Communication system, first communication device, second communication device, communication method

The communication system addresses the key distribution problem by using double encryption and decryption operations with independent keys and solution generation, ensuring secure data sharing without prior key exchange, enhancing security against third-party decryption.

JP2026106160APending Publication Date: 2026-06-29NTI

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
NTI
Filing Date
2024-12-17
Publication Date
2026-06-29

AI Technical Summary

Technical Problem

The key distribution problem between two communication devices located far apart, especially when using symmetric-key encryption, is difficult to solve due to the need for sharing a common key without the risk of interception, and existing solutions like public-key encryption have vulnerabilities.

Method used

A communication system where two devices perform double encryption and decryption operations satisfying commutative and associative laws, allowing secure data sharing without prior key exchange, using unique keys and solution generation units to ensure encryption and decryption processes are independent and secure.

Benefits of technology

Ensures secure data sharing between devices by encrypting data multiple times, making it highly resistant to decryption by third parties, even if data is stolen, thus eliminating the need for prior key distribution and enhancing security.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026106160000001_ABST
    Figure 2026106160000001_ABST
Patent Text Reader

Abstract

This technology provides a way to securely and easily share data between two communication devices that use encrypted communication. [Solution] The first communication device encrypts the shared data with the first solution and a unique first key to obtain first encrypted data (S503), and sends it to the second communication device (S504). The second communication device receives it (S601), decrypts the first encrypted data with the first solution, and encrypts it again with the second solution and a unique second key to obtain second first encrypted data (S602), and sends it to the first communication device (S603). The first communication device receives it (S505), decrypts the second first encrypted data with the first key, and encrypts it again with the third solution to obtain second encrypted data (S506), and sends it to the second communication device (S507). The second communication device receives it (S604), decrypts the second encrypted data again with the third solution and the second key to obtain shared data (S605).
Need to check novelty before this filing date? Find Prior Art

Description

[Technical Field]

[0001] This invention relates to communication technology, and more particularly to cryptographic communication technology. [Background technology]

[0002] There are often situations where two communication devices capable of communicating with each other need to securely share certain information, that is, without the risk of eavesdropping by a third party. Such information may be a document containing confidential content to be transmitted from one communication device to the other. Furthermore, when two communication devices communicate without the risk of eavesdropping by a third party, encrypted communication technology is commonly used. In encrypted communication technology, even if, for example, the algorithm used for encryption or decryption is predetermined to be the same for both devices, it is necessary for both devices to share the key used for encryption or decryption. Therefore, the information that needs to be securely shared between the two communication devices may be the key itself, or information for generating or selecting a common key for both devices.

[0003] When two communication devices located far apart perform encrypted communication, especially when using a symmetric-key encryption scheme with a common algorithm and key, the two communication devices must share the same key beforehand. Alternatively, the two communication devices must share the same information for each to individually generate the same key prior to performing symmetric-key encrypted communication. In other words, for two communication devices located far apart to perform encrypted communication using a symmetric key, it is fundamentally necessary that they share some kind of identical information. However, it is extremely difficult for two communication devices located far apart to possess a common key. For example, if one communication device can transmit a key to the other without the possibility of it being intercepted by a third party, then encrypted communication is already established at that point. This is a contradiction. Prior to encrypted communication being performed, it is difficult to securely create a state in which two communication devices share a common key (or some kind of information). This problem is sometimes called the "key distribution problem" and has been widely known for a long time.

[0004] As a technology to solve the key distribution problem, public-key cryptography is known, which uses a pair of keys, a private key and a public key, to perform encrypted communication. In public-key cryptography, one communication device sends a public key, which can be known to third parties, to another communication device. The other communication device uses the received public key, and the first communication device uses the private key, which is paired with the public key and is kept secret from all but the first communication device, to perform encrypted communication. At the time of its introduction, the global consensus regarding public-key encryption was that the key distribution problem did not arise because the theft of the public key by a malicious third party did not cause any problems. However, since vulnerabilities have since been discovered in public-key encryption, the global consensus is that the key distribution problem has not been solved even with public-key encryption. However, given that public-key encryption is currently the most practical technology, the mainstream encryption technology involves sharing a common key between two communication devices using public-key encryption, and then using that same shared key to perform symmetric-key encrypted communication between the two devices. For example, SSL (Secure Sockets Layer) is an encryption technology that employs this principle.

[0005] In light of these recent circumstances, the present inventor has made an invention that can solve the key distribution problem and has previously filed a patent application for that invention. The invention covered by that patent application relates to the following encryption technology. This encryption technology enables encrypted communication between two communication devices. Let's assume the transmitting communication device is the first communication device and the receiving communication device is the second communication device. The first communication device first encrypts the shared data, which is the data to be shared with the second communication device, converts it into first encrypted data, and then sends the first encrypted data to the second communication device. The second communication device converts the received first encrypted data into second-first encrypted data by further encrypting it without decrypting it. It then sends this second-first encrypted data back to the first communication device. The first communication device performs an inverse operation on the received second first encrypted data, converting it back into second encrypted data. The second encrypted data is the data obtained when only the second communication device encrypts the shared data. In other words, the first communication device removes the encryption it performed from the second first encrypted data, which was obtained by doubly encrypting the shared data. Then, the first communication device sends the second encrypted data to the second communication device. The second communication device performs a reverse transformation on the received second encrypted data. In this way, the second encrypted data is converted back into shared data. Thus, the first and second communication devices share the shared data.

[0006] In this encrypted communication, shared data is sent from the first communication device to the second communication device by sending the data back and forth one and a half times between the two devices. During this time, the shared data is encrypted twice, and this double encryption is then decrypted by two inverse transformations. Let P be the shared data in plaintext state that is encrypted by the first communication device. Let P be the data after it has been transformed by the encryption operation performed by the first communication device. This first encrypted data, "P × A", is further encrypted by the second communication device. The first encrypted data, "P × A", is further (double) encrypted by the second communication device. Let (P × A) × B be the second first encrypted data, which is the data after it has been transformed by the encryption operation. This second first encrypted data, "(P × A) × B", is sent from the second communication device to the first communication device. In the first communication device, the inverse transformation of the transformation previously performed by the first communication device, that is, the decryption process, is performed. The decryption process performed by the first communication device is denoted as ×A -1 If we represent it as such, the operation performed by the first communication device on the "((P × A) × B)", which is the second first encrypted data, can be expressed as "((P × A) × B) × A -1 ". The resulting data is the second encrypted data, which, as previously described, is the data obtained by encrypting the shared data only by the second communication device. Therefore, according to the previous description method, that data can be expressed as "P × B". That is, in order for the above transformation to hold, the relationship "((P × A) × B) × A -1 = P × B" must hold. Here, the data obtained by the operation of P × A × A -1 , or P × B × B -1 is assumed to be P itself without performing any operation on the original data P. In other words, the operation of P × A × A -1 , or P × B × B -1 means encrypting the original data P and then decrypting it back to the original P. Under such a premise, for ((P × A) × B) × A -1 = P × B to hold, ((P × A) × B) × A -1 must be transformed as follows. ((P × A) × B) × A -1 → (P × (A × B)) × A -1 → (P × (B × A)) × A -1 → ((P × B) × A) × A -1 → (P × B) × (A × A -1 ) → P × B In other words, the encryption and decryption performed by the first communication device and the encryption and decryption performed by the second communication device must be such that the order of the operations ×A and ×B can be reversed, as described above. Furthermore, the above operations P × (B × A) and (P × B) × A must be equivalent. In other words, the encryption and decryption performed by the first communication device (or the operations performed for that purpose) and the encryption and decryption performed by the second communication device (or the operations performed for that purpose) must satisfy the commutative property "F × G = G × F" and the associative property "(F × G) × H = F × (G × H)", respectively, when the operation is represented by "×" and the objects of the operation are represented by "F", "G", and "H". Examples of operations that satisfy the above conditions include barrel shift, arithmetic operations, certain types of elliptic curve cryptography operations, and exclusive OR operations. Therefore, the encryption operations and their inverse operations performed by the first and second communication devices are required to satisfy both the commutative and associative laws as described above. If such conditions are met, the operations performed by the first and second communication devices are, respectively, the encryption operation "×A" and its inverse transformation "×A". -1 The operation " and the operation "×B" for encryption, and the inverse transformation "×B" -1 This means that the operations can be considered independent of each other. In other words, in the first communication device, "×A" and "×A -1 The calculation " is performed and "×B" and "×B" are exchanged in the second communication device. -1 Prior to executing the operation described above, it is not necessary for the first communication device and the second communication device to share any keys or information beforehand. Furthermore, the second encrypted data "P×B" created by the first communication device is sent from the first communication device to the second communication device, and as a result, it is converted back to shared data P by the second communication device. The second communication device then converts the second encrypted data "P×B" to (P×B)×B -1 By performing this inverse transformation, we can return to P. As a result, the shared data P, which previously existed only in the first communication device, becomes shared between the first and second communication devices.

[0007] The encryption communication technology described above does not require the first and second communication devices to share keys or any other information in advance before performing encrypted communication, and therefore is unrelated to the key distribution problem. This encryption communication technology can be applied, for example, to the sharing of keys (or some information for generating a common key) between two communication devices prior to performing symmetric-key encrypted communication, and could serve as an alternative to public-key encrypted communication. Of course, the encryption communication technology described above can also be applied when the first and second communication devices share information other than the key (or some information for generating a common key). [Prior art documents] [Patent Documents]

[0008] [Patent Document 1] Japanese Patent Publication No. 2018-174485 [Overview of the project] [Problems that the invention aims to solve]

[0009] However, as a result of further research by the present inventor, some vulnerabilities were found in the aforementioned encryption communication technology, which was thought to be a potential alternative to public-key encrypted communication. These vulnerabilities are as follows: In the encrypted communication technology described above, first, the first encrypted data, represented as "P x A" using the above-mentioned notation, is sent from the first communication device to the second communication device. Then, the second encrypted data, represented as "(P x A) x B", is sent from the second communication device to the first communication device. Since both of these are encrypted data, even if they are stolen by a third party, it is inherently impossible for them to be misused. However, problems can arise if both of these data are obtained by a third party. For example, suppose the encryption operations performed by the first and second communication devices, and their inverse operations, are exclusive OR operations. In that case, a third party who has both the first encrypted data "P × A" and the second first encrypted data "(P × A) × B" can perform an exclusive OR operation on the second first encrypted data "(P × A) × B" and the first encrypted data "P × A" to extract the data "B". If this data is stolen by a malicious third party, it means that the encryption and decryption processes performed by the second communication device are leaked to the third party. Even this alone can cause problems. Furthermore, suppose a malicious third party who knows the contents of data B also obtains the second encrypted data, "P × B," which is sent from the first communication device to the second communication device. In that case, the malicious third party can perform an exclusive OR operation using the second encrypted data "P × B" and the data B to extract the data P, that is, the shared data. This means that the worst-case scenario has occurred: shared data that was being sent from the first communication device to the second communication device, or that was being secretly shared between the two communication devices, has been stolen by a malicious third party. In other words, if all three types of data—the first encrypted data sent from the first communication device to the second communication device, the second encrypted data sent from the second communication device to the first communication device, and the second encrypted data sent from the first communication device to the second communication device—are stolen by a third party, even though all three types of data are encrypted, there is a risk that the original plaintext data, which should not be known to the third party, will be compromised.

[0010] The present invention aims to improve the aforementioned encryption communication technology, which can serve as an alternative to public-key encrypted communication, in order to eliminate the vulnerabilities described above. [Means for solving the problem]

[0011] The present invention is as follows: The present invention is a communication system comprising a first communication device, which is one of two communication devices that communicate with each other, and a second communication device, which is the other communication device. Both the first and second communication devices may be computer devices operated by the user (e.g., mobile phones, smartphones, tablets, notebook computers, desktop computers, etc.). Both the first and second communication devices may also be chips or cards such as SIMs (Subscriber Identity Modules) or IC cards (e.g., Suica® issued by East Japan Railway Company, etc.). Furthermore, both the first and second communication devices may be communication devices that are not directly operated by the user during normal communication, such as servers, routers, or switches, and may also be devices with communication functions that constitute the IoT (Internet of Things) ("Things" in the Internet of Things). The first communication device includes a first encryption unit that performs an encryption transformation satisfying the commutative and associative laws, a first decryption unit that performs the reverse transformation of the encryption performed by the first encryption unit, a first solution generation unit that can continuously generate solutions that are always the same when generated under the same conditions based on an initial solution, and a first communication unit that communicates with the second communication device via a predetermined network. The second communication device also includes a second encryption unit that performs an encryption transformation satisfying the commutative and associative laws in the same way as the first encryption unit, a second decryption unit that performs the reverse transformation of the encryption performed by the second encryption unit, a second solution generation unit that can continuously generate the same solutions as the first solution generation unit using the same initial solution used by the first solution generation unit, and a second communication unit that communicates with the first communication device via the network. The first communication device takes plaintext data, which is data to be shared with the second communication device, and uses a first key, which is unique to the first communication device and secret from the outside, and a first solution, which is the first solution generated by the first solution generation unit, to perform an encryption transformation in the first encryption unit to obtain first encrypted data. The first communication unit then transmits the first encrypted data to the second communication device via the network. When the second communication device receives the first encrypted data from the first communication device, the second decryption unit performs an inverse transformation of the encryption transformation performed in the first encryption unit using the same first solution generated by the first solution generation unit, and the second encryption unit then performs an encryption transformation using a second key, which is unique to the second communication device and secret from the outside, and a second solution, which is the second solution generated by the second solution generation unit, to obtain second first encrypted data. The second communication unit then transmits the second first encrypted data to the first communication device via the network. When the first communication device receives the second first encrypted data from the second communication device at the first communication unit, the first decryption unit performs the reverse transformation of the encryption transformation performed by the second encryption unit using the same second solution generated by the first solution generation unit, and also performs the reverse transformation of the encryption transformation performed by the first encryption unit using the first key at the first encryption unit, and the first encryption unit performs the encryption transformation using the third solution, which is the third solution generated by the first solution generation unit, to obtain the second encrypted data, and the first communication unit transmits the second encrypted data to the second communication device via the network.When the second communication device receives the second encrypted data from the first communication device in the second communication unit, the second decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the third solution, using the same third solution generated in the second solution generation unit that was generated in the first solution generation unit, and also performs the reverse transformation of the encryption transformation performed in the second encryption unit using the second key, thereby converting the second encrypted data into the shared data.

[0012] First, we will explain the terms "first encrypted data," "second first encrypted data," and "second encrypted data," which are characteristic terms in this application. In the communication system of the present invention, data is sent back and forth one and a half times between the two devices in order to transmit shared data from the first communication device to the second communication device. First, the plaintext shared data is converted into first encrypted data within the first communication device. Then, the first encrypted data is transmitted from the first communication device to the second communication device. This is the first forward journey. Next, the first encrypted data is converted into second first encrypted data within the second communication device. Then, the second first encrypted data is transmitted from the second communication device to the first communication device. This is the return journey. Next, the second first encrypted data is converted into second encrypted data within the first communication device. Then, the second encrypted data is transmitted from the second communication device to the first communication device. This is the second forward journey. Thus, in the present invention, the data that passes through the first outbound path is referred to as the first encrypted data, the data that passes through the return path is referred to as the second first encrypted data, and the data that passes through the second outbound path is referred to as the second encrypted data.

[0013] The communication system described above comprises a first communication device and a second communication device, which are communication devices that communicate with each other. The communication system may include more communication devices, but the two communication devices that communicate with each other are designated as the first communication device and the second communication device in the present invention. Communication between the first communication device and the second communication device is carried out by a network, but is not limited to this. The network may be the internet (including Internet VPN, the same applies hereinafter) or a line other than the internet. Examples of lines other than the internet include a telecommunications carrier line, a global IP-assigned IP-VPN, a private network, Short Message Service (SMS), and Multimedia Message Service (MMS), and there may be a combination of these. The first communication device comprises a first encryption unit that performs encryption processing, and a first decryption unit that can perform the reverse processing of the encryption processing performed by the first encryption unit, i.e., decryption processing. Similarly, the second communication device comprises a second encryption unit that performs encryption processing, and a second decryption unit that can perform the reverse processing of the encryption processing performed by the second encryption unit, i.e., decryption processing. The encryption processing performed by the first and second encryption units, and the reverse transformation processing of the encryption processing performed by the first and second decryption units, satisfy both the commutative and associative laws. The commutative and associative laws have already been described in the background technology section. Furthermore, the content of the encryption processing performed by the second encryption unit can be the same as the encryption processing performed by the first encryption unit. Therefore, the content of the decryption processing performed by the second encryption unit can be the same as the decryption processing performed by the first decryption unit. The first communication device also includes a first solution generation unit capable of continuously generating solutions that are always the same when generated under the same conditions based on an initial solution. The solutions generated by the first solution generation unit are used when the first encryption unit performs an encryption transformation, or when the first decryption unit performs a decryption transformation. The second communication device also includes a second solution generation unit capable of continuously generating the same solutions as the first solution generation unit using the same initial solution (initial solution) used by the first solution generation unit. The solutions generated by the second solution generation unit are used when the second encryption unit performs an encryption transformation, or when the second decryption unit performs a decryption transformation. The first communication device includes a first communication unit that communicates with the second communication device via a predetermined network. The second communication device also includes a second communication unit that communicates with the first communication device via a predetermined network. Due to the functions of the first and second communication units, data is exchanged between the first and second communication devices via the network. In the present invention, the data to be shared between these two communication devices, namely the first communication device and the second communication device, is referred to as shared data. The shared data is plaintext data. However, the shared data does not necessarily have to be meaningful data; for example, it may be a suitable sequence of characters, numbers, etc., such as a common key used when encrypted communication is performed between the first communication device and the second communication device. In other words, the encrypted communication performed between the first communication device and the second communication device in the present invention may be used for key distribution. Of course, the encrypted communication performed between the first communication device and the second communication device in the present invention may also be used for other purposes.

