JP4566546B2 - Communication apparatus, communication system, and algorithm selection method - Google Patents

Description

  The present invention relates to a communication device, a communication system, and an algorithm selection method, and more particularly, to selection of an encryption algorithm used when data communication such as encryption communication is performed.

<Home appliances>
With the spread of Internet technology in recent years, there has been an active movement to develop various services by connecting mobile terminals and home appliances to the Internet. As an introduction to home appliances that can be connected to the Internet, communication devices such as an ep station are now on the market. The ep station is a device for realizing the ep service as shown in FIG. The features of the ep service are the following two. First, by connecting a broadcasting station and an ep station via the Internet, a service that combines broadcasting and communication, such as TV shopping or a viewer participation program, can be realized. Further, since the ep station has a hard disk, it can store TV programs and advertisement data broadcast from satellites, e-mail data received from the Internet, and the like.

  The current ep station is connected to the Internet using a telephone line. However, with the widespread use of high-speed lines such as ADSL, CATV, and optical fiber, a high-speed Internet connection environment is being prepared at home, and it can be easily imagined that a successor of an ep station capable of high-speed communication will appear in the future.

  Non-Patent Document 1 describes the e-plot form concept that is the predecessor of the ep service, and shows a form of service that links high-quality broadcasting, data broadcasting, stored broadcasting service, and high-speed access to the Internet. . Applications that use the high-speed Internet include download services such as video distribution and music distribution, and monitoring with videophones and network cameras.

  Consider the case of using a network camera among these applications. The network camera can be used for consumer use, such as observing the appearance of a child in a nursery school, the appearance of a parent who is living alone, or the appearance of a home while away from home. In order to prevent such an image with privacy from being stolen on the Internet, it is necessary to protect the image data by encryption or the like.

  Those that require cryptographic communication include the transmission of private data as described above, the transmission and reception of data relating to electronic commerce, the transmission of device control information from the ISP to each customer's system, such as Internet services, mobile phones, etc. There are various uses such as transmission of operation information performed during absence from a personal terminal to a home terminal device (for example, boiling a bath or turning on an air conditioner).

<Cryptographic communication>
Conventionally, when data that requires confidentiality is exchanged on a public network such as the Internet, data encryption processing has been performed. Non-Patent Document 2 describes in detail the danger lurking on the Internet and the technology of encryption and authentication as a countermeasure. Non-Patent Document 3 and the like describe in detail IPsec (Internet Protocol Security), which is a typical encryption / authentication protocol used in the Internet.

  In the following, a general processing flow of cryptographic communication will be described. First, the same encryption algorithm is set on both the data transmission side and the data reception side. In both cases, an encryption key and a decryption key for decrypting data encrypted by the communication partner are set. When the encryption key and the decryption key are the same, it is also called a shared key. Note that the encryption algorithm and key are set manually or by automatic negotiation between the two. When the above settings are completed, encrypted communication is performed according to the following procedure. First, the data transmission side encrypts transmission data using a set encryption algorithm and encryption key, and transmits the encrypted data to the Internet network. When receiving the encrypted packet, the receiving side decrypts the encrypted packet by using the set encryption algorithm and decryption key.

  FIG. 43 shows a system in which a network camera installed in a nursery school and a digital TV in the home are connected via an Internet network so that the mother can watch the situation of the child in the nursery at home. It is a block diagram explaining the part regarding encryption communication.

  In this case, the encryption processing unit 218 packetizes various data with the encryption processing unit 204 of the network camera via the communication processing unit 216 of the digital television itself, the Internet network and the communication processing unit 206 of the other network camera. Communicate in the form. First, since the data transmission side and the data reception side use the same encryption algorithm, the above-described negotiation is performed between the two. In the negotiation of the encryption algorithm, a negotiation packet is exchanged with the other party. First, the encryption information determination unit 214 of the digital television creates a transmission negotiation packet in a predetermined format and proposes an encryption algorithm to be used to the network camera. In the network camera, the proposed encryption algorithm obtained via the communication processing unit 206 and the encryption processing unit 204 is passed as encryption / decryption information to the encryption information determination unit 202 to determine whether the proposed encryption algorithm can be used. This is determined by the unit 202. Then, whether or not it can be used is answered via the encryption processing unit 204 and the communication processing unit 206. The encryption information determination unit 214 of the digital television receives the response via the communication processing unit 216 and the encryption processing unit 218. If the received response is “available”, the proposed encryption algorithm is determined. To the network camera as a negotiation packet, and the negotiation of the encryption algorithm to be used is terminated. Also, the encryption information determination unit 214 informs the encryption processing unit 218 of the determined encryption algorithm and instructs the algorithm setting. Also, the encryption information determination unit 202 informs the encryption processing unit 204 of the determined encryption algorithm and instructs the algorithm setting. Next, the encryption information determination units 214 and 202 and the encryption processing units 218 and 204 perform predetermined communication with each other, and in accordance with a procedure determined according to the set encryption algorithm, an encryption key and a decryption in a determined form Create and set a key. After the encryption key and the decryption key are generated, encrypted communication is possible thereafter. The cryptographic communication application 200 passes the video data captured by the imaging unit (not shown) to the encryption processing unit 204. The encryption processing unit 204 encrypts the video data using the set encryption algorithm, converts it into a data packet, and sends it to the digital television via the communication processing unit 206 and the Internet network. In the digital television, after the data packet is received by the communication processing unit 216, the data is decrypted by the encryption processing unit 218, and the decrypted video data is passed to the encryption communication application 210. The encryption communication application 210 performs processing for displaying the video data of the network camera at a predetermined size on a display of the television.

  In such a conventional negotiation, the encryption information determination unit 214, when making a proposal of an encryption algorithm, is set by a user from a stored encryption algorithm or predetermined in a program. Or choose multiple cryptographic algorithms and suggest them to the other party. When a proposal is received from the other party, the highest priority encryption algorithm is selected and notified as a response to the proposal.

By the way, when there are a plurality of applications such as the encryption communication applications 210 and 212 that need to perform encryption / decryption using an encryption algorithm, and when performing encryption / decryption processing on a plurality of types of data in parallel, both If an algorithm with high encryption strength is used, the encryption algorithm generally requires a large amount of CPU processing power. Therefore, the processing load of multiple cryptographic communication applications and the total load for the multiple cryptographic processing for them are CPU processing power. The system will fail. In order to prevent such a situation, in Patent Document 1, communication data is divided into a plurality of blocks, and an encryption algorithm having a high encryption strength is used for a block in which highly important data is stored. The amount of CPU processing resources required is gradually reduced by using a cryptographic algorithm having a low cryptographic strength for blocks storing low data.
Nomura Atsuko, “Broadband Revolution-Aim! Ubiquitous Network Society”, first edition, Chuo Keizai, April 1, 2001, p. 225-227 (ISBN4-502-57221-X) Euris Black, Hiroaki Hata, Naoto Matsumoto, “Internet Security Guide”, first edition, published by Pearson Education, November 20, 2001, all pages (ISBN4-89471-455-8) Published "RFC2401", IETF (Internet Engineering Task Force) JP 2002-190798 A (page 6, FIG. 6)

  As described above, in cryptographic processing performed in cryptographic communication, it is necessary to perform complicated processing on transmission / reception data. For this reason, encryption communication has a very high processing load compared to communication without encryption. For example, when the high-load processing that must be processed in real time, such as network camera data decryption processing (encryption communication application 210) and TV broadcast video data recording (application 208) overlaps, In the negotiation, an encryption algorithm having a higher encryption strength is selected, so there is a possibility that both cannot be processed at the same time by the processing capability of the built-in CPU. That is, there may be a problem that the recording of the TV broadcast fails or the image of the network camera is disturbed or stopped. FIG. 44 shows the relationship between the processing capability of the built-in CPU, the CPU resources necessary for receiving and displaying the network camera image, and the CPU resources necessary for TV recording. That is, when the total of the CPU resources necessary for receiving and displaying the network camera image and the CPU resources necessary for TV recording exceeds the processing capability of the built-in CPU as shown in FIG. To do.

  Therefore, an object of the present invention is to reduce the load of cryptographic processing while providing cryptographic security as strong as possible when cryptographic communication processing and other high-load processing must be performed at the same time. Is to solve the above-mentioned problems caused by.

  The first communication device of the present invention includes an encryption information determination unit that selects a different encryption algorithm according to a predicted use resource total value or an actual use resource total value from a plurality of encryption algorithms prepared in advance. The communication apparatus includes an encryption processing unit that encrypts a packet in accordance with an encryption algorithm selected by the encryption information determination unit, and a communication processing unit that transmits the packet encrypted by the encryption processing unit.

  The second communication device according to the present invention determines encryption information for selecting a different encryption algorithm according to an encryption algorithm applied to one or more packets received from a communication partner from a plurality of encryption algorithms prepared in advance. A communication processing unit that encrypts a packet addressed to a communication partner according to an encryption algorithm selected by the encryption information determination unit, and a communication processing unit that transmits the packet encrypted by the encryption processing unit .

  According to the first communication device, it is possible to prevent the processing on the communication device side from being hindered due to lack of resources.

  According to the second communication device, it is possible to prevent the processing on the communication partner side from being hindered due to a shortage of resources.

  Hereinafter, various embodiments of the present invention will be described with reference to the drawings.

(Embodiment 1)
FIG. 1 is a configuration diagram of a system according to the first embodiment of the present invention. In FIG. 1, the system according to the first embodiment includes a broadcasting facility 10, a communication device 24, a network camera 12, the Internet 22, and a display (video display device) 40.

  Next, functions of the network camera 12 and the communication device 24 will be described in detail. The network camera 12 includes a photographing unit 14, an encryption processing unit 16, an encryption information determination unit 18, and a communication processing unit 20. Note that an encryption communication application 200 as shown in FIG. 43 may be provided between the photographing unit 14 and the encryption processing unit 16.

  The communication device 24 is a home appliance having a communication function and a recording function, and includes an image receiving unit 26, a recording application 28, a resource monitoring unit 30, an encryption information determining unit 32, a communication processing unit 36, and an encryption unit. A processing unit 38 and a network camera application 34 are provided. In FIG. 1, the components enclosed by broken lines, that is, the recording application 28, the resource monitoring unit 30, the encryption information determination unit 32, the communication processing unit 36, the encryption processing unit 38, and the network camera application 34 are executed by the built-in CPU. It is realized by doing. Note that the algorithm selection method of the present invention is described as being used in the encryption information determination unit 32 in the communication device 24 in the present embodiment.

  Next, the operation of this system will be described.

  First, the operation of the system when performing TV recording will be described. The image receiving unit 26 receives TV broadcast data broadcast by the broadcast facility 10. Subsequently, the recording application 28 records the received TV broadcast data in a storage medium built in the communication device 24. This process is performed using a built-in CPU. The TV recording is completed by continuously performing the above processing from the broadcast start time to the broadcast end time of the TV program to be recorded.

  Next, the operation of the system when displaying the video of the network camera 12 on the display 40 will be described. This process is divided into two processes: a pre-process for performing encrypted communication and a process for actually operating the network camera application 34. Prior processing for performing encrypted communication will be described later. First, an outline of processing for actually operating the network camera application 34 will be described. First, in the network camera 12, the encryption processing unit 16 encrypts the video data photographed by the photographing unit 14. The communication processing unit 20 sends the encrypted video data to the Internet 22 as a packet addressed to the communication device 24. In the communication device 24, the communication processing unit 36 receives the encrypted packet from the Internet 22 and the encryption processing unit 38 decrypts it, and the network camera application 34 outputs the decrypted video data to the display 40. Then, the display 40 displays an image. As described above, the video imaged by the network camera 12 is displayed on the display 40.

  Next, pre-processing for performing encrypted communication will be described. The pre-processing here means an encryption algorithm, an encryption key, and a decryption key used for encryption communication between the encryption information determination unit 18 in the network camera 12 and the encryption information determination unit 32 in the communication device 24. This is a process of negotiating what is used and setting the encryption processing units 16 and 38. Hereinafter, negotiation for preventing a situation where the processing load to be performed by the built-in CPU of the communication device 24 exceeds the processing capability of the built-in CPU as shown in FIG. 44 will be described.

  FIG. 2 is a block diagram illustrating components of the communication device 24 related to the negotiation. In order for the data transmission side and the data reception side to use the same encryption algorithm, negotiation is performed between them. The communication processing unit 36 performs data packet communication with the counterpart communication processing unit. In the negotiation of the encryption algorithm, a negotiation packet is exchanged with the other party. The negotiation packet creation / interpretation unit 48 creates a negotiation packet for transmission in a predetermined format based on an instruction from the encryption algorithm selection unit 42 at the time of transmission, and interprets the contents of the received negotiation packet at the time of reception. Acquisition information is passed to the selection unit 42. The encryption algorithm selection unit 42 notifies the encryption algorithm setting unit 50 of the determined encryption algorithm and instructs the algorithm setting. The encryption processing unit 38 encrypts and decrypts data using the set encryption algorithm. The encryption algorithm selection unit 42 has a CPU usage rate information memory 44 for storing CPU usage rate information obtained from the resource monitoring unit 30 in advance or at the time of negotiation. In the present embodiment, the encryption algorithm selection unit 42 performs encryption algorithm proposal processing and selection processing while referring to the encryption processing usage resource table 46 and the CPU usage rate information obtained from the resource monitoring unit 30. The cryptographic processing usage resource table 46 will be described later.

  In the present embodiment, the encrypted information determination unit 32 generates a negotiation packet and encrypts it, and then transmits the encrypted negotiation packet through the communication processing unit 36. However, other forms may be used. . For example, after the encryption information determination unit 32 generates a negotiation packet and the encryption processing unit 38 encrypts the negotiation packet, the encrypted negotiation packet may be transmitted through the communication processing unit 36. Also, for example, after the encryption information determination unit 32 generates a negotiation packet and the encryption processing unit 38 encrypts the negotiation packet, the encrypted negotiation packet is returned to the encryption information determination unit 32 to determine the encryption information determination. The unit 32 may transmit the encrypted negotiation packet through the communication processing unit 36.

  Here, the CPU usage rate will be described. The CPU usage rate indicates the CPU processing capacity used by individual applications such as the recording application 28 and the network camera application 34 in% when the maximum processing capacity of the CPU is 100%. There are various CPU processing methods, but the most common is a method of processing only one task at a certain time. When a plurality of tasks are processed, these tasks are processed in a time-sharing manner so that they are processed in parallel. There is a method of allocating a short time for a light task and a long time for a heavy task. Another method is to divide the time into fixed short processing time units (referred to as time slots, threads, etc.) and assign unit times to heavy tasks more frequently than light tasks. A time or a processing time unit in which CPU resources are available and the CPU is not processing tasks other than common processing such as a monitor program is detected as an idle state. In such a CPU system, the CPU usage rate of a task may be measured as follows. Using a monitor program or the like in the OS of the CPU, the task being processed is sampled and checked every relatively short time. Consider a case where application A is configured by task A. As a result of examining 1000 times, it is assumed that 500 times is task A and the remaining 500 times the CPU is in a standby state, that is, an idle state. In this case, the CPU usage rate of application A is 50%. The CPU performs a common kernel process such as an OS monitor program, but since this process is small as a whole, it is ignored here.

  It is preferable to increase the number of samples to some extent and measure and use the CPU usage rate smoothed to some extent, for example, the average CPU usage rate for a certain period of time until that time, instead of the instantaneous CPU usage rate at that time. Since the CPU usage rate for a moment or for a short time fluctuates greatly, it is not suitable for calculating the CPU processing capacity required by the application.

  When the process of application A is divided into two parts and executed by task A and kernel processing, if task A is measured 500 times, kernel processing 100 times, and idle state 400 times, The CPU usage rate of application A is 60%. Task A can be measured as 50% and the kernel portion as 10%. Next, a case where two processing programs of application A and application B are executed in parallel will be described. A part of the application B is also processed in the kernel. Although a part of each of application A and application B is processed in the kernel, it is often possible to measure only the CPU usage rate of the entire kernel. That is, it is often impossible to distinguish what application is being processed in the kernel and whether common kernel processing is being executed. Therefore, in this case, the total CPU usage rate of application A and application B can be measured as 100% minus the CPU usage rate of idle processing, but the individual CPU usage rates of application A and application B are Cannot measure. This is because the breakdown of application A and application B in the kernel processing cannot be measured. If only application A is being executed, if application A is 60%, task A is 50%, and the kernel portion is 10% as described above, application B and task B are subtracted by subtraction. The application B portion of the kernel can be calculated.

  Next, the encryption algorithm negotiation process will be described in detail below. Hereinafter, of the encryption information determination unit 18 in the network camera 12 and the encryption information determination unit 32 in the communication device 24, the side that initiates negotiation is called an initiator, and the side that responds to the initiator is called a responder.

  FIG. 3 shows a sequence of encryption algorithm negotiation processing. In FIG. 3, the initiator first transmits a proposal packet including information on a plurality of encryption algorithms (here, encryption algorithms a, b, and c) to the responder. When the responder receives the proposed packet, the responder selects one of the encryption algorithms (here, assumed to be encryption algorithm b), and transmits a response packet including information on the selected encryption algorithm to the initiator. . When the initiator receives the response packet from the responder, the initiator adopts the encryption algorithm (encryption algorithm b) included therein. As described above, both the initiator and the responder are promised to use the same encryption algorithm (encryption algorithm b), and encryption communication can be performed.

  Note that the encryption algorithm proposed by the initiator may be one. Also, the responder does not need to respond if there is no available cryptographic algorithm among the proposed cryptographic algorithms. Further, when the encryption information determination unit 32 in the communication device 24 proposes an encryption algorithm as an initiator or selects an encryption algorithm as a responder, the CPU usage rate information obtained from the resource monitoring unit 30 is used. The specific procedure at that time will be described later.

  The exchange of messages when negotiating the encryption algorithm is not limited to the sequence shown in FIG. 3, and may be performed in accordance with the prescription of the existing key exchange protocol. For example, a key exchange protocol IKE (Internet Key Exchange) that is generally used in combination with IPsec may be used to negotiate a cryptographic algorithm in a prescribed message sequence.

  Further, here, an example in which the encryption algorithm is negotiated once before performing the encryption communication has been described. However, the encryption algorithm may be re-negotiated during the encryption communication.

  Next, the encryption information determination unit 32 in the communication device 24 responds to the initiator from among a plurality of encryption algorithms proposed by the initiator as a responder or a procedure for determining the encryption algorithm proposed to the responder as the initiator. A procedure for selecting the encryption algorithm to be notified will be described. There are various encryption algorithms, but the encryption / decryption processing load and the encryption strength indicating the difficulty of the encryption are different depending on the encryption algorithm. Therefore, in the present embodiment, basically, when the CPU has a margin, the encryption algorithm used for encrypting the network camera video is selected with the highest encryption strength as much as possible to enhance the security, and the CPU has a margin. In the case where there is no CPU resource, one having a low processing load is selected so that CPU resources are not insufficient.

<When communication device 24 is a responder>
4 and 5 are flowcharts in the case where the encryption information determination unit 32 in the communication device 24 becomes a responder. In the following, description is first made along the flowchart of FIG.

  First, the encryption information determination unit 32 (hereinafter referred to as responder) in the communication device 24 obtains a set A of encryption algorithms supported by the encryption processing unit 38 (S401). Here, it enters a state of waiting for a proposal packet from the encryption information determination unit 18 (hereinafter referred to as initiator) in the network camera 12.

  The initiator first waits for a negotiation start request. The negotiation start request is issued when encryption communication is started, after a predetermined time has elapsed since the previous negotiation, or when a negotiation start command is executed. When the initiator receives the negotiation start request (S411), the initiator starts the negotiation. That is, a packet including one or more cryptographic algorithm proposals is transmitted to the responder (S412). The responder that has received the proposal packet reads the proposed encryption algorithm set B from the packet (S402). Since the encryption algorithm that can respond (set C) is the one supported by the cryptographic processing unit 38 (set A) among the proposed encryption algorithms (set B), C = AＣB is obtained (S403). ).

