WO2011151924A1 - 処理装置,処理方法及び処理プログラム - Google Patents
処理装置,処理方法及び処理プログラム Download PDFInfo
- Publication number
- WO2011151924A1 WO2011151924A1 PCT/JP2010/059546 JP2010059546W WO2011151924A1 WO 2011151924 A1 WO2011151924 A1 WO 2011151924A1 JP 2010059546 W JP2010059546 W JP 2010059546W WO 2011151924 A1 WO2011151924 A1 WO 2011151924A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- time
- key
- processing
- determination unit
- encryption key
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
Definitions
- This case relates to a processing apparatus, a processing method, and a processing program for executing a predetermined process related to processing target information at a preset time.
- each remote case is known to use encryption key sharing / synchronization based on IPsec (Security-architecture-for-Internet-Protocol) in order to ensure security.
- IPsec Security-architecture-for-Internet-Protocol
- IPsec is a standard for performing encryption at the IP level, and is intended to ensure security by encrypting IP packets and transmitting / receiving them between devices.
- IPsec a shared key cryptosystem is used for encryption of IP packets.
- Shared key cryptography is a method in which the same encryption key is used in the transmission side and reception side devices, and each of the transmission side and reception side devices (for example, a remote case) is encrypted in advance. The key is shared and the IPsec connection is established.
- the establishment of the IPsec connection is performed by using the IKE (Internet Key Exchange) protocol in the transmission side and reception side devices.
- IKE Internet Key Exchange
- IKE establishes an IPsec connection by performing two phases of phase 1 and phase 2 between apparatuses that perform the IPsec connection.
- Phase 1 establishes ISAKMP (Internet Security Association and Key Management Protocol) SA (Security Association), thereby determining the encryption method used in Phase 2 and generating an encryption key.
- Phase 2 is to determine the encryption method and encryption key used in IPsec by establishing IPsec SA.
- a RAID device is used as a device on the transmission side and a device on the reception side, and depending on the RAID device, a module that implements an IPsec function provided by each RAID device may be used.
- each device that performs encrypted communication using IPsec provides a predetermined effective period for the encryption key, invalidates the encryption key after the effective period, and converts it to a new encryption key.
- Perform the switching process For example, in each device, the time (current time) of the clock provided by each device is a predetermined process related to switching of encryption key information (for example, generation and setting of encryption keys, switching of validation / invalidation of encryption keys, etc.) It is determined whether or not it is time (for example, 0 o'clock, 8 o'clock, 16:00 o'clock).
- Each device switches the encryption key by executing the corresponding process if it is time to perform a predetermined process.
- Patent Documents 1 and 2 Conventionally, a technique for generating / updating an encryption key when a preset key exchange time is reached is known (for example, Patent Documents 1 and 2).
- each device that performs encrypted communication using IPsec performs generation and setting of an encryption key and switching between enabling / disabling of an encryption key based on the time of a clock provided in each device.
- a clock provided in each device.
- the time change (adjustment) of the clock may cause a time change across the time to perform a predetermined process related to the encryption key information. For example, if the time of the clock before the change is before the update time of the encryption key information (past) and the time of the clock after the change is before the update time of the encryption key information (future), the time is changed.
- the predetermined processing relating to the encryption key information that should be performed at the time straddled (jumped over) by changing the time of the clock is not performed.
- the encryption key information between the device that has changed the time and the device to be communicated do not match.
- FIGS. 7A and 7B are diagrams illustrating a comparison timing between the current time in the transmission-side housing and the time at which a predetermined process should be performed.
- FIG. 7A shows an example of a normal operation, that is, a case where there is no change in the time of the clock of the transmission side housing.
- FIG. 7B shows an example of the case where the time of the clock on the transmission side housing is changed.
- FIG. 8 is a diagram illustrating a procedure for updating the encryption keys of the transmission-side casing and the reception-side casing when a time change occurs in the transmission-side casing.
- the transmission-side housing is a device that transmits data in encrypted communication by each device that performs encrypted communication using IPsec
- the reception-side housing is a device that receives data.
- the transmission-side housing and the reception-side housing are distinguished from each other.
- the devices as bodies perform transmission and reception in both directions. Accordingly, each process in the transmission-side housing and the reception-side housing is executed in each device that performs encrypted communication using IPsec.
- each of the transmission-side housing and the reception-side housing changes the encryption key every day in order to improve security.
- the transmission-side casing and the reception-side casing have two encryption keys, and can enable or disable transmission and reception using the encryption key for each encryption key.
- reception with two encryption keys is both effective, reception is possible with either encryption key.
- the transmission side case and the reception side case each have a predetermined process (for example, generation and setting of an encryption key, encryption key information) of the current time, which is the time of the clock provided by the transmission side case and the reception side case. It is determined whether or not it is time (for example, 0 o'clock, 8 o'clock, 16 o'clock, etc.) to be performed. For example, at 16:00, the transmission-side casing generates and sets the encryption key 1 for the next day, and the reception-side casing generates and sets the encryption key 1 for the next day, and the encryption for the next day. Processing to validate reception by the key 1 is performed.
- a predetermined process for example, generation and setting of an encryption key, encryption key information of the current time, which is the time of the clock provided by the transmission side case and the reception side case. It is determined whether or not it is time (for example, 0 o'clock, 8 o'clock, 16 o'clock, etc.) to be performed. For example, at 16:00, the transmission-
- the transmission-side casing performs processing for validating the transmission using the encryption key 1 of the day and invalidating the transmission using the encryption key 2 of the previous day. Further, at 8 o'clock, the receiving case performs processing for invalidating the reception by the encryption key 2 of the previous day.
- each of the transmission-side housing and the reception-side housing repeatedly perform the above-described processes of the 16:00, 0 o'clock, and 8 o'clock ranges, respectively, and use two encryption keys alternately to obtain encryption key information. Update.
- each of the transmission-side housing and the reception-side housing can change (adjust) the time of the clock it has at a predetermined timing or by an external command.
- the transmission side housing should perform a predetermined process related to switching of encryption key information at the time indicated by the arrows A1 to A8 and B1 to B7. Determine whether it is time.
- the transmission-side casing makes the same determination before A1 and after A8, before B1 and after B7.
- the interval between A1 to A8 and B1 to B7 is one hour.
- the transmitting-side casing is the time at which the current time is to perform a predetermined process related to switching of encryption key information (here, 1/27/16). Because it is not a time zone, the predetermined processing is not performed.
- the transmitting-side casing determines that the current time is 1/27 of 16:00 as the time for performing the predetermined processing related to the switching of the encryption key information.
- a predetermined process to be performed at times, that is, a process of generating and setting the encryption key 2 for 1/28 is performed.
- the transmission-side casing has a time (in this case, 1/27) that the current time is to be subjected to predetermined processing related to switching of encryption key information at each time point B1 to B7. Because it is not 16:00), the prescribed processing is not performed.
- the timer is set after the transmission side housing compares the current time and the time for performing the predetermined processing related to the switching of the encryption key information at the time point B4. Before the next hour is reached, the time of the clock on the transmission side housing is changed. In other words, it is assumed that the time of the clock of the transmission-side housing is changed from 1/27 15:00 to 17:00.
- casing is comparing the time which should perform the predetermined
- the process of generating and setting the encryption key 2 for 1/28 to be performed at 16:00 of 1/27 is not performed in the transmission-side casing.
- the encryption key 2 for 1/28 that should be performed at 16:00 on 1/27 is not generated and set in the transmission-side casing,
- the encryption key 2 up to 16:00 is an encryption key for 1/26 minutes.
- the packet transmitted from the transmission-side casing is encrypted with the encryption key 2 for 1/26, while the encryption key 2 for 1/26 is set in the reception-side casing. Therefore, the receiving side housing does not match the encryption key for decrypting the encrypted packet. Accordingly, the receiving side housing cannot decode the received packet from 1/20 at 0:00 to 1/29 at 0:00.
- one of the purposes of this case is to set the processing target information of the processing device that has changed the time in a correct state even when a time change occurs over the time at which the predetermined processing related to the processing target information is to be performed. It is to be.
- the present invention is not limited to the above-described object, and other effects of the present invention can be achieved by the functions and effects derived from the respective configurations shown in the embodiments for carrying out the invention which will be described later. It can be positioned as one of
- the processing device of this case is a processing device that executes a predetermined process related to processing target information at a preset key time, and at the check timing set every predetermined time, the key time at which the previous process was performed and the current time
- a determination unit that determines whether or not the key time is included in the check period that is between the times, and when the determination unit determines that the key time is included in the check period, the execution is performed at the key time
- a processing unit that executes a predetermined process to be performed.
- the other processing device of the present case is a processing device that executes a predetermined process related to processing target information at a preset key time, and at a check timing set every predetermined time, A determination unit that determines whether or not a key period is included in a check period that is between the first time and the determination unit determines that the key period is included in the check period. And a processing unit that executes a predetermined process to be executed.
- the processing method of the present case is a processing method for executing a predetermined process related to processing target information at a preset key time, and at the check timing set every predetermined time, A step of determining whether or not the key time is included in the check period between the current time and a predetermined to be executed at the key time when it is determined that the key time is included in the check period And a step of executing the process.
- the processing program of the present case is a processing program for causing a computer to execute a function for executing a predetermined process related to processing target information at a preset key time, and at a check timing set every predetermined time.
- the determination unit that determines whether or not the key time is included in the check period between the key time at which the process is performed and the current time, and the determination unit includes the key time in the check period
- the computer is caused to function as a processing unit that executes a predetermined process to be executed at the key time.
- the processing target information of the processing apparatus that has performed the time change can be in a correct state.
- FIG. 1 is a diagram schematically illustrating a configuration example of a storage apparatus as an example of a first embodiment. It is a figure which illustrates the update procedure of the encryption key of a transmission side housing
- (A)-(e) is a figure for demonstrating the determination method whether the key time is contained in the check period by the determination part of the storage apparatus as an example of 1st Embodiment.
- FIG. 4 is a flowchart for explaining operations of a determination unit and a processing unit of the storage apparatus as an example of the first embodiment
- (A)-(e) is a figure for demonstrating the modification of the determination method of whether the key time is contained in the check period by the determination part of the storage apparatus as an example of 1st Embodiment.
- 10 is a flowchart for explaining a modified example of operations of the determination unit and the processing unit of the storage apparatus as an example of the first embodiment
- (A) And (b) is a figure which shows the comparison timing of the present time in a transmission side housing
- FIG. 1 is a diagram schematically illustrating a configuration example of a storage apparatus 1 as an example of the first embodiment.
- the storage device 1 includes a channel adapter 2, a control module 3, and a storage unit 4.
- the storage device 1 is connected to another device 5 via a network 100 such as the Internet or a LAN (Local Area Network) so as to be able to transmit / receive to / from each other, and performs encrypted communication using IPsec.
- a network 100 such as the Internet or a LAN (Local Area Network) so as to be able to transmit / receive to / from each other, and performs encrypted communication using IPsec.
- the other device 5 has substantially the same configuration as the storage device 1, and illustration and explanation thereof are omitted for convenience.
- the storage device 1 reads / writes data to / from hard disk drives (HDD; Hard Disk Drive) 41-1 to 41-k (k is a natural number) of the storage unit 4 to be described later.
