JP6544519B2 - Mobile control system - Google Patents

Description

  The present invention relates to a mobile control system.

  In recent years, while commercial use of various mobile bodies such as drone has rapidly advanced, efforts for discussion on regulation and establishment of a safe control technology are activated.

  For example, wireless communication used for drone control and data transmission is susceptible to interception, interference and interference.

  In addition, the wireless communication device mounted on the drone has a narrow communicable area, and is usually limited to a range within the viewing range, which is an obstacle to safely flying the drone in a wide area.

  However, except for specific applications such as military applications, drone communication control and data communication encryption are not performed, and research and development and testing are currently in progress.

  Here, as a conventionally used communication control method, for example, Patent Document 1 describes a communication method in which a mobile switches a plurality of base stations.

  Patent Document 2 describes secret communication used when switching communication with a plurality of base stations while the mobile terminal is moving.

  Patent Document 3 describes a method of encrypting communication of a mobile using a simple common key.

JP, 2015-88782, A JP, 2014-23029, A JP 2007-235353 A

  However, the communication method described in Patent Document 1 aims to switch base stations at high speed, and does not relate to measures for communication safety.

  Further, the communication method described in Patent Document 2 is mainly for avoiding the failure of the decoding process due to the synchronization deviation, and does not relate to the measure for the security of the data communication itself.

  Further, the communication method described in Patent Document 3 assumes encryption with a simple common key, and enables effective use of a plurality of base stations by making security strength variable. . However, it only uses multiple selectable routes as a system, and does not realize safe handover of control.

  In addition, public key cryptography and common key cryptography that are widely used to ensure the security of communications are assumed to be implemented on the infrastructure of wired networks and wireless base station mesh networks, and it is assumed that drone etc. move. If it is used as it is for body communication control and data communication, the characteristic delay due to the calculation delay and fading under the limited computer resource will be caused.

  In addition, it is necessary to ensure high communication security in important communications related to security, security etc., but to realize encryption without delay by a small computer that can be mounted on a mobile such as a drone It is extremely difficult.

  In addition, if the size and weight of the cryptographic device are reduced easily, the performance will be reduced, and the risk of being decrypted by an advanced computer will increase.

  Therefore, the present invention has been devised in view of the above-mentioned problems, and reduces the information processing required for the mobile unit, prevents the enlargement of the computer to be mounted, and secures the data communication. It is an object of the present invention to provide a mobile control system capable of securing and safely taking over control of a mobile among a plurality of base stations.

A mobile control system according to a first aspect of the present invention comprises a mobile capable of storing information, a plurality of base stations disposed on a moving path of the mobile and performing control of the mobile, the base station, and the mobile. and a cryptographic key generating apparatus for generating an encryption key and shipping that used by the mobile and said base station is a mobile control system for performing authentication, and the communication using encryption, the encryption key The generation device generates the different encryption key for each of the base stations on the movement path of the mobile and performing at least one of authentication and communication of the mobile , and the mobile is the encryption key generation device. Holds the encryption keys assigned to all the base stations on the moving path and controlled by the base station, which are generated and distributed, and the base station is generated and distributed by the encryption key generation device , Assigned to own machine Wherein holding the encryption key, characterized in that takes over control of the movement path on the authentication using the encryption key with the mobile, and sequentially the moving body while performing at least one of communication.

A mobile control system according to a second aspect of the present invention is the mobile object control system according to the first aspect, wherein the encryption key generation device is connected in a vault with quantum key distribution links which are pairs of a plurality of transmitters and receivers connected by optical fibers. is composed of are networked QKD platform, before the transmitter or the receiver, the cryptographic key to be delivered to the mobile and the base station, to delivery can be input and output via a trusted courier It is characterized by

In the mobile control system according to the third invention, in the second invention, the quantum key distribution platform is configured such that the transmitter located at the beginning of the moving path of the mobile is for each base station with respect to the mobile. authentication is performed by, and to generate a plurality of the encryption key used in at least one of communication, the transmitter or the receiver holds the encryption key by the base station corresponding to the own apparatus is used, A key relay is provided for delivering to the other transmitter or the receiver located downstream of the moving path of the mobile without holding the other encryption key.

  The mobile unit control system according to the fourth invention is characterized in that, in the third invention, the key relay is performed by encrypting and decrypting the encryption key using the distribution encryption key used for distribution of the encryption key. I assume.

