Encrypted communication system, communication status management server, encrypted communication method, and communication status management method
First Claim
1. An encrypted communication system which uses key information generated by a session management server to achieve intra-group encrypted communication within a group including a plurality of communication devices, the encrypted communication system comprising:
- a database which stores information relating to each of the communication devices; and
a communication status management server which manages the intra-group encrypted communication performed by the plurality of communication devices, wherein;
the database includes;
participating device address storage means which stores a network address of each participating device, which is a communication device participating in the intra-group encrypted communication, so that the network address is associated with a device ID which identifies the communication device; and
group member information storage means which stores the device ID of each of the plurality of communication devices, so that the device ID is associated with a group ID which identifies a group to which the communication devices belong; and
the communication status management server includes;
group member extraction means which, on receiving an intra-group encrypted communication request including a group ID, refers to the group member information storage means based on the group ID, and extracts device IDs of the communication devices belonging to a group corresponding to the group ID; and
participating device ID extraction means which refers to the participating device address storage means, extracts, from among the device IDs extracted by the group member extraction means, a device ID stored in the participating device address storage means in association with a network address, and outputs the device ID to the session management server, to thereby cause the session management server to distribute the key information for use in the intra-group encrypted communication within the group, to each participating device within the group corresponding to the group ID contained within the intra-group encrypted communication request.
1 Assignment
0 Petitions
Accused Products
Abstract
An encrypted communication system is provided, in which an encryption key for use in encrypted communication and settings information for the encrypted communication are distributed to each of a plurality of communication devices performing encrypted communication within a group, and in which traffic generated by distributing the encryption key and the like can be reduced. In the encrypted communication system according to the present invention, information including a key for use in the intra-group encrypted communication or a seed which generates the key is distributed to the communication devices belonging to the group that are participating (e.g., logged in) in the intra-group encrypted communication.
-
Citations
12 Claims
-
1. An encrypted communication system which uses key information generated by a session management server to achieve intra-group encrypted communication within a group including a plurality of communication devices, the encrypted communication system comprising:
-
a database which stores information relating to each of the communication devices; and
a communication status management server which manages the intra-group encrypted communication performed by the plurality of communication devices, wherein;
the database includes;
participating device address storage means which stores a network address of each participating device, which is a communication device participating in the intra-group encrypted communication, so that the network address is associated with a device ID which identifies the communication device; and
group member information storage means which stores the device ID of each of the plurality of communication devices, so that the device ID is associated with a group ID which identifies a group to which the communication devices belong; and
the communication status management server includes;
group member extraction means which, on receiving an intra-group encrypted communication request including a group ID, refers to the group member information storage means based on the group ID, and extracts device IDs of the communication devices belonging to a group corresponding to the group ID; and
participating device ID extraction means which refers to the participating device address storage means, extracts, from among the device IDs extracted by the group member extraction means, a device ID stored in the participating device address storage means in association with a network address, and outputs the device ID to the session management server, to thereby cause the session management server to distribute the key information for use in the intra-group encrypted communication within the group, to each participating device within the group corresponding to the group ID contained within the intra-group encrypted communication request. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An encrypted communication system which achieves intra-group encrypted communication, being encrypted communication within a group including a plurality of communication devices, comprising:
-
a database which stores information relating to each of the communication devices;
a communication status management server which manages the intra-group encrypted communication performed by the plurality of communication devices;
a session management server which generates key information for use in the intra-group encrypted communication, and distributes the key information to each of the communication devices; and
a plurality of communication devices, wherein;
the database includes;
participating device address storage means which stores a network address of each participating device, which is a communication device participating in the intra-group encrypted communication, so that the network address is associated with a device ID which identifies the communication device;
group member information storage means which stores the device IDs of each of the plurality of communication devices, so that the device IDs are associated with a group ID which identifies a group to which the communication devices belong; and
communication condition storage means which stores at least one communication condition executable by each of the participating devices in the intra-group encrypted communication, so that the communication conditions are associated with the device ID;
the communication status management server includes;
group member extraction means which, on receiving an intra-group encrypted communication request including a group ID via the session management server, refers to the group member information storage means based on the group ID, and extracts the device IDs of communication devices belonging to the group corresponding to the group ID; and
