JP2005045473A - Private communication controller - Google Patents

Private communication controller Download PDF

Info

Publication number
JP2005045473A
JP2005045473A JP2003202199A JP2003202199A JP2005045473A JP 2005045473 A JP2005045473 A JP 2005045473A JP 2003202199 A JP2003202199 A JP 2003202199A JP 2003202199 A JP2003202199 A JP 2003202199A JP 2005045473 A JP2005045473 A JP 2005045473A
Authority
JP
Japan
Prior art keywords
type
board
encryption
server
secret communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2003202199A
Other languages
Japanese (ja)
Other versions
JP3799420B2 (en
Inventor
Masakatsu Kase
正勝 加瀬
Hitoshi Takeda
仁己 武田
Fumio Sato
史生 佐藤
Muneaki Sakurai
宗晃 櫻井
Katsuhiko Suno
勝彦 數納
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Japan Steel Works Ltd
Technical Research and Development Institute of Japan Defence Agency
Original Assignee
Japan Steel Works Ltd
Technical Research and Development Institute of Japan Defence Agency
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Japan Steel Works Ltd, Technical Research and Development Institute of Japan Defence Agency filed Critical Japan Steel Works Ltd
Priority to JP2003202199A priority Critical patent/JP3799420B2/en
Publication of JP2005045473A publication Critical patent/JP2005045473A/en
Application granted granted Critical
Publication of JP3799420B2 publication Critical patent/JP3799420B2/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

<P>PROBLEM TO BE SOLVED: To provide a private communication means which constructs a VPN (Virtual Private Network) between a client and a server or between servers in order to prevent the leakage or alteration of information, etc. on a network. <P>SOLUTION: A private communication controller capable of processing all functions on a private communication board 10 for executing private communication based on the IPSec, for executing authentication/key exchange prior to the private communication, for setting/changing an algorithm of ciphers, etc., as desired, and for forming cipher key and public key certificates for using public key ciphers secures a means for preventing the leakage or alteration of information, etc. on a network. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