Mobile control system according to the fifth invention, in the first invention, the encryption key generating apparatus is constituted by a single true random number generator, before Symbol true random number generating device, wherein the mobile and the base station the encryption key distribution to be characterized also be output from deliverable to the trusted courier.

Mobile control system according to the sixth invention, in any one of the second invention to the fifth aspect of the present invention, the trusted courier, characterized that you authentication using the Wegman-Carter authentication.

  According to the present invention having the above-described configuration, the security of data communication can be secured while reducing the information processing required for the mobile body and preventing the enlargement of the computer to be mounted, and between a plurality of base stations. Control of the mobile can be taken over safely.

In a mobile control system concerning an embodiment of the present invention, it is a mimetic diagram showing signs that an encryption key is distributed to a receiver from a transmitter which constitutes the first quantum key distribution link. It is a schematic diagram which shows a mode that the first controller controls a drone. It is a schematic diagram which shows a mode that a 2nd controller controls a drone. It is a schematic diagram which shows a mode that a 3rd controller controls a drone. It is a schematic diagram which shows a mode that data are transmitted to the receiver in the end of a flight path from a drone. It is a schematic diagram which shows a mode that the drone finished movement on a flight path. It is a schematic diagram which shows the mode of control of the drone in the mobile body control system which concerns on the modification of this invention.

  Hereinafter, a mobile control system 1 according to an embodiment of the present invention will be described.

  FIG. 1 is a schematic diagram showing how the encryption keys K1 to K4 are delivered from the transmitter 21a constituting the first quantum key distribution link L1 to the receiver 21b in the mobile unit control system 1 according to the embodiment of the present invention. It is. In the description of the present embodiment, “delivery” includes both concepts of quantum key distribution and transmission of information by a trusted courier described later.

The mobile control system 1 according to the present embodiment is configured to include a quantum key distribution platform 6 as an encryption key generation device, controllers 71, 72, 73 as base stations, and a drone 3.

  Then, in the mobile control system 1, the drone 3 and the controllers 71, 72, 73 communicate using one-time pad encryption.

  One-time pad encryption prepares true random numbers of the same size as plaintext, shares them as an encryption key between two parties, generates ciphertext by bit sum of plaintext and encryption key, transmits it, and encrypts again on the receiving side This is a communication method for decrypting plaintext by bit sum of a sentence and an encryption key. The encryption key is thrown away each time like a peelable note (pad). Therefore, if one-time pad encryption can share even the encryption key safely, it is mathematically proved that it is impossible in principle to decrypt the plaintext from the ciphertext using any strong computer. It is the only method, and it is a highly secure communication method.

  In the present embodiment, the encryption keys K1 to K7 are used as disposable encryption keys used for one-time pad encryption. The encryption keys K1 to K7 are different random number sequences.

  In the present invention, in addition to one-time pad encryption, it is possible to adopt another encryption method using an encryption key as a common key. However, as described above, since one-time pad encryption is a highly secure communication method, one-time pad encryption is preferably used in the present invention, and one-time pad encryption is also used in this embodiment. It is adopted. The encryption key is preferably disposable.

  The quantum key distribution platform 6 includes a quantum key distribution link L1 formed by a transmitter 21a and a receiver 21b connected by an optical fiber 51, and a quantum formed by a transmitter 22a and a receiver 22b connected by an optical fiber 52. Key distribution link L2, quantum key distribution link L3 formed by transmitter 23a and receiver 23b connected by optical fiber 53, and quantum key formed by transmitter 24a and receiver 24b connected by optical fiber 54 The delivery link L4 is configured to be connected in a safe station protected for protection against unauthorized intrusion from the outside and vaults 4a, 4b and 4c which are management areas in the same.

  Quantum key distribution securely shares an encryption key between two points without leaking any encryption key information to anyone other than a legitimate sender / receiver, regardless of any eavesdropping technology for the communication path or any decryption technology for data extracted from the communication path. It is a technology. The transmitter and receiver of the quantum key distribution link distribute and share such an encryption key that can not be intercepted and decrypted in principle.

By covering the connection points between the quantum key distribution links with the physically and electromagnetically shielded vaults 4a to 4c from the outside, it is possible to prevent communication leakage at the connection points. Thus, between the quantum key distribution platform 6 which is networked by connecting the quantum key distribution link via a connection point, the principle transmitter tapping and decrypted without the encryption key within any desired vault and receiver Can be distributed and shared.