[0014] The method of sharing shared data in the communication system according to this application is as described later. In this invention, of the two communication devices, the communication device that first possesses the shared data, in other words, the communication device that provides the shared data to the other communication device, is referred to as the first communication device, and the other of the two communication devices is referred to as the second communication device. Therefore, a communication device that was the first communication device in one communication may become the second communication device in another communication, and vice versa. When shared data is shared between a first communication device and a second communication device, in the present invention, the shared data is first encrypted by the first encryption unit of the first communication device to become first encrypted data. The first encryption unit uses a first key unique to the first communication device and a first solution, which is the first solution generated by the first solution generation unit, when performing data conversion for encryption aimed at converting the shared data into first encrypted data. The order in which the conversion using the first key and the conversion using the first solution are performed does not matter. The first encrypted data is sent from the first communication device to the second communication device. Even if the first encrypted data is sent over a network such as the internet, since the first encrypted data is encrypted data, as long as the encryption process performed by the first encryption unit is strong and secure, even if only the first encrypted data is obtained by a third party, it is basically safe, and it is highly unlikely that the contents of the shared data will be deciphered by the third party. The second communication device receives the first encrypted data in its second communication unit. Upon receiving the first encrypted data, the second communication device performs the following processing on the first encrypted data: The second decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the first solution generated in the second solution generation unit (which is the same as the first solution generated in the first solution generation unit). The second encryption unit also performs an encryption transformation on the first encrypted data using the second key, which is unique to the second communication device and secret from the outside, and the second solution, which is the second solution generated in the second solution generation unit. In total, the second communication device performs three transformations on the first encrypted data: decryption using the first solution, encryption using the second key, and encryption using the second solution. These three transformations can be performed in any order. The data after the three transformations have been performed on the first encrypted data is the second first encrypted data. The second-to-first encrypted data is sent from the second communication device to the first communication device. Even if the second-to-first encrypted data is sent over a network such as the internet, the second-to-first encrypted data is encrypted data, or more precisely, it is data that has been double-encrypted using the first key in the first encryption unit and the second key in the second encryption unit. Therefore, as long as the encryption processes performed by the first and second encryption units are strong and secure, even if only the second-to-first encrypted data is obtained by a third party, it is basically safe, and it is highly unlikely that a third party will be able to decipher the contents of the shared data. The first communication device receives the second first encrypted data in the first communication unit. Upon receiving the second first encrypted data, the first communication device performs the following processing on the second first encrypted data: The first decryption unit uses the second solution generated in the first solution generation unit (which is the same as the second solution generated in the second solution generation unit) to perform the reverse transformation of the encryption transformation performed in the second encryption unit using the second solution, and also uses the first key to perform the reverse transformation of the encryption transformation performed in the first encryption unit using the first key. Furthermore, the first encryption unit performs the encryption transformation on the second first encrypted data using the third solution, which is the third solution generated in the first solution generation unit. In total, the first communication device performs three transformations on the second first encrypted data: decryption using the second solution, decryption using the first key, and encryption using the third solution. These three transformations can be performed in any order. The data after the three transformations have been performed on the first encrypted data is the second encrypted data. The second encrypted data is sent from the first communication device to the second communication device. Even if the second encrypted data is sent over a network such as the internet, since the second encrypted data is encrypted data, as long as the encryption process performed by the first and second encryption units is strong and secure, it is basically safe even if only the second encrypted data is obtained by a third party, or even if only the first and second encrypted data is obtained by a third party, and it is highly unlikely that a third party will be able to decipher the contents of the shared data. The second communication device receives the second encrypted data in the second communication unit. Upon receiving the second encrypted data, the second communication device performs the following processing on the second encrypted data: The second decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the third solution generated in the second solution generation unit (which is the same as the third solution generated in the first solution generation unit), and the reverse transformation of the encryption transformation performed in the second encryption unit using the second key, using the second key. In total, the second communication device performs two transformations on the second encrypted data: decryption using the third solution and decryption using the second key. The order in which these two transformations are performed does not matter. The data after these two transformations have been performed on the second encrypted data is the shared data. As a result, plaintext shared data is shared between the first communication device and the second communication device. Moreover, when shared data is transmitted between the first and second communication devices, the shared data is not in plaintext, but in one of the following states: first encrypted data, second-first encrypted data, or second encrypted data, and in all cases it is encrypted. Therefore, this communication system can securely share shared data between the first and second communication devices simply by performing a process of sending encrypted shared data back and forth one and a half times between the first and second communication devices. Furthermore, when performing such encrypted communication, the encryption and decryption processes performed by the first and second communication devices can be performed independently of the other communication device, so there is no need to send a key from one communication device to the other prior to performing encrypted communication. Therefore, encrypted communication performed using the communication system of the present invention is free from the key distribution problem. Furthermore, as described above, the data transmitted and received between the first and second communication devices consists of first encrypted data, second-first encrypted data, and second encrypted data. Of these, the first encrypted data is the shared data encrypted with at least the first decryption, the second-first encrypted data is the shared data encrypted with at least the second decryption, and the second encrypted data is the shared data encrypted with at least the third decryption. Therefore, even if all of the first encrypted data, second-first encrypted data, and second encrypted data, which use different data—first, second, and third decryption—to encrypt the shared data, are stolen by a third party during the one and a half round trip between the first and second communication devices, the values ​​of the first, second, and third decryption cannot be deciphered by the third party. Therefore, according to this communication system, even if the first encrypted data, the second first encrypted data, and the second encrypted data are all stolen by a malicious third party, the malicious third party cannot use the values ​​of the first, second, and third solutions that they have deciphered as a starting point to learn the contents of the shared data. As described above, the first communication device may use a first key unknown to the second communication device for encryption and decryption, and the second communication device may use a second key unknown to the first communication device for encryption and decryption. The first and second keys may be fixed keys. On the other hand, the first and second keys may change. That is, the first communication device may change the first key at predetermined timings, and the second communication device may change the second key at predetermined timings. For example, the first communication device may change the first key by generating a new first key each time it is necessary to generate first encrypted data. For example, the second communication device may change the second key by generating a new second key each time it is necessary to generate second first encrypted data.

[0015] The communication system of the present application is as described above, but the applicant also proposes the following communication system, which is an application of the above-mentioned communication system, as another aspect of the present invention. The application-based communication system, like the communication system described above, is a communication system consisting of a first communication device, which is one of two communication devices that communicate with each other, and a second communication device, which is the other communication device. Unless otherwise specified, the terms used to describe the application-based communication system, including the terms "first communication device" and "second communication device," have the same meaning as the terms used in the communication system described above. The first communication device comprises a first encryption unit that performs an encryption transformation satisfying the commutative and associative laws, a first decryption unit that performs the reverse transformation of the encryption performed by the first encryption unit, a first solution generation unit that can continuously generate solutions that are always the same when generated under the same conditions based on the initial solution, a concatenation unit that concatenates data, and a first communication unit that communicates with the second communication device via a predetermined network. The second communication device comprises a second encryption unit that performs an encryption transformation satisfying the commutative and associative laws in the same manner as the first encryption unit; a second decryption unit that performs the reverse transformation of the encryption performed by the second encryption unit; a second solution generation unit that can continuously generate the same solutions as the first solution generation unit using the same initial solutions used by the first solution generation unit; a second partitioning unit that partitions data; and a second communication unit that communicates with the first communication device via the network. The configuration of the first and second communication devices in the applied communication system is approximately the same as the configuration of the first and second communication devices in the communication system described above. The difference is that the former first communication device has a coupling unit that combines data, which was not present in the latter first communication device, and the former second communication device has a second splitting unit that divides data, which was not present in the latter second communication device. The coupling unit may have the function of dividing data, and the second splitting unit may have the function of combining data. If the coupling unit has the function of dividing data and the second splitting unit has the function of combining data, then both will have the same function. In the applied communication system, just like in the communication system described above, encrypted shared data is exchanged one and a half times over the network between the first and second communication devices. The definition of shared data is the same in the applied communication system as in the communication system described above.

[0016] The method of sharing shared data in the application-based communication system is as described below. When shared data is shared between the first and second communication devices, the first communication device in the applied communication system generates first encrypted data from the shared data, and the first encrypted data is sent from the first communication device to the second communication device. Up to this point, the process is the same for the applied communication system and the communication system described above. The fact that it is basically secure even if only the first encrypted data is obtained by a third party is also the same for the applied communication system and the communication system described above. The second communication device receives the first encrypted data in the second communication unit. Upon receiving the first encrypted data, the second communication device performs the following processing on the first encrypted data: The second decryption unit uses the first solution generated by the second solution generation unit (which is the same as the first solution generated by the first solution generation unit) to perform the reverse transformation of the encryption transformation performed by the first encryption unit using the first solution on the first encrypted data. The second encryption unit also performs an encryption transformation on the first encrypted data using the second key, which is unique to the second communication device and secret from the outside. In total, up to this point, the second communication device of the application communication system undergoes two transformations on the first encrypted data: decryption using the first solution and encryption using the second key. These two transformations can be performed in any order. The second communication device then divides the data obtained by performing these two transformations on the first encrypted data into two parts in the second division unit. The data division in this case can be done in any way. However, since the data merging in the merging section and the data splitting in the second splitting section, which will be described later, must be reverse processes, it is necessary to coordinate the merging section and the second splitting section so that the data merging and data splitting they perform are reverse processes. Then, in the second communication device, the second encryption section performs an encryption transformation on one of the split data using the second solution, which is the second solution generated by the second solution generation section, to obtain data A, which is part of the second first encrypted data. The second encryption section then performs an encryption transformation on the other of the split data using the third solution, which is the third solution generated by the second solution generation section, to obtain data B, which is the remainder of the second first encrypted data. The combination of data A and data B is the second first encrypted data. In other words, in the second communication device of the applied communication system, the second first encrypted data is generated as a combination of two data, data A and data B. The second first encrypted data is sent from the second communication device to the first communication device.Even if the second and first encrypted data are sent over a network such as the internet, the second and first encrypted data (or A and B data) sent as a combination of A and B data is encrypted data. More precisely, it is data that has been double-encrypted using the first key in the first encryption unit and the second key in the second encryption unit. Therefore, as long as the encryption processes performed by the first and second encryption units are strong and secure, even if only the second and first encrypted data is obtained by a third party, it is basically safe, and it is highly unlikely that a third party will be able to decipher the contents of the shared data. The first communication device receives the second first encrypted data in the first communication unit. The second first encrypted data is sent from the second communication device to the first communication device in a state where it is divided into the aforementioned A data and B data. The first communication device receives the second first encrypted data by receiving the A data and B data. Upon receiving the second first encrypted data, the first communication device performs the following processing on the second first encrypted data. Specifically, for A data, the first decryption unit performs the reverse transformation of the encryption transformation performed in the second encryption unit using the second solution generated in the first solution generation unit (which is the same as the second solution generated in the second solution generation unit). Also, for B data, the first decryption unit performs the reverse transformation of the encryption transformation performed in the second encryption unit using the third solution generated in the first solution generation unit (which is the same as the third solution generated in the second solution generation unit). Then, the two data created from A data and B data are combined in the joining unit. The resulting data is the same as the data divided in the second division unit of the second communication device. Next, the first encryption unit performs an encryption transformation on the aforementioned data obtained by combining the two data in the joining unit, using the fourth solution, which is the fourth solution generated by the first solution generation unit, and the first decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the first key, using the first key. In total, the first communication device performs two transformations on the data obtained as a result of combining the two data in the joining unit: encryption using the fourth solution and decryption using the first key. These two transformations can be performed in any order. In any case, the data obtained as a result of the above transformations is the same as the data obtained when the shared data is encrypted using the second key and the fourth solution. This data is the second encrypted data. The second encrypted data is sent from the first communication device to the second communication device.Even if the second encrypted data is sent over a network such as the internet, since the second encrypted data is encrypted data, as long as the encryption process performed by the first and second encryption units is strong and secure, it will be basically safe even if only the second encrypted data is obtained by a third party, or even if only the first and second encrypted data are obtained by a third party, and it is highly unlikely that a third party will be able to decipher the contents of the shared data. The second communication device receives the second encrypted data in the second communication unit. Upon receiving the second encrypted data, the second communication device performs the following processing on the second encrypted data (in fact, the following processing is the same as the processing performed by the second communication device in the aforementioned communication system after receiving the second encrypted data). That is, the second decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the fourth solution generated in the second solution generation unit (which is the same as the fourth solution generated in the first solution generation unit), and also performs the reverse transformation of the encryption transformation performed in the second encryption unit using the second key, using the second key. In total, the second communication device performs two transformations on the second encrypted data: decryption using the fourth solution and decryption using the second key. The order in which these two transformations are performed does not matter. The data after the two transformations have been performed on the second encrypted data is the shared data. As described above, plaintext shared data is shared between the first communication device and the second communication device. Moreover, in the case of a communication system based on this application, just as in the communication system described above, when shared data is transmitted between the first communication device and the second communication device, the shared data is not in plaintext, but in one of the following states: first encrypted data, second-first encrypted data, or second encrypted data, and in all cases it is encrypted. Therefore, such a communication system can securely share shared data between the first and second communication devices simply by performing a process of sending encrypted shared data back and forth one and a half times between the first and second communication devices. Furthermore, when performing such encrypted communication, the encryption and decryption processes performed by the first and second communication devices can be performed independently of the other communication device, so there is no need to send a key from one communication device to the other prior to performing encrypted communication. Therefore, encrypted communication performed using the communication system of the present invention is free from the key distribution problem. Furthermore, as described above, the data transmitted and received between the first and second communication devices consists of first encrypted data, second first encrypted data, and second encrypted data. Of these, the first encrypted data is shared data encrypted with at least the first decryption, the second first encrypted data is divided into shared data encrypted with at least the second decryption (A data) and shared data encrypted with the third decryption (B data), and the second encrypted data is shared data encrypted with at least the fourth decryption. Therefore, even if the first encrypted data, second first encrypted data, and second encrypted data use different data—first, second, third, and fourth decryption—as the data used to encrypt the shared data, the third encrypted data and fourth encrypted data cannot be deciphered by the third party, even if all of this data is stolen by a third party during the one and a half round trip between the first and second communication devices. Therefore, according to this communication system, even if the first encrypted data, the second first encrypted data, and the second encrypted data are all stolen by a malicious third party, the malicious third party cannot use the values ​​of the first, second, third, and fourth solutions that they have deciphered as a starting point to learn the contents of the shared data.

