1. Field of the Invention
The present invention relates to a communication apparatus for setting security associations (SAs) between the apparatuses used by communication parties to make a secure communication such as IPsec by using a time-limited security parameter, and more particularly, to a communication apparatus with a power-saving operation mode.
2. Description of the Related Art
Control network technology used for a building automation (BA) network, a factory automation (FA) network and the like has been steadily developed alongside that of the Internet; however most of such technologies have been developed uniquely in response to conditions such as cost restrictions. Therefore, these control network technologies utilize technologies based on unique protocol layers that differ from those used by the Internet.
Since Internet technology is now widely used and has gained a position as a part of the social infrastructure, the control network technology has employed the Internet technology, such as a TCP and UDP, as a means for data transfer. For example, the control network technology includes a building automation and control network (BACnet) and a MODBUS TCP/IP as typical examples. These control network technologies are referred to as ‘control network processed into the IP’ henceforth.
Some control networks processed into the IP using technology called IPsec are proposed so as to secure security. The IPsec exchanges the SAs indicating related parameters such as encryption keys and authentication and encryption algorithms among communication apparatuses in advance, then starts communication. Each SA is a time-limited parameter to define a prescribed lifetime from the security point of view, and needs re-setting by initiating a key exchange protocol again after the elapse of the lifetime.
Some of the communication apparatuses composing the control network only communicate rarely. Constant energizing to prepare communications causes electricity to be needlessly consumed, so that some of the communication apparatuses have power-saving functions. When the power-saving functions are activated, operation modes of the communication apparatuses make shifts to sleep (resting or stand-by state) modes. The elapse of a fixed time period from start of sleep or wake-up resulting from an external trigger releases the sleep mode.
A communication apparatus with such a power-saving function causes the lifetime of the SA regarding the IPsec to be expired sometimes. In this case, the wake-up cannot bring the communication apparatus into communication. For re-setting of the SA, it is needed to restart the key exchange protocol, such as an Internet key exchange (IKE), to negotiate therewith because the re-setting of the SA requires a relatively long computing time. Therefore, a problem, such that the communication apparatus cannot immediately initiate a communication, occurs.
An apparatus to set's a communication parameter to terminals, etc., connected to a network is disclosed in Japanese Patent Application Publication (KOKAI) No. 2000-112850. This publication discloses a technology by which the communication apparatus can selectively specify a start-up mode for the terminals, etc., and control a transmission/reception of information based on a change of the communication parameter when there is no change in a network configuration, and it is sufficient for the apparatus to set initial values of the communication parameters to each terminal, etc.