JPH08171617A - Data communication system - Google Patents

Abstract

PURPOSE: To provide a data communication system with which information can be surely hidden, and further, the change of a system such as the version-up of software can be easily performed. CONSTITUTION: The data of a plane sentence supplied from the outside are ciphered/deciphered according to a prescribed ciphering/deciphering algorithm held inside, and the data of this provided ciphered/deciphered sentence are outputted by an IC card SAM, and an interface device IFD 1 is provided to supply the transmitting data of the plane sentence outputted from a terminal 1 to the IC card SAM and to transmit the data of the ciphered sentence outputted from the IC card SAM. Besides, an interface device IFD 2 is provided to receive the data of the ciphered sentence transmitted from the interface device IFD 1, to supply the received data to the IC card SAM and to output the data of the deciphered sentence outputted from the IC card SAM to a terminal 2.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data communication system which conceals transmission information by encrypting data.

[0002]

2. Description of the Related Art Conventionally, various data communication systems for encrypting transmission information have been developed for the purpose of security protection (information hiding) in data communication between terminals. Generally, in this type of data communication system, an encryption / decryption program and an encryption / decryption key are held in a storage device included in a communication terminal such as a personal computer, and plaintext data is stored in a transmission side terminal. A method of encrypting, transmitting this as ciphertext, and decrypting the ciphertext received by the receiving side terminal is adopted.

[0003]

However, in the conventional data communication system, since the encryption / decryption algorithm is held in the communication terminal (storage device such as hard disk or expansion board) as described above, In many cases, it is possible for a third party to steal the encryption / decryption program and encryption / decryption key in the terminal and decrypt or forge them, so the hiding of information is not sufficiently guaranteed. There was a problem. In addition, in the conventional data communication system, when changing the encryption / decryption algorithm, it is necessary to perform a complicated work such as a program replacement for each terminal, which imposes a heavy work burden on the user.
Furthermore, when a mobile communication terminal has an encryption / decryption algorithm built-in, the terminal body must be collected each time the algorithm is changed, and the user is forced to suspend use during that time. .

The present invention has been made under such a background, and provides a data communication system capable of surely hiding information and capable of easily changing the system such as software version up. The purpose is to do.

[0005]

In order to solve the above-mentioned problems, the invention according to claim 1 is a plaintext data supplied from the outside in a data communication system for exchanging encrypted data between communication terminals. Is encrypted according to a predetermined encryption algorithm stored therein, and the IC card that outputs the obtained ciphertext data and the plaintext transmission data that is output from the transmission side communication terminal are supplied to the IC card. It is characterized by comprising a transmitting side interface means for transmitting the ciphertext data output from the IC card to the receiving side communication terminal.

In a data communication system for transmitting and receiving encrypted data between communication terminals, the invention according to claim 2 decrypts according to a predetermined decryption algorithm for internally retaining data of ciphertext supplied from the outside. Then, the IC card that outputs the decrypted text data thus obtained and the encrypted text data transmitted from the communication terminal on the transmitting side are received, the received data is supplied to the IC card, and the data is output from the IC card. Receiving side interface means for outputting the data of the decrypted text to the receiving side communication terminal.

In the data communication system for transmitting and receiving the encrypted data between the communication terminals, the plaintext data supplied from the outside is encrypted according to a predetermined encryption algorithm which is internally held. , A first IC card that outputs the obtained ciphertext data,
The plaintext transmission data output from the transmission side communication terminal is supplied to the first IC card, and the ciphertext data output from the IC card is transmitted to the reception side communication terminal and supplied from the outside. A second IC card that decrypts the data of the ciphertext to be transmitted in accordance with a predetermined decryption algorithm that holds the data internally, and outputs the obtained data of the decrypted text, and the ciphertext that is transmitted from the transmitting side interface means. A receiving side interface means for receiving data, supplying the received data to the second IC card, and outputting the data of the decrypted text output from the IC card to the receiving side communication terminal. There is.

According to a fourth aspect of the present invention, in the third aspect of the invention, the transmission side terminal adds a communication control code for instructing either "plaintext" or "encryption" to the transmission data. If the communication control code added to the transmission data indicates “plain text”, the transmission side interface means transmits the transmission data to the reception side interface means together with the communication control code indicating the “plain text”. On the other hand, when the communication control code added to the transmission data indicates “encryption”, the transmission data is converted into the first data.
While encrypting it via the IC card, and transmitting the obtained ciphertext to the receiving side interface means together with the communication control code instructing the "decryption", and the receiving side interface means is added to the received data. When the communication control code indicates "plain text", the received data is output to the receiving side communication terminal, while when the communication control code added to the received data indicates "decryption", the received data is received. Is decrypted via the second IC card, and the obtained decrypted text is output to the receiving side communication terminal.

