RU2360366C9 - Communication device - Google Patents

Abstract

FIELD: communication.

SUBSTANCE: present invention relates to communication using encrypted data. When establishing communication with a partner in a communication session, data are converted using a function or protocol, which is common for partners in the session, and this function or protocol is updated through conversion in accordance with the operation of communication with the communication session partner.

EFFECT: reduced level of probability of disclosure of key data.

34 cl, 47 dwg

Description

FIELD OF THE INVENTION

The present invention relates to a communication device, a communication system, a communication method, an encryption device and an information processing device, an information processing system, an information processing method, and also a service delivery method, and in particular, a communication device, a communication system, a communication method, an encryption device and information processing devices, an information processing system, an information processing method and a method of supplying services that provide communication with a communication session partner using encrypted data.

BACKGROUND OF THE INVENTION

When encrypting data in a communication device between a transmitter and a receiver, common key data is used. Moreover, in the prototype, the key data itself is transmitted and received between the transmitter and the receiver, or an external factor, for example, ordinary weather information, etc., is used as key data. Moreover, even in the case of a dynamic change, encryption depends on the specified external key data.

However, in a communication device of this traditional type, in the case of the disclosure of key data or the location of key data, the code can be easily decoded and, therefore, the transmitted data can be disclosed.

The present invention is aimed at solving this problem and creating a communication device, a communication system, a communication method, an encryption device and an information processing device, an information processing system, an information processing method, as well as a method for delivering services with increased privacy.

Disclosure of the invention

In accordance with the present invention, when exchanging data with a communication partner, the data is converted using a function or protocol that is common with the communication partner, and in addition, the function or protocol is updated in accordance with the communication operation with the communication partner .

In accordance with the present invention, the function or protocol is common with the communication partner and is internally updated for each communication operation in accordance with the number of communication operations, transmitted data, or a combination thereof. In other words, the encryption key used for encryption or decoding is self-generated. This encryption key is referred to as a self-generated key. Due to the use of a self-generated key, even when a function or protocol is opened, this function or protocol is self-generated for each communication operation or for each transmitted data, and therefore it is subsequently updated, which, as a result, makes it impossible to easily decrypt information using only the opened function or protocol. Thus, it becomes possible to increase the privacy of the transmitted data.

For example, when updating the function table, the number of data exchange operations is set in the form of at least one coefficient during the operation as part of the function and the function table is updated.

In accordance with the present invention, an internal update of the function for encryption is performed for each communication operation, and therefore, encryption can be performed without transferring the function. Thus, the secrecy of the transmitted data is enhanced.

Moreover, the data exchanged with the communication partner is set in the form of at least one coefficient during the operation performed in the function table, and the function table is updated.

In accordance with the present invention, the data exchanged with the communication partner is set in the form of at least one coefficient during the operation performed in the function table, and the function table is updated, so encryption can be performed without transferring the function table. Thus, the secrecy of the transmitted data can be increased.

In addition, one function or protocol is selected from a plurality of predefined functions or protocols in accordance with the number of data exchange operations, and encryption or decryption is performed. Moreover, one function or protocol is selected from a plurality of predefined functions or protocols in accordance with the data, and encryption or decryption is updated.

In this case, the method of updating a function or protocol is implemented by combining update processes from a variety of different update methods for each communication operation. Moreover, the update process is performed by combining a plurality of update methods for a unit of data.

In accordance with the present invention, since the function or protocol used for encryption, as a result of a combination of different updating methods, can become complex, the secrecy of the transmitted data may increase.

Moreover, in the present invention, a non-linear transition of a function or protocol is performed.

In accordance with the present invention, performing a non-linear transition of a function or protocol enables a chaotic change in a function or protocol. Therefore, even when a specific function or protocol is disclosed, it is not possible to easily obtain a subsequently used function or protocol from a previous function or protocol. Therefore, decrypting the code becomes difficult. Therefore, data privacy may increase.

In addition, in accordance with the present invention, the communication device includes: a unit for receiving a common element, providing a receiving element that is common with the receiving side; key generating means for generating a key based on a common element generated by said common element obtaining unit; encryption key generating means for generating a function or protocol based on a key generated by said key generating means; and encryption means for performing encryption based on a function or protocol generated by said encryption key generation means.

In accordance with the present invention, a common element is obtained that is common between the transmitting and receiving parties; receive a key to select an encryption key; a function or protocol is generated based on the generated key; and encryption is performed based on the generated function or protocol. In this case, even when only a key or only a protocol is received, decryption of the code is difficult, and therefore, secrecy can increase.

In addition, in accordance with the present invention, certain information about a function or protocol is obtained as a key. Therefore, a key cannot be obtained without receiving a function or protocol. Therefore, decrypting the code is difficult, and therefore, secrecy can be enhanced.

In addition, in accordance with the present invention, a function or protocol is generated via a non-linear transition.

In accordance with the present invention, since a non-linear transition of a function or protocol is provided, the function or protocol can change in a chaotic manner, and therefore, decryption of the code becomes difficult even when a specific function or protocol is obtained.

In accordance with the present invention, the source data is read from a file and encrypted; encrypted data is stored in an intermediate file; data stored in the specified intermediate file is decoded; and the decoded data is stored as a given file.

Further, in accordance with the present invention, there is provided a communication means for transmitting a file stored in a file storage means to a destination via a network.

In accordance with the present invention, the source data is read from a file and encrypted; encrypted data is stored in an intermediate file; then the data stored in the specified intermediate file is decoded; and the decoded data is stored as a specific file. Thus, encrypted data can be stored as an intermediate file, and therefore, the privacy of the stored data can be increased. In addition, since the intermediate file can be transmitted through a conventional communication device, the introduction of encryption can be carried out without difficulty.

Further, in accordance with the present invention, the encryption unit includes a means of generating tables, providing a dynamic change of the table used to encrypt the source data.

In accordance with the present invention, since the encryption unit includes table generating means for dynamically changing the table used to encrypt the source data, the table used for encryption is dynamically changed. Thus, even when receiving a table for a while, decoding the encoded data is difficult, and therefore, data privacy may increase.

Further, in accordance with the present invention, the encryption unit includes: key generation means for generating a key based on a common element; table selection means for selecting a specific table from a plurality of tables generated by the table generating means based on a key generated by the key generating means; and encryption means for performing encryption based on the table selected by the table selector.

According to the present invention, the encryption unit generates a key based on a common element, selects a specific table from a plurality of tables based on the generated key, and performs encryption based on the selected table. Thus, to decode the code, it is necessary to obtain not only a table, but also a common element and key. Therefore, easy decoding of the code is difficult, and therefore, data privacy may increase.

Further, in accordance with the present invention, in a communication system for exchanging encrypted data between a sender's communication device and a destination communication device through a relay communication device, the communication device comprises encryption means for performing certain encryption of the transmitted data and decoding data subjected to a certain encryption; and for each of the communication devices.

In addition, in a communication system, serial transmission of data from a sender’s communication device to a destination communication device is via a plurality of relay communication devices.

In addition, in accordance with the present invention, a communication system for exchanging encrypted data between a plurality of sender communication devices and a plurality of destination communication devices comprises a first relay communication device exchanging encrypted data with a plurality of sender communication devices and a second relay communication device that relays encrypted data between the first relay device and the plurality of destination communication devices, and thereby exchange encrypted data between the first relay device and the second relay device.

In a communication system, a first relay device performs encryption for a plurality of sender communication devices in various ways.

In addition, in a communication system, a second relay communication device performs encryption for a plurality of destination communication devices in various ways.

In accordance with the present invention, since encryption is performed by the encryption means for each communication device in a different way, encryption is performed for each communication path in a different way. Thus, it is not possible to easily decode the encoded data, and therefore, communication secrecy can be enhanced.

Brief Description of the Drawings

1 is a system configuration in a first embodiment of the present invention;

Figure 2 is a block diagram of a server 11 and a client 12;

Figure 3 is a block diagram of a communication device 27;

4 is a block diagram of a memory 32;

5 is a data configuration in a function table stored in the memory 32;

6 is a block diagram of a sequence of operations performed by the communication device 27 during the start of a communication session;

7 is a block diagram of a sequence of operations performed by the communication device 27 in the transmission process;

Fig. 8 is a flowchart of a communication device 27 during reception;

FIG. 9 is a flowchart of a first embodiment of a communication device 27 during a start of a communication session; FIG.

FIG. 10 is a flowchart of a first embodiment of a communication device 27 during transmission; FIG.

11 is a flowchart executed by a first embodiment of a communication device 27 during a reception;

12 is a block diagram of a second embodiment of a communication device 27;

FIG. 13 is a flowchart of a second embodiment of a communication device 27 during a start of a communication session; FIG.

FIG. 14 is a flowchart of a second embodiment of a communication device 27 during transmission; FIG.

FIG. 15 is a flowchart of a second embodiment of a communications device 27 during reception; FIG.

FIG. 16 is a flowchart of a third embodiment of a communication device 27 during transmission; FIG.

17 is a flowchart of a third embodiment of a control unit 33 during a reception;

Fig is an example application of the present invention;

19 is a system configuration in a second embodiment of the present invention;

Fig. 20 shows a configuration of a table selection / generation unit 213;

21 is a flow diagram of an embodiment of a key generation method;

22 is a system configuration in a third embodiment of the present invention;

23 is a block diagram of an encryption device 319;

24 is a configuration of a table selection / generation unit 323;

FIG. 25 is a flow diagram of a table selection / generation unit 323; FIG.

26 is a system configuration in an example application of an information processing system 301;

27 is a system configuration in a fourth embodiment of the present invention;

Fig. 28 is a block diagram of an information processing device 511;

Fig. 29 is a block diagram of an encryption device 539;

Fig - configuration of data in memory 544;

Fig. 31 is a block diagram of an information processing device 513;

32 is a system configuration in a fifth embodiment of the present invention;

Fig. 33 is a block diagram of an information processing apparatus 211;

Fig. 34 shows a data configuration in memory 544 of an embodiment of a fifth embodiment of the present invention;

Fig. 35 is a system configuration in a sixth embodiment of the present invention;

Fig. 36 is a system configuration in a seventh embodiment of the present invention;

Fig. 37 is a block diagram of a first embodiment of an encryption / decryption device;

Fig. 38 is a flowchart of a second embodiment of an encryption / decryption device;

Fig. 39 is a system configuration in an eighth embodiment of the present invention;

40 is a block diagram of a server 1111;

Fig. 41 is a block diagram of an output terminal device 1112;

Fig. 42 is a block diagram of a portable encryption device 1113;

Fig. 43 is an exploded perspective view of a portable encryption device 1113;

Fig - block diagram of the sequence of processing operations performed by the server 1111;

Fig. 45 is a flowchart of an output device 1112;

Fig. 46 is a flowchart of a portable encryption device 1113;

Fig. 47 is a block diagram of an embodiment of a server 1111; and

Fig. 48 is a block diagram of an encryption device 1182.

The best option for implementing this inventions

The first implementation example

1 shows a system configuration in a first embodiment of the present invention.

The communication system 1 in the embodiment has a configuration that enables communication between the server 11 and the client 12 through the network 13.

Figure 2 presents the block diagram of the server 11 and the client 12.

The configuration of both server 11 and client 12 includes a CPU (central processor) 21, ROM (read-only memory) 22, HDD (hard disk drive) 23, random access memory (RAM) 24, input device 25, display 26 , communication device 27 and bus 28. Data exchange between CPU 21, ROM 22, HDD 23, RAM 24, input device 25, display 26 and communication device 27 is provided by bus 28. CPU 21 performs data processing based on a program stored in ROM 22 or HDD 23. RAM 24 is used as a working area and memory while the CPU 21 processing data.

