JP2007189742A - Transmission mediation device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To achieve a technique which makes it easy to manage a secret key at the time of utilizing the secure communication. <P>SOLUTION: A intermediary server 200 holds secret keys and performs secure communication with a printer 100 and a personal computer 300 by sending a corresponding secret key. Thereby, the secure communication between the printer 100 and personal computer 300 is mediated. The secure communication mediated is utilized in a print request from the personal computer 300 to the printer 100. Consequently, the print request through the secure communications to a service device which is not equipped with sophisticated secret key management mechanism from a general client who can use a public key is realized and the mediating server 200 can strictly manages the secret key. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a technique for performing security communication via a network.

  In recent years, with the spread of network technology, a form in which a client such as a computer is connected to a network and used while communicating with a client connected to the network is also widespread. For example, a technique for making a service request for a service device connected via a network is being realized.

  In addition, technologies related to security communication are being realized. For example, in addition to a common key encryption technique such as DES (Data Encryption Standard), a technique using a public key encryption method such as RSA (Rivest Shamir Adleman) or SSL (Secure Sockets Layer) is being used. According to the security communication, it is possible to realize a safe communication in which data can not be wiretapped, falsified, and impersonated in communication via a network.

  In the common key cryptosystem, the key for encrypting data is the same as the key for decrypting the encrypted data. On the other hand, in the public key cryptosystem, a paired public key and secret key are used. There are cases where a public key for encryption and a secret key for decryption are used, and a secret key for encryption and a secret key for decryption are used. Public key cryptography is also called asymmetric cryptography.

  FIG. 1 is an explanatory diagram illustrating an example of processing for establishing security communication using a public key cryptosystem. On the server side, a secret key for decryption is prepared. On the other hand, a common key is prepared on the client side, and a public key for decryption corresponding to the secret key held by the server is prepared. Here, the common key is obtained on the other hand, and the public key is obtained from a server or the like using normal communication.

  At timing Sa101, the server sends the public key to the client side. At timing Sa103, the client encrypts the common key with the acquired public key and sends it to the server side. The server decrypts this at timing Sa05. Thus, sharing of the common key is completed between the server and the client.

  Using the shared common key, security communication from the server to the client is performed at timings Sa201 to Sa203. At timing Sa201, the server encrypts the communication data and sends it to the client side. At timing Sa203, the client can decode this and obtain communication data. Timings Sa301 to Sa303 indicate a case where the client sends data using the same security communication method.

  However, when security communication is used, there is a problem of complexity related to the management of secret keys. This includes the key management security issues in addition to the hassle of installing keys and updating to new versions. Key management must be done strictly with security. If the key is known by a third party, there is a risk of fraud such as data eavesdropping, falsification, and impersonation.

  Here, it may be particularly difficult to enhance the security in key management. For example, in the case of a printing apparatus, compared to a normal personal computer, it is generally installed in a place where a user is not always present. Moreover, there are many cases where there is a limit to a hardware defense mechanism that prevents physical unauthorized operation or a software defense mechanism that prevents attacks via the network due to low cost requirements.

  Furthermore, when a plurality of devices are used for security communication, it is necessary to manage keys for each device. In this case, the complexity associated with key management becomes even greater.

  The present invention has been made to solve these problems, and aims to improve the practicality of a technique for performing security communication via a network.

In order to solve at least a part of the above problems, the following configuration is applied in the present invention.
The intermediary device of the present invention is
An intermediary device that mediates communication between two clients connected via a network,
A key storage unit for storing at least one secret key used in communication with the client;
An acquisition unit for acquiring encrypted data encrypted using a public key corresponding to the secret key or a key set by communication using the secret key and the public key from a first client;
A data processing unit that decrypts the encrypted data using a corresponding key and encrypts the encrypted data again with a key set by communication using the secret key and the public key;
The gist of the present invention is to provide a sending unit that sends the encrypted data to the second client.

  By doing so, mediation of security communication between the first and second clients that do not manage the secret key can be realized. The processing load related to the security communication in the first and second clients can be reduced. The client does not need a special mechanism for managing the secret key. Further, even when a large number of clients are used for security communication, it is only necessary for the mediation apparatus to perform integrated secret key management. In addition, the user can escape from the complexity of installing and updating the private key in each client.

