JPH096238A - Terminal device for cipher communication - Google Patents

Abstract

PURPOSE: To heighten the cipher intensity, and obtain the number of steps of deciphering involutions based on a random number so as to be different for each communication not to be known by third person by variably setting the number of steps of deciphering involution. CONSTITUTION: In an enciphering and deciphering device 6 of a facsimile device, encyphering and deciphering are performed by executing plural steps involutions. In the case of cypher transmission, encyphering involutions are executed by the number of steps corresponding to step number selection data P obtained based on a random number X so that encyphered data is transmitted. A NSS containing a parameter α required for obtaining the data P is transmitted prior to the encyphered data. In the case of a cypher reception, the data P is obtained from the parameter αcontained in the NSS, and reverse deciphering involutions to the encyphering involutions are executed by the number of steps corresponding to the data P so that normalized data is output.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a terminal device for cryptographic communication.

[0002]

2. Description of the Related Art Conventionally, in the field of communication, from the viewpoint of maintaining confidentiality of communication data, so-called encryption, in which encrypted data is created and transmitted by performing encryption processing on the communication data using a predetermined encryption key Communication is taking place.
One method of encrypted communication is, for example, DES (Data Encry
There is a public algorithm method using a ption standard type encryption device.

FIG. 7 is a block diagram showing an electrical configuration of the DES type encryption device. The DES type encryption device includes a pre-processing unit B0, a stirring processing unit B1, a post-processing unit B2, and a key scheduling unit KS. Key scheduling section KS, based on the encryption key K, to create a plurality of unit cryptographic key _{k a, k 0 ~k 7,} k b, the pre-processing unit B0, gives the stirring processing section B1 and the post-processing unit B2.

The data D _in to be encrypted is stored _in the preprocessor B0.
, The exclusive OR between k _a , which is one of the plurality of unit encryption keys, is taken by the gate G _in and then divided into two. One of the two divided data is provided as it is to the agitation processing unit B1 as the data L ₀ .
Further, in the agitation processing unit B1, data R ₀ obtained by taking an exclusive OR between the two divided data is gate G.
given by _p .

In the stirring processing section B1, the key schedulin
Unit encryption key k created by the KS section ₀~ K₇Is each
Given arithmetic unit E₁~ E₈(When collectively referred to below,
Arithmetic section E ") and gate G₁~ G₈(Hereinafter generically
"Gate G") is provided. Disturbance
In the agitation processing unit B1, one computing unit E and one gate G are provided.
Then, the involution of one step is executed. And
This involution can be repeated multiple times.
The encryption process is achieved by and.

The above involution will be described in more detail. In the arithmetic unit E, the data R _{0 to} R ₇ is used as one input, and the unit encryption keys k _{0 to} k ₇ are used as the other inputs, and the arithmetic operation by the predetermined f function is executed. On the other hand, at the gate G,
The data L _{0 to} L ₇ are used as one input, and the calculation result in the calculation unit E is used as the other input, and the data L _{0 to} L ₇ and the calculation result of the calculation unit E are exclusive ORed.

The data R _{1 to} R ₇ are respectively the exclusive OR of the operation result in the gate G for the involution of the preceding stage, that is, the input data L _{0 to} L ₆ and the outputs of the operation units E _{1 to} E _7. Correspond. Also, the data L _{1 to} L ₇
Is input data R _{0 to} R ₆ to the arithmetic units E _{1 to} E ₇ in the previous stage.
And are respectively the same. That is, in the agitation processing unit B1, when the involution of the first stage is completed, the processing result is exchanged, and the arithmetic unit E and the gate G of the next stage are exchanged.
Is given to the calculation unit E and the gate G in the next stage, and the result of the involution process in the previous stage is subjected to involution. As a result, the data L completely different from the original data L ₀ and R ₀ given to the agitation processing unit B1.
₈ and R ₈ are created. These data L ₈ and R ₈ are given to the post-processing unit B2.

In the post-processing unit B2, the gate G _a takes the exclusive OR of the data L ₈ and R ₈ . As a result, the output data of the gate G _a and the data L ₈ are combined into one data. Then, an exclusive OR between the collected data and the unit encryption key k _b is obtained at the gate G _out . As a result, encrypted data D _out that is completely different from the original data D _in is obtained.

