Cryptography – Key management – Key distribution
Reexamination Certificate
1998-05-19
2001-05-01
Peeso, Thomas R. (Department: 2787)
Cryptography
Key management
Key distribution
C713S162000, C380S243000
Reexamination Certificate
active
06226385
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an encryption communication system in which the respective encrypt apparatuses for relaying communication data among communication terminals installed in a communication network perform encryption communications after learning own encrypt keys.
2. Description of the Related Art
Recently, in connection with popularization of computer networks, strong demands are increasingly made of encrypt techniques for communication data in order to keep secrecies of communication data used in computer networks. In general, a data encrypting /decrypting method is carried out in accordance with a table containing encrypt keys (will be referred to as an “encrypt key table” hereinafter), as described in, for example, Japanese Unexamined Patent Publication No. Hei 6-209313. This conventional encrypt technique is shown in
FIG. 46
, which employs the encrypt keys corresponding to one, or both of the destination addresses and the transmission source addresses of the communication data within the encrypt apparatus.
In
FIG. 46
, reference numeral
7
indicates the encrypt apparatus, reference numeral
2
denotes the encrypt/decrypt processing unit for encrypting/decrypting the communication data, reference numeral
3
represents the transparent relay processing unit for transparently relaying the communication data, and reference numeral
4
shows the discard processing unit for discarding the communication data. Also, reference numeral
6
is the transmission/reception processing unit for processing transmission/reception data, and reference numeral
8
shows the encrypt key table for indicating the processing method of the communication data. As shown in
FIG. 48
, the communication data processing methods are set as to each pair of the destination terminal and the transmission source terminal of the communication data.
As the communication data processing method, there are three different sorts of processing methods, i.e., encrypt/decrypt processing, transparent relay processing, and discard processing. In the case of the encrypt/decrypt processing method, the identifiers (will be referred to as “IDs” hereinafter) of the encrypt keys used in the encrypting/decrypting operations are set to the encrypt key table
8
. In the case of the transparent relay processing method and the discard processing method, the respective processes are registered into the encrypt key table
8
.
When the communication data is received by the encrypt apparatus
7
, the transmission/reception processing unit
6
retrieves from the encrypt key table
8
the communication data processing method corresponding to the pair of the destination terminal and the transmission source terminal for the communication data. When the ID of the encrypt key is registered, the received communication data is notified to the encrypt/decrypt processing unit
2
, and then the communication data is transmitted from such a transmission/reception processing unit
6
located opposite to the transmission/reception processing unit
6
which has received the communication data. In the case that the transparent relay processing method and the discard processing method are registered, the received communication data is notified to the transparent relay processing unit
3
and the discard processing unit
4
. When the transparent relay processing method is registered, the communication data is transmitted from such a transmission/reception processing unit
6
located opposite to the transmission/reception processing unit
6
which has received the communication data. When the discard processing method is registered, the communication data is discarded.
One example of the encryption communication when the encrypt apparatus
7
is arranged as shown in
FIG. 47
will now be described. It is now assumed that an encrypt apparatus
71
owns an encrypt key
1
, an encrypt apparatus
72
owns an encrypt key
3
, an encrypt apparatus
73
owns encrypt keys
1
and
2
, an encrypt apparatus
74
owns the encrypt key
3
, and an encrypt apparatus
75
owns the encrypt key
2
. At a terminal A and a terminal B, communication data. is encrypted/decrypted by using the encrypt key
1
in the encrypt apparatuses
71
,
73
, and the communication is performed by transparently relaying the communication data between the terminals A and B in the encrypt apparatus
72
on the relay path. At the terminal B and a terminal C, the communication data is encrypted/decrypted by using the encrypt key
2
in the encrypt apparatuses
73
,
75
, and is further encrypted/decrypted by using the encrypt key
3
in the encrypt apparatuses
72
,
74
to execute the communication. At the terminal A and the terminal C, since there are no encrypt keys made coincident with each other in the encrypt apparatuses
71
,
74
,
75
existing on the communication data path, the data communication cannot be executed.
To realize the above-described encryption communication, each of the encrypt apparatuses
7
employs such an encrypt key table
8
as shown in FIG.
48
. Into the encrypt key table
8
, the destination terminal addresses and the transmission source terminal addresses of the communication data, and also the respective processing methods adapted to the communication data are set. For instance, in the encrypt apparatus
71
, when the communication data between the terminal A and the terminal B is received, the communication data is encrypted/decrypted by using the encrypt key
1
, whereas when the communication data between the terminal A and the terminal C is received, this communication data is discarded. Also, in the encrypt apparatus
72
, when the communication data between the terminal A and the terminal B is received, the communication data is transparently relayed, whereas when the communication data between the terminal B and the terminal C is received, this communication data is encrypted/decrypted by using the encrypt key
3
. As previously explained, the encrypt key tables for describing the communication data processing methods are requested in the respective encrypt apparatuses
7
.
In general, the above-described encrypt key tables are stored in the respective encrypt apparatuses, or stored in a management apparatus capable of managing in a batch mode the encrypt keys arranged on a network. In the latter case, when a data communication is commenced, an interrogation is issued from an encrypt apparatus to the management apparatus so as to acquire an encrypt key.
As represented in
FIG. 48
, since the encrypt key tables are different from each other with respect to each of these encrypt apparatuses, a network manager is required to form the suitable encrypt key tables for the respective encrypt apparatuses, taking account of a structure of a network. Also, when a scale of a network becomes large, a total number of communication terminals is increased, and the contents of the encrypt key tables become key complex. Therefore, there is a problem that these aspects cannot be managed by the network manager. Furthermore, the access control means for preventing the unauthorized access issued from the external network is required.
SUMMARY OF THE INVENTION
The present invention has been made to solve the above-explained problems caused by the large-scaled network and the complex network, and therefore, has an object to provide an encryption communication system capable of minimizing a workload of a network manager to realize an encryption communication and an unauthorized access preventing means even when such large-scaled and complex network are still constituted.
According to the present invention, there is provided an encryption communication system comprising: a transmission source terminal for transmitting communication data from an own terminal via a communication network to a destination terminal; a first encrypt apparatus including a first encrypt key table used to register thereinto encrypt key information for instructing a processing method of communication data in correspondence with a p
Ideguchi Tetsuo
Inada Toru
Kato Shin-ichi
Nakajima Hikoyuki
Taguchi Takuya
Jack Todd
Mitsubishi Denki & Kabushiki Kaisha
Peeso Thomas R.
LandOfFree
Encryption communication system capable of reducing network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Encryption communication system capable of reducing network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Encryption communication system capable of reducing network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2556626