Information processing device, information processing method, operation terminal and information processing system

FIELD: radio engineering, communication.

SUBSTANCE: apparatus comprises: a unit which stores a key used for encrypting or decrypting data; a unit which receives a key transmission request including a key-dividing number via a wireless signal from an operation terminal; a unit which acquires a key transmission request from the wireless signal received by the reception section; a unit which determines a security level when transmitting the key to the operation terminal, as a transmission security level; a unit which determines a transmission power in accordance with the transmission security level determined by the security level determination unit and the key-dividing number included in the key transmission request acquired by the key transmission request acquisition unit; a unit which acquires each key fragment by dividing the key stored in the storage unit into the key-dividing number; and a unit which transmits the each key fragment acquired by the key acquisition unit using the transmission power determined by the transmission power determination unit, via a wireless signal to the operation terminal.

EFFECT: safer data transmission.

15 cl, 9 dwg

 

The technical field to which the invention relates.

The present invention relates to an information-processing device, method of processing information, the operating terminal and the information processing system.

The level of technology

In recent years, RF (radio frequency) remote control gained widespread use, allowing you to perform the processing by the information processing unit in accordance with the instruction from the user during the transmission of radio waves in the information-processing device, such as a television receiver. In addition, attempts to standardize RF remote control were performed by specific organizations.

For example, in accordance with standard data transfer in the near field, IEEE (registered trademark) (Institute of electrical and electronics engineers) 802.15.4, standardized ZigBee (registered trademark) as a specification for the network layer, security layer and application layer, which correspond to the top level IEEE (registered trademark) 802.15.4. Specification ZigBee (registered trademark) approved by the ZigBee Alliance (registered trademark) as version 1.0. IEEE (registered trademark) 802.15.4 was completed in the Standardization Committee of the IEEE (registered trademark EIT is), as the specification for the physical layer and MAC layer (media access).

In addition, based on the IEEE (registered trademark) 802.15.4 standard RF remote control ZigBee (registered trademark) RF4CE (Radio frequency for consumer electronics) v1.0, specification, standardized trade organizations. In accordance with this standard, in order to prevent reading of the user input operation to the remote control and its misuse by a third party, such as a neighbor, key (encryption key) that is shared between the remote control and the device information processing required by the user. This key is used primarily when information operations, credit card information, etc. are passed using the remote control, TV receiver, and it works in such a way that the third party who does not know the key cannot intercept part of information.

When receiving the transfer request key from the remote control (below also called "operational terminal"), the information-processing device, such as a television receiver, transmits the key elements, called fragments of the key, the number of which is equal to the number of separate key (number of fragments), recorded the WMD in a transfer request key on the remote control. The remote control, which received fragments of the key, executes the exclusive OR operation for all elements and received by the destination key. In General, the person who conducts the radio, which is on the other side of the wall, etc., as the device information processing and the remote control does not have a satisfactory trajectory propagation, the transmitted/received radio waves between the information processing unit or the remote control, and, therefore, cannot take all the fragments of the encryption key without error and can't get the key.

Disclosed are a number of technologies to generate fragments of the key and return the generated key fragments (for example, see Patent literature 1).

References

Patent literature

Patent literature 1: JP 2009-A

Disclosure of inventions

Technical task

However, in the above-described technology in which the remote control determines the number of divisions of the key, the probability that the person conducting radio coverage, will not be able to take a slice of key depends on the number of split key defined on the side of the remote control. Thus, we can say that the level of security during data exchange between the remote control and ustroystvam.vopros information is determined in accordance with the number of the split key. However, in the case where, in response to the request, the number of split key support small, such as saving battery power or reducing the amount of calculations, the problem consisting in the fact that the level of security when communicating in the remote control was not maintained. In addition, in practice, the information-processing device perceives the importance of information operations entered by the user, and the problem consisting in the fact that there was an imbalance in relation to the right to determine the security level.

In accordance with this present invention was made in view of the above problems, and the purpose of the present invention is to provide a new and improved technology that allows you to get the information-processing device, having the right to determine the degree of security during data exchange between the operating terminal and the information processing unit in the information processing system in which the key is shared in accordance with the number of separate key, the specified operating terminal, and return the information-processing device.

The solution of the problem

In accordance with an aspect of the present invention for achieving the above goals is provided by the information-processing device that includes the block of the storage, in which store the key used to encrypt or decrypt data, a reception unit, which receives the transfer request key, which includes a number of separate key, via a wireless signal from the operating terminal unit receiving the transfer request key that receives a request for transmission of the key from the wireless signal received by the reception unit, the unit determine the security level that determines the level of security during transmission key in the operating terminal as the level of security when transmitting, the block determining the transmission power, which determines the transmit power in accordance with a level of security when transmitting, specific unit determine the security level, and the number of split key included in the transfer request key received by the receiving unit of the transfer request key, the unit receiving the key receives each piece of the key by separating the key stored in the storage unit, the number of separate key, and a transmission unit that transmits each fragment of the key received by the receiving unit key using the transmission power determined in block determine the power transmission through the wireless signal in the operating terminal.

The storage unit may further comprise a first number of division key and the first security level. B is OK determine the transmission power can get the first number of division key and the first security level, stored in the storage unit, and when the first condition is satisfied, namely that the level of security when transmitting, a specific unit determine the security level equal to or higher than the first security level, and the number of split key included in the transfer request key less than the first number of division key, the unit determining the transmit power may determine the transmit power as a value that is less than the transmission power used when the first condition is not satisfied.

The storage unit may further comprise a second number of divisions of the key and the second security level. Unit determining transmission power can get the second number of division key and the second security level that is stored in the storage unit, and when the second condition is satisfied, namely that the level of security when transmitting, a specific unit determine the security level equal to or lower than the second security level, and the number of split key included in the transfer request key that is equal to or greater than the second number of division key, the unit determining the transmit power may determine the transmit power as a value that is greater than the transmission power used in the case when the second condition is not udovletvor is raised.

The information-processing device may further include a unit receiving the processing request and the block processing. After receiving a request for transmission key reception unit may further receive an encrypted query processing, the resulting encryption processing request using the key generated by the operating terminal on the basis of each piece of key operating terminal via a wireless signal. The unit receiving the request may receive an encrypted request from the wireless signal received by the reception unit. Block processing can decrypt the encrypted request using the key stored in the storage unit, and may perform processing in accordance with the processing request obtained by the decryption.

Unit determining transmission power can register in the storage unit the number of divisions of the key included in the transfer request key received by the receiving unit of the transfer request key. The unit receiving the processing request can be obtained from the wireless signal received by the reception unit, the encrypted query processing, the resulting encryption query processing using the key generated by the operating terminal, beaten by the CSO on the logical operation exclusive OR" in respect of all and each of the fragments of the key. Block processing can decrypt the encrypted request using the key generated in the bit operation exclusive "OR" in respect of all and each of the fragments of the key obtained by dividing the key stored in the storage unit, the number of division of the key stored in the storage unit, and may perform processing in accordance with the request processing, the resulting decryption.

The storage unit may further store an application that is activated to perform the processing unit perform the processing. The unit determine the security level can determine the level of security when transmitting in accordance with the application type.

The information-processing device may further include a unit receiving the request to form a pair, the processing unit pair formation and the definition block of the terminal requesting the key. Before accepting a request for transmission key reception unit may further receive a request to form a pair, which includes identification information of the model, to identify the model of the operational terminal, and identification information of the operating terminal to identify the transaction terminal transaction terminal via a wireless signal. The unit receiving the request, the formation of the pair may receive the request to form a pair of wireless signal, received by the reception unit. When information model identification included in the request to form pairs obtained by the unit receiving the request to form a pair, represents identification information for a given model, the processing unit pair formation may record information identifying the operational terminal information of the operating terminal, which allowed the exchange of data in the storage unit. The definition block of the terminal by requesting the switch may determine whether the identification information of the operating terminal, included in the transfer request key received by the receiving unit of the transfer request key is registered as information of the terminal that is allowed to exchange data in the storage unit. When the definition block of the terminal requesting key determines that the identification information of the operating terminal, included in the transfer request key is not registered in the storage unit as the information terminal that is configured to allow the exchange of data, the transmission unit may transmit each piece of the key in the operation terminal via a wireless signal.

When the request to form a pair additionally includes information performance, indicating operating characteristics Opera the ion terminal, the processing unit pair formation may additionally record information operating characteristics in Association with information of the terminal that is configured to allow the exchange of data in the storage unit. The unit determine the security level can determine the level of security when transmitting in accordance with information about the working characteristics, and registered in the storage unit together with the information terminal that is allowed to exchange data.

