JP2003179589A - Data communication equipment, data communication system, data communication program and program storage medium storing data communication program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide data communication equipment which can safely and surely transfer data without increasing the capacity of storage medium for storing keys. <P>SOLUTION: In a system, a control unit and a plurality of client apparatuses are connected. The client apparatus is constituted of a key producing means 17 which produces encryption keys and decryption keys, a cipher coding means 19 which performs cipher coding processing of data by using at least one cipher key and produces cipher data, a cipher decoding means 20 which performs cipher decoding processing of cipher data by using the cipher key which produced cipher data and at least one decryption key, a transmission means 12 which transmits the cipher key produced by the key producing means 17 and cipher data produced by the cipher coding means 19 to other apparatus, and a receiving means 12 which receives the cipher key produced by the key producing means in other apparatus and the cipher data produced by the cipher coding means 19. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data communication device, a data communication system, a data communication program, and a program storage medium storing the data communication program.
More specifically, the present invention relates to a data communication device, a data communication system, a data communication program, and a program storage medium storing the data communication program, which performs an encryption encoding process or an encryption decryption process of digital data when transmitting and receiving digital data.

[0002]

2. Description of the Related Art With the improvement of network environment and the spread of personal computers, new attempts using a network are starting. When conducting a commercial transaction by communicating data via a network, it is important to protect the data transmitted and received. Confidential data must not be leaked to a third party and the contents of the data must not be tampered with.

Cryptographic technology was devised for the purpose of protecting data. The data is encrypted and converted into encrypted data, and then transferred over the network. The encrypted data can be encrypted and decrypted only by a specific person, and the original data can be recognized. A key is used for the encryption technique. An encryption key is used to convert data into encrypted data, and a decryption key is used to convert encrypted data into original data. The encryption technology is divided into two types depending on the type of key.

The first technique is a common key cryptosystem in which the encryption key and the decryption key are the same. The keys used for the encryption encoding process and the encryption / decryption process in this common key cryptosystem are the same common key. The common key is held on the side performing the encryption encoding process and the side performing the encryption / decryption process. On the transmission side of the encrypted data, a cryptographic encoding process is performed using the common key to generate the encrypted data. On the receiving side of this encrypted data, the common key is used to perform the encryption / decryption processing to generate the original data.

The second technique is a public key cryptosystem in which an encryption key and a decryption key are paired. The cryptographic key used for the cryptographic encoding process is open to the public. The decryption key used in the encryption / decryption process is kept secret and is held only by a specific person. The receiving side of the encrypted data holds the encryption key and a pair of decryption keys. The receiving side makes the encryption key open to the public and anyone can receive it at any time. The sender of encrypted data receives the encryption key of the receiver. The transmitting side performs cipher coding processing using the received cipher key to generate cipher data. The transmitting side transmits the generated encrypted data to the receiving side. The receiving side performs an encryption / decryption process on the received encrypted data using the retained decryption key to generate the original data.

[0006]

In the encryption technique using a key, maintenance of the key is the most important issue. When a fixed key is provided inside the data communication device, the data communication system, or the data communication program having the cryptographic technique, the key may become obsolete in the future and the technical disparity with the communication partner may be widened to make it unusable.

When the keys on the transmitting side and the receiving side of the encrypted data are automatically updated according to the date and time, it is necessary to pay attention to the transmission / reception of the encrypted data near the time of change. In the common key cryptosystem, it is considered that the common key is different between when the cryptographic encoding process is performed and when the cryptographic decryption process is performed. In the public key cryptosystem, it is possible that the encryption key used by the sender for the encryption encoding process is different from the latest decryption key held by the receiver and the pair of encryption keys.

Further, if the time information on the transmitting side and the time information on the receiving side are different, it is difficult to synchronize the key generation. When selecting and using a plurality of keys, the sender and the receiver must always hold the same key, and version management is required. Also, a storage medium is required only to hold the key, and the storage capacity of the storage medium is related to the number of keys. If the storage capacity is small, the number of keys that can be stored is limited, so there is a high risk that the keys will be decrypted. On the contrary, if the number of held keys is increased, the risk of the keys being decrypted is reduced, but more storage media are required and the cost is increased.

The present invention has been made in view of the above problems, and a data communication device and data communication capable of transferring data safely and securely without the need for increasing the capacity of a storage medium for storing a key. An object is to provide a system, a data communication program, and a program storage medium storing the data communication program.

[0010]

According to a first aspect of the present invention, in a system in which a management device and a plurality of client devices are connected to a network, the client device includes an encryption key and a pair of the encryption key. Key generating means for generating a decryption key, cryptographic encoding means for performing cryptographic encoding processing of data using one or more cryptographic keys to generate cryptographic data, and a pair of decryption with a cryptographic key for generating cryptographic data An encryption / decryption unit for performing encryption / decryption processing of encrypted data using at least one key, an encryption key generated by the key generation unit, and transmission of the encrypted data generated by the encryption / encoding unit to another device Means, and a receiving means for receiving the cryptographic key generated by the key generating means in another device and the encrypted data generated by the cryptographic encoding means, wherein the cryptographic encoding means is the key generating means of the own device. The encryption key generated by the other device, the encryption key generated by the key generation unit of the other device, and the encryption key generated by the key generation unit of the management device. The encryption / decryption means includes at least one of an encryption key of its own device that generated the encrypted data and an encryption key of another device, and a pair of decryption keys of each device, an encryption key of the management device that generated the encrypted data, and the encryption key. And a function of performing encryption / decryption processing of encrypted data using a pair of decryption keys.

According to this structure, the data can be transferred safely and securely. (2) The invention according to claim 2 is a system in which a management device and a plurality of client devices are connected to a network, and a reception function unit for receiving encrypted data from another device and transmitting encrypted data to the other device. In a data communication device having a transmission function unit, the reception function unit is a reception-side key generation unit that generates an encryption key, a pair of decryption keys with the encryption key, and a reception unit that receives the decryption key transmitted by the management device. A side key receiving means, an encryption key generated by the reception side key generation means, a pair of decryption keys with the encryption key, a reception side key storage means for storing the decryption key received by the reception side key reception means, and Receiving side transmitting means for transmitting the encryption key stored in the receiving side key storage means to another device, receiving side encryption receiving means for receiving the encrypted data transmitted by the other device, and receiving side stored by the receiving side key storage means. Generated by key generation means The decryption key and the decryption key received by the reception-side key receiving means, and the reception-side decryption means for performing an encryption-decryption process on the encrypted data received by the reception-side encryption reception means. , An encryption key, a transmission side key generation means for generating a pair of decryption keys with the encryption key, a first transmission side key reception means for receiving an encryption key transmitted by another device, and an encryption key transmitted by the management device. Second transmitting side key receiving means, an encryption key generated by the transmitting side key generating means, the encryption key and a pair of decryption keys, an encryption key received by the transmitting side key receiving means, and a transmitting side management Sender key storage means for storing the encryption key received by the key reception means, the encryption key generated by the transmission side key generation means stored in the transmission side key storage means, and the cipher received from the first transmission side key reception means. Using the key and the encryption key received from the second transmitting side management key receiving means , And a sending-side encryption means for generating encrypted data performs encryption coding process on the digital data.

