JP4675982B2 - Session control server, communication apparatus, communication system, communication method, program thereof, and recording medium - Google Patents

Description

  The present invention relates to a session control server. More specifically, the present invention relates to a session control server that issues and manages an electronic certificate, a communication device that performs communication using the electronic certificate, a communication system, and a communication method thereof, The present invention also relates to a program for executing the communication method and a recording medium on which the program is recorded. The present invention also relates to a session control server that relays signals, a communication device and communication system that perform communication encrypted based on an encryption key, a communication method thereof, a program thereof, and a recording medium on which the program is recorded. Furthermore, the present invention relates to a session control server that relays signals, a communication device that performs communication encrypted based on an encryption key, a communication system and a communication method, a program using them, and a recording medium that records the program .

Conventionally used digital certificate issuing servers, electronic certificate management servers, and certificate authorities include LDAP (Lightweight Directory Access Protocol) servers and Web (World Wide Web) servers. The former is X. It is a protocol for accessing a 500-based directory management database, and operations such as creation, modification, deletion, and search of directory information on the directory server are possible. The latter is intended to construct hypertext on the Internet and make all information accessible, and HTTP is used as a communication protocol between the client and the server.
In these server usage methods, when a user of an electronic certificate performs encrypted communication, it is necessary to acquire an electronic certificate of a communication partner as necessary.
It is also necessary to determine the validity of the acquired electronic certificate by following the CA link or acquiring a CRL (revocation list).
Regarding the above, RFC (Request for Comments) 2511 (Internet X.509 Certificate Request Message Format) is included in the standards compiled by the Internet Engineering Task Force (IETF), which is an Internet standardization organization (Non-Patent Document). 1).
If the communication partner has multiple electronic certificates and the validity period varies, the user of the electronic certificate determines which electronic certificate is appropriate to use when starting a session. In order to do this, it is necessary to obtain a plurality of electronic certificates corresponding to the communication partner from the electronic certificate management server and determine the validity of each.
In addition, even if a signal is transmitted using a certificate that is determined to be valid, if the certificate is not set in a usable state in the receiving communication device, the receiving side decrypts it. There was a problem that the session start processing was delayed.
Further, when an electronic certificate included in the digital signature of the communication partner is received, in order to determine whether or not the received certificate is valid, a process for starting a session is performed when processing such as connection to an LDAP server is performed. There was also a problem of delay.

Conventionally used communication information encryption methods between users include IPSec (Security architecture for Internet Protocol), TLS (Transport Layer Security), S / MIME, and the like.
There are IPSec and TLS as encryption methods by which the relay server can refer to information.
IPSec is a technique for strengthening the security of TCP / IP communication, and includes ESP (Encapsulation Secure Payload) that defines a method for IP-encapsulating and tunneling data, and AH that incorporates data for user authentication into IP data. (Authentication Header). TLS is widely used in applications that require security between a client and a server, such as a banking system.
In the IPSec and TLS methods, the encryption key and method are adjusted between the start and end points of the transfer section, encrypted communication based on the result is performed, and the confidentiality of the transmission information transmitted and received by the communication device is improved. Yes.
Regarding the above, there is RFC (Request for Comments) 3261 Section 26.2 in the standards compiled by the Internet Engineering Task Force (IETF) which is an Internet standardization organization (see Non-Patent Document 2).
However, in encryption methods such as IPSec and TLS, it is necessary to adjust the encryption method and key between the start point and end point of the transfer section, and to perform encryption / decryption processing at the start point and end point of the transfer section. . For this reason, the session control server that performs signal relay always decrypts the information, and it is difficult to perform encrypted communication that can protect the information for the session control server.
S / MIME is for end-to-end security. When encrypted at the end-end, the relay server cannot refer to information. Specifically, in the S / MIME encryption method, encryption is performed between the incoming and outgoing communication devices and information protection is possible for all session control servers, but information disclosure is required for a specific session control server. Even in such a case, there is a problem that information disclosure is impossible.
“X.509 Certificate Request Message Format”, “online”, “Search February 04, 2008”, Internet <URL: http://www.ietf.org/rfc/rfc2511.txt> “SIP: Session Initiation Protocol”, “online”, “Search February 04, 2008”, Internet <URL: http://www.ietf.org/rfc/rfc3261.txt>

  The first object of the present invention is to solve the conventional problems as described above, to distribute a valid electronic certificate to a communication device that performs session communication, and to easily confirm the validity when establishing a session to a user. A session control server having an electronic certificate management function that can be configured, a communication device that performs communication using the server, a communication system and a communication method, a program thereof, and a recording medium for recording the program There is.

  In addition, the second object of the present invention is to solve the above-described conventional problems, and to ensure the confidentiality between end-to-end communication between incoming and outgoing users, and to perform specific session control that requires information disclosure An object is to provide a session control server, a communication apparatus, a communication system and a communication method, and a program and a recording medium thereof that enable information disclosure only to the server.

A third object of the present invention is to provide a session control server, a communication device, a communication system, and a communication method capable of ensuring security with a reliable destination in order to solve the conventional problems as described above. And providing a program and a recording medium thereof.
The security ensuring section includes a calling user and a specific reliable session control server, a specific reliable session control server and a specific reliable session control server, and a specific reliable session control server and the called user. It is an arbitrary interval that does not depend on the transfer interval.

The present invention has the following functions.
(1) When a user A makes a location registration request for his / her communication device A ′, an asymmetric key pair is created, a certificate issuance request for a public key in the key pair, a location registration request, Are collectively sent to the session control server.
(2) The session control server receives the request (1) from the communication device A ′, issues a certificate after performing user authentication, and stores the certificate together with the valid time of the position information.
(3) The communication device A ′ that has performed the process (1) receives the location registration completion notification and the certificate issuance completion notification from the session control server that has performed the process (2) together with the valid time. , Remember this.
(4) When a user A already has a certificate for an asymmetric key pair and a public key in the key pair when making a location registration request for his communication device A ′, location registration is performed. The request and the certificate registration request are sent together to the session control server.
(5) The session control server receives the request (2) from the communication device A ′, determines the validity of the certificate, performs user authentication, and has a valid time for registering the certificate. Store with location registration.
(6) The communication device A ′ that has performed the process (4) receives the location registration completion notification and the certificate issuance completion notification from the session control server that has performed the process (5) together with the valid time. , Remember this.
(7) Prior to the start of the session, the communication device B ′ inquires of the session control server about the public certificate of the communication partner A.
(8) The session control server receives the certificate inquiry request, confirms the validity of the public key certificate of the communication device A ′ for the communication partner A to be inquired, and notifies the communication device B ′ of this. .

In the present invention, since the server that manages the location information and controls the session manages the electronic certificate (public key certificate), it is possible to perform distribution with guaranteed real validity in the communication device.
In addition, since the validity of the electronic certificate is confirmed by the server that manages the location information and controls the session when distributing the electronic certificate, the validity of the electronic certificate used in the session control signal is It becomes possible to confirm without inquiring.

In the present invention,
(9) Prior to signal transmission for session establishment, the communication device A generates a first encryption key (symmetric encryption key) for encrypting information in the signal.
The communication device A includes the second encryption key (public key or pre-shared key) of the destination communication device B, and zero or more session control servers to which the communication device A discloses information upon session establishment. The first encryption key is encrypted for each second encryption key using the second encryption key (public key or pre-shared key).
The communication device A encrypts information with the first encryption key. A signature may be given to the information before encryption.
The communication apparatus A includes a first encryption key encrypted with each second encryption key (individual public key or pre-shared key) and a decryption request together with information encrypted with the first encryption key. Send instructions to the session control server.
Note that the decryption request instruction here may explicitly present the session control server for which the communication device A discloses information as the session is established in the form of an identifier indicating the session control server, It does not have to be presented explicitly.
Also, the content ID to be decrypted may or may not be presented explicitly.
If not explicitly presented, for example, each session control server that is routed along with the session establishment uses the first encryption key with the second decryption key corresponding to the second encryption key held by itself. If the key is decrypted and the obtained information matches the expression format indicating the first encryption key, it can be determined that the session control server itself has received the decryption request. Therefore, the first encryption key itself encrypted with the second encryption key is a decryption request instruction.
(10) The session control server that has received the signal from the communication device A or another session management server determines the presence / absence of the decryption request and the information to be decrypted, and if there is a decryption request, The first encryption key is decrypted with the second decryption key corresponding to the second encryption key. Alternatively, the first encryption key is decrypted with the second decryption key corresponding to its own second encryption key, and the presence / absence of a decryption request is determined from the result. Or, do any of these. These are determined by the decryption request in the communication device described in (9).
In either case, the encrypted information is decrypted using the obtained first encryption key.
(11) The session control server of (10) further stores the encrypted first encryption key for each session. The session control server reuses the first encryption key for subsequent decryption of the session information.
(12) The communication apparatus B receives the signal including the encryption information to which the encrypted first encryption key is attached, decrypts the first encryption key, and uses the first encryption key. To decrypt the encrypted information. The communication device B stores the first encryption key for each session, and reuses the first encryption key for encrypting information in the same session.
The communication apparatus B transmits a signal including encrypted information to which information obtained by encrypting the first encryption key is not attached. The first encryption key is reused for decrypting information in the same session.
(13) The communication device A stores the first encryption key for each session, and receives a signal including encrypted information to which the information obtained by encrypting the first encryption key is not attached. The first encryption key is reused for decrypting the information and for encrypting the information in the same session.
(14) The communication device A and the communication device B update the first encryption key after a certain time has elapsed or after a certain number of uses within the session, and transmit it together with the update signal.
(15) Upon receiving the first encryption key update signal from the communication device A (or communication device B) in the session, the session control server updates the stored first encryption key of the session. And transmitted to the communication apparatus B (or communication apparatus A) together with the update signal.

  In the present invention, it is possible to designate a session control server that performs information disclosure and to transmit and receive information in a secure signal while performing information disclosure. Even in the case of signal communication including encrypted information between communication devices, information can be referred to by a specific session control server, and communication control can be performed based on that information.