  Note that various types of security communication can be applied to security communication that has an effect against unauthorized access such as data eavesdropping, falsification, and impersonation.

In the mediation apparatus of the present invention,
The secret key may be common to the two clients.

  By doing in this way, the security communication between the 1st and 2nd client is realizable, simplifying the mechanism of a mediation apparatus. For example, it is possible to simplify the encryption and decryption mechanism relating to the secret key and the public key sending mechanism. The public keys used by the first and second clients may be the same or different.

In the mediation apparatus of the present invention,
The status information may be acquired using communication with the second client.

  By doing so, the mediation apparatus can perform processing according to the status information of the second client. For example, when the second client is a service device and the first client is a device that makes a service request, the mediation device sends information necessary for making a service request to the first client. be able to.

  Various types of status information can be considered. For example, information regarding the operating status of the second client may be included. When the second client is a service device, information related to the execution of a service request that has been requested in the past may be included in addition to the information indicating whether or not the service request can be executed.

In the mediation apparatus of the present invention,
The first client is a requesting client that originates a service request;
The second client is a service device that provides a service in response to the service request;
The data received from the second client may be transferred to the first client without being encrypted.

  By doing so, it is possible to reduce the processing load related to encryption / decryption in the mediation device and the first and second clients.

  Note that all data to be transferred may be transferred without being encrypted, or a part of the data may be transferred after being encrypted.

In the mediation apparatus of the present invention,
The data processing unit may switch between the encryption mode and the decryption mode according to the content of data.

  By doing in this way, according to the content of data, the security communication which mediates can be switched to a desired thing.

  The data processing unit may not perform encryption or decryption processing, and the communication mediated by the mediation device may not be security communication.

  In the mediation apparatus of the present invention, a service request related to printing may be mediated.

  In the printing apparatus, it may be difficult to enhance the security in managing the secret key, which is useful when mediating security communication with the printing apparatus.

  The present invention can be configured in various modes such as a mediation method in addition to the mode as a mediation device. Moreover, you may comprise as a signal which can be equated with the computer program itself which implement | achieves these methods by computer, or this. Furthermore, you may comprise as a recording medium which recorded these computer programs.

  Here, the storage medium may be a flexible disk, a CD-ROM, a magneto-optical disk, an IC card, a ROM cartridge, a punch card, a printed matter on which a code such as a barcode is printed, an internal storage device of a computer (a memory such as a RAM or a ROM). ) And an external storage device can be used.

Hereinafter, embodiments of the present invention will be described based on examples.
A. Print mediation system:
B. Processing corresponding to communication contents:

A. Print mediation system:
FIG. 2 is an explanatory diagram showing the overall configuration of the print mediation system. In this system, the mediation server 200 is connected to the personal computer 300 and the printing apparatus 100 via a network. The personal computer 300 issues a print mediation request to the mediation server 200. Based on this, the mediation server 200 issues a print request to the printing apparatus 100. Upon receiving this print request, the printing apparatus 100 executes printing desired by the user of the personal computer 300.

  Here, the mediation server 200 can establish security communication with the personal computer 300 and the printing apparatus 100 by functioning as a server in security communication. Thus, the user of the personal computer 300 can realize a desired print request on the printing apparatus 100 while preventing unauthorized access by a third party.

  In the embodiment, the network may be a wide area network such as the Internet or a relatively limited network such as a LAN (Local Area Network) or so-called personal computer communication. In addition, as the security communication, the following description will be made using the above-described SSL, but various types of security communication can be used as long as the security communication is based on the use of the secret key held by the server and the distributed public key. It is.

  2 illustrates only the personal computer 300 and the printing apparatus 100, the apparatus connected to the mediation apparatus 200 is not limited to these. The mediation server 200 is connected to a plurality of computers and printing apparatuses (not shown). The personal computer 300 can select from the plurality of printing apparatuses and cause the mediation server 200 to perform mediation of printing. Further, the mediation server 200 receives print requests from a plurality of devices and causes the selected printing device to execute printing.

  FIG. 2 also shows the functional block configuration of the mediation server 200. The mediation server 200 includes a control unit 210 configured as a microcomputer including a CPU and a memory. The illustrated functional blocks are configured as software as functions of the control unit 210, respectively. However, each functional block may be configured in hardware.

