packet data 31 is assigned by the random number.
In which of the sub-data areas 321 to 32Y it is to be stored is determined. For example, the random number generator 34 may range from 0.0 to 1.
When the number of sub data areas of the packet data 31 is Y, the sub data area 321 is assigned when the generated random number is 0 / Y to 1 / Y, and 1/0 is assigned. The sub data area 322 is assigned when Y to 2 / Y, and the sub data area 32Y is assigned when (Y-1) / Y to Y / Y. If the sub data area indicated by the random number has already been allocated,
The random number is generated again and the sub data area to store is determined.

After determining the sub data area for storing the sub user data 301 to 30X, the packet data 3
The sub data area numbers to which the sub user data are allocated are registered in order from the beginning of the assembly sequence number area 332 in the communication control information 33 of No. 1. For example, when the first sub-user data 301 is stored in the third sub-data area 323, it is indicated as 3 to indicate that it is the third sub-data area at the beginning of the assembly sequence number area 332. Also,
In order to convey the user data length of the transmission request user data 30, the user data length may be indicated in the communication control information 33. Further, if the transmission request user data 30 does not fit in one packet data 31, a continuation bit indicating that the continuation of the transmission request user data is notified by the continuous packet data is shown in the communication control information 33. Good.

Another embodiment of the user data order conversion unit 14 will be described with reference to FIG. Reference numeral 30 is the generated transmission request user data similar to FIG. 2, reference numeral 35 is a data format example of a user data packet defined to transmit the data, and reference numeral 37 is a random number capable of generating a random number of the same series by a certain radix. It is a generator. 38 is a radix communication packet for notifying the radix used by the random number generator 37 from one data transmission device to the other data transmission device, and 39 is a radix response packet indicating acceptance of the radix notification packet. The radix notification packet 38 is composed of communication control information 381 indicating that it is a radix notification packet and a radix part 382 indicating the radix to be notified. The radix response packet 39 includes communication control information 391 indicating that it is a radix response packet and a radix part 392 indicating the notified radix. The user data packet 35 includes a user data area 32 and communication control information 35, and the communication control information 35 includes a protocol information area 331 used in a communication protocol.

First, prior to user communication, the radix used by the random number generator 37 in one of the data transmission devices is determined, and the radix generated as the radix notification packet 38 is shown in the radix part 382 and transmitted to the partner data transmission device. The partner data transmission device receives the radix notification packet 38, initializes the random number generator 37 with the notified radix, and at the same time, indicates the radix notified as the radix response packet 39 to the radix part 392 to notify the data transmission device of the notification source. Send to.
The notification source data transmission device receives the radix response packet 39 and initializes the random number generator 37 with the notified radix. With such a sequence, the transmission-side data transmission device and the reception-side data transmission device can configure a random number generator that generates random numbers in the same series.

Next, the transmission request user data 30 is decomposed into sub user data 301 to 30X of a size which can be stored in the sub data areas 321 to 32Y of the packet data 31. Further, the top 30 of the decomposed sub-user data
A random number is sequentially assigned from the random number generator 37 from 1, and the user data area 3 of the packet data 35 is assigned by the random number.
In which sub data area 321 to 32Y in 2 is to be stored is determined. When the sub data area indicated by the random number has already been allocated, the random number is generated again to determine the sub data area to be stored. Since the receiving-side data transmission device can generate random numbers in the same sequence as the transmitting-side data transmission device, it is not necessary to notify in which sub-data area 321 to 30Y the sub-user data 301 to 30X are stored for each packet data. Absent. Further, the user data length may be shown in the communication control information 33 in order to convey the user data length of the transmission request user data 30. Also,
The transmission request user data 30 is one packet data 31.
If not, the continuation bit indicating that the continuation of the transmission request user data is notified by the continuous packet data may be indicated in the communication control information 33.

Still another embodiment of the user data order conversion unit 14 will be described with reference to FIG. 30 is the generated transmission request user data similar to FIG. 2, 47 is the data format example of the user data packet defined to transmit the data, and 45 is the key information generator for converting the sub user data. A reference numeral 46 is a sub-user data converter that performs simple reversible conversion such as exclusive OR with respect to the sub-user data based on the generated key information. The packet data 47 for transmitting user data is composed of a user data area 32 and communication control information 48, and the communication control information 48 stores a key information area 49 for storing key information used for sub user data conversion of the corresponding user data packet. Have.

