Network device, network system and group management method

US 20060155981A1
Filed: 12/25/2003
Published: 07/13/2006
Est. Priority Date: 12/25/2002
Status: Abandoned Application

First Claim

Patent Images

1. A network device that communicates with other network devices connected through a network, wherein:

said network device comprising;

a group management means, which manages a group consisting of network devices that can authenticate one another;

a cipher communication means, which performs cipher communication with the network devices belonging to said group, using a common encryption key;

a storage means, which stores cipher communication information required for cipher communication with the network devices belonging to said network, with said information including information of said encryption key and identification information including host names and addresses of the network devices belonging to said group; and

an acquisition means, which acquires information from outside; and

when said acquisition means acquires said cipher communication information in a state that said storing means does not store said cipher communication information, said group management means stores said cipher communication information in said storing means and sends identification information of its own network device to the network devices belonging to said group; and

when said group management means acquires identification information of another network device from said another network device through said cipher communication means, said group management means adds said identification information to said cipher communication information stored in said storage means.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A group is formed from appliances permitted by a user, to realize safe communication between appliances joining to the group. A group management processing unit 302 generates an encryption key used for cipher communication within the group, and stores the encryption key together with information required for cipher communication into its own storage unit and into a storage medium. An appliance that acquires the information required for cipher communication, by means of the storage medium, uses the information to send information on the appliance itself and the information required for cipher communication to the other appliances. When an appliance is to leave the group, the appliance deletes the information required for cipher communication, which the appliance itself holds, and notifies its leave to the other appliances, so that those appliances delete information on the leave appliance, which is held in those appliances.

Citations

18 Claims

1. A network device that communicates with other network devices connected through a network, wherein:
- said network device comprising;
  
  a group management means, which manages a group consisting of network devices that can authenticate one another;
  
  a cipher communication means, which performs cipher communication with the network devices belonging to said group, using a common encryption key;
  
  a storage means, which stores cipher communication information required for cipher communication with the network devices belonging to said network, with said information including information of said encryption key and identification information including host names and addresses of the network devices belonging to said group; and
  
  an acquisition means, which acquires information from outside; and
  
  when said acquisition means acquires said cipher communication information in a state that said storing means does not store said cipher communication information, said group management means stores said cipher communication information in said storing means and sends identification information of its own network device to the network devices belonging to said group; and
  
  when said group management means acquires identification information of another network device from said another network device through said cipher communication means, said group management means adds said identification information to said cipher communication information stored in said storage means.
- View Dependent Claims (2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. A network device according to claim 1, wherein:
    - when said acquisition means receives an instruction to withdraw from the group, said group management means notifies withdrawal of its own network device to all the network devices belonging to said group through said cipher communication means, and deletes said cipher communication information from said storing means; and
      
      when a notification of withdrawal of another network device is received from said another network device through said cipher communication means, said group management means deletes identification information of said another network device from said cipher communication information stored in said storing means.
  - 3. A network device according to claim 2, wherein:
    - said acquisition means is an interface with a storage medium; and
      
      when a storage medium, which stores said cipher communication information, is inserted into said acquisition means in a state that said storage medium stores said cipher communication information, said group management means copies the cipher communication information stored in said storage means to said storage medium.
  - 4. A network device according to claim 3, wherein:
    - said network device further comprises;
      
      a non-cipher communication means, which performs non-cipher communication; and
      
      an access control means, which controls accesses to services provided by said network device; and
      
      when there occurs an access from another network device through said non-cipher communication means, said access control means permits said access when said access is an access to a predetermined port.
  - 5. A network system comprising a plurality of network devices, and a network that connects said plurality of network devices, wherein:
    - each of said plurality of network devices is a network device according to claims 4.
  - 8. A network device according to claim 1, wherein:
    - said acquisition means is an interface with a storage medium; and
      
      when a storage medium, which stores said cipher communication information, is inserted into said acquisition means in a state that said storage medium stores said cipher communication information, said group management means copies the cipher communication information stored in said storage means to said storage medium.
  - 9. A network device according to claim 8, wherein:
    - said network device further comprises;
      
      a non-cipher communication means, which performs non-cipher communication; and
      
      an access control means, which controls accesses to services provided by said network device; and
      
      when there occurs an access from another network device through said non-cipher communication means, said access control means permits said access when said access is an access to a predetermined port.
  - 10. A network device according to claim 1, wherein:
    - said network device further comprises;
      