[0017] As described above, the encryption and decryption (inverse transformation) performed by the first encryption unit and first decryption unit of the first communication device, and the encryption and decryption (inverse transformation) performed by the second encryption unit and second decryption unit of the second communication device, must satisfy the commutative and associative laws. Examples of such operations include barrel shift, arithmetic operations, certain types of elliptic curve cryptography operations, and exclusive OR operations. If the encryption and decryption (inverse transformation) performed by the first encryption unit and first decryption unit of the first communication device, and the encryption and decryption (inverse transformation) performed by the second encryption unit and second decryption unit of the second communication device are performed using the exclusive OR operation, the following further effects can be obtained. Known cryptographic techniques include the Burnham cipher and the one-time pad cipher. Both of these require certain conditions to be met, but it has been mathematically proven that if these conditions are met, decryption is impossible. Specifically, it has been mathematically proven that if a ciphertext is obtained by taking the exclusive OR of the plaintext and the key, using a key that contains as much or more information than the plaintext being encrypted, and the key is a completely random number and is used only once, then it is impossible to decrypt the ciphertext. Therefore, if the encryption and decryption (inverse transformation) performed by the first encryption unit and first decryption unit of the first communication device, and the encryption and decryption (inverse transformation) performed by the second encryption unit and second decryption unit of the second communication device use the exclusive OR operation, and if the data used for taking the exclusive OR is a completely random number, similar to the key mentioned above, and used only once, then it becomes mathematically impossible to decrypt any of the first encrypted data, second first encrypted data, and second encrypted data transmitted over the network simply by obtaining them individually. Consequently, the only way for a malicious third party to use these three data to commit fraud is to obtain all of the first encrypted data, second first encrypted data, and second encrypted data, analyze all of the first, second, and third solutions (or, in the case of an applied communication system, the first, second, third, and fourth solutions), and then use the analyzed solutions as a starting point to analyze the shared data. As described above, if an exclusive OR operation is used for encryption and decryption, creating a situation similar to that of a Vernam cipher or a one-time pad cipher, it becomes impossible to determine the first, second, and third solutions (or, in the case of an applied communication system, the first, second, third, and fourth solutions) from the first encrypted data, the second first encrypted data, and the second encrypted data. Therefore, if the encryption and decryption performed by the first encryption unit and first decryption unit of the first communication device, and the encryption and decryption performed by the second encryption unit and second decryption unit of the second communication device are performed using an exclusive OR operation, then encrypted communication performed by the communication system according to the present invention becomes virtually completely secure.

[0018] In addition to the case of a communication system based on applications, the communication system of the present invention may be configured such that the first communication device and the second communication device continuously and automatically perform the process from the first communication device converting the shared data into the first encrypted data to the second communication device converting the second encrypted data into the shared data. According to this, the first and second communication devices can securely share data while reducing the effort required from both the user operating the first communication device and the user operating the second communication device.

[0019] Furthermore, the inventors of the present invention also propose the first communication device and the second communication device in the communication system described above as one aspect of the present invention. The effects produced by the first communication device and the second communication device are each equal to the effects produced by the communication system including the first communication device and the second communication device.

[0020] The inventors of the present invention also propose a method implemented in the communication system according to the present invention as one aspect of the present invention. The effect of this method is the same as the effect achieved by the communication system of the present invention. One example of such a method is a communication method implemented by a communication system comprising a first communication device, which is one of two communication devices communicating with each other, and a second communication device, which is the other communication device, wherein the first communication device includes a first encryption unit that performs an encryption transformation satisfying the commutative and associative laws, a first decryption unit that performs the reverse transformation of the encryption performed by the first encryption unit, a first solution generation unit that can continuously generate solutions that are always the same when generated under the same conditions based on an initial solution, and a first communication unit that communicates with the second communication device via a predetermined network, and the second communication device includes a second encryption unit that performs an encryption transformation satisfying the commutative and associative laws in the same way as the first encryption unit, a second decryption unit that performs the reverse transformation of the encryption performed by the second encryption unit, a second solution generation unit that can continuously generate the same solutions as the first solution generation unit using the same initial solution used by the first solution generation unit, and a second communication unit that communicates with the first communication device via the network. Furthermore, this method involves the first communication device performing an encryption transformation on the shared data, which is plaintext data to be shared with the second communication device, using a first key, which is unique to the first communication device and secret from the outside, and a first solution, which is the first solution generated by the first solution generation unit, to obtain first encrypted data, and the first process of the first communication unit transmitting the first encrypted data to the second communication device via the network, and when the second communication device receives the first encrypted data from the first communication device, the second decryption unit performs an inverse transformation on the first encrypted data using the same first solution generated by the first solution generation unit, and the second encryption unit performs an encryption transformation on the first encrypted data using a second key, which is unique to the second communication device and secret from the outside, and a second solution, which is the second solution generated by the second solution generation unit, to obtain second first encrypted data, and the second first encrypted data is transmitted to the second network A second process in which the signal unit transmits to the first communication device via the network, and when the first communication device receives the second first encrypted data from the second communication device at the first communication unit, the first decryption unit performs the reverse transformation of the encryption transformation performed in the second encryption unit using the same second solution generated in the second solution generation unit, and performs the reverse transformation of the encryption transformation performed in the first encryption unit using the first key, and the first encryption unit performs the encryption transformation using the third solution, which is the third solution generated in the first solution generation unit, to obtain the second encrypted data, and a third process in which the first communication unit transmits the second encrypted data to the second communication device via the network, and when the second communication device receives the second encrypted data from the first communication device at the second communication unit, the second decryption unit performs the reverse transformation of the encryption transformation performed in the second encryption unit using the same third solution generated in the first solution generation unit,The process includes a fourth step in which the second encrypted data is converted to the shared data by performing the reverse transformation of the encryption transformation performed in the first encryption unit using the third solution, and by performing the reverse transformation of the encryption transformation performed in the second encryption unit using the second key.

[0021] The inventors of the present invention also propose a method implemented in a communication system based on the above-described application of the present invention as one aspect of the present invention. The effect of this method is the same as that of the communication system based on the application of the present invention. One example of such a method is a communication system comprising a first communication device and a second communication device, which are two communication devices communicating with each other, wherein the first communication device includes a first encryption unit that performs an encryption transformation satisfying the commutative and associative laws, a first decryption unit that performs the reverse transformation of the encryption performed by the first encryption unit, a first solution generation unit that can continuously generate solutions that are always the same when generated under the same conditions based on an initial solution, a coupling unit that combines data, and a first communication unit that communicates with the second communication device via a predetermined network, and the second communication device includes a second encryption unit that performs an encryption transformation satisfying the commutative and associative laws in the same way as the first encryption unit, a second decryption unit that performs the reverse transformation of the encryption performed by the second encryption unit, a second solution generation unit that can continuously generate the same solutions as the first solution generation unit using the same initial solution used by the first solution generation unit, a second splitting unit that splits data, and a second communication unit that communicates with the first communication device via the network, and is a communication method executed by a communication system. Furthermore, this method involves the first communication device performing an encryption transformation on the shared data, which is plaintext data to be shared with the second communication device, using a first key, which is unique to the first communication device and secret from the outside, and a first solution, which is the first solution generated by the first solution generation unit, to obtain first encrypted data. The first process involves the first communication unit transmitting the first encrypted data to the second communication device via the network. When the second communication device receives the first encrypted data from the first communication device, the second decryption unit performs an inverse transformation on the first encrypted data using the same first solution generated by the first solution generation unit, and the second encryption unit performs an encryption transformation using a second key, which is unique to the second communication device and secret from the outside. The data obtained by the second encryption unit performing an encryption transformation using the second key is then divided into two parts by the second division unit. For one of the divided data, the second encryption unit performs an encryption transformation using the second solution, which is the second solution generated by the second solution generation unit, to obtain data A, which is part of the second first encrypted data. For the other of the divided data, the second encryption unit performs an encryption transformation using the third solution, which is the third solution generated by the second solution generation unit, to obtain data B, which is the remainder of the second first encrypted data. The second communication unit then transmits the data A and the data B, which constitute the second first encrypted data, to the first communication device via the network. When the first communication device receives the A data and B data, which constitute the second first encrypted data, from the second communication device in the first communication unit, the first decryption unit performs the reverse transformation of the encryption transformation performed in the second encryption unit using the second solution, using the same second solution generated in the first solution generation unit and generated in the second solution generation unit, and also performs the reverse transformation of the encryption transformation performed in the first encryption unit using the first key, and the first decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the first key, on the B data,The second encryption unit performs the reverse transformation of the encryption transformation performed using the third solution, which is the same as the third solution generated by the second solution generation unit that was generated by the first solution generation unit, and also performs the reverse transformation of the encryption transformation performed using the first key, which was used by the first encryption unit, using the first key, and the data obtained based on the A data and the data obtained based on the B data are combined in the combination unit, and the first encryption unit performs the encryption transformation on the combined data using the fourth solution, which is the fourth solution generated by the first solution generation unit, to obtain the second encrypted data, and the second encrypted data The process includes: a third step of transmitting the data from the first communication unit to the second communication device via the network; and a fourth step of the second communication device, upon receiving the second encrypted data from the first communication device, converting the second encrypted data into shared data by: the second decryption unit using the same fourth solution generated by the first solution generation unit and generated by the second solution generation unit; the second decryption unit using the same fourth solution as generated by the first solution generation unit; and the second encryption unit using the second key to convert the second encrypted data into shared data. The two methods exemplified above can be rephrased as follows. Specifically, the first communication device and the second communication device can be configured to perform the first to fourth processes automatically and in sequence. For example, in SSL communication, when one of two communication devices attempts to communicate with the other, for instance, if a user operating a client device (one of the communication devices) wants to view a homepage provided by a server (the other communication device), and specifies the homepage's URL in the address bar of the browser installed on the client, the client and server automatically communicate to share a shared key before initiating SSL communication, which is encrypted communication using a shared key between the client and the server. Similarly, if the first communication device performs an operation to indicate to the first communication device that it intends to start communication with the second communication device, it can automatically perform all subsequent processes, i.e., processes 1 through 4, from the conversion of the shared data for encryption to the first encrypted data, thereby automatically transmitting the shared key from the first communication device to the second communication device. In this way, the method of the present invention can, at least in principle, replace the technique of sharing a shared key at the beginning of SSL communication. [Brief explanation of the drawing]

[0022] [Figure 1] A diagram showing the overall configuration of a communication system according to one embodiment. [Figure 2] Figure 1 shows the external appearance of the communication equipment included in the communication system. [Figure 3] Figure 1 shows the hardware configuration of the communication devices included in the communication system. [Figure 4] A block diagram showing the functional blocks generated inside the communication device included in the communication system shown in Figure 1. [Figure 5] Figure 1 shows the flow of processing that occurs when communication takes place in the communication system shown in Figure 1. [Figure 6] A block diagram showing the functional blocks generated inside the communication device included in the modified communication system. [Figure 7] This diagram shows an excerpt of the processing flow that occurs when communication takes place in a modified communication system. [Modes for carrying out the invention]

[0023] A preferred embodiment of the present invention will be described below with reference to the drawings. Figure 1 shows a schematic overview of the overall configuration of the communication system according to this embodiment. The communication system of this embodiment is composed of a number of communication devices 100-1 to 100-N (hereinafter sometimes simply referred to as "communication device 100"). Any two of the number of communication devices 100 are capable of communicating with each other. In this embodiment, all of the number of communication devices 100 are capable of connecting to a network 400. In other words, the above-mentioned communication performed by any two of the number of communication devices 100 is communication via the network 400 in this embodiment. The network 400 includes, for example, at least the internet (including an internet VPN, the same applies hereinafter). In this embodiment, however it is not limited to this, the network 400 is assumed to be composed of the internet. However, the network 400 may be composed of multiple types of lines, including the internet. For example, in addition to the internet, other lines that can be used to constitute the network 400 in this embodiment include a communication carrier line, a global IP-assigned IP-VPN, a private network, Short Message Service (SMS), and Multimedia Message Service (MMS). However, the lines that each communication device 100 can use may be only one type of internet connection, or it may be several types including other lines. Furthermore, the types of lines that each communication device 100 can use may naturally differ. The numerous communication devices 100 only need to be able to connect to the network 400 when performing encrypted communication as described below, and do not necessarily need to be constantly connected to the network 400.

[0024] As described above, the communication devices 100-1 to 100-N are assumed to communicate with each other at a rate of two of them. Each communication device 100-1 to 100-N may, in this embodiment, function as either the first communication device or the second communication device as defined in the present invention, although this is not limited to the first communication device.

[0025] Next, the configuration of the communication device 100 will be described. The configuration of each communication device 100-1 to 100-N is the same in relation to the present invention. Communication devices 100-1 to 100-N include a computer. More specifically, the communication device 100 in this embodiment is composed of a general-purpose computer. Communication devices 100-1 to 100-N may be general-purpose servers in terms of hardware. While not limited to this, we will proceed assuming that communication devices 100-1 to 100-N are personal computers owned by each user, and are general-purpose computers in terms of hardware. Communication device 100 includes mobile phones, smartphones, tablets, notebook personal computers, desktop personal computers, etc. All of them are required to be capable of communication via network 400, and to be able to generate the functional blocks described later within them by installing the computer program described later, and to execute the processing described later. As long as they can do this, other specifications are not particularly required. For example, if the communication device 100 is a smartphone or a tablet, then the communication device 100 as a smartphone could be, for example, an iPhone manufactured and sold by Apple Japan LLC, and the communication device 100 as a tablet could be, for example, an iPad manufactured and sold by Apple Japan LLC. Furthermore, communication devices 100-1 to 100-N may be SIMs (Subscriber Identity Modules), IC cards (for example, Suica® issued by East Japan Railway Company, etc.), chips, or cards. Also, communication devices 100-1 to 100-N may be routers, switches, or other communication devices that are not directly operated by the user during normal communication, or they may be devices with communication functions that constitute the Internet of Things (IoT) ("Things" in the Internet of Things). Even if communication devices 100-1 to 100-N are such devices or equipment, they include at least the same hardware as shown in Figure 3, described later, except for the user interface. Therefore, if the computer program described later for causing a computer to function as the first or second communication device according to the present invention is installed, it becomes possible to make those devices or equipment function as the first or second communication device as defined in this application. If the communication devices 100-1 to 100-N are those devices or equipment, then the communications described later between the two communication devices 100 that communicate are usually executed automatically.

[0026] Figure 2 shows an example of the appearance of the communication device 100. While not limited to this example, Figure 2 shows the appearance when the communication device 100 is a smartphone. The communication device 100 includes a display 101. The display 101 is for displaying images, whether still or moving images, and can be a publicly known or readily available type. For example, the display 101 is a liquid crystal display. The communication device 100 also includes an input device 102. The input device 102 is for the user to provide desired input to the communication device 100. The input device 102 can be a publicly known or readily available type. In this embodiment, the input device 102 of the communication device 100 is a button type, but is not limited to this, and can also be a numeric keypad, keyboard, trackball, mouse, etc. In particular, if the communication device 100 is a notebook computer or a desktop computer, the input device 102 will be a keyboard or mouse, etc. Also, if the display 101 is a touch panel, the display 101 will also function as the input device 102, and this is the case in this embodiment.

[0027] The hardware configuration of the communication device 100 is shown in Figure 3. The hardware includes a CPU (central processing unit) 111, ROM (read-only memory) 112, RAM (random access memory) 113, and an interface 114, which are interconnected by a bus 116. The CPU 111 is an arithmetic unit that performs calculations. The CPU 111 executes the processes described later by, for example, running a computer program stored in the ROM 112 or RAM 113. Although not shown in the figures, the hardware of the communication device 100 may include a HDD (hard disk drive), SSD (solid state drive), or other high-capacity storage device connected to the bus 116, and the computer program may be stored in the high-capacity storage device. Furthermore, the CPU 111 may be a GPU (graphics processing unit) or GPGPU (general purpose computing on GPU). In this application, as an example of an embodiment, a so-called CPU is used for the CPU 111. The computer program referred to herein includes at least a computer program for causing the communication device 100 to function as both the first and second communication devices of the present invention. This computer program may be pre-installed on the communication device 100 or it may be post-installed. The installation of this computer program on the communication device 100 may be performed via a predetermined recording medium, such as a memory card (not shown in the illustration), or via a network such as a LAN or the Internet. ROM 112 stores computer programs and data necessary for the CPU 111 to perform the processes described later. The computer programs stored in ROM 112 are not limited to those described above; if the communication device 100 is a smartphone, it may also store computer programs and data necessary to make the communication device 100 function as a smartphone, such as programs for making calls and sending emails. The communication device 100 is also capable of browsing homepages based on data received via the network 400, and implements a publicly known web browser to enable this. RAM113 provides the work area necessary for the CPU111 to perform processing. In some cases, it may contain, for example, some of the aforementioned computer programs or data. Interface 114 is used for data exchange between the CPU 111, RAM 113, etc., connected via bus 116, and the outside world. The display 101 and input device 102 are connected to interface 114. The operation information input from input device 102 is input to bus 116 from interface 114. Also, as is well known, image data for displaying images on display 101 is output from interface 114 to display 101. Interface 114 is also connected to a known transmitting / receiving mechanism (not shown) for communicating with the outside world via the network 400, which is the Internet. This enables the communication device 100 to transmit and receive data via the network 400. The transmitting / receiving mechanism includes equipment necessary to enable communication over the Internet. If the network 400 includes lines other than the Internet, such as communication carrier lines, IP-VPNs with global IP addresses, private networks, short message services (SMS), multimedia message services (MMS), etc., then the transmitting / receiving mechanism may include equipment necessary to enable communication over each of these lines. Data transmission and reception over such network 400 may be done via wired or wireless connections. For example, if the communication device 100 is a smartphone, such communication would typically be done wirelessly. The configuration of the transmitting / receiving mechanism can be publicly known or widely accepted, as long as it enables communication. The data received by the transmitting / receiving mechanism from the network 400 is received by the interface 114, and the data passed from the interface 114 to the transmitting / receiving mechanism is sent by the transmitting / receiving mechanism to an external device, such as another communication device 100, via the network 400. Examples of data that each communication device 100 transmits and receives using the transmitting / receiving mechanism via the network 400 are the first encrypted data, the second first encrypted data, and the second encrypted data, which will be described in detail later.

