COMMUNICATION SYSTEM OF CLIENT TERMINALS AND RELAY SERVER AND COMMUNICATION METHOD

US 20080162929A1
Filed: 09/06/2007
Published: 07/03/2008
Est. Priority Date: 12/27/2006
Status: Active Grant

First Claim

Patent Images

1. A client terminal comprising:

a cipher session establishing section configured to establish a cipher session use connection between said client terminal as a source client terminal and a relay server by transmitting/receiving a cipher session establishment message between said source client terminal and said relay server, and to notify header information contained in a cipher session header to said relay server;

a shared key managing section configured to hold a client shared key with a destination client terminal;

a data enciphering section configured to perform encipherment of a data and/or MAC (Message Authentication Code) calculation of said data by using said client shared key and to output the performing result as a client cipher data;

a message producing section configured to produce a data communication message including a cipher data field in which said client cipher data is inserted and a non-cipher data field in which said cipher session header containing said header information is inserted; and

a transmitting section configured to transmits said data communication messages destined to said destination client terminal to said relay server by using said cipher session use connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a client terminal of a communication system, a cipher session establishing section establishes a cipher session use connection between the client terminal as a source client terminal and a relay server by transmitting/receiving a cipher session establishment message between the source client terminal and the relay server, and notifies header information contained in a cipher session header to the relay server. A shared key managing section holds a client shared key with a destination client terminal, A data enciphering section performs encipherment of a data and/or MAC (Message Authentication Code) calculation of the data by using the client shared key and to output the performing result as a client cipher data. A message producing section produces a data communication message including a cipher data field in which the client cipher data is inserted and a non-cipher data field in which the cipher session header containing the header information is inserted. A transmitting section transmits the data communication messages destined to the destination client terminal to the relay server by using the cipher session use connection.

Citations

20 Claims

1. A client terminal comprising:
- a cipher session establishing section configured to establish a cipher session use connection between said client terminal as a source client terminal and a relay server by transmitting/receiving a cipher session establishment message between said source client terminal and said relay server, and to notify header information contained in a cipher session header to said relay server;
  
  a shared key managing section configured to hold a client shared key with a destination client terminal;
  
  a data enciphering section configured to perform encipherment of a data and/or MAC (Message Authentication Code) calculation of said data by using said client shared key and to output the performing result as a client cipher data;
  
  a message producing section configured to produce a data communication message including a cipher data field in which said client cipher data is inserted and a non-cipher data field in which said cipher session header containing said header information is inserted; and
  
  a transmitting section configured to transmits said data communication messages destined to said destination client terminal to said relay server by using said cipher session use connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The client terminal according to claim 1, wherein said shared key managing section produces said cipher session establishment message to start exchange of said client shared key with said destination client terminal, andsaid message producing section inserts said cipher session establishment message in said cipher data field to produce said data communication message.
  - 3. The client terminal according to claim 1, wherein said message producing section inserts a size value of a data to be inserted into said cipher data field to produce said data communication message.
  - 4. The client terminal according to claim 1, wherein said message producing section inserts a terminal ID of said destination client terminal as a destination terminal ID into said cipher data field in a form readable by said relay server to produce said data communication message.
  - 5. The client terminal according to claim 4, wherein said sour client terminal is assigned with a source terminal ID,said data enciphering section performs the encipherment of said data and/or the MAC (Message Authentication Code) calculation of said data by using one of said client shared keys managed by said shared key managing section and corresponding to said destination terminal ID, andsaid message producing section inserts said source terminal ID of said source client terminal in said cipher data field as a source terminal ID to produce said data communication message.
  - 6. The client terminal according to claim 4, wherein said keyed managing section holds a group key common to a plurality of said destination client terminals,said data enciphering section performs the encipherment of the data and/or the MAC calculation of the data by using said group key,said message producing section inserts the plurality of terminal IDs of said plurality of destination client terminals in said cipher data fields of replica messages of said data communication message as destination terminal IDs, andsaid transfer section transfers said replica messages for said plurality of destination client terminals to said relay server by using said cipher session use connection.
  - 7. The client terminal according to claim 4, wherein said shared key managing section holds a group key common to a plurality of said destination client terminals,said data enciphering section performs the encipherment of the data and/or the MAC calculation of the data by using said group key,said message producing section inserts a group terminal ID allocated to said plurality of destination client terminals in said cipher data field of said data communication message as a destination terminal ID, andsaid transfer section transfers said data communication message for said plurality of destination client terminals to said relay server by using said cipher session use connection.
  - 8. The client terminal according to claim 1, wherein said cipher session establishing section establishes a plurality of different cipher use connections with said relay server for said destinations client terminals;
    - andsaid transmitting section transmits said data communication message for said destination client terminals to said relay server using said cipher session use connections corresponding to said client terminals.
  - 9. The client terminal according to claim 1, wherein said cipher session establishing section exchanges a session key with said relay server when establishing said cipher session use connection with said relay server, andsaid message producing section produces said data communication message having said cipher data field in which the data ciphered and/or having a calculated MAC by using said session key is inserted.
  - 10. The client terminal according to claim 1, wherein said cipher session establishing section exchanges a session key with said relay server when establishing said cipher session use connection with said relay server, andsaid message producing section calculates MAC of the data by using said session key and inserts the calculation result in said cipher data field to produce said data communication message.
  - 11. The client terminal according to claim 1, further comprising:
    - a receiving section configured to receive said data communication message transmitted from said destination client terminal through said relay server;
      