In the present invention,
For encryption of information, the encryption key generated by the communication device or session control server is called the first encryption key, and the encryption key for encrypting the first encryption key is the second encryption key. This is called an encryption key.
(16) Prior to signal transmission for session establishment, the communication device A generates a first encryption key (symmetric encryption key) for encrypting information in the signal.
The communication device A can only disclose the second encryption key (public key or pre-shared key) of the communication device B that is the transmission destination, or only the disclosure of the information and the change when the communication device A establishes the session. The first encryption key is encrypted using one of the permitted second encryption keys (public key or pre-shared key) of the session control server.
The communication device A encrypts information with the first encryption key. A signature may be given to the information before encryption.
The communication device A includes a first encryption key encrypted with one of the second encryption keys (public key or pre-shared key), information encrypted with the first encryption key, If the encryption key is the encryption key of the session control server, a decryption request instruction is further transmitted to the session control server.
The decryption request instruction here explicitly presents the session control server to which the communication device A permits the disclosure of information or the disclosure and change upon establishment of the session in the form of an identifier indicating the session control server. It does not have to be presented explicitly.
If not explicitly presented, for example, the first encryption key by the second decryption key corresponding to the second encryption key held by each session control server that is passed along with the session establishment When the obtained information matches the expression format indicating the first encryption key, it can be determined that the session control server itself has received the decryption request. Therefore, the first encryption key itself encrypted with the second encryption key is a decryption request instruction.
In addition, the difference between whether or not only the disclosure of information here is permitted, or whether both disclosure and change are permitted, is, for example, whether or not an electronic signature is given to the target information by the originating communication terminal. (For example, when it is given, only disclosure is allowed).
(17) Upon receiving a signal from the communication device A or another session control server, the session control server determines whether or not there is a decryption request, and if there is a decryption request, corresponds to its own second encryption key. The first encryption key is decrypted with the second decryption key. Alternatively, the first encryption key is decrypted with the second decryption key corresponding to its second encryption key, and the presence / absence of the decryption request is determined from the result. Or, do any of these. These are determined by the decoding request in the communication device and the session control server described in the latter half of (16) and (17).
In either case, the encrypted information is decrypted using the obtained first encryption key.
Next, the session control server encrypts the first encryption key obtained by decryption with the next session control server or the second encryption key (public key or pre-shared key) of the called user. . Then, the information encrypted with the first encryption key and the first encryption key encrypted with the second encryption key are transmitted to the next session control server or the called user. At the time of transmission, if the second encryption key is the encryption key of the session control server, a decryption request instruction is also transmitted to the session control server.
(18) In the session control server of (17), a new first encryption key (symmetric encryption key) may be newly generated, and the decrypted information may be encrypted using the key. Then, the generated first encryption key is encrypted with the next session control server or the second encryption key (public key or pre-shared key) of the called user. They are sent to the session control server or the called user. At the time of transmission, if the second encryption key is the encryption key of the session control server, a decryption request instruction is also transmitted to the session control server.
(19) The session control server manages the received first encryption key and the generated first encryption key for each session and each opposing device. The session control server reuses the first encryption key for subsequent encryption or decryption of information.
(20) The communication device B receives the encryption information attached with the encrypted first encryption key, decrypts the first encryption key, and uses the first encryption key. Thus, the encrypted information is decrypted. When transmitting the response signal, the communication device B reuses the decrypted first encryption key to encrypt the information. The communication device B transmits the encrypted information without attaching the first encryption key. The first encryption key is stored and reused for encryption and decryption of signals from the same opposite device in the same session.
(21) The communication device A stores the first encryption key for each session and the opposite device unit, and receives a signal including encrypted information to which the information obtained by encrypting the first encryption key is not attached. It is used for decoding information of the same opposite device in the same session. In addition, the first encryption key is reused for encrypting information when a signal is transmitted to the same opposite apparatus in the same session.
(22) The communication device A and the communication device B update the first encryption key after a predetermined time has elapsed or used a certain number of times in the session, and transmit it together with the update signal.
(23) Upon receiving the update signal from the communication device A (or communication device B), the session control server updates the stored first encryption key, and the update signal is transmitted to the communication device B (or communication device A). Send to. At that time, a newly generated first encryption key may be generated and transmitted to the communication apparatus B (or communication apparatus A).

  In the present invention, it is possible to safely transmit and receive information while designating a session control server for information disclosure and performing information disclosure. Since information can be referred to and / or changed by a specific session control server, communication control can be performed based on the information.

  According to the present invention, according to the present invention, it is possible to make signal information disclosed only to a specific session control server and the called user regardless of the connection configuration. In addition to the information reference, the session control server can change the information. As a result, there is a remarkable effect that security can be ensured with a reliable destination.

Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings. However, the present invention is not limited to the following embodiments, and for example, the components of these embodiments may be appropriately combined.
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
(First embodiment)
[System configuration]
FIG. 1 is a configuration diagram of a communication system according to the first embodiment of the present invention.
As shown in FIG. 1, the communication system 100 is configured to include one or more session control servers 101 that are communicably connected via a network 10 and a plurality of communication devices 102.
The communication device 102 performs communication by encrypted communication via the session control server 101 according to the procedure according to the present invention. In the communication system 100, two session control servers 101 are prepared, but the number is not limited to two. Further, although two communication devices 102 are prepared, the number is not limited to two.

In the present invention, the communication device 102 includes a communication device such as a personal computer, a portable terminal, or a gateway, and the configuration of the network 10 may be either wired or wireless.
Hereinafter, for convenience of explanation, communication device 102-1 will be described as a caller side and communication device 102-2 will be described as a callee side. It is assumed that the session control server 101-1 houses the communication device 102-1 and the session control server 101-2 contains the communication device 102-2.
The session control servers 101-1 and 101-2 receive the location registration request and the public key certificate issuance request or registration request from the communication device 102-1 and the communication device 102-2, respectively, and the location registration information and the public key are received. Remember the certificate.

[Communication device]
FIG. 2 is a block configuration diagram of the communication apparatus according to the first embodiment of the present invention.
As shown in FIG. 2, the communication apparatus 102 includes a signal transmission unit 110, a session control unit 111, a location registration request unit 112, a location registration notification reception unit 113, an asymmetric key generation (storage) unit 114, and a certificate issuance (registration). It is configured to include request means 115, location information and public key certificate storage means 116, signal reception means 117, and certificate notification reception means 118.
Here, reference numeral 114 is an asymmetric key storage means and an asymmetric key generation means, and 115 is a certificate registration request means and a certificate issuance request means. Therefore, in the following, one of them is written in parentheses. Note that 114 and 115 may have only one of these functions.

The communication device 102-1 generates the public key generated (stored) by the asymmetric key storage (generation) means 114 by the certificate registration (issue) request means 115 by the request signal, and is generated by the location registration request means 112. Together with the location registration request signal, it is sent to the session control means 111.
The signal generated by the session control unit 111 is transmitted to the session control server 101 by the signal transmission unit 110.
Thereafter, the communication device 102-1 receives the location registration completion notification signal from the session control server 101-1, analyzes the signal content by the session control unit 111, and sends the signal content to the location registration notification reception unit 113.

If a public key certificate is attached, it is received by the certificate notification receiving unit 118, and the location information and the public key certificate storage unit 116 store both the location information and the public key certificate.
As a result, a public key certificate that can be used by the communication apparatus 102-1 is obtained, and a signal including encrypted information using the public key and a signal attached with a digital signature using the public key certificate are attached. Transmission is possible. Thus, by attaching a digital signature at the time of signal transmission, mutual authentication between incoming and outgoing users, user authentication by a server, and denial of user signal transmission can be prevented.

(First embodiment)
In the first embodiment, the communication device 102-1 requests location registration and certificate issuance from the session control server 101-1, and receives a notification of completion of location registration and certificate issuance from the session control server 101-1. It is an exchange until. Note that the location registration and certificate issuance request includes the location registration request, but the certificate issuance request may or may not be included.
4 is a diagram illustrating an example of a transmission signal in the communication device in FIG. 2, and FIG. 5 is a diagram illustrating an example of a reception signal in the communication device in FIG.
The other party of the communication apparatus 102-1 here is the session control server 101-1. For example, the transmission signal from the communication apparatus 102-1 shown in FIG. 4 is a REGISTER method 400 that is one of SIP messages compliant with RFC3261, and the position information of the communication apparatus is set in the message together with the desired valid time. (402). A public key certificate request and a user authentication key are also set (402). In order to maintain confidentiality, these pieces of information are encrypted with a content encryption key and transmitted as S / MIME Enveloped-Data (401).
As the key encryption key for encrypting the content encryption key, the public key of the session control server 101-1 may be used, or the session control server 101-1 and the user of the communication device 102-1 may be used. A pre-shared key (such as a password) may be used.

As shown in FIG. 5, the signal received by the session control server 101-1 is a normal response 200 OK (500) to the REGISTER method, and the location information registered in the message, the session control server 101-1 Is set to the valid time (504). In order to maintain confidentiality, these pieces of information are encrypted with an encryption key and set in EnvelopedData (502). A public key certificate is also set (504).
In decrypting the signal, first, the encrypted content encryption key (505) is decrypted.
For decryption of the encryption key, the secret key of the communication device 102-1 may be used, or a pre-shared key (password or the like) between the session control server 101-1 and the user of the communication device 102-1 May be used.
The encrypted information (504) is decrypted with the decrypted content encryption key.
The received location information and public key certificate are stored in the location information and public key certificate storage unit 116 together with the valid time.
If a digital signature (503) of the server is attached to detect the presence or absence of tampering, the signature may be confirmed.