On the other hand, the plain culture process for obtaining the plain culture data from the received encrypted data is achieved by performing the data shuffling in a procedure opposite to the data shuffling process executed in the encryption process. In the public algorithm method, the contents of the f-function and the contents of the encryption algorithm including the number of stages of involution are made public. The parties who carry out the cryptographic communication have a secret cryptographic key in advance. Then, by setting the common encryption key K in the communication device on the transmission side and the communication device on the reception side, the encrypted communication is achieved.

[0010]

By the way, the above-mentioned DES
In the type encryption device, the number of stages of the involution is fixed. Moreover, the contents of the f-function and the overall processing flow including involution and data exchange are open to the public. Therefore, in the above-mentioned DES type encryption device, the encryption strength (degree of encryption) may not always be sufficient, and it is considered that further improvement of the encryption strength is desired.

SUMMARY OF THE INVENTION An object of the present invention is to solve the above technical problems and to provide a terminal device for cipher communication capable of improving cipher strength.

[0012]

According to a first aspect of the present invention, there is provided a terminal device for transmitting encrypted data to a called side terminal device connected via a predetermined communication line. In the terminal device of, the number of stages of encryption involution can be variably set, and an encryption means that creates encrypted data by applying the set number of stages of encryption involution to the data to be transmitted, A random number generating means for generating a random number, a step number setting means for setting the step number of the encryption involution executed in the encryption means based on the random number generated by the random number generating means, and the step number setting means. The step number data corresponding to the step number of the encrypted involution and the encrypted data created by the encryption means are sent to the predetermined communication line. Characterized in that it comprises a sending unit.

In the terminal device according to the second aspect of the invention, the encrypted data created by subjecting the data to be transmitted to the encryption involution of the number of stages set based on the random number, and the above-mentioned set data. A terminal device for receiving the stage number data corresponding to the stage number of encrypted involution from a connected calling side terminal device through a predetermined communication line, and variably setting the stage number of the plain culture involution. And a flat culture means for creating the flat culture data by applying the set number of flat culture involutions to the encrypted data received from the calling terminal device via the predetermined communication line, and Based on the step number data received from the calling terminal device via the above-mentioned predetermined communication line, the step of the encryption involution executed at the time of encryption Characterized in that it comprises a stage number setting means for setting the equal number to the decryption means as decryption involution of stages to be executed by the decryption means.

[0014]

In the above structure, the calling side terminal device sets the number of stages of the encrypted involution based on the random number generated by the random number generation means, and the data to be transmitted by the set number of encrypted involutions. Is applied to.
This creates encrypted data. Then, the stage number data corresponding to the set stage number of the encrypted involution and the encrypted data are sent to a predetermined communication line.

On the other hand, in the called terminal device, the number of stages equal to the number of stages of the encrypted involution executed at the time of encryption is set as the number of stages of the plain culture involution based on the received stage number data. Then, the plain culture data is obtained by applying the set plain culture involution to the received encrypted data.

As described above, according to the present invention, since the number of stages of the encryption involution executed when creating the encrypted data is variably set, the encryption strength can be improved. Moreover, since the number of stages of the encrypted involution is obtained based on a random number, it differs for each communication.
Therefore, the number of encryption involution steps is not known to a third party.

[0017]

Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. FIG. 1 is a block diagram showing an electrical configuration of a facsimile apparatus according to one embodiment of the present invention.
This facsimile apparatus includes a reading unit 1 that optically reads a document to be transmitted and outputs original image data. The original image data output from the reading unit 1 is subjected to predetermined image processing by the image processing unit 2. The original image data that has been subjected to image processing is given to the encoding / decoding device 4 via the control unit 3, and the MH (Modified Huffman) and MR (Modi
fied READ, READ: Relative Element Address Designat
The compression coding necessary for facsimile communication such as e) is performed and converted into a transmission code. In the case of normal facsimile communication, this transmission code is directly given to the modem 5. On the other hand, in the case of encrypted communication, the transmission code is given to the encryption / plaintext device 6 and converted into encrypted data. Then, this encrypted data is given to the modem 5. In the modem 5, a transmission signal is created by subjecting the transmission code or the encrypted data to a predetermined modulation process. The created transmission signal is sent to the public telephone line 8 via the network control unit (NCU) 7.

