The present invention relates to a method for establishing a communication channel through which a packet is encrypted and communicated, and to, for example, a method and a system for establishing a communication channel used in an IPsec (Security Architecture for Internet Protocol) communication, which encrypts an IP (Internet Protocol) packet used in the IPsec communication and communicates the same.
There has heretofore been known such an IKE (Internet Key Exchange) as shown in a non-patent document 1 (The Internet Key Exchange (IKE), Network Working Group, Request for Comments: 2409, Category: Standards Track, The Internet Society, November 1998) as a protocol for automatically performing the establishment of an SA (Security Association) used when a cipher communication is performed between communication devices in accordance with the IPsec, and the management of an IPsec communication. In the IPsec communication, a key exchange is carried out by the IKE. The SA is a connection of cipher communication for preventing each IP packet passing through a communication channel of each communication device from tapping and tampering.
As for a procedure based on the IKE, messages each called an ISAKMP (Internet Security Association And Key Management Protocol) packet are transferred or exchanged between the communication devices upon start of an encrypted communication to establish the SA. A cryptographic method or cryptography, an authentication method, an encryption key, authentication key and a validity period of the SA or the like are negotiated by the exchange of the ISAKMP packets and determined between the communication devices.
At a timing provided for the transmitting side of the communication device to send an IP packet to its opposite communication device, the IKE is started where the SA for the opposite communication device is unestablished. The communication device that transmits a first ISAKMP message at this IKE is called “initiator”, and the communication device that transmits a second ISAKMP message with respect to the first ISAKMP message is called “responder”.
The invention described in a patent document 1 (Japanese Unexamined Patent Publication No. 2005-020215) has described a conventional example wherein when trouble or failures occur during execution of an IPsec communication, a trouble notification packet is transmitted and a device having received the trouble notification packet therein establishes an IPsec communication newly.
When, however, both communication devices opposite to each other try to send IP packets with the same timing and both communication devices start the IKE with the same timing, there is a possibility that first ISAKMP messages at the IKE will mismatch on a communication channel.
When such trouble has occurred, the two communication devices are both operated as the initiators and are respectively placed in a state of waiting for second ISAKMP messages from their opposite communication devices. Thus, a problem arise in that since the first ISAKMP messages are discarded even though the first ISAKMP messages are received from the opposed communication devices in this state, the IKE does not succeed and no communication channel can be established.
After a time limit for waiting for the second ISAKMP messages has elapsed, both communication devices retransmit first ISAKMP messages. This retransmission process indicates that the corresponding ISAKMP messages are transmitted every retransmission interval preset to the communication devices respectively and by the number of retransmissions. The retransmission interval corresponds to a time limit for waiting for the reception of a second ISAKMP message from each of the opposed communication devices after the transmission of the first ISAKMP message. This is called “timer for waiting for the second ISAKMP message”.
When the second ISAKMP message cannot be received from each of the opposite communication devices prior to the elapse of the waiting timer of the second ISAKMP message, the elapse of the waiting timer is triggered to send a first ISAKMP message to each of the opposite communication devices again. When the same values are set to both communication devices as the time interval of the waiting timer and the number of retransmissions respectively, the messages based on the IKE mismatch repeatedly, thus making it unable to cause the IKE to succeed and establish a communication channel. Processing at such a mismatch is not defined in RFC (Request For Comments), and the mismatch could not be prevented from occurring.