WO2017073389A1 - Système et procédé de communication - Google Patents

Système et procédé de communication Download PDF

Info

Publication number
WO2017073389A1
WO2017073389A1 PCT/JP2016/080681 JP2016080681W WO2017073389A1 WO 2017073389 A1 WO2017073389 A1 WO 2017073389A1 JP 2016080681 W JP2016080681 W JP 2016080681W WO 2017073389 A1 WO2017073389 A1 WO 2017073389A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
communication
algorithm
signature
key information
Prior art date
Application number
PCT/JP2016/080681
Other languages
English (en)
Japanese (ja)
Inventor
友洋 水谷
Original Assignee
株式会社オートネットワーク技術研究所
住友電装株式会社
住友電気工業株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社オートネットワーク技術研究所, 住友電装株式会社, 住友電気工業株式会社 filed Critical 株式会社オートネットワーク技術研究所
Publication of WO2017073389A1 publication Critical patent/WO2017073389A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a communication system that shares information that should be kept secret between communication apparatuses, and relates to a communication system and a communication method that can realize safe communication with a small amount of communication and a large amount of computation.
  • Patent Document 1 Various encryption schemes have been proposed and used for transmitting and receiving information so that the contents are not known to third parties.
  • a typical encryption method is a public key encryption method.
  • the public key cryptosystem information on asymmetric keys such as a secret key and a public key is used, and a public key corresponding to the secret key is transmitted from the receiver side having the secret key to the sender.
  • the sender side encrypts and transmits the information shared using the public key, and the receiver decrypts the information encrypted with the corresponding private key. Since decryption is impossible with a public key and it is difficult to derive a secret key from a public key, information can be transmitted and received in a secret state even if the public key is known to a third party.
  • Diffie-Hellman key sharing is used in common key cryptography different from public key cryptography to share key information as secret information.
  • the sender and receiver calculate values that can be disclosed separately using secret information separately from each other, exchange the calculated values with each other, and exchange the calculated values with their own values.
  • an equal value secret key
  • the sender and the receiver can share the same information (secret key) without being known to the third party.
  • the present invention has been made in view of such circumstances, and an object thereof is to provide a communication system and a communication method capable of realizing safe communication with a small communication amount.
  • a communication system is a communication system that transmits and receives information between a transmission device and a reception device, wherein the transmission device includes a transmission-side storage unit that stores predetermined key information in advance, and an arbitrary The data and the predetermined key information as inputs, a transmission side calculation unit that calculates based on a first algorithm that uniquely outputs a plurality of sets of information, and the set output by the data and the transmission side calculation unit A receiving unit that stores in advance the corresponding key information uniquely corresponding to the predetermined key information.
  • the storage unit, the receiving unit that receives the data and the predetermined information transmitted by the transmitting unit, the data received by the receiving unit, the predetermined information, and the corresponding key information are input.
  • a receiving-side calculating unit for calculating on the basis of the second algorithm for outputting other information in the plurality of information included on the output said set based on Gorizumu.
  • a communication method is a communication method in which information is transmitted and received between a transmission device and a reception device.
  • the transmission device stores predetermined key information in advance, and stores arbitrary data and the predetermined information.
  • the key information is input based on a first algorithm that uniquely outputs a plurality of sets of information, and the data and predetermined information included in the sets output by the calculation are received.
  • the reception device stores in advance corresponding key information uniquely corresponding to the predetermined key information, and receives and receives the data and the predetermined information transmitted by the transmission unit.
  • a second algorithm that receives the data, the predetermined information, and the corresponding key information as input, and outputs other information of the plurality of pieces of information included in the set output based on the first algorithm Based computed.
  • the present application can be realized not only as a communication system and a communication method including such characteristic components, but also in a computer that performs a transmission device, a reception device, and such characteristic steps included in the communication system.
  • Each can be realized as a program to be executed.
  • it can be realized as a transmission device and a reception device included in the communication system, or a semiconductor integrated circuit that realizes part or all of the communication method described above, or as another system including the communication system. is there.
  • the same information is disclosed so that it is not known to a third party by a single transmission process of transmitting data and predetermined information without performing bidirectional communication between the transmission device and the reception device. Can be derived and shared. Thereby, a safe communication can be realized with a small communication amount and a calculation amount.
  • FIG. 1 is a block diagram showing a configuration of a communication system in a first embodiment.
  • 3 is a flowchart illustrating an example of a processing procedure performed between communication devices in the communication system according to the first embodiment.
  • 6 is a sequence diagram illustrating an example of a procedure of communication processing executed by the communication device according to Embodiment 1.
