WO2015104629A1 - Key information control device, key information updating device, program and recording medium, key information updating method, and key information updating system - Google Patents

Key information control device, key information updating device, program and recording medium, key information updating method, and key information updating system Download PDF

Info

Publication number
WO2015104629A1
WO2015104629A1 PCT/IB2015/000006 IB2015000006W WO2015104629A1 WO 2015104629 A1 WO2015104629 A1 WO 2015104629A1 IB 2015000006 W IB2015000006 W IB 2015000006W WO 2015104629 A1 WO2015104629 A1 WO 2015104629A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
communication
group
group key
information control
Prior art date
Application number
PCT/IB2015/000006
Other languages
French (fr)
Japanese (ja)
Inventor
健司 安
尚弘 福田
健治 蔵前
洋一 増田
智樹 高添
Original Assignee
パナソニックIpマネジメント株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by パナソニックIpマネジメント株式会社 filed Critical パナソニックIpマネジメント株式会社
Publication of WO2015104629A1 publication Critical patent/WO2015104629A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key

Definitions

  • the present invention relates to a key information control device, a key information update device, a program, a recording medium, a key information update method, and a key information update system that update a group key used in a plurality of devices.
  • a key encryption key is shared between a control device and a communication device using a unique key of the communication device. Thereafter, the control device updates the group key using multicast communication. At this time, the control device encrypts the group key using the key encryption key.
  • This group key is managed by a key identifier called an EPOCH value included in the nonce space in the encrypted message. The group key is updated when a predetermined condition (number of times of encrypted communication, time) is reached.
  • the communication message may not be transmitted to all the communication devices.
  • the communication device is a wireless device
  • the wireless communication state deteriorates due to noise, and the communication message is not transmitted.
  • the communication message is lost on the communication path. In this case, there is a possibility that the communication message cannot be transmitted to other communication devices.
  • An object of the present invention is to provide a key information control device, a key information update device, a program and a recording medium, a key information update method, and a key information update system capable of performing communication even when group key update fails. To do.
  • a key information control apparatus is a key information control apparatus for controlling a group key used in a network including a plurality of communication devices, wherein the group key is Key management means for changing the key identifier each time it is updated and generating the key identifier and a new group key, and multicast communication for transmitting the key identifier and the group key generated by the key management means by multicast communication Means for detecting the communication device that has not received the group key with reference to the key identifier in the information transmitted from the communication device, and the group key by the communication quality detection unit. When the communication device that has not received the message is detected, the communication device is connected to the communication device by unicast communication with a retransmission function.
  • a key information control device is the key information control device according to the first aspect, wherein the key management means increases the value of the key identifier each time the key is changed to a new group key. And the communication quality detecting means changes the group key transmitted by the multicast communication when the key identifier included in the information transmitted from the communication device is smaller than the key identifier changed by the key managing means. It is characterized by detecting that it has not been received.
  • a key information control device is the key information control device according to the first or second aspect, wherein the port number used by the multicast communication means and the unicast communication means are used.
  • a different value is assigned depending on the port number.
  • a key information control apparatus is the key information control apparatus according to any one of the first to third aspects, wherein the unicast communication means includes the key in addition to the group key. The latest key identifier generated by the management means is transmitted.
  • a key information control apparatus is the key information control apparatus according to any one of the first to fourth aspects, wherein the communication quality detection means is provided for a predetermined period for each of the communication devices.
  • a key information control apparatus is the key information control apparatus according to any one of the first to fifth aspects, wherein the communication device does not receive a group key by the communication quality detection means. And a notification means for notifying the communication device or another communication device when the message is detected.
  • a key information control program is a key information control program for controlling a group key used in a network including a plurality of communication devices, and each time the group key is updated.
  • Key management means for changing the key identifier to generate the key identifier and a new group key
  • multicast communication means for transmitting the key identifier and the group key generated by the key management means by multicast communication
  • the communication device Communication quality detection means for detecting the communication device that has not received the group key with reference to the key identifier in the information transmitted from the communication, and the communication that has not received the group key by the communication quality detection means When a device is detected, the group is transmitted to the communication device by unicast communication with a retransmission function.
  • a computer-readable recording medium recording a key information control program is a computer-readable recording medium storing a key information control program for controlling a group key used in a network including a plurality of communication devices.
  • a key management unit that changes a key identifier each time the group key is updated and generates the key identifier and a new group key, and the computer generated by the key management unit.
  • a key information updating apparatus is a key information updating apparatus that has a group key used in a network including a key information control apparatus and a plurality of communication devices, and updates the group key.
  • Key management means for updating the group key to a group key received by multicast communication from the key information control apparatus, and encryption processing for encrypting or decrypting data using the group key updated by the key management means And whether the group key has been updated by comparing the key identifier that is changed each time the group key is updated with the key identifier that the user owns in the information transmitted from the other communication device Unicast communication with a retransmission function when it is detected by the communication quality detection means that the group key is not updated by the communication quality detection means Therefore and a unicast communication means for requesting group key.
  • a key information update device is the key information update device according to the ninth aspect, wherein the communication quality detection means is transmitted from the key information control device or the other communication device.
  • the key identifier included in the received information is larger than the key identifier stored in itself, it is detected that the group key transmitted by the multicast communication is not received.
  • a key information update program is a key information update program that has a group key used in a network including a key information control device and a plurality of communication devices, and updates the group key.
  • a key management means for updating the group key to a group key received by multicast communication from the information control apparatus; a cipher for encrypting or decrypting data using the group key updated by the key management means; Whether the group key is updated by comparing the key identifier that is changed each time the group key is updated among the information transmitted from the processing means and other communication devices with the key identifier that the user has.
  • a communication quality detection means for detecting the group key, and when the communication quality detection means detects that the group key has not been updated, a retransmission function is provided. To function as a unicast communication means for requesting the group key by unicast communication.
  • a computer-readable recording medium recording a key information update program has a group key used in a network including a key information control device and a plurality of communication devices, and updates the group key.
  • a key information updating method includes a group key used in a network including a key information control device and a plurality of communication devices, and updates the key. Transmitting a new group key by multicast communication from the key information control device, updating a group key of the communication device to a group key transmitted from the key information control device, and transmitting from the communication device.
  • a key information update system is a key information update system that has a group key used in a network including a key information control device and a plurality of communication devices, and updates the group key.
  • Key management means for updating the group key of the communication device to a group key transmitted from the key information control apparatus, and encryption processing for encrypting or decrypting data using the group key updated by the key management means Means for detecting communication quality, wherein the communication device detects whether the group key has been updated by comparing a key identifier that is changed each time the group key is updated with a key identifier that the device has. And a communication method for transmitting the group key by the key information control device when it is detected by the communication quality detecting means that the group key has not been updated. Switching from multicast communication to the unicast communication with the retransmission function, and a communication means for transmitting the group key to the communication device by resending function unicast communication.
  • a key information update system is the key information update system according to the fourteenth aspect, wherein the key information control device sets an interval for transmitting the group key by multicast communication as a predetermined period.
  • the communication device detects that the group key has not been received by the multicast communication when the group key has not been received beyond the predetermined period.
  • a key information updating method is a key information updating method for updating a group key used in a network including a key information control device and a plurality of communication devices, the key information control device Unlike the group key, a step of generating a recovery key used in a network including the key information control device and the plurality of communication devices, and the key information control device and the communication device by the key information control device And a step of distributing the recovery key, a step of transmitting a new group key by multicast communication from the key information control device, and a group key transmitted from the key information control device. And updating a group key of the communication device.
  • a key information update method is the key information update method according to the sixteenth aspect, wherein the key information control apparatus transmits the key information control apparatus from the communication device. Detecting a communication device that has not updated the group key with reference to a key identifier that is changed each time the group key is updated in the information, and the key information control device updates the group key. Transmitting a group key encrypted using the recovery key when an uncommitted communication device is detected.
  • a key information update method according to an eighteenth aspect of the present invention is the key information update method according to the sixteenth aspect, wherein the key information control device cannot transmit a message using the group key by the communication device. The method further includes the step of transmitting a message encrypted using the recovery key. Effects of the Invention According to the present invention, communication can be performed even when the group key update fails.
  • the nonce value exchanged in the key information update system shown as embodiment of this invention is shown, (a) is a 1st structural example, (b) is a 2nd structural example.
  • the key information update system shown as an embodiment of the present invention it is a sequence diagram showing an example of a communication procedure when no communication failure occurs.
  • the key information update system shown as embodiment of this invention it is a sequence diagram which shows an example of the nonce value when updating a group key.
  • the key information update system shown as embodiment of this invention it is a sequence diagram which shows an example of a communication procedure when a communication failure is detected by a key information control apparatus.
  • it is a sequence diagram which shows an example of a communication procedure when a communication failure is detected by a communication apparatus.
  • it is a sequence diagram which shows an example of a communication procedure when a communication failure is detected by the timer of a communication apparatus. It is a flowchart which shows an example of the process sequence of the key information control apparatus in the key information update system shown as embodiment of this invention.
  • the key information update system shown as embodiment of this invention it is a sequence diagram which shows an example of a communication procedure when determining a communication failure by a counter value and an EPOCH value.
  • the key information update system shown as an embodiment of the present invention it is a sequence diagram showing an example of a communication procedure when multicast communication and unicast communication are used together for a communication device that has failed in communication.
  • 6 is a flowchart showing an example of a processing procedure for setting a communication device to a normal mode or a guarantee mode in the key information update system shown as the embodiment of the present invention.
  • the key information update system shown as an embodiment of the present invention it is a flowchart showing an example of a processing procedure for transmitting a key update message every predetermined period by the key information control device.
  • the key information update system shown as embodiment of this invention it is a sequence diagram which shows an example of the communication procedure which transmits a group key using a recovery key from a key information control apparatus to a some communication apparatus.
  • the key information update system includes a key information control device 1 and a plurality of communication devices 2A, 2B, 2C (hereinafter simply referred to as communication device 2 when collectively referred to).
  • the key information control device 1 and the communication device 2 are connected to the communication relay device 100.
  • the key information control device 1 and the communication device 2 can communicate with each other by relaying information by the communication relay device 100.
  • the communication relay device 100 is connected to a communication network NT such as the Internet by wire.
  • the communication relay device 100 corresponds to, for example, a broadband router.
  • the communication device 2 is various devices installed in a home, for example.
  • the communication device 2 ⁇ / b> A is a wireless communication device that exchanges wireless signals with the communication relay device 100.
  • the communication devices 2B and 2C are wiredly connected to the communication relay device 100 via a communication line.
  • the communication device 2 may perform wired communication or wireless communication. Wireless communication generally has lower communication quality than wired communication.
  • the communication apparatus 2 may be in a sleep state at an arbitrary timing, and may be activated by a certain period or some external trigger. This sleep state includes a state in which operation is performed with a minimum amount of power and communication cannot be performed. There may be three or more communication devices 2.
  • the key information control device 1 communicates with a plurality of communication devices 2 and controls the plurality of communication devices 2.
  • the key information control device 1 performs encrypted communication with the communication device 2. For this purpose, the key information control apparatus 1 performs an authentication process and a key distribution process with each communication device 2. Further, the key information control apparatus 1 updates a group key used in a network including a plurality of communication devices 2.
  • the key information control apparatus 1 has functional units as shown in FIG.
  • the key information control device 1 is a computer that can read and execute a program.
  • the key information control device 1 functions as each unit as shown in FIG. 2 by executing a program by a computer.
  • This program is a key information control program for updating a group key used in a network including a plurality of communication devices 2 in the present embodiment.
  • the key information control device 1 includes a control unit 11, a communication unit 12, an authentication processing unit 13, an authentication information storage unit 14, a key management unit 15, and an encryption processing unit 16. Further, the key information control apparatus 1 includes a communication quality measuring unit 17 and a communication quality storage unit 18. Further, the key information control apparatus 1 has a timer unit 19.
  • the communication unit 12 performs communication with the communication device 2.
  • the communication unit 12 communicates with the communication device 2 by either the multicast communication method or the unicast communication method. The switching of the communication method is controlled by the control unit 11.
  • the control unit 11 controls each unit of the key information control device 1.
  • the control unit 11 executes the key information control program 11b stored in the storage unit 11a as a computer-readable recording medium on which the program is recorded.
  • the authentication processing unit 13 performs authentication processing with the communication device 2 connected to the key information control device 1.
  • the authentication processing unit 13 only needs to be able to execute various existing authentication processes.
  • the authentication processing unit 13 reads the authentication information stored in the authentication information storage unit 14 during the authentication process.
  • the authentication information is, for example, the node ID of the communication device 2 and a device unique key KD (Key of Device) (or password).
  • the authentication processing unit 13 compares the authentication information transmitted from the communication device 2 with the authentication information stored in the authentication information storage unit 14 to determine whether the communication device 2 has a legitimate authority. . Note that it may be determined whether the communication device 2 has a legitimate authority using a public key and a secret key instead of the device unique key KD.
  • the key management unit 15 manages key information used when the key information control device 1 performs encrypted communication with the communication device 2.
  • the key management unit 15 includes a device unique key KD of the communication device 2 (key for device authentication and key encryption key distribution by unicast), a key encryption key KEK (Key Encryption Key).
  • the group key K (Gn) is managed.
  • the managed key information is stored in the key management table 15a.
  • the device unique key KD for each communication device 2 is key information for encrypting the key encryption key KEK sent to the communication device 2 by the key information control device 1 and authenticating the communication device 2. This device unique key KD is set in advance and shared by the key information control device 1 and each communication device 2.
  • the key encryption key KEK is a key for key encryption.
  • the key information control device 1 derives the key encryption key KEK.
  • the key encryption key KEK is shared by all the communication devices 2 and the key information control device 1 during authentication and key distribution.
  • the device unique key KD of the communication device 2 is key information (encryption key) for encrypting a key encryption key (KEK) between the key information control device 1 and the communication device 2 and distributing it to the communication device 2. ).
  • the key information control device 1 can have a device unique key KD having a different value for each device of the communication device 2 in order to enhance security.
  • the group key K (Gn) is key information for performing encrypted multicast communication between the key information control device 1 and all the communication devices 2.
  • the key information control device 1 derives the group key K (Gn).
  • the group key K (Gn) is encrypted with the key encryption key KEK and distributed to all communication devices 2 by multicast communication.
  • n in the group key K (Gn) is a key version. Every time a new key is generated by the key management unit 15, n is increased to 1, 2, 3,.
  • the key management unit 15 derives a key encryption key KEK and a group key K (Gn), and holds device unique keys KD of all communication devices 2 in advance.
  • the key management unit 15 causes the communication unit 12 to transmit the derived key encryption key KEK to each communication device 2. Further, the key management unit 15 updates the group key K (Gn) by multicast communication.
  • the key management unit 15 manages key identifiers.
  • the key identifier is a value (EPOCH value) that is changed every time the group key K (Gn) is updated.
  • the key management unit 15 updates the old EPOCH value to a new EPOCH value every time the group key is updated.
  • the encryption processing unit 16 performs message encryption processing using the key information stored in the key management table 15a.
  • the encryption processing unit 16 decrypts the encrypted data using the key information stored in the key management table 15a from the encryption information received by the communication unit 12. At this time, the encryption processing unit 16 selects and uses appropriate key information stored in the key management table 15a.
  • the communication quality measuring unit 17 measures the communication quality with each communication device 2.
  • the communication quality measuring unit 17 refers to the EPOCH value in the information transmitted from the communication device 2.
  • the communication quality measuring unit 17 detects a communication device 2 that has not received the group key K (Gn) transmitted by multicast communication (communication quality detection means). Further, the communication quality measuring unit 17 may detect the communication quality by using a nonce value counter value, as will be described later.
  • the communication quality storage unit 18 stores the EPOCH value referred to by the communication quality measurement unit 17 for each communication device 2.
  • the EPOCH value is referred to by the communication quality measuring unit 17. Thereby, the communication quality measuring unit 17 can determine that the communication quality is low for the communication device 2 having the missing EPOCH value. In such a key information control device 1, the control unit 11 changes the communication method of the communication unit 12.
  • the communication unit 12 transmits the EPOCH value and the group key K (Gn) generated by the key management unit 15 to the plurality of communication devices 2 by multicast communication in the normal group key K (Gn) update process (multicast communication). means).
  • the communication unit 12 transmits a unicast communication with a retransmission function to the communication device 2.
  • the timer unit 19 measures an interval at which the group key K (Gn) is transmitted by multicast communication.
  • the control unit 11 sets a predetermined period for the transmission interval of the group key K (Gn).
  • the timer unit 19 is controlled by the control unit 11 to clear the timer value and measure the timer value.
  • the communication device 2 has functional units as shown in FIG. 3, for example.
  • the communication device 2 is a computer that can read and execute a program.
  • the communication device 2 functions as each unit as shown in FIG. 3 by executing a program by a computer.
  • This program is a key information update program for updating the group key held by itself in this embodiment. Thereby, the communication device 2 functions as a key information update device.
  • the communication device 2 includes a control unit 21, a communication unit 22, an authentication processing unit 23, a key management unit 24, and an encryption processing unit 25.
  • the communication device 2 includes a communication quality measuring unit 26 and a communication quality storage unit 27.
  • the communication device 2 has a timer unit 28.
  • the communication unit 22 performs communication between the key information control device 1 and another communication device 2.
  • the communication unit 22 communicates with the key information control apparatus 1 by either the multicast communication method or the unicast communication method.
  • the switching of the communication method is controlled by the control unit 21.
  • the control unit 21 controls each unit of the communication device 2.
  • the control unit 21 executes a key information update program 21b stored in a storage unit 21a as a computer-readable recording medium on which the program is recorded.
  • the authentication processing unit 23 performs authentication processing with the key information control device 1.
  • the authentication processing unit 23 only needs to be able to execute various existing authentication processes.
  • the authentication processing unit 23 reads preset authentication information during the authentication process.
  • the authentication information is, for example, the node ID of the communication device 2 and a device unique key KD (Key of Device) (or password).
  • the authentication processing unit 23 transmits authentication information from the communication unit 22 to the key information control device 1 in response to a request from the key information control device 1.
  • the key management unit 24 manages key information used when encrypted communication is performed between the key information control device 1 and another communication device 2.
  • the key management unit 24 manages the device unique key KD, the key encryption key KEK, and the group key K (Gn) of the communication device 2.
  • the managed key information is stored in the key management table 24a. Further, the key management unit 24 stores the key identifier in the key management table 24a.
  • the encryption processing unit 25 performs message encryption processing using the key information stored in the key management table 24a.
  • the encryption processing unit 25 decrypts the encrypted data using the key information stored in the key management table 24a from the encryption information received by the communication unit 22. At this time, the encryption processing unit 25 selects and uses appropriate key information stored in the key management table 24a.
  • the communication quality measuring unit 26 measures the communication quality with the key information control device 1.
  • the communication quality measuring unit 26 refers to the EPOCH value in the information transmitted from the key information control device 1 or another communication device 2.
  • the communication quality measuring unit 26 compares the EPOCH value of the received information with the EPOCH value if it is held in the key management table 24a. As a result of this comparison, the communication quality measuring unit 26 detects that the two EPOCH values are different and the difference between the EPOCH values.
  • the communication quality measurement unit 26 detects that the updated group key K (Gn) has not been received (communication quality detection means). Further, the communication quality measuring unit 26 may detect that the group key K (Gn) is not received as the communication quality with reference to the timer value.
  • the communication quality storage unit 27 stores the EPOCH value referred to by the communication quality measurement unit 26.
  • the EPOCH value is referred to by the communication quality measuring unit 26. Thereby, the communication quality measuring unit 26 can determine that the communication quality is low when the EPOCH value is missing.
  • the communication device 2 obtains the group key K (Gn) by unicast communication with a retransmission function.
  • the communication device 2 transmits a key request message to the key information control device 1.
  • the communication unit 22 acquires the current group key K (Gn) by unicast communication (communication means).
  • the timer unit 28 measures the interval at which the group key K (Gn) is received by multicast communication.
  • the reception interval of the group key K (Gn) is set in advance with the key information control device 1 in advance.
  • the timer unit 28 is controlled by the control unit 21 to clear the timer value and measure the timer value. Thereby, the timer unit 28 detects that the group key K (Gn) has not been received by multicast communication when the group key K (Gn) has not been received for a predetermined period.
  • the key information control device 1 performs encrypted communication with the communication device 2. For this purpose, the key information control device 1 authenticates each communication device 2. Thereafter, the key information control device 1 distributes a key encryption key KEK that can be encrypted and communicated only with each communication device 2. Furthermore, the key information control apparatus 1 distributes a group key K (Gn) that can be encrypted and communicated with all the communication devices 2. As a result, the group key K (Gn) is shared by the key information control apparatus 1 and all the communication devices 2. In the group key K (Gn), Gn corresponds to the age of the group key (EPOCH value). As shown in FIG.
  • such a key information update system transmits a group key S1 from the key information control device 1 to the communication device 2 by multicast communication.
  • the group key S1 is transmitted to the communication device 2 via the communication relay device 100.
  • the communication device 2A is a wireless communication device
  • a wireless signal S2a is transmitted from the communication relay device 100 to the communication device 2A.
  • the communication devices 2B and 2C are wired communication devices
  • wired signals S2b and S2c are transmitted from the communication relay device 100 to the communication devices 2B and 2C. For example, it is assumed that the wireless signal S2a disappears due to a communication failure caused by noise or the like.
  • the communication device 2A cannot receive the group key S1 used by the key information control device 1 and the other communication devices 2B and 2C. Therefore, the communication device 2A cannot decrypt information transmitted by multicast communication that is subsequently encrypted with the group key S1. Further, the communication device 2A transmits information encrypted with the old group key. Therefore, the information transmitted from the communication device 2A cannot be decrypted by the key information control device 1 and the other communication devices 2B and 2C. Therefore, the key information update system of this embodiment enables communication even when the group key update fails. For this reason, the key information update system detects a communication failure. When a communication failure is detected, the key information update system updates the group key of the communication device 2 in which the communication failure has occurred using both multicast communication and unicast communication.
  • a packet communicated in the key information update system includes a nonce shown in FIG. 4A or 4B in addition to the IP address and UDP.
  • the nonce is used as one of parameters at the time of data encryption, and is added to the header part of the transmission data message.
  • the nonce illustrated in FIG. 4A includes an EPOCH value and a counter value.
  • the nonce shown in FIG. 4B includes an EPOCH value, a node ID, and a counter value.
  • the EPOCH value is an identifier of the group key K (Gn).
  • the EPOCH value is changed every time the group information K (Gn) is updated by the key information control apparatus 1.
  • the key information control device 1 increments the EPOCH value every time the group key K (Gn) is updated.
  • the node ID is an identifier for identifying the key information control device 1 and the communication device 2.
  • the key information control device 1 and the communication device 2 store their node IDs in a message when transmitting data.
  • the counter value represents the number of times that the encrypted multicast communication is performed using the group key K (Gn) identified by the EPOCH value. This counter value is managed by each of the key information control device 1 and the communication device 2. The counter value is counted up every time the key information control device 1 and the communication device 2 transmit data.
  • the group key K (Gn) is updated by the key information control device 1 before the counter value reaches the maximum value.
  • an authentication process and a key distribution process P1 are performed between the key information control apparatus 1 and the communication device 2C.
  • the key information control device 1 After determining that the communication device 2C is a valid device, the key information control device 1 distributes the key encryption key KEK by unicast communication.
  • the key information control apparatus 1 distributes the group key K (G1) by multicast communication. At this time, the key information control apparatus 1 transmits the encrypted information obtained by the function E (KEK, K (G1)) by multicast communication.
  • This function E is a function for encrypting the group key K (G1) using the key encryption key KEK.
  • This key encryption key KEK is the key encryption key KEK distributed in process P1.
  • the communication device 2C receives the function E multicast-transmitted from the key information control device 1, it decrypts it. At this time, the communication device 2C performs an operation of a function D (KEK, E (KEK, K (Gn))).
  • This function D is a function for decrypting the encrypted information obtained by E (KEK, K (Gn)) using the key encryption key KEK. Accordingly, the communication device 2C can decrypt the group key K (G1).
  • the key information control apparatus 1 performs authentication processing and key distribution processing P2 and P3 for the communication device 2B and the communication device 2A. Furthermore, the key information control apparatus 1 distributes the group keys K (G2) and K (G3) every time the authentication process and the key distribution processes P2 and P3 are completed. Thereby, the key information control apparatus 1 and all the communication apparatuses 2 can perform the data communication process P4 by the encrypted multicast communication using the group key K (G3).
  • the key information control device 1 and the communication device 2 perform key update processing P5. In this key update process P5, a new group key K (G4) generated by the key information control apparatus 1 is distributed to all the communication devices 2 by multicast communication.
  • Each communication device 2 receives the group key K (G4) by multicast communication, and updates the group key K (G3) stored in the key management table 24a to a new group key K (G4). . Thereafter, for example, the encrypted data is transmitted from the key information control device 1 to all the communication devices 2.
  • This encrypted data includes encryption information obtained by the function E (K (G4), data).
  • Each communication device 2 receives the encrypted data transmitted from the key information control device 1 by multicast communication.
  • Each communication device 2 decrypts the encrypted data with the group key K (G4). As a result, each communication device 2 performs an operation of function D (K (G4), E (K (G4), data)). Can get the data.
  • the encrypted data encrypted using the group key K (G1) is transmitted by the communication device 2C.
  • a nonce value is added to the encrypted data.
  • This encrypted data is transmitted to the communication device 2A, the communication device 2B, and the key information control device 1 by multicast communication.
  • the key information control apparatus 1 transmits a key update message including a new group key K (G2) by multicast communication.
  • the communication device 2C updates the group key K (G1) to a new group key K (G2).
  • the key information control apparatus 1 detects that the group key K (Gn) has not been received in the key information update system described above will be described with reference to FIG. First, as described with reference to FIG. 5, the key information update system performs authentication processing and key distribution processing P1, P2, and P3 between the key information control device 1 and the communication devices 2A, 2B, and 2C. . Furthermore, the key information control apparatus 1 distributes the group key K (Gn) by multicast communication after the authentication process and the key distribution process.
  • the key information control apparatus 1 and the communication devices 2A, 2B, and 2C perform the data communication process P4 using the latest group key K (G3). Thereafter, when the update timing of the group key K (Gn) is reached, the key information control apparatus 1 performs a key update process P5 for distributing the group key K (G4) to the communication devices 2A, 2B, and 2C by multicast communication. (Multicast communication means).
  • the EPOCH value corresponding to this group key K (G4) is “3”. At this time, it is assumed that the key update message transmitted from the key information control apparatus 1 to the communication device 2A is not received by the communication device 2A due to communication failure.
  • the communication device 2A transmits the encrypted data encrypted with the group key K (G3) as the old group key K (Gn).
  • the EPOCH value corresponding to this group key K (G3) is “2”.
  • the encrypted data is received by the communication devices 2B and 2C and the key information control device 1.
  • the key information control device 1 refers to the EPOCH value in the information transmitted from the communication device 2A.
  • the EPOCH value held by the key information control apparatus 1 is “3”
  • the EPOCH value of the information transmitted from the communication device 2A is “2”.
  • the key information control device 1 detects the communication device 2A as a communication device that has not received the group key K (G4) transmitted by multicast communication (communication quality detection means). In this case, the key information control apparatus 1 transmits the group key K (G4) to the communication device 2A by unicast communication with a retransmission function (unicast communication means). At this time, the key information control apparatus 1 encrypts the new group key K (G4) with the key encryption key KEK distributed in the authentication process and the key distribution process P3. When transmitting the group key K (G4) by unicast communication, the key information control apparatus 1 performs unicast communication with a retransmission function.
  • This unicast communication with a retransmission function repeats unicast communication until a reception response is received from the communication device 2. For example, even if the key information control apparatus 1 performs unicast communication twice and the group key K (G4) disappears due to communication failure, the key information control apparatus 1 transmits the group key K (G4 to the communication device 2A by the third unicast communication. ) Can be sent.
  • the group key K (G4) transmitted by the unicast communication is decrypted using the key encryption key KEK of the communication device 2A.
  • the communication device 2A can update the group key K (G3) to the latest group key K (G4).
  • the communication device 2A Upon receiving the latest group key K (G4), the communication device 2A transmits a reception response to the key information control device 1 by unicast communication. Further, the key information control apparatus 1 may transmit the latest EPOCH value in addition to the group key K (Gn) by unicast communication with a retransmission function. In this case, the communication device 2A can update the group key K (G3) to the group key K (G4) and update the stored EPOCH value “2” to the latest EPOCH value “3”. As described above, according to the key information update system, even when the group key K (Gn) transmitted by multicast communication is lost due to communication failure, the communication method for transmitting the group key K (Gn) is automatically multicast communication. To unicast communication with resending function.
  • the key information update system switches the multicast communication method to the unicast communication with a retransmission function that requires a reception response and transmits the group key K (Gn), thereby more reliably updating the group key K (Gn).
  • the key management unit 15 greatly changes the value of the EPOCH value every time it is changed to a new group key.
  • the key information control apparatus 1 receives the group key transmitted by multicast communication when the EPOCH value transmitted from the communication device 2 is smaller than the EPOCH value changed by the key management unit 15 by the communication quality measuring unit 17. Can be detected.
  • the key information control device 1 can transmit the latest EPOCH value generated by the key management unit 15 in addition to the latest group key. As a result, the latest EPOCH value can be transmitted from the key information control apparatus 1 to the communication device 2 by unicast communication with a retransmission function.
  • the key information update system can easily start multicast communication using the group key immediately after transmitting the latest EPOCH value from the key information control device 1 to the communication device 2.
  • the key information update system performs authentication processing and key distribution processing P1, P2, and P3 between the key information control device 1 and the communication devices 2A, 2B, and 2C.
  • the key information control apparatus 1 and the communication devices 2A, 2B, and 2C perform the data communication process P4 using the latest group key K (G3).
  • the key information control apparatus 1 transmits the encrypted data encrypted with the new group key K (G4) by multicast communication.
  • the EPOCH value corresponding to this group key K (G4) is “3”.
  • this encrypted data is received by the communication devices 2A, 2B, 2C.
  • the communication devices 2B and 2C can successfully decrypt the encrypted data with the new group key K (G4) obtained by the key update process P5.
  • the communication device 2A attempts to decrypt it with the group key K (G3) stored in the key management table 24a, the decryption fails.
  • the communication device 2A refers to the EPOCH value in the information transmitted from the key information control device 1. Then, while the EPOCH value held by the communication device 2A is “2”, the EPOCH value of the information transmitted from the key information control apparatus 1 is “3”. As a result, the communication device 2A detects that the latest group key K (Gn) has not been received (communication quality detection means). In this case, the communication device 2A requests the key information control device 1 to transmit the latest group key K (Gn) by unicast communication with a retransmission function (unicast communication means). Note that a new group key request message is normally sent in plain text. This plaintext message is a configuration example of ⁇ MSG, EPOCH, D_2A ⁇ .
  • MSG is an identifier indicating a request
  • EPOCH is an EPOCH value received from the key information control apparatus 1 by the communication device 2A
  • D_2A is an identifier or ID that can identify the communication device 2A.
  • the communication device 2A adds the message authentication code (MAC) information to the key request message for requesting a new group key K (Gn) by using the encryption key KEK distributed in the authentication process and the key distribution process P3. May be.
  • the message authentication code information is information for proving that the communication device 2A is used.
  • the request with the message authentication code (MAC) added is, for example, a configuration example of ⁇ MSG, EPOCH, D_2A, MAC (KD_2A, MSG, D_2A, EPOCH) ⁇ .
  • the function MAC calculates KD_2A as key information, MSG, D_2A, and EPOCH as messages, and outputs a MAC value.
  • This MAC value includes the device unique key KD of the communication device 2A. For this reason, if the device unique key KD is different, the MAC values do not match even if the same MSG, D_2A and EPOCH are input. Therefore, the MAC value is information that proves the communication device 2A.
  • MSG is an identifier (including a character string) indicating a request.
  • EPOCH is an EPOCH value received from the key information control apparatus 1 by the communication device 2A.
  • D_2A is an identifier or node ID that can identify the communication device 2A.
  • the communication device 2A performs unicast communication with a retransmission function when requesting the group key K (Gn) by unicast communication. This unicast communication with a retransmission function repeats unicast communication until a reception response is received from the key information control apparatus 1.
  • the communication device 2A transmits the group key K to the key information control device 1 by the third unicast communication.
  • (Gn) key request message can be transmitted.
  • the key request message of the group key K (Gn) transmitted by the unicast communication is verified using the device unique key KD of the communication device 2A of the key information control device 1 when message authentication is added.
  • the message authentication code is not added, it is determined that the communication partner is not a valid communication device 2A.
  • the key information control apparatus 1 performs unicast communication so as to transmit the latest group key K (G4) to the communication device 2A. .
  • the key information control apparatus 1 may transmit the group key K (G4) by unicast communication with a retransmission function.
  • the communication device 2A receives the latest group key K (G4) from the key information control device 1 in response to the key request message of the group key K (Gn)
  • the communication device 2A can decrypt it using the key encryption key KEK. Accordingly, the communication device 2A can update the group key K (G3) to the latest group key K (G4).
  • the communication device 2A Upon receiving the latest group key K (G4), the communication device 2A transmits a reception response to the key information control device 1 by unicast communication. Further, the key information control apparatus 1 may transmit the latest EPOCH value in addition to the group key K (Gn) by unicast communication with a retransmission function. In this case, the communication device 2A can update the group key K (G3) to the group key K (G4) and update the stored EPOCH value “2” to the latest EPOCH value “3”. As described above, according to the key information update system, even when the group key K (Gn) transmitted by multicast communication is lost due to communication failure, the communication method for transmitting the group key K (Gn) is automatically multicast communication. To unicast communication with resending function.
  • the key information update system transmits the key request message of the group key K (Gn) by the unicast communication with a retransmission function that requires a reception response by the communication device 2, so that the latest group key is transmitted from the key information control device 1.
  • K (Gn) can be obtained. Therefore, according to the communication device 2, even when the latest group key K (Gn) is lost by multicast communication, the group key K (Gn) can be updated more reliably.
  • the communication device 2 performs multicast communication when the EPOCH value included in the information transmitted from the key information control device 1 or another communication device 2 is larger than the EPOCH value stored in the communication device 2 (self). It can be detected that the group key transmitted by is not received.
  • the communication device 2 can request a key update message when its own EPOCH value is small and its own group key K (Gn) is old. In this way, it is possible to refer to the EPOCH value, detect that the key update message by multicast communication has disappeared, and switch to unicast communication with a retransmission function to perform key update. As a result, the group key can be reliably updated without making an inquiry to the communication partner, and multicast communication using the group key can be performed without performing the authentication process and the key update process for the entire system again.
  • the communication device 2 detects that the group key K (Gn) has not been received in the key information update system described above will be described with reference to FIG.
  • the communication device 2 When receiving the key update message for distributing the latest group key K (G3), the communication device 2 activates the timer unit 28. When the communication device 2 has not received a key update message including the group key K (Gn) for a predetermined time t, it detects that the group key has not been received by multicast communication. In this case, the communication device 2A requests the key information control device 1 to transmit the latest group key K (Gn) by unicast communication with a retransmission function (unicast communication means). Note that a new group key request message is normally sent in plain text. This plaintext message is a configuration example of ⁇ MSG, EPOCH, D_2A ⁇ . MSG is an identifier indicating a request.
  • EPOCH is an EPOCH value received from the key information control apparatus 1 by the communication device 2A.
  • D_2A is an identifier or ID that can identify the communication device 2A.
  • the communication device 2A encrypts message authentication (MAC) information in a key request message for requesting a new group key K (Gn) by using the key encryption key KEK distributed in the authentication process and the key distribution process P3. May be added.
  • the message authentication code information is information for proving that the communication device 2A is used.
  • the request with the message authentication code (MAC) added is, for example, a configuration example of ⁇ MSG, EPOCH, D_2A, MAC (KD_2A, MSG, D_2A, EPOCH) ⁇ .
  • the function MAC calculates KD_2A as key information, MSG, D_2A, and EPOCH as messages, and outputs a MAC value.
  • This MAC value includes the device unique key KD of the communication device 2A. For this reason, if the device unique key KD is different, the MAC values do not match even if the same MSG, D_2A and EPOCH are input. Therefore, the MAC value is information that proves the communication device 2A.
  • MSG is an identifier (including a character string) indicating a request.
  • EPOCH is an EPOCH value received from the key information control apparatus 1 by the communication device 2A.
  • D_2A is an identifier or node ID that can identify the communication device 2A.
  • the key request message of the group key K (Gn) transmitted by the unicast communication is verified using the device unique key KD of the communication device 2A of the key information control device 1 when message authentication is added.
  • the message authentication code is not added, it is determined that the communication partner is not a valid communication device 2A.
  • the key information control apparatus 1 performs unicast communication so as to transmit the latest group key K (G4) to the communication device 2A.
  • the communication device 2A receives the latest group key K (G4) from the key information control device 1 in response to the key request message of the group key K (Gn), the communication device 2A can decrypt it using the key encryption key KEK.
  • the communication device 2A can update the group key K (G3) to the latest group key K (G4).
  • the communication device 2A Upon receiving the latest group key K (G4), the communication device 2A transmits a reception response to the key information control device 1 by unicast communication.
  • the interval at which the key information control device 1 transmits the group key by multicast communication is set as a predetermined period.
  • the communication device 2 when the communication device 2 has not received a group key for a predetermined period, it detects that the group key has not been received by multicast communication. According to this key information update system, the communication device 2 can easily detect a communication failure in the key update message.
  • FIG. 10 is a flowchart showing an operation procedure of the key information control apparatus 1. This operation is a process performed by the key information control apparatus 1 as a computer executing the key information control program 11b stored in the storage unit 11a as a recording medium.
  • the communication unit 12 receives a message transmitted from the outside.
  • the control unit 11 determines whether or not the message received in step S ⁇ b> 1 is a key request message transmitted from the communication device 2.
  • control unit 11 refers to the address information or the node ID and identifies the communication device 2 that is the message transmission source.
  • the control unit 11 refers to the encrypted data added to the nonce value to determine whether the received message is a key request message. If it is a key request message, the process proceeds to step S3, and if not, the process proceeds to step S5.
  • the communication unit 12 transmits the latest group key K (Gn) by unicast communication with a retransmission function.
  • the key management unit 15 reads the latest group key K (Gn) from the key management table 15a according to the control of the control unit 11.
  • the key management unit 15 reads the key encryption key KEK corresponding to the communication device 2 that is the transmission source of the key request message and causes the encryption processing unit 16 to encrypt the key encryption key KEK.
  • the communication unit 12 receives a reception response from the communication device 2 by unicast communication in response to the transmission of the group key K (Gn) in step S3.
  • the communication quality measuring unit 17 determines whether or not the EPOCH value (received EPOCH value) included in the message received in step S1 is older than the current EPOCH value. At this time, the communication quality measuring unit 17 compares the magnitude relationship between the EPOCH value currently stored in the key management table 15a and the received EPOCH value.
  • step S6 If the received EPOCH value is smaller than the EPOCH value stored in the key management table 15a, the received EPOCH value is old and the process proceeds to step S6. If both EPOCH values are the same, the process proceeds to step S9.
  • step S ⁇ b> 6 the control unit 11 records device information including the node ID and EPOCH value included in the message received in step S ⁇ b> 1 in the communication quality storage unit 18.
  • the communication unit 12 transmits a key update message for updating the group key K (Gn) by unicast communication.
  • the key management unit 15 reads the latest group key K (Gn) from the key management table 15a under the control of the control unit 11.
  • the encryption processing unit 16 encrypts the group key K (Gn) with the key encryption key KEK under the control of the control unit 11.
  • the communication unit 12 transmits a key update message including the encrypted group key K (Gn) and including the node ID of the message transmission source device.
  • the port number B for this unicast communication is desirably a value different from the port number A used for multicast communication.
  • the communication unit 12 receives a reception response to the key update message transmitted in step S7 by unicast communication.
  • the encryption processing unit 16 decrypts the message received in step S1 with the latest group key K (Gn).
  • the control unit 11 performs various processes according to the message decoded in step S9.
  • step S11 the control unit 11 determines whether or not the counter value included in the nonce value is equal to or greater than a threshold value.
  • This threshold value is a preset value, for example, a value such as 232-1 according to the allocated bit amount of the counter value. If the counter value is greater than or equal to the threshold value, the process proceeds to step S12. If not, the process ends.
  • step S12 the communication unit 12 transmits a key update message including the latest group key K (Gn) in order to update the group key K (Gn) of all the communication devices 2.
  • This key update message includes a value obtained by encrypting the latest group key K (Gn) derived by the key management unit 15 with the key encryption key KEK.
  • the communication unit 12 transmits the key update message by the multicast communication method.
  • the communication unit 12 may set the port number A used for multicast communication (multicast communication means) to a value different from the port number B used for unicast communication (unicast communication means).
  • the control unit 11 determines whether there is a communication device 2 in the guarantee mode among the communication devices 2. If there is a communication device 2 in the guarantee mode, the process proceeds to step S14, and if not, the process ends. This guarantee mode will be described later.
  • the communication unit 12 transmits a key update message to the communication device 2 by unicast communication with a retransmission function.
  • the communication unit 12 may use a port number B having a value different from the port number A used in multicast communication.
  • the key information control apparatus 1 can transmit the group key K (Gn) by unicast communication in response to the key request message from the communication device 2.
  • the key information control apparatus 1 can transmit the latest group key K (Gn) to the communication device 2 by unicast communication with a retransmission function.
  • the key information control apparatus 1 can update the group keys K (Gn) of all the communication devices 2 by multicast communication when the counter value is equal to or greater than the threshold value.
  • FIG. 11 is a flowchart showing an operation procedure of the communication device 2.
  • This operation is a process performed by the communication device 2 as a computer executing the key information update program 21b stored in the control unit 21.
  • the communication unit 22 receives a message transmitted from the outside.
  • the control unit 21 determines whether or not the message received in step S21 is a key update message transmitted from the key information control device 1 by multicast communication.
  • the control unit 21 refers to the address information or the node ID to identify whether the message transmission source is the key information control apparatus 1.
  • the control unit 21 refers to the encrypted data added to the nonce value to determine whether or not the received message is a key update message. If it is a key update message, the process proceeds to step S23; otherwise, the process proceeds to step S24.
  • step S23 the control unit 21 uses the encryption processing unit 25 to decrypt the key update message received in step S21.
  • the encryption processing unit 25 decrypts the key update message using the key encryption key KEK stored in the key management table 24a to obtain the latest group key K (Gn).
  • the key management unit 24 updates the latest group key K (Gn) stored in the key management table 24a to the group key K (Gn) extracted from the key update message.
  • the communication quality measuring unit 26 determines whether or not the EPOCH value (received EPOCH value) included in the message received in step S21 is newer than the current EPOCH value.
  • the communication quality measuring unit 26 compares the magnitude relationship between the EPOCH value currently stored in the key management table 24a and the received EPOCH value. If the received EPOCH value is larger than the EPOCH value stored in the key management table 24a, the process proceeds to step S25 because the received EPOCH value is new. If both EPOCH values are the same, the process proceeds to step S29. In step S25, the control unit 21 temporarily stores the message received in step S21. In the next step S26, the communication unit 22 transmits a key request message requesting the latest group key K (Gn). At this time, the communication unit 22 transmits a key request message to which message authentication using the device unique key KD is added by unicast communication.
  • the communication unit 22 receives the key update message transmitted from the key information control apparatus 1 by unicast communication in response to the key request message transmitted in step S26.
  • the port number B of the key update message may be different from the port number A used for multicast communication.
  • the communication unit 22 performs reception using the port number B corresponding to unicast communication.
  • the control unit 21 uses the encryption processing unit 25 to decrypt the key update message received in step S27.
  • the encryption processing unit 25 decrypts the key update message using the key encryption key KEK stored in the key management table 24a to obtain the latest group key K (Gn).
  • the key management unit 24 updates the latest group key K (Gn) stored in the key management table 24a to the group key K (Gn) extracted from the key update message.
  • the encryption processing unit 16 decrypts the message temporarily stored in step S25 using the latest group key K (Gn) updated in step S28.
  • the communication unit 22 performs various multicast communication processes according to the message received in step S21. As described above, the communication device 2 can update the group key K (Gn) when the key update message is transmitted from the key information control device 1 by multicast communication.
  • the communication device 2 transmits a key request message by unicast communication, receives the latest group key K (Gn) by unicast communication, and obtains the group key K (Gn). Can be updated. Furthermore, even if the communication device 2 does not hold the latest group key K (Gn), the communication device 2 can temporarily store the message and acquire and decrypt the latest group key K (Gn). Furthermore, in the key information update system described above, the key information control device 1 and the communication device 2 assign different values for the port number used for multicast communication and the port number used for unicast communication. This eliminates the need to describe a key obtained by encrypting the message in the message transmitted from the key information control device 1 and the communication device 2.
  • FIG. 12 shows a sequence diagram of encrypted data communication using the group key K (G1) by the communication device 2A.
  • the communication device 2A starts communication, it is assumed that the authentication processing and the initial group key K (G1) can be shared between the key information control device 1 and all the communication devices 2.
  • the communication device 2A repeats the multicast communication until the counter value reaches the maximum value.
  • the key information control device 1 determines a communication failure for each communication device 2 using a counter value.
  • the key information control device 1 transmits a key update message by multicast communication at the update timing of the group key K (Gn).
  • a key update message is distributed.
  • the EPOCH value of each key update message increases to 1, 2, 3, and 4 each time K (G2), K (G3), K (G4), and K (G5) are updated.
  • the key update message with EPOCH values 0, 1, and 4 is received by the communication device 2A.
  • the communication device 2A performs multicast communication using the group keys K (G1), K (G2), and the group key K (G5) corresponding to the EPOCH values 0, 1, and 4, thereby performing the key information control apparatus 1. Can communicate with.
  • the key update messages with EPOCH values 2 and 3 are lost before reaching the communication device 2A. Accordingly, the communication device 2A cannot perform multicast communication using the group keys K (G3) and K (G4) corresponding to the EPOCH values 2 and 3.
  • the key information control apparatus 1 determines a communication failure using the EPOCH value for each communication device 2.
  • the key information control device 1 determines a communication failure for each communication device 2 using the counter value or the EPOCH value.
  • the key information control apparatus 1 determines communication failure of the communication device 2A in the communication sequence as shown in FIG. In this case, as shown in FIG. 13, the key information control apparatus 1 sends a group key K (Gn) to the communication device 2A by unicast communication each time the group key K (Gn) is transmitted to the communication device 2A by multicast communication. ).
  • the operation of the key information control apparatus 1 in such a key information update system is shown in FIG.
  • the control unit 11 controls the timer unit 19 to set a predetermined time t as a timer value for communication failure determination.
  • the timer unit 19 performs a timer process for starting and measuring time.
  • step S43 the control unit 11 determines whether the timer value measured by the timer unit 19 has reached a predetermined time t and has expired. If the timer value has expired, the process proceeds to step S44; otherwise, the timer process in step S42 is continued.
  • the key information control device 1 At a predetermined time t during which the timer process is continued, the key information control device 1 accumulates the counter value in the message transmitted from the communication device 2 by the communication quality storage unit 18. Alternatively, the key information control device 1 stores the EPOCH value included in the message transmitted from the communication device 2.
  • step S ⁇ b> 44 the communication quality measuring unit 17 aggregates the number of unreceived times at the predetermined time t for each communication device 2.
  • the communication quality measuring unit 17 as a non-reception detecting unit refers to the counter value in the message for each communication device 2 stored in the communication quality storage unit 18.
  • the communication quality measuring unit 17 detects missing in the counter value.
  • the communication quality measuring unit 17 measures the number of unreceived messages transmitted from the communication device 2 at the predetermined time t for each communication device 2.
  • the communication quality measuring unit 17 as a communication quality detecting unit refers to the EPOCH value in the message for each communication device 2 stored in the communication quality storage unit 18.
  • the communication quality measuring unit 17 detects a gap in the EPOCH value.
  • the communication quality measuring unit 17 measures the number of times the group key K (Gn) has not been received by the communication device 2 at the predetermined time t for each communication device 2.
  • the control unit 11 determines whether or not there is a communication device 2 for which the number of unreceived times counted in step S44 is greater than a predetermined threshold. If there is a communication device 2 whose number of unreceptions is greater than the threshold, the process proceeds to step S46, and if not, the process proceeds to step S47.
  • step S46 the control unit 11 sets the communication device 2 corresponding to the fact that the number of unreceived times is larger than the threshold value in the guarantee mode. In this guarantee mode, as shown in FIG.
  • step S47 the control unit 11 sets the communication device 2 that does not fall under the condition that the number of unreceived times is larger than the threshold value to the normal mode.
  • This normal mode is an operation mode in which only multicast communication is performed as described above.
  • the communication quality storage unit 18 accumulates the counter value received for a predetermined time t [minute] for each communication device 2. In the case of the communication sequence shown in FIG. 12, the communication quality storage unit 18 stores 0, 3, 4, and 6 as counter values corresponding to the communication device 2A.
  • the communication quality measuring unit 17 refers to the counter value accumulated in the communication quality storage unit 18 and detects a message that has not reached the key information control device 1.
  • the communication quality measuring unit 17 detects that the messages of the counter values 1, 2, and 5 have been transmitted to the communication device 2A but have not reached (not received) the key information control device 1. .
  • the control unit 11 determines that 3 times out of 7 times is the number of unreceived times during the predetermined time t.
  • the control unit 11 compares the number of unreceived messages with a preset threshold (for example, twice).
  • the control unit 11 Since the number of unreceived messages exceeds the threshold, the control unit 11 sets the operation mode of the communication device 2A to the guaranteed mode. Thereby, as shown in FIG. 13, the control part 11 transmits a message by the multicast communication with respect to 2 A of communication apparatuses, and also transmits a message by the unicast communication with resending. Similarly, the key information control apparatus 1 stores the EPOCH value received at the predetermined time t [minutes] for each communication device 2 by the communication quality storage unit 18. In the case of the communication sequence shown in FIG. 12, the communication quality storage unit 18 stores 0, 1, and 4 as EPOCH values corresponding to the communication device 2A.
  • the communication quality measuring unit 17 refers to the EPOCH value stored in the communication quality storage unit 18 and detects a key update message that has not reached the communication device 2A.
  • the communication quality measuring unit 17 detects that the key update message having the EPOCH values of 2 and 3 has not reached (not received) the communication device 2A.
  • the control unit 11 determines that 2 out of 4 times is the number of unreceived times during the predetermined time t.
  • the control unit 11 compares the number of unreceived messages with a preset threshold (for example, twice). Since the number of unreceived messages exceeds the threshold, the control unit 11 sets the operation mode of the communication device 2A to the guaranteed mode.
  • the control part 11 transmits a message by the multicast communication with respect to 2 A of communication apparatuses, and also transmits a message by the unicast communication with resending.
  • the operation mode for the communication device 2 determined to have a communication failure is set to the guarantee mode.
  • the key information control apparatus 1 can transmit a message to the communication apparatus 2 by unicast communication with retransmission in addition to multicast communication.
  • the key information update system can reliably receive the key update message transmitted by multicast communication to the communication device 2 in the unstable communication path.
  • the key information control apparatus 1 when the key information control device 1 detects an unstable communication path, the key information control apparatus 1 notifies the communication device 2 or other communication device 2 in the unstable communication path.
  • Communication means For example, as shown in FIG. 15, it is assumed that a communication failure occurs in the communication device 2A after the group key K (G3) is distributed to all the communication devices 2 and the data communication process P4 is performed.
  • the key information control apparatus 1 transmits a key request message by multicast communication, and further transmits a key request message by unicast communication. In this case, the key information control apparatus 1 notifies an unstable communication path under the control of the control unit 11.
  • the control unit 11 notifies the communication devices 2A and 2C that communicate with the communication device 2A and the communication device 2A in the unstable communication path. At this time, the control unit 11 performs notification based on the information of the communication device 2 whose authentication is permitted by the authentication process and the key distribution processes P1, P2, and P3. According to such a key information control device 1, by notifying the communication device 2 on the unstable communication path, the communication device 2 on the unstable communication path can be notified by the communication device 2 on the unstable communication path in addition to the multicast communication. You can change the setting to send a message by cast communication.
  • the key information control device 1 when any communication device 2 communicates with the communication device 2 in an unstable communication path, a message is transmitted by unicast communication with a retransmission function in addition to multicast communication. You can change the setting to Thereby, according to this key information update system, a message can be reliably received by a communication partner. Furthermore, in the key information update system described above, the key information control apparatus 1 sets the interval at which the group key K (Gn) is transmitted by multicast communication as a predetermined period. On the other hand, when the communication device 2 has not received the group key K (Gn) for a predetermined period of time, it detects that the group key K (Gn) has not been received by multicast communication.
  • the key information control apparatus 1 operates according to a processing procedure as shown in FIG. First, in step S51, the key information control apparatus 1 performs timer setting for updating the group key K (Gn) by the timer unit 19. At this time, the control unit 11 sets a predetermined period for transmitting the key request message. In the next step S52, the timer unit 19 measures the predetermined period set in step S51. In the next step S53, the control unit 11 determines whether or not the timer value measured by the timer unit 19 has reached a predetermined time and has expired. If the timer value has expired, the process proceeds to step S54; otherwise, the timer process in step S52 is continued.
  • step S54 the communication unit 12 transmits a key update message for the latest group key K (Gn) derived by the encryption processing unit 16 by multicast communication according to the control of the control unit 11.
  • the key update message is transmitted from the key information control apparatus 1 every predetermined period.
  • the communication device 2 can measure a predetermined period by the timer unit 28 and detect a communication failure when the key update message is not received after the predetermined period.
  • the communication device 2 can transmit a key request message to the key information control device 1 when a communication failure is detected.
  • the timer unit 19 and the timer unit 28 measure the predetermined period.
  • the present invention is not limited to this, and a time for periodically transmitting the key update message may be set.
  • the key information update system since the key update message is periodically transmitted using a timer or time, a communication failure can be easily detected by the communication device 2.
  • the key request message can be transmitted immediately after the communication device 2 detects a communication failure. Therefore, according to this key information update system, it is possible to shorten the period for the communication device 2 with poor communication to resume communication using the new group key K (Gn).
  • the key information update system described above may distribute the recovery key to the key information control apparatus 1 and all the communication devices 2 in addition to the key encryption key KEK in the authentication process and the key distribution process. This recovery key is used to temporarily perform communication when the communication device 2 has a communication failure.
  • the key information control device 1 differs from the group key K (Gn) in that the key information control device 1 and a plurality of communication devices 2 are connected.
  • the recover key may be a recover key by generating a group key K (G0) or a group key K (G (maximum value of n)).
  • the group key is used from the group key K (G1).
  • the group key may be used from the group key K (G0).
  • the key information control device 1 distributes a recovery key after performing an authentication process between the key information control device 1 and the communication device 2. Thereafter, the key information update system transmits a new group key K (Gn) from the key information control device 1 to the communication device 2 by multicast communication. Thereby, the key information update system updates the group key K (Gn) of the communication device 2 to the group key K (Gn) transmitted from the key information control apparatus 1. Thereby, the key information update system sets the group key K (Gn) for the key information control device 1 and all the communication devices 2. At this time, a recovery key may be set. The key information control device 1 performs encrypted communication with the communication device 2 using the recovery key. For example, as shown in FIG.
  • a key update message for updating the latest group key K (Gn) to the group key K (G4) is transmitted.
  • the key information control apparatus 1 can detect that the updated group key K (G4) has not been received with reference to the EPOCH value transmitted from the communication devices 2A and 2B.
  • the key information control apparatus 1 transmits the group key K (G4) encrypted using the recovery key.
  • the key information control apparatus 1 transmits a key update message encrypted with one recovery key to both the communication devices 2A and 2B by unicast communication with a retransmission function.
  • a key update message is transmitted to a plurality of communication devices 2 by unicast communication with a retransmission function using a single recovery key. Can be sent.
  • the new group key K (Gn) can be easily distributed again only to the specific communication device 2. That is, it is not necessary to update the group key K (Gn) of all the communication devices 2, and it can be updated to a new group key K (Gn) with minimal communication.
  • the communication device 2 performs encrypted communication with the key information control device 1 and the other communication device 2 using the recovery key. For example, as illustrated in FIG.
  • the communication device 2 ⁇ / b> A cannot receive the multicast communication key update message (K (G4)) transmitted from the key information control apparatus 1.
  • K (G4) multicast communication key update message
  • the communication device 2A urgently needs to transmit a message to the other communication device 2 and the key information control device 1.
  • the communication device 2A cannot obtain a reception response even if it transmits a message encrypted with the old group key K (G3) by multicast communication. Therefore, the communication device 2A encrypts the message using the recovery key, and performs unicast communication with a retransmission function to the other communication devices 2 and the key information control device 1.
  • the communication device 2A can transmit the message to the other communication device 2 and the key information control device 1 by encrypting it with the recovery key even when the highly urgent message cannot be transmitted by multicast communication.
  • the above-described embodiment is an example of the present invention.
  • the present invention is not limited to the above-described embodiment, and various modifications can be made depending on the design and the like as long as the technical idea according to the present invention is not deviated from this embodiment. Of course, it is possible to change.

