+

US20030026430A1 - Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus - Google Patents

Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus Download PDF

Info

Publication number
US20030026430A1
US20030026430A1 US10/254,581 US25458102A US2003026430A1 US 20030026430 A1 US20030026430 A1 US 20030026430A1 US 25458102 A US25458102 A US 25458102A US 2003026430 A1 US2003026430 A1 US 2003026430A1
Authority
US
United States
Prior art keywords
key
conversion
data
algorithm
encrypting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/254,581
Inventor
Makoto Aikawa
Shigeru Hirahata
Kazuo Takaragi
Yoshimichi Kudo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US10/254,581 priority Critical patent/US20030026430A1/en
Publication of US20030026430A1 publication Critical patent/US20030026430A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the present invention relates to techniques for encrypting/decrypting digital data transferred among computers, household information processing appliances, and electronic toll collection apparatuses.
  • Enciphering techniques for preventing an illegal copy of digital data are essential for digital household information processing appliances. For example, if digital visual data received by a digital broadcasting receiver is digitally recorded in a digital video recorder and the digital visual data has a copyright, both the receiver and digital video recorder are required to have a function of protecting the copyright. In order to realize such a copyright protection system, it is necessary to prevent alteration and illegal copying of digital data by means of setting a limitation to digital data copying, device authentication, and cryptographic techniques such as real time cryptograph of digital data.
  • An example of conventional cryptographic techniques may be a symmetric key or common key algorithm, typically DES cryptograph disclosed in U.S. Pat. No. 3,962,539. Most of common key algorithms are characterized in a complicated cryptogram formed by repeating a simple conversion. Various approaches have been tried in order to improve security of cryptograms. For example, a cryptographic attack can be made difficult by increasing the number of repetitions of simple conversions to further disturb statistical characteristics of cipher texts.
  • the electronic toll collection system represents a system which is capable of collecting a toll based on an electronic transaction through a wireless communication between an antenna provided at a toll collecting station and an on-board equipment mounted on a car when the car passes through the toll collecting station, the details of which are described in for example, a Japanese magazine “Card Wave” published by C-Media, March, 1999, pp42-45.
  • a real-time cryptographic processing is indispensable in order to send and receive exchange data at real time and protect the exchange data from bugging and unauthorized alteration.
  • an encrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and plain text data and outputting cipher text data
  • the apparatus comprising: a plurality stage of encrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once
  • the encrypting conversion means includes at least one of each of first to third operation means
  • the first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key
  • the second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter
  • the third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter
  • conversions which use combinations of a plurality stage of consecutive encrypting conversion means optionally selected from all of the encrypting conversion means and use the same input data and the same algorithm parameter
  • a decrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and cipher text data and outputting plain text data
  • the apparatus comprising: a plurality stage of decrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once
  • the decrypting conversion means includes at least one of each of first to third operation means
  • the first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key
  • the second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter
  • the third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter
  • a cryptographic communication system with a common key algorithm for communication between a transmitter apparatus and a receiver apparatus having a same cipher key, the transmitter apparatus encrypting a plain text by using the cipher key to acquire and transmit a cipher text, and the receiving apparatus decrypting the received cipher text by using the cipher key to recover the plain text
  • the transmitter apparatus includes encrypting conversion means and first algorithm key storing means
  • the receiver apparatus includes decrypting conversion means and second algorithm key storing mean
  • a conversion algorithm to be executed by the encrypting conversion means of the transmitter apparatus is determined by a first parameter stored in the first algorithm key storing means of the transmitter apparatus
  • a conversion algorithm to be executed by the decrypting conversion means of the receiver apparatus is determined by a second parameter stored in the second algorithm key storing means of the receiver apparatus
  • the cipher text encrypted by the transmitter apparatus by using the cipher key can be correctly decrypted by the receiver apparatus by using the cipher key
  • FIG. 1 is a block diagram showing a cryptographic communication system having a transmitter and a receiver according to an embodiment of the invention.
  • FIG. 2 is a block diagram of an encrypting conversion unit shown in FIG. 1.
  • FIG. 3 is a block diagram of a key conversion means shown in FIG. 2.
  • FIG. 4 is a block diagram of a substitution/permutation conversion means shown in FIG. 2.
  • FIG. 5 is a block diagram of a bit train conversion unit shown in FIG. 4.
  • FIG. 6 is a block diagram of a decrypting conversion unit shown in FIG. 1.
  • FIG. 7 is a block diagram of a substitution/permutation conversion means shown in FIG. 6 according to another embodiment of the invention.
  • FIG. 8 is a block diagram of a key conversion means according to another embodiment of the invention.
  • FIG. 9 is a block diagram of a substitution/permutation means according to another embodiment of the invention.
  • FIG. 10 is a block diagram of a bit train conversion unit according to another embodiment of the invention.
  • FIG. 11 is a block diagram showing an electronic toll collecting system as another embodiment of cryptographic communication of the invention.
  • FIG. 12 is a chart illustrating communication flows of the electronic toll collecting system.
  • FIG. 13 is a chart illustrating cryptographic communication of the electronic toll collecting system.
  • FIG. 1 is a block diagram showing the configuration of a cryptographic communication system in which a data transmitter equipped with an encrypting conversion apparatus of the invention cryptographically communicates with a data receiver equipped with a decrypting conversion apparatus of the invention.
  • the data transmitter 1 has an encrypting conversion unit 11 , a key sharing unit 12 , a data processing unit 13 , a communication processing unit 14 , and a key length data storage means 15 .
  • the data receiver 12 has a decrypting conversion unit 31 , a key sharing unit 32 , a data processing unit 33 , and a communication processing unit 34 .
  • the data transmitter 1 may be a digital broadcasting receiver.
  • the data receiver 2 may be a digital video recorder.
  • the data processing units 13 and 33 process digital program data of, for example, MPEG2-TS (Transport Stream) distributed by digital broadcasting services.
  • the data processing unit 13 performs a reception process, a multiplex/separation process, an expansion process, and a transmission process, respectively of digital program data
  • the data processing unit 33 performs a reception process, an expansion process, and a storage process, respectively of digital program data.
  • the data transmitter 1 and data receiver 2 share data called a cipher key necessary for data encrypting and decrypting in order to start cryptographic communication. Sharing this cipher key is realized by a message exchange between the key sharing unit 12 of the data transmitter 1 and the key sharing unit 32 of the data receiver via the communication processing units 14 and 34 .
  • the key length is determined in accordance with key length data stored in a key length data storage means 15 of the data transmitter 1 . It is desired that the cipher key shared by the data transmitter 1 and data receiver 2 is changed each time data is transferred. This is because since a generated cryptogram is different if the cipher key is different, a cryptographic attack to a cryptogram by a third party becomes difficult.
  • the encrypting conversion unit 11 is constituted of an encrypting conversion means 20 , a key conversion means 23 and an algorithm key storage means 24 .
  • the key conversion means 23 generate a plurality set of data called a conversion key in accordance with the cipher key and key length data.
  • the key length data represents the length of a cipher key determined by cipher key sharing.
  • the algorithm key storage means 24 stores a plurality set of data called an algorithm key.
  • An encrypting conversion algorithm to be executed by the encrypting conversion means 20 is determined by the algorithm key.
  • the encrypting conversion means 20 encrypts the plain text and outputs a cipher text.
  • the cipher text generated by the encrypting conversion unit 11 is transmitted from the communication processing unit 14 to the data receiver 2 .
  • the communication processing unit 34 of the data receiver 2 receives the cipher text and supplies it to the decrypting conversion unit 31 .
  • the decrypting conversion unit 31 is constituted of a decrypting conversion means 40 , a key conversion means 43 and an algorithm key storage means 44 .
  • the key conversion means 43 has a structure similar to that of the key conversion means 23 , and generates a conversion key in accordance with the cipher key and key length data.
  • the algorithm key storage means 44 has a structure similar to that of the algorithm key storage means 24 , and stores an algorithm key.
  • a decrypting conversion algorithm to be executed by the decrypting conversion means 40 is determined by the algorithm key.
  • the decrypting conversion means 40 decrypts the cipher text. In this case, only if the decrypting conversion means 20 uses the same algorithm key as that used by the encrypting conversion means 20 , the decrypting conversion means 40 can decrypt the cipher text encrypted by the encrypting conversion means 20 into the original plain text.
  • the plain text output from the decrypting conversion unit 31 is supplied to the data processing unit 33 to process data.
  • the data transmitter 1 and data receiver 2 can cryptographically communicate with each other only if they have the same algorithm key.
  • Cryptographic communication with an authentication function can be realized by maintaining this algorithm key as secret information. Namely, if the correct algorithm key is held by only an authorized apparatus, cryptographic communication can be performed for only the authorized communication partner apparatus.
  • a key management facility 3 for generating algorithm keys and collectively managing them is provided as shown in FIG. 1.
  • authorized apparatuses in this example, the data transmitter 1 and data receiver 2 ) acquire the algorithm key from the key management facility 3 without being tapped by a third party.
  • an algorithm key managed by the key management facility 3 may be embedded in the algorithm key storage means 24 and 44 when the data transmitter 1 and data receiver 2 are manufactured.
  • the data receiver 11 also acquires the key length data at the same time.
  • a cipher text transmitted from an authorized apparatus having a correct algorithm key can be decrypted only by an authorized apparatus having the correct algorithm key.
  • the algorithm key is also secret information so that a cryptographic attack by a third party to a cipher text flowing on the communication path becomes more difficult.
  • the data transmitter 1 since the data transmitter 1 generates a cipher key basing upon the key length data acquired from the key management facility 3 , the length of the cipher key can be renewed. For example, if renewed key length data is embedded in a newly manufactured data transmitter, cryptographic communication with the newly manufactured data transmitter can be performed by using a cipher key having the renewed length. Therefore, it is possible to elongate the key length of a cipher key in the future to thereby further improve security.
  • the key length may be changed in each area where apparatuses are shipped.
  • FIG. 2 is a detailed block diagram showing an example of the encrypting conversion unit 11 . It is assumed that the encrypting conversion unit 11 receives a plain text of 64 bits, a cipher key of 40 or 64 bits and key length data of one bit, and outputs a cipher text of 64 bits. With reference to the key length data, the key conversion means 23 converts the cipher key into conversion keys K 1 and K 2 each having 32 bits. The key length data takes “0” if the cipher key has 40 bits, and “1” if the cipher key has 64 bits. Conversion by the key conversion means 23 will be later described.
  • the encrypting conversion means 20 of the encrypting conversion unit 11 is constituted of N substitution/permutation conversion means 21 1 to 21 N .
  • a conversion algorithm to be executed by the substitution/permutation conversion means 21 n (where 1 ⁇ n ⁇ N) is determined by an algorithm key G n stored in the algorithm key storage means 24 .
  • a plain text is separated into upper 32 bits R 0 and lower 32 bits L 0 and input to the substitution/permutation conversion means 21 1 whereat a first encrypting conversion is performed by using the conversion keys K 1 and K 2 to output 32 bits R 1 and 32 bits L 1 .
  • These bits R 1 and L 1 are input to the substitution/permutation conversion means 21 2 whereat a second encrypting conversion is performed by using the conversion keys K 1 and K 2 to output 32 bits R 2 and 32 bits L 2 .
  • Such encrypting conversion is repeated N times and the last outputs of 32 bits R N and 32 bits L N are combined to obtain a cipher text of 64 bits.
  • the total number N of encrypting conversion repetitions is called a round number.
  • FIG. 3 is a block diagram showing an example of the key conversion means 23 shown in FIG. 2.
  • the key conversion means 23 is constituted of a register 26 of a 64-bit length, a multiplexer 27 and an addition operation unit 28 .
  • a cipher key is first loaded in the register 26 . If the cipher key has 40 bits, it is loaded in the lower 40 bits of the register 26 , whereas if the cipher key has 64 bits, it is stored in all bits of the register 26 .
  • the lower 32 bits of the register 26 are used as the conversion key K 1 . If the key length data is “0”, 32 bits of the register 26 from the lower 9-th bit to the lower 40-th bit are selected as an input to the multiplexer 27 .
  • the upper 32 bits of the register 26 are selected as an input to the multiplexer 27 .
  • An output of the multiplexer 27 is subjected to a 32-bit addition of K 1 at the addition operation unit 28 , the result being K 2 .
  • a result of the 32-bit addition is a remainder of a usual addition result divided by 2 raised to a power of 32.
  • FIG. 4 is a block diagram of the substitution/permutation conversion means 21 n shown in FIG. 2 which executes the n-th (1 ⁇ n ⁇ N) encrypting conversion.
  • the substitution/permutation conversion means 21 n is constituted of a bit train conversion unit 61 and an addition operation unit 62 .
  • R n ⁇ 1 and L n ⁇ 1 are converted into R n and L n by using the conversion keys K 1 and K 2 .
  • the substitution/permutation conversion means 21 n inputs L n ⁇ 1 to the bit train conversion unit 61 .
  • the conversion algorithm to be executed by the bit train conversion unit 61 is determined by the algorithm key G n .
  • An input U to the bit train conversion unit 61 is related to an output Z from the unit 61 by the following equation:
  • the algorithm key G n is constituted of the following data:
  • G n ( A n , B n , C n , P n , Q n , S n )
  • a n , B n , and C n are 32-bit data
  • P n , Q n , and S n are expressed by 1 ⁇ P n ⁇ 31, 1 ⁇ Q n ⁇ 31, and 1 ⁇ S n ⁇ 31.
  • the values of the algorithm key G n may take different values at each n (1 ⁇ n ⁇ N).
  • R n ⁇ 1 is input to the addition operation unit 62 whereat a 62-bit addition of Z n is performed, the result being L n .
  • L n ⁇ 1 is used as R n .
  • L n R n +F Gn ( K 1 , K 2 , L n ⁇ 1 )
  • FIG. 5 is a block diagram showing an example of the bit train conversion unit 61 shown in FIG. 4.
  • the bit train conversion unit 61 is constituted of five bit train converters 81 to 85 .
  • the bit train converter 81 includes an exclusive logical sum (exclusive-OR) unit 94 .
  • the bit train converter 82 includes an addition calculation unit 95 and a cyclic shift unit 91 .
  • the bit train converter 83 includes an addition calculation unit 96 and a cyclic shift unit 92 .
  • the bit train converter 84 includes an addition operation unit 97 .
  • the bit train converter 85 includes an addition calculation unit 98 and a cyclic shift unit 93 .
  • the exclusive logical sum unit 94 of the bit train converter 81 executes an exclusive logical sum operation of two input values. Of the two input values, one is K 1 shown in FIG. 4 and the other is U shown in FIG. 4, i.e., an output value to the bit train conversion unit 61 or bit train converter 81 .
  • a conversion by the bit train converter 81 is given by:
  • V is an output value of the bit train converter 81 and an expression of X ⁇ Y indicates an exclusive logical sum of X and Y.
  • the cyclic shift unit 91 of the bit train converter 82 cyclically shifts to the left only the data P n (1 ⁇ P n ⁇ 31) which is a fraction of the algorithm key G n .
  • the addition operation unit 95 performs a 32-bit addition of three inputs. Of the three inputs, one is the data A n which is a fraction of the algorithm key G n shown in FIG. 4, another is an input value V to the bit train converter 82 , and the other is the data Pn to be cyclically shifted to the left.
