Cryptographic communication system and method

US 20060204003A1
Filed: 02/28/2006
Published: 09/14/2006
Est. Priority Date: 02/28/2005
Status: Active Grant

First Claim

Patent Images

1. A cryptographic communication system, comprising:

a plurality of communication terminals which perform cryptographic communication; and

a management server which manages a communication condition of each of the plurality of communication terminals, wherein each of the communication terminals comprises;

a plurality of encryption/decryption processing means for which different cryptographic algorithms are respectively used;

common condition requesting means which transmits a common condition request to the management server, the common condition request containing a terminal ID corresponding to identification information of a self communication terminal and a terminal ID of another one of the communication terminals which corresponds to a communication destination terminal;

common condition storing means which stores common condition information containing a terminal ID of a communication source terminal, the terminal ID of the communication destination terminal, an algorithm ID corresponding to identification information of the cryptographic algorithm that can be used by both the communication source terminal and the communication destination terminal, and plural pieces of key generation information;

common condition obtaining means which receives the common condition information from the management server and stores the received common condition information in the common condition storing means; and

cryptographic communication means which searches the common condition storing means for the common condition information having a terminal ID of a communication counterpart, selects, from the plurality of encryption/decryption processing means, the encryption/decryption processing means, for which the cryptographic algorithm having the algorithm ID contained in the common condition information found in the search is used, and uses the selected encryption/decryption processing means to perform the cryptographic communication with the communication terminal of the communication counterpart, wherein the management server comprises;

communication condition storing means which stores, for each of the plurality of communication terminals, communication condition information containing the terminal ID of the communication terminal and the algorithm ID of each of the cryptographic algorithms respectively used for the plurality of encryption/decryption processing means provided for the communication terminal;

common condition request receiving means which receives a common condition request from the communication terminal;

common condition search means which searches the common condition storing means for the algorithm ID contained in both the communication condition information containing the terminal ID of the communication source terminal issuing the common condition request received by the common condition request receiving means and the common condition information containing the terminal ID of the communication destination terminal to which the common condition request is sent;

key generation information generating means which generates plural pieces of key generation information, each containing a key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID retrieved by the common condition search means is used or a key type for generating the key, and a key ID corresponding to identification information; and

common condition transmission means which transmits the common condition information to each of the communication terminals, the common condition information containing;

the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal of the common condition request received by the common condition request receiving means;

the algorithm ID retrieved by the common condition search means; and

the plural pieces of key generation information generated by the key generation information generating means in response to the common condition request, the communication terminals each having the terminal ID of the communication source terminal issuing the common condition request and the communication terminal having the terminal ID of the communication destination terminal to which the common condition request is sent, and wherein the cryptographic communication means of the communication terminal sequentially selects the key generation information from the plural pieces of key generation information contained in the common condition information retrieved by the search, uses the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to generate encrypted data, and transmits cryptographic communication information containing the encrypted data and the key ID contained in the selected key generation information to a communication counterpart, while selecting the key generation information having the key ID contained in the cryptographic communication information received from the communication counterpart from the plural pieces of key generation information contained in the common condition information retrieved by the search and using the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to decrypt the encrypted data contained in the cryptographic communication information received from the communication counterpart.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cryptographic communication between communication terminals can be realized even when a plurality of cryptographic algorithms are present, and secure cryptographic communication for a longer time is realized without increasing a processing overhead at each of the communication terminals. A key management server manages cryptographic algorithms that can be used by each of the communication terminal, and searches for a cryptographic algorithm common to the communication terminals, and notifies each of the communication terminals of the cryptographic algorithm found by the search together with plural key generation informations, each piece containing a key to be used in the cryptographic algorithm or a key type for generating the key. Each of the communication terminals sequentially switches the plural key generation informations notified from the key management server, and performs the cryptographic communication with a communication counterpart in accordance with the cryptographic algorithm notified from the key management server.

Citations

10 Claims

1. A cryptographic communication system, comprising:
- a plurality of communication terminals which perform cryptographic communication; and
  
  a management server which manages a communication condition of each of the plurality of communication terminals, wherein each of the communication terminals comprises;
  
  a plurality of encryption/decryption processing means for which different cryptographic algorithms are respectively used;
  
  common condition requesting means which transmits a common condition request to the management server, the common condition request containing a terminal ID corresponding to identification information of a self communication terminal and a terminal ID of another one of the communication terminals which corresponds to a communication destination terminal;
  
  common condition storing means which stores common condition information containing a terminal ID of a communication source terminal, the terminal ID of the communication destination terminal, an algorithm ID corresponding to identification information of the cryptographic algorithm that can be used by both the communication source terminal and the communication destination terminal, and plural pieces of key generation information;
  
