Cryptographic communication system and method
First Claim
Patent Images
1. A cryptographic communication system, comprising:
- a plurality of communication terminals which perform cryptographic communication; and
a management server which manages a communication condition of each of the plurality of communication terminals, wherein each of the communication terminals comprises;
a plurality of encryption/decryption processing means for which different cryptographic algorithms are respectively used;
common condition requesting means which transmits a common condition request to the management server, the common condition request containing a terminal ID corresponding to identification information of a self communication terminal and a terminal ID of another one of the communication terminals which corresponds to a communication destination terminal;
common condition storing means which stores common condition information containing a terminal ID of a communication source terminal, the terminal ID of the communication destination terminal, an algorithm ID corresponding to identification information of the cryptographic algorithm that can be used by both the communication source terminal and the communication destination terminal, and plural pieces of key generation information;
common condition obtaining means which receives the common condition information from the management server and stores the received common condition information in the common condition storing means; and
cryptographic communication means which searches the common condition storing means for the common condition information having a terminal ID of a communication counterpart, selects, from the plurality of encryption/decryption processing means, the encryption/decryption processing means, for which the cryptographic algorithm having the algorithm ID contained in the common condition information found in the search is used, and uses the selected encryption/decryption processing means to perform the cryptographic communication with the communication terminal of the communication counterpart, wherein the management server comprises;
communication condition storing means which stores, for each of the plurality of communication terminals, communication condition information containing the terminal ID of the communication terminal and the algorithm ID of each of the cryptographic algorithms respectively used for the plurality of encryption/decryption processing means provided for the communication terminal;
common condition request receiving means which receives a common condition request from the communication terminal;
common condition search means which searches the common condition storing means for the algorithm ID contained in both the communication condition information containing the terminal ID of the communication source terminal issuing the common condition request received by the common condition request receiving means and the common condition information containing the terminal ID of the communication destination terminal to which the common condition request is sent;
key generation information generating means which generates plural pieces of key generation information, each containing a key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID retrieved by the common condition search means is used or a key type for generating the key, and a key ID corresponding to identification information; and
common condition transmission means which transmits the common condition information to each of the communication terminals, the common condition information containing;
the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal of the common condition request received by the common condition request receiving means;
the algorithm ID retrieved by the common condition search means; and
the plural pieces of key generation information generated by the key generation information generating means in response to the common condition request, the communication terminals each having the terminal ID of the communication source terminal issuing the common condition request and the communication terminal having the terminal ID of the communication destination terminal to which the common condition request is sent, and wherein the cryptographic communication means of the communication terminal sequentially selects the key generation information from the plural pieces of key generation information contained in the common condition information retrieved by the search, uses the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to generate encrypted data, and transmits cryptographic communication information containing the encrypted data and the key ID contained in the selected key generation information to a communication counterpart, while selecting the key generation information having the key ID contained in the cryptographic communication information received from the communication counterpart from the plural pieces of key generation information contained in the common condition information retrieved by the search and using the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to decrypt the encrypted data contained in the cryptographic communication information received from the communication counterpart.
1 Assignment
0 Petitions
Accused Products
Abstract
Cryptographic communication between communication terminals can be realized even when a plurality of cryptographic algorithms are present, and secure cryptographic communication for a longer time is realized without increasing a processing overhead at each of the communication terminals. A key management server manages cryptographic algorithms that can be used by each of the communication terminal, and searches for a cryptographic algorithm common to the communication terminals, and notifies each of the communication terminals of the cryptographic algorithm found by the search together with plural key generation informations, each piece containing a key to be used in the cryptographic algorithm or a key type for generating the key. Each of the communication terminals sequentially switches the plural key generation informations notified from the key management server, and performs the cryptographic communication with a communication counterpart in accordance with the cryptographic algorithm notified from the key management server.