- Examples of the storage device 1 and the other device 5 include a RAID device.
- the storage device 1 and the other device 5 perform remote inter-chassis copying.
- the other device 5 functions as a backup server that copies the data stored in the HDDs 41-1 to 41-k of the storage device 1 and stores them in the HDDs provided by the other devices 5.
- the storage device 1 functions as a backup server that copies data stored in HDDs of other devices 5 and stores them in the HDDs 41-1 to 41-k provided in the storage device 1.
- the storage device 1 uses a shared key encryption method in which encrypted communication is performed using the same encryption key as the other devices 5.
- the storage apparatus 1 and the other apparatus 5 share the same encryption key.
- the storage device 1 and the other devices 5 create an encryption key by creating the encryption key using the same logic (for example, a function for generating an encryption key using date information as an argument) in each device. Can be shared.
- the channel adapter 2 is an interface controller that connects the storage device 1 and another device 5 so that they can communicate with each other.
- the channel adapter 2 receives the data transmitted from the other device 5 and temporarily stores it in the buffer memory 23. Then, the channel adapter 2 passes this data to the control module 3 to be described later, or receives the data received from the control module 3. Send to other device 5. That is, the channel adapter 2 has a function of controlling data input / output (I / O) with an external device such as another device 5.
- the channel adapter 2 has a function as an encryption / decryption unit 201 as will be described later.
- the channel adapter 2 includes a CPU (Central Processing Unit) 20, a RAM (Random Access Memory) 21, a ROM (Read Only Memory) 22, and a buffer memory 23.
- the buffer memory 23 temporarily stores data received from other devices 5 and data transmitted to the other devices 5.
- the ROM 22 is a storage device that stores programs executed by the CPU 20 and various data.
- the RAM 21 is a storage area for temporarily storing various data and programs, and when the CPU 20 executes the programs, the data and programs are temporarily stored and expanded. Further, as will be described later, the RAM 21 stores two encryption keys set by the control module 3, and information on validity / invalidity of transmission for each encryption key and validity / invalidity of reception for each encryption key. .
- the two encryption keys stored in the RAM 21 may be the encryption key itself, or information for generating or specifying the encryption key. Hereinafter, these are collectively referred to as “encryption key”.
- the two encryption keys stored in the RAM 21, information on validity / invalidity of transmission for each encryption key, and information on validity / invalidity of reception for each encryption key are referred to as “encryption key information”.
- the CPU 20 is a processing device that performs various controls and calculations, and implements various functions by executing programs stored in the ROM 22. That is, the CPU 20 functions as an encryption / decryption unit 201 as shown in FIG.
- the encryption / decryption unit 201 encrypts the packet to be transmitted to the other device 5 received from the control module 3 using the encryption key stored in the RAM 21.
- the encryption / decryption unit 201 decrypts the packet received from the other device 5 using the encryption key stored in the RAM 21 and passes it to the control module 3.
- the encryption / decryption processing by the encryption / decryption unit 201 causes the storage apparatus 1 to perform encrypted communication with other apparatuses 5 using IPsec.
- the storage unit 4 includes a plurality of HDDs 41-1 to 41-k, and receives various controls for the plurality of HDDs 41-1 to 41-k from the controller module 3.
- the plurality of HDDs 41-1 to 41-k have a RAID configuration by the controller module 3.
- the control module 3 performs data read / write processing.
- the storage unit 4 can use various recording media that can be used in the storage device, such as a plurality of SSDs (Solid State Drives), instead of the HDDs 41-1 to 41-k.
- SSDs Solid State Drives
- the control module (processing device) 3 performs various controls, and performs various controls such as access control to the storage unit 4 according to access requests from other devices 5.
- the control module 3 has functions as a determination unit 301 and a processing unit 302 as described later.
- the control module 3 includes a CPU 30, a RAM 31, a ROM 32 and a clock 33.
- the ROM 32 is a storage device that stores programs executed by the CPU 30 and various data.
- the RAM 31 is a storage area for temporarily storing various data and programs, and when the CPU 30 executes the programs, the data and programs are temporarily stored and expanded for use.
- the RAM 31 also has a time (hereinafter, referred to as execution time) for executing predetermined processing (for example, encryption key generation and setting, encryption key validation / invalidation switching) regarding processing target information (here, encryption key information).
- execution time for executing predetermined processing (for example, encryption key generation and setting, encryption key validation / invalidation switching) regarding processing target information (here, encryption key information).
- Key time is stored in advance in association with the encryption key information.
- the RAM 31 can store a plurality of sets of key time and encryption key information. For example, the first key time is stored in the RAM 31 in association with a process for generating a new encryption key and setting it in the RAM 21 as a predetermined process, and a process for enabling reception using the new encryption key. Is done.
- the second key time is stored in the RAM 31 in association with a process for validating transmission using a new encryption key and a process for invalidating transmission using an old encryption key as predetermined processes.
- the third key time is stored in the RAM 31 in association with a process of invalidating reception using an old encryption key as a predetermined process.
- the clock 33 manages the time in the storage device 1 and manages the time using a clock generated by a crystal oscillator or the like.
- An example of the clock 33 is a real time clock. In FIG. 1, the clock 33 is provided in the control module 3, but is not limited thereto, and may be provided in another part in the storage apparatus 1.
- the CPU 30 is a processing device that performs various controls and calculations, and implements various functions by executing programs stored in the ROM 32. That is, the CPU 30 functions as a determination unit 301 and a processing unit 302 as illustrated in FIG. Note that the CPU 30 executes processing as the determination unit 301 and the processing unit 302 based on the time of the clock 33. Here, the clock 33 is shifted by several minutes in one month and several hours in several years.
- the CPU 30 changes (adjusts) the time of the clock 33 to a reference time at a predetermined timing or by an instruction from an external device. Is provided.
- the function of changing the time of the clock 33 by the CPU 30 is performed independently of the functions of the determination unit 301 and the processing unit 302.
- the reference time can be acquired from a time server (not shown), for example.
- Such a change in the time of the clock 33 by the CPU 30 may cause a time change across a key time at which a predetermined process related to encryption key information is to be performed.
- the encryption key information of the control module 3 whose time has been changed can be brought into a correct state by the processing of the determination unit 301 and the processing unit 302 described later.
- the storage device 1 and the other devices 5 each change the encryption key stored in the RAM 21 of the channel adapter 2 at predetermined intervals (here, every day) in order to improve security. That is, the storage device 1 and the other devices 5 execute predetermined processing related to the encryption key information at the key time stored in advance in the RAM 31 in each device. By this processing, the encryption key information is updated, and the storage apparatus 1 and the other apparatuses 5 can perform encrypted communication with each other using the encryption key changed in each apparatus.
- the storage apparatus 1 and the other apparatus 5 have two encryption keys, and can switch between valid / invalid of transmission for each encryption key and valid / invalid of reception for each encryption key for each encryption key. In addition, when reception with two encryption keys is both effective, reception is possible with either encryption key.
- the determination unit 301 determines whether or not the key time is included in the check period between the key time at which the previous process was performed and the current time at the check timing set every predetermined time.
- the check timing is a fixed time period set by a timer (not shown), and is 2 minutes in this embodiment.
- the function as a timer can be realized, for example, by measuring time by the CPU 30.
- the check period is a period between the key time stored in the RAM 31 at which the previous process was performed and the current time, that is, the time of the clock 33.
- the determination unit 301 performs keying during a check period between the key time of the previous processing stored in the RAM 31 by the processing unit 302 and the time of the clock 33 at the check timing set every two minutes. It is determined whether or not the time is included. For example, when the key time at which the previous process was performed is 0:00 as the second key time and the current time is 8: 1, the determination unit 301 sets the time as 0:00 as the second key time. It is determined whether the key time is included in the check time between 8:01 as the current time. In this case, since the check period includes 8:00 as the third key time, the determination unit 301 includes the key time in the check period at the current check timing, that is, the current time. Judge that
- the processing unit 302 executes a predetermined process related to encryption key information (processing target information) to be executed at the key time.
- the processing unit 302 performs processing related to at least one of generation of an encryption key, and switching of validation or invalidation of transmission or reception using the encryption key as a predetermined process related to encryption key information at a key time.
- the processing unit 302 when the determination unit 301 determines that the check period includes 16:00 as the first key time, the processing unit 302 generates a new encryption key and sets it in the RAM 21. At the same time, a process for validating reception using a new encryption key is performed. In addition, when the determination unit 301 determines that the check period includes 0 o'clock as the second key time, the processing unit 302 validates the transmission using the new encryption key and also uses the old encryption Processing to invalidate transmission by key. Further, when the determination unit 301 determines that the check period includes 8 o'clock as the third key time, the processing unit 302 performs processing for invalidating reception using the old encryption key.
- the storage apparatus 1 updates the encryption key information with the processing from the first key time to the third key time as one cycle. It should be noted that the generation of the encryption key by the processing unit 302 and the switching between validation / invalidation of transmission / reception using the encryption key can be performed by various known methods, and detailed description thereof is omitted.
- the processing unit 302 when executing a predetermined process to be executed at the key time included in the check period, stores the key time in the RAM 31 as the key time at which the previous process was performed.
- the control module 3 including the determination unit 301 and the processing unit 302 described above is a processing device that executes a predetermined process related to processing target information at a preset key time.
- the RAM 31 can be said to be a storage unit that stores the key time at which the previous process was performed.
- FIG. 2 is a diagram illustrating an example of a procedure for updating encryption key information of a transmission-side casing and a reception-side casing as an example of the first embodiment.
- the transmission-side housing is a device that transmits data
- the reception-side housing is a device that receives data.
- the transmission-side housing and the reception-side housing are distinguished from each other in FIG. 2, but actually, the device as the transmission-side housing and the device as the reception-side housing are bidirectionally transmitting and receiving each other. Is to do. Accordingly, each process in the transmission-side housing and the reception-side housing is executed in each of the storage device 1 and the other devices 5.
- the transmission side housing and the reception side housing are described, the configuration of the storage apparatus 1 described above is used.
- the effective transmission period of the encryption key is 1 day (24 hours)
- the effective reception period is 40 hours, which is obtained by adding 8 hours before and after the effective transmission period.
- the reception side housing can be set up to 8 hours before and after even if there is a time lag between the time of the clock provided by the transmission side housing and the time of the clock provided by the reception side housing.
- the received packet can be decoded while allowing the deviation.
- the transmission valid period is a period in which the encryption key in the transmission side casing is valid, and after this period, the transmission side casing uses the encryption key to encrypt data for transmission. I can't do that.
- This transmission effective period starts with the processing for validating transmission using the encryption key in the transmission side housing (for example, the processing unit 302 of the storage apparatus 1), and the processing for invalidating the transmission using the encryption key in the transmission side housing. End with. Therefore, the transmission valid period includes the key time stored in the transmission-side housing (for example, the RAM 31 of the storage device 1) when the transmission validation process using the encryption key is performed, and the transmission invalidation process using the encryption key. This is a period between the key times to be performed.
- the reception valid period is a period in which the encryption key in the receiving case is valid. After this period, the receiving case can decrypt the received data using the encryption key. Disappear.