On the other hand, when data is received, the received signal is given to the modem 5 via the network controller 7 and demodulated into a received code. If the received code is not encrypted,
That is, in the case of normal facsimile communication, the received code is decoded (decompressed) by the encoding / decoding device 4 and restored to the original image data. On the other hand, when the received code is encrypted, that is, in the case of encrypted communication, the received code is converted into plain culture data by the encryption / plain culture device 6 and then decoded by the encoding / decoding device 4, It is restored to the original image data. The restored original image data is given to the recording unit 9, and the received image is recorded on the paper.

The transmission function unit 10 is for executing line connection control and transmission protocol processing during transmission. The reception function unit 11 is for executing line connection control and reception protocol processing at the time of reception.
The facsimile machine also includes an operation unit 12. The operation unit 12 has a ten-key 12a for inputting numerical data such as a facsimile number of a communication partner, and a start key 12 for instructing the start of facsimile communication.
b, an encrypted communication key 12c for instructing encrypted communication is arranged. The above-described types of keys in the operation unit 12 are examples, and keys for other functions may be added or the arrangement of the keys may be changed as necessary.

This facsimile apparatus further comprises a random number generator 13 for generating a random number X. Random number generator 1
The random number X generated in 3 is given to the control unit 3. As will be described later, the control unit 3 obtains stage number selection data P for setting the number of stages of involution based on the random number X, and the selection signal SEL corresponding to the obtained stage number selection data P is encrypted / flat. Give to the culture device 6.

The facsimile machine is further provided with a DRAM.
The image memory 14 is composed of the above. A part of the storage area of the image memory 14 can be used as a confidential box used during confidential communication. In the confidential communication, the data transmitted from the sending facsimile machine is temporarily stored in the memory, the data is read from the memory in response to the input of a predetermined personal identification number (ID), etc. Based on this, the received image is printed out.

The image memory 14 has a plurality of confidential boxes BOX ₁ , BOX ₂ , ..., As shown in FIG.
BOX _n is made available. Confidential Box BOX
Are given different box numbers. In the cryptographic communication, for example, a fictitious confidential box number different from the number assigned to the confidential box BOX in the image memory 14 may be used. That is, the confidential box number for encrypted communication is predetermined for each communication partner,
The confidential box corresponding to the confidential box number for encrypted communication does not exist in the image memory 14.

By associating the confidential box number for encrypted communication with the confidential box existing in the image memory 14, encrypted communication can be performed using the confidential function. The facsimile device further includes a memory 1 including an EEPROM or the like.
5 is provided. The memory 15 stores an encryption key K required for encryption / plaintext processing in association with a confidential box number for encrypted communication. The cryptographic key K is negotiated in advance between parties performing cryptographic communication so that the cryptographic key K is not leaked to a third party. At the same time, the confidential box number for encrypted communication is also negotiated. Arranged encryption key K
Is, for example, by an input operation from the numeric keypad 12a,
It is registered in the memory 15 in association with the agreed confidential box number for encrypted communication.

The encoding / decoding device 4 has an A terminal connected to the encryption / decryption device 6 and a B connected to the modem 5.
And a terminal. When executing normal facsimile communication, the control unit 3 gives the encoding / decoding device 4 a control signal for instructing to select the B terminal. At this time, the control unit 3 gives an OFF signal to the encryption / plaintext device 6 to prohibit its operation. As a result, the transmission code output from the encoding / decoding device 4 is directly given to the modem 5.
Further, the reception code output from the modem 5 is given to the encoding / decoding device 4 and restored to the original image data.

Further, the control section 3 gives a control signal for instructing the encoding / decoding apparatus 4 to select the A terminal when executing the encrypted communication. At this time, the control unit 3 gives the encryption / plaintext device 6 a selection signal SEL corresponding to the stage number selection data P obtained based on the encryption key K stored in the memory 15 and the random number X, and Give an ON signal. As a result, the transmission code output from the encoding / decoding device 4 is given to the encryption / plaintext device 6,
Converted to encrypted data. Then, this encrypted data is given to the modem 5. The received code output from the modem 5 is given to the encryption / plain culture device 6 and converted into plain culture data. Then, this plain culture data is given to the encoding / decoding device 4 and restored to the original image data.