-
Citations
10 Claims
-
1. A cryptographic communication system, comprising:
-
a plurality of communication terminals which perform cryptographic communication; and
a management server which manages a communication condition of each of the plurality of communication terminals, wherein each of the communication terminals comprises;
a plurality of encryption/decryption processing means for which different cryptographic algorithms are respectively used;
common condition requesting means which transmits a common condition request to the management server, the common condition request containing a terminal ID corresponding to identification information of a self communication terminal and a terminal ID of another one of the communication terminals which corresponds to a communication destination terminal;
common condition storing means which stores common condition information containing a terminal ID of a communication source terminal, the terminal ID of the communication destination terminal, an algorithm ID corresponding to identification information of the cryptographic algorithm that can be used by both the communication source terminal and the communication destination terminal, and plural pieces of key generation information;
common condition obtaining means which receives the common condition information from the management server and stores the received common condition information in the common condition storing means; and
cryptographic communication means which searches the common condition storing means for the common condition information having a terminal ID of a communication counterpart, selects, from the plurality of encryption/decryption processing means, the encryption/decryption processing means, for which the cryptographic algorithm having the algorithm ID contained in the common condition information found in the search is used, and uses the selected encryption/decryption processing means to perform the cryptographic communication with the communication terminal of the communication counterpart, wherein the management server comprises;
communication condition storing means which stores, for each of the plurality of communication terminals, communication condition information containing the terminal ID of the communication terminal and the algorithm ID of each of the cryptographic algorithms respectively used for the plurality of encryption/decryption processing means provided for the communication terminal;
common condition request receiving means which receives a common condition request from the communication terminal;
common condition search means which searches the common condition storing means for the algorithm ID contained in both the communication condition information containing the terminal ID of the communication source terminal issuing the common condition request received by the common condition request receiving means and the common condition information containing the terminal ID of the communication destination terminal to which the common condition request is sent;
key generation information generating means which generates plural pieces of key generation information, each containing a key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID retrieved by the common condition search means is used or a key type for generating the key, and a key ID corresponding to identification information; and
common condition transmission means which transmits the common condition information to each of the communication terminals, the common condition information containing;
the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal of the common condition request received by the common condition request receiving means;
the algorithm ID retrieved by the common condition search means; and
the plural pieces of key generation information generated by the key generation information generating means in response to the common condition request, the communication terminals each having the terminal ID of the communication source terminal issuing the common condition request and the communication terminal having the terminal ID of the communication destination terminal to which the common condition request is sent, andwherein the cryptographic communication means of the communication terminal sequentially selects the key generation information from the plural pieces of key generation information contained in the common condition information retrieved by the search, uses the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to generate encrypted data, and transmits cryptographic communication information containing the encrypted data and the key ID contained in the selected key generation information to a communication counterpart, while selecting the key generation information having the key ID contained in the cryptographic communication information received from the communication counterpart from the plural pieces of key generation information contained in the common condition information retrieved by the search and using the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to decrypt the encrypted data contained in the cryptographic communication information received from the communication counterpart. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A management server which manages a communication condition of each of a plurality of communication terminals performing cryptographic communication, comprising:
-
communication condition storing means which stores, for each of the plurality of communication terminals, a terminal ID of the communication terminal and an algorithm ID of each of cryptographic algorithms respectively used for a plurality of encryption/decryption processing means provided for the communication terminals;
common condition request receiving means which receives a common condition request containing a terminal ID of a communication source terminal and a terminal ID of a communication destination terminal from the communication terminal;
common condition search means which searches the communication condition storing means for the algorithm ID contained in both the communication condition information containing the terminal ID of the communication source terminal issuing the common condition request received by the common condition request receiving means and the communication condition information containing the terminal ID of the communication destination terminal to which the common condition request is sent;
key generation information generating means which generates plural pieces of key generation information, each containing a key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID retrieved by the search by the common condition search means is used, or a key type for generating the key, and a key ID corresponding to identification information; and
common condition transmitting means which transmits the common condition information to each of the communication terminals, the common condition information containing the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal of the common condition request received by the common condition request receiving means, the algorithm ID retrieved by the search by the common condition search means, and the plural pieces of key generation information generated by the key generation information generating means in response to the common condition request, the communication terminals each having the terminal ID of the communication source terminal issuing the common condition request and the communication terminal having the terminal ID of the communication destination terminal to which the common condition request is sent.
