COMMUNICATION SYSTEM OF CLIENT TERMINALS AND RELAY SERVER AND COMMUNICATION METHOD
First Claim
1. A client terminal comprising:
- a cipher session establishing section configured to establish a cipher session use connection between said client terminal as a source client terminal and a relay server by transmitting/receiving a cipher session establishment message between said source client terminal and said relay server, and to notify header information contained in a cipher session header to said relay server;
a shared key managing section configured to hold a client shared key with a destination client terminal;
a data enciphering section configured to perform encipherment of a data and/or MAC (Message Authentication Code) calculation of said data by using said client shared key and to output the performing result as a client cipher data;
a message producing section configured to produce a data communication message including a cipher data field in which said client cipher data is inserted and a non-cipher data field in which said cipher session header containing said header information is inserted; and
a transmitting section configured to transmits said data communication messages destined to said destination client terminal to said relay server by using said cipher session use connection.
1 Assignment
0 Petitions
Accused Products
Abstract
In a client terminal of a communication system, a cipher session establishing section establishes a cipher session use connection between the client terminal as a source client terminal and a relay server by transmitting/receiving a cipher session establishment message between the source client terminal and the relay server, and notifies header information contained in a cipher session header to the relay server. A shared key managing section holds a client shared key with a destination client terminal, A data enciphering section performs encipherment of a data and/or MAC (Message Authentication Code) calculation of the data by using the client shared key and to output the performing result as a client cipher data. A message producing section produces a data communication message including a cipher data field in which the client cipher data is inserted and a non-cipher data field in which the cipher session header containing the header information is inserted. A transmitting section transmits the data communication messages destined to the destination client terminal to the relay server by using the cipher session use connection.
-
Citations
20 Claims
-
1. A client terminal comprising:
-
a cipher session establishing section configured to establish a cipher session use connection between said client terminal as a source client terminal and a relay server by transmitting/receiving a cipher session establishment message between said source client terminal and said relay server, and to notify header information contained in a cipher session header to said relay server; a shared key managing section configured to hold a client shared key with a destination client terminal; a data enciphering section configured to perform encipherment of a data and/or MAC (Message Authentication Code) calculation of said data by using said client shared key and to output the performing result as a client cipher data; a message producing section configured to produce a data communication message including a cipher data field in which said client cipher data is inserted and a non-cipher data field in which said cipher session header containing said header information is inserted; and a transmitting section configured to transmits said data communication messages destined to said destination client terminal to said relay server by using said cipher session use connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A relay server which relays communication between client terminals, comprising:
-
a cipher session establishing section configured to establish a cipher session use connection with each of a plurality of client terminals by transmitting/receiving a cipher session establishment message to/from each of said plurality of client terminals, and to acquire header information to be contained in a cipher session header from each of said plurality of client terminals; and a message transfer section configured to transmit/receive a data communication message to/from each of said plurality of client terminals by using said cipher session use connection, wherein said data communication message includes a cipher data field which includes a client cipher data enciphered by using a client shared key shared by said plurality of client terminals, and a non-cipher data field which includes a cipher session header which contains said header information, and said message transfer section converts said cipher session header contained in said non-cipher data field of said data communication message transmitted from any of said plurality of client terminals into a cipher session header corresponding to one of said plurality of client terminals as a transmission destination of said data communication message and transmits said data communication message which has the converted cipher session header, to said client terminal as the transmission destination. - View Dependent Claims (17)
-
-
18. A communication system comprising:
-
a client terminal; a relay server; a private network connected with said client terminal; a global network connected with said relay server; and a firewall provided between said private network and said global network to monitor said cipher session use connection, wherein said client terminal comprises; a cipher session establishing section configured to establish a cipher session use connection between said client terminal as a source client terminal and said relay server by transmitting/receiving a cipher session establishment message between said source client terminal and said relay server, and to notify header information contained in a cipher session header to said relay server; a shared key managing section configured to hold a client shared key with a destination client terminal; a data enciphering section configured to perform encipherment of a data and/or MAC (Message Authentication Code) calculation of said data by using said client shared key and to output the performing result as a client cipher data; a message producing section configured to produce a data communication message including a cipher data field in which said client cipher data is inserted and a non-cipher data field in which said cipher session header containing said header information is inserted; and a transmitting section configured to transfer said data communication messages destined to said destination client terminal to said relay server by using said cipher session use connection, said relay server comprises; a cipher session establishing section configured to establish said cipher session use connection with each of a plurality of client terminals, and to acquire header information to be contained in a cipher session header from each of said plurality of client terminals; and a message transfer section configured to transmit/receive a data communication message to/from each of said plurality of client terminals by using said cipher session use connection, wherein said data communication message includes a cipher data field which includes a client cipher data enciphered by using a client shared key shared by said plurality of client terminals, and a non-cipher data field which includes a cipher session header which contains said header information, and said message transfer section converts said cipher session header contained in said non-cipher data field of said data communication message transmitted from any of said plurality of client terminals into a cipher session header corresponding to one of said plurality of client terminals as a transmission destination of said data communication message and transmits said data communication message which has the converted cipher session header, to said client terminal as the transmission destination.
-
-
19. A communication method in which communication of a data between a plurality of client terminals connected with different private networks is performed via a relay server connected with a global network, said communication method comprising:
-
holding client shared key common to a plurality of client terminals; establishing a cipher session use connection between said relay servers and each of said plurality of client terminals; notifying header information to be contained in a cipher session header from said client terminal to said relay server; generating a client cipher data by enciphering a transmission data by using said client shared key in said client terminal; producing a data communication message comprising a cipher data field which includes said client cipher data and a non-cipher data field which includes a cipher session header having said header information by said client terminal; transmitting said data communication message from said client terminal to said relay server; changing said cipher session header based on said header information corresponding to a client terminal as a destination of said data communication message by said relay server; and transmitting said data communication message in which said header information has been changed, from said relay server to said destination client terminal by using a cipher session use connection which has been established between said relay server and said destination client terminal. - View Dependent Claims (20)
-
Specification