The input device 25 includes a keyboard, mouse, etc. and used to enter commands or data. Display 26 includes an LCD display (liquid crystal device), a CRT (cathode ray tube), or the like. and is used to display input data or processed data. The communication device 27 performs encoding / decoding of data and provides control of communication with the client 12 through the network 13.

Figure 3 presents a block diagram of a communication device 27.

The communication device 27 includes an interface unit 31, a control unit 32, a memory 33, and a communication unit 34.

The interface unit 31 operates as an interface between the bus 28 and the control unit 33. The control unit 32 provides storage of a table of a function operating as an operating means, a memory 32, and performs encoding / decoding of data based on this function table. The communication unit 34 is used to control communication between the server 11 and the client 12 through the network 12.

The control unit 33 operates as a means of updating the function table and updates the function table stored in the memory 32 based on the number of communication or data transfer operations.

The following is a description of memory 32 in detail.

4 is a block diagram of a memory 32. The memory 32 is, for example, a dual-port random access memory and includes a data input port Pin, a data output port Pout and an address port Padr. A memory 32 stores data inputted via the input pin port at the address specified through the Padr address port. During data output, data is read from the address specified through the Padr address port, and then read through the data output port Pout.

The function table is a table configured so that y = f (x), where y is the output data output from the output port Pout of the memory 32, and x is the input data used as the address supplied to the address port Padr of the memory 32.

Figure 5 presents the configuration of the data in the table of functions stored by the memory 32.

Data D1 ÷ Dn is stored in accordance with the addresses A1 ÷ An. In this case, the data D1 stored at address A1 is set as D1 = f (A1). And the data D2 stored at address A2 is like D2 = f (A2). In the same way, the data Dn stored at An is specified as Dn = f (An).

Thus, the data Di of the result of calculations using the required function f is obtained by setting the address Ai corresponding to the input data from the addresses A1 ÷ An. Therefore, the result of the calculations can be obtained at high speed.

The following is a description of the operation of the communication device 27.

Figure 6 presents a block diagram of a sequence of operations performed by the communication device 27 during the start of a communication session.

When requesting a communication session with the client 12 in step S1-1, the function table shown in FIG. 5 is supplied from the CPU 21 to the control unit 33 and stored in the memory 32 in step S1-2. In this case, the number n of communication operations returns to "0". Next, in step S1-3, the control unit 33 transmits a function table to the client 12, to which data should be transmitted.

If, at step S1-4, the transmitted data is transmitted from the bus 28 through the interface 31 to the control unit 33, then at step S1-5, the control unit 33 performs the transfer process. Further, if in step S1-4, received data is received from the client 12, then in step S1-6, a reception process is performed. Steps S1-4 through S1-6 are repeated until a command arrives at the end of communication from the CPU in step S1-7.

The following is a description of the transmission process in the control unit 33 of the communication device 27.

FIG. 7 is a flowchart of a communication device 27 performing a transmission process.

The control unit 33 at step S2-1 supplies the received transmitted data as an address to the address port Padr and provides the output of data corresponding to this address from the memory 32. The output data of the memory 32 corresponds to the result of a certain operation f performed on the transmitted data. In step S2-2, the control unit 33 supplies the output data of the memory 32 to the communication unit 34.

When transmitting data, the control unit 33 in step S2-3 increases the number n of communication operations and updates it to (n + 1), and in step S2-4 returns the address Am to the starting address A0. Then, in step S2-5, the control unit 33 reads the data from the address Am of the memory 32, and in step S2-6, it multiplies the number n of communication operations by the data Dm obtained as a result of reading, and thus generates data: {n × Dm) = Dm1 .

In step S2-7, the control unit 33 stores in the address Am of the memory 32 the data Dm1 — the result of multiplication with the number n of communication operations. In step S2-8, the control unit 33 determines whether the address of the last address Ak of the function table has reached or not. If at step S2-8 the address does not reach the last address Ak, then at step S2-9 the address Am is set in the form of the address Am + 1 and data is read.

As a result of repeating steps S2-5 to S2-9 to the last address Ak, the contents of the function table in memory 32 are updated to {n × f (x)}, where f (x) is the function specified in the first function table. Thus, the following transmitted data is encrypted using the updated function table {n × f (x)}.

If in step S2-8, the address Am reaches the last address Ak, then the process ends.

The following is a description of the reception process performed by the control unit 33.

On Fig presents a block diagram of a sequence of operations performed by the communication device 27 in the process of receiving.

The control unit 33 when receiving the received data Dr from the client 12 through the network 13 in step S3-1 returns the address Am to the starting address AO in the memory 32. Then, in step S3-2, the data Dm is read from the memory address 32.

Then, in step S3-3, it is determined whether the received data Dr and the data Dm match or not. If at step S3-3 the received data Dr and the data Dm do not match, then at step S3-4 it is determined whether the address Am is the last address or not. If at step S3-4 the address Am is the last address Ak, then at step S3-5, the address Am is increased to the next address Am + 1.

However, if in step S3-5, the address Am is the last address Ak, then since the data Dm corresponding to the received data Dr does not exist in this case, the occurrence of a communication error is determined and the process ends.

If in step S3-3, the data Dm obtained by reading from the memory 32 matches the received data Dr, then in step S3-6, the address Am is supplied as decoded data to the interface unit 31. Thus, the received data Dr is decoded.

Then, in step S3-7, the control unit 33 increases the number n of communication operations to (n + 1). Then, in step S3-8, the address Am is set as the start address A0.

In step S3-9, the control unit 33 reads the data Dm from Am of the memory 32. Then, in step S3-10, the control unit 33 multiplies the number n of communication operations and the data Dm obtained by reading from the memory 32, and thus generates data: { (n + 1) × Dm} = Dm1.

In step S3-11, the control unit 33 stores the data Dm1 obtained by multiplying with the number n of communication operations to the address Am in the memory 32. In step S3-12, the control unit 33 determines whether the address Am has reached the last address Ak of the function table or not . If at step S3-12 the address does not reach the last address Ak, then at step S3-13 the address Am is set as the address Am + 1, and the process returns to step S3-9 to read the data.

As a result of repeating steps S3-9 to S3-13 to the last address Ak, the contents of the function table in memory 32 are updated to {n × f (x)}, where f (x) is the function specified in the first function table. Thus, the following received data is encrypted using the updated function table {n × f (x)}.

In addition, if in step S3-12, the address Am becomes the last address Ak, since it can be determined that the function table stored in the memory 32 has been updated, the process ends.

The client 12 provides data transmission in accordance with the request for a communication session made by the server 11, and has approximately the same configuration as the server 11, but performs operations other than the operations performed by the server during the beginning of the communication session. Therefore, the following is a description of the operations of client 12 during the start of a communication session.

Figure 9 presents a block diagram of a sequence of operations performed by the first embodiment of the communication device 27 during the start of a communication session.

The same processing units are indicated in this figure by the same reference numbers as in FIG. 6, and a repeated description of these units is omitted.

When, in step S4-1, client 12 has a request for a communication session from server 11, in step S4-2, the memory 32 of communication device 27 stores a function table provided by server 11. Thus, server 11 and client 12 have a common function table.

As a result of the transmission process shown in FIG. 7 and the reception process shown in FIG. 8, the same internal update of the function table is provided in the server 11 and the client 12, and encoding / decoding or encryption / decryption is performed. Therefore, the function table used for encoding / decoding or encryption / decryption is transmitted only at the start of a communication session, and subsequently, the function table is updated for each communication operation. Therefore, high communication secrecy is achieved.

The function table is updated by performing the operation of multiplying the function f (x) and the number n of operations used as a coefficient, however, it is also possible to use the function of transmitted data and multiplying the function f (x) and the transmitted data.

The following is a description of the transfer process when updating the function table based on the transmitted data.

10 is a flowchart of a first embodiment of a communication device 27 during transmission.

The same processing units are indicated in this figure by the same reference numbers as in FIG. 7, and a repeated description of these units is omitted.

In this embodiment, step S2-3 of the transmission process shown in FIG. 7 is deleted, and step S2-6 is replaced by step S5-1. In step S5-1, the data Dout obtained by reading from the memory 32 in step S2-2 is multiplied and the data Dm output in step S2-5, and thus, data Dm1 is created.

The following is a description of the reception process when updating the function table based on the transmitted data.

Figure 11 presents a block diagram of a sequence of operations performed by the first embodiment of the communication device 27 in the receiving process.

Identical processing units are indicated in this figure by the same reference numerals as in FIG. 8, and a repeated description of these units is omitted.

In this embodiment, step S3-7, the reception process shown in Fig. 8 is deleted, and step S3-10 is replaced by step S6-1. In step S6-1, the received data Dr and the data Dm obtained as a result of reading in step S3-9 are multiplied, and thus, data Dm1 is created.

Server 11 and client 12 can thus use a common function table. In addition, in this case, the function table is updated with data transmitted and received for each data transmission and reception operation. Therefore, secrecy may increase.

It should also be noted that in the present embodiment and its variant, the function table is updated by multiplying the function table and the number of communication operations or transmitted data used as a coefficient, however, it is also possible to add the number of communication operations or transmitted data. In addition, it is also possible to use the number of communication operations or transmitted data as a coefficient of a part of the function.

In addition, in the present embodiment, the function table is updated by performing calculations on the function table data, however, it is also possible to compose a plurality of function tables for both server 11 and client 12 and select a common function table from the plurality of function tables according to the number of communication operations or transmitted data and, therefore, the execution, thus, encryption and decryption.

12 is a block diagram of a second embodiment of a communications device 27. The same blocks are indicated in this figure by the same reference numbers as in FIG. 3, and a repeated description of these blocks is omitted.

In addition to the memory interface unit 31, the control unit 33, and the communication unit 34, the communication device 27 also includes a memory unit 35 that stores a plurality of function tables. In the block 35 of the memory pre-stored many, for example k, tables of the function. These k function tables are assigned identification numbers from 1 to k. The contents and identifying numbers of these k function tables stored in the memory unit 35 are the same between the server 11 and the client 12.

The following is a description of the processing process performed in the control unit 33 during the start of a communication session.

On Fig presents a block diagram of a sequence of operations performed by the second embodiment of the communication device 27 during the start of a communication session. Identical blocks are indicated in this figure by the same reference numbers as in FIG. 6, and a repeated description of these blocks is omitted.

The processing during the start of a communication session in this embodiment of the device is such that instead of steps S1-2 and S1-3, step S7-1 is performed. At step S7-1, the initial function table is read from block 35 and the function table is stored in the memory 32.

The following is a description of the transmission process in the control unit 33.

On Fig presents a block diagram of a sequence of operations performed by the second embodiment of the device 27 of the communication during transmission.

Identical blocks are indicated in this figure by the same reference numbers as in FIG. 7, and a repeated description of these blocks is omitted.

The transmission process in this embodiment of the device is such that instead of steps S2-4 ÷ S2-9, step S8-1 is performed. In step S8-1, a function table of the identification number n corresponding to the number n of communication operations updated in step S2-3 is read from the memory unit 35, and this table is stored in the memory 32. When the number n of communication sessions reaches the number k of function tables, the function table identification number "1" is again read from the memory unit 35 and stored in the memory 32. Thus, the function tables k are cyclically updated in accordance with the number n of communication operations. The transmitted data is then encoded using the thus updated function table.

The following is a description of the admission process.

On Fig presents a block diagram of a sequence of operations performed by the second embodiment of the device 27 of the communication during the reception.

