Bridging system, bridge, and bridging method
First Claim
1. A hardware bridge for performing a bridging to perform an encryption communication between a server and a client via a LAN (local area network), the hardware bridge comprising:
- two channels, one of the channels making a LAN connection to either the server or the client and an other channel making a LAN connection to an internet; and
a processor configured to perform a LAN packet scramble, an encryption key management and a bridging system authentication for a packet from either the sever or the client through a key exchange software mechanism, an encryption software mechanism, and an authentication information addition,wherein the hardware bridge is configured to perform a composite authentication management software mechanism provided with a plurality of authentication purpose interfaces configured to perform a composite authentication,wherein the hardware bridge is configured to perform;
the composite authentication management software mechanism; and
a concealment/save software mechanism;
the composite authentication management software mechanism being provided with a procedure to perform a mutual authentication including an On/Off state of the concealment/save software mechanism with an opposing hardware bridge, to perform an automatic key management, and to determine a common key, andwherein the concealment/save software mechanism comprises;
a key management process for managing and holding the common key even after the encryption communication when the concealment/save software mechanism is in an On state and for allowing decryption with the common key only on a sending side and preventing decryption with the common key on a receiving side; and
a non-decryption file management process for managing and holding a file information encrypting and for transmitting a payload of an application communicated with the common key at an internal of a sending side hardware bridge.
1 Assignment
0 Petitions
Accused Products
Abstract
Bridges 30, 40 are interposed between a server 10 or a client 20 having two channels 2ch, one of the two channels making a LAN connection to either the server or the client and the other channel making the LAN connection to the internet. Each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, a scramble purpose encryption key management, and a bridging system authentication. Furthermore, each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, and a bridging system authentication for a packet derived from the server or the client. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. The bridge has a plurality of authentication purpose interfaces to perform a composite authentication. Each of the bridges performs a key management to manage and hold the common key in the authentication and performs a non-decryption file management which manages and holds a file information encrypting and transmitting a payload of an application communicated with a common key at an internal of a transmission side bridge.
-
Citations
13 Claims
-
1. A hardware bridge for performing a bridging to perform an encryption communication between a server and a client via a LAN (local area network), the hardware bridge comprising:
-
two channels, one of the channels making a LAN connection to either the server or the client and an other channel making a LAN connection to an internet; and a processor configured to perform a LAN packet scramble, an encryption key management and a bridging system authentication for a packet from either the sever or the client through a key exchange software mechanism, an encryption software mechanism, and an authentication information addition, wherein the hardware bridge is configured to perform a composite authentication management software mechanism provided with a plurality of authentication purpose interfaces configured to perform a composite authentication, wherein the hardware bridge is configured to perform; the composite authentication management software mechanism; and a concealment/save software mechanism; the composite authentication management software mechanism being provided with a procedure to perform a mutual authentication including an On/Off state of the concealment/save software mechanism with an opposing hardware bridge, to perform an automatic key management, and to determine a common key, and wherein the concealment/save software mechanism comprises; a key management process for managing and holding the common key even after the encryption communication when the concealment/save software mechanism is in an On state and for allowing decryption with the common key only on a sending side and preventing decryption with the common key on a receiving side; and a non-decryption file management process for managing and holding a file information encrypting and for transmitting a payload of an application communicated with the common key at an internal of a sending side hardware bridge. - View Dependent Claims (2, 3, 4)
-
-
5. A bridging method for performing an encryption communication between a server and a client via a LAN (local area network), the bridging method comprising:
-
connecting an internet via a hardware bridge in which two channels are equipped, one of the two channels making a LAN connection to either the server or the client and an other channel making a LAN connection to the internet, wherein the hardware bridge is provided with a procedure to perform a LAN packet scramble, a scramble purpose encryption key management, and a bridging system authentication for a packet from either the server or the client, wherein the hardware bridge is provided with a composite authentication management software mechanism provided with a plurality of authentication interfaces configured to perform a composite authentication and a concealment/save software mechanism, the composite authentication management software mechanism provided with a composite authentication management procedure to perform a mutual authentication including an On/Off state of the concealment/save software mechanism with an opposing hardware bridge, to perform an automatic key exchange, and to determine a common key, and the concealment/save software mechanism being provided with a key management procedure to manage and hold the common key even after the encryption communication when the concealment/save software mechanism is in an On state and for allowing decryption with the common key only on a sending side and preventing decryption with the common key on a receiving side, and a non-decryption file management procedure to manage and hold a file information encrypting and to transmit a payload of an application communicated with the common key at an internal of a sending side hardware bridge. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A bridging system for performing an encryption communication between a server and a client via a LAN (local area network), comprising:
-
a server'"'"'s side hardware bridge comprising; an inbound channel configured to make a LAN connection to the server, an outbound channel configured to make a LAN connection to an internet, and a processor configured to perform a LAN packet scramble and a scramble purpose encryption key management for a packet from the server through a key exchange software mechanism, an encryption software mechanism, and an authentication information addition; and a client'"'"'s side hardware bridge comprising; an inbound channel configured to make a LAN connection to the client, an outbound channel configured to make a LAN connection to the internet, and a processor configured to perform a LAN packet scramble and the scramble purpose encryption key management for a packet from the client through a key exchange software mechanism, an encryption software mechanism, and an authentication information addition; wherein the processor of each of the client'"'"'s side hardware bridge and the server'"'"'s side hardware bridge is configured to perform; an authentication management software mechanism configured to perform a mutual authentication with an opposing hardware bridge, to perform an automatic key exchange, and to determine a common key, and a concealment/save software mechanism comprising; a non-decryption file management process for encrypting a payload of an application packet with the common key on a sending side, holding a remaining part of the application packet unencrypted, and sending the application packet including an encrypted payload and an unencrypted part, to the hardware bridge on a receiving side to save the encrypted payload on the receiving side in a concealed state to prevent decryption of the payload on the receiving side and to save the payload without decrypting on the receiving side, a key management process for saving the common key only on the sending side after a session of the encryption communication when the concealment/save software mechanism on the sending side is in an ON state in the session and for enabling decryption of the encrypted payload left encrypted on the receiving side, with the common key saved only on the sending side. - View Dependent Claims (11, 12)
-
-
13. A bridging method for performing an encryption communication between a server and a client via a LAN (local area network), the bridging method comprising:
-
a step of receiving, with a hardware bridge on a sending side, from a host which is one of the server and the client, an application packet including an application command and an application payload; a step of performing an automatic key exchange with a hardware bridge on a receiving side, and determining a common key; a step of encrypting the application payload of the application packet with the common key in the hardware bridge on the sending side; a step of sending the application packet including the application command remaining unencrypted and the application payload encrypted, from the hardware bridge on the sending side to the hardware bridge on the receiving side; a step of receiving the application packet including the application command remaining unencrypted and the application payload encrypted, from the hardware bridge on the sending side, with the hardware bridge on the receiving side; a step of transferring the application packet including the application command remaining unencrypted and the application payload left encrypted without decrypting the application payload, from the hardware bridge on the receiving side to a host on the receiving side which is the other of the server and the client; a step of storing the application packet including the application command remaining unencrypted and the application payload left encrypted, in the host on the receiving side; and a step of saving the common key in the hardware bridge on the sending side while the common key is not saved in the hardware bridge on the receiving side and the application payload is left encrypted in the host on the receiving side after a session of the encryption communication.
-
Specification