Unit determining transmission power can register in the storage unit, the number of split key included in the transfer request key received by the receiving unit of the transfer request key, and a certain transmit power level as the previous number of separate key and the previous transmit power, respectively. When block processing will not be able to successfully decrypt the encrypted request to the processing unit determining the transmission power can again get the number of the split key included in the transfer request key received by the receiving unit of the transfer request key. Block determine the power transfer can count the value of the difference between the received number of separate key and the previous number of separate key registered in the storage unit. When the calculated difference is equal to or less is the more, than the preset value, the controller can determine the transmission power can be defined as a value greater than the previous power transmission, registered in the storage unit.

The storage unit may further store information identifying the environment, intended to identify the environment in which installed their own device. The unit determine the security level can determine the level of security when transmitting in accordance with the identification information of the environment.

The unit determine the security level can determine the level of security when transmitting in accordance with the signal strength of the wireless signal, at a time when the reception unit receives the transfer request key via a wireless signal.

The information-processing device may further include a display unit and the control unit display. The control unit can display to provide a display unit displaying at least one level of security when transmitting, a specific unit determine the security level, the number of split key included in the transfer request key received by the unit receiving the request for transmission of the key, or the transmission power determined by the block determining transmit power.

The preferred effects of the invention

In accordance with aseason invention, as described above, it becomes possible to perform the information-processing device, so that it had the right to determine the security level for data exchange between the operating terminal and the information processing unit in the information processing system in which the key is shared in accordance with the number of separate key, certain operating terminal, and returned by the device information processing.

Brief description of drawings

Fig.1 shows a diagram representing an example of the information processing system in accordance with this variant implementation;

Fig.2 shows a diagram illustrating the transmission of the transfer request key and key fragments;

Fig.3 shows a diagram illustrating an example of a case of successful transmission of the key fragments;

Fig.4 shows a diagram illustrating an example of a case of unsuccessful transmission of the key fragments;

Fig.5 shows a diagram representing the configuration of the device information processing in accordance with this variant implementation;

Fig.6 shows a diagram representing a configuration of the operational terminal in accordance with this variant implementation;

Fig.7 shows a diagram representing an example configuration information of the Association contained in the device information processing;

Fig.8 shows a scheme is the sequence of operations, representing the flow of processing performed by the information processing system;

Fig.9 shows a block diagram of the sequence of operations, representing the flow of processing performed by the information processing unit.

The implementation of the invention

Below will be described in detail preferred variants of the embodiment of the present invention with reference to the attached drawings. It should be noted that in this description and in the drawings, elements that have essentially the same function and structure are denoted by the same numbers of reference positions, and their repeated explanation is omitted. It should be noted that the description will be presented in the following order.

1. The first option exercise

1-1. For an example of the information processing system

1-2. Sending a transfer request key and key fragments

1-3. Case in which the transmission of the fragments of the key was successful

1-4. Case in which the transmission of the fragments of the key was unsuccessful

1-5. The configuration of the device information processing

1-6. The operational configuration of the terminal

1-7. An example of configuration information of the Association contained in the device information processing

1-8. The flow of processing performed by the information processing system

1-9. The flow of processing performed by the information processing unit

2. Modified the example

3. Conclusion

1. The first option exercise

The first variant of implementation of the present invention will be described below.

1-1. For an example of the information processing system

In Fig.1 shows a diagram representing an example of the information processing system in accordance with the present embodiment. With reference to Fig.1 (see also other drawings, respectively) will be described an application example of the information processing system in accordance with the present embodiment.

As shown in Fig.1, the system 10 of the information processing, in accordance with the present embodiment, includes a device 100 of information processing and the operation terminal 200. The device 100 of the information processing receives the wireless signal using the radio wave from the operating terminal 200 executes processing in accordance with the request included in the adopted wireless signal TE, and returns the processing result to the operation terminal 200, ensuring the inclusion of the processing in the wireless signal RE1, using radio waves. Here, as shown in Fig.1, it can be assumed that the device 100 of information processing is, for example, a TV receiver, but are not limited to the television receiver. The device 100 of information processing may be any if it is has the function of receiving a wireless signal from the operating terminal 200, perform processing in accordance with the request included in the adopted wireless signal TE, and return the processing result to the operation terminal 200, ensuring the inclusion of the processing in the wireless signal RE1 and the device 100 of information processing may be a recorder/playback, for example, television programs.

The operation terminal 200 receives input operations performed by the user U generates a request based on the information of the operation input which was received, and transmits the generated request to the device 100 of information processing, ensuring the inclusion of the generated request to a wireless signal. In addition, the operation terminal 200 receives the wireless signal RE1 of the device 100 of information processing in response to the wireless signal. It can be assumed that the operation terminal 200 is, for example, RF remote control, as described above, but is not limited to the specific RF remote control. For example, the operation terminal 200 may be any type of terminal, if only it has the function of receiving input of information operations and send the request on the basis of information operations in the device 100 of information processing, ensuring the inclusion of the request in the wireless signal, and has a function is s reception of the wireless signal RE1 of the device 100 of information processing in response to the wireless signal.

In addition, as described above, in order to prevent the possibility of reading information about the operation entered by the user U in the operation terminal 200, using the operating terminal RC, which belongs to the person In leading a recording, and subsequent abuse, shared key between the operating terminal 200 and the device 100 of information processing, which is required by the user U. In accordance with the ZigBee (registered trademark) RF4CE v1.0 specification, for example, the key is used primarily when information operations, credit card information, etc. is passed from the operating terminal 200 to the device 100 of information processing, and it acts in such a way that the person In leading a recording that does not know the key cannot intercept these pieces of information.

When receiving the transfer request key from the transaction terminal 200 via a wireless signal to the device 100 of the information processing transmits the fragments of the key obtained by dividing the key to a number of separate key included in the transfer request key, the operation terminal 200. The operation terminal 200, which received fragments of the key, takes all the pieces of the key and gets the key based on the received fragments of the key. Usually the operating terminal RC, which belongs to the person In the Vedas is the current radio intercepts, located on the other side of the wall W and so on, relative to the device 100 of information processing and transaction terminal 200, which has no satisfactory trajectory propagation, the transmitted/received radio waves to the device 100 of information processing or operational terminal 200, and therefore can't take all these pieces of the key without error and can't take the key.

However, in the case of a successful read key by receiving the wireless signal RE2 of the device 100, the information processing operation terminal RC, owned by the person leading the radio interception, may intercept information such as information about the transaction and credit card information. Here, although it is possible to assume a case where the person leading the radio, is in the room R2, which is on the other side of the wall W with respect to the space R1, in which the user U, the case is not limited to this, and the person In leading a recording can be anywhere. For example, the person In leading a recording, may be outside the home, which is the user U.

When the operation terminal 200 determines the number of divisions of the key, the probability that the reception of the fragment key made operational terminal RC belonging to the person In leading a recording, bodø is unsuccessful, only depends on the number of divisions key defined on the operational side terminal 200. Thus, it can be said that the level of security during data exchange between the operating terminal 200 and the device 100 of information processing is determined in accordance with the number of divisions of the key. However, when the number of divisions of the key support small in response to the request, for example, to conserve battery power or to reduce the amount of calculations, the security of communication when the remote control is not supported. Moreover, in practice, it is usually the device 100 of information processing can determine the degree of importance of information operations entered by the user U, and the imbalance occurs in relation to the right to determine the level of security.

In the present embodiment, the described technology that enables device 100 to the information processing right to determine the security level for data exchange between the operating terminal 200 and the device 100 of the information processing system 10 of the information processing, in which the key is divided in accordance with the number of divisions of the key, set the operating terminal 200, and returned by the device 100 of information processing. In addition, although description has been presented on the basis of what the common bit lines is, which is not encrypted, is used for the key, you can also use encrypted key.

As a concrete example, in the case when the number of divisions of the key that is passed to the operating terminal 200 does not have sufficient value to maintain the level of security when communicating, we can assume the case where the device 100, the information processing performs control so that a reduced transmit power level used for transmission of the fragments of the key. Decreasing the transmit power increases the probability of errors during data transfer, while the fragment key will not reach operating terminal RC, owned by the person In leading a recording from the device 100 of information processing, even when the number of divisions of the key, set the operating terminal 200 is small. Thus, the probability that the key will be stolen by the person In leading a recording may be reduced.

In this regard, when the transmit power is reduced too much, the probability that an error will occur during transmission, when the operation terminal 200 communicates with the desired partner for data transmission, the device 100 of information processing becomes too high. As a result, the key cannot be transferred correctly from the device 100 is the processing of information on the operation terminal 200. To exclude transition in this state, when the operation terminal 200 notifies the device 100 of information processing that the number of divisions of key is too large, the transmit power used for transmitting the fragments of the key can be increased. Thus, for the device 100 of information processing becomes possible to more reliably transmit the key to the operation terminal 200.

In addition, after the transfer key will once failed, in the case where the operation terminal 200 requests a re-send the key with the same (or approximately the same) number of divisions of the key unit 100 of information processing can increase the transmit power used for transmitting the next key, and may increase the likelihood that the transfer of the key to be successful.

