JPH11234260A - System and method for updating cryptographic key - Google Patents

Abstract

PROBLEM TO BE SOLVED: To secure a safe sub-transmission line for cryptographic key transmission by inserting the second cryptographic key of a generated new cryptographic key into a data part that becomes invalid for a communicated party from communication data and transmitting it with the first cryptographic key. SOLUTION: A bias detection part 36 of an encoding part 30 always monitors valid communication data 31 of a prescribed format structure buffered to an input part 32 and, bias of information is detected from data corresponding to no voice condition in the case of voice communication, for instance, or from '0' data corresponding to invalid state in the case of data communication on the ground that there is an invalid data part in the communication information. When the bias detection part 36 detects that there is a bias in the communication information, a selection control signal 37 is inputted to a switch part 35 so that sub data 33 are inserted into the invalid data part detected as the bias of the amount of information. Thus, communication data 38, in which the sub-data 33 is inserted into the invalid data part because of the bias in the amount of information, are transmitted to a communicated party by way of a communication transmission line.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an updating system and an updating method for an encryption key used in encrypted communication, and more particularly, to lowering the possibility that communication is intercepted by changing the encryption key during encrypted communication. The present invention relates to a system and method for updating an encryption key.

[0002]

2. Description of the Related Art In recent years, various advanced services have been provided by a digital communication system using a digital communication network with the progress of digital technology. In data communication and information processing devices, information to be transmitted is originally in the form of digital codes, and it is considered that communication information will be developed more and more by high quality and diversification of communication information. As such communication information has been improved in quality and diversified, for example, a cryptographic communication technique has been known as a technique that satisfies a requirement that communication information such as a specific audio signal is not intercepted by anyone other than the sender and receiver.

[0003] As one communication system in this encryption communication technology, there is a system called "secret key encryption system". In this method, the transmission side encrypts transmission data with arbitrary secret information called an encryption key, and the reception side decrypts the data using the same encryption key, thereby intercepting the data on the transmission path between the transmission side and the reception side. Try to prevent. As an algorithm for the encryption and decryption, for example, DES (Data
Encryption Standard) is known. In such a secret encryption key system, the confidentiality of the encryption key is important, and strict storage is essential. This means that, for example, if an illicit person reveals an encryption key that requires confidentiality, the encrypted communication information is easily intercepted.

Therefore, in encrypted communication for encrypting communication information via a certain communication path, a highly secure communication path (or a transmission path such as mail) is secured separately from the communication path before communication. There is a method of exchanging an encryption key necessary for encryption communication between a sender and a receiver and then performing encryption communication. Furthermore, in order to save the trouble of securing such a highly secure communication path, an encryption key management center is provided in an encryption communication system with many users so that encryption keys are centrally managed.

Further, in order to eliminate the need for complicated key management processing required by providing such an encryption key management center, the encryption key is generated by exchanging the key before each communication and exchanging the key. An encryption key updating system for updating is known.

FIG. 20 shows an outline of the configuration of a communication device constituting an encryption key updating system for updating such an encryption key. The communication apparatus 10 transmits and receives analog communication information 11 generated by a communication information transmitting / receiving unit (not shown) processed by a communication terminal user and digital communication data 12 communicated via a communication path connecting the communication terminals. Shall be performed. The communication terminal 10 includes a data input / output unit 13 through which analog communication information 11 is input / output.
, Analog communication information 11 and digital communication data 12
An interface unit 14 converts an analog signal into a digital signal or converts a digital signal into an analog signal, and an encryption / decryption unit 16 encrypts or decrypts communication data transmitted and received by the communication terminal 10 based on the encryption key 15. And a network interface unit 17 for standardizing based on an interface for amplifying a signal from a communication path. Further, it has a control circuit 18 for appropriately supplying the encryption key 15 generated by the encryption key generation unit 19 to the encryption / decryption unit 16 and controlling transmission / reception of digital communication data 12 transmitted / received via a communication path. I do. Further, the memory unit 20 can store a communication encryption key decryption key used when encrypting or decrypting the encryption key generated by the encryption key generation unit 19 further.

In such a communication terminal 10, at the time of transmission, the control circuit 18 reads out the communication encryption key decryption key from the memory unit 20 so that the encryption / decryption unit 16 can use the communication encryption key decryption key. . Thereafter, the control circuit 18
Sends a transmission instruction to the network interface unit 17, and when communication is established by a response from the receiving side, the encryption key generation unit 19
Is instructed to generate an encryption key. The encryption key generation unit 19 generates an encryption key by a predetermined algorithm based on, for example, a random number or date and time. The generated encryption key is encrypted using a communication encryption key decryption key and transmitted.

At the time of reception, the control circuit 18 reads the communication encryption key decryption key from the memory unit 20 and
6 can use this communication encryption key decryption key. Thereafter, when the control circuit 18 receives the encryption key received from the network interface unit 17, the control circuit 18 decrypts the encryption key using the communication encryption key decryption key, and the encryption / decryption unit 16 uses the decryption key to decrypt incoming data that has arrived one after another. .

As described above, each time a communication connection is established, an encryption key is generated, and this is encrypted using the communication encryption key decryption key and transmitted to the communication partner. The encryption key can be updated for each communication,
No complicated encryption key management processing is required.

An encryption key updating system for generating a communication encryption key prior to such communication is disclosed in, for example, Japanese Patent Laid-Open No. 6-15 / 1994.
No. 2587.