[0028] When the CPU 111 executes a computer program, functional blocks as shown in Figure 4 are generated inside the communication device 100. These functional blocks may be generated solely by the functions of the aforementioned computer program for enabling the communication device 100 to function as the communication device of the present invention, or they may be generated through the cooperation of the aforementioned computer program and the OS or other computer programs installed in the communication device 100. Other computer programs may include, for example, computer programs for realizing communication over various lines such as the Internet, communication carrier lines, global IP-assigned IP-VPNs, private networks, short message service (SMS), and multimedia message service (MMS). Within the communication device 100, a data processing unit 120 is generated in relation to the functions of the present invention. Within the data processing unit 120, as shown in Figure 4, at least an input unit 121, a control unit 122, an encryption unit 123, a decryption unit 124, a decryption generation unit 125, a key generation unit 126, a data recording unit 127, and an output unit 128 are generated. Of these, the input section 121 and the output section 128, when viewed as hardware, correspond to the interface 114, or are realized by the functions of the interface 114. More specifically, the input section 121 and the output section 128 conceptually correspond to the connection between the interface 114 and the bus 116. Furthermore, the control unit 122, encryption unit 123, decryption unit 124, decryption generation unit 125, and key generation unit 126 correspond to a computing device (CPU 111) in terms of hardware, or are realized by the functions of a computing device that executes information processing according to the instructions of the computer program described above. The data recording unit 127 is implemented as hardware by a recording device, i.e., RAM 113 or a high-capacity recording device. When the control unit 122, encryption unit 123, decryption unit 124, decryption generation unit 125, and key generation unit 126 perform processing, it may be necessary to temporarily record or hold some data. In such cases, the function of temporarily recording or holding the data required by the control unit 122, encryption unit 123, decryption unit 124, decryption generation unit 125, and key generation unit 126 is implemented by the recording device, i.e., RAM 113 or a high-capacity recording device. In this application, the recording device can also be considered as memory.

[0029] The input unit 121 receives input from the interface 114. The input from interface 114 includes, for example, specific information input by input device 102. This specific information identifies two communication devices 100 (hereinafter sometimes referred to as "specific communication devices") that are about to perform encrypted communication from among a number of communication devices 100-1 to 100-N. When a communication device 100 is about to perform encrypted communication, it is natural that identifying the other communication device 100 will identify the communication device 100 that will perform the encrypted communication. Therefore, the specific information needs to include information that identifies the other communication device 100, but that is sufficient. Of course, both communication devices 100 that will perform the communication may also be identified by the specific information. To enable the identification of the communication device 100 performing the communication, each communication device 100 is assigned unique identification information that is specific to all communication devices 100. This identification information may include, for example, the IP address, email address (mobile phone carrier email address), telephone number, URL, or SNS (social networking service) ID of the communication device 100. For example, the user may input the identification information of both communication devices 100 performing encrypted communication into the input device 102 to generate specific information. On the other hand, as already mentioned, the information input as specific information can also be limited to the identification information of the other party's communication device 100. In that case, the control unit 122 or the transmission / reception mechanism can automatically attach the sender's identification information to the data transmitted to the other party's communication device 100 (for example, the first encrypted data described later). This allows the receiving communication device 100 to recognize the sending communication device 100, so that both specific communication devices can recognize each other. In this embodiment, although not limited thereto, when a user operates the input device 102 to input information identifying the other party's communication device 100 with which encrypted communication is about to be performed, the control unit 122 automatically generates identification information that identifies both the identification information of the communication device 100 and the identification information of the other party's communication device 100. Furthermore, the user can generate (or select) shared data by operating the input device 102. The shared data is plaintext data. In some cases, the communication device 100 may automatically determine the shared data without the user's consent (in the case of a common key, as described later, it is more common for the shared data to be automatically determined by the communication device 100). Such shared data is data intended to be shared by specific communication devices. In other words, the shared data is data that is subject to encrypted transmission and reception between communication devices 100. For example, if such transmission and reception is the transmission and reception of email, the data will be email data. Furthermore, if one communication device 100 provides a homepage for a virtual store on the internet and the other communication device 100 is a customer intending to purchase goods from that virtual store, the data sent from the virtual store's communication device 100 to the customer's communication device 100 may be, for example, data to provide the customer's communication device 100 with a format for the customer to fill in a product selection screen, customer information, shipping address information, etc. The data sent from the customer's communication device 100 to the virtual store's communication device 100 may be information that identifies the products and quantities selected by the customer for purchase, or customer information and shipping address information that the customer has filled in the aforementioned format. In addition, the shared data may be a common key that is held only by the source communication device 100 and needs to be shared by both the source and destination communication devices 100 prior to the encrypted communication using the common key method, and which is used in the encrypted communication using the common key method that the specific communication device subsequently performs. The shared data can be in any format, including text data, image data, and audio data. The shared data does not need to be the data that the user inputs by operating the input device 102; it may be data created by the communication device 100 performing predetermined information processing on that data, or it may be data that existed within the source communication device 100 before encrypted communication between specific communication devices began (for example, recorded in the data processing unit 120, or outside the data processing unit 120 (RAM 113 or a large-capacity storage device)). The shared data is input from the large-capacity storage device or the input device 102 to the input unit 121 via the interface 114. Other data that can be input to the input unit 121 from the interface 114 include first encrypted data, second first encrypted data, and second encrypted data. These may be sent from the communication device 100 of the communication partner via the network 400. When any of this data is received, it is received by the transmission / reception mechanism and sent from the transmission / reception mechanism to the interface 114. As described above, the input unit 121 receives specific information as input from the input device 102, first encrypted data, second first encrypted data, and second encrypted data as input from the transmission / reception mechanism, and shared data as input from the input device 102, etc. The input unit 121 receives these signals and sends them all to the control unit 122.

[0030] The control unit 122 controls the entirety of each functional block generated within the data processing unit 120 of the communication device 100. The control unit 122 may receive specific information and shared data from the input unit 121. When the control unit 122 receives specific information and shared data, it generates data to cause the display 101 to display information based on the specific information and shared data, and sends this data to the output unit 128. Furthermore, when the control unit 122 receives the specific information and the shared data, it sends the shared data to the encryption unit 123 in order to initiate encrypted communication between the communication device 100 into which the specific information was input and the other party's communication device 100 identified by the specific information. Furthermore, the control unit 122 may receive first encrypted data sent from another communication device 100 via the network 400 through the input unit 121. When the control unit 122 receives the first encrypted data, it sends it to the encryption unit 123 or the decryption unit 124. Furthermore, the control unit 122 may receive second first encrypted data sent from another communication device 100 via the network 400 through the input unit 121. When the control unit 122 receives second first encrypted data, it sends it to the encryption unit 123 or the decryption unit 124. Furthermore, the control unit 122 may receive second encrypted data sent from another communication device 100 via the network 400 through the input unit 121. When the control unit 122 receives the second encrypted data, it sends it to the decryption unit 124. The control unit 122 may also send instructions to the solution generation unit 125 to generate a solution, and to the key generation unit 126 to generate a key. The timing of when the control unit 122 sends these instructions to the solution generation unit 125 or the key generation unit 126 will be described later.

[0031] The encryption unit 123 performs an operation to encrypt predetermined data. The encryption operation performed by the encryption unit 123 is designed to satisfy both the commutative and associative laws. This will be explained later. The encryption process performed by the encryption unit 123 in each communication device 100 depends on the key used when performing the encryption process (the solution generated by the decryption generation unit 125 and the key generated by the key generation unit 126, which will be explained later). In other words, each communication device 100 can perform the same encryption process if the same key is used. For example, the encryption unit 123 may receive shared data from the control unit 122, and when it receives shared data, it executes a process to encrypt that shared data. As a result of this process, the shared data is converted into first encrypted data. When generating the first encrypted data, the encryption unit 123 uses the solution generated by the solution generation unit 125 and the key generated by the key generation unit 126 for encryption. The encryption unit 123 sends the first encrypted data to the output unit 128. The encryption unit 123 may receive first encrypted data from the control unit 122, and if it receives first encrypted data, it performs a process to further encrypt that first encrypted data. This process is for generating second first encrypted data. When generating second first encrypted data, the encryption unit 123 uses the solution generated by the solution generation unit 125 and the key generated by the key generation unit 126 for encryption. When the encryption unit 123 has generated second first encrypted data, it sends it to the output unit 128. The decryption unit 124 performs the inverse operation of the operation performed by the encryption unit 123 within the same communication device 100. In other words, the decryption unit 124 is able to convert encrypted data, which was generated when the encryption unit 123 within the same communication device 100 encrypts plaintext data, back into plaintext. In order for the decryption unit 124 to decrypt certain data, it needs the key that the encryption unit 123 used when encrypting that "certain data" (the solution generated by the decryption generation unit 125 and the key generated by the key generation unit 126, which will be explained later). The decryption unit 124 may receive first encrypted data from the control unit 122. Upon receiving the first encrypted data, it performs a decryption process on the first encrypted data, or in other words, the reverse transformation of the transformation performed for encryption on the first encrypted data. This process is for generating second first encrypted data. In performing this decryption, the decryption unit 124 uses the solution generated by the solution generation unit 125. If the decryption unit 124 has generated second first encrypted data, it sends it to the output unit 128. The decryption unit 124 may receive second-first encrypted data from the control unit 122. Upon receiving second-first encrypted data, it performs a decryption process on the second-first encrypted data, or in other words, the reverse transformation of the transformation performed for encryption on the second-first encrypted data. In performing this decryption, the decryption unit 124 uses the solution generated by the solution generation unit 125 and the key generated by the key generation unit 126. As a result of this process, the second-first encrypted data may be converted into second encrypted data. If the decryption unit 124 generates second encrypted data, it sends it to the output unit 128. The decryption unit 124 may receive second encrypted data from the control unit 122. Upon receiving the second encrypted data, the decryption unit 124 performs a decryption process on the second encrypted data, or in other words, the reverse transformation of the transformation performed for encryption on the second encrypted data. In performing this decryption, the decryption unit 124 uses the solution generated by the solution generation unit 125 and the key generated by the key generation unit 126. As a result, the second encrypted data becomes shared data, which is the plaintext data. The decryption unit 124 sends the shared data to the output unit 128. The encryption unit 123 and the decryption unit 124 are as described above, but the encryption unit 123 and the decryption unit 124 of the communication device 100 that initially possessed the shared data correspond to the first encryption unit and the first decryption unit as referred to in this application. Furthermore, the encryption unit 123 and the decryption unit 124 of the communication device 100 that receives the shared data from the other communication device 100 via encrypted communication correspond to the second encryption unit and the second decryption unit as referred to in this application.

[0032] The solution generation unit 125 has the function of generating a solution. The solution generation unit 125 generates a solution when it receives an instruction from the control unit 122 to generate a solution. The solution generation unit 125 sends the generated solution to the encryption unit 123 and the decryption unit 124 that require the solution. Information indicating whether to send the generated solution to the encryption unit 123 or the decryption unit 124 may be attached to the instruction sent from the control unit 122 to the solution generation unit 125 to generate a solution. The solution is a string of appropriate length. The length of the solution string may or may not always be the same, but in this embodiment it is always the same. The solution is a sequence of appropriate characters and symbols such as alphabets and numbers. Any method can be used to generate the solution. For example, it can be a pseudorandom number sequence with initial value dependence that always generates the same thing under the same conditions. For example, pseudorandom numbers generated using a publicly known or well-known technique for generating pseudorandom numbers can be used as the solution by taking a predetermined number of digits from them. The reason why the solution generated by the solution generation unit 125 is "a pseudorandom number sequence with initial value dependence that always generates the same thing under the same conditions" is to enable the same solution to be generated consecutively by two communication devices 100 that perform encrypted communication. In other words, the two solution generation units 125 in the specific communication device are capable of generating the same solution. The technology for generating the same solution remotely has been put into practical use, for example, in the field of internet banking, as a technology for generating the same solution (generally called a one-time password in this field) on both the user's token and the bank server. Such technology can be applied to the solution generation unit 125 of the communication device 100. The solution generation unit 125 of the communication device 100 can use methods such as event synchronization or time synchronization, which will be explained later, as techniques for generating the solution. The solution generation unit 125 uses the data recorded in the data recording unit 127 when generating a solution. The types of data recorded in the data recording unit and how the solution generation unit 125 uses the data recorded in the data recording unit 127 to generate a solution will be described later.

[0033] The key generation unit 126 has the function of generating keys. The key generation unit 126 may generate only one type of key, or multiple types. If the key generation unit 126 generates only one type of key, it may be a recording device (RAM or high-capacity recording device) that stores the key data. The key generated by the key generation unit 126 may change at predetermined intervals. In this embodiment, the key generation unit 126 generates a key when it receives an instruction from the control unit 122 to generate a key. The key generation unit 126 sends the generated key to the encryption unit 123 and the decryption unit 124 that require the key. Information indicating whether to send the generated key to the encryption unit 123 or the decryption unit 124 may be attached to the instruction from the control unit 122 to generate a key sent to the key generation unit 126. In this embodiment, the key generation unit 126 generates a different key each time it generates a key. The key is a string of appropriate length. The length of the key string may or may not always be the same, but in this embodiment it is always the same. The key is a sequence of appropriate characters and symbols such as letters and numbers. Any method can be used to generate the key. For example, it can be a pseudorandom number sequence that is dependent on the initial value and always generates the same thing under the same conditions. For example, pseudorandom numbers generated using a publicly known or well-known technique for generating pseudorandom numbers can be used as keys by taking a predetermined number of digits from them. Methods called event synchronization or time synchronization can be used as methods for generating keys. However, unlike in the case of the solution, there is not much reason to generate the key in such a way. However, the initial value for the key that each communication device 100 uses to generate a key is kept secret from other devices, including other communication devices 100. Therefore, the specific communication device cannot know the key used by the communication device 100 that is communicating with it. When the key generation unit 126 uses a key, it uses the data recorded in the data recording unit 127. The type of data recorded in the data recording unit and how the key generation unit 126 generates a key using the data recorded in the data recording unit 127 will be described later.

[0034] Next, the usage and operation of this communication system will be explained, mainly with reference to Figure 5. As already mentioned, in this communication system, any two communication devices 100 that make up the communication system communicate with each other. The two communication devices 100 may, of course, perform other communications, but in this embodiment, we will describe communication for sharing shared data between the two communication devices 100.

[0035] First, a user of one communication device 100 starts operating the communication device 100 they own in order to communicate between two communication devices 100 (S501). The communication device 100 that the user starts operating becomes the first communication device in the present invention. Such operation is performed by operating the input device 102. In order to communicate, the user performs necessary operations such as launching a known or well-known mailer application for sending and receiving emails, or launching a known or well-known browser application for browsing homepages. The content of such operations is input to the input unit 121 via the interface 114 and sent from the input unit 121 to the control unit 122. The control unit 122 receives image data for displaying an image on the display 101, which is generated by an application not shown based on the input content, and sends it to the output unit 128. Such image data is sent from the output unit 128 to the display 101. An image based on such image data is displayed on the display 101. Such an image may be, for example, an image from a mailer or an image from a browser. The user operates the input device 102 while looking at the display 101, thereby inputting specific information (S502). In this embodiment, however, the only information the user inputs via the input device 102 is information to identify the communication device 100 on the other side of the communication. The specific information to be input is identification information assigned to the communication device 100 on the other side of the communication, and although it varies depending on the communication line used to transmit the first encrypted data described later, for example, the specific information may be the IP address of the communication device 100, an email address (mobile phone carrier email address), a telephone number, a URL, or an SNS (social networking service) ID. While such input is being performed, the operation details for inputting specific information are input to the control unit 122 via the interface 114 and input unit 121. Upon receiving this, the control unit 122 generates image data, which is the data for the image displayed on the display 101, and sends it to the display 101 via the output unit 128 and interface 114. The display 101 displays the specific information that the user is inputting using the input device 102 in real time. The user can input the specific information while viewing this display. For example, if the identification information is the IP address of the other party's communication device 100, when the user inputs the IP address using the input device 102, the information is sent to the control unit 122 via the interface 114 and input unit 121. Upon receiving this data, the control unit 122 automatically generates specific information that includes the IP address of the communication device 100 and the IP address of the other party's communication device 100.