  The communication unit 215 manages communication with the personal computer 300 and the printing apparatus 100. The communication unit 215 can use security communication using SSL technology. The key holding unit 212 holds a secret key and a public key that can be used for security communication.

  The data processing unit 213 acquires request data related to a print request from the personal computer 300 via the communication unit 215 and sends mediation data instructing printing based on the request data to the printing apparatus 100. At this time, security communication can be used for communication with the personal computer 300 and the printing apparatus 100. The request data encrypted by the personal computer 300 is decrypted, and the decrypted data is re-encrypted in a manner that can be decrypted by the printing apparatus 100.

  Note that the data processing unit 213 may use data obtained as a result of performing predetermined processing or analysis based on the request data for sending to the printing apparatus 100. For example, the request data includes URL (Uniform Resource Locator) information related to the print target, and the mediation server 200 acquires an image file or the like based on the URL, performs encryption, and transmits it to the printing apparatus 100. It may be sent.

  The encryption performed by the personal computer 300 may be encryption using a public key, and the decryption performed by the data processing unit 213 may be decryption using a secret key. In this way, it is possible to reduce processing related to common key transmission in establishing security communication as shown in FIG.

  FIG. 3 is an explanatory diagram illustrating an interface for performing print mediation. Here, it is assumed that the personal computer 300 has a function of executing a so-called browser program. The user can send the request data to the mediation server 200 by executing this program.

  A browser screen 310 for sending request data is a screen provided by the mediation server 200. The user can specify a print target using a URL using the content instruction unit 311 and can also specify a print destination by checking the print destination instruction unit 312. When the user clicks the execute button 314, the browser program creates request data by encryption processing and sends it to the mediation server 200. Note that the request data may include information on the specified URL, or the browser may acquire the file specified by the URL and include the acquired file. The status information display button 313 will be described later.

  FIG. 4 is a flowchart showing processing for performing print mediation. This shows three flowcharts side by side while clarifying the relationship of the processing timings of the print request process performed by the personal computer 300, the print mediation process performed by the mediation server 200, and the print process performed by the printing apparatus 100. is there.

  The process of the personal computer 300 in step Sb101 and the process of the mediation server 200 in step Sc101 are processes for establishing mutual security communication by communicating with each other. About this, it is as having illustrated previously using FIG. The personal computer 300 sends a common key to the mediation server 200.

  In step Sb102, the personal computer 300 performs encryption processing and creates request data. Here, for the encryption process, the common key that has been separately sent to the mediation server 200 in step Sb101 is used. In step Sb103, the created request data is sent to the mediation server 200.

  The mediation server 200 acquires request data from the personal computer 300 in step Sc103, and decrypts the request data in step Sc104. In the decryption, the common key acquired in step Sc101 is used.

  Next, the processing of the mediation server 200 in step Sc105 and the processing of the printing apparatus 100 in step Sd105 are the same as the processing of the mediation server 200 in step Sc101 and the processing of the personal computer 300 in step Sb101, respectively. This is a process for establishing communication. Similarly to the previous case, the printing apparatus 100 sends a common key to the mediation server 200. Thereby, security communication is established between the printing apparatus 100 and the mediation server 200.

  In step Sc106, the mediation server 200 performs an encryption process to create mediation data. Here, the data previously decrypted in step Sc104 is encrypted with the common key. As this common key, the common key that has been acquired separately from the printing apparatus 100 in step Sc105 is used. In step Sc107, the created mediation data is sent to the printing apparatus 100.

  The printing apparatus 100 acquires the mediation data from the mediation server 200 in step Sd107 and decrypts it in step Sd108. In the decryption, the same common key as that previously sent to the mediation server 200 in step Sd109 is used. The printing apparatus 100 specifies the print content desired by the user of the personal computer 300 based on the decrypted data. In step Sd109, print processing is executed.

  Note that the personal computer 300 and the printing apparatus 100 may perform so-called authentication of the mediation server 200. In this case, for example, the personal computer 300 acquires the server certificate of the mediation server 200 from the authentication server and authenticates the mediation server 200. Conversely, it is also useful when the mediation server 200 authenticates the personal computer 300 or the printing apparatus 100.