[Session control server]
FIG. 3 is a block diagram of the session control server according to the first embodiment of the present invention.
As shown in FIG. 3, the session control server 101 includes a signal receiving unit 120, a session control unit 121, a signal transmitting unit 122, a certificate issuing (registration) request receiving unit 123, a certificate issuing (validity checking) unit 124, Location registration request receiving means 125, location information and public key certificate storage means 126, public key certificate inquiry request receiving means 127, and public key certificate notification transmitting means 128 are provided.
Here, 123 has functions of both a certificate issuance request receiving means and a certificate registration request receiving means, and 124 has functions of both a certificate issuance means and a certificate validity checking means. ing. Note that 123 and 124 may have only one of the above two functions.

The signal receiving unit 120 receives a location registration request signal from the communication device 102-1. When the session control unit 121 determines that the received location registration request signal is a location registration request signal, the session control unit 121 sends the location registration request signal to the location registration request reception unit 125.
If the location registration requesting unit 125 determines that a certificate issuance request is attached after successful completion of user authentication, the location registration requesting unit 125 provides necessary information to the certificate issuance request receiving unit 123. The certificate issuance request receiving unit 123 confirms that the requested content is valid, and the certificate issuing unit 124 issues a certificate to the user.
The issued certificate and location information are stored in the location information and public certificate storage means 126.
The session control means 121 generates a response signal including location information and public key certificate information, and transmits the signal to the communication device 102-1.

(Second embodiment)
In the second embodiment, the session control server 101-1 receives a request for location registration and certificate issuance from the communication device 102-1, and transmits a completion notification of location registration and certificate issuance to the communication device 102-1. Exchange.
4 and 5 are signal examples transmitted from the communication device 102-1 to the session control server 101-1, and signal examples received by the communication device 102-1 from the session control server 101-1, as described above. is there. For this reason, in this example, the signal example transmitted to the communication apparatus 102-1 from the session control server 101-1 is FIG. 5, and the signal example received from the communication apparatus 102-1 is FIG.

  As shown in FIG. 4, for example, the signal received from the communication device 102-1 by the session control server 101-1 is a REGISTER method that is one of SIP messages compliant with RFC3261, and the position of the communication device is included in the message. Information is set together with the valid time (402). A public key certificate request and a user authentication key are also set (402). These pieces of information are encrypted with an encryption key in order to maintain confidentiality.

The session control server 101-1 first decrypts the encrypted content encryption key in order to acquire the content encryption key.
For the decryption, the secret key of the session control server 101-1 may be used, or a pre-shared key (password or the like) between the session control server 101-1 and the user of the communication device 102-1 is used. Also good.
The session control server 101-1 decrypts the encrypted information using the content encryption key obtained by decryption.
Obtain the position information registration request, user authentication key, and certificate issuance request obtained by decryption.
The session control server 101-1 confirms that the certificate issuance request is valid after user authentication, and issues a public key certificate that is issued by the session control server 101-1.
The expiration date (504) of the issued public key certificate is set to be the same as the expiration date of the position information.
The location information and the public key certificate are stored together with the expiration date.

  As shown in FIG. 5, the session control server 101-1 sets both the registered position information and the valid time recognized by the session control server 101-1 in the normal response 200 OK (500) to the REGISTER method ( 504). These pieces of information are encrypted with an encryption key in order to maintain confidentiality (502). A public key certificate is also set (506). In order for the session control server 101-1 to encrypt the signal, an encryption key is first generated. Next, the encryption key is encrypted. At this time, the public key of the communication device 102-1 may be used, or a pre-shared key (password or the like) between the session control server 101-1 and the user of the communication device 102-1 may be used. The session control server 101-1 transmits the signal generated in this way to the communication device 102-1. In order to detect the presence / absence of falsification, the digital signature (503) of the session control server 101-1 may be attached and transmitted.

FIG. 8 is a flowchart of the location registration and certificate issuance processing of the communication apparatus according to the second embodiment.
The signal transmitted from the communication device is encrypted or decrypted, but the description of the processing is omitted here.
First, in order to make a location registration request for the communication device 102-1, the communication device 102-1 creates an asymmetric key pair, and collectively issues a certificate issuance request and a location registration request for the public key in the key pair. The location registration and certificate issuance request signal is transmitted to the session control server 101-1 (51) (8 -A). Issuance requests may or may not be included. The session control server 101-1 receives this signal (52), performs session control (53), determines the signal type (54), and if it is a location registration request, receives the location registration request (55). It is determined whether or not there is a certificate issuance request (56). If there is no certificate issuance request, the location information and the certificate are managed (59). If there is a certificate issuance request, the certificate issuance request is received (57), the certificate is issued (58), and the position information and the certificate are managed (59). Then, session control is performed (60), and a signal is transmitted to the communication device 102-1 (61) (8-B). The communication device 102-1 receives the location registration and certificate issuance completion notification (62). The location registration and certificate issuance completion notification includes the location registration completion notification, but may or may not include the certificate issuance completion notification.

(Third embodiment)
As a third example, the signal received by the other session control server 101-2 from the communication device 102-2 is an OPTIONS method that is one of SIP messages compliant with SIP, and the communication device 102 includes the message. The exchange when the public key certificate inquiry request of -1 is set is described.
6 is a diagram showing an example of a received signal of the session control server of FIG. 3, and FIG. 7 is a diagram showing an example of a transmitted signal of the session control server.
In 600, the digital signature of the user of the communication device 102-2 and the public key certificate of the user of the communication device 102-2 for signature verification are set in order to enable detection of whether the inquiry content has been tampered with. (604). The session control server 101-2 refers to the domain name set in the Request-URI of the OPTIONS method and determines whether the method is addressed to its own domain. If it is not addressed to its own domain, it is transmitted to the session control server 101-1 shown as the domain name.

  The session control server 101-1 receives the OPTIONS method, refers to the domain name set in the Request-URI of the OPTIONS method, and determines whether the method is addressed to its own domain. If it is a method addressed to its own domain, it is determined whether it is a certificate registration request. If it is a certificate registration request, the location information and public key certificate storage means 126 searches for the location information, public key certificate, and validity time of the user of the communication apparatus 102-1, and obtains information valid at that time. To do. The acquired information is set in a response 200 OK to the OPTIONS method shown in FIG. 7 and transmitted to the communication apparatus 102-2. The session control server 101-1 can directly transmit this message to the communication device 102-2, but here transmits it via the session control server 101-2.

FIG. 9 is a flowchart of the certificate query process according to the third embodiment of the present invention. The signal transmitted from the communication device is encrypted or decrypted, but the description of the processing is omitted here.
The communication device 102-2 transmits a certificate inquiry request signal to the session control server 101-2 (81) (9-A). Upon receiving this signal (82), the session control server 101-2 performs session control (83), determines whether it is addressed to its own domain (84), and if not addressed to its own domain, performs session control. (89), it transmits to the corresponding session control server (90). In this case, it is transferred to the destination session control server 101-1 (9 -B). If it is addressed to its own domain, the signal type is determined (85). If it is a certificate inquiry request, it receives the certificate inquiry request (86), determines whether there is a certificate (87), and proves If there is a certificate, a certificate is notified (88), session control is performed (89), and a signal is transmitted to the communication device 102-2 (90) (9-D).

The session control server 101-1 receives the signal (91), performs session control (92), determines whether it is addressed to its own domain (93), and if not addressed to its own domain, performs session control. Go to (98) and send to another session control server (99), or if the destination to be sent is unknown, return an error response to the session control server 102-1. If it is addressed to its own domain, the signal type is determined (94), and if it is a certificate inquiry request, the certificate inquiry request is received (95). It is determined whether or not there is a certificate (96). If there is a certificate, certificate notification is performed (97), session control is performed (98), and a signal is transmitted to the session control server 101-2 (99). ) (9-C).
When the session control server 101-2 receives this signal (82), it performs session control (83), and since it is not addressed to its own domain, it transmits a signal to the destination communication device 102 (90) (9-D). . The communication device 102-2 receives this certificate notification (80). When receiving an error response, the session control server 101-2 transmits the error response to the communication device 102-2.

As described above, in the communication method according to the present embodiment, the public key certificate that can be used by the communication device is managed by the session management server, so that the electronic certificate (public key that can be used for session communication) is managed. Certificate) can be distributed and distributed.
In addition, since the validity of the certificate is confirmed by the session control server when the electronic certificate is distributed by the session control server, the certificate authority etc. should be inquired about the validity of the electronic certificate used in the session control signal. It is possible to confirm without any problem.
Note that it is convenient to sell or rent a program if the operation flows shown in FIGS. 8 and 9 are programmed and then stored in a recording medium such as a CD-ROM. In addition, the present invention can be easily realized by installing this recording medium in a computer serving as a session control server or a computer serving as a communication device, installing the program, and executing the program.

  As described above, according to the first embodiment of the present invention, the session control server supports an electronic certificate (public key certificate) necessary for signal transmission / reception with high confidentiality between communication devices. Since it is managed after confirming the validity of the certificate, it is possible to distribute an electronic certificate that can be actually used, and it is easy to confirm the validity when establishing a session to the user.

(Second Embodiment)
[System configuration]
FIG. 10 is a configuration diagram of a communication system according to the second embodiment of the present invention.
As shown in FIG. 10, the communication system 200 is configured to include a plurality of session control servers 201, a duplex communication device 202, a NAT / firewall device 203, and a network 20.
The communication device 202 performs communication using a signal including encrypted information via the session control server 201 according to the procedure according to the present invention. In the communication system 200, the number of session control servers 201 is not limited to two. Here, two communication devices 202 are shown, but the number is not limited to two. Although one NAT / firewall device 203 is shown, the number is not limited to one.

According to the present invention, the communication device 202 includes a communication device such as a personal computer, a portable terminal, or a gateway, and the configuration of the network 20 may be either wired or wireless. Hereinafter, for convenience of explanation, communication device 202-1 will be described as a caller side, and communication device 202-2 will be described as a callee side. Further, the session control server 201-1 is described as a transmission side, and the session control server 201-2 is described as a reception side.
The communication device 202-1 uses the first encryption key encrypted for the communication device 202-2 and the first encryption key encrypted for the session control server 201-1 together with the encryption information for session control. It transmits to the server 201-1.