According to this structure, data can be transferred safely and securely. Further, the capacity of the storage means for storing the encryption key and the decryption key can be small. (3) In the invention according to claim 3, the encryption key and the decryption key generated by the reception side key generation means or the transmission side key generation means are:
Each is characterized by being equivalent to a public key and a secret key in a public key cryptosystem.

According to this structure, the digital data can be encrypted by using the public key and the secret key, and the encrypted data can be decrypted. (4) The invention according to claim 4 makes an inquiry to the management device, and when the management device approves that the client is a legitimate client, the reception side key receiving means can receive the decryption key from the management device. The transmitting side key receiving means is characterized by being able to receive the encryption key from the management device.

With this configuration, the management device can ensure the safety of the system. (5) The invention according to claim 5 is characterized in that the encryption key and the decryption key transmitted by the management device are respectively equivalent to the public key and the secret key in the public key cryptosystem.

According to this structure, the digital data can be encrypted by using the public key and the secret key, and the encrypted data can be decrypted. (6) The invention according to claim 6 is that the transmission function unit requests an encryption key to the reception function unit of the transmission destination of the encrypted data before the encryption encoding processing of the transmission side encryption means. Characterize.

According to this structure, the data can be encrypted based on the requested encryption key. (7) The invention according to claim 7 includes at least one receiving device for receiving encrypted data, one transmitting device for transmitting encrypted data, and one managing device for managing a data transfer environment of the receiving device and the transmitting device. And a receiving-side key receiving unit that receives a decoding key transmitted by the management device, and a receiving-side key generating unit that generates an encryption key, a pair of the decoding key and the decoding key. Means, an encryption key generated by the reception side key generation means, a pair of decryption keys with the encryption key, a reception side key storage means for storing the decryption key received by the reception side key reception means, and the reception side key Receiving side transmitting means for transmitting the encryption key stored in the storing means to the transmitting device, receiving side cryptographic receiving means for receiving the encrypted data transmitted by the transmitting device, and receiving side key generation stored by the receiving side key storage means Decryption generated by means And a receiving-side decryption means for performing an encryption-decryption process on the encrypted data received by the receiving-side encryption receiving means, using the decryption key received by the receiving-side key receiving means. And a transmission side key generation means for generating a pair of decryption keys with the encryption key, a first transmission side key reception means for receiving the encryption key transmitted by the reception device, and an encryption key transmitted by the management device Second transmitting-side key receiving means, an encryption key generated by the transmitting-side key generating means, a pair of decryption keys with the encryption key, an encryption key received by the first transmitting-side key receiving means, and the first transmitting-side key receiving means. Second transmitting side key receiving means stores the encryption key received by the transmitting side key receiving means, the encryption key generated by the transmitting side key generating means stored in the transmitting side key storage means, and the first transmitting side key receiving means. And the encryption key received by the second sending-side key receiving means. Te performs encryption coding process on the digital data, characterized by comprising a transmitting side encryption means for generating encrypted data, respectively.

According to this structure, valid data can be transmitted and received between the transmitting side and the receiving side. (8) The invention according to claim 8 is that the encryption key and the decryption key generated by the reception side key generation means or the transmission side key generation means are equivalent to a public key and a secret key in a public key cryptosystem, respectively. Characterize.

According to this structure, the digital data can be encrypted by using the public key and the secret key, and the encrypted data can be decrypted. (9) The invention according to claim 9 makes an inquiry to the management device, and if the management device approves a valid client, the reception side can receive the decryption key from the management device, and the transmission side manages. The feature is that the encryption key can be received from the device.

According to this structure, the encryption key and the decryption key can be received from the management device on condition that the client is a legitimate client. (10) The invention according to claim 10 is characterized in that an encryption key and a decryption key transmitted by the management device are equivalent to a public key and a secret key in a public key cryptosystem, respectively.

According to this structure, the public key and the private key can be used for encryption and decryption. (11) The invention according to claim 11 is characterized in that the transmitting device requests an encryption key to the receiving device of the encrypted data before the encryption encoding processing of the transmitting side encryption means.

With this configuration, it is possible to perform encryption using the requested encryption key. (12) The invention according to claim 12 is a data communication program having a receiving program for receiving encrypted data from another device and a transmitting program for transmitting encrypted data to another device, wherein the receiving program is an encryption key and Receiving side key generation step of generating an encryption key and a pair of decoding keys, receiving side key receiving step of receiving the decoding key transmitted by the management program that manages the data transfer environment of the receiving program and the transmitting program, and receiving side key generation An encryption key generated by a step, a pair of decryption keys with the encryption key, a reception side key storage step that stores the decryption key received by the reception side key reception step, and an encryption key stored by the reception side key storage step To the receiving side, a receiving side to receive the encrypted data sent by the sending program, and a receiving side key entry. A receiving-side decryption step for performing an encryption-decryption process on the encrypted data received by the receiving-side encryption receiving step, using the decryption key generated by the receiving-side key generating step stored in the step and the decrypting key received by the receiving-side key receiving step; Wherein the transmission program includes an encryption key and a transmission-side key generation step of generating a pair of decryption keys with the encryption key,
A first sender-side key receiving step of receiving the encryption key sent by the receiving program, a second sender-side key receiving step of receiving the encryption key sent by the management program, and an encryption key generated by the sender-side key generating step. And the encryption key, a pair of decryption keys, and the encryption key received by the first transmitting-side key receiving step,
A transmitting-side key storing step of storing the encryption key received by the second transmitting-side key receiving step, an encryption key generated by the transmitting-side key generating step stored by the transmitting-side key storing step, and a first transmitting-side key receiving step And an encryption key received by the second transmission-side key reception step, and a transmission-side encryption step of performing encryption encoding processing on the digital data to generate encrypted data. .

With this configuration, safe and reliable data transfer is possible. (13) According to the invention of claim 13, the encryption key and the decryption key generated by the reception side key generation step or the transmission side key generation step are equivalent to a public key and a secret key in a public key cryptosystem, respectively. Characterize.

According to this structure, the digital data can be encrypted by using the public key and the secret key, and the encrypted data can be decrypted. (14) The invention according to claim 14 makes an inquiry to the management program, and if the management program approves a valid client, the receiving side can receive the decryption key from the management program, and the transmitting side manages. The feature is that the encryption key can be received from the program.

With this configuration, the encryption key and the decryption key can be received from the management device on condition that the client is a legitimate client. (15) The invention according to claim 15 is characterized in that the encryption key and the decryption key transmitted by the management program are equivalent to the public key and the secret key in the public key cryptosystem, respectively.

According to this structure, the digital data can be encrypted using the public key and the secret key, and the encrypted data can be decrypted. (16) The invention according to claim 16 is characterized in that the transmission program requests an encryption key to the reception program of the encrypted data before the encryption encoding processing of the transmission side encryption step.

According to this structure, the transmission program can be encrypted by using the requested encryption key. (17) The invention according to claim 17 is a program storage medium for storing a data communication program having a reception program for receiving encrypted data from another device and a transmission program for transmitting encrypted data to another device. Is a reception side key generation step of generating an encryption key and a pair of decryption keys with the encryption key, and a reception side key reception step of receiving a decryption key transmitted by a management program that manages the data transfer environment of the reception program and the transmission program. A reception side key storing step for storing the encryption key generated by the reception side key generating step, the encryption key paired with the encryption key, a decryption key received by the reception side key receiving step, and a reception side key storing step. The receiving side sending step for sending the encryption key to the sending program and the receiving side encryption step for receiving the encrypted data sent by the sending program. The receiving step and the decryption key generated by the receiving side key generation step stored in the receiving side key storing step and the decoding key received by the receiving side key receiving step are used to decrypt the encrypted data received by the receiving side encryption receiving step. A transmission side key generation step for generating an encryption key and a pair of decryption keys with the encryption key; and a transmission side for receiving the encryption key transmitted by the reception program. The key receiving step, the sending side management key receiving step for receiving the encryption key sent by the management program, the encryption key generated by the sending side key generating step, the encryption key and a pair of decryption keys, and the sending side key receiving step. The received encryption key, the sender key storage step that stores the encryption key received by the sender management key reception step, and the sender key generation step that is stored by the sender key storage step. Encryption key generated by the receiver, the encryption key received by the sender-side key reception step, and the encryption key received by the sender-side management key reception step are used to perform encryption encoding processing on digital data to generate encryption data on the sender side. And a conversion step.

With this configuration, safe and reliable data transfer is possible.

[0028]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described in detail below with reference to the drawings. FIG. 1 is a block diagram showing a system configuration example for implementing the present invention. In the figure,
Reference numeral 1 is a network, 2 is a plurality of client devices connected to the network 1, and 3 is a management device for maintaining and managing a system connected to the network 1. The system shown in the figure shows a system for transmitting and receiving data via the network 1. Client device 2
There are a plurality of, but the figure shows an example in which two units are provided. For convenience of explanation, the client device that transmits data will be referred to as a transmitting device, and the client device that receives data will be referred to as a receiving device.

FIG. 2 is a block diagram showing the configuration of a client device forming the system according to the embodiment of the present invention. This apparatus includes a control unit 10, an operation unit 11, a communication unit 12, a mechanism unit 13, a data storage unit 14, a compression encoding unit 15, a compression decoding unit 16, a key generation unit 17, a key storage unit 18, and an encryption encoding. It is composed of a unit 19, an encryption / decryption unit 20, and a program memory 21, which are connected to each other by a system bus 22. Data transmission / reception between the respective components is performed via the system bus 22. The mechanical unit 13 includes a reading unit 13A and a recording unit 13B.

The control unit 10 includes a microcomputer and the like, and has a program memory 21 in which a processing program is stored.
Connected with. The control unit 10 controls the processing operation of the entire apparatus according to the processing program stored in the program memory 21. Further, the control unit 10 includes an operation unit 1
1, communication unit 12, mechanism unit 13, data storage unit 14, compression encoding unit 15, compression decoding unit 16, key generation unit 17, key storage unit 18, encryption encoding unit 19, and encryption / decryption unit 20. It receives the status of the components and controls the transmission and reception of data between the components.

The operation unit 11 is a human interface for a user who operates this apparatus. The operation unit 11
Includes a keyboard for a user to input commands and the like, a touch panel, a display unit (for example, CRT or liquid crystal) for displaying setting items for the apparatus and processing states of the apparatus, and the like. Input information from the operation unit 11 is transmitted to the control unit 10, and the control unit 10 displays the processing state information to the user via the operation unit 11.

The communication unit 12 is a network interface for connecting to an external network environment. Digital data is transmitted and received according to the protocol and operating frequency specified by the external network environment. Also, digital data is modulated according to the external network environment and transmitted. It also demodulates digital data received from an external network environment.

The mechanism section 13 includes a reading section 13A and a recording section 13
Control the mechanism of B. The reading unit 13A and the recording unit 13B can perform independent processing. The reading unit 13A reads a document placed on the document table by a photoelectric conversion element such as a CCD and outputs digital data having a predetermined bit width. The recording unit 13B records digital data on a predetermined recording material. For example, if the digital data is a drive signal for turning on the semiconductor laser, the turning-on time of the semiconductor laser is controlled by the value of the digital data.

When the surface of the photoconductor is irradiated with the laser light, a latent image representing digital data is formed on the surface of the photoconductor. Toner is attached to the latent image on the photoconductor to develop it,
When it is transferred to a recording material, a toner image is formed on the recording material. Once fixed, the toner image is fused to the recording material. The recording material on which the digital data is recorded is discharged outside the device and can be viewed by the user.

The data storage unit 14 stores the digital data generated during the internal processing operation and the digital data at the time of transmission / reception with the outside. In the data storage unit 14, bitmap data of a predetermined bit width obtained by reading the document input from the reading unit 13A, compressed data generated by the compression encoding unit 15 by compression encoding the bitmap data, compressed data Bit map data generated by the decoding unit 16 by performing compression decoding processing on the compressed data, and the encryption encoding unit 19
Stores the encrypted data generated by performing the encryption encoding process on the compressed data, the compressed data generated by performing the encryption decryption process on the encrypted data by the encryption / decryption unit 20, and the encrypted data transmitted / received by the communication unit 12.

The compression encoding unit 15 compression-encodes the bitmap data read from the data storage unit 14 to generate compressed data. Here, the compression encoding method can be either a completely lossless method or a lossy method, and is not limited to a specific method. It may be one of the currently known methods. For example, either the JPEG system or the TIFF system may be used. Further, a plurality of compression methods can be held and appropriately selected and used. The compression rate varies depending on the method because of the characteristics of the bit stream of the bitmap data. In the present invention, the method with the highest compression rate can be adopted.

The compression / decoding unit 16 compression-decodes the compressed data read from the data storage unit 14 to generate bitmap data. The compression decoding method is a pair with the compression encoding method. Once the compression encoding is decided,
The compression / decoding method is also determined by itself.

The key generator 17 simultaneously generates an encryption key and a decryption key. The generated encryption key and decryption key are a pair, and the digital data cryptographically encoded by the encryption key is
The original digital data is decrypted by the decryption key paired with this. The cryptographic encoding process performed using one or more cryptographic keys can be performed using any one of one or more decryption keys. The generation of the encryption key and the decryption key is performed at any time according to the user's request.
Alternatively, it may be performed periodically.