In an analog communication system, a technique of simultaneously transmitting a secret key using a frequency band in which a communication spectrum does not exist and changing the secret key which has been transmitted to each other when the communication spectrum does not exist is disclosed in, for example, Japanese Patent Publication No. −
No. 58701 discloses this.

[0012]

As described above, by performing cryptographic communication after exchanging secret keys with each other, it is possible to prevent communication from being intercepted unless the exchanged secret keys are used. Has become. But,
Even if there is no exchanged secret key, if the secret key is calculated by an inexperienced person, it will no longer be possible to intercept the communication. In particular, with the speeding-up of computers, it is considered that the possibility that a secret key that has been considered secure after exchange with each other can be determined by some kind of high-speed processing will increase in the future. Therefore, there is a great risk that the secret key in the encrypted communication is recognized as secure.

Therefore, by frequently changing the encryption key, it is possible to reduce the possibility that the communication will be decrypted, as compared with the case where the encryption communication is regularly performed using one specific encryption key.

However, when updating a new encryption key by securing a secure communication channel different from the above-mentioned communication channel, it is necessary to perform a procedure for securing a different communication channel such as by using mail. Complicated labor is required. Furthermore, if the encryption key is updated frequently, there is a problem that the cost becomes higher and the transmission of the encryption key is delayed.

Further, even if cryptographic communication is performed using a communication device constituting an encryption key updating system as shown in FIG. 20 disclosed in Japanese Patent Application Laid-Open No. 6-152587, the encryption key is exchanged during communication. This cannot be performed, and there is a problem that the longer the communication time is, the higher the risk of communication interception by an inexperienced person becomes.

Furthermore, including an encryption key in an unused band of a communication spectrum in an analog communication system as disclosed in Japanese Patent Publication No. 1-58701 is not suitable for a digital communication system.

An object of the present invention is to provide an encryption key updating system and method capable of updating an encryption key during digital communication.

[0018]

According to the first aspect of the present invention, there is provided (a) an encryption / decryption method for transmitting communication information by encrypting or decrypting digital information using a preset first encryption key. (B) invalid part detecting means for detecting a data part invalid for a communication destination from communication data which is valid information to be communicated with each other; Communication data assembling means for assembling communication data by inserting the second encryption key generated by the encryption key generation means into the invalid data portion when the invalid data portion is detected by the partial detection means; (E) an updated encryption key transmitting means for encrypting the communication data assembled by the communication data assembling means using the first encryption key and transmitting it to the communication destination;
The encryption key updating means for decrypting the communication data transmitted by the updated encryption key transmitting means using the first encryption key and updating the encryption key for the encrypted communication with the extracted second encryption key. Have an update system.

That is, according to the first aspect of the present invention, an invalid data portion meaningless to a communication partner is detected from communication data storing valid information to be communicated. Then, after assembling by the communication data assembling means such that the second encryption key to be updated generated by the encryption key generating means is inserted into the detected invalid data portion, communication is performed by encrypting with the first encryption key set in advance. It is sent to the destination. Thus, the encryption key to be updated can be transmitted even during communication, so that the encryption key can be updated.

According to a second aspect of the present invention, in the encryption key updating system according to the first aspect, the communication data is digital information of a fixed length block, and the updated encryption key transmitting means transmits the communication data at predetermined intervals. It is characterized by.

That is, according to the second aspect of the present invention, by using fixed-length blocks transmitted at predetermined intervals in digital communication, it is possible to greatly reduce the load of invalid data portion detection processing.

According to a third aspect of the present invention, in the encryption key updating system according to the second aspect, the predetermined interval at which the updated encryption key transmitting means transmits communication data is longer than a time required for updating the encryption key. And

In other words, according to the third aspect of the present invention, the process of updating a new encryption key is not started during the update of the encryption key, thereby avoiding complication of the process involved in updating the encryption key.

According to the fourth aspect of the present invention, (a) a second encryption key for encrypted communication for transmitting communication information by encrypting or decrypting digital information using a first encryption key set in advance. (B) an invalid part detecting step of detecting a data part that is invalid for the communication destination from communication data that is valid information to be communicated with each other; and (c) an invalid part detecting step by which the invalid part is detected. When a data portion is detected, a communication data assembling step of assembling communication data by inserting the second encryption key generated by the encryption key generation step into the invalid data portion; (C) encrypting the communication data assembled by using the first encryption key and transmitting the encrypted data to the communication destination; An encryption key updating step of decrypting the communication data transmitted in the new encryption key transmitting step using the first encryption key and updating the encryption key of the encrypted communication with the extracted second encryption key. Prepare for an encryption key update method.

That is, in the invention according to claim 4, a second encryption key to be updated is generated in the encryption key generation step,
In the communication data assembling step, communication data as valid information detected by the invalid part detecting means is newly assembled into an invalid data portion as information invalid for the communication partner. Then, in the updated encryption key transmitting step, the assembled communication data is encrypted using the first encryption key to communicate with the other party, and the communication data transmitted in the communication data assembling step is received and output. By updating to the second encryption key, the encryption key is updated during communication.

According to a fifth aspect of the present invention, in the encryption key updating method according to the fourth aspect, the updated encryption key transmission communication data is digital information of a fixed length block, and the updated encryption key transmission step is performed at a predetermined interval. It is characterized by transmitting communication data.

In other words, according to the fifth aspect of the present invention, by using fixed-length blocks transmitted at predetermined intervals in digital communication, the load of invalid data portion detection processing can be greatly reduced.