The session control server 201-1 receives the encrypted information transmitted from the communication device 202-1 and the two encrypted first encryption keys, and decrypts the session control server information among these and obtains The encrypted information is decrypted with the obtained first encryption key. In this way, information can be referred to.
At this time, the session control server 201-1 may transmit a filtering condition change request to the NAT / firewall apparatus 203 based on the referenced information. After receiving the filtering condition change completion notification from the NAT / firewall device 203, the session control server 201-1 receives the signal including the encryption information received from the communication device 202-1 and the two first encryption keys. Is transmitted to the session control server 201-2.

The session control server 201-2 receives the encrypted information transmitted from the session control server 201-1 and the two encrypted first encryption keys, but these cannot be decrypted and thus encrypted. Information cannot be referenced. The session control server 201-2 transmits the received encryption information and the two encrypted first encryption keys to the communication device 202-2.
The communication device 202-2 decrypts the information for the communication device 202-2 received from the session control server 201-2, and decrypts the information encrypted with the obtained first encryption key. In this way, information can be referred to.
The communication device 202-2 encrypts a signal such as a response signal to be transmitted to the communication device 202-1, by reusing the first encryption key stored in correspondence with the session, and the session control server 201-1, It transmits to the communication apparatus 202-1 via 201-2 or directly.

[Communication device]
FIG. 12 is a block diagram of a communication apparatus according to the second embodiment of the present invention.
As shown in FIG. 12, the communication apparatus 202 includes a signal transmission unit 220, a session control unit 221, an encryption key generation unit 222, an encryption key encryption unit 223, a signal information encryption unit 224, and an encryption key reuse unit. 225, a signal information decryption unit 226, an encryption key decryption unit 227, a signal reception unit 228, and an encryption key update unit 229.
The communication device 202-1 uses the first encryption key generated by the encryption key generation unit 222 to perform signal encryption on information that requires confidentiality from among the signals generated by the session control unit 221. The encryption unit 224 performs encryption.

Then, the first encryption key is used by the encryption key encryption unit 223 by using the second encryption key of the disclosure destination communication device and the server (for example, the public key in the embodiment). Encrypt. At this time, the used first encryption key is stored in the encryption key reuse unit 225 in association with the session identifier.
Information obtained by adding decryption information to the session control server 201 and the destination communication device to information not encrypted in the information generated by the session control unit 221 and encrypted with the first encryption key Together with the first encryption key encrypted by the second encryption key held by the decryption request target, the signal transmission unit 220 transmits the encrypted key to the session control server 201-1. As a result, it is possible to transmit a signal that requires confidentiality in a state that can be disclosed only to the specific session control server 201-1 and the communication device 202-2.

FIG. 13 is a diagram illustrating an example of a transmission signal of the communication device 202-1 according to the second embodiment of the present invention.
The communication device 202-1 encrypts information that needs confidentiality using the first encryption key. The first encryption key is encrypted using the second encryption key of each of the disclosure destination communication device and the server. Information requesting the session control server 201 to decrypt is added to the unencrypted information. Along with the information encrypted with the first encryption key and the first encryption key encrypted with the second encryption key held by the decryption request target, the signal transmission means 220 causes the session control server 201-1. Send to.
This transmission signal example will be further described with reference to FIG. 15 in the description of the fourth embodiment.

FIG. 14 is a diagram illustrating a transmission signal example of the communication device 202-2 according to the second embodiment of the present invention.
This transmission signal example will be further described with reference to FIG. 15 in the description of the fourth embodiment.

[Session control server]
FIG. 11 is a block diagram of a session control server according to the second embodiment of the present invention.
As shown in FIG. 11, the session control server 201 includes a signal receiving unit 110, a decryption determining unit 211, an encryption key decrypting unit 212, a decryption key reusing unit 213, a signal information decrypting unit 214, and a session control unit. 215 and signal transmission means 216 are provided. A NAT / firewall control means 217, a main information communication receiving means 218, and a main information decoding means 219 are provided.

The encryption key decryption means 212 refers to the data stored in the first encryption key and uses the second decryption key corresponding to which second encryption key to decrypt. Is determined, the first encryption key is decrypted, and the decryption key is passed to the information decryption means 214. By decoding the signal information, the control information between the communication devices can be referred to, and necessary information is provided to the session control means 215.
The decryption key is stored in correspondence with the identifier in the session control unit 215 and in the decryption key reuse unit 213 in correspondence with the session identifier included in the signal information.
When the session control means 215 is ready for signal transmission, the signal transmission means 216 sends the signal including the encrypted information received by the signal reception means 110 and the encrypted first encryption key to the communication device 202-2. Send to.

(Fourth embodiment)
FIG. 15 is an explanatory diagram of a communication method according to the fourth embodiment of the present invention.
As a fourth example, the session control signal generated by the communication device 202-1 is transmitted from the communication device 202-1 through the session control server 201-1 and the untrusted session control server 201-2. 2 will be described.
For example, as shown in FIG. 13, the transmission signal from the communication device 202-1 is an INVITE method 800, which is one of SIP messages compliant with RFC3261, and the message contains control information (SDP) between communication devices. : Session Description Protocol) 805 is encrypted. The SDP includes a reception IP address, a port number, and the like as main information communication information of the communication device 202-1. In order to detect tampering, a digital signature of the user of the communication device 202-1 may be attached to the encryption information 805.

The SIP message is transmitted to the communication device 202-2 via the session control server 201-1 and the session control server 201-2. The encrypted information is set as Enveloped-Data 804 of S / MIME. The keys used for the encryption (first encryption key) are encrypted with the public key of the session control server 201 and the public key of the called user (second encryption key), respectively, and are included in the Enveloped-Data. Set as recipientInfos 806.
The first encryption key is determined by a pre-shared key between the session control server 201-1 and the communication device 202-1 or a pre-shared key between users of the communication device 202-1 and the communication device 202-2. , Each may be encrypted.

Then, an unencrypted range 801 in the SIP message includes a value indicating a decryption request to the session control server and a content ID to be decrypted.
The digital signature 803 of the user of the communication device 202-1 may be attached to the information 802 obtained by combining the part 801 of the SIP message and the EnvelopedData 804 in order to detect the presence or absence of falsification.
The session control server 201-1 receives the INVITE method 800 transmitted from the communication device 202-1, by the signal receiving unit 210. In the decryption determination unit 211, the decryption request is determined based on the value of the decryption request parameter (for example, Session-Policy), or decryption is performed depending on whether or not the decryption of the recipientInfo 806 in which the encrypted first encryption key is set. It may be possible to determine an activation request.

When there is a decryption request, the encryption key decryption means 212 refers to the type of the data (recipientInfo) 806 in which the first encryption key is stored in the data 804 indicated by the designated content ID. After determining which second encryption key is to be used for decryption, the first encryption key is decrypted and decrypted by the signal decryption means 214. Pass the key. By decrypting the encrypted information 805, a signal for inter-communication device control can be referred to, and necessary information is provided to the session control means 215.
When there is no decryption request or when the designated content ID is not set, the decryption process is not performed.

The session control server 201-1 performs processing (necessary parameter change or the like) on the INVITE method received from the communication device 202-1 in the session control unit 215 regardless of the presence or absence of the decryption request, and the signal transmission unit 216. Therefore, this INVITE method is transmitted to the session control server 201-2.
The session control server 201-2 receives the INVITE method transmitted from the session control server 201-1 at the signal reception unit 210.
In the decryption determination unit 211, the decryption request is determined based on the value of the decryption request parameter (for example, Session-Policy), or depending on whether or not the decryption of the recipientInfo 806 in which the encrypted first encryption key is set. A decryption request may be determined.
When there is no decryption request or decryption is impossible, control information between encrypted communication devices cannot be referred to. Based on the information that can be referred to by the session control means 215, processing for the INVITE method (referring to necessary parameters, etc.) is performed, and the signal transmission means 216 transmits the INVITE method to the communication device 202-1.

  In the communication device 202-2 that has received the signal, the information of the signal received by the signal receiving unit 228 is encrypted with the first encryption key, and the first encryption key is encrypted and attached. The second decryption key corresponding to its own second encryption key (if the first encryption key is a public key, the private key, or the second encryption key is a pre-shared key) The first encryption key is decrypted by the encryption key decryption means 227 using the same pre-shared key). Using the first encryption key, the encrypted information is decrypted by the signal decryption means 226, and the information can be referred to. The information is presented to session control means 221.

The session control unit 221 generates information to be transmitted as necessary, and stores the encryption key in the encryption key reuse unit 225 in association with the session identifier.
For example, the session control means 221 transmits 200 OK 900 as a response signal to the INVITE method as shown in FIG. For the information to be transmitted, the information 905 encrypted by the signal encryption unit 224 is set as Encrypted-Data 904 using the stored first encryption key, and the signal transmission unit 220 transmits the signal.
In addition, a digital signature may be attached to the encrypted information 905 in order to detect the presence or absence of tampering.

(Application 1)
A continuation signal of the subsequent session, for example, the MESSAGE method is transmitted from the communication apparatus 202-1 to the communication apparatus 202-2 via the session control servers 201-1 and 201-2. The communication device 202-1 encrypts the content of the instant message set in the MESSAGE method using the first encryption key recorded in session units. The communication device 202-1 transmits the MESSAGE method including the encrypted information without attaching the first encryption key.
The communication device 202-2 that has received the signal obtains the first encryption key stored using the session identifier as a key in the encryption key reuse unit 223, and encrypts it using the first encryption key. Decrypt information.

(Application example 2)
The session control server 201-1 also decrypts the encrypted information using the first encryption key stored for each session.

(Application 3)
When the communication device 202-1 transmits the MESSAGE method to the communication device 202-2 via the session control servers 201-1 and 201-2 after a predetermined time has elapsed, the encryption key update unit 229 obtains the first encryption key. Update. The communication device 202-1 encrypts information using the updated encryption key, and sets it as S / MIME Enveloped-Data.
The communication device 202-1 uses the key used for encryption (updated first encryption key) as the public key of the session control server and the public key of the called user (second encryption key group). Each is encrypted and set as recipientInfos in Enveloped-Data.
The communication device 202-2 that has received the signal including the encryption information attached with the updated first encryption key stores the updated first encryption key in the encryption key reuse unit 225.

