Communication system, communication device, and communication method with a security policy for communication between devices
First Claim
1. A communication system comprising a first communication device and a second communication device connected through a network, the first communication device and the second communication device performing a communication process on the basis of a security policy set for each device,wherein the first communication device includesa security policy storing unit that is able to store a first security policy including an encryption method and an encryption key applied to predetermined communication with a predetermined communication device in a predetermined communication target range and a second security policy including an encryption method and an encryption key applied to all communication to which the first security policy in the communication target range is not applied, the second security policy being set by a user and inputted via an input unit of the first communication device,a first communication unit that performs communication of a communication packet with other communication devices through the network, anda first encryption processing unit that performs an encryption process on the transmitted communication packet and a decryption process of the received communication packet according to the second security policy when it is determined that the first security policy does not apply to other communication devices, andwherein the second communication device includesa first encryption key receiving unit that receives an input of the encryption key stored in the second security policy of the first communication device, the first encryption key being inputted via an input of the second communication device,a policy generating unit that generates a third security policy including the encryption method of the second security policy and the input encryption key,a second encryption processing unit that performs an encryption process on the communication packet transmitted to the first communication device and a decryption process of the communication packet received from the first communication device according to the third security policy, anda second communication unit that performs communication of the communication packet with the first communication device through the network.
1 Assignment
0 Petitions
Accused Products
Abstract
A first communication device includes a security policy storing unit that store a security policy and a default policy applied to communication to which the security policy is not applied, a communication unit that performs communication, and a communication control unit that performs an encryption process and a decryption process according to the default policy when the communication does not correspond to the target of the policy. A second communication device includes an input and output receiving processing unit that receives an input of an encryption key of the default policy of the first communication device, a communication control unit that generates a policy including an encryption method of the default policy and the input encryption key and performs an encryption process and a decryption process in communication with the first communication device according to the policy, and a communication unit that performs communication of a communication packet.
17 Citations
7 Claims
-
1. A communication system comprising a first communication device and a second communication device connected through a network, the first communication device and the second communication device performing a communication process on the basis of a security policy set for each device,
wherein the first communication device includes a security policy storing unit that is able to store a first security policy including an encryption method and an encryption key applied to predetermined communication with a predetermined communication device in a predetermined communication target range and a second security policy including an encryption method and an encryption key applied to all communication to which the first security policy in the communication target range is not applied, the second security policy being set by a user and inputted via an input unit of the first communication device, a first communication unit that performs communication of a communication packet with other communication devices through the network, and a first encryption processing unit that performs an encryption process on the transmitted communication packet and a decryption process of the received communication packet according to the second security policy when it is determined that the first security policy does not apply to other communication devices, and wherein the second communication device includes a first encryption key receiving unit that receives an input of the encryption key stored in the second security policy of the first communication device, the first encryption key being inputted via an input of the second communication device, a policy generating unit that generates a third security policy including the encryption method of the second security policy and the input encryption key, a second encryption processing unit that performs an encryption process on the communication packet transmitted to the first communication device and a decryption process of the communication packet received from the first communication device according to the third security policy, and a second communication unit that performs communication of the communication packet with the first communication device through the network.
-
6. A communication device performing communication with other communication devices through a network, comprising:
-
a security policy storing unit that is able to store a first security policy including an encryption method and an encryption key applied to predetermined communication with a predetermined communication device in a predetermined communication target range and a second security policy including an encryption method and an encryption key applied to all communication to which the first security policy in the communication target range is not applied, the second security policy being set by a user and inputted via an input unit of the communication device; a first communication unit that performs communication of a communication packet with other communication devices; and a first encryption processing unit that performs an encryption process on the transmitted communication packet and a decryption process of the received communication packet according to the second security policy when it is determined that the first security policy does not apply to the other communication devices, the other communication devices receiving the encryption key via an input in the other communication devices.
-
-
7. A communication method in a communication system including a first communication device and a second communication device connected through a network, the first communication device and the second communication device performing a communication process on the basis of a security policy set for each device,
wherein the first communication device includes a security policy storing unit that is able to store a first security policy including an encryption method and an encryption key applied to predetermined communication with a predetermined communication device in a predetermined communication target range and a second security policy including an encryption method and an encryption key applied to all communication to which the first security policy in the communication target range is not applied, the second security policy being set by a user and inputted via an input unit of the first communication device, the communication method comprising: -
receiving an input of the encryption key stored in the second security policy of the first communication device by a user input of the second communication device comprising an first encryption key receiving unit; generating a third security policy including the encryption method of the second security policy and the input encryption key by a policy generating unit of the second communication device; performing an encryption process on the communication packet transmitted to the first communication device and a decryption process of the communication packet received from the first communication device according to the third security policy by a second encryption processing unit of the second communication device; performing communication of the communication packet with the first communication device through the network by a second communication unit of the second communication device; performing communication of the communication packet with the second communication device through the network by a first communication unit of the first communication device; and performing the encryption process on the transmitted communication packet and the decryption process of the received communication packet according to the second security policy by a first encryption processing unit of the first communication device, when it is determined that the first security policy does not apply to the second communication device.
-
Specification