Further, in the invention according to claim 5, in the invention according to claim 4, the communication control code is "00" or "11" for "plain text", "encryption" and "decryption". The receiving side interface means uniformly replaces the 2-bit value of the communication control code supplied together with the transmission data from the transmitting side terminal by the two-bit value represented by "10" or "01". It is characterized by instructing the receiving side interface means to either "plain text" or "decryption".

[0010]

According to the first to third aspects of the invention, the encryption /
Since the decryption algorithm is stored in the IC card, it is impossible for a third party to decrypt the encryption / decryption algorithm. Also, the encryption / decryption algorithm is I
It is modularized in the C card and can be made independent from other application programs.

According to the invention described in claim 4, in addition to the operation according to the invention described in claim 3, each interface means is "plain text" or "encrypted" based on the communication control code.
Alternatively, it is possible to identify the process type of “decryption” and perform the operation corresponding to each process type.

According to the invention described in claim 5, in addition to the operation according to the invention described in claim 4, each interface means performs a uniform bit operation, so that "plaintext", "encryption", or "plaintext" can be easily performed. The processing type of "decryption" can be designated. This simplifies the software such that a common program can be used.

[0013]

Embodiments of the present invention will be described below with reference to the drawings. (1) Configuration of Embodiments Configuration of Data Communication System FIG. 1 is a block diagram showing the overall configuration of a data communication system according to an embodiment of the present invention. In the figure, 1,
Reference numeral 2 is a personal computer (hereinafter, simply referred to as a terminal) used as a communication terminal. These communication terminals 1 and 2 are interface devices IFD connected to each.
1, IFD2 and communication cable NE connecting these devices
Data is exchanged with each other via T.

Interface devices IFD1 and IFD2
Can control the communication between the terminals 1 and 2, and can connect the IC card SAM that encrypts / decrypts the data telegram, and also controls the card SAM. IC card S
AM has a built-in CPU, ROM, RAM, etc.
The data telegram supplied from the interface devices IFD1 and IFD2 is encrypted / decrypted based on a predetermined encryption / decryption algorithm (encryption / decryption program and encryption / decryption key) stored in the OM.

Configuration of Interface Device Next, the configuration of the interface device IFD1 will be described with reference to the block shown in FIG. Since the interface devices IFD1 and IFD2 have the same configuration, both of them will be described below. In the figure, reference numeral 11 is a CPU that controls each unit of the apparatus. The CPU 11 executes a predetermined control program and performs transmission / reception control and IC card control described later.

SCI1 is a communication port to which the terminal 1 is connected, and SCI2 is a communication port to which a communication cable NET connected to the interface device IFD2 on the terminal 2 side is connected. These communication ports SCI1, SCI
2 is configured according to RS232C, for example.
CDI is a card interface to which an IC card SAM is connected, and under the control of the CPU 11, data read / write from / to the IC card SAM and hardware reset are performed. Further, 12 is a RAM used as a work area of the CPU 11 for temporarily storing data, and 13 is a clock generator that generates a reference clock supplied to the CPU 11 and the IC card SAM.

Communication Format Next, with reference to FIG. 3, the format of the data telegram exchanged between the terminals 1 and 2 will be described. In the figure,
NOD is a 1-byte node address that specifies the destination and source terminals, and the upper 4 bits indicate the destination terminal.
The lower 4 bits indicate the source terminal.
For example, when data is transmitted from the terminal 1 to the terminal 2, N
OD = 10h (hexadecimal), and when transmitting data from the terminal 2 to the terminal 1, NOD = 01h (however,
The terminal 1 is represented by "1" and the terminal 2 is represented by "0").

SCB is 1-byte data for communication control (hereinafter referred to as communication control code). Details of this communication control code SCB will be described later. LEN is 1-byte data indicating the data length of the data section INFO that follows. The data section INFO is variable-length data composed of 1 to 256 bytes. Further, EDC is an error detection code obtained by exclusive ORing from the node address NOD to the last byte of the data part INFO.

