WO2016147340A1 - Dispositif de communication cryptographique, terminal de communication cryptographique, procédé de communication cryptographique et programme de communication cryptographique - Google Patents

Dispositif de communication cryptographique, terminal de communication cryptographique, procédé de communication cryptographique et programme de communication cryptographique Download PDF

Info

Publication number
WO2016147340A1
WO2016147340A1 PCT/JP2015/058065 JP2015058065W WO2016147340A1 WO 2016147340 A1 WO2016147340 A1 WO 2016147340A1 JP 2015058065 W JP2015058065 W JP 2015058065W WO 2016147340 A1 WO2016147340 A1 WO 2016147340A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
communication
buffer
key
encryption key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2015/058065
Other languages
English (en)
Japanese (ja)
Inventor
陽一 柴田
忠和 山中
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mitsubishi Electric Corp
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Priority to PCT/JP2015/058065 priority Critical patent/WO2016147340A1/fr
Priority to JP2017505944A priority patent/JP6192870B2/ja
Publication of WO2016147340A1 publication Critical patent/WO2016147340A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present invention relates to an encryption communication device, an encryption communication terminal, an encryption communication method, and an encryption communication program.
  • One-time pad encryption is a common key encryption method in which a key is shared between a transmission side and a reception side.
  • encryption is performed using an encryption key having the same number of bits as communication data.
  • the encryption key once used for encryption is not reused. That is, the encryption key is made disposable.
  • a typical example of the one-time pad cipher is the Burnham cipher.
  • an exclusive OR or the like is calculated bit by bit for communication data and an encryption key, and the calculation result is transmitted as encrypted data. If even one bit is misaligned between the communication data and the encryption key, the encrypted data cannot be decrypted correctly. Therefore, what means is used to adjust which part of the encryption key is used for the communication data.
  • an encryption key capable of encrypting communication data for a certain time is prepared in advance.
  • the encryption key since the encryption key is disposable, the encryption key may be exhausted during the encryption communication. In this case, there is a delay from when the encryption key is exhausted until the encryption key is replenished. Note that the encryption key being “depleted” means that the remaining number of encryption keys is zero.
  • An object of the present invention is to eliminate a delay that occurs between the time when an encryption key is exhausted and the time when the encryption key is replenished.
  • An encryption communication apparatus is provided.
  • Memory Each time communication data is input, one encryption key stored in a buffer that is an internal area of the memory is acquired, and the communication data is encrypted using the acquired encryption key. And generating encrypted data with the encryption unit for deleting the acquired encryption key from the buffer, A data transmission unit that performs cryptographic communication by transmitting the encrypted data generated by the encryption unit; A management unit that adds a new encryption key to the buffer according to a speed at which the number of encryption keys in the buffer decreases while encryption communication by the data transmission unit continues.
  • a new encryption key is added to the buffer according to the speed at which the number of encryption keys in the buffer decreases while the encrypted communication continues. For this reason, it is possible to eliminate a delay that occurs until the encryption key is replenished after the encryption key is depleted.
  • FIG. 1 is a block diagram illustrating a configuration of a communication system according to Embodiment 1.
  • FIG. 3 shows an operation of the communication system according to the first embodiment.
  • 1 is a block diagram illustrating a configuration of an encryption communication device according to a first embodiment.
  • 1 is a block diagram illustrating a configuration of an encryption communication device according to a first embodiment.
  • 5 is a flowchart showing the operation of the cryptographic communication apparatus according to the first embodiment.
  • 4 is a detailed flowchart showing the operation of the cryptographic communication apparatus according to the first embodiment.
  • 4 is a detailed flowchart showing the operation of the cryptographic communication apparatus according to the first embodiment.
  • FIG. 4 is a diagram illustrating a specific example of processing of the cryptographic communication apparatus according to the first embodiment.
  • FIG. 4 is a diagram illustrating a specific example of processing of the cryptographic communication apparatus according to the first embodiment.
  • FIG. 4 is a diagram illustrating a specific example of processing of the cryptographic communication apparatus according to the first embodiment.
  • FIG. 4 is a diagram illustrating a specific example of processing of the cryptographic communication apparatus according to the first embodiment.
  • FIG. 4 is a diagram illustrating a specific example of processing of the cryptographic communication apparatus according to the first embodiment.
  • FIG. 4 is a diagram illustrating a specific example of processing of the cryptographic communication apparatus according to the first embodiment.
  • FIG. 4 is a diagram illustrating a specific example of processing of the cryptographic communication apparatus according to the first embodiment.
  • Embodiment 1 FIG. First, as an outline of the present embodiment, the configuration of the system according to the present embodiment, the operation of the system according to the present embodiment, and the effects of the present embodiment will be described in order.
  • the communication system 100 includes a plurality of encryption communication terminals 110 and 120.
  • the encryption communication terminals 110 and 120 are mobile terminals such as smartphones, tablets, and mobile phones, respectively.
  • the encryption communication terminals 110 and 120 may be terminals other than mobile terminals such as personal computers.
  • the terminal A which is the encryption communication terminal 110 on the transmission side includes an encryption communication device 111 and a processing device 112.
  • the encrypted communication device 111 generates encrypted data by encrypting the communication data using a disposable encryption key every time the communication data is received.
  • the cryptographic communication device 111 performs cryptographic communication by transmitting the generated encrypted data.
  • the processing device 112 executes a program 113 that inputs communication data to the encryption communication device 111.
  • the program 113 is a plurality of applications 114.
  • the processing device 112 is a processor such as a CPU (Central Processing Unit).
  • the key sharing device 115 can be connected to the terminal A.
  • the cryptographic communication apparatus 111 can acquire the cryptographic key from the key sharing apparatus 115 when the key sharing apparatus 115 is connected to the terminal A.
  • the encryption communication device 111 stores the encryption key in advance or generates the encryption key independently.
  • Terminal B which is the encryption communication terminal 120 on the receiving side, includes an encryption communication device 121 and a processing device 122.
  • the cryptographic communication device 121 performs cryptographic communication by receiving encrypted data. Each time the encrypted communication device 121 receives encrypted data, the encrypted communication device 121 generates communication data by decrypting the encrypted data using a disposable encryption key.
  • the processing device 122 executes a program 123 that receives input of communication data from the encryption communication device 121.
  • the program 123 is a plurality of applications 124.
  • the processing device 122 is a processor such as a CPU.
  • the key sharing device 125 can be connected to the terminal B.
