JPS60260254A - Ciphering processing system - Google Patents
Ciphering processing systemInfo
- Publication number
- JPS60260254A JPS60260254A JP59116046A JP11604684A JPS60260254A JP S60260254 A JPS60260254 A JP S60260254A JP 59116046 A JP59116046 A JP 59116046A JP 11604684 A JP11604684 A JP 11604684A JP S60260254 A JPS60260254 A JP S60260254A
- Authority
- JP
- Japan
- Prior art keywords
- terminal
- line connection
- plaintext
- data
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L17/00—Apparatus or local circuits for transmitting or receiving codes wherein each character is represented by the same number of equal-length code elements, e.g. Baudot code
Abstract
Description
【発明の詳細な説明】
(al 発明の技術分野
本発明は情報処理装置に係り、特に電文の一部を対象に
暗号化および復号化を可能とする暗号処理方式に関す。DETAILED DESCRIPTION OF THE INVENTION Technical Field of the Invention The present invention relates to an information processing device, and particularly to a cryptographic processing method that enables encryption and decryption of a part of a message.
(bl 技術の背景
処理装置或いは端末装置(以後情報処理装置と総称する
)相互間で送受信する電文の機密保護の為に、送信側で
通常の電文(以後平文と称す)を暗号化して送信し、受
信側で到着する暗号文を復号化して元の平文に復元する
暗号化方式が広く採用されている。(bl) Background of the Technology In order to protect the confidentiality of messages sent and received between processing devices or terminal devices (hereinafter collectively referred to as information processing devices), ordinary messages (hereinafter referred to as plaintext) are encrypted and sent on the sending side. , encryption methods are widely used in which the ciphertext that arrives at the receiving end is decrypted and restored to the original plaintext.
(C1従来技術と問題点 第1図は従来ある暗号処理方式の一例を示す図である。(C1 Conventional technology and problems FIG. 1 is a diagram showing an example of a conventional cryptographic processing method.
第1図において、処理装置1−1および1−2は変fj
t調装置2−1および2−2を介して通信回線3を接続
し、電文を送受信する回線接続端子4−1および4−2
を具備している。今通信回線3を経由して伝送する電文
を暗号化する為には、回線接続端子4−1と変復調装置
2−1との間に暗号装置5−1を挿入し、また回線接続
端子4−2と変復調装置2−2との間に暗号装置5−2
を挿入する。かかる状態で処理装置1−1が回線接続端
子4−1から平文を送信すると、暗号装置5−1は受信
した平文を暗号文に暗号化し、変復調装置2−1を介し
て通信回線3に送出する。In FIG. 1, processing devices 1-1 and 1-2 are variable fj
Line connection terminals 4-1 and 4-2 that connect the communication line 3 via the t-control devices 2-1 and 2-2 to send and receive messages.
Equipped with: In order to encrypt the message transmitted via the communication line 3, an encryption device 5-1 is inserted between the line connection terminal 4-1 and the modem 2-1, and the line connection terminal 4-1 is inserted between the line connection terminal 4-1 and the modem 2-1. 2 and the modem device 2-2.
Insert. When the processing device 1-1 transmits plaintext from the line connection terminal 4-1 in this state, the encryption device 5-1 encrypts the received plaintext into ciphertext and sends it to the communication line 3 via the modem device 2-1. do.
該暗号文は、通信回線3および変復調装置2−2を経由
して暗号装置5−2に伝達される。暗号装置5−2は受
信した暗号文を元の平文に復号化し、処理装置1−2の
回線接続端子4−2に伝達する。The ciphertext is transmitted to the encryption device 5-2 via the communication line 3 and the modem 2-2. The cryptographic device 5-2 decrypts the received ciphertext into the original plaintext and transmits it to the line connection terminal 4-2 of the processing device 1-2.
