WO2009060899A1 - 共通鍵設定方法、中継装置、及びプログラム - Google Patents

共通鍵設定方法、中継装置、及びプログラム Download PDF

Info

Publication number
WO2009060899A1
WO2009060899A1 PCT/JP2008/070212 JP2008070212W WO2009060899A1 WO 2009060899 A1 WO2009060899 A1 WO 2009060899A1 JP 2008070212 W JP2008070212 W JP 2008070212W WO 2009060899 A1 WO2009060899 A1 WO 2009060899A1
Authority
WO
WIPO (PCT)
Prior art keywords
relay device
secret information
secret
information
common key
Prior art date
Application number
PCT/JP2008/070212
Other languages
English (en)
French (fr)
Inventor
Nachi Ueno
Shingo Orihara
Kei Karasawa
Yukio Tsuruoka
Original Assignee
Nippon Telegraph And Telephone Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph And Telephone Corporation filed Critical Nippon Telegraph And Telephone Corporation
Priority to US12/741,758 priority Critical patent/US8291231B2/en
Priority to EP08846707.1A priority patent/EP2207302B1/en
Priority to JP2009540080A priority patent/JP5039146B2/ja
Publication of WO2009060899A1 publication Critical patent/WO2009060899A1/ja

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Abstract

 第2装置の秘密鍵が中継装置に格納され、第1装置が、共通鍵を特定するための秘密情報を設定し、第2装置の公開鍵を用いて秘密情報を暗号化した暗号化秘密情報を生成し、中継装置に送信する。次に、中継装置が、第2装置の秘密鍵を用いて暗号化秘密情報を復号し、秘密情報を抽出する。そして、中継装置が、暗号化秘密情報を第2装置に送信し、第2装置が、当該第2装置の秘密鍵を用いて暗号化秘密情報を復号し、秘密情報を抽出する。その後、第1装置と中継装置との間、及び、第2装置と中継装置との間で、通信ログ情報と秘密情報とに対応する終了情報を交換する。
PCT/JP2008/070212 2007-11-07 2008-11-06 共通鍵設定方法、中継装置、及びプログラム WO2009060899A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US12/741,758 US8291231B2 (en) 2007-11-07 2008-11-06 Common key setting method, relay apparatus, and program
EP08846707.1A EP2207302B1 (en) 2007-11-07 2008-11-06 Common key setting method, relay apparatus, and program
JP2009540080A JP5039146B2 (ja) 2007-11-07 2008-11-06 共通鍵設定方法、中継装置、及びプログラム

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2007289906 2007-11-07
JP2007-289906 2007-11-07
JP2008-190536 2008-07-24
JP2008190536 2008-07-24

Publications (1)

Publication Number Publication Date
WO2009060899A1 true WO2009060899A1 (ja) 2009-05-14

Family

ID=40625786

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2008/070212 WO2009060899A1 (ja) 2007-11-07 2008-11-06 共通鍵設定方法、中継装置、及びプログラム

Country Status (4)

Country Link
US (1) US8291231B2 (ja)
EP (1) EP2207302B1 (ja)
JP (1) JP5039146B2 (ja)
WO (1) WO2009060899A1 (ja)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011068627A2 (en) 2009-12-02 2011-06-09 Microsoft Corporation Identity based network policy enablement
JP2011151785A (ja) * 2009-12-25 2011-08-04 Canon It Solutions Inc 中継処理装置、中継処理方法及びプログラム
JP2014147039A (ja) * 2013-01-30 2014-08-14 Oki Electric Ind Co Ltd 暗号通信装置、代行サーバ、暗号通信システム、暗号通信装置プログラム及び代行サーバプログラム
KR20150094110A (ko) * 2014-02-10 2015-08-19 한국전자통신연구원 전자 서명 제공 장치 및 방법
WO2016159538A1 (ko) * 2015-04-03 2016-10-06 주식회사 키페어 Pin 인증 시스템 및 방법
JP2017069755A (ja) * 2015-09-30 2017-04-06 ブラザー工業株式会社 コンピュータプログラム、および、中継装置
CN107534665A (zh) * 2015-04-24 2018-01-02 思科技术公司 利用ssl会话票证扩展的可扩缩中间网络设备
JP2021052362A (ja) * 2019-09-26 2021-04-01 富士通株式会社 通信中継プログラム、中継装置、及び通信中継方法