  • a conversion by the bit train converter 82 is given by:
  • W is an output value of the bit train converter 82 and an expression of X ⁇ Y indicates a cyclic shift of X to the left by Y-bit.
  • the cyclic shift unit 92 of the bit train converter 83 cyclically shifts to the left only the data Q n (1 ⁇ Q n ⁇ 31) which is a fraction of the algorithm key G n .
  • the addition operation unit 96 performs a 32-bit addition of three inputs. Of the three inputs, one is the data B n which is a fraction of the algorithm key G n shown in FIG. 4, another is an input value W to the bit train converter 83 , and the other is the data Pn to be cyclically shifted to the left.
  • a conversion by the bit train converter 83 is given by:
  • W is an output value of the bit train converter 83 .
  • the addition operation unit 97 of the bit train converter 84 performs a 32-bit addition of two inputs. Of the two inputs, one is K 2 shown in FIG. 2 and the other is an input X to the bit train converter 84 .
  • a conversion by the bit train converter 84 is given by:
  • Y is an output value of the bit train converter 84 .
  • the cyclic shift unit 93 of the bit train converter 85 cyclically shifts to the left only the data S n (1 ⁇ S n ⁇ 31) which is a fraction of the algorithm key G n .
  • the addition operation unit 98 performs a 32-bit addition of three inputs. Of the three inputs, one is the data G n which is a fraction of the algorithm key G n shown in FIG. 4, another is an input value Y to the bit train converter 85 , and the other is the data Sn to be cyclically shifted to the left.
  • a conversion by the bit train converter 85 is given by:
  • Z is an output value of the bit train converter 85 .
  • the five bit train converters 81 to 85 of the bit train conversion unit 61 perform a bit train conversion by processing data to be converted.
  • the order of processing data by the five bit train converters 81 to 85 of the bit train conversion unit 61 may be changed. This changed configuration is also included in the scope of the present invention.
  • the order of bit train conversion functions 84 ⁇ 83 ⁇ 81 ⁇ 85 ⁇ 82 may also be used.
  • the five bit train converters 81 to 85 are constituted of one exclusive logical sum unit, three cyclic shift units, and four addition operation units, they may be constituted of at least one addition operation unit and at least one cyclic shift operation unit capable of executing substitution/permutation/mixture conversion, with similar expected advantages of the invention.
  • FIG. 6 is a block diagram showing the details of the decrypting conversion unit 31 shown in FIG. 1.
  • the decrypting conversion unit 31 decrypts a cipher text encrypted by the encrypting conversion unit 11 shown in FIG. 2 into the original plain text.
  • the decrypting conversion unit 31 receives a cipher text of 64 bits, a cipher key of 40 bits or 64 bits, and key length data of one bit, and outputs a plain text of 64 bits.
  • the decrypting conversion means 40 of the decrypting conversion unit 31 is constituted of N substitution/permutation conversion means 41 1 to 21 N .
  • a conversion algorithm to be executed by the substitution/permutation conversion means 41 n (where 1 ⁇ n ⁇ N) is determined by an algorithm key G n stored in the algorithm key storage means 44 .
  • a cipher text is separated into upper 32 bits R N and lower 32 bits L N and input to the substitution/permutation conversion means 41 1 whereat a first decrypting conversion is performed by using conversion keys K 1 and K 2 to output 32 bits R N ⁇ 1 and 32 bits L N ⁇ 1 .
  • These bits R N ⁇ 1 and L N ⁇ 1 are input to the substitution/permutation conversion means 41 2 whereat a second decrypting conversion is performed by using the conversion keys K 1 and K 2 to output 32 bits R N ⁇ 2 and 32 bits L N ⁇ 2 .
  • Such decrypting conversion is repeated N times and the last outputs of 32 bits R 0 and 32 bits L 0 are combined to obtain a plain text of 64 bits. Similar to the encrypting conversion, the total number N of decrypting conversion repetitions is called a round number.
  • FIG. 7 is a block diagram of the substitution/permutation conversion means 41 n shown in FIG. 6 which executes the (N+1 ⁇ n) ⁇ th (1 ⁇ n ⁇ N) decrypting conversion.
  • the substitution/permutation conversion means 41 n is constituted of a bit train conversion unit 61 described with reference to FIG. 5 and a subtraction operation unit 72 .
  • R n and L n are converted into R n ⁇ 1 and L n ⁇ 1 by using the conversion keys K 1 and K 2 .
  • the substitution/permutation conversion means 41 n inputs R n to the bit train conversion unit 61 .
  • the conversion algorithm to be executed by the bit train conversion unit 61 is determined by the algorithm key G n .
  • An input to the bit train conversion unit 61 is represented by U and an output from this unit 61 is represented by Z.
  • L n is input to the subtraction operation unit 72 to perform a 32-bit subtraction of Z, the result being R n ⁇ 1 .
  • a result of the 32-bit subtraction is a usual subtraction result added to 2 raised to a power of 32, if the usual subtraction result is negative.
  • R n is used L n ⁇ 1 .
  • R n ⁇ 1 L n ⁇ F Gn ( K 1 , K 2 , R n )
  • This conversion is an inverse conversion of the substitution/permutation conversion means 21 n described with reference to FIG. 2. If the decrypting conversion unit 31 has the same cipher key and algorithm key as those of the encrypting conversion unit 11 , the decrypting conversion unit 31 can decrypt data encrypted by the encrypting conversion unit 11 , in the manner described above.
  • the cipher key has 40 bits or 64 bits and the key length data has one bit
  • the invention is not limited only thereto.
  • the cipher key may have the desired number of bits in the range from 40 to 128 bits and the key length data has 7 bits in order to identify each cipher key.
  • the key conversion means is provided with a selector which selects a position where a cipher key is selected in accordance with the input key length data, in order to generate two conversion keys of 32 bits.
  • Four conversion keys of 32 bits may be generated for a cipher key having 64 bits or more.
  • N substitution/permutation conversion means are divided into two groups to each of which two conversion keys are supplied.
  • substitution/permutation conversion means used for encrypting conversion may be used.
  • a key conversion means for generating eight conversion key of 32 bits will be described.
  • the key conversion means 23 is constituted of eight substitution/permutation conversion means 21 1 to 21 8 and an extension key storage means 100 .
  • the extension key storage means 100 stores eight extension keys KE 1 to KE 8 having a 32-bit length to be used for conversion keys.
  • a cipher key having 64 bits is sequentially converted by the eight substitution/permutation conversion means 21 1 to 21 8 .
  • a conversion algorithm to be used by each substitution/permutation conversion means is determined by each algorithm key stored in the algorithm storage means 24 .
  • Extension keys stored in the extension key storage means 100 are input to each substitution/permutation conversion means. For example, extension keys KE 3 and KE 4 are input to the substitution/permutation conversion means 21 2 .
  • outputs L 1 to L 8 of the eight substitution/permutation conversion means 21 1 to 21 8 are used as the eight extension keys.
  • extension keys stored in the extension key storage means may be used each time data is processed, or may be renewed by a method similar to the algorithm keys.
  • a key sharing process may also be executed for the extension keys by a method similar to the cipher key.
  • the key conversion means 23 described with reference to FIG. 8 can use the substitution/permutation conversion means same as that used by encrypting conversion. Therefore, for example, if the encrypting conversion apparatus of the invention is implemented by hardware, encrypting conversion can be realized with a small circuit scale and with high security.
  • FIG. 9 is a block diagram of a substitution/permutation conversion means 21 n of this embodiment in the encrypting conversion unit 11 shown in FIG. 2 which executes the n-th encrypting conversion.
  • the substitution/permutation conversion means 21 n is constituted of a bit train conversion unit 361 and an operation unit 362 .
  • the operation unit 362 executes either an exclusive logical sum operation or an addition operation of two inputs. Which operation the operation unit 362 executes is determined by an algorithm key.
  • the conversion process to be executed by the substitution/permutation conversion means 21 n is the same as described with the first embodiment.
  • FIG. 10 is a block diagram showing an example of the bit train conversion unit 361 shown in FIG. 9.
  • the bit train conversion unit 361 is constituted of five bit train converters 81 to 85 .
  • the bit train converter 81 includes an operation unit 394 .
  • the bit train converter 82 includes an operation unit 395 , an operation unit 396 , and a cyclic shift unit 91 .
  • the bit train converter 83 includes an operation unit 397 , an operation unit 398 , and a cyclic shift unit 92 .
  • the bit train converter 84 includes an operation unit 399 .
  • the bit train converter 85 includes an operation unit 400 , an operation unit 401 , and a cyclic shift unit 93 . Similar to the operation unit 362 shown in FIG.
  • each of the operation units 394 to 401 executes either an exclusive logical sum operation or an addition operation of two inputs. Which operation the operation units 394 to 401 execute is determined by an algorithm key.
  • the bit train conversion unit 361 performs a bit train conversion by applying bit train converter 81 to 85 to data to be converted. As described above, in the encrypting conversion apparatus of this embodiment, the numbers of addition operations and exclusive logical sum operations can be determined by algorithm keys.
  • FIG. 11 is a block diagram showing an electronic toll collection system.
  • the electronic toll collection system can collect, through electronic account settlement, a toll from an IC card possessed by a driver of a car running on a toll road, at a road side equipment installed on the toll road, without stopping the car.
  • Such an electronic toll collection system is expected to alleviate traffic congestion and improve user convenience through electronic account settlement with IC cards.
  • the electronic toll collection system shown in FIG. 11 includes a car 200 , a road side equipment 201 , an on-board equipment 202 , an IC card 203 , and a key management facility 204 .
  • the car 200 has the on-board equipment 202 into which the IC card 203 is inserted while the car 200 is driven.
  • the road side equipment 201 is installed on the toll road and has a function of collecting a toll while the car 200 passes by.
  • the IC card 203 stores in advance contract information of the electronic toll collection system. While the car 200 passes by the road side equipment, the contract information is transferred by wireless communication from the on-board equipment 202 inserted with the IC card 203 , in order to receive routing information and account settlement information from the road side equipment 201 .
  • the on-board equipment 202 , IC card 203 and road side equipment 201 are required to store in advance a shared algorithm key and a license key issued by the key management facility 204 .
  • these keys may be embedded during manufacture.
  • the license key is embedded in an authorized equipment as secret information and is used for reliably executing the authentication process and cipher key sharing process.
  • an equipment B confirms whether or not an equipment A is an authorized equipment, in order to communicate with the equipment A.
  • the equipment A provides the equipment B with certification that the license key of the equipment A is correct.
  • the license key is secret information, the equipment A is required to provide the equipment B with certification that the license key is correct, without making open the license key.
  • This certification can be realized by utilizing cryptographic techniques.
  • a symmetric key algorithm is described in ISO 9798-2 which is international specifications for security mechanism.
  • the encrypting and decrypting conversion apparatuses of the invention can be used.
  • the road side equipment 201 is constituted of a wireless communication unit 232 , an encrypting/decrypting process unit 230 , a partner authentication/key sharing process unit 233 , a main control unit 235 , and a data storage unit 234 .
  • the on-board equipment 202 is constituted of a wireless communication unit 212 , an encrypting/decrypting process unit 210 , an IC card communication unit 211 , a partner authentication/key sharing process unit 213 , a data storage unit 214 , and a main control unit 215 .
  • the IC card 203 is constituted of an IC card communication unit 221 , an encrypting/decrypting process unit 220 , a partner authentication/key sharing process unit 223 , a data storage unit 224 , and a main control unit 225 .
  • the encrypting/decrypting process units 210 , 220 and 230 have the encrypting and decrypting conversion apparatuses of the invention described previously and can encrypt and decrypt data.
  • the IC card communication units 211 and 221 are used for communication between the on-board equipment 202 and IC card 203 .
  • the wireless communication units 212 and 232 are used for wireless communication between the on-board equipment 202 and road side equipment 201 .
  • the encrypting/decrypting process units 210 , 220 and 230 execute the authentication process of confirming whether a communication partner is authorized and a sharing process of sharing a cipher key to be used for data encryption and decryption.
  • the partner authentication/key sharing process unit 213 uses an encrypting/decrypting conversion function supplied from the encrypting/decrypting process unit 210 in order to execute the partner authentication and key sharing process.
  • the partner authentication/key sharing process unit 223 uses the encrypting/decrypting process unit 220 .
  • the partner authentication/key sharing process unit 233 uses the encrypting/decrypting process unit 230 .
  • the data storage units 214 , 224 and 234 store the algorithm key and license key acquired from the key management facility 204 , and may also store contract information, routing information and account settlement information.
  • FIG. 12 is a flow chart illustrating communications to be executed by the electronic toll collection system shown in FIG. 11.
  • a partner authentication/key sharing process 240 is first performed between the IC card 203 and on-board equipment 202 when the IC card 203 shown in FIG. 11 is set to the on-board equipment 202 .
  • the IC card 203 performs a cryptographic communication 241 to transfer contract information to the on-board equipment 202 .
  • the on-board equipment stores in secret the contract information in the data storage unit 214 (FIG. 11).
  • a partner authentication/key sharing process 250 is performed between the on-board equipment 202 and road side equipment 201 while the car 200 shown in FIG. 11 passes by the road side equipment 201 .
  • the on-board equipment 202 performs a cryptographic communication 251 to transfer the contract information supplied from the IC card to the road side equipment 201 .
  • This cryptographic communication 251 is also used for transferring routing information and account settlement information from the road side equipment 201 , to the on-board equipment 202 .
  • the on-board equipment 202 performs a cryptographic communication 261 to transfer the routing information and account settlement information acquired from the road side equipment 201 , to the IC card 203 .
  • Account settlement for road toll is made between the IC card 203 and road side equipment 201 .
  • communication between the IC card 201 and road side equipment 201 is required to use the on-board equipment 202 .
  • the on-board equipment 202 make an illegal process, an illegal account settlement may be performed.
  • the on-board equipment 202 is assigned an identification number and transfers it to the IC card 203 during the partner authentication/key sharing process 240 with the IC card.
  • the IC card 203 generates a digital signature for both the identification number of the on-board equipment 202 and account settlement history of the IC card 203 and returns them to the on-board equipment 202 .
  • the on-board equipment 202 transfers the identification number and the digital signature acquired from the IC card 203 , to the road side equipment 201 during the partner authentication/key sharing process 250 . Thereafter, the road side equipment 201 verifies the digital signature generated by the IC card 203 to check the time when the on-board equipment 202 was used.
  • FIG. 13 is a detailed flow chart illustrating the cryptographic communication 241 as an example of a cryptographic communication including message authentication.
  • the IC card 203 generates a message authentication code at an MAC generation process 261 .
  • the message to be transferred and the message authentication code are coupled at a coupling process 262 .
  • data containing the coupled message and message authentication code is encrypted at an encrypting process 263 to form encrypted data.
  • the on-board equipment 202 decrypts the data at a decrypting process 264 . Thereafter, at a separating process 265 , the message and message authentication code transferred from the IC card are recovered. Next, the recovered message authentication code is verified at a MAC verifying process 266 in order to verify the correctness of the received message.
  • a road toll can be charged to the IC card 203 and the toll information can be managed at the road side equipment 201 .
  • an encrypting conversion apparatus a decrypting conversion apparatus, a cryptographic communication system and an electronic toll collection apparatus capable of changing algorithms of cryptographic conversion to hide the algorithm in use from a third party so that the apparatuses and system are resistant against a cryptographic attack and can operate at high speed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