According to a sixth aspect of the present invention, in the encryption key updating method according to the fifth aspect, the predetermined interval at which the updated encryption key transmitting step transmits communication data is longer than a time required for updating the encryption key. And

In other words, in the invention according to the sixth aspect, the process of updating a new encryption key is not started during the update of the encryption key, thereby avoiding complication of the process involved in updating the encryption key.

[0030]

BEST MODE FOR CARRYING OUT THE INVENTION

[0031]

DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention will be described in detail below with reference to embodiments.

FIG. 1 shows an outline of the configuration of an encryption key updating system for explaining the operation principle in one embodiment of the present invention. This encryption key updating system has a first communication device 20 and a second communication device 21 and is connected by a communication path 22. In the communication path 22, digital signals are transmitted and received as communication signals such as telephone voice and data from the first communication device 20 or the second communication device 21, respectively. Having. Then, the first communication device 20 and the second communication device 21 perform the encryption communication in which the encryption keys are exchanged by transmitting the encryption keys using the bias of the amount of information generated in the communication path 22. become able to.

FIG. 2 shows an outline of a configuration of communication data transmitted and received on the communication path 22 of the encryption key updating system. The communication data 25 has a header section 26 and a data section 27. The header section 26 stores control information such as a data type indicating the type of data of the data section 27 and an effective data length. The data section 27 stores communication information to be transmitted. In addition, communication data 2
5 is composed of fixed-length blocks, which are transmitted at predetermined time intervals.

As described above, the communication data transmitted and received on the communication path 22 has a bias in the amount of information. In addition,
Here, as an information amount bias, communication data is transmitted in a state where the amount of communication information to be transmitted satisfies a capacity that can be originally communicated and a case where the capacity of communication data cannot be satisfied. Refers to a situation where For example, a state in which only the valid data which is communication information to be transmitted to the data portion 27 of the communication data shown in FIG. The data section 27 indicates a state composed of valid data, which is communication information to be transmitted, and other invalid data.

FIG. 3 is a schematic diagram of a system for explaining the deviation of the information amount of communication data transmitted and received on the communication path 22. The system includes a first communication device 20 and a second communication device 21, and a communication transmission line 28 for transmitting communication data from the first communication device 20 to the second communication device 21. A communication transmission path 29 for transmitting communication data from the second communication device 21 to the first communication device 20
Form a communication path. Here, it is assumed that the amount of information communicated on the communication transmission line 28 is biased and the amount of information communicated on the communication transmission line 29 is not biased. In the communication transmission line 28, the data portion 27 of the communication data 25 shown in FIG. 2 is filled with valid communication information to be transmitted, and the communication is performed in a state where the allocated communication band is fully used. I have. On the other hand, the communication transmission line 29 includes invalid data that has no meaning at the communication destination in part or all of the data portion 27 of the communication data 25 shown in FIG. Alternatively, the communication is performed in a state where all of them are not used effectively. Invalid data that has no meaning at this communication destination is, for example, digital data corresponding to a silent state in the case of voice communication,
In the case of data communication, it is padded with “0” indicating that there is no valid information.

In order to detect a bias in the amount of information from communication data containing valid communication information to be communicated, FIG.
The first communication device 20 and the second communication device 21 shown in FIG. 3 each have an encoding unit that detects a bias in the amount of information and rearranges communication data.

FIG. 4 shows an outline of the configuration of an encoding unit which is a main component of the first communication device capable of detecting the above-mentioned bias in the amount of information. Although the configuration of the encoding unit of the first communication device 20 will be described here, the configuration of the encoding unit of the second communication device 21 is the same, and a description thereof will be omitted. This encoding unit 30
An input section 32 into which valid communication data 31 is input and buffered from a communication information generating section (not shown) for generating communication information to be transmitted in a predetermined format configuration, and an invalid data portion when there is a bias in the information amount described above. A sub-data input unit 34, which receives and buffers sub-data 33 from a sub-data generation unit (not shown) that generates sub-data as control information of a type different from communication information to be originally transmitted, Switch section 35 to be input
And

Further, the encoding unit 30 includes a bias detection unit 36.
And constantly monitors the valid communication data 31 of a predetermined format buffered in the input unit 32, for example, data corresponding to a silent state in the case of voice communication or invalid information in the case of data communication. Can be detected by regarding the "0" data corresponding to the information as having an invalid data portion in the communication information. As for detection of the invalid data portion, if the data portion 27 of the communication data 25 is not so long, all bits may be determined. However, valid bits are provided in a predetermined portion of the header portion 26 or the data portion 27. When the valid bit is "0", it may be determined that the data is invalid data. Similarly, a valid bit is provided for each predetermined data length in a predetermined portion of the header portion 26 or the data portion 27, and each bit is valid or invalid only in a data portion in which the valid bit corresponds to "0". Is determined, it is possible to reduce the load of the invalid data portion detection processing. However, any method as described above may be used as long as the invalid data portion can be detected.

As described above, when the bias detection unit 36 detects that there is a bias in the communication information by any of the methods, the selection is made so that the sub-data 33 is inserted into the invalid data portion detected as the bias in the information amount. The control signal 37 is input to the switch unit 35. The communication data 38 in which the sub-data 33 is inserted in the invalid data portion assuming that the information amount is biased by the selection control signal 37 is transmitted to the communication destination via the communication transmission line, and is originally transmitted as invalid data in vain. The pre-allocated bandwidth can be effectively used.

FIG. 5 shows an outline of a configuration of communication data transmitted after the sub data 33 is inserted by the encoding unit 30 shown in FIG. FIG. 5A shows the configuration of the effective communication data 31 generated by the communication information generation unit not shown in FIG. The communication information generation unit (not shown) generates communication information to be transmitted in a predetermined format as shown in FIG. 2 and transmits the communication information in fixed length blocks at predetermined time intervals. Is composed of a header section 39, valid data 40 to be transmitted, and invalid data 41 as a portion in which valid information could not be filled due to a transmission time. The bias detection unit 36 detects that there is invalid data 41 from the valid communication data 31 buffered in the input unit 32, and outputs a selection control signal 37 to the switch unit 35.

FIG. 5B shows the outline of the configuration of the communication data 38 in which the sub data 33 has been inserted in the switch unit 35 by the selection control signal 37. Thus, the communication data 38 is the effective communication data 31
The sub data 33 buffered in the sub data input unit 34 is inserted as the portion of the invalid data 41 of which is detected as having a bias in the amount of information, and the communication data having the same length as the valid communication data 31 is configured. It is supposed to be.

FIG. 6 shows the communication data 31 as shown in FIG.
And the communication data 38 in which the sub-data 33 is inserted to form a communication path having a biased amount of information. Since the deviation of the information amount of the communication information is detected by the deviation detecting unit of each of the encoding units of the first communication device 20 or the second communication device 21, sub-data is inserted into the detected part. Transmission line 4 which is a communication path for effective communication data which should be transmitted originally
4 and a sub-transmission path 45 which is a communication path for sub-data included in communication data transmitted at the same time. As described above, the bias of the communication data is detected, and the sub-data is inserted into that portion, whereby the sub-transmission path 45 is detected.
Can be secured in a pseudo manner.

Therefore, in the cryptographic communication in which the encryption keys are exchanged with each other, the communication device can transmit the encryption keys using the sub-transmission line 45, so that the encryption key can be transmitted without compressing the band of the transmission line 44. Updates can be made.

Next, a more specific description will be given of an encryption key updating process performed in the encryption key updating system described above to perform encrypted communication using a new encryption key.

FIG. 7 shows, as a specific example of the communication system as described above, a first communication terminal 50 and a second communication terminal 52 for mainly transferring digital signal voice data. 1 shows an outline of a configuration of an encryption key updating system for performing digital communication with each other via the Internet. This communication system includes a first communication terminal 50 and a second communication terminal 50.
And is connected via a communication path 52 that can wirelessly transmit communication information between the two terminals.
The communication path 52 may be wired, but considering that wireless communication is more likely to be intercepted, using the communication path 52 as wireless has a greater effect when communication interception is more prevented.

The first communication terminal 50 and the second communication terminal 51
Is transmitted and received by the communication data 25 of the fixed-length block having the configuration shown in FIG. By making the communication data 25 into a fixed-length block in this way, the transmitting side sends out the data length of the fixed-length block as a unit at predetermined time intervals regardless of the amount of effective communication information to be transmitted. As a result, the circuit configurations on the transmission side and the reception side can be simplified, but in many cases, the entire bandwidth of the communication path 52 cannot be effectively used.

FIG. 8 schematically shows how communication data is transmitted via the communication path 52 in the first or second communication device. As described above, as the time elapses, the communication device 53 transmits the communication data 53, 54, and 55 shown in FIG. 2 at a predetermined constant timing with a data length corresponding to the time L at each transmission interval T. ing.

As described above, the time L of the predetermined constant timing
Is transmitted at a transmission interval T for each data length corresponding to the data length. If it is impossible to fill the communication data with the transmission information to be communicated, the data part 27 is partially or entirely filled with invalid data. Therefore, the amount of information becomes uneven.

FIG. 9 shows a main configuration of the first communication terminal 50. Here, the first communication terminal 5
The configuration of the second communication terminal 51 is the same as that of the second communication terminal 51, and the description is omitted. The first communication terminal 50 includes a communication information transmitting / receiving unit that performs predetermined format configuration and decomposition of communication information (not shown), an input / output unit 54 that transmits and receives communication data 53, and a second communication terminal 51.
An antenna 56 for transmitting and receiving a communication radio wave 55 to and from a radio unit 57 for transmitting and receiving a communication radio wave 55 via the antenna 56
And the information data inserted between the input / output unit 54 and the radio unit 57 to detect a bias in the amount of information as described above based on the communication data 53, to rearrange the communication data, to encrypt the communication data, or An information assembling unit 58 for performing decryption;
The control unit 59 controls the input / output unit 54, the radio unit 57, and the information assembling unit 58.

Further, the information assembling section 58 includes the speech encoding section 6
0 and an encryption / decryption unit 61. Voice encoding unit 60
Is connected to the encryption / decryption unit 61, detects the bias in the information amount after digitally converting the transmission data of the audio information from the input / output unit 54, and outputs various information for updating control of the encryption key as the sub data. The inserted transmission data is assembled and output to the encryption / decryption unit 61, or valid reception data is extracted from the reception signal received by the radio unit 57 via the antenna 56, and the user is extracted via the input / output unit 54. Can be output to a communication information transmitting / receiving unit (not shown) that processes the information. The encryption / decryption unit 61 performs encryption or decryption based on the encryption key.

Further, the control unit 59 controls the central processing unit (Ce).
ntral Processing Unit: Hereinafter abbreviated as CPU. ) 62
And read only memory (Read Only Memory:
Abbreviated as ROM. ) 63 and a random access memory (Ra
ndom Access Memory: Hereinafter, abbreviated as RAM. ) 64, and the CPU 62 has a ROM 63 or a RAM.
The input / output unit 54, the radio unit 57, and the information assembling unit 58 are controlled in accordance with a predetermined program stored in the memory 64. The RAM 64 has a CPU 6
2 can save the in-process result and can also store the processing result.