  Now, the process enters a step of selecting an encryption algorithm that responds to the responder (S500). Details of step S500 will be described with reference to the flowchart of FIG.

  As a premise here, the only applications that use the CPU are the recording application 28 and the network camera application 34. At this time, it is assumed that only the video recording application 28 has already used the CPU, and the network camera application 34 has not been activated yet and does not use the CPU.

  First, the responder acquires the CPU usage rate CPUUtil from the resource monitoring unit 30 (S501). CPUUtil represents the CPU usage rate by the application being executed at that time (or the total when there are a plurality of applications). However, as already described, the CPU usage rate notified by the resource monitoring unit 30 to the encryption information determination unit 32 is not the instantaneous CPU usage rate at that time, but a CPU usage rate smoothed to some extent (for example, the CPU usage rate). The average CPU usage rate for a certain period of time until the time is used. This is because using the instantaneous CPU usage rate is greatly affected by temporary fluctuations in the CPU usage rate, so it cannot be an appropriate criterion for selecting an encryption algorithm to be used for a certain period of time.

  Next, a set D of cryptographic algorithms satisfying the following formula (Formula 1) is obtained from the set C of replyable cryptographic algorithms (S502).

CPURecord + CPUCamera (x) ≦ α (Formula 1)
Here, CPURecord is a CPU resource consumed by the recording application 28, and CPUCamera is a CPU resource required by the network camera application 34 when performing cryptographic communication using the cryptographic algorithm x. Therefore, the fact that (Equation 1) is satisfied means that even when TV recording and encryption communication using the encryption algorithm x are performed simultaneously, the average CPU usage rate is α [%] or less, and both tasks are executed normally. It means that. As the value of α, for example, a value such as 95% is set in advance. In step S501, the encryption information determination unit 32 determines, from the resource monitoring unit 30, the CPU usage rate necessary for calculating the CPU resources required for the entire system when encryption processing is performed for each of the plurality of encryption algorithms. The total processing load estimation procedure for acquiring and estimating the total processing load (CPURecord + CPUCamera (x)) is performed in step S502. Further, in step S502, in order to obtain an encryption algorithm (set D) that satisfies (Equation 1), a comparison procedure for comparing the total processing load and α that is the first reference value is performed for each encryption algorithm. is doing.

  FIG. 6 shows an example in which the elements of the set C are encryption algorithms a, b, and c. In this case, encryption algorithms (set D) satisfying (Equation 1) are encryption algorithm b and encryption algorithm c.

  CPURecord and CPUCamera (x) are obtained as follows using the above-described concept of CPU usage. First, since only the recording application 28 is using the CPU at this time, CPURecord = CPUUtil. CPUCamera (x) is obtained as CPUCamera (x) = CPUCameraConst + CPUCameraEnc (x). Here, CPUCameraConst is a CPU resource consumed by the network camera application 34 in a process other than the encryption process, and CPUCameraEnc (x) is a CPU resource consumed in the encryption process when the encryption algorithm x is used.

  Assuming that CPUCameraEnc (x) is proportional to the communication speed in the application layer, it is obtained as follows. CPUCameraEnc (x) = (CameraRate / EncRate (x)) × 100 [%]. Here, CameraRate is a communication speed in the application layer of communication performed by the network camera application 34, and EncRate (x) is an application when the built-in CPU is used 100% only for cryptographic communication processing using the cryptographic algorithm x. The communication speed at the layer.

  It is assumed that the values of CPUCameraConst and CameraRate used here are not measured but given by the system. Further, the encryption processing use resource table 46 as shown in FIG. 7 is provided in the encryption information determination unit 32 as shown in FIG. The cryptographic processing resource table 46 stores the encryption strength ranks along with EncRate (x) of each cryptographic algorithm. Thus, EncRate (x) can be obtained from the encryption algorithm x.

  Although the case where the network camera application 34 has not been started has been described here, if the network camera application 34 has already been started and z is used as the encryption algorithm, CPURecord = CPUUtil−CPUCamera ( As in z), CPU resources necessary for the recording application 28 can be obtained. If the value of CPURecord is given from the system, that value can also be used. CPURecord may be an average CPU usage rate during a period in which only the recording application 28 was previously executed on the CPU. CPUCamera (x) may be an average CPU usage rate during a period in which only the network camera application 34 using the encryption algorithm x was previously executed on the CPU. In this case, the CPU usage rate information is stored in the CPU usage rate information memory 44 of FIG.

  CPURecord (%) can be paraphrased as (average CPU resource used in TV recording (mega instruction / second: MIPS) / CPU capability (MIPS)) * 100 (%). CPUCameraConst (%) can be rephrased as (average CPU resource used in camera application (MIPS) / CPU capability (MIPS)) * 100. CameraRate (Mbps) can be restated as the average data transfer amount of the camera application. In addition, EncRate (x) (Mbps) can be rephrased as the average CPU resource (MIPS / Mbps) necessary for encrypting data of 1 Mbps with the maximum CPU resource (MIPS) / encryption algorithm x.

  Next, it is determined whether or not the set D is an empty set, that is, whether or not there is an encryption algorithm that satisfies (Equation 1) (S503). In the case of an empty set, that is, when there is no encryption algorithm satisfying (Equation 1), it indicates that any of the encryption algorithms is used, the CPU resource is insufficient. Therefore, in order to reduce the CPU processing load as much as possible, Among the possible cryptographic algorithms (set C), the one with the lowest processing load is selected (S505).

  On the other hand, if the set D is not an empty set, the encryption algorithm with the highest encryption strength is selected (S504). In the example of FIG. 6, the encryption algorithm b having the higher encryption strength is selected from the encryption algorithms b and c included in the set D. Information on the processing load and encryption strength of the encryption algorithm can be obtained from the encryption processing use resource table 46 of FIG. In steps S503 and S504, a selection procedure for selecting one or a plurality of encryption algorithms in which the total processing load is lower than the first reference value is performed.

  In the present embodiment, when the set D is an empty set, the encryption algorithm with the lowest processing load among the sets C is notified as a response. However, in this case, the processing capacity of the CPU may be exceeded. If the recording application 28 is given priority, the response packet is not transmitted to the initiator, and the network camera application 34 is not started or can be interrupted if it has already started. Further, the camera video may be thinned out and transmitted with reduced image quality.

  Hereinafter, description will be made again with reference to FIG. The responder transmits a response packet including information on the encryption algorithm selected in step S500 to the initiator (S404).

  Next, the responder sets the encryption algorithm in the encryption processing unit 38 in order to actually use the encryption algorithm notified of the response (S405). On the other hand, the initiator receives the response packet from the responder (S413), and sets the encryption algorithm notified of the response in the encryption processing unit 16 in the network camera 12 (S414).

  Thereafter, the network camera 12 converts the video data captured by the imaging unit 14 into encrypted data using the encryption function of the set encryption algorithm in the encryption processing unit 16 and is set in the encryption information determination unit 18. An identification ID of the information SA called a security association that identifies the encryption algorithm identifier or the encryption algorithm and key is attached. The encrypted data is sent as a packet to the Internet 22 through the communication processing unit 20. The communication processing unit 36 of the communication device 24 receives the packet, and based on the attached encryption algorithm identifier or SA identification ID, the encryption processing unit 38 uses the encryption algorithm agreed and agreed on to Decoding is performed, and the video data obtained as a result is displayed on the display 40.

<When communication device 24 is an initiator>
Next, a procedure in the case where the encryption information determination unit 32 in the communication device 24 becomes an initiator and negotiates with the encryption information determination unit 18 in the network camera 12 will be described. 8 and 9 are flowcharts showing the operation procedure at this time. Below, it demonstrates first along the flowchart of FIG.

  First, the encryption information determination unit 32 (hereinafter referred to as initiator) in the communication device 24 obtains a set A of encryption algorithms supported by the encryption processing unit 38 (S801). Then, the initiator waits for a negotiation start request. The negotiation start request is issued when encryption communication is started, after a predetermined time has elapsed since the previous negotiation, or when a negotiation start command is executed.

  Upon receiving the negotiation start request (S802), the initiator selects an encryption algorithm using the CPU usage rate (S900). The detailed procedure of step S900 is almost the same as that in the case where the communication device 24 is a responder (step S500 in FIG. 4, ie, FIG. 5), as shown in steps S901 to S905 in FIG. To do. The only difference is whether the set for selecting the cryptographic algorithm is a cryptographic algorithm capable of sending a response (set C) or a supported cryptographic algorithm (set A).

  Next, the initiator proposes the selected encryption algorithm to the responder (S803).

  In the responder, first, a set E of cryptographic algorithms supported by the cryptographic processing unit 16 is obtained (S811). Thereafter, when a proposed packet is received from the initiator (S812), it is determined whether the cryptographic processing unit 16 supports the proposed cryptographic algorithm (that is, whether the proposed cryptographic algorithm is included in the set E) (S813). . If the cryptographic processing unit 16 does not support the proposed cryptographic algorithm (that is, the proposed cryptographic algorithm is not included in the set E), a response cannot be returned to the initiator, so the negotiation fails, and the following Wait for the proposal packet. If the cryptographic processing unit 16 supports the proposed cryptographic algorithm (that is, the proposed cryptographic algorithm is included in the set E), the cryptographic algorithm is notified to the initiator (S814), The encryption algorithm notified of the response is set in the encryption processing unit 16 (S815).

  Upon receiving the response packet (S804), the initiator sets the encryption algorithm notified of the response in the encryption processing unit 38 (S805).

  As described above, according to the present embodiment, when the encryption algorithm to be notified to the initiator or to be proposed to the responder is selected, the one having the highest encryption strength within a range in which CPU resources are not insufficient. You can choose. Therefore, it is possible to prevent a shortage of CPU resources when an application requiring encryption communication such as the network camera application 34 and other processing such as TV recording are performed in parallel while maintaining as strong security as possible. it can.

  In the present embodiment, one encryption algorithm is proposed for the responder. However, if the priority is lowered, a plurality of other encryption algorithms may be proposed.

  In this embodiment, the application other than the network camera application 34 is only for TV recording. However, when there is an application other than TV recording, the above-mentioned “CPURecord” is set to “encryption algorithm negotiation target”. Similar processing is possible by rereading as “the total CPU usage rate used by all applications other than encrypted communication”.

  Further, in the description of the present embodiment, “when the network camera application 34 has already been started and z is used as the encryption algorithm, the video recording application 28 is expressed as CPURecord = CPUUtil−CPUCamera (z)”. However, if the CPUUtil exceeds α [%], the CPURecord is estimated to be small (the reason will be described later). As a result, even if cryptographic communication is performed using the cryptographic algorithm selected in steps S502 and S902, the CPU utilization rate may exceed α [%]. In order to avoid such a problem, if the CPU usage rate acquired in steps S501 and S901 exceeds α [%], either set C (for responder) or set A (for initiator) A cryptographic algorithm with the lowest processing load may be selected.

  “CPUUtil exceeds α [%]” means that the CPU resource required by the recording application 28 is not completely secured when the CPUUtil is measured. A specific example will be described. It is assumed that CPURecord, which is a CPU resource necessary for TV recording, is 80%. Further, when the encryption algorithm z is used, it is assumed that CPUCamera (z) that is a CPU resource required by the network camera application 34 is 40%. Further, α = 95%. When the CPU is executing TV recording and the network camera application 34 (including encryption processing), the required CPU resource is 80% + 40% = 120%, but the CPU usage rate does not exceed 100%. Therefore, the measured value CPUUtil of the CPU usage rate is measured as a value close to 100% (a value exceeding α = 95%, for example, 98%). At this time, the TV recording and network camera application 34 are not operating normally. When CPURecord is calculated based on CPUUtil measured in such a state, CPURecord = CPUUtil−CPUCamera (z) becomes 98% −40% = 56%. The correct value of 80% is erroneously calculated as 56%. That is, CPURecord is estimated to be smaller than actual. Here, for example, when there is an encryption algorithm with CPUCamera (y) = 30%, CPURecord + CPUCamera (y) = 56% + 30% = 86% <95% (α), and the encryption algorithm y can be selected. However, since the CPU resource that is really necessary for TV recording is 80%, the CPU resource that is really necessary for executing the TV recording and the network camera application 34 is 80% + 30% = 110%> α. As a result, it cannot operate normally. In other words, when CPUUtil> α is measured, it means that sufficient CPU resources are not always allocated to the application being executed at that time. Therefore, if it is determined that CPUUtil> α and it is estimated that the normal operation is not performed, the true CPURecord cannot be obtained, and an appropriate encryption algorithm cannot be selected. It is also possible to select an encryption algorithm with the lowest processing load that has a relatively high possibility of normal operation. Of course, there is not always a guarantee that the encryption algorithm with the lowest processing load is selected, so that the operation may be switched to a mode for reporting an abnormal operation. In this mode, processing such as temporarily suspending the processing of unnecessary and urgent applications or slowing down the processing speed and securing necessary CPU resources may be performed.

(Embodiment 2)
Next, a second embodiment will be described. However, description of parts that are not different from the first embodiment, such as the entire system configuration, is omitted here, and the drawing of the first embodiment is used. The only difference from the first embodiment is the procedure for selecting an encryption algorithm, which will be described below.

  In the second embodiment, unlike the first embodiment, a method that can be applied even when the CPU resources necessary to execute the network camera application 34 are not known will be described.

<When communication device 24 is a responder>
10 and 11 are flowcharts in the case where the encryption information determination unit 32 in the communication device 24 becomes a responder. In the following, description is first made along the flowchart of FIG.

  First, the encryption information determination unit 32 (hereinafter referred to as responder) in the communication device 24 obtains a set A of encryption algorithms supported by the encryption processing unit 38 (S1001). In this way, it enters a state of waiting for a proposal packet from the encryption information determination unit 18 (hereinafter referred to as initiator) in the network camera 12.

  The initiator first receives a negotiation start request (S1011), and starts negotiation. That is, a packet including one or more cryptographic algorithm proposals is transmitted to the responder (S1012). The responder that has received the proposed packet reads the proposed algorithm set B from the packet (S1002). The cryptographic algorithm (set C) that can be notified by the responder is the one supported by the cryptographic processor 38 (set A) among the cryptographic algorithms (set B) proposed by the initiator, and C = A∩B (S1003).

  Next, the responder selects an encryption algorithm from the set C (S1100). Details of step S1100 will be described with reference to the flowchart of FIG.

  First, the responder determines whether this encryption algorithm negotiation is before the start of encryption communication (S1104). Prior to the start of cryptographic communication, priority is given to reducing the CPU load over the cryptographic strength, and the cryptographic algorithm with the lowest processing load in the set C is notified as a response (S1102).

  If the encryption communication has already started, the responder switches the encryption algorithm for notifying the response according to the CPU usage rate at that time. First, the CPU usage rate CPUUtil including the encryption algorithm currently used, that is, the currently used encryption algorithm is acquired from the resource monitoring unit 30 (S1103). Next, two values γ [%] and δ [%] (γ ≧ δ) are used as thresholds for switching the encryption algorithm. The values of γ and δ are determined in advance as, for example, 90 [%] and 70 [%]. If δ <CPUUtil <γ, it is determined that the CPU usage rate is not too high and not too low, and the encryption algorithm currently used is selected (S1104, S1108, S1107).

  When CPUUtil ≧ γ (S1104), the responder determines that the CPU load is too high, and selects an encryption algorithm having a lower CPU load than the currently used encryption algorithm. However, in order to use an encryption algorithm that is as strong as possible, if there is an encryption algorithm having a lower CPU load than the currently used encryption algorithm, the one with the highest encryption strength is selected (S1105, S1106). ). If the currently used encryption algorithm has the lowest load in the set C, the encryption algorithm is selected (S1105, S1107).

  In the case of CPUUtil ≦ δ (S1104, S1108), the responder determines that the CPU resource has room, and if there is an encryption algorithm whose encryption strength is higher than that of the encryption algorithm currently used, the encryption algorithm is selected. Select (S1109, S1110). However, in order to prevent the CPU load from suddenly increasing, an encryption algorithm with the lowest processing load is selected from among encryption algorithms having higher encryption strength than the encryption algorithm currently used. If the currently used encryption algorithm is the one with the highest encryption strength in the set C, the encryption algorithm is selected (S1109, S1107).

  In step S1103, it is assumed that the CPU usage rate CPUUtil is obtained in advance by a procedure for obtaining an average value of CPU usage rates measured during a certain period up to that time at an arbitrary time during the execution of the cryptographic process. Further, in this step S1103, the CPU usage rate CPUUtil may be obtained. In step S1104, the CPU usage rate is compared with the second reference value γ. In step S1105 and step S1106, if the CPU usage rate is higher than the second reference value as a result of the comparison, one or more encryption algorithms having a lower load than the encryption algorithm used at that time are selected. The procedure is being implemented.

  In step S1106, step S1109, and step S1110, a cryptographic algorithm is selected based on the cryptographic strength. For this purpose, a procedure for determining the order of the cryptographic strength is performed before or during these steps. The encryption processing usage resource table 46 of FIG. 7 stores the encryption strength rank of each encryption algorithm as encryption strength data together with EncRate (x) of each encryption algorithm. By referring to the encryption strength data, the encryption algorithm based on the encryption strength can be easily selected.

  Step S1108 is a procedure for comparing the CPU usage rate with the third reference value δ. In steps S1109 and S1110, when the CPU usage rate is lower than the third reference value, a procedure for selecting one or a plurality of encryption algorithms having higher encryption strength than the encryption algorithm used at that time is executed. ing.

  In step S1104 and step S1108, the CPU usage rate is compared with the second reference value γ and the third reference value δ. If the CPU usage rate is lower than the second reference value γ and higher than the third reference value δ, step S1107 is performed. Then, the procedure for selecting the encryption algorithm used at that time is executed.

  Hereinafter, the description will return to FIG. 10 again. First, the responder notifies the initiator of the encryption algorithm selected in step S1100 (S1004).

  Next, in order to actually use the encryption algorithm notified of the response, the encryption algorithm is set in the encryption processing unit 38 (S1005). On the other hand, the initiator receives the response packet from the responder (S1013), and sets the encryption algorithm notified of the response in the encryption processing unit 16 in the network camera 12 (S1014).

<When communication device 24 is an initiator>
Next, a procedure in the case where the encryption information determination unit 32 in the communication device 24 becomes an initiator and negotiates with the encryption information determination unit 18 in the network camera 12 will be described. 12 and 13 are flowcharts showing the operation procedure at this time. Below, it demonstrates first along the flowchart of FIG.

  First, the encryption information determination unit 32 (hereinafter referred to as initiator) in the communication device 24 obtains a set A of encryption algorithms supported by the encryption processing unit 38 (S1201). Then, the initiator waits for a negotiation start request. The negotiation start request is issued when encryption communication is started, after a predetermined time has elapsed since the previous negotiation, or when a negotiation start command is executed.

  Upon receiving the negotiation start request (S1202), the initiator selects an encryption algorithm using the CPU usage rate (S1300). The detailed procedure of step S1300 is almost the same as that in the case where the communication device 24 is a responder (S1100 in FIG. 10, ie, FIG. 11) as shown in steps S1301 to S1310 in FIG. . The only difference is whether the set for selecting the cryptographic algorithm is a cryptographic algorithm capable of sending a response (set C) or a supported cryptographic algorithm (set A).

  Then, the initiator proposes the selected encryption algorithm to the responder (S1203).

  In the responder, first, a set E of cryptographic algorithms supported by the cryptographic processing unit 16 is obtained (S1211). After that, when a proposed packet is received from the initiator (S1212), it is determined whether the cryptographic processor 16 supports the proposed algorithm (that is, whether the proposed cryptographic algorithm is included in the set E) (S1213). If the cryptographic processing unit 16 does not support the proposed cryptographic algorithm (that is, the proposed cryptographic algorithm is not included in the set E), a response cannot be returned to the initiator, so the negotiation fails, and the following Wait for the proposal packet. If the cryptographic processor 16 supports the proposed cryptographic algorithm (that is, the proposed cryptographic algorithm is included in the set E), the cryptographic algorithm is notified to the initiator (S1214). The encryption algorithm notified of the response is set in the encryption processing unit 16 (S1215).