An encrypting conversion apparatus, a decrypting conversion apparatus, a cryptographic communication system and an electronic toll collection apparatus are provided which are capable of changing algorithms of cryptographic conversion to hide the algorithm in use from a third party so that the apparatuses and system are resistant against a cryptographic attack from the third party and can operate at high speed. In the cryptographic communication system.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • This application relates to an application U.S. Ser. No. 09/130,529 filed on Aug. 4, 1998 by Makoto Aikawa et al entitled “DATA ENCRYPTING/DECRYPTING CONVERSION METHODS AND APPARATUSES AND DATA COMMUNICATION SYSTEM ADOPTING THE SAME” and assigned to the present assignee. The disclosure of that application is hereby incorporated by reference into the disclosure of this application. [0001]
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention [0002]
  • The present invention relates to techniques for encrypting/decrypting digital data transferred among computers, household information processing appliances, and electronic toll collection apparatuses. [0003]
  • 2. Description of the Related Art [0004]
  • Enciphering techniques for preventing an illegal copy of digital data are essential for digital household information processing appliances. For example, if digital visual data received by a digital broadcasting receiver is digitally recorded in a digital video recorder and the digital visual data has a copyright, both the receiver and digital video recorder are required to have a function of protecting the copyright. In order to realize such a copyright protection system, it is necessary to prevent alteration and illegal copying of digital data by means of setting a limitation to digital data copying, device authentication, and cryptographic techniques such as real time cryptograph of digital data. [0005]
  • An example of conventional cryptographic techniques may be a symmetric key or common key algorithm, typically DES cryptograph disclosed in U.S. Pat. No. 3,962,539. Most of common key algorithms are characterized in a complicated cryptogram formed by repeating a simple conversion. Various approaches have been tried in order to improve security of cryptograms. For example, a cryptographic attack can be made difficult by increasing the number of repetitions of simple conversions to further disturb statistical characteristics of cipher texts. [0006]
  • However, if the number of conversion repetitions is increased, the processing time required for cryptographic conversion becomes long. Therefore, a security reinforcing countermeasure through an increase in the number of repetitions of simple conversions is not suitable for real time cryptograph in the copyright protection system. [0007]
  • In an electronic toll collection system (ETC) of a toll speed-way which has lately attracted attention, a real-time cryptographic processing is required, so that the problem as mentioned above arises. [0008]
  • The electronic toll collection system represents a system which is capable of collecting a toll based on an electronic transaction through a wireless communication between an antenna provided at a toll collecting station and an on-board equipment mounted on a car when the car passes through the toll collecting station, the details of which are described in for example, a Japanese magazine “Card Wave” published by C-Media, March, 1999, pp42-45. In the referred-to system, a real-time cryptographic processing is indispensable in order to send and receive exchange data at real time and protect the exchange data from bugging and unauthorized alteration. [0009]
    • SUMMARY OF THE INVENTION
  • It is an object of the present invention to provide an encrypting conversion apparatus, a decrypting conversion apparatus, a cryptographic communication system and an electronic toll collection apparatus capable of changing algorithms of cryptographic conversion to hide the algorithm in use from a third party so that the apparatuses and system are resistant against a cryptographic attack and can operate at high speed. [0010]
  • According to one aspect of the present invention, there is provided an encrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and plain text data and outputting cipher text data, the apparatus comprising: a plurality stage of encrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once, wherein: the encrypting conversion means includes at least one of each of first to third operation means, the first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, the second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and the third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter; and conversions which use combinations of a plurality stage of consecutive encrypting conversion means optionally selected from all of the encrypting conversion means and use the same input data and the same algorithm parameter, are all different. [0011]
  • According to another aspect of the present invention, there is provided a decrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and cipher text data and outputting plain text data, the apparatus comprising: a plurality stage of decrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once, wherein: the decrypting conversion means includes at least one of each of first to third operation means, the first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, the second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and the third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter; and conversions which use combinations of a plurality stage of consecutive decrypting conversion means optionally selected from all of the encrypting conversion means and use the same input data and the same algorithm parameter, are all different. [0012]
  • According to another aspect of the present invention, there is provided a cryptographic communication system with a common key algorithm for communication between a transmitter apparatus and a receiver apparatus having a same cipher key, the transmitter apparatus encrypting a plain text by using the cipher key to acquire and transmit a cipher text, and the receiving apparatus decrypting the received cipher text by using the cipher key to recover the plain text, wherein: the transmitter apparatus includes encrypting conversion means and first algorithm key storing means; the receiver apparatus includes decrypting conversion means and second algorithm key storing mean; a conversion algorithm to be executed by the encrypting conversion means of the transmitter apparatus is determined by a first parameter stored in the first algorithm key storing means of the transmitter apparatus; a conversion algorithm to be executed by the decrypting conversion means of the receiver apparatus is determined by a second parameter stored in the second algorithm key storing means of the receiver apparatus; and the cipher text encrypted by the transmitter apparatus by using the cipher key can be correctly decrypted by the receiver apparatus by using the cipher key, only if the cipher key as well as the first and second parameters used by the transmitter and receiver apparatuses is same.[0013]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram showing a cryptographic communication system having a transmitter and a receiver according to an embodiment of the invention. [0014]
  • FIG. 2 is a block diagram of an encrypting conversion unit shown in FIG. 1. [0015]
  • FIG. 3 is a block diagram of a key conversion means shown in FIG. 2. [0016]
  • FIG. 4 is a block diagram of a substitution/permutation conversion means shown in FIG. 2. [0017]
  • FIG. 5 is a block diagram of a bit train conversion unit shown in FIG. 4. [0018]
  • FIG. 6 is a block diagram of a decrypting conversion unit shown in FIG. 1. [0019]
  • FIG. 7 is a block diagram of a substitution/permutation conversion means shown in FIG. 6 according to another embodiment of the invention. [0020]
  • FIG. 8 is a block diagram of a key conversion means according to another embodiment of the invention. [0021]
  • FIG. 9 is a block diagram of a substitution/permutation means according to another embodiment of the invention. [0022]
  • FIG. 10 is a block diagram of a bit train conversion unit according to another embodiment of the invention. [0023]
  • FIG. 11 is a block diagram showing an electronic toll collecting system as another embodiment of cryptographic communication of the invention. [0024]
  • FIG. 12 is a chart illustrating communication flows of the electronic toll collecting system. [0025]
  • FIG. 13 is a chart illustrating cryptographic communication of the electronic toll collecting system.[0026]
    • DETAILED DESCRIPTION OF THE EMBODIMENTS
  • Embodiments of the invention will be described with reference to the accompanying drawings. [0027]
  • FIG. 1 is a block diagram showing the configuration of a cryptographic communication system in which a data transmitter equipped with an encrypting conversion apparatus of the invention cryptographically communicates with a data receiver equipped with a decrypting conversion apparatus of the invention. Referring to FIG. 1, the [0028] data transmitter 1 has an encrypting conversion unit 11, a key sharing unit 12, a data processing unit 13, a communication processing unit 14, and a key length data storage means 15. The data receiver 12 has a decrypting conversion unit 31, a key sharing unit 32, a data processing unit 33, and a communication processing unit 34. The data transmitter 1 may be a digital broadcasting receiver. The data receiver 2 may be a digital video recorder. In this case, the data processing units 13 and 33 process digital program data of, for example, MPEG2-TS (Transport Stream) distributed by digital broadcasting services. The data processing unit 13 performs a reception process, a multiplex/separation process, an expansion process, and a transmission process, respectively of digital program data, whereas the data processing unit 33 performs a reception process, an expansion process, and a storage process, respectively of digital program data.
  • The [0029] data transmitter 1 and data receiver 2 share data called a cipher key necessary for data encrypting and decrypting in order to start cryptographic communication. Sharing this cipher key is realized by a message exchange between the key sharing unit 12 of the data transmitter 1 and the key sharing unit 32 of the data receiver via the communication processing units 14 and 34. In this case, the key length is determined in accordance with key length data stored in a key length data storage means 15 of the data transmitter 1. It is desired that the cipher key shared by the data transmitter 1 and data receiver 2 is changed each time data is transferred. This is because since a generated cryptogram is different if the cipher key is different, a cryptographic attack to a cryptogram by a third party becomes difficult. There are various methods of sharing a cipher key. For example, key exchange in a key distribution system by Diffie-Hellman may be used which is detailed, for example, in “Current Cryptograph” by Tatsuaki Okamoto, et al, published by Sangyo Tosho Kabushiki Kaisha, at pp. 200 to 202. With this key exchange, it is very difficult for a third party to infer a cipher key from a tapped message which was exchanged for sharing the cipher key, and it is possible to share a cipher key in high secrecy each time data is transferred.
  • After the cipher key is shared, the [0030] data processing unit 13 of the data transmitter 1 supplies the encrypting conversion unit 11 with data to be transmitted. Data supplied from the data processing unit 13 is still not encrypted, and such data is called hereinafter a “plain text”. The encrypting conversion unit 11 is constituted of an encrypting conversion means 20, a key conversion means 23 and an algorithm key storage means 24. The key conversion means 23 generate a plurality set of data called a conversion key in accordance with the cipher key and key length data. The key length data represents the length of a cipher key determined by cipher key sharing. The algorithm key storage means 24 stores a plurality set of data called an algorithm key. An encrypting conversion algorithm to be executed by the encrypting conversion means 20 is determined by the algorithm key. By using the conversion key generated by the key conversion means 23 and the algorithm key stored in the algorithm key storage means 24, the encrypting conversion means 20 encrypts the plain text and outputs a cipher text. The cipher text generated by the encrypting conversion unit 11 is transmitted from the communication processing unit 14 to the data receiver 2.
  • The [0031] communication processing unit 34 of the data receiver 2 receives the cipher text and supplies it to the decrypting conversion unit 31. The decrypting conversion unit 31 is constituted of a decrypting conversion means 40, a key conversion means 43 and an algorithm key storage means 44. The key conversion means 43 has a structure similar to that of the key conversion means 23, and generates a conversion key in accordance with the cipher key and key length data. The algorithm key storage means 44 has a structure similar to that of the algorithm key storage means 24, and stores an algorithm key. A decrypting conversion algorithm to be executed by the decrypting conversion means 40 is determined by the algorithm key. By using the conversion key generated by the key conversion means 24 and the algorithm key stored in the algorithm key storage means 44, the decrypting conversion means 40 decrypts the cipher text. In this case, only if the decrypting conversion means 20 uses the same algorithm key as that used by the encrypting conversion means 20, the decrypting conversion means 40 can decrypt the cipher text encrypted by the encrypting conversion means 20 into the original plain text. The plain text output from the decrypting conversion unit 31 is supplied to the data processing unit 33 to process data.
  • As described above, the [0032] data transmitter 1 and data receiver 2 can cryptographically communicate with each other only if they have the same algorithm key. Cryptographic communication with an authentication function can be realized by maintaining this algorithm key as secret information. Namely, if the correct algorithm key is held by only an authorized apparatus, cryptographic communication can be performed for only the authorized communication partner apparatus. In order to realize this, a key management facility 3 for generating algorithm keys and collectively managing them is provided as shown in FIG. 1. As shown, authorized apparatuses (in this example, the data transmitter 1 and data receiver 2) acquire the algorithm key from the key management facility 3 without being tapped by a third party. For example, an algorithm key managed by the key management facility 3 may be embedded in the algorithm key storage means 24 and 44 when the data transmitter 1 and data receiver 2 are manufactured. In this case, the data receiver 11 also acquires the key length data at the same time. In this manner, a cipher text transmitted from an authorized apparatus having a correct algorithm key can be decrypted only by an authorized apparatus having the correct algorithm key. In addition to the cipher key, the algorithm key is also secret information so that a cryptographic attack by a third party to a cipher text flowing on the communication path becomes more difficult.