  common condition obtaining means which receives the common condition information from the management server and stores the received common condition information in the common condition storing means; and
  
  cryptographic communication means which searches the common condition storing means for the common condition information having a terminal ID of a communication counterpart, selects, from the plurality of encryption/decryption processing means, the encryption/decryption processing means, for which the cryptographic algorithm having the algorithm ID contained in the common condition information found in the search is used, and uses the selected encryption/decryption processing means to perform the cryptographic communication with the communication terminal of the communication counterpart, wherein the management server comprises;
  
  communication condition storing means which stores, for each of the plurality of communication terminals, communication condition information containing the terminal ID of the communication terminal and the algorithm ID of each of the cryptographic algorithms respectively used for the plurality of encryption/decryption processing means provided for the communication terminal;
  
  common condition request receiving means which receives a common condition request from the communication terminal;
  
  common condition search means which searches the common condition storing means for the algorithm ID contained in both the communication condition information containing the terminal ID of the communication source terminal issuing the common condition request received by the common condition request receiving means and the common condition information containing the terminal ID of the communication destination terminal to which the common condition request is sent;
  
  key generation information generating means which generates plural pieces of key generation information, each containing a key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID retrieved by the common condition search means is used or a key type for generating the key, and a key ID corresponding to identification information; and
  
  common condition transmission means which transmits the common condition information to each of the communication terminals, the common condition information containing;
  
  the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal of the common condition request received by the common condition request receiving means;
  
  the algorithm ID retrieved by the common condition search means; and
  
  the plural pieces of key generation information generated by the key generation information generating means in response to the common condition request, the communication terminals each having the terminal ID of the communication source terminal issuing the common condition request and the communication terminal having the terminal ID of the communication destination terminal to which the common condition request is sent, and wherein the cryptographic communication means of the communication terminal sequentially selects the key generation information from the plural pieces of key generation information contained in the common condition information retrieved by the search, uses the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to generate encrypted data, and transmits cryptographic communication information containing the encrypted data and the key ID contained in the selected key generation information to a communication counterpart, while selecting the key generation information having the key ID contained in the cryptographic communication information received from the communication counterpart from the plural pieces of key generation information contained in the common condition information retrieved by the search and using the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to decrypt the encrypted data contained in the cryptographic communication information received from the communication counterpart.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A cryptographic communication system according to claim 1, wherein:
    - each piece of the communication condition information stored in the communication condition storing means of the management server further comprises, in addition to the terminal ID of the corresponding communication terminal and the algorithm ID of each of the cryptographic algorithms respectively used for the plurality of encryption/decryption processing means provided for the communication terminal, a key length that can be used by the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID is used, for each of the algorithm IDs;
      
      the common condition search means of the management server searches the communication condition storing means for a combination of the algorithm ID and the key length contained in both the communication condition information containing the terminal ID of the communication source terminal issuing the common condition request received by the common condition request receiving means and the communication condition information containing the terminal ID of the communication destination terminal to which the common condition request is sent; and
      
      the key information generating means of the management server generates plural pieces of key generation information, each containing the key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID found by the common condition search means is used, the key having the key length retrieved by the common condition search means, or the key type for generating a key having the key length, and the key ID corresponding to identification information.
  - 3. A cryptographic communication system according to claim 1, wherein:
    - the common condition requesting means of the communication terminal transmits the common condition request containing a communication period with the communication counterpart to the management server;
      
      the key generation information generating means of the management server generates n pieces of key generation information with a validity period such that a start time of a validity period of the first key is earlier than a start time of the communication period contained in the common condition request received by the common condition request receiving means, an end time of a validity period of the n-th key is later than an end time of the communication period, and a start time of a validity period of i (2≦
      
      i≦
      
      n) -th key is earlier than an end time of a validity period of the (i−
      
      1)-th key; and
      
      the cryptographic communication means of the communication terminal sequentially selects the key generation information from the plural pieces of key generation information contained in the common condition information retrieved by the search in accordance with their validity periods, and uses the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to generate encrypted data.
  - 4. A cryptographic communication system according to claim 3, wherein:
    - each of the plurality of communication terminals further comprises common condition update requesting means which transmits a common condition update request containing the terminal ID of the communication source terminal, the terminal ID of the communication destination terminal, and the algorithm ID, which are contained in the common condition information stored in the common condition storing means, and the communication period having a start time earlier than the end time of the validity period of the n-th key and an end time later than the validity period of the n-th key of the n-keys generated by the plural pieces of key generation information contained in the common condition information;
      