  The transmitters 21a, 22a, 23a, 24a and the receivers 21b, 22b, 23b, 24b are terminals capable of generating, transmitting and receiving, and storing encryption keys, respectively. In the present embodiment, although the transmitter and the receiver are separately described for convenience, the terminal is actually a terminal having both the function of transmitting and receiving the encryption key.

  The transmitters 21a, 22a, 23a, 24a and the receivers 21b, 22b, 23b, 24b transmit and receive encryption keys by quantum key distribution. At the time of quantum key distribution of the encryption keys K1 to K4, in order to encapsulate these encryption keys, encryption keys K5 to K7 are separately used (see FIGS. 2 to 4).

  The transmitters 21a, 22a, 23a, 24a and the receivers 21b, 22b, 23b, 24b have connection terminals to the external storage device, and the encryption key generated in the external storage device connected to the connection terminal is It can be saved.

  The drone 3 is an unmanned airplane that flies under the control of the controllers 71, 72, 73, and various information such as driving devices such as propellers, motors and batteries, and encryption keys used for communication with the controllers 71, 72, 73. Storage unit, an antenna for communicating with controllers 71, 72, 73, a connection terminal for exchanging information with an external storage unit, and a control unit for controlling the overall configuration of these components. .

  Furthermore, the drone 3 may have any function such as an imaging device. Data of images and moving pictures taken by the image pickup apparatus are transmitted in real time to the controllers 71, 72, 73 and receivers 21b, 22b, 23b, 24b, etc. on the ground by the communication apparatus, and the memory built in the drone 3 It may be stored in the device.

  In the present embodiment, although the drone 3 is described as an example of the moving body, the present invention is not limited to this, and various moving bodies such as various vehicles, ships, trains, etc. performing automatic driving are applied. Can.

  Further, in the drone 3, it is desirable that the encryption key to be stored is not a permanent medium, but is stored in a volatile memory such as a dynamic random access memory (DRAM) whose data disappears when the power is lost. By this mechanism, it is possible to prevent the encryption key of each base station from leaking when the drone 3 passes over to a malicious third party.

  The controllers 71, 72, 73 function as a base station that communicates with the drone 3 using the unique encryption key assigned to each controller and performs control of the drone 3. In the example of FIG. 1, the controller 71 controls the drone 3 using the encryption key K1, the controller 72 uses the encryption key K2, and the controller 73 uses the encryption key K3.

  It should be noted that, in practice, two encryption keys for authentication and two encryption keys for communication are required for communication control between the drone 3 and the controllers 71, 72, 73, but in the present embodiment, these are used. Two types of encryption keys are expressed as one encryption key K1 to K4.

  Next, the operation of the mobile control system 1 according to the present embodiment will be described.

  In the following description, control of the drone 3 is sequentially taken over from the first controller 71 to the third controller 73, and finally the data stored in the drone 3 is transmitted to the receiver 24b. The action is taken.

First, the quantum key distribution link L1 of the quantum key distribution platform 6, which is an encryption key generation device, transmits information to the encryption keys K1 to K3 used to control the drone 3 and the receiver 24b at the end of the flight path. generates an encryption key K4 to be used in, delivered shared between the transmitter 21 a and receiver 21b (see FIG. 1).

  Thus, the encryption keys K1 to K4 are respectively stored in the transmitter 21a and the receiver 21b (see FIG. 1).

  Next, the encryption keys K1 to K4 are delivered from the transmitter 21a to the drone 3 by the trusted courier via the external storage device. Similarly, an encryption key K1 for controlling the drone 3 is delivered from the receiver 21b to the controller 71 by a trusted courier via an external storage device (see FIG. 2).

  The Trusted Courier is a delivery company that delivers critical information so that it is strictly controlled and does not leak information to people outside the organization. In the present embodiment, a trusted courier stores information in an external storage device and delivers the information by transporting it.

  In addition, at the time of delivery of a quantum key by a trusted courier, it is preferable from the viewpoint of security that user authentication is performed by Wegman-Carter authentication which has been proved not to be broken by any computer.

