1. Field of the Invention
The present invention relates to a data decryption apparatus that decrypts encrypted data and a data encryption apparatus that encrypts data, and, more specifically to a data decryption apparatus and a data encryption apparatus that allow secure and efficient data exchange between the apparatuses.
2. Description of the Related Art
Conventionally, an integrated communication service that carries out data communications of user data, as well as bi-directional communications of multimedia information, such as voice data for a voice call and image data for a video telephone, has been provided. When data to be transmitted must be protected from interception by a third party, the data is encrypted.
To decrypt encrypted data, information on an encryption key used in encryption of the data must be shared between an encryption apparatus that encrypts the data and a decryption apparatus that decrypts the data. To attain this information-on-encryption-key sharing with small-scale hardware, a technique of transmitting information on an encryption key by embedding the information on the encryption key in a random number has been developed (see Japanese Patent Application Laid-open No. H11-103290).
When information on an encryption key is transmitted from a data encryption apparatus to a data decryption apparatus through the same communication path as that used in transmission of encrypted data, the encrypted data and the information on the encryption key can be intercepted, which can result in decipherment of the data.
To this end, a technique of transmitting encrypted data through a communication path different from that for an encryption key, thereby preventing deciphering of the encrypted data has been developed (see Japanese Patent Application Laid-open No. 2003-69547).
A technique of changing an encryption key at regular intervals is also provided to minimize damage even when the encryption key is cryptanalysed (see Japanese Patent Application Laid-open No. 2005-39643). However, this technique entails the need of sending a notification that the encryption key has been changed to a data decryption apparatus.
Techniques for appropriately sending the notification include a technique of sending a notification that an encryption key has been changed with use of a flag that represents a relationship between an expiration date-and-time of another encryption key, which is to be validated next time, and a current time (see Japanese Patent Application Laid-open No. 2005-217843).
According to this technique, when the current time is earlier than the time at which the encryption key is to be changed, and a time difference between the current time and the time at which the encryption key is to be changed, is equal to or smaller than a predetermined time difference, a data encryption apparatus sets the flag to “1”, while the apparatus sets the flag to “0” for other conditions.
A data decryption apparatus obtains information on the current time, and, when the time difference between the current time and the time at which the encryption key is to be changed is equal to or smaller than the predetermined time difference and the flag is set to “1”, sets the pre-change encryption key as a key for use in decryption.
When the time difference between the current time and the time at which the encryption key is to be changed is equal to or smaller than the predetermined time difference and the flag is set to “0”, the data decryption apparatus sets the post-change encryption key as the decryption key.
When the time difference between the current time and the time at which the encryption key is to be changed is greater than the predetermined time difference, the data decryption apparatus sets an encryption key corresponding to the current time as the decryption key.
The conventional technique is, however, disadvantages in that the data decryption apparatus determines which encryption key is to be employed as a decryption key by referring to information on the current time along with information on the flag, which complicates processing.
In recent years, use of data communications from cellular phones has been increased. However, because cellular phones are limited in capacities of a CPU (Central Processing Unit), memory, power consumption, and the like, processing to be performed by a cellular phone is desirably minimized and simplified.
Accordingly, development of a technique that allows an integrated communications service for carrying out data communications of user data, as well as two-way communications of multimedia information, to transmit user data securely and efficiently has been desired.