JPH0983814A - Terminal equipment for ciphering communication - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent communication ciphering data from being decoded by using a communication ciphering key that is formed by changing a bit pattern of a stored ciphering key according to a prescribed rule so as to generate ciphered data. SOLUTION: In the case of executing ciphering communication, a control section 3 provides a selection signal to instruct selection of a terminal A to a coder/decoder 4. As a result, a transmission code outputted from the coder/ decoder 4 is given to a ciphering/plane text device 6, in which the data are converted into ciphering data by using a communication ciphering key Kc. Furthermore, a received code outputted from a MODEM 5 is given to the ciphering/plane text device 6, in which the code is converted into plane text data by using the communication ciphering key Kc. Then the plane text data are given to the coder/decoder 4, in which the data are decoded into original image data. Since the ciphering data are generated by using the communication ciphering key generated by changing a bit pattern of the stored ciphering key according to a prescribed rule, the ciphering data are not intercepted.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a terminal device for encrypted communication.

[0002]

2. Description of the Related Art Conventionally, in the field of communication, from the viewpoint of maintaining confidentiality of communication data, encryption processing has been performed on the communication data. For example, in facsimile communication in which original image data corresponding to an original is transmitted and received, in order to maintain confidentiality of the original image data that is communication data, the original image data is encrypted.

As one of the methods of encrypting original image data, there is one using a so-called encryption key. In particular,
By performing a predetermined logical operation on the original image data using the encryption key, another encrypted data that is completely different from the original image data is created. On the other hand, the plain culture process of restoring the encrypted data to the original image data is achieved by performing a predetermined logical operation on the encrypted data using the encryption key.

As described above, the facsimile encryption communication using the encryption key requires a common encryption key on the transmitting side and the receiving side. Therefore, conventionally, an encryption key is preliminarily agreed between the transmitting side and the receiving side of the encrypted communication, and the negotiated encryption key is registered in advance in the backup memories respectively provided in the transmitting side facsimile device and the receiving side facsimile device. The method of putting it is adopted.

By the way, an abnormality may occur in a facsimile machine due to some cause. As one of the methods for eliminating such an abnormality, there is a method called remote diagnosis. The remote diagnosis means that the terminal device on the maker side, which has been informed by the user that an error has occurred in the facsimile device, collects specific facsimile data from the facsimile device on the user side through the telephone line, and collects this data. This is a diagnostic method of searching for the cause of abnormality based on facsimile data.

The facsimile data to be collected is
The data is stored in the backup memory provided in the facsimile machine on the user side. Specifically, it is a facsimile number corresponding to the abbreviated number, a facsimile number of its own station, a history of facsimile communication results, and the like.
Also, if the backup memory stores an encryption key, this encryption key is also a target.

The remote diagnosis instruction to the facsimile machine on the user side is an NSS (Non-Standard facilities Set-u) which is a kind of control signal in facsimile communication.
p; non-standard function setting signal). That is, the NSS is provided with a bit for setting a flag instructing remote diagnosis. When it is determined that the above-mentioned flag included in the NSS transmitted from the terminal device on the maker side, which is the calling side, is set, the facsimile machine on the user side determines that the remote diagnosis is instructed, and the backup memory The facsimile data stored in is transmitted to the terminal device on the manufacturer side via the telephone line.

As described above, according to the remote diagnosis, the cause of the abnormality can be searched for even if the service person on the maker side does not directly go to the user, so that the abnormality solving work can be efficiently executed. it can.

[0009]

By the way, in the above facsimile machine, when the remote diagnosis is abused,
The encryption key may be stolen by a third party. That is, in the above facsimile apparatus, if the flag included in the NSS is set, the facsimile data including the encryption key stored in the backup memory is transmitted to the calling side terminal through the telephone line. Therefore, the third party
One might try to steal cryptographic keys by exploiting remote diagnostics.

If the encryption key is stolen, if the encrypted data is intercepted, the encrypted data may be decrypted using the stolen encryption key. Therefore, there is a possibility that the communication confidentiality cannot be sufficiently maintained. Therefore, an object of the present invention is to solve the above-mentioned technical problem and prevent the decryption of encrypted data even if the remote diagnosis is misused and the encryption key stored in the storage means, which is the backup memory, is stolen. It is to provide a terminal device for encrypted communication.

[0011]

A terminal device of the present invention for achieving the above object is a terminal device for performing cipher communication via a predetermined communication line, and an cipher composed of a plurality of bits. Storage means storing the key, encryption key changing means for creating a communication encryption key by changing the bit pattern of the encryption key stored in this storage means according to a predetermined rule, and this encryption key change Encryption processing means for performing encryption processing on the data using the communication encryption key created by the means.