  Upon receiving the response packet (S1204), the initiator sets the encryption algorithm notified of the response in the encryption processing unit 38 (S1205).

  As described above, according to the present embodiment, when selecting an encryption algorithm to notify a response to the initiator or to propose a response to the responder, the encryption algorithm currently used according to the CPU usage rate Can be switched to a more appropriate encryption algorithm. Therefore, while keeping security as strong as possible, it is possible to prevent a shortage of CPU resources when an application that requires encrypted communication such as the network camera application 34 and other processing such as TV recording are performed in parallel. Can do.

  In the present embodiment, one encryption algorithm is proposed for the responder. However, if the priority is lowered, a plurality of other encryption algorithms may be proposed.

(Embodiment 3)
Next, a third embodiment will be described. However, description of parts that are not different from the first embodiment, such as the entire system configuration, is omitted here, and the drawing of the first embodiment is used. The difference from the first embodiment is only the timing for performing encryption algorithm negotiation and the procedure for selecting the encryption algorithm, and will be described below.

  In the third embodiment, the communication device 24 periodically detects a change in CPU usage rate, and the encryption information determination unit 32 in the communication device 24 does not change at a predetermined timing but at a timing when the CPU usage rate changes. It becomes an initiator and negotiates with the encryption information determination unit 18 in the network camera 12.

  14 and 15 are flowcharts showing the operation procedure of the third embodiment. In the following, description is first made along the flowchart of FIG.

  First, the encryption information determination unit 32 obtains a set A of encryption algorithms supported by the encryption processing unit 38 (S1401). In addition, the encryption information determination unit 18 obtains a set E of encryption algorithms supported by the encryption processing unit 16 (S1421).

  Next, before encryption communication is started, encryption algorithm negotiation is performed between the encryption information determination units 32 and 18 in accordance with the procedure of the first embodiment (S1402, S1422). Then, encrypted communication is started using the encryption algorithm selected in accordance with this negotiation. At this time, the encryption information determination unit 32 holds the CPU usage rate at this time as preCPUUtil. Here, whichever is the initiator may negotiate.

Now, while continuing the encryption communication thereafter, the encryption information determination unit 32 periodically acquires the CPU usage rate CPUUtil from the resource monitoring unit 30 (S1403). Then, the difference CPUdiff from the CPU usage rate preCPUUtil at the time of the previous negotiation is calculated as follows.
CPUdiff = CPUUtil-preCPUUtil

Here, the encryption information determination unit 32 determines whether or not the difference between CPUUtil and preCPUUtil is greater than a certain fixed value β [%] based on whether the following inequality holds (S1404).
｜ CPUdiff | ≧ β
Note that the value of β is determined in advance, for example, 5%. If this expression does not hold, that is, if the change in the CPU usage rate is less than β [%] compared to the previous negotiation, the encryption information determination unit 32 determines that it is not necessary to change the encryption algorithm, and negotiates. Do not do.

  When the above inequality holds, that is, when the change in the CPU usage rate is β [%] or more compared to the previous negotiation, the encryption information determination unit 32 may need to change the encryption algorithm. The encryption algorithm to be used is determined (S1500). The detailed procedure of step S1500 is almost the same as that in the case where the communication device 24 of the first embodiment is an initiator (S900 of FIG. 8, ie, FIG. 9) as shown in steps S1501 to S1506 of FIG. Then, explanation is omitted. The only difference is whether the proposal packet is always transmitted or only when the encryption algorithm is changed (S1503, S1505). As a result, if it is necessary to change the encryption algorithm, the encryption information determination unit 32 transmits the proposed packet to the responder as an initiator (S1405).

  Next, the responder transmits a response packet to the received proposal packet (S1423 to S1425), and sets the encryption algorithm notified of the response in the encryption processing unit 16 (S1426). When the initiator receives the response packet (S1406), the initiator sets the encryption algorithm notified of the response in the encryption processing unit 38 (S1407). The above procedure (S1406, S1407, S1423 to S1426) is exactly the same as when the communication device 24 of the first embodiment is an initiator (S804, S805, S812 to S815 in FIG. 8), and thus detailed description is omitted. To do.

  Finally, in order to calculate the change in the CPU usage rate in the next step S1403, the value of the CPU usage rate CPUUtil here is set to preCPUUtil (S1408).

  As described above, according to the present embodiment, an application that requires encrypted communication such as the network camera application 34 and other processing such as TV recording are performed in parallel while maintaining as strong security as possible. CPU resource shortage can be prevented. In addition, since the encryption algorithm is reviewed when the CPU usage rate changes, the optimal encryption algorithm can be selected flexibly and efficiently.

  Here, the value of β is a constant value, but the β value is dynamically changed based on the currently used encryption algorithm or the CPU resources required by other encryption algorithms included in the set A. Also good. For example, if the β value is small compared to the difference between the CPU usage rates of a plurality of cryptographic algorithms, even if the CPU usage rate changes little at that time, the change amount exceeds the β value, so the selection determination in step S1500 However, it is found that there is not enough CPU usage rate to change the encryption algorithm, and the selection determination is wasted. If the CPU usage rate difference value between the selected cryptographic algorithm and the CPU usage rate is the β value, and the β value is dynamically changed according to the selected cryptographic algorithm, wasteful processing can be reduced. .

(Embodiment 4)
Next, a fourth embodiment will be described. However, description of parts that are not different from the first embodiment, such as the entire system configuration, is omitted here, and the drawing of the first embodiment is used. The difference from the first embodiment is only the timing for performing encryption algorithm negotiation and the procedure for selecting the encryption algorithm, and will be described below.

  In the fourth embodiment, the encryption information determination unit 32 in the communication device 24 and the encryption information determination unit 18 in the network camera 12 agree on a plurality of encryption algorithms at the time of encryption algorithm negotiation. When the packet is transmitted on the encryption side, any one of the agreed encryption algorithms is used to encrypt the transmission packet so that the decryption side can correctly decrypt the packet.

  In the following, an operation procedure on the side for selecting an encryption algorithm based on the CPU usage rate and encrypting a transmission packet using the encryption algorithm and an operation procedure on the other side are shown.

  16 and 17 are flowcharts showing the operation procedure of the fourth embodiment. The left side of FIG. 16 and FIG. 17 show the operation procedure of the side that selects the encryption algorithm based on the CPU usage rate (here, the encryption information determination unit 32 in the communication device 24), and the right side of FIG. An operation procedure of the encryption information determination unit 18 in the network camera 12 is shown here. In the following, description is first made along the flowchart of FIG.

<Operation procedure on the encryption algorithm selection side>
First, the operation procedure on the encryption algorithm selection side will be described. The encryption algorithm selection side performs encryption algorithm negotiation with the encryption algorithm notified side (S1601). At this time, a plurality of encryption algorithms are agreed with the communication partner, and encryption keys and decryption keys for all the encryption algorithms are generated. A set of cryptographic algorithms agreed here is set as a set F.

  Next, it waits until a packet transmission request is generated (S1602). When a packet transmission request is generated, an encryption algorithm to be used is selected from the CPU usage rate (S1700). The details of the encryption algorithm selection method in step S1700 are substantially the same as the algorithm selection method in the first embodiment (S500 in FIG. 4 and FIG. 5) as shown in steps S1701 to S1705 in FIG. Then, explanation is omitted. The only difference from the algorithm selection method in the first embodiment is whether the set of encryption algorithms as options is set C or set F.

  Although the encryption algorithm used for each packet transmission is selected here, it may be selected for each of a plurality of packets or at regular intervals.

  Finally, the transmission packet is encrypted and transmitted with the selected encryption algorithm (S1603), and the state returns to accepting the packet transmission request (S1602).

  The packet transmission request accepted in step S1602 is generated by the operation of the application as in the case of transmitting an instruction for controlling the network camera 12 to the network camera 12, or generated by the operation of the protocol in the IP layer or the like. There can be. A typical example is that when a user presses an operation button provided on the communication device 24, a camera application operates in the communication device 24, and this camera application requests the network camera 12 to transmit a video data packet. This is the case. At the same time, communication control packets and encryption algorithm negotiation packets may be encrypted.

  In step S1603, the packet that has received the transmission request in step S1602 is encrypted and transmitted.

  When the network camera 12 decrypts the encrypted packet transmitted in step S1603, it is determined by which encryption algorithm the packet is encrypted by referring to the SA identification ID (SPI) attached to the encrypted packet. Then, the encryption is decrypted. This step may be performed in the flowchart of FIG. 16 or may be performed according to the flowchart of decryption of the received packet.

<Operation procedure of the other party>
Next, the other party's operation | movement procedure is demonstrated. First, the partner side performs encryption algorithm negotiation with the encryption algorithm selection side (S1621). At this time, a plurality of encryption algorithms are agreed with the encryption algorithm selection side, and encryption keys and decryption keys of all the encryption algorithms are generated. Then, it is determined whether or not an encrypted packet is received from the communication device 24 (S1622). If the determination result is YES, the encryption processor 16 uses the encryption algorithm applied to this packet. The encryption algorithm is set (S1623).

  Next, it is checked whether a packet transmission request has occurred (S1624). If a packet transmission request has occurred, the transmission packet is encrypted using the encryption algorithm set in step S1623 and transmitted (S1625).

  In order for the communication device 24 to receive the packet transmitted in step S1625, it is determined whether or not an encrypted data packet has been received between steps S1603 and S1602 executed by the communication device 24. In this case, a step of performing decryption may be added. In addition to the procedure of this flowchart, the communication device 24 may perform a procedure for receiving and decrypting a packet of encrypted data upon an interrupt or the like.

  As described above, according to the present embodiment, when the encryption algorithm selection side changes the encryption algorithm to be used in order to agree that the encryption algorithm selection side and the other side use a plurality of encryption algorithms in advance, In addition, there is no need to negotiate cryptographic algorithms. Therefore, the CPU load can be controlled more flexibly.

  By the way, in the fourth embodiment, when there is a margin in CPU resources, the communication device 24 selects an encryption algorithm having a higher load than the encryption algorithm used so far and notifies the network camera 12 of it. However, when the CPU usage rate increases for some reason in the communication device 24 immediately after the notification, the network camera 12 receives a camera video packet encrypted by the encryption algorithm x immediately before the CPU usage rate increases. In the communication device 24, there is a risk that this packet cannot be decrypted because of insufficient CPU resources. In order to prevent such a risk, when communication is performed using an encryption algorithm, in the communication device 24, addition or change of an application that increases the consumption of CPU resources is prohibited until the end of the encryption communication. It is sufficient to notify the OS and the user of the danger and perform appropriate processing. Such danger prevention processing can also be applied to other embodiments of the present invention.

  In the first to fourth embodiments, the estimated value is obtained from the resource monitoring unit 30 when the estimated value of the CPU usage rate by each application becomes necessary. By the way, in many cases, it is known in advance which application is executed in parallel among various applications that may be executed in the communication device 24. For such applications, each of them is executed beforehand in advance, the CPU usage rate at that time is measured by the resource monitoring unit 30, and the measured value is stored in the CPU usage rate information memory 44 as a default value. Alternatively, this default value may be taken out and used at the time of negotiation. Also, for two or more applications that may be executed in the same combination, the CPU usage rate is measured by executing it simultaneously in advance on a trial basis, or the CPU usage rate during the period when the same combination has been executed in the past. Alternatively, the measurement result may be stored in the CPU usage rate information memory 44 as a default value, and the default value may be taken out and used at the time of negotiation. Alternatively, the CPU usage rate by each application may be calculated when the communication device 24 is designed, and the calculation result may be stored in the CPU usage rate information memory 44 as a predetermined value.

  The CPU usage rate mechanism and measurement method may be in accordance with the mechanism and measurement method applied by the adopted CPU, and is not limited to the example described above.

  Further, in this embodiment, the encryption algorithm used by the encryption algorithm selection side is determined based on the encrypted packet received from the encryption algorithm selection side by the other party, but instead, the encryption algorithm selection side A packet for notifying the encryption algorithm used on the encryption algorithm selection side may be separately transmitted to the other side. In this case, the other party may encrypt the packet to be transmitted to the encryption algorithm selection side using the encryption algorithm notified from the encryption algorithm selection side.

  In the first to fourth embodiments, the encryption algorithm selection method in the communication device 24 having a recording function has been described. Needless to say, the present invention can also be applied to a communication device having a function other than the recording function. Yes. Also, the communication partner device (not limited to the network camera) also has the negotiation mechanism of the present invention, and performs negotiation between the two while selecting a plurality of algorithms applicable according to the CPU usage rate in the device. It is possible to select an algorithm to be finally used.

(Embodiment 5)
FIG. 18 is a block diagram showing a configuration of a communication apparatus according to Embodiment 5 of the present invention. Referring to FIG. 18, the communication apparatus includes a schedule unit 64, applications 60 and 62, encrypted communication applications 70 and 72, an encryption information determination unit 74, a communication processing unit 78, an encryption processing unit 80, and a resource monitoring unit 82. . Hereinafter, like the communication device 24 shown in FIG. 1, the communication device will be described as having functions such as TV reception, TV recording, playback of recorded programs, and reception and display of camera video by encrypted communication.

  The schedule unit 64 performs registration of reservation of each application, management of execution time, and execution control according to a reservation command from the remote controller or the outside. As an example, the application 60 is an application (corresponding to the recording application 28 in FIG. 1) that records video data obtained by receiving a television broadcast in a hard disk memory and reproduces it with time shift. To do. TV broadcast recording is designated as task a, and time-shifted reproduction is designated as task c. The encryption communication application 70 is an application (corresponding to the network camera application 34 in FIG. 1) that decrypts camera video data sent from the network camera and displays it on the display as an example. Application B consists of task b and uses a cryptographic algorithm.

  The encryption information determination unit 74 includes various pieces of information (for example, used resource information and encryption strength information consumed by each encryption algorithm) necessary for selecting, proposing, and determining the encryption algorithm in the negotiation of the encryption algorithm to be used, and encryption communication. (For example, information relating to keys such as a public key, a secret key, and a shared key used for encryption / decryption) necessary for encryption, and an encryption algorithm to be used is selected and determined.

  The cryptographic processing unit 80 includes a plurality of cryptographic algorithm processing means (or a program for executing a cryptographic algorithm processing procedure), and includes a key, a public value, a public key, and a key used for negotiation packet processing and encryption / decryption. Creates a secret key / shared key, encrypts data to be transmitted, and decrypts received data.

  The communication processing unit 78 transmits the packet created by the encryption processing unit 80 to the Internet network in a predetermined communication protocol format, extracts the packet from the communication protocol format data received from the Internet network, and performs the encryption processing unit. Pass to 80.

  Next, the operation of the communication apparatus according to this embodiment will be described.

  First, the operation when performing TV recording will be described. In the communication apparatus of FIG. 18, an image receiving unit (not shown) receives TV broadcast data, and then the application 60 records the received TV broadcast data in a storage medium (not shown) built in the communication apparatus. . This process is realized by executing the process of task a in the application 60 by the CPU built in the communication apparatus. The TV recording is completed by continuously recording the TV program of the channel to be recorded from the broadcast start time to the broadcast end time.

  For TV recording reservation, the user instructs the recording channel number, recording start time, and recording end time in advance using the remote controller, and the scheduling unit 64 receives the instruction content and registers it in the schedule / usage resource table 66 described later. Is done.

  Further, the application 60 includes a function (task c) for playing back a recorded TV program while time-shifting. Also for the time shift reproduction task c, the reproduction program number, the reproduction start time, and the reproduction end time are instructed by remote control reservation, and the instruction contents are registered in the schedule / usage resource table 66 by the schedule unit 64.

  Next, the operation of the system when displaying the video of the network camera on the display will be described. This process is divided into two processes: a preprocess for performing encrypted communication and a process for actually operating the network camera application. Preprocessing for performing encrypted communication will be described later, and first, an outline of processing for actually operating the network camera application will be described. Since the processing on the network camera side has been described with reference to FIG. 43 and Embodiment 1 (FIG. 1), description thereof is omitted here. In the communication apparatus of FIG. 18, the communication processing unit 78 receives an encrypted packet based on the video data from the Internet network, decrypts it with the encryption processing unit 80, passes the decrypted video data to the encryption communication application 70, and encrypts it. The communication application 70 outputs the video data to a display (not shown) at a predetermined position and size. Then, the display displays an image. As described above, the video captured by the network camera is displayed on the display.

  A reservation instruction for a time period for receiving video data of the network camera is also given in advance from the remote controller to the schedule unit 64 and registered in the schedule / usage resource table 66.

  Next, the schedule / used resource table 66 will be described. An example is shown in FIG. In FIG. 19, a TV recording application A (application 60) is composed of a task a and a task c. Since the TV recording task a is instructed to make a reservation recording of a program from 12:00 to 13:00 on November 1, 2002, this is registered in the start time column and the end time column. ing. Although not shown, a channel number and a program code are also registered as other data. Task c is a part of the function of application A for viewing a recorded program with a time shift of 30 minutes, and is reserved and registered to be executed from 12:30 to 13:30 on November 1, 2002. Has been. Although not shown, as other data, the channel number and program code of the recorded program, the program file management code in the HDD, and the like are registered. Application B (encrypted communication application 70) realizes the video data reception function and display function of the network camera, and consists of task b. This task b is instructed by the remote controller to be continuously executed from 11:45 on November 1, 2002, and this is indicated at the start time and end time of the schedule / use resource table 66. It is registered.

  In the schedule / used resource table 66, the amount of used resources required for the execution of each task a, b, c, that is, the processing capacity of the CPU, the amount of memory, and the amount of data transferred when communicating are respectively shown. The average used CPU resource (mega instruction / second: MIPS), the average used memory resource (mega byte: MB), and the average data transfer amount (megabit / second: Mbps) of encryption communication are stored. Since tasks a and c are not subjected to encrypted communication, the average data transfer amount of encrypted communication is 0 Mbps. The presence / absence of encrypted communication is described in the encrypted communication column. For task b, the encrypted communication column is “Yes”. In the required encryption strength column, the required encryption strength for encryption communication is specified. In this example, the encryption algorithm used in task b is designated to be selected from those having the first, second, and third encryption strength.

  The encryption information determination unit 74 includes an encryption processing usage resource table 76 therein. An example of the cryptographic processing use resource table 76 is shown in FIG. In FIG. 20, for the two types of cryptographic algorithms (DES-CBC, 3DES-CBC) held by the cryptographic processing unit 80, the amount of each used resource, that is, the average used CPU resource (unit: MIPS / Mbps), average Used memory resources (MB) and encryption strength ranking are stored. In this example, the average CPU resource unit indicates the CPU processing capacity necessary for encrypting / decrypting a data transfer amount of 1 Mbps. The larger the data transfer amount, the more proportionally more encryption / decryption processing power is required. In the case of transferring 1 Mbps data, the CPU processing capacity of 100 MIPS and 300 MIPS is consumed.

  FIG. 21 is a diagram showing the time transition of the CPU usage rate based on the schedule / used resource table 66 and the cryptographic processing used resource table 76. The CPU usage rate is displayed in% when the maximum processing capacity of the CPU is 1000 MIPS. The broken line indicates the CPU usage rate when DES-CBC is adopted as the encryption algorithm, and the alternate long and short dash line indicates the CPU usage rate when 3DES-CBC is adopted as the encryption algorithm. The CPU usage rate is highest in the 12:30 to 13:00 interval in which task b is processed in addition to task a and task c. In general, the CPU usage rate leaves a margin so as to cope with instantaneous fluctuations in the processing amount and urgent processing that cannot be predicted. When the allowable total average CPU usage rate that does not hinder normal processing is 50%, in FIG. 21, in the case of 3DES-CBC, the CPU usage rate exceeds 50% at 12:00 to 13:00. There is a risk of hindering normal processing. On the other hand, in the case of DES-CBC, the CPU usage rate is 50% or less over the entire time.

