1. Field of the Invention
The present invention relates generally to a communication network system having a function to secretly conceal communication data, and to a communication method. More particularly, the invention relates to a communication network system that secretly conceals the data to be communicated between a plurality of local area networks that are mutually connected, and to a communication method.
Moreover, the present invention relates to a router having a function to secretly conceal communication data. In addition, the invention relates to a central management device that centrally manages information required for secret concealment of communication data.
2. Description of the Related Arts
Increasing number of corporations are building up a local area network (LAN) or the Intranet, routing a communication cable, like the Ethernet cable (for instance, 10BASE-T, etc.) within a single structure (building, factory, etc.), and to the cable, connecting a terminal (client) or server within the structure.
Also, even in the case of a single corporation, if its head office, branch office, factory and the like are located in different places of different structures, such a corporation builds up an intra-company network, mutually connecting local area networks built-up in each structure by another communication line. As the communication line that mutually connects the individual local area networks, a leased line supplied by a communication service company (for instance, part of the public network supplied by a communication service company) is generally used.
Unlike an open and public network like the Internet, such an intra-company network may be called a private network, since it is a personal network of a corporation.
On such a private network, confidential information to outsiders, in short, confidential information to outside of the company (for instance, secret information, intra-office information, etc.) may be communicated. Needless to say, such secret information should not be read, copied or tampered by any outsiders.
However, as the leased line that making up a part of the private network is to connect a structure-to-structure, the line is to be laid around the outside of the structure. Therefore, the portion of such a leased line can allow outsiders (for instance, unauthorized third party) to tapping or alter secret information more easily, compared with the portion of the local area network laid in the structure.
Because of this, in order to keep secret information from such a tapping or alteration, a variety of encryption technologies have been developed and even supplied to private networks.
However, the conventional encryption function is integrated into software like a mailer or a browser mounted on the terminal (client) of a private network. And whether the information is to be encrypted or not is entrusted to the awareness of the user using it. Therefore, the actual state is that the encryption of information is not performed if each user does not have high awareness to secret concealment of information.
In addition, a degree of importance of information, especially, whether the information is subject to secret concealment or not, differs depending on each user, and, for instance, even if the information is considered by the receiver or the third party to be subject to secret concealment, in the case where the sender is not aware of the necessity of secret concealment, the information will be sent without being encrypted.
Moreover, most users tend to recognize the private network as a closed network within the corporation, despite that the private network has a portion that uses a communication line installed to the outside of the structure (for instance, the leased line). Because of this, most users are not fully aware of risks of tapping or alteration by the third party.
From the background as described above, the need is increasing to systematically support encrypting information on a private network, not entrusting the task with individual users.
Also, it is troublesome for each user to manage an encryption key/decryption key. For instance, on a public key encryption system (method), the sender is required to manage different public keys for every destination (receiver). Moreover, when the system is extended, such as when a new terminal, server or local area network is additionally installed to the network, the sender will be additionally required to manage new public keys for those newly installed terminal, etc. As described, the sender is required complex management of such public keys.