処理装置1−2が回線接続端子4−2から送信する平文
も、暗号装置5−2により暗号文に変換されて通信回線
3に送出され、暗号装置5−1が通信回線3から到着す
る暗号文を元の平文に変換して処理装置1−1に伝達す
る。The plaintext sent by the processing device 1-2 from the line connection terminal 4-2 is also converted into ciphertext by the encryption device 5-2 and sent to the communication line 3, and the encryption device 5-1 converts the ciphertext that arrives from the communication line 3 The sentence is converted into the original plain text and transmitted to the processing device 1-1.
以上の説明から明らかな如く、従来ある暗号処理方式に
おいては、暗号装置5−1または5−2は、それぞれ処
理装置1−1または1−2が送信する平文を総て暗号文
に変換して通信回線3に送出し、且つ通信回線3から変
復調装置2−1または2−2を経由して受信される暗号
分を総て平文に変換して、それぞれ処理装置1−1また
は1−2に送出する。然し第2図に示す如く、処理装置
1′−1および1′−2が例えば第3図に示す如きパケ
ットをパケット交換網6を経由して送受信する場合に第
1図と同様に暗号装置5−1および5−2を挿入すると
、処理装置11−1および1′−2がパケット交換網6
に送出するパケットは総て暗号化され、パケット交換網
6はヘッダHに含まれる通信路7設定の為の制御情報を
識別出来なくなり、パケットを転送することが出来なく
なる。従って処理装置1′−1およびI′−2は暗号処
理機構8−1および8−2を設け、送受信の対象となる
平文を含むデータDのみに暗号処理を行い、暗号処理の
対象としないヘッダHと結合分離してパケットを送受信
する必要がある。然し暗号処理機構8−1および8−2
は処理装置1°−■および1°−2の処理能力を大幅に
占有する恐れがあり、処理装置1’−1および1’−2
の処理能力を低下させる原因となる。As is clear from the above explanation, in a conventional cryptographic processing system, the cryptographic device 5-1 or 5-2 converts all plaintext sent by the processing device 1-1 or 1-2, respectively, into ciphertext. All encrypted parts sent to the communication line 3 and received from the communication line 3 via the modulation/demodulation device 2-1 or 2-2 are converted into plaintext and sent to the processing device 1-1 or 1-2, respectively. Send. However, as shown in FIG. 2, when the processing devices 1'-1 and 1'-2 transmit and receive packets as shown in FIG. 3 via the packet switching network 6, the encryption device 5 -1 and 5-2, the processing units 11-1 and 1'-2 are connected to the packet switching network 6.
All packets sent to the header H are encrypted, and the packet switching network 6 is no longer able to identify the control information for setting up the communication path 7 contained in the header H, and cannot transfer the packets. Therefore, processing devices 1'-1 and I'-2 are provided with cryptographic processing mechanisms 8-1 and 8-2, and perform cryptographic processing only on data D that includes plaintext to be sent and received, and only headers that are not subject to cryptographic processing. It is necessary to send and receive packets by combining and separating them with H. However, the cryptographic processing mechanisms 8-1 and 8-2
may occupy a large amount of the processing capacity of processing equipment 1°-■ and 1°-2, and processing equipment 1'-1 and 1'-2
This causes a decrease in processing capacity.
(d) 発明の目的
本発明の目的は、前述の如き従来ある暗号処理方式の欠
点を除去し、情報処理装置の処理能力を );低下させ
ること無く、電文の一部を対象に暗号処理可能とする手
段を実現することに在る。(d) Purpose of the Invention The purpose of the present invention is to eliminate the drawbacks of conventional cryptographic processing methods as described above, and to enable cryptographic processing of a part of a message without reducing the processing capacity of an information processing device. The goal is to realize the means to do so.
