JPS63219244A - Enciphered information processing system - Google Patents

Abstract

PURPOSE:To disable decoding substantially and to perform the transmission/ reception of a bit of enciphered information economically, by reading the decoding key of a terminal side from an IC card, etc., and rewriting the decoding key of a key input unit fitting to the enciphering key of a center side. CONSTITUTION:At a transmission side, 10,000 pairs of enciphering keys KEi and KDi and decoding keys Kn are prepared every month. The Kn is enciphered 5 with a DES system by a key Kmi proper to each terminal, and three pairs of Kns are inputted in a data part and are sent. At a reception side, the same key Ci (Kn) of the said terminal group is sampled and decoded 6 by the KDi read from the IC card 9 by using the Kmi generated already. Next, for example, a random number Rn which scrambles an image and a voice at every field is changed, and the initial value of the random number is transferred, then, an enciphered random number C' (Rn) is decoded by using the Kn at a decoding part 4. And an Rne is set equal to an RnD, and a data or a video and the voice is scrambled by an EXOR both in the decoding and encipherment.

Description

DETAILED DESCRIPTION OF THE INVENTION Field of Industrial Application The present invention relates to the encryption of information in information processing, particularly to one-way information transmission systems from a center to a terminal, such as CATV.
, relates to encrypted information processing methods used in pay systems such as satellite broadcasting.

A general example of encrypting and transmitting conventional technical information and decrypting it on the receiving side will be explained with reference to Figure 2 (for example, Figure 1, ``Research on Data Protection and Encryption'', supervised by Matsunobu, p. 63). -27
). The method shown in FIG. 4 is called the MIX method, in which a key K for encrypting plaintext P in the encryption unit 201 is created on the sender side, and 8 The encrypting unit 203 encrypts the key K using the key C, and transmits the encrypted key C to the receiving side. On the receiving side, the key OK is decrypted using the decryption key 204 using the R3A decryption key KD to obtain the DES key K. On the sending side, after confirming that the key K has been correctly received by the receiving side (step 3), the encryption unit 201 encrypts the plaintext P using the key K using the DES method, and transmits the ciphertext C. On the receiving side, the ciphertext C is decrypted using the already obtained key K.
2 is decrypted to obtain plaintext P.

The above is an overview of the operation shown in Fig. 4. When this method is applied to one-sided address pull-0 ATV or satellite broadcasting, the combinations of encryption key and decryption key KD are required for the number of terminals. , it takes a long time to deliver the key K to each terminal. Also, even if K8 is used as the secret key, the same amount of time is required. Also, common to all terminals...
If this is the case, if one device is wiretapped, all devices will be wiretapped. Alternatively, even if K is fixed, if one device is wiretapped, all terminals will be wiretapped. To prevent these dangers, it is possible to use duplicate keys for sending and receiving.

Problems to be Solved by the Invention However, the key for each terminal (hereinafter referred to as K.) is
Security cannot be ensured unless as many terminals are used. Therefore, the conventional configuration has the following problems.

(1) It takes a long time to safely deliver the decryption key to a large number of terminals. For example, if one terminal is accessed for every field of TV multiplication signal, 3,600 terminals will be accessed per minute, and 518 terminals will be accessed per day.
．． Considering that there will be 40,000 terminals and 30 million households across Japan have subscribed, it will take about 6 days. Therefore, in order to access 30 million terminals in one day, 6 terminals need to access one field. That is, in order to quickly access all terminals, it is necessary to send a large number of terminal addresses in a short time.

(2) When assigning a unique key Kmi to each terminal, when delivering fee information and the key Kw that works under Kmi using an IC card, etc., when rewriting and issuing new IC cards are concentrated in a short period of time. , the CPU that manages them becomes unable to process them. For example, if the IC card charge is changed every month, and 30Q○ million cards are to be rewritten in the last three days of the month, and the IC card sales counter is open 12 hours, it is only necessary to process 4 terminals in 4 fields. 10.37 million devices in 12 hours) 1
It is sufficient if one card can be processed in 1/240 seconds, that is, 4 m5elc. However, in reality, humans are involved in typing on the keyboard, which increases the amount of time dedicated to the line, which is impractical, and requires several to ten processing centers with large CPUs across the country.