  In this embodiment, using the schedule / usage resource table 66 and the cryptographic processing usage resource table 76, the encryption is performed so that the allowable resource usage, that is, the allowable total average CPU usage rate (or allowable CPU processing capacity) is not exceeded. Schedule the algorithm.

  For this purpose, the following schedule analysis processing is performed. The schedule unit 64 monitors the contents of the schedule / used resource table 66 and an internal clock (not shown). Then, the presence or absence of an event after a certain time (for example, after 5 minutes) from the current time of the internal clock is checked. According to the schedule / usage resource table of FIG. 19, since there is no event after 5 minutes before the current time 11:40, the schedule unit 64 is in a standby state. At 11:40, the schedule unit 64 detects that an event is scheduled after 5 minutes. Then, the schedule unit 64 examines all tasks registered in the schedule / usage resource table 66, and each event section (here, section (11:45 to 12:00) divided by their start time and end time, For each section (12: 0 to 12:30), section (12:30 to 13:00), section (13: 0 to 13:30), section (13:30 to undetermined), the average used CPU resource Calculate the total value. In task b for performing cryptographic communication, it is specified that the cryptographic algorithm having the third or higher cryptographic strength is selected. Therefore, the average CPU used when each cryptographic algorithm described in the cryptographic processing usage resource table 76 is applied. Calculate the total value of resources.

  Instead of checking for the presence of an event after 5 minutes, the total value of the average used CPU resources may be calculated at the time when execution of some application is reserved.

  FIG. 22 is an example of the event / usage resource table 68 created by the schedule unit 64 to calculate the total value. FIG. 22A is an event / usage resource table 68 when DES-CBC is used. For each event time, an operation status (operating / non-operating) for each task name and its used resource column, an encryption algorithm name and its used resource column, and a used resource total column are provided. When there are a plurality of tasks, as many columns as there are provided. Each column is filled with a task and a cryptographic algorithm to be executed between the event time and the event time on the next line. That is, the task name reserved between each event time and the next event time and the amount of resources used are described. When a certain task ends at a certain time, a line in which the end time is entered in the event time column may be provided so that the task name to be ended is not described. If a cryptographic algorithm is used, describe the cryptographic algorithm name and the amount of resources used. DES-CBC is 100 MIPS / Mbps in the example of FIG. 20, but since the average data transfer amount of video data encryption communication in the camera application (application B) is 1 Mbps in the example of FIG. 19, DES-CBC The average used CPU resource is 100 MIPS. FIG. 22B is an event / used resource table 68 when 3DES-CBC is used. 22 (1) and FIG. 22 (2) are displayed in% for the CPU processing capacity 1000 MIPS, respectively, the CPU usage rate (%) of the broken line and the alternate long and short dash line in FIG. Become.

  The schedule unit 64 examines the total used resource column of the created event / used resource table 68, and makes sure that all allowable CPU processing capacities 500MIPS, which is the allowable total average CPU usage 50% of the maximum CPU processing capacity 1000MIPS, are not always exceeded. The encryption algorithm is selected, and the selected encryption algorithm name is notified to the encryption information determination unit 74. The encryption information determination unit 74 selects the one with the strongest encryption strength from the notified encryption algorithms with reference to the notified encryption algorithm name and the encryption processing use resource table 76. In this embodiment, only the DES-CBC is notified to the encryption information determination unit 74, so this encryption algorithm is selected.

  Next, the encryption information determination unit 74 notifies the scheduling unit 64 that the adopted DES-CBC is to be used. The scheduling unit 64 schedules the use of the notified encryption algorithm. In this example, FIG. 22 (1) is selected. This completes the selection of the cryptographic algorithm based on the schedule analysis and the schedule for its use.

  The schedule unit 64 controls the activation / execution / stop of each reserved application using the event / usage resource table 68 of FIG. 22 (1) corresponding to the notified encryption algorithm (here, DES-CBC). To do. The schedule unit 64 always refers to the event / usage resource table 68 (FIG. 22 (1)), and when the internal clock becomes 11:45, the schedule unit 64 starts the task b for the encryption communication application 70. And instructs the cryptographic processing unit 80 to perform preprocessing of cryptographic communication using DES-CBC.

  The encryption processing unit 80 negotiates with the encryption processing unit 204 of the network camera of FIG. 43, which is the communication partner, to create a shared key necessary for encryption communication as preprocessing of encryption communication, and Diffie− A shared key is created according to specifications such as Hellman, IKE, and IPsec. When the creation of the shared key is completed in both the cryptographic processing units 80 and 204, the communication device notifies the cryptographic processing application 80 that the cryptographic communication application 70 can perform cryptographic communication. In the network camera, the cryptographic processing unit 204 performs cryptographic communication. The application 200 is notified that encryption communication is possible. Upon receiving the notification, the encryption communication application 200 sends the video data of the camera to the encryption processing unit 204, the encryption processing unit 204 encrypts the video data by DES-CBC, and the communication processing unit 206 encrypts the video data packet. And the packet is sent to the communication processing unit 78 via the Internet network. The encryption processing unit 80 receives the data received from the communication processing unit 78, decrypts the encryption, and passes the video data to the encryption communication application 70. As described above, the encryption communication application 70 displays the video on the display. When the schedule unit 64 refers to the internal clock and detects that the current time is 12:00, the schedule unit 64 starts the task a (that is, the application 60) while continuing the task b according to the event / usage resource table 68. . At 12:30, task c is further activated. At 13:00, task a is stopped. At 13:30, task c is stopped. That is, at each event time, the contents of the line at that event time are compared with the contents of the line at the previous event time, the newly added task or encryption algorithm is started from the previous line, and the description from the previous line is started. If there are any missing tasks or cryptographic algorithms, stop them.

  As described above, in the communication device or algorithm selection method according to the fifth embodiment, the scheduling unit 64 checks the reservation contents in the schedule / use resource table 66 and the data in the encryption processing use resource table 76, thereby using the CPU resources used. A schedule is selected so that an encryption algorithm whose amount does not exceed the allowable CPU processing capacity is selected. Accordingly, it is possible to eliminate in advance the risk that the amount of CPU resources used exceeds the allowable CPU processing capacity during the execution of cryptographic communication and the system breaks down or the cryptographic communication is interrupted.

  In addition, according to the present embodiment, it is possible to determine encryption setting information such as selection of an encryption algorithm in consideration of future operations, so that processing resources are depleted without changing the encryption algorithm in the middle. Can be prevented. In addition, the risk of getting behind can be reduced as compared with dynamic resource usage control that controls selection of an encryption algorithm according to the state of resource usage that changes every moment.

  Numerical values such as the average used CPU resource, average used memory resource, and average data transfer amount, which are the amount of resources used for each task a, b, c, are the application 60 or the cryptographic communication application 70 at the time of manufacturing or shipping the communication device in advance. Or may be stored in the application 60 or the encryption communication application 70 when each application program is downloaded from the outside through the Internet network or TV data broadcast. . A table may be provided in the encryption processing unit 80 for the average used CPU resource, average used memory resource, encryption strength order, the number of preprocessing instructions to be described later, etc., and stored as encryption / decryption information in this table. . In this case, the encryption / decryption information is read by the encryption information determination unit 74 and written in the encryption processing usage resource table 76. Alternatively, it may be stored in the cryptographic processing usage resource table 76.

  Alternatively, the average used CPU resource, average used memory resource, average data transfer amount, the number of pre-processing instructions to be described later are measured at the previous execution, and the measured data is stored in the CPU usage rate information memory 44 of FIG. You may make it memorize | store in such a memory | storage part. This measurement is performed in the resource monitoring unit 82, the measured information is notified to the encryption information determination unit 74, and the encryption information determination unit 74 stores this data in the storage unit. When receiving the reservation instruction and creating the schedule / usage resource table 66, the encryption information determination unit 74 reads these data from the storage unit and writes them in a predetermined column of the schedule / usage resource table 66. For the data related to the encryption algorithm, the measurement result may be transferred to the encryption processing usage resource table 76. In general, the amount of CPU processing capacity used is measured using a part of a monitor program or a kernel program. When the CPU itself can measure the usage amount of the CPU processing capacity of the execution task, the CPU may notify the encryption information determination unit 74 of the measurement result.

  In this embodiment, as shown in FIGS. 22 (1) and 22 (2), a separate event / usage resource table 68 is provided for each encryption algorithm, but this will be described in Embodiment 7 to be described later. As shown in FIG. 25 and FIG. 26, common parts of tables may be combined into a single table.

  FIG. 23 is an example of a hardware configuration of a communication apparatus that performs the above-described processing. In FIG. 23, a CPU 94, ROM 96, RAM 98, HDD 104, and modem 116 are connected to a bus line that is a transfer means 92. Such a configuration is a standard computer system configuration. The ROM 96 stores a system startup program and data that does not need to be rewritten. An area 106 in the HDD 104 has a control program such as an operation system (OS) that controls the entire system and performs various controls, a resource monitoring unit program for causing the CPU 94 to function as the resource monitoring unit 82, and a communication processing unit for the CPU 94. A communication processing unit program for functioning as 78 is stored. The area 108 stores a schedule section program for causing the CPU 94 to function as the schedule section 64, and an encryption information determination section program for causing the CPU 94 to function as the encryption information determination section 74. The area 110 stores a cryptographic processing unit program for causing the CPU 94 to function as the cryptographic processing unit 80 and a cryptographic algorithm program. The area 112 stores application programs and encrypted communication application programs. The file portion of the area 114 stores recorded television program data. The TV program transport stream received by the antenna 84 and the tuner 86 is decoded by the CPU 94 in accordance with the application 60 loaded from the area 112 to the RAM 98, and the decoding result is stored (recorded) in the file section of the area 114. The recorded data is read out after a predetermined time shift time, and is subjected to AV decoding processing by the CPU 94. The decoded audio data and video data are output via the audio processing 88 and the display processing 90 as audio output. Output as video output. Reservation information instructed by operation of the remote controller 102 is received by the schedule section program via the remote controller IF (interface) 100, and the schedule section program registers this in the schedule / usage resource table 66. Thereafter, the CPU 94 sequentially stores a schedule unit program, an encryption information determination unit program, an encryption processing unit program, an encryption algorithm program, an application program, an encryption communication program, a resource monitoring unit program, and a communication processing unit program on the RAM 98 according to the control program. The above-described processing is performed according to each program.

  Next, other embodiments will be described based on the fifth embodiment. Hereinafter, in the description of each embodiment, the description of the same part of the block configuration as that of the fifth embodiment will be omitted, and different parts will be mainly described.

  The encryption / decryption information may be notified including information necessary for encryption / decryption processing such as an encryption key in addition to the encryption algorithm. Moreover, you may notify the identifier which identifies an encryption algorithm and an encryption key.

(Embodiment 6)
In the communication apparatus according to the fifth embodiment described with reference to FIG. 18, a reservation is made when pre-processing prior to encrypted communication, that is, when negotiation of parameters related to various encrypted communication and processing for exchanging a shared key take a non-negligible time. There is a problem that encryption communication cannot be started on time. The sixth embodiment is for solving such a problem.

  In the present embodiment, as shown in FIG. 24, the encryption processing usage resource table 76 in FIG. 20 further includes a column for the number of preprocessing instructions, and the CPU processing amount necessary for preprocessing is executed for each encryption algorithm. It is described as the number of instructions Im (unit MI: mega instruction). This numerical value may be stored in advance at the time of manufacture or shipment of the communication device, or may be stored by measuring the number of instructions executed by the CPU when preprocessing was performed last time. . In the case of measurement, the resource monitoring unit 82 performs measurement, and the measurement result is stored in the cryptographic processing use resource table 76 as resource information. When the event / usage resource table 68 of the fifth embodiment is created, (allowable CPU processing capacity−total used resources) = CPU processing capacity margin value Ycpu (MIPS) in the time zone before the start event of the encryption communication task b is calculated. When Mt (seconds) = Im / Ycpu is obtained, the time required for preprocessing is obtained.

  Note that the processing time and communication time of the counterpart device are also required for processing the shared key. When the processing time of the counterpart device can be ignored, a value obtained by adding the margin value α to the calculated value may be used as the time required for the preprocessing. If the processing time of the counterpart device cannot be ignored, this processing time must also be taken into account. If the processing time at the counterpart device is substantially equal to the processing time of this apparatus, Mt = (Im / Ycpu) × 2 + β (β is the communication time and margin time) may be set. Further, the processing time at the previous encryption communication may be stored, and the sum of the processing time of the present apparatus and the counterpart device plus the margin time may be set as Mt. As in the case of this communication apparatus, if the processing time of the counterpart device is not known due to reasons such as the CPU processing capacity of the counterpart device fluctuating depending on the situation, Mt is determined after performing processing for inquiring the processing time of the counterpart device. That's fine. In any case, the time required for preprocessing may be Mt = Im / Ycpu + δ + β (δ is the processing time of the counterpart device).

  When Mt is obtained, the schedule unit 64 advances the start time of the task b in the event / usage resource table 68 by Mt (seconds). In this way, since the task b of the cryptographic communication application 70 is started before 11:45 Mt (seconds), after the Mt (second) to complete the preprocessing, that is, at 11:45, the cryptographic communication application 70 It becomes possible to actually perform the encryption communication. Specifically, an event indicating the start of the pre-processing of task b is inserted at a time earlier by Mt than the start event time of task b, and the schedule unit 64 moves before 11:45 Mt (seconds) before. The start of processing is instructed to the cryptographic processing unit 80, and the task b is started at 11:45 when the preprocessing is completed.

  According to the present embodiment, when the CPU processing capacity margin value Ycpu in the time zone in which the preprocessing of the encrypted communication is to be performed is small, the preprocessing can be started earlier and the encrypted communication can be started according to the reserved time. Is possible.

  Also, according to the present embodiment, encryption / decryption information such as a shared key can be prepared in advance in consideration of future operations, so that encrypted communication can be performed immediately when necessary. Also, when the resource usage level is low, encryption / decryption information such as a shared key can be prepared.

  In addition, when a certain encryption algorithm is switched to another encryption algorithm and then the original encryption algorithm is used again, the communication key used before switching the encryption algorithm is changed to the other encryption algorithm. The key may be retained during use and reused when the original encryption algorithm is used again. Thereby, the pre-processing at the time of using the original encryption algorithm again can be omitted.

  The encryption / decryption information may be notified including information necessary for encryption / decryption processing such as an encryption key in addition to the encryption algorithm. Moreover, you may notify the identifier which identifies an encryption algorithm and an encryption key.

(Embodiment 7)
Next, as a seventh embodiment, in one cryptographic communication application, a cryptographic algorithm having the highest cryptographic strength is selected and used within a range up to the allowable CPU processing capability Kcpu (MIPS). explain. The configuration of this embodiment is the same as that in FIG. Below, a different part from Embodiment 5 is demonstrated.

  Referring to FIG. 21 or FIG. 22, an encryption algorithm whose CPU processing capacity does not exceed the allowable CPU processing capacity Kcpu (MIPS) of 500 MIPS, that is, the CPU usage rate does not exceed the allowable limit of 50% is the section (11: 45 to 12:00) and sections (13: 0 to undetermined) are 3DES-CBC and DES-CBC, but the former has a higher cipher strength ranking. Based on the event / usage resource table 68 of FIGS. 22 (1) and 22 (2), the schedule unit 64 does not exceed the allowable CPU processing capacity Kcpu (MIPS) = 500 MIPS for each event section. The encryption algorithm is notified to the encryption information determination unit 74. When there are a plurality of notified encryption algorithms, the encryption information determination unit 74 selects the one with the highest encryption strength and notifies the scheduling unit 64 of the selected encryption algorithm. The event / usage resource table 68 is newly provided with a selection entry field (not shown) indicating whether or not the encryption algorithm has been selected for each event time and for each encryption algorithm. A selection code indicating that the encryption algorithm has been selected is entered in the encryption algorithm selection entry field notified from the section 74. Next, as in the case of the sixth embodiment, the scheduling unit 64 ((permissible CPU processing capacity−total used resources) = CPU processing capacity margin value Ycpu (MIPS) in the time zone before the event time at which the encryption algorithm should be switched. ) Is calculated, Mt (second) = Im / Ycpu is obtained, and an event of preprocessing is inserted before Mt (second) of this event time. After creating such an event / usage resource table 68 (both those corresponding to DES-CBC and those corresponding to 3DES-CBC), the scheduling unit 64 refers to this event / usage resource table 68, Controls start / execution / stop of pre-processing and encryption processing of each application and encryption algorithm to be used next. At this time, the scheduling unit 64 refers to the selection code in the selection entry field of the event / usage resource table 68 and performs the pre-processing of the selected encryption algorithm and the encryption / decryption processing. Let me do it.

  FIG. 25 is an example of the event / usage resource table 68 used in the seventh embodiment. In the event time column, at least the time of the year / month / day / time is written. In the task / resource column, a scheduled task name and a used resource amount (MIPS) are described. The amount of used resources (MIPS) is the amount of average used CPU resources. The task / resource column is expanded as necessary when the number of reservation applications increases. In the encryption / resource column, a candidate encryption algorithm name and a used resource amount (MIPS) are described. In the total resource column, the scheduled task and the total resource used (MIPS) by the candidate encryption algorithm are described. The encryption / resource field and the resource total field are provided as many as the number of candidate encryption algorithms.

  In the used cipher column, the name of the cipher algorithm having the highest cipher strength within a range where the total used resource does not exceed the allowable CPU processing capacity is described. This process may be performed as follows. The schedule unit 64 notifies the encryption information determination unit 74 of candidate encryption algorithms for which the total used resources do not exceed the allowable CPU processing capacity for each event section. The encryption information determination unit 74 refers to the encryption processing usage resource table 76 of FIG. 20 and selects the notified candidate encryption algorithm having the highest encryption strength, and notifies the scheduling unit 64 of the encryption algorithm name. To do. The schedule unit 64 writes the notified encryption algorithm name in the used encryption column.

  As described above, according to the present embodiment, since the cryptographic algorithm having the highest cryptographic strength that does not exceed the allowable CPU processing capacity and the CPU usage amount can be selected for each event section, the CPU In accordance with the change in the usage rate, an optimal encryption algorithm can be used at any time.

  The event / used resource table 68 is not limited to the example of FIG. For example, as in the column of encryption algorithm in FIG. 26, the encryption algorithm name and the amount of resources may be described in separate columns.

(Embodiment 8)
Next, as an eighth embodiment, an embodiment in which the above-described seventh and sixth embodiments are combined will be described. That is, in the present embodiment, in order to cope with the case where the preprocessing of the encrypted communication takes a time that cannot be ignored in the seventh embodiment, the preprocessing is performed earlier as in the sixth embodiment.

  FIG. 27 is an example of the event / usage resource table 68 used in this embodiment. That is, a pre-processing column and a pre-processing encryption column are newly added to the event / usage resource table 68 shown in FIG. In the preprocessing column, the time Mt (seconds) = Im / Ycpu required for the preprocessing described in the seventh embodiment is described. In the pre-process encryption column, the name of the encryption algorithm to be pre-processed is described. The preprocessing column may be omitted if it is not necessary.

  Next, a procedure for creating the event / usage resource table 68 of FIG. 27 from the event / usage resource table 68 of FIG. 25 will be described. Mt (seconds) = Im / Ycpu is calculated based on the state immediately before 11:45 for the encryption algorithm 3DES-CBC to be used first. It is assumed that the calculation result is Mt = 180 (seconds). Since it is necessary to start the pre-processing by Mt before 11:45, a line having an event time column of 180 seconds before 11:45, that is, 11:42 is inserted. Then, Mt1 = 180 is described in the preprocessing column of this line, and the 3DES-CBC abbreviation 3D is described in the preprocessing encryption column.

  Since the encryption algorithm switches to DES-CBC at 12:00, Mt (seconds) is calculated based on the immediately preceding state. It is assumed that the calculation result is Mt = 120 (seconds). Since it is necessary to complete the pre-processing by 12:00, a line having an event time column of 120 seconds before 12:00, that is, 11:58 is inserted. Then, Mt2 = 120 is described in the preprocessing column of this line, and the abbreviation D of DES-CBC is described in the preprocessing encryption column.