(Application 4)
The session control server 201-1 that has received the signal including the encryption information attached with the updated first encryption key stores the updated first encryption key in the encryption key reuse unit 213.

(Fifth embodiment)
FIG. 16 is an explanatory diagram of a communication method according to the fifth embodiment of the present invention.
This example shows an example in which the session control server changes the filtering condition of the NAT / firewall apparatus 203 based on information obtained during session establishment.
For example, a signal received from the communication device 202-1 by the session control server is an INVITE method that is one of SIP messages compliant with RFC3261, and control information (SDP: Session Description) between the communication devices included in the message is included. Consider the case where Protocol is encrypted.
By decrypting using the second decryption key corresponding to the second encryption key, the IP address and port number of the main information communication path of the communication device 202-1 set in the control information can be obtained. Can be referenced. Based on this information, the NAT / firewall control means 217 requests the remote NAT / firewall device 203 to change the filtering condition (instruction for passing packets addressed to a specific IP address and port number from an unspecified IP address). To do.

  Thereafter, the signal received from the communication device 202-2 is a 200 OK response which is one of SIP messages, and the control information (SDP) between the communication devices is encrypted and included in the message. Between the communication devices such as the IP address and port number of the main information communication path of the communication device 202-2 by decrypting the encrypted information using the first encryption key stored in the decryption key reuse means 213 The control information can be referred to. Based on this information, the NAT / firewall control means 217 requests the remote NAT / firewall device 203 to change the filtering condition (instruction for passing packets from a specific IP address to a specific IP address and port number). . As a result, the NAT / firewall device 203 can pass packets for main information between the communication device 202-1 and the communication device 202-2.

Thereafter, when the session control server 201-1 receives the BYE method, which is a disconnection signal of the SIP message transmitted by the communication device 202-1 or 202-2, the NAT / firewall control means 217 causes the NAT / firewall device 203 to receive the BYE method. Is requested to change the filtering condition (instruction for not passing packets addressed to the designated IP address and port number from the designated IP address).
As shown in the present embodiment, NAT / firewall control can be performed on a session-by-session basis by the session control server 201-1 in which the information in the signal is safely disclosed from the communication device. It becomes possible to raise. Since the session control server 201-2 that does not disclose information cannot refer to the route information of the main information, it is difficult to monitor the main information, and as a result, the confidentiality of the main information communication can be improved.

(Sixth embodiment)
FIG. 17 is an explanatory diagram of a communication method according to the sixth embodiment of the present invention.
In this example, an example will be described in which the session control server 201-1 can record communication with respect to encrypted main information based on information obtained during session establishment.
For example, the transmission signal from the communication device 202-1 is an INVITE method that is one of SIP messages compliant with RFC3261, and the communication device information SDP is included in the message in an encrypted form. The SDP includes key information for main information encryption in addition to an IP address and a port number used for main information communication between the communication device 202-1 and the communication device 202-2.
The session control server 201-1 includes a main information communication recording unit (reception unit 218) and a main information decoding unit 219, and transmits an instruction to the remote NAT / firewall apparatus 203.

This instruction instructs main information transfer in addition to the filtering condition change request described in the fifth embodiment. The main information communication receiving means 218 of the session control server 201-1 receives the main information from the NAT / firewall device 203. When the main information is encrypted, the main information decryption means 219 performs decryption using the already acquired key information for main information encryption.
When the decryption ends normally, the decrypted main information or the encrypted main information and the key information are recorded.
Since the session control server 201-2 cannot decrypt the encrypted information, the session control server 201-2 cannot refer to the communication device information SDP, and cannot refer to the key information for main information encryption included in the SDP. Therefore, even if the main information is monitored by a monitor device in the network, the main information is encrypted and cannot be decrypted.
In this way, even when the main information is encrypted, the main information decrypted by the session control server can be recorded, so that the communication information can be audited and recorded.

  If the processing order described in the fourth to sixth embodiments is programmed and stored in a recording medium such as a CD-ROM, it is convenient for selling and lending the program. In addition, the present invention can be easily realized by attaching a recording medium to the computers of the session control servers 201-1 and 201-2, installing a program, and executing the program.

  As described above, the communication system according to the present embodiment can disclose information not only between communication apparatuses but also to a session control server that performs signal relaying. Communication control by a specific session control server becomes possible while increasing.

  As described above, according to the second embodiment of the present invention, a signal is transmitted only to a specific session control server in response to a request from the communication device after guaranteeing highly confidential signal transmission / reception between the communication devices. It is possible to disclose information. In addition, a session control server that discloses signal information can be specified regardless of the connection configuration between communication devices.

(Third embodiment)
[System configuration]
FIG. 18 is a configuration diagram of a communication system according to the third embodiment of the present invention.
As shown in FIG. 18, the communication system 300 includes a plurality of session control servers 301, a plurality of communication devices 302, a NAT / firewall device 303, and a network 30 that are communicably connected via the network 30. Configured to include.
In addition, the communication device 302 performs communication using an encrypted signal via the session control server 301 according to the procedure according to the present invention. In the communication system 300, two session control servers 301 are shown, but the number is not limited to two. Further, although two communication devices 302 are shown, this is not limited to two. Further, although one NAT / firewall device 303 is shown, this is not limited to one.

In the present invention, the communication device 302 includes communication devices such as a personal computer, a portable terminal, and a gateway, and the configuration of the network 30 may be either wired or wireless.
Hereinafter, for convenience of explanation, the communication device 302-1 will be described as the caller side and the communication device 302-2 will be described as the callee side.
The communication device 302-1 transmits to the session control server 301-1 the first encryption key encrypted with the second encryption key for the session control server 301-1 together with the encrypted signal. The session control server 301-1 receives the encrypted signal transmitted from the communication device 302-1 and the encrypted first encryption key, and corresponds to the second encryption key for the session control server 301-1. The signal can be referred to and / or changed by decrypting the first encryption key with the decryption key and decrypting the encrypted signal with the first encryption key.

The session control server 301-1 encrypts information using the received first encrypted signal (or a newly created first encrypted signal), and uses the first encryption key used for encryption. , Encrypted with the second encryption key for the communication device 302-2 and transmitted to the session control server 301-2.
The session control server 301-2 receives the encrypted signal and the first encryption key transmitted from the session control server 301-1. However, since these cannot be decrypted, the encrypted information cannot be referred to. The session control server 301-2 transmits the received encrypted signal and the encrypted first encryption key to the communication device 302-2.
The communication device 302-2 decrypts the first encryption key with the decryption key corresponding to the second encryption key for the communication device 302-2 received from the session control server 301-2, and the first Information can be referred to by decrypting the encrypted signal with the encryption key.
The communication device 302-2 encrypts a signal such as a response signal to be transmitted to the communication device 302-1 by reusing the decrypted encryption key, and the session control server 301-2 and the session control server 301-1. To the communication device 302-1.

[Communication device]
FIG. 20 is a block configuration diagram of a communication apparatus according to the third embodiment of the present invention.
As shown in FIG. 20, the communication device 302 includes a signal transmission unit 320, a session control unit 321, an encryption key generation unit 322, an encryption key encryption unit 323, a signal encryption unit 324, and an encryption key reuse unit 325. , A signal decryption unit 326, an encryption key decryption unit 327, a signal reception unit 328, and an encryption key update unit 329.
The communication device 302-1 uses the encryption key generated by the encryption key generation unit 322 to use a signal that requires confidentiality among the signals generated by the session control unit 321, and the signal encryption unit 324. Encrypt.
Then, the first encryption key is encrypted by the encryption key encryption unit 323 using the public key of the specific session control server that is the disclosure destination. At this time, the used encryption key is stored in the encryption key reuse unit 325 in association with the session and the opposite device.

  Of the signals generated by the session control means 321, information that requires the session control server to decrypt the signal that has not been encrypted is added, and the signal transmission means together with the encrypted signal and the encrypted encryption key At 320, the data is transmitted to the session control server 301-1. Thereby, signal transmission is possible in a state where information requiring confidentiality can be disclosed only to a specific session control server 301-1.

FIG. 21 is a diagram illustrating an example of a transmission signal of the communication device 302-1 according to the third embodiment of the present invention.
A transmission signal from the communication device 302-1 is an INVITE method that is one of SIP messages compliant with RFC3261, and control information (SDP: Session Description Protocol) 1005 between the communication devices is encrypted in the message. include. The SDP includes a reception IP address, a port number, and the like as main information communication information of the communication device 302-1. In order to detect the presence or absence of falsification, the digital information of the user of the communication device 302-1 may be attached to the encryption information 1005. The encrypted information is set as S / MIME Enveloped-Data 1004. The key (first encryption key) used for the encryption is encrypted with the public key (second encryption key) of the session control server, and is set as the recipientInfo 1006 in the Enveloped-Data. An unencrypted range 1001 in the SIP message includes a value indicating a decryption request to the session control server and a Content-ID to be decrypted.
A digital signature 1003 may be attached to information 1002 obtained by combining a part 1001 of the SIP message and EnvelopedData 1004 in order to detect the presence or absence of tampering.

FIG. 22 is a diagram illustrating an example of a transmission signal of the communication device 302-2 according to the third embodiment of the present invention.
The communication device 302-2 transmits 200OK1100 as a response signal to the INVITE method. The communication device 302-2 transmits the encrypted information 1105. In order to detect the presence or absence of tampering, the encrypted information 1105 may be digitally signed. In addition, a digital signature 1103 may be attached to information 1102 obtained by combining a part 1101 of the SIP message and EnvelopedData 1104.