The key storage unit 18 independently stores the encryption key and the decryption key generated by the key generation unit 17, and the encryption key received by the communication unit 12 via the external network. As a storage unit of the key storage unit 18, a RAM (Random Access M) capable of accessing an arbitrary address is used.
A memory (abbreviation: RAM) format can be used. A storage medium such as a flexible disk or a memory card may be used if it is desired to retain the key storage unit 18 separately from the main unit. The storage medium is not limited to a particular storage medium, and any of the currently known storage media can be used.

The cryptographic encoding unit 19 cryptographically encodes the compressed data read from the data storage unit 14 to generate encrypted data. At least one of the encryption key generated by the key generation unit 17 and the encryption key received by the communication unit 12 via the external network is used for the encryption encoding process. The cryptographic encoding process can be performed using only the cryptographic key generated by the key generation unit 17 or only the cryptographic key received by the communication unit 12 via the external network. It is also possible to perform the cryptographic encoding process using both the key and the cryptographic key received by the communication unit 12 via the external network.

The encryption / decryption unit 20 performs encryption / decryption processing on the encrypted data read from the data storage unit 14 to generate compressed data. For this encryption / decryption processing, at least one of the paired decryption keys of the encryption keys used in the encryption / encoding processing is used. Therefore, even when both the encryption key generated by the key generation unit 17 and the encryption key received by the communication unit 12 via the external network are used for the encryption encoding process, the key generation unit 1
The encryption / decryption processing can be performed by using only the decryption key paired with the encryption key generated by 7 and used in the encryption / encoding processing.

FIG. 3 is a block diagram showing the configuration of a management apparatus forming the system according to the embodiment of the present invention. This device includes a control unit 30, a communication unit 31, and a client management unit 3.
2, data storage unit 33, key generation unit 34, key storage unit 35,
It is composed of a program memory 36 and is connected to each other by a system bus 37. Data transmission / reception between the respective components is performed via the system bus 37.

The control unit 30 includes a microcomputer and the like, and has a program memory 3 in which a processing program is stored.
It is connected with 6. The control unit 30 controls the processing operation of the entire apparatus according to the processing program stored in the program memory 36. Further, the control unit 30 includes a communication unit 31,
The status of each component is received from the client management unit 32, the data storage unit 33, the key generation unit 34, and the key storage unit 35 to control the transmission and reception of data between the components.

The communication section 31 is a network interface for connecting to an external network environment. Digital data is transmitted and received according to the protocol and operating frequency specified by the external network environment. Then, the digital data is modulated according to the external network environment and transmitted. It also demodulates digital data received from an external network environment.

The client management unit 32 includes the management device 3
(See FIG. 1) authenticates and approves a client belonging to a network environment maintained, maintained, and managed. It judges whether or not it is a legitimate client belonging to the network environment managed by this management apparatus in response to an inquiry received via an external network. If it is a new client, it will be authenticated and registered based on the prescribed procedure. Approve if the client is already registered. If the access is improper or unauthorized, the request is rejected.

The data storage unit 33 is a database in which personal information of a client (a client device; the same applies hereinafter) is stored. The data storage unit 33 is used for the purpose of examination and identification of the client. The data storage unit 33 requires a large storage capacity and includes a storage medium such as a hard disk, an optical disk, a magneto-optical disk. The storage medium is not limited to a particular storage medium, and any of the currently known storage media can be used.

The key generator 34 simultaneously generates an encryption key and a decryption key. The generated encryption key and decryption key are a pair, and the digital data cryptographically encoded by the encryption key becomes the original digital data by being decrypted by the decryption key of the pair. The encrypted data generated by the cryptographic encoding process using the cryptographic key generated by the key generation unit 34 of the management device is
The original compressed data cannot be obtained unless encryption / decryption processing using a pair of decryption keys is performed. The generation of the encryption key and the decryption key is performed at any time according to the request of the client received by the communication unit 31 via the external network.

The key storage unit 35 independently stores the encryption key and the decryption key generated by the key generation unit 34 in association with the request of the client received by the communication unit 31 via the external network. The key storage unit 35 needs a large storage capacity, and includes a storage medium such as a hard disk, an optical disk, a magneto-optical disk or the like. In this case, the storage medium is not limited to a particular storage medium, and any of the currently known storage media can be used.

The network 1, the client device 2, and the management device 3 described above show an example of the configuration of the system of the present invention. 4 to 7 are operation explanatory views of the present invention. In the figure, one of the client devices 2 is shown as a transmitting device and the other is shown as a receiving device. Hereinafter, the transmitting device will be distinguished as 2A and the receiving device as 2B. In the following description, (A) to (L) correspond to A to L surrounded by circles shown in the lengths of FIGS. 4 to 7. (A) First, in the transmitter 2A, the key generator 17 generates a key. In this case, the encryption key and the decryption key are generated at the same time. The generation of the encryption key and the decryption key is performed at any time according to the user's request. The user requests the transmission device to generate a key via the operation unit 11. The user can request generation of a key by inputting a key from a keyboard while looking at a human interface provided by the operation unit 11, for example, a liquid crystal screen. Also, the key generation may be performed periodically.

If a key is programmed so as to be generated periodically regardless of the user's request arbitrarily made, the control unit 10 will periodically perform the key generation according to the processing program stored in the program memory 21. The generation unit 17 is controlled to generate a key. The encryption key and the decryption key are independently stored in the key storage unit 18.

The key storage section 18 stores an encryption key and a decryption key. The storage medium included in the key storage unit 18 has an area for storing an encryption key and an area for storing a decryption key, which are independent of each other and are not affected by each other. Control unit 10
When the storage of a new key is controlled by, the old key already stored is erased before the new key is stored. (B) On the other hand, also in the reception device 2B, the key generation unit 17 generates a key. That is, the encryption key and the decryption key are generated at the same time. The generation of the encryption key and the decryption key is performed at any time according to the user's request. The user requests the reception device to generate a key via the operation unit 11. The user can request generation of a key by inputting a key from a keyboard while looking at a human interface provided by the operation unit 11, for example, a liquid crystal screen. Also, the key generation may be performed periodically.

If the controller 10 is programmed to generate the key periodically regardless of the user's request arbitrarily, the control unit 10 periodically generates the key according to the processing program stored in the program memory 21. The unit 17 is controlled to generate a key. The encryption key and the decryption key are independently stored in the key storage unit 18.

The key storage section 18 stores an encryption key and a decryption key. The storage medium included in the key storage unit 18 has an area for storing the encryption key and an area for storing the decryption key independently of each other, and they do not affect each other. When the storage of the new key is controlled by the control unit 10, the old key already stored is erased and then the new key is stored. (C) Consider a case where the user of the transmitting device supplies information to the receiving device. The user reads the document on the transmission device. The user uses the reading unit 13
Place the original on the A platen. While looking at the human interface provided by the operation unit 11, for example, the liquid crystal screen,
By selectively inputting from the condition list, reading parameters such as reading density, resolution, and gradation degree at the time of reading are set. Then, the identification code of the other party to which the information is transmitted is input using the keyboard or selected from the registration list displayed on the liquid crystal screen.

