JP2001203680A - Dynamic secure group mobile communication system - Google Patents

Abstract

(57) [Summary] [Problem] Information such as a communication destination between mobile radio terminals is stored in
The communication is concealed so as not to be known by a third party, and the secret of the communication is secured. In a communication system including a base station and a plurality of terminals, a terminal is divided into a plurality of groups. The same group key is delivered to terminals belonging to the same group, and different group keys are delivered to terminals belonging to different groups. Encrypt communication information with group key,
The destination terminal is hidden as a group. further,
Arbitrarily change the group key given to the terminal 2
Is dynamically changed. In this way, the communication destination group can be hidden.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a dynamic secure group mobile communication system, and more particularly to a dynamic secure group mobile communication system in which a communication destination and a communication source are concealed in mobile communication to enhance security.

[0002]

2. Description of the Related Art In a conventional mobile communication system including a plurality of radio terminals 3 (hereinafter referred to as terminals) and a base station 1 as shown in FIG. 6 (a), communication between terminals 3 is as follows. Done in When transmitting from the terminal t1 to the terminal t2, the terminal t1 sends a terminal ID specifying the destination terminal t2 to the message M
To the base station 1. This signal is (ID, M)
Expressed by The base station 1 receiving this (ID, M) transmits this to each terminal 3. Each terminal 3 receives the signal transmitted from the base station 1 to the terminals 3. The terminal t2 learns from the terminal ID that a message addressed to itself has been sent, and performs signal processing on the message. Other than the terminal concerned, the signal processing of the message is not performed. Thus, the transmission from the terminal t1 to the terminal t2 is completed. In the transmission from the terminal t2 to the terminal t1, the reverse process of the transmission from the terminal t1 to the terminal t2 is performed. As explained in the example of sending a message, it is not limited to a message,
The necessary information exchange between the terminal t1 and the terminal t2 is performed in this manner.

FIG. 6B shows a signal sequence representing signals used in the above communication. At the beginning of the message M, the destination terminal ID
Is given. By the way, terminals other than the terminal having the transmission destination terminal ID are regulated so as not to perform signal processing on the message M following the terminal ID, so that the terminal other than the corresponding terminal is prevented from decoding the message M. However, it is also possible to decipher the message M illegally based on the coincidence of the terminal IDs. It may also be intercepted by eavesdroppers other than the system.

[0004] Therefore, encryption communication is performed between the communication terminals while holding the encryption key K. The transmitting terminal encrypts the message M and transmits it as a ciphertext K (M). The receiving terminal is K
(M) is decrypted using the encryption key K to obtain a message M.
Thus, the message M is prevented from being received by a terminal other than the transmission destination terminal or an eavesdropper.

[0005] Further, which terminal is transmitted to which terminal is also important information for eavesdroppers and the like. To avoid this, the destination terminal ID is also encrypted with the encryption key K to be K (ID), and communication is performed using a signal sequence shown in FIG. However, since the destination terminal ID has been encrypted, each terminal has to decrypt the encrypted ID portion with the encryption key of each terminal. This is not a problem when the number of terminals constituting the system is small or when communication traffic is small. However, when the number of terminals is large or the communication traffic is large, decryption of the encrypted terminal ID must be performed at high speed by the number of terminals, and the load on the terminals becomes heavy. When the load on the terminal increases, the consumption of the battery serving as a power source is accelerated, which is disadvantageous as a terminal constituting the mobile communication system.

As means for solving this, terminals constituting the system are grouped, an encryption key of the group and a group ID for specifying the group are given, and the terminal ID is encrypted with a group encryption key GK, and GK ( ID), the GID of the group ID is attached and transmitted.
There is a method in which only a terminal belonging to a group having an ID decrypts GK (ID) with a group key to know a destination terminal ID. As described above, if the terminals constituting the system are grouped, only the terminals belonging to the group perform the decoding process, and the load on the terminals is reduced.

[0007]

However, the conventional communication method described above has a problem in that information regarding communication between groups, such as which group is communicating with which group, is leaked. In addition, if the number of terminals belonging to one group is reduced to reduce the decoding processing load on the terminals, there is a problem that the terminals communicating with each other can be easily specified.

SUMMARY OF THE INVENTION It is an object of the present invention to solve the above-mentioned conventional problems and to conceal information relating to wireless communication between terminals so that the information is not leaked to a third party, and the confidentiality of communication is ensured.