- This reception valid period starts with the reception validation process using the encryption key in the reception-side casing (for example, the processing unit 302 of the storage apparatus 1), and the reception invalidation process using the encryption key in the reception-side casing. End with. Therefore, the reception valid period includes the key time stored in the receiving side housing (for example, the RAM 31 of the storage device 1) at which the reception validation process using the encryption key is performed, and the reception invalidation process using the encryption key. This is a period between the key times to be performed.
- the storage apparatus 1 updates the encryption key information with processing from the first key time to the third key time as one cycle.
- the update process of the encryption key information by the functions of the determination unit 301 and the processing unit 302 in the storage apparatus 1 described above will be described separately for the update process of the encryption key information in each of the transmission side case and the reception side case.
- the transmission-side housing and the reception-side housing update the encryption key information using the following processes (1) to (3) as one cycle.
- the transmission-side casing encrypts transmission data based on the encryption key 2 for 1/26 until 16:00 of 1/26. Further, the reception side case decrypts the received data based on the encryption key 2 for 1/26 until 16:00 of 1/26.
- the processes (1) to (3) correspond to the key times at the time indicated by the arrows (1) to (3) in FIG. (1) 1/26 16:00 (first key time) ⁇
- Receiver case Generate and set encryption key 1 for the next day (1/27) (A2), and enable reception with encryption key 1 for the next day (1/27) (A3) (2) 1/27 o'clock (second key time) -Sending case: Enable transmission with encryption key 1 on the current day (1/27) (A4), disable transmission with encryption key 2 on the previous day (1/26) (A5) (3) 1/27 8:00 (third key time) ⁇ Receiving case: Invalidate reception with encryption key 2 on the previous day (1/26) (A6) As described above, the transmission side housing and the reception side housing repeatedly perform the processing of A1 to A6 with the processing of (1) to (3) as one cycle. The transmission-side casing and the reception-side casing each generate and set two encryption keys alternately, enable / disable transmission and reception, and update the encryption key information.
- the processes (1) to (3) are performed during the check period between the key time at which the previous process was performed and the time of the clock 33 at the check timing set every two minutes.
- the processing unit 302 executes the time.
- the storage apparatus 1 uses a plurality (two in this case) of encryption keys.
- the processing unit 302 before the transmission by one encryption key among the plurality of encryption keys is validated and after the invalidation, the predetermined period is the one of the one encryption key and the plurality of encryption keys. Reception using another encryption key is enabled.
- the storage apparatus 1 uses the encryption key 1 or 2 to receive the encryption key 1 or 2 valid period (40 hours here) used when decrypting the received packet. Is set to be longer than the effective transmission period (here, 24 hours) of the encryption key 1 or 2 used when encrypting the packet to be transmitted. As a result, as shown in FIG. 2, in the receiving case, for example, between 16:00 on 1/27 and 8 o'clock on 1/28, both encryption keys 1 and 2 have a valid reception period. At this time, the receiving housing can decrypt the encrypted packet received from the transmitting housing using either the encryption key 1 or 2.
- the reception-side housing has a predetermined period, that is, The received packet can be decoded while allowing a time lag of up to 8 hours before and after.
- FIGS. 3A to 3E illustrate determinations in the storage apparatus 1 as an example of the first embodiment. It is a figure for demonstrating the judgment method whether the key time is contained in the check period by the part 301.
- FIG. 3A illustrates the determination unit and the processing unit when the time of the clock is changed in the first embodiment.
- the processing unit 302 executes a predetermined process to be performed at 8:00 on 1/27, and the RAM 31 has 1/27 as the key time at which the previous process was performed. 27 o'clock information is stored.
- the states shown in FIGS. 3A to 3E are states after the time of the clock 33 is changed by the CPU 30 and the time of the clock 33 as the current time is corrected. .
- FIG. 3 (a) shows an example of the case where the current time is between 18:00 and 18:00.
- FIG. 3B shows an example of the case where the current time is between 16:00 on 1/27 and 00:00 on 1/28.
- FIG. 3 (c) shows an example of the case where the current time is between 0 o'clock and 8 o'clock of 1/27.
- FIG. 3D shows an example of the case where the current time is between 0 o'clock and 8 o'clock of 1/28.
- FIG. 3E shows an example of the case where the current time is between 16:00 of 1/26 and 0:00 of 1/27.
- the determination unit 301 determines whether or not the key time is included in the check period between the key time at which the previous process was performed and the current time at the check timing set every predetermined time. to decide. For example, at the check timing set every 2 minutes, the determination unit 301 sets the key during the check period between the key time of the previous process stored in the RAM 31 by the processing unit 302 and the time of the clock 33. It is determined whether or not the time is included.
- the determination unit 301 sets the time of 1/27, which is the key time for the previous processing, and the time of the clock 33, which is the current time. It is determined whether or not the key time is included in the check period. In FIGS. 3A to 3E, the check period is shaded. In the case shown in FIG. 3A, the key time is not included in the check period. Accordingly, the determination unit 301 determines that the key time is not included in the check period, and waits until the next check timing after 2 minutes.
- the check period includes 1/27, 16:00, which is the key time. Accordingly, the determination unit 301 determines that the key time is included in the check period, and the processing unit 302 performs a predetermined process to be executed at the key time. Further, the processing unit 302 stores the information at 16:00 on 1/27 that is the key time in the RAM 31 as the key time at which a new previous process was performed. Then, the determination unit 301 waits until the next check timing after 2 minutes.
- the state shown in FIG. 3A can occur when the time of the clock 33 is changed to a time between the key time at which the previous process was performed and the next key time. Specifically, in the example shown in FIG. 3A, this may occur when the time of the clock 33 is changed to a time between 8:00 and 16:00 on 1/27. Note that the state shown in FIG. 3A can also occur during normal operation, that is, when the time of the clock 33 is not changed.
- 3B can occur when the time of the clock 33 is changed to a time between the next key time and the next key time. Specifically, in the example shown in FIG. 3B, this may occur when the time of the clock 33 is changed to a time between 16:00 on 1/27 and 0:00 on 1/28. Note that the state shown in FIG. 3B can also occur during normal operation, that is, when the time of the clock 33 is not changed.
- the determination unit 301 determines that the key time is not included in the check period, and waits until the next check timing after 2 minutes.
- the state shown in FIG. 3C is when the time of the clock 33 is changed to a time between the key time at which the previous process was performed and the key time at which the previous process was performed, ie, the clock. This may occur when the time 33 is before (past) the key time at which the previous process was performed. Specifically, in the example shown in FIG. 3 (c), this state is obtained when the time of the clock 33 is changed to a time between 8:00 on 1/27 and 0:00 on 1/27. Can occur.
- the check period includes 1/27 of 16:00 and 1/28 of 0:00, and includes two key times.
- the state shown in FIG. 3D may occur when the time of the clock 33 is changed to a time that is earlier (future) than the next key time. Specifically, in the example shown in FIG. 3D, this state may occur when the time of the clock 33 is changed to a time that is earlier (future) than 0/28 of 1/28. At this time, the time of the clock 33 is changed after a time of 16 hours or more from the key time at which the previous processing was performed.
- the processing unit 302 initializes encryption key information.
- the time difference between the time of the clock 33 and the time of the clock provided by another device 5 is more than the time between the two key times. It is preferable to re-establish encrypted communication between the storage device 1 and the other device 5.
- the time of the clock 33 is a time that is earlier (future) than the next key time, that is, 16 hours or more in the example shown in FIG. This is because it is unlikely that the time will be changed, and there may be some serious abnormality in the storage apparatus 1.
- the processing unit 302 clears the transmission / reception effective period of the encryption keys 1 and 2 and clears the encryption keys 1 and 2 stored in the RAM 21. Then, the connection between the storage device 1 and the other device 5 is disconnected.
- the processing unit 302 executes the initialization process (reset of encrypted communication with the other apparatus 5) similar to that at the time of starting the storage apparatus 1 together with the channel adapter 2, and the storage apparatus 1 and the other apparatus 5. Establish an IPsec connection with the server and perform encrypted communication.
- the processing unit 302 can eliminate the inconsistency of the encryption key information due to a long time lag between the storage apparatus 1 and the other apparatus 5.
- the check period includes 0/27 of 1/27 which is the key time.
- the state shown in FIG. 3E can occur when the time of the clock 33 is changed to a time that is earlier (past) than the key time at which processing was performed two times before. Specifically, in the example shown in FIG. 3D, this state can occur when the time of the clock 33 is changed to a time before (past) before 1/20 of 0:00. At this time, the time of the clock 33 is changed after 8 hours or more from the key time at which the previous processing was performed.
- the processing unit 302 initializes the encryption key information as in the case shown in FIG. 3D and 3E, the processing unit 302 may output some error and notify the administrator instead of performing the initialization process. Alternatively, it is desirable that the processing unit 302 outputs some error together with the initialization process and notifies the administrator. Further, error output and notification to the administrator can be performed by various known methods, and detailed description thereof is omitted.
- FIG. 4 is a flowchart for explaining operations of the determination unit 301 and the processing unit 302 in the storage apparatus 1 as an example of the first embodiment.
- step S1 if the determination unit 301 determines that 0:00, 8:00, or 16:00 is not included in the check period (No route in step S1), the determination unit 301 continues until the next check timing. stand by. On the other hand, if it is determined by the determination unit 301 in step S1 that 0, 8 and 16:00 are included in the check period (Yes route of step S1), the determination unit 301 determines the current time of the clock 33. Is determined to be past the key time at which the previous processing was performed (step S2).
- step S2 determines in step S2 that the current time is not past the key time at which the previous process was performed (No route in step S2)
- the determination unit 301 uses the key included in the check period. It is determined whether or not the number of times is one (step S3).
- the processing unit 302 initializes the encryption key information. And the IPsec connection between the storage device 1 and the other device 5 is re-established (step S9).
- step S3 when the determination unit 301 determines that the number of key times included in the check period is not one (No route in step S3), the process proceeds to step S9.
- the determination unit 301 determines in step S3 that the number of key times included in the check period is one (Yes route in step S3), the determination unit 301 includes the key time in the check period. It is determined whether the key time is 0, 8 or 16:00 (step S4).
- step S4 when the determination unit 301 determines that the key time included in the check period is 0:00 (0 o'clock route in step S4), the processing unit 302 performs a predetermined process to be executed at 0:00. Executed. That is, the processing unit 302 validates the transmission of the encryption key for the current day and invalidates the transmission of the encryption key for the previous day (step S5).
- step S4 when the determination unit 301 determines that the key time included in the check period is 8 o'clock (8 o'clock route in step S4), the processing unit 302 executes a predetermined time to be executed at 8 o'clock. Processing is executed. That is, the reception of the encryption key for the previous day is invalidated by the processing unit 302 (step S6).
- step S4 when the determination unit 301 determines that the key time included in the check period is 16:00 (16:00 route in step S4), the processing unit 302 executes a predetermined time to be executed at 16:00. Processing is executed. That is, the encryption key for the next day is generated by the processing unit 302 and stored in the RAM 21, and reception of the encryption key for the next day is validated (step S7).
- the processing unit 302 stores the key time in the check period as the key time for the previous processing in the RAM 31 (step S8). Thereafter, the determination unit 301 waits until the next check timing. Through the above procedure, the determination unit 301 and the processing unit 302 execute an encryption key update process.