Families Citing this family (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011016401A1 (ja) * 2009-08-03 2011-02-10 日本電信電話株式会社 関数暗号応用システム及び方法
US8769290B1 (en) * 2011-02-28 2014-07-01 Google Inc. Providing confidential structured data
JP5769133B2 (ja) * 2011-09-27 2015-08-26 日本電気株式会社 通信中継装置、データ処理システムおよび通信中継方法
KR101543711B1 (ko) * 2011-10-11 2015-08-12 한국전자통신연구원 짧은 서명을 제공하는 경량 그룹서명 방법 및 장치
CN102523090B (zh) * 2011-12-01 2015-04-22 深圳市文鼎创数据科技有限公司 实现智能密钥装置多应用手动切换的方法和装置
US9531685B2 (en) 2011-12-16 2016-12-27 Akamai Technologies, Inc. Providing forward secrecy in a terminating SSL/TLS connection proxy using Ephemeral Diffie-Hellman key exchange
US9531691B2 (en) 2011-12-16 2016-12-27 Akamai Technologies, Inc. Providing forward secrecy in a terminating TLS connection proxy
US9026784B2 (en) * 2012-01-26 2015-05-05 Mcafee, Inc. System and method for innovative management of transport layer security session tickets in a network environment
US9077709B1 (en) * 2012-01-31 2015-07-07 Teradici Corporation Method for authenticated communications incorporating intermediary appliances
US9363240B2 (en) * 2012-08-30 2016-06-07 Excalibur Ip, Llc Method and system for reducing network latency
JP2014068140A (ja) * 2012-09-25 2014-04-17 Sony Corp 情報処理装置、情報処理方法及びプログラム
WO2015095463A1 (en) * 2013-12-18 2015-06-25 Akamai Technologies, Inc. Providing forward secrecy in a terminating tls connection proxy
US9471948B2 (en) * 2014-04-17 2016-10-18 Seed Labs Sp. Z O.O. System and method for administering licenses stored by a product unit, and administration of said unit in the field
US9686221B2 (en) * 2014-07-25 2017-06-20 Microsoft Technology Licensing, Llc Error correction for interactive message exchanges using summaries
US9900287B1 (en) * 2014-09-12 2018-02-20 Verily Life Sciences, LLC Transmitting sensitive information securely over unsecured networks without authentication
WO2016047111A1 (ja) * 2014-09-25 2016-03-31 日本電気株式会社 解析システム、解析装置、解析方法、及び、解析プログラムが記録された記憶媒体
EP3216163B1 (en) * 2014-11-04 2019-04-24 Akamai Technologies, Inc. Providing forward secrecy in a terminating ssl/tls connection proxy using ephemeral diffie-hellman key exchange
US10708781B2 (en) * 2016-01-27 2020-07-07 Telefonaktiebolaget Lm Ericsson (Publ) Method for setting up a secure connection between LWM2M devices
US10291405B2 (en) * 2016-07-15 2019-05-14 International Business Machines Corporation Seamless abort and reinstatement of TLS sessions
US10951407B2 (en) 2016-07-27 2021-03-16 Akamai Technologies, Inc. Cryptographic material sharing among entities with no direct trust relationship or connectivity
US10348698B2 (en) * 2016-09-15 2019-07-09 Nagravision S.A. Methods and systems for link-based enforcement of routing of communication sessions via authorized media relays
IT201600116085A1 (it) * 2016-11-17 2018-05-17 Ansaldo Sts Spa Apparato e metodo per la gestione in sicurezza di comunicazioni vitali in ambiente ferroviario
JP6473876B2 (ja) * 2016-12-01 2019-02-27 株式会社ユートピア企画 セキュアネットワーク通信方法
US10310776B2 (en) * 2017-02-10 2019-06-04 Avision Inc. Output method and output device for cloud printing
TWI621064B (zh) * 2017-02-10 2018-04-11 虹光精密工業股份有限公司 輸出方法與輸出裝置
US10547641B2 (en) * 2017-06-01 2020-01-28 International Business Machines Corporation Transparently converting a TLS session connection to facilitate session resumption
US10542041B2 (en) * 2017-06-01 2020-01-21 International Business Machines Corporation Cacheless session ticket support in TLS inspection
US10721219B2 (en) 2018-06-28 2020-07-21 Nxp B.V. Method for establishing a secure communication session in a communications system
US10721061B2 (en) 2018-06-28 2020-07-21 Nxp B.V. Method for establishing a secure communication session in a communications system
US10659228B2 (en) * 2018-06-28 2020-05-19 Nxp B.V. Method for establishing a secure communication session in a communications system
KR20230008167A (ko) * 2020-05-15 2023-01-13 후아웨이 테크놀러지 컴퍼니 리미티드 통신 방법 및 통신 장치
CN112511550B (zh) * 2020-12-02 2022-02-22 迈普通信技术股份有限公司 通信方法、装置、电子设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1084338A (ja) * 1996-09-06 1998-03-31 Syst Kogaku Kk 暗号化情報通信システム
JP2001237824A (ja) * 2000-02-22 2001-08-31 Mitsubishi Electric Corp 情報通信中継装置
JP2002082907A (ja) * 2000-09-11 2002-03-22 Nec Corp データ通信におけるセキュリティ機能代理方法、セキュリティ機能代理システム、及び、記録媒体
JP2007036389A (ja) * 2005-07-22 2007-02-08 Hitachi Software Eng Co Ltd Tlsセッション情報の引継ぎ方法及びコンピュータシステム