  • the cryptographic communication apparatus 121 can acquire the cryptographic key from the key sharing apparatus 125 when the key sharing apparatus 125 is connected to the terminal B.
  • the encryption communication device 121 stores the encryption key in advance or generates the encryption key independently.
  • Terminal A and terminal B are connected to a network 130 such as the Internet.
  • cryptographic communication between the cryptographic communication terminals 110 and 120 is performed by the cryptographic communication devices 111 and 121 incorporated in the cryptographic communication terminals 110 and 120 via the network 130, respectively.
  • the cryptographic communication devices 111 and 121 are cryptographic communication modules that are independent of the applications 114 and 124 executed by the cryptographic communication terminals 110 and 120, respectively. Therefore, in this embodiment, it is possible to use encrypted communication even in the applications 114 and 124 that do not have the encrypted communication function.
  • the encryption communication devices 111 and 121 have buffers for temporarily storing encryption keys for the applications 114 and 124, as will be described later.
  • encryption communication terminal 110 when each application 114 communicates with another encryption communication terminal 120, encryption communication is performed using the encryption key in the corresponding buffer. The same applies to the encryption communication terminal 120.
  • the cryptographic communication devices 111 and 121 manage buffers for the applications 114 and 124, respectively.
  • the encryption communication devices 111 and 121 need to be based on the amount of encryption key consumed by encryption communication and the remaining amount of encryption key in the buffer. Add the encryption key to the buffer.
  • both one or both of the encryption communication terminals 110 and 120 may be equipped with both the encryption communication module on the transmission side and the encryption communication module on the reception side. That is, the encryption communication device 111 of the terminal A may have both functions of the transmission side and the reception side. In that case, the cryptographic communication device 111 may be configured by two cryptographic communication modules of the transmission side and the reception side, or may be configured by one cryptographic communication module in which the transmission side and the reception side are integrated. .
  • the encryption communication device 121 of the terminal B is the same as the encryption communication device 111 of the terminal A.
  • the number of encryption communication terminals provided in the communication system 100 is not limited to two, and may be three or more. Of the three or more encryption communication terminals, at least one encryption communication terminal is equipped with a transmission-side encryption communication module, and at least one other encryption communication terminal is equipped with a reception-side encryption communication module. The remaining encrypted communication terminals only need to be equipped with at least one of the transmitting-side encrypted communication module and the receiving-side encrypted communication module.
  • the application 114 of the terminal A sends the destination information T1 of the terminal B to the encryption communication device 111 of the terminal A.
  • the encryption communication device 111 identifies the terminal B from the destination information T1.
  • the encryption communication device 111 creates the key list L1 from the encryption key group G1 that it owns.
  • the encryption key group G1 includes an encryption key K1.
  • the encryption communication device 111 transmits the key list L1 to the encryption communication device 121 of the terminal B.
  • the application 124 of the terminal B sends the destination information T2 of the terminal A to the encryption communication device 121 of the terminal B.
  • the encryption communication device 121 identifies the terminal A from the destination information T2.
  • the encryption communication device 121 receives the key list L1 from the encryption communication device 111 of the terminal A.
  • the encryption communication device 121 creates a key list L2 from the encryption key group G2 held by itself.
  • the encryption key group G2 includes an encryption key K1. However, not all of the encryption keys included in the encryption key group G2 need to match the encryption keys included in the encryption key group G1.
  • the encryption communication device 121 specifies the encryption key K1 used for encryption communication from the key list L1 and the key list L2.
  • the encryption communication device 121 transmits key information I1 that is identification information of the encryption key K1 to the encryption communication device 111 of the terminal A.
  • the encryption communication device 111 of the terminal A receives the key information I1.
  • the encryption communication device 111 expands the data of the encryption key K1 pointed to by the key information I1 in the buffer M1 assigned to the application 114 of the terminal A.
  • the data of the encryption key K1 pointed to by the key information I1 is expanded in the buffer M2 assigned to the application 124 of the terminal B.
  • the encryption communication device 111 encrypts the communication data D1 by using the encryption key K1 in the buffer M1, and encrypts it.
  • Data E1 is created.
  • the encryption communication device 111 transmits the encrypted data E1 to the encryption communication device 121 of the terminal B.
  • the encryption communication device 121 of the terminal B receives the encrypted data E1.
  • the encryption communication device 121 decrypts the encrypted data E1 using the encryption key K1 in the buffer M2, and obtains communication data D1.
  • the encryption communication device 121 sends the communication data D1 to the application 124 of the terminal B.
  • Similar processing refers to processing performed in the same procedure as described above using a different encryption key for each processing.
  • the encryption communication device 111 of the terminal A and the encryption communication device 121 of the terminal B monitor the decrease speeds of the encryption keys in the buffer M1 and the buffer M2, respectively.
  • the encryption communication device 111 of the terminal A and the encryption communication device 121 of the terminal B add the encryption keys to the buffer M1 and the buffer M2 before the encryption keys of the buffer M1 and the buffer M2 respectively disappear.
  • the encryption communication device 111 of the terminal A creates a key list L3 from the encryption key group G3 held by itself.
  • the encryption key group G3 includes an encryption key K3.
  • the encryption communication device 111 transmits the key list L3 to the encryption communication device 121 of the terminal B.
  • the encryption communication device 121 of the terminal B receives the key list L3.
  • the encryption communication device 121 creates a key list L4 from the encryption key group G4 that it owns.
  • the encryption key group G4 includes an encryption key K3. However, not all of the encryption keys included in the encryption key group G4 need to match the encryption keys included in the encryption key group G3.
  • the encryption communication device 121 specifies the encryption key K2 used for encryption communication from the key list L3 and the key list L4.
  • the encryption communication device 121 transmits key information I2 that is identification information of the encryption key K2 to the encryption communication device 111 of the terminal A.
  • the encryption communication device 111 of the terminal A receives the key information I2.
  • the encryption communication device 111 expands the data of the encryption key K2 pointed to by the key information I2 in the buffer M1 assigned to the application 114 of the terminal A.
  • the data of the encryption key K2 pointed to by the key information I2 is expanded in the buffer M2 assigned to the application 124 of the terminal B.
  • the encryption key is added after the encryption key is depleted by adding the encryption key before the encryption key is exhausted during the encryption communication of the specific application 114, 124. It is possible to eliminate the delay that occurs up to.