With this configuration, encrypted data is created or encrypted data is generated based on the communication encryption key obtained by changing the bit pattern of the encryption key stored in the storage means according to a predetermined rule. Cryptographic processing is performed for cultural purposes. On the other hand, for example, when the terminal device having the above-mentioned configuration is made to be able to receive remote diagnosis in response to an instruction from a calling side terminal device such as a maker, the data collected through the communication line is stored in the storage means. The target data is. Therefore, even if the remote diagnosis is abused by a third party, the encryption key for communication which is actually used for encryption or plaintext is not stolen. Therefore, the encrypted data is never decrypted.

The encryption key changing means may create a communication encryption key by replacing a bit string which is continuous by a predetermined number of bits with a specific bit included in the encryption key as a starting point with the remaining bit string. Good. In this configuration, since the communication encryption key created by replacing the bit string that is continuous by the predetermined number of bits starting from the specific bit included in the encryption key with the remaining bit string is used for actual encryption or plain culture. Even if the remote diagnosis is abused, the communication encryption key is not stolen. Therefore, in the case of performing encryption, even if the data to be transmitted is the same, the encrypted data to be created can be different each time encrypted transmission.

The terminal device may further include an input means capable of inputting identification information. In this case, the encryption key changing means has a count value corresponding to each of the plurality of identification information, the identification information is input from the input means, and the encryption processing (encryption or encryption) is performed by the encryption processing means. The counter means for updating the count value corresponding to the identification information according to a predetermined rule under the condition that the culture is performed, and a bit corresponding to the count value of the counter means starting from a specific bit included in the encryption key. It is preferable that the communication encryption key is created by replacing a bit string continuous by the number with the remaining bit string.

In this configuration, the counter means updates the count value corresponding to the input identification information when encryption or plain culture is performed. That is, the count value is updated each time encrypted communication is performed. On the other hand, the number of bits of the bit string to be replaced is determined according to the count value of the counter means. Therefore, a communication encryption key having a different bit pattern is created for each encrypted communication. Therefore, when performing encryption, even if the data to be transmitted is the same, the created encrypted data can be different for each encrypted communication.

Further, the encryption key changing means corresponds to the count value of the counter means and a table storage means storing a table showing a correspondence relationship between the count value of the counter means and the number of bits of the bit string to be replaced. A recognition means for recognizing the number of bit strings to be exchanged by referring to a table stored in the table storage means, and continuing for the number of bits recognized by the recognition means starting from a specific bit included in the encryption key. The communication encryption key may be created by replacing the bit string to be used with the remaining bit string.

According to this structure, the number of bits of the bit string to be replaced changes in accordance with the count value updated each time the encrypted communication is performed, so the number of bits of the bit string corresponding to each count value to be set in the table. If the values are different from each other, the bit pattern of the created communication encryption key will be different for each encrypted communication. Therefore,
When encryption is performed, even if the data to be transmitted is the same, the created encrypted data can be different for each encrypted communication.

Further, the encryption key may be constructed by arranging a plurality of bit groups in a predetermined pattern, and in this case, the encryption key changing means is arranged such that each bit group of the encryption key. The communication encryption key may be created by changing the arrangement pattern of (1) according to a certain rule. According to this configuration, since the communication encryption key created by changing the array pattern of each bit group of the encryption key according to a certain rule is used for actual encryption or plain culture, remote diagnosis was abused. Even in this case, the communication encryption key is not stolen. Therefore, the encrypted data cannot be decrypted.

Further, when the encryption key is formed by arranging a plurality of bit groups in a predetermined pattern, the terminal device further includes an input unit capable of inputting identification information, and The encryption key changing means has a count value corresponding to each of a plurality of identification information, the identification information is input from the input means, and the encryption processing (encryption or plain culture) is performed by the encryption processing means. The counter means for updating the count value corresponding to the identification information in accordance with a predetermined rule under the condition that the counter value is changed, and a table showing the correspondence relationship between the count value of the counter means and the change rule of the arrangement pattern of each bit group are stored The table stored in the table storing means and the change rule corresponding to the count value of the counter means Even if the communication encryption key is created by changing the arrangement pattern of each bit group forming the encryption key according to the change rule recognized by the recognition means, Good.

According to this structure, the change rule of the array pattern of each bit group forming the encryption key changes in accordance with the count value updated every time encryption or plain culture is performed, and is therefore created. The bit pattern of the encryption key for communication differs depending on the encrypted communication. Therefore, when performing encryption, even if the data to be transmitted is the same, the created encrypted data can be different for each encrypted communication.

The communication encryption key may be created by performing a predetermined operation on the encryption key stored in the storage means. In this way, even if the remote diagnosis is misused, the communication encryption key will not be stolen. Therefore, the encrypted data cannot be decrypted.

[0022]

Embodiments of the present invention will be described below in detail with reference to the accompanying drawings. FIG. 1 is a block diagram showing the electrical configuration of a facsimile apparatus according to the first embodiment of the present invention. This facsimile apparatus includes a reading unit 1 that optically reads a document to be transmitted and outputs original image data. The original image data output from the reading unit 1 is subjected to predetermined image processing by the image processing unit 2. The original image data that has been subjected to image processing is given to the encoding / decoding device 4 via the control unit 3, and the MH (Modified
Huffman), MR (Modified READ, READ: Relative El
ement Address Designate) and other necessary compression coding is performed for facsimile communication and converted into a transmission code.