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7093128B2 (en) * 2000-04-06 2006-08-15 Sony Corporation Information recording/reproducing apparatus and method
JP2002158650A (ja) * 2000-11-21 2002-05-31 Fujitsu Ltd 認証・暗号化処理代行用のサーバ、アクセスカード、プログラム記録媒体及び携帯端末
CN100512101C (zh) * 2001-05-14 2009-07-08 松下电器产业株式会社 电子设备控制装置
JP2003101533A (ja) * 2001-09-25 2003-04-04 Toshiba Corp 機器認証管理システム及び機器認証管理方法
JP3842100B2 (ja) * 2001-10-15 2006-11-08 株式会社日立製作所 暗号化通信システムにおける認証処理方法及びそのシステム
JP4240297B2 (ja) * 2003-04-21 2009-03-18 ソニー株式会社 端末機器、認証端末プログラム、機器認証サーバ、機器認証プログラム
EP1473899A1 (en) * 2003-04-28 2004-11-03 Telefonaktiebolaget LM Ericsson (publ) Security in a communications network
KR100581590B1 (ko) * 2003-06-27 2006-05-22 주식회사 케이티 이중 요소 인증된 키 교환 방법 및 이를 이용한 인증방법과 그 방법을 포함하는 프로그램이 저장된 기록매체
JP4712325B2 (ja) * 2003-09-12 2011-06-29 株式会社リコー 通信装置、通信システム、通信方法及びプログラム
JP4607567B2 (ja) * 2004-01-09 2011-01-05 株式会社リコー 証明書転送方法、証明書転送装置、証明書転送システム、プログラム及び記録媒体
DE102006019466B4 (de) * 2006-04-26 2009-07-30 Siemens Ag Verfahren und System zum manipulationssicheren Einrichten eines kryptographischen Schlüssels
JP5201136B2 (ja) * 2007-05-24 2013-06-05 日本電気株式会社 匿名認証システムおよび匿名認証方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1084338A (ja) * 1996-09-06 1998-03-31 Syst Kogaku Kk 暗号化情報通信システム
JP2001237824A (ja) * 2000-02-22 2001-08-31 Mitsubishi Electric Corp 情報通信中継装置
JP2002082907A (ja) * 2000-09-11 2002-03-22 Nec Corp データ通信におけるセキュリティ機能代理方法、セキュリティ機能代理システム、及び、記録媒体
JP2007036389A (ja) * 2005-07-22 2007-02-08 Hitachi Software Eng Co Ltd Tlsセッション情報の引継ぎ方法及びコンピュータシステム

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SSL & TLS, 2 May 2007 (2007-05-02), Retrieved from the Internet <URL:http://www21.ocn.ne.jp/~k-west/SSLandTLS>
T. DIERKS; C. AKKEN, THE TLS PROTOCOL VERSION 1.0, January 1999 (1999-01-01), Retrieved from the Internet <URL:http://www.ietf.org/rfc/rfc2246.txt>