  • FIG. It is a sequence diagram which shows the procedure in the conventional secret sharing method (Diffie-Hellman key sharing).
  • 6 is a flowchart illustrating an example of an authentication processing procedure using the communication method according to the first embodiment.
  • 6 is a block diagram showing a configuration of a communication system in a second embodiment.
  • FIG. 6 is an explanatory diagram illustrating an outline of a communication method performed in the communication system according to Embodiment 2.
  • FIG. It is explanatory drawing which shows the outline
  • FIG. 10 is a block diagram illustrating a configuration of a communication system in a third embodiment.
  • a communication system is a communication system in which information is transmitted and received between a transmission device and a reception device, wherein the transmission device stores predetermined key information in advance.
  • a transmitting unit that transmits predetermined information of the plurality of pieces of information included in the set to the receiving device, wherein the receiving device stores in advance corresponding key information uniquely corresponding to the predetermined key information.
  • the receiving side storage unit the receiving unit that receives the data and the predetermined information transmitted by the transmitting unit, the data received by the receiving unit and the predetermined information, and the corresponding key information as inputs, And a receiving-side operation unit calculating for on the basis of the second algorithm for outputting other information in the plurality of information included on the output said set based on 1 algorithm.
  • the first and second algorithms are used to calculate a predetermined plurality of sets of information based on the data and the corresponding key information.
  • the first and second algorithms are used to calculate a predetermined plurality of sets of information based on the data and the corresponding key information.
  • a communication system includes a plurality of the reception devices, and the transmission device stores different key information corresponding to each of the plurality of reception devices in the transmission-side storage unit.
  • the receiving device stores corresponding key information corresponding to each of the different key information in the receiving-side storage unit in advance.
  • a combination of key information and corresponding key information is set for each pair of the transmitting device and any one of the plurality of receiving devices. And by storing in a secret state in advance on the receiving device side, the same information can be derived so that each receiving device does not know each other.
  • the predetermined key information is a signature key
  • the corresponding key information is a verification key
  • the first algorithm is a signature generation algorithm that outputs a signature and a comparison signature
  • the second algorithm is a signature verification algorithm that outputs the comparison signature based on the verification key and the signature
  • the transmission unit transmits the signature output by the data and the signature generation algorithm. It is.
  • a signature verification algorithm that verifies the signature by decrypting the encrypted information on the receiving side and verifying whether or not it matches the original information is employed, which is less than the key encryption method. It becomes possible to perform data communication safely with a communication amount and a calculation amount.
  • a communication method is a communication method in which information is transmitted and received between a transmission device and a reception device.
  • the transmission device stores predetermined key information in advance and stores arbitrary data. And the predetermined key information as an input, calculation based on a first algorithm that uniquely outputs a plurality of sets of information, and predetermined information among a plurality of information included in the set output by the data and calculation
  • the receiving device stores in advance corresponding key information uniquely corresponding to the predetermined key information, and receives the data and the predetermined information transmitted by the transmitting unit.
  • a second algorithm that receives the received data, the predetermined information, and the corresponding key information as input, and outputs other information of the plurality of pieces of information included in the set output based on the first algorithm. Calculating on the basis of the rhythm.
  • each of the transmission devices includes a calculation unit that calculates a predetermined plurality of sets of information based on data and corresponding key information by the first and second algorithms.
  • the receiving device can derive other information included in the set. If the corresponding key information can be held in a secret state in advance, even if the data and the predetermined information are disclosed to a third party, that is, sent to a communication medium, the same information is known to the third party. It can be derived without being done.
  • FIG. 1 is an explanatory diagram showing the concept of sharing secret information in the present invention.
  • the information used on the sender side is shown on the left side in FIG. 1, and the information used on the receiver side is shown on the right side in FIG.
  • an algorithm P is used in which a predetermined plurality of sets of information ( ⁇ , ⁇ ,...) Are uniquely derived from key information (Key X) and plaintext ( ⁇ ).
  • Key Y key information
  • Key X plaintext
  • plaintext
  • a signature-dedicated algorithm is used as an algorithm for uniquely deriving a plurality of verification information sets ( ⁇ , ⁇ ) from paired key information (Key X, Y) and plaintext ( ⁇ ).
  • the algorithm is not limited to a signature-only algorithm.
  • a verification value (of a set of information ( ⁇ , ⁇ )) derived from a plaintext ( ⁇ ) and a key (Key X, Y) prepared in advance by a signature-dedicated algorithm ( Focusing on the fact that ⁇ ) can be re-derived (verifiable) based on the plaintext ( ⁇ ) and the key corresponding to the key (Key Y) and the predetermined information ( ⁇ ) in the signature, This ( ⁇ ) is to be shared. This will be specifically described below with reference to Embodiments 1 to 3.