The same blocks are indicated in this figure by the same reference numbers as in FIG. 8, and a repeated description of these blocks is omitted.

The control unit 33 reads from the memory unit 35 the function table of the identifying number n, which is the function table corresponding to the number n of communication operations updated in step S3-7, and stores this table in the memory 32. When the number n of communication operations reaches the number k of function tables , the identifying number function table “1” is read out again from the memory unit 35, as during the transmission, and is stored in the memory 32. Thus, in accordance with the number n of communication operations, k function tables are stored cyclically in the memory 32. Then, with Further transmitted / received data is decoded using the thus updated function table.

Thus, in accordance with the present embodiment, since the function table itself is not transmitted between the server 11 and the client 12, secrecy can be increased. In addition, in the above example, the function table is selected in accordance with the number of communication operations, however, it is also possible to select the function table in accordance with the transmitted data.

First, a description is given of the transmission process in the case of selective updating of the function table in accordance with the transmitted data.

On Fig presents a block diagram of a sequence of operations performed by the third embodiment of the device 27 of the communication during transmission.

Identical blocks are denoted in this figure by the same reference numerals as in FIG. 14, and a repeated description of these blocks is omitted.

The transmission process in this embodiment of the device is such that instead of steps S2-3 and S8-1 shown in FIG. 14, step S10-1 is performed. In step S10-1, the function table corresponding to the data transmitted to the destination is read from the memory unit 35, and this table is stored in the memory 32. When the function table is selected from the data, the selection can be made using the bit of the transmitted data of both the high order and junior level.

Thus, at each data transfer, the function table used for the next transmission is updated. Therefore, data privacy may increase.

The following is a description of the admission process.

On Fig presents a block diagram of a sequence of operations performed by the third embodiment of the device 27 of the communication during the reception. Identical blocks are indicated in this figure by the same reference numerals as in FIG. 15, and a repeated description of these blocks is omitted.

The receiving process in this embodiment of the device is such that instead of steps S3-7 and S9-1 shown in FIG. 15, step S11-1 is performed. In step S11-1, as in the transmission, a function table corresponding to the data received from the communication partner is read from the memory unit 35, and this function is stored in the memory 32.

As a result of the processing described above, after decoding the data, it is possible to obtain the same function table as the function table updated during data transmission from the communication partner, and therefore the same function table can be shared with the communication partner.

In addition, in the example described above, the coefficient of the function table is used or the selection of this coefficient is carried out in accordance with the number of data exchange or transmitted data operations, however, it is also possible to update the function table in a combined way. That is, a combination of many updating methods and the use of different methods for updating the function table for each communication operation are possible. For example, for each communication operation, it is possible to cyclically update the function table using the number of data transfer operations as a coefficient, select one function table from many function tables in accordance with the number of data exchange operations, update the function table using the functions transmitted as a coefficient, and select one function tables from a plurality of function tables in accordance with the transmitted data.

In addition, in the example described above, the encoded data is transmitted using a function table stored in the memory 32, however, it is also possible to combine updating methods using a plurality of updating means for a data unit. That is, after an additional update or selection of a function table using encoded data, the data is transmitted to the partner through a communication session. On the receiving side, the function table is updated using data decoded from the data transmitted from the communication partner, and then additional decoding of this data is carried out, which allows obtaining the initial data.

The present embodiment described above corresponds to the case of data exchange between the server 11 and the client 12, however, another application of the invention is possible. For example, in the case of data exchange between the input device and the main device during authentication or the like.

On Fig presents an example application of the present invention.

The unlocking system 100 is described.

The unlocking system 100 in this application example is configured to include a control device 101, an integrated circuit board (IC) 102, an IC card reader 103 and an electric lock 104. The control device 101 corresponding to the server 11 in the present embodiment , manages the electric lock 104 and unlocks it after successful authentication using the identifier and password. In addition, the integrated circuit board 102, corresponding to the client 12 in the embodiment, is used to store the identifier and password, and also as a key to unlock the electric lock 104. The integrated circuit board 102 is inserted into the IC card reader 103 and exchanges data with the control device 101.

If the integrated circuit board 102 is inserted into the IC card reader 103, as in the above embodiment, then a function table common between the control device 101 and the integrated circuit board 102 is set. An integrated circuit board 102 thus installed encrypts the identifier using a function table and transfers it to the control device 101. When the identifier is transmitted to the control device 101 from the integrated circuit board 102, the function table is updated without data exchange between the control device 101 and the integrated circuit board 102.

The integrated circuit board 102 encrypts the password using the thus updated function table and transfers it to the control device 101.

The control device 101 performs authentication based on the identifier and password, which are provided from the integrated circuit board 102. The control device 101 unlocks the electric lock 104 in case of successful authentication.

Thus, the identifier and password are encrypted using various function tables and transmitted to the control device 101. Therefore, the secrecy of the identifier and password may increase.

In addition, it is also possible, before transmitting the password identifier, to encrypt them using the function table, which has been updated several times. Therefore, the secrecy of the identifier and password can increase even further.

In addition, in the above example, the function table is used as a computing tool, however, it is also possible to carry out encryption and decryption using a conventional computing program.

Further, the function is updated based on the number of communication operations or transmitted data, however, this is not a limitation of the invention, and in the present example, it is possible to update the function using external information shared between the device on the transmit side and the device on the receive side. External shared information is public information such as, for example, time information, weather information, or TV broadcast information. In addition, it is possible to update this information using time information inside the communication device or the like.

In addition, you can update the function using a combination of external information shared between the device on the transmission side and the device on the receiving side, the number of communication operations and the transmitted data.

For example, the function can be y1 = f1 (x1, x2, x3), where the variable x1 is the number of communication operations, x2 is the transmitted data, and x3 is external real-time information such as weather information, TV broadcast information, or t .P.

In addition, a function such as y2 = f2 (x1, x2, x3, x4) can also be used, where x4 time information is added to the above variables x1 ÷ x3. It is possible to use functions like function y3 = f3 (y1, y2, x6).

In addition, it is also possible to alternately use the functions y1 ÷ y3 based on external information, etc.

Second Embodiment

19 is a block diagram of a second embodiment of the present invention.

The communication system 200 in the present embodiment includes a transmitter 201 and a receiver. The transmitter 201 includes a common element obtaining unit 211, a key generation unit 212, an encryption table selection / generation unit 213, and an encryption unit 214. The common element obtaining unit 211 obtains an element that is common with the receiver 202 from weather information, time information, a random number received from a pseudo random number generator that generates a random number that is common between the transmission and reception sides, or the like.

The common element obtained by the common element obtaining unit 211 is supplied to the key generating unit 212. A key generation unit 212 generates a key by performing various calculations such as multiplying by a coefficient, adding a constant, or the like. above the common element supplied from the block 211 to obtain a common element, or generates a key by selecting a function from a predefined set of functions in accordance with the common element and replacing the common element with another. The key generated in this way by the key generation unit 212 is supplied to the table selection / generation unit 213.

The table selection / generation unit 213 selects a table for encrypting data based on a key supplied from the key generation unit 212, and generates a new table.

On Fig presents the configuration of block 213 selection / generation of the table.

The table selection / generation unit 213 includes an initial value setting unit 221, an operation unit 222, a search table 223-1 to 223-n, and a table selection unit 224. At the beginning of a communication session, etc. the initial value setting unit 221 places an initial table in the search table 223-1.

While the initial table is placed using the initial value setting unit 221 at the time of starting, the processing is performed by the operation unit 222, and thus, the newly created table is placed in the search table 223-1. The previous search table 223-1 is moved to the search table 223-2. Similarly, the previous search table is sequentially moved, and thus, the previous search table 223- (n-1) is moved to the search table 223-n.

Tables placed in search tables 223-1 to 223-n are supplied to operation unit 222 and table selection unit 224.

While tables are supplied from the operation tables 223-1 to 223-n to the operation unit 222, the key is supplied from the key generation unit 212 to the operation unit 222. The operation unit 222 generates a new table by, for example, summing the corresponding matrices of the set of tables from the search tables 223-1 to 223-n and then multiplying the table and key thus obtained.

The operation of the operation unit 222 is not limited to these calculations, and it is also possible to set the nonlinear transition function. The table can be expanded in a chaotic manner by setting the nonlinear transition function. Therefore, even if it is possible to obtain a table, the randomness of its growth does not allow decoding of the code using the thus obtained table, and easy decoding of the code is not possible.

The newly created table obtained as a result of calculations in the operation unit 222 is placed in the search table 223-1 as an encryption key. In this case, the table located in the search table 223-1 is moved to the search table 223-2, and the search table 223-2 is moved to the search table 223-3. Similarly, the next search table is sequentially moved, and the table from the search table 223- (n-1) is moved to the search table 223-n. And the table located in the search table 223-n is discarded.

The n tables placed in the search tables 223-1 ÷ 223-n are supplied to the table selection / generation unit 224, into which the key is also supplied from the key generation unit 212. The table selection / generation unit 224 selects any one table from these n tables located in the search tables 223-1 to 223-n, in accordance with the key supplied from the key generation unit 212. The table thus selected by the table selection / generation unit 224 is supplied to the encryption unit 214 as an encryption key.

In block 214 encryption serves the selected table from block 224 selection / generation of the table, as well as the transmitted data. The encryption unit 214 encrypts the transmitted data based on the selected table supplied from the table selection / generation unit 213.

Encryption is carried out, for example, by performing matrix operations between the selected table and the data, simply adding, multiplying or obtaining data at the position corresponding to the data from the selected table. The encryption method is not limited to this, and various conventional encryption methods are possible.

The following is a description of the receiver.

The receiver includes a common element obtaining unit 231, a key generation unit 232, a table selection / generation unit 233 and a decryption unit 234. The common element receiving unit 231 performs the same operations as the common element receiving unit 211 in the transmitter 201 and receives an element that is common with the common element receiving unit 211. The key generation unit 232 performs the same operations as the key generation unit 212 of the transmitter 201, and receives the same key as the transmitter 201.

The table selection / generation unit 233 has the same configuration as the table selection / generation unit 213, performs the same operations and, thus, generates and selects the same tables as in the transmitter 201. The decryption unit 234 decrypts the original data based on a table thus selected in block 213 of the selection / generation of the table.

According to the present embodiment, since the table changes one after the other with each data transfer operation or over time, it is not possible to easily decode the code. In addition, since the table is calculated one after another and generated on the basis of the initial table, even in the case of opening an intermediate table, it is not possible to obtain the next table. That is, the table cannot be obtained without disclosing the initial table used at the time the communication session began, and the method for calculating it. Moreover, since the selection of the table and changing the method of calculating the table is carried out using the key, even in the case of the opening of the initial table and the method of calculation, decoding the code before receiving the key is not possible. Further, since the key uses a common element such as weather or time, it is not possible to decode the code until the common element is revealed.

In addition, the table can be expanded in a chaotic manner by performing a non-linear transition of the table. Therefore, even in the case of obtaining a table and the possibility of partial decoding of the code, the code will be decoded using the table, changing at the next moment in time. Therefore, decrypting the code becomes extremely difficult.

Further, in the present embodiment, the key is obtained using blocks 211 and 231 for obtaining a common element, however, this is not a limitation of the invention, and the process of decrypting the code can be made more difficult by including the key in the table or self-generating the key from the table.

On Fig presents a diagram of operations in a variant of the method of generating the key.

As shown in Fig. 21, during pre-installation, the symbol "A" must be used as the key, which is the mth symbol of the i-th table 223-i from the search tables 223-1 ÷ 223-n and, using this symbol "A "as a key, you can select a table or this symbol can also be used as a coefficient to generate the next table.