【0001】
【発明の属する技術分野】
本発明は、インターネットのようなLAN(Local Area Network)通信に用いる秘匿通信制御装置に係り、とくにLAN通信において、ネットワーク上での情報漏洩・改竄等を防ぐことを目的として、クライアント(サーバに接続される端末)〜サーバ間、サーバ〜サーバ間、及びクライアント〜クライアント間での第三者の盗聴を防ぐVPN(仮想専用通信網)を構築するための、秘匿通信技術に関するものである。
【0002】
【従来の技術】
従来、クライアントとして用いるパーソナルコンピュータやサーバに装着される拡張ボートとしての暗号ボードは、あらかじめ暗号ボード内に搭載された複数の暗号方式(認証及び鍵交換機能を含む)の中からのみ選択利用できる方式である。
【0003】
また、従来IPSec(Internet Protocal Security)通信では、暗号化処理のみをホストコンピュータ(LANボードを組み込んでIPSec通信を行うコンピュータ)側で実行するものが主流であり、同一バス上を暗号化されていない平文データと暗号文データが混在して伝送されていた。
【0004】
【発明が解決しようとする課題】
現在の暗号ボードでは、製造者があらかじめ搭載した暗号方式のなかからのみ選択利用するため、利用者がそれぞれの必要性に応じた方式を実装して使用することはできなかった。
【0005】
また、平文と暗号文が同一バス上に混在するのは、平文がそのまま外部へ送信される可能性があり、第三者に情報が漏洩する可能性が残り、脅威となる。
【0006】
本発明は、上記の点に鑑み、利用者側がそれぞれの必要性に応じて任意の暗号方式を実装し、選択利用できるようにし、かつIPSecの全過程をLANボード上で一括処理可能として平文データがクライアント〜サーバ間、及びサーバ〜サーバ間で伝送されないようにした秘匿通信制御装置を提供することを目的とする。
【0007】
本発明のその他の目的や新規な特徴は後述の実施の形態において明らかにする。
【0008】
【課題を解決するための手段】
上記目的を達成するために、本発明に係る秘匿通信制御装置は、サーバにLANで接続される端末に、又はサーバに装着されるOS搭載LANボードを備え、該LANボードには暗号処理用のプロセッサが搭載されていて、IPSecによる秘匿・鍵交換で必要となる処理エンジンが、前記端末又は前記サーバから設定できて、任意の秘匿・鍵交換方式に交換可能であり、かつIPSecの全過程を前記OS搭載LANボード上で一括処理することを特徴としている。
【0009】
【発明の実施の形態】
以下、本発明に係る秘匿通信制御装置の実施の形態を図面に従って説明する。
【0010】
図1は本発明に係る秘匿通信制御装置の実施の形態であって、全体の機能構成図、図2はIPSecによる秘匿・鍵交換等で必要となるポリシーやアルゴリズムの設定、変更の概略処理フロー図である。
【0011】
これらの図において、秘匿通信制御装置は、秘匿通信ボードA型又はB型10、秘匿通信ボードC型20、及びCAサーバ(CA:Certificate Authority、認証局)30から構成される。なお、IKE(IPSecにおける鍵交換の規定)で事前鍵配布による認証を選択した場合、CAサーバは必要ない。
【0012】
秘匿通信ボードA型又はB型10は、端末装置40(クライアント又はサーバ)に接続されるOS搭載LANボードであり、IPSec処理及びIKE(IPSecにおける鍵交換の規定)処理のためのプロセッサ、及びLANコントローラが搭載され、図中点線枠で囲んだように、暗号方式[認証方式、共通鍵、公開鍵、及びハッシュ(圧縮方法)]の任意交換機能を有する。また、暗号化のための乱数発生機能を有する。なお、秘匿通信ボードA型はPCIバスを通じて、B型はUSBを通じて前記端末装置40に接続されるようになっている。
【0013】
秘匿通信ボードC型20は、カードリーダを備えていて、ICインターフェイスを通じて端末装置40に接続され、図中点線枠で囲んだように、認証方式及びハッシュの任意交換機能を有する。
【0014】
CAサーバ30は公開鍵に関する情報管理を行うものである。
【0015】
端末装置40は、例えば一般的なパーソナルコンピュータとしての機能を有し、拡張ボートに対するドライバ、すなわち秘匿通信ボードA型又はB型ドライバ、秘匿通信ボードC型ドライバを備えている。
【0016】
ここでは、各端末装置40の利用者とは別に暗号設定管理者をおいた例で、図2の暗号方式等の設定及び交換の概略処理フローを以下に説明する。
【0017】
一般に暗号及び認証を利用する場合、秘密にすべき設定情報を管理するため、利用者の他に暗号設定管理者をおく。本実施の形態では、暗号設定管理者を搭載される暗号方式や秘密にすべき設定情報の責任者と位置付けている。
【0018】
暗号設定管理者は、最初に管理者専用端末(PC)を決め、秘匿通信ボードA型又はB型10及び秘匿通信ボードC型20用のドライバプログラムをインストールする。
【0019】
暗号設定管理者は設定を行う秘匿通信ボードA型又はB型10及び秘匿通信ボードC型20を管理者専用端末に接続し、管理制御プログラム(CD−ROM等の記憶媒体)50を起動させ、設定を実施する。図2にこの設定及び交換の概略処理フローを示している。なお、管理者専用端末は、秘匿通信ボードA型又はB型10及び秘匿通信ボードC型20の設定のために使用される際には、必ずしもLANに接続された状態となっている必要はない。
【0020】
暗号設定管理者はIPSec及びIKEにて用いる暗号方式等を、図2のフロッピーディスク(「フロッピー」は登録商標)等の記憶媒体60に記録(プログラミング及び保存)する。
【0021】
前記記憶媒体60に記録されている暗号方式等(図中点線枠で囲われた認証方式、共通鍵、公開鍵、ハッシュに対応する)を、秘匿通信ボードA型又はB型10に読み込む。換言すれば、IPSecによる秘匿(暗号化、復号)・鍵交換を実現するためのソフトウエアである所定の処理エンジンが秘匿通信ボードA型又はB型10に設定(実装)される。
【0022】
同様に記憶媒体60に記録されている認証方式、ハッシュをC型に読み込む。各方式は複数個同時に読み込むこともできる。
【0023】
各アルゴリズムの設定が終了した秘匿通信ボードA型又はB型10及びC型20を各端末装置40を利用者に配布する。
【0024】
設定の変更を行う場合は、暗号設定管理者が利用者の各ボードを回収し、再度設定をし直す。
【0025】
この実施の形態では、インターネット通信インターフェイスとなるLANボードとして用いる秘匿通信ボードA型又はB型10上に暗号処理用のプロセッサを搭載し、暗号ソフトの取扱を容易にするため汎用OSを実装したOS搭載型LANボードとすることによって、利用者がそれぞれの必要性に応じて任意の暗号方式を実装し、選択利用できる。また、汎用OSを前記ボードに実装することにより、暗号方式のソフトウェアの開発は、特殊な開発環境を利用することなく、汎用の開発環境を活用できる。例えば、秘匿通信において暗号・鍵交換等のポリシーやアルゴリズムを暗号設定管理者がプログラムし、秘匿通信制御装置(OS搭載LANボードである秘匿通信ボードA型又はB型10)上のOSを利用して任意に設定、変更することで、従来製品と比較してより幅広い暗号方式等の利用が可能となる。
【0026】
また、利用者端末装置の不正操作により、暗号化処理を不正に無効化したり、不適切な設定状態での運用を未然に防ぐため、暗号化処理を前記ボード上のみで実行することとして設計し、IPSecに係る全過程は全て前記ボードで処理される構成としている。すなわち、IPSecに基づいて秘匿通信を実施する機能、秘匿通信に先立ち認証・鍵交換を実施する機能、暗号等のアルゴリズム等を任意に設定・変更できる機能、及び公開鍵暗号を使用する際の暗号鍵及び公開鍵証明書の作成機能を、全て秘匿通信ボード10上で処理できる。このような構成とすることにより、前述の課題(利用者が任意の暗号方式を選択できない問題及び平文が外部へ送信される可能性がある問題)を解決できる。また、ホストコンピュータ側にかける負担が軽減される。
【0027】
また、この場合、パケット毎に暗号化するIPSecを用いたIKEプロトコルを採用して、既存の暗号処理装置との互換性を確保するだけでなく、利用者端末装置に暗号処理の負担を与えないため端末装置の処理速度を低下させることなく、さらに利用者は通信時に秘匿処理を全く意識する必要がなくなると言う利点がある。
【0028】
また、別の利便性として、IPSecを用いたIKEプロトコルを使うことにより、記憶媒体から秘匿通信ボードA型又はB型に読み込んだ複数方式の中から必要に応じた方式を、通信相手先のIPアドレス毎に自動的に選択することができる。
【0029】
以上本発明の実施の形態について説明してきたが、本発明はこれに限定されることなく請求項の記載の範囲内において各種の変形、変更が可能なことは当業者には自明であろう。
【0030】
【発明の効果】
以上説明したように、本発明に係る秘匿通信制御装置は、サーバにLANで接続される端末に、又はサーバに装着されるOS搭載LANボードを備え、該LANボードには暗号処理用のプロセッサが搭載されていて、IPSecによる秘匿・鍵交換で必要となる処理エンジンが、前記端末又は前記サーバから設定できて、任意の秘匿・鍵交換方式に交換可能であり、かつIPSecの全過程を前記OS搭載LANボード上で一括処理する。このため、任意の秘匿・鍵交換方式を選択可能であり、従来製品と比較してより幅広い暗号方式等の利用が可能になる。また、本発明において、IPSecに係る全過程は全て秘匿通信制御装置上で処理されるので、ホストコンピュータ側にかける負担が軽減され、かつ平文と暗号文がコンピュータ内部の同一バス上で混在することが無いため、暗号が解析されるという危険性が無くなり、また平文データがクライアント〜サーバ間、及びサーバ〜サーバ間で伝送されることはなくなり、第三者への情報の漏洩を防止可能であり、利用者は秘匿に関して一切意識することなく通信ができるという利便性がある。