      a message analyzing section configured to extract a data enciphered or a data used for MAC calculation by using said client shared key with said source client terminal from the cipher data field of said data communication message; and
      
      a data deciphering section configured to decipher the extracted data and/or calculate MAC of the extracted data.
  - 12. The client terminal according to claim 11, wherein when said cipher session establishment message transmitted from said source client terminal is contained in said cipher data field of said data communication message received from said relay server, said message analyzing section transfers said cipher session establishment message to said shared key managing section, andsaid shared key managing section acquires said client shared key with said source client terminal based on said cipher session establishment message corresponding to said cipher session establishment message transferred from said message analyzing section.
  - 13. The client terminal according to claim 12, wherein said message analyzing section extracts said source terminal ID contained in said cipher data field of said data communication message, andsaid data deciphering section performs decipherment of the data extracted by said message analyzing section and/or calculation of MAC of the extracted data by using one of said client shared keys managed by said shared key managing section and corresponding to said source terminal ID extracted by said message analyzing section.
  - 14. The client terminal according to claim 12, wherein said message analyzing section notifies to said data deciphering section that said received data communication message is a broadcast communication, andin response to the notice from said message analyzing section, said data deciphering section perform the decipherment of the extracted data by said message analyzing section by using a group key, common to said plurality of destination client terminals, of the client shared keys managed by said shared key managing section, and/or the calculation of MAC of the extracted data.
  - 15. The client terminal according to claim 11, wherein said message analyzing section compares the MAC contained in said data communication message received from said relay server and the MAC contained in said data communication message and calculated by using the session key which is acquired from said relay server in the establishment of said cipher session use connection, to carry out authentication of said data communication message.

16. A relay server which relays communication between client terminals, comprising:
- a cipher session establishing section configured to establish a cipher session use connection with each of a plurality of client terminals by transmitting/receiving a cipher session establishment message to/from each of said plurality of client terminals, and to acquire header information to be contained in a cipher session header from each of said plurality of client terminals; and
  
  a message transfer section configured to transmit/receive a data communication message to/from each of said plurality of client terminals by using said cipher session use connection,wherein said data communication message includes a cipher data field which includes a client cipher data enciphered by using a client shared key shared by said plurality of client terminals, and a non-cipher data field which includes a cipher session header which contains said header information, andsaid message transfer section converts said cipher session header contained in said non-cipher data field of said data communication message transmitted from any of said plurality of client terminals into a cipher session header corresponding to one of said plurality of client terminals as a transmission destination of said data communication message and transmits said data communication message which has the converted cipher session header, to said client terminal as the transmission destination.
- View Dependent Claims (17)
- - 17. The relay server according to claim 16, wherein said cipher session establishing section notifies correspondence relation between a terminal ID notified from each of said plurality of client terminals and said cipher session use connection to said message transfer section, andsaid message transfer section uses said cipher session use connection corresponding to a same terminal ID as a destination terminal ID which is contained in said cipher data field of said data communication message based on the correspondence relation for transmission of said data communication message.