First, when a transmission request for the transmission request user data 30 is made, key information is generated by the key information generator 45 and registered in the sub user data converter 46. Next, the sub-user data 30 transmitted as shown above
When storing 1 to 30X in the sub data areas 321 to 32Y in the user data packet 47, each sub user data 301 to 30X is converted by the sub user data converter 46, for example, simple conversion such as exclusive OR with key information. Is performed, and the converted sub user data is stored in each of the sub data areas 321 to 32Y. Further, the key information is stored in the key information area 49 in the communication control information 48 of the user data packet 47 and notified to the user data assembling unit of the receiving side data transmission device.

The packet data in which the user data has been converted in order by the user data order conversion unit 14 for each sub-user data is transmitted to the transmission protocol control unit 13 in the data transmission control unit 3.

In the protocol control section 13, a sequence number is added to packet data for transmitting user data between the transmitting side data transmitting apparatus 1 and the receiving side data transmitting apparatus 2,
Transmission protocol control unit 13 and reception protocol control unit 2
Communication control packets such as delivery confirmation and resend request between 3 are prepared and transmitted to the application requesting user data transmission in the correct order without loss of user data. The reception protocol control unit 23 realizes order control of packet data. Therefore, even if the sequence number added to the packet data is received in reverse, the reception protocol control unit 2 waits for the reception of the packet data having the missing sequence number, restores it to the correct sequence, and receives it.
3, the reception protocol control can be realized, and the user data can be notified in the correct order.

The packet data subjected to the protocol processing in the transmission protocol control unit 13 is transmitted to the packet data reconstructing unit 12 in the data transmission control unit 3. The maximum allowable packet length is defined by the communication protocol realized between the transmission side data transmission device 1 and the reception data transmission device 2. As a packet requested to be transmitted from the transmission protocol control unit 13, a user data packet for transmitting user data is transmitted with a maximum packet length with good transmission efficiency, and the communication control information has a small amount of information. It is transmitted in control packets. Since the user data packet and the communication control packet have different data lengths,
When the third party intercepts the packet transmission status, the packet including the user data or the packet including only the communication control information can be easily identified by the packet data length.
In the packet data reconstructing unit 12, the packet to be transmitted is added with random data so as to be fixed-length packet data without distinction between the communication control packet and the user data packet, so that the user data packet from the third party, Makes it difficult to identify communication control packets.

Next, referring to FIG. 5, a specific example of the packet format handled by the packet data reconstructing unit 12 in the embodiment of the present invention will be described with reference to FIG. 40 is an example of a transmission packet format of a fixed length communication control packet, 41 is an example of a transmission packet format of a variable length communication control packet, 42 is an example of a transmission packet format of a fixed length user data packet, and 43 is It is an example of a transmission packet format of a variable-length user data packet.

When a communication control packet is requested to be transmitted from the transmission protocol control unit 13, the communication control packet is shorter than the maximum length that can be transmitted by the corresponding communication protocol regardless of whether the communication control information has a fixed length or a variable length. Since it is a packet, the packet data 40 and 41 added with random data so as to have the maximum length are reconfigured and a transmission request is made.
When a user data packet is requested to be transmitted from the transmission protocol control unit 13, if the protocol handles fixed-length user data packets, the user data packet is the maximum length packet that can be transmitted by the corresponding communication protocol. A transmission request is made as packet data 42 without adding. In the case of a protocol that handles variable-length user data packets, if the user data packet is a user data packet that is shorter than the maximum length that can be transmitted by the corresponding communication protocol, random data is added so that the packet data 43 has the maximum packet length. As a transmission request.

A valid data length is not necessary for a communication control packet having a fixed valid information length or a user data packet having user data of the maximum allowable length, but a communication control packet having a variable data length or less than the maximum allowable length. When transmitting a user data packet having the user data of, the effective data length is added as communication control information and a transmission request is made.

