JPH07303102A - Communication equipment - Google Patents

Abstract

PURPOSE:To prevent the deterioration in the security of a ciphering algorithm resulting from a fact that a head part of an original is generally at a white level by revising a CBC initial value with a prescribed arithmetic operation using number of times of communication for its factor. CONSTITUTION:An initial setting value IV of CBC ciphering codes in 64-bits decided for each communication opposite party in the case of transmission is read from a RAM in a control section 1 comprising a microcomputer or the like. A read section 11 provided with a scanner reads a transmission original, and ciphering is applied to each block at a head of signals coded by an image processing section 12 by using the initial setting value IV. Ciphering is applied to EXOR processing between succeeding blocks and, e.g. a ciphered text of one-preceding transmission. When the communication is finished, an arithmetic operation of adding, e.g. 1 to the present initial setting value IV and the content of the RAM is rewritten. The result is used for a new initial setting value IV as an understanding with each communication opposite party.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication device for performing secret cryptographic communication such as a facsimile device having a cryptographic communication function, and more particularly to a communication device designed to improve confidentiality in cryptographic communication.

[0002]

2. Description of the Related Art In facsimile communication, various special communication can be optionally performed for communication between facsimile machines of the same manufacturer. Cryptographic communication is one of the special communications.

FIG. 7 shows a procedure of ordinary cipher communication in a facsimile machine. In FIG. 7A, 91
Numerals 94 to 94 are signal processing procedures on the transmitting side, and a document to be transmitted is first read by the scanner 91. At 92, the read image data is subjected to data compression such as MH, that is, encoding processing. Next, in order to perform secret communication on the compressed image data, an encryption process is performed at 93 using a secret encryption key, and the encrypted data is sent out from a facsimile machine as a transmission side modem 94.

As described above, conventionally, when performing encrypted communication using a facsimile apparatus, the image data read by the scanner 91 is encrypted and transmitted according to the order read by the scanner 91 without being processed as it is. Was there.

In FIG. 7B, reference numerals 95 to 98 are signal processing procedures on the receiving side, and 9 is the encrypted received data of the original received by the facsimile apparatus as the receiving side modem 95.
In step 6, so-called plain culture processing is performed, in which the ciphertext is decrypted using the same secret encryption key as the sender. The plain-text image data is decompressed at 97, that is, decoded to become the original image data, which is printed by the printer 98, whereby the original is taken out at the receiving side. The secret encryption key mentioned here is a kind of data.

FIG. 8 shows an example of a typical transmission original. The manuscript shown in the figure is a standard manuscript of CCITT (International Telegraph and Telephone Consultative Committee). As is clear from the manuscript M, most of the normal transmission manuscript is occupied by "white", that is, a white background portion in which characters and the like are not written.

Now, in the conventional facsimile apparatus,
Considering the portion first scanned by the scanner 91, in other words, the first portion of the transmitted data or the first encrypted portion, the first portion H of the document M is scanned first. Usually this head part H
Is often white. For this reason, when a conventional facsimile apparatus tries to send out some original, it can be said that the first part of the sent data is very likely to correspond to the data for all white.

FIG. 9 shows an example of a general encryption processing unit in a facsimile apparatus, (A) shows an example using the ECB mode, and (B) shows an example using the CBC mode. In either case shown in FIGS. 9A and 9B,
Normally, as described above, the ciphertext C is output to the plaintext P using the secret encryption key K.

However, in the ECB mode, as shown in FIG. 9A, the image data to be encrypted and the encryption are 1: 1.
It corresponds with. On the other hand, in the CBC mode, as shown in FIG.
(B), the example when encrypting n-th plain text P _n, EOR of ciphertext C _n-1 and the plaintext P _n of one time before the
Take the (exclusive OR) and encrypt the result. In this case, since the ciphertext is not written in the first image data, an initial value secretly set in advance is used, and this initial value and the plaintext P ₁ are EORed.

[0010]

In the cryptographic communication as described above, since only the ciphertext C is usually exposed to the public, it can be said that the possibility of decrypting the cryptogram is extremely low. However, the first scan portion of the transmission data is often data for "all white" as described above. For this reason, in the ECB mode in which the image data and the encryption are in a 1: 1 correspondence, the document M is scanned by the scanner 91.
, The first part of the received encrypted data is found to be "white" encrypted, and the encryption algorithm lacks strength.