  • each application 114 and 124 when a plurality of applications 114 and 124 perform one-time pad encryption communication in the same encryption communication terminal 110 and 120, each application 114 and 124 has a dedicated encryption key. There is no need. Therefore, the data capacity in the encryption communication terminals 110 and 120 can be reduced.
  • the cryptographic communication device 111 includes a wired interface 151, an internal interface 152, a communication interface 153, a storage medium 154, and a memory 155.
  • the encryption communication device 111 includes an acquisition unit 161, a data reception unit 162, a request reception unit 163, a list generation unit 164, a list transmission unit 165, an information reception unit 166, a management unit 167, and an encryption Unit 168 and a data transmission unit 169.
  • the wired interface 151 is an interface for communicating with an external device.
  • the wired interface 151 is used to acquire an encryption key from the key sharing device 115.
  • the wired interface 151 can be replaced with a wireless interface.
  • the internal interface 152 is an interface for communicating with the application 114 in the terminal A.
  • the internal interface 152 is used for exchanging destination information and communication data with the application 114.
  • the communication interface 153 is an interface for communicating with other terminals.
  • the communication interface 153 is used for communicating with the terminal B.
  • the storage medium 154 stores the encryption key group acquired by the acquisition unit 161.
  • the memory 155 has a buffer associated with the application 114 of the terminal A.
  • the acquisition unit 161 acquires the encryption key from the key sharing device 115 via the wired interface 151.
  • the acquisition unit 161 stores the acquired encryption key in the storage medium 154.
  • the data receiving unit 162 receives communication data from the application 114 of the terminal A via the internal interface 152.
  • the data reception unit 162 passes the received communication data to the encryption unit 168.
  • the request reception unit 163 receives destination information from the application 114 of the terminal A through the internal interface 152.
  • the request reception unit 163 instructs the list generation unit 164 to generate a key list.
  • the list generation unit 164 receives the destination information from the request reception unit 163.
  • the list generation unit 164 generates a key list from the encryption key group in the storage medium 154.
  • the list generation unit 164 passes the generated key list to the list transmission unit 165 together with the destination information.
  • the list transmission unit 165 receives the key list and the destination information from the list generation unit 164.
  • the list transmission unit 165 transmits the key list to the terminal B, which is the destination described in the destination information, via the communication interface 153.
  • the information receiving unit 166 receives key information that is identification information of an encryption key from the terminal B that is the partner to which the list transmitting unit 165 has transmitted the key list, via the communication interface 153.
  • the information receiving unit 166 passes the received key information to the management unit 167.
  • the management unit 167 acquires an encryption key that matches the key information received from the information reception unit 166 from the storage medium 154.
  • the management unit 167 sets a flag indicating that the encryption key in the storage medium 154 is being used.
  • the management unit 167 expands the encryption key in a buffer associated with the application 114 of the terminal A in the memory 155.
  • the management unit 167 sets the buffer in the memory 155.
  • the management unit 167 deletes the encryption key expanded in the buffer from the storage medium 154.
  • the encryption unit 168 receives communication data from the data reception unit 162.
  • the encryption unit 168 acquires the bit string of the encryption key from the buffer associated with the application 114 of the terminal A in the memory 155.
  • the encryption unit 168 encrypts the communication data with the one-time pad encryption using the acquired bit string of the encryption key, and generates encrypted data.
  • the encryption unit 168 passes the generated encrypted data to the data transmission unit 169.
  • the data transmission unit 169 transmits the encrypted data received from the encryption unit 168 via the communication interface 153.
  • the cryptographic communication device 121 includes a wired interface 171, an internal interface 172, a communication interface 173, a storage medium 174, and a memory 175.
  • the encryption communication apparatus 121 includes an acquisition unit 181, a data transmission unit 182, a request reception unit 183, an information generation unit 184, a list reception unit 185, an information transmission unit 186, a management unit 187, and a decryption unit. 188 and a data receiving unit 189.
  • the wired interface 171 is an interface for communicating with an external device.
  • the wired interface 171 is used to acquire an encryption key from the key sharing device 125.
  • the wired interface 171 can be replaced with a wireless interface.
  • the internal interface 172 is an interface for communicating with the application 124 in the terminal B.
  • the internal interface 172 is used to exchange destination information and communication data with the application 124.
  • the communication interface 173 is an interface for performing communication with other terminals.
  • the communication interface 173 is used for communicating with the terminal A.
  • the storage medium 174 stores the encryption key group acquired by the acquisition unit 181.
  • the memory 175 has a buffer associated with the application 124 of the terminal B.
  • the acquisition unit 181 acquires an encryption key from the key sharing device 125 via the wired interface 171.
  • the acquisition unit 181 stores the acquired encryption key in the storage medium 174.
  • the request reception unit 183 receives destination information from the application 124 of the terminal B via the internal interface 172.
  • the request reception unit 183 instructs the list reception unit 185 to wait for reception of the key list.
  • the list receiving unit 185 receives the key list via the communication interface 173.
  • the list receiving unit 185 passes the received key list to the information generating unit 184.
  • the information generation unit 184 receives the key list from the list reception unit 185.
  • the information generation unit 184 generates a key list from the encryption key group in the storage medium 174.
  • the information generation unit 184 generates key information that is identification information of the encryption key from the key list received from the list reception unit 185 and the generated key list.
  • the information generation unit 184 passes the generated key information to the information transmission unit 186.
  • the information transmitting unit 186 transmits the key information received from the information generating unit 184 to the terminal A that is the partner from which the list receiving unit 185 has received the key list, via the communication interface 173.
  • the information transmission unit 186 passes the transmitted key information to the management unit 187.
  • the management unit 187 acquires an encryption key that matches the key information received from the information transmission unit 186 from the storage medium 174.
  • the management unit 187 sets a flag indicating that the encryption key in the storage medium 174 is being used.
  • the management unit 187 expands the encryption key in a buffer associated with the application 124 of the terminal B in the memory 175.
  • the management unit 187 sets the buffer in the memory 175.
  • the management unit 187 deletes the encryption key expanded in the buffer from the storage medium 174.
  • the data receiving unit 189 receives the encrypted data via the communication interface 173.
  • the data receiving unit 189 passes the received encrypted data to the decrypting unit 188.
  • the decryption unit 188 receives the encrypted data from the data reception unit 189.
  • the decryption unit 188 acquires the bit string of the encryption key from the buffer associated with the application 124 of the terminal B in the memory 175.
  • the decryption unit 188 decrypts the encrypted data using the one-time pad encryption using the acquired bit string of the encryption key, and generates communication data.
  • the decryption unit 188 passes the generated communication data to the data transmission unit 182.
  • the data sending unit 182 receives the communication data from the decoding unit 188.
  • the data transmission unit 182 passes the received communication data to the application 124 of the terminal B via the internal interface 172.
  • FIG. 5 shows a rough processing flow of the encryption communication device 111 of the terminal A and the encryption communication device 121 of the terminal B.
  • step S11 it is determined that encryption communication is used between the application 114 of the terminal A and the application 124 of the terminal B by an arbitrary method.
  • the encryption communication device 111 of the terminal A receives the encryption communication request from the application 114 of the terminal A.
  • This encrypted communication request includes destination information T1 designating the terminal B.
  • the encryption communication device 121 of the terminal B also receives the encryption communication request from the application 124 of the terminal B.
  • This encrypted communication request includes destination information T2 for designating the terminal A.
  • step S12 the encryption communication device 111 of the terminal A and the encryption communication device 121 of the terminal B perform a key confirmation process with each other.
  • step S13 the encryption communication device 111 of the terminal A performs the encryption communication process on the transmission side.
  • the encryption communication device 121 of the terminal B performs reception side encryption communication processing.
  • FIG. 6 shows the flow of the key confirmation process in step S12 of FIG. Note that since the key confirmation processing is not directly involved in transmission / reception of communication data, the roles of the encryption communication device 111 of the terminal A and the encryption communication device 121 of the terminal B may be switched.
  • step S21 the encryption communication device 111 of the terminal A creates a key list L1 from the encryption key group G1 in the storage medium 154.
  • step S22 the encryption communication device 111 of the terminal A transmits the key list L1 created in step S21 to the encryption communication device 121 of the terminal B.
  • step S23 the encryption communication device 121 of the terminal B receives the key list L1 transmitted in step S22. Further, the encryption communication device 121 of the terminal B creates the key list L2 from the encryption key group G2 in the storage medium 174.
  • step S24 the encryption communication device 121 of the terminal B determines the encryption key K1 used for encryption communication from the key list L1 received in step S23 and the key list L2 created in step S23.
  • step S25 the encryption communication device 121 of the terminal B sets a flag indicating that it is in use for the encryption key K1 determined in step S24 in the storage medium 174.
  • step S26 the encryption communication device 121 of the terminal B transmits the key information I1 of the encryption key K1 determined in step S24 to the encryption communication device 111 of the terminal A.
  • step S27 the encryption communication device 111 of the terminal A receives the key information I1 transmitted in step S26.
  • step S28 the encryption communication device 111 of the terminal A sets a flag indicating that the encryption key K1 corresponding to the key information I1 received in step S27 in the storage medium 154 is in use.
  • step S29 the encryption communication device 111 of the terminal A expands the encryption key K1 corresponding to the key information I1 received in step S27 in the buffer M1 in the memory 155, and deletes the original encryption key K1 from the storage medium 154. .
  • step S30 the encryption communication device 111 of the terminal A notifies the start of encryption communication.
  • step S31 the encryption communication device 121 of the terminal B receives a notification of the start of encryption communication.
  • step S32 the encryption communication device 121 of the terminal B expands the encryption key K1 for which the flag is set in step S25 in the buffer M2 in the memory 175, and deletes the original encryption key K1 from the storage medium 174.
  • step S24 to S29 and step S32 is performed not only for the encryption key K1, but also for all encryption keys common to the key list L1 on the transmission side and the key list L2 on the reception side.
  • FIG. 7 shows the flow of encryption communication processing in step S13 of FIG.
  • step S41 the encryption communication device 111 of the terminal A receives the communication data D1 from the application 114 of the terminal A.
  • step S42 the encryption communication device 111 of the terminal A encrypts the communication data D1 received in step S41 with the one-time pad encryption using the encryption key K1 in the buffer M1 of the memory 155 to obtain the encrypted data E1. .
  • step S43 the encryption communication device 111 of the terminal A transmits the encrypted data E1 obtained in step S42 to the encryption communication device 121 of the terminal B. If the communication ends here, the encryption communication process ends.
  • step S44 the encryption communication device 111 of the terminal A checks the remaining amount of the encryption key in the buffer M1, and determines whether it is necessary to add the encryption key to the buffer M1. If it is not necessary to add an encryption key, the encryption communication apparatus 111 of the terminal A repeats the process after step S41 about the following communication data.
  • step S45 the encryption communication device 111 of the terminal A performs a key confirmation process.
  • the key confirmation process is as described with reference to FIG. 6, but the process of notifying the start of encrypted communication in steps S30 and S31 is not necessary.
  • step S46 the encryption communication device 121 of the terminal B receives the encrypted data E1 transmitted in step S43 from the encryption communication device 111 of the terminal A.
  • step S47 the encryption communication device 121 of the terminal B uses the encryption key K1 stored in the buffer M2 of the memory 175 to decrypt the encrypted data E1 received in step S46 using the one-time pad encryption to obtain communication data D1. .
  • the encryption communication device 121 of the terminal B passes the communication data D1 to the application 124 of the terminal B. If the communication ends here, the encryption communication process ends.
  • step S48 the encryption communication device 121 of the terminal B checks the remaining amount of the encryption key in the buffer M2, and determines whether it is necessary to add the encryption key to the buffer M2. If it is not necessary to add an encryption key, the encryption communication apparatus 121 of the terminal B repeats the process after step S46 about the following encryption data.
  • step S48 If the result of determination in step S48 is that an encryption key is to be added to the buffer M2, in step S49, the encryption communication device 121 of the terminal B performs key confirmation processing.
  • the key confirmation process is as described with reference to FIG. 6, but the process of notifying the start of encrypted communication in steps S30 and S31 is not necessary.
  • steps S41 and S42 every time the encryption unit 168 receives input of communication data, the encryption unit 168 acquires one encryption key out of the encryption keys stored in the buffer that is an internal area of the memory 155, and the acquired encryption key The encrypted data is generated by encrypting the communication data using, and the acquired encryption key is deleted from the buffer.
  • step S43 the data transmission unit 169 performs encrypted communication by transmitting the encrypted data generated by the encryption unit 168.
