Encryption communication system, apparatus, method, and program

US 20080098226A1
Filed: 01/26/2007
Published: 04/24/2008
Est. Priority Date: 10/19/2006
Status: Abandoned Application

First Claim

Patent Images

1. An encryption communication system in which a plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, the encryption communication system characterized in that,in each of the plurality of encryption communication apparatuses,a frame transmitting and receiving unit which encrypts and transmits the data for the other encryption communication apparatus by using an encryption key and decrypts the data received from the other encryption communication apparatus by using an encryption key, andan encryption key exchange processing unit which generates and exchanges the encryption key in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus are provided;

and,in at least a part of the plurality of encryption communication apparatuses,an apparatus load measurement unit which measures apparatus load,a communication volume measurement unit which measures the volume of communication with each of the encryption communication apparatuses of the counterpart, anda validity time control unit which sets validity time for the encryption key generated by the encryption key exchange unit, searches an encryption key of which validity time is close, and instructs the encryption key exchange processing unit to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, searches an encryption key of the encryption communication apparatus of a counterpart for which the communication volume is small, and instructs the encryption key exchange processing unit to update the encryption key by exchanging the encryption key again are provided.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted by the encryption communication apparatus and transmitted to the other encryption communication apparatus, and data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination. Upon initiation of first communication with the other encryption communication apparatuses, the encryption communication apparatus generates and exchange encryption keys according to an encryption key exchange protocol, records them in the encryption key control table and, and sets validity time so as to control that. The encryption key is subjected to encryption key update when validity time is close; however, even during validity time period, when the state that CPU load is low is determined, the encryption key of the encryption communication apparatus which is a counterpart having a small communication volume is searched, and the encryption key is updated.

Citations

23 Claims

1. An encryption communication system in which a plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, the encryption communication system characterized in that,in each of the plurality of encryption communication apparatuses,a frame transmitting and receiving unit which encrypts and transmits the data for the other encryption communication apparatus by using an encryption key and decrypts the data received from the other encryption communication apparatus by using an encryption key, andan encryption key exchange processing unit which generates and exchanges the encryption key in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus are provided;
- and,in at least a part of the plurality of encryption communication apparatuses,an apparatus load measurement unit which measures apparatus load,a communication volume measurement unit which measures the volume of communication with each of the encryption communication apparatuses of the counterpart, anda validity time control unit which sets validity time for the encryption key generated by the encryption key exchange unit, searches an encryption key of which validity time is close, and instructs the encryption key exchange processing unit to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, searches an encryption key of the encryption communication apparatus of a counterpart for which the communication volume is small, and instructs the encryption key exchange processing unit to update the encryption key by exchanging the encryption key again are provided.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The encryption communication system according to claim 1, characterized in that the validity time control unit has an encryption key control table;
    - and encryption key generation date and time, validity time, the counterpart apparatus, the communication volume, and the encryption key are recorded and controlled in the encryption key control table.
  - 3. The encryption communication system according to claim 1, characterized in that,when a plurality of local encryption communication apparatuses are connected to one center encryption communication apparatus so as to perform encryption communication,in the center encryption communication apparatus, the frame transmitting and receiving unit, the encryption key exchange processing unit, the apparatus load measurement unit, the communication volume measurement unit, and the validity time control unit are provided;
    - and,
4. The encryption communication system according to claim 1, characterized in that, when encryption communication is to be performed mutually between the plurality of encryption communication apparatuses, in each of the plurality of encryption communication apparatuses, the frame transmitting and receiving unit, the encryption key exchange processing unit, the apparatus load measurement unit, the communication volume measurement unit, and the validity time control unit are provided.
5. The encryption communication system according to claim 1, characterized in that, when first reception connection is received from the other encryption communication apparatus, the encryption key exchange processing unit generates and exchanges the encryption key and instructs the validity time control unit to perform validity time control of the encryption key.
6. The encryption communication system according to claim 1, characterized in that when first transmission connection to the other encryption communication apparatus is achieved, the encryption key exchange processing unit generates and exchanges the encryption key and instructs the validity time control unit to perform validity time control of the encryption key.
7. The encryption communication system according to claim 1, characterized in thatthe apparatus load measurement unit measures CPU load;
- andthe validity time control unit determines encryption key update timing when a mean value of the CPU load during a past predetermined period of time is lower than a predetermined value, searches the encryption communication apparatus of the counterpart having the communication volume which is equal to or less than a predetermined value and minimum, and instructs the encryption key exchange unit to update the encryption key by generating an encryption key again.
8. The encryption communication system according to claim 1, characterized in that the communication volume measurement unit measures a bit rate per unit time as the communication volume.
9. The encryption communication system according to claim 1, characterized in that the validity time control unit prohibits encryption key update for a predetermined period of time from update of the encryption key.
10. The encryption communication system according to claim 1, characterized in that the encryption key exchange processing unit generates and exchanges the encryption key of a shared key encryption method which uses the same encryption key in encryption and decryption.