Further, in the CBC mode, since the initial value is not known, even if the first image data is "white",
Since the plaintext P ₁ representing this “white” is also scrambled, it can be said that the strength of the encryption algorithm is higher than in the ECB mode, but the point that the first part of the transmitted data is “white” This is not different from the case of the ECB mode, and therefore, in any mode, the plaintext P
(All white data) and the ciphertext C for it are open. As described above, in the case of the conventional apparatus, since the specific plaintext and the ciphertext corresponding thereto are known, there is a problem in that the strength of this cipher considerably deteriorates.

The present invention has been made in view of the above problems, and in a communication device constituting a transmission / reception modem of a communication system for performing encrypted communication in the CBC mode,
It is an object of the present invention to provide a configuration in which effective measures are taken to prevent a reduction in the strength of the encryption algorithm due to the fact that the leading portion of a normal document is "white" in most cases.

[0013]

In order to achieve the above object, according to the present invention, a numerical value that constitutes a CBC initial value is calculated based on an arithmetic expression in which the number of times of communication is one factor. The cryptographic communication unit having a function of changing the numerical data of (1) and using the changed numerical data as the CBC initial value at the time of communication is provided.

The concrete configuration of the encryption communication unit is as follows:
Has a cryptographic communication function that requires as many CBC initial values as there are cryptographic communication partners, and treats the CBC initial value as an arithmetic number, and at the time of transmission / reception each time cryptographic communication is completed, the CBC is An arithmetic operation is performed on the initial value using a predetermined arithmetic expression, and at the time of the next cryptographic communication, the CB corresponding to the numerical value obtained by using the arithmetic expression based on the previous cryptographic communication.
The C initial value is used.

In addition, as a second configuration, a cryptographic communication function is used which uses a CBC initial value table in which numerical data of CBC initial values are respectively associated with a plurality of indexes, and each cryptographic communication partner has a cryptographic communication function. A counter that indicates the number of times of communication from the time of reset is provided, and at the time of executing encrypted communication, a predetermined value that adds the numerical value indicated by the counter to the numerical data of the CBC initial value corresponding to the specified index of the secret cryptographic table. An arithmetic operation is performed using an arithmetic expression, and the CBC initial value at that time is set. It is also possible to adopt a configuration in which the count value of the counter is directly used as the CBC initial value.

[0016]

According to the above configuration, the CBC initial value for the receiver is initialized, and the CBC initial value is considered as an arithmetic number. When encrypted communication is performed between the sender and the receiver, the CBC for the receiver on the transmitting side is performed. The initial value is changed, for example, by performing a calculation such as adding a previously agreed value, and next time, the CBC initial value of the changed value is used. Similarly, the calculation is performed every time the encrypted communication is performed. Similarly, the receiving side also performs an operation to change the CBC initial value for the sender every time the encrypted communication is received from the sender.

Further, in the case of utilizing the CBC initial value table, the transmitter side uses the CBC initial value index set by the user in the encrypted communication.
After determining the initial value, the value of the counter is read out, and an arithmetic operation is performed to add the previously determined CBC initial value and the counter value, for example. Then, the value obtained by the calculation is used as the CBC initial value for the cryptographic communication. The receiving side also performs similar processing.

[0018]

Embodiments of the present invention will be described below with reference to the drawings. An embodiment applied to a facsimile apparatus that constitutes a transmission / reception modem of a communication system that performs encrypted communication in the CBC mode will be described with reference to the drawings. FIG. 1 is a block diagram showing the overall configuration of a facsimile apparatus according to the first embodiment of the present invention.

In the figure, reference numeral 1 is a control unit composed of a microcomputer or the like, and controls the entire control. As shown in FIG. 2, the control unit 1 includes a CPU 2 and a program R.
It is composed of OM3, RAM4 and the like. RAM
Reference numeral 4 denotes a work area for encrypted communication, an encryption key storage area as one form of a memory area, and a CBC initial value (I
V) It has a storage area, a counter, and the like.

Returning to FIG. 1, 5 is an operation unit and 6 is encoding /
A decryption circuit, 7 is an encryption / plain culture circuit that performs encryption when the facsimile machine operates as a transmission side, and performs plain culture when the facsimile machine operates as a reception side, 8 is a modem unit, and 9 is an NCU. (Network control device) 10 is a public telephone line. A reading unit 11 includes a scanner 11a that reads a document. An image processing unit 12 performs processing such as shading correction on the read image data. 1
3 is a transmission function unit, 14 is a reception function unit, and 15 is a recording unit having a printing unit 15a and the like.

The operation unit 5, the modem unit 8 and the NCU 9, the scanner 11a, the printing unit 15a, the real-time clock 16 and the CPU 2 described above are as shown in FIG.
As described below, the above-described configurations centered on the CPU 2 are connected through the data bus 16 and function as an encryption communication unit that encrypts an original in the forward direction and the backward direction. A process for encrypted communication is programmed in the control unit 1.