      a non-cipher communication means, which performs non-cipher communication; and
      
      an access control means, which controls accesses to services provided by said network device; and
      
      when there occurs an access from another network device through said non-cipher communication means, said access control means permits said access when said access is an access to a predetermined port.
  - 11. A network device according to claim 2, wherein:
    - said network device further comprises;
      
      a non-cipher communication means, which performs non-cipher communication; and
      
      an access control means, which controls accesses to services provided by said network device; and
      
      when there occurs an access from another network device through said non-cipher communication means, said access control means permits said access when said access is an access to a predetermined port.
  - 12. A network system comprising a plurality of network devices, and a network that connects said plurality of network devices, wherein:
    - each of said plurality of network devices is a network device according to claim 11.
  - 13. A network system comprising a plurality of network devices, and a network that connects said plurality of network devices, wherein:
    - each of said plurality of network devices is a network device according to claim 10.
  - 14. A network system comprising a plurality of network devices, and a network that connects said plurality of network devices, wherein:
    - each of said plurality of network devices is a network device according to claim 9.
  - 15. A network system comprising a plurality of network devices, and a network that connects said plurality of network devices, wherein:
    - each of said plurality of network devices is a network device according to claim 8.
  - 16. A network system comprising a plurality of network devices, and a network that connects said plurality of network devices, wherein:
    - each of said plurality of network devices is a network device according to claim 1.
  - 17. A network system comprising a plurality of network devices, and a network that connects said plurality of network devices, wherein:
    - each of said plurality of network devices is a network device according to claim 2.
  - 18. A network system comprising a plurality of network devices, and a network that connects said plurality of network devices, wherein:
    - each of said plurality of network devices is a network device according to claim 3.

6. A group management method for managing a group consisting of devices connected through a network, with a device of the group being able to perform cipher communication with another device of the group while authenticating each other, comprising:
- a group generation step, in which one device connected to said network generates an encryption key used for said cipher communication, and holds, as cipher communication information, said encryption key and identification information including a host name and address of said one device itself;
  
  a first group participation step, in which a device that acquires said cipher communication information notifies identification information of the device itself and information indicating participation of the device itself to all devices whose identification information is stored in said cipher communication information, and said device adds said identification information of the device itself to said cipher communication information and holds said cipher communication information;
  
  a second group participation step, in which a device that receives said identification information and said information indicating the participation adds said identification information to the cipher communication information that said device holds;
  
  a first withdrawal step, in which a device that receives an instruction to withdraw from said group notifies information indicating withdrawal and identification information of the device itself to all devices excluding said device itself whose identification information is stored in said cipher communication information, and deletes the cipher communication information that the device itself holds; and
  
  a second withdrawal step, in which a device that receives the notification of said withdrawal deletes the notified identification information from the cipher communication information that the device itself holds.

7. A program that makes a computer function as:
- a group generation means that generates an encryption key used for cipher communication and holds, as cipher communication information, said encryption key and identification including a host name and address of the computer itself;
  
  a first group participation means that notifies identification information and information indicating participation of the computer itself to all devices whose identification information is stored in said cipher communication information, through cipher communication, and adds the identification information of the computer itself to said cipher communication information, when said cipher communication information is acquired;
  
  a second group participation means that adds said identification information of another device to the cipher communication information that the computer itself holds, when said identification information of said another device and information indicating participation of said another device are received from said another device;
  
  a first group withdrawal means that notifies information indicating withdrawal and identification information of the computer-itself to all devices excluding the computer itself whose identification information is stored in the cipher communication, through the cipher communication, and deletes said cipher communication information that the computer itself holds, when an instruction to delete the cipher communication information is received; and
  
  a second group withdrawal means that deletes identification information of another device from the cipher communication information that the computer itself holds, when said identification information of said another device and information indicating withdrawal of said another device are received.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Akihiro Ebina, Hideki Kamimaki, Mizutani Mika
Original Assignee
Ebina Akihiro Mizutanai Mika, Kamimaki Hideki
Inventors
Mizutani, Mika, Kamimaki, Hideki, Ebina, Akihiro

Application Number

US10/540,768
Publication Number

US 20060155981A1
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 63/065   for group communications cr...

H04L 63/10   for controlling access to d...

H04L 9/0822   using key encryption key

H04L 9/0833   involving conference or gro...

H04L 9/0891   Revocation or update of sec...

H04L 9/0897   involving additional device...

Network device, network system and group management method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network device, network system and group management method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links