(el 発明の構成
この目的は、通信回線を接続し、電文を送受信する複数
の回線接続端子を具備する情報処理装置において、平文
端子から入力される平文を暗号化して暗号文端子から出
力し、該暗号文端子から入力される暗号文を復号化して
前記平文端子から出力する暗号装置の前記平文端子を第
一の前記回線接続端子に接続し、前記暗号装置の暗号文
端子と第二の前記回線接続端子との間で情報を転送する
手段を設け、前記第一の回線接続端子に送出した平文に
対する暗号文を前記第二の回線接続端子から受信し、前
記第二の回線接続端子に送出した暗号文に対する平文を
前記第一の回線接続端子から受信することにより達成さ
れる。(el) Structure of the Invention The object of the present invention is to, in an information processing apparatus equipped with a plurality of line connection terminals for connecting communication lines and transmitting and receiving messages, encrypt plaintext input from a plaintext terminal and output it from a ciphertext terminal; The plaintext terminal of an encryption device that decrypts the ciphertext input from the ciphertext terminal and outputs it from the plaintext terminal is connected to the first line connection terminal, and the ciphertext terminal of the encryption device and the second A means for transferring information to and from the line connection terminal is provided, and the ciphertext corresponding to the plaintext sent to the first line connection terminal is received from the second line connection terminal, and the ciphertext is sent to the second line connection terminal. This is achieved by receiving the plaintext corresponding to the ciphertext from the first line connection terminal.
即ち本発明においては、情報処理装置は暗号処理の対象
とする電文のみを第一および第二の回線接続端子に接続
した暗号装置により暗号処理を行い、暗号処理の対象と
しない電文と結合分離することが可能となり、暗号処理
の為に処理能力を低下される恐れは殆ど無い。That is, in the present invention, the information processing device performs cryptographic processing on only the message to be subjected to cryptographic processing using the cryptographic device connected to the first and second line connection terminals, and combines and separates the message that is not to be subjected to cryptographic processing. This makes it possible to do this, and there is almost no risk that the processing capacity will be degraded due to cryptographic processing.
(f) 発明の実施例 以下、本発明の一実施例を図面により説明する。(f) Examples of the invention An embodiment of the present invention will be described below with reference to the drawings.
第4図は本発明の一実施例による暗号処理方式を示す図
である。なお、全図を通じて同一符号は同一対象物を示
す。また第4図には一方の処理装置1′″−1のみが示
され、通信対象となる他の処理装置(第2図におけるI
′−2相当)は省馬されている。第4図において、処理
装置1 ” −1は変復調装置2°−1を介してパケッ
ト交換網6に接続される回線接続端子4−1の他に、第
一の回線接続端子4−3および第二の回線接続端子4を
具備している。第一の回線接続端子4−3には第1図に
おけると同等の暗号装置5−1の平文を送受信する端子
(以後平文端子と称する)が接続されている。該暗号装
置5−1の暗号文を送受信する端子(以後暗号文端子と
称する)と、処理装置1′′−1の第二の回線接続端子
4−4とは、変復調装置2−1と同等の構成を有し、互
いに通信回線収各端子同志を接続された2組の変復調装
置2−3および2−4により接続されている。かかる状
態で、処理装置1 ” −1が回線接続端子4−1から
変復調装置2−1を介してパケット交換網6に、暗号化
されないヘッダHと暗号化されたデータDとから構成さ
れるパケットを送信する為には、第一の回線接続端子4
−3から暗号装置5−1に暗号処理の対象とするデータ
Dを送出する。暗号装置5−1は、平文端子から受信し
たデータDを暗号化し、暗号文端子から変復調装置2−
3に伝達する。変復調装M2−3は、暗号装置5−1か
ら伝達された暗号化されたデータDを通信回線収容端子
を介して変復調装置2−4に伝達する。変復調装置2−
4は、受信した暗号化されたデータDを処理装置1 ”
−1の第二の回線接続端子4−4に伝達する。処理装置
1 ” −1は、第二の回線接続端子4−4から受信し
た暗号化されたデータDに、暗号化されぬヘッダHを結
合し、回線接続端子4−1から変復調装置2−1を介し
てパケット交換網6に送出する。一方暗号化されぬヘッ
ダHと暗号化されたデータDとを有するパケットが、パ
ケット交換網6から変復調装置2−1を介して回線接続
端子4−1に到着すると、処理袋r゛°−−1は回線接
続端子4−1から受信したパケットを暗号化されぬヘッ
ダHと暗号化されたデータDとに分離し、暗号化された
データDは第二の回線接続端子4−4から変fjE調装
置2−4に送出する。FIG. 4 is a diagram showing a cryptographic processing method according to an embodiment of the present invention. Note that the same reference numerals indicate the same objects throughout the figures. Further, in FIG. 4, only one processing device 1''-1 is shown, and the other processing device (I in FIG.