Abstract

Provided are a key information control device, etc., with which communication is possible even if a group key update has failed. Group keys (K(Gn)) that are used in a network including a key information control device (1) and a plurality of communication devices (2A, 2B, 2C) are updated. New group keys (K(G1), K(G2), K(G3)) are transmitted from the key information control device (1) by multicast communication, and the group keys of the communication devices (2A, 2B, 2C) are updated to the group keys (K(Gn)) transmitted from the key information control device (1). The EPOCH value, which is a value in the information transmitted from the communication devices (2A, 2B, 2C) that is updated each time the group key is updated, is checked, and if a communication device (2A) that has not received the updated group key (K(G3)) is detected, a key update message is transmitted to the communication device (2A) by unicast communication that has a retransmission function.

Description

鍵情報制御装置、鍵情報更新装置、プログラム及び記録媒体、鍵情報更新方法、鍵情報更新システムKEY INFORMATION CONTROL DEVICE, KEY INFORMATION UPDATE DEVICE, PROGRAM AND RECORDING MEDIUM, KEY INFORMATION UPDATE METHOD, KEY INFORMATION UPDATE SYSTEM
 本発明は、複数の機器で使用されるグループ鍵を更新する鍵情報制御装置、鍵情報更新装置、プログラム、記録媒体、鍵情報更新方法、鍵情報更新システムに関する。 The present invention relates to a key information control device, a key information update device, a program, a recording medium, a key information update method, and a key information update system that update a group key used in a plurality of devices.
 従来より、マルチキャスト通信用のグループ鍵を交換する技術が知られている(例えば、Multicast Extensions to the Security Architecture for the In ternet Protocol(RFC5374)およびThe Multicast Group Security Architecture(RFC3740)参照)。
 この鍵交換技術は、先ず、通信機器の固有鍵を用いて鍵暗号化鍵を制御装置と通信機器とで共有する。その後、制御装置は、マルチキャスト通信を用いてグループ鍵の更新をする。このとき、制御装置は、鍵暗号化鍵を用いてグループ鍵を暗号化する。
 このグループ鍵は、暗号メッセージにおけるノンス空間に含まれるEPOCH値という鍵識別子によって管理される。このグループ鍵は、所定の条件(暗号通信回数、時間)となると鍵更新が行われる。
 しかしながら、制御装置から複数の通信機器に通信メッセージをマルチキャスト通信しても、全ての通信機器に通信メッセージが送信されない場合がある。
 例えば、通信機器が無線機器である場合にはノイズによって無線通信状態が悪化して通信メッセージが送信されない。また、複数の通信機器のうち何れかの通信機器がスリープ状態である場合には通信メッセージが通信路上で消失してしまう。この場合、さらに他の通信機器にも通信メッセージが送信できない恐れがある。 2. Description of the Related Art Conventionally, techniques for exchanging group keys for multicast communication are known (for example, Multicast Extensions to the Security Architecture for the Internet Protocol (RFC5374) and The Multicast Group SecureCRF 40).
In this key exchange technique, first, a key encryption key is shared between a control device and a communication device using a unique key of the communication device. Thereafter, the control device updates the group key using multicast communication. At this time, the control device encrypts the group key using the key encryption key.
This group key is managed by a key identifier called an EPOCH value included in the nonce space in the encrypted message. The group key is updated when a predetermined condition (number of times of encrypted communication, time) is reached.
However, even if a communication message is multicast from the control device to a plurality of communication devices, the communication message may not be transmitted to all the communication devices.
For example, when the communication device is a wireless device, the wireless communication state deteriorates due to noise, and the communication message is not transmitted. Further, when any one of the plurality of communication devices is in the sleep state, the communication message is lost on the communication path. In this case, there is a possibility that the communication message cannot be transmitted to other communication devices.
 そこで、本発明は、上述した実情に鑑みて提案されたものである。本発明の目的は、グループ鍵の更新に失敗した場合であっても通信を行うことができる鍵情報制御装置、鍵情報更新装置、プログラム及び記録媒体、鍵情報更新方法、鍵情報更新システムを提供するものである。
課題を解決するための手段
 本発明の第1の態様に係る鍵情報制御装置は、複数の通信機器を含むネットワークにおいて使用されるグループ鍵を制御する鍵情報制御装置であって、前記グループ鍵が更新される度に鍵識別子を変更し、前記鍵識別子及び新たなグループ鍵を生成する鍵管理手段と、前記鍵管理手段により生成された前記鍵識別子及び前記グループ鍵をマルチキャスト通信によって送信するマルチキャスト通信手段と、前記通信機器から送信された情報のうち前記鍵識別子を参照して、前記グループ鍵を受信していない前記通信機器を検出する通信品質検出手段と、前記通信品質検出手段により前記グループ鍵を受信していない前記通信機器が検出された場合に、当該通信機器に、再送機能付きユニキャスト通信によって前記グループ鍵を送信するユニキャスト通信手段とを備える。
 本発明の第2の態様に係る鍵情報制御装置は、第1の態様の鍵情報制御装置であって、前記鍵管理手段は、新たなグループ鍵に変更する度に前記鍵識別子の値を大きく変更し、前記通信品質検出手段は、前記通信機器から送信された情報に含まれる鍵識別子が、前記鍵管理手段により変更された鍵識別子よりも小さい場合に、前記マルチキャスト通信によって送信したグループ鍵を受信していないことを検出することを特徴とする。
 本発明の第3の態様に係る鍵情報制御装置は、第1又は第2の態様の鍵情報制御装置であって、前記マルチキャスト通信手段によって使用するポート番号と、前記ユニキャスト通信手段によって使用するポート番号とで異なる値を割り当てることを特徴とする。
 本発明の第4の態様に係る鍵情報制御装置は、第1乃至第3の何れかの態様の鍵情報制御装置であって、前記ユニキャスト通信手段は、前記グループ鍵に加えて、前記鍵管理手段が生成した最新の鍵識別子を送信することを特徴とする。
 本発明の第5の態様に係る鍵情報制御装置は、第1乃至第4の何れかの態様の鍵情報制御装置であって、前記通信品質検出手段は、前記通信機器ごとに、所定期間における前記通信機器から送信されたメッセージの未受信回数又は所定期間における前記通信機器による前記グループ鍵の未受信回数をカウントし、前記ユニキャスト通信手段は、前記通信品質検出手段によりカウントした未受信回数が所定の閾値を超えた場合に、当該未受信回数の通信機器に対し、前記マルチキャスト通信によって前記グループ鍵を送信する度にユニキャスト通信によって前記グループ鍵を送信することを特徴とする。
 本発明の第6の態様に係る鍵情報制御装置は、第1乃至第5の何れかの態様の鍵情報制御装置であって、前記通信品質検出手段によりグループ鍵を受信していない前記通信機器が検出された場合に、当該通信機器又は他の通信機器に通知を行う通知手段を有することを特徴とする。
 本発明の第7の態様に係る鍵情報制御プログラムは、複数の通信機器を含むネットワークにおいて使用されるグループ鍵を制御する鍵情報制御プログラムであって、コンピュータを、前記グループ鍵が更新される度に鍵識別子を変更し、前記鍵識別子及び新たなグループ鍵を生成する鍵管理手段、前記鍵管理手段により生成された前記鍵識別子及び前記グループ鍵をマルチキャスト通信によって送信するマルチキャスト通信手段、前記通信機器から送信された情報のうち前記鍵識別子を参照して、前記グループ鍵を受信していない前記通信機器を検出する通信品質検出手段、前記通信品質検出手段により前記グループ鍵を受信していない前記通信機器が検出された場合に、当該通信機器に、再送機能付きユニキャスト通信によって前記グループ鍵を送信するユニキャスト通信手段、として機能させる。
 本発明の第8の態様に係る鍵情報制御プログラムを記録したコンピュータ読み取り可能な記録媒体は、複数の通信機器を含むネットワークにおいて使用されるグループ鍵を制御する鍵情報制御プログラムを記録したコンピュータ読み取り可能な記録媒体であって、前記コンピュータを、前記グループ鍵が更新される度に鍵識別子を変更し、前記鍵識別子及び新たなグループ鍵を生成する鍵管理手段、前記鍵管理手段により生成された前記鍵識別子及び前記グループ鍵をマルチキャスト通信によって送信するマルチキャスト通信手段、前記通信機器から送信された情報のうち前記鍵識別子を参照して、前記グループ鍵を受信していない前記通信機器を検出する通信品質検出手段、前記通信品質検出手段により前記グループ鍵を受信していない前記通信機器が検出された場合に、当該通信機器に、再送機能付きユニキャスト通信によって前記グループ鍵を送信するユニキャスト通信手段、として機能させる。
 本発明の第9の態様に係る鍵情報更新装置は、鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新装置であって、前記グループ鍵を、前記鍵情報制御装置からマルチキャスト通信によって受信されたグループ鍵に更新する鍵管理手段と、前記鍵管理手段により更新されたグループ鍵を用いてデータを暗号化又は復号化する暗号処理手段と、他の通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、グループ鍵が更新されているかいないかを検出する通信品質検出手段と、前記通信品質検出手段により前記グループ鍵が更新されていないことが検出された場合に、再送機能付きユニキャスト通信によってグループ鍵を要求するユニキャスト通信手段とを備える。
 本発明の第10の態様に係る鍵情報更新装置は、第9の態様に係る鍵情報更新装置であって、前記通信品質検出手段は、前記鍵情報制御装置又は前記他の通信機器から送信された情報に含まれる鍵識別子が、自己に記憶された鍵識別子よりも大きい場合に、前記マルチキャスト通信によって送信したグループ鍵を受信していないことを検出することを特徴とする。
 本発明の第11の態様に係る鍵情報更新プログラムは、鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新プログラムであって、コンピュータを、前記グループ鍵を、前記情報制御装置からマルチキャスト通信によって受信されたグループ鍵に更新する鍵管理手段、前記鍵管理手段により更新されたグループ鍵を用いてデータを暗号化又は復号化する暗号処理手段、他の通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、グループ鍵が更新されているか否かを検出する通信品質検出手段、前記通信品質検出手段により前記グループ鍵が更新されていないことが検出された場合に、再送機能付きユニキャスト通信によってグループ鍵を要求するユニキャスト通信手段として機能させる。
 本発明の第12の態様に係る鍵情報更新プログラムを記録したコンピュータ読み取り可能な記録媒体は、鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新プログラムを記録したコンピュータ読み取り可能な記録媒体であって、前記コンピュータを、前記グループ鍵を、前記鍵情報制御装置からマルチキャスト通信によって受信されたグループ鍵に更新する鍵管理手段、前記鍵管理手段により更新されたグループ鍵を用いてデータを暗号化又は復号化する暗号処理手段、他の通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、グループ鍵が更新されているか否かを検出する通信品質検出手段、前記通信品質検出手段により前記グループ鍵が更新されていないことが検出された場合に、再送機能付きユニキャスト通信によってグループ鍵を要求するユニキャスト通信手段として機能させる。
 本発明の第13の態様に係る鍵情報更新方法は、鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新方法であって、前記鍵情報制御装置からマルチキャスト通信によって新たなグループ鍵を送信するステップと、前記鍵情報制御装置から送信されたグループ鍵に、前記通信機器のグループ鍵を更新するステップと、前記通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、グループ鍵が更新されているか否かを検出するステップと、前記グループ鍵が更新されていない前記通信機器が検出された場合に、再送機能付きユニキャスト通信を行ってグループ鍵を前記通信機器によって取得するステップとを含む。
 本発明の第14の態様に係る鍵情報更新システムは、鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新システムであって、前記通信機器のグループ鍵を、前記鍵情報制御装置から送信されたグループ鍵に更新する鍵管理手段と、前記鍵管理手段により更新されたグループ鍵を用いてデータを暗号化又は復号化する暗号処理手段と、前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、前記通信機器が前記グループ鍵が更新されているか否かを検出する通信品質検出手段と、前記通信品質検出手段により前記グループ鍵が更新されていないことが検出された場合に、前記鍵情報制御装置によってグループ鍵を送信する通信方式をマルチキャスト通信から再送機能付きユニキャスト通信に切り替え、再送機能付きユニキャスト通信によって前記通信機器にグループ鍵を送信する通信手段とを備える。
 本発明の第15の態様に係る鍵情報更新システムは、第14の態様に係る鍵情報更新システムであって、前記鍵情報制御装置は、前記グループ鍵をマルチキャスト通信によって送信する間隔を所定期間とし、前記通信機器は、前記所定期間を超えて前記グループ鍵を受信していない場合に、前記マルチキャスト通信によってグループ鍵を受信できていないことを検出することを特徴とする。
 本発明の第16の態様に係る鍵情報更新方法は、鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を更新する鍵情報更新方法であって、前記鍵情報制御装置により前記グループ鍵とは異なり、前記鍵情報制御装置と前記複数の通信機器とを含むネットワークにおいて使用されるリカバリー鍵を生成するステップと、前記鍵情報制御装置により前記鍵情報制御装置と前記通信機器との間で認証処理を行った後に、前記リカバリー鍵を配布するステップと、前記鍵情報制御装置からマルチキャスト通信によって新たなグループ鍵を送信するステップと、前記鍵情報制御装置から送信されたグループ鍵に、前記通信機器のグループ鍵を更新するステップとを含む。
 本発明の第17の態様に係る鍵情報更新方法は、第16の態様に係る鍵情報更新方法であって、前記鍵情報制御装置により、前記鍵情報制御装置が、前記通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を参照して、グループ鍵を更新していない通信機器ことを検出するステップと、前記鍵情報制御装置が、前記グループ鍵を更新していない通信機器が検出された場合に、前記リカバリー鍵を用いて暗号化したグループ鍵を送信するステップとを含むことを特徴とする。
 本発明の第18の態様に係る鍵情報更新方法は、第16の態様に係る鍵情報更新方法であって、前記鍵情報制御装置により、前記通信機器が、前記グループ鍵によってメッセージが送信できない場合に、前記リカバリー鍵を用いて暗号化したメッセージを送信するステップを含むことを特徴とする。
発明の効果
 本発明によれば、グループ鍵の更新に失敗した場合であっても通信を行うことができる。 Therefore, the present invention has been proposed in view of the above-described circumstances. An object of the present invention is to provide a key information control device, a key information update device, a program and a recording medium, a key information update method, and a key information update system capable of performing communication even when group key update fails. To do.
Means for Solving the Problem A key information control apparatus according to a first aspect of the present invention is a key information control apparatus for controlling a group key used in a network including a plurality of communication devices, wherein the group key is Key management means for changing the key identifier each time it is updated and generating the key identifier and a new group key, and multicast communication for transmitting the key identifier and the group key generated by the key management means by multicast communication Means for detecting the communication device that has not received the group key with reference to the key identifier in the information transmitted from the communication device, and the group key by the communication quality detection unit. When the communication device that has not received the message is detected, the communication device is connected to the communication device by unicast communication with a retransmission function. And a unicast communication means for transmitting the up key.
A key information control device according to a second aspect of the present invention is the key information control device according to the first aspect, wherein the key management means increases the value of the key identifier each time the key is changed to a new group key. And the communication quality detecting means changes the group key transmitted by the multicast communication when the key identifier included in the information transmitted from the communication device is smaller than the key identifier changed by the key managing means. It is characterized by detecting that it has not been received.
A key information control device according to a third aspect of the present invention is the key information control device according to the first or second aspect, wherein the port number used by the multicast communication means and the unicast communication means are used. A different value is assigned depending on the port number.
A key information control apparatus according to a fourth aspect of the present invention is the key information control apparatus according to any one of the first to third aspects, wherein the unicast communication means includes the key in addition to the group key. The latest key identifier generated by the management means is transmitted.
A key information control apparatus according to a fifth aspect of the present invention is the key information control apparatus according to any one of the first to fourth aspects, wherein the communication quality detection means is provided for a predetermined period for each of the communication devices. The number of unreceived messages transmitted from the communication device or the number of unreceived group keys by the communication device in a predetermined period is counted, and the unicast communication means has the number of unreceived counts counted by the communication quality detecting means. When the predetermined threshold is exceeded, the group key is transmitted by unicast communication each time the group key is transmitted by multicast communication to the unreceived communication device.
A key information control apparatus according to a sixth aspect of the present invention is the key information control apparatus according to any one of the first to fifth aspects, wherein the communication device does not receive a group key by the communication quality detection means. And a notification means for notifying the communication device or another communication device when the message is detected.
A key information control program according to a seventh aspect of the present invention is a key information control program for controlling a group key used in a network including a plurality of communication devices, and each time the group key is updated. Key management means for changing the key identifier to generate the key identifier and a new group key, multicast communication means for transmitting the key identifier and the group key generated by the key management means by multicast communication, and the communication device Communication quality detection means for detecting the communication device that has not received the group key with reference to the key identifier in the information transmitted from the communication, and the communication that has not received the group key by the communication quality detection means When a device is detected, the group is transmitted to the communication device by unicast communication with a retransmission function. Unicast communication means for transmitting the key, to function as a.
A computer-readable recording medium recording a key information control program according to the eighth aspect of the present invention is a computer-readable recording medium storing a key information control program for controlling a group key used in a network including a plurality of communication devices. A key management unit that changes a key identifier each time the group key is updated and generates the key identifier and a new group key, and the computer generated by the key management unit. Multicast communication means for transmitting the key identifier and the group key by multicast communication, communication quality for detecting the communication device that has not received the group key by referring to the key identifier among the information transmitted from the communication device Before detecting the group key by the detecting means and the communication quality detecting means If the communication device is detected, to the communication device, the unicast communication means for transmitting the group key by unicast communication with the retransmission function, to function as a.
A key information updating apparatus according to a ninth aspect of the present invention is a key information updating apparatus that has a group key used in a network including a key information control apparatus and a plurality of communication devices, and updates the group key. Key management means for updating the group key to a group key received by multicast communication from the key information control apparatus, and encryption processing for encrypting or decrypting data using the group key updated by the key management means And whether the group key has been updated by comparing the key identifier that is changed each time the group key is updated with the key identifier that the user owns in the information transmitted from the other communication device Unicast communication with a retransmission function when it is detected by the communication quality detection means that the group key is not updated by the communication quality detection means Therefore and a unicast communication means for requesting group key.
A key information update device according to a tenth aspect of the present invention is the key information update device according to the ninth aspect, wherein the communication quality detection means is transmitted from the key information control device or the other communication device. When the key identifier included in the received information is larger than the key identifier stored in itself, it is detected that the group key transmitted by the multicast communication is not received.
A key information update program according to an eleventh aspect of the present invention is a key information update program that has a group key used in a network including a key information control device and a plurality of communication devices, and updates the group key. A key management means for updating the group key to a group key received by multicast communication from the information control apparatus; a cipher for encrypting or decrypting data using the group key updated by the key management means; Whether the group key is updated by comparing the key identifier that is changed each time the group key is updated among the information transmitted from the processing means and other communication devices with the key identifier that the user has. A communication quality detection means for detecting the group key, and when the communication quality detection means detects that the group key has not been updated, a retransmission function is provided. To function as a unicast communication means for requesting the group key by unicast communication.
A computer-readable recording medium recording a key information update program according to a twelfth aspect of the present invention has a group key used in a network including a key information control device and a plurality of communication devices, and updates the group key. A computer-readable recording medium recording a key information update program to be performed, wherein the computer updates the group key to a group key received by multicast communication from the key information control device, the key Cryptographic processing means for encrypting or decrypting data using the group key updated by the management means, and a key identifier that is changed each time the group key is updated among information transmitted from other communication devices. Communication quality detection means for detecting whether or not a group key has been updated in comparison with a key identifier possessed by Wherein when the group key has been detected that they are not updated by the communication quality detector, to function as a unicast communication means for requesting the group key by retransmission function unicast communication.
A key information updating method according to a thirteenth aspect of the present invention includes a group key used in a network including a key information control device and a plurality of communication devices, and updates the key. Transmitting a new group key by multicast communication from the key information control device, updating a group key of the communication device to a group key transmitted from the key information control device, and transmitting from the communication device. Comparing the key identifier that is changed each time the group key is updated with a key identifier that the user has, and detecting whether the group key has been updated; When the communication device that has not been updated is detected, unicast communication with a retransmission function is performed and a group key is acquired by the communication device. And a flop.
A key information update system according to a fourteenth aspect of the present invention is a key information update system that has a group key used in a network including a key information control device and a plurality of communication devices, and updates the group key. Key management means for updating the group key of the communication device to a group key transmitted from the key information control apparatus, and encryption processing for encrypting or decrypting data using the group key updated by the key management means Means for detecting communication quality, wherein the communication device detects whether the group key has been updated by comparing a key identifier that is changed each time the group key is updated with a key identifier that the device has. And a communication method for transmitting the group key by the key information control device when it is detected by the communication quality detecting means that the group key has not been updated. Switching from multicast communication to the unicast communication with the retransmission function, and a communication means for transmitting the group key to the communication device by resending function unicast communication.
A key information update system according to a fifteenth aspect of the present invention is the key information update system according to the fourteenth aspect, wherein the key information control device sets an interval for transmitting the group key by multicast communication as a predetermined period. The communication device detects that the group key has not been received by the multicast communication when the group key has not been received beyond the predetermined period.
A key information updating method according to a sixteenth aspect of the present invention is a key information updating method for updating a group key used in a network including a key information control device and a plurality of communication devices, the key information control device Unlike the group key, a step of generating a recovery key used in a network including the key information control device and the plurality of communication devices, and the key information control device and the communication device by the key information control device And a step of distributing the recovery key, a step of transmitting a new group key by multicast communication from the key information control device, and a group key transmitted from the key information control device. And updating a group key of the communication device.
A key information update method according to a seventeenth aspect of the present invention is the key information update method according to the sixteenth aspect, wherein the key information control apparatus transmits the key information control apparatus from the communication device. Detecting a communication device that has not updated the group key with reference to a key identifier that is changed each time the group key is updated in the information, and the key information control device updates the group key. Transmitting a group key encrypted using the recovery key when an uncommitted communication device is detected.
A key information update method according to an eighteenth aspect of the present invention is the key information update method according to the sixteenth aspect, wherein the key information control device cannot transmit a message using the group key by the communication device. The method further includes the step of transmitting a message encrypted using the recovery key.
Effects of the Invention According to the present invention, communication can be performed even when the group key update fails.
本発明の実施形態として示す鍵情報更新システムの構成を示すシステム図である。It is a system diagram which shows the structure of the key information update system shown as embodiment of this invention. 本発明の実施形態として示す鍵情報制御装置の構成を示すブロック図である。It is a block diagram which shows the structure of the key information control apparatus shown as embodiment of this invention. 本発明の実施形態として示す通信機器の構成を示すブロック図である。It is a block diagram which shows the structure of the communication apparatus shown as embodiment of this invention. 本発明の実施形態として示す鍵情報更新システムにおいて授受されるノンス値を示し、(a)は第1構成例、(b)は第2構成例である。The nonce value exchanged in the key information update system shown as embodiment of this invention is shown, (a) is a 1st structural example, (b) is a 2nd structural example. 本発明の実施形態として示す鍵情報更新システムにおいて、通信不良が生じていないときの通信手順の一例を示すシーケンス図である。In the key information update system shown as an embodiment of the present invention, it is a sequence diagram showing an example of a communication procedure when no communication failure occurs. 本発明の実施形態として示す鍵情報更新システムにおいて、グループ鍵を更新するときのノンス値の一例を示すシーケンス図である。In the key information update system shown as embodiment of this invention, it is a sequence diagram which shows an example of the nonce value when updating a group key. 本発明の実施形態として示す鍵情報更新システムにおいて、通信不良を鍵情報制御装置により検出するときの通信手順の一例を示すシーケンス図である。In the key information update system shown as embodiment of this invention, it is a sequence diagram which shows an example of a communication procedure when a communication failure is detected by a key information control apparatus. 本発明の実施形態として示す鍵情報更新システムにおいて、通信不良を通信機器により検出するときの通信手順の一例を示すシーケンス図である。In the key information update system shown as embodiment of this invention, it is a sequence diagram which shows an example of a communication procedure when a communication failure is detected by a communication apparatus. 本発明の実施形態として示す鍵情報更新システムにおいて、通信不良を通信機器のタイマーにより検出するときの通信手順の一例を示すシーケンス図である。In the key information update system shown as embodiment of this invention, it is a sequence diagram which shows an example of a communication procedure when a communication failure is detected by the timer of a communication apparatus. 本発明の実施形態として示す鍵情報更新システムにおける鍵情報制御装置の処理手順の一例を示すフローチャートである。It is a flowchart which shows an example of the process sequence of the key information control apparatus in the key information update system shown as embodiment of this invention. 本発明の実施形態として示す鍵情報更新システムにおける通信機器の処理手順の一例を示すフローチャートである。It is a flowchart which shows an example of the process sequence of the communication apparatus in the key information update system shown as embodiment of this invention. 本発明の実施形態として示す鍵情報更新システムにおいて、通信不良をカウンタ値、EPOCH値により判定するときの通信手順の一例を示すシーケンス図である。In the key information update system shown as embodiment of this invention, it is a sequence diagram which shows an example of a communication procedure when determining a communication failure by a counter value and an EPOCH value. 本発明の実施形態として示す鍵情報更新システムにおいて、通信不良となった通信機器にマルチキャスト通信とユニキャスト通信とを併用するときの通信手順の一例を示すシーケンス図である。In the key information update system shown as an embodiment of the present invention, it is a sequence diagram showing an example of a communication procedure when multicast communication and unicast communication are used together for a communication device that has failed in communication. 本発明の実施形態として示す鍵情報更新システムにおいて、通信機器を通常モード又は保証モードに設定する処理手順の一例を示すフローチャートである。6 is a flowchart showing an example of a processing procedure for setting a communication device to a normal mode or a guarantee mode in the key information update system shown as the embodiment of the present invention. 本発明の実施形態として示す鍵情報更新システムにおいて、不安定な通信路を通知するときの通信手順の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the communication procedure when notifying an unstable communication path in the key information update system shown as embodiment of this invention. 本発明の実施形態として示す鍵情報更新システムにおいて、鍵情報制御装置によって所定期間ごとに鍵更新メッセージを送信する処理手順の一例を示すフローチャートである。In the key information update system shown as an embodiment of the present invention, it is a flowchart showing an example of a processing procedure for transmitting a key update message every predetermined period by the key information control device. 本発明の実施形態として示す鍵情報更新システムにおいて、鍵情報制御装置から複数の通信機器にリカバリー鍵を用いてグループ鍵を送信する通信手順の一例を示すシーケンス図である。In the key information update system shown as embodiment of this invention, it is a sequence diagram which shows an example of the communication procedure which transmits a group key using a recovery key from a key information control apparatus to a some communication apparatus. 本発明の実施形態として示す鍵情報更新システムにおいて、通信機器から鍵情報制御装置1及び通信機器にリカバリー鍵を用いてメッセージを送信する通信手順の一例を示すシーケンス図である。In the key information update system shown as embodiment of this invention, it is a sequence diagram which shows an example of the communication procedure which transmits a message using the recovery key from the communication apparatus to the key information control apparatus 1 and the communication apparatus.