[0009]

According to the present invention, there is provided a dynamic secure group mobile communication system comprising a base station and a plurality of terminals.
Means for organizing a plurality of terminals into a plurality of groups, means for generating and delivering a group key for each group, a storage unit for storing a terminal key of each terminal, a group ID of a group to which the terminal belongs, and a group key, Means for arbitrarily changing the group key of the terminal, wherein the terminal holds the terminal ID, the terminal key, and the group key of the group to which the terminal belongs, and encrypts the terminal ID of the communication destination with the destination group key And means for performing the operation.

[0010] With this configuration, it is possible to dynamically change the group to which the terminal belongs, hide the communication destination information and the like, and secure the secrecy of the communication.

[0011]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the present invention will be described below in detail with reference to FIGS.

(First Embodiment) A first embodiment of the present invention is a dynamic secure group mobile communication system for arbitrarily changing a group to which a communicating terminal belongs.

FIG. 1 is a conceptual diagram of a dynamic secure group mobile communication system according to the first embodiment of the present invention. In FIG. 1, a base station (BS) 1 is a wireless station that controls a plurality of terminals. Terminal 2 is a mobile radio station. Group 3 is a virtual group including a plurality of terminals.

FIG. 2 is a functional block diagram of the base station 1. In FIG. 2, a base station signal processing unit 11 is a unit that controls each unit of the base station. The base station memory unit 12 is a storage device that stores information on all terminals. The receiving unit 13 is means for receiving and demodulating a radio wave transmitted from a terminal. The transmitting unit 14 is means for modulating transmission information and transmitting a radio wave to the terminal. The encryption unit 15 is means for encrypting information to be transmitted. The decoding unit 16 is means for demodulating the received radio wave. The group organizing unit 17 is means for organizing a plurality of terminals into a plurality of groups. The group key generation unit 18 is means for generating an encryption key for each group.

FIG. 3 is a functional block diagram of the terminal 2.
In FIG. 3, a terminal signal processing unit 21 is a means for processing a signal of each unit of the terminal. The terminal memory unit 22 is a storage unit that stores a terminal ID and a group key. The receiving unit 23 is means for receiving and demodulating radio waves. The transmission unit 24 is a unit that modulates transmission information and transmits it as radio waves. Encryption section
25 is a means for encrypting transmission information. Decoding unit 26
Is means for decoding a signal received and demodulated. The encryption key generation unit 27 is a unit that generates a common key with the communication partner terminal. The operation unit 28 is a keyboard for inputting commands and data. The display unit 29 is a liquid crystal display device that displays received information and the like.

The operation of the dynamic secure group mobile communication system according to the first embodiment of the present invention configured as described above will be described. First, the function of the base station 1 will be described. Radio waves transmitted from the terminal 2 are received by the receiving unit 13 and demodulated. The demodulated signal is sent to the decoding unit 16 via the signal processing unit 11. The decryption unit 16 decrypts the encrypted information sent from the terminal 2. The decoded information is sent to the signal processing unit 11. Information sent to the terminal 2 is sent to the encryption unit 15 and is encrypted. Signal processing unit 11
Is transmitted to the transmission unit 14 via the
Sent from 14.

The group formation is performed by the group formation unit 17 under the control of the signal processing unit 11, and the terminal 2 is assigned a group ID or the like. The group key is generated by the group key generation unit 18. Information about the terminal 2 is stored in the base station memory unit 12. This content is read out by the signal processing unit 11 when necessary. The signal processing unit 11 performs identification processing such as group identification based on group ID and terminal ID identification. Each signal processing after the identification is performed to control the system. Further, the group key is changed in communication between groups.

Next, the function of the terminal 2 will be described. Base station 1
Are received by the receiving unit 23, demodulated, and sent to the decoding unit 26 via the signal processing unit 21. The signal is decoded by the decoding unit 26 and output to the display unit 29 via the signal processing unit 21. Messages and instructions to the terminal 2 are input by the operation unit 28, sent to the signal processing unit 21, and processed. The message sent to the base station 1 is sent to the encryption unit 25 via the signal processing unit 21 and is encrypted. The encrypted signal is sent to the signal processing unit 21
Is transmitted to the transmission unit 24 via The transmission unit 24 is a signal processing unit
The signal from 21 is modulated and sent out as radio waves. The encryption key generation unit 27 generates a shared key shared by the terminals and a terminal key unique to the terminal under the control of the signal processing unit 21. Information such as the group key, the terminal key, the group ID, and the shared key of the terminal 2 is recorded in the terminal memory 22 via the signal processing unit 21, and is read out appropriately under the control of the signal processing unit 21.