【図面の簡単な説明】
【図1】本発明に係る秘匿通信制御装置の実施の形態であって、全体の機能構成図である。
【図2】図1の構成における暗号方式等のポリシーやアルゴリズムの設定、変更の概略処理フロー図である。
【符号の説明】
10 秘匿通信ボードA型又はB型
20 秘匿通信ボードC型
30 CAサーバ
40 端末装置
50 管理制御プログラム
60 記録媒体[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a secret communication control device used for LAN (Local Area Network) communication such as the Internet. In particular, in LAN communication, a client (connected to a server) is used to prevent information leakage / falsification on a network. The present invention relates to a secret communication technique for constructing a VPN (virtual dedicated communication network) that prevents a third party from eavesdropping between a terminal and a server, between a server and a server, and between a client and a client.
[0002]
[Prior art]
Conventionally, an encryption board as an expansion board mounted on a personal computer or server used as a client can be selected and used only from a plurality of encryption systems (including authentication and key exchange functions) previously installed in the encryption board. It is.
[0003]
In addition, in conventional IPSec (Internet Protocol Security) communication, only encryption processing is executed on the host computer (computer that performs IPSec communication by incorporating a LAN board), and encryption is not performed on the same bus. Plain text data and cipher text data were mixed and transmitted.
[0004]
[Problems to be solved by the invention]
The current encryption board is selected and used only from encryption methods preinstalled by the manufacturer, so the user cannot install and use a method according to their needs.
[0005]
Also, if plaintext and ciphertext are mixed on the same bus, the plaintext may be transmitted to the outside as it is, leaving the possibility of information leaking to a third party, which is a threat.
[0006]
In the present invention, in view of the above points, plain text data is provided so that the user side can implement and selectively use an arbitrary encryption method according to their needs, and the entire process of IPSec can be collectively processed on the LAN board. An object of the present invention is to provide a secret communication control device that prevents transmission between a client and a server and between a server and a server.
[0007]
Other objects and novel features of the present invention will be clarified in embodiments described later.
[0008]
[Means for Solving the Problems]
In order to achieve the above object, a secret communication control device according to the present invention includes an OS-installed LAN board attached to a server or a terminal connected to the server via a LAN, and the LAN board is used for encryption processing. A processor is installed, a processing engine required for secrecy / key exchange by IPSec can be set from the terminal or the server, can be exchanged to an arbitrary secrecy / key exchange method, and the entire process of IPSec is performed. Batch processing is performed on the OS-installed LAN board.
[0009]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of a secret communication control apparatus according to the present invention will be described below with reference to the drawings.
[0010]
FIG. 1 is an overall functional configuration diagram of an embodiment of a secret communication control apparatus according to the present invention, and FIG. 2 is a schematic processing flow for setting and changing policies and algorithms required for secrecy and key exchange by IPSec. FIG.
[0011]
In these drawings, the secret communication control device is configured by a secret communication board A type or B type 10, a secret communication board C type 20, and a CA server (CA: Certificate Authority). Note that the CA server is not required when authentication by pre-key distribution is selected in IKE (IPSEC regulation for key exchange).
[0012]