  • Furthermore, since the [0033] data transmitter 1 generates a cipher key basing upon the key length data acquired from the key management facility 3, the length of the cipher key can be renewed. For example, if renewed key length data is embedded in a newly manufactured data transmitter, cryptographic communication with the newly manufactured data transmitter can be performed by using a cipher key having the renewed length. Therefore, it is possible to elongate the key length of a cipher key in the future to thereby further improve security. The key length may be changed in each area where apparatuses are shipped.
  • FIG. 2 is a detailed block diagram showing an example of the [0034] encrypting conversion unit 11. It is assumed that the encrypting conversion unit 11 receives a plain text of 64 bits, a cipher key of 40 or 64 bits and key length data of one bit, and outputs a cipher text of 64 bits. With reference to the key length data, the key conversion means 23 converts the cipher key into conversion keys K1 and K2 each having 32 bits. The key length data takes “0” if the cipher key has 40 bits, and “1” if the cipher key has 64 bits. Conversion by the key conversion means 23 will be later described. The encrypting conversion means 20 of the encrypting conversion unit 11 is constituted of N substitution/permutation conversion means 21 1 to 21 N. A conversion algorithm to be executed by the substitution/permutation conversion means 21 n (where 1≦n≦N) is determined by an algorithm key Gn stored in the algorithm key storage means 24.
  • A plain text is separated into upper 32 bits R[0035] 0 and lower 32 bits L0 and input to the substitution/permutation conversion means 21 1 whereat a first encrypting conversion is performed by using the conversion keys K1 and K2 to output 32 bits R1 and 32 bits L1. These bits R1 and L1 are input to the substitution/permutation conversion means 21 2 whereat a second encrypting conversion is performed by using the conversion keys K1 and K2 to output 32 bits R2 and 32 bits L2. Such encrypting conversion is repeated N times and the last outputs of 32 bits RN and 32 bits LN are combined to obtain a cipher text of 64 bits. The total number N of encrypting conversion repetitions is called a round number.
  • Consider now the case wherein the cipher key is fixed and the same data is input to an optional combination of two or more consecutive substitution/permutation conversion means selected from all the substitution/permutation conversion means. In this case, the conversion result is determined by the algorithm keys Gn. In the encrypting conversion apparatus of this invention, it is assumed that only algorithm keys which provide different conversion results for all combinations are used. Namely, a periodicity does not appear on encrypting conversion which uses a plurality of substitution/permutation conversion means. In this way, secrecy of encrypting conversion can be improved. [0036]
  • FIG. 3 is a block diagram showing an example of the key conversion means [0037] 23 shown in FIG. 2. Referring to FIG. 3, the key conversion means 23 is constituted of a register 26 of a 64-bit length, a multiplexer 27 and an addition operation unit 28. A cipher key is first loaded in the register 26. If the cipher key has 40 bits, it is loaded in the lower 40 bits of the register 26, whereas if the cipher key has 64 bits, it is stored in all bits of the register 26. The lower 32 bits of the register 26 are used as the conversion key K1. If the key length data is “0”, 32 bits of the register 26 from the lower 9-th bit to the lower 40-th bit are selected as an input to the multiplexer 27. If the key length data is “1”, the upper 32 bits of the register 26 are selected as an input to the multiplexer 27. An output of the multiplexer 27 is subjected to a 32-bit addition of K1 at the addition operation unit 28, the result being K2. A result of the 32-bit addition is a remainder of a usual addition result divided by 2 raised to a power of 32.
  • FIG. 4 is a block diagram of the substitution/permutation conversion means [0038] 21 n shown in FIG. 2 which executes the n-th (1≦n≦N) encrypting conversion. Referring to FIG. 4, the substitution/permutation conversion means 21 n is constituted of a bit train conversion unit 61 and an addition operation unit 62. Rn−1 and Ln−1 are converted into Rn and Ln by using the conversion keys K1 and K2. First, the substitution/permutation conversion means 21 n inputs Ln−1 to the bit train conversion unit 61. The conversion algorithm to be executed by the bit train conversion unit 61 is determined by the algorithm key Gn. An input U to the bit train conversion unit 61 is related to an output Z from the unit 61 by the following equation:
  • Z=F Gn( K 1, K 2, U)
  • where the function F[0039] Gn indicates a conversion by the bit train conversion unit 61. The algorithm key Gn is constituted of the following data:
  • G n=(A n , B n , C n , P n , Q n , S n)
  • where A[0040] n, Bn, and Cn are 32-bit data, and Pn, Qn, and Sn are expressed by 1≦Pn≦31, 1≦Qn≦31, and 1≦Sn≦31. The values of the algorithm key Gn may take different values at each n (1≦n≦N).
  • Next, R[0041] n−1 is input to the addition operation unit 62 whereat a 62-bit addition of Zn is performed, the result being Ln. Ln−1 is used as Rn. The above-described conversion is summarized as in the following:
  • L n =R n +F Gn( K 1, K 2, L n−1)
  • R n =L n−1
  • FIG. 5 is a block diagram showing an example of the bit [0042] train conversion unit 61 shown in FIG. 4. The bit train conversion unit 61 is constituted of five bit train converters 81 to 85. The bit train converter 81 includes an exclusive logical sum (exclusive-OR) unit 94. The bit train converter 82 includes an addition calculation unit 95 and a cyclic shift unit 91. The bit train converter 83 includes an addition calculation unit 96 and a cyclic shift unit 92. The bit train converter 84 includes an addition operation unit 97. The bit train converter 85 includes an addition calculation unit 98 and a cyclic shift unit 93.
  • The exclusive [0043] logical sum unit 94 of the bit train converter 81 executes an exclusive logical sum operation of two input values. Of the two input values, one is K1 shown in FIG. 4 and the other is U shown in FIG. 4, i.e., an output value to the bit train conversion unit 61 or bit train converter 81. A conversion by the bit train converter 81 is given by:
  • V=K 1U
  • where V is an output value of the [0044] bit train converter 81 and an expression of X⊕Y indicates an exclusive logical sum of X and Y.
  • The [0045] cyclic shift unit 91 of the bit train converter 82 cyclically shifts to the left only the data Pn (1≦Pn≦31) which is a fraction of the algorithm key Gn. The addition operation unit 95 performs a 32-bit addition of three inputs. Of the three inputs, one is the data An which is a fraction of the algorithm key Gn shown in FIG. 4, another is an input value V to the bit train converter 82, and the other is the data Pn to be cyclically shifted to the left. A conversion by the bit train converter 82 is given by:
  • W=V+(V<<<P n)+A n
  • where W is an output value of the [0046] bit train converter 82 and an expression of X<<<Y indicates a cyclic shift of X to the left by Y-bit.
  • The [0047] cyclic shift unit 92 of the bit train converter 83 cyclically shifts to the left only the data Qn (1≦Qn≦31) which is a fraction of the algorithm key Gn. The addition operation unit 96 performs a 32-bit addition of three inputs. Of the three inputs, one is the data Bn which is a fraction of the algorithm key Gn shown in FIG. 4, another is an input value W to the bit train converter 83, and the other is the data Pn to be cyclically shifted to the left. A conversion by the bit train converter 83 is given by:
  • X=W+(W<<<Q n)+B n
  • where W is an output value of the [0048] bit train converter 83.
  • The addition operation unit [0049] 97 of the bit train converter 84 performs a 32-bit addition of two inputs. Of the two inputs, one is K2 shown in FIG. 2 and the other is an input X to the bit train converter 84. A conversion by the bit train converter 84 is given by:
  • Y=K 2+X
  • where Y is an output value of the [0050] bit train converter 84.
  • The [0051] cyclic shift unit 93 of the bit train converter 85 cyclically shifts to the left only the data Sn (1≦Sn≦31) which is a fraction of the algorithm key Gn. The addition operation unit 98 performs a 32-bit addition of three inputs. Of the three inputs, one is the data Gn which is a fraction of the algorithm key Gn shown in FIG. 4, another is an input value Y to the bit train converter 85, and the other is the data Sn to be cyclically shifted to the left. A conversion by the bit train converter 85 is given by:
  • Z=Y+(Y<<<S n)+C n
  • where Z is an output value of the [0052] bit train converter 85.
  • As described above, the five [0053] bit train converters 81 to 85 of the bit train conversion unit 61 perform a bit train conversion by processing data to be converted. The order of processing data by the five bit train converters 81 to 85 of the bit train conversion unit 61 may be changed. This changed configuration is also included in the scope of the present invention. For example, in place of the order of bit train converter 8182838485, the order of bit train conversion functions 8483818582 may also be used. Although the five bit train converters 81 to 85 are constituted of one exclusive logical sum unit, three cyclic shift units, and four addition operation units, they may be constituted of at least one addition operation unit and at least one cyclic shift operation unit capable of executing substitution/permutation/mixture conversion, with similar expected advantages of the invention.
  • FIG. 6 is a block diagram showing the details of the [0054] decrypting conversion unit 31 shown in FIG. 1. The decrypting conversion unit 31 decrypts a cipher text encrypted by the encrypting conversion unit 11 shown in FIG. 2 into the original plain text. The decrypting conversion unit 31 receives a cipher text of 64 bits, a cipher key of 40 bits or 64 bits, and key length data of one bit, and outputs a plain text of 64 bits. The decrypting conversion means 40 of the decrypting conversion unit 31 is constituted of N substitution/permutation conversion means 41 1 to 21 N. A conversion algorithm to be executed by the substitution/permutation conversion means 41 n (where 1≦n≦N) is determined by an algorithm key Gn stored in the algorithm key storage means 44.
  • A cipher text is separated into upper 32 bits R[0055] N and lower 32 bits LN and input to the substitution/permutation conversion means 41 1 whereat a first decrypting conversion is performed by using conversion keys K1 and K2 to output 32 bits RN−1 and 32 bits LN−1. These bits RN−1 and LN−1 are input to the substitution/permutation conversion means 41 2 whereat a second decrypting conversion is performed by using the conversion keys K1 and K2 to output 32 bits RN−2 and 32 bits LN−2. Such decrypting conversion is repeated N times and the last outputs of 32 bits R0 and 32 bits L0 are combined to obtain a plain text of 64 bits. Similar to the encrypting conversion, the total number N of decrypting conversion repetitions is called a round number.
  • Consider now the case wherein the cipher key is fixed and the same data is input to an optional combination of two or more consecutive substitution/permutation conversion means selected from all the substitution/permutation conversion means. In this case, the conversion result is determined by the algorithm keys Gn. In the encrypting conversion apparatus of this invention, it is assumed that only algorithm keys which provide different conversion results for all combinations are used. Namely, a periodicity does not appear on decrypting conversion which repetitively uses substitution/permutation conversion means. [0056]
  • FIG. 7 is a block diagram of the substitution/permutation conversion means [0057] 41 n shown in FIG. 6 which executes the (N+1−n)−th (1≦n≦N) decrypting conversion. Referring to FIG. 7, the substitution/permutation conversion means 41 n is constituted of a bit train conversion unit 61 described with reference to FIG. 5 and a subtraction operation unit 72. Rn and Ln are converted into Rn−1 and Ln−1 by using the conversion keys K1 and K2. First, the substitution/permutation conversion means 41 n inputs Rn to the bit train conversion unit 61. The conversion algorithm to be executed by the bit train conversion unit 61 is determined by the algorithm key Gn. An input to the bit train conversion unit 61 is represented by U and an output from this unit 61 is represented by Z. Next, Ln is input to the subtraction operation unit 72 to perform a 32-bit subtraction of Z, the result being Rn−1. A result of the 32-bit subtraction is a usual subtraction result added to 2 raised to a power of 32, if the usual subtraction result is negative. Lastly, Rn is used Ln−1. The above-described conversion is summarized as in the following:
  • R n−1 =L n −F Gn( K 1, K 2, R n)
  • L n−1 =R n
  • This conversion is an inverse conversion of the substitution/permutation conversion means [0058] 21 n described with reference to FIG. 2. If the decrypting conversion unit 31 has the same cipher key and algorithm key as those of the encrypting conversion unit 11, the decrypting conversion unit 31 can decrypt data encrypted by the encrypting conversion unit 11, in the manner described above.
  • The embodiment of the [0059] data transmitter 1 equipped with the encrypting conversion unit and the data receiver 2 equipped with the decrypting conversion unit have been described above in detail. It is obvious that a configuration partially changing the above-described configuration is included in the scope of the present invention. For example, although the cipher key has 40 bits or 64 bits and the key length data has one bit, the invention is not limited only thereto. For example, the cipher key may have the desired number of bits in the range from 40 to 128 bits and the key length data has 7 bits in order to identify each cipher key. In this case, the key conversion means is provided with a selector which selects a position where a cipher key is selected in accordance with the input key length data, in order to generate two conversion keys of 32 bits. Four conversion keys of 32 bits may be generated for a cipher key having 64 bits or more. In this case, N substitution/permutation conversion means are divided into two groups to each of which two conversion keys are supplied.
  • In order to generate a plurality of conversion keys, substitution/permutation conversion means used for encrypting conversion may be used. For example, a key conversion means for generating eight conversion key of 32 bits will be described. [0060]
  • Referring to FIG. 8, the key conversion means [0061] 23 is constituted of eight substitution/permutation conversion means 21 1 to 21 8 and an extension key storage means 100. The extension key storage means 100 stores eight extension keys KE1 to KE8 having a 32-bit length to be used for conversion keys. A cipher key having 64 bits is sequentially converted by the eight substitution/permutation conversion means 21 1 to 21 8. A conversion algorithm to be used by each substitution/permutation conversion means is determined by each algorithm key stored in the algorithm storage means 24. Extension keys stored in the extension key storage means 100 are input to each substitution/permutation conversion means. For example, extension keys KE3 and KE4 are input to the substitution/permutation conversion means 21 2.