  • the management unit 167 adds a new encryption key to the buffer according to the speed at which the number of encryption keys in the buffer decreases while the encrypted communication by the data transmission unit 169 continues. Specifically, the management unit 167 estimates the time until the encryption key in the buffer runs out from the speed at which the number of encryption keys in the buffer decreases and the number of encryption keys remaining in the buffer. When the value falls below the threshold, a new encryption key is added to the buffer.
  • This threshold value can be arbitrarily adjusted, but is preferably set to a time longer than the delay that occurs between the time when the encryption key in the buffer is exhausted and the time when the encryption key is replenished in the buffer. That is, it is desirable that the threshold be set longer than the time required for executing the key confirmation process in the encryption communication device 111 of the terminal A. Note that the speed at which the number of encryption keys in the buffer decreases can be measured by an arbitrary method.
  • step S46 the data receiving unit 189 performs encrypted communication by receiving the encrypted data.
  • step S47 every time encrypted data is received by the data receiving unit 189, the decrypting unit 188 acquires one of the encryption keys stored in the buffer that is an internal area of the memory 175, and acquires it.
  • the communication data is generated by decrypting the encrypted data using the encrypted key, and the acquired encryption key is deleted from the buffer.
  • the management unit 187 adds a new encryption key to the buffer according to the speed at which the number of encryption keys in the buffer decreases while the encryption communication by the data reception unit 189 continues. Specifically, the management unit 187 estimates the time until the encryption key in the buffer runs out from the speed at which the number of encryption keys in the buffer decreases and the number of encryption keys remaining in the buffer. When the value falls below the threshold, a new encryption key is added to the buffer.
  • This threshold value can be arbitrarily adjusted as in the case of terminal A, but is set to a time longer than the delay that occurs between the time when the encryption key in the buffer is exhausted and the time when the encryption key is replenished to the buffer.
  • the threshold is set longer than the time required for executing the key confirmation process in the encryption communication apparatus 121 of the terminal B. Note that the speed at which the number of encryption keys in the buffer decreases can be measured by an arbitrary method.
  • the buffers of the encryption communication device 111 of the terminal A and the encryption communication device 121 of the terminal B are individually assigned to each of the plurality of applications 114 and 124. For this reason, the management units 167 and 187 make a new response according to the speed at which the number of encryption keys in the buffer allocated to the applications 114 and 124 in which the encrypted communication continues among the plurality of applications 114 and 124 decreases.
  • the encryption key is added to the buffer assigned to the application 114 or 124. Specifically, the management units 167 and 187 determine whether the number of encryption keys in the buffer allocated to the applications 114 and 124 decreases and the number of encryption keys remaining in the buffer.
  • This threshold value may be set uniformly, but may be set at a different time for each application 114. For example, the threshold may be set longer for an application 114 that has a relatively high degree of influence due to delay, such as a voice call, and may be set shorter for an application 114 that has a relatively low degree of influence due to delay, such as mail communication.
  • the encryption keys used by the encryption unit 168 of the encryption communication device 111 of the terminal A and the decryption unit 188 of the encryption communication device 121 of the terminal B are determined by communication with the respective counterparts of the encryption communication.
  • FIG. 8 shows a specific example of processing performed by the list generation unit 164 of the encryption communication device 111 of the terminal A.
  • each encryption key includes key information, a flag, and key data.
  • the encryption key K1 includes key information I1 “002”, a flag “unused”, and key data “10111011010.
  • the list generation unit 164 extracts the key information of the encryption key whose flag is “unused” from the encryption key database 210.
  • the list generation unit 164 generates the extracted key information list as the key list L1.
  • FIG. 9 shows a specific example of processing performed by the information generation unit 184 of the encryption communication device 121 of the terminal B.
  • each encryption key included in the encryption key group G2 is recorded.
  • the configuration of each encryption key is the same as that of the encryption key database 210 of the terminal A.
  • the information generation unit 184 When the information generation unit 184 receives the key list L1 from the list reception unit 185, the information generation unit 184 extracts the key information of the encryption key whose flag is “unused” from the encryption key database 220. The information generation unit 184 generates the extracted key information list as the key list L2. The information generation unit 184 compares the key list L1 and the key list L2. The information generation unit 184 selects key information in both lists as a result of comparison. For example, the key information I1 is key information in both lists. The information generation unit 184 passes the selected key information to the information transmission unit 186. At this time, the information generating unit 184 sets the encryption key flag that matches the selected key information to “in use” in the encryption key database 220. The key information selected by the information generation unit 184 corresponds to the key information generated by the information generation unit 184.
  • FIG. 10 shows a specific example of processing performed when the management unit 167 of the encryption communication device 111 of the terminal A receives the key information I1.
  • the management unit 167 Upon receiving the key information I1 from the information receiving unit 166, the management unit 167 searches the encryption key database 210 of the storage medium 154 for the encryption key K1 having the same key information I1. The management unit 167 sets the flag of the encryption key K1 to “in use”.
  • FIG. 11 shows a specific example of processing performed when the management unit 167 of the encryption communication device 111 of the terminal A expands the encryption key in the buffer M1.
  • the management unit 167 reads the key data of the encryption key K1 having the same key information I1 received from the information receiving unit 166.
  • the management unit 167 expands the read key data of the encryption key K1 in the buffer M1 of the memory 155.
  • the management unit 167 deletes the encryption key K1 expanded in the buffer M1 from the encryption key database 210 of the storage medium 154.
  • the management unit 187 of the encryption communication device 121 of the terminal B reads the key data of the encryption key K1 having the same key information I1 as that generated by the information generation unit 184.
  • the management unit 187 expands the read key data of the encryption key K1 in the buffer M2 of the memory 175.
  • the management unit 187 deletes the encryption key K1 expanded in the buffer M2 from the encryption key database 220 of the storage medium 174.
  • FIG. 12 shows a specific example of processing performed by the encryption unit 168 of the encryption communication device 111 of the terminal A.
  • the encryption unit 168 When the encryption unit 168 receives the communication data D1 from the data reception unit 162, the encryption unit 168 reads the key data of the encryption key K1 from the buffer M1 of the memory 155. The encryption unit 168 calculates the exclusive OR of the read key data of the encryption key K1 and the communication data D1. The encryption unit 168 passes the calculation result to the data transmission unit 169 as encrypted data E1.
  • FIG. 13 shows a specific example of processing performed by the decryption unit 188 of the encryption communication device 121 of the terminal B.
