Encryption communication system, apparatus, method, and program
First Claim
1. An encryption communication system in which a plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, the encryption communication system characterized in that,in each of the plurality of encryption communication apparatuses,a frame transmitting and receiving unit which encrypts and transmits the data for the other encryption communication apparatus by using an encryption key and decrypts the data received from the other encryption communication apparatus by using an encryption key, andan encryption key exchange processing unit which generates and exchanges the encryption key in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus are provided;
- and,in at least a part of the plurality of encryption communication apparatuses,an apparatus load measurement unit which measures apparatus load,a communication volume measurement unit which measures the volume of communication with each of the encryption communication apparatuses of the counterpart, anda validity time control unit which sets validity time for the encryption key generated by the encryption key exchange unit, searches an encryption key of which validity time is close, and instructs the encryption key exchange processing unit to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, searches an encryption key of the encryption communication apparatus of a counterpart for which the communication volume is small, and instructs the encryption key exchange processing unit to update the encryption key by exchanging the encryption key again are provided.
2 Assignments
0 Petitions
Accused Products
Abstract
A plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted by the encryption communication apparatus and transmitted to the other encryption communication apparatus, and data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination. Upon initiation of first communication with the other encryption communication apparatuses, the encryption communication apparatus generates and exchange encryption keys according to an encryption key exchange protocol, records them in the encryption key control table and, and sets validity time so as to control that. The encryption key is subjected to encryption key update when validity time is close; however, even during validity time period, when the state that CPU load is low is determined, the encryption key of the encryption communication apparatus which is a counterpart having a small communication volume is searched, and the encryption key is updated.
-
Citations
23 Claims
-
1. An encryption communication system in which a plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, the encryption communication system characterized in that,
in each of the plurality of encryption communication apparatuses, a frame transmitting and receiving unit which encrypts and transmits the data for the other encryption communication apparatus by using an encryption key and decrypts the data received from the other encryption communication apparatus by using an encryption key, and an encryption key exchange processing unit which generates and exchanges the encryption key in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus are provided; - and,
in at least a part of the plurality of encryption communication apparatuses, an apparatus load measurement unit which measures apparatus load, a communication volume measurement unit which measures the volume of communication with each of the encryption communication apparatuses of the counterpart, and a validity time control unit which sets validity time for the encryption key generated by the encryption key exchange unit, searches an encryption key of which validity time is close, and instructs the encryption key exchange processing unit to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, searches an encryption key of the encryption communication apparatus of a counterpart for which the communication volume is small, and instructs the encryption key exchange processing unit to update the encryption key by exchanging the encryption key again are provided. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
in each of the local encryption communication apparatuses, the frame transmitting and receiving unit and the encryption key exchange processing unit are provided.
- and,
-
4. The encryption communication system according to claim 1, characterized in that, when encryption communication is to be performed mutually between the plurality of encryption communication apparatuses, in each of the plurality of encryption communication apparatuses, the frame transmitting and receiving unit, the encryption key exchange processing unit, the apparatus load measurement unit, the communication volume measurement unit, and the validity time control unit are provided.
-
5. The encryption communication system according to claim 1, characterized in that, when first reception connection is received from the other encryption communication apparatus, the encryption key exchange processing unit generates and exchanges the encryption key and instructs the validity time control unit to perform validity time control of the encryption key.
-
6. The encryption communication system according to claim 1, characterized in that when first transmission connection to the other encryption communication apparatus is achieved, the encryption key exchange processing unit generates and exchanges the encryption key and instructs the validity time control unit to perform validity time control of the encryption key.
-
7. The encryption communication system according to claim 1, characterized in that
the apparatus load measurement unit measures CPU load; - and
the validity time control unit determines encryption key update timing when a mean value of the CPU load during a past predetermined period of time is lower than a predetermined value, searches the encryption communication apparatus of the counterpart having the communication volume which is equal to or less than a predetermined value and minimum, and instructs the encryption key exchange unit to update the encryption key by generating an encryption key again.
- and
-
8. The encryption communication system according to claim 1, characterized in that the communication volume measurement unit measures a bit rate per unit time as the communication volume.
-
9. The encryption communication system according to claim 1, characterized in that the validity time control unit prohibits encryption key update for a predetermined period of time from update of the encryption key.
-
10. The encryption communication system according to claim 1, characterized in that the encryption key exchange processing unit generates and exchanges the encryption key of a shared key encryption method which uses the same encryption key in encryption and decryption.
-
11. An encryption communication apparatus in which a plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, the encryption communication apparatus characterized by having a transmitting and receiving unit which encrypts and transmits the data for the other encryption communication apparatus by using an encryption key and decrypts the data received from the other encryption communication apparatus by using an encryption key;
-
an encryption key exchange processing unit which generates and exchanges the encryption key in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus are provided; an apparatus load measurement unit which measures apparatus load; a communication volume measurement unit which measures the volume of communication with each of the encryption communication apparatuses of the counterpart; and a validity time control unit which sets validity time for the encryption key generated by the encryption key exchange unit, searches an encryption key of which validity time is close, and instructs the encryption key exchange processing unit to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, searches an encryption key of the encryption communication apparatus of a counterpart for which the communication volume is small, and instructs the encryption key exchange processing unit to update the encryption key by exchanging the encryption key again. - View Dependent Claims (12, 13, 14, 15, 16)
the validity time control unit determines encryption key update timing when a mean value of the CPU load during a past predetermined period of time is lower than a predetermined value, searches the encryption communication apparatus of the counterpart having the communication volume which is equal to or less than a predetermined value and minimum, and instructs the encryption key exchange unit to update the encryption key by generating an encryption key again.