1-2. Sending a transfer request key and key fragments

In Fig.2 shows a diagram illustrating the transmission of the transfer request key and key fragments. As shown in Fig.2 (see also other shapes, respectively), the transmission of the transfer request key and key fragments will be described below.

Considering Fig.2, it can be assumed that the operation terminal 200 transmits the processing device 100 of the information transfer request key that includes N as the number of divisions of the key. The device 100 processing information is passes in the operation terminal 200, the key fragments (fragment F1, F2,... FN key), obtained by division key into N parts in accordance with the transfer request key transmitted from the operating terminal 200. In addition, the operating terminal RC, owned by the person In leading a recording, also tries to take the key fragments (fragments F1, F2,... FN key). Here, when the transmit power used by the device 100 of information processing, transfer key, will be maintained accordingly, the operation terminal 200 successfully takes, for example, the key fragments (fragments F1, F2,... FN key), but the operating terminal RC unsuccessful accepts some or all of the key fragments (fragment F1, F2, FN key). In Fig.2 shows an example in which the reception of a fragment of FN-2 key failed.

1-3. Case in which the transmission of the fragments of the key was successful

In Fig.3 shows a diagram illustrating an example of a case when the transmission of the fragments of the key was successful. With reference to Fig.3 (see also other shapes, respectively) will be described a case where the transmission of the fragments of the key succeeds.

Considering Fig.2, assume that the transfer of all key fragments (fragment F1, F2,... FN key) of the device 100 of information processing in the operation terminal 200 executes successfully. In this case, as shown in Fig.3, the device 100 of information processing is the operation terminal 200, each contain the same key fragments (fragments F1, F2,... FN key). If the device 100 of information processing and the operation terminal 200, each contains the same key fragments (fragments F1, F2,... FN key, the same key may be generated based on the key fragments (fragments F1, F2,... FN key), and the same key (shared key) can be shared between the device 100 and information processing operational terminal 200. Although in Fig.3 shows an example in which the device 100 of information processing and the operation terminal 200, each generates a key by bit operations exclusive "OR" for key fragments (fragments Fl, F2,... FN key), the method of generating a key is not limited to the technology operation exclusive OR".

1-4. Case in which the transmission of the fragments of the key was unsuccessful

In Fig.4 shows a diagram illustrating an example of a case when the transmission of the fragments of the key is unsuccessful. With reference to Fig.4 (see also other shapes, respectively) will be described a case in which the transmission of the fragments of the key is failed.

Considering Fig.2, assume that the transmission of the key fragments (fragments F1, F2,... FN key) of the device 100 of information processing in the operational terminal RC transmission of a fragment of FN-2 key will fail. In this case, to the to shown in Fig.4, the operating terminal RC may not contain a fragment of FN-2 key. Since operating terminal RC may not contain a fragment of FN-2 key, the device 100 of information processing and operational terminal RC cannot share the same key (shared key). Although in Fig.4 shows an example in which the device 100 of information processing and operational terminal RC, each generates a key by bit operation exclusive OR for fragments of the key, a method of generating a key is not limited to the technology operation exclusive OR".

1-5. The configuration of the device information processing

In Fig.5 shows a diagram representing the configuration of the device information processing in accordance with the present embodiment. With reference to Fig.5 (see also other shapes, respectively, will be described the configuration of the device information processing in accordance with the present embodiment.

As shown in Fig.5, the device 100 processing information includes, at least, block 110, block 130, the control unit 140 and storage unit 160 of the transmission. In addition, the device 100 of information processing includes, in accordance with necessity, the block 120 controls the reception unit 150 controls the transmission unit 170 display, etc.

In addition, the unit 10 includes, at least, the unit 131 receives the request, block 133 determine the security level, the block 134 to determine the transmission power, and the block 135 get the key, and includes, in accordance with necessity, the block 132 to determine the terminal of the key request, the block 136, the processing of pair formation, unit 137 execution processing unit 139 controls the display, etc., Block 130 is a control, for example, CPU (Central processing unit), RAM (random access memory), etc., and its function is realized by reading and processing in the RAM program, contained in block 140 storage and execution program to be processed in RAM. In addition, the block 130 control can be performed, for example, on the basis of specialized hardware.

Unit 131 receives the request includes at least a unit 1311 receives the request for transmission of the key, and includes, in accordance with need, the unit 1312 receives the request for the formation of pairs and block 1313 receipt of the processing request.

The reception unit 110 is made of antennas, etc., and receives a wireless signal from the operating terminal 200. For example, the reception unit 110 receives the request for transmission of the key, including the number of divisions of the key through the wireless signal from the operating terminal 200. For example, the number of divisions of the key can be set in the position data of the transfer request key. Set the position of the transfer request key is not limited to anything specific, and can be a title transfer request key or can be a specified number of bits following the header transfer request key.

Block 120 admission control performs, for the wireless signal received by the reception unit 110, a frequency conversion of the signal of the high frequency signal in the main bandwidth by transformation with the desired lower frequency and demodulates the signal in the main bandwidth from the frequency converted. In addition, when the unit 130 performs control processing using a digital signal unit 120 controls the reception of converts an analog signal obtained by demodulation in the digital signal.

Block 140 storage device made of preservation, such as HDD (hard disk drive), and contains information 141 Association and key 142, which is used to encrypt or decrypt data. In addition, when the block 130 is a control CPU (Central processing unit), RAM (random access memory), etc., block 140 storage also has the function of storing a program intended for execution by the control unit 130, and various types of data intended for use when executed and program unit 130 controls.

Unit 1311 receives the request for transmission of the key receives a request for transmission of the key from the wireless signal received by the reception unit 110. The technology of reception of the transfer request key unit 1311 receives the request for transmission of the key is not limited to anything specific and, for example, in the case when the values set in a specified position of the wireless signal received by the unit im represent a value representing the transfer request key, the unit 131 receives the request may receive a wireless signal is selected as the transfer request key.

Block 133 determine the security level determines the level of security during transmission key in the operation terminal 200, as the level of security when transmitting. Determining the level of security when transmitting, performed by block 133 determine the security level will be described below.

Block 134 to determine the transmission power determines the transmission power in accordance with a level of security when transmitting, a certain block 133 determine the security level and the number of divisions of the key included in the transfer request key received by the unit 1311 receives the request for transmission of the key.

Block 135 get the key receives each piece of the key by separating key 142 stored in block 140 save on the number of splits is key. When RA is the division key 142 on the number of divisions of the key expected the key 142 is divided, for example, equal parts by the number of divisions of the key. However, assuming that the separation is performed on the basis of identical algorithm in the device 100 of information processing and the operation terminal 200, an equal division cannot be performed.

Block 160 transfer is made from the antenna and so on, which is the same as or different from those in the reception unit 110, and transmits each fragment of the key obtained by the block 135 get the key using the transmission power determined by the block 134 to determine the power transmission via a wireless signal to the operation terminal 200.

When unit 130 performs control processing using a digital signal, the block 150 transmission control converts the digital signal intended for transmission to an analog signal. In addition, the block 150 transmission control modulates the analog signal, in accordance with need, performs frequency conversion of the signal in the main bandwidth obtained by the modulation in the high-frequency signal, by using the transform with increasing frequency, and outputs the high frequency signal in block 160 of the transfer.

Block 140 storage may further store the first number of divisions of the key and the first security level. In this case, the block 134 to determine the power transmission receives the first number is OTDELENIE key and the first security level, stored in block 140 storage. Then when the first condition is satisfied so that the level of security when transmitting, a specific unit 133 determine the security level equal to or higher than the first security level, and the number of divisions of the key included in the transfer request key less than the first number of divisions key block 134 to determine the transmission power determines the transmit power as a value that is less than the transmission power used when the first condition is not satisfied.

For example, the first number of division key is set to "100" for "N " number of divisions of the key information 141 of the Association, and, for example, the first security level is set as "high" for the "security level" information 141 of the Association (for example, see Fig.7).

In addition, the block 140 storage may optionally store the second number of divisions of the key and the second security level. In this case, the block 134 to determine the power transmission receives the second number of divisions of the key and the second security level that is stored in block 140 storage. Then, when the second condition is satisfied that the level of security when transmitting, a specific unit 133 determine the security level becomes equal to or lower than the second security level, and the number section of the deposits in the key, included in the transfer request key that is equal to or greater than the second number of division key block 134 to determine the transmission power determines the transmit power as a value greater than the transmission power used when the second condition is not satisfied.

For example, the second number of division key is set to "10" for "N " number of divisions of the key information 141 of the Association, and, for example, the second security level is set as "low", "security level" information 141 of the Association (for example, see Fig.7).

