Encryption communication system

US 20060090074A1
Filed: 02/03/2005
Published: 04/27/2006
Est. Priority Date: 10/22/2004
Status: Active Grant

First Claim

Patent Images

1. An encryption communication system, comprising a communication relay device that connects a first network and a second network, for encrypting a communication within said first network and a communication within said second network in a network system configured so that communications are performed between a client in said first network and a server in said second network via said communication relay device, said communication relay device comprising:

a key generation unit generating an encryption key and a decryption key with respect to said client; and

a key transfer unit transmitting the encryption key and the decryption key to said server, said server comprising;

a frame receiving unit decrypting a receipt frame by use of the decryption key; and

a frame transmitting unit encrypting the frame by use of the encryption key and thus transmitting the frame.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption communication system, comprising a communication relay device that connects a first network and a second network, for encrypting a communication within the first network and a communication within the second network in a network system configured so that communications are performed between a client in the first network and a server in the second network via the communication relay device, wherein the communication relay device comprises key generation unit generating an encryption key and a decryption key with respect to the client, and key transfer unit transmitting the encryption key and the decryption key to the server, and the server comprises frame receiving unit decrypting a receipt frame by use of the decryption key, and frame transmitting unit encrypting the frame by use of the encryption key and thus transmitting the frame.

Citations

10 Claims

1. An encryption communication system, comprising a communication relay device that connects a first network and a second network, for encrypting a communication within said first network and a communication within said second network in a network system configured so that communications are performed between a client in said first network and a server in said second network via said communication relay device, said communication relay device comprising:
- a key generation unit generating an encryption key and a decryption key with respect to said client; and
  
  a key transfer unit transmitting the encryption key and the decryption key to said server, said server comprising;
  
  a frame receiving unit decrypting a receipt frame by use of the decryption key; and
  
  a frame transmitting unit encrypting the frame by use of the encryption key and thus transmitting the frame.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. An encryption communication system according to claim 1, wherein said communication relay device comprises:
    - an identifier generation unit generating a session identifier for identifying an encryption session between said client and said server;
      
      an identifier transfer unit transmitting the session identifier to said client and said server;
      
      an identifier extraction unit extracting the session identifier from the receipt frame; and
      
      a frame transfer unit transferring the receipt frame to said client or said server on the basis of the session identifier extracted from the receipt frame and a source address of the receipt frame, wherein said server and said client send the encrypted frame in a way that assigns the session identifier to the frame.
  - 3. An encryption communication system according to claim 1, wherein said communication relay device comprises:
    - an access permission retaining unit retaining access permission information of an access to said second network and access permission information of an access to said server for every user; and
      
      an access authentication notifying unit transmitting a frame for notifying of access permission or access rejection, wherein said communication relay device, when receiving authentication data of the user from said client, authenticates a user access to said second network and a user access to said server on the basis of the access permission information of the access to said second network and the access permission information of the access to said server.
  - 4. An encryption communication system according to claim 3, wherein said communication relay device comprises key transparent transfer unit transferring a key transfer frame as substitute for said key generation unit and said key transfer unit, said server has a key generation function of generating an encryption key and a decryption key with respect to said client, and said key transparent transfer unit transfers, when said communication relay device receives the common key from said client, the common key to said server, and transfers, when said communication relay device receives the common key from said key generation unit, the common key to said client.
  - 5. An encryption communication system according to claim 2, wherein said communication relay device comprises:
    - a pre-session generation unit previously generating the encryption session with respect to said server; and
      
      an already-generated session retaining unit retaining an identifier of the already-generated encryption session, and wherein said communication relay device transfers the key to said server through the encryption session retained on said already-generated session unit.
  - 6. An encryption communication system according to claim 2, wherein said server comprises:
    - a new common key generation unit generating a new common key and an identifier associated with this new common key;
      
      a new common key transfer unit encrypting the common key with the pre-exchange common key and transmitting the encrypted common key together with the identifier; and
      
      a new identifier notifying unit transmitting the identifier and the old identifier, wherein said communication relay device comprises;
      
      a new identifier registration unit transferring, when receiving the frame containing the identifier, the identifier to said frame transfer unit, wherein said new common key generation unit generates a common key and an identifier in the process of an encryption communication using the common key between said client and said server, wherein said new common key transfer unit transmits the common key and the identifier to said client, and wherein said new identifier notifying unit sends the two identifiers to said new identifier registration unit.

7. A communication relay device connecting a first network and a second network and relaying a frame transmitted and received between a client in said first network and a server in said second network, comprising:
- a key generation unit generating, based on a predetermined protocol, a key for encrypting a data communication between said client and said server;
  
  a retaining unit retaining the generated key; and
  
  a key transfer unit transmitting the retained key to said server at predetermined timing.
- View Dependent Claims (8)
- - 8. A communication relay device according to claim 7, wherein said retaining unit further retains a session identifier for identifying a data communication session between said client and said server, and said key, transfer unit further transmits the session identifier.

9. An encryption communication method for encrypting a communication within a first network and a communication within a second network in a network system including a communication relay device that connects said first network and said second network and configured so that communications are performed between a client in said first network and a server in said second network via said communication relay device, said method comprising:
- generating an encryption key and a decryption key with respect to said client by said communication relay device;
  
  transmitting the encryption key and the decryption key to said server by said communication relay device;
  
  decrypting a receipt frame by use of the decryption key by said server; and
  
  encrypting the frame by use of the encryption key and thus transmitting the frame by said server.
- View Dependent Claims (10)
- - 10. An encryption communication method according to claim 9, further comprising:
    - generating a session identifier for identifying an encryption session between said client and said server by said communication relay device;
      
      transmitting the session identifier to said client and said server by said communication relay device;
      
      extracting the session identifier from the receipt frame by said communication relay device;
      
      transferring the receipt frame as addressed to said client or said server on the basis of the session identifier extracted from the receipt frame and a source address of the receipt frame; and
      
      sending the encrypted frame by said server and said client in a way that assigns the session identifier to the frame.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Matoba, Kazumine

Granted Patent

US 7,650,500 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/164   at the network layer

Encryption communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links