'-2 equivalent) has been omitted. In FIG. 4, the processing device 1''-1 has a first line connection terminal 4-3 and a The first line connection terminal 4-3 is connected to a terminal (hereinafter referred to as a plaintext terminal) for transmitting and receiving plaintext of the encryption device 5-1, which is equivalent to that shown in FIG. The terminal for transmitting and receiving ciphertext of the encryption device 5-1 (hereinafter referred to as the ciphertext terminal) and the second line connection terminal 4-4 of the processing device 1''-1 are connected to the modem device 2. -1, and are connected by two sets of modulation/demodulation devices 2-3 and 2-4, each of which has a communication line terminal connected to each other.In this state, processing device 1"-1 is connected to In order to transmit a packet consisting of an unencrypted header H and encrypted data D from the line connection terminal 4-1 to the packet switching network 6 via the modem 2-1, the first line Connection terminal 4
-3 sends data D to be cryptographically processed to the cryptographic device 5-1. The encryption device 5-1 encrypts the data D received from the plaintext terminal, and sends the data D from the ciphertext terminal to the modem device 2-.
3. The modem M2-3 transmits the encrypted data D transmitted from the encryption device 5-1 to the modem 2-4 via the communication line accommodation terminal. Modem/demodulator 2-
4, the received encrypted data D is processed by the processing device 1.
-1 to the second line connection terminal 4-4. The processing device 1''-1 combines the unencrypted header H with the encrypted data D received from the second line connection terminal 4-4, and transmits the data from the line connection terminal 4-1 to the modem device 2-1. On the other hand, a packet having an unencrypted header H and encrypted data D is transmitted from the packet switching network 6 to the line connection terminal 4-1 via the modem 2-1. , the processing bag r゛°--1 separates the packet received from the line connection terminal 4-1 into an unencrypted header H and encrypted data D, and the encrypted data D is The signal is sent from the second line connection terminal 4-4 to the fjE modulator 2-4.
変復調装置2−4は、受信した暗号化されたデータDを
通信回線収容端子を介して変復調装置2−3に伝達する
。変復調装置2−3は、受信した暗号化されたデータD
を暗号装置5−1の暗号文端子に伝達する。暗号装置5
−1は、暗号文端子から受信した暗号化されたデータD
を復号化して平文のデータDを作成し、平文端子から処
理装置IIT 1の第一の回線接続端子4−3に伝達す
る。The modem 2-4 transmits the received encrypted data D to the modem 2-3 via the communication line accommodation terminal. The modem 2-3 receives the received encrypted data D.
is transmitted to the ciphertext terminal of the cryptographic device 5-1. Encryption device 5
-1 is the encrypted data D received from the ciphertext terminal
is decrypted to create plaintext data D, which is transmitted from the plaintext terminal to the first line connection terminal 4-3 of the processing device IIT1.
以上iより、処理装置1 ” −1は、平文となったデ
ータDを受信する。From the above i, the processing device 1''-1 receives the data D in plain text.
以上の説明から明らかな如く、本実施例によれば、処理
装置1 ” −1は外部に設けた暗号装置5−1により
パケットのデータDを暗号処理する為、処理装置1 ”
−1の処理能力が暗号処理により圧迫される恐れは殆
ど無い。As is clear from the above description, according to the present embodiment, the processing device 1 ``-1 cryptographically processes the packet data D using the externally provided encryption device 5-1.
There is almost no possibility that the processing capacity of -1 will be compressed by cryptographic processing.
