1. Field of the Invention
The present invention relates to a relay method of an encryption communication, a gateway server for relaying the encryption communication, and a program and program memory medium of the encryption communication.
2. Description of the Related Art
A network represented by the Internet is not always secure for communication data flowing therein, and there exist various risks. One of them is a tapping. For example, using special software and hardware, a malicious person can unjustly get personal information such as credit numbers of other persons sent, for example, in online shopping by tapping information flowing in the network. In addition, there is a problem of a server's passing itself off. If a third person passes herself or himself off as an online shop, prepares a dummy order page, and a user inputs personal information such as a credit number without noticing the page as a false shop, the credit number and the like are unjustly gotten.
As a technology for solving the problems of such a tapping and a server's passing itself off and realizing a secure communication, there exist encryption communications based on an SSL (Secure Socket Layer) and a TLS (Transport Layer Security) of its successor. In accordance with these encryption communication methods, for example, a Web server and Web browser for performing an encryption communication firstly perform a handshake such as a change of an encryption key between them; they perform a communication thereafter by encrypted communication. Accordingly, in such a relay unit existing on the way of a network their communication content cannot be decrypted. Thus such a tapping by a third person can be prevented.
Whereas in the above encrypted communication decipherable only by a sender and a receiver (hereinafter referred to as End-End encryption communication) is secured a security of communicated information; on the other hand, there occurs a problem described below.
A gateway server is one of relaying units for connecting an intranet and the Internet and relaying a communication between them. In addition, the gateway server comprises functions of monitoring such as whether or not, for example, a secret document of an enterprise flows out to the Internet from the intranet, and a virus and/or other harmful information flows into an intranet from the Internet. In addition, the gateway server comprises a function of performing a service such as a format conversion of communication data between the intranet and the Internet. The monitoring of such the communication data and the format conversion are often called value added processing, and have become established as part of the functions of the gateway server. In addition, such the value added processing has become performed as a commercial service in an ISP (Internet Service Provider) for providing an Internet connection service.
However, the gateway server cannot provide such a value added processing service to an End-End encryption communication such as the SSL. It is because even the gateway server and an IPS server cannot decipher a cipher in the End-End encryption communication and know a communication content thereof. Accordingly, the gateway server cannot block a virus and/or harmful information sent through an SSL encryption communication by a malicious third person, and cannot also block a secret document from flowing out of an intranet by the SSL encryption communication.
A software product assumed to have solved the problem is on sale as a name of SSL Scanner by WebWasher AG. According to the pamphlet (see “product information WebWasher SSL Scanner” in the Internet, <http://www.webwasher.jp/pro_sslscanner.html> searched on Aug. 6, 2004), the SSL Scanner is communication relay software that is installed in such a gateway server, monitors an SSL encryption communication between a Web server (content server) and a Web client (browser of a client device), and decrypts encryption data. In other words, the SSL Scanner once converts an encryption text of the SSL encryption communication to a plain text, and makes value added processing such as a virus check added to the plain text.
Although in the product information WebWasher SSL Scanner are not in detail explained a method and measure for enabling the SSL Scanner to break in the way of an SSL encryption communication, it is assumed to be based on a method as below: Firstly, an operation administrator of the SSL Scanner distributes a route CA (Certification Authority) certificate thereof and makes its browser install the certificate. Then when performing an SSL encryption communication between the browser and a Web server, the SSL Scanner performs the SSL encryption communication between itself and the browser by sending a server certificate to the browser in making an SSL handshake.
In a mobile communication using such a mobile there also exists an example of decrypting an encryption communication text and performing value added processing for a communication text of a decrypted plain text in a gateway server. A standardization organization OMA (Open Mobile Alliance) for standardizing a data communication method of a movable body defines a WTLS (Wireless Transport Layer Security) specification (see “Wireless Application Forum, Ltd” searched on Aug. 6, 2004 via the Internet, <http://www.openmobilealliance.org/tech/affilates/wap/wap-261-wtls-20010406-a.pdf>) in WAP version 1 to enable an encryption communication between a WAP (Wireless Application Protocol) browser and a gateway server. According to the WAP version 1, the WAP browser on a mobile terminal such as a mobile performs an encryption communication by the WTLS between itself and the gateway server for connecting such the mobile and the Internet, and performs an SSL encryption communication between the gateway server and a Web (WAP) server.
In this case the gateway server once decrypts each encryption communication text to a plain text in order to relay both encryption communication texts. Accordingly, the gateway server can freely perform value added processing for an encryption communication of the WAP specification. In reality, for example, in a system for a mobile a gateway server performs value added processing such as adding a special header to an HTTP header in communication.
However, the SSL Scanner converts an SSL encryption communication text to a plain text and performs value added processing as needed without specifying a content server and client terminal that are performing an SSL encryption communication. Therefore, the SSL Scanner cannot change a setting of an SSL encryption communication method for each content server and client terminal performing the SSL encryption communication, and set performed value added processing. In addition, because a WTLS encryption communication is not a method generally pervaded, there is a problem that it is necessary to add a function of enabling the WTLS encryption communication to a Web browser of a client device.
Considering the problems of the conventional technologies, without adding a special function to a Web browser of a client device are strongly requested a gateway server, a relay method of an encryption communication, and a program and program memory medium of the encryption communication, wherein it is designed for the gateway server to be able to perform value added processing for an End-End encryption communication; and wherein it is designed for the gateway server, the relay method, the program, and the program memory medium to be able to change a setting of a communication method of a content server and a client device and to be able to set performed value added processing, depending on the content server and the client device.