FIG. 2 is a block diagram showing the electrical configuration of the encryption / plaintext device 6. The encryption / plain culture device 6 is provided with an encryption / plain culture block unit 61 for performing encryption / plain culture processing on the original / encrypted data D _in to obtain encryption / plain culture data candidates. ing. The encryption / plain culture block unit 61 is a typical encryption / symmetric encryption system.
DES (Data Encryption Standard), which is a flat culture method
Performs encryption / plain culture based on, line 6
Five types of encrypted / flat culture data candidates are output to 2a to 62e and given to the selector unit 63. The selector unit 63 outputs any one of the encrypted / plain culture data candidates as the encrypted / plain culture data D _out based on the selection signal SEL corresponding to the stage number selection data P given from the control unit 3.

FIG. 3 shows the encryption / plain culture block section 6 described above.
2 is a block diagram showing an electrical configuration of 1. FIG. The encryption / flat culture block unit 61 includes a pre-processing unit B0 and a stirring processing unit B.
1, a post-processing unit B2 and a key scheduling unit KS are provided. Key scheduling section KS, based on the encryption key K, a plurality of unit cryptographic key _{k a, k 0 ~k 7,} k b
Is prepared and given to the pretreatment unit B0, the stirring treatment unit B1, and the posttreatment unit B2.

The original data D _in to be encrypted is stored _in the preprocessing unit B.
At 0, an exclusive OR with one of the plurality of unit encryption keys k _a is taken at the gate G _in and then divided into two. One of the two divided data is provided as it is to the agitation processing unit B1 as the data L ₀ . Further, the agitation processing unit B1 is further supplied with data R ₀ obtained by taking the exclusive OR of the divided data from the gate G _p .

In the agitation processing section B1, the key schedulin
Unit encryption key k created by the KS section ₀~ K₇Is each
Given arithmetic unit E₁~ E₈(When collectively referred to below,
Arithmetic section E ") and gate G₁~ G₈(Hereinafter generically
"Gate G") is provided. Disturbance
In the agitation processing unit B1, one computing unit E and one gate G are provided.
Then, the involution of one step is executed. And
This involution can be repeated multiple times.
The encryption process is achieved by and.

The above involution will be described in more detail. In the arithmetic unit E, the data R _{0 to} R ₇ is used as one input, and the unit encryption keys k _{0 to} k ₇ are used as the other inputs, and the arithmetic operation by the predetermined f function is executed. On the other hand, at the gate G,
With the data L _{0 to} L ₇ as one input and the calculation result in the calculation unit E as the other input, the exclusive OR of the data L _{0 to} L ₇ and the calculation result of the calculation units E _{1 to} E ₇ is obtained. To be

The data R _{1 to} R ₇ are respectively the result of the operation in the gate G for the involution in the previous stage, that is, the exclusive OR of the input data L _{0 to} L ₆ and the outputs of the operation units E _{1 to} E _7. Correspond. Also, the data L _{1 to} L ₇
Is input data R _{0 to} R ₆ to the arithmetic units E _{1 to} E ₇ in the previous stage.
And are respectively the same. That is, in the agitation processing unit B1, when the involution of the first stage is completed, the processing result is exchanged, and the arithmetic unit E and the gate G of the next stage are exchanged.
Is given to the calculation unit E and the gate G in the next stage, and the result of the involution process in the previous stage is subjected to involution. As a result, the original data L ₀ and R ₀ given to the agitation processing unit B1 can be sufficiently agitated.

When the involution in the final-stage arithmetic unit E ₈ and the gate G ₈ is completed, the data L ₈ and R _{8 as} the processing result of the involution are given to the post-processing unit B2. The post-processing unit B2, the exclusive OR of the data L _8, R ₈ is taken in the gate G1 _a.
A gate G1 _a of the output data and the data L ₈ are combined into a single data are combined. Then, the exclusive OR between the collected data and the unit encryption key k _b (64 bits) is obtained at the gate G1 _out . As a result, the encrypted data candidate D1 that is completely different from the original data D _in
out is created.

In the post-processing section B2 of this embodiment, the fourth processing unit
Arithmetic unit E in the third to seventh stages_Four~ E₇And gate G
_Four~ G₇For the result of the involution in
However, the same post-processing as described above is performed. Sand
The process of involution from the 4th stage to the 7th stage
As a result, the gate G2_a~ G5 _a
And gate G2_out~ G5_outExclusive OR in
Is taken and further data combination is executed,
Encrypted data candidate D2_out~ D5_outIs created.