The transmission packet data reconstructed to the same packet length by the packet data reconstruction unit 12 is transmitted to the packet transmission order control unit 11 in the data transmission control unit 3. Data transmission device 1 on transmission side and data transmission device 2 on reception side
When packet data is transmitted between the third party and the third party, by intercepting the order of the transmitted packets, it is possible to infer the flow of user data and the flow of communication control. This packet transmission order control unit 11 intentionally reverses the order of the packets to be transmitted, thereby
Make it difficult for a person to recognize the flow of packet data.

An embodiment of the transmission packet order controller 11 will be described with reference to FIG. Reference numeral 50 is a packet holding queue for holding the packet data requested to be transmitted from the packet data reconstructing unit 12, 511 to 51X is the transmission waiting packet data requested to be transmitted, and 52 is the timing for transmitting the packet data. Periodic timer, 5
A random number generator 3 determines the order of packet data to be transmitted. The packet data 511 to 51X requested to be transmitted from the packet data reconstructing unit 12 is transmitted to the transmission packet order control unit 11, and the transmission sequence number areas 541 to 54X in the communication control information are assigned with the sequence numbers at the time of transmission. It is added and once stored in the packet queue 50.
The transmission packet order control unit 11 operates the cycle timer 22 that generates an appropriate packet transmission timing in consideration of the packet transmission frequency, the allowable transmission delay of packet data, etc., and periodically starts the packet transmission processing. At the packet transmission timing, a random number generated by the random number generator 53 is sequentially assigned from the first packet data 511 lined up in the packet queue 50, and a random number is assigned to all the transmission-waiting packet data. It is assumed that transmission requests are made in order from the packet data that the user has.

Another embodiment of the transmission packet order controller 11 will be described with reference to FIG. Reference numeral 55 is a packet holding queue for holding the packet data requested to be transmitted from the packet data reconstructing unit 12, 561 to 56X are packet transmission waiting packet data requested to be transmitted, and 57.
Is a timer that generates the transmission timing of each packet data, and 58 is a random number generator that determines the order of the packet data to be transmitted.

The packet data 561 requested to be transmitted from the packet data reconstructing unit 12 is transmitted to the transmission sequence number areas 541 to 54X in the communication control information in the order of transmission at the timing notified to the transmission packet sequence control unit 11. A time sequence number is added, a random number is generated by the random number generator 57, and the transmission delay time is determined from, for example, 0 seconds to the maximum allowable delay time. Next, in order to create the transmission timing after the determined transmission time, the timer 57 in which the transmission delay time is set is activated, the activated timer identification number is registered in the transmission request packet data 561, and it is retained in the suspension queue 55. Also when the next packet data 562 requested to be transmitted is received, the transmission delay time is similarly determined, the timer 57 is activated, and the packet data 56 is transmitted.
2 is held in the hold queue. When the timer 57 times out, the packet data having the timer identification number is detected from the hold queue 55, and the transmission request is sequentially made from the packet data.

The packet data in which the packet transmission order is randomly rearranged by the packet transmission order control unit 11 is
The data is transmitted to the encryption unit 3 in the data transmission control unit 3. Communication between the transmission side data transmission apparatus 1 and the reception side data transmission apparatus 2 does not include long variable length user data for encryption, but communication control information including a user data sequence number, delivery confirmation information, and retransmission information. By encrypting only the fixed length, the amount of encryption / decryption processing with a large processing load is reduced, and it becomes difficult for a third party to recognize the packet data control.

FIG. 8 shows an embodiment of the encryption unit 10.
It will be specifically described based on. 60 is an encryption device, and 6
1 is packet data notified from the packet transmission order control unit 11, and is composed of communication control information 611 and a user data area 612. Reference numeral 62 denotes encrypted packet data generated by the encryption unit, which is composed of encrypted communication control information 621 and user data area 622.

The packet data requested to be transmitted by the packet transmission order control unit 11 is located at the head of the packet, and only the communication control information 611 having a fixed length shorter than the entire packet data is encrypted. The communication control information 611 includes channel information for identifying a logical channel of communication, packet data type information indicating whether the packet data is user data transfer, delivery confirmation information, a resend request, or the like. An identifier or number required for communication protocol processing, such as a sequence number indicating the protocol processing order of each packet data, is included. In addition, if necessary, FIG.
The assembly sequence number area 332 indicated by, the data length of the entire user data, the continuation bit, the effective data length in the packet data, and the like may be included. Only the communication control information 611 transmitted by the encryptor 60 is encrypted, encrypted communication control information 621 is generated, the user data area 612 is used as it is, and encrypted packet data 62 is generated. This encrypted packet data 62 is transmitted to the data transmission device 1 on the transmission side.
From the network 5 and is transmitted to the network 5 connected wirelessly or by wire.

