The present invention relates to communication method and system for enciphering a communication message and transmitting and receiving the enciphered communication message.
In recent years, advance in technologies of information processing and communication has succeeded in exchanging various kinds of information at high speeds and at low costs by using a communication network. By using a communication satellite (CS) or a local area network (LAN), a piece of information transmitted can be received simultaneously by a great number of terminals. In other words, broadcast can be realized easily to advantage.
However, when broadcast is effected by using the CS or the LAN, a transmitted electric signal or electric wave signal can be received by any of the terminals and therefore, with the broadcast left intact, limited communication cannot be effected wherein information desired to be secret is transferred to a limited partner only.
Approaches to transferring information to only a limited partner and keeping the information secret from the other partners in the broadcast using the CS or LAN are disclosed in the aforementioned U.S. Ser. No. 08/035,956 by the present inventiors. Of them, one method is announced in, for example, "Security by Card" by Takaragi, Fukuzawa and Nakamura, at the symposium of safety and reliability for communication network in information society in the Institute of Electronics, Information and Communication Engineers, Japan, Aug. 19, 1991, pp. 11-20.
The method disclosed in the above literature will be described with reference to FIG. 9.
FIG. 9 shows a work station (WS) 902 and an IC card 901 on the receiving side in a communication system.
Firstly, WS 902 receives a destination indicator through a communication network 917. The destination indicator includes data as below.
______________________________________ Destination indicator = office number 1 .parallel. distribution list 1 .parallel. random value 1 .parallel. key information 1 .parallel. office number 2 .parallel. distribution list 2 .parallel. random value 2 .parallel. key information 2 .parallel. . . . ______________________________________
where symbol .parallel. represents data connection.
After that, on the basis of a value "2" of office identification number 925 and a value "3" of person identification number 926 which have been read out of a memory 903 of the IC card in advance, the WS 902 checks whether this WS is included in objects of destination. For example, it is assumed that the office number 1 assumes a value "2" and the distribution list 1 is a bit sequence of "00 . . . 0101" in the above destination indicator. In this example, the office identification number 925 stored in a memory 914 of the WS 902 assumes a value "2", thus being coincident with the office number 1 in the aforementioned destination indicator. In addition, the person identification number 926 stored in the memory 914 of the WS 902 assumes a value "3" and therefore the third bit, from the lowest, pointed out by this value "3" is referred to in the distribution list 1, thus being found to be "1" . Accordingly, it is determined that the office identification number 925 (value "2") and the person identification number 926 (value "3") are contained in the destination indicator.
Subsequently, the WS 102 transmits the destination indicator of "office number 1 .parallel. distribution list 1 .parallel. random value 1 .parallel. key information 1" in question to the IC card 901. Then, in the IC card 901, a similar check is also carried out by using office identification number 918 (value "2") and person identification number 919 (value "3"). Since in this example "coincidence" results through the check, the following calculation is carried out by using a master key for single office 920:
______________________________________ Work key .rarw. H (master key for single office, office number 1 .parallel. distribution list 1 .parallel. random value 1) Group key .rarw. D (work key, key information 1) ______________________________________
where H (I, M) is an output (hash total) of a hash function H having an initial value of I and an input data of M, and D (K, M) is an output of a decipher function D having a key of K and an input data of M.
The IC card 901 transfers the thus calculated group key to the WS 902. Then, the WS 902 uses this group key (stored in a storage area 927 for group key of the memory 914) to decipher a cipher message transmitted from the communication network 917.
In this manner, the WS 902 in which the IC card 901 is inserted can determine that this WS is in the destination indicator, can generate the key and can decipher the cipher message.
Similarly, even in another WS, if an IC card having the office identification number and the person number included in the destination indicator is inserted in this WS, the processing for generation of the group key can be carried out and as a result the WS is ready to decipher the cipher message from the communication network 917.
Through this, cipher communication from a single originator to a number of receivers can be effected in one to multitude relationship.
Incidentally, in the aforementioned example, one of majority parties in the one to multitude communication cannot be a transmitter. In other words, an IC card and a WS on the receiving side cannot prepare the aforementioned destination indicator. This is because the IC on the receiving side has only one master key for single office which is available for only an office to which this IC card belongs.