The quantum key distribution link L2 distributes and shares the encryption key K5 between the transmitters 22a and 22b (see FIG. 2). The quantum key distribution link L3 distributes and shares the encryption key K6 between the transmitters 23a and 23b (see FIG. 3). The quantum key distribution link L4 distributes and shares the encryption key K7 between the transmitters 24a and 24b (see FIG. 4 ). The encryption keys K5 to K7 are encryption keys for delivering (key relay) each of the encryption keys K1 to K4 to the necessary transmitter and receiver by the quantum key distribution link. The encryption keys K1 to K7 are all different encryption keys.

  The encryption keys K1 to K3 are encryption keys corresponding to the encryption keys held by all the controllers 71, 72, 73 that control the drone 3 on the flight path of the drone 3, and the drone 3 is the encryption key K1 to K3. Having K 3 enables communication with all the controllers 71, 72, 73 on the flight path.

  Also, the encryption key K4 is used when the drone 3 transmits the information stored therein to the receiver 24b which is the destination (see FIG. 5). That is, the drone 3 encrypts the information held by the own device and finally transmitted to the receiver 24b using the encryption key K4.

  The information encrypted by the drone 3 can be decrypted only by the receiver 24b, which likewise has the encryption key K4.

  Therefore, even when the information transmitted from the drone 3 is intercepted, the interceptor can not decrypt the information, and the information can be transmitted and received safely.

  Next, control by the controller 71 of the drone 3 is started. FIG. 2 is a schematic view showing how the first controller 71 controls the drone.

  The controller 71 communicates with the drone 3 using the encryption key K1 and controls the drone 3. The encryption key K1 used here is destroyed when the control of the drone 3 ends.

  Further, as shown in FIG. 2, the receiver 21b uses the encryption keys K2 to K4 not used by the receiver 21b for use of the controllers 72 and 73 and the receiver 24b located downstream of the drone 3 movement path, It supplies to the transmitter 23a.

  In the supply of the encryption keys K2 to K4 from the receiver 21b to the transmitter 23a, first, the encrypted keys K2 to K4 held by the receiver 21b are supplied to the transmitter 22a by the trusted courier. This supply can be done safely because it is done in the vault 4a.

  Next, key relay of the encryption keys K2 to K4 by quantum key distribution through the optical fiber 52 is performed from the transmitter 22a to the receiver 22b. This key relay is performed by encapsulating the encryption keys K2 to K4 using the encryption key K5.

  Next, from the receiver 22b that has received the encryption keys K2 to K4, the encrypted keys K2 to K4 are supplied by the trusted courier to the transmitter 23a in the same vault 4b. Since this supply is also performed in the vault 4b, it can be performed safely.

  Next, the control of the drone 3 is taken over to the second controller 72 on the movement path. FIG. 3 is a schematic view showing how the second controller 72 controls the drone 3.

  The controller 72 communicates with the drone 3 using the encryption key K2 to control the drone 3.

  Also, the transmitter 23a uses the encryption key K6 as shown in FIG. 3 in order to use the encryption keys K3 and K4 for use of the other controller 73 and the receiver 24b located downstream of the drone 3 movement path. The encryption keys K3 and K4 are encapsulated and key relayed to the receiver 23b via the optical fiber 53.

  Next, control of the drone is handed over to the third controller 73 on the movement path. FIG. 4 is a schematic view showing how the third controller 73 controls the drone 3.

  The controller 73 communicates with the drone 3 using the encryption key K3 and controls the drone 3.

  Further, in order to use the receiver 24b located downstream of the movement path of the drone 3, the encryption key K4 is supplied from the receiver 23b to the transmitter 24a by the trusted courier. This supply is safe because it is done in the vault 4c.

  Then, as shown in FIG. 4, the transmitter 24a performs key relay to the transmitter 24b of the encryption key K4. This key relay is performed by encapsulating the encryption key K4 using the encryption key K7.

  Next, the drone 3 transmits the information encrypted by the encryption key K4 held by the device to the receiver 24b. FIG. 5 is a schematic diagram showing how information is transmitted from the drone 3 to the receiver 24b at the end of the flight path.

  The receiver 24b decrypts the information transmitted from the drone 3 using the encryption key K4.

  And drone 3 which finished a series of operations lands on a predetermined place. FIG. 6 is a schematic diagram showing how the drone 3 has finished moving on the flight path.

