WO2008029853A1 - Encryption key delivery device and encryption key delivery method - Google Patents

Encryption key delivery device and encryption key delivery method Download PDF

Info

Publication number
WO2008029853A1
WO2008029853A1 PCT/JP2007/067331 JP2007067331W WO2008029853A1 WO 2008029853 A1 WO2008029853 A1 WO 2008029853A1 JP 2007067331 W JP2007067331 W JP 2007067331W WO 2008029853 A1 WO2008029853 A1 WO 2008029853A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption key
packet
key
multicast
unit
Prior art date
Application number
PCT/JP2007/067331
Other languages
French (fr)
Japanese (ja)
Inventor
Kunihiko Sakaibara
Original Assignee
Panasonic Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Panasonic Corporation filed Critical Panasonic Corporation
Publication of WO2008029853A1 publication Critical patent/WO2008029853A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications

Definitions

  • the present invention relates to a secret key distribution apparatus and encryption key distribution method used in multicast communication or broadcast communication.
  • wireless LANs use a fixed encryption key called WEP (Wired Equivalent Privacy) to encrypt data in wireless communications.
  • WEP Wired Equivalent Privacy
  • the cipher is changed from the initial 40-bit unit code to the 128-bit unit code and further to the 256-bit unit code.
  • the complexity of computerization is progressing. In other words, in order to pursue the confidentiality of data, encryption keys that are inevitably long and infinitely long have been required.
  • TKIP Temporal Key Integrity Protocol
  • FIG. 3 is a diagram illustrating an example of a configuration of a conventional communication system.
  • FIG. 4 is a diagram showing an encryption block and a communication form of the communication system of FIG.
  • phase 1 key mixer 70 generates a first key number from temporary key TK, terminal ⁇ AC address, TA, and initialization vector IV.
  • the phase 2 key mixer 71 generates a second encryption key for each packet from the first encryption key generated by the phase 1 key mixer 70 and the initialization vector IV.
  • the encryption encapsulation unit 72 uses the second encryption key generated by the phase 2 key mixer 71, the encryption encapsulation unit 72 encrypts and encapsulates the packet that is the communication data, and the wireless receiving terminals 30 to 32 Communicate with each other individually.
  • the initialization vector IV is incremented for each packet and changes every moment, it is possible to dynamically change the second encryption key used for communication with each wireless receiving terminal.
  • IPSec IP Security
  • Non-Patent Document 1 Wireless Ubiquitous (Hidewa System)
  • the terminal MAC address and TA of the radio receiving terminal are used as elements for generating the encryption key, encryption is individually performed for each radio receiving terminal. There is a problem that it is necessary to generate a stream. Also, fixed IP IPSec, which realizes encrypted tunneling between them, is a security that assumes individual communication with each wireless receiving terminal, and has the same problems. That is, the conventional encryption technology is not suitable for group communication or multicast communication in which the same data is transmitted by designating a plurality of parties.
  • the encryption key can be appropriately updated as described above. Therefore, the network can be used after communication is started without obtaining an initial encryption key.
  • the wireless receiving terminals for example, the wireless receiving terminal 40 and the wireless receiving terminal 50 in FIG. 3 connected to the network are difficult to follow-up to the multicast communication encrypted for the group.
  • a wireless reception terminal for example, wireless reception terminal 60 in FIG. 3 that has been temporarily disconnected due to a failure during communication and has not been able to acquire an intermediate encryption key and has reconnected to the network (for example, wireless reception terminal 60 in FIG. 3)
  • it is difficult to return to the encrypted multi-cast communication The problem of subsequent follow-up / participation and return to multicast communication becomes more difficult as the security of multicast communication increases.
  • the present invention has been made in view of strength and strength, and provides an encryption key distribution device and an encryption key distribution method capable of performing reliable and flexible communication while maintaining security strength.
  • the purpose is to provide.
  • the encryption key distribution device of the present invention includes a generation unit capable of generating an encryption key for encrypting a packet transmitted to a plurality of radio reception terminals by multicast or broadcast for each minimum packet, A holding unit that holds a plurality of encryption keys generated by the generation unit for a plurality of consecutive packets, and any of the holding units held by the holding unit with respect to! / Some encryption keys are multicast or It adopts a configuration comprising a distribution unit that distributes independently of packets transmitted by loadcast.
  • the encryption key distribution method of the present invention includes a generation step capable of generating an encryption key for encrypting a packet transmitted to a plurality of radio receiving terminals by multicast or broadcast for each minimum packet, A holding step for holding a plurality of encryption keys generated for a plurality of consecutive packets, and any one of the plurality of key codes for! /, Misalignment of the plurality of wireless receiving terminals And a distribution step of distributing the key number independently of a packet transmitted by multicast or broadcast.
  • a plurality of packet encryption keys for consecutive packets are generated in advance, held, and distributed to a plurality of receiving terminals, so that reliable and flexible communication is maintained while maintaining security strength. It can be performed.
  • FIG. 1 is a diagram showing an example of the configuration of a multicast communication system according to an embodiment of the present invention.
  • FIG. 2 is a diagram showing encryption blocks and communication forms of the multicast communication system of FIG.
  • FIG. 3 is a diagram showing an example of the configuration of a conventional communication system
  • FIG. 4 is a diagram showing an encryption block and a communication form of the communication system of FIG.
  • FIG. 1 is a diagram showing an example of a configuration of a multicast communication system according to an embodiment of the present invention.
  • a multicast communication system 100 includes a server 110, a wireless transmission terminal (hereinafter simply referred to as “transmission terminal” !), six wireless reception terminals (hereinafter simply referred to as “reception terminal” and! 130, 140, 150, 160, 170, 180.
  • transmission terminal hereinafter simply referred to as “transmission terminal” !!
  • reception terminal six wireless reception terminals (hereinafter simply referred to as “reception terminal” and! 130, 140, 150, 160, 170, 180.
  • the main source of data is the sending terminal and the receiving destination is the receiving terminal.
  • Receiving terminals 130 to 180 are the same multicast group in multicast communication. Registered in the group. Therefore, the receiving terminals 130 to 180 have a common multicast address set or hold a common group key! /.
  • the sending terminal 120 and the receiving terminals 130 to 180 are VPN (Virtual Private Network) devices that encrypt the entire packet using a packet encryption key and add a new header to the packet and encapsulate it for transmission. Function.
  • the server 110 stores and manages various data such as video and audio.
  • the server 110 provides data managed by the server 110 to the transmission terminal 120 and other terminals, which are client computers, through a network such as the Internet.
  • the data stored and managed by the server 110 includes, for example, a key such as a temporary key TK used between each multicast group and an ID such as a user ID and a group ID set for each multicast group. included.
  • the transmission terminal 120 as the ⁇ key distribution device is, for example, an access point (AP) or a base station (BS).
  • the transmitting terminal 120 encrypts a packet of data such as video and audio using a packet encryption key, and multicasts it to the receiving terminals 130-180.
  • the sending terminal 120 can send packets to the multicast group consisting of the receiving terminals 130 to 180 simultaneously by setting the multicast address set to the receiving terminals 130 to 180 as the packet destination. .
  • the data constituting the packet transmitted from the transmission terminal 120 is, for example, information provided from the server 110 or information held by itself!
  • the transmitting terminal 120 generates a packet encryption key for encrypting a packet to be transmitted to the receiving terminals 130 to 180 for each packet.
  • the transmission terminal 120 holds the packet encryption key generated for a plurality of consecutive packets as a continuous encryption key applied to the plurality of consecutive packets. That is, the transmission terminal 120 holds a packet encryption key for an arbitrary packet and a packet number key for a packet that is continuous with the arbitrary packet.
  • the transmitting terminal 120 transmits a packet encryption key corresponding to a previously transmitted packet, a packet encryption key corresponding to a previously transmitted packet, and a packet corresponding to a subsequently transmitted packet together with the packet encryption key corresponding to the currently transmitted packet. Holds the encryption key. That is, the transmitting terminal 120 In addition to the packet encryption key to be used, a plurality of packet encryption keys used before or after the update are generated in advance (advanced generation). Note that the number of packet number keys generated in advance can be arbitrarily determined according to the capability of the transmission terminal 120 or an agreement between the transmission terminal 120 and the reception terminals 130 to 180.
  • the transmitting terminal 120 is generated in advance when receiving a request to distribute a packet code key (hereinafter referred to as a "packet encryption key distribution request") from a receiving terminal that is a member of a multicast group. Distribute the packet encryption key to the receiving terminal. At this time, the transmitting terminal 120 delivers together the packet encryption key requested by the packet encryption key distribution request and the packet encryption key continuous with the packet encryption key. For example, when the transmitting terminal 120 distributes a packet encryption key corresponding to a currently transmitted packet, the transmitting terminal 120 transmits a packet encryption key corresponding to a previously transmitted packet and a packet number corresponding to a subsequently transmitted packet. The ability to distribute keys in a batch is possible.
  • the receiving terminal to which the packet encryption key is distributed can smoothly follow-up / enter / return to / from multicast communication.
  • storing and holding the distribution data allows the previously transmitted packet to be decoded, so that more accurate data can be reproduced.
  • the receiving terminals 130 to 180 are, for example, a personal computer having a wireless LAN interface or its peripheral devices.
  • the receiving terminals 130 to 180 receive the packets transmitted from the transmitting terminal 120.
  • the receiving terminals 130 to 180 use the packet encryption key delivered from the transmitting terminal 120 to decrypt the received packet.
  • the receiving terminals 130 to 180 reproduce the decrypted packet.
  • the receiving terminals 130 to 180 do not hold the packet encryption key corresponding to the packet that is desired to be decrypted, and therefore cannot decrypt the packet and cannot participate in multicast communication.
  • the packet encryption key distribution request is transmitted to the transmission terminal 120.
  • This packet encryption key distribution request is an inquiry about the state of the packet encryption key, that is, the packet encryption key currently used and the packet encryption key used before and after it. Information inquiry.
  • the packet encryption key distribution request is required when, for example, the network is connected after the start of communication without acquiring the initial packet encryption key (follow-up entry), or after the communication is temporarily disconnected. It may be possible to reconnect to (return).
  • FIG. 2 is a diagram showing an encryption block and a communication form of the multicast communication system 100 of FIG.
  • the encryption block includes a first phase key mixer 210, a packet encryption key holding unit 220, a message integrity check (MIC) unit 230, and a fragment unit 240.
  • a ⁇ number encapsulation unit 250 and a packet ⁇ number key distribution unit 260 are provided.
  • the packet encryption key holding unit 220 includes a plurality of second phase key mixers, here, three second phase key mixers 221, 222, 223.
  • the first phase key mixer 210 as the first generation unit uses the temporary key TK, the multicast address or group key (Group Key), and the initialization vector IV to generate the packet number key.
  • An element key (hereinafter referred to as “reserve key”) is generated.