On the other hand, the received encrypted data D_inKarahira
Cultural data candidate D1_out~ D5_outCreate a culture
The above is the unit encryption key k₀~ K₈, K_a, K_bIs calculated
Part E ₁~ E₈, Gate G_in, Gate G1_out~ G5_out
Instead of giving₈~ E₁,Gate
G1_out~ G5_out, Gate G_inReach by giving to
Is made. That is, the data executed in the encryption process
Data agitation is performed in the reverse order of data agitation processing.
And achieves the flat culture processing.

Incidentally, in FIG. 3, the arithmetic unit E is used during the flat culture process.
The unit encryption keys k _{0 to} k ₈ , k _a , and k _b given to the above are written in parentheses. Returning to FIG. 2, the encryption / plain culture data candidate D1 created by the encryption / plain culture block unit 61 is generated.
_{out to} D5 _out are sent to the lines 62a to 62e, respectively. Therefore, the encrypted / plaintext data candidates D1 _{out to} D5 _out having different involution stages are transmitted to the lines 62a to 62e, respectively.

The selector section 63 responds to the selection signal SEL corresponding to the stage number selection data P, from the lines 62a.about.
Any one of 62e is selected. As a result, the encrypted / plaintext data candidate sent to the selected line is extracted as the encrypted / plaintext data D _out . That is, the encrypted / flat culture data D _out in which the involution has been executed by the number of stages corresponding to the stage number selection data P is extracted.

The step number selection data P is sent to the control section 3 by the control section 3.
It is obtained by the calculation shown in equation (1) below. P = P _min + α (1) Here, P _min is the minimum number of involution steps required to create encrypted data that is not likely to be decrypted even if intercepted. In this embodiment, P _min =
5 is set.

The parameter α is obtained on the basis of the random number X generated by the random number generator 13, as described later. In the present embodiment, this parameter α corresponds to the stage number data. The possible value of the parameter α is determined based on the maximum number of involution steps of the encryption / plain culture block unit 61. In this embodiment, the maximum number of involutions of the encryption / plain culture block unit 61 is eight.
Therefore, considering P _min = 5, the parameter α is
It is limited to 0 ≦ α <4. That is, the parameter α
Can take four kinds of values of 0, 1, 2, and 3.
Note that, hereinafter, the number of numerical values that the parameter α can take is referred to as a “set number n”.

Generally, the encryption / plain culture block section 6
The maximum number of involutions of 1 may be determined based on the processing speed. If the number of stages of involution is too large, it takes a long time to perform the processing for encryption / plain culture, which may lead to a longer communication time. FIG. 4 is a flow chart showing the transmission operation in the facsimile device. When executing facsimile communication, the operator first sets the original document on the facsimile device. After that, the facsimile number on the receiving side is input from the ten key 12a provided in the operation unit 12, and the start key 12b is operated. When performing encrypted communication, the encrypted communication key 12c is operated prior to the operation of the start key 12b, and the confidential box number for encrypted communication, which is pre-arranged with the receiving side so that the sender can be specified by the receiving facsimile machine. Is input from the ten keys 12a.

Subsequent to the operation of the start key 12b, the transmission function unit 10 performs the line connection processing. When the line with the facsimile machine on the receiving side is connected, it is determined whether or not the encrypted communication is performed based on whether or not the encrypted communication key 12c is operated (step S1). As a result, when it is determined that the communication is not encrypted communication, it is determined that the communication is normal facsimile communication, and after the predetermined transmission control process is executed,
A transmission signal corresponding to the original image data is transmitted (step S8).

The transmission control process is based on NSS (Non-Standa).
rd facilities Set-up; non-standard function setting signal) is a pre-processing that includes transmission of transmission control signals. A plurality of specific bits are assigned to the NSS in order to write the number data indicating the confidential box number for encrypted communication. NS
S is assigned to S for a flag indicating whether or not a specific 1 bit is encrypted communication. In the case of normal facsimile communication, the NSS in which the number data is not written and the flag is not set is transmitted.