 以下、本発明の実施の形態について図面を参照して説明する。
 本発明を適用した鍵情報更新システムは、例えば図1に示すように構成されている。
 鍵情報更新システムは、鍵情報制御装置1と、複数の通信機器2A,2B,2C(以下、総称する場合には単に通信機器2と呼ぶ。)とを含む。鍵情報制御装置1及び通信機器2は、通信中継装置100に接続されている。鍵情報制御装置1及び通信機器2は、通信中継装置100によって情報が中継されて、相互に通信可能となっている。
 通信中継装置100は、例えばインターネット等の通信ネットワークNTと有線接続されている。通信中継装置100は、例えばブロードバンドルータが該当する。
 通信機器2は、例えば家庭内に設置された各種の機器である。本実施形態において、通信機器2Aは、通信中継装置100との間で無線信号を授受する無線通信機器である。通信機器2B、2Cは、通信中継装置100と通信線で有線接続されている。
 本実施形態において、通信機器2は、有線通信又は無線通信を行うものであってもよい。無線通信は、一般的に、有線通信よりも通信品質が低い。また、通信機器2は、任意のタイミングでスリープ状態となり、一定期間又は何らかの外部トリガーにより起動するものであってもよい。このスリープ状態は、最低限の電力のみで動作し、通信が行えないような状態を含む。なお、通信機器2は、3つ以上であってもよい。
 鍵情報制御装置1は、複数の通信機器2との間で通信を行い、複数の通信機器2を制御する。鍵情報制御装置1は、通信機器2との間で暗号化通信を行う。このために、鍵情報制御装置1は、各通信機器2との間で認証処理、鍵配布処理を行う。さらに、鍵情報制御装置1は、複数の通信機器2を含むネットワークにおいて使用されるグループ鍵を更新する。
 鍵情報制御装置1は、例えば図2に示すような機能的な各部を有している。鍵情報制御装置1は、プログラムを読み込んで実行可能なコンピュータである。鍵情報制御装置1は、コンピュータによってプログラムを実行することにより、図2に示すような各部として機能する。このプログラムは、本実施形態において、複数の通信機器2を含むネットワークにおいて使用されるグループ鍵を更新する鍵情報制御プログラムである。
 鍵情報制御装置1は、制御部11、通信部12、認証処理部13、認証情報記憶部14、鍵管理部15、及び、暗号処理部16を有する。さらに、鍵情報制御装置1は、通信品質計測部17及び通信品質記憶部18を有する。さらに、鍵情報制御装置1は、タイマー部19を有する。
 通信部12は、通信機器2との間で通信を行う。通信部12は、マルチキャスト通信方式及びユニキャスト通信方式の何れかで通信機器2と通信を行う。この通信方式の切り替えは、制御部11によって制御される。
 制御部11は、鍵情報制御装置1の各部を制御する。制御部11は、プログラムを記録したコンピュータ読み取り可能な記録媒体としての記憶部11aに記憶された鍵情報制御プログラム11bを実行する。
 認証処理部13は、鍵情報制御装置1に接続される通信機器2との間で認証処理を行う。この認証処理部13は、既存の各種の認証処理が実行可能で有ればよい。
 認証処理部13は、認証処理時に、認証情報記憶部14に記憶された認証情報を読み出す。認証情報は、例えば通信機器2のノードIDと機器固有鍵KD(Key of Device)(又はパスワード)である。認証処理部13は、通信機器2から送信された認証情報と認証情報記憶部14に記憶された認証情報とを対比して、通信機器2が正当な権限を有しているか否かを判定する。なお、機器固有鍵KDの代わりに公開鍵と秘密鍵を用いて、通信機器2が正当な権限を有しているかを判断してもよい。機器固有鍵KDを秘密鍵としても同じように実施することができる。
 鍵管理部15は、鍵情報制御装置1が通信機器2との間で暗号化通信を行う際に使用する鍵情報を管理する。鍵管理部15は、通信機器2の機器固有鍵KD(ユニキャストでの通信機器の認証及び鍵暗号化鍵の配信用の鍵(Key of Device))、鍵暗号化鍵KEK(Key Encryption Key)、グループ鍵K(Gn)を管理する。管理されている鍵情報は、鍵管理テーブル15aに記憶される。
 通信機器2ごとの機器固有鍵KDは、鍵情報制御装置1が通信機器2へ送る鍵暗号化鍵KEKの暗号化や通信機器2を認証するための鍵情報である。この機器固有鍵KDは、予め鍵情報制御装置1と各通信機器2に設定され、共有される。
 鍵暗号化鍵KEKは、鍵の暗号化用の鍵である。鍵暗号化鍵KEKは、鍵情報制御装置1が導出する。鍵暗号化鍵KEKは、認証、鍵配布時に全通信機器2と鍵情報制御装置1とで共有される。
 なお、通信機器2の機器固有鍵KDは、鍵情報制御装置1と通信機器2との間で鍵暗号化鍵(KEK)を暗号化して通信機器2に配信するための鍵情報(暗号化鍵)である。鍵情報制御装置1はセキュリティ性を高めるために通信機器2の機器毎に異なる値の機器固有鍵KDを持つことができる。
 グループ鍵K(Gn)は、鍵情報制御装置1及び全ての通信機器2間で暗号化したマルチキャスト通信を行うための鍵情報である。グループ鍵K(Gn)は、鍵情報制御装置1が導出する。グループ鍵K(Gn)は、鍵暗号化鍵KEKで暗号化され、マルチキャスト通信によって全ての通信機器2に配布される。なお、グループ鍵K(Gn)におけるnは鍵のバージョンである。鍵管理部15によって新たに生成するごとに、n=1,2,3,・・・と増加される。
 鍵管理部15は、鍵暗号化鍵KEK、グループ鍵K(Gn)を導出し、予め全通信機器2の機器固有鍵KDを保持している。鍵管理部15は、導出した鍵暗号化鍵KEKを、通信部12から各通信機器2に送信させる。また、鍵管理部15は、マルチキャスト通信によってグループ鍵K(Gn)を更新させる。
 鍵管理部15は、鍵識別子を管理する。鍵識別子は、グループ鍵K(Gn)が更新される度に変更される値(EPOCH値)である。鍵管理部15は、グループ鍵を更新する度に、古いEPOCH値を新たなEPOCH値に更新する。
 暗号処理部16は、鍵管理テーブル15aに記憶されている鍵情報を用いて、メッセージの暗号化処理を行う。また、暗号処理部16は、通信部12によって受信した暗号化情報を鍵管理テーブル15aに記憶されている鍵情報を用いて、暗号化データを復号化する。このとき、暗号処理部16は、鍵管理テーブル15aに記憶された適切な鍵情報を選択して使用する。
 通信品質計測部17は、各通信機器2との間における通信品質を計測する。通信品質計測部17は、通信機器2から送信された情報のうちEPOCH値を参照する。通信品質計測部17は、古いEPOCH値の場合に、マルチキャスト通信によって送信したグループ鍵K(Gn)を受信していない通信機器2を検出する(通信品質検出手段)。また、通信品質計測部17は、後述するように、ノンス値のカウンタ値を使用して通信品質を検出してもよい。
 通信品質記憶部18は、通信品質計測部17によって参照したEPOCH値を通信機器2ごとに記憶する。EPOCH値は、通信品質計測部17によって参照される。これにより、通信品質計測部17は、EPOCH値の抜けがある通信機器2について、通信品質が低いと判定できる。
 このような鍵情報制御装置1は、制御部11によって通信部12の通信方式を変更する。通信部12は、通常のグループ鍵K(Gn)の更新処理において、鍵管理部15により生成されたEPOCH値及びグループ鍵K(Gn)をマルチキャスト通信によって複数の通信機器2に送信する(マルチキャスト通信手段)。
 通信部12は、通信品質検出手段としての通信品質計測部17によりグループ鍵K(Gn)を受信していない通信機器2が検出された場合に、当該通信機器2に、再送機能付きユニキャスト通信によってグループ鍵K(Gn)を送信する(ユニキャスト通信手段)。
 タイマー部19は、グループ鍵K(Gn)をマルチキャスト通信によって送信する間隔を計測する。このグループ鍵K(Gn)の送信間隔は、制御部11によって所定期間が設定される。タイマー部19は、制御部11によってタイマー値のクリア、タイマー値の計時が制御される。
 通信機器2は、例えば図3に示すような機能的な各部を有している。通信機器2は、プログラムを読み込んで実行可能なコンピュータである。通信機器2は、コンピュータによってプログラムを実行することにより、図3に示すような各部として機能する。このプログラムは、本実施形態において、自己が保持するグループ鍵を更新する鍵情報更新プログラムである。これにより、通信機器2は、鍵情報更新装置として機能する。
 通信機器2は、制御部21、通信部22、認証処理部23、鍵管理部24、及び、暗号処理部25を有する。さらに、通信機器2は、通信品質計測部26及び通信品質記憶部27を有する。さらに、通信機器2は、タイマー部28を有する。
 通信部22は、鍵情報制御装置1及び他の通信機器2との間で通信を行う。通信部22は、マルチキャスト通信方式及びユニキャスト通信方式の何れかで鍵情報制御装置1と通信を行う。この通信方式の切り替えは、制御部21によって制御される。
 制御部21は、通信機器2の各部を制御する。制御部21は、プログラムを記録したコンピュータ読み取り可能な記録媒体としての記憶部21aに記憶された鍵情報更新プログラム21bを実行する。
 認証処理部23は、鍵情報制御装置1との間で認証処理を行う。この認証処理部23は、既存の各種の認証処理が実行可能で有ればよい。
 認証処理部23は、認証処理時に、予め設定された認証情報を読み出す。認証情報は、例えば通信機器2のノードIDと機器固有鍵KD(Key of Device)(又はパスワード)である。認証処理部23は、鍵情報制御装置1の要求に応じて、認証情報を通信部22から鍵情報制御装置1に送信させる。
 鍵管理部24は、鍵情報制御装置1及び他の通信機器2との間で暗号化通信を行う際に使用する鍵情報を管理する。鍵管理部24は、通信機器2の機器固有鍵KD、鍵暗号化鍵KEK、グループ鍵K(Gn)を管理する。管理されている鍵情報は、鍵管理テーブル24aに記憶される。また、鍵管理部24は、鍵識別子を鍵管理テーブル24aに記憶させる。
 暗号処理部25は、鍵管理テーブル24aに記憶されている鍵情報を用いて、メッセージの暗号化処理を行う。また、暗号処理部25は、通信部22によって受信した暗号化情報を鍵管理テーブル24aに記憶されている鍵情報を用いて、暗号化データを復号化する。このとき、暗号処理部25は、鍵管理テーブル24aに記憶された適切な鍵情報を選択して使用する。
 通信品質計測部26は、鍵情報制御装置1との間における通信品質を計測する。通信品質計測部26は、鍵情報制御装置1又は他の通信機器2から送信された情報のうちEPOCH値を参照する。通信品質計測部26は、受信した情報のうちのEPOCH値と鍵管理テーブル24aに保持しているとEPOCH値を対比する。この対比の結果、通信品質計測部26は、双方のEPOCH値が異なることや、EPOCH値の差分を検出する。この場合、通信品質計測部26は、更新されたグループ鍵K(Gn)を受信していないことを検出する(通信品質検出手段)。また、通信品質計測部26は、タイマー値を参照して、通信品質として、グループ鍵K(Gn)を受信していないことを検出してもよい。
 通信品質記憶部27は、通信品質計測部26によって参照したEPOCH値を記憶する。EPOCH値は、通信品質計測部26によって参照される。これにより、通信品質計測部26は、EPOCH値の抜けがある場合に、通信品質が低いと判定できる。
 このような通信機器2は、通信品質計測部26により更新されたグループ鍵K(Gn)を受信していないことが検出された場合に、再送機能付きユニキャスト通信によってグループ鍵K(Gn)を要求する。このとき、通信機器2は、鍵要求メッセージを鍵情報制御装置1に送信する。これにより、通信機器2は、ユニキャスト通信によって、通信部22が現在のグループ鍵K(Gn)を取得する(通信手段)。
 タイマー部28は、グループ鍵K(Gn)をマルチキャスト通信によって受信する間隔を計測する。このグループ鍵K(Gn)の受信間隔は、予め鍵情報制御装置1との間で、所定期間が設定される。タイマー部28は、制御部21によってタイマー値のクリア、タイマー値の計時が制御される。これにより、タイマー部28は、所定期間を超えてグループ鍵K(Gn)を受信していない場合に、マルチキャスト通信によってグループ鍵K(Gn)を受信できていないことを検出する。
 この鍵情報更新システムにおいて、鍵情報制御装置1は、通信機器2との間で暗号化通信を行う。このために、鍵情報制御装置1は、通信機器2をそれぞれ認証する。その後、鍵情報制御装置1は、各通信機器2との間のみで暗号化通信できる鍵暗号化鍵KEKを配布する。さらに、鍵情報制御装置1は、全ての通信機器2と暗号化通信できるグループ鍵K(Gn)を配布する。
 これにより、グループ鍵K(Gn)は、鍵情報制御装置1及び全ての通信機器2によって共有される。なお、グループ鍵K(Gn)において、Gnは当該グループ鍵の時代(EPOCH値)に対応している。
 このような鍵情報更新システムは、図1に示すように、鍵情報制御装置1から通信機器2にグループ鍵S1をマルチキャスト通信により送信する。このグループ鍵S1は、通信中継装置100を介して、通信機器2に送信される。通信機器2Aは無線通信機器であるので、通信中継装置100から通信機器2Aに無線信号S2aが送信される。通信機器2B、2Cは有線通信機器であるので、通信中継装置100から通信機器2B、2Cに有線信号S2b、S2cが送信される。
 例えば、無線信号S2aがノイズ等を起因とする通信不良によって消失したとする。この場合、通信機器2Aは、鍵情報制御装置1及び他の通信機器2B、2Cが使用するグループ鍵S1が受信できない。したがって、通信機器2Aは、その後にグループ鍵S1で暗号化されたマルチキャスト通信によって送信された情報を復号できない。また、通信機器2Aは、古いグループ鍵で暗号化した情報を送信する。したがって、通信機器2Aから送信された情報は、鍵情報制御装置1及び他の通信機器2B、2Cによって復号できない。
 そこで、本実施形態の鍵情報更新システムは、グループ鍵の更新に失敗した場合であっても通信を行うことができるようにする。このため、鍵情報更新システムは、通信不良を検出する。通信不良が検出された場合、鍵情報更新システムは、マルチキャスト通信とユニキャスト通信とを併用して、通信不良が発生した通信機器2のグループ鍵を更新する。以下、この動作を詳細に説明する。
 先ず、鍵情報更新システムにおいて通信するパケットに含まれるEPOCH値を含むノンス(Nonce)について、図4を参照して説明する。
 鍵情報更新システムにおいて通信するパケットには、IPアドレスやUDPに加え、図4(a)又は図4(b)に示すノンスが含まれている。ノンスは、データ暗号化時のパラメータの一つとして使用し、送信データメッセージのヘッダー部に付加される。図4(a)に示すノンスには、EPOCH値及びカウンタ値が含まれている。図4(bに示すノンスには、EPOCH値、ノードID、及び、カウンタ値が含まれている。
 EPOCH値は、グループ鍵K(Gn)の識別子である。EPOCH値は、鍵情報制御装置1によって、グループ鍵K(Gn)が更新される度に変更される。鍵情報制御装置1は、グループ鍵K(Gn)を新たなものとする度に、EPOCH値をインクリメントする。
 ノードIDは、鍵情報制御装置1及び通信機器2を識別する識別子である。鍵情報制御装置1及び通信機器2は、データを送信する際に自己のノードIDをメッセージに格納する。
 カウンタ値は、EPOCH値で識別されるグループ鍵K(Gn)を用いて暗号化マルチキャスト通信を行った回数を表す。このカウンタ値は、鍵情報制御装置1及び通信機器2のそれぞれによって管理される。カウンタ値は、鍵情報制御装置1及び通信機器2がデータを送信するごとにカウントアップされる。グループ鍵K(Gn)の更新は、鍵情報制御装置1によって、カウンタ値が最大値に達する前に実施される。
 つぎに、この鍵情報更新システムにおいて、通信不良が発生していない場合の動作について、図5を参照して説明する。
 先ず、鍵情報制御装置1と通信機器2Cとの間で、認証処理及び鍵配布処理P1を行う。鍵情報制御装置1は、通信機器2Cが正当な機器であると判定した後、ユニキャスト通信によって、鍵暗号化鍵KEKを配布する。
 次に、鍵情報制御装置1は、マルチキャスト通信によってグループ鍵K(G1)を配布する。このとき、鍵情報制御装置1は、関数E(KEK,K(G1))で得た暗号化情報をマルチキャスト通信で送信する。この関数Eは、鍵暗号化鍵KEKを用いてグループ鍵K(G1)を暗号化する関数である。この鍵暗号化鍵KEKは、処理P1にて配布された鍵暗号化鍵KEKである。
 通信機器2Cは、鍵情報制御装置1からマルチキャスト通信された関数Eを受信すると、復号する。このとき、通信機器2Cは、関数D(KEK,E(KEK,K(Gn)))なる演算を行う。この関数Dは、鍵暗号化鍵KEKを用いて、E(KEK,K(Gn))で得た暗号化情報を復号する関数である。これにより、通信機器2Cは、グループ鍵K(G1)を復号することができる。
 鍵情報制御装置1は、通信機器2B、通信機器2Aについても、同様に認証処理及び鍵配布処理P2、P3を行う。さらに、鍵情報制御装置1は、認証処理及び鍵配布処理P2、P3が完了する度に、グループ鍵K(G2)、K(G3)を配布する。
 これにより、鍵情報制御装置1及び全ての通信機器2は、グループ鍵K(G3)を用いて、暗号化マルチキャスト通信によってデータ通信処理P4を行うことができる。
 グループ鍵K(Gn)の更新タイミングとなると、鍵情報制御装置1及び通信機器2は、鍵更新処理P5を行う。この鍵更新処理P5は、鍵情報制御装置1によって生成した新たなグループ鍵K(G4)をマルチキャスト通信によって全ての通信機器2に配布する。そして、それぞれの通信機器2は、マルチキャスト通信によってグループ鍵K(G4)を受信し、鍵管理テーブル24aに記憶しているグループ鍵K(G3)を、新たなグループ鍵K(G4)に更新する。
 その後、例えば鍵情報制御装置1から全ての通信機器2に暗号化データを送信する。この暗号化データは、関数E(K(G4),データ)で得た暗号化情報を含む。各通信機器2は、鍵情報制御装置1から送信された暗号化データがマルチキャスト通信によって受信する。各通信機器2は、暗号化データをグループ鍵K(G4)で復号する。これにより、各通信機器2は、関数D(K(G4),E(K(G4),データ))なる演算を行って
、データを得ることができる。
 つぎに、上述した鍵情報更新システムにおいて、グループ鍵K(Gn)を更新するときのノンス値について、図6を参照して説明する。ノンスに含まれるEPOCH値、ノードID、カウンタ値は、図6において、Nonce={EPOCH,ノードID,カウンタ値}として示している。
 通信機器2Cによってグループ鍵K(G1)を用いて暗号化した暗号化データを送信する。この暗号化データには、ノンス値が付加される。この暗号化データは、マルチキャスト通信によって通信機器2A、通信機器2B、及び、鍵情報制御装置1に送信される。
 先ず、1回目に送信される暗号化データには、Nonce={0,3,0}が付加される。2回目に送信される暗号化データには、カウンタ値が増加されたNonce={0,3,1}が付加される。そして、カウンタ値の最大値から1だけ差し引いた回数に送信される暗号化データにはNonce={0,3,232−1}が付加される。
 鍵情報制御装置1は、最大値から1だけ引いたカウンタ値をノンス値Nonce={0,3,232−1}から検出する。すると、鍵情報制御装置1は、マルチキャスト通信によって新たなグループ鍵K(G2)を含む鍵更新メッセージを送信する。これにより、通信機器2Cは、グループ鍵K(G1)を、新たなグループ鍵K(G2)に更新する。
 その後、通信機器2Cは、グループ鍵K(G2)で暗号化した暗号化データのそれぞれに、Nonce={1,3,0}、Nonce={1,3,1}、Nonce={1,3,232−1}を付加できる。さらにその後、グループ鍵K(G2)によって暗号化した暗号化データを送信した回数が232−1となると、グループ鍵K(G2)を、新たなグループ鍵K(G3)に更新することとなる。
 つぎに、上述した鍵情報更新システムにおいて、鍵情報制御装置1がグループ鍵K(Gn)の未受信を検出した場合の動作について、図7を参照して説明する。
 先ず、鍵情報更新システムは、図5を参照して説明したように、鍵情報制御装置1と通信機器2A,2B,2Cとの間で、認証処理及び鍵配布処理P1、P2、P3を行う。さらに、鍵情報制御装置1は、認証処理及び鍵配布処理後に、グループ鍵K(Gn)をマルチキャスト通信によって配布する。その結果、鍵情報制御装置1及び通信機器2A,2B,2Cは、最新のグループ鍵K(G3)を用いてデータ通信処理P4を行う。
 その後、グループ鍵K(Gn)の更新タイミングとなると、鍵情報制御装置1は、通信機器2A,2B,2Cに対して、マルチキャスト通信によってグループ鍵K(G4)を配布する鍵更新処理P5を行う(マルチキャスト通信手段)。このグループ鍵K(G4)に対応したEPOCH値は「3」である。このとき、鍵情報制御装置1から通信機器2Aに送信された鍵更新メッセージは通信不良により通信機器2Aに受信されなかったとする。
 その後、通信機器2Aは、旧グループ鍵K(Gn)としてのグループ鍵K(G3)によって暗号化した暗号化データを送信する。このグループ鍵K(G3)に対応したEPOCH値は「2」である。すると、この暗号化データは、通信機器2B、2C、及び、鍵情報制御装置1に受信される。しかし、通信機器2B、2C、及び、鍵情報制御装置1は、最新のグループ鍵K(G4)を用いて復号しようとしても復号が失敗する。
 復号が失敗すると、鍵情報制御装置1は、通信機器2Aから送信された情報のうちEPOCH値を参照する。すると、鍵情報制御装置1が保持しているEPOCH値は「3」であるのに対し、通信機器2Aから送信された情報のうちEPOCH値は「2」である。これにより、鍵情報制御装置1は、マルチキャスト通信によって送信したグループ鍵K(G4)を受信していない通信機器として通信機器2Aを検出する(通信品質検出手段)。
 この場合、鍵情報制御装置1は、通信機器2Aに、再送機能付きユニキャスト通信によってグループ鍵K(G4)を送信する(ユニキャスト通信手段)。このとき、鍵情報制御装置1は、認証処理及び鍵配布処理P3において配布した鍵暗号化鍵KEKによって、新たなグループ鍵K(G4)を暗号化する。
 鍵情報制御装置1は、ユニキャスト通信によってグループ鍵K(G4)を送信する場合、再送機能付きユニキャスト通信を行う。この再送機能付きユニキャスト通信は、通信機器2から受信応答を受信するまで、ユニキャスト通信を繰り返す。鍵情報制御装置1は、例えば、2回に亘りユニキャスト通信を行ってグループ鍵K(G4)が通信不良によって消失しても、3回目のユニキャスト通信によって通信機器2Aにグループ鍵K(G4)を送信できる。
 このユニキャスト通信によって送信されたグループ鍵K(G4)は、通信機器2Aの鍵暗号化鍵KEKを用いて復号される。通信機器2Aは、グループ鍵K(G3)を、最新のグループ鍵K(G4)に更新できる。通信機器2Aは、最新のグループ鍵K(G4)を受信すると、鍵情報制御装置1に対し、ユニキャスト通信によって受信応答を送信する。
 また、鍵情報制御装置1は、再送機能付きユニキャスト通信によって、グループ鍵K(Gn)に加えて、最新のEPOCH値を送信してもよい。この場合、通信機器2Aは、グループ鍵K(G3)をグループ鍵K(G4)に更新すると共に、記憶しているEPOCH値「2」を、最新のEPOCH値「3」に更新できる。
 以上のように、鍵情報更新システムによれば、マルチキャスト通信によって送信したグループ鍵K(Gn)が通信不良によって消失しても、グループ鍵K(Gn)を送信する通信方式を自動的にマルチキャスト通信から再送機能付きユニキャスト通信に切り替える。
 これにより、鍵情報更新システムは、マルチキャスト通信方式から、受信応答を要する再送機能付きユニキャスト通信に切り替えてグループ鍵K(Gn)を送信することにより、グループ鍵K(Gn)の更新をより確実に実施することができる。
 また、この鍵情報更新システムによれば、鍵管理部15によって、新たなグループ鍵に変更する度にEPOCH値の値を大きく変更する。鍵情報制御装置1は、通信品質計測部17によって、通信機器2から送信されたEPOCH値が、鍵管理部15により変更されたEPOCH値よりも小さい場合に、マルチキャスト通信によって送信したグループ鍵を受信していないことを検出できる。
 このように、EPOCH値を参照して、マルチキャスト通信による鍵更新メッセージが消失したことを検出し、再送機能付きユニキャスト通信に切り替えて鍵更新を実施できる。これにより、確実にグループ鍵を更新でき、かつ、再度認証処理及びシステム全体の鍵更新の処理を行うことなく、グループ鍵を用いたマルチキャスト通信を実施できる。
 さらに、この鍵情報更新システムによれば、鍵情報制御装置1によって、最新のグループ鍵に加えて、鍵管理部15が生成した最新のEPOCH値を送信することができる。これにより、鍵情報制御装置1から通信機器2に、再送機能付きユニキャスト通信によって、最新のEPOCH値を送信できる。これにより、鍵情報更新システムは、鍵情報制御装置1から通信機器2に最新のEPOCH値を送信して、直ちにグループ鍵を用いたマルチキャスト通信を容易に開始できる。
 つぎに、上述した鍵情報更新システムにおいて、通信機器2がグループ鍵K(Gn)の未受信を検出した場合の動作について、図8を参照して説明する。
 鍵情報更新システムは、上述したように、鍵情報制御装置1と通信機器2A,2B,2Cとの間で、認証処理及び鍵配布処理P1、P2、P3を行う。さらに、鍵情報制御装置1及び通信機器2A,2B,2Cは、最新のグループ鍵K(G3)を用いてデータ通信処理P4を行う。その後、グループ鍵K(Gn)の更新タイミングとなり、鍵情報制御装置1から通信機器2Aに送信された鍵更新メッセージは通信不良により通信機器2Aに受信されなかったとする。
 その後、鍵情報制御装置1は、新たなグループ鍵K(G4)によって暗号化した暗号化データをマルチキャスト通信によって送信する。このグループ鍵K(G4)に対応したEPOCH値は「3」である。すると、この暗号化データは、通信機器2A,2B,2Cに受信される。通信機器2B、2Cは、鍵更新処理P5によって得た新たなグループ鍵K(G4)によって暗号化データの復号に成功できる。
 しかし、通信機器2Aは、自身が鍵管理テーブル24aに記憶しているグループ鍵K(G3)によって復号しようとしても復号が失敗する。復号が失敗すると、通信機器2Aは、鍵情報制御装置1から送信された情報のうちEPOCH値を参照する。すると、通信機器2Aが保持しているEPOCH値は「2」であるのに対し、鍵情報制御装置1から送信された情報のうちEPOCH値は「3」である。これにより、通信機器2Aは、最新のグループ鍵K(Gn)を受信していないことを検出する(通信品質検出手段)。
 この場合、通信機器2Aは、鍵情報制御装置1に、再送機能付きユニキャスト通信によって最新のグループ鍵K(Gn)の送信を要求する(ユニキャスト通信手段)。なお、通常は平文で、新たなグループ鍵の要求メッセージを送る。この平文のメッセージは、{MSG、EPOCH、D_2A}の構成例になる。ここで、MSGは要求であることを示す識別子であり、EPOCHは通信機器2Aが鍵情報制御装置1から受信したEPOCH値であり、D_2Aは通信機器2Aを識別できる識別子またはIDである。
 このとき、通信機器2Aは、認証処理及び鍵配布処理P3において配布した暗号化鍵KEKによって、新たなグループ鍵K(Gn)を要求する鍵要求メッセージにメッセージ認証コード(MAC)の情報を付加してもよい。このメッセージ認証コードの情報は、通信機器2Aであることを証明するための情報である。
 このメッセージ認証コード(MAC)を付加した要求は、例えば、{MSG,EPOCH,D_2A,MAC(KD_2A,MSG,D_2A,EPOCH)}の構成例になる。関数MACは、鍵情報としてKD_2A,メッセージとしてMSG,D_2A,EPOCHを入力値として計算し、MAC値を出力する。このMAC値は、通信機器2Aの機器固有鍵KDが含まれている。このため、機器固有鍵KDが異なると同じMSG,D_2A,EPOCHを入力してもMAC値は一致しない。したがって、MAC値は、通信機器2Aであることを証明する情報となる。MSGは要求であることを示す識別子(文字列も含む)である。EPOCHは、通信機器2Aが鍵情報制御装置1から受信したEPOCH値である。D_2Aは通信機器2Aを識別できる識別子またはノードIDである。
 通信機器2Aは、ユニキャスト通信によってグループ鍵K(Gn)を要求する場合、再送機能付きユニキャスト通信を行う。この再送機能付きユニキャスト通信は、鍵情報制御装置1から受信応答を受信するまで、ユニキャスト通信を繰り返す。通信機器2Aは、例えば、2回に亘りユニキャスト通信を行ってグループ鍵K(Gn)の要求が通信不良によって消失しても、3回目のユニキャスト通信によって鍵情報制御装置1にグループ鍵K(Gn)の鍵要求メッセージを送信できる。
 このユニキャスト通信によって送信されたグループ鍵K(Gn)の鍵要求メッセージは、メッセージ認証が付加されていた場合、鍵情報制御装置1の通信機器2Aの機器固有鍵KDを用いて検証される。メッセージ認証コードが付加されていない場合は、通信相手が正当な通信機器2Aではないと判定する。一方、メッセージ認証コードが付加されていた場合は通信機器2Aであることが確認でき、鍵情報制御装置1は、通信機器2Aに最新のグループ鍵K(G4)を送信するようユニキャスト通信を行う。このとき、鍵情報制御装置1は、再送機能付きユニキャスト通信によって、グループ鍵K(G4)を送信してもよい。
 通信機器2Aは、グループ鍵K(Gn)の鍵要求メッセージに対して、鍵情報制御装置1から最新のグループ鍵K(G4)を受信すると、鍵暗号化鍵KEKを用いて復号できる。これにより、通信機器2Aは、グループ鍵K(G3)を、最新のグループ鍵K(G4)に更新できる。通信機器2Aは、最新のグループ鍵K(G4)を受信すると、鍵情報制御装置1に対し、ユニキャスト通信によって受信応答を送信する。
 また、鍵情報制御装置1は、再送機能付きユニキャスト通信によって、グループ鍵K(Gn)に加えて、最新のEPOCH値を送信してもよい。この場合、通信機器2Aは、グループ鍵K(G3)をグループ鍵K(G4)に更新すると共に、記憶しているEPOCH値「2」を、最新のEPOCH値「3」に更新できる。
 以上のように、鍵情報更新システムによれば、マルチキャスト通信によって送信したグループ鍵K(Gn)が通信不良によって消失しても、グループ鍵K(Gn)を送信する通信方式を自動的にマルチキャスト通信から再送機能付きユニキャスト通信に切り替える。
 これにより、鍵情報更新システムは、通信機器2によって受信応答を要する再送機能付きユニキャスト通信によってグループ鍵K(Gn)の鍵要求メッセージを送信することにより、鍵情報制御装置1から最新のグループ鍵K(Gn)を得ることができる。したがって、この通信機器2によれば、マルチキャスト通信によって最新のグループ鍵K(Gn)が消失しても、グループ鍵K(Gn)の更新をより確実に実施することができる。
 また、通信機器2は、鍵情報制御装置1又は他の通信機器2から送信された情報に含まれるEPOCH値が、通信機器2(自己)に記憶されたEPOCH値よりも大きい場合に、マルチキャスト通信によって送信したグループ鍵を受信していないことを検出できる。すなわち、通信機器2は、自身のEPOCH値が小さく、自身が保有しているグループ鍵K(Gn)が古い場合に、鍵更新メッセージを要求することができる。
 このように、EPOCH値を参照して、マルチキャスト通信による鍵更新メッセージが消失したことを検出し、再送機能付きユニキャスト通信に切り替えて鍵更新を実施できる。これにより、通信相手に問い合わせることなく確実にグループ鍵を更新でき、かつ、再度認証処理及びシステム全体の鍵更新の処理を行うことなく、グループ鍵を用いたマルチキャスト通信を実施できる。
 つぎに、上述した鍵情報更新システムにおいて、通信機器2がグループ鍵K(Gn)の未受信を検出する他の動作について、図9を参照して説明する。
 通信機器2は、最新のグループ鍵K(G3)を配布する鍵更新メッセージを受信すると、タイマー部28を起動させる。通信機器2は、所定時間tを超えてグループ鍵K(Gn)を含む鍵更新メッセージを受信していない場合に、マルチキャスト通信によってグループ鍵を受信できていないことを検出する。
 この場合、通信機器2Aは、鍵情報制御装置1に、再送機能付きユニキャスト通信によって最新のグループ鍵K(Gn)の送信を要求する(ユニキャスト通信手段)。なお、通常は平文で、新たなグループ鍵の要求メッセージを送る。この平文のメッセージは、{MSG、EPOCH、D_2A}の構成例になる。MSGは要求であることを示す識別子である。EPOCHは通信機器2Aが鍵情報制御装置1から受信したEPOCH値である。D_2Aは通信機器2Aを識別できる識別子またはIDである。
 このとき、通信機器2Aは、認証処理及び鍵配布処理P3において配布した鍵暗号化鍵KEKによって、新たなグループ鍵K(Gn)を要求する鍵要求メッセージにメッセージ認証(MAC)の情報を暗号化して付加してもよい。このメッセージ認証コードの情報は、通信機器2Aであることを証明するための情報である。
 このメッセージ認証コード(MAC)を付加した要求は、例えば、{MSG,EPOCH,D_2A,MAC(KD_2A,MSG,D_2A,EPOCH)}の構成例になる。関数MACは、鍵情報としてKD_2A,メッセージとしてMSG,D_2A,EPOCHを入力値として計算し、MAC値を出力する。このMAC値は、通信機器2Aの機器固有鍵KDが含まれている。このため、機器固有鍵KDが異なると同じMSG,D_2A,EPOCHを入力してもMAC値は一致しない。したがって、MAC値は、通信機器2Aであることを証明する情報となる。MSGは要求であることを示す識別子(文字列も含む)である。EPOCHは、通信機器2Aが鍵情報制御装置1から受信したEPOCH値である。D_2Aは通信機器2Aを識別できる識別子またはノードIDである。
 このユニキャスト通信によって送信されたグループ鍵K(Gn)の鍵要求メッセージは、メッセージ認証が付加されていた場合、鍵情報制御装置1の通信機器2Aの機器固有鍵KDを用いて検証される。メッセージ認証コードが付加されていない場合は、通信相手が正当な通信機器2Aではないと判定する。一方、メッセージ認証コードが付加されていた場合は通信機器2Aであることが確認でき、鍵情報制御装置1は、通信機器2Aに最新のグループ鍵K(G4)を送信するようユニキャスト通信を行う。
 通信機器2Aは、グループ鍵K(Gn)の鍵要求メッセージに対して、鍵情報制御装置1から最新のグループ鍵K(G4)を受信すると、鍵暗号化鍵KEKを用いて復号できる。これにより、通信機器2Aは、グループ鍵K(G3)を、最新のグループ鍵K(G4)に更新できる。通信機器2Aは、最新のグループ鍵K(G4)を受信すると、鍵情報制御装置1に対し、ユニキャスト通信によって受信応答を送信する。
 この鍵情報更新システムによれば、鍵情報制御装置1によってグループ鍵をマルチキャスト通信によって送信する間隔を所定期間とする。一方、通信機器2は、所定期間を超えてグループ鍵を受信していない場合に、マルチキャスト通信によってグループ鍵を受信できていないことを検出する。この鍵情報更新システムによれば、通信機器2によって容易に鍵更新メッセージの通信不良を検出できる。これにより、通信機器2が直ちにグループ鍵を要求でき、通信機器2がマルチキャスト通信の不能な期間を短縮できる。
 つぎに、上述した鍵情報更新システムにおいて、鍵情報制御装置1及び通信機器2のそれぞれの内部動作について説明する。
 図10は、鍵情報制御装置1の動作手順を示すフローチャートである。この動作は、コンピュータとしての鍵情報制御装置1が、記録媒体としての記憶部11aに記憶された鍵情報制御プログラム11bを実行することによって行われる処理である。
 先ずステップS1において、通信部12によって、外部から送信されたメッセージを受信する。
 次のステップS2において、制御部11によって、ステップS1にて受信したメッセージが、通信機器2から送信された鍵要求メッセージか否かを判定する。このとき、制御部11は、アドレス情報又はノードIDを参照して、メッセージの送信元の通信機器2を特定する。また、制御部11は、ノンス値に付加された暗号化データを参照して、受信したメッセージが鍵要求メッセージか否かを判定する。鍵要求メッセージである場合にはステップS3に処理を進め、そうでない場合にはステップS5に処理を進める。
 ステップS3において、通信部12は、再送機能付きユニキャスト通信によって、最新のグループ鍵K(Gn)を送信する。このとき、鍵管理部15は、制御部11の制御に従って、鍵管理テーブル15aから最新のグループ鍵K(Gn)を読み出す。また、鍵管理部15は、鍵要求メッセージの送信元の通信機器2に対応した鍵暗号化鍵KEKを読み出し、暗号処理部16によって暗号化させる。
 次のステップS4において、通信部12は、ステップS3においてグループ鍵K(Gn)を送信したことに対し、ユニキャスト通信によって、通信機器2から受信応答を受信する。
 ステップS5において、通信品質計測部17は、ステップS1にて受信したメッセージに含まれるEPOCH値(受信EPOCH値)が、現在のEPOCH値よりも古いか否かを判定する。このとき、通信品質計測部17は、現在鍵管理テーブル15aに記憶しているEPOCH値と受信EPOCH値との大小関係を比較する。受信EPOCH値が、鍵管理テーブル15aに記憶したEPOCH値よりも小さい場合には、受信EPOCH値が古いのでステップS6に処理を進める。双方のEPOCH値が同じ値である場合にはステップS9に処理を進める。
 ステップS6において、制御部11は、ステップS1にて受信したメッセージに含まれるノードID、EPOCH値を含む機器情報を通信品質記憶部18に記録する。
 次のステップS7において、通信部12は、ユニキャスト通信によって、グループ鍵K(Gn)を更新する鍵更新メッセージを送信する。このとき、制御部11の制御に従って、鍵管理部15は鍵管理テーブル15aから最新のグループ鍵K(Gn)を読み出す。暗号処理部16は、制御部11の制御に従って、グループ鍵K(Gn)を、鍵暗号化鍵KEKによって暗号化する。通信部12は、暗号化されたグループ鍵K(Gn)を含みメッセージ送信元機器のノードIDを含む鍵更新メッセージを送信する。
 このユニキャスト通信のポート番号Bは、マルチキャスト通信によって使用するポート番号Aとは異なる値を使用することが望ましい。
 次のステップS8において、通信部12は、ステップS7において送信した鍵更新メッセージに対する受信応答をユニキャスト通信によって受信する。
 ステップS9において、暗号処理部16は、ステップS1にて受信したメッセージを、最新のグループ鍵K(Gn)によって復号する。
 ステップS10において、制御部11は、ステップS9にて復号されたメッセージに従って各種の処理を行う。
 ステップS11において、制御部11は、ノンス値に含まれるカウンタ値が閾値以上であるか否かを判定する。この閾値は、予め設定された値であり、例えばカウンタ値の割当ビット量に応じた232−1等の値が設定されている。カウンタ値が閾値以上である場合にはステップS12に処理を進め、そうでない場合には処理を終了する。
 ステップS12において、通信部12は、全ての通信機器2のグループ鍵K(Gn)を最新にするために、最新のグループ鍵K(Gn)を含む鍵更新メッセージを送信する。この鍵更新メッセージは、鍵管理部15が導出した最新のグループ鍵K(Gn)を鍵暗号化鍵KEKによって暗号化した値を含む。このとき、通信部12は、マルチキャスト通信方式によって、鍵更新メッセージを送信する。
 通信部12は、マルチキャスト通信(マルチキャスト通信手段)によって使用するポート番号Aを、ユニキャスト通信(ユニキャスト通信手段)によって使用するポート番号Bとは異なる値としてもよい。
 次のステップS13において、制御部11は、通信機器2のうち、保証モードとなっている通信機器2があるか否かを判定する。保証モードとなっている通信機器2がある場合にはステップS14に処理を進め、ない場合には処理を終了する。なお、この保証モードについては後述する。
 ステップS14において、通信部12は、再送機能付きユニキャスト通信によって、通信機器2に対して鍵更新メッセージを送信する。このとき、通信部12は、マルチキャスト通信において使用するポート番号Aとは異なる値のポート番号Bを使用してもよい。
 以上のように、鍵情報制御装置1は、通信機器2からの鍵要求メッセージに応じて、ユニキャスト通信によってグループ鍵K(Gn)を送信できる。また、鍵情報制御装置1は、受信EPOCH値が篩場合には再送機能付きユニキャスト通信によって通信機器2に最新のグループ鍵K(Gn)を送信できる。さらに、鍵情報制御装置1は、カウンタ値が閾値以上となった場合にマルチキャスト通信によって全ての通信機器2のグループ鍵K(Gn)を更新できる。
 図11は、通信機器2の動作手順を示すフローチャートである。この動作は、コンピュータとしての通信機器2が、制御部21に記憶された鍵情報更新プログラム21bを実行することによって行われる処理である。
 先ずステップS21において、通信部22によって、外部から送信されたメッセージを受信する。
 次のステップS22において、制御部21によって、ステップS21にて受信したメッセージが、鍵情報制御装置1からマルチキャスト通信によって送信された鍵更新メッセージか否かを判定する。このとき、制御部21は、アドレス情報又はノードIDを参照して、メッセージの送信元が鍵情報制御装置1であるかを特定する。また、制御部21は、ノンス値に付加された暗号化データを参照して、受信したメッセージが鍵更新メッセージか否かを判定する。鍵更新メッセージである場合にはステップS23に処理を進め、そうでない場合にはステップS24に処理を進める。
 ステップS23において、制御部21は、ステップS21にて受信した鍵更新メッセージを暗号処理部25によって復号する。このとき、暗号処理部25は、鍵管理テーブル24aに記憶された鍵暗号化鍵KEKを用いて鍵更新メッセージを復号して、最新のグループ鍵K(Gn)を得る。鍵管理部24は、鍵管理テーブル24aに記憶している最新のグループ鍵K(Gn)を、鍵更新メッセージから取り出したグループ鍵K(Gn)に更新する。
 ステップS24において、通信品質計測部26は、ステップS21にて受信したメッセージに含まれるEPOCH値(受信EPOCH値)が、現在のEPOCH値よりも新しいか否かを判定する。このとき、通信品質計測部26は、現在鍵管理テーブル24aに記憶しているEPOCH値と受信EPOCH値との大小関係を比較する。受信EPOCH値が、鍵管理テーブル24aに記憶したEPOCH値よりも大きい場合には、受信EPOCH値が新しいのでステップS25に処理を進める。双方のEPOCH値が同じ値である場合にはステップS29に処理を進める。
 ステップS25において、制御部21は、ステップS21にて受信したメッセージを一時的に保存する。
 次のステップS26において、通信部22は、最新のグループ鍵K(Gn)を要求する鍵要求メッセージを送信する。このとき、通信部22は、ユニキャスト通信によって、機器固有鍵KDによるメッセージ認証を付加した鍵要求メッセージを送信する。
 次のステップS27において、通信部22は、ステップS26にて送信した鍵要求メッセージに対し、ユニキャスト通信によって鍵情報制御装置1から送信された鍵更新メッセージを受信する。このとき、鍵更新メッセージのポート番号Bが、マルチキャスト通信によって使用されているポート番号Aと異なっていてもよい。この場合、通信部22は、ユニキャスト通信に対応するポート番号Bによって受信を行う。
 ステップS28において、制御部21は、ステップS27にて受信した鍵更新メッセージを暗号処理部25によって復号する。このとき、暗号処理部25は、鍵管理テーブル24aに記憶された鍵暗号化鍵KEKを用いて鍵更新メッセージを復号して、最新のグループ鍵K(Gn)を得る。鍵管理部24は、鍵管理テーブル24aに記憶している最新のグループ鍵K(Gn)を、鍵更新メッセージから取り出したグループ鍵K(Gn)に更新する。
 次のステップS29において、暗号処理部16は、ステップS28にて更新された最新のグループ鍵K(Gn)を用いて、ステップS25で一時的に保存したメッセージを復号する。
 次のステップS30において、通信部22は、ステップS21にて受信したメッセージに応じ、各種のマルチキャスト通信処理を行う。
 以上のように、通信機器2は、鍵情報制御装置1からマルチキャスト通信によって鍵更新メッセージが送信された場合にはグループ鍵K(Gn)を更新できる。また、通信機器2は、受信EPOCH値が新しい場合には、ユニキャスト通信によって鍵要求メッセージを送信し、ユニキャスト通信によって最新のグループ鍵K(Gn)を受信してグループ鍵K(Gn)を更新できる。さらに、通信機器2は、喩え最新のグループ鍵K(Gn)を保持していなくても一時的にメッセージを保存しておき、最新のグループ鍵K(Gn)を取得して復号できる。
 さらに、上述した鍵情報更新システムにおいて、鍵情報制御装置1及び通信機器2は、マルチキャスト通信に使用するポート番号とユニキャスト通信に使用するポート番号とを異なる値を割り当てる。これにより、鍵情報制御装置1及び通信機器2から送信するメッセージに、当該メッセージを暗号化した鍵を記述する必要が無くなる。また、グループ鍵K(Gn)のカウンタ値とは別に、鍵暗号化鍵KEKのカウンタ値を管理でき、グループ鍵K(Gn)を更新する管理を容易にすることができる。
 つぎに、上述した鍵情報更新システムにおいて、通信機器2の通信不良が所定の閾値を超えたことを判定する処理について説明する。
 図12に、通信機器2Aによってグループ鍵K(G1)を用いた暗号化データ通信のシーケンス図を示す。この例において、通信機器2Aが通信を開始する時には、鍵情報制御装置1及び全ての通信機器2との間で認証処理及び初期のグループ鍵K(G1)は共有できているとする。
 通信機器2Aは、カウンタ値が最大値となるまでマルチキャスト通信を繰り返す。この例では、ノンス値がNonce={0,1,1}、Nonce={0,1,2}、Nonce={0,1,5}のメッセージは通信機器2B、2C、鍵情報制御装置1に到達する前に消失している。一方、ノンス値がNonce={0,1,0}、Nonce={0,1,3}、Nonce={0,1,4}、Nonce={0,1,6}のメッセージは通信機器2B、2C及び鍵情報制御装置1に到達している。
 このようなシーケンスが行われる鍵情報更新システムにおいて、鍵情報制御装置1は、通信機器2ごとに、カウンタ値を用いて通信不良を判定する。
 鍵情報制御装置1は、グループ鍵K(Gn)の更新タイミングとなると、マルチキャスト通信によって、鍵更新メッセージを送信する。図12の例では、グループ鍵K(Gn)がK(G2)、K(G3)、K(G4)、K(G5)と更新するごとに、鍵更新メッセージを配信する。各鍵更新メッセージのEPOCH値は、K(G2)、K(G3)、K(G4)、K(G5)と更新するごとに、1、2、3、4と増加する。
 このような通信シーケンスにおいて、EPOCH値が0、1、4の鍵更新メッセージは通信機器2Aに受信されている。これにより、通信機器2Aは、EPOCH値が0、1、4に対応したグループ鍵K(G1)、K(G2)、グループ鍵K(G5)を用いたマルチキャスト通信を行って鍵情報制御装置1と通信できる。一方、EPOCH値が2、3、の鍵更新メッセージは通信機器2Aに到達する前に消失している。したがって、通信機器2Aは、EPOCH値が2、3に対応したグループ鍵K(G3)、K(G4)を用いたマルチキャスト通信は行えない。
 このようなシーケンスが行われる鍵情報更新システムにおいて、鍵情報制御装置1は、通信機器2ごとに、EPOCH値を用いて通信不良を判定する。
 鍵情報制御装置1は、カウンタ値又はEPOCH値を用いて通信機器2ごとの通信不良を判定する。鍵情報制御装置1は、図12のような通信シーケンスにおいて、通信機器2Aの通信不良を判定する。
 この場合、鍵情報制御装置1は、図13に示すように、通信機器2Aに対し、マルチキャスト通信によってグループ鍵K(Gn)を送信する度にユニキャスト通信によって通信機器2Aにグループ鍵K(Gn)を送信する。
 このような鍵情報更新システムにおける鍵情報制御装置1の動作を図14に示す。
 先ず、ステップS41において、制御部11は、タイマー部19を制御して、通信不良判定のためのタイマー値としての所定時間tを設定する。
 次のステップS42において、タイマー部19は、起動して計時を行うタイマー処理を行う。
 次のステップS43において、制御部11は、タイマー部19により計時しているタイマー値が所定時間tに達して満了したか否かを判定する。タイマー値が満了した場合にはステップS44に処理を進め、そうでない場合にはステップS42のタイマー処理を継続する。
 このタイマー処理を継続している所定時間tにおいて、鍵情報制御装置1は、通信品質記憶部18によって通信機器2から送信されたメッセージにおけるカウンタ値を蓄積する。又は、鍵情報制御装置1は、通信機器2から送信されたメッセージに含まれるEPOCH値を蓄積する。
 ステップS44において、通信品質計測部17は、通信機器2ごとに、所定時間tにおける未受信回数を集計する。
 未受信検出手段としての通信品質計測部17は、通信品質記憶部18に蓄積された通信機器2ごとのメッセージにおけるカウンタ値を参照する。通信品質計測部17は、カウンタ値における抜けを検出する。これにより通信品質計測部17は、通信機器2ごとに所定時間tにおける通信機器2から送信されたメッセージの未受信回数を計測する。
 又は、通信品質検出手段としての通信品質計測部17は、通信品質記憶部18に蓄積された通信機器2ごとのメッセージにおけるEPOCH値を参照する。通信品質計測部17は、EPOCH値における抜けを検出する。これにより通信品質計測部17は、通信機器2ごとに所定時間tにおける通信機器2によるグループ鍵K(Gn)の未受信回数を計測する。
 次のステップS45において、制御部11は、ステップS44において集計された未受信回数が所定の閾値より大きい通信機器2があるか否かを判定する。未受信回数が閾値よりも大きい通信機器2がある場合にはステップS46に処理を進め、ない場合にはステップS47に処理を進める。
 ステップS46において、制御部11は、未受信回数が閾値よりも大きいことに該当した通信機器2を保証モードに設定する。この保証モードは、図13に示したように、通信機器2が閾値以上の通信不良を発生させた場合、マルチキャスト通信と併用し、当該マルチキャスト通信によって送信したメッセージを再送付きユニキャスト通信によって送信する動作モードである。
 ステップS47において、制御部11は、未受信回数が閾値よりも大きくことに該当しない通信機器2を通常モードに設定する。この通常モードは、上述したようにマルチキャスト通信のみを行う動作モードである。
 このような鍵情報制御装置1は、通信品質記憶部18によって、通信機器2ごとに、所定時間t[分]に受信したカウンタ値を蓄積する。図12に示した通信シーケンスの場合、通信品質記憶部18は、通信機器2Aに対応して、カウンタ値としての0、3、4、6を蓄積する。
 通信品質計測部17は、所定時間tが経過すると、通信品質記憶部18に蓄積したカウンタ値を参照して、鍵情報制御装置1に未達のメッセージを検出する。図12の場合、通信品質計測部17は、カウンタ値1、2、5のメッセージが通信機器2Aに送信されたが、鍵情報制御装置1には未達(未受信)であることを検出する。これにより、制御部11は、所定時間t中に、7回中、3回が未受信回数であったと判定する。
 制御部11は、メッセージの未受信回数と予め設定した閾値(例えば2回)とを比較する。メッセージの未受信回数が閾値を超えているので、制御部11は、通信機器2Aの動作モードを保証モードに設定する。これにより、制御部11は、図13に示したように、通信機器2Aに対するマルチキャスト通信によってメッセージを送信し、さらに、再送付きユニキャスト通信によってメッセージを送信する。
 同様に、鍵情報制御装置1は、通信品質記憶部18によって、通信機器2ごとに、所定時間t[分]に受信したEPOCH値を蓄積する。図12に示した通信シーケンスの場合、通信品質記憶部18は、通信機器2Aに対応して、EPOCH値としての0、1、4を蓄積する。
 通信品質計測部17は、所定時間tが経過すると、通信品質記憶部18に蓄積したEPOCH値を参照して、通信機器2Aに未達の鍵更新メッセージを検出する。図12の場合、通信品質計測部17は、EPOCH値が2、3の鍵更新メッセージが通信機器2Aには未達(未受信)であることを検出する。これにより、制御部11は、所定時間t中に、4回中、2回が未受信回数であったと判定する。
 制御部11は、メッセージの未受信回数と予め設定した閾値(例えば2回)とを比較する。メッセージの未受信回数が閾値を超えているので、制御部11は、通信機器2Aの動作モードを保証モードに設定する。これにより、制御部11は、図13に示したように、通信機器2Aに対するマルチキャスト通信によってメッセージを送信し、さらに、再送付きユニキャスト通信によってメッセージを送信する。
 以上のように、この鍵情報更新システムによれば、通信不良であることが判定された通信機器2についての動作モードを保証モードに設定する。これにより、鍵情報制御装置1は、マルチキャスト通信に加えて、再送付きユニキャスト通信によってメッセージを通信機器2に送信できる。これにより、鍵情報更新システムは、不安定な通信路にある通信機器2にマルチキャスト通信によって送信する鍵更新メッセージを確実に受信させることができる。
 さらに、上述した鍵情報更新システムにおいて、鍵情報制御装置1は、不安定な通信路を検出した場合に、当該不安定な通信路にある通信機器2又は他の通信機器2に通知を行ってもよい(通信手段)。