[Session control server]
FIG. 19 is a block diagram of a session control server according to the third embodiment of the present invention.
As shown in FIG. 19, the session control server 301 includes a signal receiving unit 310, a decryption determining unit 311, an encryption key decrypting unit 312, a decryption key reusing unit 313, a signal decrypting unit 314, and a session control unit 315. Encryption key generation means 316, encryption key encryption means 317, signal encryption means 318, and signal transmission means 319. In addition, a NAT / firewall control unit 330, a main information communication receiving unit 331, and a main information decoding unit 332 may be provided.
The encryption key decryption means 312 provides a means for obtaining the first encryption key as the decryption key of the signal decryption means 314. By decoding the signal, information for control between the communication apparatuses can be referred to, and necessary information is provided to the session control unit 315.

The first encryption key is stored in the decryption key reuse unit 313 in association with the session identifier in the session control unit 315 and the counterpart device identifier. The session control means 315 refers to and / or changes the decrypted information as necessary. The session control server 301 uses the first encryption key as it is, or the encryption key generation unit 316 newly generates a first encryption key, and the encryption key encryption unit 317 generates the next encryption key. The second encryption key (public key or pre-shared key) of the reliable session control server or communication device 302-2 is encrypted. Then, the first encryption key is used as it is, or the information is encrypted using the new first encryption key generated by the encryption key generation means 316.
The encrypted information generated in this way and the encrypted encryption key are transmitted to the next reliable session control server or communication device 302-2 by the signal transmission means 319.

(Seventh embodiment)
FIG. 23 is an explanatory diagram of the communication method according to the seventh embodiment of the present invention.
Here, the session control signal generated by the communication device 302-1 is transmitted from the communication device 302-1 to the trusted session control server 301-1, and further from the session control server 301-1 via the session control server 301-2. Shows an example transmitted to the communication device 302-2.
For example, a transmission signal from the communication device 302-1 is an INVITE method that is one of SIP messages compliant with RFC3261, and control information (SDP) between communication devices included in the message is encrypted. (See 1005 in FIG. 21). The SDP includes a reception IP address, a port number, and the like as main information communication information of the communication device 302-1.
The SIP message is transmitted to the communication device 302-2 via the session control server 301-1 and the session control server 301-2.

The key (first encryption key) used for encrypting information is encrypted with the public key (second encryption key) of the session control server, and the recipientInfo (1006 in FIG. 21) in Enveloped-Data. Reference).
The first encryption key may be encrypted with a pre-shared key (password or the like) between the session control server 301-1 and the user of the communication device 302-1.
The session control server 301-1 receives the INVITE method transmitted from the communication device 302-1 by the signal receiving unit 310. In the decryption judgment unit 311, the decryption request is judged based on the value of the decryption request parameter (for example, Session-Policy), or the recipientInfo (1005 in FIG. 21) in which the encrypted first encryption key is set. The decryption request may be determined based on whether or not decryption is possible.

  When there is a decryption request, the encryption key decryption means 312 refers to the type of data (recipientInfo) (refer to 1006 in FIG. 21) in which the first encryption key is stored, which second After determining whether to decrypt with the second decryption key corresponding to the encryption key, the first encryption key is decrypted, and the decryption key is passed to the signal decryption means 314. By decrypting the encrypted information, the inter-communication device control information can be referred to and / or changed, and necessary information is provided to the session control means 315. As necessary, the inter-communication device control information is changed by the session control means 315. Next, the first encryption key is used as it is, or the first encryption key newly generated by the encryption key generation unit 316 is used and changed by the session control unit 315. Encrypt information.

The first encryption key encrypts information with the second encryption key (public key or pre-shared key) for the communication device 302-1. When the session control server 301-2 is reliable, it may be encrypted with the second encryption key for the session control server 301-2. The session control server 301-1 performs processing (necessary parameter change, etc.) on the INVITE method received from the communication device 302-1 in the session control unit 315, and the signal transmission unit 319 sends the INVITE method to the session control server 301-2. Send.
The session control server 301-2 receives the INVITE method transmitted from the session control server 301-1 by the signal receiving unit 310. In the decryption judgment unit 311, the decryption request is judged based on the value of the decryption request parameter (for example, Session-Policy), or the recipientInfo (in FIG. 21) in which the first encrypted encryption key is set. The decryption request may be determined based on whether or not decryption is possible.

When there is no decryption request or decryption is impossible, the session control unit 315 performs processing (necessary parameter change or the like) on the INVITE method based on the referable information, and the signal transmission unit 319 performs communication. An INVITE method is transmitted to the device 302-2.
When the signal received by the signal receiving unit 328 is encrypted and the first encryption key is encrypted and attached, the communication device 302-2 that has received the signal has its own second encryption. Using a second decryption key corresponding to the encryption key (a secret key if the first encryption key is public or the same pre-shared key if the first encryption key is a pre-shared key) Decrypted by the encryption key decryption means 327 to obtain a first encryption key. By using the first encryption key, the encrypted information is decrypted by the signal decryption means 326, so that the information can be referred to. The information is presented to session control means 321.

  The session control unit 321 generates information to be transmitted as necessary, and stores the encryption key in the encryption key reuse unit 325 in association with the session and the opposite device. For example, the session control unit 321 transmits 1100 in FIG. 22 as a response signal to the INVITE method. The information to be transmitted is encrypted by the signal encryption unit 324 using the stored first encryption key and transmitted by the signal transmission unit 320.

(Application example 5)
The subsequent session continuation signal is transmitted, for example, by the MESSAGE method from the communication apparatus 302-1 to the communication apparatus 302-2 via the session control servers 301-1 and 301-2. The communication device 302-1 encrypts information to be set in the MESSAGE method using the first encryption key recorded for each session. The MESSAGE method including the encrypted information is transmitted without attaching the first encryption key.
The communication device 302-2 that has received the signal uses the encryption key reuse unit 325 to acquire the stored first encryption key using the identifier of the session and the opposite device as a key, and the first encryption key. The encrypted information is decrypted with the encryption key.

(Application example 6)
The session control server 301-1 also decrypts the encrypted information using the first encryption key stored in the session and the opposite device unit.
(Application example 7)
In addition, when the communication device 302-1 transmits the MESSAGE method to the communication device 302-2 via the session control servers 301-1 and 301-2 after a predetermined time has elapsed, the encryption key update unit 329 performs the first operation. Update the encryption key. The information is encrypted using the updated encryption key and set as S / MIME Enveloped-Data.
The key used for the encryption (updated first encryption key) is encrypted with the public key (second encryption key) of the session control server, and is set as recipientInfo in Enveloped-Data.
When receiving the encrypted signal attached with the updated first encryption key, the communication device 302-2 stores the updated first encryption key in the encryption key reuse unit 325.

(Application 8)
The session control server 301-1 that has received the encrypted signal attached with the updated first encryption key stores the updated first encryption key in the encryption key reuse unit 325.

(Eighth embodiment)
FIG. 24 is an explanatory diagram of the communication method according to the eighth embodiment of the present invention.
Here, an example is shown in which the session control server 301-1 changes the filtering conditions of the NAT / firewall device 303 based on information obtained during session establishment.
For example, the signal received from the communication device 302-1 by the session control server 301-1 is an INVITE method that is one of SIP messages compliant with RFC3261, and the control information (SDP) between the communication devices included in the message Is encrypted. In the session control server 301-1, the encryption key decryption unit 312 refers to the type of the data (recipientInfo) in which the first encryption key is stored (see 1006 in FIG. 22) and decrypts it with any key. After determining whether to do so, the first encryption key is decrypted.

Control information between communication devices (for example, the IP address and port number of the main information communication path of the communication device 302-1) by decrypting the encryption information (see 1005 in FIG. 22) with the first encryption key. Can be referred to and / or changed.
Based on this information, the NAT / firewall control means 330 requests the remote NAT / firewall device 303 to change the filtering condition (instruction for passing packets addressed to a specific IP address and port number from an unspecified IP address). To do. Further, the session control server 301-1 can change control information between communication devices such as the IP address and port number of the main information communication path.
After that, the session control server 301-1 receives a 200 OK response in which the signal received from the communication device 302-2 is one of SIP messages, and the control information (SDP) between the communication devices included in the message is It is encrypted. Communication such as the IP address and port number of the main information communication path of the communication device 302-2 by decrypting the encrypted information using the first encryption key stored in the decryption key reuse means 313 Control information between devices can be referred to.

Based on this information, the NAT / firewall control means 330 changes the filtering condition (instruction for passing packets addressed to the specific IP address and port number from the specific IP address) to the remote NAT / firewall device 303. Request. As a result, the NAT / firewall device 303 can pass packets with respect to main information between the communication device 302-1 and the communication device 302-2.
Thereafter, when receiving a BYE method that is a disconnection signal of the SIP message received from the communication device 302-1 or 302-2, the session control server 301-1 causes the NAT / firewall control means 330 to execute the NAT / firewall device 303. Is requested to change the filtering condition (instruction for not passing packets addressed to the designated IP address and port number from the designated IP address).
As shown in the present embodiment, NAT / firewall control can be performed on a session-by-session basis by the session control server 301-1 in which information in the signal is safely disclosed from the communication device, and the accuracy of access control can be improved. become. Since the session control server 301-2 that does not disclose the information cannot refer to the route information of the main information, it is difficult to monitor the main information, and the confidentiality of the main information communication can be improved.

(Ninth embodiment)
FIG. 25 is an explanatory diagram of the communication method according to the ninth embodiment of the present invention.
Here, an example is shown in which the session control server can record communication with respect to encrypted main information based on information obtained during session establishment.
For example, the transmission signal from the communication device 302-1 is an INVITE method that is one of SIP messages compliant with RFC3261, and the communication device information SDP included in the message is encrypted. The SDP includes key information for main information encryption in addition to an IP address and a port number used for main information communication between the communication device 302-1 and the communication device 302-2.