FIG. 10 is a block diagram showing the speech encoding unit 60 shown in FIG.
Of the main part of FIG. The audio encoding unit 60 converts an audio signal, which is an analog signal, through a microphone into an audio signal 61 input through the input / output unit 54. The A / D conversion unit 62 converts the audio information into a digital signal. A buffer unit 63 for buffering the digital signal obtained by the above-mentioned operation, and a silence detecting unit 64 for monitoring communication data buffered in the buffer unit 63 to be transmitted and detecting a silence portion of audio information.
An encryption key update information generation unit 65 that generates encryption key update information such as a new encryption key to update the encryption key; and inserts the encryption key update information into a silent part detected based on the detection result of the silent detection unit 64. And a D / A converter 68 for converting the received communication data into an analog signal.

That is, the audio signal input through the microphone is converted into a digital signal and then buffered in the buffer section 63, and the silent section is detected by the silent section 64. Then, when a silent part is detected, the encryption key update information generated by the encryption key
The silent part is inserted into the detected part and output as communication data. On the other hand, since the received signal received via the antenna 56 has already been decrypted by the encryption / decryption unit 61 using the encryption key, it is directly converted into an analog signal by the D / A converter 68 and output as an audio signal from a speaker or the like. You can do it. To realize such processing, the silence detecting section 64 can perform the following processing.

In the switch section 66, the selection control signal 7
When the encryption key update information is inserted into the communication data by 1, a bit indicating that the encryption key update information has been inserted into the communication data 67 is replaced with the header 26 or the data 27.
, The encryption key update information can be easily extracted on the receiving side.

FIG. 11 is a block diagram showing the speech encoding unit 6 shown in FIG.
9 shows an outline of a processing procedure for inserting the encryption key update information in the silence detecting section 64, which is a main part of No. 0.
As described above, the silence detecting section 64 monitors the communication data 69 buffered in the buffer section 63 to detect a silence portion (step S72), and when a silence portion is detected in the communication data 69 (step S72). : Y), outputs a selection control signal 71 for selectively controlling the switch section 66 so that the encryption key update information 70 generated by the encryption key update information generation section 65 is inserted into the detected silence portion (step). S73). On the other hand, when a silent portion is not detected in the communication data 69 in step S72 (step S7).
2: N), the selection control signal 71 is output so that the communication data 69 is directly selected as valid communication data (step S74). Thus, the switch unit 6
By performing the selection control of No. 6, it is possible to insert and transmit the encryption key update information for updating the encryption key only in the silent part as shown in FIG. 5B.

An encryption / decryption unit 61, which is a main component of the information assembling unit 58, performs encryption of transmission data and decryption of reception data.

FIG. 12 specifically shows the configuration of the encryption / decryption unit 61, which is a main component of the information assembling unit 58. The encryption / decryption unit 61 includes an encryption / decryption unit 75 that performs an encryption process or a decryption process, and an encryption key setting unit 76 in which an encryption key serving as a key for the encryption / decryption process is set.
As a result, using the encryption key set in the encryption key setting unit 76, at the time of transmission, the unprocessed communication data called plaintext 77 is encrypted, and the encrypted communication data called ciphertext 78 is obtained. It is supposed to be. Also,
At the time of reception, the encryption key setting unit 76
Is decrypted by using the encryption key set in, and is converted into plaintext 77. According to the present embodiment, if a common encryption key is used, the effect of the present embodiment can be enjoyed without depending on the encryption process or the decryption process. Note that the encryption / decryption function may be stopped in the encryption / decryption unit 61 as necessary.

As described above, the encryption key updating system according to the present embodiment detects an invalid portion of communication data,
Since another type of signal is inserted into this portion, the encryption key can be transmitted by securing a sub-running path separately from a normal communication path. Next, an encryption key update processing procedure in the first communication terminal 50 and the second communication terminal 51 that performs such encryption key transmission will be described. Hereinafter, in the encryption key updating system shown in FIG.
Transmits a new encryption key to the second communication terminal 51 via the communication path 52, and performs a new encryption communication using the updated encryption key.

FIG. 13 is a first flowchart showing an outline of an encryption key updating procedure in first communication terminal 50. The first communication terminal 50 starts updating the encryption key based on the number of data to be transmitted. That is, the number of transmissions of the communication data of the fixed-length block shown in FIG. 2 is S (S is “0”) from the start of the encryption communication.
(Step S80), and when the number of transmitted data becomes S or more (Step S80: Y), a new encryption key is generated by a predetermined algorithm. (Step S81). The method of creating a new encryption key at this time includes, for example, a method using a random number, a method of generating a new algorithm with a predetermined algorithm based on date and time, and the like, but any method may be used.

When a new encryption key is generated in step S81, notification of the start of encryption key transmission is made to the second communication terminal 51, which is the other party of the encryption communication (step S82). Then, in order to continuously transmit the encryption key update information, the audio encoding unit 60 shown in FIG. 10 detects a silent part of the communication data, and inserts the encryption key update information into the detected part as shown in FIG. . If the detected silent portion is shorter than the length of the encryption key update information, the encryption key update information is divided into the detected silent portion so as to be inserted into the silent portion of the communication data and transmitted multiple times. (Step S8).
3. Step S84: N). Thus, when transmission of all the encryption key update information is completed (step S8)
4: Y), the transmission of the encryption key update information is completed, and an encryption key transmission completion notification is transmitted to the second communication terminal 51 (step S85).