- the determination unit 301 performs the previous processing in the processing device that executes the predetermined processing related to the processing target information at the preset key time. It is determined whether or not the key time is included in a check period between the key time and the current time. When the determination unit 301 determines that the key time is included in the check period, the processing unit 302 executes a predetermined process to be executed at the key time.
- the check period is between the key time at which the previous process was performed and the current time.
- the key time spanned is included (see FIG. 3B). Accordingly, the determination unit 301 can reliably detect that a time change has occurred over a key time at which a predetermined process related to encryption key information is to be performed due to a time change of the clock 33, and the processing unit 302 A predetermined process to be executed at the time can be executed.
- the determination unit 301 and the processing unit 302 when the time change of the clock 33 causes a time change that crosses the key time for performing a predetermined process related to the encryption key information, the encryption key of the storage apparatus 1 that has changed the time. Information can be in the correct state.
- the processing unit 302 initializes the processing target information. Even if the determination unit 301 determines that the key period is included in the check period, the processing unit 302 determines that the check period includes two or more key times. The processing target information is initialized.
- the processing unit 302 can eliminate the inconsistency of the encryption key information due to a long time lag between the storage apparatus 1 and the other apparatus 5.
- the storage device 1 as a processing device includes the RAM 31 as a storage unit that stores the key time at which the previous processing was performed. Then, the determination unit 301 determines whether or not the key time is included in the check period, using the key time stored in the RAM 31 and performed the previous process.
- the determination unit 301 can store the key time at which the previous process has been stored in the RAM 31. Based on the current time of the clock 33, it is possible to determine whether or not the key time for performing a predetermined process is included in the check period.
- the processing unit 302 executes a predetermined process to be executed at the key time determined to be included in the check period by the determination unit 301, the key time is used as the key time for performing the previous process in the RAM 31.
- the processing unit 302 updates the key time at which the previous process was stored in the RAM 31 with the key time at which the predetermined process was performed.
- the control module 3 can easily determine which of the preset key times has been executed up to a predetermined process, and the determination unit 301 can determine whether the key time is within the check period. It can be determined whether or not it is included based on the key time at which the latest previous process was performed. Further, at the key time, the processing unit 302 performs processing related to at least one of generation of an encryption key, or switching between validation or invalidation of transmission or reception using the encryption key, as predetermined processing related to encryption key information. . A plurality of encryption keys are used as the encryption key.
- the processing unit 302 before the transmission with one encryption key among the plurality of encryption keys is validated and after it is invalidated, for a predetermined period (8 hours in this case), one encryption key and Reception by another encryption key of the plurality of encryption keys is validated.
- the storage apparatus 1 has a time lag of up to 8 hours before and after, even when a time difference between the time of the clock provided by the other apparatus 5 and the time of the clock 33 provided by the storage apparatus 1 occurs.
- the received packet can be decoded.
- the determination unit 301 and the processing unit 302 in the storage apparatus 1 as an example of the first embodiment are not limited to the above-described operations, and for example, refer to FIGS. 5 and 6 below. However, it may be executed as in a modification of the first embodiment described below.
- the storage apparatus 1 as an example of this modification also has the same configuration as that of the storage apparatus 1 as an example of the first embodiment described above unless otherwise specified, and thus the description thereof is omitted.
- the previous processing time is stored in the RAM 31 instead of the key time at which the previous processing was performed.
- the judgment part 301 of the modification of 1st Embodiment is a key time in the check period between the last process time stored in RAM31 and the present time in the check timing set for every predetermined time. It is determined whether or not is included.
- the check period is between the previous processing time and the current time.
- the previous processing time described above may be the time itself or information for specifying the time. Hereinafter, these are collectively referred to simply as “processing time”.
- the determination unit 301 sets the key during a check period between the previous processing time stored in the RAM 31 by the processing unit 302 and the time of the clock 33 at the check timing set every two minutes, for example. It is determined whether or not the time is included.
- the processing unit 302 executes a predetermined process related to encryption key information (processing target information) to be executed at the key time. Specifically, it corresponds to (1) to (3) described with reference to FIG. 2 depending on whether the key time included in the check period is 0:00, 8:00, or 16:00. Perform processing.
- the processing unit 302 executes a predetermined process to be executed at the key time included in the check period, the processing unit 302 stores information on the processing time at which the predetermined process is executed in the RAM 31 as the previous processing time. .
- the processing unit 302 may accumulate the previous processing time information as a processing time log and store the accumulated information in the RAM 31.
- control module 3 including the determination unit 301 and the processing unit 302 in the modified example of the first embodiment described above is a processing device that executes predetermined processing related to processing target information at a preset key time.
- the RAM 31 can be said to be a storage unit that stores the previous processing time.
- FIGS. 5A to 5E are diagrams for explaining a method for determining whether or not a key time is included in the check period by the determination unit 301 in the storage apparatus 1 as a modification of the first embodiment. It is.
- the processing unit 302 executes a predetermined process to be performed at 8:00 on 1/27, and the RAM 31 stores 8/2 of 1/27 as the previous processing time. Stores information for 1 minute.
- the states shown in FIGS. 5A to 5E are states after the time of the clock 33 is changed by the CPU 30 and the time of the clock 33 as the current time is corrected. .
- FIG. 5 (a) shows an example of the case where the current time is between 18:00 and 18:00.
- FIG. 5B shows an example of a case where the current time is between 17:00 on 1/27 and 00:00 on 1/28.
- FIG. 5C shows an example of the case where the current time is between 0 o'clock and 8 o'clock of 1/27.
- FIG. 5D shows an example of the case where the current time is between 0 o'clock and 8 o'clock of 1/28.
- FIG. 5 (e) shows an example of the case where the current time is between 16:00 on 1/26 and 0:00 on 1/27.
- the determination unit 301 in the storage device 1 as the present modification includes the key time in the check period between the previous processing time and the current time at the check timing set every predetermined time. It is determined whether or not.
- the determination unit 301 includes the key time in the check period between the previous processing time stored in the RAM 31 by the processing unit 302 and the time of the clock 33 at the check timing set every two minutes. It is determined whether or not.
- the determination unit 301 sets the previous processing time 1/27 at 8: 1 and the current time of the clock 33. It is determined whether or not the key time is included in the check period. In FIG. 5, the check period is shaded. In the case shown in FIG. 5A, the key time is not included in the check period. Accordingly, the determination unit 301 determines that the key time is not included in the check period, and waits until the next check timing after 2 minutes.
- the check period includes 1/27, 16:00, which is the key time. Accordingly, the determination unit 301 determines that the key time is included in the check period, and the processing unit 302 performs a predetermined process to be executed at the key time. Further, the processing unit 302 stores, in the RAM 31, information of 1/27 16:40 that has been subjected to processing to be performed at 1/27 16:00, which is the key time, as a new previous processing time. Then, the determination unit 301 waits until the next check timing after 2 minutes.
- the state shown in FIG. 5A can occur when the time of the clock 33 is changed to a time between the key time at which the previous process was performed and the next key time. Specifically, in the example shown in FIG. 5A, this state can occur when the time of the clock 33 is changed to a time between 8:00 and 16:00 on 1/27. Note that the state shown in FIG. 5A can also occur during normal operation, that is, when the time of the clock 33 is not changed.
- the state shown in FIG. 5B can occur when the time of the clock 33 is changed to a time between the next key time and the next key time. Specifically, in the example shown in FIG. 5B, this state is obtained when the time of the clock 33 is changed to a time between 1/27 16:00 and 1/28 0:00. Can occur. Note that the state shown in FIG. 5B can also occur during normal operation, that is, when the time of the clock 33 is not changed. For example, this corresponds to the case where the time of the previous check timing is “next key time” ⁇ “any time within a predetermined time of the check timing”. At this time, the current check timing, that is, the current time is “next key time” + “predetermined time of check timing ⁇ the above arbitrary time”.
- the check period includes 1/27 of 8:00, which is the key time.
- the state shown in FIG. 5C is when the time of the clock 33 is changed to a time between the key time at which the previous processing was performed and the key time at which the previous processing was performed, that is, the clock 33. May occur when the previous time is before (the past) the key time at which the previous processing was performed. Specifically, in the example shown in FIG. 5C, this state is obtained when the time of the clock 33 is changed to a time between 8:00 on 1/27 and 0:00 on 1/27. Can occur.
- the processing unit 302 suppresses execution of a predetermined process to be executed at the key time. Then, the determination unit 301 waits until the next check timing after 2 minutes. For example, when the key time is included in the check period and the current time is earlier than the previous processing time, the key time included in the check period is the key time at which the previous processing was performed (FIG. 5 (c)). In this case, since the predetermined process to be performed at the key time has already been executed at the previous process time, the processing unit 302 suppresses the predetermined process to be performed at the key time.
- the determination unit 301 and the processing unit 302 again perform the previous processing at the key time again even when the key time is included in the check period and the current time is earlier than the previous processing time. You don't have to. Further, in both cases shown in FIGS. 5D and 5E, two key times are included in the check period.
- the check period includes 1/27 of 16:00 and 1/28 of 0:00.
- the state shown in FIG. 5D can occur when the time of the clock 33 is changed to a time that is earlier (future) than the next key time. Specifically, in the example shown in FIG. 5D, this state can occur when the time of the clock 33 is changed to a time that is earlier (future) than 0/28 of 1/28. At this time, the time of the clock 33 is changed after a time of 16 hours or more from the previous processing time.
- the check period includes 0/27 of 0/27 and 8 o'clock of 1/27.
- the state shown in FIG. 5E can occur when the time of the clock 33 is changed to a time that is earlier (past) than the key time at which processing was performed two times before. Specifically, in the example shown in FIG. 5E, this state can occur when the time of the clock 33 is changed to a time (past) before 2:00 of 1/27.
- FIG. 6 is a flowchart for explaining the operations of the determination unit 301 and the processing unit 302 in the storage apparatus 1 as an example of a modification of the first embodiment.
- steps S2 and S3 in FIG. 4 are changed, and steps S20 and S21 are executed instead of step S2.
- steps denoted by the same reference numerals as those already described indicate the same or substantially the same steps, and a part of the description thereof is omitted.
- the determination unit 301 determines in step S1 that 0 o'clock, 8 o'clock, and 16 o'clock are included in the check period.
- step S1 when the determination unit 301 determines that 0, 8 and 16:00 are included in the check period (Yes route of step S1), the determination unit 301 includes the key time included in the check period. It is determined whether or not the number is one (step S3).
- step S3 when the determination unit 301 determines that the number of key times included in the check period is not one (No route in step S3), the processing unit 302 initializes the encryption key information, The IPsec connection between the storage device 1 and the other device 5 is reestablished (step S9).
- step S3 determines the current time of the clock 33. Is determined to be past from the previous processing time (step S20).
- step S20 when it is determined by the determination unit 301 that the current time is not past the key time at which the previous process was performed (No route in step S20), the key time included in the check period is 0:00. It is determined whether the time is 8 o'clock or 16 o'clock (step S4). Thereafter, processing is performed according to the procedure described with reference to FIG.