 例えば、図15に示すように、全ての通信機器2にグループ鍵K(G3)を配布してデータ通信処理P4を行った後、通信機器2Aの通信不良が発生したとする。この場合、鍵情報制御装置1は、上述したように、マルチキャスト通信によって鍵要求メッセージを送信し、さらに、ユニキャスト通信によって鍵要求メッセージを送信する。
 この場合、鍵情報制御装置1は、制御部11の制御によって、不安定な通信路を通知する。制御部11は、不安定な通信路にある通信機器2A、通信機器2Aと通信を行う通信機器2B、2Cに通知を行う。このとき、制御部11は、認証処理及び鍵配布処理P1、P2、P3によって認証が許可された通信機器2の情報に基づいて通知を行う。
 このような鍵情報制御装置1によれば、不安定な通信路にある通信機器2を通知することにより、不安定な通信路にある通信機器2によって、マルチキャスト通信に加えて、再送機能付きユニキャスト通信によってメッセージを送信する設定に変更できる。また、鍵情報制御装置1によれば、任意の通信機器2が不安定な通信路にある通信機器2と通信を行う場合に、マルチキャスト通信に加えて、再送機能付きユニキャスト通信によってメッセージを送信する設定に変更できる。これにより、この鍵情報更新システムによれば、メッセージを確実に通信相手に受信させることができる。
 さらに、上述した鍵情報更新システムにおいて、鍵情報制御装置1は、グループ鍵K(Gn)をマルチキャスト通信によって送信する間隔を所定期間とする。これに対し、通信機器2は、所定期間を超えてグループ鍵K(Gn)を受信していない場合に、マルチキャスト通信によってグループ鍵K(Gn)を受信できていないことを検出する。
 このような鍵情報更新システムにおいて、鍵情報制御装置1は、図16に示すような処理手順によって動作する。
 先ず、ステップS51において、鍵情報制御装置1は、タイマー部19によってグループ鍵K(Gn)を更新するためのタイマー設定を行う。このとき、制御部11は、鍵要求メッセージを送信する所定期間を設定する。
 次のステップS52において、タイマー部19は、ステップS51にて設定された所定期間を計時する。
 次のステップS53において、制御部11は、タイマー部19により計時しているタイマー値が所定時間に達して満了したか否かを判定する。タイマー値が満了した場合にはステップS54に処理を進め、そうでない場合にはステップS52のタイマー処理を継続する。
 ステップS54において、通信部12は、制御部11の制御に従って、暗号処理部16によって導出した最新のグループ鍵K(Gn)のための鍵更新メッセージをマルチキャスト通信によって送信する。
 鍵更新メッセージは、所定期間ごとに鍵情報制御装置1から送信される。これにより、通信機器2は、タイマー部28によって所定期間を計時し、所定期間を超えて鍵更新メッセージを受信していない場合に通信不良を検出できる。通信機器2は、通信不良を検出した場合に、鍵情報制御装置1に鍵要求メッセージを送信することができる。
 なお、この実施形態では、タイマー部19及びタイマー部28によって所定期間を計時したが、これに限らず、鍵更新メッセージを周期的に送信する時刻を設定してもよい。
 この鍵情報更新システムによれば、タイマー又は時刻を用いて周期的に鍵更新メッセージの送信を実施するので、通信機器2によって容易に通信不良を検出できる。そして、通信機器2によって通信不良を検出した直後に鍵要求メッセージを送信できる。したがって、この鍵情報更新システムによれば、通信不良の通信機器2が新たなグループ鍵K(Gn)を用いて通信を再開するための期間を短縮できる。
 さらに、上述した鍵情報更新システムは、認証処理及び鍵配布処理において、鍵暗号化鍵KEKに加えて、リカバリー鍵を鍵情報制御装置1及び全ての通信機器2に配布してもよい。このリカバリー鍵は、通信機器2が通信不良となった場合に一時的に通信を行うために使用される。
 この鍵情報更新システムにおいて、認証処理及び鍵配布処理P1、P2、P3では、鍵情報制御装置1は、グループ鍵K(Gn)とは異なり、鍵情報制御装置1と複数の通信機器2とを含むネットワークにおいて使用されるリカバリー鍵を生成する。なお、このリカバー鍵は、グループ鍵K(G0)またはグループ鍵K(G(nの最大値))を生成してリカバー鍵としてもよい。このとき、グループ鍵K(G0)をリカバリー鍵とした場合は、グループ鍵はグループ鍵K(G1)から使用する。グループ鍵K(G(nの最大値))とした場合は、グループ鍵はグループ鍵K(G0)から使用することとしても良い。次に、鍵情報制御装置1は、鍵情報制御装置1と通信機器2との間で認証処理を行った後に、リカバリー鍵を配布する。
 その後、鍵情報更新システムは、鍵情報制御装置1からマルチキャスト通信によって新たなグループ鍵K(Gn)を通信機器2に送信する。これにより、鍵情報更新システムは、鍵情報制御装置1から送信されたグループ鍵K(Gn)に、通信機器2のグループ鍵K(Gn)を更新する。これにより、鍵情報更新システムは、鍵情報制御装置1及び全ての通信機器2に対し、グループ鍵K(Gn)を設定する。なお、この時に、リカバリー鍵を設定してもよい。
 鍵情報制御装置1は、リカバリー鍵を用いて、通信機器2と暗号化通信を行う。例えば図17に示すように、鍵更新処理P5において、最新のグループ鍵K(Gn)をグループ鍵K(G4)に更新する鍵更新メッセージを送信する。このとき、通信機器2A、2Bが通信不良によって鍵更新メッセージが受信できなかったとする。この場合、鍵情報制御装置1は、上述したように、通信機器2A、2Bから送信されたEPOCH値を参照して、更新されたグループ鍵K(G4)を受信していないことを検出できる。
 このとき、鍵情報制御装置1は、リカバリー鍵を用いて暗号化したグループ鍵K(G4)を送信する。この場合、鍵情報制御装置1は、1つのリカバリー鍵によって暗号化した鍵更新メッセージを、通信機器2A、2Bの双方に再送機能付きユニキャスト通信によって送信する。
 したがって、この鍵情報更新システムによれば、通信不能となった通信機器2が複数存在する場合であっても、1つのリカバリー鍵によって複数の通信機器2に再送機能付きユニキャスト通信によって鍵更新メッセージを送信できる。これにより、新しいグループ鍵K(Gn)を容易に特定の通信機器2のみに再度配布できる。すなわち、全ての通信機器2のグループ鍵K(Gn)を更新する必要が無く、最小限の通信で新たなグループ鍵K(Gn)に更新できる。
 通信機器2は、リカバリー鍵を用いて鍵情報制御装置1及び他の通信機器2と暗号化通信を行う。例えば図18に示すように、通信機器2Aが鍵情報制御装置1から送信されたマルチキャスト通信の鍵更新メッセージ(K(G4))を受信できかったとする。この状況において、緊急に、通信機器2Aが他の通信機器2、鍵情報制御装置1にメッセージを送信する必要が発生したとする。
 この場合、通信機器2Aは、マルチキャスト通信によって古いグループ鍵K(G3)で暗号化したメッセージを送信しても、受信応答を得ることができない。そこで、通信機器2Aは、リカバリー鍵を用いてメッセージを暗号化して、他の通信機器2及び鍵情報制御装置1に再送機能付きユニキャスト通信を行う。
 これにより、通信機器2Aは、緊急性が高いメッセージをマルチキャスト通信によって送信できない場合であっても、リカバリー鍵によって暗号化して他の通信機器2及び鍵情報制御装置1にメッセージを送信できる。
 なお、上述の実施の形態は本発明の一例である。このため、本発明は、上述の実施形態に限定されることはなく、この実施の形態以外であっても、本発明に係る技術的思想を逸脱しない範囲であれば、設計等に応じて種々の変更が可能であることは勿論である。 Hereinafter, embodiments of the present invention will be described with reference to the drawings.
A key information update system to which the present invention is applied is configured as shown in FIG. 1, for example.
The key information update system includes a key information control device 1 and a plurality of communication devices 2A, 2B, 2C (hereinafter simply referred to as communication device 2 when collectively referred to). The key information control device 1 and the communication device 2 are connected to the communication relay device 100. The key information control device 1 and the communication device 2 can communicate with each other by relaying information by the communication relay device 100.
The communication relay device 100 is connected to a communication network NT such as the Internet by wire. The communication relay device 100 corresponds to, for example, a broadband router.
The communication device 2 is various devices installed in a home, for example. In the present embodiment, the communication device 2 </ b> A is a wireless communication device that exchanges wireless signals with the communication relay device 100. The communication devices 2B and 2C are wiredly connected to the communication relay device 100 via a communication line.
In the present embodiment, the communication device 2 may perform wired communication or wireless communication. Wireless communication generally has lower communication quality than wired communication. Moreover, the communication apparatus 2 may be in a sleep state at an arbitrary timing, and may be activated by a certain period or some external trigger. This sleep state includes a state in which operation is performed with a minimum amount of power and communication cannot be performed. There may be three or more communication devices 2.
The key information control device 1 communicates with a plurality of communication devices 2 and controls the plurality of communication devices 2. The key information control device 1 performs encrypted communication with the communication device 2. For this purpose, the key information control apparatus 1 performs an authentication process and a key distribution process with each communication device 2. Further, the key information control apparatus 1 updates a group key used in a network including a plurality of communication devices 2.
The key information control apparatus 1 has functional units as shown in FIG. The key information control device 1 is a computer that can read and execute a program. The key information control device 1 functions as each unit as shown in FIG. 2 by executing a program by a computer. This program is a key information control program for updating a group key used in a network including a plurality of communication devices 2 in the present embodiment.
The key information control device 1 includes a control unit 11, a communication unit 12, an authentication processing unit 13, an authentication information storage unit 14, a key management unit 15, and an encryption processing unit 16. Further, the key information control apparatus 1 includes a communication quality measuring unit 17 and a communication quality storage unit 18. Further, the key information control apparatus 1 has a timer unit 19.
The communication unit 12 performs communication with the communication device 2. The communication unit 12 communicates with the communication device 2 by either the multicast communication method or the unicast communication method. The switching of the communication method is controlled by the control unit 11.
The control unit 11 controls each unit of the key information control device 1. The control unit 11 executes the key information control program 11b stored in the storage unit 11a as a computer-readable recording medium on which the program is recorded.
The authentication processing unit 13 performs authentication processing with the communication device 2 connected to the key information control device 1. The authentication processing unit 13 only needs to be able to execute various existing authentication processes.
The authentication processing unit 13 reads the authentication information stored in the authentication information storage unit 14 during the authentication process. The authentication information is, for example, the node ID of the communication device 2 and a device unique key KD (Key of Device) (or password). The authentication processing unit 13 compares the authentication information transmitted from the communication device 2 with the authentication information stored in the authentication information storage unit 14 to determine whether the communication device 2 has a legitimate authority. . Note that it may be determined whether the communication device 2 has a legitimate authority using a public key and a secret key instead of the device unique key KD. The same operation can be performed using the device unique key KD as a secret key.
The key management unit 15 manages key information used when the key information control device 1 performs encrypted communication with the communication device 2. The key management unit 15 includes a device unique key KD of the communication device 2 (key for device authentication and key encryption key distribution by unicast), a key encryption key KEK (Key Encryption Key). The group key K (Gn) is managed. The managed key information is stored in the key management table 15a.
The device unique key KD for each communication device 2 is key information for encrypting the key encryption key KEK sent to the communication device 2 by the key information control device 1 and authenticating the communication device 2. This device unique key KD is set in advance and shared by the key information control device 1 and each communication device 2.
The key encryption key KEK is a key for key encryption. The key information control device 1 derives the key encryption key KEK. The key encryption key KEK is shared by all the communication devices 2 and the key information control device 1 during authentication and key distribution.
The device unique key KD of the communication device 2 is key information (encryption key) for encrypting a key encryption key (KEK) between the key information control device 1 and the communication device 2 and distributing it to the communication device 2. ). The key information control device 1 can have a device unique key KD having a different value for each device of the communication device 2 in order to enhance security.
The group key K (Gn) is key information for performing encrypted multicast communication between the key information control device 1 and all the communication devices 2. The key information control device 1 derives the group key K (Gn). The group key K (Gn) is encrypted with the key encryption key KEK and distributed to all communication devices 2 by multicast communication. Note that n in the group key K (Gn) is a key version. Every time a new key is generated by the key management unit 15, n is increased to 1, 2, 3,.
The key management unit 15 derives a key encryption key KEK and a group key K (Gn), and holds device unique keys KD of all communication devices 2 in advance. The key management unit 15 causes the communication unit 12 to transmit the derived key encryption key KEK to each communication device 2. Further, the key management unit 15 updates the group key K (Gn) by multicast communication.
The key management unit 15 manages key identifiers. The key identifier is a value (EPOCH value) that is changed every time the group key K (Gn) is updated. The key management unit 15 updates the old EPOCH value to a new EPOCH value every time the group key is updated.
The encryption processing unit 16 performs message encryption processing using the key information stored in the key management table 15a. In addition, the encryption processing unit 16 decrypts the encrypted data using the key information stored in the key management table 15a from the encryption information received by the communication unit 12. At this time, the encryption processing unit 16 selects and uses appropriate key information stored in the key management table 15a.
The communication quality measuring unit 17 measures the communication quality with each communication device 2. The communication quality measuring unit 17 refers to the EPOCH value in the information transmitted from the communication device 2. In the case of an old EPOCH value, the communication quality measuring unit 17 detects a communication device 2 that has not received the group key K (Gn) transmitted by multicast communication (communication quality detection means). Further, the communication quality measuring unit 17 may detect the communication quality by using a nonce value counter value, as will be described later.
The communication quality storage unit 18 stores the EPOCH value referred to by the communication quality measurement unit 17 for each communication device 2. The EPOCH value is referred to by the communication quality measuring unit 17. Thereby, the communication quality measuring unit 17 can determine that the communication quality is low for the communication device 2 having the missing EPOCH value.
In such a key information control device 1, the control unit 11 changes the communication method of the communication unit 12. The communication unit 12 transmits the EPOCH value and the group key K (Gn) generated by the key management unit 15 to the plurality of communication devices 2 by multicast communication in the normal group key K (Gn) update process (multicast communication). means).
When a communication device 2 that has not received the group key K (Gn) is detected by the communication quality measuring unit 17 serving as a communication quality detection unit, the communication unit 12 transmits a unicast communication with a retransmission function to the communication device 2. To transmit the group key K (Gn) (unicast communication means).
The timer unit 19 measures an interval at which the group key K (Gn) is transmitted by multicast communication. The control unit 11 sets a predetermined period for the transmission interval of the group key K (Gn). The timer unit 19 is controlled by the control unit 11 to clear the timer value and measure the timer value.
The communication device 2 has functional units as shown in FIG. 3, for example. The communication device 2 is a computer that can read and execute a program. The communication device 2 functions as each unit as shown in FIG. 3 by executing a program by a computer. This program is a key information update program for updating the group key held by itself in this embodiment. Thereby, the communication device 2 functions as a key information update device.
The communication device 2 includes a control unit 21, a communication unit 22, an authentication processing unit 23, a key management unit 24, and an encryption processing unit 25. Furthermore, the communication device 2 includes a communication quality measuring unit 26 and a communication quality storage unit 27. Furthermore, the communication device 2 has a timer unit 28.
The communication unit 22 performs communication between the key information control device 1 and another communication device 2. The communication unit 22 communicates with the key information control apparatus 1 by either the multicast communication method or the unicast communication method. The switching of the communication method is controlled by the control unit 21.
The control unit 21 controls each unit of the communication device 2. The control unit 21 executes a key information update program 21b stored in a storage unit 21a as a computer-readable recording medium on which the program is recorded.
The authentication processing unit 23 performs authentication processing with the key information control device 1. The authentication processing unit 23 only needs to be able to execute various existing authentication processes.
The authentication processing unit 23 reads preset authentication information during the authentication process. The authentication information is, for example, the node ID of the communication device 2 and a device unique key KD (Key of Device) (or password). The authentication processing unit 23 transmits authentication information from the communication unit 22 to the key information control device 1 in response to a request from the key information control device 1.
The key management unit 24 manages key information used when encrypted communication is performed between the key information control device 1 and another communication device 2. The key management unit 24 manages the device unique key KD, the key encryption key KEK, and the group key K (Gn) of the communication device 2. The managed key information is stored in the key management table 24a. Further, the key management unit 24 stores the key identifier in the key management table 24a.
The encryption processing unit 25 performs message encryption processing using the key information stored in the key management table 24a. In addition, the encryption processing unit 25 decrypts the encrypted data using the key information stored in the key management table 24a from the encryption information received by the communication unit 22. At this time, the encryption processing unit 25 selects and uses appropriate key information stored in the key management table 24a.
The communication quality measuring unit 26 measures the communication quality with the key information control device 1. The communication quality measuring unit 26 refers to the EPOCH value in the information transmitted from the key information control device 1 or another communication device 2. The communication quality measuring unit 26 compares the EPOCH value of the received information with the EPOCH value if it is held in the key management table 24a. As a result of this comparison, the communication quality measuring unit 26 detects that the two EPOCH values are different and the difference between the EPOCH values. In this case, the communication quality measurement unit 26 detects that the updated group key K (Gn) has not been received (communication quality detection means). Further, the communication quality measuring unit 26 may detect that the group key K (Gn) is not received as the communication quality with reference to the timer value.
The communication quality storage unit 27 stores the EPOCH value referred to by the communication quality measurement unit 26. The EPOCH value is referred to by the communication quality measuring unit 26. Thereby, the communication quality measuring unit 26 can determine that the communication quality is low when the EPOCH value is missing.
When such a communication device 2 detects that the group key K (Gn) updated by the communication quality measuring unit 26 has not been received, the communication device 2 obtains the group key K (Gn) by unicast communication with a retransmission function. Request. At this time, the communication device 2 transmits a key request message to the key information control device 1. Accordingly, in the communication device 2, the communication unit 22 acquires the current group key K (Gn) by unicast communication (communication means).
The timer unit 28 measures the interval at which the group key K (Gn) is received by multicast communication. The reception interval of the group key K (Gn) is set in advance with the key information control device 1 in advance. The timer unit 28 is controlled by the control unit 21 to clear the timer value and measure the timer value. Thereby, the timer unit 28 detects that the group key K (Gn) has not been received by multicast communication when the group key K (Gn) has not been received for a predetermined period.
In this key information update system, the key information control device 1 performs encrypted communication with the communication device 2. For this purpose, the key information control device 1 authenticates each communication device 2. Thereafter, the key information control device 1 distributes a key encryption key KEK that can be encrypted and communicated only with each communication device 2. Furthermore, the key information control apparatus 1 distributes a group key K (Gn) that can be encrypted and communicated with all the communication devices 2.
As a result, the group key K (Gn) is shared by the key information control apparatus 1 and all the communication devices 2. In the group key K (Gn), Gn corresponds to the age of the group key (EPOCH value).
As shown in FIG. 1, such a key information update system transmits a group key S1 from the key information control device 1 to the communication device 2 by multicast communication. The group key S1 is transmitted to the communication device 2 via the communication relay device 100. Since the communication device 2A is a wireless communication device, a wireless signal S2a is transmitted from the communication relay device 100 to the communication device 2A. Since the communication devices 2B and 2C are wired communication devices, wired signals S2b and S2c are transmitted from the communication relay device 100 to the communication devices 2B and 2C.
For example, it is assumed that the wireless signal S2a disappears due to a communication failure caused by noise or the like. In this case, the communication device 2A cannot receive the group key S1 used by the key information control device 1 and the other communication devices 2B and 2C. Therefore, the communication device 2A cannot decrypt information transmitted by multicast communication that is subsequently encrypted with the group key S1. Further, the communication device 2A transmits information encrypted with the old group key. Therefore, the information transmitted from the communication device 2A cannot be decrypted by the key information control device 1 and the other communication devices 2B and 2C.
Therefore, the key information update system of this embodiment enables communication even when the group key update fails. For this reason, the key information update system detects a communication failure. When a communication failure is detected, the key information update system updates the group key of the communication device 2 in which the communication failure has occurred using both multicast communication and unicast communication. Hereinafter, this operation will be described in detail.
First, a nonce including an EPOCH value included in a packet communicated in the key information update system will be described with reference to FIG.
A packet communicated in the key information update system includes a nonce shown in FIG. 4A or 4B in addition to the IP address and UDP. The nonce is used as one of parameters at the time of data encryption, and is added to the header part of the transmission data message. The nonce illustrated in FIG. 4A includes an EPOCH value and a counter value. The nonce shown in FIG. 4B includes an EPOCH value, a node ID, and a counter value.
The EPOCH value is an identifier of the group key K (Gn). The EPOCH value is changed every time the group information K (Gn) is updated by the key information control apparatus 1. The key information control device 1 increments the EPOCH value every time the group key K (Gn) is updated.
The node ID is an identifier for identifying the key information control device 1 and the communication device 2. The key information control device 1 and the communication device 2 store their node IDs in a message when transmitting data.
The counter value represents the number of times that the encrypted multicast communication is performed using the group key K (Gn) identified by the EPOCH value. This counter value is managed by each of the key information control device 1 and the communication device 2. The counter value is counted up every time the key information control device 1 and the communication device 2 transmit data. The group key K (Gn) is updated by the key information control device 1 before the counter value reaches the maximum value.
Next, an operation when no communication failure occurs in this key information update system will be described with reference to FIG.
First, an authentication process and a key distribution process P1 are performed between the key information control apparatus 1 and the communication device 2C. After determining that the communication device 2C is a valid device, the key information control device 1 distributes the key encryption key KEK by unicast communication.
Next, the key information control apparatus 1 distributes the group key K (G1) by multicast communication. At this time, the key information control apparatus 1 transmits the encrypted information obtained by the function E (KEK, K (G1)) by multicast communication. This function E is a function for encrypting the group key K (G1) using the key encryption key KEK. This key encryption key KEK is the key encryption key KEK distributed in process P1.
When the communication device 2C receives the function E multicast-transmitted from the key information control device 1, it decrypts it. At this time, the communication device 2C performs an operation of a function D (KEK, E (KEK, K (Gn))). This function D is a function for decrypting the encrypted information obtained by E (KEK, K (Gn)) using the key encryption key KEK. Accordingly, the communication device 2C can decrypt the group key K (G1).
Similarly, the key information control apparatus 1 performs authentication processing and key distribution processing P2 and P3 for the communication device 2B and the communication device 2A. Furthermore, the key information control apparatus 1 distributes the group keys K (G2) and K (G3) every time the authentication process and the key distribution processes P2 and P3 are completed.
Thereby, the key information control apparatus 1 and all the communication apparatuses 2 can perform the data communication process P4 by the encrypted multicast communication using the group key K (G3).
When it is time to update the group key K (Gn), the key information control device 1 and the communication device 2 perform key update processing P5. In this key update process P5, a new group key K (G4) generated by the key information control apparatus 1 is distributed to all the communication devices 2 by multicast communication. Each communication device 2 receives the group key K (G4) by multicast communication, and updates the group key K (G3) stored in the key management table 24a to a new group key K (G4). .