Third, a basic method of communication between terminals will be described. In order to conceal the communication partner, the terminal 2 is divided into a plurality of groups 3 as shown in FIG. A group a is formed by a plurality of terminals including the terminal A, and a group b is formed by a plurality of terminals including the terminal B. An ID for specifying the group is assigned to each of the group a and the group b. Let the group ID of group a be Ga and the group ID of group b be Gb. A group encryption key (hereinafter, a group key) used by a terminal belonging to the group a is GKa. A group key used by a terminal belonging to group b is GKb. Each terminal is assigned a terminal encryption key (hereinafter referred to as a terminal key) unique to the terminal. Terminal A has a terminal key Ka,
The terminal key Kb is given to the terminal B, and the terminal key Kc is given to the terminal C. Similarly, a terminal key unique to the terminal is assigned to the other terminals.

When terminals in the same group communicate with each other, the following is performed. When the terminal A sends the message M to the terminal C, the terminal A sends the message M and the destination terminal ID (ID
C) is encrypted with the group key GKa, and GKa (IDC, M)
And A destination group ID (Ga) is added to this, and (Ga,
GKa (IDC, M)) to all terminals.

A terminal belonging to the group a has a group key G
Using Ka, GKa (IDC, M) is decrypted and (IDC,
M). After checking the group ID, the terminal C sets the ID
C knows that it is addressed to him and gets a message M. The terminals other than the terminal C know that the terminal IDs are different by checking the terminal IDs, and stop the subsequent processing. Since each terminal of the group b does not hold the group key GKa, GKa (IDC, M) cannot be decrypted. The transmission from the terminal C to the terminal A is performed in the same manner as the transmission from the terminal A to the terminal C, and the communication between the terminal A and the terminal C becomes possible.

Fourth, a case where communication is performed between terminals belonging to different groups will be described. Communication between terminals belonging to different groups, such as terminal A belonging to group a and terminal B belonging to group b, is performed as follows. The base station 1 that controls communication holds and manages terminal IDs, terminal-specific encryption keys (hereinafter, terminal keys), group IDs, and group keys of all terminals belonging to each group.

The terminal A that wants to communicate with the terminal B generates a message M. This is the terminal ID of the destination terminal B.
(IDB) and encrypted with the group key GKa.
Ka (IDB, M) is generated. This is sent to the base station 1. The base station 1 holds the group key GKa of the group a
To obtain (IDB, M). It knows that the message M is addressed to the terminal B by the terminal ID (IDB), searches for data relating to the group b to which the terminal B belongs, and knows the group key GKb. The base station (BS) 1 encrypts (IDB, M) with the group key GKb, sets it to GKb (IDB, M), attaches the group ID (Gb) of the group b, and (Gb, (GKb (IDB, M))) and send it out to all terminals.

The terminal of the group b receiving this decrypts GKb (IDB, M) with the group key GKb,
M). From the terminal ID (IDB), it is known that this information is information for terminal B, and terminals other than terminal B
Stop the subsequent processing. The terminal B continues the subsequent processing and receives the message M. Even if a terminal other than the group b attempts to decrypt, GKb (IDB, M) cannot be decrypted because it does not have the group key GKb. In this way, the message M of the terminal A is sent from the terminal A to the terminal B. The transmission from the terminal B to the terminal A is performed in reverse, and the communication between the terminal A and the terminal B is performed.

As described above, since communication is performed by encrypting the terminal ID of the destination terminal using the destination group key, the terminal ID of the destination terminal can be hidden from terminals other than the terminals in the destination group. Up to this point, the communication method is the same as the conventional communication method.

Fifth, a method for randomly changing groups will be described. If the terminal A and the terminal B communicate, the communication between the group a and the group b increases. When the number of the terminals 2 constituting the group 3 is small, the concealment effect is reduced. Therefore, the group to which the terminal belongs is changed at random. This increases the concealment effect of the terminal.