  • the first phase key mixer 210 generates this spare key once in N packets (N is an arbitrary integer). That is, the first phase key mixer 210 updates the spare key by generating a new spare key every N packets.
  • the first phase key mixer 210 outputs the generated spare key to each of the second phase key mixers 22;! To 223 of the packet encryption key holding unit 220.
  • the temporary key TK is a long (for example, 128 bits) key that is shared between the transmitting terminal 120 and the receiving terminals 130 to 180 and generated by a hash function or the like. Each receiving terminal can obtain the temporary key TK by various methods, for example, key distribution by ⁇ 802.1 ⁇ .
  • the initialization vector IV indicates an initial value extracted from the temporary key TK according to a certain rule, and is automatically generated by the transmission terminal 120. This initialization vector IV is 48 bits, for example, and is incremented every packet and changes every moment.
  • the second phase key mixer 22;! To 223 generates a packet encryption key for each one of consecutive packets transmitted to each receiving terminal.
  • the packet encryption key generated by the second phase key mixer 221 is Key (n—1)
  • the packet encryption key generated by the second phase key mixer 222 is Key (n).
  • the packet encryption keys generated by the second phase key mixer 223 are represented by Key (n + 1), respectively.
  • Key (n) is a packet encryption key corresponding to the currently transmitted packet
  • Key (n-l) is a packet signature key corresponding to the packet transmitted before Key (n)
  • Key (n n + 1) is a packet encryption key corresponding to a packet transmitted after Key (n).
  • Key (n-l), Key (n), and Key (n + 1) function as a continuous sign key generated for a plurality of consecutive packets, for example, three consecutive packets.
  • Each of Key (n ⁇ 1), Key (n), and Key (n + 1) is the above-described WEP key.
  • the generation unit configured by the first phase key mixer 210 and the second phase key mixer 22;! To 223 is transmitted to a plurality of radio receiving terminals by multicast. It functions as a generator that generates a packet encryption key for each packet.
  • the packet number key holding unit 220 serving as a holding unit receives the packet encryption key generated by the second phase key mixer 22;! To 223 of the continuous packet transmitted to each receiving terminal. It is stored as a continuous encryption key corresponding to each. That is, the packet encryption key holding unit 220 converts the packet encryption key generated by the second phase key mixer 22;! It is stored as a common continuous encryption key that is used while updating every packet with the Yust Group. As a result, the packet encryption key holding unit 220 supports the packet encryption key corresponding to the currently transmitted packet, the packet key corresponding to the previously transmitted packet, and the packet transmitted thereafter. Packet encryption key to be stored.
  • the packet number key has a multicast address common to the multicast group, not the terminal MAC address and information unique to the receiving terminal such as TA, the menno of the same multicast group, In this case, the receiving terminals 130 to 180 can use the same packet encryption key.
  • MIC section 230 checks the integrity of the communication data by detecting tampering of the communication data carried in the packet. More specifically, the MIC unit 230 is a packet source address SA (Source Address), a packet destination address DA (Destination Address), and unencrypted raw data using the MIC key. Priority plaintext MSDU (MA C Service Data Unit) Data integrity check. The MIC unit 230 outputs the MSDU data after the inspection to the fragment unit 240.
  • SA Source Address
  • DA Destination Address
  • Priority plaintext MSDU MA C Service Data Unit
  • the fragment unit 240 converts the MSDU data input from the MIC unit 230 into MPDU (MAC Protocol Data Unit) data that is a MAC frame.
  • the fragment unit 240 outputs the converted MPDU data to the No. 2 encapsulation unit 250.
  • MPDU MAC Protocol Data Unit
  • the ⁇ number encapsulation unit 250 encrypts and encapsulates the MPDU data input from the fragment unit 240 using the packet number key held by the packet number key holding unit 220. That is, the ⁇ encapsulation unit 250 encrypts the MPDU data itself with the packet ⁇ key and generates a packet with a new header added thereto.
  • the cryptographic encapsulation unit 250 multicasts the generated packet to the receiving terminals 130 to 180 that are members of the multicast group.
  • the ⁇ encapsulating unit 250 is used for each packet. Packets can be continuously encrypted using different packet encryption keys. For example, the encryption encapsulating unit 250 encrypts these three packets when encrypting three consecutive packets. The packet is continuously encrypted in the order of Key (n-l), Key (n), and Key (n + 1). For example, assuming that Key (n) is the packet encryption key for encrypting the currently transmitted packet, Key (n—1) encrypts the packet transmitted before Key (n). Key (n + 1) is a packet encryption key for encrypting packets transmitted after Key (n).
  • the ⁇ encapsulation unit 250 encrypts the MPDU data using RC4, which is an encryption algorithm used in the ⁇ method with the same ⁇ key and decryption key. Therefore, in order for the receiving terminals 130 to 180 that are members of the multicast group to participate in multicast communication, it is necessary to share the packet encryption key held in the packet encryption key holding unit 220.
  • the packet encryption key distribution unit 260 as the distribution unit is held in the packet encryption key holding unit 220! /, And any one of the packet numbers is received by the receiving terminals 130-180 that are members of the multicast group. Deliver to either. Thereby, the packet encryption key is shared between the transmitting terminal 120 and the receiving terminals 130 to 180.
  • the packet encryption key distribution unit 260 distributes the packet encryption key independently of the packet transmitted by multicast.
  • the packet number key distributing unit 260 upon receiving a packet encryption key distribution request from any of the receiving terminals 130 to 180 that are members of the multicast group, the packet number key distributing unit 260 sends the request to the receiving terminal. , Deliver the packet encryption key. At this time, the packet encryption key distribution unit 260 distributes the packet encryption key requested by the packet encryption key distribution request together with the packet encryption key and the packet encryption key continuous. For example, if the packet encryption key requested by the packet encryption key distribution request is Key (n), the packet encryption key distribution unit 260, together with Key (n), Key (n-l), Key (n + 1) Is distributed to the receiving terminal that is the transmission source of the packet number key distribution request.
  • the packet encryption key distribution unit 260 can also provide means for detecting a receiving terminal that failed to acquire the packet encryption key in the packet encryption key distribution unit 260.
  • the bucket number key distribution unit 260 is unable to acquire the packet encryption key for the receiving terminal that has failed to acquire the packet encryption key, the packet encryption key, and the continuous packet encryption key.
  • Deliver [0048] since the packet encryption key is individually distributed to the receiving terminal that requests acquisition of the packet encryption key, that is, the receiving terminal that enters or returns to multicast communication or broadcast communication, each receiving terminal It is possible to smoothly follow up on communication and return to multicast communication that was disconnected on the way.
  • each receiving terminal since not only the required packet encryption key but also the packet encryption keys used before and after the update are delivered together, each receiving terminal has a reliable connection to the once-connected multicast communication. Can be maintained.
  • the number of packet encryption keys distributed collectively by the packet encryption key distribution unit 260 can be arbitrarily set. For example, when there are five or more second phase key mixers, the packet number key distribution unit 260 can collectively distribute packet encryption keys corresponding to five consecutive packets. Maintaining communication can be ensured by increasing the margin of packet encryption key distribution.
  • the packet number key distributing unit 260 When receiving a packet encryption key distribution request from one of the receiving terminals that are members of the multicast group, the packet number key distributing unit 260 distributes the packet number key to the receiving terminal. At this time, the packet encryption key distribution unit 260 distributes the packet encryption key requested by the packet encryption key distribution request together with the packet encryption key continuous with the packet encryption key. For example, when the packet encryption key distribution unit 260 has the packet encryption key strength e y (n) requested by the packet encryption key distribution request, the key encryption key e y (n), Ke y (n ⁇ l), Key (n + 1) is delivered to the receiving terminal that sent the packet encryption key delivery request.
  • the receiving terminal can smoothly follow up on multicast communication and return to multicast communication disconnected on the way.
  • a receiving terminal 160 connected to the network after a multicast communication session is established, a receiving terminal 170 that has moved from outside the multicast communication area, and a multicast terminal.
  • Receiving terminal 180 that has been disconnected because it is located at the boundary of the communication area of multicast communication receives exceptional packet signature key distribution by sending a packet encryption key distribution request. Can do.
  • the receiving terminals 160, 170, and 180 can follow-up V, enter or return to multicast communication using the packet encryption key distributed from the packet signal key distribution unit 260.
  • the receiving terminal can maintain the connection to the multicast communication once connected with high reliability. For example, a receiving terminal that has transmitted a packet encryption key distribution request for Key (n), together with Key (n), Key (n—1), Key (n + 1) used before and after updating Key (n) ) Can be obtained. As a result, even if the packet encryption key is updated shortly after sending the packet encryption key distribution request, the receiving terminal uses the Key (n + 1) distributed with the Key (n), Connection to multicast communication can be maintained. In addition, since the receiving terminal can decrypt the previously transmitted packet by using Key (n-1), it is possible to reproduce data with higher accuracy.
  • transmitting terminal 120 generates and holds a plurality of packet encryption keys for consecutive packets transmitted to a plurality of receiving terminals in advance. These packet encryption keys are distributed to multiple receiving terminals. That is, a server for generating the encryption key or an equivalent replacement means is prepared, and the current key is notified by a separate means in response to the request. As a result, even if each receiving terminal cannot acquire a packet encryption key on the way for some reason, it can smoothly follow up on multicast communication and return to multicast communication that was cut off on the way. Can do.
  • transmitting terminal 120 distributes a plurality of packet encryption keys for consecutive packets in a lump.
  • each receiving terminal can maintain the participation in the multicast communication once connected with high reliability.
  • each receiving terminal can decode a previously transmitted packet, and can reproduce data with higher accuracy.
  • the first phase key mixer 210 has been described as calculating and updating a new spare key every N packets, but the present invention is not limited to this.
  • the first The phase key mixer 210 may calculate and update a new spare key every M packets (M is an arbitrary integer different from N) determined for each system. In doing so, the first phase key mixer 210 can calculate and update a new reserve key according to a certain cycle based on a random number.
  • the backup key may be updated by irregular and ruled means. Encrypted communication with higher security strength can be realized by refreshing the packet encryption key by using such update of the spare key.
  • the force S in which the packet encryption key distribution mechanism (encryption key distribution device) is provided inside the transmission terminal 120 is not limited to this.
  • the encryption key distribution device may be provided in the multicast communication system as a device unit separate from the transmission terminal 120.
  • the present embodiment is applied to multicast communication
  • the same effect as that in the case of multicast communication can be realized even when applied to broadcast communication. Further, it may be applied to unicast communication. Moreover, the effect may be improved by combining them.
  • the encryption key distribution device and the encryption key distribution method according to the present invention have an effect of performing reliable and flexible communication while maintaining security strength, and in multicast communication or broadcast communication. It is useful as the encryption key distribution device and encryption key distribution method used.