In addition, the table and the symbol number are determined based on weather information or time information, and the symbol is extracted using the thus determined table in accordance with the thus determined symbol number as the key. Then, the key thus obtained can be used to select a coefficient or function for the next table generation or the like. In addition, the embodiment describes mainly updating the function, however this is not a limitation of the invention (the invention is not limited to the function), and instead of the function, a protocol change is also possible. Moreover, it is possible to use a combination of function and protocol transformations. Since using a combination of function and protocol transformations, the generation process for a self-generated key becomes more difficult, decoding the code becomes even more difficult.

In addition, in the present embodiment, a plurality of the same tables are present on both the receiving side and the transmission side. Therefore, providing communication by adding information about the choice of the table to the transmitted data allows you to select the same table between the parties of transmission and reception and perform encryption and decryption using this table. Thus, asynchronous encryption and decryption becomes possible.

Third Embodiment

FIG. 22 shows a system configuration in a third embodiment of the present invention.

The system considered in the present embodiment is an information processing system. The information processing system 301 in the present embodiment is made in the form of a conventional personal computer, and therefore includes a CPU (central processor) 311, random access memory (random access memory) 312, ROM (read-only memory) 313, HDD (storage on hard magnetic disks) 314, CD-ROM drive 315 (CD-ROM) 315, input device 316, display 317, communication device 318 and encryption device 319.

The CPU 311 interacts with the encryption device 319 and performs encryption using the encryption program installed in the HDD 314. The RAM 312 is used as the working area of the CPU 311. The ROM 313 stores BSVV (basic input / output system) and various installation information, and data processing with it is carried out at the start of the information processing system 301.

The hard disk 314 stores a program for encryption, which is used by the encryption device 319 to perform encryption, raw data, encrypted data, decoded data, a table for encryption, etc. A CD-ROM is inserted in the CD-ROM drive 315 and a program recorded on the CD-ROM is read D. The encryption program is supplied, for example, using the CD-ROM D, and then is installed in the HDD 314 from the drive 315 on the CD-ROM and is used. It is also possible to supply a program for encryption from the network via the communication device 318.

The input device 316 includes a keyboard, mouse, etc. and used to run the encryption program or select the source data to be encrypted. The display 317 includes a CRT (cathode ray tube), LCD (liquid crystal device), or the like. and displays information such as source data, decoded data, or encryption progress.

The communication device 318 includes a modem, a terminal adapter, a router, etc. and is a device for communicating with another information processing device through a network.

The encryption device 319 is a card for encrypting the original data supplied by the encryption program, or decoding the encrypted data supplied by the encryption program.

On Fig presents a block diagram of an encryption device 319.

The encryption device 319 is a board with the ability to connect to a PCI bus (interconnection of peripheral components) and includes a common element obtaining unit 321, a key generation unit 322, a table selection / generation unit 323 for encryption, a memory unit 324 for encryption tables, a unit 325 encryption and block 326 decryption.

The common element obtaining unit 321 obtains a common element that is common between the parties of transmission and reception from weather information, time information, or a random number received from a pseudo random number generator that generates a random number that is common with the communication partner.

The common element obtained by the common element obtaining unit 321 is supplied to the key generating unit 322. The key generation unit 322 generates a key from a common item obtained by the common item receiving unit 321. The key is generated by performing various operations on a common element supplied by block 321 for obtaining a common element, such as multiplication with a coefficient, summing with a constant, or the like. In addition, the key is generated by selecting a function from the set of previously defined functions in accordance with a common element and replacing another common element.

The key generated by the key generation unit 322 is supplied to the table selection / generation unit 323. Based on the key supplied from the key generation unit 322, the table selection / generation unit 323 selects a table for encryption and thus generates a new table.

On Fig presents the configuration of block 323 selection / generation of the table. The table selection / generation unit 323 includes an initial value setting unit 331, an operation unit 332, a search table 333-1 to 333-n, and a table selection unit 334. At the beginning of a communication session, etc. the initial value setting unit 331 places the initial table in the search table 333-1.

While the initial table is placed using the initial value setting unit 331 at the start-up moment, processing is performed by the operation unit 332, and thus, the newly created table is placed in the search table 333-1.

The previous lookup table 333-1 is moved to lookup table 333-2. Similarly, the previous search table is sequentially moved, and thus the previous search table 333- (n-1) is moved to the search table 333-n.

The tables located in the search tables 333-1 ÷ 333-n are supplied to the operation unit 332 and the table selection unit 334. While tables are supplied from the search tables 333-1 to 333-n to the operation unit 332, a key is supplied from the key generation unit 322 to the operation unit 332. The operation unit 332 generates a new table by, for example, summing the corresponding matrixes of the plurality of tables from the search tables 333-1 to 333-n and then multiplying the resulting table and key. The operation of operation block 332 is not limited to these calculations, and it is possible to use, for example, a non-linear transition function. The table can be expanded in a chaotic manner by setting the nonlinear transition function. Therefore, even in the case of obtaining a table, the randomness of its growth does not allow the decoding of the code using the resulting table and easy decoding of the code is not possible.

The resulting newly created table resulting from the calculations in the operation unit 332 is placed in the search table 333-1. In this case, the table located in the search table 333-1 is moved to the search table 333-2, and the search table 333-2 is moved to the search table 333-3. Similarly, the next search table is sequentially moved, and the table from the search table 333- (n-1) is moved to the search table 333-n. And the table located in the search table 333-n is discarded.

Located in tables 333-1 ÷ 333-n of the search for n tables, they are supplied to the table selection unit 334, into which the key is also supplied from the key generation unit 322. The table selection unit 334 selects any one table from these n tables located in the search tables 333-1 to 333-n, in accordance with the key supplied from the key generation unit 322.

On Fig presents a diagram of the operations in block 323 selection / generation of the table. As shown in Fig. 25, during pre-installation, the symbol "A" must be used as the key, which is the mth symbol of the i-th table 333-i from the search tables 333-1 ÷ 333-n and using this symbol "A" "as a key, you can select a table or this symbol can also be used as a coefficient to generate the next table.

In addition, the table and the symbol number can be determined based on weather information or time information, a symbol with a thus determined number in the thus determined table can thus be extracted as a key and used to select a table or function to generate the table.

The table selected by the table selection unit 334 is first supplied to the table memory 324 and stored in this block, and then fed to the encryption unit 325. The memory block 324 for tables can be located in the HDD 314 and this block can be controlled using an encryption program.

The selected table is supplied from the table selection / generation unit 323 to the encryption unit 325, into which the transmitted data is also fed. The encryption unit 325 encrypts the source data based on the table selected by the table selection unit 334 and stored in the table memory 324.

Encryption is carried out, for example, by performing matrix operations between the selected table for encryption and data, simply adding or multiplying or obtaining data from the table for encryption at the position corresponding to this data. The encryption method is not limited to this, and various conventional encryption methods are possible.

The data encrypted in the encryption unit 325 is read from the encryption device 319 using an encryption program and stored in the HDD 314 as an intermediate file. Identification information about the table is added to the intermediate file stored in the HDD 314 to identify the table used for encryption. During decryption, the intermediate file to be decoded is read from the HDD 314 using an encryption program and supplied to the encryption device 319. Based on the identifying information about the table in the table memory 324 as part of the encryption device 319, a table is searched for the encryption used during encryption, the found table is read from the table memory 324 and fed to the decryption unit 326.

Decryption unit 326 decodes the data using an encryption table supplied from table memory 324. The decoding method consists, for example, in performing calculations that allow you to replace the table for encryption with the inverse coefficients of the function used in encryption, and thus decode the original data.

Data decoded in decryption unit 326 is read from the encryption device 319 using an encryption program and stored in the HDD 314. Or, it is stored in the RAM 312 and used to process the CPU 311.

As indicated above in accordance with the present embodiment, the data can be encrypted and stored in the HDD 314 as an intermediate file. As a result of the fact that important data is encrypted and stored in the HDD 314, their easy decoding is not possible even in case of theft. Therefore, data privacy may increase.

According to the present embodiment, since the table changes one after the other with each data transfer operation or over time, it is not possible to easily decode the code. In addition, since the table is calculated one after another and generated on the basis of the initial table, even in the case of opening an intermediate table, it is not possible to obtain the next table. That is, the table cannot be obtained without disclosing the initial table used at the time the communication session began, and the method for calculating it. Moreover, since the selection of the table and changing the method of calculating the table is carried out using the key, even in the case of the opening of the initial table and the method of calculation, decoding the code before receiving the key is not possible. Further, since the key uses a common element such as weather or time, it is not possible to decode the code until the common element is revealed.

In addition, the table can be expanded in a chaotic manner by performing a non-linear transition of the table. Therefore, even in the case of obtaining a table and the possibility of partial decoding of the code, the code will be decoded using the table, changing at the next moment in time. Therefore, decrypting the code becomes extremely difficult.

Further, in the present embodiment, the key is obtained using blocks 321 for obtaining a common element, however, this is not a limitation of the invention, and it is possible to make the process of decrypting the code more difficult by including the key in the table or self-generation of the key from the table.

According to the present embodiment, the source data may be encrypted and then stored. In addition, encrypted and stored data can be transmitted using various types of communication devices 318.

On Fig presents the configuration of the system in an example application of the system 301 information processing.

The system 401 in this application example is configured so that communication between the server 411 and the client 412 is provided through the network 413. The server 411 and the client 412 are configured so that each has the same configuration as the information processing system 301 shown in FIG. 22 ÷ 24, and the initial value, the common element, the key generation method, the calculation method, etc. they have in common.

Server 411 encrypts the original data to be transmitted to client 412 using the above encryption device 319 and stores it as an intermediate file in HDD 314. Then, the intermediate file stored in HDD 314 is transmitted using communication device 318 to client 412 via network 413.

On client side 412, communications device 318 receives encrypted data from server 411 and stores them in HDD 314 as an intermediate file. The encrypted data stored in the HDD 314 as an intermediate file is decoded by the encryption device 319 into the original data and used by the client 412.

According to this application example, the data encrypted by the encryption device 319 is stored as an intermediate file in the HDD 314 and transmitted over the existing LAN 413 type network using the existing communication device 318. Therefore, the use of encryption will not cause difficulties.

In addition, in accordance with the present embodiment, since the lookup table is dynamically changed, decrypting the code becomes difficult even when the key or lookup table is received temporarily. Therefore, data privacy may increase.

In addition, in accordance with the present embodiment, since the information at a certain position in the table is used as a key, the key cannot be obtained without receiving the table.

Therefore, decrypting the code becomes difficult, and therefore, secrecy can be enhanced.

Fourth Embodiment

FIG. 27 illustrates a system configuration in a fourth embodiment of the present invention. To simplify the explanation of the present embodiment, a description is given of a system in which two information processing devices are used for relay communication, and data is exchanged between the information processing device from the sender of the transmitted data and the information processing device from the receiver of the transmitted data.

Considered in the present exemplary embodiment, the communication system 500 includes information processing apparatus 511 ÷ 514. The information processing devices 512 ÷ 514 are interconnected via a network 515. The information processing device 511 and the information processing device 512 provide data relay between the information processing devices 513, 514 and exchange encrypted data with each other.

On Fig presents a block diagram of a device for processing information 511.

The information processing device 511 is made in the form of a personal computer system and includes an input device 521, a processing unit 522 and a display 523. The input device 521 includes a keyboard and a mouse and provides input of commands or data to the processing unit 522. A display 523 displays the results of the processing performed by the processing unit 522.

