1. Field of the Invention
The present invention relates to a communication-processing apparatus and its method.
2. Description of the Related Art
In communication, a function for communicating pieces of data between communicators without a data loss and data duplication while maintaining the order of the pieces of data is required. The technical term ‘reliable communication’ used in the following description means this communication.
In order to implement the reliable communication, as a rule, the receiver transmits an acknowledgement to a transmitter as a reception notice indicating that the receiver has received data with a high degree of reliability from the transceiver. The acknowledgement is properly abbreviated hereafter to Ack. The transmitter needs to retransmit the data if the transmitter does not receive such a reception notice. Determination as to whether or not data needs to be retransmitted in dependence on whether or not an Ack is received is referred to as retransmission control.
FIG. 1 is an explanatory diagram referred to in description of the retransmission control.
First of all, a transmitter transmits data K to a receiver. As the receiver receives the data K normally, the receiver transmits a reception notice Ack (K+1) to the transmitter to prompt the transmitter to transmit next data (K+1). When the transmitter receives the reception notice Ack (K+1), the transmitter transmits the data (K+1) to the receiver. Assume that the data (K+1) is lost in the course of the transmission through a communication transmission line. In this case, the receiver will not receive the data (K+1) no matter how long time lapses. Thus, the receiver cannot transmit an Ack. Since the transmitter does not receive the Ack, time measured by counting started right after the transmission of the data (K+1) reaches a timeout value. When the transmitter determines that the transmitter has entered a timeout state, the transmitter determines that the data (K+1) has been lost. In this case, the transmitter retransmits the data (K+1) to the receiver. If the receiver receives the data (K+1) normally, the receiver transmits an Ack (K+2).
The following 2 representative methods are representative conventional means for implementing reliable encrypted-data communication.
A): A method of using a TCP and an IPSec at the same time.
B): A method of using TLS (Transport Layer Security), which is also referred to as SSL.
In method (A) of using a TCP and an IPSec at the same time, the TCP implements the reliable communication. Thus, when a packet is lost, the TCP is the function in charge of execution of retransmission control, which is control to retransmit the lost packet. In order to execute normal retransmission control, a TCP on the transmitter side transmits data and a TCP on the receiver side transmits an Ack packet to the TCP on the transmitter side every time the TCP on the receiver side receives data. When the TCP on the transmitter side receives an Ack packet, the Ack packet can be regarded as a packet indicating that the TCP on the receiver side recognizes the received data. If the data is lost, the data is retransmitted to replace the lost data.
FIG. 2 is an explanatory diagram referred to in description of a communication in which a TCP and an IPSec are used at the same time.
When the TCP transmits a retransmission packet in accordance with method (A), the IPSec must carry out processing to encrypt the retransmission packet in spite of the fact that the data of the packet was encrypted before, and transmits the retransmission packet to the receiver by way of a network. This is because, the TCP on a high-level hierarchical layer in the hierarchical structure of the protocol and the IPSec on a low-level hierarchical layer in the same structure are defined to operate without cooperation at all. In general, processing carried out by the IPSec is a complicated process. Thus, if the processing is carried out on the same data several times, the processing will raise a problem of an excessively heavier load an excessively longer processing time. Examples of the processing carried out by the IPSec are an encryption process and an authentication process.
FIG. 3 is an explanatory diagram referred to in description of communication adopting a TLS method.
The TLS method ((method (B)) is a method of carrying out an encryption process at a high-level hierarchical layer of the TCP. In this case, since the TCP receives data in an encrypted state from the high-level hierarchical layer, the TCP does not need to carry out an encryption process on data even if the data is to be retransmitted.
As a summary of the above description, in encrypted-data communication requiring retransmission of data for some cases, from a standpoint of elimination of encryption processing at a retransmission time, the TLS method is superior to the (TCP+IPSec) method. Since the IPSec offers a merit of a capability of encrypting data not only in the TCP but also in all communications, however, this method is frequently used in actual operations.
FIG. 4 shows a table comparing the TLS method with the (TCP+IPSec) method.
As is obvious from the table, the TLS method is adopted in a narrow application field such as a secret http. On the other hand, the (TCP+IPSec) method is adopted in a wide field including a VPN. However, the (TCP+IPSec) method requires a re-encryption process for a retransmitted packet, increasing the processing load and the processing time. In the case of the TLS method, on the other hand, the re-encryption process for a retransmitted packet is not required, resulting in neither increase in processing load nor increase in processing time. Thus, the TLS method is suitable for high-sped communication. For this reason, in order to maintain the wide application range of the (TCP+IPSec) method and to carry out high-speed communications, it is obvious that the problem of the re-encryption process for a retransmitted packet must be solved.
Patent Reference 1 discloses a conventional technology whereby, by executing a control-message retransmission function on layer 3, an error caused by a fault at the level of layer 2 is recovered. Patent Reference 2 also discloses a technology whereby, on layer 3, an error caused by a fault at the level of layer 2 is recovered. Patent Reference 3 discloses a technology whereby, in a multicast transfer, a transmitting station polls receiving stations. Patent Reference 4 discloses a technology whereby redundancy is eliminated in a multicast transfer. Patent Reference 5 discloses a system wherein a tentative response for acknowledging reception is transmitted.    Patent Reference 1: Japanese Patent Laid-open No. Hei 5-183644    Patent Reference 2: Japanese Patent Laid-open No. Hei 5-122278    Patent Reference 3: Japanese Patent Laid-open No. Hei 11-196041    Patent Reference 4: Japanese Patent Laid-open No. 2001-237883    Patent Reference 5: Japanese Patent Laid-open No. 2002-247132
That is, in the conventional method, the use of the IPSec having a wide application field in implementation of reliable communication such as the communication based on the TCP or the like raises a problem of a heavier processing load and a longer processing time due to a process to re-encrypt a retransmitted packet.
In the present invention, as is obvious from the (TCP+IPSec) example, by reducing the amount of whole processing when a reliable communication is processed at a high-level hierarchical layer whereas an encrypted-data communication is processed at a low-level hierarchical layer, the processing load can be decreased while the processing performance can be enhanced.
In addition, if retransmission processing can be carried out at a lower-level hierarchical layer such as an IP layer also when only reliable communication is carried out without using encrypted-data communication, transmission reaching a high-level hierarchical layer such as the TCP station is no longer required. Thus, the number of labor hours required for transmitting data between high-level and low-level hierarchical layers can be reduced.