  • the decrypting unit 188 When receiving the encrypted data E1 from the data receiving unit 189, the decrypting unit 188 reads the key data of the encryption key K1 from the buffer M2 of the memory 175. The decryption unit 188 calculates an exclusive OR of the read key data of the encryption key K1 and the encrypted data E1. The decryption unit 188 passes the calculation result to the data transmission unit 182 as communication data D1.
  • FIG. 14 shows a specific example of processing performed when the management unit 167 of the encryption communication device 111 of the terminal A detects that the key data of the encryption key in the buffer M1 has decreased.
  • the management unit 167 monitors the buffer M1 used in the encrypted communication while the encrypted communication is continued.
  • the management unit 167 estimates the time until the key data of the encryption key is exhausted from the speed at which the key data of the encryption key decreases and the remaining amount of the key data of the encryption key.
  • the management unit 167 calls a key confirmation process to maintain a state where the encryption key of the buffer M1 is not exhausted.
  • the management unit 187 of the encryption communication device 121 of the terminal B monitors the buffer M2 used in the encryption communication while the encryption communication is continued.
  • the management unit 187 estimates the time until the key data of the encryption key is exhausted from the speed at which the key data of the encryption key decreases and the remaining amount of key data of the current encryption key.
  • the management unit 187 maintains a state where the encryption key of the buffer M2 is not depleted by calling the key confirmation process when the estimated time is less than a certain value.
  • the encryption communication device 111 and the encryption communication device 121 manage the encryption key, so that each of the applications 114 and 124 individually manages the encryption key. An increase in capacity can be avoided. In addition, by providing a separate buffer for each of the applications 114 and 124 and supplying an encryption key before the buffer runs out, a system that does not cause a delay during encryption communication can be realized.
  • the data capacity in the encryption communication terminals 110 and 120 is reduced, and the encryption communication is performed. It is possible to achieve both a delay and no delay.
  • a new encryption key is added to the buffer according to the speed at which the number of encryption keys in the buffer decreases while the encryption communication continues. For this reason, it is possible to eliminate a delay that occurs until the encryption key is replenished after the encryption key is depleted.
  • Each of the cryptographic communication devices 111 and 121 is a computer.
  • the cryptographic communication devices 111 and 121 include hardware such as a processor 901, an auxiliary storage device 902, a memory 903, a communication device 904, an input interface 905, and a display interface 906, respectively.
  • the processor 901 is connected to other hardware via the signal line 910, and controls these other hardware.
  • the input interface 905 is connected to the input device 907.
  • the display interface 906 is connected to the display 908.
  • the processor 901 is an IC (Integrated Circuit) that performs processing.
  • the processor 901 is, for example, a CPU, a DSP (Digital Signal Processor), or a GPU (Graphics Processing Unit).
  • the auxiliary storage device 902 is, for example, a ROM (Read / Only / Memory), a flash memory, or an HDD (Hard / Disk / Drive).
  • the storage medium 154 of the encryption communication device 111 and the storage medium 174 of the encryption communication device 121 correspond to the auxiliary storage device 902, respectively.
  • the memory 903 is, for example, a RAM (Random Access Memory).
  • the memory 155 of the cryptographic communication device 111 and the memory 175 of the cryptographic communication device 121 correspond to the memory 903, respectively.
  • the communication device 904 includes a receiver 921 that receives data and a transmitter 922 that transmits data.
  • the communication device 904 is, for example, a communication chip or a NIC (Network, Interface, Card).
  • the wired interface 151 and the communication interface 153 of the cryptographic communication device 111 and the wired interface 171 and the communication interface 173 of the cryptographic communication device 121 correspond to the communication device 904, respectively.
  • the internal interface 152 of the cryptographic communication device 111 and the internal interface 172 of the cryptographic communication device 121 are each a bus interface or the like.
  • the input interface 905 is a port to which the cable 911 of the input device 907 is connected.
  • the input interface 905 is, for example, a USB (Universal / Serial / Bus) terminal.
  • the display interface 906 is a port to which the cable 912 of the display 908 is connected.
  • the display interface 906 is, for example, a USB terminal or an HDMI (registered trademark) (High Definition, Multimedia, Interface) terminal.
  • the input device 907 is, for example, a mouse, a touch pen, a keyboard, or a touch panel.
  • the display 908 is, for example, an LCD (Liquid / Crystal / Display).
  • the auxiliary storage device 902 includes an acquisition unit 161, a data reception unit 162, a request reception unit 163, a list generation unit 164, a list transmission unit 165, an information reception unit 166, a management unit 167, an encryption unit 168, Data transmission unit 169 or acquisition unit 181, data transmission unit 182, request reception unit 183, information generation unit 184, list reception unit 185, information transmission unit 186, management unit 187, decryption unit 188, data
  • a program for realizing the function of “unit” such as the receiving unit 189 is stored. This program is loaded into the memory 903, read into the processor 901, and executed by the processor 901.
  • the auxiliary storage device 902 also stores an OS (Operating System). At least a part of the OS is loaded into the memory 903, and the processor 901 executes a program that realizes the function of “unit” while executing the OS.
  • OS Operating System
  • one processor 901 is shown, but the cryptographic communication apparatuses 111 and 121 may each include a plurality of processors 901. A plurality of processors 901 may execute a program for realizing the function of “unit” in cooperation with each other.
  • auxiliary storage device 902 Information, data, signal values, and variable values indicating the processing results of “unit” are stored in the auxiliary storage device 902, the memory 903, or a register or cache memory in the processor 901.
  • Parts may be provided on “Circuits”. Further, “part” may be read as “circuit”, “process”, “procedure”, or “processing”. “Circuit” and “Circuitry” include not only the processor 901 but also other logic ICs, GA (Gate-Array), ASIC (Application-Specific-Integrated-Circuit), FPGA (Field-Programmable-Gate-Array), etc. It is a concept that includes various types of processing circuits.
  • 100 communication system 110 encryption communication terminal, 111 encryption communication device, 112 processing device, 113 program, 114 application, 115 key sharing device, 120 encryption communication terminal, 121 encryption communication device, 122 processing device, 123 program, 124 application, 125 Key sharing device, 130 network, 151 wired interface, 152 internal interface, 153 communication interface, 154 storage medium, 155 memory, 161 acquisition unit, 162 data reception unit, 163 request reception unit, 164 list generation unit, 165 list transmission unit, 166 Information reception unit, 167 management unit, 168 encryption unit, 169 data transmission unit, 171 wired interface, 172 internal interface, 17 Communication interface, 174 storage medium, 175 memory, 181 acquisition unit, 182 data transmission unit, 183 request reception unit, 184 information generation unit, 185 list reception unit, 186 information transmission unit, 187 management unit, 188 decoding unit, 189 data reception Part, 210 encryption key database, 220 encryption key database, 901 processor, 902 auxiliary storage device, 903 memory, 904 communication device, 905 input interface