SUMMARY OF THE INVENTION In view of the above problems, it is an object of the present invention to provide an encrypted information processing system that is virtually impossible to decrypt, cannot be intercepted, and is capable of economically transmitting and receiving encrypted information.

Means for Solving the Problems In order to achieve the above object, the present invention divides a large number of terminals into two or more groups, and has at least one information sending center that sends information to each group. , has one or more keys Kx for encrypting and decoding information, and has an encryption key of 81. The number of decryption keys Kpi is separately provided as many as the number of groups, and the key Kx is encrypted using the encryption key KEi, transmitted to the receiving side, received by the receiving side, and decrypted with the decryption key K.
Di must be used to decrypt and regenerate the key Kx at each terminal group.
Insert the decryption key KDi on the terminal side into a key input device such as an IC card6
1\-' and read it into the terminal, and set the encryption key on the center side to 8
．． The configuration is such that the decryption key Koi of the key input body is rewritten in accordance with the change.

Effect of the present invention With the above-described configuration, the terminal-specific R8A key KDi is rewritten every month using an IC card, for example, and the DES Km
Distributes i using a public key and obtains a decryption key Kmi. For example, 10,000 sets of these are prepared, and the decryption key KIn is obtained from the KD key and the sending-side encryption key KEi. (Therefore, Kmi is 10,000 pairs, and terminal access from the center is completed in 3 seconds with 1 Km per field.) Also, between the IC card and the terminal, a predetermined code is used to send and receive signals. conversion procedure (
If you use a fixed key), it will not be decrypted. If the key length in DES were set to 32 bits (28 data bits), it would take an average of 4.3 years to decode the data, which is enough to discourage eavesdropping on the input data from the IC card. . Then, by preparing 10,000 terminal identification numbers in addition to the terminal management number, the key is delivered from the center by considering the actual terminal addresses as 10,000.

EXAMPLE Hereinafter, an example of the present invention will be described with reference to the drawings.

FIG. 1 shows a case where the present invention is applied to a paid broadcasting system for satellite broadcasting as an embodiment. 1st
In the figure, 1.3 and 5.7 are the encryption unit and encryption key of the device on the transmitting side, that is, the broadcasting station (ground station) side;
4, 6, 8.9 are the decryption key and IC card of the terminal on the receiving side.

Incidentally, FIG. 3 shows a specific example of the configuration of the terminal, in which the timer 21. Program ROM 22, central processing unit 23
．． It consists of an encryption/decryption key 24.

The parts of the entire system that are related to the present invention will be described. In FIG. 1, P is unencrypted information, which is part or all of various information such as video, audio, and paid broadcasting. It is assumed that video and audio are sent in accordance with Japanese satellite broadcasting standards, and for various information, the VBL shown in φ in FIG. 2 or the audio data channel φ2 is used. Here, for simplicity, it is assumed that the data channel of φ2 is used. When sending audio in B mode, the data capacity is 240K.
bps. If data is to be sent and received in a packet configuration, one packet will have a total of 288 bits: 16 bits for the header, 190 bits for data, and 82 bits for correction, and this will be superimposed on 1H in the VBL of φ1. Needless to say, it can be transmitted and received at 5.73 Mbits per second, in accordance with the teletext standard. With 190 bits of data and 82 bits of correction, error correction using the BEST method for teletext can be performed.
Burst errors of 8 bits or less per packet are corrected. In this method, data transmission is 190 times per packet.
It's bit. Assume that two types of packets are used: packets for delivering keys to terminals and packets for transmitting various information, and the packets for various information are 5 packets twice per second, and these are sent 5 times in a row to obtain a majority decision. For example, 2×6×5 per second
-60 packets are information packets, and the key transmission bucket for each terminal is 833 (24000÷288=833)-9, -60=783 packets. In FIG. 1, it is assumed that Kmi is sent between the encryption unit 5 and the decryption key 6 using a public key. The public key is the decryption key K for all terminals.
Ei is (di, ni) and the sender's encryption key is (ex, nx)
Then, every month, 1(dx, nx), (ei.