  Further, the secret key held in the key holding unit 212 may be one or plural. For example, it is possible to use different secret keys for the personal computer 300 and the printing apparatus 100.

  By using the print mediation system configured according to the present embodiment, it is possible to use security communication via a network while centrally managing secret keys.

  A device that centrally manages secret keys can be easily made extremely robust against unauthorized access in terms of software, hardware, and physical. Also, the client accessing the key management device does not need to manage the key independently. The user can escape from the complexity of key installation and update processing on the client.

B. Processing corresponding to communication contents:
Next, as a second embodiment, a modification of the first embodiment will be described. In the present embodiment, the mediation server mediates communication while properly using security communication and normal communication according to the communication content and the direction of communication.

  FIG. 5 is an explanatory diagram showing the system configuration of the second embodiment. This is the same as the system configuration of the first embodiment shown in FIG. However, it is shown in a different mode for convenience of explanation.

  As in the case of the first embodiment, the mediation server 400 mediates communication between the personal computer 300 and the printing apparatus 100. Here, the mediating communication is communication from the personal computer 300 to the printing apparatus 100 (hereinafter referred to as “downlink communication”) and communication from the printing apparatus 100 to the personal computer 300 (hereinafter referred to as “uplink communication”). It consists of. In this embodiment, the mediation server 400 can mediate uplink communication and downlink communication in different modes.

  The personal computer 300 makes a print request to the printing apparatus 100. This is based on downlink communication mediated by the mediation server 400. The mediation server 400 realizes this as security communication. On the other hand, the mediation server 400 mediates upstream communication, acquires status information from the printing apparatus 100, and transfers the status information to the personal computer 300. The mediation server 400 realizes this as normal communication.

  The upstream communication and the downstream communication mediated by the mediation server 400 can be used for various purposes other than the case illustrated above. The mediation server 400 can make these communications security communications or normal communications based on the contents of the mediating communications. For example, it is assumed that the printing apparatus 100 is a printing apparatus in a commercial printing service. The mediation server 400 mediates upstream communication of billing information sent from the printing apparatus 100 to the personal computer 300 as security communication.

  FIG. 5 also shows the functional block configuration of the mediation server 400. Also in this embodiment, the functional block is configured as software as a function of the control unit 410 of the mediation server 400 configured as a microcomputer.

  The processing performed by the communication unit 415, the key holding unit 412, and the data processing unit 413 is as described in the first embodiment. For the transfer unit 414, the function of the data processing unit 413 in the mediation communication can be suppressed. The data processing unit 413 performs decryption and encryption processing in the security communication. The transfer unit 414 has a function of transferring data acquired from the personal computer 300 or the printing apparatus 100 directly to the other apparatus. That is, it has a function of controlling whether to use security communication or normal communication.

  Here, each of the transfer unit 414 and the data processing unit 413 is divided into a part that controls downlink communication and a part that controls uplink communication. The downlink mediation processing unit 416a includes a part that controls downlink communication in the transfer unit 414 and the data processing unit 413. On the other hand, the upstream mediation processing unit 416b includes a part that controls each upstream communication.

  That is, the downlink mediation processing unit 416a has a function of transferring received data as it is for data relayed in downlink communication, or performing a process of decryption and re-encryption and transferring the data, and the uplink mediation processing unit 416b has the same function for uplink communication.

  The communication mediation control unit 417 has a function of controlling the downlink mediation processing unit 416a and the uplink mediation processing unit 416b. The communication mediation control unit 417 controls the downlink mediation processing unit 416a based on the communication content in downlink communication, and controls the uplink mediation processing unit 416b based on the communication content in uplink communication.

  The communication mediation control unit 417 includes a downlink communication storage unit 418a and an uplink communication storage unit 418b. These store a table in which the type of communication content is associated with information on whether or not the communication should be security communication. The downlink communication storage unit 418a stores the downlink communication, and the uplink communication storage unit 418b stores the uplink communication. The communication mediation control unit 417 can specify whether or not the communication should be a security communication by searching the table using the communication content as a search key. The downlink communication storage unit 418a is searched for downlink communication, and the uplink communication storage unit 418b is searched for uplink communication.