なお、第4図はあく迄本発明の一実施例に過ぎず、例え
ば暗号装置5−1の暗号文端子と処理装置1 ” −1
の第二の回線接続端子4−4との間に暗号化されたデー
タDを転送する手段は標準の変復調装置2−3および2
−4により構成されるものに限定されることは無く、同
様の機能を有する専用のインターフェース変換回路を構
成することも考慮されるが、かかる場合にも本発明の効
果は変わらない。また本発明の対象は処理装置に限定さ
れることは無く、端末装置等を含む情報処理装置に対し
ても本発明の効果は変わらない。更に本発明の対象はパ
ケット交換網に限定されぬことは言う迄も無い。Note that FIG. 4 is only one embodiment of the present invention, and for example, the ciphertext terminal of the encryption device 5-1 and the processing device 1''-1
The means for transferring the encrypted data D to the second line connection terminal 4-4 of the standard modem devices 2-3 and 2
-4, and it is also possible to configure a dedicated interface conversion circuit having a similar function, but the effects of the present invention remain unchanged even in such a case. Furthermore, the object of the present invention is not limited to processing devices, and the effects of the present invention remain the same for information processing devices including terminal devices and the like. Furthermore, it goes without saying that the object of the present invention is not limited to packet switching networks.
(&1 発明の効果
以上、本発明によれば、前記情報処理装置において、処
理能力を低下させること無く、電文の一部が暗号処理可
能となる。(&1 Effects of the Invention As described above, according to the present invention, in the information processing apparatus, a part of the message can be encrypted without reducing the processing capacity.
第1図は従来ある暗号処理方式の一例を示す図、第2図
は従来ある暗号処理方式の他の一例を示す図、第3図は
第2図におけるパケットの一例を示す図、第4図は本発
明の一実施例による暗号処理方式を示す図である。
図において、1−1.1−2.11−1.1′・−2お
よび1”−1は処理装置、2−1乃至2−4は変復調装
置、3は通信回線、4−1乃至4−4は回線接続端子、
5−1および5−2は暗号装置、6はパケット交換網、
7は通信路、8−1および8−2は暗号処理機構、Hは
ヘッダ、Dはデータ、を示す。FIG. 1 is a diagram showing an example of a conventional cryptographic processing method, FIG. 2 is a diagram showing another example of a conventional cryptographic processing method, FIG. 3 is a diagram showing an example of the packet in FIG. 2, and FIG. 4 is a diagram showing an example of a conventional cryptographic processing method. FIG. 1 is a diagram showing a cryptographic processing method according to an embodiment of the present invention. In the figure, 1-1.1-2.11-1.1', -2 and 1"-1 are processing units, 2-1 to 2-4 are modem devices, 3 is a communication line, and 4-1 to 4 -4 is the line connection terminal,
5-1 and 5-2 are encryption devices, 6 is a packet switching network,
7 is a communication path, 8-1 and 8-2 are cryptographic processing mechanisms, H is a header, and D is data.
Claims (1)
子を具備する情報処理装置において、平文端子から入力
される平文を暗号化して暗号文端子から出力し、該暗号
文端子から入力される暗号文を復号化して前記平文端子
から出力する暗号装置の前記平文端子を第一の前記回線
接続端子に接続し、前記暗号装置の暗号文端子と第二の
前記回線接続端子との間で情報を転送する手段を設け、
前記第一の回線接続端子に送出した平文に対する暗号文
を前記第二の回線接続端子から受信し、前記第二の回線
接続端子に送出した暗号文に対する平文を前記第一の回
線接続端子から受信することを特徴とする暗号処理方式
。In an information processing device equipped with a plurality of line connection terminals for connecting communication lines and transmitting and receiving messages, the plaintext input from the plaintext terminal is encrypted and output from the ciphertext terminal, and the cipher text input from the ciphertext terminal is encrypted. The plaintext terminal of an encryption device that decrypts a text and outputs it from the plaintext terminal is connected to the first line connection terminal, and information is transmitted between the ciphertext terminal of the encryption device and the second line connection terminal. Provide a means to transfer
Receiving ciphertext corresponding to the plaintext sent to the first line connection terminal from the second line connection terminal, and receiving plaintext corresponding to the ciphertext sent to the second line connection terminal from the first line connection terminal. A cryptographic processing method characterized by:
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP59116046A JPS60260254A (en) | 1984-06-06 | 1984-06-06 | Ciphering processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP59116046A JPS60260254A (en) | 1984-06-06 | 1984-06-06 | Ciphering processing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JPS60260254A true JPS60260254A (en) | 1985-12-23 |