  The drone 3 can be returned from the end point to the departure point again by repeating the above-described process on the moving path in the opposite direction (see FIG. 6).

  In the embodiment described above, delivery of the encryption keys K1 to K4 used to control the drone 3 between base stations is performed by key relay using quantum key delivery, but the present invention is not limited to this. , Key relay may be performed by a trusted courier.

  In this case, the encryption key generation device is configured of a single true random number generation device, and delivery of the encryption key to the drone 3 and each controller from the encryption key generation device is performed by trusted courier.

  According to the mobile object control system 1 according to the above-described embodiment, processing such as generation and delivery of the encryption key can be carried by facilities such as a ground network, and the information processing required for the mobile object can be reduced and installed. Can prevent the computer from becoming larger.

  In addition, by performing communication by encryption and further distributing the encryption key using quantum key distribution or trusted courier, the security of data communication can be secured, and a mobile unit can be moved among a plurality of base stations. It is possible to safely take over control of the

  Next, a modification of the present invention will be described. FIG. 7 is a schematic view showing control of the drone 3 in a mobile control system 1 'according to a modification of the present invention.

  The modification shown in FIG. 7 describes control performed when there are a plurality of flight paths and control areas. Here, more secure authentication and dynamic selection of flight paths are performed using cryptographic keys distributed and stored in multiple nodes over multiple control areas.

  The mobile control system 1 'according to the modification includes the drone 3, the transmitters 21a, 22a, 23a, 24a, 25a, 26a, 27a, 28a, and the receivers 21b, 22b, 23b, 24b, 25b, 26b, 27b, 28 b and a controller (not shown).

  Also in this modification, the control of the drone 3 is performed by the controller which is a base station, but for the sake of simplicity, here, the transmitter and the receiver will be described as being integral with the controller.

  Therefore, when the transmitter or the receiver controls the drone 3, it means that the controller to which the encryption key has been delivered from the transmitter or the receiver controls the drone 3.

  Between transmitter 21a and receiver 21b, between transmitter 22a and receiver 22b, between transmitter 23a and receiver 23b, between transmitter 24a and receiver 24b, between transmitter 25a and receiver 25b, Optical keys are connected between the transmitter 26a and the receiver 26b, between the transmitter 27a and the receiver 27b, and between the transmitter 28a and the receiver 28b to form quantum key distribution links L1 to L8. doing.

The quantum key distribution links L1 to L8 are connected to one another in the vaults 4a to 4e to form a quantum key distribution platform as an encryption key generation device.

  The transmitter 22a, the receiver 21b, the transmitter 24a and the transmitter 23a are covered by a vault 4a. The receiver 25b, the transmitter 27a and the receiver 23b are covered by a vault 4b. The receiver 22b, the transmitter 26a and the transmitter 25a are covered by a vault 4c. The receiver 26b, receiver 24b, receiver 27b and transmitter 28a are covered by a vault 4d. The base station 28b is covered by a vault 4e.

  In the mobile control system 1 'according to the modification, delivery of the encryption key to the drone 3 and each base station (controller) is performed in the same manner as the mobile control system 1 according to the above-described embodiment.

  In the mobile control system 1 'according to the modification, first, the encryption keys K1 to K8 are generated by the transmitter 21a, and the encryption keys K1 to K8 are distributed to the receiver 21b by key relay by quantum key distribution. The encryption keys K1 to K8 are different encryption keys.

  Next, encrypted keys K1 to K8 are delivered from the transmitter 21a to the drone 3 by the trusted courier.

  Then, among the encryption keys K1 to K8 delivered to the receiver 21b, only the encryption key K1 is held in the receiver 21b, and the receiver 21b is encrypted in the vault 4a to the transmitter 22a by trusted courier. The keys K4 and K5 are delivered, and the transmitter 22a further delivers the cryptographic keys K4 and K5 to the receiver 22b via the quantum key delivery link L2. This quantum key distribution is also performed by encapsulation using an encryption key (not shown), as in the mobile control system 1 according to the above-described embodiment.

  Also, the receiver 21b delivers the encryption keys K6, K7, K8 to the transmitter 24a in the vault 4a by trusted courier in the vault 4a, and the transmitter 24a sends the encryption key K6 to the receiver 24b via the quantum key distribution link L4. , K7, K8 delivery. This quantum key distribution is also performed by encapsulation using an encryption key (not shown).