  • FIG. 2 is a block diagram showing a configuration of the communication system in the first embodiment.
  • the communication system is an in-vehicle network and includes a communication device 1 and a communication device 2.
  • Each of the communication devices 1 and 2 is an ECU (Electronic Controller Unit), and the communication devices 1 and 2 are connected by a communication bus 3.
  • the communication devices 1 and 2 communicate with each other based on, for example, CAN (Controller Area Network).
  • the communication device 1 includes a control unit 10, a storage unit 11, a communication unit 12, a random number generation unit 13, a hash calculation unit 14, and an algorithm calculation 15.
  • the control unit 10 is a microcontroller using, for example, one or a plurality of CPUs (Central Processing Unit) or a multi-core CPU, and having a ROM (Read Only Memory), a RAM (Random Access Memory), an input / output interface, a timer, and the like.
  • the CPU of the control unit 10 is connected to the storage unit 11, the communication unit 12, the random number calculation unit 13, the hash calculation unit 14, and the algorithm calculation unit 15 via an input / output interface.
  • the control unit 10 controls the operation of each component unit by executing a built-in control program stored in a built-in ROM.
  • the storage unit 11 uses a flash memory.
  • the storage unit 11 stores information that the control unit 10 refers to during processing.
  • signature key information 1K is stored in advance in a secret state.
  • the timing at which the signature key information 1K is stored is a specific timing such as when the communication apparatus 1 itself is assembled, when a test is performed after the communication system including the communication apparatus 1 is constructed, and when a vehicle is inspected.
  • the signature key information 1K may be stored separately using a technique such as encryption so that it can be securely stored in a secret state at a specific timing.
  • the storage unit 11 stores a password for authentication of the communication device 2 in advance.
  • the communication unit 12 implements communication with the communication device 2 via the communication bus 3 using a transceiver.
  • the communication unit 12 transmits information instructed from the control unit 10 to the communication device 2 by the function of the communication controller included in the control unit 10, detects and receives information sent to the communication bus 3, and receives the control unit 10 is output.
  • the random number calculation unit 13 is an integrated circuit that inputs seeds to generate and output random numbers.
  • the control unit 10 can use the time information obtained from a timer as a seed and give it to the random number calculation unit 13 to obtain a random number.
  • the hash calculation unit 14 is an integrated circuit that inputs numerical information, performs a hash function calculation, and outputs a hash value.
  • the control unit 10 can obtain a hash value by giving the random number obtained from the random number calculation unit 13 to the hash calculation unit 14.
  • the algorithm calculation unit 15 is an integrated circuit that executes a signature verification algorithm by an ECDSA (Elliptic Curve Digital Signature Algorithm) signature scheme.
  • the algorithm calculation unit 15 inputs arbitrary data (hash value) and signature key information 1K, and outputs a signature (r, s).
  • the communication device 2 Since the communication device 2 includes the same components as the communication device 1, the corresponding reference numerals are assigned and detailed description is omitted. However, the communication device 2 stores verification key information 2K corresponding to the signature key information 1K of the communication device 1 in the storage unit 21 in advance. Verification key information 2K is also stored in a secret state in advance. The timing at which the verification key information 2K is stored is the same as the timing at which the signature key information 1K is stored in the storage unit 11 of the communication device 1. The verification key information 2K may also be stored separately using a technique such as encryption so that it can be securely stored in a secret state. The storage unit 21 stores an authentication password.
  • the algorithm calculation unit 25 of the communication device 2 is an integrated circuit that executes a calculation corresponding to the calculation of the algorithm calculation unit 15 of the communication device 1.
  • the algorithm calculation unit 25 receives the signature r when the data input to the algorithm calculation unit 15, the signature s of the signature (r, s) output by the data, and the verification key information 2K of the storage unit 21 are input. Output.
  • FIG. 3 is a flowchart illustrating an example of a procedure of communication processing executed by the communication devices 1 and 2 according to the first embodiment.
  • the control unit 10 of the communication device 1 generates a random number by the random number calculation unit 13 using the time information as a seed to start sharing of secret information (step S11), and the hash value calculation unit 14 based on the obtained random number Is acquired (step S12).
  • the control unit 10 gives the acquired hash value and signature key information 1K to the algorithm calculation unit 15 to acquire the signature (r, s) (step S13).
  • the control unit 10 stores the signature r in the acquired signature (r, s) in the storage unit 11 (step S14), and transmits the other signature s and the hash value acquired in step S12 to the communication device 2 ( Step S15).
  • the control unit 20 of the communication apparatus 2 receives the signature s and the hash value by the communication unit 22 (step S21), and gives the received signature s, hash value, and verification key information 2K to the algorithm calculation unit 25 to obtain the signature r. Derived and acquired (step S22). The control unit 20 stores the acquired signature r in the storage unit 21 (step S23) and ends the process.