Abstract

It is possible to provide an encryption key delivery device and an encryption key delivery method capable of maintaining security intensity and performing reliable and flexible communication. A generation unit formed by a fist phase key mixer (210) and second phase key mixers (221-223) generates a packet encryption key for each of packets to be transmitted to a plurality of radio reception terminals by multicast or broadcast so as to encrypt the packet. A packet encryption key holding unit (220) holds a plurality of packet encryption keys generated by the generation unit for a plurality of continuous packets. A packet encryption key delivery unit (260) delivers any one of the packet encryption keys held by the packet encryption key holding unit (220) to one of the radio reception terminals independently of the packet transmitted by multicast or broadcast.

Description

明 細 書  Specification
暗号鍵配信装置および暗号鍵配信方法  Encryption key distribution apparatus and encryption key distribution method
技術分野  Technical field
[0001] 本発明は、マルチキャスト通信またはブロードキャスト通信において使用される喑号 鍵配信装置および暗号鍵配信方法に関する。  TECHNICAL FIELD [0001] The present invention relates to a secret key distribution apparatus and encryption key distribution method used in multicast communication or broadcast communication.
背景技術  Background art
[0002] 従来の IP (Internet Protocol)ネットワークにおいて、その利便性を活用するために 、無線 LAN (Wireless Local Area Network)に代表される無線化の作業が進んでい る。また、屋外の広範囲の通信においても、無線通信の高速化および IP化が進んで いる。特に、無線を使用した IPネットワークにおいて、その高速移動性と利便性とに 注目した様々な方式が検討されており、通信速度の高速化と相まって、ュビキタスネ ットワークの実現が進んでいる。さらに、今後、何百または何千という多くのユーザが 同一のデータを共有し、通信するブロードキャストやマルチキャストによる通信がます ます増加するものと予想される(非特許文献 1参照)。  In order to utilize the convenience of a conventional IP (Internet Protocol) network, wireless work represented by wireless LAN (Wireless Local Area Network) is progressing. In addition, wireless communications are becoming faster and more IP-oriented in a wide range of outdoor communications. In particular, in the IP network using wireless, various methods focusing on high-speed mobility and convenience are being studied, and the realization of the ubiquitous network is progressing along with the increase in communication speed. Furthermore, in the future, it is expected that hundreds or thousands of users will share the same data, and more and more broadcast and multicast communications will increase (see Non-Patent Document 1).
[0003] 無線通信においては、データの内容が第三者に傍受、盗用されるおそれがあり、そ の可能性は、通信エリアが屋外でかつ広範囲になるほど、または通信機器が一般的 になるほど大きくなる。そのため、無線 LANでは、 WEP (Wired Equivalent Privacy) と呼ばれる固定の暗号鍵を運用して無線通信におけるデータを暗号化する手法がと られてきた。しかし、現在の信号処理装置の高速化はこの暗号の解析を容易にし、初 期の 40ビット単位の喑号から 128ビット単位の喑号、さらには 256ビット単位での喑 号というようにその暗号化の複雑さが進んでいる。すなわち、データの秘匿性を追求 するがために、どうしても長い、ある意味無限になるような長さの暗号鍵が求められる ようになつている。  [0003] In wireless communication, there is a risk that the contents of data may be intercepted and stolen by a third party, and the possibility increases as the communication area is outdoors and widespread, or as communication equipment becomes more common. Become. For this reason, wireless LANs use a fixed encryption key called WEP (Wired Equivalent Privacy) to encrypt data in wireless communications. However, the speed-up of the current signal processing equipment makes it easier to analyze this cipher. The cipher is changed from the initial 40-bit unit code to the 128-bit unit code and further to the 256-bit unit code. The complexity of computerization is progressing. In other words, in order to pursue the confidentiality of data, encryption keys that are inevitably long and infinitely long have been required.
[0004] このような WEPの脆弱性に対策するため、 TKIP (Temporal Key Integrity Protocol )などの強化版暗号化方式が提案および実用化されている。この方式では、一時鍵と 呼ばれる暗号鍵を定期的に更新し、その更新サイクルが短いほどセキュリティを向上 させること力 Sできる。 TKIPによる暗号化を用いたマルチキャスト通信システムについ て、図 3および図 4を用いて説明する。 [0004] In order to cope with such WEP vulnerabilities, strong encryption schemes such as TKIP (Temporal Key Integrity Protocol) have been proposed and put into practical use. In this method, the encryption key called the temporary key is periodically updated, and the shorter the update cycle, the stronger the security. About multicast communication system using TKIP encryption This will be described with reference to FIGS.
[0005] 図 3は、従来の通信システムの構成の一例を示す図である。図 4は、図 3の通信シス テムの暗号化ブロックおよび通信形態を示す図である。  FIG. 3 is a diagram illustrating an example of a configuration of a conventional communication system. FIG. 4 is a diagram showing an encryption block and a communication form of the communication system of FIG.
[0006] 図 3において、従来の通信は、基本的に 1対 1の通信を想定して行われている。マ ルチ通信を実現するためには、この回線を複数用いる必要があった。この 1対 1の通 信は、サーバ 10またはこれと同等の機能を有する暗号化機器 20と、これらの通信ェ リア内に存在し、かつ通信開始時にネットワークに接続されている無線受信端末 30, 31 , 32との間で行われうる。この通信における通信データは、端末 MAC (Media Acc ess Control)アドレス、 TA (Transmitter Address)などの通信端末の固有情報と、一 時鍵 TK (Temporal Key)と、これらをハッシュ関数(Hash Function)などで長い符号 系列として扱う場合のその初期値を示す初期化べ外ル IV (Initialization Vector)とか ら生成される暗号鍵を用いてカプセル化されて通信される。  In FIG. 3, conventional communication is basically performed assuming one-to-one communication. In order to realize multi-communication, it was necessary to use multiple lines. This one-to-one communication is performed by the server 10 or the encryption device 20 having a function equivalent to the server 10 and the wireless receiving terminals 30 that exist in these communication areas and are connected to the network at the start of communication. Between 31 and 32. Communication data in this communication includes the terminal MAC (Media Access Control) address, TA (Transmitter Address) and other unique information of the communication terminal, the temporary key TK (Temporal Key), and the hash function (Hash Function). The communication is encapsulated using the encryption key generated from the initialization vector IV (Initialization Vector) that indicates the initial value when it is treated as a long code sequence.
[0007] より具体的には、図 4に示すように、フェーズ 1鍵混合器 70が、一時鍵 TK、端末 Μ ACアドレス、 TAおよび初期化ベクトル IVから第 1の喑号鍵を生成する。次いで、フ ヱーズ 2鍵混合器 71が、フェーズ 1鍵混合器 70で生成された第 1の暗号鍵および初 期化ベクトル IVから、パケットごとに第 2の暗号鍵を生成する。そして、暗号カプセル 化部 72が、フェーズ 2鍵混合器 71で生成された第 2の暗号鍵を用いて、通信データ であるパケットの暗号化とカプセル化とを行って、無線受信端末 30〜32との間で個 別に通信する。ここで、初期化ベクトル IVは、パケットごとにインクリメントされて時々 刻々と変化するので、各無線受信端末との間の通信に用いる第 2の暗号鍵を動的に 変化させること力 Sできる。なお、 IPSec (IP Security)もこれと同様の思想であり、さらに 高度な暗号を使用して暗号化を行っている。  More specifically, as shown in FIG. 4, phase 1 key mixer 70 generates a first key number from temporary key TK, terminal Μ AC address, TA, and initialization vector IV. Next, the phase 2 key mixer 71 generates a second encryption key for each packet from the first encryption key generated by the phase 1 key mixer 70 and the initialization vector IV. Then, using the second encryption key generated by the phase 2 key mixer 71, the encryption encapsulation unit 72 encrypts and encapsulates the packet that is the communication data, and the wireless receiving terminals 30 to 32 Communicate with each other individually. Here, since the initialization vector IV is incremented for each packet and changes every moment, it is possible to dynamically change the second encryption key used for communication with each wireless receiving terminal. Note that IPSec (IP Security) has the same concept and uses more advanced encryption.
非特許文献 1:ワイヤレスュビキタス(秀和システム)  Non-Patent Document 1: Wireless Ubiquitous (Hidewa System)
発明の開示  Disclosure of the invention
発明が解決しょうとする課題  Problems to be solved by the invention
[0008] しかしながら、従来の通信技術にあっては、暗号鍵を生成するための要素として無 線受信端末の端末 MACアドレス、 TAが使用されるので、各無線受信端末に対して 個別に暗号化したストリームを生成する必要があるという問題がある。また、固定の IP 間で暗号化トンネリングを実現する IPSecも、各無線受信端末との間の個別通信を 前提としたセキュリティであり、同様の問題を有する。すなわち、従来の暗号化技術は 、複数の相手を指定して同一のデータを送信するグループ通信やマルチキャスト通 信などには適してレ、なかった。 However, in the conventional communication technology, since the terminal MAC address and TA of the radio receiving terminal are used as elements for generating the encryption key, encryption is individually performed for each radio receiving terminal. There is a problem that it is necessary to generate a stream. Also, fixed IP IPSec, which realizes encrypted tunneling between them, is a security that assumes individual communication with each wireless receiving terminal, and has the same problems. That is, the conventional encryption technology is not suitable for group communication or multicast communication in which the same data is transmitted by designating a plurality of parties.
[0009] また、複数の通信端末に対して同じ暗号鍵を使って通信を実現した場合、上記のよ うに暗号鍵は適宜更新されうるので、初期の暗号鍵を取得することなく通信開始後に ネットワークに接続した無線受信端末 (例えば、図 3の無線受信端末 40および無線 受信端末 50)は、グループに対して暗号化されたマルチキャスト通信への後追い参 入が困難であるという問題がある。同様に、通信途中にある障害により一時的に通信 が切断されて途中の暗号鍵を取得できずにネットワークに接続し直した無線受信端 末 (例えば、図 3の無線受信端末 60)は、グループに対して暗号化されたマルチキヤ スト通信への復帰が困難であるとレ、う問題がある。マルチキャスト通信への後追!/、参 入および復帰が困難になるというこの問題は、マルチキャスト通信のセキュリティが高 くなるほど大きくなる。 [0009] In addition, when communication is performed using the same encryption key for a plurality of communication terminals, the encryption key can be appropriately updated as described above. Therefore, the network can be used after communication is started without obtaining an initial encryption key. There is a problem that the wireless receiving terminals (for example, the wireless receiving terminal 40 and the wireless receiving terminal 50 in FIG. 3) connected to the network are difficult to follow-up to the multicast communication encrypted for the group. Similarly, a wireless reception terminal (for example, wireless reception terminal 60 in FIG. 3) that has been temporarily disconnected due to a failure during communication and has not been able to acquire an intermediate encryption key and has reconnected to the network (for example, wireless reception terminal 60 in FIG. 3) However, there is a problem that it is difficult to return to the encrypted multi-cast communication. The problem of subsequent follow-up / participation and return to multicast communication becomes more difficult as the security of multicast communication increases.