-
-
16. (Prohibited Time Period of Encryption Key Update)
The encryption communication apparatus described in claim 11, characterized in that the validity time control unit prohibits encryption key update for a predetermined period of time from update of the encryption key.
-
17. An encryption communication method in which a plurality of encryption communication apparatuses to which terminal apparatuses are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, the encryption communication method characterized by including a transmitting and receiving step in which the data for the other encryption communication method is encrypted and transmitted by using an encryption key, and the data received from the other encryption communication apparatus is decrypted by using the encryption key;
-
an encryption key exchange processing step in which the encryption key is generated and exchanged in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus; an apparatus load measurement step in which apparatus load is measured; a communication volume measurement step in which the volume of communication with each of the encryption communication apparatuses of the counterpart is measured; a validity time control step in which validity time is set for the encryption key generated in the encryption key exchange step, an encryption key of which validity time is close is searched, and the encryption key exchange processing step is instructed to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, an encryption key of the encryption communication apparatus of a counterpart for which the communication volume is small is searched, and the encryption key exchange processing step is instructed to update the encryption key by exchanging the encryption key again. - View Dependent Claims (18)
in the validity time control step, encryption key update timing is determined when a mean value of the CPU load during a past predetermined period of time is lower than a predetermined value, the encryption communication apparatus of the counterpart having the communication volume which is equal to or less than a predetermined value and minimum is searched, and the encryption key exchange step is instructed to update the encryption key by generating an encryption key again.
-
-
19. A computer-readable storage medium which stores an encryption communication program characterized by causing a computer of an encryption communication apparatus in which a plurality of encryption communication apparatuses to which terminal programs are connected are connected via a network, data received from the terminal apparatus which is a transmission source is encrypted and transmitted to the other encryption communication apparatus, and the data received from the other encryption communication apparatus is decrypted and transmitted to the terminal apparatus which is a transmission destination, to execute
a transmitting and receiving step in which the data for the other encryption communication apparatus is encrypted and transmitted by using an encryption key, and the data received from the other encryption communication apparatus is decrypted by using the encryption key; -
an encryption key exchange processing step in which the encryption key is generated and exchanged in accordance with a predetermined encryption key exchange procedure involving advance negotiation with the counterpart apparatus upon initiation of first communication with the other encryption communication apparatus; an apparatus load measurement step in which apparatus load is measured; a communication volume measurement step in which the volume of communication with each of the encryption communication apparatuses of the counterpart is measured; a validity time control step in which validity time is set for the encryption key generated in the encryption key exchange step, an encryption key of which validity time is close is searched, and the encryption key exchange processing step is instructed to update the encryption key by generating an encryption key again, or, in the case in which there is no encryption key of which validity time is close, when the apparatus load is determined to be in a low state, the encryption communication apparatus of a counterpart for which the communication volume is small is searched, and the encryption key exchange processing step is instructed to update the encryption key by exchanging the encryption key again. - View Dependent Claims (20)
in the validity time control step, encryption key update timing is determined when a mean value of the CPU load during a past predetermined period of time is lower than a predetermined value, the encryption communication apparatus of the counterpart having the communication volume which is equal to or less than a predetermined value and minimum is searched, and the encryption key exchange step is instructed to update the encryption key by generating an encryption key again.
-
-
21. An encryption communication apparatus which is connected to another encryption communication apparatus via a network, is connected to a terminal apparatus, encrypts data received from the terminal apparatus and transmits the data to the other encryption communication apparatus, and decrypts data received from the other encryption communication apparatus and transmits the data to the terminal apparatus, the encryption communication apparatus characterized by having a transmitting and receiving unit which encrypts the data to be transmitted to the other encryption communication apparatus by using an encryption key and transmits the data, and decrypts the data received from the other encryption communication apparatus by using the encryption key;
-
an encryption key processing unit which generates the encryption key used in data transmission and reception with the other encryption communication apparatus in accordance with an encryption key exchange procedure; an apparatus load measurement unit which measures the load of the apparatus per se; a communication volume measurement unit which measures a communication volume of the other encryption communication apparatus; and a control unit which, when a state in which load is low is determined by the apparatus load measurement unit, searches the other encryption communication apparatus having a small communication volume based on a measurement result of the communication volume measurement unit, and instructs the encryption key exchange processing unit to update the encryption key which is shared with the other encryption communication apparatus.
-
-
22. An information processing apparatus which is connected to another apparatus and transmits/receives information to or from the other apparatus, the information processing apparatus characterized by having
a transmitting and receiving unit which transmits transmitted information encrypted by an encryption key to the other apparatus and decrypts received information from the other apparatus by the encryption key; -
an apparatus load measurement unit which measures load of the apparatus per se; and a control unit which, when the state in which the load is low is determined by the apparatus load measurement unit, searches the other apparatus having a small communication volume and updates the encryption key used in information transmission/reception to or from the other apparatus. - View Dependent Claims (23)
-
Specification