  Since the encryption algorithm is switched to 3DES-CBC at 13:00, Mt (seconds) is calculated based on the immediately preceding state. It is assumed that the calculation result is Mt = 225 (seconds). Since it is necessary to complete the pre-processing by 13:00, 225 seconds at 13: 00 = 3.75 minutes = about 4 minutes before (15 seconds is a margin), that is, the event time at 11:56 Insert a line with columns. Then, Mt3 = 225 is described in the preprocessing column of this line, and the 3DES-CBC abbreviation 3D is described in the preprocessing encryption column.

  The contents of the upper row are copied and described in the column of task / resource, encryption / resource, and resource total in the inserted row.

  Using the event / usage resource table 68 created in this way, the schedule unit 64 performs tasks a to c, pre-processing of cryptographic processing, and startup / control / stop of cryptographic processing. As a result, pre-processing can be completed before using the encryption algorithm, so that an encryption communication application (for example, a camera application) can be started according to the reserved time.

  In the case of the present embodiment, a cryptographic processing unit 80 is provided that can execute a certain cryptographic algorithm and a preprocessing of another cryptographic algorithm in parallel.

  By the way, when another task is added or stopped in a time zone in which pre-processing is to be performed, the CPU processing capacity margin value Ycpu (MIPS) fluctuates instead of a constant value, so Mt (seconds) is simply set to Im / It cannot be determined by Ycpu. Therefore, in such a case, an integrated value of the CPU processing capacity margin value Ycpu (MIPS) is obtained in a direction that goes back from the time at which the preprocessing should be completed, and the integrated value is a CPU required for the preprocessing. What is necessary is just to employ | adopt as Mt (second) the time length used as the execution instruction number Im (unit MI: mega instruction) of a process. In this case, in the event / usage resource table 68, a row having a new event time column is inserted immediately before some upper row, not immediately before the start or switching of the use of the encryption algorithm.

  In the event / usage resource table 68 of FIG. 27, preprocessing for 3DES-CBC to be used next is performed at 12:56, but changed from 3DES-CBC to DES-CBC at 12:00. After that, the 3DES-CBC public key, secret key, etc. may not be destroyed, and the 3DES-CBC may be used again, and the pre-processing set from 12:56 may not be performed. In this way, consumption of CPU resources due to re-execution of preprocessing can be reduced.

(Embodiment 9)
Next, as Embodiment 9, an example in which the number of candidate encryption algorithms is increased to 3 in Embodiment 8 will be described. 28 and 29 are examples of the event / usage resource table 68 and the cryptographic processing usage resource table 76 in the case where DES-CBC, 3DES-CBC, and AES (Advanced Encryption Standard) are prepared as candidate cryptographic algorithms. . AES has a large encryption strength for the average amount of CPU resources used, but has the highest encryption strength among the three encryption algorithms. In the event / usage resource table 68, the total resource is calculated for each of the three candidate encryption algorithms. Taking the event time of 11:45 as an example, encryption algorithms that do not exceed the allowable CPU processing capacity 500 (MIPS) are DES-CBC, 3DES-CBC, and AES. The schedule unit 64 notifies the encryption information determination unit 74 of these three candidates. Further, in the schedule / usage resource table 66 of FIG. 19, the cryptographic algorithm used in the task b starting at 11:45 has a condition that the cryptographic strength is the third or higher. This information is also notified from the schedule unit 64 to the encryption information determination unit 74. The cipher information determining unit 74 refers to the cipher processing usage resource table 76 of FIG. 29 and has the cipher strength of the third or higher among the three cipher algorithms and the cipher strength rank highest among them. (AES here) is selected and notified to the schedule unit 64. Then, the schedule unit 64 writes AES (abbreviation A) in the 11:45 event time column of the used encryption column.

(Embodiment 10)
In the Diffie-Hellman exchange or the exchange of the shared key by IKE, the lifetime of the shared key can be set. Using a single key for a long time increases the risk of the key being stolen and decrypted during that time. Therefore, it is effective to create a new key, that is, an update key, and switch to the update key after an appropriate time. In such a method of providing a key lifetime, it is necessary to complete generation of an update key to be used next before the key lifetime expires. Generating an update key is called rekey processing. In both initial key generation and rekey processing, key generation often requires a large CPU processing capacity as in encryption and decryption. Therefore, it is desirable to start the rekey process at a time sufficiently before the key life expiration time. However, if there is an application that consumes a large amount of CPU processing capacity in the time zone when rekey processing should be performed, the processing load of the CPU will exceed the allowable CPU processing capacity, and the update key preparation will not be in time.

  Therefore, in the tenth embodiment, an appropriate rekey processing start time is set to the event / usage resource table 68 in consideration of the value of the key life until the key is updated and the transition of the total use resource value based on the reservation schedule. As an event.

  First, a key life time column is provided in the encryption processing usage resource table 76, and the key life time Jt to be set is described for each encryption algorithm. In general, in order to keep the overall risk level constant, the higher the encryption strength of the algorithm, the longer the lifetime of the key. Assuming that the start time for using the cryptographic algorithm is Ct and the start time for using the first key is Kt1, the start time for using the first key is Kt1 = Ct, and the lifetime expiration time of the key is (Ct + Jt). If the CPU processing capacity margin value in the time zone before the time (Ct + Jt) is Ycpu (MIPS) and the number of CPU instructions required for the rekey processing is Ir (unit MI: mega instruction), the time required for the rekey processing is Rt = Ir / Ycpu. If the rekey process is started before the time (Ct + Jt−Rt), the update key can be prepared by the key lifetime expiration time (Ct + Jt).

  If the CPU processing capacity margin value Ycpu (MIPS) varies in a time zone scheduled for rekey processing instead of a constant value, the rekey processing is completed in the same way as in the preprocessing in the eighth embodiment. The integrated value of the CPU processing capacity margin value Ycpu (MIPS) is obtained in a direction that goes back from the time (Ct + Jt) to be set, and the time length at which the integrated value becomes the number of execution instructions Ir of the CPU processing necessary for the rekey processing is represented by Rt. It may be adopted as.

  Next, the rekey process is entered in the schedule by inserting a rekey process event line with the rekey process start time (Ct + Jt−Rt) as the event time into the event / usage resource table 68. This operation may be performed between the schedule unit 64 and the encryption information determination unit 74 by performing the same operation as that described in the pre-process for encrypted communication.

  For the next update key lifetime, the key lifetime expiration time is (Ct + 2 * Jt). Therefore, the rekey processing start time for this time is obtained, and an additional event may be provided. The same operation is performed until the event time when the use of the cryptographic algorithm is scheduled to end.

  As described above, according to this embodiment, since the rekey processing plan corresponding to the planned CPU processing capacity margin value Ycpu (MIPS) can be made in advance, the system exceeds the allowable CPU processing capacity during the rekey processing. No longer fails.

  Note that it is safe to make Rt longer by a certain amount of time α in order to give a slight margin.

In general, when managing the lifetime of a key,
(1) A method of managing by time (for example, a method of specifying the lifetime of a key by the elapsed time (X seconds) since the key was generated or the elapsed time (Y seconds) since the use of the key was started)
(2) A method for managing the amount of data transferred (for example, a method for defining the lifetime of a key by the number of processed packets (m packets) or the number of processed bytes (n bytes)).
However, the present embodiment can be easily applied to the method (1) when the lifetime of the key is defined by the elapsed time from the start of key use. If the lifetime of the key is defined by the elapsed time since the key was generated, the following measures should be taken. The key generation time may not be the same time between the communication apparatus and the communication partner device. In other words, in general, when generating a private key after receiving a public value from the other party, the lifetime expiration time of one key is generated after receiving the public value. It will be delayed by the time to do. This time relationship is determined by the device that initiates key generation and the key generation procedure. Thus, when the generation of one key is delayed from the other, if Jt is the lifetime of the key starting from the generation time of the key that is generated earlier, both keys are within the lifetime for the time Jt. And the lifetime of one of the keys never expires. In addition, if it is possible to know that the generation of both keys has been completed through communication between the device and the other device, that time can be used as the time for calculating the key lifetime, and the lifetime expiration time for both keys. Match.

  In the above description, the case where only the processing time on the communication apparatus side is considered has been described as an example, but the processing time and communication time of the counterpart device are also required for the processing of the shared key. In order to take these into consideration, the key generation processing time in the counterpart device in the preprocessing is stored, and Rt = Ir / Ycpu in the communication apparatus plus the allowance time is Rt. do it. However, when the processing time of the counterpart device can be ignored, a value obtained by simply adding the margin value α to Ir / Ycpu may be used as Rt. Further, when the processing time at the counterpart device is substantially equal to the processing time of the communication apparatus, Rt = (Ir / Ycpu) × 2 + β (β is the communication time and margin time). Similarly to the case of this apparatus, if there is a possibility that the processing time of the counterpart device may change depending on other general applications, Rt may be determined after performing processing for inquiring the processing time of the counterpart device. In any case, Rt = Ir / Ycpu + δ + β (δ is the processing time in the counterpart device) may be used.

  As described above, in the rekey process, the generation of the update key must be completed by the start time Ct of using the cryptographic algorithm as the starting point until the key lifetime expiration time (Ct + Jt * n). If the rekey process is started slightly earlier in order to ensure a margin for reliably generating the renewal key before the lifetime of the previous key expires, the key is generated earlier by that amount. If the lifetime of this key is Jt, the lifetime of this key may expire earlier than the originally scheduled lifetime expiration time of the next key (Ct + Jt * (n + 1)). In order to avoid such a situation, the key life set in the rekey process may be set a little longer than the key update time interval on the schedule.

(Embodiment 11)
Next, as an eleventh embodiment, an embodiment in which the key lifetime value is appropriately set according to the transition of the CPU processing capacity margin value Ycpu (MIPS) scheduled from the event / usage resource table 68 will be described.

  At the stage where the scheduling unit 64 and the cryptographic information determination unit 74 have selected the cryptographic algorithm to be used, the scheduling unit 64 refers to the schedule / usage resource table 66 and the cryptographic processing usage resource table 76 or the event / usage resource table. Referring to 68, the CPU processing capacity margin value Ycpu (MIPS) in the time zone before the cryptographic algorithm use start time Ct is checked. Then, the time Rt = Ir / Ycpu required for the rekey process is obtained, (Rt + α) is calculated, and this value is notified to the encryption information determination unit 74 as the key lifetime. Α is a margin value. Therefore, the key lifetime expiration time is (Ct + Rt + α). Next, the CPU processing capacity margin value in the time zone before (Ct + Rt + α) is examined, the time required for the rekey process is calculated, and the lifetime of the next update key is determined. Such a process is repeated, and the start time of each rekey process is added to the event. The rekey process can be started simultaneously with the completion of the key lifetime, and the newly generated key can be used immediately upon completion of the rekey process.

  By doing so, the CPU processing capacity margin value Ycpu (MIPS) can be used effectively, and the rekey process can be performed early, so that the key life can be shortened and the security of encryption communication can be kept high.

  Further, if only a part of the CPU processing capacity margin value Ycpu (MIPS) is used, the rekey processing time takes longer, and it is necessary to increase the key life time accordingly. Can leave a margin.

  According to the present embodiment, it is possible to systematically assemble flexible processing as described above.

  This embodiment is preferably applied in the case of a technique for managing the lifetime of a key by time.

(Embodiment 12)
In the eighth embodiment described with reference to FIG. 27 and the ninth embodiment described with reference to FIG. 28 and FIG. 29, the pre-process for exchanging the shared key is performed immediately before using the encryption algorithm, and the encryption algorithm. It was done immediately before switching. However, when a plurality of cryptographic algorithms are switched and used in one cryptographic communication application, a plurality of necessary shared keys may be generated together before starting the cryptographic communication application. In this case, if FIG. 27 is taken as an example, an event that executes Mt1, Mt2, and Mt3 of the preprocessing in order by 11:45 may be inserted.

Thus, if you generate a key early, the lifetime of the key is
(1) J seconds after start of use (2) After start of use, after m packets have been processed (3) From start of use, after n bytes have been processed, etc. If it is necessary to specify the lifetime of the key by the elapsed time from the generation of the key, set the lifetime (1) to the time after the generation until the actual use of the key. That's fine.

(Embodiment 13)
When it is predicted in advance that “the processing load will increase after a second from the start of the encryption communication application”, in the pre-processing executed before the start of the encryption communication application, high strength and high load Prepare keys for both cryptographic algorithms and low-strength / low-load cryptographic algorithms. When the overall processing load is predicted to increase according to the schedule, the cryptographic algorithms are changed from high-strength / high-load ones to low-strength / low ones. You may make it take the system switched to the thing of load. In this case, it is possible to reduce the waste of memory resources by explicitly deleting the key information of the high-strength / high-load algorithm after switching the encryption algorithm to a low-strength / low-load algorithm. .

  In general, the life of the key is negotiated with the communication partner. When the key is deleted, it is necessary to notify the communication partner to that effect, which causes a communication processing load for that purpose. Such processing load may also be reflected in the schedule / usage resource table 66 and the event / usage resource table 68.

  Note that the key lifetime of the high-strength / high-load cryptographic algorithm may be set in advance up to (or before or after) the time when the overall processing load becomes high, and the key deletion notification procedure may be omitted.

(Embodiment 14)
In each of the above embodiments, focusing on CPU processing capacity (MIPS) as a resource to be used, effective use of the CPU within the range of allowable CPU processing capacity, which is an allowable resource usage amount, and prevention of system failure are performed. did. However, other resources of the communication device include the used memory size (MB) and the time occupancy rate (%) of the internal bus line. For example, if the memory size used exceeds the system RAM size (for example, 521 MB), saving to the HDD occurs frequently, and some applications cannot be executed as scheduled, or services are temporarily suspended. Occurs. The same situation occurs even if the time occupancy (%) of the internal bus line exceeds 100%. If the used resources, that is, the average used memory size and the average time occupancy rate of the internal bus lines are suppressed to an allowable resource use amount of, for example, about 50% with respect to the maximum value, the occurrence of a problem can be substantially avoided.

  The above-mentioned schedule / use resource table 66 and event / use resource table 68 are also created for the total value of the used memory size and the time occupancy (%) of the internal bus line, and an encryption algorithm that does not exceed the allowable value is selected. Can be.

  The encryption algorithm is based not only on one of the three factors of CPU processing capacity, used memory size, and bus line time usage rate, but also on the total usage rate taking into account two or three factors. A selection may be made. As an example, the total usage rate can be represented by a weighted average value obtained by multiplying the usage rate of each element by a predetermined weight.

(Embodiment 15)
In each of the above embodiments, execution of an application is reserved from the remote controller 102 or the outside. It is assumed that the reservation from the outside is performed from a portable information device or a mobile phone via the Internet network.

  18 and 23, a dedicated application for schedule registration is further provided, where a reservation request is received, the reservation request is notified to the schedule unit 64, and the schedule unit 64 schedules and uses this reservation request. A method of reflecting in the resource table 66 can be taken. In addition, a method may be used in which each application temporarily accepts only a reservation request related to its own application and requests the scheduling unit 64 to register. In the latter method, registration can be performed in an application-specific format.

(Embodiment 16)
FIG. 30 is a flowchart showing the basic procedure of the algorithm selection method used in the communication apparatus described in the fifth to fifteenth embodiments. Each procedure in the flowchart is basically executed by the CPU 94 of the communication apparatus according to a program.

  First, in the reservation registration procedure in step S3000, the communication apparatus accepts an application reservation and registers the schedule. This registration is basically a temporary registration. In the procedure of calculating the average used CPU resource total value in step S3001, it is determined whether the received application performs encrypted communication. If the received application performs encrypted communication, including other applications received so far, The total value of the average used CPU resources is calculated. This process is performed for each of a plurality of encryption algorithms prepared. Then, an encryption algorithm that does not exceed the allowable CPU processing capacity at any point in the schedule is primarily selected. In the encryption algorithm selection procedure in step S3002, an encryption algorithm that matches the required encryption strength condition is selected from the primarily selected encryption algorithms. In the schedule registration procedure in step S3003, the processing of the selected encryption algorithm is registered in the schedule.

  In step S3001, the cryptographic algorithm that does not exceed the allowable CPU processing capacity in any event section of the schedule is not primarily selected, but the cryptographic algorithm that does not exceed the allowable CPU processing capacity in each event section is primarily selected. In step S3002, an encryption algorithm that meets the required encryption strength condition may be selected for each event section from among the primarily selected encryption algorithms. This increases the possibility that an encryption algorithm with a higher encryption strength can be selected in a section where the CPU processing capacity is sufficient.

  In each of the above steps, if the average CPU resource total value exceeds the allowable CPU processing capacity, or if there is no encryption algorithm that matches the predetermined condition in step S3002, the application cannot be reserved. To the request source (typically a user).

  In addition, when a situation where the application cannot be reserved as described above occurs, schedule information is posted to the reservation request source, and the encryption algorithm of the encryption communication application that has been temporarily registered or has already been registered for registration is changed. It is also possible to prioritize a specific reservation so that the requester can make the request. In addition, among cryptographic algorithms of cryptographic communication applications that have been temporarily registered or already reserved and registered, re-selection of cryptographic algorithms in order from the one with the highest processing load or the one with the highest cryptographic strength (lower cryptographic strength) (Including recalculation of the average CPU usage total value), and if it is determined that registration of a new cryptographic communication application is possible as a result, the above cryptographic algorithm is actually reselected. It is also possible to register a new encrypted communication application after it has been done. At this time, if necessary, the necessary encryption strength condition described in FIG. 19 may be relaxed, and an encryption algorithm with a low encryption strength may be newly added to the selection target, and then the encryption algorithm may be reselected. Also, for the event section for which the encryption algorithm could not be selected, relax the necessary encryption strength condition, and select the encryption algorithm that has higher encryption strength from the encryption algorithms that can be selected as a result. May be. Such registration contents may be changed automatically, or based on a selection instruction from a reservation request source, the above method may be selected or the encryption algorithm itself may be selected. Also good.

  However, there are cases where it is not necessary to relax the required encryption strength condition as described above. In other words, if a cryptographic algorithm with the first cryptographic strength is adopted and registered under conditions such as “required cryptographic strength of third or higher”, this cryptographic algorithm is not relaxed. By changing to a lower encryption strength (second or third encryption strength), it may be possible to reserve and register encryption communication for a new encryption communication application.

  In addition to re-selecting the encryption algorithm, depending on the type of application, it may be possible to register a newly requested application by shifting the execution start time of a general application, including general applications. If the encrypted communication average data transfer amount can be controlled by the encrypted communication application, by lowering the value, the average used CPU resource total value can be reduced to enable registration of a new request application. Good. Further, when the reservation requester makes these changes, only the person who has the authority to change may be permitted by the authentication.

  FIG. 31 is a more detailed flowchart than FIG. If there is an application reservation in step S3100, the communication apparatus accepts the reservation. In step S 3101, the reservation is registered in the schedule / usage resource table 66. This is provisional registration. In step S 3102, an event is added to the event / usage resource table 68 based on the schedule / usage resource table 66. In step S3103, it is determined whether the provisionally registered reservation is a reservation for an encryption communication application. If the determination result is YES, in addition to the various registered applications, the total value of the average used CPU resources when using each of a plurality of prepared cryptographic algorithms is calculated for each event section. In step S3105, a cryptographic algorithm that does not exceed the allowable CPU processing capacity is primarily selected as a candidate. The number of encryption algorithms selected here is either plural, one, or none. In step S3106, it is determined whether there are one or more candidate encryption algorithms. If the determination result is YES, an encryption algorithm satisfying a predetermined condition is selected in step S3107. The predetermined condition is the required encryption strength in FIG. If there is an encryption algorithm that satisfies the condition, YES is determined in step S3108. In step S3109, the start time of preprocessing such as shared key exchange is calculated by the method described in the sixth embodiment. In step S3110, the start time of the rekey process in preparation for the expiration of the key life is calculated by the method described in the tenth embodiment. In step S 3111, the use time of the selected encryption algorithm, the execution time of the pre-process, and the start time of the rekey process are registered in the schedule, that is, inserted / added to the event / use resource table 68. In step S3112, the process waits until the event time. You may wait for the next reservation. When the event time arrives, the event is executed.