-
-
8. A communication terminal which performs cryptographic communication, comprising:
-
a plurality of encryption/decryption processing means for which different cryptographic algorithms are respectively used;
common condition requesting means which transmits a common condition request to the management server, the common condition request containing a terminal ID corresponding to identification information of a self communication terminal and a terminal ID of another one of the communication terminals which corresponds to a communication destination terminal;
common condition storing means which stores common condition information containing a terminal ID of a communication source terminal, the terminal ID of the communication destination terminal, an algorithm ID corresponding to identification information of the cryptographic algorithm that can be used by both the communication source terminal and the communication destination terminal, and plural pieces of key generation information containing one of a key and a key type for generating the key, and a key ID corresponding to identification information;
common condition obtaining means which receives the common condition information from the management server and stores the received common condition information in the common condition storing means, the common condition information containing the terminal ID of the self communication terminal which is identical with any of the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal; and
cryptographic communication means which searches the common condition storing means for the common condition information having a terminal ID of a communication counterpart, selects, from the plurality of encryption/decryption processing means, the encryption/decryption processing means, for which the cryptographic algorithm having the algorithm ID contained in the common condition information found in the search is used, and uses the selected encryption/decryption processing means to perform the cryptographic communication with the communication terminal of the communication counterpart, wherein the cryptographic communication means of the communication terminal sequentially selects the key generation information from the plural pieces of key generation information contained in the common condition information retrieved by the search, uses the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to generate encrypted data, and transmits cryptographic communication information containing the encrypted data and the key ID contained in the selected key generation information to a communication counterpart, while selecting the key generation information having the key ID contained in the cryptographic communication information received from the communication counterpart from the plural pieces of key generation information contained in the common condition information retrieved by the search and using the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to decrypt the encrypted data contained in the cryptographic communication information received from the communication counterpart.
-
-
9. A communication condition management method which allows a management server to manage a communication condition of each of a plurality of communication terminals performing cryptographic communication, the management server comprising communication condition storing means which stores, for each of the plurality of communication terminals, communication condition information containing a terminal ID of the communication terminal and an algorithm ID of each of cryptographic algorithms respectively used for a plurality of encryption/decryption processing means provided for the communication terminals, the communication condition management method comprising the steps of:
-
receiving a common condition request containing a terminal ID of a communication source terminal and a terminal ID of a communication destination terminal from the communication terminal;
searching the communication condition storing means for the algorithm ID contained in both the communication condition information containing the terminal ID of the communication source terminal issuing the common condition request and the communication condition information containing the terminal ID of the communication destination terminal to which the common condition request is sent;
generating plural pieces of key generation information, each containing a key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID retrieved by the search is used, or a key type for generating the key, and a key ID corresponding to identification information; and
transmitting common condition information to each of the communication terminals, the common condition information containing the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal of the received common condition request, the algorithm ID retrieved by the communication condition search means, and the plural pieces of key generation information generated by the key generation information generating means in response to the common condition request, the communication terminals each having the terminal ID of the communication source terminal issuing the common condition request and the communication terminal having the terminal ID of the communication destination terminal to which the common condition request is sent.
-
-
10. A cryptographic communication method which allows a communication terminal to perform cryptographic communication, the communication terminal comprising a plurality of encryption/decryption processing means for which different cryptographic algorithms are used and storage means, the cryptographic communication method comprising the steps of:
-
transmitting a common condition request to a management server, the common condition request containing a terminal ID corresponding to identification information of a self communication terminal and a terminal ID of another one of the communication terminals which corresponds to a communication destination terminal;
receiving common condition information containing a terminal ID of the self communication terminal, the terminal ID of the communication destination terminal, an algorithm ID corresponding to identification information of a cryptographic algorithm that can be used by both the communication source terminal and the communication destination terminal, the terminal ID of the self communication terminal being identical with any of the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal, from the management server, and storing the common condition information in the storage means; and
searching the storage means for the common condition information having a terminal ID of a communication counterpart, selecting, from the plurality of encryption/decryption processing means, the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID contained in the common condition information found in the search is used, and performing cryptographic communication with the communication terminal of the communication counterpart by using the selected encryption/decryption processing means, wherein the step of performing the cryptographic communication sequentially selects the key generation information from the plural pieces of key generation information contained in the common condition information retrieved by the search, uses the key contained in the selected key generation information or a key generated from the key type contained in the key generation information, to cause the selected encryption/decryption processing means to generate encrypted data, and transmits cryptographic communication information containing the encrypted data and the key ID contained in the selected key generation information while selecting the key generation information having the key ID contained in the cryptographic communication information received from the communication counterpart from the plural pieces of key generation information contained in the common condition information retrieved by the search, and causing the selected encryption/decryption processing means to decrypt the encrypted data contained in the cryptographic communication information received from the communication counterpart by using the key contained in the selected key generation information or the key generated from the key type contained in the key generation means.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHitachi, Ltd.
-
Original AssigneeHitachi, Ltd.
-
InventorsHoshino, Kazuyoshi, Fujishiro, Takahiro, Takata, Osamu, Kaji, Tadashi
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current380/30
-
CPC Class CodesH04L 63/065 for group communications cr...H04L 9/083 involving central third par...H04L 9/0861 Generation of secret inform...H04L 9/0891 Revocation or update of sec...H04L 9/14 using a plurality of keys o...H04L 9/3247 involving digital signaturesH04L 9/3268 using certificate validatio...