  • By performing the conversion, outputs L[0062] 1 to L8 of the eight substitution/permutation conversion means 21 1 to 21 8 are used as the eight extension keys.
  • The same extension keys stored in the extension key storage means may be used each time data is processed, or may be renewed by a method similar to the algorithm keys. A key sharing process may also be executed for the extension keys by a method similar to the cipher key. The key conversion means [0063] 23 described with reference to FIG. 8 can use the substitution/permutation conversion means same as that used by encrypting conversion. Therefore, for example, if the encrypting conversion apparatus of the invention is implemented by hardware, encrypting conversion can be realized with a small circuit scale and with high security.
  • Next, the encrypting conversion apparatus and decrypting conversion apparatus according to another embodiment of the invention will be described. [0064]
  • The block diagram of the encrypting conversion apparatus of this embodiment is the same as that shown in FIG. 2 of the first embodiment described earlier. [0065]
  • FIG. 9 is a block diagram of a substitution/permutation conversion means [0066] 21 n of this embodiment in the encrypting conversion unit 11 shown in FIG. 2 which executes the n-th encrypting conversion. Referring to FIG. 9, the substitution/permutation conversion means 21 n is constituted of a bit train conversion unit 361 and an operation unit 362. The operation unit 362 executes either an exclusive logical sum operation or an addition operation of two inputs. Which operation the operation unit 362 executes is determined by an algorithm key. The conversion process to be executed by the substitution/permutation conversion means 21 n is the same as described with the first embodiment.
  • FIG. 10 is a block diagram showing an example of the bit [0067] train conversion unit 361 shown in FIG. 9. The bit train conversion unit 361 is constituted of five bit train converters 81 to 85. The bit train converter 81 includes an operation unit 394. The bit train converter 82 includes an operation unit 395, an operation unit 396, and a cyclic shift unit 91. The bit train converter 83 includes an operation unit 397, an operation unit 398, and a cyclic shift unit 92. The bit train converter 84 includes an operation unit 399. The bit train converter 85 includes an operation unit 400, an operation unit 401, and a cyclic shift unit 93. Similar to the operation unit 362 shown in FIG. 9, each of the operation units 394 to 401 executes either an exclusive logical sum operation or an addition operation of two inputs. Which operation the operation units 394 to 401 execute is determined by an algorithm key. The bit train conversion unit 361 performs a bit train conversion by applying bit train converter 81 to 85 to data to be converted. As described above, in the encrypting conversion apparatus of this embodiment, the numbers of addition operations and exclusive logical sum operations can be determined by algorithm keys.
  • Next, a cryptographic communication system using the encrypting conversion apparatus and decrypting conversion apparatus according to an embodiment of the invention will be described. [0068]
  • FIG. 11 is a block diagram showing an electronic toll collection system. The electronic toll collection system can collect, through electronic account settlement, a toll from an IC card possessed by a driver of a car running on a toll road, at a road side equipment installed on the toll road, without stopping the car. Such an electronic toll collection system is expected to alleviate traffic congestion and improve user convenience through electronic account settlement with IC cards. [0069]
  • The electronic toll collection system shown in FIG. 11 includes a [0070] car 200, a road side equipment 201, an on-board equipment 202, an IC card 203, and a key management facility 204.
  • The [0071] car 200 has the on-board equipment 202 into which the IC card 203 is inserted while the car 200 is driven.
  • The [0072] road side equipment 201 is installed on the toll road and has a function of collecting a toll while the car 200 passes by.
  • The [0073] IC card 203 stores in advance contract information of the electronic toll collection system. While the car 200 passes by the road side equipment, the contract information is transferred by wireless communication from the on-board equipment 202 inserted with the IC card 203, in order to receive routing information and account settlement information from the road side equipment 201.
  • In order to maintain security and reliability of such processes, it is necessary to verify authentication of contract information, routing information and account settlement information and to prevent illegal alteration and tapping of the information. Between the IC card and on-[0074] board equipment 202 and between the on-board equipment 202 and road side equipment, it is necessary to execute an authentication process for a communication partner, a sharing process of sharing a cipher key to be used for encrypting/decrypting exchange data, and a cryptographic communication using the shared cipher key. To these third party authentication process, cipher key sharing process and cryptographic communication, the encrypting and decrypting conversion apparatuses of the invention can be applied.
  • In order to realize the above-described processes, the on-[0075] board equipment 202, IC card 203 and road side equipment 201 are required to store in advance a shared algorithm key and a license key issued by the key management facility 204. For example, these keys may be embedded during manufacture.
  • The details of the algorithm key and encrypting and decrypting conversions set by the algorithm key have been given above. [0076]
  • The license key is embedded in an authorized equipment as secret information and is used for reliably executing the authentication process and cipher key sharing process. Consider for example that an equipment B confirms whether or not an equipment A is an authorized equipment, in order to communicate with the equipment A. In this case, the equipment A provides the equipment B with certification that the license key of the equipment A is correct. Since the license key is secret information, the equipment A is required to provide the equipment B with certification that the license key is correct, without making open the license key. This certification can be realized by utilizing cryptographic techniques. For example, a symmetric key algorithm is described in ISO 9798-2 which is international specifications for security mechanism. As a specific example of the symmetric key algorithm, the encrypting and decrypting conversion apparatuses of the invention can be used. [0077]
  • Elements constituting the apparatuses shown in FIG. 11 will be described. [0078]
  • The [0079] road side equipment 201 is constituted of a wireless communication unit 232, an encrypting/decrypting process unit 230, a partner authentication/key sharing process unit 233, a main control unit 235, and a data storage unit 234.
  • The on-[0080] board equipment 202 is constituted of a wireless communication unit 212, an encrypting/decrypting process unit 210, an IC card communication unit 211, a partner authentication/key sharing process unit 213, a data storage unit 214, and a main control unit 215.
  • The [0081] IC card 203 is constituted of an IC card communication unit 221, an encrypting/decrypting process unit 220, a partner authentication/key sharing process unit 223, a data storage unit 224, and a main control unit 225.
  • The encrypting/[0082] decrypting process units 210, 220 and 230 have the encrypting and decrypting conversion apparatuses of the invention described previously and can encrypt and decrypt data.
  • The IC [0083] card communication units 211 and 221 are used for communication between the on-board equipment 202 and IC card 203.
  • The [0084] wireless communication units 212 and 232 are used for wireless communication between the on-board equipment 202 and road side equipment 201.
  • The encrypting/[0085] decrypting process units 210, 220 and 230 execute the authentication process of confirming whether a communication partner is authorized and a sharing process of sharing a cipher key to be used for data encryption and decryption. The partner authentication/key sharing process unit 213 uses an encrypting/decrypting conversion function supplied from the encrypting/decrypting process unit 210 in order to execute the partner authentication and key sharing process. In order to realize similar functions, the partner authentication/key sharing process unit 223 uses the encrypting/decrypting process unit 220. Similarly, the partner authentication/key sharing process unit 233 uses the encrypting/decrypting process unit 230.
  • The [0086] data storage units 214, 224 and 234 store the algorithm key and license key acquired from the key management facility 204, and may also store contract information, routing information and account settlement information.
  • FIG. 12 is a flow chart illustrating communications to be executed by the electronic toll collection system shown in FIG. 11. [0087]
  • In the flow chart shown in FIG. 12, a partner authentication/[0088] key sharing process 240 is first performed between the IC card 203 and on-board equipment 202 when the IC card 203 shown in FIG. 11 is set to the on-board equipment 202. After the partner authentication/key sharing process 240 is succeeded, the IC card 203 performs a cryptographic communication 241 to transfer contract information to the on-board equipment 202. Upon reception of the contract information from the IC card 203, the on-board equipment stores in secret the contract information in the data storage unit 214 (FIG. 11).
  • Next, a partner authentication/[0089] key sharing process 250 is performed between the on-board equipment 202 and road side equipment 201 while the car 200 shown in FIG. 11 passes by the road side equipment 201. After the partner authentication/key sharing process 250 is succeeded, the on-board equipment 202 performs a cryptographic communication 251 to transfer the contract information supplied from the IC card to the road side equipment 201. This cryptographic communication 251 is also used for transferring routing information and account settlement information from the road side equipment 201, to the on-board equipment 202.
  • Next, the on-[0090] board equipment 202 performs a cryptographic communication 261 to transfer the routing information and account settlement information acquired from the road side equipment 201, to the IC card 203.
  • Account settlement for road toll is made between the [0091] IC card 203 and road side equipment 201. However, communication between the IC card 201 and road side equipment 201 is required to use the on-board equipment 202. In this case, if the on-board equipment 202 make an illegal process, an illegal account settlement may be performed. In order to avoid such a process, it is necessary for the road side equipment 201 to identify the on-board equipment 202 used with the IC card 203 for account settlement. For example, the on-board equipment 202 is assigned an identification number and transfers it to the IC card 203 during the partner authentication/key sharing process 240 with the IC card. The IC card 203 generates a digital signature for both the identification number of the on-board equipment 202 and account settlement history of the IC card 203 and returns them to the on-board equipment 202. The on-board equipment 202 transfers the identification number and the digital signature acquired from the IC card 203, to the road side equipment 201 during the partner authentication/key sharing process 250. Thereafter, the road side equipment 201 verifies the digital signature generated by the IC card 203 to check the time when the on-board equipment 202 was used.
  • It is also necessary to prevent a third party to alter encrypted data flowing on a communication path during the [0092] cryptographic communication 241, 251 and 261. In order to realize this, it is necessary to perform a message authentication capable of judging whether the received message is correct. In order to perform the message authentication, a transmitter and a receiver shares in advance a message authentication key which is kept in secret. Sharing the message authentication key is performed, for example, in the partner authentication/key sharing process 250 shown in FIG. 12. The transmitter generates data called a message authentication code (MAC) from a message to be transferred and the message authentication key. The transmitter transmits the message together with the message authentication code to the receiver. The receiver verifies the received message authentication code by using the message authentication key. It is possible to judge from this verification whether the received message was altered. As the message authentication, for example, a method using a symmetric key algorithm is described in ISO 9797 which is international specifications for security mechanism. As a specific example of the symmetric key algorithm, the encrypting and decrypting conversion apparatuses of the invention can be used.
  • FIG. 13 is a detailed flow chart illustrating the [0093] cryptographic communication 241 as an example of a cryptographic communication including message authentication. Referring to the flow chart shown in FIG. 13, first the IC card 203 generates a message authentication code at an MAC generation process 261. Next, the message to be transferred and the message authentication code are coupled at a coupling process 262. Thereafter, data containing the coupled message and message authentication code is encrypted at an encrypting process 263 to form encrypted data.
  • Next, upon reception of the encrypted data, the on-[0094] board equipment 202 decrypts the data at a decrypting process 264. Thereafter, at a separating process 265, the message and message authentication code transferred from the IC card are recovered. Next, the recovered message authentication code is verified at a MAC verifying process 266 in order to verify the correctness of the received message.
  • In the above manner, data not permitted to be altered or tapped, such as toll information and routing information, can be exchanged with security. [0095]
  • With the above processes, a road toll can be charged to the [0096] IC card 203 and the toll information can be managed at the road side equipment 201.
  • According to the present invention, it is possible to realize an encrypting conversion apparatus, a decrypting conversion apparatus, a cryptographic communication system and an electronic toll collection apparatus capable of changing algorithms of cryptographic conversion to hide the algorithm in use from a third party so that the apparatuses and system are resistant against a cryptographic attack and can operate at high speed. [0097]