Here, the identification code of the transmission partner is a telephone number, an IP (Internet layer protocol) address, or the like. Or, it is an abbreviated name corresponding to them one-to-one. The input information input by the user through the operation unit 11 of the transmission device is detected by the control unit 10 and is arranged to specify the control of the processing operation of the entire transmission device.

When the user presses the start button, the reading unit 13
A reads a document placed on a document table with a CCD or the like and outputs digital data having a predetermined bit width. In this case, the document is read according to the reading parameters set by the user. The read digital data is stored in the data storage unit 14 as bitmap data.

The communication unit 12 makes a call to the management device 3 which manages the network environment. This call is a request for the management device 3 to obtain permission to use the network. At the same time, it also transmits its own identification information.
The user does not need to know the identification code of the management device 3. It may be specified in advance so that the transmission device 2A automatically calls the specific management device 3. (D) In the management device 3, the communication unit 31 receives a call from the transmission device 2A via the connected network environment. The communication unit 31 detects the received signal and notifies the control unit 30 of the identification information. The control unit 30
Detects the request by receiving the call, arranges the request, and controls the processing operation of the entire apparatus according to the processing program stored in the program memory 36. Control unit 3
0 controls the client management unit 32 to examine the transmission device 2A of the other party who has made a request based on the identification information.

In response to the inquiry received by the communication unit 31, the client management unit 32 determines whether the transmission device 2A is a legitimate client belonging to the network environment managed by the management device 3 based on the identification information. Examine. The data storage unit 33 is a database that stores the personal information of the client. This data storage unit 33 is used for the purpose of examination and identification of the client.

The client management unit 32 reads the identification code of the client from the identification information and searches the database of the data storage unit 33. If the identification code exists in the database, the transmitting device 2A that has issued the request recognizes that it is a registered legitimate client. If the identification code does not exist in the database, the transmitting device 2A that has issued the request is notified of an improper access, and an inquiry is made as to whether or not new registration is desired. If the access is unauthorized, the request is rejected.

Here, the identification code received from the network 1 exists in the database, and the transmitting device 2
Consider the case where A is authorized to be a legitimate client of the network. The key generator 34 simultaneously generates an encryption key and a decryption key. The generation of the encryption key and the decryption key is performed at any time according to the request of the client. The client requests the management device 3 to generate a key via the network. Here, the generated encryption key and decryption key are independently stored in the key storage unit 35.

The key storage unit 35 registers the encryption key and the decryption key generated by the key generation unit 34 in association with the client identification code received by the communication unit 31, and stores them independently. The storage medium included in the key storage unit 35 has an area for storing the encryption key and an area for storing the decryption key, which are independent of each other and do not affect each other. Control unit 30
When the storage of a new key is controlled by, the old key already stored is erased before the new key is stored.

The communication unit 31 transmits the encryption key stored in the key storage unit 35 to the client device (here, the transmission device) having the identification code corresponding to the encryption key. at the same time,
It also sends processing information. The processing information includes a compression coding method when the digital data is compression coded and a frequency modulation method when the digital data is transferred via the network. (E) In the transmission device 2A, the communication unit 12 receives the encryption key and the processing information from the management device 3 via the connected network environment. The communication unit 12 detects information from the received signal and notifies the control unit 10 of the information. The control unit 10
Information is organized by receiving the encryption key and the processing information, and the processing operation of the entire apparatus is controlled according to the processing program stored in the program memory 21. The control unit 10 controls the key storage unit 18 to store the encryption key received from the management device 3.

The key storage section 18 stores an encryption key. The storage medium included in the key storage unit 18 independently has an area for storing the encryption key received from the management apparatus 3 and an area for storing the encryption key and the decryption key generated by the transmission apparatus itself. Do not affect each other. If the encryption key is stored in the area for storing the encryption key received from the management device 3, the stored old key is erased and then the new key is stored.

The compression encoding unit 15 compression-encodes the bitmap data read from the data storage unit 14 to generate compressed data. For this compression encoding, the compression encoding method included in the processing information received from the management device 3 is adopted. Here, by adopting the compression encoding method specified by the management device 3, the optimum compressed data is generated for the transfer method via the network 1. This compressed data is stored in the data storage unit 14.

The communication unit 12 calls the receiving device 2B. A call is made according to the identification code of the destination that is input in advance. This call is received by the receiver 2
This is a notification prompting B to prepare to receive the document information. At the same time, it also transmits its own identification information. (F) In the receiver 2B, the communication unit 12 receives the identification information from the transmitter 2A via the connected network environment. The communication unit 12 detects information from the received signal and notifies the control unit 10 of the information. The control unit 10 sorts out the information by receiving the identification information, and controls the processing operation of the entire apparatus according to the processing program stored in the program memory 21. The control unit 10 controls the management device 3
The communication unit 12 is controlled to make a call to.

The communication unit 12 follows the identification code of the management device 3 included in the identification information received from the transmission device 2A.
The management device 3 is called. This call is a request for the management device 3 to obtain permission to use the network. At the same time, it also transmits its own identification information. This identification information includes the identification code of each of the receiving device 2B and the transmitting device 2A. (G) In the management device 3, the communication unit 31 receives a call from the receiving device 2B via the connected network environment. The communication unit 31 detects the received signal and notifies the control unit 30 of the identification information. The control unit 30
Upon receiving the call, the request is detected and arranged, and the processing operation of the entire apparatus is controlled according to the processing program stored in the program memory 36. Further, the control unit 30 controls the client management unit 32 to examine the receiving device 2B of the other party who has made a request based on the identification information.

In response to the inquiry received by the communication unit 31, the client management unit 32 examines, based on the identification information, whether the client is a valid client belonging to the network environment managed by the management apparatus 3. Data storage unit 33
Is a database in which personal information of clients is stored. The data storage unit 33 is used for the purpose of examination and identification of the client. The identification code of the client is read from the identification information, and the database of the data storage unit 33 is searched.

Here, if the identification code exists in the database, the requesting client device approves that it is a valid client device that has already been registered.
If the identification code does not exist in the database, the requesting client device is notified that the access is improper and an inquiry is made as to whether or not new registration is desired. If the access is unauthorized, the request is rejected.

Consider a case where the identification code received from the network exists in the database and it is recognized that the receiving device 2B is a legitimate client of the network.

The key storage unit 35 retrieves the identification code of the transmitter 2A in the identification information received by the communication unit 31. If the identification code exists, the encryption key and the decryption key corresponding to the identification code can be easily detected. As described above, the encryption key corresponding to the identification code of the transmitter 2A has already been transmitted to the transmitter 2A.