- step S20 determines whether the current time is past the key time at which the previous process was performed (Yes route in step S20). If it is determined by the determination unit 301 in step S20 that the current time is past the key time at which the previous process was performed (Yes route in step S20), the processing unit 302 causes the key within the check period. Execution of a predetermined process to be executed at the time is suppressed (step S21). Thereafter, the determination unit 301 waits until the next check timing.
- the determination unit 301 and the processing unit 302 execute an encryption key update process.
- the control module 3 can easily determine the time when the predetermined processing to be performed at the previous key time is executed.
- the determination unit 301 can determine whether or not the key time is included in the check period based on the latest previous processing time.
- the RAM 31 can store the past processing time as a log, the RAM 31 adjusts the key time for executing a predetermined process related to the encryption key information, the check timing time, and the like based on the processing time log. be able to.
- C Others While the preferred embodiments of the present invention have been described in detail above, the present invention is not limited to such specific embodiments, and various modifications, within the scope of the present invention, It can be changed and implemented.
- the storage apparatus 1 performs encrypted communication using IPsec with the other apparatus 5 has been described so far.
- the present invention is not limited to this, and the encryption apparatus is used in each of the own apparatus and the communication partner apparatus. The same can be applied to other encrypted communications in which a key is generated and activation / inactivation is switched.
- the storage apparatus 1 was used as a transmission-side or reception-side apparatus in encrypted communication has been described, the present invention is not limited to this, and a server, a personal computer, or the like is used as a transmission-side or reception-side apparatus. The same can be done when performing encrypted communication.
- the encryption / decryption unit 201 is provided in the CPU 20 of the channel adapter 2 and the determination unit 301 and the processing unit 302 are provided in the CPU 30 of the control module 3, the present invention is not limited to this.
- the encryption / decryption unit 201, the determination unit 301, and the processing unit 302 may be provided in either the CPU 20 or the CPU 30, or may be provided in another CPU in the storage device 1 or the external device. .
- a program (processing program) for realizing the functions as the encryption / decryption unit 201, the processing unit 301, and the determination unit 302 is, for example, a flexible disk, a CD (CD-ROM, CD-R, CD-RW). Etc.), DVD (DVD-ROM, DVD-RAM, DVD-R, DVD + R, DVD-RW, DVD + RW, HD DVD, etc.), Blu-ray disc, magnetic disc, optical disc, magneto-optical disc, etc. Provided in recorded form.
- the computer reads the program from the recording medium, transfers it to the internal storage device or the external storage device, and uses it. Further, the program may be recorded in a storage device (recording medium) such as a magnetic disk, an optical disk, or a magneto-optical disk, and provided from the storage device to a computer via a communication line.
- a storage device recording medium
- a magnetic disk such as a magnetic disk, an optical disk, or a magneto-optical disk
- an internal storage device in this embodiment, the RAM 21 and ROM 22 of the channel adapter 2 and / or the RAM 31 and ROM 32 of the control module 3. Is executed by the microprocessor of the computer (CPU 20 of the channel adapter 2 and / or CPU 30 of the control module 3 in this embodiment). At this time, the computer may read and execute the program recorded on the recording medium.
- the computer is a concept including hardware and an operating system, and means hardware that operates under the control of the operating system. Further, when an operating system is unnecessary and hardware is operated by an application program alone, the hardware itself corresponds to a computer.
- the hardware includes at least a microprocessor such as a CPU and means for reading a computer program recorded on a recording medium.
- the control module as the channel adapter 2 or / and the processing device. 3 has a function as a computer.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
- Electric Clocks (AREA)
Abstract
Description
IPsecでは、IPパケットの暗号化に共有鍵暗号方式が用いられる。共有鍵暗号方式は、送信側及び受信側の装置で同じ暗号鍵を用いて暗号化通信を行なうものであり、送信側及び受信側のそれぞれの装置(例えば、リモート筐体)は、事前に暗号鍵の共有を行ない、IPsec接続を確立する。
なお、例えば、送信側及び受信側の各装置としてRAID装置を用いてiSCSIリモート筐体間コピーを行なう場合のように、RAID装置によっては、各RAID装置がそなえるIPsec機能を実現するモジュールに対して暗号鍵が設定されるものがある。具体的には、各RAID装置は、それぞれ自身で同じ論理(例えば、日付の情報を引数として暗号鍵を生成する関数等)によって暗号鍵を作成することにより、上述したIKEによらず、暗号鍵を共有することができるものがある。
例えば、各装置は、各装置がそなえる時計の時刻(現在の時刻)が暗号鍵情報の切替えに関する所定の処理(例えば、暗号鍵の生成及び設定,暗号鍵の有効化/無効化の切替え等)を行なうべき時間(例えば、0時台,8時台,16時台等)であるか否かを判断する。そして、各装置は、所定の処理を行なうべき時間であれば、該当する処理を実行することで暗号鍵の切替えを行なう。
ここで、時計の時刻変更(調整)により、暗号鍵情報に関する所定の処理を行なうべき時間を跨ぐ時刻変更が発生する場合がある。例えば、変更前の時計の時刻が暗号鍵情報の更新時間よりも前(過去)であり、変更後の時計の時刻が暗号鍵情報の更新時間よりも先(未来)となった場合、時刻変更を行なった装置では、時計の時刻変更により跨いだ(飛び越えた)時間に行なわれるべき暗号鍵情報に関する所定の処理が行なわれない。これにより、時刻変更を行なった装置と通信対象の装置との暗号鍵情報が一致しなくなるという問題がある。
図7(a)及び(b)は、送信側筐体における現在の時刻と所定の処理を行なうべき時刻との比較タイミングを示す図である。
図8は、送信側筐体で時刻変更が発生した場合の送信側筐体及び受信側筐体の暗号鍵の更新手順を示す図である。
また、送信側筐体及び受信側筐体は、2つの暗号鍵を持ち、暗号鍵毎に、暗号鍵による送信及び受信の有効又は無効を切り替えることができる。なお、2つの暗号鍵による受信がともに有効である場合は、いずれの暗号鍵によっても受信することができる。
例えば、16時台には、送信側筐体は、翌日分の暗号鍵1を生成し設定するとともに、受信側筐体は、翌日分の暗号鍵1を生成し設定して、翌日分の暗号鍵1による受信を有効化する処理を行なう。また、0時台には、送信側筐体は、当日の暗号鍵1による送信を有効化し、前日の暗号鍵2による送信を無効化する処理を行なう。さらに、8時台には、受信側筐体は、前日の暗号鍵2による受信を無効化する処理を行なう。
また、送信側筐体及び受信側筐体は、それぞれ、自身がそなえる時計の時刻を、所定のタイミングで、又は外部からの命令によって、変更(調整)することができる。
図7(a)及び(b)に示すように、送信側筐体は、A1~A8,B1~B7で表す矢印の時点で、現在の時刻が暗号鍵情報の切替えに関する所定の処理を行なうべき時間であるか否かを判断する。なお、図示は省略しているが、送信側筐体は、A1以前及びA8以降並びにB1以前及びB7以降においても同様に判断を行なう。なお、ここでは、A1~A8,B1~B7のそれぞれの間隔は、1時間である。
一方、送信側筐体は、A5の時点において、現在の時刻が暗号鍵情報の切替えに関する所定の処理を行なうべき時間としての1/27の16時台であると判断し、1/27の16時に行なうべき所定の処理、すなわち、1/28分の暗号鍵2を生成し設定する処理を行なう。
ここで、図7(b)に示す例においては、送信側筐体がB4の時点において現在の時刻と暗号鍵情報の切替えに関する所定の処理を行なうべき時間とを比較した後、タイマが設定された次の1時間に達する前に送信側筐体の時計の時刻が変更されている。すなわち、1/27の15時台から17時台に送信側筐体の時計の時刻が変更されたものとする。そして、送信側筐体は、B5の時点で現在の時刻と暗号鍵情報の切替えに関する所定の処理を行なうべき時間とを比較している。この場合、送信側筐体は、B5の時点において、現在の時刻が暗号鍵情報の切替えに関する所定の処理を行なうべき時間としての1/27の16時台ではないため、所定の処理を実施しない。