The device 100 of information processing may further include block 1313 receiving the processing request and the block 137 of the execution of the processing. In this case, after receiving the transfer request key, the reception unit 110 additionally receives the encrypted query processing, the resulting encryption query processing using the key generated by the operating terminal 200 on the basis of each piece of the key, from the operating terminal 200 via a wireless signal. Block 1313 receipt of the processing request can receive the encrypted request from the wireless signal received by the reception unit 110, and the block 137 execution processing can decrypt the encrypted request using the key 142 stored in block 140 of storage, and can the t to perform processing in accordance with the processing request, the resulting decryption.

The technology of reception of the processing request using the unit 1313 of receipt of the request processing is not limited to anything specific, and, for example, in the case when the values set in a certain position of the wireless signal received by the unit ON admission, represent a value that indicates the request processing unit 131 receives the request may receive a wireless signal is selected as the processing request.

The processing performed by the block 137 of the execution of the processing is not limited to anything specific, and it is assumed, as processing in which the security level is relatively high, such as the processing of personal information processing electronic payment user U, etc. with regard to the processing of recording television programmes and so on, it is assumed, as processing in which the security level is relatively low.

The system used to encrypt or decrypt the request using the key 142, is not limited to anything specific, and, for example, you can use cryptography with a public key. As examples of cryptography with a public key, you can use AES (Advanced encryption standard) and DES (data encryption Standard).

Block 134 to determine the transmission power may registration is activated, in block 140 saving, the number of divisions of the key included in the transfer request key received by the unit 1311 receives the request for transmission of the key. In this case, the block 1313 receipt of the processing request received from the wireless signal received by the reception unit 110, the encrypted query processing, the resulting encryption query processing using the key generated by the operating terminal 200 by bit operation exclusive "OR" in respect of all and each of the fragments of the key. Block 137 execution processing decrypts the encrypted request using the key generated in the bit operation exclusive "OR" in respect of all and each of the fragments of the key obtained by division key 142 stored in block 140 storing the number of divisions of the key stored in the block 140 storage. Then the block 137 execution processing performs processing in accordance with the processing request obtained by the decryption.

Block 140 storage may further store an application that activates to perform processing unit 137 execution processing, and block 133 determine the security level can determine the level of security when transmitting in accordance with the type of application. For example, in the case when the activate app is laid, processing electronic payments, as an example, in which the security level is relatively high, the high value can be defined as the level of security when transmitting. In addition, for example, when activate the application that performs the processing of recording, as an example, in which the security level is relatively low, a low value may be defined as the level of security when transmitting.

In addition, the device 100 of information processing may further include block 1312 receiving the request to form a pair, block 136, the processing of pair formation and the block 132 to determine the requesting terminal. In this case, before accepting a transfer request key, the reception unit 110 optionally accepts a request to form a pair, which includes identification information of the model to identify the model of the operational terminal 200 and the information identifying the transaction terminal to identify the transaction terminal 200, from the operating terminal 200 via a wireless signal. Unit 1312 receives the request for the formation of the pair can receive the request to form a pair of the wireless signal received by the reception unit 110; when information model identification included in the query pair formation, the received block is m 1312 request pair formation, represents a specific information model identification, block 136, the processing of forming the pair may record information identifying the operational terminal information of the terminal that is configured to allow the communication unit 140 conservation; block 132 definition of the terminal requesting the key can determine whether registered identification information of the operating terminal, included in the transfer request key received by the unit 1311 receives the request for transmission of the key information of the terminal that is configured to allow the communication unit 140 storage; and, in the case where the block 132 definition of the terminal requesting the key, determines what information identifying the transaction terminal, included in the transfer request key is not registered as information of the terminal that is configured to allow the communication unit 140 saving unit 160 may not pass each piece of the key in the operation terminal 200 via a wireless signal.

The technology of reception of the request to form a pair of unit 1312 receives the request for the formation of pairs is not limited to anything specific, and, for example, in the case when the values set in a specified position of the wireless signal received by the reception unit 110, represent a value that indicates the request for the formation of the ary, block 1312 receiving the request to form a pair, you may receive a wireless signal emitted as a request to form a pair.

As information model identification, intended to identify the model of the operational terminal 200 may be used, for example, information for identifying the manufacturer of the operating terminal 200, information to identify the type of transaction terminal 200 and information specifying the version of the operating terminal 200. In addition, as information identifying the transaction terminal to identify the transaction terminal 200 may use the MAC address of the transaction terminal 200, etc.

Specified information model identification is not limited to anything specific, and, for example, in the case where the block 140 storage stores information for identifying the manufacturer of the device 100 of information processing, the specified information model identification may be an identification information of the manufacturer of the device 100 of information processing. In this case, for example, in the case where the manufacturer of the operating terminal 200 is different from the manufacturer of the device 100 of information processing device 100 of information processing may not transmit the key to the operation terminal 200.

In the case where the request for the formation of a couple more who tion includes information about the working characteristics, denoting the operating characteristics of the operational terminal 200, the block 136, the processing of forming the pair may additionally record information about the working characteristics in Association with information of the terminal that is configured to allow the communication unit 140 storage. Block 133 determine the security level can determine the level of security when transmitting, in accordance with information about the working characteristics required of the Association, together with information that allows communication unit 140 storage. Thus, for example, block 133 determine the security level determines the highest level of security when transmitting to the transaction terminal 200 having a relatively high performance characteristics of receiving a wireless signal, and determines a low level of security when transmitting to the transaction terminal 200 having relatively low performance of receiving a wireless signal.

Block 134 to determine the transmission power may register in block 140 save the number of divisions of the key included in the transfer request key received by the unit 1311 receives the request for transmission of the key, and a certain transmit power level as the previous number of divisions of the key and the previous transmit power, respectively. In this case, when the block 137 of the execution of the processing of the e can successfully decrypt the encrypted query processing block 134 to determine the transmit power again gets the number of divisions of the key included in the transfer request key received by the unit 1311 receives the request for transmission of the key. Block 134 to determine the power transfer can count the value of the difference between the received number of divisions of the key and the previous number of divisions key registered in block 140 of storage, and, when the calculated difference is equal to or less than the set value, may determine the transmit power as a value greater than the previous power transmission, registered in block 140 storage. Thus, the reason why the key was unsuccessful, regarded as insufficient transmission capacity, and insufficient transmission power used when the key is, again, may be eliminated.

In addition, the block 140 storing further comprises identification information of the environment to identify the environment in which installed their own device, and the block 133 determine the security level can determine the level of security when transmitting in accordance with the identification information of the environment. For example, when the device 100 of information processing is installed in the field in which the propagation of radio waves is relatively poor, due to the surrounding buildings, the value is to determine the lowest level of security when transmitting can be installed in identifying information on the environment. In addition, for example, when the device 100 of information processing is installed in the field in which the propagation is relatively good, because it is not surrounded by a large number of buildings, the value for determining a high level of security when transmitting can be established for identifying information on the environment.

In addition, for example, when the device 100 of information processing is installed in the field in which the person In leading a recording, it is difficult to intercept the key, because the distance to the neighboring house is relatively large (or wall W between the device 100 and information processing neighbouring house is thick), the value for determining the low level of security when transmitting can be installed in identifying information on the environment. In addition, for example, when the device 100 of information processing is installed in the field in which the person In leading a recording, it is easy to intercept the key, because the distance to the neighboring house is relatively small (or wall W between the device 100 and information processing neighbouring house is fine), a value for determining a high level of security when transmitting can be set during the formation of the identifying information on the environment. Information identification medium may be is stored in block 140 storage at the stage of manufacture of the device 100, the information processing manufacturer or may be registered in block 140 storage when the operation terminal 200 uses the user U, for example, after the device 100 of information processing will be made by the manufacturer. In addition, for example, information identifying the environment saved in block 140 of storage at the time of manufacture by the manufacturer may be changed by the user U in the operation terminal 200.

Block 133 determine the security level can determine the level of security when transmitting in accordance with the signal strength of the wireless signal at the time when the reception unit 110 receives a request to send key via a wireless signal. Thus, for example, when the signal strength of the wireless signal during the reception of a transfer request key is relatively large, the block 133 determining the level of security determines that the operation terminal 200 is present near the device 100 of information processing, and may determine a high level of security when transmitting. In addition, for example, when the signal strength of the wireless signal during the reception of a transfer request key is relatively small, the block 133 determining the level of security determines that the operation terminal 200 is not present near the device 100 of information processing, and can detect low levels of the security-related during the transfer.

The device 100 of information processing may further include block 170 and display unit 139 controls the display. In addition, the unit 139 controls the display may provide the display unit 170 to display at least one level of security when transmitting, a specific unit 133 determine the security level, the number of divisions of the key included in the transfer request key received by the unit 1311 receives the request for transmission of the key, or the transmission power determined by the block 134 to determine the transmission power. In addition, the unit 139 controls the display may provide the display unit 170 to display a message that the security of communications between the device 100 and information processing operational terminal 200 is supported.