The session control server 301-1 includes a main information communication recording unit 131 and a main information decoding unit 132, and transmits an instruction to the remote NAT / firewall device 303.
In addition to the filtering condition change request of the eighth embodiment, the main information transfer is instructed. The main information communication receiving unit 131 of the session control server receives the main information from the NAT / firewall device 303. When the main information is encrypted, the main information decryption unit 132 performs decryption using the already acquired key information for main information encryption. When the decryption ends normally, the information is recorded.
Since the session control server 301-2 cannot decrypt the encrypted signal, the communication device information SDP cannot be referenced, and the key information for main information encryption included in the SDP cannot be referenced. Therefore, even if the main information is monitored by a monitoring device in the network, it is encrypted and cannot be decrypted.

Thus, even when the main information is encrypted, the decrypted main information can be recorded by a specific reliable session control server, and the communication information can be audited.
As described above, in the communication method according to the present embodiment, information can be disclosed / changed to a session control server that performs arbitrary signal relay, information is transmitted safely, and communication control by a specific session control server is performed. Is possible.

  If the procedures described in the seventh, eighth, and ninth embodiments are programmed, and the program is stored in a recording medium such as a CD-ROM, it is convenient for selling and lending the program. . In addition, the present invention can be easily realized by installing a recording medium on a computer of a session control server or a computer of a communication device, and installing and executing a program.

As described above, according to the present invention, signal information can be disclosed only to a specific session control server or a called user regardless of the connection configuration. In addition to the information reference, the session control server can change the information.
Thereby, there is a remarkable effect that it is possible to ensure security with a reliable destination.

1 is a configuration diagram of a communication system according to a first embodiment of the present invention. It is a detailed block block diagram of the communication apparatus in FIG. It is a detailed block block diagram of the session control server in FIG. It is a figure which shows the example of the transmission signal of the communication apparatus which concerns on 1st Example of this invention. It is a figure which shows the example of a received signal of the communication apparatus which concerns on 1st Example of this invention. It is a figure which shows the example of a received signal of the session control server which concerns on 3rd Example of this invention. It is a figure which shows the example of the transmission signal of the session control server which concerns on 3rd Example of this invention. It is a process flowchart of the session control server and communication apparatus which concern on 2nd Example of this invention. It is a process flowchart of the session control server and communication apparatus which concern on 3rd Example of this invention. It is a block block diagram of the communication system which concerns on the 2nd Embodiment of this invention. It is a detailed block diagram of the session control server in FIG. It is a detailed block diagram of the communication apparatus in FIG. It is a figure which shows the example of a transmission signal of the communication apparatus (202-1) which concerns on the 2nd Embodiment of this invention. It is a figure which shows the example of a transmission signal of the communication apparatus (202-2) which concerns on the 2nd Embodiment of this invention. It is explanatory drawing of the communication method which concerns on the 4th Example of this invention. It is explanatory drawing of the communication method which concerns on the 5th Example of this invention. It is explanatory drawing of the communication method which concerns on the 6th Example of this invention. It is a block diagram of the communication system which concerns on the 3rd Embodiment of this invention. It is a block block diagram of the session control server in FIG. It is a block block diagram of the communication apparatus in FIG. It is a figure of the example of a transmission signal of the communication apparatus (302-1) which concerns on the 3rd Embodiment of this invention. It is a figure of the example of a transmission signal of the communication apparatus (302-2) which concerns on the 3rd Embodiment of this invention. It is explanatory drawing of the communication method which concerns on the 7th Example of this invention. It is explanatory drawing of the communication method which concerns on the 8th Example of this invention. It is explanatory drawing of the communication method which concerns on the 9th Example of this invention.

Explanation of symbols

10, 20, 30 ... Network 101, 201, 301 ... Session control server 102, 202, 302 ... Communication device 101-1, 201-1, 301-1 ... Communication device 102-1, 202-1, 302-1 Accommodating session control servers 101-2, 201-2, 301-2 ... Session control servers accommodating communication devices 102-2, 202-2, 302-2 102-1, 202-1, 302-1 ... Originating side Communication device 102-2, 202-2, 302-2 ... Calling side communication device

Claims (21)