Thereafter, for example, the encrypted data is transmitted from the key information control device 1 to all the communication devices 2. This encrypted data includes encryption information obtained by the function E (K (G4), data). Each communication device 2 receives the encrypted data transmitted from the key information control device 1 by multicast communication. Each communication device 2 decrypts the encrypted data with the group key K (G4). As a result, each communication device 2 performs an operation of function D (K (G4), E (K (G4), data)).
Can get the data.
Next, a nonce value when the group key K (Gn) is updated in the above-described key information update system will be described with reference to FIG. The EPOCH value, node ID, and counter value included in the nonce are shown as Nonce = {EPOCH, node ID, counter value} in FIG.
The encrypted data encrypted using the group key K (G1) is transmitted by the communication device 2C. A nonce value is added to the encrypted data. This encrypted data is transmitted to the communication device 2A, the communication device 2B, and the key information control device 1 by multicast communication.
First, Nonce = {0, 3, 0} is added to the encrypted data transmitted for the first time. Nonce = {0, 3, 1} with an incremented counter value is added to the encrypted data transmitted for the second time. Further, Nonce = {0, 3, 2 is included in the encrypted data transmitted at the number obtained by subtracting 1 from the maximum counter value. 32 -1} is added.
The key information control apparatus 1 sets the counter value obtained by subtracting 1 from the maximum value to the nonce value Nonce = {0, 3, 2 32 -1}. Then, the key information control apparatus 1 transmits a key update message including a new group key K (G2) by multicast communication. Thereby, the communication device 2C updates the group key K (G1) to a new group key K (G2).
Thereafter, the communication device 2C adds Nonce = {1, 3, 0}, Nonce = {1, 3, 1}, Nonce = {1, 3 to each of the encrypted data encrypted with the group key K (G2). , 232-1} can be added. Thereafter, the number of times the encrypted data encrypted with the group key K (G2) is transmitted is 2 32 When −1, the group key K (G2) is updated to a new group key K (G3).
Next, an operation when the key information control apparatus 1 detects that the group key K (Gn) has not been received in the key information update system described above will be described with reference to FIG.
First, as described with reference to FIG. 5, the key information update system performs authentication processing and key distribution processing P1, P2, and P3 between the key information control device 1 and the communication devices 2A, 2B, and 2C. . Furthermore, the key information control apparatus 1 distributes the group key K (Gn) by multicast communication after the authentication process and the key distribution process. As a result, the key information control apparatus 1 and the communication devices 2A, 2B, and 2C perform the data communication process P4 using the latest group key K (G3).
Thereafter, when the update timing of the group key K (Gn) is reached, the key information control apparatus 1 performs a key update process P5 for distributing the group key K (G4) to the communication devices 2A, 2B, and 2C by multicast communication. (Multicast communication means). The EPOCH value corresponding to this group key K (G4) is “3”. At this time, it is assumed that the key update message transmitted from the key information control apparatus 1 to the communication device 2A is not received by the communication device 2A due to communication failure.
Thereafter, the communication device 2A transmits the encrypted data encrypted with the group key K (G3) as the old group key K (Gn). The EPOCH value corresponding to this group key K (G3) is “2”. Then, the encrypted data is received by the communication devices 2B and 2C and the key information control device 1. However, even if the communication devices 2B and 2C and the key information control device 1 try to decrypt using the latest group key K (G4), the decryption fails.
If the decryption fails, the key information control device 1 refers to the EPOCH value in the information transmitted from the communication device 2A. Then, while the EPOCH value held by the key information control apparatus 1 is “3”, the EPOCH value of the information transmitted from the communication device 2A is “2”. Thereby, the key information control device 1 detects the communication device 2A as a communication device that has not received the group key K (G4) transmitted by multicast communication (communication quality detection means).
In this case, the key information control apparatus 1 transmits the group key K (G4) to the communication device 2A by unicast communication with a retransmission function (unicast communication means). At this time, the key information control apparatus 1 encrypts the new group key K (G4) with the key encryption key KEK distributed in the authentication process and the key distribution process P3.
When transmitting the group key K (G4) by unicast communication, the key information control apparatus 1 performs unicast communication with a retransmission function. This unicast communication with a retransmission function repeats unicast communication until a reception response is received from the communication device 2. For example, even if the key information control apparatus 1 performs unicast communication twice and the group key K (G4) disappears due to communication failure, the key information control apparatus 1 transmits the group key K (G4 to the communication device 2A by the third unicast communication. ) Can be sent.
The group key K (G4) transmitted by the unicast communication is decrypted using the key encryption key KEK of the communication device 2A. The communication device 2A can update the group key K (G3) to the latest group key K (G4). Upon receiving the latest group key K (G4), the communication device 2A transmits a reception response to the key information control device 1 by unicast communication.
Further, the key information control apparatus 1 may transmit the latest EPOCH value in addition to the group key K (Gn) by unicast communication with a retransmission function. In this case, the communication device 2A can update the group key K (G3) to the group key K (G4) and update the stored EPOCH value “2” to the latest EPOCH value “3”.
As described above, according to the key information update system, even when the group key K (Gn) transmitted by multicast communication is lost due to communication failure, the communication method for transmitting the group key K (Gn) is automatically multicast communication. To unicast communication with resending function.
As a result, the key information update system switches the multicast communication method to the unicast communication with a retransmission function that requires a reception response and transmits the group key K (Gn), thereby more reliably updating the group key K (Gn). Can be implemented.
Also, according to this key information update system, the key management unit 15 greatly changes the value of the EPOCH value every time it is changed to a new group key. The key information control apparatus 1 receives the group key transmitted by multicast communication when the EPOCH value transmitted from the communication device 2 is smaller than the EPOCH value changed by the key management unit 15 by the communication quality measuring unit 17. Can be detected.
In this way, it is possible to refer to the EPOCH value, detect that the key update message by multicast communication has disappeared, and switch to unicast communication with a retransmission function to perform key update. As a result, the group key can be reliably updated, and multicast communication using the group key can be performed without performing the authentication process and the key update process for the entire system again.
Furthermore, according to this key information update system, the key information control device 1 can transmit the latest EPOCH value generated by the key management unit 15 in addition to the latest group key. As a result, the latest EPOCH value can be transmitted from the key information control apparatus 1 to the communication device 2 by unicast communication with a retransmission function. Thus, the key information update system can easily start multicast communication using the group key immediately after transmitting the latest EPOCH value from the key information control device 1 to the communication device 2.
Next, an operation when the communication device 2 detects that the group key K (Gn) has not been received in the key information update system described above will be described with reference to FIG.
As described above, the key information update system performs authentication processing and key distribution processing P1, P2, and P3 between the key information control device 1 and the communication devices 2A, 2B, and 2C. Furthermore, the key information control apparatus 1 and the communication devices 2A, 2B, and 2C perform the data communication process P4 using the latest group key K (G3). Thereafter, it is assumed that the key update message transmitted from the key information control device 1 to the communication device 2A has not been received by the communication device 2A due to communication failure at the update timing of the group key K (Gn).
Thereafter, the key information control apparatus 1 transmits the encrypted data encrypted with the new group key K (G4) by multicast communication. The EPOCH value corresponding to this group key K (G4) is “3”. Then, this encrypted data is received by the communication devices 2A, 2B, 2C. The communication devices 2B and 2C can successfully decrypt the encrypted data with the new group key K (G4) obtained by the key update process P5.
However, even if the communication device 2A attempts to decrypt it with the group key K (G3) stored in the key management table 24a, the decryption fails. If the decryption fails, the communication device 2A refers to the EPOCH value in the information transmitted from the key information control device 1. Then, while the EPOCH value held by the communication device 2A is “2”, the EPOCH value of the information transmitted from the key information control apparatus 1 is “3”. As a result, the communication device 2A detects that the latest group key K (Gn) has not been received (communication quality detection means).
In this case, the communication device 2A requests the key information control device 1 to transmit the latest group key K (Gn) by unicast communication with a retransmission function (unicast communication means). Note that a new group key request message is normally sent in plain text. This plaintext message is a configuration example of {MSG, EPOCH, D_2A}. Here, MSG is an identifier indicating a request, EPOCH is an EPOCH value received from the key information control apparatus 1 by the communication device 2A, and D_2A is an identifier or ID that can identify the communication device 2A.
At this time, the communication device 2A adds the message authentication code (MAC) information to the key request message for requesting a new group key K (Gn) by using the encryption key KEK distributed in the authentication process and the key distribution process P3. May be. The message authentication code information is information for proving that the communication device 2A is used.
The request with the message authentication code (MAC) added is, for example, a configuration example of {MSG, EPOCH, D_2A, MAC (KD_2A, MSG, D_2A, EPOCH)}. The function MAC calculates KD_2A as key information, MSG, D_2A, and EPOCH as messages, and outputs a MAC value. This MAC value includes the device unique key KD of the communication device 2A. For this reason, if the device unique key KD is different, the MAC values do not match even if the same MSG, D_2A and EPOCH are input. Therefore, the MAC value is information that proves the communication device 2A. MSG is an identifier (including a character string) indicating a request. EPOCH is an EPOCH value received from the key information control apparatus 1 by the communication device 2A. D_2A is an identifier or node ID that can identify the communication device 2A.
The communication device 2A performs unicast communication with a retransmission function when requesting the group key K (Gn) by unicast communication. This unicast communication with a retransmission function repeats unicast communication until a reception response is received from the key information control apparatus 1. For example, even if the communication device 2A performs unicast communication twice and the request for the group key K (Gn) disappears due to communication failure, the communication device 2A transmits the group key K to the key information control device 1 by the third unicast communication. (Gn) key request message can be transmitted.
The key request message of the group key K (Gn) transmitted by the unicast communication is verified using the device unique key KD of the communication device 2A of the key information control device 1 when message authentication is added. When the message authentication code is not added, it is determined that the communication partner is not a valid communication device 2A. On the other hand, when the message authentication code is added, it can be confirmed that the communication device 2A is used, and the key information control apparatus 1 performs unicast communication so as to transmit the latest group key K (G4) to the communication device 2A. . At this time, the key information control apparatus 1 may transmit the group key K (G4) by unicast communication with a retransmission function.
When the communication device 2A receives the latest group key K (G4) from the key information control device 1 in response to the key request message of the group key K (Gn), the communication device 2A can decrypt it using the key encryption key KEK. Accordingly, the communication device 2A can update the group key K (G3) to the latest group key K (G4). Upon receiving the latest group key K (G4), the communication device 2A transmits a reception response to the key information control device 1 by unicast communication.
Further, the key information control apparatus 1 may transmit the latest EPOCH value in addition to the group key K (Gn) by unicast communication with a retransmission function. In this case, the communication device 2A can update the group key K (G3) to the group key K (G4) and update the stored EPOCH value “2” to the latest EPOCH value “3”.
As described above, according to the key information update system, even when the group key K (Gn) transmitted by multicast communication is lost due to communication failure, the communication method for transmitting the group key K (Gn) is automatically multicast communication. To unicast communication with resending function.
Thereby, the key information update system transmits the key request message of the group key K (Gn) by the unicast communication with a retransmission function that requires a reception response by the communication device 2, so that the latest group key is transmitted from the key information control device 1. K (Gn) can be obtained. Therefore, according to the communication device 2, even when the latest group key K (Gn) is lost by multicast communication, the group key K (Gn) can be updated more reliably.
The communication device 2 performs multicast communication when the EPOCH value included in the information transmitted from the key information control device 1 or another communication device 2 is larger than the EPOCH value stored in the communication device 2 (self). It can be detected that the group key transmitted by is not received. That is, the communication device 2 can request a key update message when its own EPOCH value is small and its own group key K (Gn) is old.
In this way, it is possible to refer to the EPOCH value, detect that the key update message by multicast communication has disappeared, and switch to unicast communication with a retransmission function to perform key update. As a result, the group key can be reliably updated without making an inquiry to the communication partner, and multicast communication using the group key can be performed without performing the authentication process and the key update process for the entire system again.
Next, another operation in which the communication device 2 detects that the group key K (Gn) has not been received in the key information update system described above will be described with reference to FIG.
When receiving the key update message for distributing the latest group key K (G3), the communication device 2 activates the timer unit 28. When the communication device 2 has not received a key update message including the group key K (Gn) for a predetermined time t, it detects that the group key has not been received by multicast communication.
In this case, the communication device 2A requests the key information control device 1 to transmit the latest group key K (Gn) by unicast communication with a retransmission function (unicast communication means). Note that a new group key request message is normally sent in plain text. This plaintext message is a configuration example of {MSG, EPOCH, D_2A}. MSG is an identifier indicating a request. EPOCH is an EPOCH value received from the key information control apparatus 1 by the communication device 2A. D_2A is an identifier or ID that can identify the communication device 2A.
At this time, the communication device 2A encrypts message authentication (MAC) information in a key request message for requesting a new group key K (Gn) by using the key encryption key KEK distributed in the authentication process and the key distribution process P3. May be added. The message authentication code information is information for proving that the communication device 2A is used.
The request with the message authentication code (MAC) added is, for example, a configuration example of {MSG, EPOCH, D_2A, MAC (KD_2A, MSG, D_2A, EPOCH)}. The function MAC calculates KD_2A as key information, MSG, D_2A, and EPOCH as messages, and outputs a MAC value. This MAC value includes the device unique key KD of the communication device 2A. For this reason, if the device unique key KD is different, the MAC values do not match even if the same MSG, D_2A and EPOCH are input. Therefore, the MAC value is information that proves the communication device 2A. MSG is an identifier (including a character string) indicating a request. EPOCH is an EPOCH value received from the key information control apparatus 1 by the communication device 2A. D_2A is an identifier or node ID that can identify the communication device 2A.
The key request message of the group key K (Gn) transmitted by the unicast communication is verified using the device unique key KD of the communication device 2A of the key information control device 1 when message authentication is added. When the message authentication code is not added, it is determined that the communication partner is not a valid communication device 2A. On the other hand, when the message authentication code is added, it can be confirmed that the communication device 2A is used, and the key information control apparatus 1 performs unicast communication so as to transmit the latest group key K (G4) to the communication device 2A. .
When the communication device 2A receives the latest group key K (G4) from the key information control device 1 in response to the key request message of the group key K (Gn), the communication device 2A can decrypt it using the key encryption key KEK. Accordingly, the communication device 2A can update the group key K (G3) to the latest group key K (G4). Upon receiving the latest group key K (G4), the communication device 2A transmits a reception response to the key information control device 1 by unicast communication.
According to this key information update system, the interval at which the key information control device 1 transmits the group key by multicast communication is set as a predetermined period. On the other hand, when the communication device 2 has not received a group key for a predetermined period, it detects that the group key has not been received by multicast communication. According to this key information update system, the communication device 2 can easily detect a communication failure in the key update message. Thereby, the communication apparatus 2 can request | require a group key immediately, and the period when the communication apparatus 2 cannot perform multicast communication can be shortened.
Next, internal operations of the key information control device 1 and the communication device 2 in the above-described key information update system will be described.
FIG. 10 is a flowchart showing an operation procedure of the key information control apparatus 1. This operation is a process performed by the key information control apparatus 1 as a computer executing the key information control program 11b stored in the storage unit 11a as a recording medium.
First, in step S1, the communication unit 12 receives a message transmitted from the outside.
In next step S <b> 2, the control unit 11 determines whether or not the message received in step S <b> 1 is a key request message transmitted from the communication device 2. At this time, the control unit 11 refers to the address information or the node ID and identifies the communication device 2 that is the message transmission source. The control unit 11 refers to the encrypted data added to the nonce value to determine whether the received message is a key request message. If it is a key request message, the process proceeds to step S3, and if not, the process proceeds to step S5.
In step S3, the communication unit 12 transmits the latest group key K (Gn) by unicast communication with a retransmission function. At this time, the key management unit 15 reads the latest group key K (Gn) from the key management table 15a according to the control of the control unit 11. In addition, the key management unit 15 reads the key encryption key KEK corresponding to the communication device 2 that is the transmission source of the key request message and causes the encryption processing unit 16 to encrypt the key encryption key KEK.
In the next step S4, the communication unit 12 receives a reception response from the communication device 2 by unicast communication in response to the transmission of the group key K (Gn) in step S3.
In step S5, the communication quality measuring unit 17 determines whether or not the EPOCH value (received EPOCH value) included in the message received in step S1 is older than the current EPOCH value. At this time, the communication quality measuring unit 17 compares the magnitude relationship between the EPOCH value currently stored in the key management table 15a and the received EPOCH value. If the received EPOCH value is smaller than the EPOCH value stored in the key management table 15a, the received EPOCH value is old and the process proceeds to step S6. If both EPOCH values are the same, the process proceeds to step S9.
In step S <b> 6, the control unit 11 records device information including the node ID and EPOCH value included in the message received in step S <b> 1 in the communication quality storage unit 18.
In the next step S7, the communication unit 12 transmits a key update message for updating the group key K (Gn) by unicast communication. At this time, the key management unit 15 reads the latest group key K (Gn) from the key management table 15a under the control of the control unit 11. The encryption processing unit 16 encrypts the group key K (Gn) with the key encryption key KEK under the control of the control unit 11. The communication unit 12 transmits a key update message including the encrypted group key K (Gn) and including the node ID of the message transmission source device.
The port number B for this unicast communication is desirably a value different from the port number A used for multicast communication.
In the next step S8, the communication unit 12 receives a reception response to the key update message transmitted in step S7 by unicast communication.
In step S9, the encryption processing unit 16 decrypts the message received in step S1 with the latest group key K (Gn).
In step S10, the control unit 11 performs various processes according to the message decoded in step S9.
In step S11, the control unit 11 determines whether or not the counter value included in the nonce value is equal to or greater than a threshold value. This threshold value is a preset value, for example, a value such as 232-1 according to the allocated bit amount of the counter value. If the counter value is greater than or equal to the threshold value, the process proceeds to step S12. If not, the process ends.
In step S12, the communication unit 12 transmits a key update message including the latest group key K (Gn) in order to update the group key K (Gn) of all the communication devices 2. This key update message includes a value obtained by encrypting the latest group key K (Gn) derived by the key management unit 15 with the key encryption key KEK. At this time, the communication unit 12 transmits the key update message by the multicast communication method.
The communication unit 12 may set the port number A used for multicast communication (multicast communication means) to a value different from the port number B used for unicast communication (unicast communication means).
In next step S <b> 13, the control unit 11 determines whether there is a communication device 2 in the guarantee mode among the communication devices 2. If there is a communication device 2 in the guarantee mode, the process proceeds to step S14, and if not, the process ends. This guarantee mode will be described later.