Next, the details of the communication control code SCB will be described with reference to the bit map diagram shown in FIG. As shown in the figure, the first two bits b7 and b6 of the communication control code SCB are the interface devices IFD1 and IFD2.
Indicates the type of processing content by the IC card SAM that is instructed to, "00" indicates transmission in plain text (that is, no encryption), and "01" indicates transmission by encryption.
“10” represents transmission by decoding, respectively.
Note that "11" is not used in this embodiment.

The following two bits b5 and b4 indicate the transmission direction instructed to the interface devices IFD1 and IFD2, and the bit b5 indicates the transmission source and the bit b.
Reference numeral 4 represents a destination, bit value "0" represents the communication port SCI1 on the terminal side, and bit value "1" represents the communication port SCI2 on the cable side.

Therefore, for example, the interface device I
When bits b5 and b4 are given to FD1 as "00", both the transmission source and the transmission destination are the communication port SCI1 on the terminal 1 side, so a reply to the terminal 1 (that is, echo back to the terminal 1) Will be instructed. Also,
When the bits b5 and b4 are "01", the transmission from the terminal 1 side to the terminal 2 side is performed. When the bits b5 and b4 are "10",
When the bits b5 and b4 are “11” in the transmission from the terminal 2 side to the terminal 1 side, the reply to the terminal 2 side (that is, echo back to the terminal 2) is instructed respectively.
The remaining bits b3 to b0 are not used in this embodiment.

(2) Operation of the Embodiment Next, the operation of this embodiment will be described. Below,
After describing the communication sequence between the terminals as the overall operation of the embodiment, the encryption / decryption sequence between the interface device and the IC card will be described, and the detailed operation of the interface device will be referred to.

Communication Sequence FIG. 5 is a conceptual diagram showing a communication sequence between terminals.
In this figure, first, the terminal 1 transmits a control message of a transmission request in order to establish communication between the terminals 1 and 2. Since this control message is sent in plain text from the terminal 1 to the terminal 2 (the control message does not need to be encrypted in particular), the node address NOD = 10h and the communication control code SCB = “00”.
010000 ”is transmitted to the interface device IFD1. As a result, the plaintext transmission and the transmission direction are instructed to the interface device IFD1.

When the interface device IFD1 receives the control message, it exchanges the values of the bits b5 and b4 of the communication control code SCB (SCB = “0010”).
0000 ”), and transmits the control message to the interface device IFD2. The transmission direction is instructed to the interface device IFD2 by the exchange of the bit values.

When the interface device IFD2 receives the control message, it exchanges the values of bit b5 and bit b4 of the communication control code SCB (SCB =
"00010000"), and transmits the control message to the terminal 2. The exchange of the bit values here does not particularly instruct the terminal 2 in the transmission direction, but the interface device IF
When D1 and IFD2 receive a telegram, bit b is uniformly applied.
This is also done here because the values of 5 and b4 are exchanged. Also, the interface device IFD
1, IFD2 also exchanges the values of bit b7 and bit b6 uniformly, but here it is "00" that instructs transmission in plaintext, so there is no change before and after the exchange. Become. In this way, by configuring the interface devices IFD1 and IFD2 to uniformly exchange the bit values indicating the type of processing content and the transmission direction, the same program can be used, and the software can be simplified. It will be possible.

Now, the terminal 2 receives the control message of the transmission request, and returns the control message of the transmission permission when the preparation for reception is completed. This control message is sent in plain text from the terminal 2 to the terminal 1 as in the case of the above transmission request. Therefore, the node address NOD = 01h and the communication control code SCB = "00".
010000 ”is transmitted to the interface device IFD2. Thereby, the transmission direction is instructed to the interface device IFD2.

When the interface device IFD2 receives the control message, it exchanges the values of the bits b5 and b4 of the communication control code SCB (SCB = “0010”).
0000 ”), and sends the control message to the interface device IFD1. As a result, the transmission direction is instructed to the interface device IFD1, and the interface device IFD1
1 transmits this control message to the terminal 1.

In this way, when the terminal 1 receives the control message for permission of transmission and the communication between the terminals 1 and 2 is established, the terminal 1 then transmits the data message. Since this data telegram needs to be encrypted and sent from the terminal 1 to the terminal 2, the node address NOD = 10h and the communication control code SCB =
It is transmitted to the interface device IFD1 as "01010000". However, at this stage, the telegram is still plain text.