nl) and prepare 10,000 sets (x-1 to 1ooQo). To strengthen the strength of the encryption, use it as the key to BES!
Add 0 or 1 in a partial pattern to l1i64 bits to convert it into a 100-digit number, and then encrypt this with i. Therefore, the amount of data handled is assumed to be 100 digits, and 400 bits per address (numbers are handled in BCD).
It becomes necessary. Of the 190 bits in one packet, 8 bits are allocated for control and 14 bits are allocated to the address, leaving 168 bits. Therefore, one C (Klni) can be sent in three packets. Therefore, it can be accessed at 783-73=261/sec,
C (Kmi) can be delivered to all terminals in about 40 seconds. Similarly, Kmi can also send encrypted Kn in about 40 seconds. However, if Kn is set to 4 o○ bits, and Kn is set to 64 pits of the DES key, as shown in Figure 3 φ3, 1 part 1 o -
7 Since you can send 2 terminals to Kerat, 783 x 2 = 1566
/second, and can access 10,000 terminals in about 6 seconds. If a packet sending approximately 12 Kmi and a packet sending Kn are accessed to a group of 10,000 terminals, approximately 46
Km and Kn can be delivered to all terminals in seconds. This Km
Since the reception processing for YotoKn is performed once a month, for example, there is no problem even if the software processing takes about one minute in total.

Therefore, if the recipient pays the price and obtains the IC card 9 every month, and inserts the IC card 9 into the decryption key 8 containing the card league, the recipient can decrypt the encrypted information at any time within one minute and make it normal. You can enjoy video and audio. Considering the strength of the cipher, even if K,1 and Kll are 28 digits, it takes an average of 4 to decode it.
．． It is said to be 3 years. If KD and KEi are changed as a set every month, decoding is virtually impossible.

An outline of the operation will be described below with reference to FIG. On the sending side, 10,000 sets of 81 and KDi (each 100-digit integer, 400 bits) are prepared as encryption keys every month. In addition, 10,000 pairs of current month keys Kn for decoding are also prepared. , Kn is composed of 64 bits, Kn is encrypted with DES by KTn engineer,
Three sets of φ, such as <Kn, are inserted into the data portion DM of φ2 in FIG. 2 and sent. In other words, the address is not encrypted and the key is 1Kn.
Only Kmi is sent in the form of encrypted C1 (Kn). On the receiving side, the same key C1(
Kn) is sampled and decoded.

As shown at φ3 in FIG. 2, if the address and key position are fixed within the packet, 1 verification can be easily performed. Further, on the receiving side, DES decoding may be performed by software processing. (
Since the sending side encrypts Kn one after another using a large number of Knl, it is preferable to use )-drossic, that is, IC, but on the receiving side, it is only necessary to decrypt once, so the above-mentioned 1 minute (if only Kn is used) Regular video and audio can be obtained in 6 seconds).

Even if DES decoding takes several seconds, it can be decoded in about 10 seconds in total. When C1(Kn) is decrypted by the decryption circuit using the decryption key 6, Kn is obtained. Kn is this month's decryption key. Next, for a relatively short period of time, for example, one field (approximately 16.7 m)
The random number Rn for scrambling images and audio is changed every time s), and the initial value of the random number, for example, 16 pits (in this case, a random number of 2-1, that is, PN noise) is sent and received, and with the decryption key 4, Kn A random number C' (
Rn).