[0036] Once the input of specific information is complete, the user operating the communication device 100 as the first communication device selects the shared data. The selection of the shared data can be done, for example, by the user operating the input device 102. If the shared data is some data file recorded in the recording device, the user can select the shared data by selecting the data file. The shared data is input, for example, from the input unit 121 to the control unit 122. The control unit 122 sends the shared data to the encryption unit 123, instructs the solution generation unit 125 to generate a solution, and instructs the key generation unit 126 to generate a key. Upon receiving these instructions, the solution generation unit 125 generates a solution, and the key generation unit 126 generates a key. The generated solution is sent from the solution generation unit 125 to the encryption unit 123, and the generated key is sent from the key generation unit 126 to the encryption unit 123. The encryption unit 123 uses these solutions and keys to double-encrypt the shared data. This double-encrypted shared data is the first encrypted data. In other words, in the communication device 100, which acts as the first communication device, the shared data is converted into first encrypted data (S503). However, although not necessarily so, the processing in the communication device 100, which corresponds to the first communication device in this application, after the input of specific information has been completed, is performed automatically without requiring any operation of the user's input device 102, at least until the transmission of the second encrypted data, as described later, to the other party's communication device 100 is completed.

[0037] Specifically, the shared data is converted to the first encrypted data in the following way: First, the solution generation unit 125 receives an instruction from the control unit 122 to generate a solution and generates one. The method used by the solution generation unit 125 in the communication device 100 to generate a solution is such that the solutions generated under the same conditions are identical. In this embodiment, the initial value (which may also be called the "initial solution") and the calculation method (algorithm) executed using the initial value are fixed, and the solution obtained as a result of the calculation is such that it is a pseudo-random number. Although not limited to this, in this embodiment, the solution is generated by either the time synchronization or event synchronization method described below. When generating a solution, the initial value data recorded in the data recording unit 127 is used. The data recording units 127 of the two communication devices 100 that perform encrypted communication have the same initial value recorded in advance. There is no limit to the method for sharing the same initial value between specific communication devices. For example, the two communication devices could communicate with each other beforehand, or both communication devices 100 could receive the same initial value from a public server that distributes the initial value, thereby sharing the same initial value between the specific communication devices.

[0038] When generating a solution in a time-synchronized manner, the solution generation unit 125 generates the solution as follows. The solution generation unit 125 reads an initial value from the data recording unit 127. The initial value data is, for example, a string of 20 digits mixed with lowercase English letters. This is the same for both the initial value and the solution. There may be one initial value, or there may be multiple. Although not limited to this, in this embodiment there is one initial value, so the solution generation unit 125 reads one initial value from the data recording unit 127. The solution generation unit 125 generates a solution corresponding to that time, or in other words, the date and time, by performing calculations on the initial values. First, to enable calculations, the initial value is converted to a digit-only format. If the initial value contains letters, they are replaced with two-digit numbers. The number to be replaced is the alphabetical order of the letter. For example, "a" is replaced with "01", "b" with "02", and "z" with "26". For example, suppose the initial value was "5a6458p6556ff4272149". In this case, converting the initial value to a digit-only format according to the above convention results in "501645816655606064272149". The number of digits in the digit-only format will increase according to the number of letters in the initial value. If you want to include symbols such as (, ), !, &, : in the solution, you can assign appropriate numbers to them, such as "27" for "(", ")" with "28", and "!" with "29". Next, we perform an operation on the numbers. The result of this operation is a sequence of numbers that will be the basis of the solution. If we call this sequence of numbers X, then X is determined according to the date and time at which the solution is generated. Specifically, the solution is determined according to the year, month, day, hour, and minute in the Gregorian calendar at that time, as follows. In the following formula, X1 is the initial value converted into a number. In this embodiment, there are five initial values ​​because the solution will change according to the five elements of year, month, day, hour, and minute in the Gregorian calendar. In the following formula, "X1" is the initial value. X=X1 P X1 Q +X1 R X1 S +X1 T Here, P = the remainder when the year is divided by 5 plus 1, Q = the remainder when the month is divided by 5 plus 1, R = the remainder when the day is divided by 5 plus 1, S = the remainder when the hour is divided by 5 plus 1, and T = the remainder when the minute is divided by 5 plus 1. In this way, different sequences can be obtained depending on the time of day. The reason for adding 1 to all of P through T is that if all of P through T happen to be 0, the final solution X would be 5, but this is done to avoid the frequent occurrence of such simple numbers. As a result of performing the above calculation, we obtain a sequence of numbers X that will be the basis of the solution. Next, if any two digits in that sequence contain numbers from 01 to 26, we replace them with letters from a to z, following the reverse rule of the letter-to-number substitution rule mentioned earlier. The resulting string of numbers and lowercase letters is usually 20 characters or longer. If it is 20 characters or longer, for example, the first 20 characters of the string are extracted and used as the solution. If the resulting string of numbers and lowercase letters is exactly 20 characters long, it is used as the solution. If the resulting string of numbers and lowercase letters is less than 20 characters long, the number of characters is increased based on some rule. For example, a number or character may be inserted into the string based on the first number or letter until the string reaches 20 characters. Alternatively, one could employ a method in which P and T in the above formula are swapped, and the resulting sequence of numbers is then subjected to the process described above, where numbers are replaced with letters. This process generates a new string of numbers and lowercase letters, which is then appended to the original string of numbers and lowercase letters. This process is repeated until the string has at least 20 digits, and the first 20 characters are extracted to obtain the solution. In any case, this will generate a solution corresponding to the date and time at that moment, based on the initial values. Since the initial values ​​and the calculation method described above are fixed, the generated solution will be the same as long as the conditions of the date and time of generation remain the same. Therefore, two specific communication devices 100 with identical initial values ​​can generate the same solution.

[0039] When generating a solution using event synchronization, the solution generation unit 125 generates the solution as follows. To generate a solution, one can use an initial solution (there may be two or more solutions, as in (a) and (c) below) and sequentially create new solutions by substituting past solutions into a predetermined function. This process can be repeated whenever a solution is needed. In this way, the above solutions can be generated continuously. In this case, the solutions will be pseudorandom numbers that depend on the initial solution. When the solution generation unit 125 generates a solution for the first time, it reads an initial value from the data recording unit 127. Then, it substitutes that initial value into the following formula. In the following formula, the initial value is, for example, "X0". Examples of functions used to construct the above solution are given below (a) to (c). All of the following (a) to (c) are the Nth solution X N This is the formula for creating [the expression]. Also, P, Q, R, and S are arbitrary natural numbers. (a)(X N )=(X N-1 ) P +( Ctrl N-2 ) Q (b)(X N )=(X N-1 ) P (c)(X N )=(X N-1 ) P (X N-2 ) Q (X N-3 ) R (X N-4 ) S (a) generates a new solution by using two previous solutions, raising each to the power of P and Q respectively, and then adding them together. More precisely, since using two previous solutions and raising them to the power of P and Q usually increases the number of digits, in practice, a new solution is generated by extracting an appropriate number of digits from the beginning of the obtained value, an appropriate number of digits from the end, or an appropriate number of digits from an appropriate part of the value. This is not the only way, but in this embodiment, the solution is assumed to have 20 digits. (b) uses one of the previous solutions, raises it to the power of P, and then rearranges the number of digits of that result as described above to obtain the new solution. (c) uses the four previous solutions, raises them to the power of P, Q, R, and S respectively, takes the product of the results, and then rearranges the number of digits as described above to obtain the new solution. The above (a) to (c) are examples of algorithms for generating solutions, and it is also possible to modify the algorithm when generating solutions, for example, by using (a) to (c) in order. Note that the methods using the formulas (a) to (c) described above are usable when the solution consists only of numbers. If you want to include letters and symbols in the solution, you can use the method of assigning numbers to letters and symbols as explained in the embodiment. According to the method of generating a series of solutions using the formulas described above, solutions generated in the same order will always be identical if the initial solutions are the same. When generating solutions using an event-synchronized method, the solution generation unit 125, each time a solution is generated, uses the initial value recorded in the data recording unit 127 for the first solution, or uses a solution for the next solution, or, if generalizing further, the solution (X N ) solve (X N+1 The data is overwritten. This allows the solution generation unit 125 to always generate the next solution using the previous solution recorded in the data recording unit 127.

[0040] In any case, the solution generation unit 125 sends the generated solution to the encryption unit 123. In this embodiment, the solution generation unit 125 generates only one solution. Hereafter, the first solution will be referred to as the first solution (OTP1). Furthermore, when performing a series of encrypted communications to send shared data from communication device 100 as the first communication device to communication device 100 as the second communication device, the second solution generated within communication device 100 as the specific communication device will be denoted as the second solution (OTP2), the third solution as the third solution (OTP3), ... the nth solution as the nth solution (OTPn).

[0041] On the other hand, the key generation unit 126, having received an instruction from the control unit 122 to generate a key, generates the key. As already mentioned, the key generation unit 126 is free to use any method to generate the key. The two communication devices 100, which are specific communication devices, are designed so that they cannot know the key generated by the other communication device 100. In this embodiment, although not limited to this, the key generation unit 126 uses the initial value for key generation (which may also be called the "initial key solution") recorded in the data recording unit 127 to generate the key. In this embodiment, the initial values ​​for key generation recorded in the data recording unit 127 of each communication device 100 are different from each other. The key generation unit 126 reads initial values ​​for key generation from the data recording unit 127 when generating a new key. Then, using these initial values, it generates a new key using either the event synchronization or time synchronization method already described as a method for generating a solution. Each key generated by the same key generation unit 126 will be different, and each communication device 100 cannot know the contents of the keys generated by the key generation unit 126 of other communication devices 100.

[0042] In this embodiment, the key generation unit 126 generates only one key. Since this key is generated by the communication device 100, which is the first communication device in this application, it will be referred to as the first key (KEY1). The key generation unit 126 sends the generated first key to the encryption unit 123 and the decryption unit 124. The first key is used in the decryption unit 124 a little later.

[0043] As described above, the encryption unit 123 obtains the shared data, the first decryption (OTP1), and the first key (KEY1). Once it has obtained these, the encryption unit 123 double-encrypts the shared data (hereinafter, the shared data may be referred to as "DATA") using the first decryption (OTP1) and the first key (KEY1). The encryption method used here is assumed to satisfy both the commutative and associative laws. Examples of such operations include barrel shift, arithmetic operations, certain types of elliptic curve cryptography operations, and exclusive OR operations. In this embodiment, however, the shared data is doubly encrypted by the exclusive OR operation. As a result, the first encrypted data generated can be represented as follows: DATA×KEY1×OTP1 "×KEY1" means that an exclusive OR operation was performed on the shared data "DATA" using "×KEY1", and "×OTP1" means that an exclusive OR operation was performed on the data obtained by the operation "DATA×KEY1" using "OTP1". Furthermore, the encryption performed by the encryption unit 123 satisfies both the commutative and associative laws, as described above. DATA × KEY1 × OTP1 = DATA × OTP1 × KEY1 That is the case. Therefore, encryption of DATA using KEY1 and OTP1 can be performed in any order, with either KEY1 or OTP1 being used first.

[0044] The encryption unit 123 sends the first encrypted data to the output unit 128. The control unit 122 also sends specific information to the output unit 128, though the order of these transmissions is not important. This first encrypted data and specific information are linked together and sent from the output unit 128 to the transmission / reception mechanism via the interface 114.

[0045] The transmitting and receiving mechanism transmits the first encrypted data via the network 400 to the communication device 100 identified by specific information (for example, the IP address of the other party's communication device 100 included in the specific information) (S504). Although not limited to this, the specific information is sent to the other party's communication device 100 along with the first encrypted data.

[0046] The communication device 100 of the communication partner, which corresponds to the second communication device in the present invention, receives the first encrypted data with its transmission / reception mechanism (S601). The first encrypted data is sent from the transmission / reception mechanism to the input unit 121 in the data processing unit 120 via the interface 114. The first encrypted data is sent from the input unit 121 to the control unit 122. In this embodiment, although not limited to this, the processes S602, S603, S604, and S605 (all described later), starting from the process in S601, are all executed automatically. Upon receiving the first encrypted data, the control unit 122 sends the first encrypted data to either the encryption unit 123 or the decryption unit 124. In the communication device 100, which corresponds to the second communication device, encryption and decryption processes are performed when converting the first encrypted data into the second first encrypted data. As will be described later, either process can be performed first. Therefore, if the encryption process is performed first, the first encrypted data will be sent to the encryption unit 123 first, and if the decryption process is performed first, the first encrypted data will be sent to the decryption unit 124 first. Before or after sending the first encrypted data to the encryption unit 123 or the decryption unit 124, the control unit 122 sends an instruction to the solution generation unit 125 to generate a solution, and also sends an instruction to the key generation unit 126 to generate a key. Upon receiving this instruction, the solution generation unit 125 generates a solution, and the key generation unit 126 generates a key. The generated solution is sent from the solution generation unit 125 to the encryption unit 123 and the decryption unit 124, and the generated key is sent from the key generation unit 126 to the encryption unit 123 and the decryption unit 124. The encryption unit 123 and the decryption unit 124 use the solution and the necessary keys to decrypt or further encrypt the first encrypted data (or data that has undergone the necessary processing). As a result, the first encrypted data is converted into second first encrypted data (S602).

[0047] Specifically, the first encrypted data is converted to the second first encrypted data in the following manner: First, the solution generation unit 125, having received an instruction from the control unit 122 to generate a solution, generates the solution. The method by which the solution generation unit 125 of the second communication device generates the solution is the same as the method by which the solution generation unit 125 of the first communication device generates the solution. For example, if the solution generation unit 125 of the communication device 100 as the first communication device generates the solution using an event-synchronized method, then the solution generation unit 125 of the communication device 100 as the second communication device also generates the solution using an event-synchronized method. However, when generating the solution using a time-synchronized method, especially when generating multiple solutions, information on the "date and time" used to generate the solution is required in addition to "the date and time at that moment". In such cases, the solution generation units 125 of the two specific communication devices can be configured to generate the first solution using "the date and time at that moment", the second solution using "the date and time one hour after that moment", the third solution using "the date and time two hours after that moment", the fourth solution using "the date and time three hours after that moment", and so on. Of course, this arrangement is merely an example.

[0048] When converting the first encrypted data to the second first encrypted data, the solution generation unit 125 in the communication device 100 as the second communication device generates two solutions, namely the first solution (OTP1) and the second solution (OTP2). When generating the first and second solutions, the solution generation unit 125 uses an initial value, which can be called the initial solution, that was recorded in the data recording unit 127. Since this initial value is the same as the initial value, which can be called the initial solution, that was recorded in the data recording unit 127 of the communication device 100 as the first communication device, the first solution generated by the solution generation unit 125 of the communication device 100 as the second communication device is the same as the first solution generated by the solution generation unit 125 of the communication device 100 as the first communication device. Furthermore, the second solution generated by the solution generation unit 125 of the communication device 100 as the second communication device is a solution that can be generated by the solution generation unit 125 of the communication device 100 as the first communication device. The solution generation unit 125 transmits the generated first solution to the decryption unit 124 and the generated second solution to the encryption unit 123.

[0049] On the other hand, the key generation unit 126, having received an instruction from the control unit 122 to generate a key, generates the key. As already mentioned, the key generation unit 126 is free to use any method to generate the key. The two communication devices 100, which are specific communication devices, are designed so that they cannot know the key generated by the other communication device 100. Therefore, the key generation units 126 in two communication devices 100 in a specific communication device may generate keys in fundamentally different ways, and the key generation units 126 of all communication devices 100 may generate different keys in different ways that other communication devices 100 cannot know about. In this embodiment, although not limited to this, the key generation unit 126 of the second communication device 100 generates a key using an initial value for key generation (which may also be called an "initial key solution") recorded in the data recording unit 127, just as in the case of the key generation unit 126 of the first communication device 100, by an event-synchronized or time-synchronized method. As described above, the initial values ​​for key generation recorded in the data recording unit 127 of each communication device 100 are different from each other, so the keys generated by the key generation unit 126 of each communication device 100 are different, and each communication device 100 cannot know the keys generated by the other communication devices 100.

[0050] In this embodiment, the key generation unit 126 generates only one key. This key is generated by the communication device 100, which is the second communication device in this application, and will therefore be referred to as the second key (KEY2). The key generation unit 126 sends the generated second key to the encryption unit 123 and the decryption unit 124. The second key is used in the decryption unit 124 a little later.