The base station 1 transfers the terminal to an existing group other than the group in which the communication terminal exists, or to a newly formed group. Here, changing the group to which the user belongs is expressed as transfer. The group to which the user belongs is changed by distributing and giving the group key of the transfer destination to the terminal to be transferred. FIG. 1B shows a state where terminal B has been moved from group b to group c.

The base station 1 transmits the encryption key GKc of the group c.
Is encrypted with the terminal key Kb of the terminal B to obtain Kb (GKc). Further, the data is encrypted with the group key GKb and GKb (Kb
(GKc)). In addition, the group ID of group b
(Gb) and send it out as (Gb, GKb (Kb (GKc)). Upon receiving this, the terminal B sends the group key GKb.
Decrypts GKb (Kb (GKc)) to obtain Kb (GKc).
A terminal that does not have the group key GKb cannot decrypt it. Furthermore, the group key GKc is obtained by decrypting Kb (GKc) with the terminal key Kb. Only the terminal B having the terminal key Kb receives the group key GKc from the transmitted signal.
Can be obtained. Thus, the terminal B that has obtained the group key GKc joins the group c.

If the terminal B does not delete the group key GKb of the group b after receiving the group key GKc, the terminal B also belongs to the group b. To prevent this, the group key of group b of terminal B is changed.

The group name of group b is changed to group b ', and the group ID is changed to Gb'. Further, the group key is changed to GKb '. When delivering the group key GKc of the group c to the terminal B, a new group key GKb ′ is delivered to the terminals remaining in the group b. Assuming that the terminal key of the terminal remaining in the group b is Kx, the group key GKb 'is encrypted with this Kx to be Kx (GKb'). The data is encrypted with the group key GKb and sent out to all terminals as GKb (Kx (GKb ')).

The terminal of group b receiving this decrypts it with the group key GKb, obtains Kx (GKb '), and decrypts it with the terminal key Kx. Only the terminal having the terminal key Kx can obtain GKb '. The group key of the transfer destination is delivered to the terminal that moves from the group b, and a new group key is delivered to the terminal that stays in the group. When these operations are completed, the group key GKb of the group b is discarded. Thereafter, the group key GKb is not used. Thus, even if the terminal holds the group key GKb, it cannot be used to decrypt the ciphertext.

FIG. 1C is a diagram showing the result of moving terminal A from group a to group d. The transfer method is
This is the same as the method of moving terminal B from group b to group c. Communication between terminal A and terminal B is communication between group d and group c. By grouping, I
D is hidden. The greater the number of terminals belonging to the same group, the greater the concealment effect. However, the greater the number of terminals belonging to the same group, the heavier the decoding processing load on the terminals in the group. Therefore, it is difficult to identify the terminal by randomly changing the group to which the terminal belongs. Even if the number of terminals forming the group is small, it is difficult to identify the terminals by randomly moving the terminals.

As described above, in the first embodiment of the present invention, the dynamic secure group mobile communication system is configured to arbitrarily change the group to which the communicating terminal belongs, so that the communication terminal can be hidden. it can.

(Second Embodiment) The second embodiment of the present invention is a dynamic secure group mobile communication system using a shared key between two communicating terminals. The basic configuration of the second embodiment is the same as that of the first embodiment.

Referring to FIG. 1A, a method of distributing a common key will be described. The terminal A generates a shared key KAB used by the terminal A and the terminal B. Shared key KA with terminal key Ka of terminal A
B is encrypted and designated as Ka (KAB). Further, the data is encrypted with the group key KGa, and KGa (IDB, IDA, Ka (KA
B)) to the base station 1. The base station 1 decodes this and knows that the terminal A is addressed to the terminal B. Terminal A
The terminal key Ka is used to decrypt Ka (KAB) to obtain KAB, which is then encrypted with the terminal key Kb of terminal B to obtain Kb (KAB). Further, the data is encrypted with the group key GKb to which the terminal B belongs, is converted to GKb (Kb (KAB)), and is transmitted to all terminals. The terminal B decrypts using the terminal group key GKb and the terminal key Kb to obtain a common key KAB. Other terminals cannot get KAB. Thus, the shared key KAB shared by the terminal A and the terminal B is used for communication.