On the other hand, if it is determined that the communication is cipher communication, first, the cipher transmission control process described below is executed (steps S2 to S4). The control unit 3 firstly determines the random number generation unit 13
To generate a random number X. In response to this, the random number generator 13 generates a random number X (step S2). Specifically, the random number generation unit 13 reads the date and time when the generation of the random number X is instructed from, for example, a calendar function clock (not shown) provided in the control unit 3. Then, among the read dates and times, the numbers representing the month and day are arranged in the order of month and day to create one number. Also, the numbers representing hours and minutes are arranged in the order of hours and minutes to create one number. Then, a number obtained by adding each number to each other is generated as a random number X.

For example, if the date and time when the generation of the random number X is instructed is "March 27, 15:24", "327" and "1524" are respectively created, and the respective numbers are added to each other to "1851." Is generated as a random number X. The control unit 3 obtains the parameter α based on the generated random number X (step S3). In particular,
The parameter α is obtained as the remainder when the random number X is divided by the set number n of the parameter α, as shown in the equation (2) below.

Α = MOD (X / n) (2) However, MOD () represents the remainder due to the division in (). For example, in the case of X = 1851, in this embodiment, since n = 4 as described above, α = 3. The control unit 3
When the parameter α is calculated, the calculated parameter α
Is set in the NSS (step S4). In this embodiment, the NSS is assigned a bit for setting the parameter α. In the case of the present embodiment, the number of bits to be assigned is 2 bits because the number n of setting the parameter α is 4. Then, the number data indicating the confidential box number for encrypted communication is written, and the NSS in which the flag indicating whether or not the encrypted communication is set is transmitted.

When the cipher transmission control process is completed, the control unit 3
Reads the encryption key K stored in the memory 15 in association with the confidential box number for encrypted communication based on the confidential box number for encrypted communication input from the ten key 12a (step S6). The read encryption key K is encrypted /
The original data D _in is given to the plaintext block unit 61, and the original data D _in is encrypted _in the encryption / plaintext block unit 61 to create encrypted data candidates D1 _{out to} D5 _out (step S7). On the other hand, the control unit 3 obtains the stage number selection data P by the calculation shown in the equation (1) based on the obtained parameter α, and gives the obtained stage number selection data P to the selector unit 63 (step S
5).

As a result, in the selector section 63, the encrypted data candidate D sent to the lines 62a to 62e is sent.
One of _out D5 _out, the number selected by involution stages corresponding to the data P is performed encrypted data candidate is extracted as the encrypted data D _{ou t.} Then, the extracted encrypted data D _out is converted into a transmission signal by the modem 5, and the transmission signal is sent to the public telephone line 8 via the network control unit 7 (step S8).

FIG. 5 is a flow chart showing the receiving operation in the facsimile apparatus. In the facsimile machine, when the line with the transmitting facsimile machine is connected, first, the NSS received prior to the signal corresponding to the original image data is referred to. Then, based on whether or not the flag indicating whether or not the encrypted communication is in the NSS is set, it is determined whether or not the encrypted communication is performed (step T1). If the result of this determination is that it is normal facsimile communication, normal reception processing is performed and the received image is recorded on paper (step T6).

On the other hand, when it is determined that the encrypted communication is performed, the NSS is further referred to and the confidential box number for encrypted communication is acquired based on the number data included in the NSS.
The encryption key K stored in association with the acquired confidential box number for encrypted communication is read from the memory 15 (step T4). Since the confidential box number for encrypted communication is set for each communication partner, the read encryption key K corresponds to the sending facsimile machine. The read encryption key K is given to the encryption / plain culture block unit 61,
The encryption / encrypted data D _in in decrypting the block portion 61 is repeatedly subjected to involution decryption processing is performed, decrypting data candidates D1 _{ou t} ~D5 _out is created (step T5).

On the other hand, the control unit 3 refers to the NSS,
The parameter α set in the NSS is restored (step T2). Then, based on the restored parameter α, the stage number selection data P is obtained by the calculation shown in the equation (1). As a result, the same step number selection data P as the step number selection data P in the facsimile apparatus on the transmission side is obtained.
Can be obtained. When the stage number selection data P is obtained, the selection signal SEL corresponding to the stage number selection data P is given to the selector section 63 (step T3).