In the case of ordinary facsimile communication, this transmission code is directly given to the modem 5. On the other hand, in the case of encrypted communication, the transmission code is given to the encryption / plaintext device 6, and, for example, a typical encryption / symmetric encryption system
DES (Data Encryption Standard), which is a flat culture method
Is converted into encrypted data by. Then, this encrypted data is given to the modem 5.

In the modem 5, a transmission signal is created by subjecting the transmission code or the encrypted data to a predetermined modulation process. The created transmission signal is transmitted to the network control unit (NC
U) 7 to the public telephone line 8. On the other hand, when data is received, the received signal is given to the modem 5 via the network controller 7 and demodulated into a received code. When the received code is not encrypted, that is, in the case of normal facsimile communication, the received code is decoded (expanded) by the encoding / decoding device 4 and restored to the original image data. On the other hand, when the received code is encrypted, that is, in the case of encrypted communication, the received code is converted into plain culture data by the encryption / plain culture device 6 and then decoded by the encoding / decoding device 4, It is restored to the original image data. The restored original image data is given to the recording unit 9, and the received image is recorded on the paper.

The transmission function unit 10 is for executing line connection control and transmission protocol processing at the time of transmission. The reception function unit 11 is for executing line connection control and reception protocol processing at the time of reception.
The facsimile apparatus also includes an operation unit 12 that functions as an input unit when the apparatus serves as a calling side device for encrypted communication. The operation unit 12 includes a numeric keypad 12a for inputting numerical data such as a facsimile number of a communication partner, a start key 12b for instructing the start of facsimile communication, and an encrypted communication key 12c for instructing encrypted communication. It is arranged. The above-described types of keys in the operation unit 12 are examples, and keys for other functions may be added or the arrangement of the keys may be changed as necessary.

When this device becomes the called device, the encoding / decoding device 4 and the encryption / plaintext device 5 are used.
Is understood as an input means. The facsimile machine further includes an image memory 13 composed of a DRAM or the like. A part of the storage area of the image memory 13 can be used as a confidential box used during confidential communication. In the confidential communication, the data transmitted from the transmitting facsimile machine is temporarily stored in the memory, and the data is read from the memory in response to the input of a predetermined personal identification number (ID) and the like. The received image is printed out based on the data.

The image memory 13 has a plurality of confidential boxes BOX ₁ , BOX ₂ , ..., As shown in FIG.
BOX _n is made available. Confidential Box BOX
Are given different box numbers. In the encrypted communication, for example, the number assigned to the confidential box BOX in the image memory 13 may be used. That is, the confidential box number for encrypted communication is predetermined for each communication partner, and encrypted communication is performed using the confidential function.

This facsimile apparatus further includes an SRAM
The backup memory 14 is configured by the above.
The backup memory 14 stores an encryption key K required for encryption / plaintext processing in association with a confidential box number for encrypted communication. The encryption key K is, for example, binary data composed of n bits (for example, n = 32), and is secretly negotiated in advance between parties who perform encrypted communication so as not to leak to a third party. is there. The agreed encryption key K is registered in the backup memory 14 in association with the agreed confidential box number for encrypted communication by an input operation from the ten key 12a, for example.

This facsimile machine is further equipped with SR
It has a work memory 15 composed of AM or the like. The work memory 15 is used as a work area in the encryption key changing process described later. The control unit 3 includes a counter C that performs a counting operation according to a predetermined rule.
_{NT 1, CNT 2, ···,} CNT n ( when referred to generically below as "counter CNT") are provided respectively in association with confidential box number for cryptographic communication. In this embodiment, the confidential box number for encrypted communication corresponds to the identification information.

The counter CNT is a software counter realized by reserving a part of the memory area of the memory provided in the control section 3 for the counter and changing the stored value of the counter area by the program processing by the control section 3. May be When executing the encryption / plain-text processing, the control unit 3 uses the bit value of the encryption key K based on the count value C of the counter CNT corresponding to the confidential box number for encrypted communication corresponding to the communication partner, as described later. Circular shift the pattern.

The encoding / decoding device 4 has an A terminal connected to the encryption / decryption device 6 and a B connected to the modem 5.
And a terminal. When executing normal facsimile communication, the control unit 3 gives the encoding / decoding device 4 a control signal for instructing to select the B terminal. At this time, the control unit 3 gives an OFF signal to the encryption / plaintext device 6 to prohibit its operation. As a result, the transmission code output from the encoding / decoding device 4 is directly given to the modem 5.
Further, the reception code output from the modem 5 is given to the encoding / decoding device 4 and restored to the original image data.

