Communication network system having secret concealment function, and communication method
First Claim
1. A communication network system having a central management device and a plurality of local area network systems, said central management device and said plurality of local area network systems being connected to each other, each of the plurality of local area network systems having a router and a terminal which are connected to each other via a local area network,said central management device comprising:
- a management database for storing at least one common key, each public key assigned to each router and a public key assigned to the central management device; and
a central-side encryption unit for encrypting the common key by using each public key assigned to each router, and sending the encrypted common key to each router;
said router comprising;
a first router-side decryption unit for decrypting the encrypted common key sent from said central-side encryption unit by using a secret key of the router;
a storage unit for storing the common key after decryption by said first router-side decryption unit;
a router-side encryption unit for encrypting communication data to be sent from a first source terminal in a local area network system of the router to a first destination terminal in another local area network system, or communication data to be sent from the router to the central management device, by using the common key stored in said storage unit, and sending the encrypted communication data to another local area network or the central management device, whereinsaid central-side encryption unit encrypts the public keys and sends said encrypted public keys to each router,said first router-side decryption unit decrypts the encrypted public keys sent from the central-side encryption unit by using the secret key of the router,said storage unit stores the public keys after decryption by said first router-side decryption unit, andsaid router-side encryption unit selects the public key for a router of another local area network system or the central management device to be a destination from the public keys stored in the storage unit, encrypts the common key by using the selected public key, and sends the encrypted common key to another local area network or the central management device, together with the encrypted communication data.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a communication network system having a central management device and a plurality of local area network systems. Each of the plurality of local area network systems has a router and a terminal. The central management device encrypts a common key by using each public key of each router, and sends the encrypted common key to each router. The router decrypts the encrypted common key sent from the central management device by using a secret key of the router. The router encrypts communication data to be sent from a terminal in the router'"'"'s local area network system to a terminal in another local area network system, or to be sent from the router to the central management device by using the common key, and sends the encrypted communication data to another local area network or the central management device.
42 Citations
15 Claims
-
1. A communication network system having a central management device and a plurality of local area network systems, said central management device and said plurality of local area network systems being connected to each other, each of the plurality of local area network systems having a router and a terminal which are connected to each other via a local area network,
said central management device comprising: -
a management database for storing at least one common key, each public key assigned to each router and a public key assigned to the central management device; and a central-side encryption unit for encrypting the common key by using each public key assigned to each router, and sending the encrypted common key to each router; said router comprising; a first router-side decryption unit for decrypting the encrypted common key sent from said central-side encryption unit by using a secret key of the router; a storage unit for storing the common key after decryption by said first router-side decryption unit; a router-side encryption unit for encrypting communication data to be sent from a first source terminal in a local area network system of the router to a first destination terminal in another local area network system, or communication data to be sent from the router to the central management device, by using the common key stored in said storage unit, and sending the encrypted communication data to another local area network or the central management device, wherein said central-side encryption unit encrypts the public keys and sends said encrypted public keys to each router, said first router-side decryption unit decrypts the encrypted public keys sent from the central-side encryption unit by using the secret key of the router, said storage unit stores the public keys after decryption by said first router-side decryption unit, and said router-side encryption unit selects the public key for a router of another local area network system or the central management device to be a destination from the public keys stored in the storage unit, encrypts the common key by using the selected public key, and sends the encrypted common key to another local area network or the central management device, together with the encrypted communication data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A communication method in a communication network system having a central management device and a plurality of local area network systems, said central management device and said plurality of local area network systems being connected to each other, each of the plurality of local area network systems having a router and a terminal which are connected to each oilier via a local area network, comprising steps of:
-
in said central management device, encrypting at least one common key stored in a management database in advance by using each public key assigned to each router, each public key being stored in said management database in advance; and sending the encrypted common key to each router; and
in said router,decrypting the encrypted common key sent from the central management device by using a secret key of the router; encrypting communication data to be sent from a source terminal in a local area network system of the router to a destination terminal in another local area network system, or communication data to be sent from the router to the central management device by using the common key; and sending the encrypted communication data to another local area network or the central management device, and further comprising the steps of; in said central management device, encrypting the public keys; and sending said encrypted public keys to each router, and in said router, decrypting the encrypted public keys sent from the central-side encryption unit by using the secret key of the router, selecting the public key for a router of another local area network system or the central management device to be a destination from the public keys, encrypting the common key by using the selected public key, and sending the encrypted common key to another local area network of the central management device, together with the encrypted communication data.