participating device ID extraction means which refers to the participating device address storage means, extracts, from among the device IDs extracted by the group member extraction means, a device ID stored in the participating device address storage means in association with a network address, and outputs the device ID to the session management server;
the session management server includes;
server-side encrypted communication means which establishes an encrypted communication route with respect to the communication device, and sends and receives data to and from the communication device via the established encrypted communication route;
participating device registration means which, on receiving notification of participation in the intra-group encrypted communication, from the communication device via the encrypted communication route, stores a network address of the communication device into the participating device address storage means, as a network address of a participating device, so that the network address is associated with the device ID; and
key generation and distribution means which receives the device IDs outputted from the participating device ID extraction means, extracts, from the communication condition storage means, the communication conditions associated with each of the device IDs, extracts, from the extracted communication conditions, a common communication condition that is associated with the plurality of device IDs, generates key information which is used for performing the intra-group encrypted communication executable under the extracted communication condition, and sends the generated key information to each of the communication devices that correspond to the device IDs received from the participating device ID extraction means; and
each of the plurality of communication devices includes;
communication device side encrypted communication means which establishes an encrypted communication route with respect to the session management server, and sends and receives data to and from the session management server via the established encrypted communication route;
encrypted communication request means which transmits, in a case where the intra-group encrypted communication is initiated, the intra-group encrypted communication request, to the session management server via the encrypted communication route; and
intra-group encrypted communication means which, in a case where the key information is received from the session management server via the encrypted communication route in response to the intra-group encrypted communication request, uses the key information to execute intra-group encrypted communication with another communication device in the group.
-
-
8. A communication status management server which instructs a session management server to use information stored in a storage device to distribute key information, in an encrypted communication system which uses key information generated by the session management server to achieve intra-group encrypted communication within a group including a plurality of communication devices, the communication status management server including:
-
group member extraction means which, on receiving an intra-group encrypted communication request including a group ID, refers to the storage device based on the group ID, and extracts the device IDs of the communication devices belonging to the group that corresponds to the group ID, from the group member information storage means of the storage device, in which the device IDs of each of the plurality of communication devices are stored in association with a group ID which distinguishes the group to which the communication devices belong; and
participating device ID extraction means which refers to the participating device address storage means of the storage device, in which the network addresses of each of the participating devices, which are communication devices participating in the intra-group encrypted communication, are stored in association with a device ID which distinguishes the communication device, extracts, from among the device IDs extracted by the group member extraction means, a device ID stored in the participating device address storage means in association with a network address, and outputs the device ID to the session management server, to thereby cause the session management server to distribute the key information for use in the intra-group encrypted communication within the group, to each of the participating devices within the group corresponding to the group ID contained within the intra-group encrypted communication request.
-
-
9. An encrypted communication method in an encrypted communication system which uses key information generated by a session management server to achieve intra-group encrypted communication within a group including a plurality of communication devices, wherein:
-
the encrypted communication system includes;
a database which stores information relating to each of the communication devices; and
a communication status management server which manages the intra-group encrypted communication performed by the plurality of communication devices;
the database includes;
participating device address storage means which stores a network address of each participating device, which is a communication device participating in the intra-group encrypted communication, so that the network address is associated with a device ID which identifies each communication device; and
group member information storage means which stores the device ID of each of the plurality of communication devices, so that the device ID is associated with a group ID which identifies a group to which the communication devices belong; and
wherein the method, performed by the communication status management server, comprises;
a group member extraction step of, on receiving an intra-group encrypted communication request including a group ID, referring to the group member information storage means based on the group ID, and extracting device IDs of the communication devices belonging to a group corresponding to the group ID; and
a participating device ID extraction step of referring to the participating device address storage means, extracting, from among the device IDs extracted in the group member extraction step, a device ID stored in the participating device address storage means in association with a network address, and outputting the device ID to the session management server, so as to generate and distribute the key information for use in the intra-group encrypted communication within the group, to each participating device within the group corresponding to the group ID contained within the intra-group encrypted communication request.