The packet data transmitted by the network 5 connected wirelessly or by wire is notified to the data transmission device 2 on the receiving side, and the decoding unit 4 of the data reception control unit 20.
Is transmitted to In the decryption unit 20, the network 5
The packet data that has been encrypted and transmitted in the packet is decrypted.

An embodiment of the decoding unit 20 will be specifically described with reference to FIG. Reference numeral 63 is a decoder, 62 is packet data received from the network 5, encrypted communication control information 621 and user data area 642.
It is composed of 64 is the restored packet data generated by the decoding unit, and is composed of the decoded communication control information 641 and the user data area 642. In the packet data received from the network 5, only the fixed length encrypted communication control information 621 located at the head of the packet is decrypted by the decryptor 63 to generate decrypted communication control information 641. User data area 6
22 is used as it is, the decoded packet data 64 is generated, and the decoded packet data is used as the data reception control unit 2.
It is transmitted to the packet reception order control unit 21 within 0.

The packet data decrypted by the decryption unit 20 is the packet data transmitted in the data transmission sequence control unit 11 of the transmission side data transmission apparatus 1 with the sequence intentionally changed to the data reception sequence control unit 21. In order to rearrange the original transmission order.

An embodiment of the reception packet order control unit 21 will be specifically described with reference to FIG. 70 is the decoding unit 20
Is a packet order queue for controlling the order of the received packet data notified from 711 to 71X is the received packet data, and 721 to 72X is the transmission order added in the communication control information of the packet data 711 to 71X. It is a number.

The received packet data 711 is referred to by the transmission sequence number 721 in the decrypted communication control information,
If the number is not expected to be received, it is held in the packet order queue 70. When registering the packet data in the packet order queue 70, the ascending order is set according to the transmission order control number of each packet data. If the transmission sequence number 722 of the received packet data 712 is the transmission sequence number that is expected to be received, it is transmitted to the reception protocol control unit 23 as it is, and the number that is expected to be received is updated by one. Further, it is determined whether or not the transmission sequence number of the smallest pending packet data at the head of the packet sequence queue 70 is the number expected to be received next. If the transmission sequence number of the youngest hold packet data is the number expected to be received, the packet data is transmitted to the reception protocol control unit 23, the number expected to be received is updated by one, and the packet is again received. , Confirm until there is no packet data expected to be received from the packet order queue 70. In this way, the transmission order number added to the packet data and the packet order queue 70 are used to restore the original transmission order of the received packet data.

The packet data whose original reception order is restored by the reception packet order control unit 21 recognizes an effective packet data length from the communication control information of the packet data, and at the same time performs the reception protocol processing. .

An embodiment of the packet format handled by the reception protocol control unit 23 will be described with reference to FIG.
40 is an example of a transmission packet format of a fixed length communication control packet, 41 is an example of a transmission packet format of a variable length communication control packet, 42 is an example of a transmission packet format of a fixed length user data packet, and 43 is It is an example of a transmission packet format of a variable-length user data packet. Received packet order controller 21
The packet data transmitted from the reception protocol control unit 23 to the reception protocol control unit 23 refers to the packet data type of the communication control information and transmits only the communication control information.
0, 41 or user data packets 42, 43 for transmitting user data are identified. If it is a communication control packet, it further identifies the fixed length communication control packet 40 or the variable length communication control packet 41. If it is the fixed length communication control packet 40, it is added after the valid communication control information. The added random data is ignored and the reception protocol processing is performed. When the communication control information has a variable length, the effective data length in the communication control information is referred to, and the random data added after that is ignored, and the reception protocol processing is performed.