  FIG. 6 is an explanatory diagram showing an interface for acquiring status information. This is also a screen displayed by the browser program operating on the personal computer 300, as in the case of the first embodiment.

  The browser screen 320 is a browser screen that displays status information of the printing apparatus 100. This is an example in which the user designates the printing apparatus 100 with the print destination instruction unit 312 and clicks the status information display button 313 on the browser screen 310 described in the description of the first embodiment. Accordingly, the mediation server 400 that receives the instruction acquires status information from the printing apparatus 100 and provides the browser screen 320 to the personal computer 300 based on the acquired status information.

  The browser screen 320 includes a display of status information of the printing apparatus 100. Here, status information such as whether or not a print request can be received, the remaining amount of ink, and the type of paper set is displayed.

  FIG. 7 is an explanatory diagram showing an interface for acquiring billing information. This is a case where the printing apparatus 100 is a printing apparatus in a commercial printing service. An example in which the charging information is displayed as the status information of the printing apparatus 100 will be described. The display on the browser screen 321 includes billing information for the current month and the previous month.

  In both cases of the display of the browser screen 320 shown in FIG. 6 and the display of the browser screen 321 shown in FIG. 7, the mediation server 400 mediates upstream communication from the printing apparatus 100 to the personal computer 300. . However, the mediation server 400 mediates normal communication on the browser screen 320, but mediates security communication when displaying the browser screen 321 including billing information.

  FIG. 8 is a flowchart showing the processing of the mediation server 400 in the second embodiment. This shows processing in which the mediation server 400 mediates upstream communication or downstream communication.

  In step Se101, the communication mediation control unit 417 acquires information on the communication direction to be mediated. As a result, the communication mediation control unit 417 specifies whether the communication to be mediated is uplink communication or downlink communication. Here, the communication mediation control unit 417 obtains the communication mediation request received from the printing apparatus 300 or the personal computer 300 and whether the request is transmission / reception via the communication unit 415.

  In Step Se102, it is determined which of the downlink communication storage unit 418a and the uplink communication storage unit 418b is used as the table data used for the search for determining whether or not the mediation communication is to be the security communication. . This is determined based on the direction of communication for mediation.

  In step Se103, communication content data is input, and in step Se104, a table search is performed using the input data as a search key. The communication mediation control unit 417 acquires communication content data via the communication unit 410. Communication content data can be prepared based on a communication mediation request from the printing apparatus 100 or the personal computer 300. Note that the table to be searched is specified in advance in step Se102.

  Here, if the communication content data is unknown and the table search is mis-hit, it is assumed that a search result similar to the default communication content data is generated (step Se105, Se106), and the processing of step Se107 is performed. Done. As default communication content data, print data sending communication (security communication) is set in the downlink communication storage unit 418a, and status information providing communication (normal communication) is set in the uplink communication storage unit 418b.

  Through the above processing, in step Se107, either one of the downstream mediation processing unit 416a or the upstream mediation processing unit 416b is selected and activated, and the security communication or the normal communication is instructed thereto.

  After this, data transmission / reception is performed in the processing after step Se108. Data is received from the communication source device and transferred to the communication destination device. When security communication is used, the communication unit 415 performs the security communication activation process illustrated in FIG. 1 in step Se109a. The data processing unit 413 performs encryption and decryption processing. On the other hand, when normal communication is used, security communication activation processing or the like is not performed (step Se109b). The transfer unit 414 directly circulates the received data for transmission processing.

  Further, in the case of the print mediation process used in the description of the first embodiment, the “communication of print data” communication is specified in the search of the downstream communication storage unit 418a in step Se104, so that the security communication is mediated.

  Further, in the information acquisition process exemplified by the interface, it has been described that normal communication is used in the case of FIG. 6 and security communication is used in the case of FIG. This is based on the fact that the content of the communication to be mediated in the table search in step Se104 is specified as “status information provision” communication in the former and as “billing information provision” communication in the latter.

  Here, in the case of FIG. 6 and the case of FIG. 7, the encryption level in the mediated security communication may be changed. In this case, the search in the upstream communication storage unit 418b also determines the encryption method to be used for security communication to be mediated and the bit length of the key to be used for encryption.