The processing unit 522 includes a CPU 531, a controller 532, a memory 533, a graphics controller 534, a bus 535, a controller 536, a hard disk drive 537, a removable disk drive 538, an encryption device 539 and a communication device 540.

CPU 531 performs processing in accordance with the program. The controller 532 provides data exchange between the CPU 531, the memory 533, the graphics controller 534 and the bus 535. The memory 533 is used as the working area of the memory of the CPU 531. The graphics controller 534 processes the data processed by the CPU 531, converts them into displayed data and provides this data to display 523. Display 523 reproduces the page in accordance with the displayed data from the graphics controller 534.

The 535 bus is a PCI-based bus (Interconnect Peripheral Components). A controller 536, an encryption / decryption device 539, and a communication device 540 are connected to the bus 535.

To the controller 536, in addition to the bus 535, an input device 521, a hard disk drive 537 and a removable disk drive 538 are connected. The controller 536 controls the input device 521, the hard disk drive 537, the removable disk drive 538 and the bus 535 and provides data exchange.

A 537 hard disk drive stores program and data. The removable disk drive 538 is, for example, a CD-ROM drive (ROM on CD-ROM) and controls a CD-ROM drive on which the program and data are stored.

The encryption / decryption device 539 539 is a card connected to the bus 535 and encrypts data or decrypts the encrypted data. Data encrypted by the encryption / decryption device 539 is supplied to the communication device 540. Communication device 540 is a device for providing data exchange with information processing device 513 via network 514.

The following is a detailed description of the encryption / decryption device 539.

On Fig presents a block diagram of a device 539 encryption / decryption.

The encryption / decryption device 539 is a PCI card used when connected to the bus 535 and configured to have an encryption / decryption chip C and a connector 541 mounted on the printed circuit board B. Slot 541 is connected to the 535 PCI bus. Connector 541 is also connected to chip C for encryption / decryption on printed circuit board B.

The encryption / decryption chip C includes a decryption interface circuit 542, a bus 543, a memory 544, and a microcomputer 545. An interface circuit 542 is connected to the connector 541. An interface circuit 542 is installed between the connector 541 and the internal bus 543 and acts as an interface between bus 535 PCI and bus 543. Memory 544 and microcomputer 545 are connected to bus 543. The memory 544 stores the results of certain calculations performed on the input data, for which the input data is used as addresses.

On Fig presents the configuration of the data in the memory 544.

In the memory 544, as the data Di for the address Ai (where i denotes an integer in the range 1 ÷ n), the result f (Ai) of the calculations with the address Ai as the input data x is stored. Microcomputer 545 obtains the result of f (x) calculations by performing calculations on data x using a specific function f as a result of reading data from memory 544, for which data from the PCI bus 535 is used. This calculation result f (x) is output as the result of data encryption x.

Microcomputer 545 sets the data of memory 544 as an initial function, i.e. function f, based on common information that is publicly available both on the transmission side and on the receiving side, and then dynamically changes it based on the number of communication operations or transmitted data. For example, the function f changes. Or, the coefficient corresponding to the number of communication operations and the function f are multiplied. The update of the function f is not necessarily limited by the number of communication operations or transmitted data, and it is possible to carry out an update based on general information that can be obtained as common among information processing devices 511-514, for example, based on weather information or the like.

Therefore, encryption / decryption can be performed without exchanging key information for encryption, etc. between the parties of transmission and reception. Thus, encryption / decryption can be performed using key information that is self-generated both on the transmission side and on the receiving side, i.e. using a self-generated key. Consequently, data privacy may increase.

During processing for encryption, the encryption / decryption device 539 searches for memory 544 using the input as an address. Then the data is read from the address corresponding to the input data of the memory 544.

The data obtained as a result of reading is output as encrypted data. In addition, in the decryption process, data stored in the memory 544 is first searched for using input data. Then get the address in memory 544, which contains the corresponding data. The received address is output as decoded data. Thus, since the encryption / decryption device 539 can only encrypt by reading data from the memory 544, encryption can be performed at high speed. In addition, since decoding is performed only by obtaining an address in which data corresponding to the input data is stored from the memory 544, decoding can be performed at high speed.

Further, since the information processing device 512 has the same configuration as the information processing device 511, a repeated description of this device is omitted.

The following is a description of information processing devices 513, 514.

On Fig presents a block diagram of a device 513 information processing. Identical blocks are indicated in this figure by the same reference numerals as in FIG. 28, and a repeated description of these blocks is omitted.

The information processing device 513 differs from that shown in FIG. 28 in the configuration of the processing unit 551. In block 551 of the processing device 513 information processing device 539 encryption / decryption is replaced by two devices 561, 562 encryption / decryption. In addition, the encryption / decryption devices 561, 562 are configured so that each has the same configuration as the encryption / decryption device 539. Therefore, a description of encryption / decryption devices 561, 562 is omitted.

The encryption / decryption device 561, as part of the information processing device 513, decodes the encrypted data supplied from the information processing device 511 and provides it to the encryption / decryption device 562 562. The encryption / decryption device 561 encrypts the data decoded by the encryption / decryption device 562 562, and supplies this data to information processing device 511.

Therefore, the same data as the data stored by the memory 544 of the encryption / decryption device 539 as part of the information processing device 511 is stored by the memory 544 of the encryption / decryption device 561. In addition, when the memory 544 of the encryption / decryption device 539 in the information processing device 511 is updated in accordance with the number of communication operations or transmitted data, the data in the memory 544 of the encryption / decryption device 561 is updated in the same manner.

Data decoded by the encryption / decryption device 561 is supplied to the encryption / decryption device 562. The encryption / decryption device 562 encrypts the data from the encryption / decryption device 561 and provides this data to the communication device 540.

In addition, the encrypted data from the information processing device 514 is supplied to the encryption / decryption device 562 562. The encryption / decryption device 562 decodes the encrypted data from the information processing device 514 and supplies this data to the encryption / decryption device 561.

Thus, the same data as the data stored by the memory 544 of the encryption / decryption device 561 as part of the information processing device 514 is stored by the memory 544 of the encryption / decryption device 562. In addition, when the memory 544 of the encryption / decryption device 561 in the information processing device 514 is updated in accordance with the number of communication operations or transmitted data, the data in the memory 544 of the encryption / decryption device 561 is updated in the same manner.

Since the information processing device 514 has the same configuration as the above information processing device 513, a re-description thereof is omitted.

The encryption / decryption device 561 as part of the information processing device 514 decodes the encrypted data supplied from the information processing device 513, and supplies this data to the encryption / decryption device 562. In addition, the encryption / decryption device 561 encrypts the data decoded by the encryption / decryption device 562 and supplies this data to the information processing device 512.

Thus, the same data as the data stored by the memory 544 of the encryption / decryption device 562 as part of the information processing device 513 is stored by the memory 544 of the encryption / decryption device 561. Furthermore, when the memory 544 of the encryption / decryption device 562 in the information processing device 513 is updated in accordance with the number of communication operations or transmitted data, the data in the memory 544 of the encryption / decryption device 561 is updated in the same manner.

Data decoded by the encryption / decryption device 561 is supplied to the encryption / decryption device 562. The encryption / decryption device 562 encrypts the data from the encryption / decryption device 561 and provides this data to the communication device 540.

In addition, the encrypted data from the information processing device 512 is supplied to the encryption / decryption device 562. The encryption / decryption device 562 decodes the encrypted data from the information processing device 512 and supplies this data to the encryption / decryption device 561.

Thus, the same data as the data stored by the memory 544 of the encryption / decryption device 539 as part of the information processing device 512 is stored by the memory 544 of the encryption / decryption device 562. In addition, when the memory 544 of the encryption / decryption device 539 in the information processing device 512 is updated in accordance with the number of communication operations or transmitted data, the data in the memory 544 of the encryption / decryption device 562 is updated in the same manner.

Thus, in accordance with the present embodiment, when establishing communication between the information processing devices 511, 512, relay information processing devices 513, 514 are used to provide relaying, and moreover, as a result of different encryption for each of the information processing devices 511 ÷ 514, different encryption for each communication path, easy decoding of encrypted data is not possible, and therefore, the secrecy of communication may increase.

Further, in the present embodiment, two relay information processing devices 513, 514 were used to perform the relay function during the communication session between the information processing device 511 and the information processing device 512, however, three or more relay information processing devices can be used to perform the relay function. Therefore, decryption of the code becomes more difficult.

In addition, in the present embodiment, a 1: 1 communication system has been considered, however, it is also possible to use a 1: N communication system.

Fifth Embodiment

FIG. 32 illustrates a system configuration in a fifth embodiment of the present invention.

Identical blocks are indicated in this figure by the same reference numerals as in FIG. 27, and a repeated description of these blocks is omitted. In addition, in order to simplify the description of the embodiment, a 1: 3 communication system is considered as an example.

The system considered in the present embodiment is a communication system. The communication system 600 in the present embodiment, the relay information processing device 611 of which communicates with the information processing devices 621 ÷ 623, provides encrypted data exchange between the information processing device 511 and the information processing devices 621 ÷ 623 in a 1: 3 ratio. Each of the information processing devices 621 to 623 has the same configuration as the information processing device 511 shown in FIG. 29. Therefore, the description of information processing devices 621 ÷ 623 is omitted.

On Fig presents a block diagram of a device 611 information processing. Identical blocks are denoted in this figure by the same reference numerals as in FIG. 31, and a repeated description of these blocks is omitted.

The information processing device 611 in the present embodiment is different from that shown in FIG. 31 by the configuration of the processing unit 631.

Instead of encryption / decryption devices 561, 562, encryption / decryption devices 641 ÷ 644 are used in the information processing device 611. The encryption / decryption device 641 641 exchanges encrypted data with the relay information processing device 513. The encryption / decryption device 642 642 exchanges encrypted data with the information processing device 621. The encryption / decryption device 643 enables the exchange of encrypted data with the information processing device 622. The encryption / decryption device 644 enables the exchange of encrypted data with the information processing device 623. Since each of the encryption / decryption devices 641 to 644 has the same configuration as the encryption / decryption device 539 shown in FIG. 31, a description of these devices is omitted.

The information processing device 611 decodes the encrypted data coming from the information processing device 511 using the encryption / decryption device 641. Data decoded by the encryption / decryption device 641 may be distributed to any of the encryption / decryption devices 642 to 644 in accordance with their address. The encryption / decryption device 642 encrypts the data coming from the encryption / decryption device 641 using the first encryption key. Data encrypted by the encryption / decryption device 642 is transmitted by the communication device 540 to the information processing device 621.

The encryption / decryption device 643 encrypts the data coming from the encryption / decryption device 641 using a second encryption key. Data encrypted by the encryption / decryption device 643 is transmitted by the communication device 540 to the information processing device 622.

The encryption / decryption device 644 encrypts the data coming from the encryption / decryption device 641 using a third encryption key. Data encrypted by the encryption / decryption device 644 is transmitted by the communication device 540 to the information processing device 623.

The encryption / decryption device 539 539 as part of the information processing device 621 has a first encryption key shared with the encryption / decryption device 642 642 as part of the information processing device 611. Moreover, this first encryption key is updated using communication operations or transmitted data. That is, the first encryption key changes dynamically.

The encryption / decryption device 539 as part of the information processing device 622 has a second encryption key shared with the encryption / decryption device 643 as part of the information processing device 611. Moreover, this second encryption key is updated in accordance with the number of communication operations or transmitted data. That is, the second encryption key changes dynamically.

The encryption / decryption device 539 as part of the information processing device 623 has a third encryption key shared with the encryption / decryption device 644 as part of the information processing device 611. Moreover, this third encryption key is updated in accordance with the number of communication operations or transmitted data. That is, the third encryption key changes dynamically.