If the received packet data is a user data packet, the protocol handles only fixed length user data packets. If the user data packet has the maximum length, no random data is added. Therefore, the reception protocol processing is performed as it is. Even if the protocol handles only fixed-length user data packets, the packet data reconstructing unit 12 on the transmission side
If the fixed-length random data is added in, the fixed-length random data is deleted and the reception protocol process is performed. When the protocol handles a variable-length user data packet, the effective data length in the communication control information is referred to, the random data added after that is deleted, and the reception protocol processing is performed. In this way, the random data added to the packet data reconstructing unit 12 of the transmission side data transmission apparatus 1 is clarified before the reception protocol control is performed, and the reception protocol processing is performed. The packet data whose reception is confirmed by the reception protocol process is transmitted to the user data assembling unit 24.

Data which has been confirmed by the reception protocol control unit 23 to perform protocol processing between the transmission side data transmission apparatus 1 and the reception side data transmission apparatus 2 and to be free from transmission errors, packet data loss, and sequence inversion. The packets are sequentially transmitted to the user data assembling unit 24, and the original user data is assembled from the sub user data randomly rearranged by the user data order conversion unit 14 of the transmission side data transmission apparatus 1.

One embodiment of the user data assembling unit 24 is shown in FIG.
It will be described based on 1. Reference numeral 31 is a format example of the received user data packet, and reference numeral 80 is the assembled reception user data. The packet data 31 transmitted from the reception protocol control unit 23 refers to the assembly sequence number area 332 in the communication control information 33, and extracts the sub user data stored in the sub data area indicated by the value in order from the beginning. , The receiving user data 80 is assembled in order from the beginning. For example, when 3 is shown at the beginning of the assembly sequence number area 332, the sub user data stored in the third sub data area 323 is taken out,
Sub user data 801 at the head of the received user data 80
Assemble as. When 1 is shown second in the assembly sequence number area 332, the sub-user data stored in the first sub-data area 321 is taken out and assembled as the second sub-user data 802 of the received user data 80. If the received user data length is not a fixed length, the user data length shown in the communication control information 33 is referred to and the user data is assembled until the user data length is reached. Further, when dividing one large user data into a plurality of packet data for transmission, a continuation bit may be added in the communication control information 33, and assembling of packet data in which the continuation bit is significant is completed. Waits for continuous packet data reception and continues the user data assembling process.

Another embodiment of the user data assembling unit 24 will be described with reference to FIG. 35 is a format example of the received user data packet, 85 is the assembled reception user data, and 86 is a random number generator capable of generating random numbers of the same series by a certain radix.

Random number generator 36 of the transmitting side data transmission apparatus 1
The random number generator 86 of the data transmission device 2 on the receiving side is configured to generate a random number in the same sequence by the sequence of the radix notification packet 38 and the radix response packet 39. The random number generator 86 also generates a random number in order to receive the packet data 35 transmitted from the reception protocol control unit 23 and assemble the user data in order from the beginning of the user data 85. Sub-data areas 321 to 32 in the user data area 32 of the received packet data 35
From Y, the sub data area indicated by the random number is determined according to the order of the generated random numbers, and the user data 85 is sequentially assembled by the sub user data stored in the sub data area. If the received user data length is not a fixed length, the user data length shown in the communication control information 33 is referred to and the user data is assembled until the user data length is reached. Further, when dividing one large user data into a plurality of packet data for transmission, a continuation bit may be added in the communication control information 33, and assembling of packet data in which the continuation bit is significant is completed. Waits for continuous packet data reception and continues the user data assembling process.

Still another embodiment of the user data assembling unit 24 will be described with reference to FIG. Reference numeral 47 is a format example of the received user data packet, 91 is the assembled reception user data, and 90 is the sub data areas 321 to 32 in the user data packet 47 according to the key information.
It is a sub user data inverse converter that performs inverse conversion of the sub user data stored in Y.

When the user data packet 47 is transmitted to the user data assembling unit 24 of the receiving side data transmission device 2,
Key information area 4 defined in the communication control information 48
The key information shown in 9 is recognized, and the key information is registered in the sub user data inverse converter 90. As described above, when the sub data areas 321 to 32Y in the user data area 32 of the received packet data 47 are stored in the sub data areas in order, each sub user data is converted by the sub user data inverse converter 90, for example, Simple sub-conversion such as exclusive OR is performed by the key information, and the converted sub-user data 911 to 91X can be assembled into the original user data 91.