In addition, in addition, the unit 139 controls the display may provide the display unit 170 to display, respectively, of the processing of pair formation performed by the block 136 linking processing, and the processing performed by block 137 execution processing.

1-6. The operational configuration of the terminal

In Fig.6 shows a diagram representing the configuration of the operating terminal in accordance with the present embodiment. With reference to Fig. 6 (see also other shapes, respectively) Budejovice operating terminal, in accordance with the present embodiment.

As shown in Fig.6, the operation terminal 200 includes, at least, block 210, block 230, the control unit 240 and storage unit 260 transmission. In addition, the operation terminal 200 includes, if necessary, the unit 220 controls the reception unit 250 transmission control, the input unit 270, etc., the Input unit 270 is configured to receive input operations by the user U, when they, for example, the operation button, etc.,

In addition, the block 230 includes at least a unit 231 to obtain feedback and block 233 for generating a transfer request key, and includes, in accordance with necessity, the block 234 generate a request to form a pair, block 235 generation request processing unit 232 information operations, etc. Block 231 receiving the response includes at least the block 2311 get the key. Block 230 is a control, for example, with CPU, RAM, etc., and its function is realized by reading and processing in the RAM program stored in block 240 storage and execution program to be processed in RAM. In addition, the block 230 control can be performed, for example, from specialized hardware. Block 232 information operations includes block 2321 receiving the operation request is the key, block 2322 receiving a query operation on the formation of pairs, block 2323 receiving the operation request processing, etc.,

Block 233 for generating a transfer request key generates a transfer request key, which includes a number of key divisions. In the case where the operation terminal 200 includes an input unit 270 and block 2321 receiving a query operation key input unit 270 receives the input operation of the transfer request key from the user U, and the unit 2321 receiving a query operation key receives a query operation on the key input unit 270, and outputs the operation of the transfer request key in block 233 for generating a transfer request key. Block 233 for generating a transfer request key generates a transfer request key on the basis of the operation of the transfer request, the output unit 2321 receiving a query operation key.

Block 260 transfer is made from the antenna, etc., and transmits the wireless signal to the device 100 of information processing. Block 260 transmission transmits the transfer request key in the device 100 of information processing, for example, via a wireless signal.

Block 210 reception is executed from the antenna, etc. which are the same or different from those in block 260 transmission, and receives a wireless signal from the device 100 and information processing. Block 210 will accept each fragment of the key received is ay dividing by the number of divisions of the key unit 100 of information processing, for example, the device 100 of information processing.

Block 2311 get the key generates a key based on each piece of the key that is received by a block 210, and registers the generated key in block 240 storage. As described above, although the unit 2311 get the key generates a key by bitwise operation exclusive "OR" for key fragments (fragments F1, F2,... FN key), the method of generating a key is not limited to the technology operation exclusive OR".

Block 234 generate a request to form a pair generates a request to form a pair. In the case where the operation terminal 200 includes an input unit 270 and block 2322 receiving a query operation on the formation of pairs, the input unit 270 receives input query operation on the formation of pairs from user U, and the unit 2322 receiving a query operation on the formation of a pair receives a query operation on the formation of pairs from the input unit 270, and outputs an operation request to the formation of pairs in block 234 generate a request to form a pair. Block 234 generate a request to form a pair generates a request for the formation of pair-based operation request to form a pair, the output of block 2322 receiving a query operation on the formation of pairs.

Block 235 generating the processing request generates the request is a processing, and also generates an encrypted query processing obtained by encrypting the generated request using a key that is registered in block 140 storage. In the case where the operation terminal 200 includes an input unit 270 and block 2323 receiving the operation request processing, the input unit 270 receives the input operation of the processing request from the user U, and the unit 2323 receiving the operation request processing receives the operation of the processing request from the input unit 270, and outputs an operation request processing unit 235 generating the processing request. Block 235 generating the processing request generates a request for processing based on the operation of the processing request output from the block 2323 receiving the operation request processing.

Block 220 admission control performs, for the wireless signal received by the receiving block 210, the frequency conversion of a high frequency signal in the main signal bandwidth by transformation with decreasing frequency, in accordance with necessity, and demodulates the converted frequency signal in the primary bandwidth. In addition, when the block 230 performs control processing using a digital signal unit 220 controls the reception of converts an analog signal obtained by demodulation in the digital signal.

1-7. An example of configuration information of the Association contained in the device information processing

In Fig.7 shows a diagram representing an example configuration information of the Association contained in the information-processing device. With reference to Fig.7 (see also other shapes, respectively, will be described an example of configuration information of the Association contained in the device information processing.

As shown in Fig.7, information 141 Association formed by associating the number of divisions of the key, the security level and the transmission power, for example, with each other. In the example shown in Fig.7, when the number of divisions of the key represented as N in the case when the number N of divisions of the key is "arbitrary" and the security level is "normal", the power of the pen is achi set, as information indicating "not regulated". Similarly, in the case when the number of divisions key is "N<10" and the security level is "low", the transmit power set as information indicating "not regulated", and when the number N of divisions of the key equal to N≥100, and the security level is "high", the transmit power set as information indicating "not regulated".

In addition, in the example shown in Fig.7, when the number N of divisions of the key is equal to "N<100" and the security level is "high", the transmit power is set as information indicating the "reduced". In addition, when the number N of divisions of the key equal to N≥10 m, and the security level is "low", the transmit power set as information that indicates "high".

It should be noted that the example shown in Fig.7 is just an example of the information 141 of the Association. For example, the security level is not restricted to the case of classification into three levels, such as "low", "normal" and "high", and a possible case of classification into five levels "low", "fairly low", "normal", "high" and "high". In addition, the threshold value for the number N of divisions of the key is set as "10", "100", etc., but not limited to these values.

1-8. The flow of processing performed by the information processing system

In Fig.8 shows a block diagram of a sequence of operations, representing the flow of processing performed by the information processing system. With reference to Fig.8 (see also other shapes, respectively) will be described a processing flow performed by the information processing system. In Fig.8 shows the flow of processing performed when the number N of divisions of the key included in the transfer request key. In addition, the step S102 and steps S104A - S104C device 100 of information processing will be described in detail below with reference to Fig.9.

As shown in Fig.8, the operation terminal 200 transmits the transfer request key in the device 100 of information processing (step S101). The device 100 of the information processing accepts the transfer request key (step S102) and determines the transmission power (step S103).

The device 100 of the information processing passes the fragment F1 key in the operation terminal 200, in accordance with a specific transmission power (step S104A). The operation terminal 200 receives the fragment F1 key from the device 100 of information processing (step S105A). Similarly, the device 100 of the information processing passes the fragment F2 key in the operation terminal 200 in accordance with a specific transmission power (step S104B). The operation terminal 200 receives the fragment F2 key from the device is VA 100 information processing (step S105B). The device 100 of the information processing passes the fragment FN key in the operation terminal 200, in accordance with a specific transmission power (step S104C). The operation terminal 200 receives the fragment FN key from the device 100 of information processing (step S105C). Although it is not shown in Fig.8, the processes in which the device 100, the information processing transmits the fragments F3 - FN-1 key on the operation terminal 200, in accordance with a specific transmission power, and the processes on which the operation terminal 200 receives the fragments F3 - FN-1 key from the device 100 of information processing, perform the same way.

The operation terminal 200 generates the key based on the received fragments F1-FN key (step S106), and encrypts the request using the generated key (step S107). The key can be generated by bit runtime, for example, the operation of the exclusive "OR" for fragments of the key, as described above. The operation terminal 200 transmits the processing request, which was encrypted in the device 100 of information processing (step S108).

The device 100 of the information processing accepts the processing request, which was encrypted, from the operating terminal 200 (step S109), and decrypts the received request, which was encrypted using the key (step S110). The device 100 of the information processing performs processing in the accordance with the processing request, the resulting decryption (step S111).

1-9. The flow of processing performed by the information processing unit

In Fig.9 shows a block diagram of a sequence of operations, representing the flow of processing performed by the information processing unit. With reference to Fig.9 (see also other shapes, respectively) will be described a processing flow performed by the information processing unit.

As shown in Fig.9, when receiving the transfer request key, the device 100 of the information processing determines whether the transmission source of the transfer request key relevant, as a partner for the transfer key (step S201). Determining whether it is appropriate, as a partner for the transfer key can be performed, for example, as described above, by determining the using block 132 definition of the terminal requesting the key is whether the identification information of the operating terminal, included in the transfer request key received by the unit 1311 receives the request for transmission of the key, is registered in the block 140 save as an information terminal that is allowed to exchange data.