  • the signature r having the same contents is stored in the storage unit 11 of the communication device 1 and the storage unit 21 of the communication device 2 without transmitting / receiving the encrypted signature r. In this way, secret information can be shared from the communication device 1 to the communication device 2 by a single transmission process.
  • FIG. 4 is a sequence diagram showing the procedure of the communication method in the first embodiment described above.
  • FIG. 5 is a sequence diagram showing a procedure in a conventional secret sharing method (Diffie-Hellman key sharing).
  • the exchange between the communication device 1 and the communication device 2 for sharing information (signature r) is performed from the communication device 1 side by the signature s and the hash. It is completed in one transmission of value (S15).
  • the conventional secret sharing method requires exchange of values that can be disclosed to each other between the transmission device and the reception device. In this way, it is possible to share information in a secret state with a small amount of communication (number of times).
  • the signature (r, s) output by the algorithm calculation unit 15 is numerical information output based on ECDSA, and there is a condition on the information obtained. Therefore, the secret information can be shared with the signature r by the above-described method.
  • numerical information that is meaningless but serves as a key to be concealed for example, a hash calculation seed is preferable.
  • the signature r can be used as a seed for the hash calculation. It is.
  • FIG. 6 is a flowchart illustrating an example of an authentication processing procedure using the communication method according to the first embodiment.
  • the same procedures as those shown in the flowchart of FIG. 3 are denoted by the same reference numerals, and detailed description thereof is omitted.
  • the control unit 20 of the communication device 2 that is the client transmits an authentication request from the communication unit 22 to the communication device 1 that is the server (step S201).
  • the communication unit 12 of the communication device 1 receives the request for authentication (step S101), generates a random number by the random number calculation unit 13 using the time information of the received time as a seed (S11), and acquires a hash value (S12). Subsequently, the control unit 10 acquires the signature (r, s) from the algorithm calculation unit 15 (S13), stores the signature r in the storage unit 11 (S14), and communicates the signature s and the hash value as a response to the request. It transmits to the apparatus 2 (S15).
  • the control unit 20 of the communication device 2 receives the signature s and the hash value by the communication unit 22 (S21), and derives and acquires the signature r (S22).
  • the control unit 20 stores the acquired signature r in the storage unit 21 (S23), and the hash calculation unit 24 calculates and acquires the password hash value stored in the storage unit 21 using the signature r as a seed (step S23). S24).
  • the control unit 20 transmits the hash value obtained in step S24 to the communication device 1 that is a server (step S25).
  • the control unit 10 of the communication device 1 as a server obtains the hash value of the authentication password of the communication device 2 stored in the storage unit 11 by using the stored signature r as a seed by the hash calculation unit 14. (Step S16). And the control part 10 receives the hash value transmitted from the communication apparatus 2 by the communication part 12 (step S17), and authenticates by comparing the hash value acquired by step S16, and the hash value received by step S17. Is executed (step S18). If the comparison results in step S18 match, authentication is successful, and if they do not match, authentication fails. The control unit 10 returns an authentication result (step S19), receives this on the communication device 2 side (step S26), and ends the authentication process.
  • the authentication process it is possible to securely share a secret seed with a small amount of communication and execute authentication safely.
  • the amount of information can be reduced by using an algorithm of the ECDSA signature method.
  • an embedded processor such as the above-described ECU is used, it is possible to reduce the processing load and save the storage capacity. Further, the above-described method has high resistance against man-in-the-middle attacks.
  • the algorithm calculation units 15 and 25 are configured to use the ECDSA signature method, but may use DSA or RSA encryption. Further, the algorithm calculation units 15 and 25 may perform the calculation by a new method that substitutes for these signature algorithms. That is, the algorithm calculation unit 15 outputs a plurality of sets of information when key information and arbitrary data are input, and outputs other information of the set when a corresponding calculation is performed using the output numerical information as input. Any other method may be used as long as it is an algorithm.
  • the algorithm calculation unit 25 is paired with the numerical information when the input data, the numerical information output by the algorithm calculation unit 15 and the corresponding key information are input corresponding to the algorithm calculation unit 15. Other numerical information may be output.
  • FIG. 7 is a block diagram showing a configuration of a communication system in the second embodiment.
  • the communication system in the second embodiment includes a communication device 1 and communication devices 2a, 2b, and 2c.
  • the communication device 1 and the communication devices 2a, 2b, and 2c are all ECUs and are connected by a communication bus 3.
  • the details of the internal configuration of the communication device 1 are the same as those of the communication device 1 according to the first embodiment except for the information stored in the storage unit 11.
  • the details of the internal configuration of the communication devices 2a, 2b, and 2c are the same as those in the second embodiment except for the information stored in each storage unit 21. Therefore, the same reference numerals are given to configurations common to the first embodiment, and detailed description thereof is omitted.