Further, the control section 3 gives a control signal for instructing the encoding / decoding apparatus 4 to select the A terminal when executing the encrypted communication. At this time, the control unit 3 gives an ON signal to the encryption / plaintext device 6 and a communication encryption key Kc described later. As a result, the transmission code output from the encoding / decoding device 4 is given to the encryption / plaintext device 6 and converted into encrypted data using the communication encryption key Kc. Then, this encrypted data is given to the modem 5. Further, the reception code output from the modem 5 is given to the encryption / plain culture device 6 and converted into plain culture data using the communication encryption key Kc. Then, this plain culture data is given to the encoding / decoding device 4 and restored to the original image data.

This facsimile machine can receive so-called remote diagnosis. That is, when a call for instructing execution of remote diagnosis is issued from a specific terminal device owned by the manufacturer or the like, the control unit 3 reads out data including the encryption key K stored in the backup memory 14, A transmission signal corresponding to the read data is transmitted to the calling side terminal. That is, the data collection target in the remote diagnosis is the data stored in the backup memory 14. The calling terminal can search the cause of the abnormality based on the transmitted data.

FIG. 2 is a flow chart showing the transmission operation in this facsimile apparatus. When executing facsimile communication, the user first sets the original document on the facsimile device. After that, the facsimile number on the receiving side is input from the ten key 12a provided in the operation unit 12, and the start key 12b is operated. When performing encrypted communication, the encrypted communication key 12c is operated prior to the operation of the start key 12b, and the confidential box number for encrypted communication, which is pre-arranged with the receiving side so that the sender can be specified by the receiving facsimile machine. Is input from the ten keys 12a.

Subsequent to the operation of the start key 12b, after the line connection is executed by the transmission function unit 10, it is determined whether or not the encrypted communication is performed based on whether or not the encrypted communication key 12c is operated (step). S1). As a result, when it is determined that the communication is not encrypted communication, it is determined that the communication is normal facsimile communication, and after a predetermined transmission control process is executed, a transmission signal corresponding to the original image data is transmitted (step S9).

The above transmission control processing is performed by NSS (Non-Standa).
rd facilities Set-up; non-standard function setting signal) is a pre-processing that includes transmission of transmission control signals. A plurality of specific bits are assigned to the NSS for writing the number data indicating the confidential box number for encrypted communication. Also, NSS
Is assigned for a flag indicating whether or not a specific 1 bit is encrypted communication. In the case of normal facsimile communication, the NSS in which the number data is not written and the flag is not set is transmitted. On the other hand, in the case of encrypted communication, the NSS in which the number data is written and the flag is set is transmitted.

On the other hand, as a result of the discrimination in the above step S1,
When it is determined that the encrypted communication is performed, the encryption key K corresponding to the confidential box number for encrypted communication is read from the backup memory 14 based on the confidential box number for encrypted communication input from the ten key 12a. The read encryption key K is temporarily held in the work memory 15. Also,
The control unit 3 reads the count value C from the counter CNT corresponding to the confidential box number for encrypted communication (step S2). Then, the number of bits to be circularly shifted is determined to the read count value C (step S3), and the encryption key K is circularly shifted by C bits (step S4). As a result, the encryption key K before the circular shift
An encryption key Kc for communication that is completely different from the above is created.

FIG. 4 is an illustrative view for specifically explaining the circular shift of the encryption key K. Backup memory 14
It is assumed that the encryption key K read from is the bit configuration shown in FIG. In this case, when the circular shift is executed, it is assumed that the encryption key K has the circular structure shown in FIG. That is, in FIG. 4 (c), the encryption key K has the least significant bit L from the most significant bit MSB ₁ along the direction a.
It is a bit configuration in which up to SB ₁ continues in a ring.

If the count value C read from the counter CNT is "5", the number of bits to be circularly shifted is "5". When the number of bits to be circularly shifted is determined, the bit to be the most significant bit is M in the direction a by 5 bits determined from MSB _1.
Shifted to SB ₂ . Along with this, the least significant bit is L which is 5 bits from LSB _{1 in the} direction a.
Shifted to SB ₂ . That is, "10011", which is a bit string that continues from MSB ₁ for the number of bits corresponding to the count value C, is the remaining bit string "0".
101 ... 1101 ". Thereby a circular shift is achieved. As a result, the communication encryption key Kc shown in FIG. 4B, in which MSB ₂ and LSB ₂ are the most significant bit and the least significant bit, respectively, is newly created.

Returning to FIG. 2, when the communication encryption key Kc is created, the created communication encryption key Kc is given to the encryption / plaintext device 6. In the encryption / flat culture device 6,
The original image data to be transmitted is encrypted by using the provided communication encryption key Kc to create encrypted data. The created encrypted data is the modem 5
Is converted into a transmission signal, and this transmission signal is sent to the public telephone line 8 via the network control unit 7. As a result, encrypted transmission is achieved (step S5).