The communication unit 31 transmits the decryption key corresponding to the identification code of the transmission device 2A in the identification information received by the communication unit 31 to the client device (here, the reception device 2B). At the same time, the processing information is also transmitted. The processing information includes a compression / decoding method for the compression / encoding method already transmitted to the transmission device 2A as described above, and a frequency modulation method for transferring digital data via the network. (H) In the receiving device 2B, the communication unit 12 receives the decryption key and the processing information from the management device 3 via the connected network environment. The communication unit 12 detects information from the received signal and notifies the control unit 10 of the information. Control unit 10
Organizes information by receiving processing information,
The processing operation of the entire apparatus is controlled according to the processing program stored in the program memory 21. The control unit 10 controls the communication unit 12 to transmit the encryption key stored in the key storage unit 18 to the transmission device 2A. At the same time, it also transmits its own identification information. This identification information includes the receiving device 2
The identification code of B is included. (I) In the transmitter 2A, the communication unit 12 receives the encryption key and the identification information from the receiver 2B via the connected network environment. The communication unit 12 detects information from the received signal and notifies the control unit 10 of the information. The control unit 10
The information is organized by receiving the encryption key and the identification information, and the operation of the entire apparatus is controlled according to the processing program stored in the program memory 21. The control unit 10
The key storage unit 18 is controlled to store the encryption key received from the receiving device 2B.

The key storage section 18 stores an encryption key. The storage medium included in the key storage unit 18 includes an area for storing the encryption key received from the receiving apparatus 2B, an area for storing the encryption key received from the management apparatus 3, and an encryption key generated by the transmitting apparatus 2A itself. The areas for storing the decryption key exist independently of each other and do not affect each other. Receiver 2B
If the encryption key is already stored in the area for storing the encryption key received from, the stored old key is erased and then the new key is stored.

The cryptographic encoding unit 19 cryptographically encodes the compressed data read from the data storage unit 14 to generate encrypted data. The transmitter 2A is used for this cryptographic encoding process.
All of the encryption key generated by, the encryption key generated by the reception device 2B, and the encryption key generated by the management device 3 are used. Key storage 1
8 latest three types of encryption keys stored in the transmission device 2A
The compressed data read from the data storage unit 14 is encrypted by using all of the encryption key generated by, the encryption key generated by the reception device 2B, and the encryption key generated by the management device 3. The generated encrypted data is stored in the data storage unit 14.

The encrypted data generated by the cryptographic encoding process using the cryptographic key generated by the key generation unit 17 of each of the transmission device 2A and the reception device 2B has one of the decryption key and the encryption key. It can be used to perform encryption / decryption processing to restore the original compressed data. On the other hand, the encrypted data generated by the encryption encoding process using the encryption key generated by the key generation unit 34 of the management device 3 is subjected to the encryption / decryption process only by the decryption key paired with the encryption key to be the original compressed data. Become.

Therefore, the encryption keys generated by the respective key generators 17 of the transmitter 2A and the receiver 2B, and the management device 3
The encrypted data generated by the cryptographic encoding process using the encryption key generated by the key generation unit 34 is encrypted using the decryption key of either the transmission device 2A or the reception device 2B and the decryption key of the management device 3. The original compressed data cannot be obtained without decryption processing.

The communication section 12 sends the transmission start information to the receiving device 2.
Send to B. This transmission is a request for preparing the receiving device 2B to receive the encrypted data via the network. The transmission start information includes a compression encoding method when compression encoding the compressed data and a frequency modulation method when transferring the digital data through the network. (J) In the receiver 2B, the communication unit 12 receives the transmission start information from the transmitter 2A via the connected network environment. The communication unit 12 detects information from the received signal and notifies the control unit 10 of the information. The control unit 10
Information is organized by receiving the transmission start information, and the processing operation of the entire apparatus is controlled according to the processing program stored in the program memory 21.

The control unit 10 prepares to receive the encrypted data via the network according to the transmission start information. It also selects and adjusts the modulation method of the data transfer frequency via the network. When ready to receive,
The communication unit 12 is controlled so as to request the transmission device 2A to transmit the encrypted data. The communication unit 12 transmits the transmission request information to the transmission device 2A. Then, the transmitter 2A is notified that the preparation for reception is completed, and the transmission of the encrypted data is requested. (K) In the transmitter 2A, the communication unit 12 receives the transmission request information from the receiver 2B via the connected network environment. The communication unit 12 detects information from the received signal and notifies the control unit 10 of the information. The control unit 10
Information is organized by receiving the transmission request information, and the processing operation of the entire apparatus is controlled according to the processing program stored in the program memory 21.

The control unit 10 transmits the encrypted data via the network according to the transmission request information. In this case, the control unit 10 selects or adjusts the modulation method of the data transfer frequency via the network. When the transmission preparation is completed, the communication unit 12 is controlled to transmit the encrypted data. The communication unit 12 transmits the encrypted data read from the data storage unit 14 to the receiving device 2B. (L) In the receiving device 2B, the communication unit 12 receives the encrypted data from the transmitting device 2A via the connected network environment. The communication unit 12 stores the received encrypted data in the data storage unit 14. When the reception of the received data is completed, the control unit 10 controls the processing operation of the entire apparatus according to the processing program stored in the program memory 21. Then, the control unit 10 generates digital data of the original read by the reading unit 13A (see FIG. 2) of the transmission device 2A from the encrypted data.

The encryption / decryption unit 20 performs encryption / decryption processing on the encrypted data read from the data storage unit 14 to generate compressed data. For this encryption / decryption processing, the receiving device 2B
And the decryption key of the management apparatus 3 are used. Compressed data is generated by an encryption / decryption process using the latest decryption key generated by the reception device 2B stored in the key storage unit 18 and the decryption key received from the management device 3. The generated compressed data is stored in the data storage unit 14.

The compression / decoding unit 16 compression-decodes the compressed data read from the data storage unit 14 to generate bitmap data. For this compression / decoding, a compression / decoding method corresponding to the compression / encoding method included in the processing information received from the management device 3 is adopted. Accurate bitmap data is generated by adopting the compression / decoding method designated by the management device 3. The generated bitmap data is stored in the data storage unit 14.

In the present invention, the series of sequences described above can be executed by using the processing program. In this case, such a processing program can be stored in the program storage medium. As a result, it becomes possible to read the program from the program storage medium and operate the device of the present invention.

The present invention relates to a client device alone, a system between a transmitter and a receiver, and a system in which at least two client devices (transmitter and receiver) and a management device are connected via a network. Can be similarly applied. By applying the present invention to such an embodiment, it is possible to transfer data safely and securely.

In the present invention, the encryption key and the decryption key are equivalent to the public key and the secret key in the public key cryptosystem. Therefore, the digital data can be encrypted by using the public key and the secret key, and the encrypted data can be decrypted.

Further, according to the present invention, the encrypted data transmission system requests the encrypted data reception system for the encryption key. Therefore, according to the present invention, encryption can be performed using the requested encryption key.

In the present invention, the latest key for data communication is used instead of the fixed key internally provided in the data communication device, the data communication system, and the data communication program having the encryption technique. The technical disparity between and does not matter.