-
-
10. A router disposed in each of a plurality of local area network systems which are connected to a central management device, the router being connected via a local area network to a terminal disposed in each of the plurality of local area network systems, the router comprising:
-
a decryption unit for decrypting an encrypted common key sent from said central management device, by using a secret key for said router, said common key being encrypted by using a public key for the router; a storage unit for storing said common key after decryption by said decryption unit; and an encryption unit for encrypting communication data to be sent from a source terminal in a local area network system of said router to a destination terminal in another local area network system, or communication data to be sent from said router to the central management device, by using the common key stored in said storage unit, and sending the encrypted communication data to another local area network or the central management device, wherein said decryption unit decrypts the encrypted public keys sent from said central management device by using the secret key of the router, said storage unit stores the public keys after decryption by said decryption unit, and said encryption unit selects the public key for a router of another local area network system or the central management device to be a destination from the public keys stored in the storage unit, encrypts the common key by using the selected public key, and sends the encrypted common key to another local area network or the central management device, together with the encrypted communication data.
-
-
11. A communication method of a router in each of a plurality of local area network systems which are connected to a central management device, said router being connected to a terminal via a local area network, comprising steps of:
-
decrypting an encrypted common key sent from said central management device by using a secret key for said router, said common key being encrypted by using a public key for said router; storing the common key after decryption in a storage unit in the router; encrypting communication data to be sent from a source terminal in a local area network system of the router to a destination terminal in another local area network system, or communication data to be sent from the router to the central management device, by using the common key stored in the storage unit; and sending the encrypted communication data to another local area network or to the central management device, and further comprising the steps of; decrypting the encrypted public keys sent from said central management device by using the secret key of the router, storing the public keys after decryption by said decryption unit, selecting the public key for a router of another local area network system of the central management device to be a destination from the public keys stored in the storage unit, encrypting the common key by using the selected public key, and sending the encrypted common key to another local area network or the central management device, together with the encrypted communication data.
-
-
12. A program product executed by a router disposed in each of a plurality of local area network systems which are connected to a central management device, the router being connected via a local area network to a terminal disposed in each of the plurality of local area network systems, said program product comprising steps of:
-
decrypting an encrypted common key sent from the central management device by using a secret key of die router, said common key being encrypted by using a public key of the router; storing said common key after decryption in a storage unit of the router; encrypting communication data to be sent from a source terminal in a local area network system of the router to a destination terminal in another local area network system, or communication data to be sent from the router to the central management device, by using the common key stored in the storage unit; and sending the encrypted communication data to another local area network or to the central management device, and further comprising the steps of; decrypting the encrypted public keys sent from said central management device by using the secret key of the router, storing the public keys after decryption by said decryption unit, selecting the public key for a router of another local area network system of the central management device to be a destination from the public keys stored in the storage unit, encrypting the common key by using the selected public key, and sending the encrypted common key to another local area network or the central management device, together with the encrypted communication data.
-
-
13. A central management device connected to a plurality of local area network systems each having a router and a terminal which are connected to each other through a local area network, the central management device comprising:
-
a management database for storing at least one common key, each public key assigned to each router and a public key assigned to said central management device, said at least one common key being used by each router to encrypt communication data to be communicated between a terminal of a local area network system and a terminal of another local area network system, or between each router and the central management device; and an encryption unit for encrypting the common key by using each public key assigned to each router, and sending the encrypted common key to each router, wherein the encrypted common key by using the public key is transmitted to between the terminal of the local area network system and another local area network system with the encrypted data by using the common key.
-
-
14. A management method of a central management device connected to a plurality of local area network systems each having a router and a terminal which are connected to each other through a local area network, the management method comprising steps of:
-
storing in a management database and managing at least one common key, each public key assigned to each router and a public key assigned to said central management device, said at least one common key being used by each router to encrypt communication data to be communicated between a terminal in a local area network system and a terminal in another local area network system, or between a router and the central management device; encrypting the common key by using each public key assigned to each router; and sending the encrypted common key to each router, wherein the encrypted common key by using the public key is transmitted to between the terminal of the local area network system and another local area network system with the encrypted data by using the common key.
-
-
15. A program product executed by a computer installed in a central management device connected to a plurality of local area network system each having a router and a terminal which are connected to each other through a local area network, said program product comprising steps of:
-
storing in a management database and managing at least one common key, each public key assigned to each router and a public key assigned to said central management device, said at least one common key being used by each router to encrypt communication data to be communicated between a terminal in a local area network system and a terminal in another local area network system, or between a router and the central management device; encrypting the common key by using each public key assigned to each router; and sending the encrypted common key to each router, wherein the encrypted common key by using the public key is transmitted to between the terminal of the local area network system and another local area network system with the encrypted data by using the common key.
-
Specification