In accordance with the present embodiment described above, encryption can be performed using first to third encryption keys, each of which is different from the other in the corresponding information processing device 621 to 623, so communication secrecy can be improved. In addition, due to the constant dynamic updating of encryption keys from first to third, secrecy can increase even further.

In addition, in the above example, an encryption / decryption device is present in each of the devices 621 ÷ 623 for processing information from the recipient of the transmitted data. However, the same exchange of encrypted data as described above can be carried out using one encryption / decryption device having a memory 544, the area of which is divided in accordance with information processing devices 621 ÷ 623 from the recipient of the transmitted data, and setting encryption keys for the corresponding areas of memory.

Fig. 34 shows a data configuration in memory 544 of an embodiment of a fifth embodiment of the present invention.

The memory 544 is divided into memory areas A1 ÷ A3. The memory area A1 stores encrypted data to enable the exchange of encrypted data with the first communication partner. Encrypted data i.e. f (a1) ÷ f (an) are, for example, the results of calculations performed with the first function f on the addresses "1a1 ÷ 1an" used as input. Further, the first function f is constantly updated in accordance with the number of communication operations or transmitted data. In addition, it is also possible to change the function itself in accordance with the number of communication operations or transmitted data.

The memory area A2 stores encrypted data to enable the exchange of encrypted data with a second communication partner. Encrypted data i.e. g (a1) ÷ g (an) are, for example, the results of calculations performed using the second function g over the addresses "2a1 ÷ 2an" used as input. Further, the second function g is constantly updated in accordance with the number of communication operations or transmitted data. In addition, it is also possible to change the function itself in accordance with the number of communication operations or transmitted data.

The memory area A3 stores encrypted data to enable the exchange of encrypted data with a third communication partner. Encrypted data i.e. h (a1) ÷ h (an) are, for example, the results of calculations performed using the third function h over the addresses "3a1 ÷ 3an" used as input data. Further, the third function h is constantly updated in accordance with the number of communication operations or transmitted data. In addition, it is also possible to change the function itself in accordance with the number of communication operations or transmitted data.

In the above example, the relay device for processing the information of the last stage distributes data to devices 621 ÷ 623 for processing information from the recipient of the transmitted data. However, it is also possible to distribute data to a plurality of intermediate relay information processing devices and subsequently distribute the data to information processing devices from the recipient of the transmitted data or to the plurality of relay information processing devices.

Sixth Embodiment

Fig. 35 shows a system configuration in a sixth embodiment of the present invention. The same blocks are indicated in this figure by the same reference numbers as in FIG. 32, and a repeated description of these blocks is omitted.

The communication system 700 in the present embodiment provides data branching to relay information processing devices 721, 722 in information relaying device 711 and additional data branching to information processing devices 731, 732 from the recipient of the transmitted data in relay processing device 721 and devices 733, 734 processing information from the recipient of the transmitted data in the relay information processing device 722. In accordance with this embodiment, secrecy can be further enhanced.

Further, since the data branching method is the same as in the case of the information processing system 600 in the fourth embodiment, its re-description is omitted.

In addition, it is also possible to build a communication system N: N.

Seventh Embodiment

Fig. 36 shows a system configuration in a seventh embodiment of the present invention. The same blocks are indicated in this figure by the same reference numbers as in FIG. 32, and a repeated description of these blocks is omitted.

For simplicity of description, a 3: 3 communication system is considered.

In the communication system 800 considered in the present exemplary embodiment, the relay information processing devices 821 and 811 are used to perform the relay function and enable the exchange of encrypted data between the three information processing devices 811 ÷ 813 from the sender of the transmitted data and the three information processing devices 621 ÷ 623 from the recipient transmitted data.

The encryption is carried out in the same manner as in the information processing system 600 of the fourth embodiment, and therefore, a second description thereof is omitted.

In the present embodiment, an encryption communication system is considered consisting of three devices 811-813 for processing information from the sender of the transmitted data and three devices 621-623 for processing information from the receiver of the transmitted data, however, it is possible to exchange encrypted data in the N: N system or N: M.

Further, in both the fifth and sixth embodiments, the number of encryption devices in the relay information processing devices corresponds to the number of communication partners, however, it is also possible to use a single encryption / decryption device for a plurality of communication partners.

On Fig presents a block diagram of a first embodiment of an encryption / decryption device. Identical blocks are denoted in this figure by the same reference numerals as in FIG. 29, and a repeated description of these blocks is omitted.

The encryption / decryption device 900 of this embodiment has N encryption / decryption chips C1 through Cn. Since these chips have the same configuration as the encryption / decryption chip C shown in FIG. 29, a detailed description of the encryption / decryption chips C1 ÷ Cn is omitted.

Each of the N encryption / decryption chips C1 ÷ Cn corresponds to a chip or encryption / decryption device in one of the plurality of information processing devices from the recipient of the transmitted data or the plurality of relay information processing devices. Each of the N encryption / decryption chips С1 ÷ Сn performs encryption / decryption using a chip or an encryption / decryption device of one of the plurality of information processing devices from the recipient of the transmitted data or the plurality of relay information processing devices preset in accordance with this chip or device.

In accordance with this embodiment, the exchange of encrypted data can be carried out with a plurality of information processing devices from the recipient of the transmitted data or a plurality of relay information processing devices through a single encryption / decryption device.

On Fig presents a block diagram of the process of the second embodiment of the encryption / decryption device.

Since the encryption / decryption device of this embodiment has the same configuration as in the case shown in FIG. 29, a detailed description of this device is omitted.

In this embodiment, the encrypted data is exchanged between the information processing device 1011 from the side of the sender of the transmitted data and N devices 1012-1 ÷ 1012-n of the information processing from the side of the receiver of the transmitted data.

In the device 1011 for processing information from the sender of the transmitted data, the encryption / decryption device 1021 has a memory 544 divided into memory areas A1 ÷ An. In each memory area A1, encrypted data is stored for exchange with the information processing device 1012-1 from the recipient of the transmitted data. The same encrypted data as in area A1 of the memory 544 of the encryption / decryption device 1021 as part of the information processing device 1011 from the sender side of the transmitted data is stored by the memory 544 of the encryption / decryption device 1021-1 as part of the information processing device 1012-1 from the recipient transmitted data. The memory area A1 of the information processing device 1011 from the sender of the transmitted data and the data in the memory 544 of the information processing device 1012-1 from the receiver of the transmitted data are dynamically updated in accordance with the number of communication operations or transmitted data. Therefore, the code cannot be decoded even if encrypted data is received at some point in time.

In each memory area A2, encrypted data is stored for exchange with the information processing device 1012-2 from the recipient of the transmitted data. The same encrypted data as in the A2 area of the memory 544 of the encryption / decryption device 1021 as part of the information processing device 1011 from the sender side of the transmitted data is stored by the memory 544 of the encryption / decryption device 1022-2 as part of the information processing device 1012-2 from the recipient transmitted data. The memory area A2 of the information processing device 1011 from the sender of the transmitted data and the data in the memory 544 of the information processing device 1022-2 from the receiver of the transmitted data are dynamically updated in accordance with the number of communication operations or transmitted data. Therefore, the code cannot be decoded even if encrypted data is received at some point in time.

In each memory area An, encrypted data is stored for exchange with the information processing device 1012-n from the recipient of the transmitted data. The same encrypted data as in the A2 area of the memory 544 of the encryption / decryption device 1021 as part of the information processing device 1011 from the sender side of the transmitted data is stored by the memory 544 of the encryption / decryption device 1022-n as part of the information processing device 1012-n from the receiver side transmitted data. The memory area A2 of the information processing device 1011 from the sender of the transmitted data and the data in the memory 544 of the information processing device 1022-n from the receiver of the transmitted data are dynamically updated in accordance with the number of communication operations or transmitted data. Therefore, the code cannot be decoded even if encrypted data is received at some point in time. In addition, encrypted data is stored in a similar manner also in other areas A3 ÷ An-1 of the memory and memory 544 of other devices 1012-3 ÷ 612-n-1 of the information processing from the recipient of the transmitted data.

In accordance with this embodiment, encrypted data stored in any of the memory storage areas 544 of the information processing device 1011 from the sending data side of the information 544 should be stored in the memory 544 of the information processing devices 1012-1 to 1012-n. Therefore, the memory capacity can be reduced.

In addition, the encryption / decryption device may have logic or programs different for the respective communication partners.

Eighth Embodiment

FIG. 39 illustrates a system configuration in an eighth embodiment of the present invention.

The present embodiment is a service delivery system. The service delivery system 1100 in the present embodiment includes a server 1111, an output terminal device 1112, and a portable encryption device 1113.

Server 1111 is configured to communicate with output terminal 1112 via network 1114. The server stores a plurality of encrypted data for each previously registered user, and each registered user is free to store data on this server. Server 1111 provides communication with output terminal device 1112 and the ability to freely output data that a registered user has previously stored. Having such a configuration, the server 1111 may be called a private data recording and processing center. In this case, communication with encryption is provided between the server 1111 and the output terminal device 1112.

The output device 1112 is provided with a portable encryption device 1113 to provide communication with encryption. All data transmitted between the server and the output terminal device 1112 is transmitted in an encrypted state through the portable encryption device 1113. For this, a previously registered user has a portable encryption device 1113 and can access data previously registered on the server 1111 using the output terminal device 1112. In addition, the server 1111 communicates with the portable encryption device 1113 and thus authenticates the registered user.

When installing the portable encryption device 1113 in the output terminal device 1112, the portable encryption device 1113 can provide authentication for the server 1111 automatically and encryption / decryption of the transmitted data can be performed using the device 1113 automatically. This allows secure data transmission to each registered user. Since the encryption device 1113 functions as a data pipeline that performs encryption / decryption for each registered user, it is called a private data pipeline.

On Fig presents a block diagram of a server 1111.

Server 1111 includes a main unit 1121, an input device 1122 and a display 1123. The main unit 1121 is configured to include a CPU 1131, controllers 1132 and 1133, RAM 1134, a graphics controller 1135, ROM 1136, a hard drive magnetic disks 1137, drive 1138 CD-ROM, communication device 1139 and bus 1140 PCI (interconnection of peripheral components).

The CPU 1131 processes the data based on a program installed in the hard disk drive 1137. For example, the program is stored on the d-disc CD-ROM and served from it. After reading the CD d from the d disk using the 1138 CD-ROM drive, the program is installed in the hard disk drive 1137. The program installed in the hard disk drive 1137 is retrieved into the main memory 1134 and the CPU 1131 is executed.

The CPU 1131 communicates with the RAM 1134, the graphics controller 1135, and the PCI bus 1140 through the controller 1132. The RAM 1134 is used as the working area of the memory of the CPU 1131. The graphics controller 1135 creates image data from the data processed by the CPU 1131 and provides them to the display 1123. The display 1123 includes a CRT (cathode ray tube) or LCD (liquid crystal display) and with their help reproduces the page in accordance with the image data.

The controller 1133 and the communication device 1139 are connected to the PCI bus 1141. A controller 1133 controls communication with a PCI bus 1141, a ROM 1136, a hard disk drive 1137, a CD-ROM drive 1138, and an input device 1122.

ROM 1136 stores various installation information. The hard disk drive 1137 stores programs and data for each user registered as a service recipient in accordance with an embodiment. The data stored by the hard disk drive 1137 is encrypted by a portable encryption device 1113 owned by a registered user. Thus, even in the case of access, no one except a registered user can access the data stored in the hard disk drive 1137.

A CD-ROM drive 1138 reads / writes data stored by the CD-ROM. The input device 1122 includes a keyboard and mouse and is used to enter data, processing commands, etc. The communication device 1139 is connected to the PCI bus 1140 and provides control of communication with the output device 1112 through the network 1114.

The following is a description of the configuration of the output terminal device 1112.

On Fig presents a block diagram of a terminal device 1112 output. The output terminal device 1112 includes in its main unit 1141, an input device 1142 and a display 1123. The main unit 1141 includes a CPU 1151, controllers 1152 and 1153, RAM 1154, a graphics controller 1155, ROM 1156, a hard disk drive 1157 , 1158 CD-ROM drive, communication device 1159, 1160 PCI bus, 1161 USB controller, and 1162 USB port.

The CPU 1151 processes the data based on a program installed in the hard drive 1157. For example, the program is stored on the d-disc CD-ROM and served from it. After reading from the d disk CD-ROM using the drive 1158 CD-ROM, the program is installed in the drive 1157 on the hard magnetic drives. Installed in the hard disk drive 1157, the program is retrieved into the main memory 1154 and the CPU 1151 is executed.

The CPU 1151 communicates with the RAM 1154, the graphics controller 1155, and the PCI bus 1160 through the controller 1152. The RAM 1154 is used as the working area of the memory of the CPU 1151. The graphics controller 1155 creates image data from the data processed by the CPU 1151 and provides them to the display 1143. The display 1143 includes a CRT (cathode ray tube) or LCD (liquid crystal display) and with their help reproduces the page in accordance with the image data.

A controller 1153 and a communication device 1159 are connected to a PCI bus 1160. A controller 1153 controls communication with a PCI bus 1160, a ROM 1156, a hard disk drive 1157, a CD-ROM drive 1158, and an input device 1142. The ROM 1156 stores various installation information.

A program is stored in a hard disk drive 1137. Moreover, the program is designed in such a way that the data processed in the output terminal device 1112 do not remain in the drive 1157 on the hard magnetic disks. A CD-ROM drive 1158 reads / writes data stored by the CD-ROM. The input device 1142 includes a keyboard and mouse and is used to enter data, processing commands, etc. The communication device 1159 is connected to the PCI bus 1160 and provides control of communication with the server 1111 through the network 1114.

The 1161 USB controller communicates with a device connected to the 1162 USB port. A portable encryption device 1113 is connected to the USB port 1162. In addition, data exchange between the output terminal device 1112 and the server 1111 is necessarily carried out through the portable encryption device 1113. That is, the portable encryption device 1113 functions as a data pipeline.

The following is a description of the configuration of the portable encryption device 1113.

FIG. 42 is a block diagram of a portable encryption device 1113, and FIG. 43 is an exploded perspective view of a portable encryption device 1113.

The portable encryption device 1113 includes a USB connector 1171, an interface circuit 1172, a memory 1173, a microcomputer 1174, and an internal bus 1175. An interface circuit 1172, a memory 1173, a microcomputer 1174, and an internal bus 1175 are integrated in the integrated circuit (IC) 1176. ICs 1176 is mounted on a 1177 printed circuit board.

An 1171 USB connector is mounted on the printed circuit board 1177. The printed circuit board 1177, on which the IC 1176 and the USB connector 1171 are mounted, is located in the housing 1178. The open portion of the housing 1178 is provided with a cover 1179 with a screw 1180. In this case, the USB connector 1171 extends beyond the boundaries of the housing 1178 and the cover 1179 and can be inserted into the USB port 1162 of the output terminal 1112.

The USB connector 1171 is mounted on a printed circuit board 1177 and inserted into the USB port 1162 of the output terminal 1112. The USB connector 1171 is connected to the interface circuit 1172. The interface circuit 1172 functions as an interface between the USB port 1162 and the internal bus 1175.

The internal bus 1175 is a bus for providing communication between the interface circuit 1172, the memory 1173, and the microcomputer 1174. The memory 1173 stores encrypted data that has undergone a certain encryption, as addresses for which the input data is used.

When transmitting data from the terminal device 1112 output to the server 1111, the microcomputer 1174 accesses the memory 1173, using the data as addresses, and as a result receives encrypted data. The obtained encrypted data is transmitted to the server 1111 using the communication device 1159 as part of the terminal 1112 output device. In addition, when receiving encrypted data from the server 1111 by the output terminal device 1112, the microcomputer 1174 searches for the memory 1173 using the data from the server 1111 and provides the address in which the relevant data is stored to the output terminal device 1112 as decrypted data. Moreover, the encryption / decryption method used by the communication system or the information processing system described above in other embodiments can be used in this.

Data encryption and decoding is performed as described above.

The following is a description of the processing operations performed by the server 1111, the output terminal device 1112, and the portable encryption device 1113.

First, a description is given of the processing operations performed by the server 1111.

On Fig presents a block diagram of a sequence of operations performed by the server 1111.

In step S21-1, the server 1111 receives an access request from the output terminal 1112 and, in step S21-2, requests authentication information from the output terminal 1112. Then, if in step S21-3, the server 1111 receives authentication information from the output terminal device 1112, then in step S21-4, it performs the authentication process. The authentication process consists in comparing the authentication information received from the output terminal 1112 with the authentication information previously registered on the server 1111, and determining whether or not there is a match between the two. If the authentication information received from the output terminal device 1112 matches the authentication information previously registered on the server 1111, access to the server 1111 is allowed.

In step S21-5, the server 1111 determines whether access is allowed. When access is not allowed in step S21-5, then in step S21-6, the server 1111 determines whether the number of access denied has reached a certain value or not. If at step S21-6 the number of failures reaches a certain value, then at step S21-7, the server 1111 interrupts the communication session.

If, in step S21-6, the number of access denials has not yet reached a certain value, then returns to step S21-2, and the authentication process is repeated. When, in step S21-5, the server 1111 confirms the right of access, in step S21-8, it allows access of the output terminal 1112 to the server 1111.

If the server 1111 allows access and in step S21-9 requests data from the output terminal 1112, then in step S21-10 it reads the data required for the authorized registered user from the previously assigned memory area and transfers this data to the output terminal 1112. In addition, if in step S21-10, the server 1111 receives data from the output terminal device 1112, then it stores the obtained data in the memory area previously assigned to the registered user. At the same time, encrypted data from the output terminal device 1112 is stored.

The server 1111 repeats the processing steps S21-9 to S21-12 until a notification of completion of processing is transmitted from the output terminal device 1112 in step S21-12.

The following is a description of the operation of the output terminal device 1112.

On Fig presents a block diagram of a sequence of operations performed by the terminal device 1112 output.

When, in step S31-1, the portable encryption device 1113 is inserted into the USB port 1162, then in step S31-2, the output terminal device 1112 starts a communication session with the server 1111. The output terminal device 1112 reads authentication information, etc. from portable encryption device 1113 based on commands from server 1111 and provides this information to server 1111.

When the server 1111 allows access in step S31-3, the output terminal 1112 is able to communicate with the server 1111 through the portable encryption device 1113. When, in step S31-4, the output terminal device 1112 receives data from the server 1111, then in step S31-5, the data received from the server is supplied to the portable encryption device 1113. Portable encryption device 1113 decodes the data and returns it to output terminal device 1112. The output terminal device 1112 opens the application program corresponding to the data decoded by the portable encryption device 1113 and performs the required processing. For example, the decoded data is displayed on the display 1143.

Further, when the processed data is transferred to the server 1111 in step S31-7, then in step S31-8, the terminal device 1112 supplies the data to be transmitted to the portable encryption device 1113. Portable encryption device 1113 reads data from memory 1173 using data supplied from output terminal device 1112 as an address. The data obtained as a result of reading from the memory 1173 is again supplied to the output terminal device 1112 in the form of encrypted data.

In step S31-9, the output terminal 1112 transmits the data encrypted by the portable encryption device 1113 to the server 1111. In step S31-10, the output terminal 1112 repeats steps S31-4 through S31-10 until the access to the server 1111 is interrupted.

Thus, the exchange of encrypted data between the server 1111 and the terminal device 1112 output.

The following is a description of the operation of the portable encryption device 1113.

Fig. 46 is a flowchart of a portable encryption device 1113.

When the portable encryption device 1113 is inserted into the USB port 1162 of the output terminal 1112 with the USB connector 1171 and in step S41-1, the portable encryption device 1113 receives a request from the output terminal 1112, then in step S41-2, the portable encryption device 1113 responds to the terminal 1112 output. When, in step S41-3, the portable encryption device 1113 receives the authentication request from the server 1111 through the output terminal 1112, then in step S41-4, authentication information is supplied to the output terminal 1112. Authentication information may be encrypted before being transmitted. In this case, in the case of encryption of the authentication information from the server 1111, it is necessary to connect an encryption device with integrated memory having the same data content as the memory 1173 of the portable encryption device 1113 to the PCI bus 1140.

In step S41-5, when permission to access the server 1111 is granted through the output terminal device 1112, the portable encryption device 1113 operates as a private data pipeline. When data is supplied from the output terminal 1112 in step S41-6, and a decision is made in step S41-7 on whether to send the data supplied by the output terminal 1112 to the server 1111, then in step S41-8, the portable encryption device 1113 encrypts the data. In addition, when in step S41-9, the data from the output terminal 1112 is data from the server 1111, that is, the encrypted data, they are decoded.

In step S41-11, the portable encryption device 1113 supplies encrypted or decoded data to the output terminal device 1112. The portable encryption device 1113 repeats steps S41-6 to S41-12 until a notification of completion of processing from the output terminal device 1112 is supplied in step S41-12.

The above shows that the portable encryption device 1113 can operate as a private data pipeline and enable the exchange of encrypted data between the server 1111 and the output terminal device 1112.

In addition, the data transmitted to the output terminal device 1112 by the server 1111 is automatically deleted at the end of the communication session, for example using a software driver or the like, and this prevents the access to this data from another registered user. Therefore, secrecy is provided in the output terminal device 1112.

In the example described above, the data is stored on the server in encrypted form. However, it is also possible to store data after decoding.

On Fig presents a block diagram of a variant of the server 1111. Identical blocks are indicated in this figure by the same reference positions as in Fig and 40, and a repeated description of these blocks is omitted.

Server 1181 in this embodiment has an encryption device 1182. Encryption device 1182 is a PCI card connected to a PCI bus 1140.

On Fig presents a block diagram of an encryption device 1182. Identical blocks are denoted in this figure by the same reference numerals as in FIG. 42, and a repeated description of these blocks is omitted.

In this embodiment, the encryption device 1182 is in the form of a PCI card, in which instead of the USB connector 1171 of the portable encryption device 1113, a PCI bus connector 1183 is used to connect to the PCI bus 1140, and instead of the interface circuit 1172, an interface circuit 1140 operating as an interface between the bus is used 1140 PCI and internal bus 1175. In addition, an encryption device 1182 is installed for each registered user.

According to this embodiment, as a result of receiving data from the server 1181, it is possible to establish a secret communication with e-mail or the like. The email is stored on the server 1181, and the registered user accesses the server 1111 using the portable encryption device 1113 and reads the mail. In this case, the mail is transmitted to the output terminal 1112 in encrypted form, and then decoded by the portable encryption device 1113 and displayed on the output terminal 1112.

The same content for each registered user must be stored in the memory 1173 of the personal digital assistant 1113 and in the memory 1173 of the server encryption device 1182 of the server 1181. In addition, it is possible to update the contents of the memory 1173 of the personal digital assistant 1113 and the memory 1173 of the encryption device 1181 of the server 1181 based on for example, the number of communication operations, transmitted data or external information.

It is also possible to divide the memory region 1173 of the encryption device 1182 of the server 1181 into a plurality of areas, one of which will correspond to one portable encryption device 1113 and, thus, one encryption device 1182 will correspond to many portable encryption devices 1113.

In addition, the ability to match the encryption device 1182 to a plurality of portable encryption devices 1113 can also be provided by a configuration in which the interface circuit, microcomputer, and memory are implemented as a single chip, and a plurality of such chips are mounted on the same substrate.

Further, in the present embodiment, the portable encryption device 1113 communicates with the output terminal device 1112 via the USB interface. However, this is not a limitation of the invention, and another type of interface may be used. To ensure communication, a non-contact radio communication system or the like may also be used.

In addition, the portable encryption device 1113 need not be in the form of a rectangular parallelepiped, and options are possible, for example in the form of a key. It is also possible to use a device in the form of a board with an integrated circuit. Moreover, in the case of using a radio communication system, the device may take the form of an accessory such as an earring, pendant, ring or the like. You can also use the shape of an item that is easy to carry, such as a watch, pen, cell phone, or the like.

Claims (37)

1. A communication device comprising:
a common element obtaining unit for receiving a common element that is common with the receiving party,
key generation means for generating a key based on a common element generated by said common element obtaining unit,
encryption key generating means for generating a function or protocol based on a key generated by said key generating means,
encryption means for performing encryption based on a function or protocol generated by said encryption key generation means, and
a communication unit for controlling communication with a receiving party. 2. The communication device according to claim 1, characterized in that said means for generating an encryption key generates a function or protocol based on the number of data exchange sessions with the receiving party. 3. The communication device according to claim 1, characterized in that said means for generating an encryption key generates a function or protocol based on the amount of transmitted data with the receiving side. 4. The communication device according to claim 1, characterized in that said block for receiving a common element receives externally shared external information as said common element. 5. The communication device according to claim 1, characterized in that said means for generating an encryption key performs a non-linear transition of a function or protocol. 6. The communication device according to claim 1, characterized in that said key generation means receives certain information as part of a function or protocol as a key. 7. The communication device according to claim 1, characterized in that said means for generating a function or protocol generates a subsequent function or protocol by providing a non-linear transition of the table value. 8. A communication device comprising:
a common element obtaining unit for obtaining a common element that is common with the transmitting side,
key generation means for generating a key that is shared with the transmitting side based on a common element generated by said common element receiving unit,
encryption key generating means for generating a function or protocol that is common with the transmitting party based on a key generated by said key generating means, and
decoding means for performing decoding based on a function or protocol generated by said encryption key generation means, and
a communication unit for controlling communication with a receiving party. 9. An encryption device comprising:
an encryption unit that reads the source data from the file and encrypts this data,
means for storing the intermediate file for storing data encrypted by the specified encryption block in the intermediate file,
a decoding unit decoding the data stored in the indicated intermediate file and decoding them, and
file storage means for storing data decoded by said decoding unit as a specific file,
wherein said encryption block contains:
table generating means for dynamically changing the table used to encrypt the source data,
key generating means for generating a key based on a common element,
table selection means for selecting a specific table from a plurality of tables generated by said table generating means based on a key generated by said key generating means, and
encryption means for performing encryption. 10. The encryption device according to claim 9, characterized in that it further comprises communication means for transmitting a file stored in said file storage means to a communication session partner via a network. 11. An information processing device comprising:
file block storing data
an encryption unit that reads data from the specified file block and encrypts this data,
means for storing the intermediate file for storing data encrypted by the specified encryption block in the specified file block as an intermediate file,
a decoding unit decoding data stored in the specified intermediate file,
and file saving means for storing data decoded by said decoding unit in said file unit,
wherein said encryption block contains:
table generating means for dynamically changing the table used to encrypt the source data,
key generating means for generating a key based on a common element,
table selection means for selecting a specific table from a plurality of tables generated by said table generating means based on a key generated by said key generating means, and
encryption means for performing encryption. 12. A method of processing information comprising:
encryption step, which consists in reading the source data from the file and encrypting this data,
the step of storing the intermediate file, which consists in storing the data encrypted at the specified encryption step in the intermediate file,
the step of decoding the data stored in the intermediate file, and
the step of saving the file, which consists in storing the data decoded at the specified decoding step as a specific file,
wherein said encryption step includes:
table generation for dynamically changing the table used to encrypt the source data,
key generation based on a common element,
selection of a specific table from the set of generated tables based on the generated key. 13. A communication system for exchanging encrypted data between a communication device of a sender and a communication device of a destination through a relay communication device, in which each said communication device of a sender, said communication device of a destination and said relay communication device comprise:
a common element obtaining unit for receiving a common element that is common with the receiving party,
key generation means for generating a key based on a common element generated by said common element obtaining unit,
encryption key generating means for generating a function or protocol based on a key generated by said key generating means, and
encryption means for performing encryption based on a function or protocol generated by said encryption key generation means,
however, for each of the specified communication device of the sender, the communication device of the destination and the relay communication device, the specified encryption tool uses a different encryption method. 14. The communication system according to item 13, wherein the serial transmission of data from the communication device of the sender to the communication device of the addressee is provided through many relay devices. 15. A communication system for exchanging encrypted data between a plurality of sender communication devices and a plurality of destination communication devices, comprising:
a first relay communication device exchanging encrypted data with said plurality of sender communication devices, and
a second relay communication device that relays encrypted data between said first relay communication device and said plurality of destination communication devices, thereby enabling the exchange of encrypted data between said first relay communication device and a second relay communication device,
in which each of the specified set of communication devices of the sender, each of the specified set of communication devices of the destination, the specified first relay communication device and the specified second relay communication device include:
a common element obtaining unit for receiving a common element that is common with the receiving party,
key generation means for generating a key based on a common element generated by said common element obtaining unit,
encryption key generating means for generating a function or protocol based on a key generated by said key generating means, and
encryption means for performing encryption based on a function or protocol generated by said encryption key generation means. 16. The communication system of claim 15, wherein said first relay communication device performs encryption for a plurality of sender communication devices in various ways. 17. The communication system of claim 15, wherein said second relay communication device performs encryption for a plurality of destination communication devices in various ways. 18. A communication device for exchanging encrypted data between a first communication device and a second communication device, comprising:
first encrypted communication means exchanging encrypted data with said first communication device, and
the second means of encrypted communication encryption, exchanging encrypted data with the specified second communication device,
each said communication device, said first communication device and said second communication device contain:
a common element obtaining unit for receiving a common element that is common with the receiving party,
key generation means for generating a key based on a common element generated by said common element obtaining unit,
encryption key generating means for generating a function or protocol based on a key generated by said key generating means, and
encryption means for performing encryption based on a function or protocol generated by said encryption key generation means. 19. A communication device for relaying encrypted data between a first group of communication devices and a second group of communication devices, comprising:
first encrypted communication means exchanging encrypted data with said first group of communication devices, and
the second means of encrypted communication, exchanging encrypted data with the specified second group of communication devices,
wherein each of said first group of communication devices, each of said second group of communication devices, and said communication device comprise:
a common element obtaining unit for receiving a common element that is common with the receiving party,
key generation means for generating a key based on a common element generated by said common element obtaining unit,
encryption key generating means for generating a function or protocol based on a key generated by said key generating means, and
encryption means for performing encryption based on a function or protocol generated by said encryption key generation means. 20. A communication method for exchanging encrypted data between the sender of the transmitted data and the recipient of the transmitted data,
in which the relay device relays the transmitted data between the specified sender of the transmitted data and the specified recipient of the transmitted data, and for each relay operation, encryption is performed in a different way,
wherein each specified sender of the transmitted data, the specified recipient of the transmitted data, and the specified relay device uses a communication device containing:
a common element obtaining unit for receiving a common element that is common with the receiving party,
key generation means for generating a key based on a common element generated by said common element obtaining unit,
encryption key generating means for generating a function or protocol based on a key generated by said key generating means, and
encryption means for performing encryption based on a function or protocol generated by said encryption key generation means. 21. A communication method for exchanging encrypted data between a plurality of senders of transmitted data and a plurality of receivers of transmitted data,
in which the first relay communication device exchanges encrypted data with the specified set of senders of the transmitted data,
the second relay communication device relays the encrypted data between the specified first relay communication device and the specified set of recipients of the transmitted data,
and said first relay communication device and said second relay communication device exchange encrypted data with each other,
wherein each of said plurality of transmitters of transmitted data, each of said plurality of recipients of transmitted data, said first relay communication device and said second relay communication device uses a communication device comprising:
a common element obtaining unit for receiving a common element that is common with the receiving party,
key generation means for generating a key based on a common element generated by said common element obtaining unit,
encryption key generating means for generating a function or protocol based on a key generated by said key generating means, and
encryption means for performing encryption based on a function or protocol generated by said encryption key generation means. 22. An encryption device comprising:
a communication unit that exchanges data with an external device,
an encryption unit performing encryption and decoding of data exchanged with the specified external device through the specified communication unit, and
a control unit that inputs the encrypted data from the specified external device, supplies this data to the specified external device after decoding in the specified encryption unit, enters data from the specified external device, and supplies this data after encryption in the specified encryption unit. 23. The encryption device according to item 22, characterized in that it is removable with respect to the desired interface of the specified external device. 24. The encryption device according to item 22 or 23, characterized in that said communication unit, said encryption unit and said control unit are integrated in a specific housing. 25. The encryption device according to item 22, wherein the specified control unit contains an authentication unit that performs authentication. 26. An information processing system comprising:
a first information processing device storing data,
a second information processing device that can communicate with said first information processing device, and
an encryption device that is removable with respect to said second information processing device, and when installed in said second information processing device, decodes data coming from said first information processing device through said second information processing device to enable said data to be processed by said second device information processing, and also encrypts data processed by the specified second information processing device, and transmits this data said first processing device via said second information processing apparatus. 27. The information processing system according to claim 26, wherein said first processing device stores data in encrypted form. 28. The information processing system according to claim 26, wherein said first information processing device encrypts data in said encryption device with decoding capability and transmits this data to said second information processing device, and also decodes and stores data encrypted and filed from said encryption device through said second information processing device. 29. The information processing system according to claim 26 or 28, characterized in that said encryption device communicates with said first communication device and performs authentication. 30. A method of processing information comprising the steps of:
installing an encryption device, which is removable with respect to the second information processing device, in said second information processing device that can exchange data with the first information processing device storing data,
decoding data supplied from said first information processing device through said second information processing device into said encryption device to enable said data to be processed by said second information processing device, and also to encrypt data processed by said second information processing device, and
transmitting this data to said first information processing device through said second information processing device. 31. The information processing method according to claim 30, wherein said first information processing device stores data in encrypted form. 32. The information processing method according to claim 30, wherein said second information processing device transmits data encrypted by said decryptable encryption device to said first information processing device, and said first information processing device decodes and stores data encrypted and filed by the specified encryption device through the specified second information processing device. 33. The information processing method according to claim 30 or 32, characterized in that said encryption device exchanges data with said first information processing device and performs authentication. 34. A method of supplying services, comprising the steps of:
installing an encryption device, which is removable with respect to the second information processing device, in said second information processing device that can exchange data with the first information processing device storing data,
providing decoding of data supplied from said first information processing device via said second information processing device using said encryption device to enable said data to be processed by said second information processing device, and
providing encryption of the data processed by the specified second information processing device using the specified encryption device and transmitting this data to the specified first information processing device through the specified second information processing device.
Priority on points: 03/29/2002 according to claims 1-12; 04.24.2002 according to claims 13-21; 04/26/2002 according to claims 22-34.

Images