The secret communication board A type or B type 10 is an OS-installed LAN board connected to the terminal device 40 (client or server), a processor for IPSec processing and IKE (key exchange specification in IPSec) processing, and a LAN. A controller is mounted and has an arbitrary exchange function of an encryption method [authentication method, common key, public key, and hash (compression method)] as enclosed by a dotted frame in the figure. It also has a random number generation function for encryption. The secret communication board A type is connected to the terminal device 40 through the PCI bus, and the B type is connected to the terminal device 40 through the USB.
[0013]
The secret communication board C type 20 includes a card reader, is connected to the terminal device 40 through an IC interface, and has an authentication method and an optional exchange function of a hash as surrounded by a dotted frame in the figure.
[0014]
The CA server 30 manages information related to public keys.
[0015]
The terminal device 40 has a function as, for example, a general personal computer, and includes a driver for an expansion boat, that is, a secret communication board A type or B type driver and a secret communication board C type driver.
[0016]
Here, an outline processing flow for setting and exchanging the encryption method and the like in FIG. 2 will be described as an example in which an encryption setting manager is provided separately from the user of each terminal device 40.
[0017]
In general, when using encryption and authentication, an encryption setting manager is set in addition to the user in order to manage setting information that should be kept secret. In the present embodiment, the encryption setting manager is positioned as the person responsible for the encryption method installed and the setting information to be kept secret.
[0018]
The encryption setting manager first determines an administrator-dedicated terminal (PC) and installs a driver program for the secret communication board A type or B type 10 and the secret communication board C type 20.
[0019]
The encryption setting manager connects the secret communication board A type or B type 10 and the secret communication board C type 20 to be set to the administrator dedicated terminal, and starts the management control program (storage medium such as a CD-ROM) 50, Implement the settings. FIG. 2 shows a schematic processing flow of this setting and exchange. Note that the administrator-dedicated terminal does not necessarily need to be connected to the LAN when used for setting the secret communication board A type or B type 10 and the secret communication board C type 20. .
[0020]
The encryption setting manager records (programs and saves) the encryption method used in IPSec and IKE in the storage medium 60 such as a floppy disk ("floppy" is a registered trademark) in FIG.
[0021]
The encryption method or the like recorded in the storage medium 60 (corresponding to the authentication method, common key, public key, and hash enclosed by a dotted frame in the figure) is read into the secret communication board A type or B type 10. In other words, a predetermined processing engine that is software for realizing secrecy (encryption, decryption) and key exchange by IPSec is set (implemented) in the secret communication board A type or B type 10.
[0022]
Similarly, the authentication method and hash recorded in the storage medium 60 are read into the C type. Each method can be read simultaneously.
[0023]
The secret communication board A type or B type 10 and C type 20 for which the setting of each algorithm has been completed is distributed to each terminal device 40 to the user.
[0024]
When changing the setting, the encryption setting manager collects each board of the user and sets it again.
[0025]
In this embodiment, a processor for cryptographic processing is mounted on a secret communication board A type or B type 10 used as a LAN board serving as an Internet communication interface, and a general-purpose OS is installed to facilitate handling of cryptographic software. By using the on-board LAN board, the user can mount and use an arbitrary encryption method according to their needs. In addition, by installing a general-purpose OS on the board, the development of cryptographic software can utilize a general-purpose development environment without using a special development environment. For example, the encryption setting manager programs policies and algorithms such as encryption and key exchange in the secret communication, and uses the OS on the secret communication control device (the secret communication board A type or B type 10 which is the OS-installed LAN board). By arbitrarily setting and changing, it is possible to use a wider range of encryption methods than conventional products.