In the case of determining that the transmission source of the transfer request key is not relevant, as the partner for the transfer key ("No" at step S201), the device 100 of the information processing ends is the processing of transferring the key, without transferring the key. In the case of determining that the transmission source of the transfer request key is appropriate as a partner for the transfer key ("Yes" at step S201), the device 100 of the information processing gets the number of key divisions of the transfer request key (step S202), and determines whether the received appropriate number of divisions of the key and the security level (step S203). The security level determines, using different technologies using block 133 determining the level of security device 100 of information processing, as described above.

In the case of determining that the number of divisions of the key and the security level is appropriate ("Yes" at step S203), the device 100 of the information processing goes to step S205. In the case of determining that the number of divisions of the key and the security level are not appropriate ("No" at step S203), the device 100 of the information processing adjusts the transmission power during transmission of the fragment key (step S204), and proceeds to step S205.

The device 100 of the information processing passes the fragment key in the operation terminal 200 (step S205), and determines whether the passed key fragments, the number of which is equal to the number of divisions of the key (step S206). In the case of determining that portions of the key, the number of which is equal to the number of key divisions, were not passed ("No" is and step S206), the device 100 of the information processing returns to step S205 to transfer the following fragments of the key to the operation terminal 200. In the case of determining that portions of the key, the number of which is equal to the number of divisions of the key that was passed ("Yes" at step S206), the device 100 of the information processing completes processing of the transfer key.

2. A modified example

Preferred variants of the embodiment of the present invention have been described above with reference to the attached drawings, while the present invention is certainly not limited to the above examples. Specialist in the art can find various changes and modifications within the scope of the attached claims, and it should be understood that they naturally should include in the technical scope of the present invention.

For example, although in the present embodiment, the string of bits with an open text that has not been encrypted using the key, can also be used encrypted key.

In addition, although this embodiment has been shown the example in which the unit 139 controls the display device 100 of information processing provides the display unit 170 to display, for displaying at least one level of security when transmitting the number of the section of the s key or the power transmission, the operation terminal 200 may display these pieces of information. In this case, for example, the device 100 of information processing can transmit the completion notification to the transmission key that includes at least one level of security when transmitting, the number of divisions of a key or transmission power in the operation terminal 200. Then the control unit display, included in the operation terminal 200 may provide a display on the display unit included in the operation terminal 200, at least one level of security when transmitting, the number of divisions of a key or the power transmission, which is included in the notification of transfer completion of the received key. In addition, the control unit displays included in the operation terminal 200 may provide a display of a display unit included in the operation terminal 200, the message indicating that the security of communications between the device 100 and information processing operational terminal 200 is supported.

3. Conclusion

In accordance with the first embodiment, it becomes possible device 100 of information processing to have the right to determine the level of security during data exchange between the operating terminal 200 and the device 100 of the information processing system 10 of the information processing, in which the key share is based on the number of divisions of the key, established operational terminal 200, and returned by the device 100 of information processing. In accordance with this imbalance in the law to determine the level of security during data exchange between the operating terminal 200 and the device 100 of information processing can be enabled.

In addition, as the device 100 of information processing may determine the transmit power to be used during the key exchange, it becomes possible to improve the security of data exchange between the operating terminal 200 and the device 100 of information processing by the transmission device 100 of the information processing key with a smaller transmit power.

In addition, as the device 100 of information processing may determine the transmit power to be used during the key exchange, it becomes possible to increase the frequency of successful transmission of a key in the operation terminal 200 through the transmission device 100 of the information processing key with greater transmit power.

The list of numbers of the reference positions

10The information processing system
100The information-processing device
110 Block receiving
120A control unit receiving
130The control unit
131The unit receiving the request
1311The unit receiving the request for transmission of the key
1312The unit receiving the request to form a pair
1313The unit receiving the request processing
132The definition block of the terminal requesting the key
133Block definitions level security
134Unit determining transmission power
135The unit receiving the key

136 processing Unit pair formation

137 Block execution processing

139 the control Unit display

140 storage Unit

141 Information Association

142 Key

150 the transmission control Block

160 transmission Unit

170 the display Unit

200 Operating terminal

210 Unit reception

220 the control Unit reception

230 control Unit

OK response is received

2311 Unit receiving the key

232 Unit information operations

2321 Unit receiving the operation request key

2322 Unit receiving the operation request to the formation of pairs

2323 Unit receiving the operation request processing

233 Unit generating a transfer request key

234 the power generation request to form a pair of

235 the power generation request processing

240 storage Unit

250 the transmission control Block

260 transmission Unit

270 Input block

1. The information-processing device, comprising:
a storage unit, configured to store the key used to encrypt or decrypt data;
the reception unit, configured to receive a request for transmission of the key, including the number of divisions of the key from the operating terminal via a wireless signal;
the unit receiving the request for transmission of the key is made with the possibility of receiving the request for transmission of the key from the wireless signal received by the reception unit;
the block determining the level of security implemented with the possibility to determine the level of security during transmission of key operational terminal as the security level of the transmission;
unit determining transmission power, configured to determine transmission power in accordance with the level of the security of the transmission, determined by the block determining the level of security and separation of the key included in the transfer request key received by the receiving unit of the transfer request key;
the block get the key made with the possibility of obtaining each piece of the key by separating the key stored in the storage unit, the number of divisions of the key; and
a transmission unit, configured to send each piece of the key received by the receiving unit key using the transmission power determined in block determine the transmit power for the operation terminal via a wireless signal.

2. The information-processing device according to p. 1,
in which the storage unit is additionally configured to store the first number of divisions of the key and the first security level,
the block determining the transmission power is additionally configured to receive the first number of divisions of the key and the first security level stored in the storage unit, and in case of compliance with the first condition, whereby the security level of the transmission determined by the block determining the security level equal to or higher than the first security level, and the number of divisions of the key included in the transfer request key is less than the first number of divisions key block definitions power is the spine of the transmission is arranged to determine the transmission power, the value of which is less than the value of the transmission power used in the case of non-compliance with the first condition.

3. The information-processing device according to p. 2,
in which the storage unit is additionally configured to store the second number of divisions of the key and the second security level,
the block determining transmit power configured to receive the second number of divisions of the key and the second security level stored in the storage unit, and in case of compliance with the second condition, according to which level of security when transmitting, a specific unit determine the security level equal to or lower than the second security level, and the number of divisions of the key included in the transfer request key that is equal to or greater than the second number of key divisions, the unit determining the transmission power is configured to determine the transmission power, the value of which is greater than the value of the transmission power used in the case when the second condition is not satisfied.

4. The information-processing device according to p. 1, additionally containing:
the unit receiving the processing request; and
block processing,
after receiving a request for transmission key reception unit is additionally configured to receive from the transaction terminal via a wireless signal Salimov the frame of the processing request, the resulting encryption processing request using the key generated by the operating terminal on the basis of each piece of the key,
the unit receiving the request for processing is configured to receive the encrypted request to the processing of the wireless signal received by the reception unit; and
block processing is configured to decrypt the encrypted request using the key stored in the storage unit, and performing processing in accordance with the processing request obtained by the decryption.

5. The information-processing device according to p. 4,
in which determine the power transmission is made with the possibility of registering in the storage unit the number of divisions of the key included in the transfer request key received by the receiving unit of the transfer request key,
when this unit receives the request processing is executed with the possibility of obtaining from the wireless signal received by the reception unit, the encrypted query processing, the resulting encryption query processing using the key generated by the operating terminal, through a bit of the logical operation exclusive OR" in respect of each fragment key, and
block processing is executed with a possibility of the Yu decrypt the encrypted request using the key, generated in the bit operation exclusive "OR" in respect of each fragment of the key obtained by separating the key stored in the storage unit, the number of divisions of the key stored in the storage unit, and can perform processing in accordance with the request processing, the resulting decryption.

6. The information-processing device according to p. 4,
in which the storage unit is additionally configured to store the application that is activated to perform the processing unit perform the processing;
when this block determine the security level configured to determine the security level of the transmission in accordance with the application type.

7. The information-processing device according to p. 1, additionally containing:
the unit receiving the request to form a pair;
the processing unit forming a pair; and
the definition block of the terminal requesting the key,
thus, before receiving a request for transmission key reception unit is additionally configured to receive the request to form a pair, which includes identification information of the model to identify the model of the operational terminal and identification information of the operating terminal to identify the transaction terminal transaction terminal, through the m wireless signal,
when this unit is receiving the request to form a pair made with the possibility of receiving the request to form a pair of the wireless signal received by the reception unit,
when information model identification included in the request to form pairs received by the unit receiving the request to form a pair, represents identification information for a given model, the processing unit forming a pair made with the possibility of registration in the storage unit identification information of the operational terminal information of the terminal with which it can exchange data,
moreover, the definition block of the terminal requesting the key is configured to determine whether identification information of the operating terminal, included in the transfer request key received by the receiving unit of the transfer request key registered in the storage unit as the information terminal that is allowed to exchange data, and
in the case of a determination unit determining terminal requesting key that the identification information of the operating terminal, included in the transfer request key is not registered in the storage unit as the information terminal that is configured to allow the data exchange block transfer is made with the possibility of failure in transmission of the each piece of the key to the operation terminal via a wireless signal.