In step S14, the communication unit 12 transmits a key update message to the communication device 2 by unicast communication with a retransmission function. At this time, the communication unit 12 may use a port number B having a value different from the port number A used in multicast communication.
As described above, the key information control apparatus 1 can transmit the group key K (Gn) by unicast communication in response to the key request message from the communication device 2. In addition, when the received EPOCH value is sieved, the key information control apparatus 1 can transmit the latest group key K (Gn) to the communication device 2 by unicast communication with a retransmission function. Furthermore, the key information control apparatus 1 can update the group keys K (Gn) of all the communication devices 2 by multicast communication when the counter value is equal to or greater than the threshold value.
FIG. 11 is a flowchart showing an operation procedure of the communication device 2. This operation is a process performed by the communication device 2 as a computer executing the key information update program 21b stored in the control unit 21.
First, in step S21, the communication unit 22 receives a message transmitted from the outside.
In the next step S22, the control unit 21 determines whether or not the message received in step S21 is a key update message transmitted from the key information control device 1 by multicast communication. At this time, the control unit 21 refers to the address information or the node ID to identify whether the message transmission source is the key information control apparatus 1. Further, the control unit 21 refers to the encrypted data added to the nonce value to determine whether or not the received message is a key update message. If it is a key update message, the process proceeds to step S23; otherwise, the process proceeds to step S24.
In step S23, the control unit 21 uses the encryption processing unit 25 to decrypt the key update message received in step S21. At this time, the encryption processing unit 25 decrypts the key update message using the key encryption key KEK stored in the key management table 24a to obtain the latest group key K (Gn). The key management unit 24 updates the latest group key K (Gn) stored in the key management table 24a to the group key K (Gn) extracted from the key update message.
In step S24, the communication quality measuring unit 26 determines whether or not the EPOCH value (received EPOCH value) included in the message received in step S21 is newer than the current EPOCH value. At this time, the communication quality measuring unit 26 compares the magnitude relationship between the EPOCH value currently stored in the key management table 24a and the received EPOCH value. If the received EPOCH value is larger than the EPOCH value stored in the key management table 24a, the process proceeds to step S25 because the received EPOCH value is new. If both EPOCH values are the same, the process proceeds to step S29.
In step S25, the control unit 21 temporarily stores the message received in step S21.
In the next step S26, the communication unit 22 transmits a key request message requesting the latest group key K (Gn). At this time, the communication unit 22 transmits a key request message to which message authentication using the device unique key KD is added by unicast communication.
In the next step S27, the communication unit 22 receives the key update message transmitted from the key information control apparatus 1 by unicast communication in response to the key request message transmitted in step S26. At this time, the port number B of the key update message may be different from the port number A used for multicast communication. In this case, the communication unit 22 performs reception using the port number B corresponding to unicast communication.
In step S28, the control unit 21 uses the encryption processing unit 25 to decrypt the key update message received in step S27. At this time, the encryption processing unit 25 decrypts the key update message using the key encryption key KEK stored in the key management table 24a to obtain the latest group key K (Gn). The key management unit 24 updates the latest group key K (Gn) stored in the key management table 24a to the group key K (Gn) extracted from the key update message.
In the next step S29, the encryption processing unit 16 decrypts the message temporarily stored in step S25 using the latest group key K (Gn) updated in step S28.
In the next step S30, the communication unit 22 performs various multicast communication processes according to the message received in step S21.
As described above, the communication device 2 can update the group key K (Gn) when the key update message is transmitted from the key information control device 1 by multicast communication. When the received EPOCH value is new, the communication device 2 transmits a key request message by unicast communication, receives the latest group key K (Gn) by unicast communication, and obtains the group key K (Gn). Can be updated. Furthermore, even if the communication device 2 does not hold the latest group key K (Gn), the communication device 2 can temporarily store the message and acquire and decrypt the latest group key K (Gn).
Furthermore, in the key information update system described above, the key information control device 1 and the communication device 2 assign different values for the port number used for multicast communication and the port number used for unicast communication. This eliminates the need to describe a key obtained by encrypting the message in the message transmitted from the key information control device 1 and the communication device 2. In addition to the counter value of the group key K (Gn), the counter value of the key encryption key KEK can be managed, and management for updating the group key K (Gn) can be facilitated.
Next, in the above-described key information update system, a process for determining that the communication failure of the communication device 2 has exceeded a predetermined threshold will be described.
FIG. 12 shows a sequence diagram of encrypted data communication using the group key K (G1) by the communication device 2A. In this example, when the communication device 2A starts communication, it is assumed that the authentication processing and the initial group key K (G1) can be shared between the key information control device 1 and all the communication devices 2.
The communication device 2A repeats the multicast communication until the counter value reaches the maximum value. In this example, messages with nonce values {Nonce = {0, 1, 1}, Nonce = {0, 1, 2}, Nonce = {0, 1, 5} are communication devices 2B, 2C, and key information control device 1 Vanished before reaching. On the other hand, messages with nonce values of Nonce = {0, 1, 0}, Nonce = {0, 1, 3}, Nonce = {0, 1, 4}, Nonce = {0, 1, 6} are communication devices 2B. 2C and the key information control apparatus 1 have been reached.
In the key information update system in which such a sequence is performed, the key information control device 1 determines a communication failure for each communication device 2 using a counter value.
The key information control device 1 transmits a key update message by multicast communication at the update timing of the group key K (Gn). In the example of FIG. 12, every time the group key K (Gn) is updated to K (G2), K (G3), K (G4), and K (G5), a key update message is distributed. The EPOCH value of each key update message increases to 1, 2, 3, and 4 each time K (G2), K (G3), K (G4), and K (G5) are updated.
In such a communication sequence, the key update message with EPOCH values 0, 1, and 4 is received by the communication device 2A. Accordingly, the communication device 2A performs multicast communication using the group keys K (G1), K (G2), and the group key K (G5) corresponding to the EPOCH values 0, 1, and 4, thereby performing the key information control apparatus 1. Can communicate with. On the other hand, the key update messages with EPOCH values 2 and 3 are lost before reaching the communication device 2A. Accordingly, the communication device 2A cannot perform multicast communication using the group keys K (G3) and K (G4) corresponding to the EPOCH values 2 and 3.
In the key information update system in which such a sequence is performed, the key information control apparatus 1 determines a communication failure using the EPOCH value for each communication device 2.
The key information control device 1 determines a communication failure for each communication device 2 using the counter value or the EPOCH value. The key information control apparatus 1 determines communication failure of the communication device 2A in the communication sequence as shown in FIG.
In this case, as shown in FIG. 13, the key information control apparatus 1 sends a group key K (Gn) to the communication device 2A by unicast communication each time the group key K (Gn) is transmitted to the communication device 2A by multicast communication. ).
The operation of the key information control apparatus 1 in such a key information update system is shown in FIG.
First, in step S41, the control unit 11 controls the timer unit 19 to set a predetermined time t as a timer value for communication failure determination.
In the next step S42, the timer unit 19 performs a timer process for starting and measuring time.
In the next step S43, the control unit 11 determines whether the timer value measured by the timer unit 19 has reached a predetermined time t and has expired. If the timer value has expired, the process proceeds to step S44; otherwise, the timer process in step S42 is continued.
At a predetermined time t during which the timer process is continued, the key information control device 1 accumulates the counter value in the message transmitted from the communication device 2 by the communication quality storage unit 18. Alternatively, the key information control device 1 stores the EPOCH value included in the message transmitted from the communication device 2.
In step S <b> 44, the communication quality measuring unit 17 aggregates the number of unreceived times at the predetermined time t for each communication device 2.
The communication quality measuring unit 17 as a non-reception detecting unit refers to the counter value in the message for each communication device 2 stored in the communication quality storage unit 18. The communication quality measuring unit 17 detects missing in the counter value. As a result, the communication quality measuring unit 17 measures the number of unreceived messages transmitted from the communication device 2 at the predetermined time t for each communication device 2.
Alternatively, the communication quality measuring unit 17 as a communication quality detecting unit refers to the EPOCH value in the message for each communication device 2 stored in the communication quality storage unit 18. The communication quality measuring unit 17 detects a gap in the EPOCH value. As a result, the communication quality measuring unit 17 measures the number of times the group key K (Gn) has not been received by the communication device 2 at the predetermined time t for each communication device 2.
In the next step S45, the control unit 11 determines whether or not there is a communication device 2 for which the number of unreceived times counted in step S44 is greater than a predetermined threshold. If there is a communication device 2 whose number of unreceptions is greater than the threshold, the process proceeds to step S46, and if not, the process proceeds to step S47.
In step S46, the control unit 11 sets the communication device 2 corresponding to the fact that the number of unreceived times is larger than the threshold value in the guarantee mode. In this guarantee mode, as shown in FIG. 13, when the communication device 2 causes a communication failure exceeding a threshold value, it is used together with multicast communication, and a message transmitted by the multicast communication is transmitted by unicast communication with retransmission. It is an operation mode.
In step S47, the control unit 11 sets the communication device 2 that does not fall under the condition that the number of unreceived times is larger than the threshold value to the normal mode. This normal mode is an operation mode in which only multicast communication is performed as described above.
In such a key information control device 1, the communication quality storage unit 18 accumulates the counter value received for a predetermined time t [minute] for each communication device 2. In the case of the communication sequence shown in FIG. 12, the communication quality storage unit 18 stores 0, 3, 4, and 6 as counter values corresponding to the communication device 2A.
When the predetermined time t elapses, the communication quality measuring unit 17 refers to the counter value accumulated in the communication quality storage unit 18 and detects a message that has not reached the key information control device 1. In the case of FIG. 12, the communication quality measuring unit 17 detects that the messages of the counter values 1, 2, and 5 have been transmitted to the communication device 2A but have not reached (not received) the key information control device 1. . Accordingly, the control unit 11 determines that 3 times out of 7 times is the number of unreceived times during the predetermined time t.
The control unit 11 compares the number of unreceived messages with a preset threshold (for example, twice). Since the number of unreceived messages exceeds the threshold, the control unit 11 sets the operation mode of the communication device 2A to the guaranteed mode. Thereby, as shown in FIG. 13, the control part 11 transmits a message by the multicast communication with respect to 2 A of communication apparatuses, and also transmits a message by the unicast communication with resending.
Similarly, the key information control apparatus 1 stores the EPOCH value received at the predetermined time t [minutes] for each communication device 2 by the communication quality storage unit 18. In the case of the communication sequence shown in FIG. 12, the communication quality storage unit 18 stores 0, 1, and 4 as EPOCH values corresponding to the communication device 2A.
When the predetermined time t has elapsed, the communication quality measuring unit 17 refers to the EPOCH value stored in the communication quality storage unit 18 and detects a key update message that has not reached the communication device 2A. In the case of FIG. 12, the communication quality measuring unit 17 detects that the key update message having the EPOCH values of 2 and 3 has not reached (not received) the communication device 2A. Accordingly, the control unit 11 determines that 2 out of 4 times is the number of unreceived times during the predetermined time t.
The control unit 11 compares the number of unreceived messages with a preset threshold (for example, twice). Since the number of unreceived messages exceeds the threshold, the control unit 11 sets the operation mode of the communication device 2A to the guaranteed mode. Thereby, as shown in FIG. 13, the control part 11 transmits a message by the multicast communication with respect to 2 A of communication apparatuses, and also transmits a message by the unicast communication with resending.
As described above, according to this key information update system, the operation mode for the communication device 2 determined to have a communication failure is set to the guarantee mode. Thereby, the key information control apparatus 1 can transmit a message to the communication apparatus 2 by unicast communication with retransmission in addition to multicast communication. Thereby, the key information update system can reliably receive the key update message transmitted by multicast communication to the communication device 2 in the unstable communication path.
Furthermore, in the key information update system described above, when the key information control device 1 detects an unstable communication path, the key information control apparatus 1 notifies the communication device 2 or other communication device 2 in the unstable communication path. (Communication means).
For example, as shown in FIG. 15, it is assumed that a communication failure occurs in the communication device 2A after the group key K (G3) is distributed to all the communication devices 2 and the data communication process P4 is performed. In this case, as described above, the key information control apparatus 1 transmits a key request message by multicast communication, and further transmits a key request message by unicast communication.
In this case, the key information control apparatus 1 notifies an unstable communication path under the control of the control unit 11. The control unit 11 notifies the communication devices 2A and 2C that communicate with the communication device 2A and the communication device 2A in the unstable communication path. At this time, the control unit 11 performs notification based on the information of the communication device 2 whose authentication is permitted by the authentication process and the key distribution processes P1, P2, and P3.
According to such a key information control device 1, by notifying the communication device 2 on the unstable communication path, the communication device 2 on the unstable communication path can be notified by the communication device 2 on the unstable communication path in addition to the multicast communication. You can change the setting to send a message by cast communication. Further, according to the key information control device 1, when any communication device 2 communicates with the communication device 2 in an unstable communication path, a message is transmitted by unicast communication with a retransmission function in addition to multicast communication. You can change the setting to Thereby, according to this key information update system, a message can be reliably received by a communication partner.
Furthermore, in the key information update system described above, the key information control apparatus 1 sets the interval at which the group key K (Gn) is transmitted by multicast communication as a predetermined period. On the other hand, when the communication device 2 has not received the group key K (Gn) for a predetermined period of time, it detects that the group key K (Gn) has not been received by multicast communication.
In such a key information update system, the key information control apparatus 1 operates according to a processing procedure as shown in FIG.
First, in step S51, the key information control apparatus 1 performs timer setting for updating the group key K (Gn) by the timer unit 19. At this time, the control unit 11 sets a predetermined period for transmitting the key request message.
In the next step S52, the timer unit 19 measures the predetermined period set in step S51.
In the next step S53, the control unit 11 determines whether or not the timer value measured by the timer unit 19 has reached a predetermined time and has expired. If the timer value has expired, the process proceeds to step S54; otherwise, the timer process in step S52 is continued.
In step S54, the communication unit 12 transmits a key update message for the latest group key K (Gn) derived by the encryption processing unit 16 by multicast communication according to the control of the control unit 11.
The key update message is transmitted from the key information control apparatus 1 every predetermined period. Accordingly, the communication device 2 can measure a predetermined period by the timer unit 28 and detect a communication failure when the key update message is not received after the predetermined period. The communication device 2 can transmit a key request message to the key information control device 1 when a communication failure is detected.
In this embodiment, the timer unit 19 and the timer unit 28 measure the predetermined period. However, the present invention is not limited to this, and a time for periodically transmitting the key update message may be set.
According to this key information update system, since the key update message is periodically transmitted using a timer or time, a communication failure can be easily detected by the communication device 2. The key request message can be transmitted immediately after the communication device 2 detects a communication failure. Therefore, according to this key information update system, it is possible to shorten the period for the communication device 2 with poor communication to resume communication using the new group key K (Gn).
Furthermore, the key information update system described above may distribute the recovery key to the key information control apparatus 1 and all the communication devices 2 in addition to the key encryption key KEK in the authentication process and the key distribution process. This recovery key is used to temporarily perform communication when the communication device 2 has a communication failure.
In this key information update system, in the authentication processing and key distribution processing P1, P2, and P3, the key information control device 1 differs from the group key K (Gn) in that the key information control device 1 and a plurality of communication devices 2 are connected. Generate recovery keys for use in the containing network. The recover key may be a recover key by generating a group key K (G0) or a group key K (G (maximum value of n)). At this time, when the group key K (G0) is used as the recovery key, the group key is used from the group key K (G1). When the group key K (G (maximum value of n)) is used, the group key may be used from the group key K (G0). Next, the key information control device 1 distributes a recovery key after performing an authentication process between the key information control device 1 and the communication device 2.
Thereafter, the key information update system transmits a new group key K (Gn) from the key information control device 1 to the communication device 2 by multicast communication. Thereby, the key information update system updates the group key K (Gn) of the communication device 2 to the group key K (Gn) transmitted from the key information control apparatus 1. Thereby, the key information update system sets the group key K (Gn) for the key information control device 1 and all the communication devices 2. At this time, a recovery key may be set.
The key information control device 1 performs encrypted communication with the communication device 2 using the recovery key. For example, as shown in FIG. 17, in the key update process P5, a key update message for updating the latest group key K (Gn) to the group key K (G4) is transmitted. At this time, it is assumed that the communication devices 2A and 2B cannot receive the key update message due to communication failure. In this case, as described above, the key information control apparatus 1 can detect that the updated group key K (G4) has not been received with reference to the EPOCH value transmitted from the communication devices 2A and 2B.
At this time, the key information control apparatus 1 transmits the group key K (G4) encrypted using the recovery key. In this case, the key information control apparatus 1 transmits a key update message encrypted with one recovery key to both the communication devices 2A and 2B by unicast communication with a retransmission function.
Therefore, according to this key information update system, even when there are a plurality of communication devices 2 that have become unable to communicate, a key update message is transmitted to a plurality of communication devices 2 by unicast communication with a retransmission function using a single recovery key. Can be sent. Thereby, the new group key K (Gn) can be easily distributed again only to the specific communication device 2. That is, it is not necessary to update the group key K (Gn) of all the communication devices 2, and it can be updated to a new group key K (Gn) with minimal communication.
The communication device 2 performs encrypted communication with the key information control device 1 and the other communication device 2 using the recovery key. For example, as illustrated in FIG. 18, it is assumed that the communication device 2 </ b> A cannot receive the multicast communication key update message (K (G4)) transmitted from the key information control apparatus 1. In this situation, it is assumed that the communication device 2A urgently needs to transmit a message to the other communication device 2 and the key information control device 1.
In this case, the communication device 2A cannot obtain a reception response even if it transmits a message encrypted with the old group key K (G3) by multicast communication. Therefore, the communication device 2A encrypts the message using the recovery key, and performs unicast communication with a retransmission function to the other communication devices 2 and the key information control device 1.
Accordingly, the communication device 2A can transmit the message to the other communication device 2 and the key information control device 1 by encrypting it with the recovery key even when the highly urgent message cannot be transmitted by multicast communication.
The above-described embodiment is an example of the present invention. For this reason, the present invention is not limited to the above-described embodiment, and various modifications can be made depending on the design and the like as long as the technical idea according to the present invention is not deviated from this embodiment. Of course, it is possible to change.

