Encrypted Communication Method
First Claim
1. An encrypted communication method characterized by comprising the steps of:
- a) causing a communication method resolution unit to determine on the basis of a domain name contained in one of a name resolution query transmitted from an application that communicates with a node apparatus connected to a network to resolve an IP address of the node apparatus and a name resolution response as a response to the name resolution query whether the node apparatus is an encrypted communication target node;
b) causing an encrypted communication path setting unit to register the IP address of the node apparatus in an encrypted communication path setting table when the node apparatus is the encrypted communication target node;
c) causing a name resolution query/response transmission/reception unit to transmit the IP address of the node apparatus contained in the name resolution response to the application;
d) causing the application to transmit a data packet in which the IP address of the node apparatus is set as a destination address; and
e) causing a data transmission/reception unit to receive the data packet transmitted from the application and, if a communication partner IP address set as the destination address of the data packet is registered in the encrypted communication path setting table, encrypt and transmit the data packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A DNS Proxy unit (A12a) holds the domain name of an encrypted communication target node in a CUG setting table (A125a), intercepts a name resolution request for a communication partner node output from an application (A11x) to a DNS server (B1a), determines by looking up the CUG setting table (A125a) whether the communication partner is an encrypted communication target node, and if the communication partner is an encrypted communication target node, registers the IP address of the name-resolved communication partner in an encrypted communication path setting table (A142a). A data packet sent from the application (A11x) to the IP address is intercepted by a data transmission/reception unit (A14a). A data packet to an IP address registered in the encrypted communication path setting table (A142a) is encrypted by a communication encryption unit (A141a) and transmitted to the communication partner. In this way, in executing encrypted communication with a plurality of communication partners by using a communication encryption function provided by an OS, setting of the encrypted communication target node can be done by using a domain name.
-
Citations
44 Claims
-
1. An encrypted communication method characterized by comprising the steps of:
-
a) causing a communication method resolution unit to determine on the basis of a domain name contained in one of a name resolution query transmitted from an application that communicates with a node apparatus connected to a network to resolve an IP address of the node apparatus and a name resolution response as a response to the name resolution query whether the node apparatus is an encrypted communication target node; b) causing an encrypted communication path setting unit to register the IP address of the node apparatus in an encrypted communication path setting table when the node apparatus is the encrypted communication target node; c) causing a name resolution query/response transmission/reception unit to transmit the IP address of the node apparatus contained in the name resolution response to the application; d) causing the application to transmit a data packet in which the IP address of the node apparatus is set as a destination address; and e) causing a data transmission/reception unit to receive the data packet transmitted from the application and, if a communication partner IP address set as the destination address of the data packet is registered in the encrypted communication path setting table, encrypt and transmit the data packet. - View Dependent Claims (2, 3, 4)
-
-
5. An encrypted communication method characterized by comprising the steps of:
-
a) causing a communication method resolution unit to determine on the basis of a domain name contained in one of a name resolution query transmitted from an application on a client node to resolve an IP address of another node apparatus serving as a communication target of the application and a name resolution response as a response to the name resolution query whether said other node apparatus is an encrypted communication target node; b) causing an encrypted communication path setting unit to register, in an encrypted communication path setting table, a correspondence between the IP address of said other node apparatus and an intercept address that is not used in any other communication session when said other node apparatus is the encrypted communication target node; c) causing a name resolution query/response transmission/reception unit to transmit, to the application as the name resolution response, an intercept address corresponding to the IP address of said other node apparatus contained in the name resolution response; d) causing the application to transmit a data packet in which the intercept address is set as a destination address; and e) causing a data transmission/reception unit to receive the data packet transmitted from the application, read out, from the encrypted communication path setting table, a communication partner IP address corresponding to the intercept address set as the destination address of the data packet, set the readout communication partner IP address as the destination address of the data packet, and encrypt and transmit the set data packet. - View Dependent Claims (6, 7, 8)
-
-
9. A node apparatus characterized by comprising:
-
an application that communicates with another node apparatus connected to a network; a data transmission/reception unit provided in a kernel unit; and a name resolution proxy unit which relays a name resolution query transmitted from said application to a name resolution server to resolve an IP address of said other node apparatus and a name resolution response as a response to the name resolution query, said data transmission/reception unit comprising an encrypted communication path setting table which holds a communication partner IP address, and a communication encryption unit which receives a data packet transmitted from said application and encrypts and transmits the data packet when a communication partner IP address set as the destination address of the data packet is registered in said encrypted communication path setting table, and said name resolution proxy unit comprising an encrypted communication path setting unit which registers, in said encrypted communication path setting table, the IP address of said other node apparatus resolved by the name resolution response if it is determined on the basis of a domain name of said other node apparatus contained in one of the name resolution query and the name resolution response that said other node apparatus is an encrypted communication target node. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A communication encryption node apparatus connected, through a network, to a client node apparatus in which an application that communicates with another node apparatus connected to the network operates, characterized by comprising:
-
a data transmission/reception unit provided in a kernel unit; and a name resolution proxy unit which relays a name resolution query transmitted from the application to a name resolution server to resolve an IP address of said other node apparatus and a name resolution response as a response to the name resolution query, said data transmission/reception unit comprising an encrypted communication path setting table which holds a correspondence between a communication partner IP address and an intercept address, and a communication encryption unit which receives a data packet transmitted from the application, reads out, from said encrypted communication path setting table, a communication partner IP address corresponding to an intercept address set as a destination address of the data packet, sets the readout communication partner IP address as the destination address of the data packet, and encrypts and transmits the set data packet, and said name resolution proxy unit comprising an encrypted communication path setting unit which registers, in said encrypted communication path setting table, a correspondence between the IP address of said other node apparatus resolved by the name resolution response and an intercept address that is not used in any other communication session if it is determined on the basis of a domain name of said other node apparatus contained in one of the name resolution query and the name resolution response that said other node apparatus is an encrypted communication target node, and a name resolution query/response transmission/reception unit which transmits, to the application as the name resolution response, the intercept address corresponding to the IP address of said other node apparatus contained in the name resolution response received from the name resolution server. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. An encrypted communication system characterized by comprising:
-
a node apparatus in which an application that communicates with another node apparatus connected to a network operates; and a name resolution server which resolves an IP address of each of said node apparatuses, said node apparatus comprising a data transmission/reception unit provided in a kernel unit, and a name resolution proxy unit which relays a name resolution query transmitted from the application to said name resolution server to resolve the IP address of said other node apparatus and a name resolution response as a response to the name resolution query, said data transmission/reception unit comprising an encrypted communication path setting table which holds a communication partner IP address, and a communication encryption unit which receives a data packet transmitted from the application and encrypts and transmits the data packet when a communication partner IP address set as the destination address of the data packet is registered in said encrypted communication path setting table, said name resolution server comprising a communication method resolution unit which determines on the basis of a domain name of said other node apparatus contained in one of the name resolution query and the name resolution response whether said other node apparatus is an encrypted communication target node, and said name resolution proxy unit comprising an encrypted communication path setting unit which registers, in said encrypted communication path setting table, the IP address of said other node apparatus resolved by the name resolution response if said other node apparatus is an encrypted communication target node. - View Dependent Claims (24, 25, 26)
-
-
27. An encrypted communication system characterized by comprising:
-
a client node apparatus in which an application that communicates with another node apparatus connected to a network operates; a communication encryption node apparatus connected to said client node apparatus through the network; and a name resolution server which resolves an IP address of each of said node apparatuses, said communication encryption node apparatus comprising a data transmission/reception unit provided in a kernel unit, and a name resolution proxy unit which relays a name resolution query transmitted from the application to said name resolution server to resolve the IP address of said other node apparatus and a name resolution response as a response to the name resolution query, said data transmission/reception unit comprising an encrypted communication path setting table which holds a correspondence between a communication partner IP address and an intercept address, and a communication encryption unit which receives a data packet transmitted from the application, reads out, from said encrypted communication path setting table, a communication partner IP address corresponding to an intercept address set as a destination address of the data packet, sets the readout communication partner IP address as the destination address of the data packet, and encrypts and transmits the set data packet, said name resolution server comprising a communication method resolution unit which determines on the basis of a domain name of said other node apparatus contained in one of the name resolution query and the name resolution response whether said other node apparatus is an encrypted communication target node, and said name resolution proxy unit comprising an encrypted communication path setting unit which registers, in said encrypted communication path setting table, a correspondence between the IP address of said other node apparatus resolved by the name resolution response and an intercept address that is not used in any other communication session if said other node apparatus is an encrypted communication target node, and a name resolution query/response transmission/reception unit which transmits, to the application as the name resolution response, the intercept address corresponding to the IP address of said other node apparatus contained in the name resolution response received from the name resolution server. - View Dependent Claims (28, 29, 30)
-
-
31. A program which causes a computer included in a node apparatus in which an application that communicates with another node apparatus connected to a network operates to function as
communication encryption means provided in a data transmission/reception unit of a kernel unit, and name resolution proxy means for relaying a name resolution query transmitted from the application to a name resolution server to resolve an IP address of said other node apparatus and a name resolution response as a response to the name resolution query, characterized in that said communication encryption means receives a data packet transmitted from the application and encrypts and transmits the data packet when a communication partner IP address set as the destination address of the data packet is registered in an encrypted communication path setting table that holds a communication partner IP address, and said name resolution proxy means comprises encrypted communication path setting means for registering, in the encrypted communication path setting table, the IP address of said other node apparatus resolved by the name resolution response if it is determined on the basis of a domain name of said other node apparatus contained in one of the name resolution query and the name resolution response that said other node apparatus is an encrypted communication target node.
-
38. A program which causes a computer included in a communication encryption node apparatus connected, through a network, to a client node apparatus in which an application that communicates with another node apparatus connected to the network operates to function as
communication encryption means provided in a data transmission/reception unit of a kernel unit, and name resolution proxy means for relaying a name resolution query transmitted from the application to a name resolution server to resolve an IP address of said other node apparatus and a name resolution response as a response to the name resolution query, characterized in that said communication encryption means receives a data packet transmitted from the application, reads out, from an encrypted communication path setting table that holds a correspondence between a communication partner IP address and an intercept address, a communication partner IP address corresponding to an intercept address set as a destination address of the data packet, sets the readout communication partner IP address as the destination address of the data packet, and encrypts and transmits the set data packet, and said name resolution proxy means comprises encrypted communication path setting means for registering, in the encrypted communication path setting table, a correspondence between the IP address of said other node apparatus resolved by the name resolution response and an intercept address that is not used in any other communication session if it is determined on the basis of a domain name of said other node apparatus contained in one of the name resolution query and the name resolution response that said other node apparatus is an encrypted communication target node, and name resolution query/response transmission/reception means for transmitting, to the application as the name resolution response, the intercept address corresponding to the IP address of said other node apparatus contained in the name resolution response received from the name resolution server.
Specification