As described above, the user data assembled into the same data as the original transmission request user data by the user data assembling unit 24 of the receiving side data transmission apparatus 2 is stored in the externally connected apparatus or the data transmission apparatus. Pass the received data to the application.

Embodiment 2 FIG. In the first embodiment, in the transmission side data transmission device 1 and the reception side data transmission device 2, the encryption unit 10 and the decryption unit 2, the packet transmission order control 11, the packet reception order control unit, the packet data reconstruction unit 12 and the transmission. Protocol control unit 13 and reception protocol control unit 2
3, the example in which the user data order conversion unit 14 and the user data assembling unit 24 are all arranged is shown. However, even if the data transmission device is configured by combining one or some of these, the user data It is possible to realize a data transmission device that keeps the secret.

[0054]

As described above, in the data transmission apparatus according to the present invention, the means for encrypting / decrypting only the communication control information, the means for intentionally randomizing the transmission order of packet data, and the random data for the packet data length are used. By adding a means for transmitting the data with a fixed length and a means for dividing the user data into sub-user data in the packet data and rearranging and rearranging them at random, the transmission user can be intercepted by a third party. It is possible to realize an economical data transmission device in which communication in which data is concealed is configured by a processor having a relatively small processing amount that cannot provide a large amount of processing for encryption / decryption processing.

[Brief description of the drawings]

FIG. 1 is a diagram showing a network configuration example of a data transmission device according to the present invention.

FIG. 2 is a diagram showing an example of a configuration of a user data conversion control unit.

FIG. 3 is a diagram showing another example of a configuration of a user data conversion control unit.

FIG. 4 is a diagram showing still another example of the configuration of the user data conversion control unit.

FIG. 5 is a diagram showing an example of a packet format generated by a packet data reconstruction unit.

FIG. 6 is a diagram showing an example of a configuration of a packet transmission order control unit.

FIG. 7 is a diagram showing another example of the configuration of a packet transmission order control unit.

FIG. 8 is a diagram showing an example of a configuration of an encryption unit.

FIG. 9 is a diagram showing an example of a configuration of a decoding unit.

FIG. 10 is a diagram showing an example of a configuration of a packet reception order control unit.

FIG. 11 is a diagram showing an example of a configuration of a user data assembling unit.

FIG. 12 is a diagram showing another example of the configuration of the user data assembling unit.

FIG. 13 is a diagram showing still another example of the configuration of the user data assembling unit.

FIG. 14 is a diagram showing a configuration example of a conventional encrypted data transmission device.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 transmission side data transmission device, 2 reception side data transmission device, 3 data transmission control unit, 4 data reception control unit, 5
Network, 10 encryption unit, 11 packet transmission order control unit, 12 packet data reconstruction unit, 13 transmission protocol control unit, 14 user data order conversion unit,
20 Decoding Unit, 21 Packet Reception Sequence Control Unit, 23
Reception protocol control unit, 24 User data assembling unit.

Claims (7)