When the interface device IFD1 receives the data message, it transfers it to the IC card SAM. The IC card SAM encrypts the data part INFO of the received data message according to an internal encryption algorithm and returns it to the interface device IFD1. When the interface device IFD1 receives the encrypted data telegram (hereinafter, referred to as ciphertext), the bits b7, b6 and the bits b5, b4 of the communication control code SCB are received.
After replacing each of them (SCB = “10100000”), this is transmitted to the interface device IFD2. As a result, the encryption and the transmission direction are instructed to the interface device IFD2.

When the interface device IFD2 receives the ciphertext, it transfers it to the IC card SAM. The IC card SAM decrypts the received ciphertext according to an internal decryption algorithm,
Return to. When the interface device IFD2 receives this decrypted data telegram (hereinafter referred to as the decrypted text), it exchanges the bits b7 and b6 and the bits b5 and b4 of the communication control code SCB (SCB = “01”).
010000 ”), and transmits this to the terminal 2.

When the terminal 2 receives the above-mentioned decrypted text, it returns a control message indicating that the reception is completed. Since this control message is sent from the terminal 2 to the terminal 1 in plain text, the node address N
OD = 01h, and communication control code SCB = "0001000
It is transmitted to the interface device IFD2 by "0".

When the interface device IFD2 receives the control message, it inverts the bits b5 and b4 of the communication control code SCB to set SCB = “00100000”,
This is transmitted to the interface device IFD1. When the interface device IFD1 receives the control message, the bits b5 and b4 of the communication control code SCB are received.
Is inverted and SCB = “00010000” is set, and then this is transmitted to the terminal 1. Thus, the communication sequence between the terminals 1 and 2 is completed.

Encryption / Decryption Sequence Next, the encryption / decryption sequence between the interface device and the IC card will be described with reference to FIG.
As shown in FIG. 6A, when encrypting and transmitting the data telegram from the terminal 1 to the terminal 2, the terminal 1 transmits the plaintext data telegram to the node address NOD = 10 as described above.
The communication control code SCB = “01010000” is transmitted to the interface device IFD1.

When the interface device IFD1 receives the data message, it determines whether the IC card SAM is activated based on the value of the flag SAMF. That is, this flag SAMF is the IC card SAM.
Is a register value that is set to "1" when H is already hardware reset and is in an activated state, and is set to "0" otherwise.

Here, when the flag SAMF is "0", the IC card SAM is hardware reset to activate the IC card SAM. When the interface device IFD1 receives the ATR information returned from the IC card SAM (status information of the IC card SAM), the interface device IFD1 determines whether or not it is normally activated. KID) (However, P
Is a plain text data message, and KID is encryption key specification information. ) Is transmitted to the IC card SAM.

The IC card SAM uses the encrypted command E
When (P, KID) is received, the encryption program is executed, and the plain text data message P is encrypted according to the encryption algorithm such as DES (Data Encryption Standard) using the encryption key searched by KID. Then, the IC card SAM transfers the ciphertext E (*) to the interface device IF.
Return to D1.

When the interface device IFD1 receives the ciphertext E (*) from the IC card SAM, the bits b7 and b6 and the bits b5 and b4 of the communication control code SCB are used.
After replacing each of them (SCB = “10100000”), this is transmitted to the interface device IFD2.

On the other hand, when the interface device IFD2 receives the ciphertext E (*) from the interface device IFD1 as shown in FIG. 6B, when the IC card SAM is not activated as described above. IC card SA
After activating M, the decryption command D (E (*), KI
D) is transmitted to the IC card SAM.

The IC card SAM uses the decryption command D
When (E (*), KID) is received, the decryption program corresponding to the aforementioned encryption is executed, and the ciphertext E (*) is K
Decrypt using the decryption key searched by the ID. Then, the IC card SAM returns the decrypted text D (*) to the IC card SAM.

When the interface device IFD2 receives the decrypted text D (*) from the IC card SAM, the bits b7 and b6 and the bits b5 and b4 of the communication control code SCB are received.
After exchanging (SCB = “01010000”), the decrypted text D (*) is transmitted to the terminal 2.

Detailed Operation of Interface Device Next, the detailed operation of the interface device IFD1 will be described. 7 to 10 are flowcharts showing a control program executed by the CPU 11 (see FIG. 2) inside the interface device IFD1. FIG. 7 shows a main process, FIG. 8 shows a receiving process, FIG. 9 shows a transmitting process, and FIG. FIG. 10 shows the IC card control processing. The interface device IFD2 operates in the same manner as the interface device IFD1 except that the relationship between the interface device IFD2 and the terminals 1 and 2 is reversed.

