1. Field of the Invention
The present invention relates to a cryptographic communication system which enables cryptographic communication between terminals using different cipher types.
2. Description of Related Art
An algorithm confidential type and an algorithm public type have been used for cipher. The former type has been used in a concealed manner in the military, etc. while the latter type has been made public and used in banks, etc. In both types, one kind of cipher is used to perform cryptographic communication in a closed network.
Following recently computers which are used to open to external, as means of multi-vendor, or to connect to the internet, it is expected that users will have a requirement for networks to which terminals using different algorithm public types are connected to be mutually connected to one another, and for cryptographic communication to be performed between these terminals connected to the networks.
In 1991, the International Organization for Standardization (ISO) established a registration system of cryptographic algorithm, and it has been determined that cryptographic algorithms are not standardized to one kind and plural kinds of cipher which are permitted and registered are publicly known. Consequently, a possibility occurs for plural kinds of cipher to be separately and individually used in different areas even in the future. In Japan, JIS (Japanese Industrial Standards) of the registration system for cryptographic algorithm of ISO in 1994 is being established.
In the case where networks to which terminals using different cipher types are connected are mutually connected to one another, in order to perform cryptographic communication between the terminals connected to these networks, it is required that transmission data encrypted by a terminal at a transmission side (hereinafter referred to as "transmission terminal") are temporarily converted to data which are encrypted according to a cipher type used by a terminal at a reception side (hereinafter referred to as "reception terminal" because the transmission terminal can only encrypt the transmission data according to a cipher type used by itself, while the reception terminal can only decrypt those data which are encrypted according to a cipher type used by itself.
As a publicly know technique on such a cipher conversion processing, a cryptographic protocol conversion device is disclosed in a research and study report "RESEARCH AND STUDY REPORT ON DESIRABLE SYSTEM ARCHITECTURE AND STANDARDIZATION FOR MULTIPURPOSE IC CARD SOCIETY IN 1991" of Japanese Standardization Association Foundation (pp. 25-31, March 1992, Japan Society of Mechanical Engineers 3 Standardization-20).
The cryptographic protocol conversion device is disposed on a communication line connecting two networks to which terminals using different cipher types are connected, and two kinds of cryptographic algorithms (encryption algorithm and decryption algorithm) which are respectively used in the two networks are provided.
The cryptographic protocol conversion device performs the following cipher conversion processing. That is, transmission data which are encrypted according to a cipher used by a transmission terminal are temporarily decrypted according to a decryption algorithm of the cipher used by the terminal of the transmission side, and then the decrypted data are encrypted according to an encryption algorithm of a cipher used by a reception terminal, the decryption algorithm and the encryption algorithm being provided in the cryptographic protocol conversion device.
In the above-described cryptographic protocol conversion device, however, since the data encrypted by the transmission terminal are temporarily decrypted, that is, the encrypted data are temporarily returned to plain data before the cipher processing (i.e. plaintext), a third party has a chance of robbing the plaintext and thus there is a risk that confidentiality of the data compromised.