このとき、送信側筐体では、図8に示すように、1/27の16時に行なわれるべき1/28分の暗号鍵2が生成及び設定されないため、1/27の16時から1/29の16時までの暗号鍵2は、1/26分の暗号鍵となる。
一方、時刻の変更が発生していない受信側筐体においては、1/28の0時から8時までの間は1/27分の暗号鍵1及び1/28分の暗号鍵2が有効化されており、1/28の8時から16時までの間は、1/28分の暗号鍵2が有効化されている。また、1/28の16時から1/29の0時までの間は、1/28分の暗号鍵2及び1/29分の暗号鍵1が有効化されている。
上述のことから、暗号鍵情報に関する所定の処理を行なうべき時刻を跨ぐ時刻変更が発生した場合には、時刻変更を行なった筐体の暗号鍵情報と、時刻変更を行なっていない筐体の暗号鍵情報とが一致しなくなり、筐体間の暗号化通信が正常に行なえなくなるという課題がある。
なお、前記目的に限らず、後述する発明を実施するための形態に示す各構成により導かれる作用効果であって、従来の技術によっては得られない作用効果を奏することも本発明の他の目的の1つとして位置付けることができる。
(A)第1実施形態
(A-1)第1実施形態の構成
図1は、第1実施形態の一例としてのストレージ装置1の構成例を模式的に示す図である。
また、ストレージ装置1は、インターネットやLAN(Local Area Network)等のネットワーク100を介して、他の装置5と相互に送受信可能に接続され、IPsecを用いた暗号化通信を行なう。ここで、本実施形態においては、他の装置5は、ストレージ装置1とほぼ同様の構成であり、便宜上、図示やその説明を省略する。
また、ストレージ装置1は、後述する記憶部4のハードディスクドライブ(HDD;Hard Disk Drive)41-1~41-k(kは自然数)に対して、データの読み込み/書き込み(Read/Write)を行なう。ストレージ装置1及び他の装置5としては、例えば、RAID装置等が挙げられる。
ここで、共通鍵暗号方式では、ストレージ装置1及び他の装置5は、互いに同じ暗号鍵を共有する。本実施形態においては、ストレージ装置1及び他の装置5は、それぞれの装置で同じ論理(例えば、日付の情報を引数として暗号鍵を生成する関数等)によって暗号鍵を作成することで暗号鍵を共有することができる。
バッファメモリ23は、他の装置5から受信したデータや、他の装置5に対して送信するデータを一時的に格納する。ROM22は、CPU20が実行するプログラムや種々のデータを格納する記憶装置である。
また、以下、このRAM21に格納される2つの暗号鍵、並びに暗号鍵毎の送信の有効/無効及び暗号鍵毎の受信の有効/無効の情報等を、「暗号鍵情報」という。
暗号化/復号部201は、コントロールモジュール3から受け取った他の装置5へ送信するパケットを、RAM21に格納された暗号鍵を用いて暗号化する。また、暗号化/復号部201は、他の装置5から受信するパケットを、RAM21に格納された暗号鍵を用いて復号してコントロールモジュール3に受け渡す。
記憶部4は、複数のHDD41-1~41-kをそなえ、コントローラモジュール3から、これら複数のHDD41-1~41-kに対する各種制御を受ける。
複数のHDD41-1~41-kは、本実施形態においては、コントローラモジュール3により、RAID構成となっている。
なお、記憶部4は、HDD41-1~41-kの代わりに、複数のSSD(Solid State Drive)等の、ストレージ装置において利用可能な種々の記録媒体を用いることができる。
このコントロールモジュール3は、CPU30,RAM31,ROM32及び時計33をそなえている。
RAM31は、種々のデータやプログラムを一時的に格納する記憶領域であって、CPU30がプログラムを実行する際に、データやプログラムを一時的に格納・展開して用いる。
例えば、RAM31には、第1のキー時刻が、所定の処理として、新たな暗号鍵を生成してRAM21に設定する処理、及び新たな暗号鍵による受信を有効化する処理に対応付けられて格納される。また、RAM31には、第2のキー時刻が、所定の処理として、新たな暗号鍵による送信を有効化する処理及び古い暗号鍵による送信を無効化する処理に対応付けられて格納される。さらに、RAM31には、第3のキー時刻が、所定の処理として、古い暗号鍵による受信を無効化する処理に対応付けられて格納される。
なお、上述したキー時刻は、時刻そのものでも良く、また、時刻を特定するための情報であっても良い。以下、これらをまとめて、単に「キー時刻」という。
時計33は、ストレージ装置1内の時刻を管理するものであり、水晶発振器等によって生成されたクロックを用いて時刻を管理する。時計33としては、例えば、リアルタイムクロック等が挙げられる。なお、図1においては、時計33は、コントロールモジュール3にそなえられているが、これに限られず、ストレージ装置1内の他の部位にそなえられてもよい。
ここで、時計33は、一ヶ月で数分、数年で数時間程度のずれが発生する。
なお、本実施形態においては、ストレージ装置1及び他の装置5は、それぞれ、セキュリティ向上のため、チャネルアダプタ2のRAM21に格納された暗号鍵を所定の間隔で(ここでは毎日)変更する。すなわち、ストレージ装置1及び他の装置5は、それぞれの装置において、予めRAM31に格納されたキー時刻に暗号鍵情報に関する所定の処理を実行する。この処理により、暗号鍵情報が更新され、ストレージ装置1及び他の装置5は、それぞれの装置で変更された暗号鍵を用いて、相互に暗号化通信を行なうことができる。
判断部301は、所定時間毎に設定されたチェックタイミングにおいて、前回処理を行なったキー時刻と現在の時刻との間であるチェック期間にキー時刻が含まれているか否かを判断する。ここで、チェックタイミングは、図示しないタイマにより設定される一定の時間周期であり、本実施形態では2分とする。タイマとしての機能は、例えば、CPU30による計時によって実現することができる。なお、時計33の時刻と、タイマによる計時とは、互いに別個独立しており、時計33の時刻が変更された場合でも、タイマによる計時には影響を与えない。また、チェック期間は、RAM31に格納された前回処理を行なったキー時刻と、現在の時刻、すなわち時計33の時刻との間の期間である。
例えば、前回処理を行なったキー時刻が、第2のキー時刻としての0時であり、現在の時刻が8時1分である場合、判断部301は、第2のキー時刻としての0時と現在の時刻としての8時1分との間であるチェック時間に、キー時刻が含まれているか否かを判断する。この場合、当該チェック期間には、第3のキー時刻としての8時が含まれているため、判断部301は、現在のチェックタイミング、すなわち、現在の時刻において、チェック期間にキー時刻が含まれていると判断する。
すなわち、処理部302は、キー時刻に、暗号鍵情報に関する所定の処理として、暗号鍵の生成、又は暗号鍵による送信若しくは受信の有効化若しくは無効化の切り替えのうちの少なくとも一つに関する処理を行なう。
なお、処理部302による暗号鍵の生成や、暗号鍵による送信/受信の有効化/無効化の切り替えは、既知の種々の手法により行なうことが可能であり、その詳細な説明は省略する。
また、処理部302は、チェック期間に含まれているキー時刻に実行すべき所定の処理を実行すると、当該キー時刻を、前回処理を行なったキー時刻として、RAM31に格納する。
また、RAM31は、前回処理を行なったキー時刻を格納する格納部であるといえる。
(A-2)第1実施形態における暗号鍵情報の更新について
以下、本実施形態におけるストレージ装置1の判断部301及び処理部302による暗号鍵情報の更新処理について、送信側筐体及び受信側筐体を用いて詳述する。
送信側筐体は、本実施形態におけるストレージ装置1又は他の装置5による暗号化通信において、データを送信する側の装置であり、受信側筐体は、データを受信する側の装置である。なお、便宜上、図2において、送信側筐体と受信側筐体とを区別しているが、実際には、送信側筐体としての装置、及び受信側筐体としての装置は互いに双方向に送受信を行なうものである。従って、送信側筐体及び受信側筐体における各処理は、ストレージ装置1及び他の装置5のそれぞれの装置において実行される。
図2に示す例においては、暗号鍵の送信有効期間は1日(24時間)、受信有効期間は送信有効期間に前後8時間を加えた40時間である。これにより、受信側筐体は、送信側筐体がそなえる時計の時刻と、受信側筐体がそなえる時計の時刻との時間にずれが発生した場合であっても、前後8時間までの時間のずれを許容して、受信するパケットを復号することができる。
以下、上述したストレージ装置1における判断部301及び処理部302の機能による暗号鍵情報の更新処理を、送信側筐体及び受信側筐体のそれぞれにおける暗号鍵情報の更新処理に分けて説明する。図2に示すように送信側筐体及び受信側筐体は、以下の(1)~(3)の処理を一つのサイクルとして、暗号鍵情報を更新する。
(1)1/26 16時(第1のキー時刻)
・送信側筐体:翌日(1/27)分の暗号鍵1を生成し設定する(図2中、A1における処理)
・受信側筐体:翌日(1/27)分の暗号鍵1を生成し設定し(A2)、翌日(1/27)分の暗号鍵1による受信を有効化する(A3)
(2)1/27 0時(第2のキー時刻)
・送信側筐体:当日(1/27)の暗号鍵1による送信を有効化し(A4)、前日(1/26)の暗号鍵2による送信を無効化する(A5)
(3)1/27 8時(第3のキー時刻)
・受信側筐体:前日(1/26)の暗号鍵2による受信を無効化する(A6)
このように、送信側筐体及び受信側筐体は、(1)~(3)の処理を一つのサイクルとして、A1~A6の処理を繰り返し実施する。そして、送信側筐体及び受信側筐体は、それぞれ2つの暗号鍵を交互に生成・設定するとともに、送信及び受信の有効化/無効化を行ない、暗号鍵情報を更新する。
ここで、上述のように、ストレージ装置1においては、複数(ここでは2つ)の暗号鍵を用いる。そして、処理部302では、複数の暗号鍵のうちの一の暗号鍵による送信が有効化される前及び無効化された後も、所定の期間は、一の暗号鍵及び複数の暗号鍵のうちの他の暗号鍵による受信が有効化される。
これにより、図2に示すように、受信側筐体において、例えば、1/27の16時から1/28の8時の間は、暗号鍵1及び2がともに受信有効期間となる。このとき、受信側筐体は、送信側筐体から受信する暗号化されたパケットを、暗号鍵1又は2のどちらを用いても復号することができる。換言すれば、受信側筐体は、送信側筐体がそなえる時計の時刻と、受信側筐体がそなえる時計の時刻との時間にずれが発生した場合であっても、所定の期間、すなわち、前後8時間までの時間のずれを許容して、受信するパケットを復号することができる。
図3(a)~(e)は、第1実施形態の一例としてのストレージ装置1における判断部301による、チェック期間にキー時刻が含まれているか否かの判断方法を説明するための図である。
例えば、判断部301は、2分毎に設定されたチェックタイミングにおいて、それぞれ処理部302によってRAM31に格納されている前回処理を行なったキー時刻と時計33の時刻との間であるチェック期間にキー時刻が含まれているか否かを判断する。
なお、図3(a)~(e)中、チェック期間を網かけで示す。
図3(a)に示す場合には、チェック期間にキー時刻は含まれていない。従って、判断部301は、チェック期間にキー時刻が含まれていないと判断し、2分後の次回のチェックタイミングまで待機する。
なお、図3(c)に示す状態は、時計33の時刻が、2つ前に処理を行なったキー時刻と、前回処理を行なったキー時刻との間の時刻に変更された場合、すなわち時計33の時刻が前回処理を行なったキー時刻よりも前(過去)になった場合に生じうる。具体的には、この状態は、図3(c)に示す例においては、時計33の時刻が、1/27の8時から1/27の0時までの間の時刻に変更された場合に生じうる。
このように、チェック期間にキー時刻が2つ以上含まれている場合、すなわち、時計33の時刻と、他の装置5がそなえる時計の時刻との間のずれが、2つのキー時刻の間以上の時間となる場合には、ストレージ装置1と他の装置5との暗号化通信を再確立することが好ましい。
例えば、チェック期間にキー時刻が2つ以上含まれている場合、処理部302は、暗号鍵1及び2の送信/受信有効期間のクリアや、RAM21に格納した暗号鍵1及び2のクリアを行ない、ストレージ装置1と他の装置5との接続を切断する。そして、処理部302はチャネルアダプタ2とともに、ストレージ装置1の起動時と同様の初期化処理(他の装置5との暗号化通信の再設定)を実行して、ストレージ装置1と他の装置5との間でIPsec接続を確立して、暗号化通信を行なう。
また、図3(e)に示す場合には、チェック期間にキー時刻である1/27の0時が含まれている。この図3(e)に示す状態は、時計33の時刻が、2つ前に処理を行なったキー時刻よりも前(過去)の時刻に変更された場合に生じうる。具体的には、この状態は、図3(d)に示す例においては、時計33の時刻が、1/27の0時よりも前(過去)の時刻に変更された場合に生じうる。このとき、時計33の時刻は、前回処理を行なったキー時刻から8時間以上の時間を空けて変更されることになる。
なお、図3(d),(e)に示す場合には、処理部302は、初期化処理を行なう代わりに、何らかのエラー出力をし、管理者に通知しても良い。若しくは、処理部302は、初期化処理と併せて、何らかのエラー出力をし、管理者に通知することが望ましい。また、エラー出力及び管理者への通知は、既知の種々の手法により行なうことが可能であり、その詳細な説明は省略する。
はじめに、判断部301により、所定時間、例えば2分毎に設定されたチェックタイミングにおいて、RAM31に格納された前回処理を行なったキー時刻と時計33の現在の時刻との間のチェック期間内に、キー時刻である0時,8時,16時が含まれるか否かが判断される(ステップS1)。
一方、ステップS1において、チェック期間内に0時,8時,16時が含まれると判断部301によって判断された場合は(ステップS1のYesルート)、判断部301により、時計33の現在の時刻が、前回処理を行なったキー時刻より過去であるか否かが判断される(ステップS2)。