Next, in the case where the above configuration functions as an encryption communication unit, the control unit 1 when operating as a transmission side
An example of the operation will be described with reference to the flowchart of FIG. This embodiment shows a method of changing the secret encryption key for each communication by using the initial value of the CBC mode. in this case,
Since the CBC mode is used, only the top block (here, 64 bits) needs to be fully white. That is, the CBC initial value is usually binary numerical data of about 64 bits.

First, it is assumed that both the sender and the receiver who carry out the encrypted communication are using the apparatus of this embodiment. In the present embodiment, a method is considered in which the sender has a CBC initial value unique to each of the parties with whom the sender intends to perform encrypted communication. Therefore, in this case, only C
There will be a BC initial value.

In FIG. 3, the sender starts the transmission operation, and in step # 105, the CBC initial value IV corresponding to the communication partner is read from the CBC initial value storage area of the RAM 4. Here, the CBC initial value for the recipient is IV. The initial set value IV is a 64-bit binary number as described above, and is represented by, for example, "0000000000000000". Next, in step # 110, the scanner 1
1a, the transmission original read in is encoded, and in step # 115, the encoded original is converted into the CBC initial value I
A communication procedure such as encryption by V is performed, and step #
Finally at 120, the transmission operation is performed.

After the transmission, the CBC initial value IV is changed. In this embodiment, the numerical data of the CBC initial value is treated as an arithmetic numeral. Then, each time the cryptographic communication is completed, an arithmetic operation is performed on the CBC initial value using a predetermined arithmetic expression, and at the next cryptographic communication, the arithmetic expression is used based on the previous cryptographic communication. The CBC initial value corresponding to the numerical value is used. This arithmetic expression is represented by IV ′ = IV + 1.

Therefore, after the encrypted communication is performed between the sender and the receiver, the CBC initial value for the receiver on the transmitting side is changed from "IV" to "IV + 1" in step # 125, and this "IV + 1" is specified next time. To be used as the CBC initial value for the other party in step # 130.
V'is stored as a CBC initial value in the CBC initial value storage area of the RAM.

Similarly, every time Cryptographic communication is performed, CBC
Add "1" to the initial value. Similarly, every time the receiving side receives the encrypted communication from the sender, the CBC for the sender is received.
Add "1" to the initial value. In the present embodiment, as an example, the operation of adding "1" to the CBC initial value is shown, but an arithmetic operation using another mathematical expression may be used.

FIG. 4 shows an operation example of the control unit 1 when the apparatus of this embodiment operates as a receiving side. On the receiving side, after reception, in step # 205, the CBC initial value IV corresponding to the communication partner is read from the CBC initial value storage area of the RAM 4. Next, in step # 210, the received data is temporarily stored in the RAM 4, and the receiving operation is performed according to a predetermined procedure. Then, in step # 215, the CBC initial value IV previously read is used to perform the flattening of the received original document, and the step is further performed. # 2
Decrypt it at 20 and complete the reception.

After this, the receiving side also performs step # 2.
25, the CBC initial value for the receiver on the transmitting side is set to “IV”.
To “IV + 1”, and next time to use this “IV + 1” as the CBC initial value for a specific opponent,
At step # 230, IV 'is newly stored in the CBC initial value storage area of the RAM as the CBC initial value.

As described above, in the first embodiment of the present invention, each time the encrypted communication is completed, the CBC initial value is arithmetically calculated using a predetermined arithmetic expression at the time of both transmission and reception, and the next encrypted communication is performed. At this time, since the CBC initial value corresponding to the numerical value calculated by using the above-mentioned cryptographic communication based on the previous cryptographic communication is used, if the CBC initial value is registered by the number of the parties to be cryptographically communicated, Since the secret encryption key can be changed for each communication partner, it can be said that it is advantageous in increasing the encryption strength.

5 and 6 show the flow of the transmitting operation (FIG. 5) and the receiving operation (FIG. 6) of the control unit 1 in the second embodiment of the present invention. Since the configuration of this embodiment is common to that of the first embodiment shown in FIGS. 1 and 2,
The description of the common configuration will be omitted.

In the present embodiment, the RAM 4 as shown in Table 1 below is provided to the other party to whom the sender intends to perform encrypted communication.
CBC initial value table is used. In this CBC initial value table, an appropriate number of CBC initial values are registered and an index is given to each numerical data as each CBC initial value. In actual use, the CBC initial value itself is not the index but the index. To use. Therefore, there are not as many CBC initial values as there are cryptographic communication partners, and there is a possibility that the same CBC initial value as another partner may be used depending on the partner. The CBC initial value table is preset for the user at the time of manufacturing the device.

