Secure encrypted data communication system having physically secure IC cards and session key generation based on card identifying information
First Claim
1. A data communication apparatus having a first terminal and a second terminal, wherein:
- said first terminal hasa) input means for inputting plaintext information;
b) a first data carrier for receiving said plaintext information and for providing an output, said first data carrier including enciphering means for enciphering said plaintext information;
c) first terminal transmitting means for transmitting said output of said data carrier to said second terminal as enciphered data and for transmitting first data carrier identifying information to said second terminal; and
d) first terminal receiving means for receiving enciphering operation-data from said second terminal;
said second terminal hasa) second terminal receiving means for receiving said transmitted output from said transmitting means;
b) a second data carrier for deciphering the enciphered data and for providing an output, said second data carrier including deciphering means for deciphering the enciphered data; and
c) second terminal transmitting means for transmitting enciphering operation-data to said first terminal;
said deciphering means comprisesa) means for generating said enciphering operation-data;
b) master key storage means for storing a master key;
a master key stored in said master key storage means;
c) key generating means for generating a deciphering secret key based on said first data carrier identifying information transmitted to said second terminal and on said master key;
d) first calculation means for generating a deciphering session key based on said deciphering secret key and said enciphering operation-data; and
e) ciphertext processing means for deciphering said enciphered data based on said deciphering session key; and
said enciphering means comprisesa) first data carrier identifying information storage means for storing first data carrier identifying information;
b) first data carrier identifying information stored in said first data carrier identifying information storage means;
c) enciphering secret key storage means for storing an enciphering secret key;
d) an enciphering secret key stored in said enciphering secret key storage means;
e) second calculation means for generating an enciphering session key based on said enciphering operation data transmitted to said first terminal and on said enciphering secret key;
f) plaintext processing means for enciphering said plaintext information using said session key.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure encrypted data communication system between IC cards inserted in respective terminals. In order to encrypt plain text sent from a first terminal to a second terminal, a first IC card (51) receives a random number (r1) generated by a second IC card (52), and uses the number together with a secret key (ka) to generate a session key (ks1). The second IC card receives identification information (IDa) from the first IC card, and uses that information together with a master key (km) to obtain the secret key (ka), which is then used together with the random number to generate the same session key (ks1). Encryption of plain text sent from the second terminal to the first terminal can be done in a similar manner using a random number (r2) generated by the first IC card, and the identification information (IDb) of the second IC card.
-
Citations
1 Claim
-
1. A data communication apparatus having a first terminal and a second terminal, wherein:
-
said first terminal has a) input means for inputting plaintext information; b) a first data carrier for receiving said plaintext information and for providing an output, said first data carrier including enciphering means for enciphering said plaintext information; c) first terminal transmitting means for transmitting said output of said data carrier to said second terminal as enciphered data and for transmitting first data carrier identifying information to said second terminal; and d) first terminal receiving means for receiving enciphering operation-data from said second terminal; said second terminal has a) second terminal receiving means for receiving said transmitted output from said transmitting means; b) a second data carrier for deciphering the enciphered data and for providing an output, said second data carrier including deciphering means for deciphering the enciphered data; and c) second terminal transmitting means for transmitting enciphering operation-data to said first terminal; said deciphering means comprises a) means for generating said enciphering operation-data; b) master key storage means for storing a master key;
a master key stored in said master key storage means;c) key generating means for generating a deciphering secret key based on said first data carrier identifying information transmitted to said second terminal and on said master key; d) first calculation means for generating a deciphering session key based on said deciphering secret key and said enciphering operation-data; and e) ciphertext processing means for deciphering said enciphered data based on said deciphering session key; and said enciphering means comprises a) first data carrier identifying information storage means for storing first data carrier identifying information; b) first data carrier identifying information stored in said first data carrier identifying information storage means; c) enciphering secret key storage means for storing an enciphering secret key; d) an enciphering secret key stored in said enciphering secret key storage means; e) second calculation means for generating an enciphering session key based on said enciphering operation data transmitted to said first terminal and on said enciphering secret key; f) plaintext processing means for enciphering said plaintext information using said session key.
-
Specification