The transmitting side always performs the cryptographic encoding process using the latest cryptographic key to reproduce the cryptographic data. The receiving side holds a pair of decryption keys in the encryption key used by the transmitting side for the cryptographic encoding process until the transmitting side transmits the encrypted data. Here, the only key that the sender and the receiver must hold is the latest key. Therefore, the transmitting side and the receiving side need less storage media for storing the encryption key and the decryption key, and the cost can be kept low.

According to the present invention, when data communication is performed via a network, an encryption key generated by a management device that manages the network from an independent third party independent of the sender and the receiver is used. The latest encryption technology can be easily adopted and communicated by performing the encryption encoding process by using the decryption key corresponding to the encryption key generated by the management device for the encryption decryption process. Data confidentiality is highly protected.

[0087]

As described above, according to the present invention, the following effects can be obtained. (1) According to the invention described in claim 1, data can be transferred safely and reliably.

(2) According to the invention described in claim 2, data can be transferred safely and securely. Further, the capacity of the storage means for storing the encryption key and the decryption key can be small. (3) According to the third aspect of the invention, the digital data can be encrypted using the public key and the secret key, and the encrypted data can be decrypted.

(4) According to the invention described in claim 4, the system safety can be secured by the management device. (5) According to the invention described in claim 5, the digital data can be encrypted by using the public key and the secret key, and the encrypted data can be decrypted.

(6) According to the invention described in claim 6, data can be encrypted based on the requested encryption key. (7) According to the invention described in claim 7, it is possible to properly transmit and receive data between the transmitting side and the receiving side.

(8) According to the invention described in claim 8, the digital data can be encrypted by using the public key and the secret key, and the encrypted data can be decrypted. (9) According to the invention described in claim 9, the encryption key and the decryption key can be received from the management device on condition that the client is a legitimate client.

(10) According to the invention of claim 10,
It can be encrypted and decrypted using the public and private keys. (11) According to the invention described in claim 11, the encryption can be performed using the requested encryption key.

(12) According to the invention of claim 12,
It enables safe and reliable data transfer. (13) According to the invention of claim 13, digital data can be encrypted using a public key and a secret key,
The encrypted data can be decrypted. (1
4) According to the invention described in claim 14, the encryption key and the decryption key can be received from the management device on condition that the client is a legitimate client.

(15) According to the invention of claim 15,
Digital data can be encrypted using the public and private keys, and encrypted data can be decrypted. (16) According to the invention of claim 16, the transmission program can be encrypted using the requested encryption key.

(17) According to the invention of claim 17,
It enables safe and reliable data transfer. in this way,
According to the present invention, a data communication device, a data communication system, a data communication program, and a program storage storing the data communication program capable of transferring data safely and securely without having to increase the capacity of a storage medium for storing a key. A medium can be provided.

[Brief description of drawings]

FIG. 1 is a diagram showing an example of a system configuration for implementing the present invention.

FIG. 2 is a configuration block diagram of a client device forming the system according to the embodiment of the present invention.

FIG. 3 is a configuration block diagram of a management device forming the system according to the embodiment of the present invention.

FIG. 4 is an explanatory diagram of the operation of the present invention.

FIG. 5 is an operation explanatory diagram of the present invention.

FIG. 6 is an operation explanatory diagram of the present invention.

FIG. 7 is an operation explanatory diagram of the present invention.

[Explanation of symbols]

10 Control unit 11 Operation part 12 Communications Department 13 Mechanism 13A reading unit 13B recording section 14 Data storage 15 compression encoding unit 16 compression decoding section 17 Key generator 18 key storage 19 Cryptographic encoder 20 encryption / decryption unit 21 Program memory 22 system bus

Claims (17)