  If the determination result in step S3103 is NO, that is, if the reserved application does not involve encrypted communication, in step S3113, the total value of the average used CPU resources is calculated for each event section. In step S3114, it is determined whether or not the total value is less than the allowable CPU processing capacity. If the determination result is YES, the registration in steps S3101 and S3102 is valid. If the determination result of step S3114 is NO, the application registered in step S3101 and step S3102 is deleted in step S3115. Further, in step S3116, notifications “Reservation is impossible” and “Reservation failed” are made to the reservation request source. If the determination result of step S3106 or step S3108 is NO, the registration of the reservation fails because no usable encryption algorithm was found, and the processes of step S3115 and step S3116 are performed.

  In FIG. 32, when a new reservation cannot be registered as it is because it exceeds the allowable CPU processing capacity, a margin of CPU processing capacity is created by changing the algorithm of the existing application, and the reservation request is satisfied. It is a flowchart which shows the procedure of a processing method. If the determination results in step S3106, step S3108, and step S3114 in FIG. 31 are NO, that is, if the encryption algorithm cannot be selected, the encryption with the highest load among the encryption communication applications already registered in the schedule in step S3201. Search for cryptographic communication applications that will use the algorithm. In step S3202, the used resource total is calculated for the changed encryption algorithm, the reservation request encryption communication application, and the encryption algorithm used there when the encryption algorithm is changed to a lower load, and in step S3203 this calculation is performed. It is determined whether the result is less than the allowable CPU processing capacity. If this determination result is YES, the change of the encryption algorithm is confirmed, and the changed encryption algorithm, the reservation request encryption communication application, and the encryption algorithm used therefor, the schedule change including preprocessing, rekey processing, etc. in step S3109 and thereafter To do. If the determination result in step S3203 is NO, that is, if the allowable CPU processing capability is still insufficient, it is determined in step S3205 whether there is still another application that has a room for changing the encryption algorithm. Returning to S3201, an attempt is made to change the encryption algorithm of the application. If the decision result in the step S3205 is NO, it is impossible to respond to the reservation request at all, and the process returns to the step S3115.

  In FIG. 33, when a new reservation cannot be registered as it is because the allowable CPU processing capacity is exceeded, a display is made to prompt the reservation requester (typically the user) to change the reservation. 5 is a flowchart showing a procedure of an algorithm selection method for re-selecting an encryption algorithm based on the determination of If the determination results in step S3106, step S3108, and step S3114 in FIG. 31 are NO, that is, if the algorithm cannot be selected, in step S3300, a display prompting the reservation requester to reselect is performed. The reservation request source looks at the display, and in step S3301, searches for and selects an encryption communication application scheduled to use the encryption algorithm with the highest load among the encryption communication applications already registered in the schedule. In response to the selection, in step S3302, the communication apparatus changes the encryption algorithm to one with a lower load, and uses resources for the changed encryption algorithm, the reservation request encryption communication application, and the encryption algorithm used therein. The total is calculated, and in step S3303, it is determined whether or not the calculation result is less than the allowable CPU processing capacity. If this determination result is YES, the change of the encryption algorithm is confirmed, and the changed encryption algorithm, the reservation request encryption communication application, and the encryption algorithm used therefor, the schedule change including preprocessing, rekey processing, etc. in step S3109 and thereafter To do. If the determination result in step S3303 is NO, that is, if the allowable CPU processing capacity is still insufficient, it is determined in step S3305 whether there are other applications that have room for changing the encryption algorithm. In S3300, a display requesting re-selection to the reservation request source is performed, and after step S3301, the encryption algorithm is changed. If the decision result in the step S3305 is NO, it is impossible to respond to the reservation request at all, so the process returns to the step S3115.

  In addition, in the reselection of the encryption algorithm as described above, there are cases where it is not necessary to loosen the necessary encryption strength condition or to loosen the necessary encryption strength condition as described above.

  In the flowchart of FIG. 33, in step S3301, the reservation request source, which is a user, is allowed to specify an encryption communication application that changes the encryption algorithm to a lower load, and in step S3302, the specified encryption algorithm has a lower load. You may make it calculate the use resource total at the time of changing to a thing. In this case, in step S3301, information that allows the reservation request source to identify which encryption communication application can change the encryption algorithm for the reservation request source that is the user, or an encryption communication application that can change the encryption algorithm In addition to presenting information that allows the reservation requester to select the desired encryption communication application from among the encryption algorithms currently registered for reservation and selectable / changeable encryption algorithms (that is, encryption algorithms that are candidates for change) And the reservation request source may determine whether or not to actually change the encryption algorithm and determine the contents to be changed. Further, information indicating what kind of encryption algorithm can be applied to the reservation requester, or information such as the encryption strength of the encryption algorithm and its order may be displayed and provided. As a result, the reservation request source can make a determination in consideration of not only the determination as to whether or not to reselect, but also the contents.

(Embodiment 17)
So far, the description has been given of the case where reservation registration or additional registration is performed for an encryption communication application, preprocessing, rekey processing, and the like. Even when a new request for additional registration is generated while the schedule unit 64 is executing an event, the event is within the allowable resource amount range described in the above embodiments. Can be added. Upon receiving the additional reservation registration request, the schedule unit 64 provisionally registers this reservation in the schedule / usage resource table 66, and provides a task column for the additional application in the created event / usage resource table 68, and the desired start time A temporary event / usage resource table is created separately by inserting an event row corresponding to, and an event row corresponding to the desired end time. Then, the description contents of each upper task and the encryption algorithm are respectively copied to the inserted desired start time event line and desired end time event line. Further, the amount of used resources desired to be additionally used is added to each event line from the desired start time event line to the event line immediately before the desired end time event line. Then, the schedule unit 64 and the encryption information determination unit 74 calculate the total amount of used resources and compare the total amount with the allowable resource amount, and if the total is less than the allowable resource amount, further if necessary Perform tasks such as selecting cryptographic algorithms. If it is finally determined that the reservation can be added, the provisional event / usage resource table is adopted as the formal event / usage resource table 68, so that an application for which additional reservation is desired can be made in the event / usage resource table. It becomes possible to add to. The amount of processing involved in such reservation addition determination is not large. Therefore, the resources used for this processing are small, and there is virtually no possibility that the system will fail. In addition, since the time required for this processing is extremely short, it is possible to respond almost immediately. When using an encryption algorithm, a reservation request should be made earlier than the time required for preprocessing. Otherwise, the start of encrypted communication will be delayed.

  On the other hand, when canceling a reservation for a registered application, the task name that configures the application at the corresponding event time, and in the case of encrypted communication, the associated encryption algorithm name and resource used are also displayed in the description column. Delete from. This process can also be performed in a very short time, but it is better to avoid the time zone in which the schedule unit 64 is working with reference to the event / usage resource table 68, that is, the time zone before and after the event time. . When canceling a reservation of an application that uses a cryptographic algorithm, related preprocessing and rekey processing events are also deleted. At this time, it is possible to change the encryption algorithm by the reservation request source by presenting the encryption algorithm of another application that has already been registered for reservation to the reservation request source, or from the one with the lowest load or the lowest encryption strength To calculate the average CPU resource total value when re-selecting the cryptographic algorithm (to improve the strength), and to change the cryptographic algorithm when the total value does not exceed the allowable CPU processing capacity Also possible. In addition to reselecting the algorithm, depending on the type of application, if the execution start time is shifted within a range that does not exceed the allowable CPU processing capacity, or if the average encrypted data transfer amount can be controlled by the application, the value is increased. It is also possible to advance the execution completion time. Further, when the reservation requester makes these changes, only the person who has the authority to change may be permitted by the authentication.

  FIG. 34 is a flowchart showing a procedure of an algorithm selection method in a case where when the reservation of any application is canceled, the resulting CPU's remaining power is directed to strengthening the encryption strength of the encryption algorithm. Upon receiving the reservation cancellation instruction, the communication device searches for an encryption communication application scheduled to use the encryption algorithm with the lowest load in step S3401. In step S3402, the total used resources when the encryption algorithm is changed to a higher encryption strength is calculated, and in step S3403, it is determined whether the total is less than the allowable CPU processing capacity. If the determination result is NO, the allowable CPU processing capacity is insufficient, so that the encryption strength cannot be strengthened, and the process proceeds to step S3112. If the determination result in step S3403 is YES, in step S3404, a schedule change including preprocessing, rekey processing, and the like is performed in response to the change of the encryption algorithm in the same manner as in steps S3109, S3110, and S3111 in FIG. . In step S3405, it is determined whether there is another application that can be changed. If the determination result is YES, the process returns to step S3401 to try to strengthen the encryption algorithm. If the determination result of step S3405 is NO, the process proceeds to step S3112.

(Deformation and supplement of embodiment)
Supplementing the case where the total used resource value exceeds the allowable resource usage amount and the case where there is no encryption algorithm that matches the predetermined condition, if necessary, for the reserved encryption communication application and the reservation request encryption communication application, the predetermined condition (for example, Regardless of whether the encryption strength is third or higher, etc., calculation for reselecting the encryption algorithm may be performed, and if registration is possible, reselection may be performed to perform reservation registration. This is because when the reserved cryptographic algorithm for the cryptographic communication application adopts a higher strength among the cryptographic strengths satisfying the above-mentioned certain conditions, even if the certain conditions remain the same, the encryption algorithm can be more encrypted. This includes changing to a lower strength. Moreover, when there is no room for such a change, it includes relaxing the certain condition. In addition, when the total used resource value exceeds the allowable resource usage amount, and when there is no encryption algorithm that matches the predetermined condition, a change in the execution time of another application, a change that reduces the average amount of encrypted communication data transfer, or Other changes may be made, and if necessary, it may be possible to perform reservation registration by performing re-selection by relaxing this condition regardless of the predetermined condition. As other changes described above, it is conceivable to reduce the consumption of CPU processing capacity by lowering the performance of other applications. If such a change is possible, such a change may be selected to direct the CPU processing capacity to the cryptographic algorithm processing.

  In the above description, the allowable CPU processing capacity is 50%. Moreover, the average used CPU resource was used. This is because the CPU concurrently performs basic processing such as OS processing and kernel processing in addition to application processing. Further, a certain CPU resource is not always used in application processing. There are cases where packets arrive in a concentrated manner in communication, and there are cases where the data rate fluctuates depending on the pattern during transmission of a television broadcast, and there is a need for a room to absorb these fluctuations. For this reason, the average used CPU resource is used, and the allowable CPU processing capacity is set to a value smaller than 100%.

  The format of the schedule / used resource table 66, the event / used resource table 68, and the cryptographic processing used resource table 76, and the numerical values in the table are not limited to the above example. Even if the format is different from the above example, it can be used in the present invention as long as necessary information can be expressed and resources can be calculated. The event time may have a resolution that is finer than a minute or less than a second.

  In the configuration of FIG. 18, the encryption / decryption information is exchanged between the encryption information determination unit 74 and the encryption processing unit 80, but the encryption information determination unit 74 performs the encryption between the encryption communication applications 70 and 72. The encryption / decryption information corresponding to the application may be exchanged, and the encryption communication applications 70 and 72 may exchange the encryption / decryption information corresponding to the encryption application itself with the encryption processing unit 80.

  In the configuration of FIG. 18, the schedule unit 64 and the encryption information determination unit 74 are composed of one block, and this block includes a schedule / use resource table 66, an encryption process use resource table 76, and an event / use resource table 68. One table may be handled.

  Further, in the configuration of FIG. 18, the encryption information determination unit 74 and the encryption processing unit 80 are composed of one block, and this block handles the encryption processing usage resource table 76 and the encryption / decryption information. Related information may be exchanged between 70 and 72.

  When the communication apparatus of the present invention performs cryptographic communication with the counterpart apparatus, it is preferable to select an encryption algorithm that can be used by both of them. Needless to say, if the encryption algorithm selected by the communication device cannot be handled by the counterpart device, encryption communication cannot be performed. Therefore, it is preferable to perform negotiation for sharing a usable encryption algorithm with the partner apparatus at the reservation stage.

  If there are fluctuations during packet transmission in communication, out-of-order packet reception or delays in reception, the time when the key being used is updated to the next update key may fluctuate around the key expiration time. There is. The possibility is particularly great on the receiving side. If the fluctuation time accumulates and there is a concern that the use start time of the updated key will be significantly different from the time expected at the time of scheduling, the rekey processing start time may be shifted accordingly. As long as the network camera on the transmission side updates the key based on the lifetime expiration time, the fluctuation time does not accumulate.

  The present invention can be applied even if the encryption algorithm is an authentication algorithm or a compression algorithm. Therefore, each encryption algorithm described above includes an authentication algorithm and a compression algorithm.

  As a recording medium on which a program for causing a computer to execute each procedure of the algorithm selection method of the present invention is recorded, a ROM, a RAM, a flexible disk, a CD-ROM, a DVD, a memory card, a hard disk, etc., on which the program is recorded, Any computer-readable recording medium can be used.

  The encryption / decryption information may be notified including information necessary for encryption / decryption processing such as an encryption key in addition to the encryption algorithm. Moreover, you may notify the identifier which identifies an encryption algorithm and an encryption key.

(Embodiment 18)
In Embodiments 1 to 17 described above, the example has been described in which the communication apparatus selects an optimal encryption algorithm based on its own CPU usage rate (more generally, the total used resource value). However, since the CPU usage rate of a communication partner (for example, a network camera or a home appliance having a communication function) is not considered in selecting an encryption algorithm, a high-load encryption algorithm is selected when there is not enough room for the CPU resource of the communication partner. If selected, the decryption process of the encrypted packet at the communication partner is delayed. Therefore, as an eighteenth embodiment, a communication apparatus that can avoid such a problem will be described.

  FIG. 35 shows a configuration of a communication system using the communication device of the present embodiment. As shown in FIG. 35, the communication device 120 can communicate with one or more communication partners (communication partners 122, 124, 126 in the example of FIG. 35) via a network.

  First, the preconditions of this embodiment are described below.

<Prerequisites for cryptographic communication>
The communication device 120 encrypts the packet and performs encrypted communication with one or more communication partners.
There are a plurality of encryption algorithms that can be used for encryption, and any encryption algorithm can be used as long as it is supported by both the communication device 120 and the communication partner.
The encryption key is shared between the communication device 120 and the communication partner at least by the start of encryption communication.
The encrypted packet includes at least an identifier for identifying a combination of an encryption algorithm and an encryption key applied at the time of encrypting the packet.
-There are no particular questions regarding the encryption algorithm negotiation method and the mechanism for sharing the encryption key.

<Prerequisites for communication partner>
-When the communication partner transmits a packet to the communication device, as in the communication device of the first to fifteenth embodiments, the encryption is such that the CPU usage rate does not exceed the allowable value according to its own CPU usage rate. An algorithm is selected and the packet is encrypted according to the encryption algorithm.
When the communication partner receives the encrypted packet from the communication device 120, the communication partner decrypts the packet according to the encryption algorithm applied to the packet.

  FIG. 36 is a functional block diagram illustrating a configuration of the communication device 120. 36, the communication device 120 includes an encryption communication application 128, an encryption information determination unit 130, an encryption processing unit 136, and a communication processing unit 138. The encryption information determination unit 130 holds an encryption processing usage resource table 132 and a reception history management table 134.

  FIG. 37 is an example of the cryptographic processing use resource table 132. In FIG. 37, “calculation amount” indicates the load when cryptographic processing is performed, and the measurement result at a certain communication partner is used as the value. Instead of the measurement result at the communication partner, a measurement result at the communication device 120 or a theoretical value calculated based on an encryption algorithm may be used. In FIG. 37, “calculation amount index” indicates the ranking of the calculation amount, and values 1, 2, 3,... Are set in ascending order of the calculation amount. Further, “encryption strength” indicates the order of encryption strength.

  FIG. 38 is an example of the reception history management table 134. In FIG. 38, “Last” indicates an encryption algorithm applied to the packet last received from the communication partner. “Frequency” indicates the frequency of the encryption algorithm applied to the received packet for a certain time (or a certain number). In FIG. 38, the frequency of “*” indicates an encryption algorithm that has not been negotiated with the communication partner.

FIG. 39 is a functional block diagram showing the configuration of the communication partner 122. 39, the communication partner 122 (communication partner 122) includes an encryption communication application 140, a resource monitoring unit 142, a communication processing unit 144, an encryption processing unit 146, and an encryption information determination unit 148. The encryption information determination unit 148 holds an encryption processing usage resource table 152 . The functions of the resource monitoring unit 142, the communication processing unit 144, and the encryption processing unit 146 are the same as those shown in FIG. The CPU usage rate information memory 150 and the cryptographic processing usage resource table 152 are the same as those shown in FIG. Note that the configuration and operation of the communication partners 124 and 126 are the same as those of the communication partner 122, and therefore the description of the communication partners 124 and 126 is omitted.

  Hereinafter, the operation of the communication apparatus 120 will be described.

  First, the operation of the communication device 120 when receiving a packet will be described. The communication processing unit 138 receives the encrypted packet from the communication partner via the network, and passes the received encrypted packet to the encryption processing unit 136. The encryption processing unit 136 analyzes the encrypted packet, extracts an identifier (hereinafter referred to as a first identifier) for identifying a combination of an encryption algorithm and an encryption key applied to the encrypted packet, The first identifier and an identifier for identifying the communication partner of the transmission source of the encrypted packet (hereinafter referred to as a second identifier) are passed to the encryption information determination unit 130. Based on the first identifier received from the encryption processing unit 136, the encryption information determination unit 130 specifies a combination of an encryption algorithm and an encryption key, and passes them to the encryption processing unit 136. Also, the encryption information determination unit 130 updates the reception history management table 134 based on the identified encryption algorithm and encryption key pair and the second identifier received from the encryption processing unit 136. The encryption processing unit 136 decrypts the encrypted packet using the combination of the encryption algorithm and the encryption key received from the encryption information determination unit 130, and passes the packet thus converted to the plain text to the encryption communication application 128.

  Next, the operation of the communication device 120 at the time of packet transmission will be described. The encryption communication application 128 generates a plaintext packet to be transmitted to the communication partner and passes it to the encryption processing unit 136. The cryptographic processing unit 136 extracts the second identifier from the packet received from the cryptographic communication application 128 and passes it to the cryptographic information determination unit 130. Based on the second identifier received from the cryptographic processing unit 136, the cryptographic information determination unit 130 selects a cryptographic algorithm by referring to the cryptographic processing usage resource table 132 and the reception history management table 134. Details of the encryption algorithm selection process will be described later. The encryption information determination unit 130 passes the selected encryption algorithm to the encryption processing unit 136. The encryption processing unit 136 encrypts the packet according to the encryption algorithm received from the encryption information determination unit 130, and passes this encrypted packet to the communication processing unit 138. The communication processing unit 138 transmits the packet received from the encryption processing unit 136 to the communication partner via the network.

  Hereinafter, details of the encryption algorithm selection processing of the encryption information determination unit 130 at the time of packet transmission will be described. As a precondition, the encryption information determination unit 130 selects one encryption algorithm from one or more encryption algorithms negotiated with the communication partner (an encryption algorithm without “*” in FIG. 38). Also, the encryption information determination unit 130 can select a different encryption algorithm for each communication partner.

  A plurality of variations can be considered for the encryption algorithm selection method of the encryption information determination unit 130 at the time of packet transmission. In the following, six typical variations will be described.

  (1) The encryption algorithm applied to the packet received last from the communication partner of the packet transmission destination is selected.