8. The information-processing device according to p. 7,
in which case, when the request to form a pair additionally includes information performance that indicates performance of the operating terminal, the processing unit forming a pair made with the possibility of registration in the block information storage performance together with information of the terminal that is allowed to exchange data, and
when this block determine the security level configured to determine the security level of the transmission in accordance with the information of performance registered in the storage unit, together with information of the terminal that is allowed to exchange data.

9. The information-processing device according to p. 1,
in which determine the power transmission is made with the possibility of registering in the storage unit the number of divisions of the key included in the transfer request key received by the receiving unit of the transfer request key, and a certain transmission power as the previous number of separate key and the previous transmit power, respectively; in case of unsuccessful decryption unit processing the encrypted request to the processing unit determining the transmission power is made with the ability to re-get the number of divisions key VK is uchinaga in a transfer request key received by the unit receiving the request for transmission of the key, and the unit for determining the transmission power is configured to calculate the difference between the obtained number of the split key and the previous number of separate key registered in the storage unit; and when the calculated value of the difference is equal to or lower than the given value, the controller can determine the transmission power is configured to determine the value of the transmission power larger values of the previous transmit power, registered in the storage unit.

10. The information-processing device according to p. 1,
in which the storage unit is additionally configured to store the identification information of the environment, intended to identify the environment in which installed their own device, and
the unit determine the security level configured to determine the security level of the transmission in accordance with the identification information of the environment.

11. The information-processing device according to p. 1,
in which determine the security level configured to determine the security level of the transmission in accordance with the signal strength of the wireless signal when the reception unit receiving the transfer request key through the wireless signal.

12. The information-processing device under item 1, the more the tion containing:
the display unit; and
the control unit display;
when the control unit display is configured to cause the display unit to display the security level of the transmission determined by the block determining the level of security and/or number of the split key included in the transfer request key received by the receiving unit of the transfer request key, and/or transmit power determined by the block determining transmit power.

13. The method of information processing performed by the information processing unit includes a storage unit that contains the key used to encrypt or decrypt the data block receiving unit receiving the request for transmission of the key, the unit determine the security level, the block determining the transmission power, the receiving unit key and the transmission unit, and the method of information processing includes the steps are:
accept, block, transfer request key, including the number of divisions of the key through the wireless signal from the operating terminal;
receive unit receiving the transfer request key request key from the wireless signal received by the reception unit;
determine unit determining the security level, the security level when the key is on the operating terminal as the level of safety is of the transmission;
determine unit determining the transmit power, the transmit power in accordance with a level of security when transmitting, a specific unit determine the security level and the number of divisions of the key included in the transfer request key received by the receiving unit of the transfer request key;
receive unit receiving the key, each fragment of the key by separating the key contained in the storage unit, the number of divisions of the key; and
transfer, block transfer, each fragment of the key received by the receiving unit key using the transmission power determined by the block determining the power transmission through the wireless signal on the operating terminal.

14. The operating terminal, comprising:
the storage unit;
unit generating a transfer request key configured to generate a request for transmission of the key, including the number of divisions key;
a transmission unit, configured to send a transfer request key in the information-processing device via wireless signals;
the reception unit, configured to receive each piece of the key obtained by dividing by the number of divisions of key information-processing device, from the device information processing; and
the block get the key made with the prob is the possibility of generating a key based on each piece of the key, received by the reception unit, and registering the generated key in the storage unit.

15. The information processing system, comprising:
the information-processing device; and
the operating terminal,
while the information-processing device includes
a storage unit, configured to store the key used to encrypt or decrypt data;
the reception unit, configured to receive a request for transmission of the key, including the number of divisions of the key through the wireless signal from the operating terminal;
the unit receiving the request for transmission of the key is made with the possibility of receiving the request for transmission of the key from the wireless signal received by the reception unit;
block definitions level of security configured to determine the security level when the key operational terminal as the security level of the transmission;
unit determining transmission power, configured to determine transmission power in accordance with a security level of transmission determined by the block determining the level of security and separation of the key included in the transfer request key received by the receiving unit of the transfer request key;
the block get the key made with the possibility of receiving each fragment CL is cha by separating key stored in the storage unit, the number of divisions of the key; and
a transmission unit, configured to send each piece of the key received by the receiving unit key using the transmission power determined in block determine the power transmission through the wireless signal on the operating terminal, and
the operating terminal includes:
the storage unit;
unit generating a transfer request key configured to generate a request for transmission of the key, including the number of divisions key;
a transmission unit, configured to send a transfer request key in the information-processing device via wireless signals;
the reception unit, configured to receive the fragment key, the resulting separation of key information-processing device, from the device information processing; and
the block get the key made with the possibility of generating a key based on each piece of the key received by the reception unit, and registering the generated key in the storage unit.



 

Same patents:

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to a network operation method. A network comprises a node and a system control device. A system control device comprises a root key material which is a set of functions, each having a degree of complexity α, and a node is provided with a portion of key material of a node having a degree of complexity α extracted from the root key material. The system control device generates a portion of key material for an external user with a degree of complexity α from the root key material and generates an access identifier. The system control device generates access key material with a degree of complexity less than α from the portion of key material for the external user and generates a node identifier. The system control device provides the external user with a portion of access key material and the node identifier. The external user extracts a key from the portion of access key material and sends to the node said key and access identifier. The node calculates a key from the access identifier and the portion of node key material and compares the key sent by the external user and the key calculated by the node in order to identify the external user.

EFFECT: improved security.

14 cl, 4 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to methods of providing secure communication in a network. The method comprises: an administration device provided with root keying materials, and steps of: generating, by the administration device based on the root keying materials, parts of keying material of a first node containing a certain number of sub-elements, and parts of keying material of the first node, assembled for generating a first terminated key, the administration device selects a subset of sub-elements of the first parts of the keying material, wherein the number of selected sub-elements is less than or equal to the total number of sub-elements of the first parts of the keying material, and the selected sub-elements form partial parts of the keying material of the first node or a symmetrical key generation mechanism, the first node generates, based on the symmetrical key generation mechanism of the first node and on a second node identifier, a first key used to provide secure communication with a second node.

EFFECT: more secure data transmission in a network.

6 cl, 7 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering and specifically to means of secure communication in a network. The method relates to secure transmission of information from a first node (N1) to a second node (N2) in a network, the first node comprising a first node keying material (KM(ID1)), the second node comprising a second node keying material (KM(ID2)), wherein the keying materials of the first node and of the second node comprise each a plurality of shared keying root parts formed by segments of the shared keying root parts. A communication network, having at least two communication devices, carries out said method.

EFFECT: safer communication by dividing keys into segments for predistributed keying material according to a variable distribution.

13 cl, 5 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method of controlling access to a set of channels using a receiver/decoder comprising a security module (SC), each channel being encrypted by a specific channel control word (CW1, CW2), each channel having a channel identifier and transmitting access control messages ECM containing at least the current channel control word and the channel access conditions. The method comprises the following steps: tuning to a first channel having a first channel identifier (ID1); transmitting the ID1 to the SC; receiving first access control messages ECM1 containing a first control word (CW1); transmitting the first access control messages ECM1 to the SC; decrypting the first access control messages ECM1 and verifying the channel access conditions; if the access conditions are met; transmitting the CW1 to the receiver/decoder; storing of the CW1 and the ID1 in the SC; tuning to a second channel having a second channel identifier ID2; transmitting the ID2 to the SC; calculating, by the SC, the second control word (CW2) by performing the following steps: calculating a root control word (RK) with an inverse cryptographic function F-1 using the CW1 and the ID1; calculating the CW2 with the cryptographic function F using the RK and the ID2; transmitting the CW2 to the receiver/decoder.

EFFECT: reducing channel switching time when a user selects another channel.

9 cl, 3 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to distribution of a cryptographic secret key between a transmitting side and a receiving side. An apparatus for secure reception and transmission of data comprises a key generation controller and a unit for providing the number of iterations.

EFFECT: facilitating automatic control of security and latency for generating a cryptographic secret key by setting a number of iterations, based on which the number of messages to be exchanged while generating the cryptographic secret key is controlled.

11 cl, 17 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to a wireless communication device. The device includes: a plurality of communication modules for transmission, which are adapted to modulate and transmit a transmission object signal; the communication modules for transmission include at least one communication module for transmission in which a modulation method is employed, which is different from the modulation method employed in another communication module(s) for transmission.

EFFECT: transmitting a signal appropriately even with low carrier frequency stability.

20 cl, 78 dwg

FIELD: radio engineering, communication.