(Main Processing) First, the main processing will be described. When the CPU 11 starts the control program,
First, the main process shown in FIG. 7 is performed. In this main processing, first, the communication ports SCI1 and SCI2 are set, that is, the transmission conditions such as data transfer rate, data length, and parity are set (step Sa1), and the ports are initialized and the flag SAMF is initialized (SAMF = 0). Is performed (step Sa2). Next, after turning on RTS (Request To Send) 1 and 2 in each of the communication ports SCI1 and SCI2 (step Sa3) and enabling interrupts, a reception waiting state is set (steps Sa4 and Sa5).

Then, for example, when a message is transmitted from the terminal 1, an interrupt occurs at the communication port SCI1. In response to this, the CPU 11 turns off RTS2 in the other communication port SCI2 to disable interrupts (steps Sa6 and Sa7). After that, the transmitted electronic messages are sequentially received (step Sa8). On the other hand, when a message is transmitted from the terminal 2 and an interrupt occurs in the communication port SCI2, the same operation as above is performed (steps Sa6 'to Sa).
8 '). The details of the reception process here will be described later.

When the reception process is completed, it is determined whether a communication error has occurred based on the error status (step Sa9). If there is no communication error here, the communication control code SCB in the received data
It is determined whether or not the first bits b7 and b6 of "0" are "00" (step Sa10). If "00", the plaintext transmission is instructed.
The data is transmitted to the destination indicated by the bit b4 of B (steps Sa11 to Sa13). That is, if the bit b4 is "0", echo back to the terminal 1, and if not, transmit to the terminal 2. The details of this transmission processing will be described later.

On the other hand, bit b of the communication control code SCB
If 7 and b6 are not "00", the encryption / decryption is instructed, so that the IC card control process described later is performed (step Sa14). Then, it is determined whether or not an error has occurred in the IC card control processing (step Sa
15) If no error has occurred, the data is transmitted to the destination indicated by the bit b4 of the communication control code SCB (steps Sa11 to Sa13) as in the above case.

Further, the above-mentioned reception processing (step Sa8,
Sa8 ') or IC card control processing (step Sa
When an error occurs in 14), the error status is set (step Sa16), and the error status is returned to the transmission source indicated by the bit b5 of the communication control code SCB (steps Sa17, Sa12, Sa13). After that, the process returns to step Sa3 described above, and the reception waiting state is resumed.

(Reception Processing) Next, the reception processing (step Sa8 or Sa8 ') will be described with reference to FIG. As shown in the figure, in the reception process, first, 1 byte of transmission data is received, and this is set in the 1-byte reception register RDR (step Sb1). Then, the content of the register RDR is set in the area corresponding to the node address NOD of the received message buffer (step Sb2). Next, 1 byte of transmission data is received (step Sb3), and this is set in the area corresponding to the communication control code SCB of the reception message buffer (step Sb4). Further, 1 byte of transmission data is received (step Sb5), and this is set in the area corresponding to the data length LEN of the reception message buffer (step Sb).
6).

Thereafter, the transmission data is received byte by byte (step Sb7), the buffer address of the reception message buffer is incremented, and sequentially set in the area corresponding to the data portion INFO of the buffer (step Sb8, Sb9).

In this way, when the transmission data of the number of bytes corresponding to the data length LEN is received and the loop is exited at step Sb10, the next 1 byte is received (step Sb1).
1). Then, it is determined whether or not the value of the error detection code EDC at this time is "0" (step Sb12).
That is, the error detection code EDC is the exclusive OR of the next received data every time one byte is received, and if the result when the last one byte is received is "0". , Reception is normal, but if it is not “0”, an error status is returned to the main processing as a reception error (step Sb13). Then, finally, the RTS of the other communication port is turned on (step Sb14), and the reception process ends.

(Transmission Processing) Next, the above-mentioned transmission processing (step Sa12 or Sa13) will be described with reference to FIG. As shown in the figure, in the transmission process,
First, CTS (Clear To Sensitivity) at the destination communication port
It is determined whether or not d) is “0”, that is, whether or not the destination terminal can receive (step Sc1). Where CTS
If it is not "0", the transmission is impossible, but if it is "0", the node address NOD of the transmission message buffer is set in the transmission register TDR (step Sc2),
One byte is transmitted (step Sc3).