As a result, in the selector section 63, the plain culture data candidate D sent to the lines 62a to 62e.
Of 1 _{out to} D5 _out , the plain culture data candidates in which the number of stages corresponding to the stage number selection data P has been invoked are extracted as the plain culture data D _out corresponding to the original data. And this extracted flat culture data D
_Out is given to the encoding / decoding device 4 to restore the original image data. The recording unit 9 performs a printout operation based on the restored original image data to reproduce the original image (step T6).

FIG. 6 is a signal sequence showing transmission / reception of a signal between the transmission side facsimile apparatus and the reception side facsimile apparatus. When the line is connected, CNG (C
alling tone) is transmitted. From the facsimile machine on the receiving side, CED (Calling Station Ide) is sent in response to CNG.
NSF including a code indicating whether or not a nonstandard function such as a cryptographic communication function is provided.
DIS (Digital Identification) including (Non-Standard Facilities) and a code indicating that it has a standard function
Signal) is sent.

From the facsimile machine on the transmission side that receives NSF and DIS, a D including a code indicating a predetermined function from the standard functions shown by NSS and DIS.
CS (Digtal Command Signal) is transmitted. NSS
Is an optional signal for which the manufacturer of the facsimile device can freely set its contents. In this embodiment, NSS
As described above, includes the number data indicating the confidential box number for encrypted communication, the flag indicating whether or not encrypted communication, and the parameter α.

After that, the sending facsimile machine sends training for adjusting the modem 5 of the receiving facsimile machine, and further sends TCF (Training Check) for checking the result. When the preparation for reception is completed, the facsimile machine on the receiving side receives CFR (C
onfirmation to Receive) is sent. The facsimile machine on the transmission side that receives this CFR sends out the encrypted data together with the training, and when all the encrypted data has been sent out, an EOP (End of Procedure) indicating the end of sending is sent.
es) is sent. From the receiving facsimile machine that receives this EOP, the MCF (Message
firming) is transmitted and the facsimile machine on the transmitting side that receives this MCF sends DCN (Disco) indicating a line disconnection.
nnect) is sent and the line is disconnected.

As described above, according to the facsimile apparatus of this embodiment, not only the normal encryption key K but also the number of involution steps, which is a processing unit of encryption processing, can be variably set, so that the encryption strength is improved. Can be achieved.
Moreover, since the stage number selection data P for determining the number of stages of involution is created based on the random number X, the number of stages of involution differs for each communication. Therefore, the number of steps of involution is not known to a third party.

Further, according to the present embodiment, the parameter α for determining the stage number selection data P is transmitted by being included in the NSS which is the option signal, so the format and contents of the option signal are not disclosed. Considering that it is customary to prevent the leakage of the number of stages of involution. Therefore, the confidentiality of communication contents can be improved.

Although the embodiments of the present invention have been described above, the present invention is not limited to the above embodiments. For example, in the above embodiment, the parameter α determined based on the random number X is encrypted in order to allow the facsimile machine on the receiving side to obtain the step number selection data P set when the facsimile machine on the transmitting side creates encrypted data. Although it is set to the NSS transmitted prior to the encoded data, the random number X or the stage number selection data P may be set to the NSS, for example.

In the above embodiment, the encryption key K is changed according to the communication partner, but it may be fixed regardless of the communication partner. According to this configuration, since it is not necessary to store the encryption key K for each communication partner, the capacity required for encrypted communication in the capacity of the memory 15 can be reduced. Moreover, even though it is fixed, the encryption / plaintext processing is performed using the encryption key K having a sufficiently large amount of information, so that the encryption strength does not become insufficient.

Further, since it is not necessary to have a meeting with the communication partner in advance, the encrypted communication can be easily performed. Further, in the above-mentioned embodiment, the encryption / plain culture process is executed by the dedicated encryption / plain culture device 6, but, for example, the encryption / plain culture process is realized by the software processing in the control unit 3. Good. Specifically, when performing encryption processing,
The control unit 3 takes in the random number X from the random number generation unit 13 and obtains the parameter α based on this random number X. The obtained parameter α is included in NSS and transmitted. The control unit 3 obtains the stage number selection data P based on the obtained parameter α. After that, the encryption key K is read from the memory 15. Then, using the read encryption key K, involution is applied to the original data by the number of stages corresponding to the obtained stage number selection data P to create encrypted data.