When the encrypted transmission is completed, the control unit 3 counts the count value C of the counter CNT corresponding to the transmission destination.
_Has reached an upper limit value C _TH (for example, C _TH = 32) corresponding to the number of bits of the encryption key K (step S).
6). As a result, when it is determined that the count value C has not reached the upper limit value C _TH , the count value C is incremented by 1 (step S7). On the other hand, the count value C
When it is determined that the value has reached the upper limit value C _TH , the count value C is cleared (step S8). That is, when the count value C reaches the upper limit value C _TH , even if a circular shift is performed,
This is because it simply returns to the encryption key K before the shift. The encryption transmission ends when the above processing ends.

FIG. 3 is a flow chart showing the receiving operation in this facsimile apparatus. In the facsimile device, when the line with the transmitting facsimile is connected, first, N is received prior to the signal corresponding to the original image data.
Reference is made to SS. Then, based on whether or not the flag indicating whether or not the encrypted communication is in the NSS is set, it is determined whether or not the encrypted communication is performed (step T1). If the result of this determination is that it is normal facsimile communication, normal reception processing is performed and the received image is recorded on paper (step T9).

On the other hand, when it is determined that the encrypted communication is performed, the NSS is further referred to, the confidential box number for encrypted communication is acquired based on the number data included in this NSS, and the acquired encrypted communication box number is used. The encryption key K associated with the confidential box number is read from the backup memory 14. Further, the count value C of the counter CNT corresponding to the acquired confidential box number for encrypted communication is read (step T2). Then, similarly to the transmission operation, the number of bits to be circularly shifted is determined as the read count value C (step T3), and the encryption key K is circularly shifted by C bits (step T4). As a result, a communication encryption key Kc that is completely different from the encryption key K is created. Then, the encrypted data received by using the created communication encryption key Kc is subjected to the plain culture process to create the plain culture data. This created flat culture data is encoded /
The original image data is restored by being given to the decoding device 4. The recording unit 9 performs a printout operation based on the restored original image data to reproduce the original image (step T5).

Counter CN of the facsimile machine on the receiving side
The count value C of T is
When the count value C reaches the upper limit value C _TH (step T6
YES), it is cleared for the same reason as in the transmission operation (step T8). On the other hand, when the count value C has not reached the upper limit value C _TH , it is incremented by 1 (step T7). That is, the counter CNT of the facsimile machine on the receiving side operates exactly like the counter CNT of the facsimile machine on the transmitting side. Therefore, the count values C of the counters CNT of the facsimile machines on the transmitting side and the receiving side are the same. Therefore, in the facsimile machine on the receiving side, the encryption key K is circularly shifted by the same number of bits as the facsimile machine on the transmitting side. As a result, the original image data can be faithfully restored. Therefore, the original document can be accurately reproduced.

As described above, according to the facsimile apparatus of the first embodiment, encrypted data is created using the communication encryption key Kc in which the bit pattern of the encryption key K, which is the data collection target of remote diagnosis, is changed. Therefore, even if the remote diagnosis is abused and the facsimile data including the encryption key K stored in the backup memory 14 is stolen, the encrypted data is not decrypted. Therefore, communication confidentiality can be surely maintained.

Moreover, since the number of bits to be circularly shifted changes for each encrypted communication, in other words, the bit pattern of the communication encryption key Kc used for encryption processing changes for each encrypted communication, so that the encryption strength is improved. Can be achieved. FIG. 5 is a flowchart showing a transmission operation in the facsimile apparatus of the second embodiment of the present invention. In addition,
In the description of this second embodiment, FIG. 1 is referred to as necessary.

In the first embodiment, the number of bits to be circularly shifted is set to the count value C of the counter CNT, whereas in the second embodiment, the circular shift is performed based on the table stored in the backup memory 14. The feature is that the number of bits to be determined is determined. Specifically, the above table shows the correspondence between the count value C of the counter CNT and the number of bits to be circularly shifted.
For example, as shown in FIG. 7, the number of bits to be circularly shifted corresponding to each count value C is randomly set.

Next, referring to FIG. 5, the transmission operation in the facsimile apparatus of the second embodiment will be described. In the second embodiment, steps P3 to P6
Since the processing of 1 is different from the transmission operation of the first embodiment, the processing of steps P3 to P6 will be mainly described below.
In the case of encrypted communication (YES in step P1), the control unit 3 reads the encryption key K from the backup memory 14 and temporarily holds it in the work memory 15, and reads the count value C of the counter CNT (step P2). ). Then, the table stored in the backup memory 14 is referred to, and the number of cyclic shift bits corresponding to the read count value C is acquired (step P3). For example, in FIG. 7, when the read count value C is "3", the number of acquired bits is "27".

When the number of circular shift bits is acquired, the encryption key K held in the work memory 15 is circularly shifted by the acquired number of bits. As a result, the encryption key K
An encryption key Kc for communication that is completely different from that is created (step P4). Then, encrypted data is created using the created communication encryption key Kc, and a transmission signal corresponding to this encrypted data is sent to the public telephone line 8 to achieve encrypted transmission (step P5).