  • the storage unit 11 of the communication device 1 stores a plurality of signature key information 1Ka, 1Kb, and 1Kc in advance.
  • the signature key information 1Ka is key information for sharing secret information with the communication device 2a
  • the signature key information 1Kb is key information for sharing secret information with the communication device 2b
  • the signature key information 1Kc is key information for sharing secret information with the communication device 2c.
  • the storage unit 21 of the communication device 2a stores in advance verification key information 2Ka corresponding to the signature key information 1Ka.
  • the storage unit 21 of the communication device 2b stores verification key information 2Kb corresponding to the signature key information 1Kb in advance.
  • the storage unit 21 of the communication device 2c stores verification key information 2Kc corresponding to the signature key information 1Kc in advance.
  • the communication process between the communication apparatus 1 and the communication apparatus 2a, the communication process between the communication apparatus 1 and the communication apparatus 2b, and the communication process between the communication apparatus 1 and the communication apparatus 2c are each in the first embodiment.
  • the same procedure (FIG. 3) as the communication process between the communication device 1 and the communication device 2 is performed.
  • FIG. 8 is an explanatory diagram showing an outline of a communication method performed in the communication system according to the second embodiment.
  • FIG. 8 shows the correspondence between the key information held in each communication device 1, 2a, 2b, 2c and the flow of information transmitted and received.
  • the control unit 10 of the communication device 1 is for the communication device 2a among the plurality of signature key information 1Ka, 1Kb, 1Kc.
  • the signature (r, s) is acquired by the algorithm calculation unit 15 using the signature key information 1Ka.
  • the control unit 10 of the communication device 1 sends the data (hash value) and the signature s input when acquiring the signature (r, s) from the communication unit 12 to the communication bus 3.
  • the transmitted data (hash value) and signature s can be received by the communication units 22 of all the communication devices 2a, 2b, 2c connected to the communication bus 3. However, only the communication device 2a that operates using the verification key information 2Ka corresponding to the signature key information 1Ka used to output the data and the signature s acquires the signature r by the algorithm operation unit 25, and the communication device 1 and the secret key information 1Ka are secret. Information (information r) can be shared. The communication devices 2b and 2c can also receive the data based on the signature key information 1Ka and the signature s. However, since the corresponding verification key information 2Ka is not owned, obtaining the common signature r with the communication device 1 is not possible. Can not.
  • the communication process between the communication apparatus 1 and the communication apparatus 2b and the communication process between the communication apparatus 1 and the communication apparatus 2c are the same.
  • arbitrary data (hash value) and signature (r, s) are transmitted from the communication device 1 on the transmission side to the other communication devices 2a, 2b, and 2c on the reception side. Send the signature s.
  • secret information can be shared for each set of the communication device 1 and each of the plurality of communication devices 2a, 2b, and 2c.
  • the signature key information 1Ka, 1Kb, 1Kc stored in the storage unit 11 of the communication device 1 and the verification key information 2Ka, 2Kb, 2Kc stored in each storage unit 21 of the communication devices 2a, 2b, 2c are stored.
  • Various timings can be considered for the storage.
  • the timing at which the communication devices 1, 2 a, 2 b, and 2 c are individually assembled may be the timing at which which communication device is to be communicated when the communication system is constructed.
  • the communication system according to the present invention is applied to communication between ECUs in an in-vehicle network, for example.
  • the present invention is not limited to this, and may be applied to communication between various electronic devices or devices including HMI (Human Machine Interface), PLC (Programmable Logic Controller), controller, maintenance jig, etc. in industrial equipment networks. It is.
  • secret information (signature r) is shared at the same timing between one transmission-side communication device and one or more reception-side communication devices.
  • secret information by obtaining secret information through a certain procedure or process, information different from the value (signature r) shared in the communication of the present invention is shared between specific devices.
  • FIG. 9 is an explanatory diagram showing an outline of a communication method implemented in the modified example.
  • the communication device 2 stores the same verification key information 2Ka, in addition to the communication device 2a that stores only the verification key information 2Ka, “processing 2”
  • the communication apparatus 1 on the transmission side knows “processing 1”.
  • “Processing 1” and “Processing 2” are specific calculation procedures or algorithms, and are stored in each storage unit 21 in advance without being otherwise known between devices that share information.
  • the communication device 1 can acquire not only the signature r as secret information by the signature key information 1Ka but also “information r1” by the process “processing 1” for “information r”. .
  • the communication device 2a can acquire “information r” from the verification key information 2Ka corresponding to the signature key information 1Ka, the data transmitted from the communication device 1, and the information s.
  • the communication devices 2b and 2c do not store the verification key information 2Ka corresponding to the signature key information 1Ka, the same “information r” as that of the communication device 2a is transmitted by the data and information s transmitted from the communication device 1. Can not get.