[0010] このように、従来のマルチキャスト通信技術にあっては、常時接続の有線ネットヮー クと異なり、無線通信を活用した際に起こる様々な変動要因への対応が考慮されて いない。勿論、前述のように通信内容をそれぞれの端末独自に暗号化することも可 能であるが、暗号化処理および復号化処理が通信の遅延を助長し、少なくとも高速 な無線通信のプロトコルには対応しなくなってしまう可能性が高い。  [0010] As described above, in the conventional multicast communication technology, unlike the always-connected wired network, it is not considered to deal with various fluctuation factors that occur when wireless communication is used. Of course, as described above, it is possible to encrypt the communication contents independently for each terminal, but the encryption process and the decryption process facilitate communication delays and support at least high-speed wireless communication protocols. There is a high possibility that it will not.
[0011] 本発明は、力、かる点に鑑みてなされたものであり、セキュリティ強度を維持しつつ、 確実で柔軟性に富んだ通信を行うことができる暗号鍵配信装置および暗号鍵配信 方法を提供することを目的とする。  [0011] The present invention has been made in view of strength and strength, and provides an encryption key distribution device and an encryption key distribution method capable of performing reliable and flexible communication while maintaining security strength. The purpose is to provide.
課題を解決するための手段  Means for solving the problem
[0012] 本発明の暗号鍵配信装置は、マルチキャストまたはブロードキャストにより複数の無 線受信端末に対して送信されるパケットを暗号化するための暗号鍵を最小 1パケット ごとに生成可能な生成部と、複数の連続するパケットに対して前記生成部により生成 される複数の暗号鍵を保持する保持部と、前記複数の無線受信端末の!/、ずれかに 対して、前記保持部により保持されるいずれかの暗号鍵を、マルチキャストまたはブ ロードキャストにより送信されるパケットとは独立して配信する配信部と、を具備する構 成を採る。 [0012] The encryption key distribution device of the present invention includes a generation unit capable of generating an encryption key for encrypting a packet transmitted to a plurality of radio reception terminals by multicast or broadcast for each minimum packet, A holding unit that holds a plurality of encryption keys generated by the generation unit for a plurality of consecutive packets, and any of the holding units held by the holding unit with respect to! / Some encryption keys are multicast or It adopts a configuration comprising a distribution unit that distributes independently of packets transmitted by loadcast.
[0013] 本発明の暗号鍵配信方法は、マルチキャストまたはブロードキャストにより複数の無 線受信端末に対して送信されるパケットを暗号化するための暗号鍵を最小 1パケット ごとに生成可能な生成ステップと、複数の連続するパケットに対して生成される複数 の暗号鍵を保持する保持ステップと、前記複数の無線受信端末の!/、ずれかに対して 、前記複数の喑号鍵のうちのいずれかの喑号鍵を、マルチキャストまたはブロードキ ャストにより送信されるパケットとは独立して配信する配信ステップと、を有する。  [0013] The encryption key distribution method of the present invention includes a generation step capable of generating an encryption key for encrypting a packet transmitted to a plurality of radio receiving terminals by multicast or broadcast for each minimum packet, A holding step for holding a plurality of encryption keys generated for a plurality of consecutive packets, and any one of the plurality of key codes for! /, Misalignment of the plurality of wireless receiving terminals And a distribution step of distributing the key number independently of a packet transmitted by multicast or broadcast.
発明の効果  The invention's effect
[0014] 本発明によれば、連続するパケットに対する複数のパケット暗号鍵を予め生成して 保持し複数の受信端末に配信することにより、セキュリティ強度を維持しつつ、確実 で柔軟性に富んだ通信を行うことができる。  [0014] According to the present invention, a plurality of packet encryption keys for consecutive packets are generated in advance, held, and distributed to a plurality of receiving terminals, so that reliable and flexible communication is maintained while maintaining security strength. It can be performed.
図面の簡単な説明  Brief Description of Drawings
[0015] [図 1]本発明の一実施の形態に係るマルチキャスト通信システムの構成の一例を示 す図  FIG. 1 is a diagram showing an example of the configuration of a multicast communication system according to an embodiment of the present invention.
[図 2]図 1のマルチキャスト通信システムの暗号化ブロックおよび通信形態を示す図 FIG. 2 is a diagram showing encryption blocks and communication forms of the multicast communication system of FIG.
[図 3]従来の通信システムの構成の一例を示す図 FIG. 3 is a diagram showing an example of the configuration of a conventional communication system
[図 4]図 3の通信システムの暗号化ブロックおよび通信形態を示す図  FIG. 4 is a diagram showing an encryption block and a communication form of the communication system of FIG.
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0016] 以下、本発明の一実施の形態について、図面を参照して詳細に説明する。 Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings.
[0017] 図 1は、本発明の一実施の形態に係るマルチキャスト通信システムの構成の一例を 示す図である。 FIG. 1 is a diagram showing an example of a configuration of a multicast communication system according to an embodiment of the present invention.
[0018] 図 1において、マルチキャスト通信システム 100は、サーバ 110と、無線送信端末( 以下単に「送信端末」と!/、う) 120と、 6つの無線受信端末(以下単に「受信端末」と!/ヽ う) 130, 140, 150, 160, 170, 180とを備える。便宜上、データの主な酉己信元を送 信端末、受信先を受信端末としているが、基本的には相互に位置は変更可能とする  In FIG. 1, a multicast communication system 100 includes a server 110, a wireless transmission terminal (hereinafter simply referred to as “transmission terminal” !!), six wireless reception terminals (hereinafter simply referred to as “reception terminal” and! 130, 140, 150, 160, 170, 180. For convenience, the main source of data is the sending terminal and the receiving destination is the receiving terminal.
[0019] 受信端末 130〜; 180は、マルチキャスト通信における同一のマルチキャストグルー プに登録されている。したがって、受信端末 130〜; 180は、共通のマルチキャストアド レスが設定され、または共通のグループ鍵を保持して!/、る。 [0019] Receiving terminals 130 to 180 are the same multicast group in multicast communication. Registered in the group. Therefore, the receiving terminals 130 to 180 have a common multicast address set or hold a common group key! /.
[0020] 送信端末 120および受信端末 130〜; 180は、パケット暗号鍵を用いてパケット全体 を暗号化し、それに新しいヘッダを付カロ(カプセル化)して伝送する VPN (Virtual Pri vate Network)装置として機能する。  [0020] The sending terminal 120 and the receiving terminals 130 to 180 are VPN (Virtual Private Network) devices that encrypt the entire packet using a packet encryption key and add a new header to the packet and encapsulate it for transmission. Function.
[0021] サーバ 110は、例えば映像や音声などの各種のデータを蓄積して管理する。サー バ 110は、自身が管理するデータを、クライアントコンピュータである送信端末 120お よびその他の端末に対して、インターネットなどのネットワークを通じて提供する。サ ーバ 110が蓄積および管理するデータには、例えば、各マルチキャストグループとの 間で使用される一時鍵 TKなどの鍵、およびユーザ IDや各マルチキャストグループに ついて設定されるグループ IDなどの IDが含まれる。  The server 110 stores and manages various data such as video and audio. The server 110 provides data managed by the server 110 to the transmission terminal 120 and other terminals, which are client computers, through a network such as the Internet. The data stored and managed by the server 110 includes, for example, a key such as a temporary key TK used between each multicast group and an ID such as a user ID and a group ID set for each multicast group. included.
[0022] 喑号鍵配信装置としての送信端末 120は、例えば、アクセスポイント(AP : Access P oint)や基地局(BS : Base Station)などである。送信端末 120は、映像や音声などの データのパケットを、パケット暗号鍵を用いて暗号化して、受信端末 130〜180に対 してマルチキャスト送信する。送信端末 120は、受信端末 130〜; 180に設定されたマ ルチキャストアドレスをパケットの宛先とすることにより、受信端末 130〜; 180からなる マルチキャストグループに対して一斉にパケットを送信することができる。送信端末 1 20から送信されるパケットを構成するデータは、例えば、サーバ 110から提供される 情報または自身が保持して!/、る情報である。  [0022] The transmission terminal 120 as the 喑 key distribution device is, for example, an access point (AP) or a base station (BS). The transmitting terminal 120 encrypts a packet of data such as video and audio using a packet encryption key, and multicasts it to the receiving terminals 130-180. The sending terminal 120 can send packets to the multicast group consisting of the receiving terminals 130 to 180 simultaneously by setting the multicast address set to the receiving terminals 130 to 180 as the packet destination. . The data constituting the packet transmitted from the transmission terminal 120 is, for example, information provided from the server 110 or information held by itself!
[0023] 送信端末 120は、受信端末 130〜; 180に対して送信するパケットを暗号化するた めのパケット暗号鍵を 1パケットごとに生成する。また、送信端末 120は、複数の連続 するパケットに対して生成されたパケット暗号鍵を、複数の連続するパケットに対して 適用される連続暗号鍵として保持する。すなわち、送信端末 120は、任意のパケット に対するパケット暗号鍵とともに、この任意のパケットと連続するパケットに対するパケ ット喑号鍵を保持する。  The transmitting terminal 120 generates a packet encryption key for encrypting a packet to be transmitted to the receiving terminals 130 to 180 for each packet. In addition, the transmission terminal 120 holds the packet encryption key generated for a plurality of consecutive packets as a continuous encryption key applied to the plurality of consecutive packets. That is, the transmission terminal 120 holds a packet encryption key for an arbitrary packet and a packet number key for a packet that is continuous with the arbitrary packet.
[0024] より具体的には、送信端末 120は、現在送信するパケットに対応するパケット暗号 鍵とともに、以前に送信されたパケットに対応するパケット暗号鍵と、以後に送信され るパケットに対応するパケット暗号鍵とを保持する。すなわち、送信端末 120は、現在 使用されるパケット暗号鍵の他に、その更新前または更新後に使用される複数のパ ケット暗号鍵を予め生成しておくのである(前倒し生成)。なお、予め生成されるパケ ット喑号鍵の数は、送信端末 120の能力、または送信端末 120と受信端末 130〜; 18 0との間の取決めなどにより任意に決定されうる。 [0024] More specifically, the transmitting terminal 120 transmits a packet encryption key corresponding to a previously transmitted packet, a packet encryption key corresponding to a previously transmitted packet, and a packet corresponding to a subsequently transmitted packet together with the packet encryption key corresponding to the currently transmitted packet. Holds the encryption key. That is, the transmitting terminal 120 In addition to the packet encryption key to be used, a plurality of packet encryption keys used before or after the update are generated in advance (advanced generation). Note that the number of packet number keys generated in advance can be arbitrarily determined according to the capability of the transmission terminal 120 or an agreement between the transmission terminal 120 and the reception terminals 130 to 180.