18. A communication system comprising:
- a client terminal;
  
  a relay server;
  
  a private network connected with said client terminal;
  
  a global network connected with said relay server; and
  
  a firewall provided between said private network and said global network to monitor said cipher session use connection,wherein said client terminal comprises;
  
  a cipher session establishing section configured to establish a cipher session use connection between said client terminal as a source client terminal and said relay server by transmitting/receiving a cipher session establishment message between said source client terminal and said relay server, and to notify header information contained in a cipher session header to said relay server;
  
  a shared key managing section configured to hold a client shared key with a destination client terminal;
  
  a data enciphering section configured to perform encipherment of a data and/or MAC (Message Authentication Code) calculation of said data by using said client shared key and to output the performing result as a client cipher data;
  
  a message producing section configured to produce a data communication message including a cipher data field in which said client cipher data is inserted and a non-cipher data field in which said cipher session header containing said header information is inserted; and
  
  a transmitting section configured to transfer said data communication messages destined to said destination client terminal to said relay server by using said cipher session use connection,said relay server comprises;
  
  a cipher session establishing section configured to establish said cipher session use connection with each of a plurality of client terminals, and to acquire header information to be contained in a cipher session header from each of said plurality of client terminals; and
  
  a message transfer section configured to transmit/receive a data communication message to/from each of said plurality of client terminals by using said cipher session use connection,wherein said data communication message includes a cipher data field which includes a client cipher data enciphered by using a client shared key shared by said plurality of client terminals, and a non-cipher data field which includes a cipher session header which contains said header information, andsaid message transfer section converts said cipher session header contained in said non-cipher data field of said data communication message transmitted from any of said plurality of client terminals into a cipher session header corresponding to one of said plurality of client terminals as a transmission destination of said data communication message and transmits said data communication message which has the converted cipher session header, to said client terminal as the transmission destination.

19. A communication method in which communication of a data between a plurality of client terminals connected with different private networks is performed via a relay server connected with a global network, said communication method comprising:
- holding client shared key common to a plurality of client terminals;
  
  establishing a cipher session use connection between said relay servers and each of said plurality of client terminals;
  
  notifying header information to be contained in a cipher session header from said client terminal to said relay server;
  
  generating a client cipher data by enciphering a transmission data by using said client shared key in said client terminal;
  
  producing a data communication message comprising a cipher data field which includes said client cipher data and a non-cipher data field which includes a cipher session header having said header information by said client terminal;
  
  transmitting said data communication message from said client terminal to said relay server;
  
  changing said cipher session header based on said header information corresponding to a client terminal as a destination of said data communication message by said relay server; and
  
  transmitting said data communication message in which said header information has been changed, from said relay server to said destination client terminal by using a cipher session use connection which has been established between said relay server and said destination client terminal.
- View Dependent Claims (20)
- - 20. The communication method according to claim 19, further comprising:
    - deciphering said client data contained in said cipher data field of said data communication message in said destination client terminal by using said client shared key to acquire said transmission data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Koide, Toshio, Ishikawa, Yuichi

Granted Patent

US 8,583,912 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/160
CPC Class Codes

H04L 2209/601   Broadcast encryption

H04L 9/0833   involving conference or gro...

H04L 9/0838   Key agreement, i.e. key est...

COMMUNICATION SYSTEM OF CLIENT TERMINALS AND RELAY SERVER AND COMMUNICATION METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

COMMUNICATION SYSTEM OF CLIENT TERMINALS AND RELAY SERVER AND COMMUNICATION METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links