[0051] As described above, the encryption unit 123 obtains the second decryption (OTP2) and the second key (KEY2). Therefore, if the encryption unit 123 receives the first encrypted data from the control unit 122, it can perform further encryption on the first encrypted data using the second decryption and the second key. On the other hand, the decryption unit 124 obtains the first solution (OTP1) and the second key (KEY2). Therefore, if the encryption unit 123 receives the first encrypted data from the control unit 122, it can perform the decryption process on the first encrypted data using the first solution and the second key. However, at this stage, the second key is not used by the decryption unit 124. In this state, the first encrypted data is ready to undergo encryption using the second solution and the second key, and decryption using the first solution. The encryption method used here is assumed to satisfy both the commutative and associative laws, and the decryption method is similar. Therefore, regardless of the order in which the three processes described above are performed, the content of the final second first encrypted data will be identical. To obtain the second first encrypted data, the first encrypted data (DATA × KEY1 × OTP1) undergoes a decryption process using the first solution (this is called "× OTP1"). -1 This will be referred to as ). Then, the encryption process using the second key (×KEY2) and the encryption process using the second solution (×OTP2) are executed. The second and first encrypted data can be obtained using the following formula. (DATA × KEY1 × OTP1) × OTP1 -1 ×KEY2×OTP2 =DATA × KEY1 × KEY2 × OTP2 The encryption process, that is, in the above calculations, (×OTP2) and (×KEY2), is performed in the encryption unit 123. Therefore, when the encryption process is executed, the first encrypted data (or data after some calculation has been performed on it) is sent to the encryption unit 123 in advance. Also, the decryption process, that is, in the above calculations, (×OTP1 -1 Since the decryption is performed in the decryption unit 124, the first encrypted data (or data after some calculation has been performed on it) is sent to the decryption unit 124 in advance when the decryption process is performed. The first encrypted data (or data after some calculation has been performed on it) may be sent from one of the encryption unit 123 and the decryption unit 124 to the other via the control unit 122, or it may be sent directly from one of the encryption unit 123 and the decryption unit 124 to the other without going through the control unit 122.

[0052] In any case, the second first encrypted data, which can be expressed as (DATA × KEY1 × KEY2 × OTP2), is sent from the encryption unit 123 or the decryption unit 124 to the output unit 128. The second and first encrypted data is sent from the output unit 128 to the transmission / reception mechanism via the interface 114.

[0053] The transmitting and receiving mechanism transmits the second first encrypted data via the network 400 to the communication device 100 identified by the previously received specific information, that is, the communication device 100 corresponding to the first communication device in this application (S603).

[0054] The communication device 100, which corresponds to the first communication device in the present invention, receives the second first encrypted data with its transmission / reception mechanism (S505). The second first encrypted data is sent from the transmission / reception mechanism to the input unit 121 in the data processing unit 120 via the interface 114. The second first encrypted data is sent from the input unit 121 to the control unit 122. Upon receiving the second first encrypted data, the control unit 122 sends the second first encrypted data, expressed as (DATA × KEY1 × KEY2 × OTP2), to the encryption unit 123 or the decryption unit 124. In the communication device 100, which corresponds to the first communication device, encryption and decryption processes are performed when converting the second first encrypted data into the second encrypted data. As already mentioned, it does not matter which of these processes is performed first. Therefore, if the encryption process is performed first, the second first encrypted data will be sent to the encryption unit 123 first, and if the decryption process is performed first, the second first encrypted data will be sent to the decryption unit 124 first. The control unit 122 sends the second first encrypted data to the encryption unit 123 or the decryption unit 124, and at the same time, it sends an instruction to the solution generation unit 125 to generate a solution. Upon receiving this instruction, the solution generation unit 125 generates a solution. The generated solution is sent from the solution generation unit 125 to the encryption unit 123 and the decryption unit 124. The decryption unit 124 also holds the first key that was generated when the shared data was converted into the first encrypted data. The encryption unit 123 and the decryption unit 124 use the solutions and necessary keys to decrypt or further encrypt the second first encrypted data (or the data after the necessary processing has been performed). As a result, the second first encrypted data is converted into second encrypted data (S506).

[0055] Specifically, the second encrypted first data is converted to the second encrypted data in the following manner: First, the solution generation unit 125, having received an instruction from the control unit 122 to generate a solution, generates a solution. The method by which the solution generation unit 125 generates a solution is as previously described. The solution generation unit 125 generates a second solution and a third solution. The second solution generated by the communication device 100 as the first communication device of this application is the same as the second solution generated by the communication device 100 as the second communication device of this application. The third solution generated by the communication device 100 as the first communication device of this application is the same as the third solution that will be generated later by the communication device 100 as the second communication device of this application. The solution generation unit 125 sends the generated second solution to the decryption unit 124 and the generated third solution to the encryption unit 123.

[0056] As described above, the encryption unit 123 obtains the third solution (OTP3). Therefore, if the encryption unit 123 receives the second first encrypted data from the control unit 122, it can perform further encryption on the second first encrypted data using the third solution. On the other hand, the decryption unit 124 obtains the second solution (OTP2) and the first key (KEY1). Therefore, if the encryption unit 123 receives the second first encrypted data from the control unit 122, it can perform the decryption process on the second first encrypted data using the second solution and the first key. In this state, the second first encrypted data is ready to undergo encryption using the third key, and decryption using the second key and the first key. As already mentioned several times, regardless of the order in which the encryption and decryption operations described above are performed, the content of the final second encrypted data will be the same. To obtain the second encrypted data, the second first encrypted data (DATA × KEY1 × KEY2 × OTP2) undergoes a decryption process using the first key (× KEY1 -1 ) and the decoding process using the second solution (×OTP2 -1) and encryption using the third solution (×OTP3) are performed. The second encrypted data can be obtained using the following formula. (DATA × KEY1 × KEY2 × OTP2) × KEY1 -1 ××OTP2 -1 ×OTP3 =DATA×KEY2×OTP3 The encryption process, that is, in the above calculation, (×OTP3), is performed in the encryption unit 123, so when the encryption process is executed, the second first encrypted data (or data after some calculation has been performed on it) is sent to the encryption unit 123 in advance. Also, the decryption process, that is, in the above calculation, (×KEY1 -1 ) and (×OTP2 -1 Since the decryption is performed in the decryption unit 124, the second first encrypted data (or data after some calculation has been performed on it) is sent to the decryption unit 124 in advance when the decryption process is performed. The second first encrypted data (or data after some calculation has been performed on it) may be sent from one of the encryption unit 123 and the decryption unit 124 to the other via the control unit 122, or it may be sent directly from one of the encryption unit 123 and the decryption unit 124 to the other without going through the control unit 122.

[0057] In any case, the second encrypted data, which can be expressed as (DATA × KEY2 × OTP3), is sent from the encryption unit 123 or the decryption unit 124 to the output unit 128. These second encrypted data are sent from the output unit 128 to the transmission / reception mechanism via the interface 114.

[0058] The transmitting and receiving mechanism transmits the second encrypted data via the network 400 to the communication device 100 identified by the previously received specific information, that is, the communication device 100 corresponding to the second communication device in this application (S507).

[0059] The communication device 100 of the communication partner, which corresponds to the second communication device in the present invention, receives the second encrypted data with its transmission / reception mechanism (S604). The second encrypted data is sent from the transmission / reception mechanism to the input unit 121 in the data processing unit 120 via the interface 114. The second encrypted data is sent from the input unit 121 to the control unit 122. Upon receiving the second encrypted data, the control unit 122 sends the second encrypted data, expressed as (DATA × KEY2 × OTP3), to the decryption unit 124. In the communication device 100, which corresponds to the second communication device, decryption processing is performed to convert the second encrypted data back into shared data. Therefore, the second encrypted data is sent to the decryption unit 124. Around the same time that the control unit 122 sends the second encrypted data to the decryption unit 124, it also sends an instruction to the solution generation unit 125 to generate a solution. Upon receiving this instruction, the solution generation unit 125 generates a solution. The generated solution is sent from the solution generation unit 125 to the decryption unit 124. The decryption unit 124 also holds the second key generated when converting the first encrypted data to the second first encrypted data. The decryption unit 124 uses these solutions and keys to decrypt the second encrypted data (or the data after the necessary processing has been performed). As a result, the second encrypted data is converted into shared data (S605).

[0060] Specifically, the second encrypted data is converted into shared data in the following way: First, the solution generation unit 125, having received an instruction from the control unit 122 to generate a solution, generates a solution. The method by which the solution generation unit 125 generates a solution is as previously described. The solution generation unit 125 generates a third solution. The third solution generated by the communication device 100 as the second communication device of this application is the same as the third solution generated by the communication device 100 as the first communication device of this application. The solution generation unit 125 sends the generated third solution to the decoding unit 124.

[0061] As described above, the encryption unit 123 is now holding the second key (KEY2) and the third decryption key (OTP3). Therefore, when the decryption unit 124 receives the second encrypted data from the control unit 122, it can perform the decryption process on the second encrypted data using the second key and the third decryption key. As I have already mentioned several times, the data content of the shared data obtained in the end will be the same regardless of the order in which the two decryption operations are performed. To obtain the second encrypted data, the second encrypted data (DATA × KEY2 × OTP3) undergoes a decryption process using the second key (× KEY2 -1 ) and the decoding process using the third solution (×OTP3 -1 ) and are executed. Shared data can be calculated using the following formula. (DATA × KEY2 × OTP3) × KEY2 -1 ×OTP3 -1 =DATA The plaintext shared data is generated as a result of the decryption of the second encrypted data by the decryption unit 124. As a result, the communication device 100, which is the second communication device in the present invention, comes to possess the shared data that the communication device 100, which is the first communication device in the present invention, originally possessed, in an unencrypted plaintext state. The communication device 100, which corresponds to the second communication device, cannot grasp the contents of the original shared data from the first encrypted data, the second-first encrypted data, or the second encrypted data until the sharing of the shared data is completed. However, once the conversion for decryption by the decryption unit 124 is completed, the plaintext shared data can be obtained.

[0062] As described above, the two communication devices 100, corresponding to the first and second communication devices in the present invention, will share the shared data. Before the data is shared between the two communication devices 100, there is no shared data in plaintext form in the data transmitted and received between the two communication devices 100. When data is transmitted and received between the two communication devices 100, the shared data is in an encrypted state, such as first encrypted data (DATA × KEY1 × OTP1), second first encrypted data (DATA × KEY1 × KEY2 × OTP2), or second encrypted data (DATA × KEY2 × OTP3). As a result, the encrypted communication described above, which involves one and a half round trips of encrypted data transmission and reception between the two communication devices 100, ensures that, as long as the encryption and decryption processes used in the encryption unit 123 and decryption unit 124 of the communication device 100 are secure, even if all of the first encrypted data, second first encrypted data, and second encrypted data are stolen by a malicious third party, that malicious third party will not be able to decrypt the shared data, thus enabling secure sharing of shared data.

[0063] The data conversion performed in the encryption unit 123 and decryption unit 124 of the two communication devices 100 will be described in detail. As described above, in this embodiment, the shared data is encrypted (converted) by the encryption unit 123 of the communication device 100 corresponding to the first communication device of this application to become first encrypted data, then encrypted (converted) by the encryption unit 123 of the communication device 100 corresponding to the second communication device of this application to become second first encrypted data, then decrypted (converted) by the decryption unit 124 of the communication device 100 corresponding to the first communication device of this application to become second encrypted data, and finally decrypted (converted) by the decryption unit 124 of the communication device 100 corresponding to the second communication device of this application to return to the original shared data. For this to be possible, the encryption and decryption (inverse transformation) performed by the encryption unit 123 and decryption unit 124 in the communication device 100 corresponding to the first communication device of this application, and the encryption and decryption (inverse transformation) performed by the encryption unit 123 and decryption unit 124 in the communication device 100 corresponding to the second communication device of this application, must satisfy both the commutative and associative laws. This point will be explained in detail below. Let P be the shared data in plaintext. P is a predetermined data sequence. The encryption operation performed on the shared data P by the encryption unit 123 is denoted as "×A", the encryption operation performed on the first encrypted data by the encryption unit 123 is denoted as "×B", and the inverse operation of the operation performed on the first encrypted data by the decryption unit 124 is denoted as "×A". -1 The decryption unit 124 performs the inverse operation of the calculation performed in the encryption unit 123 on the second encrypted data, and then multiplies it by "×B". -1 We will show them as follows. Note that the "×" symbol mentioned above does not, of course, represent a simple multiplication operation. Therefore, the first encrypted data can be represented as "P × A". The second first encrypted data can be represented as "(P × A) × B". The second encrypted data can be represented as "P × B".

[0064] The problem here is that the decryption unit 124 performs the decryption of the second first encrypted data "(P×A)×B" with respect to "×A -1 This is an operation to obtain "P × B" by performing the calculation "(P × B) × B". The second encrypted data performed in the decryption unit 124 is returned to the shared data P as "(P × B) × B". -1 The operation described above is a general decryption operation, so there are no particular difficulties beyond those that exist for normal encryption and decryption. For the above operation performed by the decryption unit 124 to be valid, A × A -1 , or B×B -1 Assuming that the operation is performed on the original data P without any operations (or decrypting the encrypted data back to its original state) (i.e., a very ordinary encryption and decryption process), then "((P×A)×B)×A -1 The equation "=P × B" must hold true. The transformation in this case would be, for example, as follows: ((P×A)×B)×A -1 → (P × (A × B)) × A -1 →(P×(B×A))×A -1 →((P×B)×A)×A -1 → (P × B) × (A × A -1 ) →P×B In other words, the encryption and decryption performed by the encryption unit 123 and decryption unit 124 in the communication device 100 corresponding to the first communication device of this application, and the encryption and decryption performed by the encryption unit 123 and decryption unit 124 in the communication device 100 corresponding to the second communication device of this application, must be such that the order of the operations ×A and ×B can be swapped, as described above. Furthermore, the above operations must be such that P × (B × A) and (P × B) × A are equivalent. In other words, the encryption and decryption performed by the encryption unit 123 and decryption unit 124 in the communication device 100 corresponding to the first communication device of this application, and the encryption and decryption performed by the encryption unit 123 and decryption unit 124 in the communication device 100 corresponding to the second communication device of this application, must satisfy the commutative property "F×G=G×F" and the associative property "(F×G)×H=F×(G×H)" respectively, when the operation is represented by "×" and the objects of the operation are represented by "F", "G", and "H".

[0065] "((P×A)×B)×A -1 Here are some examples of operations that satisfy the above conditions for allowing the transformation of the expression "=P × B". One example of this is the exclusive OR operation. When encrypting a data sequence P using exclusive OR, it is performed by taking the exclusive OR operation between the data sequence P and a different data (key). The same applies below, but if the data length of P is long, it is common to divide P into many data and perform the above operation on each data. The key used for encryption and decryption in the encryption unit 123 and decryption unit 124 of the communication device 100 corresponding to the first communication device of this application and the key used for encryption and decryption in the encryption unit 123 and decryption unit 124 of the communication device 100 corresponding to the second communication device of this application may be the same, but they may not be the same. In other words, two communication devices 100 that intend to share shared data can perform the exclusive OR operation using the keys they each possess, even if they do not have the same key, and even if they do, the above "((P×A)×B)×A -1 This allows us to transform the equation into "=P × B". The encryption operations performed by the two communication devices 100 do not need to be the same, as long as the commutative and associative laws hold. Furthermore, the exclusive OR operation has the property that repeating the same operation twice will return you to the original data sequence. That is, (P × A) × A → P × (A × A) → P. In this case, the operation "× A" is performed by the encryption unit 123 and the operation "× A" is performed by the decryption unit 124. -1 " and the decryption unit 124 become the same thing. In such cases, there is no benefit in making the encryption unit 123 and the decryption unit 124 different, so for example, the decryption unit 124 may be omitted and the encryption unit 123 may perform both the encryption and decryption calculations. It has already been mathematically proven that if the key used in the exclusive OR operation performed between the encryption unit 123 and the decryption unit 124 has a data amount (information amount) equal to or greater than the data amount of the data to be encrypted (shared data or first encrypted data in this embodiment), is used only once, and is a completely random number, then it is impossible to derive the original data (shared data or first encrypted data in this embodiment) from the encrypted data (first encrypted data or second first encrypted data in this embodiment) by any means. Therefore, using an exclusive OR operation in the encryption unit 123 and the decryption unit 124 is useful not only because it satisfies the condition that these operations satisfy both the commutative and associative laws, but also because it enhances the security of encrypted communication in this embodiment. To put such calculations into practical use, it is necessary to generate random numbers, or keys, one after another, as described above. This can be achieved if random number generators (which do not need to be hardware-based) are implemented in the two communication devices 100. If the keys generated by the random number generators can be supplied to the encryption unit 123 and the decryption unit 124, the encryption unit 123 and the decryption unit 124 can perform encryption and decryption processing in the mathematically impossible method described above. For example, the random number generator can be implemented, for example, by RAM 113 and CPU 111 through the functions of the computer program described above to make the communication device 100 function as the first communication device or the second communication device as referred to in this application.