The terminal A generates a message M, and generates a shared key K
It is encrypted by AB and is set to KAB (M). Group key GKa
And GKa (IDB, KAB (M)). The base station receiving this decrypts it with the group key GKa,
It is known from the group ID (IDB) that the information is addressed to the terminal B. Since terminal B belongs to group b, KAB (M) is encrypted with group key GKb and GKb
(KAB (M)). A terminal belonging to group b decodes this with GKb to obtain KAB (M). Only the terminal B holding the shared key KAB can decrypt this to obtain the message M. Terminal B transmits a message to terminal A in the same manner, and communication between terminals AB becomes possible. The shared key KAB may be generated by the terminal B and sent to the terminal A.

Further, a method is also possible in which the base station 1 generates a shared key KAB and distributes it to a terminal that performs communication. The base station 1 receives the encrypted communication request GKa (IDA, IDB) from the terminal A or the terminal B. Upon receiving this, the base station 1 sets the shared key KAB used by the terminals A and B.
Generate Encrypted with each terminal key Ka, Kb,
Let Ka (KAB) and Kb (KAB). Encrypted with the group key of each group, GKa (Ka (KAB)), GK
b (Kb (KAB)) is sent to all terminals. The rest is the same as when the terminal generates the shared key.

As described above, in the second embodiment of the present invention, the dynamic secure group mobile communication system is
Since the configuration uses a shared key between two communicating terminals,
The communication terminal can be hidden.

(Third Embodiment) A third embodiment of the present invention is a dynamic secure group mobile communication system for distributing a shared key with a public key. The basic configuration of the third embodiment is the same as that of the first embodiment. The difference is that a public key encryption key is used as a terminal key.

Referring to FIG. 1A, a method of distributing a shared key with a public key will be described. When a public key is used as a terminal key, distribution of a shared key is further facilitated. Terminal A
The terminal key of the terminal B is (Kpa, Ksa), and the terminal key of the terminal B is (Kpb, Ksa).
sb). Kpa and Kpb are public keys, and Ksa and Ksb are private keys. Since the public keys Kpa and Kpb are made public, each terminal can know Kpa and Kpb. Therefore, the terminal A encrypts the common key KAB with the public key Kpb of the communication partner terminal B,
pb (KAB). A terminal ID (IDB) of terminal B is attached, encrypted with a group key GKa, and GKa (IDB, Kpb
(KAB)). Terminal A sends this to base station 1.

The base station 1 sets the group key GK of the group a.
Decode with a to obtain (IDB, Kpb (KAB)). Terminal I
It knows that it is addressed to terminal B by D (IDB). Encrypt Kpb (KAB) with the group key GKb of terminal B,
Kb (Kpb (KAB)) is transmitted to all terminals.

The terminal of the group b decrypts this with the group key GKb to obtain Kpb (KAB). The terminal B decrypts this with the secret key Ksb of the terminal B to obtain a shared key KAB.
The same operation can be performed when the terminal B generates a shared key. In this case, the base station 1 does not need to decrypt with the source terminal key and encrypt with the destination terminal key.
The processing in the base station 1 becomes easy. Also, since the base station 1 cannot decode, KAB cannot be obtained. The KAB is a secret key known only to the terminal A and the terminal B.

As described above, in the third embodiment of the present invention, the dynamic secure group mobile communication system is
Since the configuration is such that the shared key is delivered using the public key, the common key can be easily delivered.

(Fourth Embodiment) The fourth embodiment of the present invention is a dynamic secure group mobile communication system in which all group keys related to a transfer terminal are changed.

FIG. 4 is a configuration diagram of a dynamic secure group mobile communication system according to a fourth embodiment of the present invention. In FIG. 4, a base station 1 is a radio station that controls a plurality of terminals. Terminal 2 is a mobile radio station. The base station memory 12 is a storage device that stores information on all terminals. The terminal memory 22 is storage means for storing a terminal ID and a group key. FIG. 5 is a configuration diagram after the group key is changed.

The operation of the dynamic secure group mobile communication system according to the fourth embodiment of the present invention configured as described above will be described. First, basic operations of the base station 1 and the terminal 2 will be described. The radio wave transmitted from the base station 1 is transmitted to all the terminals t1 to t8 in the same manner.
Radio waves from the terminals t1 to t8 are transmitted to the base station 1. The signal from the terminal 2 is processed in the base station 1 and transmitted from the base station 1 to each terminal 2. Basically, any terminal 2 can receive a signal from the base station 1. Whether to discard or use the received information is left to the selection of the terminal 2.