[Claims] 1. In a system in which a management device and a plurality of client devices are connected to a network, the client device comprises an encryption key, a key generation means for generating the encryption key and a pair of decryption keys, and one or more encryption keys. Cryptographic coding means for performing cryptographic coding processing of data using a key to generate cryptographic data, and cryptographic decoding processing for cryptographic data using at least one of a cryptographic key for generating cryptographic data and a pair of decryption keys An encryption / decryption means for performing the above, an encryption key generated by the key generation means, a transmission means for transmitting the encrypted data generated by the encryption encoding means to another device, and an encryption key generated by the key generation means in the other device. And a receiving means for receiving the encrypted data generated by the encryption encoding means, wherein the encryption encoding means generates the encryption key generated by the key generating means of the own device and the key generating portion of another device. The encryption key and the encryption key generated by the key generation unit of the management device are used to perform a cryptographic encoding process on the data to generate encrypted data. The encryption key of the device and the encryption key of the other device, at least one of each pair of decryption keys, the encryption key of the management device that generated the encrypted data, and the decryption of the encrypted data using the encryption key and the pair of decryption keys. A data communication device, each having a function of performing an encryption process. 2. A system in which a management device and a plurality of client devices are connected to a network, the system having a reception function part for receiving encrypted data from another device and a transmission function part for transmitting encrypted data to the other device. In the data communication device, the reception function unit includes an encryption key, a reception-side key generation unit that generates a pair of decryption keys together with the encryption key, and a reception-side key reception unit that receives the decryption key transmitted by the management device, An encryption key generated by the reception side key generation means, a pair of decryption keys with the encryption key, a reception side key storage means for storing the decryption key received by the reception side key reception means, and the reception side key storage means. Generated by the receiving-side transmitting means for transmitting the stored encryption key to another device, the receiving-side cryptographic receiving means for receiving the encrypted data transmitted by the other device, and the receiving-side key generating means stored by the receiving-side key storage means. Decryption key And a receiving-side decryption unit that performs an encryption-decryption process on the encrypted data received by the receiving-side encryption receiving unit, using the decryption key received by the receiving-side key receiving unit. And a transmitting-side key generating means for generating a pair of decryption keys with the encryption key, a first transmitting-side key receiving means for receiving an encryption key transmitted by another device, and an encryption key transmitted by the management device. Second transmitting-side key receiving means, an encryption key generated by the transmitting-side key generating means, a pair of decryption keys with the encryption key, an encryption key received by the first transmitting-side key receiving means, and a second A transmission side key storage means for storing the encryption key received by the transmission side key reception means, an encryption key generated by the transmission side key generation means stored in the transmission side key storage means, and received from the first transmission side key reception means Using the encrypted key and the encrypted key received from the second sending-side key receiving means. And a transmitting-side encryption unit that performs encryption coding processing on digital data to generate encrypted data. 3. The encryption key and the decryption key generated by the reception side key generation means or the transmission side key generation means are respectively equivalent to a public key and a secret key in a public key cryptosystem. 2. The data communication device according to 2. 4. When the management apparatus makes an inquiry and the management apparatus approves that the client is a legitimate client, the receiving-side key receiving means can receive the decryption key from the managing apparatus, and the transmitting-side key receiving means The data communication device according to claim 2, wherein the encryption key can be received from the management device. 5. The data according to claim 1, wherein the encryption key and the decryption key transmitted by the management device are equivalent to a public key and a secret key in a public key cryptosystem, respectively. Communication device. 6. The transmission function unit requests an encryption key from a reception function unit of a transmission destination of encrypted data before the encryption encoding processing of the transmission side encryption means.
The described data communication device. 7. Data communication having at least one receiving device for receiving encrypted data, one transmitting device for transmitting encrypted data, and one managing device for managing a data transfer environment of the receiving device and the transmitting device. In the system, the reception device includes an encryption key, a reception side key generation unit that generates the encryption key and a pair of decryption keys, a reception side key reception unit that receives the decryption key transmitted by the management device, and the reception side. An encryption key generated by the key generation means, a pair of decryption keys with the encryption key, a reception side key storage means for storing the decryption key received by the reception side key reception means, and an encryption stored in the reception side key storage means Receiving side transmitting means for transmitting the key to the transmitting apparatus, receiving side cryptographic receiving means for receiving the encrypted data transmitted by the transmitting apparatus, and decryption key generated by the receiving side key generating means stored in the receiving side key storage means And the receiver The decryption key received by the key receiving means is used, and the receiving side decrypting means for performing the decryption processing on the encrypted data received by the receiving side encryption receiving means is provided. And a transmitting side key generating means for generating a pair of decryption keys, a first transmitting side key receiving means for receiving the encryption key transmitted by the receiving device, and a second transmitting side key receiving means for receiving the encryption key transmitted by the management device. Transmitting-side key receiving means, an encryption key generated by the transmitting-side key generating means, the encryption key and a pair of decryption keys, an encryption key received by a first transmitting-side key receiving means, and the second transmitting side A transmission side key storage means for storing the encryption key received by the key reception means, an encryption key generated by the transmission side key generation means stored in the transmission side key storage means, and an encryption received by the first transmission side key reception means. Using the key and the encryption key received by the second transmitting-side key receiving means,
A data communication system, comprising: a transmitting-side encryption unit that performs encryption encoding processing on digital data to generate encrypted data. 8. The encryption key and the decryption key generated by the reception side key generation means or the transmission side key generation means are respectively equivalent to a public key and a secret key in a public key encryption system. The described data communication system. 9. When the management apparatus makes an inquiry and the management apparatus approves the client as a legitimate client, the reception side can receive the decryption key from the management apparatus, and the transmission side can receive the encryption key from the management apparatus. The data communication system according to claim 7, wherein the data communication system is capable. 10. The data communication system according to claim 7, wherein the encryption key and the decryption key transmitted by the management device are equivalent to the public key and the secret key in the public key cryptosystem, respectively. 11. The data communication system according to claim 7, wherein the transmitting device requests an encryption key to the receiving device of the encrypted data before the encryption encoding processing of the transmitting side encryption means. . 12. A data communication program comprising a receiving program for receiving encrypted data from another device and a transmitting program for transmitting encrypted data to another device, wherein the receiving program comprises an encryption key and a pair of the encryption key. The receiving-side key generation step of generating the decryption key, the receiving-side key receiving step of receiving the decoding key transmitted by the management program that manages the data transfer environment of the receiving program and the transmitting program, and the encryption generated by the receiving-side key generation step A key, the encryption key and a pair of decryption keys, a reception side key storage step that stores the decryption key received by the reception side key reception step, and a reception side that transmits the encryption key stored by the reception side key storage step to the transmission program Sending step, receiving-side cryptographic receiving step for receiving the encrypted data sent by the sending program, and receiving-side key storing step And a receiving-side decryption step of performing an encryption-decryption process on the encrypted data received by the receiving-side encryption receiving step using the decryption key generated by the receiving-side key generating step and the decrypting key received by the receiving-side key receiving step. The transmitting program includes: a transmitting-side key generation step of generating an encryption key and a pair of decryption keys with the encryption key; a first transmitting-side key receiving step of receiving the encryption key transmitted by the receiving program; The second that receives the encryption key transmitted by the management program that manages the data transfer environment of the program and the transmission program
Of the transmission side key, the encryption key generated by the transmission side key generation step, the encryption key paired with the encryption key, the encryption key received by the first transmission side key reception step, and the second transmission side key A sender-side key storage step of storing the encryption key received by the reception step, an encryption key generated by the transmission-side key generation step stored by the transmission-side key storage step, and an encryption key received by the first transmission-side key reception step A data transmission program, comprising: a transmission-side encryption step of performing encryption encoding processing on digital data to generate encrypted data using the encryption key received by the second transmission-side key reception step. 13. The encryption key and the decryption key generated by the reception-side key generation step or the transmission-side key generation step are equivalent to a public key and a secret key in a public-key cryptosystem, respectively. The described data communication program. 14. The management program is queried, and if the management program approves the client as a valid client, the receiving side can receive the decryption key from the management program, and the sending side can receive the encryption key from the management program. The data communication program according to claim 12, wherein the data communication program can be executed. 15. The data communication program according to claim 12, wherein the encryption key and the decryption key transmitted by the management program are the same as the public key and the secret key in the public key cryptosystem, respectively. 16. The data communication according to claim 12, wherein the transmission program requests an encryption key to the reception program of the encrypted data before the encryption encoding processing of the transmission side encryption step. program. 17. A program storage medium for storing a data communication program having a receiving program for receiving encrypted data from another device and a transmitting program for transmitting encrypted data to another device, wherein the receiving program is an encryption key. A receiving-side key generating step of generating the encryption key and a pair of decoding keys; a receiving-side key receiving step of receiving a decoding key transmitted by a management program managing a data transfer environment of the receiving program and the transmitting program; The encryption key generated by the generation step, the decryption key paired with the encryption key, the reception side key storage step that stores the decryption key received by the reception side key reception step, and the encryption key that the reception side key storage step stores The receiving side sending step to send to the program and the receiving side cryptographic receiving step to receive the encrypted data sent by the sending program. And the decryption key generated by the reception-side key generation step stored in the reception-side key storage step and the decryption key received by the reception-side key reception step, are used to decrypt the encrypted data received by the reception-side encryption reception step. And a transmitting-side key generating step of generating an encryption key and a pair of decoding keys together with the encryption key; and a first receiving step of receiving the encryption key transmitted by the receiving program. Of the transmitting side key, a second transmitting side key receiving step of receiving the encryption key transmitted by the management program, an encryption key generated by the transmitting side key generating step, the encryption key and a pair of decryption keys, and The transmission key stored in the first transmission side key receiving step, the transmission side key storage step in which the second transmission side key reception step stores the encryption key received in the second transmission side key reception step, and the transmission stored in the transmission side key storage step A cryptographic encoding process is performed on digital data using the cryptographic key generated by the key generation step, the cryptographic key received by the first transmission side key reception step, and the cryptographic key received by the second transmission side key reception step. A program storage medium storing a data communication program, comprising: a transmitting-side encryption step for generating data.