In the case of the second embodiment, the update of the count value C is different from the first embodiment in which the number of bits of the encryption key K is the upper limit value C _TH, and the number of count values C set in the table is The upper limit value is C _TH . That is, in the example of FIG. 7, C _TH = 10. FIG. 6 is a flow chart showing the receiving operation in the facsimile apparatus of the second embodiment.

In case of encrypted communication (YE in step Q1)
S) Similarly to the flowchart shown in FIG. 5, the encryption key K is held in the work memory 15 and the count value C of the counter CNT is read (step Q
2) Based on the table stored in the backup memory 14, the number of circular shift bits corresponding to the read count value C is acquired (step Q3).
After that, the encryption key K held in the work memory 15 is circularly shifted by the acquired number of bits. as a result,
A communication encryption key Kc that is completely different from the encryption key K is created (step Q4).

The subsequent operation is the same as the flowchart shown in FIG. 3 except that the number of count values C set in the table is set to the upper limit value C _TH, and therefore the description thereof is omitted. As described above, the facsimile apparatus according to the second embodiment also uses the communication encryption key Kc in which the bit pattern of the encryption key K that is the data collection target of the remote diagnosis is changed, similarly to the first embodiment. Since encrypted data is created, communication confidentiality can be reliably maintained even if remote diagnosis is misused. Further, since the bit pattern of the communication encryption key Kc is changed for each encrypted communication,
The encryption strength can be improved.

Although the direction to be circularly shifted is fixed to the direction a in the first and second embodiments, it may be changed for each encrypted communication.
By doing so, it is possible to further improve the encryption strength. Further, in the above embodiment, the number of cyclic shift bits is changed for each encrypted communication, but it may be fixed, for example. Even in this case, since the encrypted data is created using the communication encryption key Kc in which the bit pattern of the encryption key K that is the data collection target of the remote diagnosis is changed, the communication confidentiality can be surely maintained.

FIG. 8 is a flow chart showing the transmission operation in the facsimile apparatus of the third embodiment of the present invention. In the description of the third embodiment, FIG. 1 will be referred to as necessary. In each of the above embodiments, the encryption key K
While the communication encryption key Kc is created by circularly shifting, the third embodiment is characterized in that the communication encryption key Kc is created by so-called byte swap. is there.

The encryption key K is usually 1 byte (8 bits).
It is composed of an integral multiple of. Therefore, in the third embodiment, by utilizing this point, the encryption key K is divided into a plurality of bit groups by 1 byte, and the arrangement pattern of each bit group is changed to create the communication encryption key Kc. In the following, as shown in FIG. 10A, it is assumed that the encryption key K composed of 4 bytes (32 bits) is divided into four bit groups M1, M2, M3, M4 of 1 byte each. .

The rule for changing the arrangement pattern of the bit groups M1 to M4 is determined based on the table stored in the backup memory 14. For example, as shown in FIG. 11, the table shows the correspondence between the count value C of the counter CNT and the pattern change rule of each of the bit groups M1 to M4. Next, with reference to FIG. 8, a transmission operation in the facsimile apparatus of the third embodiment will be described. In the third embodiment, step R3,
Since the process of R4 is different from the transmission operation of the first embodiment, the process of steps R3 and R4 will be mainly described below.

In case of encrypted communication (YE in step R1)
S), the encryption key K corresponding to the inputted confidential box number for encrypted communication is read from the memory 14 and held in the work memory 15, and the count value of the counter CNT corresponding to the confidential box number for encrypted communication. C is read (step R2). After that, the table stored in the backup memory 14 is referred to, and the pattern change rule corresponding to the read count value C is acquired (step R3). Then, according to the acquired pattern change rule, the array pattern of "M1, M2, M3, M4" of the encryption key K held in the work memory 15 is changed (step R4). For example, if the read count value C is "5",
As a result of referring to the table shown in FIG. 11, as shown in FIG.
As shown in (b), the array pattern "M1, M2, M3, M4" is changed to the array pattern "M1, M3, M4, M2". As a result, a communication encryption key Kc that is completely different from the encryption key K is created.

The subsequent processing of steps R5 to R9 is the same as the processing of steps P5 to P9 of the flow chart shown in FIG. 5, and the description thereof will be omitted. FIG. 9 is a flow chart showing the receiving operation in the facsimile apparatus of the third embodiment. The receiving operation of the third embodiment is the same as that shown in FIG. 6 except for the processes of steps U3 and U4.
Same as the receiving operation shown in FIG. 8, and the processing of steps U3 and U4 is the same as step R of the flowchart shown in FIG.
Since it is the same as the processing of 3 and R4, the description thereof is omitted.

As described above, also in the facsimile apparatus according to the third embodiment, the communication encryption key Kc in which the bit pattern of the encryption key K which is the data collection target of the remote diagnosis is changed is also obtained as in the above embodiments. Since the encrypted data is created by using it, even if the remote diagnosis is abused, the communication confidentiality can be surely maintained. Moreover, since the bit pattern of the communication encryption key Kc is changed for each encrypted communication, the encryption strength can be improved.