  • the communication device 2e and the communication device 2g not only can acquire “information r” based on the verification key information 2Ka, but also acquire “information r1” by processing “processing 1” for “information r”. be able to. Accordingly, the communication device 2e and the communication device 2g can share “information r1” that cannot be known to the communication devices 2a, 2b, 2c, 2d, and 2f with the communication device 1.
  • the communication device 2d, the communication device 2f, and the communication device 2g can not only acquire “information r” common to the communication device 1 and the communication device 2a based on the verification key information 2Ka, but also “ “Information r2” can be acquired by the processing of “Process 2”.
  • the communication device 2d, the communication device 2f, and the communication device 2g can share “information r2” that cannot be known to the communication devices 2a, 2b, 2c, and 2e, and the communication device 1 that is a transmission device.
  • the present invention can also be applied between communication devices such as a PC (Personal Computer) and a server computer that communicate with each other via a public communication network such as the Internet, and is one-to-one or one-to-multiple secret information. It is possible to apply to communication sharing.
  • communication devices such as a PC (Personal Computer) and a server computer that communicate with each other via a public communication network such as the Internet, and is one-to-one or one-to-multiple secret information. It is possible to apply to communication sharing.
  • Embodiment 3 shows an example in which the present invention is applied to a server client system.
  • FIG. 10 is a block diagram showing a configuration of a communication system in the third embodiment.
  • the communication system in the third embodiment includes a central device 4 and a terminal device 5.
  • the central device 4 is a server computer
  • the terminal device 5 is a PC. Communication between the central device 4 and the terminal device 5 is possible via a network N which is a public communication network such as the Internet.
  • the central device 4 includes a control unit 40, a storage unit 41, a temporary storage unit 42, and a communication unit 43.
  • the control unit 40 uses a CPU.
  • the control unit 40 reads and executes the algorithm P program 411 stored in the storage unit 41, thereby causing the general-purpose server computer to function as the transmission device in the present invention.
  • the temporary storage unit 42 uses a RAM such as a DRAM and temporarily stores information generated by the processing of the control unit 40.
  • the storage unit 41 uses a nonvolatile memory such as a hard disk or a flash memory, and stores the algorithm P program 411 and the signature key information 4K in advance.
  • the algorithm P program 411 is a program that realizes an operation based on the algorithm P shown in FIG. 1, that is, the signature verification algorithm based on the ECDSA signature scheme.
  • the communication unit 43 implements communication with the terminal device 5 via the network N using a network card.
  • the communication realized by the communication unit 45 may be either wired communication or wireless communication.
  • the terminal device 5 includes a control unit 50, a storage unit 51, a temporary storage unit 52, and a communication unit 53.
  • the control unit 50 uses a CPU.
  • the control unit 50 reads and executes the algorithm Q program 511 stored in the storage unit 51, thereby causing the general-purpose PC to function as the receiving device in the present invention.
  • the temporary storage unit 52 uses a RAM such as a DRAM and temporarily stores information generated by the processing of the control unit 50.
  • the storage unit 51 uses a non-volatile storage medium such as a hard disk or a flash memory, and stores the algorithm Q program 511 and the verification key information 5K corresponding to the signature key information 4K.
  • the algorithm Q program 511 is a program that realizes an operation corresponding to an operation based on the algorithm P program 411 in the central apparatus 4.
  • the communication unit 53 realizes communication with the central device 4 via the network N using a network card.
  • the communication realized by the communication unit 53 may be either wired communication or wireless communication.
  • the process for sharing secret information (signature r) using the signature key information 4K and the verification key information 5K performed between the central device 4 and the terminal device 5 is performed in the embodiment. 1 is the same as the processing content (FIG. 3) performed between the communication device 1 and the communication device 2 in FIG. Therefore, detailed description is omitted.
  • the second embodiment and the modification can be applied to the processing between the central device 4 and the terminal device 5 shown in the third embodiment.
  • the communication system according to the present invention can be applied to a server client system using a PC and a server computer. Further, as shown in the third embodiment, it can also be realized by processing based on software.
  • Communication device 11 Storage unit (transmission side storage unit) 12 Communication unit (transmission unit) 15 Algorithm computation unit (transmission side computation unit) 1K, 1Ka, 1Kb, 1Kc Signature key information (predetermined key information) 2, 2a, 2b, 2c Communication device (receiving device) 21 storage unit (reception side storage unit) 22 Communication unit (receiving unit) 25 Algorithm operation part (reception side operation part) 2K, 2Ka, 2Kb, 2Kc Verification key information (corresponding key information) 4 Central unit (transmitting unit) 40 Control unit (transmission side calculation unit) 411 Algorithm P program (transmission side computing unit) 41 Storage unit (transmission side storage unit) 43 Communication part (transmission part) 4K signature key information (predetermined key information) 5 Terminal device (receiving device) 50 Control unit (receiver side calculation unit) 511 Algorithm Q program (receiver side calculation unit) 51 storage unit (reception side storage unit) 53 Communication unit (