On the other hand, the first communication terminal 50
The second communication terminal 51 to which the encryption key update information shown in FIG.
Then, the following processing is performed.

FIG. 14 is a first flowchart showing an outline of an encryption key updating procedure in second communication terminal 51. Second
The communication terminal 51 waits for the reception of the encryption key transmission start notification transmitted by the first communication terminal 50 in step S82 (step S86). Then, an encryption key transmission start notification is received from the first communication terminal 50 (step S8).
6: Y) At this time, it is assumed that the encryption key update information is transmitted from the first communication terminal 50 for updating to a new encryption key, and the system enters the encryption key update information receiving system (step S87). Here, the encryption key update information is, for example, the encryption key itself or, when transmitted over a plurality of communication data, its sequence number or error correction control information.

Then, as shown in FIG.
When the encryption key update information is transmitted a plurality of times in 83, the sub data is extracted from the communication data received each time, and the encryption key is reconstructed based on the sequence number of the encryption key information received each time ( Step S88, Step S89: N). When the reconfiguration of the predetermined encryption key is completed in this way (step S89: Y), it waits for reception of the encryption key transmission completion notification transmitted from the first communication terminal 50 in step S85 (step S90: N). .

FIG. 15 is a second flowchart showing an outline of an encryption key updating procedure in second communication terminal 51. When an encryption key transmission completion notification is received from the first communication terminal 50 in step S90 shown in FIG. 14 (step S90: Y), the validity of the reconfigured encryption key is confirmed (step S91). This validity check is performed based on a checksum or error correction control information included in the encryption key update information received and reconstructed a plurality of times to determine whether an error has occurred during communication.
When it is determined that there is a problem with the reconfigured encryption key (step S91: N), the current encryption key update process is not performed. If it is determined that there is no problem with the reconstructed encryption key (step S91: Y), an encryption key confirmation notification is transmitted to the first communication terminal 50 (step S92). Then, it waits for an encryption key update completion notification to be transmitted from the first communication terminal 50 that has received the encryption key confirmation notification (step S93: N). The transmission of the encryption key update information is normally completed from the first communication terminal 50,
Upon receiving the encryption key update completion notification transmitted as having been confirmed valid (step S93: Y), it becomes possible to start encrypted communication using the encryption key at an arbitrary timing.

In the first and second communication terminals 50 and 51 as described above, the second communication terminal 51 performs the encrypted communication using the new encryption key which can be recognized by each other. The process can be started by transmitting a new encryption key use request to the communication terminal 50 (step S94) (step S95).

Further, regarding the processing contents in the first communication terminal 50 to which the encryption key confirmation notification has been transmitted by the second communication terminal 51 as shown in FIG. 15, the encryption key transmission completion notification in step S85 shown in FIG. It will be described subsequently.

FIG. 16 is a second flowchart showing an outline of an encryption key updating procedure in first communication terminal 50.
In step S85 shown in FIG. 13, the first communication terminal 50 determines that the transmission of the encryption key has been completed,
1 is notified of the completion of transmission of the encryption key. Then, the second communication terminal 51 reconfigures the received encryption key update information, and transmits an encryption key confirmation notification when there is no problem with the reconfigured encryption key (step S92 in FIG. 15). The communication terminal 50 waits for reception of the encryption key confirmation notification (step S
96: N). That is, after notifying the completion of the transmission of the encryption key update information, it waits for a notification for confirming that the encryption key update information has been successfully received from the second communication terminal 51.

Then, when the encryption key confirmation notification is received (step S96: Y), it is determined whether or not the transmission has been successfully completed based on the encryption key confirmation notification (step S9).
7). Here, when it is determined that the transmission and reception of the encryption key update information as shown in FIG. 13 or FIG. 14 is abnormal (step S97: N), the update with the new encryption key and the encryption communication processing thereof are stopped. I do. However, when it is determined that transmission / reception of the encryption key update information is not a problem (step S9)
7: Y), an encryption key update completion notification is sent to the second communication terminal 5.
1 (step S98), the encrypted communication using the new encryption key can be started at an arbitrary timing.

Then, it waits for reception of a new encryption key use request in step S94 shown in FIG. 15 from the second communication terminal 51 (step S99: N). Here, when a new encryption key use request is received from the second communication terminal 51 (step S99: Y), the first and second communication terminals 51 and 52 thereafter exchange the encryption key with the new encryption key. New encryption communication is started by changing to the encryption key (step S10).
0).

As described above, the first and second communication terminals 5
In steps 0 and 51, processing for updating the encryption key is performed, respectively. Hereinafter, a procedure for updating a new encryption key performed between these communication terminals will be described. Note that in order to facilitate understanding of the encryption key update procedure, an encryption key is set in each of the first and second communication terminals 50 and 51 in advance, and when the voice communication is established in the communication path 52, To enable the encryption function and the decryption function, and assume that the call has been started after a predetermined call start process.

FIG. 17 is a sequence diagram showing an outline of a new encryption key updating procedure performed between the first and second communication terminals. When the first communication terminal 50 and the second communication terminal 51 start talking after a predetermined communication start setting process (110 in FIG. 17), step S80 in FIG.
When the number of communication data to be transmitted from the first communication terminal 50 becomes S or more as shown in FIG.
Is started to notify the second communication terminal 51 of the start of encryption key transmission to perform encrypted communication using the new encryption key (FIG. 1).
7 112). However, if the data amount of the encryption key update information to be transmitted for updating to a new encryption key is not enough to be inserted into a silent part of one communication data, the encryption key transmission 113 is performed a plurality of times (FIG. 17 of 113 ₁
１１３113 _N ). Then, when the transmission of the encryption key update information to be transmitted is completed, an encryption key transmission completion 115 is notified to the second communication terminal 51 as encryption key transmission completion processing 114.