  The communication partner selects an encryption algorithm according to the CPU usage rate at the time of packet transmission, encrypts the packet according to the encryption algorithm, and transmits the encrypted packet to the communication device 120. Therefore, the encryption algorithm applied to the packet received from the communication partner reflects the CPU usage rate of the communication partner at the time of transmission of the packet. Therefore, in this method, when the encryption algorithm applied to the packet received last from the communication partner is a high load, the CPU of the communication partner is currently expected to have power, The encryption information determination unit 130 selects the same high-load encryption algorithm as the communication partner applies at the time of transmission, and encrypts the packet. On the other hand, if the encryption algorithm applied to the packet received from the communication partner is a low-load one, it is expected that the CPU of the communication partner is currently free, so the encryption information determination unit 130 Select the same low-load encryption algorithm that the communication partner applied at the time of transmission and encrypt the packet. For example, when the packet is transmitted to the communication partner A in the state where the reception history management table 134 of FIG. 38 is held, the encryption information determination unit 130 performs encryption based on the “last” field of the communication partner A. Select algorithm 3DES-CBC. Similarly, when transmitting a packet to the communication partner C, the encryption information determination unit 130 selects the encryption algorithm AES-CBC based on the “last” field of the communication partner C.

  When this method is adopted, the encryption information determination unit 130 needs to update the “last” column of the reception history management table 134 shown in FIG. 38 every time an encrypted packet is received. In this method, the “frequency” column of the reception history management table 134 is not necessary.

  (2) Select the most frequently used encryption algorithm applied to a certain number of packets received in the past from the communication partner of the packet transmission destination.

  Since the CPU usage rate of the communication partner is not always constant, when the encryption algorithm is selected based on only one received packet as in the method (1), the selection result may not be appropriate. Therefore, in this method, the encryption information determination unit 130 selects the most frequently used encryption algorithm applied to a certain number of packets received in the past from the communication partner of the packet transmission destination. For example, when the packet is transmitted to the communication partner A while holding the reception history management table 134 of FIG. 38, the encryption information determination unit 130 refers to the “frequency” column of the communication partner A, Among the encryption algorithms applied to the 20 packets received in the past, the most frequently used encryption algorithm DES-CBC is selected.

  When this method is adopted, the encryption information determination unit 130 needs to update the “frequency” column of the reception history management table 134 shown in FIG. 38 every time an encrypted packet is received. For example, when an encryption algorithm is selected in consideration of 20 packets received in the past, a history for 20 packets is always held in the “frequency” column of the reception history management table 134. In this method, the “last” column of the reception history management table 134 is unnecessary.

  (3) The most frequently used encryption algorithm is selected from the encryption algorithms applied to packets received in the past certain period from the communication partner of the packet transmission destination.

  The fixed number of packets received in the past considered in the method (2) above may include packets received a long time ago, and such packets indicate the current CPU usage rate of the communication partner. It is not suitable as a material for estimation. Therefore, in this method, the encryption information determination unit 130 selects the most frequently used encryption algorithm that has been applied to packets received in the past certain period from the communication partner of the packet transmission destination. For example, when the packet is transmitted to the communication partner A while holding the reception history management table 134 of FIG. 38, the encryption information determination unit 130 refers to the “frequency” column of the communication partner A, Among the encryption algorithms applied to the 20 packets received in the past, the most frequently used encryption algorithm DES-CBC is selected.

  When this method is adopted, the encryption information determination unit 130 needs to update the “frequency” column of the reception history management table 134 shown in FIG. 38 every time an encrypted packet is received. For example, when an encryption algorithm is selected in consideration of packets received in the past 5 minutes, the history for one minute is always held in the “frequency” column of the reception history management table 134. In this method, the “last” column of the reception history management table 134 is unnecessary.

  (4) A cryptographic algorithm having the highest cryptographic strength is selected from cryptographic algorithms whose calculation amount is equal to or less than the calculation amount of the cryptographic algorithm applied to the packet received last from the communication partner of the packet transmission destination.

  A cryptographic algorithm having a large amount of calculation does not necessarily have a high cryptographic strength. For example, as shown in FIG. 37, AES-CBC has a smaller calculation amount than 3DES-CBC, but has higher encryption strength. Therefore, if both AES-CBC and 3DES-CBC are available as encryption algorithms, it is more effective to use AES-CBC.

  In general, the algorithm negotiated for reception does not necessarily match the algorithm negotiated for transmission. For example, even if an encryption algorithm applied to a packet received last from a communication partner is selected, this encryption algorithm May not have been negotiated for transmission.

  Therefore, in this method, the encryption information determination unit 130 refers to the encryption processing usage resource table 132, and the encryption amount is equal to or less than the encryption algorithm applied to the packet received last from the communication partner. Select the algorithm with the highest encryption strength. For example, when the packet is transmitted to the communication partner B in the state where the reception history management table 134 of FIG. 38 is held, the encryption information determination unit 130 sets the calculation amount in the “last” column of the communication partner B. An encryption algorithm equal to or less than the calculation amount of the described encryption algorithm 3DES-CBC (that is, 3DES-CBC and AES-CBC in the example of FIG. 37. Note that DES-CBC is communicated with the communication partner B as shown in FIG. The encryption algorithm AES-CBC having the highest encryption strength is selected from the above.

  (5) Among encryption algorithms whose calculation amount is equal to or less than the statistical value of the calculation amount of the encryption algorithm applied to a certain number of packets received in the past from the communication partner of the packet transmission destination, Choose a higher one.

  As the “statistic value”, the minimum value among the calculation amounts of the encryption algorithms may be adopted, or the calculation amount with the most frequent of the calculation amounts of the encryption algorithms may be adopted. The average value of the calculation amount of those encryption algorithms may be adopted, or other statistical values may be adopted.

  For example, the average value of the calculation amount of the encryption algorithm applied to a certain number of packets received in the past from the communication partner of the packet transmission destination is adopted as the “statistic value”, and the reception history management table 134 of FIG. When a packet is transmitted to the communication partner A in the held state, the “statistic” is calculated as (100 × 17 + 300 × 3) / 20 = 130 based on the “frequency” column of the communication partner A. Therefore, the encryption information determination unit 130 selects an encryption algorithm DES-CBC having a calculation amount of 130 or less.

  (6) Highest cryptographic strength among cryptographic algorithms whose computational complexity is less than or equal to the statistical value of the computational complexity of the cryptographic algorithm applied to packets received in the past certain period from the communication partner of the packet transmission destination Choose one.

  For example, the calculation amount with the highest frequency among the calculation amounts of the encryption algorithm applied to the packet received in the past certain period from the communication partner of the packet transmission destination is adopted as the “statistic value”, and the reception shown in FIG. When a packet is transmitted to the communication partner B in the state where the history management table 134 is held, the “statistic” is 300, which is the calculation amount of 3DES-CBC, based on the “frequency” column of the communication partner B. Therefore, the encryption information determination unit 130 selects the encryption algorithm AES-CBC having the highest encryption strength among the encryption algorithms having a calculation amount of 300 or less.

  In the methods (4) to (6), an encryption algorithm may be selected using a “computation amount index” shown in FIG. 37 instead of “computation amount”.

  Each method described above is based on the premise that information related to packets received in the past is held in the reception history management table 134. However, when a packet is transmitted to a certain communication partner for the first time, or when a packet has not been received for a long time from a packet transmission destination, sufficient information is not held in the reception history management table 134, and the above-mentioned The encryption algorithm cannot be selected by each method. Therefore, in such a case, as an example, the encryption information determination unit 130 may select a predetermined encryption algorithm. As another example, the encryption information determination unit 130 first transmits a packet from which a response from the transmission destination is obtained, for example, an “Echo request” of ICMP (Internet Control Message Protocol) to the packet transmission destination, In response to this, an encryption algorithm may be selected based on the encryption algorithm applied to the packet returned from the transmission destination.

  FIG. 40 is a flowchart showing a process flow of the communication system. In FIG. 40, steps similar to those in FIG. 16 are denoted by the same reference numerals, and description thereof is omitted.

  As can be seen from the flowchart of FIG. 40, the operation of the communication partner 122 in the present embodiment is substantially equal to the operation of the communication device 24 shown in FIG. The only difference is that, in the present embodiment, in step S1702 in FIG. is there. Therefore, in the following, description of the operation of the communication partner 122 is omitted, and only the operation on the communication device 120 side is described.

  The encryption information determination unit 130 determines whether or not an encrypted packet has been received from the communication partner 122 (S1622). If a packet is received, the reception history management is performed based on the encryption algorithm applied to the packet. The table 134 is updated (S4001).

  On the other hand, when there is a packet to be transmitted to the communication partner 122 (YES in S1624), the encryption information determination unit 130 uses the method described in (1) to (6) above to perform the encryption algorithm from the set F. Is selected (S4002). Then, the encryption processing unit 136 encrypts the packet using the encryption algorithm selected by the encryption information determination unit 130 (S4003).

  In this embodiment, the encryption protocol is not required. For example, a protocol such as IPsec (Security Architecture for the Internet Protocol) or SSL (Secure Sockets Layer) can be used. Also, the type of encryption algorithm is not questioned. Of course, the content of the packet to be transmitted is not questioned.

  In this embodiment, it is necessary to determine in advance between the communication device 120 and the communication partner 122 which encryption algorithm can be selected. As an example of the method for that purpose, the administrator may previously register the types of selectable encryption algorithms in both the communication device 120 and the communication partner 122. As another example, communication for negotiation may be performed between the communication device 120 and the communication partner 122 prior to encryption communication, as in steps S1601 and S1621 of FIG. Such negotiation communication is also included in IKE, for example.

  As described above, according to the eighteenth embodiment, the communication device 120 considers the CPU capacity of the communication partner 122 based on the encryption algorithm applied by the communication partner 122 at the time of packet transmission, and the remaining power of the CPU of the communication partner 122. It is possible to select a cryptographic algorithm with a load corresponding to Therefore, the communication partner 122 can perform the decoding process of the packet transmitted from the communication device 120 without difficulty. Further, since the communication device 120 selects an encryption algorithm based on a packet received from the communication partner 122, a determination material (for example, information such as the current CPU usage rate) for selecting the encryption algorithm is selected from the communication partner 122. There is no need for the trouble of separately transmitting to the communication device 120 (processing as in S1603 in FIG. 16).

(Embodiment 19)
As in the communication partner 122 in the eighteenth embodiment, the function of selecting the encryption algorithm according to the convenience of the user is “main”, and the communication device 120 in the eighteenth embodiment is also in the convenience of the partner. Assuming that the device on the side that selects the encryption algorithm is “subordinate”, a communication device having both the function of the communication partner 122 and the function of the communication device 120 can be both “primary” and “subordinate”. Hereinafter, as a nineteenth embodiment, such a communication apparatus will be described.

  FIG. 41 is a functional block diagram showing a configuration of the communication apparatus according to the nineteenth embodiment. 41, the communication device 154 includes a resource monitoring unit 156, an encrypted communication application 158, an encrypted information determination unit 160, an encryption processing unit 168, and a communication processing unit 170. The cryptographic information determination unit 160 holds a CPU usage rate information memory 162, a cryptographic processing usage resource table 164, and a reception history management table 166. The configuration and operation of FIG. 41 are the same as those shown in FIG. 36 or 39 except for the operation of the encryption information determination unit 160, and thus the description thereof is omitted here. The operation of the encryption information determination unit 160 will be described later.

  By the way, when communicating between two communication devices, if these two communication devices function as “main” or both as “subordinate”, the desirable effect as in the eighteenth embodiment is obtained. I can't get it. Because when two communication devices function as “main”, the other communication device uses a high-load encryption algorithm packet even when the CPU usage rate of one communication device is high. This is because there is a possibility of encryption. Further, when both of the two communication devices function as “slave”, there is a possibility that both communication devices will continue to use the encryption algorithm first used by one of the communication devices. Because. Therefore, when communicating between two communication devices, it is preferable that one of the communication devices functions as a “main” and the other communication device functions as a “subordinate”. Furthermore, it is preferable that the communication device on the side where the CPU or the like has a relatively spare capacity functions as a “subordinate”. This is because the communication device on the side functioning as “subordinate” always needs to use a cryptographic algorithm with a load suitable for the other party regardless of its CPU usage rate.

  Hereinafter, the operation of the communication device 154 will be described. In the following, as shown in FIG. 42, a communication device 172 that can function only as “main” like the communication partner 122 of the eighteenth embodiment and “subordinate” like the communication device 120 of the eighteenth embodiment. In the communication system in which the communication device 174 capable of functioning only as a communication device and the communication device 176 capable of functioning as either “main” or “subordinate” such as the communication device 154 of the present embodiment are mixed. Suppose that the communication device 154 is used.

  The encryption information determination unit of each of the communication devices 154, 172, 174, and 176 determines which of the communication partner and the communication partner is “primary” and which is “subordinate” when the power supply is driven or when the first encrypted communication with the communication partner is started. Negotiation (hereinafter referred to as main slave negotiation) for determining whether or not the communication partner is performed. However, such negotiation may be performed manually by the administrator of the communication system. Hereinafter, for convenience of explanation, the communication device on the negotiation start side is referred to as a communication device X, and the communication partner of the communication device X is referred to as a communication device Y.

  The encryption information determination unit of each communication device 154, 172, 174, and 176 first determines which of the communication device 154, 172, 174, and 176 is “master” and which is “subordinate” according to the expected role of each communication device. Try to make a decision. Specifically, first, the encryption information determination unit of the communication device X communicates whether the communication device X can be only “main”, only “subordinate”, or both “main” and “subordinate”. Notify device Y. When receiving the notification from the communication device X, the encryption information determination unit of the communication device Y determines whether the communication device Y can be an appropriate communication partner for the communication device X. More specifically, when the communication device X can only be “main”, whether the communication device Y can be “subordinate” or when the communication device X can only be “subordinate”, the communication device Y is “main”. Is determined. As a result, when the communication device Y can become an appropriate communication partner with respect to the communication device X, a response to that effect is sent to the communication device X, and the main slave negotiation ends.

  When the communication device X can be both “main” and “subordinate”, the encryption information determination unit of the communication device Y responds to the communication device X with the role of the communication device Y. More specifically, when the communication device Y can only be “main”, it responds to the communication device X, and when the communication device Y can only be “subordinate”, this is indicated to the communication device X. Respond to. This completes the master-detail negotiation.

  If the communication device X can be both “main” and “subordinate” and the communication device Y can be both “main” and “subordinate”, the user can use either of the following two methods. It is possible to determine which of the communication partner and “communication partner” is “main” and which is “subordinate”.

  The first method is a method in which the communication device Y selects a preset role. Specifically, a preset one of “main” and “subordinate” is selected, and that is notified to the communication device X. The communication device X becomes “slave” when the communication device Y selects “main”, and becomes “main” when the communication device Y selects “slave”. This completes the master-detail negotiation.

  The second method is a method in which both processing capacities are compared, the one having a lower processing capability becomes “main”, and the one having a higher processing capability becomes “subordinate”. In this case, first, the encryption information determination unit of the communication device Y is based on the processing capability of the communication device Y (for example, the capability of hardware such as a CPU, a value set in the system, and information at that time or past time). CPU resources that can be used for encrypted communication) are notified to the communication device X. Upon receiving this notification, the encryption information determination unit of the communication device X compares the processing capability of the communication device X with the processing capability of the communication device Y, and determines which is “main” and which is “subordinate”. . And the result of determination is notified to the communication apparatus Y. This completes the master-detail negotiation. Note that the communication device X may notify the communication device Y of the processing capability, and the communication device Y may determine which is “main” and which is “subordinate”. In this case, as described above, the notification of the processing capability from the communication device X to the communication device Y indicates whether the communication device X can only be “main”, only “subordinate”, or “main” and “subordinate”. When the communication device Y is notified of whether or not both can be used, the notification may be made simultaneously.

  When the master-slave negotiation ends as described above, the encryption information determination unit of the communication device X operates according to the role of the communication device X (“main” or “subordinate”). Specifically, when the communication device X is “main”, it operates according to the flowchart on the left side (that is, the communication partner 122 side) shown in FIG. 40, and when the communication device X is “subordinate”, FIG. It operates according to the flowchart on the right side (namely, the communication device 120 side) shown in FIG. Similarly, the encryption information determination unit of the communication device Y also operates according to the role of the communication device Y.

  As described above, according to the present embodiment, when communication is performed between two communication devices, both of the two communication devices are prevented from functioning as “main” or both as “subordinate”. it can.

  In the description of Embodiments 1 to 19, the selection of the encryption algorithm has been described. However, the present invention can also be applied to the selection of the authentication algorithm. The authentication algorithm is an algorithm for confirming that received data has not been tampered with during transmission. Furthermore, the present invention can also be applied to selection of compression algorithms for compression / decompression of video data, audio data, general data, and the like. There are various data compression algorithms such as DEFLATE and LZS, but considering the compression rate, processing load, and CPU usage rate at that time, an algorithm with the highest compression rate is selected as long as CPU resources are not depleted. As a result, the load on the communication line can be reduced. From another point of view, the authentication algorithm generates authentication data by performing complex calculations on the original data to be authenticated, and the compression algorithm converts the original data into compressed data. All of them are similar to encryption processing in that they require complicated decompression processing, and the above-described Embodiments 1 to 19 are changed to selection of encryption algorithms, and authentication algorithms and compression algorithms are used. It can be applied to the selection.

  In addition, the cryptographic processing unit generally includes one or more protocols that realize cryptographic communication such as IPsec, SSL, and TLS, and obtains key information such as IKE (IKE uses key exchange to exchange key information). IKE implements key exchange using the Diffie-Hellman algorithm.) One or more programs based on a protocol for performing key exchange are provided, and encryption communication such as DES-CBC, 3DES-CBC, AES, etc. is called. Anything to do.

  In the following, some aspects of the present invention will be described which are not explicitly stated in the claims but can be read from the above description.

  The cryptographic information determination unit uses the average value of the total used resources for a certain period up to that point as the resource usage by the non-cryptographic communication application when the cryptographic communication application is not executed when the cryptographic algorithm is selected. It is.

  When the encryption communication application is being executed when the encryption algorithm is selected, the encryption information determination unit is executing as the resource usage by the non-encryption communication application from the average value of the total resources used over a certain period until that point. The value obtained by subtracting the resource usage by the encryption communication application is used.

  The encryption information determination unit, as the resource usage by a plurality of non-encrypted communication applications being executed at the time of selecting an encryption algorithm, uses the The average value of the resource usage by the communication application is used.

  The encryption information determination unit uses a value predetermined in advance for the non-encrypted communication application as the resource usage by the non-encrypted communication application being executed when the encryption algorithm is selected.

  The cryptographic information determination unit uses the amount of resources used by the cryptographic communication application during the period in which the cryptographic communication application has been executed using the specific cryptographic algorithm in the past as the resource usage by the cryptographic communication application when the specific cryptographic algorithm is used. The average value of is used.

  The encryption information determination unit uses a predetermined value for the combination of the encryption communication application and the specific encryption algorithm as the resource usage amount by the encryption communication application when the specific encryption algorithm is used.

  The schedule part registers pre-processing for generating cryptographic communication keys in the schedule prior to the start of tasks related to cryptographic communication applications, which are applications that require cryptographic processing, and starts using cryptographic algorithms. The value obtained by subtracting the total resource used in the time zone before the scheduled time from the allowable resource usage, or the value obtained by subtracting the total resource used in the time zone prior to the encryption algorithm switching scheduled time from the allowable resource usage. Based on the above, the start time of preprocessing is determined.

  The schedule unit registers rekey processing for generating an update key for encrypted communication in the schedule, and the total amount of resources used in the time zone before the lifetime expiration time of the encrypted communication key The start time of the rekey process is determined based on the value obtained by subtracting from.

  When the encryption communication unit switches from one encryption algorithm to another encryption algorithm and then uses the original encryption algorithm again, the communication key used before switching the encryption algorithm is changed to another encryption algorithm. The key is retained while the algorithm is used, and the key is reused when the original encryption algorithm is used again.

  The encryption information determination unit stores the encryption algorithm applied to the packet received last from the communication partner in the reception history management table, and refers to the reception history management table to determine the encryption algorithm applied to the received packet. To choose.