The base station memory 12 stores the terminal name, terminal ID, terminal public key, group key, and group ID of each terminal 2.
Is stored in association with the terminal name. Terminal t1
The terminal ID, the terminal public key, the terminal secret key, the group key, and the group ID are stored in the memory 22 at t8. A terminal having the group ID Ga and having the group key GKa belongs to the group a, a terminal having the group ID Gb and a group key GKb belongs to the group b, a terminal having the group ID Gc and holding the group key GKc. Belongs to group c.

Second, a method for requesting communication from the terminal 2 to the base station 1 will be described. The terminal t3 belongs to the group a, and the terminal ID is IDA. The terminal t6 belongs to the group b, and the terminal ID is IDB. When the terminal t3 communicates with the terminal t6, the terminal t3 communicates with the base station 1 to communicate with the terminal t6. The message of this communication request is REQ.

The signal sequence of this request is (t3, REQ, t6). The terminal t3 generates an appropriate random number Kr in the encryption key generator. (T3, REQ, t6) is encrypted with Kr, and Kr (t
3, REQ, t6). Further, Kr is encrypted with the secret key Kst3 of the terminal t3, and is set to Kst3 (Kr). Furthermore, IDA, which is the terminal ID of the terminal t3, is added to this, and (IDA, Kst3
(Kr), Kr (t3, REQ, t6)), and the whole is encrypted with the group key GKa, and GKa (IDA, Kst3 (Kr), Kr (t3,
REQ, t6)). This cipher text is sent out to the base station 1.

The base station 1 decrypts this with the group key GKa held by the base station 1 and obtains (IDA, Kst3 (Kr), Kr
(t3, REQ, t6)). The IDA recognizes the request from the terminal t3 and decrypts Kst3 (Kr) with the public key Kpt3 of the terminal t3 to obtain Kr. With this Kr, Kr (t3, REQ, t
(6) is decoded to obtain (t3, REQ, t6). Thus, it is known that the terminal t3 is requesting communication with the terminal t6. At the same time, the fact that the terminal ID is the terminal t3 of IDA is also authenticated at the same time as the fact that the communication request has been made due to the normal decoding performed so far. This is the nature of the public key.

The base station 1 sets the terminal t to (t3, REQ, t6).
When receiving a communication request from the terminal 3 to the terminal t6, the public key Kpt6 of the terminal t6 is encrypted with Kr to obtain Kr (Kpt6, IDB). Encrypted with the group key GKa, GKa (Kr (Kpt6,
IDB)), the group ID Ga is added, and (Ga, G
It is sent to each terminal as Ka (Kr (Kpt6, IDB)). The terminal of the group a sees the group ID Ga and knows that it is addressed to the group a, and uses the group key GKa to generate GKa (Kr
(Kpt6)) to obtain Kr (Kpt6). Only the terminal t3 holding the key Kr can obtain Kpt6. Other terminals t4 and t5 cannot obtain Kpt6. Further, Kr is a random number that can be known only by the terminal t3 and the base station 1, and it can be seen that what is encrypted and transmitted with this Kr is actually transmitted from the base station 1.

Third, a communication method using a shared key will be described. The terminal t3 generates the shared key KAB, attaches the terminal ID (IDA) of the terminal t3 to the shared key KAB, and generates the public key Kpt of the terminal t6.
Encrypted by 6, and set to Kpt6 (KAB, IDA). Further, the data is encrypted with the group key GKb, and GKb (Kpt6 (KA
B, IDA)). In addition, group I of group b
The Gb of D is added and sent to each terminal. The terminal belonging to the group b decrypts this with the group key GKb,
(KAB, IDA). Further, the terminal of the group b tries to decrypt Kpt6 (KAB, IDA) using the terminal's secret key. Only the terminal t6 holding the secret key Kst6 for Kpt6 can decrypt it as (KAB, IDA), and obtain the shared key KAB with the terminal t3.