[0033]

[Table 1]

In addition, the control unit 1 for both transmission and reception is provided with a software counter for each partner of encrypted communication, which indicates the number of communication between specific senders and receivers since reset. Note that, in reality, this counter is necessary for the number of parties to be cryptographically communicated. Now, the value indicated by this counter is "C"
And

At the time of encrypted communication, as shown in FIG. 5, the transmitting side starts the transmission to execute the encrypted communication, then reads the specified index from the CBC initial value table and uses it in step # 305. Determine the CBC initial value. In this case, referring to Table 1, if the index is designated as "05", for example, "112233"
4455667788 ”will be selected. Now, this CBC
The initial value is “IV”.

Next, at step # 310, the counter value C corresponding to the communication partner is read. At the time of this transmission, the CBC initial value IV is changed. Also in this embodiment, the numerical data of the CBC initial value is treated as an arithmetic numeral. That is, with respect to the CBC initial value IV corresponding to the designated index, the numerical value C indicated by the counter is displayed.
The arithmetic operation is performed using a predetermined arithmetic expression that takes into account the calculated value IV ′ as the CBC initial value at that time. This arithmetic expression is represented by IV ′ = IV + C. Therefore, for example, if the number of times of communication with a specific partner is the 10th time, the value C of the counter is 10. Therefore, the value IV ′ of the CBC initial value of both the sender and the receiver at that time is “1122334455.
667798 ”.

Next, in step # 315, the transmission image (original) is encoded, and in step # 320, the transmission operation is performed in a predetermined procedure. At this time, the above-mentioned “IV + C” is used for encrypted communication.
Is used as the CBC initial value. Also in this embodiment, the arithmetic operation for determining the CBC initial value may use a mathematical expression different from the above.

After the transmission, each time the encrypted communication is completed once in step # 325, 1 is added to the value of the counter used, and the value C '(C + 1) obtained by this is added in step # 330. It is stored in the CBC initial value storage area of the RAM 4. At the next encrypted communication, CBC will be re-established.
Read the specified index from the initial value table,
The CBC initial value to be used is determined, and C'is used as the counter value. Therefore, even if the same index is continuously specified, the data of the CBC initial value will be different values, so that the encryption strength of the secret encryption key will not be lowered.

FIG. 6 shows an operation example of the control unit 1 when the apparatus of this embodiment operates as a receiving side. On the receiving side, after reception, in step # 405, the index of the CBC initial value table corresponding to the communication partner is read, the CBC initial value to be used is determined, and then step # 410.
The value C of the counter corresponding to the communication partner is read with. Then, the same CBC initial value as the transmitting side, that is, "IV + C"
Performs a plain culture of the received data using the
At 420, the received document is decrypted and the reception is completed.

After this, the receiving side also carries out step # 4.
At 25, the value of the counter for the receiver on the transmitting side is changed from "C" to "C + 1", and the value C '(C + 1) obtained at step # 430 is stored in the CBC initial value storage area of the RAM 4.

As described above, in the second embodiment of the present invention, when executing the encrypted communication, the numerical value indicated by the counter is added to the numerical data of the CBC initial value corresponding to the designated index of the preset secret cipher table. CB at that time by performing an arithmetic operation using a predetermined arithmetic expression
Since the C initial value is set and it is not necessary to prepare the CBC initial value for the number of parties, the encrypted communication can be performed more easily than in the first embodiment.

Next, in the third embodiment of the present invention, the value of the counter for counting the number of communications is used as it is as the CBC initial value. The counters on the transmitting side and the receiving side count the number of communications. The count value is used as the CBC initial value IV. In the third embodiment, since the counter value is used as the initial value as it is, there is an advantage that there is no need to prepare an initial value or perform an arithmetic operation.

[0043]

As described above, according to the present invention, the numerical value of the CBC initial value is calculated based on the arithmetic expression having the number of times of communication as one factor. Since it has a function of changing and changing the changed numerical value data to the CBC initial value at the time of communication, when performing encrypted communication in the CBC mode, it is possible to transmit without changing the transmission data amount at all. However, the pair of plaintext and ciphertext is not known and the cipher strength does not decrease.

That is, in the present invention, the device automatically performs the operation required for changing the secret encryption key, and the CBC initial value data is automatically changed based on the operation result. The user can realize encrypted communication having a high encryption strength with a simple operation.

