The present invention relates to an encryption communication method and system through a plurality of session management servers.
In recent years, troubles frequently occur with the use of the Internet, such as leakage of private information of the user or arrival of unknown bills, so that the use of the network increases anxiety. As a result, demands for security on the network and in communications have increased, and many security countermeasures have been taken, such as application of security patches, updating of virus defining files, or access controls on service users. Because of the increase insecurity countermeasures, however, networkusers have found it difficult to adequately implement these security countermeasures. Thus, most countermeasures are implemented in facilities (e.g., ISP facilities) provided by a third party.
One security countermeasure implemented in facilities provided by a third party is the establishment of interposing encryption communication. In one method a trusted third party (TTP) establishes encryption communication between network terminals (referred to below as “terminals”) (described in “Secure Communication Establishment Model in Secure Service Platforms”, Kaji et al., Information Processing Society of Japan, Research Report 2005-CSEC-028, Vol. 2005, No. 33, pp. 151-156 (2005) (referred to as “Document 1”)).
Document 1 discloses that the algorithm for the encryption communications or the parameters necessary for generating key are decided by the TTP in place of the terminals.
Specifically, the algorithm to be used for the encryption communications between a terminal 1 and a terminal 2 and the parameter necessary for generating a key are determined by the TTP in the following manner.
First of all, the TTP collects in advance information such as the encryption algorithm or a hash algorithm, which can be used by the terminal 1 and the terminal 2.
Next, the terminal 1 sends a communication request for the terminal 2 to the TTP. The TTP compares, when it receives the communication request from the terminal 1 to the terminal 2, an algorithm to be used by the terminal 1 and an algorithm to be used by the terminal 2. On the basis of a predetermined policy, the terminal 1 and the terminal 2 determine the algorithm and the parameter to be used for the encryption communications. The TTP distributes the determined algorithm and parameter respectively to the terminal 1 and the terminal 2, for sharing.
After this, the terminal 1 and the terminal 2 utilize the distributed information to perform the encryption communications, but not through the TTP.
Since the encryption communications are established through the TTP, the method thus far described is characterized in that the terminals are released from operations to determine the parameters necessary for generating the algorithm and the key to be used for the encryption communications.