In the third embodiment, the bit group M
The array pattern of 1 to M4 is changed for each encrypted communication, but may be changed to a constant pattern, for example. FIG. 12 is a block diagram showing the electrical configuration of a facsimile apparatus according to the fourth embodiment of the present invention. In FIG. 12, the same reference numerals are used for the same functional parts as in FIG.

In addition to the configuration shown in FIG. 1, the facsimile machine according to the fourth embodiment has an encryption key processing section 20.
Is provided. The encryption key processing unit 20 is for rearranging the bit pattern of the encryption key K in bit units. That is, the fourth embodiment is characterized in that the bit pattern of the encryption key K is rearranged in bit units.
FIG. 13 is a circuit diagram showing the configuration of the encryption key processing unit 20. In the description related to FIG. 13, for simplicity, it is assumed that the encryption key K is composed of 8 bits.

The encryption key processing section 20 is provided with a latch section 21 and a gate section 22. In the latch part 21,
The encryption key K read from the backup memory 14 by the control unit 3 is the data bus DB ₂ and the input terminals I _{0 to} I _7.
Via 8 bits in parallel. Specifically, LS
The encryption key K is given to the latch section 21 so that B and MSB are input to the input terminals I ₀ and I ₇ , respectively.

In the latch section 21, the encryption key K is latched on condition that the latch signal RATCH output from the control section 3 is input. The latched encryption key K is sent from the output terminals O _{0 to} O ₇ to the data bus DB ₁ in parallel with 8 bits. Each data bus DB ₁ connects the output terminals O _{0 to} O ₇ of the latch section 21 and the input terminals I _{0 to} I _{7 of the} gate section 22. Specifically, the output terminal O ₀ and the input terminal I ₃ are connected, the output terminal O ₄ and the input terminal I ₇ are connected, and so on.
_{0 to} O ₇ and the input terminals I _{0 to} I ₇ are randomly connected. As a result, in the gate unit 22, the bit pattern of the encryption key K is rearranged in bit units. Specifically, for example, the encryption key K of “10011010” becomes the communication encryption key Kc of “10011010”.

Communication encryption key K given to the gate unit 22
c is an output terminal O provided that the read signal READ output from the control unit 3 is input to the gate unit 22.
It is sent from _{0 to} O ₇ to the data bus DB ₂ . As a result, the communication encryption key Kc that is completely different from the original encryption key K is provided to the control unit 3. The communication encryption key Kc given to the control unit 3 is given to the encryption / plaintext device 6 and used for encryption / plaintext processing.

As described above, also in the facsimile apparatus according to the fourth embodiment, the communication encryption key Kc in which the bit pattern of the encryption key K to be the data collection target of the remote diagnosis is changed is also provided, as in the above embodiments. Since the encrypted data is created by using it, even if the remote diagnosis is abused, the communication confidentiality can be surely maintained. In the facsimile apparatus of the fourth embodiment, the bit pattern of the encryption key K is randomly rearranged in bit units, but the bit pattern of the encryption key K may be rearranged as it is.

The encryption key K has 8n bits (however, n
Is a natural number), the encryption key K may be sequentially given to the encryption key processing unit 20 by 8 bits over n times. In the above case, the encryption key processing unit 20 is
The encryption keys K may be provided in parallel, and the encryption keys K may be given to the encryption key processing units 20 in parallel at a time by 8 bits. FIG.
9 is a flowchart showing a transmission operation in the facsimile apparatus of the fifth exemplary embodiment of the present invention. Note that this fifth
In the description of the embodiment, FIG. 1 described above will also be referred to as necessary.

In each of the above embodiments, the communication encryption key Kc is created by changing the bit pattern without changing the logical value of the bits forming the encryption key K. The form is characterized in that the communication encryption key Kc is created by changing the logical value of the bits forming the encryption key K. Next, with reference to FIG. 14, a transmission operation in the facsimile apparatus of the fifth embodiment will be described.

In this facsimile apparatus, when the encrypted communication is not instructed (NO in step V1), normal facsimile communication is executed (step V6). on the other hand,
When encrypted communication is instructed (YE in step V1)
S), the encryption key K corresponding to the input confidential box number for encrypted communication is read from the backup memory 14 and temporarily held in the work memory 15, and a ROM (not shown) provided in the controller 3 The processing data D stored in () is read (step V2).

The processing data D is, for example, from the same manufacturer.
It is common to the same model and is not a target for remote diagnostic data collection. This is because the remote memory data collection target is the backup memory 1 as described above.
This is because it is only the data stored in 4. The processing data D may be stored in association with the confidential box number for encrypted communication, and the processing data D corresponding to the input confidential box number for encrypted communication may be read together with the encryption key K. Good.

After that, an exclusive OR is calculated between the encryption key K held in the work memory 15 and the read processing data D. As a result, the logical value of the bits forming the encryption key K is changed, and a communication encryption key Kc that is completely different from the encryption key K is created (step V3). Thereafter, encrypted data is created using the created communication encryption key Kc (step V4), and a transmission signal corresponding to the created encrypted data is sent to the public telephone line 8 to encrypt the data. Transmission is achieved (step V
5).