[0026]
In addition, the encryption process is designed to be executed only on the board in order to invalidate the encryption process illegally due to an unauthorized operation of the user terminal device or to prevent operation in an inappropriate setting state. The entire process related to IPSec is configured to be processed by the board. That is, a function for performing secret communication based on IPSec, a function for performing authentication / key exchange prior to secret communication, a function for arbitrarily setting / changing algorithms such as encryption, and a cipher when using public key encryption All functions for creating keys and public key certificates can be processed on the secret communication board 10. By adopting such a configuration, it is possible to solve the above-described problems (the problem that the user cannot select an arbitrary encryption method and the problem that a plaintext may be transmitted to the outside). In addition, the burden on the host computer is reduced.
[0027]
Further, in this case, the IKE protocol using IPSec that encrypts each packet is adopted to ensure compatibility with the existing cryptographic processing apparatus and not to burden the user terminal apparatus with cryptographic processing. Therefore, there is an advantage that the user does not need to be aware of confidential processing at the time of communication without reducing the processing speed of the terminal device.
[0028]
As another convenience, by using the IKE protocol using IPSec, a method according to necessity is selected from a plurality of methods read from the storage medium into the secret communication board A type or B type. It can be automatically selected for each address.
[0029]
Although the embodiments of the present invention have been described above, it will be obvious to those skilled in the art that the present invention is not limited to these embodiments, and various modifications and changes can be made within the scope of the claims.
[0030]
【The invention's effect】
As described above, the secret communication control device according to the present invention includes an OS-installed LAN board attached to a terminal connected to the server via a LAN or a server, and the LAN board includes a processor for cryptographic processing. The processing engine that is installed and required for the secrecy / key exchange by IPSec can be set from the terminal or the server, can be exchanged to an arbitrary secrecy / key exchange system, and the entire process of IPSec is performed by the OS. Batch processing on the installed LAN board. For this reason, an arbitrary concealment / key exchange method can be selected, and a wider range of encryption methods can be used as compared with the conventional products. In the present invention, since all processes related to IPSec are processed by the secret communication control device, the burden on the host computer side is reduced, and plaintext and ciphertext are mixed on the same bus inside the computer. Therefore, there is no risk that the cipher will be analyzed, and plain text data will not be transmitted between the client and server, and between the server and server, and information leakage to third parties can be prevented. The user has the convenience of being able to communicate without being conscious of confidentiality at all.
[Brief description of the drawings]
FIG. 1 is an overall functional configuration diagram of an embodiment of a secret communication control apparatus according to the present invention.
FIG. 2 is a schematic process flow diagram for setting and changing policies and algorithms such as encryption methods in the configuration of FIG. 1;
[Explanation of symbols]
10 secret communication board A type or B type 20 secret communication board C type 30 CA server 40 terminal device 50 management control program 60 recording medium