[0066] "((P×A)×B)×A -1 Another example of an operation that satisfies the above conditions for allowing the transformation of the expression "=P × B" is a circular shift (barrel shift). A circular shift is performed when a data sequence of a certain length exists, and the rightmost and leftmost ends of that sequence are considered to be connected. The entire sequence is then shifted to the right or left by a predetermined number of characters. For example, if the entire sequence is shifted to the right by 3 characters, 3 characters are deleted from the rightmost end of the sequence, and these 3 deleted characters are added to the leftmost end of the sequence while maintaining their order. The remaining parts of the sequence are shifted to the right by 3 characters each. In this case, "3 characters to the right" is the key to performing this type of encryption. For example, if the encryption unit 123 of the communication device 100, which corresponds to the first communication device of this application, performs a transformation of the shared data using the key "N characters to the right" (the result of this is the first encrypted data), and the encryption unit 123 of the communication device 100, which corresponds to the second communication device of this application, performs a transformation of the first encrypted data using the key "M characters to the right" (the result of this is the second first encrypted data), then if the decryption unit 124 of the communication device 100, which corresponds to the first communication device of this application, performs a transformation of the second first encrypted data using the key "N characters to the left" (the reverse transformation of the transformation performed on the shared data), the result will be a state in which the characters in the original shared data are shifted "M characters to the right". This is equal to the data sequence obtained when the encryption unit 123 of the communication device 100, which corresponds to the second communication device of this application, performs a transformation for encryption on the shared data, and therefore the above-mentioned "((P×A)×B)×A -1 This means that the transformation of the equation "=P × B" has been realized. In this case, when the decryption unit 124 performs a conversion using the key "M characters to the left", the second encrypted data will be returned to the original shared data.

[0067] "((P×A)×B)×A -1 Another example of an operation that satisfies the above conditions for allowing the transformation of the expression "=P × B" involves the use of arithmetic operations. For example, suppose the encryption unit 123 of the communication device 100, which corresponds to the first communication device in this application, performs a data transformation by adding the numerical value "N" to a certain data sequence. In this case, the numerical value "N" becomes the key in the communication device 100, which corresponds to the first communication device in this invention. Next, suppose the encryption unit 123 of the communication device 100, which corresponds to the second communication device in this application, performs a data transformation by adding the numerical value "M" to the data sequence transformed by the encryption unit 123. Then, suppose the decryption unit 124 of the communication device 100, which corresponds to the first communication device in this application, performs a transformation by subtracting the numerical value "N" from the data sequence transformed by the encryption unit 123. As a result, the transformed data sequence is obtained by adding the numerical value "M" to the original data sequence (shared data) before the transformation was performed by the first encryption unit 123 of the communication device 100, which corresponds to the first communication device in this application. Therefore, even when the encryption unit 123 and decryption unit 124 of both communication devices 100 perform the above-mentioned calculation, the above-mentioned "((P×A)×B)×A -1 The transformation of the equation "=P × B" is realized. In this case, the decryption unit 124 performs a conversion by subtracting the value "M", which returns the second encrypted data to the original shared data. Similarly, when using other arithmetic operations, "((P×A)×B)×A -1 This allows us to transform the equation into "=P × B".

[0068] In any case, in this embodiment, shared data is shared between two communication devices 100, which correspond to the first communication device and the second communication device in the present invention. The shared data is sent, for example, to the control unit 122 of the communication device 100 corresponding to the second communication device in the present application, where it is stored, and in some cases sent outside the data processing unit 120 for use as appropriate. The shared data may also be sent via the output unit 128 and interface 114 to the RAM 113 or large-capacity storage device provided by the communication device 100 and stored there. The shared data can be a common key used by the two communication devices 100 when they perform encrypted communication using a publicly known or well-known symmetric key scheme after sharing the shared data, or secret information used by the two communication devices 100 to independently generate or select the same common key. This allows the two communication devices to subsequently perform encrypted communication using a symmetric key scheme, either using the same common key that was part of the shared data, or using the same common key generated from the shared data. Alternatively, it is possible to choose not to use symmetric-key encrypted communication and to perform data transmission and reception between the two communication devices 100 from the outset using the method described above. The process of sharing shared data in this application can be understood as the process of transmitting shared data from one communication device 100 to the other communication device 100. Therefore, if, for example, all the data transmitted and received between the two communication devices 100 is considered shared data, and communication between the two communication devices 100 is performed using the first encrypted data, second first encrypted data, and second encrypted data described above, then the transmission and reception of data between the two communication devices 100 will be performed using a new type of encrypted communication that is not symmetric-key encrypted communication.

[0069] In the embodiments described above, all communication devices 100 could perform either the role of the first communication device or the second communication device as defined in the present invention. However, if it is clear that any of the communication devices 100 only needs to function as the first communication device as defined in this application, or only needs to function as the second communication device as defined in this application, it is sufficient that they are equipped with only the functions necessary to function as one of those two devices. For example, if one of the communication devices 100 is a server that allows a user's communication device 100 to view a homepage, it is common for the user's communication device 100 to access this server, but for the server to never access the user's communication device 100. In this case, the communication device 100 that is the server does not need to have the characteristics of a second communication device as defined in the present invention. On the other hand, in such a case, it is also possible to make some of the user's communication devices 100 have the characteristics of a first communication device as defined in the present invention.

[0070] <Variation> The modified communication systems are virtually identical to the communication systems described in the above embodiments in all aspects, including configuration, operation, and usage. Unless otherwise specifically mentioned, there are essentially no differences between the two. The modified communication system also includes a number of communication devices 100 that are able to communicate with each other via the network 400. There is no difference between the modified system and the embodiment described above in that, for example, any two of the communication devices 100 become specific communication devices, and shared data is sent and received between them. Furthermore, the configuration of the network 400 is the same in both the modified example and the above-described embodiment, and the configuration of the communication device 100 is also generally identical in both the modified example and the above-described embodiment. In particular, with regard to the hardware configuration, the hardware configuration of the communication device 100 in the above-described embodiment and the hardware configuration of the modified communication device 100 are identical.

[0071] If there is a difference between the communication device 100 of the above-described embodiment and the modified communication device 100, it is that the modified communication device 100 has implemented a function to split one piece of data into two and a function to combine two pieces of data into one. This can also be expressed as a difference in functional blocks, as will be described later. Furthermore, it can be considered that differences have been made in the computer program that causes a certain computer to function as the communication device 100 in order to create such differences in functionality. As will be described later, the function of splitting one data into two is sufficient to be provided only by the communication device 100 corresponding to the second communication device in this application, and is not necessary for the communication device 100 corresponding to the first communication device in this application. Conversely, the function of combining two data into one is sufficient to be provided only by the communication device 100 corresponding to the first communication device in this application, and is not necessary for the communication device 100 corresponding to the second communication device in this application. However, each communication device 100 in the modified example may function as either the first communication device or the second communication device in this application, similar to the embodiment described above. Therefore, each communication device 100 in the modified example is equipped with both the function of splitting one data into two and the function of combining two data into one. In the embodiment described above, if such a function is incorporated into the functional block shown in Figure 4, it can be represented as a splitting / combining unit that has both the function of splitting one data into two and the function of combining two data into one. Figure 6 shows an example of a functional block formed inside the communication device 100 in a modified example, in which the splitting / combining unit 122X is located inside the control unit 122. Of course, the splitting / combining unit 122X does not necessarily have to be located inside the control unit 122. The details of how the communication device 100, which has a functional block including such a division / connection section 122X generated inside it, functions, and how the division / connection section 122X in the communication device 100 functions, will be described later.

[0072] Next, the usage and operation of the communication system using modified examples will be explained with reference to Figures 5 and 7. Figure 7 is a diagram illustrating the processing or calculations performed from S504 to S506 within the first and second communication devices shown in Figure 5. However, the communication system in the modified example and the communication system in the above-described embodiment are essentially identical in terms of usage and operation. In the modified communication system, any two communication devices 100 that make up the communication system communicate with each other.

[0073] In the modified communication system, first, a user of one communication device 100 starts operating the communication device 100 they own in order to communicate between two communication devices 100 (S501). This is the same as in the embodiment described above. Next, in the modified communication system, the user operates the input device 102 while looking at the display 101, thereby inputting specific information (S502). This is the same as in the embodiment described above. Next, in the modified communication system, the communication device 100, which is the first communication device, converts the shared data into first encrypted data (DATA × KEY1 × OTP1) (S503). This is the same as in the embodiment described above. In a specific communication device, the communication device 100, which functions as the first communication device of the present invention, transmits the generated first encrypted data to the communication device 100, which functions as the second communication device of the present invention, via the network 400 (S504).

[0074] In the modified communication system, the communication device 100 of the other party to the communication, which corresponds to the second communication device in the present invention, receives the first encrypted data with its transmission and reception mechanism (S601). This is also the same as in the embodiment described above. The first encrypted data is sent from the transmission / reception mechanism to the input unit 121 in the data processing unit 120 via the interface 114. The first encrypted data is then sent from the input unit 121 to the control unit 122. Subsequently, in the modified example, as in the embodiment described above, the first encrypted data is converted into second first encrypted data (S602).

[0075] Specifically, in order to convert the first encrypted data into the second first encrypted data, the control unit 122, upon receiving the first encrypted data, sends the first encrypted data to the encryption unit 123 or the decryption unit 124. In the modified example, as in the embodiment described above, the first encrypted data is converted into the second first encrypted data. As in the embodiment described above, in the modified example, both encryption and decryption processes are necessary to convert the first encrypted data into the second first encrypted data. And, as in the embodiment described above, in the modified example, the order in which the multiple conversions of encryption and decryption are performed does not affect the calculation result. Therefore, the first encrypted data is sent to the encryption unit 123 if encryption is performed first, and to the decryption unit 124 if decryption is performed first. In the modified configuration, the control unit 122 sends the first encrypted data to the encryption unit 123 or the decryption unit 124, and at the same time sends an instruction to the solution generation unit 125 to generate a solution, and an instruction to the key generation unit 126 to generate a key. Upon receiving this instruction, the solution generation unit 125 generates a solution, and the key generation unit 126 generates a key. The generated solution is sent from the solution generation unit 125 to the encryption unit 123 and the decryption unit 124, and the generated key is sent from the key generation unit 126 to the encryption unit 123 and the decryption unit 124.

[0076] The solution generation unit 125, having received an instruction from the control unit 122 to generate a solution, generates the solution. The method of generating the solution is the same in the modified example and the embodiment described above. In the embodiment described above, the solution generation unit 125, having received an instruction from the control unit 122 to generate a solution, generated two solutions: a first solution and a second solution. However, unlike that, the solution generation unit 125 of the modified example, having received a similar instruction, generates three solutions: a first solution (OTP1), a second solution (OTP2), and a third solution (OTP3). In the modified example, the solution generation unit 125 sends the first solution to the decryption unit 124 and the second and third solutions to the encryption unit 123.

[0077] On the other hand, the key generation unit 126, upon receiving an instruction from the control unit 122 to generate a key, generates a key in the modified case as well, just as in the above-described embodiment. The key generated is also the same as in the above-described embodiment, and this key is the second key (KEY2). As in the above-described embodiment, in this modified version, the key generation unit 126 sends the generated second key to the encryption unit 123 and the decryption unit 124. The second key is used in the decryption unit 124 a little later.

[0078] As described above, the encryption unit 123 obtains the second solution (OTP2), the third solution (OTP2), and the second key (KEY2). Therefore, the encryption unit 123 can perform encryption using the second solution, the third solution, and the second key. On the other hand, the decoding unit 124 obtains the first solution (OTP1) and the second key (KEY2). Therefore, the decoding unit 124 can perform decoding using the first solution and decoding using the second key. However, at this stage, the second key is not used by the decoding unit 124. In this state, the first encrypted data is in a condition where it can be encrypted using the second or third decryption method, encrypted using the second key, and decrypted using the first decryption method.

[0079] In the modified example, in order to obtain the second first encrypted data, the first encrypted data (DATA × KEY1 × OTP1) is subjected to a decryption process using the first solution (× OTP1). -1 The following steps are performed: ) and encryption using the second key (×KEY2). The resulting data can be obtained using the following formula. (DATA × KEY1 × OTP1) × OTP1 -1 ×KEY2 =(DATA×KEY1×KEY2) Executed in the decoding unit 124 (×OTP1 -1Depending on whether the operation (DATA × KEY1 × KEY2) or the operation (× KEY2) performed by the encryption unit 123 was performed later, in this modified example, the decryption unit 124 or encryption unit 123 that performed the later operation sends the obtained data (DATA × KEY1 × KEY2) to the control unit 122.

[0080] The data (DATA×KEY1×KEY2) is divided into two parts by the division / connection unit 122X in the control unit 122. How the division / connection unit 122X divides the data (DATA×KEY1×KEY2) into two parts can be determined as appropriate. However, the rule that determines how to divide the data (DATA×KEY1×KEY2) into two parts must be shared by the two communication devices 100 that constitute the specific communication device. This rule may be recorded, for example, in a recording device (RAM 113, large-capacity recording device, etc.) or in a data recording unit 127 composed of such a device. For example, the rule could be to divide the data (DATA×KEY1×KEY2) into two parts as evenly as possible, with the first half being data A and the second half being data B, or to divide the string that constitutes the data (DATA×KEY1×KEY2) into even-numbered characters and odd-numbered characters, with the former being data A and the latter being data B. For example, if we split the data (DATA×KEY1×KEY2) into two parts, one of those parts is (DATA×KEY1×KEY2) a , the other side is (DATA × KEY1 × KEY2) b It shall be referred to as such. (DATA × KEY1 × KEY2) a This data, and (DATA × KEY1 × KEY2) b Each of these data points is sent to the encryption unit 123. As described above, the encryption unit 123 has a second solution and a third solution. Using these second and third solutions, (DATA × KEY1 × KEY2) a (DATA × KEY1 × KEY2) b These two sets of data are converted into A data and B data, respectively, as defined in the present invention. Data A can be calculated using the following formula. (DATA × KEY1 × KEY2) a ×OTP2 Data B can be calculated using the following formula. (DATA × KEY1 × KEY2) b ×OTP3 The combination of the A data and B data obtained in this way becomes the second first encrypted data in the modified example. In other words, the modified form and the embodiment described above differ in the method for obtaining the second first encrypted data, or in the content of the second first encrypted data.

[0081] In any case, the second first encrypted data, which is a combination of the aforementioned A data and B data, is sent from the encryption unit 123 to the output unit 128. The second and first encrypted data is sent from the output unit 128 to the transmission / reception mechanism via the interface 114.

[0082] The transmitting and receiving mechanism transmits the second first encrypted data via the network 400 to the communication device 100 identified by the previously received specific information, that is, the communication device 100 corresponding to the first communication device in this application (S603).

[0083] The communication device 100, which corresponds to the first communication device in the present invention, receives the second first encrypted data with its transmission / reception mechanism (S505). The second first encrypted data is sent from the transmission / reception mechanism to the input unit 121 in the data processing unit 120 via the interface 114. The second first encrypted data is sent from the input unit 121 to the control unit 122. Upon receiving the second first encrypted data, the control unit 122 sends the second first encrypted data, which is a combination of the A data and B data described above, to the decryption unit 124. In the above embodiment, the control unit 122 sent the second first encrypted data to the encryption unit 123 or the decryption unit 124, but in this modified example, the control unit 122 sends the second first encrypted data to the decryption unit 124. This is another difference between the above embodiment and this modified example. Around the time the control unit 122 sends the second first encrypted data to the decryption unit 124, it also sends an instruction to the solution generation unit 125 to generate a solution. Upon receiving this instruction, the solution generation unit 125 generates a solution. The generated solution is sent from the solution generation unit 125 to the encryption unit 123 and the decryption unit 124. The decryption unit 124 also holds the first key that was generated when the shared data was converted into the first encrypted data. The encryption unit 123 and the decryption unit 124 use the solutions and necessary keys to decrypt or further encrypt the second first encrypted data (or the data after the necessary processing has been performed). As a result, the second first encrypted data is converted into second encrypted data (S506).

[0084] Specifically, the second encrypted first data is converted to the second encrypted data in the following manner: First, the solution generation unit 125, having received an instruction from the control unit 122 to generate a solution, generates a solution. The method by which the solution generation unit 125 generates a solution is as previously described. The solution generation unit 125 generates a second solution, a third solution, and a fourth solution. The second and third solutions generated by the communication device 100 as the first communication device of this application are the same as the second and third solutions generated by the communication device 100 as the second communication device of this application. The fourth solution generated by the communication device 100 as the first communication device of this application is the same as the fourth solution that will be generated later by the communication device 100 as the second communication device of this application. The solution generation unit 125 sends the generated second and third solutions to the decryption unit 124, and the generated fourth solution to the encryption unit 123.