[0025] 送信端末 120は、マルチキャストグループのメンバである受信端末から、パケット喑 号鍵を配信する旨の要求(以下「パケット暗号鍵配信要求」とレヽぅ)を受信した場合に 、予め生成されたパケット暗号鍵をその受信端末に配信する。このとき、送信端末 12 0は、パケット暗号鍵配信要求により要求されたパケット暗号鍵とともに、そのパケット 暗号鍵と連続するパケット暗号鍵を一括して配信する。例えば、送信端末 120は、現 在送信するパケットに対応するパケット暗号鍵を配信するとき、以前に送信されたパ ケットに対応するパケット暗号鍵と、以後に送信されるパケットに対応するパケット喑 号鍵とを一括して配信すること力 Sできる。これにより、パケット暗号鍵を配信される受 信端末は、マルチキャスト通信へのスムーズな後追!/、参入または復帰を行うことがで きる。また、配信データを蓄積、保持しておくことで、以前に送信されたパケットを復号 化することができるので、より高精度なデータの再生が可能になる。 [0025] The transmitting terminal 120 is generated in advance when receiving a request to distribute a packet code key (hereinafter referred to as a "packet encryption key distribution request") from a receiving terminal that is a member of a multicast group. Distribute the packet encryption key to the receiving terminal. At this time, the transmitting terminal 120 delivers together the packet encryption key requested by the packet encryption key distribution request and the packet encryption key continuous with the packet encryption key. For example, when the transmitting terminal 120 distributes a packet encryption key corresponding to a currently transmitted packet, the transmitting terminal 120 transmits a packet encryption key corresponding to a previously transmitted packet and a packet number corresponding to a subsequently transmitted packet. The ability to distribute keys in a batch is possible. As a result, the receiving terminal to which the packet encryption key is distributed can smoothly follow-up / enter / return to / from multicast communication. In addition, storing and holding the distribution data allows the previously transmitted packet to be decoded, so that more accurate data can be reproduced.
[0026] 上述した送信端末 120によるパケット暗号鍵の生成、保持および配信、ならびにパ ケット暗号鍵を用いたパケットの送信については、図 2を用いて後に詳細に説明する [0026] Generation, retention and distribution of the packet encryption key by the transmission terminal 120 and transmission of the packet using the packet encryption key will be described in detail later with reference to FIG.
[0027] 受信端末 130〜; 180は、例えば、無線 LANインターフェースを備えるパーソナルコ ンピュータやその周辺機器などである。受信端末 130〜; 180は、送信端末 120から 送信されたパケットを受信する。また、受信端末 130〜; 180は、送信端末 120から配 信されたパケット暗号鍵を用いて、受信されたパケットを復号化する。そして、受信端 末 130〜; 180は、復号化されたパケットを再生する。 [0027] The receiving terminals 130 to 180 are, for example, a personal computer having a wireless LAN interface or its peripheral devices. The receiving terminals 130 to 180 receive the packets transmitted from the transmitting terminal 120. The receiving terminals 130 to 180 use the packet encryption key delivered from the transmitting terminal 120 to decrypt the received packet. The receiving terminals 130 to 180 reproduce the decrypted packet.
[0028] 受信端末 130〜; 180は、復号化を望むパケットに対応するパケット暗号鍵を保持し ていないがためにパケットを復号化することができずマルチキャスト通信に参加するこ とができない場合に、送信端末 120に対して、パケット暗号鍵配信要求を送信する。 このパケット暗号鍵配信要求は、パケット暗号鍵の状態の問い合わせ、つまり現在使 用されるパケット暗号鍵とその事前および事後に使用されるパケット暗号鍵とに関す る情報の問い合わせである。パケット暗号鍵配信要求が必要となる状況としては、例 えば、初期のパケット暗号鍵を取得することなく通信開始後にネットワークに接続した 場合(後追い参入)、または一時的に通信が切断された後にネットワークに接続し直 した場合 (復帰)などが考えられる。 [0028] The receiving terminals 130 to 180 do not hold the packet encryption key corresponding to the packet that is desired to be decrypted, and therefore cannot decrypt the packet and cannot participate in multicast communication. The packet encryption key distribution request is transmitted to the transmission terminal 120. This packet encryption key distribution request is an inquiry about the state of the packet encryption key, that is, the packet encryption key currently used and the packet encryption key used before and after it. Information inquiry. The packet encryption key distribution request is required when, for example, the network is connected after the start of communication without acquiring the initial packet encryption key (follow-up entry), or after the communication is temporarily disconnected. It may be possible to reconnect to (return).
[0029] 次に、上記送信端末 120の機能について、図 2を用いてさらに詳細に説明する。 [0029] Next, the function of the transmission terminal 120 will be described in more detail with reference to FIG.
[0030] 図 2は、図 1のマルチキャスト通信システム 100の暗号化ブロックおよび通信形態を 示す図である。ここでは、図 2に示す暗号化ブロックが送信端末 120内部の機能ブロ
Figure imgf000009_0001
FIG. 2 is a diagram showing an encryption block and a communication form of the multicast communication system 100 of FIG. Here, the encryption block shown in FIG.
Figure imgf000009_0001
[0031] 図 2において、暗号化ブロックは、第 1のフェーズ鍵混合器 210と、パケット暗号鍵 保持部 220と、メッセージ完全性検査(MIC : Message Integrity Check)部 230と、フ ラグメント部 240と、喑号カプセル化部 250と、パケット喑号鍵配信部 260とを備える。  In FIG. 2, the encryption block includes a first phase key mixer 210, a packet encryption key holding unit 220, a message integrity check (MIC) unit 230, and a fragment unit 240. , A 喑 number encapsulation unit 250 and a packet 喑 number key distribution unit 260 are provided.
[0032] パケット暗号鍵保持部 220は、複数の第 2のフェーズ鍵混合器、ここでは 3つの第 2 のフェーズ鍵混合器 221 , 222, 223を備える。  [0032] The packet encryption key holding unit 220 includes a plurality of second phase key mixers, here, three second phase key mixers 221, 222, 223.
[0033] 第 1の生成部としての第 1のフェーズ鍵混合器 210は、一時鍵 TKと、マルチキャス トアドレスまたはグループ鍵(Group Key)と、初期化ベクトル IVとから、パケット喑号 鍵の要素となる鍵 (以下「予備鍵」という)を生成する。第 1のフェーズ鍵混合器 210は 、この予備鍵を Nパケット (Nは、任意の整数)に 1回生成する。すなわち、第 1のフエ ーズ鍵混合器 210は、 Nパケットごとに新たな予備鍵を生成することにより予備鍵を 更新する。第 1のフェーズ鍵混合器 210は、生成された予備鍵を、パケット暗号鍵保 持部 220の第 2のフェーズ鍵混合器 22;!〜 223のそれぞれに出力する。  [0033] The first phase key mixer 210 as the first generation unit uses the temporary key TK, the multicast address or group key (Group Key), and the initialization vector IV to generate the packet number key. An element key (hereinafter referred to as “reserve key”) is generated. The first phase key mixer 210 generates this spare key once in N packets (N is an arbitrary integer). That is, the first phase key mixer 210 updates the spare key by generating a new spare key every N packets. The first phase key mixer 210 outputs the generated spare key to each of the second phase key mixers 22;! To 223 of the packet encryption key holding unit 220.
[0034] 一時鍵 TKは、送信端末 120と受信端末 130〜; 180との間で共有され、ハッシュ関 数などによって生成される長い (例えば 128ビット)鍵である。各受信端末は、様々な 方法、例えば ΙΕΕΕ802· 1χによる鍵配送によりこの一時鍵 TKを入手することができ る。また、初期化ベクトル IVは、一時鍵 TKから一定のルールに従って切出される初 期値を示すものであり、送信端末 120で自動生成される。この初期化ベクトル IVは、 例えば 48ビットであり、パケットごとにインクリメントされて時々刻々と変化する。  [0034] The temporary key TK is a long (for example, 128 bits) key that is shared between the transmitting terminal 120 and the receiving terminals 130 to 180 and generated by a hash function or the like. Each receiving terminal can obtain the temporary key TK by various methods, for example, key distribution by ΙΕΕΕ802.1χ. The initialization vector IV indicates an initial value extracted from the temporary key TK according to a certain rule, and is automatically generated by the transmission terminal 120. This initialization vector IV is 48 bits, for example, and is incremented every packet and changes every moment.
[0035] 第 2の生成部としての第 2のフェーズ鍵混合器 22;!〜 223は、それぞれ、第 1のフエ ーズ鍵混合器 210から入力される予備鍵と、初期化ベクトル IVとからパケット暗号鍵 を生成する。第 2のフェーズ鍵混合器 22;!〜 223は、各受信端末に対して送信される 連続するパケットのうちの 1パケットごとに、パケット暗号鍵を生成する。ここでは、第 2 のフェーズ鍵混合器 221で生成されるパケット暗号鍵を Key (n—1)で、第 2のフエ一 ズ鍵混合器 222で生成されるパケット暗号鍵を Key (n)で、第 2のフェーズ鍵混合器 223で生成されるパケット暗号鍵を Key (n+ 1)でそれぞれ表すことにする。すなわち 、 Key (n)は現在送信するパケットに対応するパケット暗号鍵であり、 Key (n- l)は Key (n)の前に送信されたパケットに対応するパケット喑号鍵であり、 Key (n+ 1)は Key (n)の後に送信されるパケットに対応するパケット暗号鍵である。 Key (n- l) , K ey (n) , Key (n+ 1)は、複数の連続するパケット、例えば 3つの連続するパケットに 対して生成される連続喑号鍵として機能する。なお、 Key (n—1) , Key (n) , Key (n + 1)のそれぞれは、いわば上述した WEP鍵である。 [0035] The second phase key mixer 22;! To 223 as the second generation unit respectively includes a spare key input from the first phase key mixer 210 and the initialization vector IV. Packet encryption key Is generated. The second phase key mixer 22;! To 223 generates a packet encryption key for each one of consecutive packets transmitted to each receiving terminal. Here, the packet encryption key generated by the second phase key mixer 221 is Key (n—1), and the packet encryption key generated by the second phase key mixer 222 is Key (n). The packet encryption keys generated by the second phase key mixer 223 are represented by Key (n + 1), respectively. That is, Key (n) is a packet encryption key corresponding to the currently transmitted packet, Key (n-l) is a packet signature key corresponding to the packet transmitted before Key (n), and Key (n n + 1) is a packet encryption key corresponding to a packet transmitted after Key (n). Key (n-l), Key (n), and Key (n + 1) function as a continuous sign key generated for a plurality of consecutive packets, for example, three consecutive packets. Each of Key (n−1), Key (n), and Key (n + 1) is the above-described WEP key.
[0036] このように、第 1のフェーズ鍵混合器 210と、第 2のフェーズ鍵混合器 22;!〜 223と により構成される生成部は、マルチキャストにより複数の無線受信端末に対して送信 されるパケットを暗号化するためのパケット暗号鍵を 1パケットごとに生成する生成部 としての機能を有する。 [0036] As described above, the generation unit configured by the first phase key mixer 210 and the second phase key mixer 22;! To 223 is transmitted to a plurality of radio receiving terminals by multicast. It functions as a generator that generates a packet encryption key for each packet.