As a concrete configuration of the cryptographic communication unit, in claim 2, the CBC initial value is treated as an arithmetic numeral, and each time the cryptographic communication is completed, the CB is used for both transmission and reception.
Arithmetic operation is performed on the C initial value using a predetermined arithmetic expression, and the CBC initial value corresponding to the numerical value obtained by using the arithmetic expression based on the previous cryptographic communication is used in the next cryptographic communication. Therefore, if the CBC initial value is registered by the number of the parties to which the encrypted communication is made, the CBC is set for each of the communication parties.
Since it is possible to change the initial value, it is advantageous in increasing the encryption strength.

Further, in claim 3, each counter of the encrypted communication has a counter indicating the number of communication from the time of reset, and when executing the encrypted communication, the numerical value of the CBC initial value corresponding to the designated index of the secret cipher table. Since the arithmetic operation is performed on the data using a predetermined arithmetic expression in which the numerical value indicated by the counter is added and the CBC initial value at that time is set, prepare the CBC initial value for the number of opponents. Therefore, the encrypted communication may be omitted.
It can be done much easier than

Further, in claim 4, since the value of the counter for counting the number of times of communication is used as the initial value as the CBC initial value, the other initial values may be prepared.
There is no need to perform arithmetic operations.

In addition, in any of the above-mentioned configurations, even if the same document is repeatedly transmitted due to an error or the like, the leading image data is different each time it is transmitted, so the encryption strength is further increased. For example, it is possible to effectively prevent the strength of the encryption algorithm from being lowered because the leading part of the normal document is "white" in most cases.

[Brief description of drawings]

FIG. 1 is a schematic block diagram showing the configuration of a facsimile apparatus according to a first embodiment of the present invention.

FIG. 2 is a block diagram showing a specific state of the control unit and a connection state with other components.

FIG. 3 is a flowchart showing an operation example regarding transmission of a control unit.

FIG. 4 is a flowchart showing an operation example regarding reception of the control unit.

FIG. 5 is a flowchart showing an operation example relating to transmission of a control unit in the facsimile apparatus according to the second exemplary embodiment of the present invention.

FIG. 6 is a flowchart showing an operation example regarding reception of the control unit.

FIG. 7 is a block diagram showing a procedure of normal cipher transmission in a general facsimile apparatus.

FIG. 8 is a plan view showing an example of a transmission document.

FIG. 9 is a block diagram showing an example of an encryption processing unit in a general facsimile apparatus.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 control part 2 CPU 3 ROM 4 RAM 5 operation part 6 encoding / decoding circuit 7 encryption / plain culture circuit 8 modulation / demodulation part modem 9 NCU 11 reading part 11a scanner 12 image processing part 13 transmission function part 14 reception function part 15 Recording unit 15a Print unit

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁶ Identification code Office reference number FI Technical display location H04K 1/00 Z H04N 1/44

Claims (5)

[Claims] 1. A communication device constituting a transmission / reception modem of a communication system for performing encrypted communication in the CBC mode,
The numerical value of the CBC initial value is changed based on an arithmetic expression in which the number of times of communication is one factor, and the numerical data of the CBC initial value is changed every communication, and the changed numerical data is used as the CBC at the time of communication. A communication device comprising a cryptographic communication unit having a function of setting an initial value. 2. A communication device constituting a transmission / reception modem of a communication system for performing encrypted communication in the CBC mode,
The cryptographic communication unit has a cryptographic communication function that requires the CBC initial value as many as the number of counterparts of the cryptographic communication, and the cryptographic communication unit handles the CBC initial value as an arithmetic numeral, and the cryptographic communication is completed once. Both when sending and receiving to the CBC
Arithmetic operation is performed on the initial value using a predetermined arithmetic expression, and in the next cryptographic communication, the CBC initial value corresponding to the numerical value obtained by using the arithmetic expression based on the previous cryptographic communication is used. A communication device characterized by being configured. 3. A communication device constituting a transmission / reception modem of a communication system for performing encrypted communication in the CBC mode,
A cryptographic communication unit having a cryptographic communication function that uses a secret cryptographic table in which numerical data of CBC initial values are respectively associated with a plurality of indexes is provided, and this cryptographic communication unit is provided for each partner of the cryptographic communication from the time of reset. Has a counter that indicates the number of times of communication of
C corresponding to the specified index in the initial value table
An arithmetic operation is performed on the numerical data of the BC initial value using a predetermined arithmetic expression in which the numerical value indicated by the counter is added, and the CBC initial value at that time is set. Communication equipment. 4. A communication device constituting a transmission / reception modem of a communication system for performing encrypted communication in the CBC mode,
A communication device comprising a cryptographic communication unit having a counter for counting the number of times of communication and having a function of setting a count value of the counter as a CBC initial value. 5. The communication device according to claim 1, which is configured as a facsimile device.