[0085] As described above, the encryption unit 123 obtains the fourth solution (OTP4). Therefore, the encryption unit 123 can perform encryption using the fourth solution. On the other hand, the decoding unit 124 obtains the second solution (OTP2) and the third solution (OTP3), and the first key (KEY1). Therefore, the decoding unit 124 can perform decoding using the second solution, decoding using the third solution, and decoding using the first key.

[0086] In the modification example, first, the following processing is executed in the decryption unit 124 to which the second and first encrypted data is sent. First, the following conversion is performed on the A data of {(DATA × KEY1 × KEY2) a × OTP2}. (DATA × KEY1 × KEY2) a × OTP2 × OTP2 -1 =(DATA × KEY1 × KEY2) a Similarly, the following conversion is performed on the B data of {(DATA × KEY1 × KEY2) b × OTP3}. (DATA × KEY1 × KEY2) b × OTP3 × OTP3 -1 =(DATA × KEY1 × KEY2) b The decryption unit 124 sends the two data obtained by the above operations to the control unit 122. These two data are sent to the splitting / concatenating unit 122X in the control unit 122 and are concatenated. This concatenation is executed as a process reverse to the above-described splitting. Therefore, the data obtained by concatenating (DATA × KEY1 × KEY2) a and (DATA × KEY1 × KEY2) b becomes (DATA × KEY1 × KEY2).

[0087] The generated data of (DATA × KEY1 × KEY2) is sent to the encryption unit 123 or the decryption unit 124. As described above, in the encryption unit 123, it is in a state where an operation of (× OTP4), which is encryption using the fourth solution, can be performed, and in the decryption unit 124, it is in a state where an operation of (× KEY1 -1 ) that is decryption using the first key can be performed. And, as repeatedly explained, the order in which these operations are performed does not affect the finally obtained data. Therefore, the data (DATA × KEY1 × KEY2) is sent sequentially to the encryption unit 123 and the decryption unit 124, regardless of the order, and the two operations described above are performed. The resulting data can be obtained using the following formula. (DATA × KEY1 × KEY2) × OTP4 × KEY1 -1 =DATA×KEY2×OTP4 This data is the second encrypted data.

[0088] In any case, the second encrypted data, which can be expressed as (DATA × KEY2 × OTP4), is sent from the encryption unit 123 or the decryption unit 124 to the output unit 128. These second encrypted data are sent from the output unit 128 to the transmission / reception mechanism via the interface 114.

[0089] The transmitting and receiving mechanism transmits the second encrypted data via the network 400 to the communication device 100 identified by the previously received specific information, that is, the communication device 100 corresponding to the second communication device in this application (S507).

[0090] The communication device 100 of the communication partner, which corresponds to the second communication device in the present invention, receives the second encrypted data with its transmission / reception mechanism (S604). The second encrypted data is sent from the transmission / reception mechanism to the input unit 121 in the data processing unit 120 via the interface 114. The second encrypted data is sent from the input unit 121 to the control unit 122. Upon receiving the second encrypted data, the control unit 122 sends the second encrypted data, expressed as (DATA × KEY2 × OTP4), to the decryption unit 124. In the communication device 100, which corresponds to the second communication device, decryption processing is performed to convert the second encrypted data back into shared data. Therefore, the second encrypted data is sent to the decryption unit 124. Around the same time that the control unit 122 sends the second encrypted data to the decryption unit 124, it also sends an instruction to the solution generation unit 125 to generate a solution. Upon receiving this instruction, the solution generation unit 125 generates a solution. The solution generated here is the fourth solution. The generated fourth solution is sent from the solution generation unit 125 to the decryption unit 124. The decryption unit 124 also holds the second key that was generated when the first encrypted data was converted to the second first encrypted data. The decryption unit 124 uses these solutions and keys to decrypt the second encrypted data (or the data after the necessary processing has been performed). As a result, the second encrypted data is converted into shared data (S605). The formula for obtaining shared data is as follows: (DATA × KEY2 × OTP4) × KEY2 -1 ×OTP4 -1 =DATA The plaintext shared data is generated as a result of the decryption of the second encrypted data by the decryption unit 124. The subsequent processing is the same as in the embodiment described above. [Explanation of symbols]

[0091] 100 Communication devices 101 displays 102 Input device 120 Data Processing Unit 121 Input section 122 Control Unit 123 Encryption section 124 Decoding Unit 125 Solution generation part 126 Key generation section 127 Data Recording Unit 128 Output section

Claims

1. A communication system comprising a first communication device, which is one of two communication devices that communicate with each other, and a second communication device, which is the other communication device, The first communication device comprises a first encryption unit that performs a transformation for encryption that satisfies the commutative and associative laws, a first decryption unit that performs the reverse transformation of the encryption performed by the first encryption unit, a first solution generation unit that can continuously generate solutions that are always the same when generated under the same conditions based on the initial solution, and a first communication unit that communicates with the second communication device via a predetermined network, The second communication device comprises a second encryption unit that performs an encryption transformation satisfying the commutative and associative laws in the same manner as the first encryption unit, a second decryption unit that performs the reverse transformation of the encryption performed by the second encryption unit, a second solution generation unit that can continuously generate the same solution as the first solution generation unit using the same initial solution used by the first solution generation unit, and a second communication unit that communicates with the first communication device via the network. The first communication device takes the shared data, which is plaintext data to be shared with the second communication device, and uses the first key, which is unique to the first communication device and secret from the outside, and the first solution, which is the first solution generated by the first solution generation unit, to perform an encryption transformation in the first encryption unit to obtain first encrypted data. The first communication unit then transmits the first encrypted data to the second communication device via the network. When the second communication device receives the first encrypted data from the first communication device at the second communication unit, the second decryption unit performs the reverse transformation of the encryption transformation performed by the first encryption unit using the same first solution generated by the second solution generation unit on the first encrypted data, and the second encryption unit performs the encryption transformation using the second key, which is unique to the second communication device and secret from the outside, and the second solution, which is the second solution generated by the second solution generation unit, to obtain second first encrypted data, and the second communication unit transmits the second first encrypted data to the first communication device via the network. When the first communication device receives the second first encrypted data from the second communication device at the first communication unit, the first decryption unit performs the reverse transformation of the encryption transformation performed by the second encryption unit using the same second solution generated by the first solution generation unit, and also performs the reverse transformation of the encryption transformation performed by the first encryption unit using the first key at the first encryption unit, and the first encryption unit performs the encryption transformation using the third solution, which is the third solution generated by the first solution generation unit, to obtain the second encrypted data, and the first communication unit transmits the second encrypted data to the second communication device via the network. The second communication device, upon receiving the second encrypted data from the first communication device at the second communication unit, performs the reverse transformation of the encryption transformation performed by the first encryption unit using the third solution, using the same third solution generated by the first solution generation unit and generated by the second solution generation unit, and also performs the reverse transformation of the encryption transformation performed by the second encryption unit using the second key, thereby converting the second encrypted data into the shared data. Communication system.

2. A communication system comprising a first communication device, which is one of two communication devices that communicate with each other, and a second communication device, which is the other communication device, The first communication device comprises a first encryption unit that performs a transformation for encryption that satisfies the commutative and associative laws, a first decryption unit that performs the reverse transformation of the encryption performed by the first encryption unit, a first solution generation unit that can continuously generate solutions that are always the same when generated under the same conditions based on the initial solution, a coupling unit that combines data, and a first communication unit that communicates with the second communication device via a predetermined network, The second communication device comprises: a second encryption unit that performs an encryption transformation satisfying the commutative and associative laws in the same manner as the first encryption unit; a second decryption unit that performs the reverse transformation of the encryption performed by the second encryption unit; a second solution generation unit that can continuously generate the same solution as the first solution generation unit using the same initial solution used by the first solution generation unit; a second splitting unit that performs data splitting; and a second communication unit that communicates with the first communication device via the network. The first communication device takes the shared data, which is plaintext data to be shared with the second communication device, and uses the first key, which is unique to the first communication device and secret from the outside, and the first solution, which is the first solution generated by the first solution generation unit, to perform an encryption transformation in the first encryption unit to obtain first encrypted data. The first communication unit then transmits the first encrypted data to the second communication device via the network. When the second communication device receives the first encrypted data from the first communication device in the second communication unit, the second decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the same first solution generated in the second solution generation unit on the first encrypted data, and the second encryption unit performs the encryption transformation using a second key which is unique to the second communication device and is kept secret from the outside, and further divides the data obtained by the encryption transformation performed in the second encryption unit using the second key into two parts in the second division unit, and The second encryption unit performs an encryption transformation on one of the divided data using the second solution generated by the second solution generation unit to obtain data A, which is part of the second first encrypted data, and the second encryption unit performs an encryption transformation on the other of the divided data using the third solution generated by the second solution generation unit to obtain data B, which is the remainder of the second first encrypted data, and the second communication unit transmits the data A and the data B, which constitute the second first encrypted data, to the first communication device via the network. When the first communication device receives the A data and B data, which constitute the second first encrypted data, from the second communication device, the first decryption unit performs the reverse transformation of the encryption transformation performed in the second encryption unit using the same second solution generated in the second solution generation unit and the first solution generation unit, on the A data, and also performs the reverse transformation of the encryption transformation performed in the first encryption unit using the first key, and on the B data, the first decryption unit uses the same third solution generated in the second solution generation unit and the first solution generation unit. The second encryption unit performs the reverse transformation of the encryption transformation performed using the third solution, and the first encryption unit performs the reverse transformation of the encryption transformation performed using the first key using the first key, the data obtained based on the A data and the data obtained based on the B data are combined in the combination unit, and the first encryption unit performs an encryption transformation on the combined data using the fourth solution, which is the fourth solution generated in the first solution generation unit, to obtain the second encrypted data, and the first communication unit transmits the second encrypted data to the second communication device via the network. The second communication device, upon receiving the second encrypted data from the first communication device at the second communication unit, performs the reverse transformation of the encryption transformation performed by the first encryption unit using the fourth solution, using the same fourth solution generated by the first solution generation unit and generated by the second solution generation unit, and also performs the reverse transformation of the encryption transformation performed by the second encryption unit using the second key, thereby converting the second encrypted data into the shared data. Communication system.

3. The aforementioned network is one of the following: the internet, a telecommunications carrier line, a global IP-assigned IP-VPN, a private network, short message service (SMS), or multimedia message service (MMS). The communication system according to claim 1 or 2.

4. The first encryption unit, the first decryption unit, the second encryption unit, and the second decryption unit are each configured to perform an exclusive OR operation. The communication system according to claim 1 or 2.

5. The first communication device and the second communication device, The system is configured to automatically and continuously perform the processes from the first communication device converting the shared data into the first encrypted data, to the second communication device converting the second encrypted data into the shared data. The communication system according to claim 1 or 2.

6. The first communication device is configured to change the first key at a predetermined timing. The communication system according to claim 1 or 2.

7. The second communication device is configured to change the second key at a predetermined timing. The communication system according to claim 1 or 2.

8. A communication system included in any one of claims 1 to 7, First communication device.

9. A communication system included in any one of claims 1 to 7, Second communication device.

10. It consists of a first communication device, which is one of two communication devices that communicate with each other, and a second communication device, which is the other communication device. The first communication device comprises a first encryption unit that performs a transformation for encryption that satisfies the commutative and associative laws, a first decryption unit that performs the reverse transformation of the encryption performed by the first encryption unit, a first solution generation unit that can continuously generate solutions that are always the same when generated under the same conditions based on the initial solution, and a first communication unit that communicates with the second communication device via a predetermined network, The second communication device comprises: a second encryption unit that performs an encryption transformation satisfying the commutative and associative laws in the same manner as the first encryption unit; a second decryption unit that performs the reverse transformation of the encryption performed by the second encryption unit; a second solution generation unit that can continuously generate the same solutions as the first solution generation unit using the same initial solutions used by the first solution generation unit; and a second communication unit that communicates with the first communication device via the network. A communication method performed by a communication system, The first communication device takes the shared data, which is plaintext data to be shared with the second communication device, and uses a first key, which is unique to the first communication device and secret from the outside, and the first solution, which is the first solution generated by the first solution generation unit, to perform an encryption transformation in the first encryption unit to obtain first encrypted data, and the first communication unit transmits the first encrypted data to the second communication device via the network in a first process, When the second communication device receives the first encrypted data from the first communication device at the second communication unit, the second decryption unit performs the reverse transformation of the encryption transformation performed by the first encryption unit using the same first solution generated by the second solution generation unit on the first encrypted data, and the second encryption unit performs the encryption transformation using the second key, which is unique to the second communication device and secret from the outside, and the second solution, which is the second solution generated by the second solution generation unit, to obtain second first encrypted data, and the second communication unit transmits the second first encrypted data to the first communication device via the network. When the first communication device receives the second first encrypted data from the second communication device in the first communication unit, the first decryption unit performs the reverse transformation of the encryption transformation performed in the second encryption unit using the same second solution generated in the first solution generation unit, and also performs the reverse transformation of the encryption transformation performed in the first encryption unit using the first key using the first key, and the first encryption unit performs the encryption transformation using the third solution, which is the third solution generated in the first solution generation unit, to obtain the second encrypted data, and the first communication unit transmits the second encrypted data to the second communication device via the network, When the second communication device receives the second encrypted data from the first communication device in the second communication unit, the second decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the third solution, using the same third solution generated in the second solution generation unit, and also performs the reverse transformation of the encryption transformation performed in the second encryption unit using the second key, thereby converting the second encrypted data into the shared data. A communication method that includes this.

11. It consists of a first communication device, which is one of two communication devices that communicate with each other, and a second communication device, which is the other communication device. The first communication device comprises a first encryption unit that performs a transformation for encryption that satisfies the commutative and associative laws, a first decryption unit that performs the reverse transformation of the encryption performed by the first encryption unit, a first solution generation unit that can continuously generate solutions that are always the same when generated under the same conditions based on the initial solution, a coupling unit that combines data, and a first communication unit that communicates with the second communication device via a predetermined network, The second communication device comprises: a second encryption unit that performs a transformation for encryption satisfying the commutative and associative laws in the same manner as the first encryption unit; a second decryption unit that performs the reverse transformation of the encryption performed by the second encryption unit; a second solution generation unit that can continuously generate the same solution as the first solution generation unit using the same initial solution used by the first solution generation unit; a second splitting unit that performs data splitting; and a second communication unit that communicates with the first communication device via the network. A communication method performed by a communication system, The first communication device takes the shared data, which is plaintext data to be shared with the second communication device, and uses a first key, which is unique to the first communication device and secret from the outside, and the first solution, which is the first solution generated by the first solution generation unit, to perform an encryption transformation in the first encryption unit to obtain first encrypted data, and the first communication unit transmits the first encrypted data to the second communication device via the network in a first process, When the second communication device receives the first encrypted data from the first communication device in the second communication unit, the second decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the same first solution generated in the second solution generation unit, and the second encryption unit performs the encryption transformation using a second key which is unique to the second communication device and is kept secret from the outside, and the second division unit divides the data obtained by the encryption transformation performed in the second encryption unit using the second key into two parts. The second process involves the second encryption unit performing an encryption transformation on one of the divided data using the second solution, which is the second solution generated by the second solution generation unit, to obtain data A, which is part of the second first encrypted data; the second encryption unit performing an encryption transformation on the other of the divided data using the third solution, which is the third solution generated by the second solution generation unit, to obtain data B, which is the remainder of the second first encrypted data; and the second communication unit transmitting the data A and the data B, which constitute the second first encrypted data, to the first communication device via the network. When the first communication device receives the A data and B data, which constitute the second first encrypted data in the first communication unit, the first decryption unit performs the reverse transformation of the encryption transformation performed in the second encryption unit using the same second solution generated in the first solution generation unit and the second solution generation unit on the A data, and also performs the reverse transformation of the encryption transformation performed in the first encryption unit using the first key and the first decryption unit using the first key on the B data, and the first decryption unit performs the same third solution generated in the first solution generation unit and the second solution generation unit and the first solution generation unit The second encryption unit performs the reverse transformation of the encryption transformation performed using the third solution, and the first encryption unit performs the reverse transformation of the encryption transformation performed using the first key, the data obtained based on the A data and the data obtained based on the B data are combined in the combination unit, and the first encryption unit performs an encryption transformation on the combined data using the fourth solution, which is the fourth solution generated in the first solution generation unit, to obtain the second encrypted data, and the third process involves the first communication unit transmitting the second encrypted data to the second communication device via the network, When the second communication device receives the second encrypted data from the first communication device in the second communication unit, the second decryption unit performs the reverse transformation of the encryption transformation performed in the first encryption unit using the fourth solution, using the same fourth solution generated in the second solution generation unit, and also performs the reverse transformation of the encryption transformation performed in the second encryption unit using the second key, thereby converting the second encrypted data into the shared data. A communication method that includes this.

12. The first communication device and the second communication device perform the first to fourth processes in succession and automatically. The communication method according to claim 10 or 11.