  In addition, the receiver 21b delivers the encryption keys K2 and K3 to the transmitter 23a by the trusted courier in the vault 4a, and the transmitter 23a sends the encryption key K2 to the receiver 23b via the quantum key delivery link L3, Deliver K3. This quantum key distribution is also performed by encapsulation using an encryption key (not shown).

  The receiver 24b holds only the encryption keys K6 and K7, and delivers the encryption key K8 to the transmitter 28a by trusted courier in the vault 4d, and the transmitter 28a receives it via the quantum key distribution link L8. Deliver to machine 28b. This quantum key distribution is also performed by encapsulation using an encryption key (not shown).

  Next, the receiver 21b (in fact, the controller to which the encryption key K1 has been delivered from the receiver 21b) controls the drone 3 using the encryption key K1 ((1) in FIG. 7).

  Next, the drone 3 receives the receiver 22b of the node 4c (in fact, the controller to which the encryption key K4 has been delivered from the receiver 22b) and the receiver 23b of the node 4b (actually the encryption key K2 is delivered from the receiver 23b) Move to the communicable range of the controller).

  Then, authentication of the drone 3 is performed by transmitting the encryption key K4 of the receiver 22b (in fact, the controller to which the encryption key K4 has been delivered from the receiver 22b) and the receiver 23b (actually, the encryption key K2 from the receiver 23b) (2) in FIG. 7) using the encryption key K2 of the controller). An authentication performed using an encryption key divided and stored in a plurality of controllers in this manner is hereinafter referred to as “collusion authentication”.

  Next, the drone 3 authenticated by the receivers 22b and 23b communicates with the receiver 22b (in fact, the controller to which the encryption key K5 has been delivered from the receiver 22b) using the encryption key K5. Receive control ((3) in FIG. 7).

  Next, the drone 3 continues to fly, and the receiver 23b of the node 4b (in fact, the controller to which the encryption key K3 has been delivered from the receiver 23b) and the receiver 26b of the node 4d (actually, the encryption key from the receiver 26b Move K6 to the communicable range of the delivered controller.

  Then, the collusion authentication of the drone 3 receives the encryption key K3 of the receiver 23b (in fact, the controller to which the encryption key K3 has been delivered from the receiver 23b) and the receiver 26b (actually the encryption key K6 is delivered from the receiver 26b) (4 in FIG. 7) and after authentication, the drone 3 receives the receiver 26b (in fact, the controller to which the encryption key K7 has been delivered from the receiver 26b) and the encryption key Communication is performed using K7, and control of the receiver 26b is received ((5) in FIG. 7).

  Furthermore, the drone 3 continues to fly, moves to the communicable range of the receiver 28b (in fact, the controller to which the encryption key K8 has been delivered from the receiver 28b), and the control is handed over to the receiver 28b. At this time, the drone 3 communicates with the receiver 28b (in fact, the controller to which the encryption key K8 has been delivered from the receiver 28b) and the encryption key K8 ((6) in FIG. 7).

  Then, the drone 3 finishes the series of operations.

  As described above, by adopting collusion authentication by a plurality of controllers, it is possible to perform more secure control or dynamic control according to the situation by setting hierarchical priorities to a plurality of movement routes.

  Also, when distributing and storing encryption keys, threshold secret sharing may be used to manage the encryption keys so that authentication of the drone 3 can be performed by any two of the plurality of encryption keys. As a result, when the control of the drone 3 is dynamically performed, the movement can be continued without losing the reliability even if the communicable controller is limited at a certain time.

  In addition, such dynamic control can be applied by appropriately changing parameters such as (2, 3) threshold method or (3, 5) threshold method which can further enhance the reliability of operation. .

  In the (k, n) threshold method, it is possible to divide the whole into n pieces, and it is possible to restore the whole by any k pieces of them, but efficient redundancy which can not be restored with k or less. Is a mechanism of data division with

  Also, communication between the drone 3 and the controller may cause packet loss for various reasons. If the use addresses in the true random number pair, which are encryption keys distributed in advance, are inconsistent due to packet loss, data can not be decrypted.

  In order to avoid such a situation, it is possible to add address information indicating which part of the true random number table is used in block units to communicate to a prescribed position such as the beginning or end of the block.

