1. Field of the Invention
The present invention relates to a communication encryption processing apparatus configured to perform encryption processing and authentication processing.
2. Description of the Related Art
In recent years, data security has been considered more significant than ever in the field of Internet engineering. A seven-layer model for Open System Interconnection (OSI) (OSI reference model), which includes a physical layer, a data link layer, a network layer, a transport layer, a session layer, a presentation layer, and an application layer, has been utilized in the Internet engineering. A security protocol for each of the layers in the seven-layer model for OSI has been proposed.
Hereinbelow, security protocols for the network layer and the session layer will be described. First, a description will be made as to the security protocol for the network layer. A communication standard that implements a communication according to Internet Protocol Version 6 (IPv6) is standardized as Request for Comments (RFC) 2460. IPv6 requires implementation of an IP Security Protocol (IPsec).
The IPsec uses a common key to authenticate and encrypt data. Accordingly, it is necessary to previously share an encryption key between apparatuses. In addition, in utilizing the IPsec, it is necessary to set an IP address as a parameter.
As described above, in the case of utilizing the IPsec, it is necessary to set various parameters. Thus, it is not easy for a user to set parameters for the IPsec because setting parameters for the IPsec requires a technical knowledge.
In this regard, an Internet Key Exchange (IKE) protocol can be used for negotiating and managing a common key between apparatuses. However, a very complicated user operation is required to use the IKE. In addition, it is not easy to apply the IKE to a small built-in device.
Now, the security protocol for the session layer will be described.
Most web browsers generally utilize Secure Sockets Layer (SSL) in performing a communication that requires a sufficient security with a web server. The SSL does not depend on IP. Accordingly, the SSL is useful for a communication that requires a sufficient level of security between a mobile terminal apparatus or a plurality of apparatuses and a server.
A user operation required to use the SSL is not so much complicated, compared to the user operation required to use the IKE. Accordingly, it is relatively easy to apply the SSL to a small built-in device.
Various methods for controlling a security protocol that requires a complicated user operation have been proposed so far. Japanese Patent Application Laid-Open No. 2003-179592 discusses a method for controlling a security protocol by utilizing a key exchange server that exchanges a key for various security protocols.
Japanese Patent Application Laid-Open No. 2004-48458 discusses a method for applying the IPsec by exchanging a key for the IKE after performing an authentication according to the SSL.
However, the method discussed in Japanese Patent Application Laid-Open No. 2003-179592 requires a key exchange server for exchanging a key for a security protocol. Accordingly, with this method, various troubles, such as managing and operating the key exchange server, may become a burden on a user. In addition, the method discussed in Japanese Patent Application Laid-Open No. 2003-179592 requires an authentication of the key exchange server and a sufficient security on a communication path to the key exchange server. Accordingly, the cost of manufacture may become high.
Furthermore, the method discussed in Japanese Patent Application Laid-Open No. 2004-48458 requires the application of the IKE, which is not easy to apply to a small built-in apparatus. In addition, the method discussed in Japanese Patent Application Laid-Open No. 2004-48458 requires a policy server that manages a policy. Accordingly, with this method, various troubles, such as managing and operating the key exchange server, may become a burden on a user.
The cost for installing and operating a server and a restriction with respect to the network topology may become a major problem in utilizing a security protocol. In addition, it is difficult to apply a security protocol that requires a complicated user operation for setting the security protocol to start a communication to a small built-in device that has only a small amount of resources.