Processing

Please wait...

Settings

Settings

Goto Application

1. JP2008103988 - ENCRYPTION COMMUNICATION SYSTEM, DEVICE, METHOD AND PROGRAM

Office Japan
Application Number 2006284817
Application Date 19.10.2006
Publication Number 2008103988
Publication Date 01.05.2008
Publication Kind A
IPC
H04L 9/08
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
08Key distribution
CPC
H04L 9/0891
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
08Key distribution ; or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
0891Revocation or update of secret information, e.g. encryption key update or rekeying
H04L 9/0838
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
08Key distribution ; or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Applicants FUJITSU LTD
富士通株式会社
Inventors ZOKUMASUI YUICHI
属増 雄一
Agents 竹内 進
Title
(EN) ENCRYPTION COMMUNICATION SYSTEM, DEVICE, METHOD AND PROGRAM
(JA) 暗号通信システム、装置、方法及びプログラム
Abstract
(EN)

PROBLEM TO BE SOLVED: To prevent occurrence of an incommunicable state due to the expiration of an encryption key by monitoring a device load and communication traffic volume with an opposite party device and dynamically updating the encryption key.

SOLUTION: A plurality of pieces of encryption communication equipment 16-1 to 16-4 to which terminal devices 18-1 to 18-6 are connected are connected through a network 14, the encryption communication equipment 16-1 encrypts data received from the terminal device 18-1 of a transmitting source and transmits the encrypted data to the other encryption communication equipment 16-2, and decrypts data received from the other encryption communication equipment 16-2 and transmits the decrypted data to the terminal device 18-1 of the transmitting source. The encryption communication equipment 16-1 generates and exchanges an encryption key according to an encryption key exchange protocol when starting the first communication with the other pieces of encryption communication equipment 16-2 to 16-4, registers the encryption key in encryption key management tables 24-1 and 24-2, and sets and manages an expiration time. Although the encryption key is updated when the expiration time comes near, the encryption key of encryption communication equipment of the opposite party with little communication traffic volume is searched and updated when it is determined that a CPU load is in a low state even during a validity time period.

COPYRIGHT: (C)2008,JPO&INPIT

(JA)

【課題】装置負荷と相手装置との通信量を監視して動的に暗号鍵更新を行うことで暗号鍵の有効期限切れによる通信不能状態の発生を未然に防止する。
【解決手段】端末装置18−1〜18−6を接続した複数の暗号通信装置16−1〜16−4をネットワーク14を介して接続し、送信元の端末装置18−1から受信したデータを暗号通信装置16−1で暗号化して他の暗号通信装置16−2に送信すると共に、他の暗号通信装置16−2から受信したデータを復号化して送信先の端末装置18−1に送信する。暗号通信装置16−1は、他の暗号通信装置16−2〜16−4との最初の通信開始時に、暗号鍵交換プロトコルに従って暗号鍵を生成して交換し、暗号鍵管理テーブル24−1,24−2に登録し、有効期限を設定して管理する。有効期限に近づいたら暗号鍵を暗号鍵更新するが、有効期間中であっても、CPU負荷が低い状態を判定した際に、通信量が少ない相手先の暗号通信装置の暗号鍵を検索して暗号鍵を更新する。
【選択図】 図1