SUBSTANCE: network component having a processor connected to memory and configured to exchange security information using a plurality of attributes in a management entity (ME) in an optical network unit (ONU) via an ONU management control interface (OMCI) channel, wherein the ME supports a plurality of security functions that protect upstream transmissions between the ONU and an optical line terminal (OLT). Also included is an apparatus having an ONU configured to connect to an OLT and having an OMCI ME, wherein the OMCI ME has a plurality of attributes that support a plurality of security features for upstream transmissions between the ONU and the OLT, and wherein the attributes are transmitted via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT.

EFFECT: high security of data transmission in PON systems.

20 cl, 5 dwg, 6 tbl

FIELD: radio engineering, communication.

SUBSTANCE: quantum cryptographic system not only enables to detect any attempts at intruding into a communication channel, but also guarantees unconditional secrecy of transmitted cryptographic keys under the condition that an error at a receiving station in primary keys does not exceed a certain critical value. The method involves generating polarisation states at a receiving/transmitting station for a series of classic synchronising laser pulses using a polarisation controller in one arm of an interferometer and a polarisation controller at the output of the interferometer, which facilitate interference balancing of the interferometer; after reflection from a mirror in a transformation station, a series of single-photon states is detected at the transmitting/receiving station and the obtained photocount statistics are used to calculate the permissible error, which is then compared with a certain error threshold to obtain a cryptographic key known only at the transmitting/receiving and transformation stations.

EFFECT: wider range of possible distortions of polarisation of laser and single-photon pulses when transmitting keys between transmitting/receiving and transformation stations, in which is guaranteed the secrecy of cryptographic keys and the lifting of the condition of using a special Faraday mirror.

2 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to authentication methods and specifically to methods and an apparatus for authentication of subscribers in IP telephony networks. The technical result is achieved due to that the disclosed method for authentication through a user device when attempting to access an IP telephony network comprises steps of: obtaining one or more private keys of said user from secure memory associated with said user device; generating an integrity key and a ciphering key; encrypting said integrity key and said ciphering key using a session key; encrypting said session key with a public key of said IP telephony network; and providing said encrypted session key, encrypted integrity key and encrypted ciphering key to said IP telephony network for authentication using a public key infrastructure (PKI) coupled with an authentication and key agreement (AKA) mechanism.

EFFECT: more secure communication.

7 cl, 4 dwg

FIELD: information technology.

SUBSTANCE: entity having namespace ownership rights may create a document in an authorised namespace and sign the document with a private key. Other entities may validate that the document was created by an authorised namespace owner by using a public key available in security data associated with a parent document of the document. For a root document, the public key may be available from a directory service. A namespace owner may change the namespace owner(s) that are allowed to create children of a document.

EFFECT: protecting documents from unauthorised access.

20 cl, 9 dwg

FIELD: communication systems.

SUBSTANCE: system has receiver, transmitter, processing element, connected to receiver and transmitter and controlling receiver and transmitter, digital rights module, connected to processing elements and controlling operation of communication device in digital rights environment on domain basis, while digital rights module of communication device together with dispenser of domains of digital rights environment on domain basis is made with possible selective addition of communication device to domain, owning one or several communication devices, which together use a cryptographic key.

EFFECT: possible selective retrieval and decoding of digital content on basis of membership in a domain.

10 cl, 11 dwg

FIELD: data transfer technologies.

SUBSTANCE: device which should be transmission destination, is authenticated, and if device is not authorized, then encrypted data, read from memorizing device, are decoded to produce decoded data, which are then encrypted again on basis of data of specific device key, received from device, which should be transmission destination for receiving re-encrypted data. Re-encrypted data are then transferred to device, which should be transmission destination.

EFFECT: forbidden unauthorized copying of data.

8 cl, 13 dwg

FIELD: electric communications and computer engineering, in particular, methods and devices for cryptographic transformation of data.

SUBSTANCE: the essence of method is in generation of binary vector, appropriate for date and time of discontinuous message transfer, generation of binary vector of secret parameter, generator of binary identification vector and addition thereof to discontinuous message. Message is different from known methods because it includes additionally forming a random binary vector and binary vector of protection key, while binary vector of secret parameter is formed by double compressing of random binary vector, while binary identification vector is formed by transformation in circle of residue class by module p of binary vector, appropriate for data and time of transfer of discontinuous message and binary vector of secret parameter.

EFFECT: rejection of false messages, increased speed of process of confirming authenticity of discontinuous message.

1 dwg

FIELD: ciphering key transmission methods and systems.

SUBSTANCE: according to proposed method same information Kc is afforded for more than one receivers 1 pertaining to receiver group G; each receiver saves SAi information unambiguously assigned to the latter. Kc information is determined by expression Kc = f(K,biSAi), where f is desired function; K is information common to all receivers; b1 is information different for each receiver and for each value of information K. Each receiver is given access to information b1 prior to submitting information Kc. Information K is transferred to all receivers directly prior to submitting information Kc so that each receiver can calculate the latter using mentioned expression.

EFFECT: simplified design and enhanced response of system to piratical cards.

13 cl, 2 dwg

FIELD: data transmission.

SUBSTANCE: in accordance to the invention, data of content of input digital data is encrypted on basis of data of first key, which is then encrypted on basis of function, generated on basis of a random number, and data of second key, generated with usage of data of specific key of device and common key data. During decoding, encoded data is received, consisting of encrypted content data, encrypted first key data, random number and common key data, second key data is generated on basis of specific device key data and common key data, encrypted first key data is decoded on basis of generated second key data and function, generated on basis of random number, encrypted content data is decoded on basis of decoded data of first key.

EFFECT: unauthorized data copying is prevented.

2 cl, 13 dwg

FIELD: data transfer.

SUBSTANCE: in accordance to the invention, digital data are decoded, which are encrypted on basis of specific device key data, which is supposed to be transmission destination, data is extracted from decoded encrypted data, which is related to copying conditions, and recording of decoded encrypted data into recording device is performed on basis of extracted data, related to copy allowing conditions.

EFFECT: prevented unauthorized copying of data.

2 cl, 12 dwg

FIELD: information encryption.

SUBSTANCE: method includes forming quantum photonic status sequence on the transmitting station to encode encryption keys and transmission of these statuses via open space to receiving station; at that, the distance between the stations is previously measured and clock on both station is synchronised; then, transmitting station converts quantum photonic statuses to one- or multiphoton orthogonal statuses and measures their sending time, which is sent to receiving station; the receiving station measures receiving time of the one- or multiphotonic quantised statuses, determines delay value, using which decoding and eavesdropping are performed.

EFFECT: provision of encryption key security during its long-distance transmission via open space, provision of long-term stability and reducing error stream in transmitted encryption keys on receiving station.

3 dwg, 2 tbl

FIELD: information technology.

SUBSTANCE: system and the method of information protection in computer networks based on key distribution, includes numerous units and a trust centre (TC). All the units are connected with one another and with the TC by communication channels. Each unit of the network and the TC has executive processor circuit as well as memory. TC includes the pseudo-random number generator designed to generate long-term keys, key blocks, primary incidence sub-matrix of lower size for building the incidence matrix (IM) of the required size; to form half-weight columns with the required number of binary bits for building the IM of the required size on the basis of the primary lower-size sub-matrix, with the extension capacity of the IM depending on the number of the network units communicating to one another to transfer the formed key blocks to the network units involved in the data exchange process through the communication channels. One key block corresponds to each unit; the processor executive circuits of the network units form the common secret key in order to ensure confidentiality while exchanging information between the units.

EFFECT: simplification of the key distribution method.

10 cl, 2 dwg

FIELD: information systems.

SUBSTANCE: invention refers to the data processing systems and, particularly, to the methods and devices providing cryptographic protection in the data processing system. The broadcasting key, renewed through a long lapse of time, is encrypted using a registration key and is periodically supplied to a user. The key with a short-time renewal is encrypted using the broadcasting key. The short-time key is available with each broadcasting message, thereat the information, sufficient for calculating the short-time key, is provided in the internet protocol header preceding to the broadcasting content. The broadcasting messages are then encrypted using the short-time key, thereat the user encrypts a broadcasting message using this short-time key.

EFFECT: creation of protected and efficient method of keys renewal in the data processing system.

24 cl, 30 dwg

FIELD: information technologies.

SUBSTANCE: invention refers to data transmission, specifically to effective cryptographic data transmission in real-time security protocol. Transmitting terminal can be used for data decoding with session key received from bitstream. Bitstream can be transmitted with head information to transmitting terminal. To maintain bandwidth the information can be divided into parts, and each part is transmitted with encrypted data package. Transmitting terminal can be used for restoration of bitstream from information parts comprising package headers, and use of bitstream for session key receiving. Session key can be used for data decoding.

EFFECT: higher cryptographic security of transferred data.

24 cl, 6 dwg

Up!