  If the fixed block length is not used, information on the length of the key to be used may be included at a prescribed position such as the beginning or end of the block or immediately after the address information.

  These measures make it possible to verify the usage history of the true random number table, enabling more secure control.

  For example, in FIG. 7, the drone 3 separated from the communication range of the node 4a (in fact, the controller to which the encryption key is delivered from the receiver or transmitter in the node 4a) returns to the communication range of the node 4a for some reason In this case, the address of the true random number table sent from the node 4a must be after the last address of the true random number table used so far, and it is an address separated beyond possible packet loss There is no.

  Thus, the communication history between the node 4a and the drone 3 can also be used for secure communication control.

  In addition, when using such a mechanism, a mechanism for avoiding a situation where each node (in fact, a controller in the node or a controller to which an encryption key has been delivered from the node) continues sending control signals without drone 3 It is desirable to incorporate

  For example, if the node and the drone 3 have means for delivery confirmation, or if it is possible to send this information to another node when the drone starts to be controlled by the next node, the previous node wastes control information. There is no need to send.

  Also, in an environment where sufficient communication resources can be secured, control information may be sent simultaneously from all nodes (in fact, a controller in the node or a controller to which an encryption key is delivered from a transmitter). As a result, since all nodes use the same location of the distributed true random number table, not only authentication management on the drone 3 side becomes easy, but also the history of addresses is continued when moving between nodes This makes safer control possible.

  Furthermore, even in a situation where delivery confirmation can not be made between each node and the drone 3, control of the drone moving between the nodes becomes easy.

  In addition, data encrypted using a cryptographic key by a drone may be relayed among a plurality of drone and transmitted to a target controller, transmitter or receiver. In this case, transmission and reception of data between the drone will be performed using wireless communication, but only the controller, transmitter or receiver having data encrypted by the encryption key and having the same encryption key as the encryption key Is a mode that can be decoded, so that data can be relayed safely.

1, 1 'Mobile Control System 3 Drone 4a, 4b, 4c, 4d, 4e Vaults 21a-28a Transmitters 21b-28b Receivers 51, 52, 53, 54 Optical Fiber 6 Quantum Key Delivery Platform 71, 72, 73 Controller K1 to K8 Encryption key L1 to L8 Quantum key distribution link

Claims (6)

A moving body capable of storing information, and a plurality of base stations are arranged on a moving path of the moving body performs control of the movable body, it generates and send distribution of encryption key used by the base station and the mobile A mobile control system comprising: an encryption key generation device, wherein the mobile and the base station perform authentication and communication using encryption;
The encryption key generation device generates the encryption key different for each of the base stations on the moving path of the mobile and performing at least one of authentication of the mobile and communication.
The mobile unit holds the encryption keys assigned to all the base stations on the movement path that are generated and distributed by the encryption key generation apparatus and that control the mobile station.
The base station holds the encryption key assigned to the mobile station generated and distributed by the encryption key generation device, and performs authentication and communication on the movement path using the mobile unit and the encryption key . A mobile control system characterized in that control of the mobile is taken over sequentially while performing at least one of them. The encryption key generation apparatus is configured by a networked quantum key distribution platform in which quantum key distribution links, which are a plurality of transmitters and receivers paired by optical fibers, are connected in a vault, respectively .
Before the transmitter or the receiver, the cryptographic key to be delivered to the mobile and the base station, the mobile body according to claim 1, wherein that you can be delivered to output through a trusted courier Control system. The quantum key distribution platform is configured such that the transmitter located at the beginning of the moving path of the mobile is used for at least one of authentication and communication performed by the base with respect to the mobile . Generate the encryption key;
The transmitter or the receiver holds the encryption key used by the base station corresponding to the own device , and is located downstream of the moving path of the mobile without holding another encryption key. The mobile control system according to claim 2, characterized in that a key relay is provided for delivery to the transmitter or the receiver.   The mobile control system according to claim 3, wherein the key relay is performed by encrypting and decrypting the encryption key using a distribution encryption key used for distribution of the encryption key. The encryption key generation device is configured of a single true random number generation device ;
Before SL true random number generating device, wherein the encryption key, the mobile control system of claim 1, wherein also be output from deliverable to the trusted courier delivery to the mobile and the base station. The trusted courier the mobile control system of any one of claims 2 to 5, characterized that you authentication using the Wegman-Carter authentication.

Images