[0037] 初期化ベクトル IVは 1パケットごとに時々刻々と変化するので、 Key (n— 1) , Key ( n) , Key (n+ 1)は、互いに異なるパケット暗号鍵となる。また、上記のように、第 1の フェーズ鍵混合器 210から入力される予備鍵は Nパケットごとに更新されるので、この 更新に伴ってパケット暗号鍵が定期的にリフレッシュされる。このように、初期化べタト ル IVの変化と、予備鍵の更新との双方を組み合わせることによって、第 1のフェーズ 鍵混合器 210と第 2のフェーズ鍵混合器 22;!〜 223とにより生成されるパケット暗号 鍵の暗号化のプロセスを強化することができる。すなわち、 1パケットごとに使用される パケット暗号鍵の不規則性を高めることにより、暗号化通信の安全性を向上させるこ と力 Sできる。  Since the initialization vector IV changes from moment to moment for each packet, Key (n−1), Key (n), and Key (n + 1) are different packet encryption keys. Further, as described above, the spare key input from the first phase key mixer 210 is updated every N packets, and the packet encryption key is periodically refreshed along with this update. In this way, the first phase key mixer 210 and the second phase key mixer 22;! To 223 are generated by combining both the change of the initialization vector IV and the update of the reserve key. Packet encryption key encryption process can be strengthened. In other words, it is possible to improve the security of encrypted communication by increasing the irregularity of the packet encryption key used for each packet.
[0038] 保持部としてのパケット喑号鍵保持部 220は、第 2のフェーズ鍵混合器 22;!〜 223 で生成されるパケット暗号鍵を、各受信端末に対して送信される連続するパケットの それぞれに対応する連続暗号鍵として保持する。すなわち、パケット暗号鍵保持部 2 20は、第 2のフェーズ鍵混合器 22;!〜 223で生成されるパケット暗号鍵を、マルチキ ヤストグループとの間で 1パケットごとに更新されつつ使用される共通の連続暗号鍵と して保持するのである。これにより、パケット暗号鍵保持部 220は、現在送信されるパ ケットに対応するパケット暗号鍵とともに、以前に送信されたパケットに対応するパケ ット喑号鍵と、以後に送信されるパケットに対応するパケット暗号鍵とを保持すること ができる。 [0038] The packet number key holding unit 220 serving as a holding unit receives the packet encryption key generated by the second phase key mixer 22;! To 223 of the continuous packet transmitted to each receiving terminal. It is stored as a continuous encryption key corresponding to each. That is, the packet encryption key holding unit 220 converts the packet encryption key generated by the second phase key mixer 22;! It is stored as a common continuous encryption key that is used while updating every packet with the Yust Group. As a result, the packet encryption key holding unit 220 supports the packet encryption key corresponding to the currently transmitted packet, the packet key corresponding to the previously transmitted packet, and the packet transmitted thereafter. Packet encryption key to be stored.
[0039] ここで、パケット喑号鍵は、端末 MACアドレス、 TAのような受信端末に固有な情報 ではなぐマルチキャストグループに共通なマルチキャストアドレスを要素としているの で、同一のマルチキャストグループのメンノ 、ここでは受信端末 130〜; 180は、同一 のパケット暗号鍵を使用することができる。  [0039] Here, since the packet number key has a multicast address common to the multicast group, not the terminal MAC address and information unique to the receiving terminal such as TA, the menno of the same multicast group, In this case, the receiving terminals 130 to 180 can use the same packet encryption key.
[0040] MIC部 230は、パケットに載せられる通信データの改竄を検出することにより、その 通信データの完全性を検査する。より具体的には、 MIC部 230は、 MIC鍵を用いて 、パケットの送信元アドレス SA (Source Address)、パケットの宛先アドレス DA (Destin ation Address)、および暗号化されていない生のデータである優先平文 MSDU (MA C Service Data Unit)データの完全性を検査する。 MIC部 230は、検査後の MSDU データを、フラグメント部 240に出力する。  [0040] MIC section 230 checks the integrity of the communication data by detecting tampering of the communication data carried in the packet. More specifically, the MIC unit 230 is a packet source address SA (Source Address), a packet destination address DA (Destination Address), and unencrypted raw data using the MIC key. Priority plaintext MSDU (MA C Service Data Unit) Data integrity check. The MIC unit 230 outputs the MSDU data after the inspection to the fragment unit 240.
[0041] フラグメント部 240は、 MIC部 230から入力される MSDUデータを、 MACフレーム である MPDU (MAC Protocol Data Unit)データに変換する。フラグメント部 240は、 変換後の MPDUデータを、喑号カプセル化部 250に出力する。  The fragment unit 240 converts the MSDU data input from the MIC unit 230 into MPDU (MAC Protocol Data Unit) data that is a MAC frame. The fragment unit 240 outputs the converted MPDU data to the No. 2 encapsulation unit 250.
[0042] 喑号カプセル化部 250は、パケット喑号鍵保持部 220で保持されるパケット喑号鍵 を用いて、フラグメント部 240から入力される MPDUデータを暗号化およびカプセル 化する。すなわち、喑号カプセル化部 250は、 MPDUデータ自体をパケット喑号鍵 により暗号化し、それに新しいヘッダを付加したパケットを生成する。暗号カプセル化 部 250は、生成されたパケットを、マルチキャストグループのメンバである受信端末 13 0〜; 180にマルチキャスト送信する。  [0042] The 喑 number encapsulation unit 250 encrypts and encapsulates the MPDU data input from the fragment unit 240 using the packet number key held by the packet number key holding unit 220. That is, the 喑 encapsulation unit 250 encrypts the MPDU data itself with the packet 鍵 key and generates a packet with a new header added thereto. The cryptographic encapsulation unit 250 multicasts the generated packet to the receiving terminals 130 to 180 that are members of the multicast group.
[0043] 上記のように、パケット暗号鍵は、パケット暗号鍵保持部 220で、送信される連続す るパケットの 1パケットごとに保持されるので、喑号カプセル化部 250は、 1パケットごと に異なるパケット暗号鍵を用いて、パケットを連続的に暗号化することができる。暗号 カプセル化部 250は、例えば 3つの連続するパケットを暗号化する場合、これらのパ ケットを、 Key (n- l) , Key (n) , Key (n+ 1)の順序で連続的に暗号化する。例え ば、 Key (n)が現在送信するパケットを暗号化するためのパケット暗号鍵であると仮 定すると、 Key (n— 1)は Key (n)の前に送信されたパケットを暗号化するためのパケ ット喑号鍵であり、 Key (n+ 1)は Key (n)の後に送信されるパケットを暗号化するた めのパケット暗号鍵である。 [0043] As described above, since the packet encryption key is held in the packet encryption key holding unit 220 for each packet of the continuous packets to be transmitted, the 喑 encapsulating unit 250 is used for each packet. Packets can be continuously encrypted using different packet encryption keys. For example, the encryption encapsulating unit 250 encrypts these three packets when encrypting three consecutive packets. The packet is continuously encrypted in the order of Key (n-l), Key (n), and Key (n + 1). For example, assuming that Key (n) is the packet encryption key for encrypting the currently transmitted packet, Key (n—1) encrypts the packet transmitted before Key (n). Key (n + 1) is a packet encryption key for encrypting packets transmitted after Key (n).
[0044] 喑号カプセル化部 250は、 MPDUデータを、喑号鍵と復号鍵とが同一の喑号方式 で使用される暗号化アルゴリズムである RC4等により暗号化する。したがって、マル チキャストグループのメンバである受信端末 130〜; 180がマルチキャスト通信に参加 するためには、パケット暗号鍵保持部 220で保持されるパケット暗号鍵を共有してい る必要がある。 [0044] The 喑 encapsulation unit 250 encrypts the MPDU data using RC4, which is an encryption algorithm used in the 喑 method with the same 喑 key and decryption key. Therefore, in order for the receiving terminals 130 to 180 that are members of the multicast group to participate in multicast communication, it is necessary to share the packet encryption key held in the packet encryption key holding unit 220.
[0045] 配信部としてのパケット暗号鍵配信部 260は、パケット暗号鍵保持部 220で保持さ れる!/、ずれかのパケット喑号鍵を、マルチキャストグループのメンバである受信端末 1 30〜180のいずれかに配信する。これにより、送信端末 120と、受信端末 130〜; 18 0との間で、パケット暗号鍵が共有される。パケット暗号鍵配信部 260は、パケット喑 号鍵を、マルチキャストにより送信されるパケットとは独立して配信する。  [0045] The packet encryption key distribution unit 260 as the distribution unit is held in the packet encryption key holding unit 220! /, And any one of the packet numbers is received by the receiving terminals 130-180 that are members of the multicast group. Deliver to either. Thereby, the packet encryption key is shared between the transmitting terminal 120 and the receiving terminals 130 to 180. The packet encryption key distribution unit 260 distributes the packet encryption key independently of the packet transmitted by multicast.
[0046] より具体的には、パケット喑号鍵配信部 260は、マルチキャストグループのメンバで ある受信端末 130〜 180のいずれ力、からパケット暗号鍵配信要求を受信すると、そ の受信端末に対して、パケット暗号鍵を配信する。このとき、パケット暗号鍵配信部 2 60は、パケット暗号鍵配信要求により要求されたパケット暗号鍵とともに、そのバケツ ト喑号鍵と連続するパケット暗号鍵を一括して配信する。例えば、パケット暗号鍵配 信部 260は、パケット暗号鍵配信要求により要求されるパケット暗号鍵が Key (n)で ある場合、 Key (n)とともに、 Key (n- l) , Key (n+ 1)を、パケット喑号鍵配信要求 の送信元の受信端末に対して配信する。  More specifically, upon receiving a packet encryption key distribution request from any of the receiving terminals 130 to 180 that are members of the multicast group, the packet number key distributing unit 260 sends the request to the receiving terminal. , Deliver the packet encryption key. At this time, the packet encryption key distribution unit 260 distributes the packet encryption key requested by the packet encryption key distribution request together with the packet encryption key and the packet encryption key continuous. For example, if the packet encryption key requested by the packet encryption key distribution request is Key (n), the packet encryption key distribution unit 260, together with Key (n), Key (n-l), Key (n + 1) Is distributed to the receiving terminal that is the transmission source of the packet number key distribution request.
[0047] ここで、パケット暗号鍵配信部 260は、パケット暗号鍵の取得に失敗した受信端末 を検出する手段をパケット暗号鍵配信部 260に設けることもできる。この場合、バケツ ト喑号鍵配信部 260は、パケット暗号鍵の取得に失敗した受信端末に対して、取得 をすることができな力、つたパケット暗号鍵と、これと連続するパケット暗号鍵とを配信す [0048] これにより、パケット暗号鍵の取得を要求する受信端末、つまりマルチキャスト通信 またはブロードキャスト通信に参入または復帰する受信端末に対して個別にパケット 暗号鍵が配信されるので、各受信端末は、マルチキャスト通信への後追い参入およ び途中で切断されたマルチキャスト通信への復帰を円滑に行うことができる。また、要 求されるパケット暗号鍵のみならず、その更新前後に使用されるパケット暗号鍵が一 括して配信されるので、各受信端末は、一旦接続されたマルチキャスト通信への接続 を高信頼に維持することができる。 Here, the packet encryption key distribution unit 260 can also provide means for detecting a receiving terminal that failed to acquire the packet encryption key in the packet encryption key distribution unit 260. In this case, the bucket number key distribution unit 260 is unable to acquire the packet encryption key for the receiving terminal that has failed to acquire the packet encryption key, the packet encryption key, and the continuous packet encryption key. Deliver [0048] Thus, since the packet encryption key is individually distributed to the receiving terminal that requests acquisition of the packet encryption key, that is, the receiving terminal that enters or returns to multicast communication or broadcast communication, each receiving terminal It is possible to smoothly follow up on communication and return to multicast communication that was disconnected on the way. In addition, since not only the required packet encryption key but also the packet encryption keys used before and after the update are delivered together, each receiving terminal has a reliable connection to the once-connected multicast communication. Can be maintained.