一方、ステップS2において、現在の時刻が、前回処理を行なったキー時刻より過去であると判断部301によって判断された場合は(ステップS2のYesルート)、処理部302により、暗号鍵情報が初期化され、ストレージ装置1と他の装置5とのIPsec接続が再確立される(ステップS9)。
一方、ステップS3において、チェック期間内に含まれるキー時刻の数が1つであると判断部301によって判断された場合は(ステップS3のYesルート)、判断部301により、チェック期間内に含まれるキー時刻が0時,8時,16時のいずれの時刻であるかが判断される(ステップS4)。
また、ステップS4において、チェック期間内に含まれるキー時刻が8時であると判断部301によって判断された場合は(ステップS4の8時ルート)、処理部302により、8時に実行すべき所定の処理が実行される。すなわち、処理部302により、前日の暗号鍵の受信が無効化される(ステップS6)。
以上の手順により、判断部301及び処理部302は、暗号鍵の更新処理を実行する。
これにより、判断部301は、時計33の時刻変更により暗号鍵情報に関する所定の処理を行なうべきキー時刻を跨ぐ時刻変更が発生したことを確実に検出することができ、処理部302は、当該キー時刻に実行すべき所定の処理を実行することができる。従って、判断部301及び処理部302は、時計33の時刻変更により暗号鍵情報に関する所定の処理を行なうべきキー時刻を跨ぐ時刻変更が発生した場合に、時刻変更を行なったストレージ装置1の暗号鍵情報を正しい状態にすることができる。
また、第1実施形態によれば、処理装置としてのストレージ装置1は、前回処理を行なったキー時刻を格納する格納部としてのRAM31をそなえる。そして、判断部301により、RAM31に格納された前回処理を行なったキー時刻を用いて、チェック期間にキー時刻が含まれているか否かが判断される。
また、処理部302により、判断部301によってチェック期間に含まれていると判断されたキー時刻に実行すべき所定の処理が実行された後、当該キー時刻が前回処理を行なったキー時刻としてRAM31に格納される。すなわち、処理部302は、所定の処理を行なった後に、当該所定の処理を行なったキー時刻によって、RAM31に格納された前回処理を行なったキー時刻を更新する。
さらに、処理部302は、キー時刻に、暗号鍵情報に関する所定の処理として、暗号鍵の生成、又は暗号鍵による送信若しくは受信の有効化若しくは無効化の切り替えのうちの少なくとも一つに関する処理を行なう。また、暗号鍵として、複数の暗号鍵が用いられる。そして、処理部302では、複数の暗号鍵のうちの一の暗号鍵による送信が有効化される前及び無効化された後も、所定の期間(ここでは8時間)は、一の暗号鍵及び複数の暗号鍵のうちの他の暗号鍵による受信が有効化される。
(B)第1実施形態の変形例
第1実施形態の一例としてのストレージ装置1における判断部301及び処理部302については、上述した動作に限らず、例えば以下に図5及び図6を参照しながら説明する第1実施形態の変形例のように実行してもよい。
本変形例においては、RAM31には、前回処理を行なったキー時刻の代わりに、前回の処理時刻が格納される。そして、第1実施形態の変形例の判断部301は、所定時間毎に設定されたチェックタイミングにおいて、RAM31に格納されている前回の処理時刻と現在の時刻との間であるチェック期間にキー時刻が含まれているか否かを判断する。
具体的には、判断部301は、例えば2分毎に設定されたチェックタイミングにおいて、処理部302によってRAM31に格納されている前回の処理時刻と時計33の時刻との間であるチェック期間にキー時刻が含まれているか否かを判断する。
具体的には、チェック期間に含まれているキー時刻が0時,8時,16時のいずれの時刻かに応じて、図2を参照しながら説明した(1)~(3)に相当する処理を行なう。
また、RAM31は、前回の処理時刻を格納する格納部であるといえる。
図5(a)~(e)は、第1実施形態の変形例としてのストレージ装置1における判断部301による、チェック期間にキー時刻が含まれているか否かの判断方法を説明するための図である。
例えば、判断部301は、2分毎に設定されたチェックタイミングにおいて、それぞれ処理部302によってRAM31に格納されている前回の処理時刻と時計33の時刻との間であるチェック期間にキー時刻が含まれているか否かを判断する。
なお、図5中、チェック期間を網かけで示す。
図5(a)に示す場合には、チェック期間にキー時刻は含まれていない。従って、判断部301は、チェック期間にキー時刻が含まれていないと判断し、2分後の次回のチェックタイミングまで待機する。
なお、図5(b)に示す状態は、通常の運用、すなわち、時計33の時刻の変更がない場合にも生じうる。例えば、前回のチェックタイミングの時刻が、「次のキー時刻」-「チェックタイミングの所定時間内である任意の時間」である場合に該当する。このとき、今回のチェックタイミング、すなわち現在の時刻が、「次のキー時刻」+「チェックタイミングの所定時間-上記任意の時間」となる。具体的には、例えば、前回のチェックタイミングの時刻が、「1/27の16時」-「1分30秒(チェックタイミングの所定時間は2分)」=「1/27の15時58分30秒」である場合、現在の時刻は、「1/27の16時」+「2分-1分30秒」=1/27の16時0分30秒となる。従って、図5(b)に示す状態は、通常の運用、すなわち、時計33の時刻の通常の経過によっても生じうる。
例えば、チェック期間にキー時刻が含まれており、かつ、現在の時刻が前回の処理時刻よりも過去の場合、チェック期間内に含まれるキー時刻は、前回処理を行なったキー時刻となる(図5(c)参照)。この場合、当該キー時刻に行なうべき所定の処理は既に前回の処理時刻に実行されているため、処理部302は、当該キー時刻に行なうべき所定の処理を抑止する。
また、図5(d)及び(e)に示す場合には、いずれの場合も、チェック期間にキー時刻が2つ含まれている。
図6は、第1実施形態の変形例の一例としてのストレージ装置1における判断部301及び処理部302の動作を説明するためのフローチャートである。
以下、ステップS1において、チェック期間内に0時,8時,16時が含まれると判断部301によって判断された場合を説明する。
ステップS3において、チェック期間内に含まれるキー時刻の数が1つではないと判断部301によって判断された場合は(ステップS3のNoルート)、処理部302により、暗号鍵情報が初期化され、ストレージ装置1と他の装置5とのIPsec接続が再確立される(ステップS9)。
ステップS20において、現在の時刻が、前回処理を行なったキー時刻より過去ではないと判断部301によって判断された場合は(ステップS20のNoルート)、チェック期間内に含まれるキー時刻が0時,8時,16時のいずれの時刻であるかが判断され(ステップS4)、以降は、図4を参照しながら説明した手順で処理が行なわれる。
このように、第1実施形態の変形例によれば、上述した第1実施形態と同様の効果が得られる。また、格納部としてのRAM31に、前回の処理時刻が格納されるため、コントロールモジュール3は、前回のキー時刻に行なうべき所定の処理を実行した時刻を容易に判断することができる。これにより、判断部301は、チェック期間にキー時刻が含まれているか否かの判断を、最新の前回の処理時刻に基づいて行なうことができる。
(C)その他
以上、本発明の好ましい実施形態について詳述したが、本発明は、かかる特定の実施形態に限定されるものではなく、本発明の趣旨を逸脱しない範囲内において、種々の変形、変更して実施することができる。
また、暗号化通信における送信側又は受信側の装置として、ストレージ装置1を用いた場合について説明したが、本発明はこれに限られず、サーバやパーソナルコンピュータ等が送信側又は受信側の装置として、暗号化通信を行なう場合においても同様に実施することができる。
なお、これらの暗号化/復号部201,処理部301及び判断部302としての機能を実現するためのプログラム(処理プログラム)は、例えばフレキシブルディスク,CD(CD-ROM,CD-R,CD-RW等),DVD(DVD-ROM,DVD-RAM,DVD-R,DVD+R,DVD-RW,DVD+RW,HD DVD等),ブルーレイディスク,磁気ディスク,光ディスク,光磁気ディスク等の、コンピュータ読取可能な記録媒体に記録された形態で提供される。そして、コンピュータはその記録媒体からプログラムを読み取って内部記憶装置または外部記憶装置に転送し格納して用いる。また、そのプログラムを、例えば磁気ディスク,光ディスク,光磁気ディスク等の記憶装置(記録媒体)に記録しておき、その記憶装置から通信回線を介してコンピュータに提供するようにしても良い。
2 チャネルアダプタ
20 CPU
201 暗号化/復号部
21 RAM
22 ROM
23 バッファメモリ
3 コントロールモジュール(処理装置)
30 CPU
301 判断部
302 処理部
31 RAM(格納部)
32 ROM
33 時計
4 記憶部
41-1~41-k ハードディスクドライブ(HDD)
Claims (12)
- 予め設定されたキー時刻に処理対象情報に関する所定の処理を実行する処理装置であって、
所定時間毎に設定されたチェックタイミングにおいて、前回処理を行なったキー時刻と現在の時刻との間であるチェック期間に該キー時刻が含まれているか否かを判断する判断部と、
該判断部が、該チェック期間に該キー時刻が含まれていると判断した場合に、当該キー時刻に実行すべき該所定の処理を実行する処理部と、をそなえることを特徴とする、処理装置。 - 該処理部は、
該判断部が、該チェック期間に該キー時刻が含まれていると判断した場合であっても、該現在の時刻が前回処理を行なった該キー時刻よりも過去の場合には、該処理対象情報の初期化を行なうことを特徴とする、請求項1記載の処理装置。 - 該処理部は、
該判断部が、該チェック期間に該キー時刻が含まれていると判断した場合であっても、該チェック期間に該キー時刻が2つ以上含まれていると判断した場合には、該処理対象情報の初期化を行なうことを特徴とする、請求項1または請求項2記載の処理装置。 - 前回処理を行なった該キー時刻を格納する格納部をさらにそなえ、
該判断部は、該格納部に格納された前回処理を行なった該キー時刻を用いて、該チェック期間に該キー時刻が含まれているか否かを判断するとともに、
該処理部は、該判断部によって該チェック期間に含まれていると判断された該キー時刻に実行すべき該所定の処理を実行した後、当該キー時刻を前回処理を行なった該キー時刻として該格納部に格納することを特徴とする、請求項1~3のいずれか1項記載の処理装置。 - 予め設定されたキー時刻に処理対象情報に関する所定の処理を実行する処理装置であって、
所定時間毎に設定されたチェックタイミングにおいて、前回の処理時刻と現在の時刻との間であるチェック期間に該キー時刻が含まれているか否かを判断する判断部と、
該判断部が、該チェック期間に該キー時刻が含まれていると判断した場合に、当該キー時刻に実行すべき該所定の処理を実行する処理部と、をそなえることを特徴とする、処理装置。 - 該処理部は、
該判断部が、該チェック期間に該キー時刻が含まれていると判断した場合であっても、該現在の時刻が前回の該処理時刻よりも過去の場合には、当該キー時刻に実行すべき該所定の処理の実行を抑止することを特徴とする、請求項5記載の処理装置。 - 該処理部は、
該判断部が、該チェック期間に該キー時刻が含まれていると判断した場合であっても、該チェック期間に該キー時刻が2つ以上含まれていると判断した場合には、該処理対象情報の初期化を行なうことを特徴とする、請求項5または請求項6記載の処理装置。 - 前回の該処理時刻を格納する格納部をさらにそなえ、
該判断部は、該格納部に格納された前回の該処理時刻を用いて、該チェック期間に該キー時刻が含まれているか否かを判断するとともに、
該処理部は、該判断部によって該チェック期間に含まれていると判断された該キー時刻に実行すべき該所定の処理を実行した後、当該所定の処理を実行した処理時刻を前回の処理時刻として該格納部に格納することを特徴とする、請求項5~7のいずれか1項記載の処理装置。 - 該処理対象情報は暗号鍵情報であり、
該所定の処理は、暗号鍵の生成、又は該暗号鍵による送信若しくは受信の有効化若しくは無効化の切り替えのうちの少なくとも一つに関する処理であることを特徴とする、請求項1~8のいずれか1項記載の処理装置。 - 該暗号鍵は、複数の暗号鍵であり、
該複数の暗号鍵のうちの一の暗号鍵による送信が有効化される前及び無効化された後も、所定の期間は、該一の暗号鍵及び該複数の暗号鍵のうちの他の暗号鍵による受信が有効化されることを特徴とする、請求項9記載の処理装置。 - 予め設定されたキー時刻に処理対象情報に関する所定の処理を実行する処理方法であって、
所定時間毎に設定されたチェックタイミングにおいて、前回処理を行なったキー時刻と現在の時刻との間であるチェック期間に該キー時刻が含まれているか否かを判断するステップと、
該チェック期間に該キー時刻が含まれていると判断した場合に、当該キー時刻に実行すべき該所定の処理を実行するステップと、をそなえることを特徴とする、処理方法。 - 予め設定されたキー時刻に処理対象情報に関する所定の処理を実行する機能を、コンピュータに実現させる処理プログラムであって、
所定時間毎に設定されたチェックタイミングにおいて、前回処理を行なったキー時刻と現在の時刻との間であるチェック期間に該キー時刻が含まれているか否かを判断する判断部、および、
該判断部が、該チェック期間に該キー時刻が含まれていると判断した場合に、当該キー時刻に実行すべき該所定の処理を実行する処理部、として、前記コンピュータを機能させることを特徴とする、処理プログラム。
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10852528.8A EP2579500A1 (en) | 2010-06-04 | 2010-06-04 | Processing device, processing method, and processing program |
CN201080067171.6A CN102918796B (zh) | 2010-06-04 | 2010-06-04 | 处理装置、处理方法以及处理程序 |
PCT/JP2010/059546 WO2011151924A1 (ja) | 2010-06-04 | 2010-06-04 | 処理装置,処理方法及び処理プログラム |
JP2012518198A JP5601368B2 (ja) | 2010-06-04 | 2010-06-04 | 処理装置,処理方法及び処理プログラム |