Claims (17)

What is claimed is
1. An encrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and plain text data and outputting cipher text data, said encrypting apparatus comprising:
a plurality stage of encrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once,
wherein:
said encrypting conversion means includes at least one of each of first to third operation means, said first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, said second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and said third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter; and
conversions which use combinations of a plurality stage of consecutive encrypting conversion means optionally selected from all of said encrypting conversion means and use the same input data and the same algorithm parameter, are all different.
2. A decrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and cipher text data and outputting plain text data, the apparatus comprising:
a plurality stage of decrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once,
wherein:
said decrypting conversion means includes at least one of each of first to third operation means, said first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, said second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and said third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter; and
conversions which use combinations of a plurality stage of consecutive decrypting conversion means optionally selected from all of said decrypting conversion means and use the same input data and the same algorithm parameter, are all different.
3. A cryptographic communication system with a common key algorithm for communication between a transmitter apparatus and a receiver apparatus having a same cipher key, the transmitter apparatus encrypting a plain text by using the cipher key to acquire and transmit a cipher text, and the receiving apparatus decrypting the received cipher text by using the cipher key to recover the plain text, wherein:
said transmitter apparatus includes encrypting conversion means and first algorithm key storing means;
said receiver apparatus includes decrypting conversion means and second algorithm key storing mean;
a conversion algorithm to be executed by said encrypting conversion means of said transmitter apparatus is determined by a first parameter stored in said first algorithm key storing means of said transmitter apparatus;
a conversion algorithm to be executed by said decrypting conversion means of said receiver apparatus is determined by a second parameter stored in said second algorithm key storing means of said receiver apparatus; and
the cipher text encrypted by said transmitter apparatus by using the cipher key can be correctly decrypted by said receiver apparatus by using the cipher key, only if the cipher key as well as the first and second parameters used by said transmitter and receiver apparatuses is same.
4. A cryptographic communication system according to claim 3, wherein said transmitter apparatus uses a predetermined specific third parameter as the first parameter, and said receiver apparatus uses the third parameter as the second parameter.
5. A cryptographic communication system with a common key algorithm for communication between a transmitter apparatus and a receiver apparatus having a same cipher key, the transmitter apparatus encrypting a plain text by using the cipher key to acquire and transmit a cipher text, and the receiving apparatus decrypting the received cipher text by using the cipher key to recover the plain text, wherein:
said transmitter apparatus includes key length storing means for storing a key length data, first key sharing means for sharing a key data, and encrypting conversion means for encrypting;
said receiver apparatus includes second key sharing means for sharing a key data and decrypting conversion means for decrypting; and
prior to starting cryptographic communication, said transmitter and receiver apparatuses share the cipher key having a length designated by key length data stored in said key length storing means of said transmitter apparatus, by using said first key sharing means of said transmitter apparatus and said second key sharing means of said receiver apparatus.
6. A cryptographic communication system according to claim 5, wherein said transmitter apparatus uses predetermined specific key length data.
7. A cryptographic communication system according to claim 5, wherein:
said encrypting conversion means includes a plurality stage of a first substitution/permutation conversion means for performing substitution/permutation conversion and outputs the cipher text by processing the plain text at each of said first substitution/permutation conversion means by using the cipher key or data converted from the cipher key; and
each of said first substitution/permutation conversion means for data conversion includes bit train converters which include a plurality stage of cyclic shift operation means and a plurality stage of addition operation units.
8. A cryptographic communication system according to claim 7, wherein an output of each of said cyclic shift operation units is determined by input data to be converted and a portion of the third parameter.
9. A cryptographic communication system according to claim 7, wherein an output of each of said addition operation units is determined by input data to be converted and a portion of the third parameter.
10. A cryptographic communication system according to claim 5, wherein:
said decrypting conversion means includes a plurality stage of second substitution/permutation conversion means for performing substitution/permutation conversion and outputs the plain text by processing the cipher text at each of said second substitution/permutation conversion means by using the cipher key or data converted from the cipher key; and
each of said second substitution/permutation conversion means for data conversion includes bit train converters which include a plurality stage of cyclic shift operation means and a plurality stage of addition operation means.
11. An IC card to be used for an electronic toll collection system capable of collecting a toll from the IC card inserted into an on-board apparatus of a car running on a toll road, while the car passes by a road side equipment on the toll road, without stopping the car, said on-board apparatus including encrypting/decrypting conversion means for encrypting and decrypting a data and first algorithm key storing means for storing an algorithm key, and a conversion algorithm to be performed by the encrypting/decrypting conversion means of the on-board apparatus being determined by a first parameter stored in the first algorithm key storing means, wherein:
the IC card comprises said encrypting/decrypting conversion means and second algorithm key storing means for storing an algorithm key;
a conversion algorithm to be performed by said encrypting/decrypting conversion means of the IC card is determined by a second parameter stored in the second algorithm key storing means of the IC card; and
the IC card can cryptographically communicate with the on-board apparatus only if the second parameter is same as the first parameter.
12. An on-board apparatus to be used for an electronic toll collection system capable of collecting a toll from an IC card inserted into the on-board apparatus of a car running on a toll road, while the car passes by a road side equipment on the toll road, without stopping the car, the on-board apparatus including encrypting/decrypting conversion means and first algorithm key storing means, and a conversion algorithm to be executed by the encrypting/decrypting conversion means of the on-board apparatus being determined by a first parameter stored in the first algorithm key storing means, wherein:
the on-board apparatus comprises said encrypting/decrypting conversion means and second algorithm key storing means;
a conversion algorithm to be executed by said encrypting/decrypting conversion means of the on-board apparatus is determined by a second parameter stored in the second algorithm key storing means of the on-board apparatus; and
the on-board apparatus can cryptographically communicate with the road side apparatus only if the second parameter is same as the first parameter.
13. A road side apparatus to be used for an electronic toll collection system capable of collecting a toll from an IC card inserted into an on-board apparatus of a car running on a toll road, while the car passes by the road side equipment on the toll road, without stopping the car, the on-board apparatus including encrypting/decrypting conversion means and first algorithm key storing means, and a conversion algorithm to be executed by the encrypting/decrypting conversion means of the on-board apparatus being determined by a first parameter stored in the first algorithm key storing means, wherein:
the road side apparatus comprises said encrypting/decrypting conversion means and second algorithm key storing means;
a conversion algorithm to be executed by said encrypting/decrypting conversion means of the road side apparatus is determined by a second parameter stored in the second algorithm key storing means of the road side apparatus; and
the road side apparatus can cryptographically communicate with the on-board apparatus only if the second parameter is same as the first parameter.
14. An encrypting conversion apparatus for inputting at least one cipher key and plain text data and outputting cipher text data, the encrypting conversion apparatus comprising:
a plurality stage of encrypting conversion means for performing a substitution conversion for substituting data for different data and a permutation conversion for rearranging bits of data,
wherein said encrypting conversion means executes either an exclusive logical sum operation or an addition operation of input data and first data generated from the cipher key, thereafter executes the substitution and permutation conversions, thereafter executes either an exclusive logical sum operation or an addition operation of the input data and second data generated from the cipher key, and thereafter executes the substitution conversion.
15. A decrypting conversion apparatus for inputting at least one cipher key and cipher text data and outputting plain text data, the decrypting conversion apparatus comprising:
a plurality stage of decrypting conversion means for performing a substitution conversion for substituting data for different data and a permutation conversion for rearranging bits of data,
wherein said decrypting conversion means executes either an exclusive logical sum operation or an addition operation of input data and first data generated from the cipher key, thereafter executes the substitution and permutation conversions, thereafter executes either an exclusive logical sum operation or an addition operation of the input data and second data generated from the cipher key, and thereafter executes the substitution conversion.
16. An encrypting method for inputting at least one cipher key, at least one algorithm parameter, and plain text data and outputting cipher text data, said encrypting method comprising the steps of:
performing a plurality stage of encryptions each by executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once,
said encrypting step including at least one of each of first to third operation sub-steps, said first operation sub-step, executing either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, said second operation sub-step executing either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and said third operation sub-step cyclically shifting input data by the number of bits determined by the algorithm parameter; and
combining a plurality stage of consecutive encrypting steps optionally selected from all of said encrypting steps with use of the same input data and the same algorithm parameter such that the encryption results are all different.
17. A decrypting method for inputting at least one cipher key, at least one algorithm parameter, and cipher text data and outputting plain text data, said method comprising the steps of:
performing a plurality stage of decryptions each by executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once,
said decrypting step including at least one of each of first to third operation sub-steps, said first operation sub-step executing either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, said second operation sub-step executing either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and said third operation sub-step cyclically shifting input data by the number of bits determined by the algorithm parameter; and
combining a plurality stage of consecutive decrypting steps optionally selected from all of said decrypting steps with use of the same input data and the same algorithm parameter such that the decryption results are all different.
US10/254,581 1998-05-29 2002-09-26 Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus Abandoned US20030026430A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/254,581 US20030026430A1 (en) 1998-05-29 2002-09-26 Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP14871298 1998-05-29
JP10-148712 1998-05-29
US09/323,252 US6683956B1 (en) 1998-05-29 1999-06-01 Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus
US10/254,581 US20030026430A1 (en) 1998-05-29 2002-09-26 Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/323,252 Division US6683956B1 (en) 1998-05-29 1999-06-01 Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus

Publications (1)

Publication Number Publication Date
US20030026430A1 true US20030026430A1 (en) 2003-02-06

Family

ID=15458919

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/323,252 Expired - Lifetime US6683956B1 (en) 1998-05-29 1999-06-01 Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus
US10/254,581 Abandoned US20030026430A1 (en) 1998-05-29 2002-09-26 Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/323,252 Expired - Lifetime US6683956B1 (en) 1998-05-29 1999-06-01 Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus

Country Status (2)

Country Link
US (2) US6683956B1 (en)
DE (1) DE19924986B4 (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020152392A1 (en) * 2001-04-12 2002-10-17 Motorola, Inc. Method for securely providing encryption keys
US20040250061A1 (en) * 2003-05-07 2004-12-09 Hiroki Yamauchi Transmission/reception system
US20050003880A1 (en) * 2003-07-02 2005-01-06 Englman Allon G. Gaming machine having multiple level progressive feature with player controlled outcome
US20050147252A1 (en) * 2003-12-29 2005-07-07 American Express Travel Related Services Company, Inc. System and method for high speed reversible data encryption
US20050279831A1 (en) * 2004-05-10 2005-12-22 Robinson Benjamin P Toll fee system and method
US20060277406A1 (en) * 2005-05-20 2006-12-07 Yoko Hashimoto System and method for encrypted communication
US20070124199A1 (en) * 2005-10-13 2007-05-31 Rent-A-Toll, Ltd. System, method and computer readable medium for toll service activation and billing
US20070124198A1 (en) * 2005-09-07 2007-05-31 Robinson Benjamin P System, method and computer readable medium for billing tolls
US20070124197A1 (en) * 2005-09-07 2007-05-31 Rent-A-Toll, Ltd. System, method and computer readable medium for billing
US20070192177A1 (en) * 2006-01-09 2007-08-16 Rent-A-Toll, Ltd. Billing a rented third party transport including an on-board unit
US20070242822A1 (en) * 2006-04-12 2007-10-18 Sony Corporation System, device, method, and program for communication
US20070285280A1 (en) * 2006-06-07 2007-12-13 Rent-A-Toll, Ltd. Providing toll services utilizing a cellular device
US20070285279A1 (en) * 2006-05-18 2007-12-13 Rent-A-Toll, Ltd. Determining a toll amount
US20070297611A1 (en) * 2004-08-25 2007-12-27 Mi-Young Yun Method for Security Association Negotiation with Extensible Authentication Protocol in Wireless Portable Internet System
US20080147491A1 (en) * 2006-12-18 2008-06-19 Rent-A-Toll, Ltd. Transferring toll data from a third party operated transport to a user account
US20080184031A1 (en) * 2006-09-06 2008-07-31 Mcgough Paul Real privacy management authentication system
US20090245508A1 (en) * 2001-08-30 2009-10-01 National Institute Of Informatio And Communicationd Technology Incorporated Converter, encryption/decryption system, multi-stage converter, converting method, multi-stage converting method, program, and information recording medium
US20100111423A1 (en) * 2008-10-10 2010-05-06 Balachandran Sarath K Method and system for processing vehicular violations
US20110293087A1 (en) * 2010-05-27 2011-12-01 Canon Kabushiki Kaisha Data encryption device and control method thereof
US20120284531A1 (en) * 2004-03-11 2012-11-08 Hitachi, Ltd. Method and apparatus for cryptographic conversion in a data storage system
CN104077814A (en) * 2013-03-29 2014-10-01 深圳市金溢科技股份有限公司 Electronic no-parking charging system, device, authentication method and trading method
US9418487B2 (en) 2006-01-09 2016-08-16 Ats Tolling Llc Billing a rented third party transport including an on-board unit
CN112580071A (en) * 2020-12-09 2021-03-30 深圳前海微众银行股份有限公司 Data processing method and device
US11303618B2 (en) * 2020-02-17 2022-04-12 International Business Machines Corporation Encryption management
US11429736B2 (en) 2020-02-17 2022-08-30 International Business Machines Corporation Encryption management