A session control server is communicably connected via the network, and a session with the other communication device is established by transmitting / receiving a signal to / from another communication device via the plurality of session control servers. In communication equipment,
Means for generating a first encryption key for encryption when transmitting information encrypted to maintain confidentiality of the transmission signal;
Means for encrypting information using the first encryption key;
Means for encrypting the first encryption key with an arbitrary second encryption key;
Means for attaching the encrypted first encryption key and transmitting a signal including information encrypted with the first encryption key;
The means for encrypting the first encryption key with the second encryption key is one of the plurality of session control servers allowed to refer only to the in-signal information or to both reference and change. Encrypt the first encryption key with the second encryption key of the two session control servers,
The means for transmitting the information encrypted with the first encryption key includes the encrypted first encryption key, the information encrypted with the first encryption key, and the signal in the signal. Communication for transmitting a decryption request instruction or a decryption request instruction and a change permission notice to one session control server among the plurality of session control servers allowed to refer to only information or both reference and change apparatus. A plurality of communication devices and other session control servers are communicably connected via a network, receive signals transmitted from the communication device on the caller side or other session control servers, and receive the received signals on the callee side. In a session control server that establishes a session between the calling communication device and the called communication device by transmitting to a communication device or another session control server,
Means for receiving a signal that includes an encrypted first encryption key and includes information encrypted with the first encryption key;
Means for decrypting the first encryption key with a second decryption key corresponding to its second encryption key;
Means for decrypting the information using the first encryption key obtained by decryption;
Means for encrypting the first encryption key obtained by decryption with an arbitrary second encryption key;
After the first encryption key obtained by decryption is encrypted with an arbitrary second encryption key, the encrypted first encryption key is attached, and the first encryption key is used. Means for transmitting a signal containing encrypted information, and
When the receiving means receives a signal containing encrypted information, the second decryption key corresponding to the second encryption key is determined by determining whether or not there is a decryption request according to a decryption request instruction in the signal. Decrypting the encrypted first encryption key with an encryption key, or encrypting the first encryption key with a second decryption key corresponding to the second encryption key The first encryption key is obtained by determining whether or not there is a decryption request by decrypting
The information decryption means decrypts the information encrypted with the first encryption key;
Further, the encryption means may be a second encryption key of the other session control server that is passed through at the time of signal transmission and reception and permitted only for disclosure or both of disclosure and modification, or a second encryption key of the destination communication device. Encrypt the first encryption key obtained with the encryption key of
The transmission means includes the encrypted first encryption key, the information encrypted with the acquired first encryption key, and the second encryption key of the other session control server. A session control server that, when it is an encryption key, transmits a decryption request instruction to the other session control server, or a decryption request instruction and a change permission notice. The session control server according to claim 2,
Means for generating a new first encryption key for encryption when transmitting a signal including information encrypted in order to maintain the confidentiality of the transmission signal in addition to each of the means;
Means for encrypting information using the generated first encryption key;
Means for encrypting the generated first encryption key with an arbitrary second encryption key;
Means for attaching a generated first encryption key encrypted with the second encryption key and transmitting a signal including information encrypted with the generated first encryption key;
The encryption means of the first encryption key is a second encryption key of another session control server that is passed through at the time of signal transmission and reception and is allowed to both reference and change, or transmission Encrypt the generated first encryption key with the second encryption key of the previous communication device,
The transmission means includes the encrypted generated first encryption key, the information encrypted with the generated first encryption key, and the second encryption key stored in the other session control server. A session control server that transmits a decryption request instruction to the other session control server or a decryption request instruction and a change permission notification. The session control server according to claim 2,
Means for storing the first encryption key in a session and a counter device unit;
A session control server comprising: a reuse unit that reuses the first encryption key for at least one of encryption and decryption of information in the same opposite device in the same session. The communication device according to claim 1 is connected to be communicable via a session control server via a network as an opposite device, and communicates with other communication devices by transmitting and receiving signals to and from the session control server. In a communication device that establishes a session,
Means for receiving a signal including encrypted information, with an encrypted first encryption key attached;
Means for decrypting the first encryption key;
Means for decrypting the information with the first encryption key;
Means for storing the first encryption key in the session and the opposite device unit;
Means for encrypting information using the first encryption key;
Means for transmitting a signal including information encrypted with the first encryption key,
A communication apparatus that uses the first encryption key stored in the storage means for at least one of encryption and decryption of information in the same session. The communication device according to claim 1.
Means for storing the first encryption key in units of sessions and opposing devices;
Means for encrypting information using the first encryption key;
Means for transmitting a signal including information encrypted with the first encryption key;
Means for receiving a signal containing information encrypted with the first encryption key;
Means for decrypting information using the first encryption key,
A communication apparatus that uses the first encryption key stored in the storage means for at least one of encryption and decryption of information in the same session. The communication device according to claim 1,
Means for periodically updating the first encryption key managed in units of the session and the opposite device;
The updating means includes
Means for newly generating a first encryption key;
Encryption key encryption means for encrypting the first encryption key with an arbitrary second encryption key or a first encryption key already stored;
A communication apparatus comprising: means for transmitting a signal including the information encrypted with the first encryption key, the first encryption key encrypted with an arbitrary second encryption key being attached. The communication device according to claim 5, wherein
Means for periodically updating the first encryption key managed in units of the session and the opposite device;
The updating means includes
Means for newly generating a first encryption key;
Encryption key encryption means for encrypting the first encryption key with an arbitrary second encryption key or a first encryption key already stored;
A communication apparatus comprising: means for transmitting a signal including the information encrypted with the first encryption key, the first encryption key encrypted with an arbitrary second encryption key being attached. In the session control server according to claim 2,
Means for periodically updating the first encryption key managed in units of the session and the opposite device;
A new first encryption key encrypted with an arbitrary second encryption key or a first encryption key that has already been stored is attached, and encrypted with the first encryption key. Means for receiving a signal containing information,
Means for encrypting information using the updated new first encryption key;
Means for transmitting the updated new encryption key together with the encrypted information,
The transmission means attaches a new first encryption key encrypted with the arbitrary second encryption key or the first encryption key already stored, and the first encryption key A session control server that transmits a signal including information encrypted with an encryption key. In a communication system that is communicably connected to each other via a network and establishes a session by performing transmission and reception of signals between communication devices via a plurality of session control servers,
Means for receiving a signal including information encrypted with the first encryption key, the second decryption corresponding to its second encryption key Means for decrypting the first encryption key with the encryption key, means for decrypting the information using the first encryption key obtained by decryption, and the first encryption key obtained by decryption Means for encrypting with the second encryption key, and the first encryption key encrypted after encrypting the first encryption key obtained by decryption with any second encryption key And a means for transmitting a signal containing the information encrypted with the first encryption key, and when the receiving means receives the encrypted information, the signal is decrypted. The presence of a decryption request is determined according to a request instruction, and the first encryption encrypted with the second decryption key corresponding to the second encryption key Determining whether there is a decryption request by decrypting the key or decrypting the encrypted first encryption key with a second decryption key corresponding to the second encryption key Or the both are performed to obtain the first encryption key, the information decryption means decrypts the information encrypted with the first encryption key, and the encryption The means is based on the second encryption key of the other session control server that is passed through at the time of signal transmission and reception and allowed only for disclosure or both disclosure and modification, or the second encryption key of the communication device of the transmission destination. Encrypting the acquired first encryption key, the transmitting means, the encrypted first encryption key, the information encrypted by the acquired first encryption key, The second encryption key is the encryption key of the other session control server In some cases, a session control server that transmits the decryption request instruction to said other session control server,
Means for generating a first encryption key for encryption when transmitting a signal including information encrypted in order to maintain the confidentiality of the transmission signal, and information using the first encryption key; Means for encrypting, means for encrypting the first encryption key with an arbitrary second encryption key, and attaching the first encryption key encrypted, the first encryption Means for transmitting a signal including information encrypted with a key, and means for encrypting the first encryption key with a second encryption key is for referring to the information in the signal only, or for reference and change. The second encryption key of one session control server among the plurality of session control servers that are allowed both, or the second encryption key of the communication device of the transmission destination, the first encryption key Means for encrypting and transmitting a signal including information encrypted with the first encryption key, The first encryption key, the information encrypted with the first encryption key, and the second encryption key allows only reference to the information in the signal or both reference and change. A communication device that sends a decryption request instruction to the session control server, or
In addition to the above means,
Means for generating a new first encryption key for encryption when transmitting a signal including information encrypted to maintain the confidentiality of the transmission signal, and the generated first encryption key Means for encrypting information using, a means for encrypting the generated first encryption key with an arbitrary second encryption key, a generated first encrypted with the second encryption key And a means for transmitting a signal including information encrypted with the generated first encryption key, wherein the encryption means for the first encryption key passes when the signal is transmitted / received. And the second encryption key of one other session control server among the plurality of session control servers allowed to refer only to the information in the signal or to both reference and change, or communication of the destination Encrypting the generated first encryption key with the second encryption key of the device; The transmission means includes the encrypted generated first encryption key, the information encrypted with the generated first encryption key, and the second encryption key referring to the in-signal information. Or a communication device that transmits a decryption request instruction to the other session control server when the encryption key of the other session control server is permitted to both reference and change, and
Of the communication devices, the receiving communication device is:
Means for receiving a signal to which an encrypted first encryption key is attached and including the encrypted information; means for decrypting the first encryption key; and information for encrypting the first information Means for decrypting with a key, means for storing the first encryption key for each session and the opposite device unit, means for encrypting information using the first encryption key, with the first encryption key Means for transmitting a signal including encrypted information, and the first encryption key stored in the storage means is used for at least one of encryption and decryption of information in the same session;
Of the communication devices, the calling communication device is
Means for storing the first encryption key for each session and the opposite device; means for encrypting information using the first encryption key; information encrypted with the first encryption key; Means for transmitting a signal including, means for receiving a signal including information encrypted with the first encryption key, and means for decrypting information using the first encryption key, A communication system characterized by using the first encryption key stored in the means for performing at least one of encryption and decryption of information in the same session. The communication system according to claim 10, wherein
Means for storing the first encryption key for each session and the opposite device, and the first encryption key for at least one of encryption and decryption of information in the same session and the same opposite device A session control server having a reuse means for reuse;
A means for receiving a signal including encrypted information by attaching an encrypted first encryption key, a means for decrypting the first encryption key, and decrypting the information with the first encryption key Means for storing the first encryption key for each session and the opposite device, means for encrypting information using the first encryption key, and encryption with the first encryption key Means for transmitting a signal including the received information and using the first encryption key stored in the storage means for at least one of encryption and decryption of information in the same session Equipment,
Means for storing the first encryption key for each session and the opposite device; means for encrypting information using the first encryption key; information encrypted with the first encryption key; Means for transmitting a signal including, means for receiving a signal including information encrypted with the first encryption key, and means for decrypting information using the first encryption key, A communication system having a first communication key that is used for at least one of encryption and decryption of information in the same session, using the first encryption key stored in the means for performing the process. The communication system according to claim 10, wherein
Means for periodically updating the first encryption key managed in units of the session and the opposite device, encrypted with any second encryption key, or the first encryption key already stored; A new first encryption key is attached, means for receiving a signal including information encrypted with the first encryption key, and the information is encrypted using the updated new first encryption key. And a means for transmitting a new encryption key updated together with the encrypted information, wherein the transmitting means is an arbitrary second encryption key or the first stored first key. A session control server that attaches a new first encryption key, encrypted with the encryption key, and transmits a signal including information encrypted with the first encryption key;
Means for storing the first encryption key for each session and the opposite device; means for encrypting information using the first encryption key; information encrypted with the first encryption key; Means for transmitting a signal including, means for receiving a signal including information encrypted with the first encryption key, and means for decrypting information using the first encryption key, An originating communication device that uses the first encryption key stored in the means for performing at least one of encryption and decryption of information in the same session;
Means for periodically updating the first encryption key managed in units of the session and the opposite device, the update means newly generating a first encryption key, the first encryption key; An encryption key encrypting means for encrypting with an arbitrary second encryption key, and the first encryption key encrypted with an optional second encryption key, and the first encryption key A communication system comprising: a transmission side or a reception side communication device comprising means for transmitting a signal including information encrypted with an encryption key. In a communication method for transmitting a session control signal generated by a calling-side communication device to a receiving-side communication device via a plurality of session control servers indicating either a trusted session control server or an untrusted session control server,
The originating communication device encrypts the first encryption key used for the encryption of the encrypted information with the second encryption key disclosed by the trusted session control server,
A signal including the encrypted information, a value indicating a decryption request, and the encrypted first encryption key is transmitted to the session control server;
The session control server determines a decryption request based on a decryption request parameter value in the received signal, or decrypts the encrypted information in which the encrypted first encryption key is set The decryption request is determined based on whether or not
When there is a decryption request, the encrypted first encryption key is decrypted with the second decryption key corresponding to the second encryption key and the encoded first encryption key And decrypting the encrypted information to enable reference or change of control information between communication devices,
After changing the inter-communication device control information, the first encryption key is used as it is, or the newly generated first encryption key is used to encrypt the changed information,
A communication method comprising: transmitting to a next session control server or a receiving communication device. After determining the decryption key to be decrypted, the session control server decrypts the first encryption key, decrypts the encrypted information with the first encryption key, and controls the communication information between the communication devices. Can be referenced or changed,
Based on the control information, request the NAT / firewall device to change the filtering condition,
After that, the control information between the communication devices received from the communication device on the receiving side is decoded, and the control information between the communication devices can be referred to or changed,
14. The communication method according to claim 13, wherein the NAT / firewall device is requested to change a filtering condition based on the control information, and the NAT / firewall device performs packet passing for main information between the communication devices. .   When the session control server instructs the NAT / firewall device or the like to change the filtering condition, and instructs main information transfer, and receives the main information from the NAT / firewall device or the like, the main information is encrypted. In the case of signal transmission / reception, the first encryption key is decrypted, and the encrypted information is already acquired together with the control information between the communication devices obtained by decrypting with the first encryption key. 14. The communication method according to claim 13, wherein the main information is decrypted by using the main information encryption key, and the main information is recorded in the communication recording means. A communication program for transmitting a session control signal generated by an originating communication device to a terminating communication device via a plurality of session control servers indicating either a trusted session control server or an untrusted session control server. There,
The computer of the session control server determines a decryption request based on the value of the decryption request parameter in the received signal, or the data of the encrypted first encryption key in the received signal is set. Means for determining a decryption request based on whether or not decryption is possible; if there is a decryption request, the first encryption key encrypted with the second decryption key corresponding to the second encryption key Means for decrypting and decrypting encrypted inter-communication device control information in the received signal with the encoded first encryption key, and enabling reference or change of the inter-communication device control information, The first encryption key is used as it is or the newly generated first encryption key is used to encrypt the changed information, and the next session control server or the receiving communication device encryption Communication program to function as a means for transmitting information after the change was.   In addition to each means according to claim 16, the session control server computer further comprises means for judging a decryption key for decryption, means for decrypting a first encryption key, and encryption information Means for decrypting with the first encryption key to enable reference or change of control information between communication devices, means for requesting NAT / firewall device to change filtering conditions based on the control information, incoming call Means for decoding control information between communication devices received from the communication device on the side and enabling reference or change of control information between communication devices, and filtering conditions for the NAT / firewall device based on the control information A communication program for functioning as a means for requesting a change.   17. In addition to each means according to claim 16, means for instructing the computer of the session control server to transfer main information in addition to a request for changing filtering conditions to a NAT / firewall apparatus, etc., NAT / firewall Means for receiving main information from a device, etc., and when the main information is encrypted, the first encryption key is decrypted at the time of signal transmission and reception, and the encrypted information is Along with the control information between the communication devices obtained by decrypting with the key, a means for decrypting using the already acquired main information encryption key, and a means for functioning as a means for recording the main information in the communication recording means Communication program.   A computer-readable recording medium on which the communication program according to claim 16 is recorded.   A computer-readable recording medium on which the communication program according to claim 17 is recorded. A computer-readable recording medium on which the communication program according to claim 18 is recorded.

Images