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un dispositif de communication cryptographique (111) qui comprend une mémoire (155), une unité de gestion (167), une unité de chiffrement (168) et une unité de transmission de données (169). L'unité de chiffrement (168) acquiert, lors de chaque réception d'une entrée de données de communication, l'une des clés de chiffrement stockées dans une mémoire tampon qui est une zone interne de la mémoire (155), utilise la clé de chiffrement acquise pour chiffrer les données de communication, permettant ainsi de générer des données chiffrées, et supprime la clé de chiffrement acquise à partir de la mémoire tampon. L'unité de transmission de données (169) transmet les données chiffrées générées par l'unité de chiffrement (168), permettant ainsi de réaliser une communication cryptographique. Pendant que la communication cryptographique réalisée par l'unité de transmission de données (169) continue, l'unité de gestion (167) ajoute de nouvelles clés de chiffrement à la mémoire tampon conformément à une vitesse à laquelle le nombre de clés de chiffrement dans la mémoire tampon diminue.
PCT/JP2015/058065 2015-03-18 2015-03-18 Dispositif de communication cryptographique, terminal de communication cryptographique, procédé de communication cryptographique et programme de communication cryptographique Ceased WO2016147340A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2015/058065 WO2016147340A1 (fr) 2015-03-18 2015-03-18 Dispositif de communication cryptographique, terminal de communication cryptographique, procédé de communication cryptographique et programme de communication cryptographique
JP2017505944A JP6192870B2 (ja) 2015-03-18 2015-03-18 暗号通信装置及び暗号通信端末及び暗号通信方法及び暗号通信プログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2015/058065 WO2016147340A1 (fr) 2015-03-18 2015-03-18 Dispositif de communication cryptographique, terminal de communication cryptographique, procédé de communication cryptographique et programme de communication cryptographique

