In communication systems, in order to perform secure transmission and reception of information, various encryption methods have hitherto been employed. In a public key encryption system that uses two keys of a public key and a private key which become a pair, a property that information encrypted by one key (such as the public key) can be decoded only by the other key (private key) is used. The secure transmission of information to a communication party connected via a network is thereby enabled. When information is transmitted in accordance with the public key encryption system, the pair of the private key and the public key is generated by the receiver of the information, for example. The private key is held by the receiver, and the generated public key is open to the public on the network. The transmitter of the information obtains the public key, encrypts the information (plaintext) using the public key, and transmits the cipher text to the receiver. The receiver decodes the received cipher text using the private key held by the receiver. In the public key encryption system, much more computation is required than in a common key encryption system. Thus, when encryption is performed on a message for transmission, a method is used in which a common key is safely transmitted using the public key encryption system, and then the message is encrypted using the transmitted common key. In the common key encryption system, the common key is generated by a transmission side, the generated common key is safely transmitted to a receiving side, and information (plaintext) is encrypted by the generated key, for transmission. The receiving side receives the encrypted information and decodes the information (plaintext) by the common key safely received in advance. When the same key is used for a long time, the encryption is easy to be broken. Thus, the periodical change of the key is performed. In this case, too, the public key encryption system is used for delivery (change) of the common key.
As described above, when communication is performed using the public key encryption system, the public key is transmitted to a communication party. Since the communication party is not seen in the communication via the network, a third party may disguise himself as the communication party and may transmit the public key. For this reason, when the public key encryption system is used, it is necessary to confirm that the public key to be used is truly the one of a correct party. As one approach to authenticating the owner of the public key, there is a method (referred to as a “certificate authority model”) where a certificate authority, which is a reliable third party organization, certifies that the owner of the public key is authentic. From the certificate authority, a certificate that certifies the public key and the owner thereof is issued, and the signature (digital signature) of the certificate authority is appended to the certificate. Incidentally, as a public key infrastructure (PKI), the certificate authority, a registration authority, a repository and the like are included. Then, the owner of the certificate to whom the certificate is issued from the certificate authority, and who performs decoding of the digital signature and the cipher text using the private key corresponding to the public key and the user of the certificate who obtains the certificate of the certificate owner and performs verification of the digital signature and encryption of a document are included.
By the way, wireless communication is easy to be eavesdropped (intercepted). That is, in the wireless communication, which is different from wired communication, anyone is given an opportunity to enable interception. In the wireless communication that does not have the physical limitation of being equipped with a communication cable or the like, in particular, authentication of the owner of the public key (measures against disguising by a third party), for example, becomes an extremely important challenge. Assume that a certain wireless terminal (A) erroneously determines the public key of the wireless terminal (C) of the third party that disguised it as a wireless terminal (B), which is an original communication party, as the public key of the wireless terminal (B). Then, a message encrypted by the wireless terminal (A) using the public key from the wireless terminal (C) would be decoded by the wireless terminal (C) rather than the wireless terminal (B). That is, in the public key encryption system, whether the received public key is an authorized or unauthorized one cannot be determined by the terminal of the receiving side. Thus, there is a problem that the terminal is vulnerable to a spoofing attack.
As one of the measures against preventing the spoofing by the third party in delivery of the public key, the certificate authority model is used. However, it becomes necessary for the certificate authority model to include communication means such as the Internet. It becomes necessary to install and manage the certificate authority and the registration authority that issues key information (an authentication certificate) and perform registration. That is, when the certificate authority model is used, connection to the Internet is preconditioned. In a LAN for personal computers, the certificate authority model that preconditions logging in and network connection can also be used. However, in a system in which terminals perform mutual communication using an interface such as a wireless USB (Universal Serial Bus) and the connection to the Internet is not assumed, or the like, the certificate authority model cannot be used. Then, because of the high cost of the certificate authority model, the actual situation is that the certificate authority model is actually used by enterprises alone.
If the certificate authority model is assumed to be applied to a wireless terminal, it becomes necessary for the wireless terminal to include an electronic certificate decoding circuit 61 as shown in FIG. 6, which shows a comparative example, in addition to the Internet connection function. The circuit size and the cost will therefore increase. The electronic certificate decoding circuit 61 determines whether the certificate transmitted from the communication party is authentic. When the certificate is authentic, the electronic certificate decoding circuit 61 supplies the public key received through an antenna 63 to an encryption circuit 62 as the valid key.
As a configuration for delivering the key information using means other than the wireless communication, there is also known the configuration in which a cipher is exchanged by magnetic media or the like, for example (refer to Patent Document 1 which will be described hereinafter). According to this Patent Document 1, at the time of exchanging business cards, a magnetic recording business card with the public key of a party for performing encrypted electronic mail communication recorded thereon is obtained. Then, the recorded public key is read by a magnetic information reading device, and an encryption key for encrypting an electronic mail is generated by an encryption key generating unit. Then, the encryption key is encrypted by the public key, and the encrypted encryption key and the encrypted electronic mail are transmitted. A receiver then decodes the encrypted encryption key using the private key, and decodes the encrypted electronic mail using the encryption key. Alternatively, there is also known an approach in which, by transmitting the encryption key using one of the wireless communication, transmission power of which have been reduced more than in a wireless LAN, weak radio communication, infrared rays, optical communication, and power line communication, the encryption key is transmitted. Then, it is so arranged that encryption key information is not leaked outside a room for performing the wireless communication, thereby improving security (refer to Patent Document 2 that will be described hereinafter). Further, a configuration for delivering the encryption key by the wired communication such as the USB, IEEE 1394, or the like can also be conceived.
In such configurations described above, however, a magnetic recording medium, an interface for reading out a recording medium, or an interface for cable connection such as the USB, IEEE 1394, or the like needs to be additionally provided for delivery of the encryption key, in addition to means for the wireless communication. When wireless terminals are to exchange the encryption key using a USB flash key, for example, each of the wireless terminals needs a USB interface 71, as shown in FIG. 7 which shows a comparative example. An encryption circuit 72 for the wireless terminal obtains the key information from the USB interface 71.
Further, as described in Patent Document 2, when the configuration using a feeble radio wave is employed, control is not easy. In addition, it is also difficult to determine the level of such feebleness as cannot be eavesdropped.
Further, as another method of delivering the key information, there is also an approach in which the key information for each terminal is manually set by a user. However, manual input of the key information using inputting means is time-consuming and inconvenient. An inputting error may also occur. Further, as the length of the key is increased, the probability of occurrence of the error (erroneous input) increases. Further, depending on the device, there is also the device that lacks the inputting means by which the key information is manually input.    [Patent Document 1]
JP Patent Kokai Publication No. JP-A-9-114719 (pp. 3-4, FIG. 2)    [Patent Document 2]
JP Patent Kokai Publication No. JP-P2003-283481A (p. 3, FIG. 1)