[Claims] 1. A data transmission device for transferring packetized data using a wireless or wired data transmission path, wherein predetermined encryption is performed by each of the transmission side data transmission device and the reception side data transmission device. The transmitting-side data transmission device has a fixed-length data indicating a communication control information type defined by a communication protocol used for data transmission / reception, a user data sequence number, or the like. The communication control information section is selected and encrypted by the encryption means; and the communication control information section is selected and the encrypted data is transmitted. A unit for selecting and decoding the head portion of the data fixed length from the decoding unit for the received data and selecting the communication control information unit for decoding. A data transmission device characterized in that communication control information is selected on a data transmission line, encrypted, and transmitted. 2. The transmitting-side data transmission device is provided with a function of adding a sequence number to user data and transferring the data,
In the data transmission device on the receiving side, the received data is arranged in accordance with the sequence number added to the data irrespective of the receiving order to perform the receiving process. The device further comprises a means for suspending the transmission after adding the transmission sequence number to the transmitted data, and randomly rearranges the transmission order of the suspended transmission data at a timing determined by the transmitting side data transmission device. A data transmission device comprising means for transmitting later, which realizes data transmission in which user data is changed to a random transmission order in a data transmission path. 3. The transmitting-side data transmission device is provided with a function of adding a sequence number to user data and transferring the data,
In the data transmission device on the receiving side, the received data is arranged in the order of the order number added to the data irrespective of the receiving order to perform the receiving process. It is provided with means for determining a transmission delay time for the transmission data by adding a transmission sequence number when data is generated, by random numbers and the like, and timer means for detecting the passage of the transmission delay time for each transmission data. A data transmission device, characterized in that the data transmission is realized by providing a means for transmitting the transmission data later so that the user data is changed to a random transmission order in the data transmission path. 4. Data transmission based on a communication protocol that allows different data lengths for each communication control information type defined by the communication protocol between data transmission / reception between the transmission side data transmission device and the reception side data transmission device. In a data transmission device that realizes control, when transmitting control data or user data in the transmission-side data transmission device, means for adding random data so that the data has a maximum length less than the maximum length defined by a protocol And a means for adding effective data length information encrypted as necessary, and in the receiving side data transmission device, the data length is fixed after identifying the communication control information of the received data. The communication control information is provided with a means for removing the added random data, and the communication control information or the user whose data length is variable The data is equipped with a means for removing random data from the added encrypted data length, and by restoring normal valid data and performing reception processing, all data lengths transmitted on the data transmission line are made the same. A data transmission device characterized by realizing the above data transmission. 5. A plurality of sub data areas capable of storing a plurality of sub user data as packet data transmitted between a transmitting side data transmitting apparatus and a receiving side data transmitting apparatus, and sub user data stored in each sub data area. Assembling sequence number area is defined as the communication control information for storing the assembling sequence of, and the transmission side data transmission apparatus comprises means for dividing the generated transmission request user data into sub-user data of a fixed length, And a means for storing an assembly sequence number indicating the registered sub data area in the assembly sequence number area defined as communication control information. Means for transmitting packet data consisting of the sub-data area and communication control information according to the communication protocol. The receiving side data transmission device comprises means for receiving packet data according to a communication protocol, and stores in a sub data area according to the information of the assembly sequence number area defined in the communication control information of the received packet data. It is characterized in that it has means for assembling user data in order, and by restoring the original user data, the user data to be transmitted on the data transmission path is randomly changed in order for each sub-user data. Data transmission equipment. 6. A plurality of sub-data areas capable of storing a plurality of sub-user data are defined as packet data transmitted between a transmission-side data transmission device and a reception-side data transmission device. Each of the reception side data transmission devices is provided with a random number generation means by the same algorithm, and a random number initial value from which the random number generation means generates a random number between the transmission side data transmission device and the reception side data transmission device. Is provided as communication control information, and means is provided for notifying response communication control information indicating confirmation of delivery of communication control information indicating a random number initial value. The random number generation means provided in the transmission side data transmission device comprises means for dividing the transmission request user data into sub-user data of a fixed length. And a means for registering the sub-user data in the sub-data area in the packet data according to the determined order, and means for transmitting packet data composed of a plurality of sub-data areas according to a communication protocol. The data transmission device comprises means for receiving packet data according to a communication protocol, and comprises the sub-data area in the reception-side packet data according to the order determined by the random number generation means provided in the reception data transmission device. The sub-user includes a unit for extracting the sub-user data, a unit for assembling the user data in the order of the extracted sub-user data, and restoring the original user data so that the user data to be transmitted on the data transmission path is sub-user. Data whose order is changed randomly for each data A data transmission device characterized by realizing data transmission. 7. A data transmission device for transmitting user packet data by dividing user data into sub-user data of a fixed length, and replacing the sub-data areas in the packet data to be transmitted with random arrangement The data transmission device comprises means for performing a simple reversible sub-user data conversion with specific key information, and key information generating means for generating random information usable as the key information. Means for converting each sub-user data stored in the user packet data to be transmitted by the key information generated by the above, and means for transmitting the generated key information to the receiving side data transmission device as a part of the communication control information. The data transmission device on the receiving side has communication control information when a user data packet is received. Means for recognizing key information from among the sub-user data packets, and means for performing inverse conversion using the key information for each sub-user data in the received user data packet. A data transmission device characterized in that by restoring user data, user data to be transmitted on a data transmission path is realized as user data that is simply changed for each sub-user data.