FIG. 15 is a flow chart showing the receiving operation in the facsimile apparatus of the fifth embodiment.
In this facsimile apparatus, when the encrypted communication is not instructed (NO in step W1), the normal printout operation in the recording unit 9 is executed (step W6).

On the other hand, when the cryptographic communication is instructed (YES in step W1), the cryptographic key K corresponding to the confidential box number for cryptographic communication included in the NSS transmitted prior to the transmission of the original image data is backed up. It is read from the memory 14 and held in the work memory 15, and
The processing data D is read from the ROM (step W
2). Then, the exclusive OR between the encryption key K and the processing data D is obtained to create the communication encryption key Kc (step W3). Then, the received encrypted data is subjected to the plain culture process using the communication encryption key Kc to obtain the plain culture data, and the original image data is restored based on the obtained plain culture data (step W4). Then, based on the restored original image data, the recording unit 9
The original document is reproduced on the recording paper by (step W
5).

As described above, according to the facsimile apparatus of the fifth embodiment, the encrypted data is created by using the communication encryption key Kc in which the logical value of the bit forming the encryption key K is changed. Even if the remote diagnosis is abused and the encryption key K is stolen, the encrypted data cannot be decrypted. Therefore, communication confidentiality can be improved.

Although the embodiments of the present invention are as described above, the present invention is not limited to the above-mentioned embodiments. For example, in each of the above-described embodiments, a facsimile device is described as an example of the terminal device, but the present invention is
For example, it can be widely applied to various devices that can be other communication terminal devices such as a personal computer and a word processor.

In each of the above embodiments, the original image data is described as an example of the data to be transmitted, but the present invention can be applied to the case of transmitting data other than the original image data. Other various design changes can be made within the scope described in the claims.

[0076]

As described above, according to the present invention, encrypted data is created using the communication encryption key created by changing the bit pattern of the stored encryption key according to a predetermined rule. Even if the remote diagnosis is abused, the communication encryption key is not stolen. Therefore, the encrypted data cannot be decrypted. Therefore, communication confidentiality can be improved.

In particular, if the bit pattern of the communication encryption key is changed for each encrypted communication, when the encryption is performed, even if the original data is the same, the created encrypted data can be encrypted. It can be different each time. Therefore, the encryption strength can be improved.

[Brief description of drawings]

FIG. 1 is a block diagram showing an electrical configuration of a facsimile apparatus according to a first embodiment of the present invention.

FIG. 2 is a flowchart showing a transmission operation in the facsimile apparatus of the first embodiment.

FIG. 3 is a flowchart showing a receiving operation in the facsimile apparatus of the first embodiment.

FIG. 4 is a diagram for specifically explaining a circular shift that is a feature of the first embodiment.

FIG. 5 is a flowchart showing a transmission operation in the facsimile apparatus according to the second exemplary embodiment of the present invention.

FIG. 6 is a flowchart showing a receiving operation in the facsimile apparatus of the second embodiment.

FIG. 7 is a diagram showing a table showing a correspondence relationship between a count value and the number of bits to be circularly shifted, which is a feature of the second embodiment.

FIG. 8 is a flowchart showing a transmission operation in the facsimile apparatus according to the third exemplary embodiment of the present invention.

FIG. 9 is a flowchart showing a receiving operation in the facsimile apparatus of the third embodiment.

FIG. 10 is a diagram for specifically explaining a byte swap that is a feature of the third embodiment.

FIG. 11 is a diagram showing a table showing a correspondence relationship between a byte swap rule and a count value, which is a feature of the third embodiment.

FIG. 12 is a block diagram showing an electrical configuration of a facsimile apparatus according to a fourth embodiment of the present invention.

FIG. 13 is a circuit diagram showing a configuration of an encryption key processing unit which constitutes a part of the facsimile apparatus of the fourth embodiment.

FIG. 14 is a flowchart showing a transmission operation in the facsimile apparatus according to the fifth exemplary embodiment of the present invention.

FIG. 15 is a flowchart showing a receiving operation in the facsimile apparatus of the fifth embodiment.

[Explanation of symbols]

3 control unit 6 encryption / plain culture device 5 modem 7 NCU 12 operation unit 14 backup memory 15 work memory 20 encryption key processing unit CNT ₁ , CNT ₂ , ..., CNT _n , CNT counter C count value K encryption key Kc Communication encryption key M1 to M4 bit group

Claims (1)

[Claims] 1. A terminal device for performing cryptographic communication via a predetermined communication line, comprising: storage means for storing an encryption key made up of a plurality of bits; and encryption code stored in the storage means. Encryption key changing means for creating a communication encryption key by changing the bit pattern of the key according to a predetermined rule, and data is encrypted using the communication encryption key created by this encryption key changing means. A terminal device comprising an encryption processing means.