Claims (18)

  1.  複数の通信機器を含むネットワークにおいて使用されるグループ鍵を制御する鍵情報制御装置であって、
     前記グループ鍵が更新される度に鍵識別子を変更し、前記鍵識別子及び新たなグループ鍵を生成する鍵管理手段と、
     前記鍵管理手段により生成された前記鍵識別子及び前記グループ鍵をマルチキャスト通信によって送信するマルチキャスト通信手段と、
     前記通信機器から送信された情報のうち前記鍵識別子を参照して、前記グループ鍵を受信していない前記通信機器を検出する通信品質検出手段と、
     前記通信品質検出手段により前記グループ鍵を受信していない前記通信機器が検出された場合に、当該通信機器に、再送機能付きユニキャスト通信によって前記グループ鍵を送信するユニキャスト通信手段と
     を備える鍵情報制御装置。     A key information control device for controlling a group key used in a network including a plurality of communication devices,
    A key management unit that changes a key identifier each time the group key is updated, and generates the key identifier and a new group key;
    Multicast communication means for transmitting the key identifier and the group key generated by the key management means by multicast communication;
    Communication quality detection means for detecting the communication device that has not received the group key with reference to the key identifier of information transmitted from the communication device;
    A key comprising: unicast communication means for transmitting the group key to the communication device by unicast communication with a retransmission function when the communication device that has not received the group key is detected by the communication quality detection device; Information control device.
  2.  前記鍵管理手段は、新たなグループ鍵に変更する度に前記鍵識別子の値を大きく変更し、
     前記通信品質検出手段は、前記通信機器から送信された情報に含まれる鍵識別子が、前記鍵管理手段により変更された鍵識別子よりも小さい場合に、前記マルチキャスト通信によって送信したグループ鍵を受信していないことを検出すること
     を特徴とする請求項1に記載の鍵情報制御装置。     The key management means greatly changes the value of the key identifier every time the key is changed to a new group key,
    The communication quality detection means receives the group key transmitted by the multicast communication when the key identifier included in the information transmitted from the communication device is smaller than the key identifier changed by the key management means. The key information control apparatus according to claim 1, wherein the absence of the key is detected.
  3.  前記マルチキャスト通信手段によって使用するポート番号と、前記ユニキャスト通信手段によって使用するポート番号とで異なる値を割り当てることを特徴とする請求項1又は請求項2に記載の鍵情報制御装置。 3. The key information control apparatus according to claim 1, wherein different values are assigned to a port number used by the multicast communication means and a port number used by the unicast communication means.
  4.  前記ユニキャスト通信手段は、前記グループ鍵に加えて、前記鍵管理手段が生成した最新の鍵識別子を送信することを特徴とする請求項1乃至請求項3の何れか一項に記載の鍵情報制御装置。 4. The key information according to claim 1, wherein the unicast communication unit transmits the latest key identifier generated by the key management unit in addition to the group key. 5. Control device.
  5.  前記通信品質検出手段は、前記通信機器ごとに、所定期間における前記通信機器から送信されたメッセージの未受信回数又は所定期間における前記通信機器による前記グループ鍵の未受信回数をカウントし、
     前記ユニキャスト通信手段は、前記通信品質検出手段によりカウントした未受信回数が所定の閾値を超えた場合に、当該未受信回数の通信機器に対し、前記マルチキャスト通信によって前記グループ鍵を送信する度にユニキャスト通信によって前記グループ鍵を送信すること
     を特徴とする請求項1乃至請求項4の何れか一項に記載の鍵情報制御装置。     The communication quality detection means counts, for each communication device, the number of unreceived messages transmitted from the communication device in a predetermined period or the number of unreceived group keys by the communication device in a predetermined period,
    Each time the unicast communication means transmits the group key by multicast communication to a communication device of the unreceived count when the unreceived count counted by the communication quality detection means exceeds a predetermined threshold. The key information control device according to any one of claims 1 to 4, wherein the group key is transmitted by unicast communication.
  6.  前記通信品質検出手段によりグループ鍵を受信していない前記通信機器が検出された場合に、当該通信機器又は他の通信機器に通知を行う通知手段を有することを特徴とする請求項1乃至請求項5の何れか一項に記載の鍵情報制御装置。 2. The communication device according to claim 1, further comprising a notification unit configured to notify the communication device or another communication device when the communication device that has not received the group key is detected by the communication quality detection unit. The key information control apparatus according to any one of claims 5 to 6.
  7.  複数の通信機器を含むネットワークにおいて使用されるグループ鍵を制御する鍵情報制御プログラムであって、
     コンピュータを、
     前記グループ鍵が更新される度に鍵識別子を変更し、前記鍵識別子及び新たなグループ鍵を生成する鍵管理手段、
     前記鍵管理手段により生成された前記鍵識別子及び前記グループ鍵をマルチキャスト通信によって送信するマルチキャスト通信手段、
     前記通信機器から送信された情報のうち前記鍵識別子を参照して、前記グループ鍵を受信していない前記通信機器を検出する通信品質検出手段、
     前記通信品質検出手段により前記グループ鍵を受信していない前記通信機器が検出された場合に、当該通信機器に、再送機能付きユニキャスト通信によって前記グループ鍵を送信するユニキャスト通信手段、
     として機能させる鍵情報制御プログラム。     A key information control program for controlling a group key used in a network including a plurality of communication devices,
    Computer
    A key management unit that changes a key identifier each time the group key is updated, and generates the key identifier and a new group key;
    Multicast communication means for transmitting the key identifier and the group key generated by the key management means by multicast communication;
    Communication quality detection means for detecting the communication device that has not received the group key with reference to the key identifier in the information transmitted from the communication device;
    Unicast communication means for transmitting the group key to the communication apparatus by unicast communication with a retransmission function when the communication apparatus that has not received the group key is detected by the communication quality detection means;
    Key information control program to function as
  8.  複数の通信機器を含むネットワークにおいて使用されるグループ鍵を制御する鍵情報制御プログラムを記録したコンピュータ読み取り可能な記録媒体であって、
     前記コンピュータを、
     前記グループ鍵が更新される度に鍵識別子を変更し、前記鍵識別子及び新たなグループ鍵を生成する鍵管理手段、
     前記鍵管理手段により生成された前記鍵識別子及び前記グループ鍵をマルチキャスト通信によって送信するマルチキャスト通信手段、
     前記通信機器から送信された情報のうち前記鍵識別子を参照して、前記グループ鍵を受信していない前記通信機器を検出する通信品質検出手段、
     前記通信品質検出手段により前記グループ鍵を受信していない前記通信機器が検出された場合に、当該通信機器に、再送機能付きユニキャスト通信によって前記グループ鍵を送信するユニキャスト通信手段、
     として機能させる鍵情報制御プログラムを記録したコンピュータ読み取り可能な記録媒体。     A computer-readable recording medium recording a key information control program for controlling a group key used in a network including a plurality of communication devices,
    The computer,
    A key management unit that changes a key identifier each time the group key is updated, and generates the key identifier and a new group key;
    Multicast communication means for transmitting the key identifier and the group key generated by the key management means by multicast communication;
    Communication quality detection means for detecting the communication device that has not received the group key with reference to the key identifier in the information transmitted from the communication device;
    Unicast communication means for transmitting the group key to the communication apparatus by unicast communication with a retransmission function when the communication apparatus that has not received the group key is detected by the communication quality detection means;
    A computer-readable recording medium on which a key information control program that functions as a computer is recorded.
  9.  鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新装置であって、
     前記グループ鍵を、前記鍵情報制御装置からマルテキャスト通信によって受信されたグループ鍵に更新する鍵管理手段と、
     前記鍵管理手段により更新されたグループ鍵を用いてデータを暗号化又は復号化する暗号処理手段と、
     他の通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、グループ鍵が更新されているかいないかを検出する通信品質検出手段と、
     前記通信品質検出手段により前記グループ鍵が更新されていないことが検出された場合に、再送機能付きユニキャスト通信によってグループ鍵を要求するユニキャスト通信手段と
     を備える鍵情報更新装置。     A key information update device that has a group key used in a network including a key information control device and a plurality of communication devices, and updates the group key.
    Key management means for updating the group key to a group key received by multicast communication from the key information control device;
    Encryption processing means for encrypting or decrypting data using the group key updated by the key management means;
    Compares the key identifier that is changed each time the group key is updated among the information transmitted from other communication devices with the key identifier that the user has, and detects whether the group key is updated or not Communication quality detection means;
    A key information updating apparatus comprising: unicast communication means for requesting a group key by unicast communication with a retransmission function when the communication quality detection means detects that the group key has not been updated.
  10.  前記通信品質検出手段は、前記鍵情報制御装置又は前記他の通信機器から送信された情報に含まれる鍵識別子が、自己に記憶された鍵識別子よりも大きい場合に、前記マルチキャスト通信によって送信したグループ鍵を受信していないことを検出することを特徴とする請求項9に記載の鍵情報更新装置。 The communication quality detection means, when the key identifier included in the information transmitted from the key information control device or the other communication device is larger than the key identifier stored in itself, the group transmitted by the multicast communication The key information updating apparatus according to claim 9, wherein it detects that a key has not been received.
  11.  鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新プログラムであって、
     コンピュータを、
     前記グループ鍵を、前記情報制御装置からマルチキャスト通信によって受信されたグループ鍵に更新する鍵管理手段、
     前記鍵管理手段により更新されたグループ鍵を用いてデータを暗号化又は復号化する暗号処理手段、
     他の通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、グループ鍵が更新されているか否かを検出する通信品質検出手段、
     前記通信品質検出手段により前記グループ鍵が更新されていないことが検出された場合に、再送機能付きユニキャスト通信によってグループ鍵を要求するユニキャスト通信手段
     として機能させる鍵情報更新プログラム。     A key information update program for updating a group key used in a network including a key information control device and a plurality of communication devices,
    Computer
    Key management means for updating the group key to a group key received by multicast communication from the information control device;
    Encryption processing means for encrypting or decrypting data using the group key updated by the key management means;
    Compares the key identifier that is changed each time the group key is updated among the information transmitted from other communication devices with the key identifier that the user has, and detects whether the group key has been updated or not. Communication quality detection means,
    A key information update program that functions as unicast communication means for requesting a group key by unicast communication with a retransmission function when the communication quality detection means detects that the group key has not been updated.
  12.  鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新プログラムを記録したコンピュータ読み取り可能な記録媒体であって、
     コンピュータを、
     前記グループ鍵を、前記鍵情報制御装置からマルチキャスト通信によって受信されたグループ鍵に更新する鍵管理手段、
     前記鍵管理手段により更新されたグループ鍵を用いてデータを暗号化又は復号化する暗号処理手段、
     他の通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、グループ鍵が更新されているか否かを検出する通信品質検出手段、
     前記通信品質検出手段により前記グループ鍵が更新されていないことが検出された場合に、再送機能付きユニキャスト通信によってグループ鍵を要求するユニキャスト通信手段
     として機能させる鍵情報更新プログラムを記録したコンピュータ読み取り可能な記録媒体。     A computer-readable recording medium having a group key used in a network including a key information control device and a plurality of communication devices, and recording a key information update program for updating the group key,
    Computer
    Key management means for updating the group key to a group key received by multicast communication from the key information control device;
    Encryption processing means for encrypting or decrypting data using the group key updated by the key management means;
    Compares the key identifier that is changed each time the group key is updated among the information transmitted from other communication devices with the key identifier that the user has, and detects whether the group key has been updated or not. Communication quality detection means,
    When the communication quality detecting means detects that the group key has not been updated, a computer reading recording a key information update program that functions as a unicast communication means for requesting a group key by unicast communication with a retransmission function Possible recording media.
  13.  鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新方法であって、
     前記鍵情報制御装置からマルチキャスト通信によって新たなグループ鍵を送信するステップと、
     前記鍵情報制御装置から送信されたグループ鍵に、前記通信機器のグループ鍵を更新するステップと、
     前記通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、グループ鍵が更新されているか否かを検出するステップと、
     前記グループ鍵が更新されていない前記通信機器が検出された場合に、再送機能付きユニキャスト通信を行ってグループ鍵を前記通信機器によって取得するステップと
     を含む鍵情報更新方法。     A key information update method for updating a group key used in a network including a key information control device and a plurality of communication devices,
    Transmitting a new group key by multicast communication from the key information control device;
    Updating the group key of the communication device to the group key transmitted from the key information control device;
    A step of detecting whether or not the group key has been updated by comparing a key identifier that is changed each time the group key is updated among information transmitted from the communication device with a key identifier that the user has. When,
    A key information updating method comprising: performing a unicast communication with a retransmission function and acquiring a group key by the communication device when the communication device in which the group key has not been updated is detected.
  14.  鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を有し、これを更新する鍵情報更新システムであって、
     前記通信機器のグループ鍵を、前記鍵情報制御装置から送信されたグループ鍵に更新する鍵管理手段と、
     前記鍵管理手段により更新されたグループ鍵を用いてデータを暗号化又は復号化する暗号処理手段と、
     前記グループ鍵が更新される度に変更される鍵識別子を自分が持っている鍵識別子と比較して、前記通信機器が前記グループ鍵が更新されているか否かを検出する通信品質検出手段と、
     前記通信品質検出手段により前記グループ鍵が更新されていないことが検出された場合に、前記鍵情報制御装置によってグループ鍵を送信する通信方式をマルチキャスト通信から再送機能付きユニキャスト通信に切り替え、再送機能付きユニキャスト通信によって前記通信機器にグループ鍵を送信する通信手段と
     を備える鍵情報更新システム。     A key information update system that has a group key used in a network including a key information control device and a plurality of communication devices, and updates the group key.
    Key management means for updating the group key of the communication device to the group key transmitted from the key information control device;
    Encryption processing means for encrypting or decrypting data using the group key updated by the key management means;
    A communication quality detecting means for detecting whether or not the group key has been updated by comparing the key identifier that is changed each time the group key is updated with a key identifier that the device has.
    When the communication quality detection unit detects that the group key is not updated, the key information control device switches the communication method for transmitting the group key from multicast communication to unicast communication with a retransmission function, and the retransmission function. A key information updating system comprising: communication means for transmitting a group key to the communication device by unicast communication with a key.
  15.  前記鍵情報制御装置は、前記グループ鍵をマルチキャスト通信によって送信する間隔を所定期間とし、
     前記通信機器は、前記所定期間を超えて前記グループ鍵を受信していない場合に、前記マルチキャスト通信によってグループ鍵を受信できていないことを検出すること
     を特徴とする請求項14に記載の鍵情報更新システム。     The key information control apparatus sets an interval for transmitting the group key by multicast communication as a predetermined period,
    The key information according to claim 14, wherein the communication device detects that the group key is not received by the multicast communication when the group key is not received beyond the predetermined period. Update system.
  16.  鍵情報制御装置と複数の通信機器とを含むネットワークにおいて使用されるグループ鍵を更新する鍵情報更新方法であって、
     前記鍵情報制御装置により前記グループ鍵とは異なり、前記鍵情報制御装置と前記複数の通信機器とを含むネットワークにおいて使用されるリカバリー鍵を生成するステップと、
     前記鍵情報制御装置により前記鍵情報制御装置と前記通信機器との間で認証処理を行った後に、前記リカバリー鍵を配布するステップと、
     前記鍵情報制御装置からマルチキャスト通信によって新たなグループ鍵を送信するステップと、
     前記鍵情報制御装置から送信されたグループ鍵に、前記通信機器のグループ鍵を更新するステップと
     を含む鍵情報更新方法。     A key information update method for updating a group key used in a network including a key information control device and a plurality of communication devices,
    Unlike the group key by the key information control device, generating a recovery key used in a network including the key information control device and the plurality of communication devices;
    Distributing the recovery key after performing authentication processing between the key information control device and the communication device by the key information control device;
    Transmitting a new group key by multicast communication from the key information control device;
    Updating the group key of the communication device to the group key transmitted from the key information control device.
  17.  前記鍵情報制御装置により、前記鍵情報制御装置が、前記通信機器から送信された情報のうち前記グループ鍵が更新される度に変更される鍵識別子を参照して、グループ鍵を更新していない通信機器を検出するステップと、
     前記鍵情報制御装置が、前記グループ鍵を更新していない通信機器が検出された場合に、前記リカバリー鍵を用いて暗号化したグループ鍵を送信するステップと
     を含むことを特徴とする請求項16に記載の鍵情報更新方法。     The key information control device does not update the group key with reference to a key identifier that is changed every time the group key is updated in the information transmitted from the communication device. Detecting a communication device;
    The key information control device includes a step of transmitting a group key encrypted using the recovery key when a communication device that has not updated the group key is detected. The key information update method described in 1.
  18.  前記鍵情報制御装置により、前記通信機器が、前記グループ鍵によってメッセージが送信できない場合に、前記リカバリー鍵を用いて暗号化したメッセージを送信するステップ
     を含むことを特徴とする請求項16に記載の鍵情報更新方法。     The method according to claim 16, further comprising a step of transmitting, by the key information control device, the message encrypted using the recovery key when the communication device cannot transmit a message using the group key. Key information update method.
PCT/IB2015/000006 2014-01-10 2015-01-05 Key information control device, key information updating device, program and recording medium, key information updating method, and key information updating system WO2015104629A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014-003550 2014-01-10
JP2014003550A JP6108235B2 (en) 2014-01-10 2014-01-10 KEY INFORMATION CONTROL DEVICE, KEY INFORMATION UPDATE DEVICE, PROGRAM AND RECORDING MEDIUM, KEY INFORMATION UPDATE METHOD, KEY INFORMATION UPDATE SYSTEM