      the management server further comprises common condition update request receiving means which receives the common condition update request from the communication terminal;
      
      the key generation information generating means of the management server further generates plural pieces of key generation information, each containing the key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID contained in the common condition update request received by the common condition update requesting means is used, or the key type for generating the key and the key ID corresponding to the identification information; and
      
      the common condition transmitting means of the management server transmits the common condition information to each of the communication terminals, the common condition information containing the terminal ID of the communication source terminal, the terminal ID of the communication destination terminal and the algorithm ID, which are contained in the common condition update request received by the common condition update requesting means, and the plural pieces of key generation information generated by the key generation information generating means in response to the common condition update request, the communication terminals each having the terminal ID of the communication source terminal issuing the common condition update request and the communication terminal having the terminal ID of the communication destination terminal to which the common condition update request is sent.
  - 5. A cryptographic communication system according to claim 1, wherein:
    - the management server further comprising;
      
      distributed common condition storing means which stores the common condition information transmitted by the common condition transmitting means to the communication terminal;
      
      invalidation instruction accepting means which accepts designation of the common condition information whose key generation information are to be partially or entirely invalidated from the common condition information stored in the distributed common condition storing means; and
      
      invalidation request transmitting means which transmits a partial or entire key generation information invalidation request contained in the designated common condition information to each of the communication terminal having the terminal ID of the communication source terminal contained in the common condition information designated by the invalidation instruction accepting means and the communication terminal having the terminal ID of the communication destination terminal contained in the common condition information; and
      
      each of the plurality of communication terminals further comprises;
      
      invalidation request receiving means which receives a key generation information invalidation request from the management server; and
      
      invalidation means which searches the common condition storing means for the common condition information designated by the key generation information invalidation request received by the invalidation request receiving means and performs an invalidation processing of the partial or entire key generation information contained in the common condition information found in the search.
  - 6. A cryptographic communication system according to claim 1, wherein:
    - each of the plurality of communication terminals further comprises communication condition transmitting means which transmits the communication condition information to the management server, the communication condition information containing the terminal ID of the self communication terminal and the algorithm ID of the cryptographic algorithm used for each of the plurality of encryption/decryption processing means provided for the self communication terminal; and
      
      the management server further comprises communication condition management means which receives the communication condition information from the communication terminal and stores the received communication condition information in the communication condition storing means.

7. A management server which manages a communication condition of each of a plurality of communication terminals performing cryptographic communication, comprising:
- communication condition storing means which stores, for each of the plurality of communication terminals, a terminal ID of the communication terminal and an algorithm ID of each of cryptographic algorithms respectively used for a plurality of encryption/decryption processing means provided for the communication terminals;
  
  common condition request receiving means which receives a common condition request containing a terminal ID of a communication source terminal and a terminal ID of a communication destination terminal from the communication terminal;
  
  common condition search means which searches the communication condition storing means for the algorithm ID contained in both the communication condition information containing the terminal ID of the communication source terminal issuing the common condition request received by the common condition request receiving means and the communication condition information containing the terminal ID of the communication destination terminal to which the common condition request is sent;
  
  key generation information generating means which generates plural pieces of key generation information, each containing a key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID retrieved by the search by the common condition search means is used, or a key type for generating the key, and a key ID corresponding to identification information; and
  
  common condition transmitting means which transmits the common condition information to each of the communication terminals, the common condition information containing the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal of the common condition request received by the common condition request receiving means, the algorithm ID retrieved by the search by the common condition search means, and the plural pieces of key generation information generated by the key generation information generating means in response to the common condition request, the communication terminals each having the terminal ID of the communication source terminal issuing the common condition request and the communication terminal having the terminal ID of the communication destination terminal to which the common condition request is sent.

8. A communication terminal which performs cryptographic communication, comprising:
- a plurality of encryption/decryption processing means for which different cryptographic algorithms are respectively used;
  
  common condition requesting means which transmits a common condition request to the management server, the common condition request containing a terminal ID corresponding to identification information of a self communication terminal and a terminal ID of another one of the communication terminals which corresponds to a communication destination terminal;
  
  common condition storing means which stores common condition information containing a terminal ID of a communication source terminal, the terminal ID of the communication destination terminal, an algorithm ID corresponding to identification information of the cryptographic algorithm that can be used by both the communication source terminal and the communication destination terminal, and plural pieces of key generation information containing one of a key and a key type for generating the key, and a key ID corresponding to identification information;
  
  common condition obtaining means which receives the common condition information from the management server and stores the received common condition information in the common condition storing means, the common condition information containing the terminal ID of the self communication terminal which is identical with any of the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal; and
  