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention a pour but de fournir un système de communication et un procédé de communication qui soient capables d'établir des communications sûres avec une petite quantité de communications et une petite quantité de calculs. La présente invention concerne un système de communication dans lequel des informations sont transmises et reçues entre un dispositif de transmission et un dispositif de réception, le dispositif de transmission : stockant à l'avance des informations de clé prescrites; effectuant des calculs en utilisant des données arbitraires et les informations de clé prescrites comme entrée, sur la base d'un premier algorithme pour sortir de manière unique un ensemble d'une pluralité d'éléments d'informations; transmettant, au dispositif de réception, les données et un élément d'informations prescrit parmi la pluralité d'éléments d'informations inclus dans l'ensemble sorti par l'unité de calcul. Le dispositif de réception : stocke, à l'avance, des informations de clé correspondantes qui correspondent de manière unique aux informations de clé prescrites; reçoit les données et l'élément d'informations prescrit transmis par l'unité de transmission; utilise les données et l'élément d'informations prescrit reçus, ainsi que les informations de clé correspondantes, comme entrée pour effectuer des calculs sur la base du second algorithme pour sortir l'autre élément d'informations parmi la pluralité d'éléments d'informations inclus dans l'ensemble sorti sur la base du premier algorithme.
PCT/JP2016/080681 2015-10-28 2016-10-17 Système et procédé de communication WO2017073389A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015212204A JP2017085368A (ja) 2015-10-28 2015-10-28 通信システム及び通信方法
JP2015-212204 2015-10-28