Thus, the terminals t3 and t6 that have obtained the shared key,
The subsequent communication is performed using the shared key KAB. The terminal t3 generates a message M, encrypts the message M with KAB, and sets it as KAB (M). The IDB of the terminal ID of the destination is added, encrypted with the group key KGa, and KGa (IDB, K
AB (M)) to the base station 1. The base station 1 decrypts this with the group key KGa to obtain (IDB, KAB (M)). The data is encrypted by the IDB with the group key KGb of the group b to which the terminal t6 belongs, and is sent to all terminals with the group ID Gb added as KGb (KAB (M)). Terminals in group b decode this to obtain KAB (M).
The terminal t6 having the shared key KAB among the terminals of the group b
Only one can decrypt this and get the message M. Terminal t6
The reverse is true when sending a message from to the terminal t3.

Fourth, a method for changing the group to which the terminal t6 belongs will be described. The base station 1 changes the group c to c ′ and sets the group ID to Gc ′. The terminal t6 is added to the group c ', and the group b from which the terminal t6 has left is changed to the group b'. The base station 1 generates a group key GKc 'and a group key GKb'. The base station 1 encrypts the new group ID (Gc ') and its group key GKc' using the group key GKc to obtain GKc (Gc ', GKc'). A group ID (Gc) is added and (Gc, GKc (Gc ',
GKc ')) to the terminals t1 and t2. The terminals t1 and t2 of the group c use the group key G
Decryption with Kc yields a new group ID (Gc ') and group key GKc', which are stored.

Further, the terminal public key Kpt6 unique to the terminal t6
Is used to encrypt (Gc ', GKc') and Kpt6 (Gc ',
GKc '). It is further encrypted with the group key GKb,
GKb (Kpt6 (Gc ', GKc')) is transmitted to the moving terminal t6. The terminal of the group b receiving this decrypts it with the group key GKb and obtains Kpt6 (Gc ′, GKc ′)
Get. Each terminal uses a terminal-specific terminal secret key to
Attempt to decode pt6 (Gc ', GKc'). Only the terminal t6 having the secret key Kst6 for Kpt6 can decrypt it and obtain new Gc 'and GKc'.

The new group ID (G
After confirming that c ′) and the group key GKc ′ are held in the group c ′, the base station 1 issues an instruction to the group c ′ to use a new group ID and a new group key. Thus, a new group c 'including the terminals t1, t2, and t6 is formed.

Next, the terminal t of the group b from which the terminal t6 is omitted
For 7 and t8, a new group key GKb 'and group ID (Gb') are delivered. The base station 1 has an appropriate random number K
r ′, which encrypts (Gb ′, GKb ′),
Kr '(Gb', GKb '). The random number Kr 'is encrypted with the public keys Kpt7 and Kpt8 of the terminals t7 and t8, and Kpt7 (Kr'), Kpt8 (K
r '). These are encrypted with a group key GKb, a group ID (Gb) is added, and (Gb, GKb (Kpt7 (Kr '),
Kpt8 (Kr '), Kr' (Gb ', GKb')) are transmitted to all terminals. The terminal of the group b receiving this receives the group key G
This is decrypted using Kb and (Kpt7 (Kr '), Kpt8 (K
r '), Kr' (Gb ', GKb')). Each terminal t of group b
7. At t8, this is decoded to obtain Kr '. Kr ', Kr'
(Gb ', GKb') is decoded to obtain (Gb ', GKb'). A new group ID (Gb ') and group key GKb' can be obtained. Since the terminal t6 cannot decrypt Kr ', it cannot obtain the group ID and group key of the new group b'.

After confirming that the new group key and group ID have been delivered to the terminals t7 and t8, the base station 1 thereafter uses the new group key and group ID. FIG.
Indicates the states of the terminal memory 22 and the base station memory 12 in which the group has been changed to a new group and the group ID and group key of each terminal have been changed.

Fifth, a decryption command will be described.
If the configuration of the signal sequence is not indicated, the operation on the terminal side becomes complicated. Therefore, the information including the information on the configuration of the signal sequence is encrypted with the group key. For example, (Kpt
In the case of 7 (Kr '), Kpt8 (Kr'), Kr '(Gb', GKb ')), the terminal of the group b which has received it cannot determine how to process it. Therefore, a message (command) indicating that there are two random numbers encrypted with the terminal public key and one piece of information encrypted with the random numbers is transmitted. If this command is Mc, (Kpt7
(Kr '), Kpt8 (Kr'), Kr '(Gb', GKb ')) are (Gb, G
Kb (Mc, Kpt7 (Kr '), Kpt8 (Kr'), Kr '(Gb', GK
b '))). The terminal belonging to group b sees Mc, decrypts it twice with the terminal public key, and then decrypts Kr '(Gb'GKb') with the random number obtained here.