  The encryption information determination unit stores the encryption algorithm applied to a certain number of packets received from the communication partner in the reception history management table, refers to the reception history management table, and the encryption algorithm applied to the received packet The most frequently used cryptographic algorithm is selected.

  The encryption information determination unit stores the encryption algorithm applied to the packet received from the communication partner within the past certain time in the reception history management table, and applied to the received packet with reference to the reception history management table. The most frequently used encryption algorithm is selected from the encryption algorithms.

  The encryption information determination unit stores the encryption algorithm applied to the packet received last from the communication partner in the reception history management table and applies it to the received packet by referring to the reception history management table and the encryption processing resource table. The encryption algorithm having the highest encryption strength is selected from among the encryption algorithms having the same or less calculation amount than the encryption algorithm that has been used.

  The encryption information determination unit stores the encryption algorithm applied to the fixed number of packets received from the communication partner in the reception history management table, refers to the reception history management table and the encryption processing usage resource table, and The encryption algorithm having the highest encryption strength is selected from among the encryption algorithms having the same or less calculation amount than the statistical value of the calculation amount of the applied encryption algorithm.

  The encryption information determination unit stores the encryption algorithm applied to the packet received from the communication partner within the past certain time in the reception history management table, and receives it with reference to the reception history management table and the encryption processing resource table. The encryption algorithm having the highest encryption strength is selected from among the encryption algorithms having the same or less calculation amount than the statistical value of the calculation amount of the encryption algorithm applied to the packet.

  The communication apparatus is adapted to at least one of an authentication algorithm for performing an authentication process and a compression algorithm for performing a compression / decompression process instead of the encryption algorithm.

  The present invention is suitable for an application that requires encryption communication without delay, for example, an application for browsing a network camera image in a remote place in real time.

The figure which shows the whole structure of the system which concerns on Embodiment 1-4 of this invention The block diagram of the principal part of the system which concerns on Embodiment 1-4 of this invention Diagram showing the encryption algorithm decision method by negotiation The flowchart which shows operation | movement of the encryption information determination part when negotiating an encryption algorithm as a responder in Embodiment 1 of this invention. A flowchart detailing a part of the processing of FIG. Graph showing the difference in CPU usage rate due to cryptographic algorithms Diagram showing a database that holds the correspondence between cryptographic algorithms, their processing load, and cryptographic strength In Embodiment 1 of the present invention, as an initiator, a flowchart showing the operation of the encryption information determination unit when performing encryption algorithm negotiation Flowchart detailing a part of the process of FIG. In Embodiment 2 of this invention, the flowchart which shows operation | movement of the encryption information determination part when negotiating an encryption algorithm as a responder Flowchart detailing a part of the process of FIG. In Embodiment 2 of the present invention, a flowchart showing the operation of the encryption information determination unit when negotiating the encryption algorithm as an initiator Flowchart detailing a part of the processing of FIG. In Embodiment 3 of this invention, the flowchart which shows the operation | movement of an encryption information determination part when negotiating an encryption algorithm as an initiator at the timing when CPU usage rate changed. Flowchart detailing a part of the process of FIG. In Embodiment 4 of this invention, the flowchart which shows a processing flow in case the some encryption algorithm is negotiated previously. Flowchart detailing a part of the processing of FIG. The block diagram which shows the functional structure of the communication apparatus which concerns on Embodiment 5-9 of this invention. The figure which shows the example of the schedule and use resource table | surface used in Embodiment 5-9 of this invention The figure which shows the example of the encryption processing usage resource table | surface used in Embodiment 5 and Embodiment 7 of this invention Diagram showing transition of CPU usage rate The figure which shows the example of the event and used resource table | surface used in Embodiment 5 of this invention. The block diagram which shows the hardware constitutions of the communication apparatus which concerns on Embodiment 5-9 of this invention. The figure which shows the example of the encryption processing usage resource table | surface used in Embodiment 6 and Embodiment 8 of this invention The figure which shows the example of the event and used resource table | surface used in Embodiment 7 of this invention The figure which shows the other example of the event and use resource table | surface used in Embodiment 7 of this invention. The figure which shows the example of the event and use resource table | surface used in Embodiment 8 of this invention. The figure which shows the example of the event and used resource table | surface used in Embodiment 9 of this invention. The figure which shows the example of the encryption processing usage resource table | surface used in Embodiment 9 of this invention. The flowchart which shows an example of the procedure of the algorithm selection method of this invention The flowchart which shows the other example of the procedure of the algorithm selection method of this invention The flowchart which shows the further another example of the procedure of the algorithm selection method of this invention The flowchart which shows the further another example of the procedure of the algorithm selection method of this invention The flowchart which shows the further another example of the procedure of the algorithm selection method of this invention FIG. 18 is a block diagram showing a configuration of a communication system according to an eighteenth embodiment of the present invention. Block diagram showing a configuration of a communication apparatus according to an eighteenth embodiment of the present invention. The figure which shows an example of the encryption processing usage resource table | surface of Embodiment 18 of this invention. The figure which shows an example of the reception log | history management table | surface of Embodiment 18 of this invention. Block diagram showing the configuration of the communication partner of the eighteenth embodiment of the present invention The figure which shows operation | movement of the communication system of Embodiment 18 of this invention. Block diagram showing a configuration of a communication apparatus according to a nineteenth embodiment of the present invention. Diagram showing how the ep service works Functional block diagram of conventional system Graph showing CPU resource shortage when network camera application and TV recording are operated simultaneously

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Broadcasting equipment 12 Network camera 14 Image pick-up part 16 Encryption processing part 18 Encryption information determination part 20 Communication processing part 22 Internet 24 Communication apparatus 26 Image receiving part 28 Recording application 30 Resource monitoring part 32 Encryption information determination part 34 Network camera application 36 Communication processing part 38 Cryptographic processing unit 40 Display 42 Cryptographic algorithm selection unit 44 CPU usage rate information memory 46 Cryptographic processing usage resource table 48 Negotiation packet creation / interpretation unit 50 Cryptographic algorithm setting unit 60 Application 62 Application 64 Scheduling unit 66 Schedule / usage resource table 68 Event Used resource table 70 Cryptographic communication application 72 Cryptographic communication application 74 Cryptographic information determination unit 76 Cryptographic processing used resource table 78 Communication processing unit 80 Cryptographic processing 82 resource monitoring unit 84 antenna 86 tuner 88 voice processing 90 display processing 92 transfer means 94 CPU
96 ROM
98 RAM
100 Remote control IF
102 Remote control 104 HDD
116 Modem 120 Communication device 122 Communication partner A
124 Communication partner B
126 Communication partner C
128 Cryptographic Communication Application 130 Cryptographic Information Determining Unit 132 Cryptographic Processing Used Resource Table 134 Reception History Management Table 136 Cryptographic Processing Unit 138 Communication Processing Unit 140 Cryptographic Communication Application 142 Resource Monitoring Unit 144 Communication Processing Unit 146 Cryptographic Processing Unit 148 Cryptographic Information Determination Unit 150 CPU usage rate information memory 152 Cryptographic processing usage resource table 154 Communication device 156 Resource monitoring unit 158 Cryptographic communication application 160 Cryptographic information determination unit 162 CPU usage rate information memory 164 Cryptographic processing usage resource table 166 Reception history management table 168 Cryptographic processing unit 170 Communication Processing part

Claims (17)

An encryption information determination unit that selects a different encryption algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing unit that encrypts a packet according to an encryption algorithm selected by the encryption information determination unit;
A communication processing unit for transmitting a packet encrypted by the encryption processing unit;
A scheduling unit that accepts reservations for executing applications and registers the execution of the application in a schedule;
The cipher information determination unit selects a cipher algorithm to be used at that time based on a total resource used at a future time predicted based on the schedule,
The schedule includes a schedule / use resource table for registering a start time, an end time, and a use resource amount for each task related to the reserved application,
The schedule unit accepts a reservation for execution of an application and registers the execution of a task related to the application in the schedule / usage resource table,
The encryption information determination unit is configured to calculate, for each task related to an encryption communication application, which is an application that requires encryption processing, the expected total used resources when the encryption algorithm is used in a period in which the task is executed. Ru der which selects an encryption algorithm such as the value does not exceed the first reference value, the communication device. An encryption information determination unit that selects a different encryption algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing unit that encrypts a packet according to an encryption algorithm selected by the encryption information determination unit;
A communication processing unit for transmitting a packet encrypted by the encryption processing unit;
A scheduling unit that accepts reservations for executing applications and registers the execution of the application in a schedule;
The cipher information determination unit selects a cipher algorithm to be used at that time based on a total resource used at a future time predicted based on the schedule,
The schedule is divided for each task related to the reserved application by a schedule / use resource table for registering the start time, end time and amount of used resources, and the start time and end time of each task. For each event section, including an event / used resource table for registering the total used resource value in the event section,
The scheduling unit accepts a reservation for execution of an application, registers execution of a task related to the application in the schedule / usage resource table, and creates the event / usage resource table based on the schedule / usage resource table. Is,
The cipher information determination unit is configured such that, as a cipher algorithm used in a task related to a cipher communication application that is an application requiring cipher processing, for each event section, the total amount of resources used in the event section is a first reference Ru der which selects an encryption algorithm does not exceed the value, the communication device. An encryption information determination unit that selects a different encryption algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing unit that encrypts a packet according to an encryption algorithm selected by the encryption information determination unit;
A communication processing unit for transmitting a packet encrypted by the encryption processing unit;
A scheduling unit that accepts reservations for executing applications and registers the execution of the application in a schedule;
The cipher information determination unit selects a cipher algorithm to be used at that time based on a total resource used at a future time predicted based on the schedule,
The schedule unit registers, in the schedule, preprocessing for generating a key for cryptographic communication prior to the start of a task related to the cryptographic communication application, which is an application that requires cryptographic processing, and the cryptographic communication Ru der what determines the start time of the pretreatment on the basis of a used resource a total value at the scheduled start time earlier time zone a task associated with the application of the value of the result of subtracting from the allowable resource usage, communication device. An encryption information determination unit that selects a different encryption algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing unit that encrypts a packet according to an encryption algorithm selected by the encryption information determination unit;
A communication processing unit for transmitting a packet encrypted by the encryption processing unit;
A scheduling unit that accepts reservations for executing applications and registers the execution of the application in a schedule;
The cipher information determination unit selects a cipher algorithm to be used at that time based on a total resource used at a future time predicted based on the schedule,
If the schedule unit cannot register a new reservation in the schedule because the total value of used resources exceeds the allowable resource usage, the scheduling unit can enable an encryption algorithm whose use is already registered in the schedule. Ru der which perform reselection of an encryption algorithm as changed to small Bayori load communication device. An encryption information determination unit that selects a different encryption algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing unit that encrypts a packet according to an encryption algorithm selected by the encryption information determination unit;
A communication processing unit for transmitting a packet encrypted by the encryption processing unit;
A scheduling unit that accepts reservations for executing applications and registers the execution of the application in a schedule;
The cipher information determination unit selects a cipher algorithm to be used at that time based on a total resource used at a future time predicted based on the schedule,
The schedule unit changes the execution time or encrypts an application already registered in the schedule when a new reservation cannot be registered in the schedule because the total used resource value exceeds the allowable resource usage. Ru der to perform changes to reduce communication average data transfer amount, a communication device. An encryption information determination unit that selects a different encryption algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing unit that encrypts a packet according to an encryption algorithm selected by the encryption information determination unit;
A communication processing unit for transmitting a packet encrypted by the encryption processing unit;
A scheduling unit that accepts reservations for executing applications and registers the execution of the application in a schedule;
The cipher information determination unit selects a cipher algorithm to be used at that time based on a total resource used at a future time predicted based on the schedule,
When the reservation of any application registered in the schedule is canceled, the schedule unit can use a cryptographic algorithm whose use is already registered in the schedule if possible. Ru der which perform reselection of an encryption algorithm to change the communication device. An encryption information determination unit that selects a different encryption algorithm according to an encryption algorithm applied to one or more packets received from a communication partner from a plurality of encryption algorithms prepared in advance;
An encryption processing unit that encrypts a packet addressed to the communication partner according to an encryption algorithm selected by the encryption information determination unit;
A communication processing unit for transmitting the packet encrypted by the encryption processing unit,
The encryption information determination unit has a reception history management table for storing an encryption algorithm applied to one or more packets received from the communication partner, and refers to the reception history management table, and Ru der used to select the most frequent encryption algorithm among the encryption algorithms have been applied to the received packet, the communication device. This function is applied to one or more packets received from the communication partner, and a function for selecting a different encryption algorithm from a plurality of encryption algorithms prepared in advance according to the predicted total used resource value or the actual total used resource value. An encryption information determination unit having both a function of selecting a different encryption algorithm according to the encryption algorithm that has been,
An encryption processing unit that encrypts a packet addressed to the communication partner according to an encryption algorithm selected by the encryption information determination unit;
A communication processing unit for transmitting the packet encrypted by the encryption processing unit,
The encryption information determination unit performs master-slave negotiation processing by communication with the communication partner in order to confirm the master-slave relationship with the communication partner. Based on the master-slave relationship, the predicted use resource total value or actual It operates by switching between selecting a different encryption algorithm according to the total resource used and selecting a different encryption algorithm according to the encryption algorithm applied to one or more packets received from the communication partner. that, the communication device. The encryption information determination unit compares the processing capability of the communication device with the processing capability of the communication partner in the main slave negotiation process, and the processing capability of the communication device is lower than the processing capability of the communication partner. If a different cryptographic algorithm is selected according to the predicted total used resource value or the actual total used resource value, and the processing capability of the communication device exceeds the processing capability of the communication partner, 1 received from the communication partner 9. The communication apparatus according to claim 8 , wherein a different encryption algorithm is selected according to the encryption algorithm applied to the packet. A cryptographic information determination step of selecting a different cryptographic algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing step for encrypting a packet according to the encryption algorithm selected by the encryption information determination step;
A communication processing step of transmitting the packet encrypted by the encryption processing step;
A schedule registration step of accepting a reservation for execution of an application and registering the execution of the application in a schedule;
The encryption information determination step selects a cryptographic algorithm to be used at that time based on a total value of resources used at a future time predicted based on the schedule,
The schedule includes a schedule / use resource table for registering a start time, an end time, and a use resource amount for each task related to the reserved application,
The schedule registration step accepts a reservation for execution of an application and registers the execution of a task related to the application in the schedule / usage resource table,
The cipher information determination step includes, for each task related to a cryptographic communication application, which is an application that requires cryptographic processing, the expected total used resources when the cryptographic algorithm is used in a period in which the task is executed. A method executed by a communication device, wherein an encryption algorithm is selected such that a value does not exceed a first reference value. A cryptographic information determination step of selecting a different cryptographic algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing step for encrypting a packet according to the encryption algorithm selected by the encryption information determination step;
A communication processing step of transmitting the packet encrypted by the encryption processing step;
A schedule registration step of accepting a reservation for execution of an application and registering the execution of the application in a schedule;
The encryption information determination step selects a cryptographic algorithm to be used at that time based on a total value of resources used at a future time predicted based on the schedule,
The schedule is divided for each task related to the reserved application by a schedule / use resource table for registering the start time, end time and amount of used resources, and the start time and end time of each task. For each event section, including an event / used resource table for registering the total used resource value in the event section,
The schedule registration step accepts a reservation for execution of an application, registers execution of a task related to the application in the schedule / use resource table, and creates the event / use resource table based on the schedule / use resource table Is what
The cipher information determining step includes, as a cipher algorithm used in a task related to a cipher communication application that is an application requiring cipher processing, for each event section, the total amount of resources used in the event section A method executed by a communication device, which selects an encryption algorithm that does not exceed a value. A cryptographic information determination step of selecting a different cryptographic algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing step for encrypting a packet according to the encryption algorithm selected by the encryption information determination step;
A communication processing step of transmitting the packet encrypted by the encryption processing step;
A schedule registration step of accepting a reservation for execution of an application and registering the execution of the application in a schedule;
The encryption information determination step selects a cryptographic algorithm to be used at that time based on a total value of resources used at a future time predicted based on the schedule,
The schedule registration step registers preprocessing for generating a key for encryption communication in the schedule prior to the start of a task related to the encryption communication application, which is an application that requires encryption processing, and the encryption A communication apparatus for determining a start time of the preprocessing based on a value obtained by subtracting a total use resource value in a time zone before a scheduled start time of a task related to a communication application from an allowable resource use amount; How to perform. A cryptographic information determination step of selecting a different cryptographic algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing step for encrypting a packet according to the encryption algorithm selected by the encryption information determination step;
A communication processing step of transmitting the packet encrypted by the encryption processing step;
A schedule registration step of accepting a reservation for execution of an application and registering the execution of the application in a schedule;
The encryption information determination step selects a cryptographic algorithm to be used at that time based on a total value of resources used at a future time predicted based on the schedule,
In the schedule registration step, when a new reservation cannot be registered in the schedule because the total value of used resources exceeds the allowable resource usage, an encryption algorithm whose use is already registered in the schedule can be used. A method executed by a communication device, which executes reselection of an encryption algorithm so that if there is a smaller load, it is changed. A cryptographic information determination step of selecting a different cryptographic algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing step for encrypting a packet according to the encryption algorithm selected by the encryption information determination step;
A communication processing step of transmitting the packet encrypted by the encryption processing step;
A schedule registration step of accepting a reservation for execution of an application and registering the execution of the application in a schedule;
The encryption information determination step selects a cryptographic algorithm to be used at that time based on a total value of resources used at a future time predicted based on the schedule,
In the schedule registration step, when a new reservation cannot be registered in the schedule because the total use resource value exceeds an allowable resource usage, an execution time change of an application already registered in the schedule or A method executed by a communication device, wherein a change is made to reduce an average data transfer amount of encrypted communication. A cryptographic information determination step of selecting a different cryptographic algorithm according to the predicted use resource total value or the actual use resource total value from a plurality of encryption algorithms prepared in advance;
An encryption processing step for encrypting a packet according to the encryption algorithm selected by the encryption information determination step;
A communication processing step of transmitting the packet encrypted by the encryption processing step;
A schedule registration step of accepting a reservation for execution of an application and registering the execution of the application in a schedule;
The encryption information determination step selects a cryptographic algorithm to be used at that time based on a total value of resources used at a future time predicted based on the schedule,
In the schedule registration step, if any of the applications registered in the schedule is canceled, an encryption algorithm whose use is already registered in the schedule can be used. A method executed by the communication device, wherein the re-selection of the cryptographic algorithm is changed to An encryption information determination step of selecting a different encryption algorithm according to an encryption algorithm applied to one or more packets received from a communication partner from a plurality of encryption algorithms prepared in advance;
An encryption processing step for encrypting a packet addressed to the communication partner according to an encryption algorithm selected by the encryption information determination step;
A communication processing step of transmitting the encrypted packet in the encryption processing step,
The encryption information determination step has a reception history management table for storing an encryption algorithm that has been applied to one or more packets received from the communication partner, with reference to the reception history management table, A method executed by a communication device, which selects a cryptographic algorithm having the highest frequency among cryptographic algorithms applied to received packets. This function is applied to one or more packets received from the communication partner, and a function for selecting a different encryption algorithm from a plurality of encryption algorithms prepared in advance according to the predicted total used resource value or the actual total used resource value. An encryption information determination step having both of the functions of selecting different encryption algorithms according to the encryption algorithm that has been used,
An encryption processing step for encrypting a packet addressed to the communication partner according to an encryption algorithm selected by the encryption information determination step;
A communication processing step of transmitting the encrypted packet in the encryption processing step,
The encryption information determining step is to perform master-slave negotiation processing by communication with the communication partner in order to confirm the master-slave relationship with the communication partner, and based on the master-slave relationship, the predicted use resource total value or actual The operation is performed by switching between selecting a different encryption algorithm according to the total used resource value or selecting a different encryption algorithm according to the encryption algorithm applied to one or more packets received from the communication partner. A method performed by a communication device.

Images