Publications (1)

Publication Number Publication Date
WO2017073389A1 true WO2017073389A1 (fr) 2017-05-04

Family

ID=58630101

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/080681 WO2017073389A1 (fr) 2015-10-28 2016-10-17 Système et procédé de communication

Country Status (2)

Country Link
JP (1) JP2017085368A (fr)
WO (1) WO2017073389A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11647042B2 (en) 2017-11-28 2023-05-09 Visa International Service Association Systems and methods for protecting against relay attacks

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005502217A (ja) * 2000-12-15 2005-01-20 オラクル・インターナショナル・コーポレイション デジタル署名を署名サーバに委託するための方法と装置
JP2014225746A (ja) * 2013-05-15 2014-12-04 トヨタ自動車株式会社 電子署名検証方法および電子署名検証システム

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8918648B2 (en) * 2010-02-25 2014-12-23 Certicom Corp. Digital signature and key agreement schemes

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005502217A (ja) * 2000-12-15 2005-01-20 オラクル・インターナショナル・コーポレイション デジタル署名を署名サーバに委託するための方法と装置
JP2014225746A (ja) * 2013-05-15 2014-12-04 トヨタ自動車株式会社 電子署名検証方法および電子署名検証システム

Also Published As

Publication number Publication date
JP2017085368A (ja) 2017-05-18

Similar Documents

Publication Publication Date Title
CN109347835B (zh) 信息传输方法、客户端、服务器以及计算机可读存储介质
US12028454B2 (en) Multi-party threshold authenticated encryption
US10554636B2 (en) Lightweight encrypted communication protocol
US20230142978A1 (en) Lightweight authentication protocol using device tokens
CN108886468B (zh) 用于分发基于身份的密钥资料和证书的系统和方法
CN109600350B (zh) 用于车辆网络中的控制器间的安全通信的系统和方法
US10708072B2 (en) Mutual authentication of confidential communication
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
CN105577384B (zh) 用于保护网络的方法
US10938555B2 (en) Method and assembly for establishing a secure communication between a first network device (initiator) and a second network device (responder)
WO2017167771A1 (fr) Protocoles d'établissement de liaison "handshake" pour matériau de clé basée sur l'identité et certificats
CN110198295A (zh) 安全认证方法和装置及存储介质
CN104378374A (zh) 一种基于安全套接层建立通信的方法及系统
CN109309566B (zh) 一种认证方法、装置、系统、设备及存储介质
JP6758476B2 (ja) デバイス間の共通セッション鍵を取得するシステムおよび方法
CN108075896B (zh) 使用基于标识的密码学构建自认证消息的系统和方法
WO2017073389A1 (fr) Système et procédé de communication
CN112822015B (zh) 信息传输方法及相关装置
JP6067474B2 (ja) 電子署名検証方法および電子署名検証システム
CN118646602B (zh) 用户外包数据的加密解密方法、云服务器、设备及介质
CN117375840A (zh) 一种短认证数据实现方法、系统、电子设备及程序产品
CN116032479A (zh) 数据传输方法、装置及存储介质
KR20200072721A (ko) 신체 영역 네트워크 노드와 스마트 차량의 전자제어장치 간의 데이터 통신을 위한 보안 장치
CN110249334A (zh) 设备间高效安全通信的系统和方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16859619

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16859619

Country of ref document: EP

Kind code of ref document: A1