  It should be noted that for uplink communication or downlink communication, whether security communication or normal communication is used may be fixedly determined. At this time, for example, the communication mediation control unit 417 always instructs the upstream mediation processing unit 416a to perform security communication, or always instructs the upstream mediation processing unit 416b to perform security communication.

  In addition, the printing apparatus 100 and the personal computer 300 may explicitly instruct the intermediary server 400 to change whether to apply security communication in mediation of upstream communication or downstream communication.

  By using the print mediation system configured according to the present embodiment, communication can be mediated in a flexible manner to a client connected to the mediation device. The client can selectively use the mediation communication by the security communication and the mediation communication by the normal communication according to the communication content. For proper use, uplink communication and downlink communication can be performed separately, and flexible processing according to communication contents and communication purpose is possible.

  As mentioned above, although the various Example of this invention was described, it cannot be overemphasized that this invention is not limited to these Examples, and can take a various structure in the range which does not deviate from the meaning. For example, the above processing may be realized by hardware as well as by software.

It is explanatory drawing which shows an example of the process which establishes security communication using a public key cryptosystem. It is explanatory drawing which shows the whole structure of a printing mediation system. It is explanatory drawing which shows the interface for performing printing mediation. It is a flowchart which shows the process which performs printing mediation. It is explanatory drawing which shows the system configuration | structure of 2nd Example. It is explanatory drawing which shows the interface which acquires status information It is explanatory drawing which shows the interface which acquires charging information. It is a flowchart which shows the process of the mediation server in 2nd Example.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Printing apparatus 300 ... Personal computer 200 ... Mediation server 210 ... Control unit 212 ... Key holding part 213 ... Data processing part 215 ... Communication part 310 ... Request data 311 ... content instruction unit 312 ... print destination instruction unit 314 ... execute button 313 ... status information display button 400 ... mediation server 410 ... control unit 412 ... Key holding unit 413 ... Data processing unit 414 ... Transfer unit 415 ... Communication unit 416a ... Downstream mediation processing unit 416b ... Upstream mediation processing unit 417 ... Communication mediation control unit 418a ... Downlink communication storage unit 418b ... Uplink communication storage unit 320 ... Browser screen displaying status information 321 ... Browser screen displaying accounting information

Claims (9)

An intermediary device that mediates communication between two clients connected via a network,
A key storage unit for storing at least one secret key used in communication with the client;
An acquisition unit that acquires encrypted data encrypted using a public key corresponding to the secret key from a first client or a key set by communication using the secret key and the public key;
A data processing unit that decrypts the encrypted data using a corresponding key and encrypts the encrypted data again with a key set by communication using the secret key and the public key;
An intermediary device comprising: a sending unit that sends the encrypted data to the second client; The intermediary device according to claim 1,
The intermediary device in which the secret key is common to the two clients. The intermediary device according to claim 1,
An intermediary device that acquires status information of the second client using communication with the second client. The intermediary device according to claim 1,
The first client is a requesting client that originates a service request;
The second client is a service device that provides a service in response to the service request;
An intermediary device comprising a transfer unit that transfers data received from the second client to the first client without encryption. The intermediary device according to claim 1,
The data processing unit is an intermediary device that switches between the encryption mode and the decryption mode according to data contents. The mediation apparatus according to claim 1, which mediates a service request related to printing. An intermediary method for mediating communication between two clients connected via a network,
Storing at least one secret key used in communication with the client;
Obtaining encrypted data encrypted using a public key corresponding to the secret key or a key set by communication using the secret key and the public key from a first client;
Decrypting the encrypted data using a corresponding key, and re-encrypting with a key set in communication using the secret key and the public key;
Sending the encrypted data to the second client. A computer program for causing a mediation device to mediate communication between two clients connected via a network,
A function of storing at least one secret key used in communication with the client;
A function of acquiring encrypted data encrypted using a public key corresponding to the secret key or a key set by communication using the secret key and the public key from a first client;
A function of decrypting the encrypted data using a corresponding key and re-encrypting with a key set in communication using the secret key and the public key;
A computer program for causing the intermediary device to realize a function of sending the encrypted data to the second client. A computer-readable recording medium on which the computer program according to claim 8 is recorded.

Images