[0049] なお、パケット暗号鍵配信部 260がー括して配信するパケット暗号鍵の数は、任意 に設定可能である。例えば、第 2のフェーズ鍵混合器が 5つ以上ある場合には、パケ ット喑号鍵配信部 260は、連続する 5つのパケットに対応するパケット暗号鍵を一括し て配信することができる。パケット暗号鍵の配信の余裕度を高めることによって、通信 の維持を確実にすることができる。  [0049] Note that the number of packet encryption keys distributed collectively by the packet encryption key distribution unit 260 can be arbitrarily set. For example, when there are five or more second phase key mixers, the packet number key distribution unit 260 can collectively distribute packet encryption keys corresponding to five consecutive packets. Maintaining communication can be ensured by increasing the margin of packet encryption key distribution.
[0050] 以下、上述のように構成されたマルチキャスト通信システム 100の動作について説 明する。ここでは、パケット暗号鍵配信部 260によるパケット暗号鍵の配信動作、特に 、受信端末力ものパケット暗号鍵配信要求を受信した後のパケット暗号鍵の配信動 作について説明する。  The operation of multicast communication system 100 configured as described above will be described below. Here, the packet encryption key distribution operation by the packet encryption key distribution unit 260, particularly the packet encryption key distribution operation after receiving the packet encryption key distribution request of the receiving terminal will be described.
[0051] パケット喑号鍵配信部 260は、マルチキャストグループのメンバである受信端末の いずれかからパケット暗号鍵配信要求を受信すると、その受信端末に対して、バケツ ト喑号鍵を配信する。このとき、パケット暗号鍵配信部 260は、パケット暗号鍵配信要 求により要求されたパケット暗号鍵とともに、そのパケット暗号鍵と連続するパケット喑 号鍵を一括して配信する。例えば、パケット暗号鍵配信部 260は、パケット暗号鍵配 信要求により要求されるパケット暗号鍵力 ey (n)である場合、 Key (n)とともに、 Ke y (n- l) , Key (n+ 1 )を、パケット暗号鍵配信要求の送信元の受信端末に対して配 信する。 [0051] When receiving a packet encryption key distribution request from one of the receiving terminals that are members of the multicast group, the packet number key distributing unit 260 distributes the packet number key to the receiving terminal. At this time, the packet encryption key distribution unit 260 distributes the packet encryption key requested by the packet encryption key distribution request together with the packet encryption key continuous with the packet encryption key. For example, when the packet encryption key distribution unit 260 has the packet encryption key strength e y (n) requested by the packet encryption key distribution request, the key encryption key e y (n), Ke y (n− l), Key (n + 1) is delivered to the receiving terminal that sent the packet encryption key delivery request.
[0052] これにより、受信端末は、マルチキャスト通信への後追い参入および途中で切断さ れたマルチキャスト通信への復帰を円滑に行うことができる。例えば図 1において、マ ルチキャスト通信のセッションが確立された後にネットワークに接続された受信端末 1 60、マルチキャスト通信の通信エリア外から移動してきた受信端末 170、およびマル チキャスト通信の通信エリアの境界に在圏しているがためにその接続が切断された 受信端末 180は、パケット暗号鍵配信要求を送信することにより、例外的なパケット喑 号鍵の配信を受けることができる。そして、受信端末 160, 170, 180は、パケット喑 号鍵配信部 260から配信されたパケット暗号鍵を用いて、マルチキャスト通信に後追 V、参入または復帰することができる。 [0052] Thus, the receiving terminal can smoothly follow up on multicast communication and return to multicast communication disconnected on the way. For example, in FIG. 1, a receiving terminal 160 connected to the network after a multicast communication session is established, a receiving terminal 170 that has moved from outside the multicast communication area, and a multicast terminal. Receiving terminal 180 that has been disconnected because it is located at the boundary of the communication area of multicast communication, receives exceptional packet signature key distribution by sending a packet encryption key distribution request. Can do. Then, the receiving terminals 160, 170, and 180 can follow-up V, enter or return to multicast communication using the packet encryption key distributed from the packet signal key distribution unit 260.
[0053] また、受信端末は、一旦接続されたマルチキャスト通信への接続を高信頼に維持 すること力 Sできる。例えば、 Key (n)についてのパケット暗号鍵配信要求を送信した受 信端末は、 Key (n)とともに、 Key (n)の更新前後に使用される Key (n— 1) , Key (n + 1)を取得することができる。これにより、パケット暗号鍵配信要求を送信した後に間 もなくパケット暗号鍵が更新された場合であっても、受信端末は、 Key (n)とともに配 信された Key (n+ 1)を用いて、マルチキャスト通信への接続を維持することができる 。また、受信端末は、 Key (n—1)を用いて以前に送信されたパケットを復号化するこ とができるので、より高精度なデータの再生が可能になる。  [0053] Further, the receiving terminal can maintain the connection to the multicast communication once connected with high reliability. For example, a receiving terminal that has transmitted a packet encryption key distribution request for Key (n), together with Key (n), Key (n—1), Key (n + 1) used before and after updating Key (n) ) Can be obtained. As a result, even if the packet encryption key is updated shortly after sending the packet encryption key distribution request, the receiving terminal uses the Key (n + 1) distributed with the Key (n), Connection to multicast communication can be maintained. In addition, since the receiving terminal can decrypt the previously transmitted packet by using Key (n-1), it is possible to reproduce data with higher accuracy.
[0054] このように、本実施の形態によれば、送信端末 120は、複数の受信端末に対して送 信される連続するパケットに対する複数のパケット暗号鍵を予め生成して保持し、こ れらのパケット暗号鍵の!/、ずれかを複数の受信端末のレ、ずれかに対して配信する。 すなわち、暗号鍵の更新においてその生成を行うサーバまたは同等の立替手段を用 意し、要求に応じて現在の鍵を別途の手段で通知する。これにより、各受信端末は、 何らかの理由により途中のパケット暗号鍵を取得することができない場合であっても、 マルチキャスト通信への後追い参入および途中で切断されたマルチキャスト通信へ の復帰を円滑に行うことができる。  As described above, according to the present embodiment, transmitting terminal 120 generates and holds a plurality of packet encryption keys for consecutive packets transmitted to a plurality of receiving terminals in advance. These packet encryption keys are distributed to multiple receiving terminals. That is, a server for generating the encryption key or an equivalent replacement means is prepared, and the current key is notified by a separate means in response to the request. As a result, even if each receiving terminal cannot acquire a packet encryption key on the way for some reason, it can smoothly follow up on multicast communication and return to multicast communication that was cut off on the way. Can do.
[0055] また、本実施の形態によれば、送信端末 120は、連続するパケットに対する複数の パケット暗号鍵を一括して配信する。これにより、各受信端末は、一旦接続されたマ ルチキャスト通信への参加を高信頼に維持することができる。また、各受信端末は、 以前に送信されたパケットを復号化することができ、より高精度なデータの再生が可 能になる。  [0055] Also, according to the present embodiment, transmitting terminal 120 distributes a plurality of packet encryption keys for consecutive packets in a lump. As a result, each receiving terminal can maintain the participation in the multicast communication once connected with high reliability. In addition, each receiving terminal can decode a previously transmitted packet, and can reproduce data with higher accuracy.
[0056] なお、本実施の形態では、第 1のフェーズ鍵混合器 210は、 Nパケットごとに新しい 予備鍵を計算し、更新するものとして説明したが、これに限定されない。例えば、第 1 のフェーズ鍵混合器 210は、システムごとに決められた Mパケット(Mは、 Nと異なる 任意の整数)ごとに新しい予備鍵を計算し、更新するようにしてもよい。その際、第 1 のフェーズ鍵混合器 210は、乱数に基づいた一定のサイクルに従って新しい予備鍵 を計算し、更新すること力できる。さらに、不定期かつルール化された手段により予備 鍵を更新するようにしてもよい。このような予備鍵の更新を利用してパケット暗号鍵を リフレッシュすることにより、よりセキュリティ強度の高い暗号化通信を実現することが できる。 In the present embodiment, the first phase key mixer 210 has been described as calculating and updating a new spare key every N packets, but the present invention is not limited to this. For example, the first The phase key mixer 210 may calculate and update a new spare key every M packets (M is an arbitrary integer different from N) determined for each system. In doing so, the first phase key mixer 210 can calculate and update a new reserve key according to a certain cycle based on a random number. Furthermore, the backup key may be updated by irregular and ruled means. Encrypted communication with higher security strength can be realized by refreshing the packet encryption key by using such update of the spare key.
[0057] また、本実施の形態では、パケット暗号鍵の配信機構(暗号鍵配信装置)を送信端 末 120の内部に設けるようにした力 S、これに限定されない。例えば、暗号鍵配信装置 を、送信端末 120と別個の装置部として、マルチキャスト通信システムに設けるように してもよい。  Further, in the present embodiment, the force S in which the packet encryption key distribution mechanism (encryption key distribution device) is provided inside the transmission terminal 120 is not limited to this. For example, the encryption key distribution device may be provided in the multicast communication system as a device unit separate from the transmission terminal 120.
[0058] また、本実施の形態では、マルチキャスト通信に応用した例について説明したが、 ブロードキャスト通信に適用した場合も、マルチキャスト通信の場合と同様の作用効 果を実現すること力できる。さらに、ュニキャスト通信に適用してもよい。また、それぞ れを組み合わせることで効果を向上させてもよい。  Further, although an example in which the present embodiment is applied to multicast communication has been described in the present embodiment, the same effect as that in the case of multicast communication can be realized even when applied to broadcast communication. Further, it may be applied to unicast communication. Moreover, the effect may be improved by combining them.
[0059] 本明細書は、 2006年 9月 5日出願の特願 2006— 240691に基づく。この内容は すべてここに含めておく。 [0059] This specification is based on Japanese Patent Application No. 2006-240691 filed on Sep. 5, 2006. All this content is included here.
産業上の利用可能性  Industrial applicability
[0060] 本発明に係る暗号鍵配信装置および暗号鍵配信方法は、セキュリティ強度を維持 しつつ、確実で柔軟性に富んだ通信を行うことができる効果を有し、マルチキャスト通 信またはブロードキャスト通信において使用される暗号鍵配信装置および暗号鍵配 信方法として有用である。 [0060] The encryption key distribution device and the encryption key distribution method according to the present invention have an effect of performing reliable and flexible communication while maintaining security strength, and in multicast communication or broadcast communication. It is useful as the encryption key distribution device and encryption key distribution method used.