Next, in order to indicate the transmission direction to the next-stage device, the communication control data SC in the transmission message buffer is sent.
The values of bits b5 and b4 of B are exchanged (step Sc4), and the values of bits b7 and b6 are exchanged in order to indicate the processing type (plaintext, encryption, decryption) of the electronic message to the next-stage device (step Sc5). ). Then, this communication control data SCB is set in the register TDR (step Sc6), and 1 byte is transmitted (step Sc7). Next, the data length LEN of the transmission message buffer is set to the register T.
It is set to DR (step Sc8) and 1 byte is transmitted (step Sc9).

Thereafter, the data portion IN of the transmission message buffer
FO is set byte by byte in the register TDR and sequentially transmitted (steps Sc10 and Sc11), and the buffer address is incremented (step Sc1).
2).

In this way, when the data of the number of bytes corresponding to the data length LEN is transmitted and the loop is exited in step Sc13, the error detection code EDC is set in the register TDR (step Sc14) and this one byte is transmitted (step Sc15). ). Here, the error detection code EDC is the exclusive OR of the next transmission data for each 1-byte transmission, and the operation result when the last 1 byte of the data part INFO is transmitted is error-detected. It is added to the transmission data as a code EDC. Then, finally, the RTS in the communication port is turned on (step Sc16), and the transmission process ends.

(IC Card Control Processing) Next, referring to FIG. 10, the IC card control processing described above (step Sa14)
Will be described. As shown in the figure, in the IC card control processing, it is first determined whether or not the flag SAMF is "1", that is, whether or not the IC card SAM has already been activated (step Sd1). here,
If the flag SAMF is not "1", the IC card SAM
Hardware reset of (step Sd2), I
The ATR information transmitted from the C card SAM is received (step Sd3).

Then, the contents of the ATR information are judged (step Sd4), and if the contents are normal, random number exchange is performed (step Sd5). Here, the random number exchange is performed in order to increase confidentiality by making different ciphertexts every transmission even if they are exactly the same plaintext, and in this embodiment, it is selectively performed as necessary. Be seen.
When the above-mentioned flag SAMF is "1", random number exchange is performed immediately without performing hardware reset of the IC card SAM.

Next, bit b of the communication control code SCB
It is determined whether or not 7 and b6 are "01" (step Sd6). Here, if the bits b7 and b6 are "01", encryption is instructed, so the encryption command E
(P, KID) is set (step Sd7). On the other hand, when the bits b7 and b6 are “10”, decoding is instructed, and therefore the decoding command D (E (*),
KID) is set (step Sd8). Then, the set command is transmitted to the IC card SAM (step Sd9). As a result, the IC card SAM performs encryption or decryption.

Then, the ciphertext E is output from the IC card SAM.
When (*) or the decrypted text D (*) is received (step Sd10), the status at the time of the reception is judged (step Sd11). If normal, this IC card control processing is ended, and if abnormal, error status Is returned to the main process and the process ends (step Sd12). In addition, the above A
When the TR information is abnormal, the error status is similarly returned and the process ends (step Sd12).

(3) Summary As described above, in this embodiment, the encryption / decryption algorithm is held in the IC card SAM, and the IC
Since the encryption / decryption is performed in the card SAM, the terminals 1 and 2 or the interface device IFD
1, as in the case of holding an encryption / decryption algorithm in IFD2, an encryption / decryption program or an encryption / decryption program
There is no danger of the decryption key being read by a third party.

Further, since the software for encryption / decryption can be modularized in the IC card SAM and can be made independent from other application programs, it becomes easy to change the encryption / decryption algorithm and the like. The change program can be carried using the IC card SAM as a medium, and system change work such as version upgrade can be performed easily and safely.

Further, the interface devices IFD1 and IF
Since the processing type of the electronic message and the transmission direction between the D2 are uniformly performed by the exchange operation of the bit values, it is possible to use the common program.

(4) Modification Example In the above embodiment, the data communication system is shown in which the interface devices IFD1 and IFD2 are arranged on both the transmitting side and the receiving side to perform encryption / decryption by the IC card SAM. The present invention is not limited to such a system aspect, but can be applied to a system that performs data transmission in only one direction. For example, when data is encrypted from a send-only terminal and sent to a host computer, or when data sent by encrypting data from a host computer is decrypted by a receive-only terminal, the sender or receiver Interface device IFD1 or I
The FD 2 may be arranged.