Publications (1)

Publication Number Publication Date
WO2015104629A1 true WO2015104629A1 (en) 2015-07-16

Family

ID=53523582

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2015/000006 WO2015104629A1 (en) 2014-01-10 2015-01-05 Key information control device, key information updating device, program and recording medium, key information updating method, and key information updating system

Country Status (2)

Country Link
JP (1) JP6108235B2 (en)
WO (1) WO2015104629A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055159A (en) * 2021-01-25 2021-06-29 兴业证券股份有限公司 Data desensitization method and device
US20220386117A1 (en) * 2021-05-28 2022-12-01 Cisco Technology, Inc. Encrypted nonces as rotated device addresses

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6814976B2 (en) * 2016-10-04 2021-01-20 パナソニックIpマネジメント株式会社 Communication equipment and communication system
US10530748B2 (en) 2016-10-24 2020-01-07 Fisher-Rosemount Systems, Inc. Publishing data across a data diode for secured process control communications
US10270745B2 (en) * 2016-10-24 2019-04-23 Fisher-Rosemount Systems, Inc. Securely transporting data across a data diode for secured process control communications
JP7263098B2 (en) 2018-12-27 2023-04-24 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Terminal, communication method and program

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6182547A (en) * 1984-09-29 1986-04-26 Hitachi Ltd Privacy communication system
JPH09319673A (en) * 1996-05-27 1997-12-12 Matsushita Electric Works Ltd Method and system for updating cryptographic key
JPH11274999A (en) * 1998-03-25 1999-10-08 Hitachi Ltd Mobile communication method and mobile communication system
JP2000269951A (en) * 1999-03-12 2000-09-29 Kodo Ido Tsushin Security Gijutsu Kenkyusho:Kk Method for verifying and delivering group cryptographic key
JP2002247022A (en) * 2001-02-22 2002-08-30 Nippon Telegr & Teleph Corp <Ntt> Method for delivering information, method for utilizing information, their execution device and processing program, and recording medium
JP2003101533A (en) * 2001-09-25 2003-04-04 Toshiba Corp Device authentication management system and method therefor
JP2010517330A (en) * 2007-01-18 2010-05-20 パナソニック電工株式会社 Method and system for rejoining a second node group to a first node group using a shared group key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6182547A (en) * 1984-09-29 1986-04-26 Hitachi Ltd Privacy communication system
JPH09319673A (en) * 1996-05-27 1997-12-12 Matsushita Electric Works Ltd Method and system for updating cryptographic key
JPH11274999A (en) * 1998-03-25 1999-10-08 Hitachi Ltd Mobile communication method and mobile communication system
JP2000269951A (en) * 1999-03-12 2000-09-29 Kodo Ido Tsushin Security Gijutsu Kenkyusho:Kk Method for verifying and delivering group cryptographic key
JP2002247022A (en) * 2001-02-22 2002-08-30 Nippon Telegr & Teleph Corp <Ntt> Method for delivering information, method for utilizing information, their execution device and processing program, and recording medium
JP2003101533A (en) * 2001-09-25 2003-04-04 Toshiba Corp Device authentication management system and method therefor
JP2010517330A (en) * 2007-01-18 2010-05-20 パナソニック電工株式会社 Method and system for rejoining a second node group to a first node group using a shared group key

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055159A (en) * 2021-01-25 2021-06-29 兴业证券股份有限公司 Data desensitization method and device
CN113055159B (en) * 2021-01-25 2023-11-21 兴业证券股份有限公司 Data desensitization method and device
US20220386117A1 (en) * 2021-05-28 2022-12-01 Cisco Technology, Inc. Encrypted nonces as rotated device addresses
US11902775B2 (en) * 2021-05-28 2024-02-13 Cisco Technology, Inc. Encrypted nonces as rotated device addresses

Also Published As

Publication number Publication date
JP2015133589A (en) 2015-07-23
JP6108235B2 (en) 2017-04-05

Similar Documents

Publication Publication Date Title
WO2015104629A1 (en) Key information control device, key information updating device, program and recording medium, key information updating method, and key information updating system
JP5975594B2 (en) Communication terminal and communication system
TWI454112B (en) Key management for communication networks
JP6617173B2 (en) Independent security in wireless networks with multiple managers or access points
JP6899378B2 (en) Network node
US20140298037A1 (en) Method, apparatus, and system for securely transmitting data
US20170111357A1 (en) Authentication method and authentication system
US20120170751A1 (en) Cryptographic communication with mobile devices
JP5364796B2 (en) Encryption information transmission terminal
US8509438B2 (en) Key management in a wireless network using primary and secondary keys
JPWO2011114373A1 (en) COMMUNICATION DEVICE, PROGRAM, AND METHOD
JPWO2008096396A1 (en) Wireless communication apparatus and encryption key update method
US8325914B2 (en) Providing secure communications for active RFID tags
JP2018182665A (en) Communication device, communication system, and encryption communication control method
WO2011142353A1 (en) Communication device and communication method
US20170126402A1 (en) Internet of Things (IOT) Method for Updating a Master Key
KR20150135032A (en) System and method for updating secret key using physical unclonable function
WO2014147934A1 (en) Communication device, communication system and communication method
JP7451738B2 (en) Key update method and related devices
US20120254617A1 (en) Method and system for establishing security connection between switch equipments
JP6179815B2 (en) ENCRYPTED DATA COMMUNICATION DEVICE, ENCRYPTED DATA COMMUNICATION METHOD, PROGRAM, AND RECORDING MEDIUM
JP4725070B2 (en) Regular content confirmation method, content transmission / reception system, transmitter, and receiver
TWI455554B (en) Communication systems, communication devices and communication methods, and computer programs
JPWO2020188679A1 (en) Communications system
KR20190040443A (en) Apparatus and method for creating secure session of smart meter

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15735564

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15735564

Country of ref document: EP

Kind code of ref document: A1