11. An encryption communication apparatus in which a plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, the encryption communication apparatus characterized by having a transmitting and receiving unit which encrypts and transmits the data for the other encryption communication apparatus by using an encryption key and decrypts the data received from the other encryption communication apparatus by using an encryption key;
- an encryption key exchange processing unit which generates and exchanges the encryption key in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus are provided;
  
  an apparatus load measurement unit which measures apparatus load;
  
  a communication volume measurement unit which measures the volume of communication with each of the encryption communication apparatuses of the counterpart; and
  
  a validity time control unit which sets validity time for the encryption key generated by the encryption key exchange unit, searches an encryption key of which validity time is close, and instructs the encryption key exchange processing unit to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, searches an encryption key of the encryption communication apparatus of a counterpart for which the communication volume is small, and instructs the encryption key exchange processing unit to update the encryption key by exchanging the encryption key again.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The encryption communication apparatus according to claim 11, characterized in that the validity time control unit has an encryption key control table;
    - and encryption key generation date and time, validity time, the counterpart apparatus, the communication volume, and the encryption key are recorded and controlled in the encryption key control table.
  - 13. The encryption communication apparatus according to claim 11, characterized in that, when first reception connection is received from the other encryption communication apparatus, the encryption key exchange processing unit generates and exchanges the encryption key and instructs the validity time control unit to perform validity time control of the encryption key.
  - 14. The encryption communication apparatus according to claim 11, characterized in that when first transmission connection to the other encryption communication apparatus is achieved, the encryption key exchange processing unit generates and exchanges the encryption key and instructs the validity time control unit to perform validity time control of the encryption key.
  - 15. The encryption communication apparatus described in claim 11, characterized in thatthe apparatus load measurement unit measures CPU load;
    - and
16. (Prohibited Time Period of Encryption Key Update)The encryption communication apparatus described in claim 11, characterized in that the validity time control unit prohibits encryption key update for a predetermined period of time from update of the encryption key.

17. An encryption communication method in which a plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, the encryption communication method characterized by including a transmitting and receiving step in which the data for the other encryption communication method is encrypted and transmitted by using an encryption key, and the data received from the other encryption communication apparatus is decrypted by using the encryption key;
- an encryption key exchange processing step in which the encryption key is generated and exchanged in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus;
  
  an apparatus load measurement step in which apparatus load is measured;
  
  a communication volume measurement step in which the volume of communication with each of the encryption communication apparatuses of the counterpart is measured;
  
  a validity time control step in which validity time is set for the encryption key generated in the encryption key exchange step, an encryption key of which validity time is close is searched, and the encryption key exchange processing step is instructed to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, an encryption key of the encryption communication apparatus of a counterpart for which the communication volume is small is searched, and the encryption key exchange processing step is instructed to update the encryption key by exchanging the encryption key again.
- View Dependent Claims (18)
- - 18. The encryption communication method according to claim 17, characterized in thatin the apparatus load measurement step, CPU load is measured;
    - and

19. A computer-readable storage medium which stores an encryption communication program characterized by causing a computer of an encryption communication apparatus in which a plurality of encryption communication apparatuses to which terminal programs are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, to executea transmitting and receiving step in which the data for the other encryption communication apparatus is encrypted and transmitted by using an encryption key, and the data received from the other encryption communication apparatus is decrypted by using the encryption key;
- an encryption key exchange processing step in which the encryption key is generated and exchanged in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus;
  
  an apparatus load measurement step in which apparatus load is measured;
  
  a communication volume measurement step in which the volume of communication with each of the encryption communication apparatuses of the counterpart is measured;
  
  a validity time control step in which validity time is set for the encryption key generated in the encryption key exchange step, an encryption key of which validity time is close is searched, and the encryption key exchange processing step is instructed to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, the encryption communication apparatus of a counterpart for which the communication volume is small is searched, and the encryption key exchange processing step is instructed to update the encryption key by exchanging the encryption key again.
- View Dependent Claims (20)
- - 20. The storage medium according to claim 19, characterized in thatin the apparatus load measurement step, CPU load is measured;
    - and

21. An encryption communication apparatus which is connected to another encryption communication apparatus via a network, is connected to a terminal apparatus, encrypts data received from the terminal apparatus and transmits the data to the other encryption communication apparatus, and decrypts data received from the other encryption communication apparatus and transmits the data to the terminal apparatus, the encryption communication apparatus characterized by having a transmitting and receiving unit which encrypts the data to be transmitted to the other encryption communication apparatus by using an encryption key and transmits the data, and decrypts the data received from the other encryption communication apparatus by using the encryption key;
- an encryption key processing unit which generates the encryption key used in data transmission and reception with the other encryption communication apparatus in accordance with an encryption key exchange procedure;
  
  an apparatus load measurement unit which measures the load of the apparatus per se;
  
  a communication volume measurement unit which measures a communication volume of the other encryption communication apparatus; and
  
  a control unit which, when a state in which load is low is determined by the apparatus load measurement unit, searches the other encryption communication apparatus having a small communication volume based on a measurement result of the communication volume measurement unit, and instructs the encryption key exchange processing unit to update the encryption key which is shared with the other encryption communication apparatus.

22. An information processing apparatus which is connected to another apparatus and transmits/receives information to or from the other apparatus, the information processing apparatus characterized by havinga transmitting and receiving unit which transmits transmitted information encrypted by an encryption key to the other apparatus and decrypts received information from the other apparatus by the encryption key;
- an apparatus load measurement unit which measures load of the apparatus per se; and
  
  a control unit which, when the state in which the load is low is determined by the apparatus load measurement unit, searches the other apparatus having a small communication volume and updates the encryption key used in information transmission/reception to or from the other apparatus.
- View Dependent Claims (23)
- - 23. The information processing apparatus described in claim 22, characterized in thatthe information processing apparatus is connected to a plurality of the other apparatuses;
    - andthe encryption key processing unit generates different encryption keys respectively for the plurality of other apparatuses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Zokumasui, Yuichi

Application Number

US11/698,200
Publication Number

US 20080098226A1
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 9/0838 Key agreement, i.e. key est...

H04L 9/0891 Revocation or update of sec...

Encryption communication system, apparatus, method, and program

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption communication system, apparatus, method, and program

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links