Management server, communication apparatus and program implementing key allocation system for encrypted communication
First Claim
1. An encrypted communication management server for managing encrypted communications among a plurality of communication apparatuses, the server comprising:
- a processor; and
a memory device storing a program, the processor executing the program to perform functions of;
receiving encrypted communication-purpose setting information from each of the communication apparatuses, the encrypted communication-purpose setting information including a plurality of setting items required for determining setting values in order to produce encryption keys which are used by the communication apparatuses, candidates for the setting values having been included in the plurality of setting items;
receiving from any one of the communication apparatuses, which constitutes a communication source apparatus, a connection request for performing an encrypted communication with a communication destination apparatus, the connection request containing information for specifying any other one of the communication apparatuses as the communication destination apparatus;
judging whether or not a setting value which is commonly used by the communication source apparatus and the communication destination apparatus for producing an encryption key is present in each of the plurality of setting items as to first encrypted communication-purpose setting information received from the communication source apparatus, and second encrypted communication-purpose setting information received from the communication destination apparatus, the first and second encrypted communication-purpose setting information being contained in previously-received encrypted communication-purpose setting information; and
when the setting value which is commonly used by the communication source apparatus and the communication destination apparatus for producing an encryption key is present in each of the plurality of setting items as to the first encrypted communication-purpose setting information and the second encrypted communication-purpose setting information, transmitting both the encryption key produced based upon the present setting value, and encrypted communication-purpose setting information constructed of the setting value for producing the encryption key to both the communication source apparatus and the communication destination apparatus.
0 Assignments
0 Petitions
Accused Products
Abstract
Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.
-
Citations
32 Claims
-
1. An encrypted communication management server for managing encrypted communications among a plurality of communication apparatuses, the server comprising:
-
a processor; and a memory device storing a program, the processor executing the program to perform functions of; receiving encrypted communication-purpose setting information from each of the communication apparatuses, the encrypted communication-purpose setting information including a plurality of setting items required for determining setting values in order to produce encryption keys which are used by the communication apparatuses, candidates for the setting values having been included in the plurality of setting items; receiving from any one of the communication apparatuses, which constitutes a communication source apparatus, a connection request for performing an encrypted communication with a communication destination apparatus, the connection request containing information for specifying any other one of the communication apparatuses as the communication destination apparatus; judging whether or not a setting value which is commonly used by the communication source apparatus and the communication destination apparatus for producing an encryption key is present in each of the plurality of setting items as to first encrypted communication-purpose setting information received from the communication source apparatus, and second encrypted communication-purpose setting information received from the communication destination apparatus, the first and second encrypted communication-purpose setting information being contained in previously-received encrypted communication-purpose setting information; and when the setting value which is commonly used by the communication source apparatus and the communication destination apparatus for producing an encryption key is present in each of the plurality of setting items as to the first encrypted communication-purpose setting information and the second encrypted communication-purpose setting information, transmitting both the encryption key produced based upon the present setting value, and encrypted communication-purpose setting information constructed of the setting value for producing the encryption key to both the communication source apparatus and the communication destination apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An encrypted communication management server for managing encrypted communications among a plurality of communication apparatuses, the server comprising:
-
a processor; and a memory device storing a program, the processor executing the program to perform functions of; receiving encrypted communication-purpose setting information from each of the communication apparatuses, the encrypted communication-purpose setting information including a plurality of setting items required for determining setting values in order to produce encryption keys which are employed when the one communication apparatus encrypts data to be transmitted/received with respect to other communication apparatuses, candidates of the setting values having been stored in the plurality of setting items; receiving from any one of the communication apparatuses, which constitutes a communication source apparatus, a connection request for performing an encrypted communication with a communication destination apparatus, the connection request containing information for specifying any other one of the communication apparatuses as the communication destination apparatus; judging whether or not a plurality of setting items in which ranges of the candidates of the stored setting values overlap with each other are present in the first encrypted communication-purpose setting information under reception from the communication source apparatus and in second encrypted communication-purpose setting information under reception from the communication destination apparatus, the first and second encrypted communication-purpose setting information being contained in previously-received encrypted communication-purpose setting information; and when the plurality of setting items in which ranges of the candidates of the setting values overlap with each other are present in both the first encrypted communication-purpose setting information and the second encrypted communication-purpose setting information, transmitting both the encryption key produced based upon one of the setting values within the overlap range, and encrypted communication-purpose setting information constructed of the setting value for producing the encryption key to both the communication source apparatus and the communication destination apparatus. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A communication apparatus connected via a network to a management server for managing a communication session, the apparatus comprising:
-
a processor; and a memory having a program, the processor executing the program to perform functions of; transmitting first encrypted communication-purpose setting information to the management server in order to encrypt a communication with another communication apparatus, wherein the first encrypted communication-purpose setting information includes a plurality of setting items required for determining a plurality of setting values, and candidates of the setting values have been included in the plurality of setting items; receiving from the management server, both an encryption key produced based upon such a setting value selected from the candidates of the setting values, which is used in the another communication apparatus, and second encrypted communication-purpose setting information which contains the setting value for producing the encryption key; and performing an encrypted communication with the another communication apparatus without via the management server by employing the encryption key and the second encrypted communication-purpose setting information. - View Dependent Claims (24, 25, 26, 27)
-
-
28. A non-transitory tangible computer-readable medium having a program, for a processor of a communication apparatus to be connected via a network to a management server for managing a communication session, the program, when executed, causing the processor to perform functions of:
-
transmitting first encrypted communication-purpose setting information to the management server in order to encrypt a communication with another communication apparatus, wherein the first encrypted communication-purpose setting information includes a plurality of setting items required for determining setting values, and candidates of the setting values have been included in the plurality of setting items; receiving both an encryption key produced based upon such a setting value selected from the candidates of the setting values, which is used in the another communication apparatus, and second encrypted communication-purpose setting information which contains the setting value for producing the encryption key from the management server; and performing an encrypted communication with the another communication apparatus by employing the encryption key and the second encrypted communication-purpose setting information, without the management server relaying data of the encrypted communication with the another communication apparatus. - View Dependent Claims (29, 30, 31, 32)
-
Specification