Claims (1)

サーバにLANで接続される端末に、又はサーバに装着されるOS搭載LANボードを備え、該LANボードには暗号処理用のプロセッサが搭載されていて、IPSecによる秘匿・鍵交換で必要となる処理エンジンが、前記端末又は前記サーバから設定できて、任意の秘匿・鍵交換方式に交換可能であり、かつIPSecの全過程を前記OS搭載LANボード上で一括処理することを特徴とする秘匿通信制御装置。A terminal connected to the server via a LAN or an OS-installed LAN board mounted on the server, which is equipped with a processor for cryptographic processing, and is necessary for secret / key exchange by IPSec The secret communication control characterized in that the engine can be set from the terminal or the server, can be exchanged to an arbitrary secret / key exchange method, and the entire process of IPSec is collectively processed on the LAN board equipped with the OS. apparatus.
JP2003202199A 2003-07-28 2003-07-28 Secret communication control device Expired - Lifetime JP3799420B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2003202199A JP3799420B2 (en) 2003-07-28 2003-07-28 Secret communication control device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2003202199A JP3799420B2 (en) 2003-07-28 2003-07-28 Secret communication control device

Publications (2)

Publication Number Publication Date
JP2005045473A true JP2005045473A (en) 2005-02-17
JP3799420B2 JP3799420B2 (en) 2006-07-19

Family

ID=34261987

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2003202199A Expired - Lifetime JP3799420B2 (en) 2003-07-28 2003-07-28 Secret communication control device

Country Status (1)

Country Link
JP (1) JP3799420B2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009510808A (en) * 2005-02-18 2009-03-12 クレダント テクノロジーズ、インク. Intelligence-based security systems and methods
US8166293B2 (en) 2006-07-28 2012-04-24 Nec Infrontia Corporation Client server distributed system, client apparatus, server apparatus, and message encryption method used therefor

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009510808A (en) * 2005-02-18 2009-03-12 クレダント テクノロジーズ、インク. Intelligence-based security systems and methods
US8166293B2 (en) 2006-07-28 2012-04-24 Nec Infrontia Corporation Client server distributed system, client apparatus, server apparatus, and message encryption method used therefor

Also Published As

Publication number Publication date
JP3799420B2 (en) 2006-07-19

Similar Documents

Publication Publication Date Title
US7688975B2 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
EP1728376B1 (en) Method, apparatuses and computer program product for sharing cryptographic key with an embedded agent on a network endpoint in a network domain
CN103563278B (en) Securing encrypted virtual hard disks
EP2204008B1 (en) Credential provisioning
WO2017097041A1 (en) Data transmission method and device
KR100969241B1 (en) Method and system for managing data on a network
US8826015B2 (en) Portable system and method for remotely accessing data
US20190238334A1 (en) Communication system, communication client, communication server, communication method, and program
EP2495681A2 (en) Remote pre-boot authentication
EP1473869A1 (en) Universal secure messaging for cryptographic modules
JPH10507324A (en) Loving software license for hardware agents
US20030051172A1 (en) Method and system for protecting digital objects distributed over a network
KR20080065964A (en) Apparatus and methods for securing architectures in wireless networks
JP2006020291A (en) Encrypted communication method and system
WO2021139338A1 (en) Data access permission verification method and apparatus, computer device, and storage medium
CN108134671A (en) A kind of transparent encryption system and its encipher-decipher method based on quantum true random number
US9031238B2 (en) Data encryption and/or decryption by integrated circuit
US7412059B1 (en) Public-key encryption system
CN110868291A (en) Data encryption transmission method, device, system and storage medium
WO2023078055A1 (en) Method and system for securely sharing data between first area and second area
CN114175580A (en) Enhanced secure encryption and decryption system
JP2007104118A (en) Protection method of secret information and communication apparatus
WO2005091552A1 (en) Digital rights management
JP3684266B2 (en) Access control method and system for encrypted shared data
JP3799420B2 (en) Secret communication control device

Legal Events

Date Code Title Description
A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20050712

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20050803

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20060323

R150 Certificate of patent or registration of utility model

Ref document number: 3799420

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

Free format text: JAPANESE INTERMEDIATE CODE: R150

S533 Written request for registration of change of name

Free format text: JAPANESE INTERMEDIATE CODE: R313533

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

S533 Written request for registration of change of name

Free format text: JAPANESE INTERMEDIATE CODE: R313533

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

EXPY Cancellation because of completion of term