Family
ID=14677366
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP59116046A Pending JPS60260254A (en) | 1984-06-06 | 1984-06-06 | Ciphering processing system |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPS60260254A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH0470029A (en) * | 1990-07-09 | 1992-03-05 | Hajime Kitagawa | Ciphering adaptor |
| JPH0677954A (en) * | 1990-06-29 | 1994-03-18 | Digital Equip Corp <Dec> | Apparatus and method for processing of code provided with arbitrary selective status encoding |
| US6052786A (en) * | 1997-07-22 | 2000-04-18 | Fujitsu Limited | Secrecy communication system |
| US6337848B1 (en) | 1997-10-17 | 2002-01-08 | Fujitsu Limited | Path switching device for transmission apparatus |
| US6366128B1 (en) * | 2000-09-05 | 2002-04-02 | Xilinx, Inc. | Circuit for producing low-voltage differential signals |
-
1984
- 1984-06-06 JP JP59116046A patent/JPS60260254A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH0677954A (en) * | 1990-06-29 | 1994-03-18 | Digital Equip Corp <Dec> | Apparatus and method for processing of code provided with arbitrary selective status encoding |
| JP2693881B2 (en) * | 1990-06-29 | 1997-12-24 | ディジタル イクイプメント コーポレイション | Cryptographic processing apparatus and method used in communication network |
| JPH0470029A (en) * | 1990-07-09 | 1992-03-05 | Hajime Kitagawa | Ciphering adaptor |
| US6052786A (en) * | 1997-07-22 | 2000-04-18 | Fujitsu Limited | Secrecy communication system |
| US6337848B1 (en) | 1997-10-17 | 2002-01-08 | Fujitsu Limited | Path switching device for transmission apparatus |
| US6366128B1 (en) * | 2000-09-05 | 2002-04-02 | Xilinx, Inc. | Circuit for producing low-voltage differential signals |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7519811B1 (en) | Data transmission controlling method and data transmission system | |
| US6289451B1 (en) | System and method for efficiently implementing an authenticated communications channel that facilitates tamper detection | |
| US6694430B1 (en) | Data encryption integrated circuit with on-board dual-use memory | |
| CN102088441B (en) | Data encryption transmission method and system for message-oriented middleware | |
| JP3111468B2 (en) | Communication concealment method | |
| KR20000023124A (en) | Safe transmission of broadband data messages | |
| CN101283554B (en) | Relay unit, communication terminal and communication method | |
| US7058390B2 (en) | Mobile communication system using an encryption/decryption device | |
| JPH09307542A (en) | Data transmitter and data transmission method | |
| JPS60260254A (en) | Ciphering processing system | |
| WO2002067100A1 (en) | Encryption and decryption system for multiple node network | |
| JP2002152189A (en) | Open key distributing method, and open key transmitting device and open key receiving device used for the same method | |
| JPH0677954A (en) | Apparatus and method for processing of code provided with arbitrary selective status encoding | |
| CN110650121A (en) | Stream media data security system based on distributed system | |
| KR20070005073A (en) | Apparatus and method for high-speed distributing encryption and deencryption with multi-session | |
| JPS63155930A (en) | Enciphered data communication system | |
| JP2563921B2 (en) | Secret communication system | |
| JPS60102038A (en) | Cipher communication system | |
| JPS6181043A (en) | Cipher processing system of packet communication | |
| Herbison | Low cost outboard cryptographic support for SILS and SP4 | |
| CN117201232A (en) | High-performance IPSec VPN method | |
| JPS61114633A (en) | Multiple address communication system | |
| JP3057724B2 (en) | Encryption device | |
| JPS59154849A (en) | Simple ciphering device in packet exchange network | |
| KR19990004237A (en) | Apparatus and method for encrypting / decrypting data in asynchronous transmission mode network |