-
-
10. An encrypted communication method for an encrypted communication system which achieves intra-group encrypted communication, being encrypted communication within a group including a plurality of communication devices, wherein:
-
the encrypted communication system includes;
a database which stores information relating to each of the communication devices;
a communication status management server which manages the intra-group encrypted communication performed by the plurality of communication devices;
a session management server which generates key information for use in the intra-group encrypted communication, and distributes the key information to each of the communication devices; and
a plurality of communication devices;
the database includes;
participating device address storage means which stores a network address of each participating device, which is a communication device participating in the intra-group encrypted communication, so that the network address is associated with a device ID which identifies the communication device;
group member information storage means which stores the device IDs of each of the plurality of communication devices, so that the device IDs are associated with a group ID which identifies a group to which the communication devices belong; and
communication condition storage means which stores at least one communication condition executable by each of the participating devices in the intra-group encrypted communication, so that the communication condition is associated with the device ID;
wherein the method, performed by communication status management server, comprises;
a group member extraction step of, on receiving an intra-group encrypted communication request including a group ID via the session management server, referring to the group member information storage means based on the group ID, and extracting the device IDs of communication devices belonging to the group corresponding to the group ID; and
a participating device ID extraction step of referring to the participating device address storage means, extracting, from among the device IDs extracted in the group member extraction step, a device ID stored in the participating device address storage means in association with a network address, and outputting the device ID to the session management server;
the method, performed by the session management server, comprises;
a server-side encrypted communication step of establishing an encrypted communication route with respect to the communication device, and sending and receiving data to and from the communication device via the established encrypted communication route;
a participating device registration step of, on receiving notification of participation in the intra-group encrypted communication, from the communication device via the encrypted communication route, storing a network address of the communication device into the participating device address storage means as a network address of a participating device, so that the network address is associated with the device ID; and
a key generation and distribution step of receiving the device IDs outputted in the participating device ID extraction step, extracting, from the communication condition storage means, the communication conditions associated with each of the device IDs, extracting, from the extracted communication conditions, a common communication condition that is associated with the plurality of device IDs, generating key information which is used for performing the intra-group encrypted communication executable under the extracted communication condition, and sending the generated key information to each of the communication devices that correspond to the device IDs outputted in the participating device ID extraction step; and
and the method, performed by each of the plurality of communication devices, comprises;
a communication device side encrypted communication step of establishing an encrypted communication route with respect to the session management server, and sending and receiving data to and from the session management server via the established encrypted communication route;
an encrypted communication request step of transmitting, in a case where the intra-group encrypted communication is initiated, an intra-group encrypted communication request, to the session management server via the encrypted communication route; and
an intra-group encrypted communication step of using, in a case where the key information is received from the session management server via the encrypted communication route in response to the intra-group encrypted communication request, the key information to execute intra-group encrypted communication with another communication device in the group.
-
-
11. A communication status management method for a communication status management server which instructs a session management server to use information stored in a storage device to generate key information, in an encrypted communication system which uses key information generated by the session management server to achieve intra-group encrypted communication within a group including a plurality of communication devices, the method, performed by the communication status management server, comprises:
-
a group member extraction step of, on receiving an intra-group encrypted communication request including a group ID, referring to the storage device based on the group ID, and extracting the device IDs of the communication devices belonging to the group that corresponds to the group ID, from the group member information storage means of the storage device, in which the device IDs of each of the plurality of communication devices are stored in association with a group ID which distinguishes the group to which the communication devices belong; and
a participating device ID extraction step of referring to the participating device address storage means of the storage device, in which the network addresses of each of the participating devices, which are communication devices participating in the intra-group encrypted communication, are stored in association with a device ID which distinguishes the communication device, extracting, from among the device IDs extracted in the group member extraction step, a device ID stored in the participating device address storage means in association with a network address, and outputting the device ID to the session management server, to thereby cause the session management server to distribute the key information for use in the intra-group encrypted communication within the group, to each of the participating devices within the group corresponding to the group ID contained within the intra-group encrypted communication request.
-
-
12. An encrypted communication system which manages encrypted communication conducted among a plurality of communication devices belonging to a group, the encrypted communication system comprising:
-
a database which stores a list of the plurality of communication devices belonging to the group, and information indicating whether or not each of the plurality of communication devices is participating in the encrypted communication within the group;
participating device identification means which refers to the database to identify, from among the communication devices belonging to the group, the communication devices that are participating in the intra-group encrypted communication; and
key distribution means which generates a key for the encrypted communication performed by the identified communication devices, and distributes the key to the identified communication devices.
-
Specification