The second communication terminal 51 notified of the completion of the encryption key transmission 115 reconfigures the received encryption key,
Confirmation of the contents of the encryption key 1 as to whether there was no reception error 1
Step 16 is performed. Then, when there is no problem in the validity of the reconstructed encryption key, an encryption key confirmation notification 117 is sent to the first communication terminal 50.

The second communication terminal 51 sends an encryption key confirmation notification 1
The first communication terminal 50 that has received 17 confirms from the confirmation notification whether the encryption key update information has been successfully transmitted (118 in FIG. 17). Then, when it is confirmed that the encryption key update information has been successfully transmitted, an encryption key update completion notification 119 is notified to the second communication terminal 51.

When the update of the encryption key with the new encryption key is completed in this way, the encryption communication with the new encryption key can be started at an arbitrary timing. At this time, for example, when the first communication terminal 50 starts the encryption communication start process 120 using the new encryption key, the second communication terminal 51
By transmitting a new encryption key use request 121 to the first and second communication terminals 50 and 51, encrypted communication is started and the call is finally ended (FIG. 1).
7 122).

As described above, the encryption communication using the new encryption key can be started at an arbitrary timing in response to the encryption key update completion notification. However, since the start of transmission of a new encryption key is started when the number of communication data becomes S or more after the start of encryption communication, the number of transmissions of communication data performed thereafter is set to M (M is “0”). In this case, M must be set to a value larger than the number of transmissions of communication data required for the encryption key update process in order to start the encryption key update process.

FIG. 18 schematically shows the start timing of the encryption key update process by taking the number of transmission data on the horizontal axis to explain the relationship between the encryption key update timing and the number of transmissions of communication data. It is. As for updating to a new encryption key, when encryption communication is started as shown in FIG. 13 (130 in FIG. 18), encryption key update processing is started when the number of transmitted communication data becomes S or more (see FIG. 18). 18 in FIG.
31 ₁ ). However, when the encryption key update information is to be transmitted a plurality of times as shown in the encryption key transmission 113 in FIG. 17, during the predetermined number of transmissions (132 _{1 in} FIG. 18),
The next encryption key update process should not be started. Therefore, to start the second and subsequent encryption key update process, when the transmission number of the communication data is to when the above M pieces, the encryption key update start process 131 ₂ "" S + (required encryption key update (The number of transmitted data) "<" S + M "". This is because the encryption key update start processing 131 ₂ , 131 ₃
, "((The number of transmission data 132 ₁ , 132 ₂ , 132 ₃ ,...) Necessary for updating the encryption key) <
"M".

As described above, the silent portion of the communication data is detected to be used as the sub-runway, and the new encryption key is transmitted by inserting the encryption key into the sub-runway. Since encryption key update information such as a key transmission completion notification and a new encryption key use request is inserted, the bandwidth of the communication path can be used effectively, and the encryption key can be updated during communication with a simple configuration. Can be.

However, in practice, since silence is not always present in communication data, encryption key update information is occasionally transmitted together with communication filled with communication information to be transmitted.

FIG. 19 shows an example of such an actual encryption update sequence. However, the same portions as those in the sequence diagram shown in FIG. 17 are denoted by the same reference numerals, and description thereof will be appropriately omitted. First and second communication terminals 50, 51
When a call is started between the terminals (110 in FIG. 19), if there is a predetermined voice call 135 filled with valid data to be transmitted in all data portions, the transmission of the encryption key is performed after the normal voice call is transmitted. The start process 111 is started, and an encryption key transmission start notification 112 is transmitted to the second communication terminal 51. However, if the next communication data is also filled with valid data, after transmitting the voice call 136, the encryption key update information transmission processing 1 is continued as the encryption key transmission restart processing 137.
13 is performed, and the encryption key update information 113 _{1 to} 113 _N is transmitted to the second communication terminal 51 a plurality of times.
Thereafter, after the voice call 138 filled with the valid data is transmitted again, the encryption key transmission completion processing 114 is performed, and the encryption key transmission completion notification 115 is transmitted.

[0080]

As described above, according to the first aspect of the present invention, the second encryption key, which is a new encryption key generated by the encryption key generation means, is converted from the communication data to the data portion which becomes invalid for the communication destination. , And transmission is performed using the first encryption key that has been set in advance, so that a new encryption key can be transmitted even during encryption communication, and the bandwidth can be effectively used. A secure sub-transmission path for key transmission can be secured.

Further, according to the second aspect of the present invention, the object of detecting the invalid data portion is a fixed-length block transmitted at a predetermined interval in digital communication, so that the encryption key is updated in a certain range. And the reliability of the communication interception can be improved. Further, the processing for detecting the invalid data portion can be significantly reduced.

Further, according to the third aspect of the present invention, the process of updating a new encryption key is not started during the update of the encryption key, so that the processing involved in updating the encryption key is avoided.

According to the fourth aspect of the present invention, the second encryption key, which is a new encryption key generated in the encryption key generation step, is inserted from the communication data into a data portion invalid for the communication destination, Since the transmission is performed using the first encryption key set in advance, a new encryption key can be transmitted even during the encryption communication, and a secure sub-transmission path for transmitting the encryption key can be secured. it can.