As described above, information on the signal sequence is included, but information on the terminal ID is not included. Since this information is encrypted with the group key, only terminals belonging to the group can know it.

As described above, in the fourth embodiment of the present invention, the dynamic secure group mobile communication system is
Since the configuration is such that all the group keys related to the change are changed, the secret can be prevented from leaking to the terminal that has moved.

[0062]

As is apparent from the above description, according to the present invention, a dynamic secure group mobile communication system comprising a base station and a plurality of terminals is provided. The base station organizes a plurality of terminals into a plurality of groups. Means for generating and delivering a group key for each group, storage for storing the terminal key of each terminal, the group ID of the group to which the terminal belongs, and the group key, and means for arbitrarily changing the group key of the terminal. The terminal has means for holding a terminal ID, a terminal key, and a group key of a group to which the terminal belongs;
A means for encrypting D with the group key of the destination makes it possible to randomly change the group to which the terminal belongs and to conceal the communication partner of the terminal and communication contents such as messages and key exchanges, The effect of reducing the number of group terminals and reducing the decoding processing load on the terminals is obtained.

[Brief description of the drawings]

FIG. 1 is a conceptual diagram of a dynamic secure group mobile communication system according to a first embodiment of the present invention;

FIG. 2 is a functional block diagram of a base station used for a dynamic secure group mobile communication system according to the first embodiment of the present invention;

FIG. 3 is a functional block diagram of a terminal used in a dynamic secure group mobile communication system according to the first embodiment of the present invention;

FIG. 4 is a configuration diagram of a dynamic secure group mobile communication system according to a fourth embodiment of the present invention;

FIG. 5 is a configuration diagram after a group key is changed in a dynamic secure group mobile communication system according to a fourth embodiment of the present invention;

FIG. 6 is a configuration diagram of a conventional group mobile communication system.

[Explanation of symbols]

 Reference Signs List 1 base station 2 terminal 3 group 11 base station signal processing unit 12 base station memory unit 13 reception unit 14 transmission unit 15 encryption unit 16 decryption unit 17 group formation unit 18 group key generation unit 21 terminal signal processing unit 22 terminal memory unit 23 Receiver 24 Transmitter 25 Encryption unit 26 Decryption unit 27 Encryption key generation unit 28 Operation unit 29 Display unit

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5J104 AA01 AA16 EA01 EA04 EA18 JA03 MA05 NA02 PA01 5K033 AA08 DA01 DA19 5K067 AA30 CC13 DD17 EE02 EE10 HH21 HH23 HH36

Claims (6)

[Claims] 1. A dynamic secure group mobile communication system comprising a base station and a plurality of terminals, wherein the base station organizes a plurality of terminals into a plurality of groups;
Means for generating and delivering a group key for each group, a storage unit for storing a terminal key of each terminal, a group ID of a group to which the terminal belongs, and a group key, and arbitrarily changing the group key of the terminal Means, wherein the terminal has means for holding a terminal ID, a terminal key, and a group key of a group to which the terminal belongs, and means for encrypting a terminal ID of a communication destination with the group key of the destination. Dynamic secure group mobile communication system. 2. The dynamic secure group mobile communication system according to claim 1, wherein said base station has means for changing a group key of a belonging transfer terminal to which a belonging group changes to a group key of a belonging transfer destination. . 3. The base station, comprising: means for changing a belonging group key of a belonging terminal, a means for changing a group key of a terminal belonging to the belonging group, and a newly changed belonging group. 2. The dynamic secure group mobile communication system according to claim 1, further comprising: means for assigning a key to a belonging transfer terminal; and means for changing a group key of a belonging transfer source group. 4. The dynamic secure group mobile communication system according to claim 1, wherein said terminal key is an encryption key of a common secret key system. 5. The dynamic secure group mobile communication system according to claim 1, wherein said terminal key is an encryption key of a public key system. 6. The dynamic secure group mobile communication according to claim 1, wherein the terminal has means for sharing a shared key between terminals communicating with each other before starting communication. method.