Data, video, and audio can be scrambled and descrambled by setting Rn6-Rno and using EXOR for both encryption and decryption. As for video, random inversion generation in line units can be encrypted by performing random inversion of each part narrower than one line, and Rn with decryption key 2.
EXOR is formed with D to obtain the original video signal. The audio is P
If it is a CM, the encryption unit 1 can easily encrypt it with Rne,
It can be decrypted with Rnl1l using decryption key 2. In the above operation, if Kn is not known, even if you create a logic to generate Rn, the initial value will be 2-1 times, 16-7 m56
Since it changes every 0, eavesdropping is almost impossible. coincidence 1
Regular video and audio can only be obtained for 6.7 m860. If Kn is composed of 32 bits of DES, it changes every month and is virtually impossible to decipher. Next, I.C.
The exchange of signals between the card and the card reader 13 of the terminal is performed using DES, the decryption key 8 is performed using a microprocessor, and the DES key (a common key for each terminal group) Kci is composed of 64 bits. Otherwise, it will be impossible to decipher. If the Kci data is formed on the same chip as the microcomputer, it is virtually impossible to read it. If K, i, Kn, and Rn are all DES, the microcomputer software may be the same. Data can be read from the IC card either before or after the Kn is changed.
The time may be managed using the timer 21 shown in the figure, or it may be read using a key change signal in a control signal sent in a packet. Central processing unit 23 in FIG. Program ROM
(RAM may also be used) 22 temporarily stores the KDl read from the IC card 9, and when the key is changed on a monthly basis, K is pressed with K. , just decipher. Such keys are managed by the timer 21 and the central processing unit 23. This can be easily done by combining the program ROM 22.

By configuring as described above, a virtually undecipherable and economical encrypted information transmission/reception system can be realized in the form 14.

Effects of the Invention As described above, according to the present invention, the following excellent effects can be achieved.

(1) The terminal access time from the center is short because there can be 10,000 (or 1,000, IQ, 1,000,000) types of IC cards for each terminal group without having to use separate IC cards for each terminal.

(2) Since the IC card contains the charge data and the key KDi for decoding the current month's key, terminals that do not pay charges can only use 1
After a month has passed, the current month's key will automatically change, and the key in the IC card will change automatically.
Di cannot decipher it. Therefore, there is no need to force the terminal to turn off.

(3) The information on the IC card can be configured to be easily readable. Even if you disassemble an IC card and spy on its contents, there are 10,000 different terminals, so the probability that you can use the illegal IC card based on the above information on other terminals is 1 in 10,000.
Furthermore, it is impossible to obtain a large number of terminals of the same group without considering it jointly with the manufacturer. Therefore, there is sufficient security against eavesdropping.

[Brief explanation of the drawing]

Fig. 1 is a block diagram showing an encrypted information processing method in an embodiment of the present invention, Fig. 2 is a data arrangement diagram showing the data structure used in the method, and Fig. 3 is a block diagram showing an example of the configuration of the terminal. 4 are block diagrams showing a conventional encrypted information processing method. 1.3.5...Encryption section, 7...Encryption key, 2゜4.6.8...Decryption key, 9...
...IC card.

Claims (2)

[Claims] (1) A large number of terminals are divided into groups of two or more, and consists of at least one information transmission center that sends information to each group, and a key K_ for encrypting and decoding information.
An encryption key K that has one or more layers of x and is assigned to each terminal group according to group.
_E_i, decryption keys K_D_i are separately provided as many as the number of groups, and the encryption key K_E_i is used to encrypt the key K_x and transmitted to the receiving side, and the receiving side receives it, and the decryption key K_D_i is used to encrypt the key K_x. In order to reproduce the decrypted key K_x at each terminal group, the decryption key K_D_i on the terminal side is read into the terminal from a key input device including a rewritable memory such as an IC card, and the encryption key K_E_i on the center side is read into the terminal. An encrypted information processing method characterized in that the decryption key K_D_i in the key input body is rewritten in accordance with a change in the key input body. (2) The encrypted information processing method according to claim 1, characterized in that the encryption key K_E_i and the decryption key K_D_i are made common.