FIG. 9 shows an IC card apparatus which is an example of the conventional communication apparatus, and shown in the case in which the first communication device is a card terminal and the second communication device is an IC card.
In FIG. 9, a card terminal 400 comprises a random number generation means 401 which generates a random number R, a first computation means 402 which performs a functional computation F.sub.1 for first confidential data K.sub.1 and the random number R provided by said random number generation means 401, comparison means 403 which compares data provided by said first computation means 402 and data entered from an IC card 450, first processing means 406 which performs such data processings as data input/output, storing and operation, first encryption means 404 which encrypts the data sent out from said first processing means by using a first encryption key KE.sub.1, second decryption means 405 which decrypts encrypted data entered from the IC card 450 by using a second decryption key KD.sub.2. The IC card 450 which exchanges information with the card terminal 400 comprises second computation means 452 which performs a functional computation F.sub.2 for second confidential data K.sub.2 and the random number R entered from the card terminal 400, second processing means 456 which performs such data processings as data input/output, storing and operation, first decryption means 454 which decrypts encrypted data entered from the card terminal 400 by using a first decryption key KD.sub.1, and second encryption means 455 which encrypts the data sent out from said second processing means 456 by using a second encryption key KE.sub.2.
The following explains the operation of the conventional IC card apparatus arranged as described above.
When the IC card 450 has been inserted in the card terminal 400, the card terminal 400 operates on the random number generation means 401 to generate a random number R and sends it to the IC card 450 in order to confirm the legitimacy of the IC card 450 (confirm that it is not a fake) before exchanging information. The random number R received by the IC card 450 is entered to the second computation means 452, and, after being performed the predetermined functional operation F.sub.2 with the second confidential data K.sub.2 which is stored in the IC card 450, sent to the card terminal 400 and entered to the comparison means 403 in the card terminal 400.
In the card terminal 400, similarly to the IC card 450, the random number R provided by the random number generation means 401 is entered to the first computation means 402, and, after being performed the predetermined functional operation F.sub.1 with the first confidential data K.sub.1 which is stored in the card terminal 400, entered to the comparison means 403. The first and second computation means 402 and 452 perform the same functional operation, and if the first and second confidential data are identical data, the two pieces of data entered to the comparison means 403 have the same value. The comparison means 403 compares the entered two pieces of data, and so far as both data match, the card terminal 400 judges that the IC card 450 is a legitimate IC card, and allows the first processing means 406 to exchange data with the IC card 450.
The first processing means 406, which has been granted the information exchange, sends the transmission data to the first encryption means 404, and the first encryption means 404 uses the first encryption key KE stored in the card terminal 400 to encrypt the entered transmission data and sends it to the IC card 450. The encrypted data received by the IC card 450 is entered to the first decryption means 454 and decrypted by use of the first decryption key KD.sub.1 which is stored in the IC card 450, and is entered to the second processing means 456.
The second processing means 456 sends the transmission data to the second encryption means 455, and the second encryption means 455 uses the second encryption key KE.sub.2 which is stored in the IC card 450 to encrypt it and sends it to the card terminal 400. The encrypted data received by the card terminal 400 is entered to the second decryption means 405 and decrypted by use of the second decryption key KD.sub.2 which is stored in the card terminal 400, and is entered to the first processing means 406. In this manner, by repeating the encryption process and decryption process, information exchange takes place between the card terminal 400 and IC card 450.
In the foregoing conventional IC card apparatus, a first problem is that the IC card 450 cannot confirm the legitimacy of the card terminal 400. As regard to this problem, by the provision of the IC card 450 with a random number generation means and comparison means similar to those of the card terminal 400, it is possible for the IC card 450 to confirm the legitimacy of the card terminal 400 in the same manner as legitimacy confirmation for the IC card 450 by the card terminal 400, and the problem can readily be solved.
However, in the foregoing conventional IC card apparatus, the random number R generated for the confirmation of legitimacy of the IC card 450 by the card terminal 400 and the result F.sub.2 (R, K.sub.2) of computation for the random number R by the computation means 452 appears each time in the interface section between the card terminal 400 and IC card 450, allowing the third person to readily know the random number R and the computation result F.sub.2 (R, K.sub.2), and in the event of a leakage of the algorism of functional operation, the confidential data can be analyzed and the IC card 450 can be faked.
For the information exchange, communication takes place between the card terminal 400 and IC card 450 while performing the encryption process and decryption process for the information to be exchanged by use of the encryption key and decryption key which have been stored in advance in the card terminal 400 and IC card 450, and therefore if the same encryption algorism and same keys are used in the encryption process and decryption process for a long period of time, the cryptograph can be analyzed and communication information can be leaked.
In order to solve these problems, the confidential data and the encryption key and decryption key stored in both of the card terminal 400 and IC card 450 need to be changed frequently, however, since IC card 450 is possessed by many unspecified users in many cases, it is virtually difficult to change the confidential data and the encryption key and decryption key in practice.