KR1020127032021A KR101503581B1 (ko) | 2010-06-04 | 2010-06-04 | 처리 장치, 처리 방법 및 처리 프로그램을 기록한 컴퓨터 판독 가능한 기록 매체 |
US13/693,429 US20130097423A1 (en) | 2010-06-04 | 2012-12-04 | Processing device and computer-readable recording medium having stored therein processing program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2010/059546 WO2011151924A1 (ja) | 2010-06-04 | 2010-06-04 | 処理装置,処理方法及び処理プログラム |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/693,429 Continuation US20130097423A1 (en) | 2010-06-04 | 2012-12-04 | Processing device and computer-readable recording medium having stored therein processing program |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011151924A1 true WO2011151924A1 (ja) | 2011-12-08 |
Family
ID=45066319
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/059546 WO2011151924A1 (ja) | 2010-06-04 | 2010-06-04 | 処理装置,処理方法及び処理プログラム |
Country Status (6)
Country | Link |
---|---|
US (1) | US20130097423A1 (ja) |
EP (1) | EP2579500A1 (ja) |
JP (1) | JP5601368B2 (ja) |
KR (1) | KR101503581B1 (ja) |
CN (1) | CN102918796B (ja) |
WO (1) | WO2011151924A1 (ja) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3010173B1 (en) * | 2013-07-18 | 2019-01-16 | Nippon Telegraph And Telephone Corporation | Key storage device, key storage method, and program therefor |
US10051000B2 (en) * | 2015-07-28 | 2018-08-14 | Citrix Systems, Inc. | Efficient use of IPsec tunnels in multi-path environment |
CN108199837B (zh) * | 2018-01-23 | 2020-12-25 | 新华三信息安全技术有限公司 | 一种密钥协商方法及装置 |
CN112566116B (zh) * | 2020-12-15 | 2022-08-16 | 三维通信股份有限公司 | 确定密钥的方法、装置、存储介质及电子装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007104430A (ja) * | 2005-10-05 | 2007-04-19 | Matsushita Electric Ind Co Ltd | 暗号化データ送信装置、暗号化鍵更新方法、電子機器、プログラムおよび記録媒体 |
JP2007300312A (ja) * | 2006-04-28 | 2007-11-15 | Matsushita Electric Ind Co Ltd | 遠隔医療システムにおける鍵交換制御方式 |
JP2009065528A (ja) * | 2007-09-07 | 2009-03-26 | Hitachi Ltd | ストレージ装置及び暗号鍵変更方法 |
JP2009218751A (ja) * | 2008-03-07 | 2009-09-24 | Nec Corp | 暗号化装置、復号化キー情報管理方法、復号化キー情報管理制御プログラム、及び暗号化データ記憶装置 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004186814A (ja) * | 2002-11-29 | 2004-07-02 | Fujitsu Ltd | 共通鍵暗号化通信システム |
US7676679B2 (en) * | 2005-02-15 | 2010-03-09 | Cisco Technology, Inc. | Method for self-synchronizing time between communicating networked systems using timestamps |
US7468981B2 (en) * | 2005-02-15 | 2008-12-23 | Cisco Technology, Inc. | Clock-based replay protection |
JP2008103988A (ja) * | 2006-10-19 | 2008-05-01 | Fujitsu Ltd | 暗号通信システム、装置、方法及びプログラム |
US8717932B2 (en) * | 2006-11-29 | 2014-05-06 | Broadcom Corporation | Method and system for determining and securing proximity information over a network |
US8059819B2 (en) * | 2007-01-17 | 2011-11-15 | Panasonic Electric Works Co., Ltd. | Systems and methods for distributing updates for a key at a maximum rekey rate |
US8705348B2 (en) * | 2007-04-18 | 2014-04-22 | Cisco Technology, Inc. | Use of metadata for time based anti-replay |
JP2009100238A (ja) * | 2007-10-17 | 2009-05-07 | Nec Corp | 通信装置、通信システム及びそれらに用いる鍵再交換方法並びにそのプログラム |
KR20100069382A (ko) * | 2008-12-16 | 2010-06-24 | 한국전자통신연구원 | 시스템 동기를 이용한 트래픽 암호화 키 갱신 장치 및 방법 |
US9294270B2 (en) * | 2010-01-05 | 2016-03-22 | Cisco Technology, Inc. | Detection of stale encryption policy by group members |
-
2010
- 2010-06-04 WO PCT/JP2010/059546 patent/WO2011151924A1/ja active Application Filing
- 2010-06-04 EP EP10852528.8A patent/EP2579500A1/en not_active Withdrawn
- 2010-06-04 CN CN201080067171.6A patent/CN102918796B/zh not_active Expired - Fee Related
- 2010-06-04 JP JP2012518198A patent/JP5601368B2/ja not_active Expired - Fee Related
- 2010-06-04 KR KR1020127032021A patent/KR101503581B1/ko not_active IP Right Cessation
-
2012
- 2012-12-04 US US13/693,429 patent/US20130097423A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007104430A (ja) * | 2005-10-05 | 2007-04-19 | Matsushita Electric Ind Co Ltd | 暗号化データ送信装置、暗号化鍵更新方法、電子機器、プログラムおよび記録媒体 |
JP2007300312A (ja) * | 2006-04-28 | 2007-11-15 | Matsushita Electric Ind Co Ltd | 遠隔医療システムにおける鍵交換制御方式 |
JP2009065528A (ja) * | 2007-09-07 | 2009-03-26 | Hitachi Ltd | ストレージ装置及び暗号鍵変更方法 |
JP2009218751A (ja) * | 2008-03-07 | 2009-09-24 | Nec Corp | 暗号化装置、復号化キー情報管理方法、復号化キー情報管理制御プログラム、及び暗号化データ記憶装置 |
Also Published As
Publication number | Publication date |
---|---|
JP5601368B2 (ja) | 2014-10-08 |
JPWO2011151924A1 (ja) | 2013-07-25 |
CN102918796B (zh) | 2015-05-20 |
CN102918796A (zh) | 2013-02-06 |
US20130097423A1 (en) | 2013-04-18 |
EP2579500A1 (en) | 2013-04-10 |
KR20130026453A (ko) | 2013-03-13 |
KR101503581B1 (ko) | 2015-03-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5175615B2 (ja) | 利用装置、サーバ装置、サービス利用システム、サービス利用方法、サービス利用プログラム及び集積回路 | |
JP4065112B2 (ja) | リモートデータ記憶システムにおける暗号化と復号化のための方法及び装置。 | |
JP2008252174A (ja) | コンテンツ処理装置、暗号処理方法及びプログラム | |
EP1902540B1 (en) | Method and apparatus for establishing a communication key between a first communication partner and a second communication partner using a third party | |
JP2009245227A (ja) | 情報記憶装置 | |
KR20210045676A (ko) | 차량용 통신 시스템 및 그를 위한 보안 통신 방법 | |
JP5601368B2 (ja) | 処理装置,処理方法及び処理プログラム | |
US9503436B1 (en) | Methods and systems for NAS device pairing and mirroring | |
JP2007334710A (ja) | ストレージ制御装置、ストレージ制御方法、ストレージ装置 | |
JP6043738B2 (ja) | 鍵管理装置および鍵管理方法 | |
EP2656267A1 (en) | System and method for securely moving content | |
JP2005303676A (ja) | 画像形成装置、鍵ペア生成方法及びコンピュータプログラム | |
JP2007096801A (ja) | 通信装置、コンテンツ送受信システムおよび通信装置のコンテンツリスト管理方法 | |
JP2012226577A (ja) | 通信装置及びその制御方法、並びにプログラム、ネットワークインタフェース装置 | |
JP5118543B2 (ja) | Avデータ送信装置、avデータ受信装置及びavデータ送受信システム | |
JP2009157848A (ja) | データ送信装置、データ受信装置及びデータ送受信システム | |
JP2008311726A (ja) | 情報記録装置、及びその認証方法 | |
JP2006209668A (ja) | コンテンツ利用システム、コンテンツ利用装置及びコンテンツ利用情報記憶装置 | |
WO2009116169A1 (ja) | 情報処理装置、通信方法および通信プログラム | |
JP2008147946A (ja) | 認証方法、認証システム、及び外部記憶媒体 | |
JP3588593B2 (ja) | 複製制御方法及び複製制御装置 | |
JP4736603B2 (ja) | 情報通信装置及び情報通信方法、並びにコンピュータ・プログラム | |
JP4667517B2 (ja) | コンテンツ利用装置 | |
JP4318740B2 (ja) | コンテンツ利用システム及びコンテンツ利用装置 | |
JP2009065625A (ja) | 暗号化データ通信方法と暗号化データ通信システム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080067171.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10852528 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012518198 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20127032021 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010852528 Country of ref document: EP |