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000305453A (en) * 1999-04-21 2000-11-02 Nec Corp Ciphering device, deciphering device, and ciphering and deciphering device
TW556111B (en) * 1999-08-31 2003-10-01 Toshiba Corp Extended key generator, encryption/decryption unit, extended key generation method, and storage medium
WO2001043339A1 (en) * 1999-12-07 2001-06-14 Sanyo Electric Co., Ltd. Device for reproducing data
DE10036372A1 (en) * 2000-07-18 2002-01-31 Univ Berlin Tech Transmitter for transmitter/receiver arrangement has encoding arrangement between data converter and data output for converting data of first type into coded data of same data type

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3962539A (en) * 1975-02-24 1976-06-08 International Business Machines Corporation Product block cipher system for data security
US4255811A (en) * 1975-03-25 1981-03-10 International Business Machines Corporation Key controlled block cipher cryptographic system
US4850019A (en) * 1985-11-08 1989-07-18 Nippon Telegraph And Telephone Corporation Data randomization equipment
JP2760799B2 (en) * 1988-04-28 1998-06-04 株式会社日立製作所 Encryption method
US4926479A (en) * 1988-04-29 1990-05-15 Massachusetts Institute Of Technology Multiprover interactive verification system
US5113444A (en) * 1990-09-05 1992-05-12 Arnold Vobach Random choice cipher system and method
US5270956A (en) * 1991-03-18 1993-12-14 University Of Maryland System and method for performing fast algebraic operations on a permutation network
US5550809A (en) * 1992-04-10 1996-08-27 Ericsson Ge Mobile Communications, Inc. Multiple access coding using bent sequences for mobile radio communications
JPH0812537B2 (en) * 1993-03-11 1996-02-07 日本電気株式会社 Encryption device
DE69322376T2 (en) * 1993-05-05 1999-05-06 Zunquan San Diego Calif. Liu Data encryption facility and method
US5511123A (en) * 1994-08-04 1996-04-23 Northern Telecom Limited Symmetric cryptographic system for data encryption
US5724428A (en) * 1995-11-01 1998-03-03 Rsa Data Security, Inc. Block encryption algorithm with data-dependent rotations

Cited By (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020152392A1 (en) * 2001-04-12 2002-10-17 Motorola, Inc. Method for securely providing encryption keys
US20090245508A1 (en) * 2001-08-30 2009-10-01 National Institute Of Informatio And Communicationd Technology Incorporated Converter, encryption/decryption system, multi-stage converter, converting method, multi-stage converting method, program, and information recording medium
US8265268B2 (en) * 2001-08-30 2012-09-11 National Institute Of Information And Communications Technology Incorporated Administrative Agency Converter, encryption/decryption system, multi-stage converter, converting method, multi-stage converting method, program, and information recording medium
US20040250061A1 (en) * 2003-05-07 2004-12-09 Hiroki Yamauchi Transmission/reception system
US7457410B2 (en) * 2003-05-07 2008-11-25 Panasonic Corporation Transmission/reception system
US20050003880A1 (en) * 2003-07-02 2005-01-06 Englman Allon G. Gaming machine having multiple level progressive feature with player controlled outcome
US7257225B2 (en) 2003-12-29 2007-08-14 American Express Travel Related Services Company, Inc. System and method for high speed reversible data encryption
US20050147252A1 (en) * 2003-12-29 2005-07-07 American Express Travel Related Services Company, Inc. System and method for high speed reversible data encryption
US20120284531A1 (en) * 2004-03-11 2012-11-08 Hitachi, Ltd. Method and apparatus for cryptographic conversion in a data storage system
US20050279831A1 (en) * 2004-05-10 2005-12-22 Robinson Benjamin P Toll fee system and method
US10685502B2 (en) 2004-05-10 2020-06-16 Ats Tolling Llc Toll fee system and method
US8473333B2 (en) 2004-05-10 2013-06-25 Rent A Toll, Ltd. Toll fee system and method
US8473332B2 (en) 2004-05-10 2013-06-25 Rent A Toll, Ltd. Toll fee system and method
US20090228350A1 (en) * 2004-05-10 2009-09-10 Robinson Benjamin P Toll fee system and method
US7407097B2 (en) 2004-05-10 2008-08-05 Rent A Toll, Ltd. Toll fee system and method
US8127136B2 (en) * 2004-08-25 2012-02-28 Samsung Electronics Co., Ltd Method for security association negotiation with extensible authentication protocol in wireless portable internet system
US20070297611A1 (en) * 2004-08-25 2007-12-27 Mi-Young Yun Method for Security Association Negotiation with Extensible Authentication Protocol in Wireless Portable Internet System
US7984290B2 (en) * 2005-05-20 2011-07-19 Hitachi, Ltd. System and method for encrypted communication
US20060277406A1 (en) * 2005-05-20 2006-12-07 Yoko Hashimoto System and method for encrypted communication
US20070124198A1 (en) * 2005-09-07 2007-05-31 Robinson Benjamin P System, method and computer readable medium for billing tolls
US8768753B2 (en) 2005-09-07 2014-07-01 Rent A Toll, Ltd. System, method and computer readable medium for billing tolls
US8744905B2 (en) 2005-09-07 2014-06-03 Rent A Toll, Ltd. System, method and computer readable medium for billing tolls
US20070124197A1 (en) * 2005-09-07 2007-05-31 Rent-A-Toll, Ltd. System, method and computer readable medium for billing
US9715703B2 (en) 2005-10-13 2017-07-25 Ats Tolling Llc System, method and computer readable medium for billing based on a duration of service period
US20090222331A1 (en) * 2005-10-13 2009-09-03 Robinson Benjamin P System, method and computer readable medium for billing based on a duration of a service period
US8374909B2 (en) 2005-10-13 2013-02-12 Rent A Toll, Ltd. System, method and computer readable medium for billing based on a duration of a service period
US20070299721A1 (en) * 2005-10-13 2007-12-27 Rent-A-Toll, Ltd. System, method and computer readable medium for billing based on a duration of a service period
US20090292596A1 (en) * 2005-10-13 2009-11-26 Robinson Benjamin P System, method and computer readable medium for toll service activation and billing
US20070124199A1 (en) * 2005-10-13 2007-05-31 Rent-A-Toll, Ltd. System, method and computer readable medium for toll service activation and billing
US8195506B2 (en) 2005-10-13 2012-06-05 Rent A Toll, Ltd. System, method and computer readable medium for billing based on a duration of a service period
US20070192177A1 (en) * 2006-01-09 2007-08-16 Rent-A-Toll, Ltd. Billing a rented third party transport including an on-board unit
US10176646B2 (en) 2006-01-09 2019-01-08 Ats Tolling Llc Billing a rented third party transport including an on-board unit
US12340632B2 (en) 2006-01-09 2025-06-24 American Traffic Solutions Consolidated, L.L.C. Providing toll service for a vehicle including an on-board unit
US9418487B2 (en) 2006-01-09 2016-08-16 Ats Tolling Llc Billing a rented third party transport including an on-board unit
US8768754B2 (en) 2006-01-09 2014-07-01 Rent-A-Toll, Ltd. Billing a rented third party transport including an on-board unit
US20070242822A1 (en) * 2006-04-12 2007-10-18 Sony Corporation System, device, method, and program for communication
US7501961B2 (en) 2006-05-18 2009-03-10 Rent A Toll, Ltd. Determining a toll amount
US20070285279A1 (en) * 2006-05-18 2007-12-13 Rent-A-Toll, Ltd. Determining a toll amount
US20070285280A1 (en) * 2006-06-07 2007-12-13 Rent-A-Toll, Ltd. Providing toll services utilizing a cellular device
US7899185B2 (en) * 2006-09-06 2011-03-01 Mcgough Paul Real privacy management authentication system
US20080184031A1 (en) * 2006-09-06 2008-07-31 Mcgough Paul Real privacy management authentication system
US7774228B2 (en) 2006-12-18 2010-08-10 Rent A Toll, Ltd Transferring toll data from a third party operated transport to a user account
US20080147491A1 (en) * 2006-12-18 2008-06-19 Rent-A-Toll, Ltd. Transferring toll data from a third party operated transport to a user account
US8738525B2 (en) 2008-10-10 2014-05-27 Rent A Toll, Ltd. Method and system for processing vehicular violations
US8363899B2 (en) 2008-10-10 2013-01-29 Rent A Toll, Ltd. Method and system for processing vehicular violations
US20100111423A1 (en) * 2008-10-10 2010-05-06 Balachandran Sarath K Method and system for processing vehicular violations
US8689014B2 (en) * 2010-05-27 2014-04-01 Canon Kabushiki Kaisha Data encryption device and control method thereof
US20110293087A1 (en) * 2010-05-27 2011-12-01 Canon Kabushiki Kaisha Data encryption device and control method thereof
CN104077814A (en) * 2013-03-29 2014-10-01 深圳市金溢科技股份有限公司 Electronic no-parking charging system, device, authentication method and trading method
US11303618B2 (en) * 2020-02-17 2022-04-12 International Business Machines Corporation Encryption management
US11429736B2 (en) 2020-02-17 2022-08-30 International Business Machines Corporation Encryption management
US11641349B2 (en) 2020-02-17 2023-05-02 International Business Machines Corporation Encryption management
CN112580071A (en) * 2020-12-09 2021-03-30 深圳前海微众银行股份有限公司 Data processing method and device
WO2022121607A1 (en) * 2020-12-09 2022-06-16 深圳前海微众银行股份有限公司 Data processing method and apparatus

Also Published As

Publication number Publication date
DE19924986B4 (en) 2006-03-23
US6683956B1 (en) 2004-01-27
DE19924986A1 (en) 1999-12-02

Similar Documents

Publication Publication Date Title
US6683956B1 (en) Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus
EP1119131B1 (en) Method and apparatus for encrypting contents information
US6504930B2 (en) Encryption and decryption method and apparatus using a work key which is generated by executing a decryption algorithm
US7571320B2 (en) Circuit and method for providing secure communications between devices
EP0735723B1 (en) Cryptographic communication method and cryptographic communication device
EP0840477B1 (en) Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded
EP0403656B1 (en) Communication equipment
US5345508A (en) Method and apparatus for variable-overhead cached encryption
US5444781A (en) Method and apparatus for decryption using cache storage
CA2373787C (en) Self authentication ciphertext chaining
EP1882346B1 (en) Communication protocol and electronic communication system, in particular authentication control system, as well as corresponding method
CN112953712B (en) Data cross-chain sharing method based on zero knowledge proof and homomorphic encryption
US7570759B2 (en) System and method for secure encryption
MXPA06009235A (en) Method and apparatus for cryptographically processing data.
CA2441392A1 (en) Encrypting apparatus
EP1120934B1 (en) Method and apparatus for key distribution using a key base
US7783045B2 (en) Secure approach to send data from one system to another
CN101883102A (en) How to generate links
JP3172396B2 (en) Cryptographic communication device and cryptographic communication system
JP4556252B2 (en) IC card, in-vehicle device and roadside device used for encryption conversion device, decryption conversion device, encryption communication device and automatic fee collection system
JP3172398B2 (en) Communication device and communication system
US20010046296A1 (en) Encryption method and cryptographic communication method
CN112187446A (en) Authentication encryption method, verification decryption method and communication method
CN119300024B (en) A secure communication method and system for digital car keys
JP3172397B2 (en) Cryptographic communication device and cryptographic communication system

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载