  cryptographic communication means which searches the common condition storing means for the common condition information having a terminal ID of a communication counterpart, selects, from the plurality of encryption/decryption processing means, the encryption/decryption processing means, for which the cryptographic algorithm having the algorithm ID contained in the common condition information found in the search is used, and uses the selected encryption/decryption processing means to perform the cryptographic communication with the communication terminal of the communication counterpart, wherein the cryptographic communication means of the communication terminal sequentially selects the key generation information from the plural pieces of key generation information contained in the common condition information retrieved by the search, uses the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to generate encrypted data, and transmits cryptographic communication information containing the encrypted data and the key ID contained in the selected key generation information to a communication counterpart, while selecting the key generation information having the key ID contained in the cryptographic communication information received from the communication counterpart from the plural pieces of key generation information contained in the common condition information retrieved by the search and using the key contained in the selected key generation information or the key generated from the key type contained in the key generation information to cause the selected encryption/decryption processing means to decrypt the encrypted data contained in the cryptographic communication information received from the communication counterpart.

9. A communication condition management method which allows a management server to manage a communication condition of each of a plurality of communication terminals performing cryptographic communication, the management server comprising communication condition storing means which stores, for each of the plurality of communication terminals, communication condition information containing a terminal ID of the communication terminal and an algorithm ID of each of cryptographic algorithms respectively used for a plurality of encryption/decryption processing means provided for the communication terminals, the communication condition management method comprising the steps of:
- receiving a common condition request containing a terminal ID of a communication source terminal and a terminal ID of a communication destination terminal from the communication terminal;
  
  searching the communication condition storing means for the algorithm ID contained in both the communication condition information containing the terminal ID of the communication source terminal issuing the common condition request and the communication condition information containing the terminal ID of the communication destination terminal to which the common condition request is sent;
  
  generating plural pieces of key generation information, each containing a key used in the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID retrieved by the search is used, or a key type for generating the key, and a key ID corresponding to identification information; and
  
  transmitting common condition information to each of the communication terminals, the common condition information containing the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal of the received common condition request, the algorithm ID retrieved by the communication condition search means, and the plural pieces of key generation information generated by the key generation information generating means in response to the common condition request, the communication terminals each having the terminal ID of the communication source terminal issuing the common condition request and the communication terminal having the terminal ID of the communication destination terminal to which the common condition request is sent.

10. A cryptographic communication method which allows a communication terminal to perform cryptographic communication, the communication terminal comprising a plurality of encryption/decryption processing means for which different cryptographic algorithms are used and storage means, the cryptographic communication method comprising the steps of:
- transmitting a common condition request to a management server, the common condition request containing a terminal ID corresponding to identification information of a self communication terminal and a terminal ID of another one of the communication terminals which corresponds to a communication destination terminal;
  
  receiving common condition information containing a terminal ID of the self communication terminal, the terminal ID of the communication destination terminal, an algorithm ID corresponding to identification information of a cryptographic algorithm that can be used by both the communication source terminal and the communication destination terminal, the terminal ID of the self communication terminal being identical with any of the terminal ID of the communication source terminal and the terminal ID of the communication destination terminal, from the management server, and storing the common condition information in the storage means; and
  
  searching the storage means for the common condition information having a terminal ID of a communication counterpart, selecting, from the plurality of encryption/decryption processing means, the encryption/decryption processing means for which the cryptographic algorithm having the algorithm ID contained in the common condition information found in the search is used, and performing cryptographic communication with the communication terminal of the communication counterpart by using the selected encryption/decryption processing means, wherein the step of performing the cryptographic communication sequentially selects the key generation information from the plural pieces of key generation information contained in the common condition information retrieved by the search, uses the key contained in the selected key generation information or a key generated from the key type contained in the key generation information, to cause the selected encryption/decryption processing means to generate encrypted data, and transmits cryptographic communication information containing the encrypted data and the key ID contained in the selected key generation information while selecting the key generation information having the key ID contained in the cryptographic communication information received from the communication counterpart from the plural pieces of key generation information contained in the common condition information retrieved by the search, and causing the selected encryption/decryption processing means to decrypt the encrypted data contained in the cryptographic communication information received from the communication counterpart by using the key contained in the selected key generation information or the key generated from the key type contained in the key generation means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Hoshino, Kazuyoshi, Fujishiro, Takahiro, Takata, Osamu, Kaji, Tadashi

Granted Patent

US 7,697,692 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

H04L 63/065   for group communications cr...

H04L 9/083   involving central third par...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

Cryptographic communication system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic communication system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links