Further, according to the fifth aspect of the present invention, since the target for detecting the invalid data portion is a fixed-length block transmitted at a predetermined interval in digital communication, the encryption key is updated in a certain range. And the reliability of the communication interception can be improved. Further, the processing for detecting the invalid data portion can be significantly reduced.

Further, according to the invention of claim 6, the process of updating a new encryption key is not started during the update of the encryption key, thereby avoiding complication of the process associated with the encryption key update.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating an outline of a configuration of an encryption key updating system according to an embodiment.

FIG. 2 is a format configuration diagram showing a configuration of communication data in the present embodiment.

FIG. 3 is an explanatory diagram for explaining an imbalance in the information amount of communication data in the embodiment.

FIG. 4 is a block diagram illustrating an outline of a configuration of an encoding unit that is a main component of the first communication device 20 according to the present embodiment.

FIG. 5A is a first data configuration diagram showing an outline of a format configuration of valid communication data in the present embodiment. (B) The second example showing the outline of the format configuration of the communication data 38 into which the sub data has been inserted in the present embodiment.
FIG. 4 is a data configuration diagram of FIG.

FIG. 6 is an explanatory diagram showing how a sub-transmission path is formed.

FIG. 7 is a system configuration diagram showing an outline of a configuration of an encryption key updating system configured by a digital communication terminal in the present embodiment.

FIG. 8 is a schematic diagram showing how communication data is transmitted in the present embodiment.

FIG. 9 is a block diagram illustrating a main part of a configuration of a first communication terminal 50 according to the present embodiment.

FIG. 10 is a block diagram illustrating a main part of a configuration of a voice encoding unit 60 according to the present embodiment.

FIG. 11 is a flowchart showing an outline of a procedure for selecting encryption key update information of the silence detecting section 64 in the embodiment.

FIG. 12 is a block diagram illustrating an outline of a configuration of an encryption / decryption unit 61 according to the present embodiment.

FIG. 13 is a first flowchart showing an outline of an encryption key update processing procedure in the first communication terminal 50 in the embodiment.

FIG. 14 is a first flowchart showing an outline of an encryption key update processing procedure in the second communication terminal 51 in the embodiment.

FIG. 15 is a second flowchart illustrating an outline of a processing procedure of updating an encryption key in the second communication terminal 51 in the embodiment.

FIG. 16 is a second flowchart illustrating an outline of a processing procedure of updating an encryption key in the first communication terminal 50 in the embodiment.

FIG. 17 is a first sequence diagram illustrating a flow of a new encryption key updating procedure in the embodiment.

FIG. 18 is an explanatory diagram for explaining a relationship between encryption key update start and encryption key update in the embodiment.

FIG. 19 is a second sequence diagram illustrating a flow of a new encryption key updating procedure in the embodiment.

FIG. 20 is a block diagram showing a main part of a configuration of a conventionally proposed encryption key updating device.

[Explanation of symbols]

 Reference Signs List 20 first communication device 21 second communication device 22 communication path 25, 38 communication data 26, 39 header section 27 data section 28, 29 communication transmission path 30 encoding section 31 valid communication data 32 input section 33 sub data 34 sub Data input unit 35 switch unit 36 bias detection unit 37 selection control signal 40 valid data unit 41 invalid data unit

Claims (6)

[Claims] 1. An encryption key generation means for encrypting or decrypting digital information using a first encryption key set in advance and generating a second encryption key for encryption communication for transmitting communication information, and communicating with each other. Invalid part detecting means for detecting a data part which is invalid for the communication destination from communication data which is valid information to be provided; and when the invalid data part is detected by the invalid part detecting means, the invalid data part is ciphered. Communication data assembling means for assembling communication data by inserting the second encryption key generated by the key generation means; and encrypting the communication data assembled by the communication data assembling means using the first encryption key. Updating encryption key transmitting means for converting the communication data transmitted by the updating encryption key transmitting means to the communication destination using the first encryption key The encryption key update system characterized by comprising the encryption key updating means for updating the encryption key of the encrypted communication to the second encryption key extracted with decoding. 2. The encryption key updating system according to claim 1, wherein said communication data is digital information of a fixed-length block, and said update encryption key transmitting means transmits said communication data at predetermined intervals. 3. The encryption key updating system according to claim 2, wherein the predetermined interval at which the updated encryption key transmitting means transmits communication data is longer than a time required for updating the encryption key. 4. An encryption key generating step of generating a second encryption key for encryption communication for transmitting communication information by encrypting or decrypting digital information using a preset first encryption key, and communicating with each other. An invalid portion detecting step of detecting a data portion that is invalid for the communication destination from communication data that is valid information to be transmitted; and when the invalid data portion is detected by the invalid portion detecting step, the invalid data portion is encrypted with A communication data assembling step for assembling communication data by inserting the second encryption key generated by the key generation step; and encrypting the communication data assembled by the communication data assembling means using the first encryption key. And transmitting the updated encryption key to the communication destination. Decrypting the data using the first encryption key and updating the encryption key for the encrypted communication to the extracted second encryption key. Method. 5. The encryption key updating method according to claim 4, wherein said communication data is digital information of a fixed-length block, and said updating encryption key transmitting step transmits said communication data at predetermined intervals. 6. The encryption key updating method according to claim 5, wherein the predetermined interval at which the updated encryption key transmitting step transmits communication data is longer than a time required for updating the encryption key.