[0062]

As described above, according to the present invention, since the encryption / decryption algorithm is stored in the IC card, it is impossible for a third party to decipher the encryption / decryption algorithm. The information can be surely hidden. It is also possible to easily change the system, such as upgrading the software version.

[Brief description of drawings]

FIG. 1 is a block diagram showing an overall configuration of a data communication system according to an embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration of an interface device according to the embodiment.

FIG. 3 is a diagram showing a format of transmission data according to the embodiment.

FIG. 4 is a bit map diagram for explaining a communication control code according to the embodiment.

FIG. 5 is a conceptual diagram showing a communication sequence according to the embodiment.

FIG. 6 is a conceptual diagram showing an encryption / decryption sequence according to the embodiment.

FIG. 7 is a flowchart for explaining main processing of the interface apparatus according to the embodiment.

FIG. 8 is a flowchart for explaining a reception process of the interface device according to the embodiment.

FIG. 9 is a flowchart for explaining a transmission process of the interface device according to the embodiment.

FIG. 10 is an IC of the interface device according to the embodiment.
It is a flow chart for explaining card control processing.

[Explanation of symbols]

1, 2 Communication terminal 11 CPU 12 RAM 13 Clock generator IFD1, IFD2 Interface device (transmitting side interface means, receiving side interface means) SAM IC card

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁶ Identification code Internal reference number FI technical display location H04L 9/12 // G09C 1/00 7259-5J

Claims (5)

[Claims] 1. In a data communication system for exchanging encrypted data between communication terminals, plaintext data supplied from the outside is encrypted according to a predetermined encryption algorithm which is internally stored, and the obtained encrypted text is encrypted. An IC card that outputs data, and a transmission-side interface that supplies plaintext transmission data output from a transmission-side communication terminal to the IC card, and transmits ciphertext data output from the IC card to a reception-side communication terminal A data communication system comprising: 2. In a data communication system for exchanging encrypted data between communication terminals, the ciphertext data supplied from the outside is decrypted according to a predetermined decryption algorithm which is internally held, and the obtained decrypted text is obtained. And an IC card that outputs the data of the encrypted text, the encrypted text data transmitted from the communication terminal on the transmission side is received, the received data is supplied to the IC card, and the data of the decrypted text output from the IC card is received A data communication system, comprising: a receiving side interface means for outputting to a communication terminal. 3. In a data communication system for exchanging encrypted data between communication terminals, plaintext data supplied from the outside is encrypted according to a predetermined encryption algorithm held inside, and the obtained encrypted text is A first IC card that outputs data, and plaintext transmission data that is output from a transmitting communication terminal is supplied to the first IC card, and ciphertext data that is output from the IC card is receiving communication terminal And a second IC card that decrypts the ciphertext data supplied from the outside according to a predetermined decryption algorithm that internally stores the decrypted text data, and outputs the obtained decrypted text data. The ciphertext data transmitted from the transmitting side interface means is received, the received data is supplied to the second IC card, and output from the IC card. A data communication system, comprising: a reception side interface means for outputting the data of the decrypted text to be input to the reception side communication terminal. 4. The transmission side terminal adds a communication control code for instructing either “plain text” or “encryption” to the transmission data, and the transmission side interface means adds the communication added to the transmission data. Control code is "plain text"
When sending the transmission data, the transmission data is transmitted to the receiving side interface means together with the communication control code indicating the “plain text”, while the communication control code added to the transmission data indicates “encryption”. , The transmission data is encrypted via the first IC card, and the obtained ciphertext is transmitted to the reception side interface means together with a communication control code instructing "decryption", and the reception side interface means When the communication control code added to the received data indicates "plain text", the received data is output to the receiving side communication terminal, while the communication control code added to the received data is "decrypted". When receiving the instruction, the received data is decrypted via the second IC card, and the obtained decrypted text is output to the receiving side communication terminal. Claim 3
The described data communication system. 5. In the communication control code, “plain text” is “0”.
“0” or “11”, “encryption” and “decryption” are configured by a 2-bit value represented by “10” or “01”, and the reception side interface unit sends the transmission data from the transmission side terminal together with the transmission data. 5. The data communication system according to claim 4, wherein one of "plain text" and "decryption" is instructed to the receiving side interface means by uniformly replacing the 2-bit value of the supplied communication control code. .