On the other hand, when executing the flat culture process, the control unit 3 obtains the stage number selection data P based on the parameter α included in the NSS. After that, the encryption key K is read from the memory 15. Then, by using the read encryption key K, the encryption data is subjected to the inversion opposite to that on the transmitting side by the number of stages corresponding to the obtained stage number selection data P, thereby obtaining plain culture data.

Furthermore, in the above-described embodiment, the encryption key K is associated with the confidential box number for encrypted communication provided for each communication partner as a configuration for reading the encryption key K corresponding to the transmitting side facsimile apparatus. Stored in the memory 15 to obtain the confidential box number for encrypted communication based on the number data included in the NSS transmitted from the transmitting side facsimile device, and the encryption key corresponding to the confidential box number for encrypted communication. Although K is read, for example, the encryption key K is stored in association with the facsimile number of the communication destination, and the TSI (Transmitting Subscriber) transmitted from the transmitting facsimile machine prior to the encrypted data.
The encryption key K corresponding to the facsimile number may be read based on the facsimile number included in the (Identification).

Further, in the above-mentioned embodiment, the facsimile device is described as an example of the terminal device, but the present invention can be applied to other terminal devices such as a personal computer and a word processor, and further, encrypted communication can be performed. The present invention can be widely applied to various other terminal devices that can be used. Furthermore, in the above embodiment, the original image data is described as an example of the data to be transmitted, but the present invention can be applied to the case of transmitting data other than the original image data.

Other various design changes can be made within the scope of the claims.

[0063]

As described above, according to the present invention, since it is possible to variably set the number of steps of the encryption involution executed when creating the encrypted data, the number of steps of the encryption involution is fixed. Compared with conventional technology,
The encryption strength can be improved.

Moreover, since the number of stages of the encryption involution is set based on the random number generated by the random number generating means, it is different for each encrypted communication. Therefore, the number of encryption involution steps is not known to a third party. Therefore, the confidentiality of communication contents can be improved.

[Brief description of drawings]

FIG. 1 is a block diagram showing an electrical configuration of a facsimile apparatus according to an embodiment of the present invention.

FIG. 2 is a block diagram showing an electrical configuration of an encryption / plain culture device forming a part of the facsimile device.

FIG. 3 is a block diagram showing an electrical configuration of an encryption / plain culture block unit forming a part of the encryption / plain culture device.

FIG. 4 is a flowchart showing a transmission operation in the facsimile device.

FIG. 5 is a flowchart showing a receiving operation in the facsimile device.

FIG. 6 is a signal sequence showing transmission / reception of a signal between a transmission side facsimile apparatus and a reception side facsimile apparatus.

FIG. 7 is a block diagram showing an electrical configuration of a conventional DES type encryption device.

[Explanation of symbols]

 3 Control unit 6 Encryption / plain culture device 61 Encryption / plain culture block unit 62 Line 63 Selector unit 13 Random number generator P Stage number selection data SEL selection signal

Claims (2)

[Claims] 1. A terminal device for transmitting encrypted data to a called terminal device connected via a predetermined communication line, wherein the number of stages of encrypted involution can be variably set. , An encryption means that creates encrypted data by applying a set number of encrypted involutions to the data to be transmitted, a random number generation means that generates a random number, and a random number generated by this random number generation means. , A step number setting means for setting the step number of the encryption involution executed in the encryption means, step number data corresponding to the step number of the encryption involution set by the step number setting means, and created by the encryption means A terminal device, comprising: a sending unit that sends the encrypted data to the predetermined communication line. 2. Corresponding to the encrypted data created by subjecting the data to be transmitted to the encryption involution of the number of stages set based on a random number, and the number of stages of the encryption involution set above. It is a terminal device for receiving the stage number data from the connected calling side terminal device via a predetermined communication line, and the number of stages of the flat culture involution can be variably set, and the number of stages of the set stage number can be changed. Plain culture means for creating plain culture data by applying a culture involution to the encrypted data received from the calling side terminal device via the predetermined communication line; and the predetermined side from the calling side terminal device. Based on the step number data received through the communication line, the step number equal to the step number of the encryption involution executed at the time of the encryption is set to the above-mentioned plaintext means. Terminal apparatus characterized by a decrypting involution of stages to be executed and a number setting means for setting to said decryption means.