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2507940A4 (en) * 2009-12-02 2016-08-03 Microsoft Technology Licensing Llc IDENTITY-BASED NETWORK GUIDANCE ACTIVATION
WO2011068627A2 (en) 2009-12-02 2011-06-09 Microsoft Corporation Identity based network policy enablement
JP2011151785A (ja) * 2009-12-25 2011-08-04 Canon It Solutions Inc 中継処理装置、中継処理方法及びプログラム
JP2012044694A (ja) * 2009-12-25 2012-03-01 Canon It Solutions Inc 中継処理装置、中継処理方法及びプログラム
JP2014147039A (ja) * 2013-01-30 2014-08-14 Oki Electric Ind Co Ltd 暗号通信装置、代行サーバ、暗号通信システム、暗号通信装置プログラム及び代行サーバプログラム
US9509516B2 (en) 2014-02-10 2016-11-29 Electronics And Telecommunications Research Institute Apparatus and method for providing digital signature
KR20150094110A (ko) * 2014-02-10 2015-08-19 한국전자통신연구원 전자 서명 제공 장치 및 방법
KR101671989B1 (ko) * 2014-02-10 2016-11-03 한국전자통신연구원 전자 서명 제공 장치 및 방법
WO2016159538A1 (ko) * 2015-04-03 2016-10-06 주식회사 키페어 Pin 인증 시스템 및 방법
CN107534665A (zh) * 2015-04-24 2018-01-02 思科技术公司 利用ssl会话票证扩展的可扩缩中间网络设备
CN107534665B (zh) * 2015-04-24 2020-10-16 思科技术公司 利用ssl会话票证扩展的可扩缩中间网络设备
JP2017069755A (ja) * 2015-09-30 2017-04-06 ブラザー工業株式会社 コンピュータプログラム、および、中継装置
JP2021052362A (ja) * 2019-09-26 2021-04-01 富士通株式会社 通信中継プログラム、中継装置、及び通信中継方法
JP7372527B2 (ja) 2019-09-26 2023-11-01 富士通株式会社 通信中継プログラム、中継装置、及び通信中継方法

Also Published As

Publication number Publication date
EP2207302A4 (en) 2013-05-22
US20100250951A1 (en) 2010-09-30
US8291231B2 (en) 2012-10-16
JP5039146B2 (ja) 2012-10-03
JPWO2009060899A1 (ja) 2011-03-24
EP2207302B1 (en) 2016-02-17
EP2207302A1 (en) 2010-07-14

Similar Documents

Publication Publication Date Title
WO2009060899A1 (ja) 共通鍵設定方法、中継装置、及びプログラム
WO2009145495A3 (en) Method and apparatus for providing broadcast service using encryption key in a communication system
WO2012003586A8 (en) System and method for performing device authentication using key agreement
EP3981103A4 (en) KEY RECOVERY USING ENCRYPTED SECRET SHARES
WO2009031140A3 (en) Information protection device
WO2007001328A3 (en) Information-centric security
WO2008011628A3 (en) Device authentication
WO2010093200A3 (en) Method and apparatus for traffic count key management and key count management
WO2008042175A3 (en) Key wrapping system and method using encryption
WO2010041915A3 (en) System and method for setting up security for controlled device by control point in a home network
IL209799A0 (en) Method, device and system for cryptographic key generation
WO2008026060A3 (en) Method, system and device for synchronizing between server and mobile device
WO2008030704A3 (en) Method and system for secure processing of authentication key material in an ad hoc wireless network
WO2008090779A1 (ja) 権限管理方法、そのシステム並びにそのシステムで利用されるサーバ装置及び情報機器端末
SG143127A1 (en) Client credential based secure session authentication method and apparatus
WO2011159948A3 (en) Apparatus and method for transitioning enhanced security context from a utran/geran-based serving network to an e-utran-based serving network
WO2010015906A3 (en) Apparatus, systems and methods for authentication of objects having multiple components
EP2398208A3 (en) Method for securing transmission data and security system for implementing the same
WO2008152393A3 (en) Fuzzy keys
SG143152A1 (en) System and method for secure record protocol using shared knowledge of mobile user credentials
GB2512249A (en) Secure peer discovery and authentication using a shared secret
WO2008019180A3 (en) Methods and systems for blackout provisioning in a distribution network
WO2011130682A3 (en) Apparatus and method for signaling enhanced security context for session encryption and integrity keys
WO2009056679A3 (en) End-to-end encrypted communication
WO2010059196A3 (en) Integrity-protected communication between printing system components

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08846707

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2009540080

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 12741758

Country of ref document: US

Ref document number: 2008846707

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE