JP2952885B2 - Key management method - Google Patents
Key management methodInfo
- Publication number
- JP2952885B2 JP2952885B2 JP1100501A JP10050189A JP2952885B2 JP 2952885 B2 JP2952885 B2 JP 2952885B2 JP 1100501 A JP1100501 A JP 1100501A JP 10050189 A JP10050189 A JP 10050189A JP 2952885 B2 JP2952885 B2 JP 2952885B2
- Authority
- JP
- Japan
- Prior art keywords
- encryption key
- key
- encryption
- unit
- storage unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000007726 management method Methods 0.000 title description 12
- 238000004891 communication Methods 0.000 claims description 30
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 3
- 230000006835 compression Effects 0.000 description 3
- 238000007906 compression Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Description
【発明の詳細な説明】 〔産業上の利用分野〕 本発明は鍵管理方式に関し、特に暗号化鍵を利用して
行なう場合の鍵管理方式に関する。Description: TECHNICAL FIELD The present invention relates to a key management system, and more particularly, to a key management system in a case where an encryption key is used.
暗号通信は1対の通信端末装置間に固有の暗号化を行
なうもので、暗号化のために利用する暗号化鍵は、通信
を行う対向通信端末装置の組み合せ数だけ必要となる。
更に、経済的な安全性を保証するために、発呼毎に個有
の暗号化鍵を必要とする。なお、複合化鍵は、一般には
暗号化鍵と同一のものが利用される。In the encrypted communication, a unique encryption is performed between a pair of communication terminal devices, and the number of encryption keys used for the encryption is the same as the number of combinations of the opposite communication terminal devices that perform communication.
In addition, each call requires a unique encryption key to ensure economic security. Note that the same decryption key is generally used as the encryption key.
今、通信端末装置の数をmとし、各通信端末装置は平
均n回の発呼を行う可能性があり、通信相手は自己以外
の全ての通信端末装置とし、通信形態は双方向通信で、
上り,下り別々の暗号化鍵を使用するものとすると、予
め暗号化鍵を作成し、如何なる通信にも対応できるよう
にするための暗号化鍵の総数は(1)式で求まるMとな
る。Now, assuming that the number of communication terminal devices is m, each communication terminal device may make an average of n calls, the communication partner is all communication terminal devices other than itself, and the communication mode is two-way communication.
Assuming that separate encryption keys are used for upstream and downstream, the total number of encryption keys for preparing encryption keys in advance and supporting any communication is M obtained by equation (1).
M=2n・(m−1)! ……(1) (1)式のMは、m,nの値によっては膨大な数となる
が、実際にその都度運用される数に限定して考えても暗
号化鍵の総数は(2)式のM′となる。M = 2n · (m-1)! (1) M in equation (1) is a huge number depending on the values of m and n, but the total number of encryption keys is (2) even if it is limited to the number actually used each time. M) in the equation.
M′=2nm ……(2) 従って、有線通信網においては、通信端末装置の発呼
要求に応じて暗号化鍵を作成し、発呼及び被呼の双方の
通信端末装置へこの暗号化鍵を自動配送する鍵管理装置
を網内に設置することにより、暗号化鍵の総数をM′と
することが行われている。M ′ = 2 nm (2) Therefore, in a wired communication network, an encryption key is created in response to a call request of a communication terminal device, and this encryption key is transmitted to both the calling and called communication terminal devices. The total number of encryption keys is set to M 'by installing a key management device for automatically distributing the encryption key in the network.
一方、無線通信網においては、使用周波数,地形等に
よって通信不能となるいわゆる隠れ端末が出来て、有線
通信網のように全ての通信端末装置が互に通信できると
いう保証が無く、有線通信網の如く鍵管理装置を設置し
て、全ての通信端末装置の暗号化鍵を管理することは不
可能である。On the other hand, in a wireless communication network, there is a so-called hidden terminal that cannot be communicated due to a used frequency, terrain, etc., and there is no guarantee that all communication terminal devices can communicate with each other like a wired communication network. It is impossible to install a key management device as described above and manage the encryption keys of all communication terminal devices.
よって、従来の無線通信網では、(1)式のMを全て
の無線機に持たせ絶対に暗号化鍵を重複させないように
するか、このMが膨大になり過ぎる場合には(3)式の
ように圧縮率αを設け、この(3)式で示される暗号化
鍵の総数M′から無作為に抽出した暗号化鍵を使用し、
重複の可能性を1/αに圧縮する方法を採っている。Therefore, in the conventional wireless communication network, M in equation (1) is provided to all wireless devices so that the encryption key is not duplicated, or if this M is too large, equation (3) is used. And using an encryption key randomly extracted from the total number M ′ of encryption keys represented by the equation (3),
The method of compressing the possibility of duplication to 1 / α is adopted.
M″=2nmα ……(3) (1)式において、たとえばmとnを10と仮定する
と、Mは約7.3×106となり、1つの暗号化鍵のビット数
を63と仮定すると総ビット数は約4.6×108ビットとな
り、簡単な構成の無線機では扱えない値となる。従っ
て、一般には(3)式に示すM″が用いられるが、αの
値にも限度があり、重複の可能性が残る。M ″ = 2 nmα (3) In the equation (1), assuming that m and n are 10, for example, M is about 7.3 × 10 6 , and assuming that the number of bits of one encryption key is 63, the total number of bits Is about 4.6 × 10 8 bits, which is a value that cannot be handled by a wireless device with a simple configuration.Therefore, M ″ shown in equation (3) is generally used, but the value of α is limited, and Possibilities remain.
上述した従来の鍵管理方式は、暗号通信を行なう無線
通信網にあって、使用周波数や地形等によって通信不能
に陥る隠れ端末が存在する場合には、通信端末装置の数
mと、各通信端末装置の平均発呼数nによって決定され
るM′=2n・(m−1)!個の膨大な数の暗号化鍵が必
要となるが、この数は簡易な構成の無線機では取扱い不
能であり、また、その都度運用される数に限定した観点
に立って減少してみても2nm個でも負擔が過大なことが
多く、これを解決するため運用規模,通信頻度等の運用
条件を勘案して圧縮率αを乗じた2nmαとすることが一
般的に利用されているが、この圧縮にも限度があり、圧
縮程度に対応して重複の危険性が増大するという欠点が
ある。The conventional key management method described above is based on the problem that the number m of communication terminal devices and the number of communication terminals M ′ = 2n · (m−1)! Determined by the average number of calls n of the device! Although a huge number of encryption keys are required, this number cannot be handled by a wireless device with a simple configuration, and it may be reduced from the viewpoint of limiting the number to be used each time. In order to solve this problem, 2nmα multiplied by the compression ratio α is generally used, taking into account operating conditions such as operation scale and communication frequency. Compression is limited, and has the disadvantage that the risk of duplication increases with the degree of compression.
本発明の目的は上述した欠点を除去し、暗号通信を行
なう無線通信網において、通信不能に陥る隠れ端末の無
い無線通信網にあっては、安全率によって暗号化鍵数を
圧縮せずとも重複使用を生せず、また、隠れ端末が有っ
ても暗号化鍵の重複使用を1/α以上に大幅に低減できる
鍵管理方式を提供することにある。SUMMARY OF THE INVENTION An object of the present invention is to eliminate the above-mentioned drawbacks, and in a wireless communication network performing encrypted communication, in a wireless communication network having no hidden terminals that are unable to communicate, it is necessary to reduce the number of encryption keys without compressing the number of encryption keys according to the security factor. It is an object of the present invention to provide a key management system that does not generate any use and that can greatly reduce the use of an encryption key to 1 / α or more even when there is a hidden terminal.
本発明の鍵管理方式は、暗号通信を目的とする無線機
における複数の暗号化鍵または当該暗号化鍵に対応する
管理番号、一連番号およびアドレスのいずれか1つを記
憶する手段と、送信時には記憶している暗号化鍵または
当該暗号化鍵に対応する管理番号、一連番号およびアド
レスのいずれか1つを無作為に抽出するとともに重複し
て抽出されることを防止する手段と、受信時には送信側
において抽出した暗号化鍵または当該暗号化鍵に対応す
る管理番号、一連番号およびアドレスのいずれか1つが
過去に使用されたか否かを判別し、過去において使用さ
れたと判断した時には送信側に改めて暗号化鍵または当
該暗号化鍵に対応する管理番号、一連番号およびアドレ
スのいずれか1つの抽出を行うことを要求する手段とを
備えて構成される。The key management method according to the present invention includes: means for storing one of a plurality of encryption keys or a management number, a serial number, and an address corresponding to the encryption key in a wireless device for encryption communication; Means for randomly extracting the stored encryption key or any one of the management number, the serial number, and the address corresponding to the encryption key and preventing it from being redundantly extracted; The side determines whether the extracted encryption key or any one of the management number, the serial number, and the address corresponding to the encryption key has been used in the past. Means for requesting extraction of any one of the encryption key or a management number, a serial number, and an address corresponding to the encryption key.
次に、図面を参照して本発明の説明する。 Next, the present invention will be described with reference to the drawings.
第1図は本発明の一実施例の構成図であり、送信側を
構成する鍵記憶部1,選定部2,一時記憶部3,制御部4,判別
部5および記憶部6と、暗号化部100,および受信側を構
成する一時記憶部7,制御部8,判別部9および記憶部10と
復号化部200を備えて構成され、これら構成中、暗号化
部100と復号化部200以外の実線で示す部分が本発明に直
接かかわる部分である。FIG. 1 is a block diagram of an embodiment of the present invention, in which a key storage unit 1, a selection unit 2, a temporary storage unit 3, a control unit 4, a discrimination unit 5, a storage unit 6, and a encryption unit, which constitute a transmission side, And a temporary storage unit 7, a control unit 8, a determination unit 9, a storage unit 10, and a decryption unit 200. Are the parts directly related to the present invention.
次に、第1図の実施例の動作について説明する。鍵記
憶部1は、第(3)式に示す総数M″=2nmαの暗号化
鍵を記憶し、暗号化鍵を無作意に選択する選定部2の指
定する暗号化鍵を出力する。Next, the operation of the embodiment shown in FIG. 1 will be described. The key storage unit 1 stores the encryption keys of the total number M ″ = 2 nmα shown in Expression (3), and outputs the encryption keys specified by the selection unit 2 that randomly selects the encryption keys.
選定部2は、制御部4の指令にもとづき、例えば自然
乱数のような生起確率のランダムなものを利用して鍵記
憶部1内の暗号化鍵を無作為に指定する。The selection unit 2 randomly specifies an encryption key in the key storage unit 1 using a random occurrence probability such as a natural random number, based on a command from the control unit 4.
制御部4は、発呼に相当する送信指令をプレススイッ
チ等を利用して受け、後述する判別部5から受ける重複
判断信号と受信側の制御部8から暗号化鍵に関する再抽
出要求信号を受けたとき選定部2に選定指令を出し、選
定部2から鍵記憶部1に鍵指定信号が供給される。The control unit 4 receives a transmission command corresponding to a call using a press switch or the like, and receives a duplication determination signal received from a determination unit 5 described later and a re-extraction request signal related to an encryption key from the control unit 8 on the receiving side. Then, a selection command is issued to the selection unit 2, and a key designation signal is supplied from the selection unit 2 to the key storage unit 1.
鍵記憶部1は、この鍵指定信号を受けて暗号化鍵を出
力し、一時記憶装置3に記憶されるとともにこの暗号化
鍵は判別部5にも供給される。The key storage unit 1 receives the key designation signal and outputs an encryption key, which is stored in the temporary storage device 3 and supplied to the determination unit 5.
判別部5は、こうして提供される選定された暗号化鍵
と過去に選定された暗号化鍵との一致の有無を判別し一
致するときは重複判断信号を制御部4に供給する。重複
を判別するに必要な過去に選定された暗号化鍵は、制御
部4の送出する制御信号の制御のもとに記憶部6から読
み出される。The determination unit 5 determines whether or not the selected encryption key provided in this way matches the encryption key selected in the past, and supplies a duplicate determination signal to the control unit 4 when they match. An encryption key selected in the past necessary to determine duplication is read from the storage unit 6 under the control of a control signal sent from the control unit 4.
記憶部6から過去の暗号化鍵の内容がすべて読み出さ
れて判別部5による重複判断信号がないことが判別され
ると、これを制御部4が検知し、この制御部4の制御の
もとに一時記憶部3の内容が記憶部6と、暗号化部100
へ送信され無線の伝送路を介して受信側へ伝送される。When all the contents of the past encryption keys are read from the storage unit 6 and it is determined that there is no duplicate determination signal by the determination unit 5, the control unit 4 detects this and the control of the control unit 4 is also performed. At first, the contents of the temporary storage unit 3 are stored in the storage unit 6 and the encryption unit 100.
And transmitted to the receiving side via a wireless transmission path.
受信側では、スケルチ信号および受信機番号等による
受信指令を受けた制御部8のもとに、一時記憶部3から
提供された暗号化鍵を一時記憶部7に記憶するととも
に、過去に使用された暗号化鍵と受信した暗号化鍵の一
致を判別する判別部9で記憶部10の過去に使用された暗
号化鍵の内容と照合し、過去に使用されたものと同じも
のであれば判別部9から制御部8へ重複判断信号を送出
する。On the receiving side, the encryption key provided from the temporary storage unit 3 is stored in the temporary storage unit 7 under the control of the control unit 8 which has received the reception command based on the squelch signal and the receiver number, and is used in the past. The discriminating unit 9 that determines whether the received encryption key matches the received encryption key is compared with the contents of the encryption key used in the past in the storage unit 10, and if it is the same as the one used in the past, it is determined. The section 9 sends an overlap determination signal to the control section 8.
制御部8は、受信機番号等であって傍受信号ではな
く、相手が自局と通信を希望していると判断できるとき
は、判別部9から提供される重複判断信号に従って相手
に暗号化鍵の再抽出要求を無線で送出する。When the control unit 8 can determine that the other party wants to communicate with its own station, not the intercept signal, but the receiver number or the like, the control unit 8 sends the encryption key to the other party according to the duplication determination signal provided from the determination unit 9 Is transmitted wirelessly.
記憶部10の内容が全部判別部9に送られ、重複が無い
か、重複があっても傍受信号である場は、制御部8は次
に述べる制御を行う。すなわち、重複のない場合は、一
時記憶部7の内容を記憶部10に記憶させるとともに、傍
受信号でないと判断しているときは復号化部200へ送出
する。重複がある場合は、一時記憶部7の内容を消去
し、次の動作に備える。When the entire contents of the storage unit 10 are sent to the determination unit 9 and there is no overlap, or if there is an overlap but the signal is an intercept signal, the control unit 8 performs the following control. That is, when there is no overlap, the content of the temporary storage unit 7 is stored in the storage unit 10, and when it is determined that the signal is not an intercept signal, the signal is transmitted to the decoding unit 200. If there is an overlap, the contents of the temporary storage unit 7 are erased to prepare for the next operation.
このようにして、対向局間だけで無く、傍受できる範
囲の暗号化鍵も管理され、重複の可能性を著しく低減す
ることができる。In this way, not only between the opposing stations but also the encryption key in the range that can be intercepted is managed, and the possibility of duplication can be significantly reduced.
尚、上述した実施例では、説明の都合上、暗号化鍵を
傍受することにしたが、実際には暗号化鍵は秘密にされ
るべきもので、上述した暗号化鍵はこれに代わる管理番
号,一連番号もしくは記憶部のアドレス等で傍受される
ものである。In the above-described embodiment, the encryption key is intercepted for the sake of explanation. However, in practice, the encryption key is to be kept secret. , The serial number or the address of the storage unit.
以上説明したように本発明は、暗号通信を行なう無線
通信網において、通信時には記憶した暗号化鍵が重複抽
出されることなく無作意に選定され、受信時には過去に
使用されたか否かを判定して、過去に使用実績のある場
合は送信側に暗号化鍵の再抽出を行なう方法を採ること
により、隠れ端末が無い場合には安全率を適用すること
なく暗号化鍵数の利用限度を著しく増大し、また隠れ端
末がある場合でも暗号化鍵の重複使用の可能性を著しく
低減できるという効果がある。As described above, according to the present invention, in a wireless communication network for performing encrypted communication, a stored encryption key is randomly selected without being redundantly extracted during communication, and it is determined whether or not the encryption key has been used in the past during reception. If there is no hidden terminal, the use limit of the number of encryption keys can be reduced without applying a security factor if there is no hidden terminal. There is an effect that the number of encryption keys is remarkably increased, and the possibility of repeatedly using the encryption key can be significantly reduced even when there is a hidden terminal.
第1図は本発明の一実施例の構成図である。 1……鍵、2……選定部、3……一時記憶部、4……制
御部、5……判別部、6……記憶部、7……一時記憶
部、8……制御部、9……判別部、10……記憶部、100
……暗号化部、200……復号化部。FIG. 1 is a configuration diagram of one embodiment of the present invention. DESCRIPTION OF SYMBOLS 1 ... Key, 2 ... Selection part, 3 ... Temporary storage part, 4 ... Control part, 5 ... Determination part, 6 ... Storage part, 7 ... Temporary storage part, 8 ... Control part, 9 …… Discriminator, 10… Storage, 100
…… Encryption unit, 200 …… Decryption unit.
Claims (1)
の暗号化鍵または当該暗号化鍵に対応する管理番号、一
連番号およびアドレスのいずれか1つを記憶する手段
と、 送信時には記憶している暗号化鍵または当該暗号化鍵に
対応する管理番号、一連番号およびアドレスのいずれか
1つを無作為に抽出するとともに重複して抽出されるこ
とを防止する手段と、 受信時には送信側において抽出した暗号化鍵または当該
暗号化鍵に対応する管理番号、一連番号およびアドレス
のいずれか1つが過去に使用されたか否かを判別し、過
去において使用されたと判断した時には送信側に改めて
暗号化鍵または当該暗号化鍵に対応する管理番号、一連
番号およびアドレスのいずれか1つの抽出を行うことを
要求する手段と を備えていることを特徴とする鍵管理方式。1. A means for storing a plurality of encryption keys or one of a management number, a serial number, and an address corresponding to the encryption keys in a wireless device intended for encrypted communication, and storing at the time of transmission. Means for randomly extracting any one of the encryption key or the management number, the serial number and the address corresponding to the encryption key and preventing it from being redundantly extracted; It is determined whether the encrypted key or any one of the management number, the serial number, and the address corresponding to the encrypted key has been used in the past, and when it is determined that the encryption key has been used in the past, the encryption key is sent to the transmitting side again. Or means for requesting extraction of any one of a management number, a serial number, and an address corresponding to the encryption key. Management scheme.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP1100501A JP2952885B2 (en) | 1989-04-19 | 1989-04-19 | Key management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP1100501A JP2952885B2 (en) | 1989-04-19 | 1989-04-19 | Key management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JPH02278934A JPH02278934A (en) | 1990-11-15 |
| JP2952885B2 true JP2952885B2 (en) | 1999-09-27 |
Family
ID=14275686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP1100501A Expired - Fee Related JP2952885B2 (en) | 1989-04-19 | 1989-04-19 | Key management method |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JP2952885B2 (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001030020A1 (en) | 1999-10-20 | 2001-04-26 | Fujitsu Limited | Variable length key encrypting system |
| US7221764B2 (en) * | 2002-02-14 | 2007-05-22 | Agere Systems Inc. | Security key distribution using key rollover strategies for wireless networks |
| JP5791933B2 (en) * | 2011-03-31 | 2015-10-07 | 株式会社三共 | GAME SYSTEM AND GAME DEVICE |
| JP5759932B2 (en) * | 2012-05-24 | 2015-08-05 | 株式会社エヌ・ティ・ティ・データ | KEY DATA GENERATION DEVICE, KEY DATA GENERATION METHOD, AND PROGRAM |
| JP6019179B2 (en) * | 2015-06-16 | 2016-11-02 | 株式会社三共 | GAME SYSTEM AND GAME DEVICE |
| JP2016221360A (en) * | 2016-10-03 | 2016-12-28 | 株式会社三共 | GAME SYSTEM AND GAME DEVICE |
| JP2022124446A (en) * | 2021-02-15 | 2022-08-25 | 株式会社Opening Line | File providing system, file providing method, and program |
-
1989
- 1989-04-19 JP JP1100501A patent/JP2952885B2/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| JPH02278934A (en) | 1990-11-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4783798A (en) | Encrypting transponder | |
| US6173172B1 (en) | System and method for preventing the unauthorized use of a mobile communication device | |
| JP4688296B2 (en) | Safe handover method | |
| US6490687B1 (en) | Login permission with improved security | |
| US5077790A (en) | Secure over-the-air registration of cordless telephones | |
| US5335278A (en) | Fraud prevention system and process for cellular mobile telephone networks | |
| US6378069B1 (en) | Apparatus and methods for providing software updates to devices in a communication network | |
| EP0093549B1 (en) | Catv communication system | |
| US7802307B2 (en) | Systems and methods for communication protection | |
| US5056140A (en) | Communication security accessing system and process | |
| EP0689316A2 (en) | Method and apparatus for user identification and verification of data packets in a wireless communications network | |
| US5412722A (en) | Encryption key management | |
| CN101889421B (en) | Method and system for end-to-end encrypted communication | |
| EP0781427B1 (en) | Secure computer network | |
| CA2104849A1 (en) | Continuous authentication using an in-band or out-of-band side channel | |
| JPH1066158A5 (en) | ||
| CA2461804A1 (en) | A method for authenticating a user in a terminal, an authentication system, a terminal, and an authorization device | |
| WO2005114896A1 (en) | Transferring data between two smart cards | |
| JP2002502204A (en) | Procedures and systems for processing messages in telecommunications systems | |
| AU7135296A (en) | Method and system for transferring data between a mobile and a stationary group of persons | |
| JP2952885B2 (en) | Key management method | |
| JPH0730504A (en) | Device for preventing use of information without permission in radio communication | |
| US20050048952A1 (en) | Method and apparatus for distribution of cipher code in wireless LAN | |
| EP0565528B1 (en) | Secure over-the-air registration of cordless telephones | |
| CN116761167B (en) | Data encryption transmission method, system, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| LAPS | Cancellation because of no payment of annual fees |