Claims

請求の範囲 The scope of the claims
[1] マルチキャストまたはブロードキャストにより複数の無線受信端末に対して送信され るパケットを暗号化するための暗号鍵を最小 1パケットごとに生成可能な生成部と、 複数の連続するパケットに対して前記生成部により生成される複数の暗号鍵を保持 する保持部と、  [1] A generation unit capable of generating an encryption key for encrypting at least one packet for encrypting a packet transmitted to a plurality of wireless receiving terminals by multicast or broadcast, and the generation for a plurality of consecutive packets. A holding unit for holding a plurality of encryption keys generated by the unit;
前記複数の無線受信端末の!/、ずれかに対して、前記保持部により保持される!/ヽず れかの喑号鍵を、マルチキャストまたはブロードキャストにより送信されるパケットとは 独立して配信する配信部と、  Deliver the! / Either key that is held by the holding unit, independently of the packets transmitted by multicast or broadcast, for any of the! /, Shifts of the plurality of wireless receiving terminals A distribution department;
を具備する暗号鍵配信装置。  An encryption key distribution apparatus comprising:
[2] 前記配信部は、 [2] The distribution unit
V、ずれかのパケットに対して生成される暗号鍵と、前記!/、ずれかのパケットと連続す る他のパケットに対して生成される暗号鍵とを一括配信する、  V, distributes the encryption key generated for the misaligned packet and the! /, The encryption key generated for the other consecutive packets of the misaligned packet,
請求項 1記載の暗号鍵配信装置。  The encryption key distribution device according to claim 1.
[3] 前記配信部は、 [3] The distribution unit
前記複数の無線受信端末のうち、マルチキャスト通信またはブロードキャスト通信に 参入または復帰する無線受信端末に対して暗号鍵を配信する、  An encryption key is distributed to a wireless receiving terminal that joins or returns to multicast communication or broadcast communication among the plurality of wireless receiving terminals.
請求項 2記載の暗号鍵配信装置。  The encryption key distribution device according to claim 2.
[4] 前記配信部は、 [4] The distribution unit
暗号鍵を配信する旨の要求の送信元の無線受信端末に対して暗号鍵を配信する 請求項 2記載の暗号鍵配信装置。  The encryption key distribution device according to claim 2, wherein the encryption key is distributed to a wireless receiving terminal that is a transmission source of a request for distributing the encryption key.
[5] 前記生成部は、 [5] The generation unit includes:
一時鍵と初期化ベクトルとを含む複数の要素から予備鍵を生成する第 1の生成部と 前記予備鍵および前記初期化ベクトルから暗号鍵を生成する第 2の生成部と、を具 備し、  A first generation unit that generates a backup key from a plurality of elements including a temporary key and an initialization vector; and a second generation unit that generates an encryption key from the backup key and the initialization vector.
前記第 1の生成部は、前記一時鍵を定期的に更新することによって、前記生成部 により生成される暗号鍵をリフレッシュさせる、 請求項 1記載の暗号鍵配信装置。 The first generator refreshes the encryption key generated by the generator by periodically updating the temporary key; The encryption key distribution device according to claim 1.
[6] 前記第 1の生成部は、乱数に基づいた一定のルールによるサイクルに従って前記 一時鍵を更新する、 [6] The first generation unit updates the temporary key according to a cycle according to a certain rule based on a random number.
請求項 5記載の暗号鍵配信装置。  6. The encryption key distribution device according to claim 5.
[7] マルチキャストまたはブロードキャストにより複数の無線受信端末に対して送信され るパケットを暗号化するための暗号鍵を最小 1パケットごとに生成可能な生成ステップ と、 [7] A generation step capable of generating at least one packet of an encryption key for encrypting a packet transmitted to multiple wireless receiving terminals by multicast or broadcast;
複数の連続するパケットに対して生成される複数の暗号鍵を保持する保持ステップ と、  A holding step for holding a plurality of encryption keys generated for a plurality of consecutive packets;
前記複数の無線受信端末の!/、ずれかに対して、前記複数の暗号鍵のうちのレ、ず れかの喑号鍵を、マルチキャストまたはブロードキャストにより送信されるパケットとは 独立して配信する配信ステップと、  Distribute the key of any one of the plurality of encryption keys independently of the packet transmitted by multicast or broadcast to any of! A delivery step;
を有する暗号鍵配信方法。  An encryption key distribution method comprising:
PCT/JP2007/067331 2006-09-05 2007-09-05 Encryption key delivery device and encryption key delivery method WO2008029853A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006240691A JP2008066882A (en) 2006-09-05 2006-09-05 Encryption key distribution apparatus, and encryption key distribution method
JP2006-240691 2006-09-05

Publications (1)

Publication Number Publication Date
WO2008029853A1 true WO2008029853A1 (en) 2008-03-13

Family

ID=39157279

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/067331 WO2008029853A1 (en) 2006-09-05 2007-09-05 Encryption key delivery device and encryption key delivery method

Country Status (2)

Country Link
JP (1) JP2008066882A (en)
WO (1) WO2008029853A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019217692A1 (en) * 2018-05-10 2019-11-14 Alibaba Group Holding Limited Blockchain data processing method, apparatus, device, and system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6048710B2 (en) 2013-02-28 2016-12-21 パナソニックIpマネジメント株式会社 ENCRYPTION RECORDING DEVICE AND ENCRYPTION RECORDING METHOD
KR102024062B1 (en) * 2019-05-31 2019-09-24 주식회사 유니온플레이스 Device of transmitting key data to subscriber in multicast group
KR102024058B1 (en) * 2019-05-31 2019-09-24 주식회사 유니온플레이스 Device in multicast group

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005117656A (en) * 2003-10-03 2005-04-28 Fujitsu Ltd Apparatus, method, and medium for self-organization multi-hop wireless access network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005117656A (en) * 2003-10-03 2005-04-28 Fujitsu Ltd Apparatus, method, and medium for self-organization multi-hop wireless access network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SEKI Y.: "WPA (W-FI protected access)", NIKKEI COMMUNICATIONS, NIKKEI BUSINESS PUBLICATIONS, INC., no. 401, 27 October 2003 (2003-10-27), pages 168 - 176, XP003021643 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019217692A1 (en) * 2018-05-10 2019-11-14 Alibaba Group Holding Limited Blockchain data processing method, apparatus, device, and system
US11315112B2 (en) 2018-05-10 2022-04-26 Advanced New Technologies Co., Ltd. Blockchain data processing method, apparatus, device, and system

Also Published As

Publication number Publication date
JP2008066882A (en) 2008-03-21

Similar Documents

Publication Publication Date Title
US20220006627A1 (en) Quantum key distribution node apparatus and method for quantum key distribution thereof
WO2017185999A1 (en) Method, apparatus and system for encryption key distribution and authentication
US9148421B2 (en) Method and system for encryption of messages in land mobile radio systems
KR100832893B1 (en) A method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely
US11575660B2 (en) End-to-end encryption for personal communication nodes
US8838972B2 (en) Exchange of key material
CN108599925B (en) Improved AKA identity authentication system and method based on quantum communication network
US8831227B2 (en) Method and system for establishing secure connection between stations
JPH07107083A (en) Cipher communication system
US20060212936A1 (en) Method of integrating QKD with IPSec
CN108540436B (en) Communication system and communication method for realizing information encryption and decryption transmission based on quantum network
US11962685B2 (en) High availability secure network including dual mode authentication
US20140355763A1 (en) Method and apparatus for generation and distributing a group key in wireless docking
WO2017075134A1 (en) Key management for privacy-ensured conferencing
KR20180130203A (en) APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME
CN108964888B (en) Improved AKA identity authentication system and method based on symmetric key pool and relay communication
US11297496B2 (en) Encryption and decryption of management frames
CN108768632B (en) AKA identity authentication system and method based on symmetric key pool and relay communication
CN100571133C (en) The implementation method of media flow security transmission
CN111835997A (en) Cloud video conference system based on quantum key encryption and decryption method thereof
CN102905199A (en) Implement method and device of multicast service and device thereof
WO2008029853A1 (en) Encryption key delivery device and encryption key delivery method
CA3190801A1 (en) Key management method and communication apparatus
JP4694240B2 (en) Encryption key distribution apparatus and program thereof
CN108768661B (en) Improved AKA identity authentication system and method based on symmetric key pool and cross-relay

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07806773

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07806773

Country of ref document: EP

Kind code of ref document: A1