Publications (1)

Publication Number Publication Date
WO2016147340A1 true WO2016147340A1 (fr) 2016-09-22

Family

ID=56919900

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/058065 Ceased WO2016147340A1 (fr) 2015-03-18 2015-03-18 Dispositif de communication cryptographique, terminal de communication cryptographique, procédé de communication cryptographique et programme de communication cryptographique

Country Status (2)

Country Link
JP (1) JP6192870B2 (fr)
WO (1) WO2016147340A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988142A (zh) * 2020-08-25 2020-11-24 合肥美菱物联科技有限公司 一种智能冰箱秘钥烧写系统及方法
WO2022054410A1 (fr) * 2020-09-10 2022-03-17 株式会社 東芝 Système de communication de chiffrement, nœud d'échange de clé, environnement d'exécution d'application, procédé de commande et programme
WO2022163108A1 (fr) * 2021-01-29 2022-08-04 株式会社 東芝 Plate-forme de service de remise de clés quantiques

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060062392A1 (en) * 2004-07-08 2006-03-23 Magiq Technologies, Inc. Key manager for QKD networks
JP2009510902A (ja) * 2005-09-30 2009-03-12 ソニー エリクソン モバイル コミュニケーションズ, エービー 長いキーパッドを用いた共用鍵暗号化
JP2011044768A (ja) * 2009-08-19 2011-03-03 Nec Corp 秘匿通信システムにおける通信装置および通信制御方法
WO2012025988A1 (fr) * 2010-08-24 2012-03-01 三菱電機株式会社 Dispositif de chiffrement, système de chiffrement, procédé de chiffrement et programme de chiffrement
JP2014241463A (ja) * 2013-06-11 2014-12-25 株式会社東芝 通信装置、通信方法、プログラムおよび通信システム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060062392A1 (en) * 2004-07-08 2006-03-23 Magiq Technologies, Inc. Key manager for QKD networks
JP2009510902A (ja) * 2005-09-30 2009-03-12 ソニー エリクソン モバイル コミュニケーションズ, エービー 長いキーパッドを用いた共用鍵暗号化
JP2011044768A (ja) * 2009-08-19 2011-03-03 Nec Corp 秘匿通信システムにおける通信装置および通信制御方法
WO2012025988A1 (fr) * 2010-08-24 2012-03-01 三菱電機株式会社 Dispositif de chiffrement, système de chiffrement, procédé de chiffrement et programme de chiffrement
JP2014241463A (ja) * 2013-06-11 2014-12-25 株式会社東芝 通信装置、通信方法、プログラムおよび通信システム

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988142A (zh) * 2020-08-25 2020-11-24 合肥美菱物联科技有限公司 一种智能冰箱秘钥烧写系统及方法
WO2022054410A1 (fr) * 2020-09-10 2022-03-17 株式会社 東芝 Système de communication de chiffrement, nœud d'échange de clé, environnement d'exécution d'application, procédé de commande et programme
JP2022046111A (ja) * 2020-09-10 2022-03-23 株式会社東芝 暗号通信システム、鍵交換ノード、アプリケーション実行環境、制御方法およびプログラム
JP2023171932A (ja) * 2020-09-10 2023-12-05 株式会社東芝 暗号通信システム、鍵交換ノード、アプリケーション実行環境、制御方法およびプログラム
US12489608B2 (en) 2020-09-10 2025-12-02 Kabushiki Kaisha Toshiba Cryptography communication system, key exchange node, application execution environment, control method, and storage medium
JP7789044B2 (ja) 2020-09-10 2025-12-19 株式会社東芝 暗号通信システム、鍵交換ノード、アプリケーション実行環境、制御方法およびプログラム
WO2022163108A1 (fr) * 2021-01-29 2022-08-04 株式会社 東芝 Plate-forme de service de remise de clés quantiques
JP2022116672A (ja) * 2021-01-29 2022-08-10 株式会社東芝 量子鍵配送サービスプラットフォーム
JP7770772B2 (ja) 2021-01-29 2025-11-17 株式会社東芝 量子鍵配送サービスプラットフォーム
US12500750B2 (en) 2021-01-29 2025-12-16 Kabushiki Kaisha Toshiba Quantum key delivery service platform

Also Published As

Publication number Publication date
JP6192870B2 (ja) 2017-09-06
JPWO2016147340A1 (ja) 2017-06-08

Similar Documents

Publication Publication Date Title
US11784801B2 (en) Key management method and related device
CN103081396B (zh) 通信终端、通信系统以及通信方法
US8948377B2 (en) Encryption device, encryption system, encryption method, and encryption program
US10103891B2 (en) Method of generating a deniable encrypted communications via password entry
CN103840936B (zh) 量子密码网络可靠加密传输系统及方法
US9306734B2 (en) Communication device, key generating device, and computer readable medium
US9961056B2 (en) Method of deniable encrypted communications
WO2018014723A1 (fr) Procédé, appareil, dispositif, et système de gestion de clé
US20140086412A1 (en) Encryption device, encryption method, and encryption program
CN101707767B (zh) 一种数据传输方法及设备
US20160294551A1 (en) Data processing system, encryption apparatus, decryption apparatus, and computer readable medium
US20230299953A1 (en) Quantum cryptographic communication system, key management device, and key management method
CN113422832B (zh) 文件传输方法、装置、设备和存储介质
KR20180053148A (ko) 메시지 암호화를 위한 방법 및 단말 장치
JP6192870B2 (ja) 暗号通信装置及び暗号通信端末及び暗号通信方法及び暗号通信プログラム
CN101431411A (zh) 一种网络游戏数据的动态加密方法
CN111131158A (zh) 单字节对称加密解密方法、装置及可读介质
JP6301008B2 (ja) 暗号通信システムの端末装置、暗号通信システムの中継装置、暗号通信システムの制御方法
CN113987600A (zh) 一种计算机系统、数据处理方法及计算机可读存储介质
CN113221146A (zh) 区块链节点间数据传输的方法和装置
CN113038444A (zh) 生成应用层密钥的方法和装置
US9705858B2 (en) Information processing device and information processing method to maintain secret key for authentication
JP2016139861A (ja) 暗号化装置、暗号化方法及び配信システム
CN115361190A (zh) 数据的加密传输方法、装置、系统、电子设备及存储介质
US20250038953A1 (en) Providing random numbers over an insecure channel using disguised cyphertexts

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15885436

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2017505944

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15885436

Country of ref document: EP

Kind code of ref document: A1