Distributed storage system and method of reusing symmetric keys for encrypted message transmissions
US-2022103359-A1 · Mar 31, 2022 · US
Encrypted communication processing apparatus, encrypted communication processing system, and non-transitory recording medium
US11924286B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11924286-B2 |
| Application number | US-202217930160-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 7, 2022 |
| Priority date | Oct 12, 2021 |
| Publication date | Mar 5, 2024 |
| Grant date | Mar 5, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An information processing apparatus includes circuitry that detects reception of first data from a connection source apparatus. The first data includes information about establishment of a session for encrypted communication between the source apparatus using a service and a connection destination apparatus providing the service. The circuitry converts the first data into a first message following a communication protocol in the session establishment, and converts a second message from the destination apparatus into second data including at least information for generating a common key for the encrypted communication. Before the session establishment, the circuitry transmits the first message to the destination apparatus and transmits the second data to the source apparatus. After the session establishment, the circuitry transmits service data from the source apparatus to the destination apparatus and from the destination apparatus to the source apparatus in an unconverted state. The service data is used in the service.
First claim
Opening claim text (preview).
The invention claimed is: 1. An information processing apparatus comprising circuitry configured to set management information to manage status of a session, detect, using the management information, reception of first data from a connection source apparatus, the first data including information related to establishment of the session for executing encrypted communication between the connection source apparatus using a service and a connection destination apparatus providing the service, convert the first data into a first message conforming to a communication protocol used in the establishment of the session, and convert a second message received from the connection destination apparatus as a reply to the first message into second data including at least information for generating a common key used in the encrypted communication, before the establishment of the session, set the management information to indicate that the session is unconnected, transmit the first message to the connection destination apparatus, and transmit the second data to the connection source apparatus, and after the establishment of the session, set the management information to indicate that the session is connected, transmit first service data from the connection source apparatus to the connection destination apparatus in an unconverted state, and transmit second service data from the connection destination apparatus to the connection source apparatus in an unconverted state, the first service data and the second service data being used in the service. 2. The information processing apparatus of claim 1 , wherein the circuitry detects the reception of the first data from the connection source apparatus using data type information included in data received from the connection source apparatus, the data type information indicating type of the data. 3. The information processing apparatus of claim 1 , wherein the circuitry requests the connection source apparatus and the connection destination apparatus to update the common key after lapse of a particular time since the establishment of the session. 4. The information processing apparatus of claim 1 , wherein the circuitry transmits an application of a world wide web browser to the connection source apparatus to allow the connection source apparatus to perform a process for establishing the session with the application. 5. An information processing system comprising: a connection source apparatus configured to use a service; a connection destination apparatus configured to provide the service; and an information processing apparatus including first circuitry configured to set management information to manage status of a session, detect, using the management information, reception of first data from the connection source apparatus, the first data including information related to establishment of the session for executing encrypted communication between the connection source apparatus and the connection destination apparatus, convert the first data into a first message conforming to a communication protocol used in the establishment of the session, and convert a second message received from the connection destination apparatus as a reply to the first message into second data including at least information for generating a common key used in the encrypted communication, before the establishment of the session, set the management information to indicate that the session is unconnected, transmit the first message to the connection destination apparatus, and transmit the second data to the connection source apparatus, and after the establishment of the session, set the management information to indicate that the session is connected, transmit first service data from the connection source apparatus to the connection destination apparatus in an unconverted state, and transmit second service data from the connection destination apparatus to the connection source apparatus in an unconverted state, the first service data and the second service data being used in the service, the connection source apparatus including second circuitry configured to transmit the first data to the information processing apparatus and receive the second data from the information processing apparatus, generate the common key with the second data, and after the establishment of the session, use the common key to encrypt the first service data used in the service and decrypt the second service data used in the service, and the connection destination apparatus including third circuitry configured to receive the first message from the information processing apparatus and transmit the second message to the information processing apparatus, generate the common key with the first message, and after the establishment of the session, use the common key to encrypt the second service data used in the service and decrypt the first service data used in the service. 6. The information processing system of claim 5 , wherein the first circuitry detects the reception of the first data from the connection source apparatus using data type information included in data received from the connection source apparatus, the data type information indicating type of the data. 7. The information processing system of claim 5 , wherein the first circuitry requests the connection source apparatus and the connection destination apparatus to update the common key after lapse of a particular time since the establishment of the session. 8. The information processing system of claim 5 , wherein the first circuitry transmits an application of a world wide web browser to the connection source apparatus to allow the connection source apparatus to perform a process for establishing the session with the application. 9. A non-transitory recording medium which, when executed by one or more processors, cause the processors to perform a method comprising: setting management information to manage status of a session, detecting, using the management information, reception of first data from a connection source apparatus, the first data including information related to establishment of the session for executing encrypted communication between the connection source apparatus using a service and a connection destination apparatus providing the service; converting the first data into a first message conforming to a communication protocol used in the establishment of the session, and converting a second message received from the connection destination apparatus as a reply to the first message into second data including at least information for generating a common key used in the encrypted communication; before the establishment of the session, setting the management information to indicate that the session is unconnected, transmitting the first message to the connection destination apparatus, and transmitting the second data to the connection source apparatus; and after the establishment of the session, setting the management information to indicate that the session is connected, transmitting first service data from the connection source apparatus to the connection destination apparatus in an unconverted state, and transmitting second service data from the connection destination apparatus to the connection source apparatus in an unconverted state, the first service data and the second service data being used in the service. 10. The non-transitory recording medium of claim 9 , the method further comprising detecting the reception of the first data from the connection source apparatus using data type information included in data received from the connection source apparatus, the data type information indicating type of the data. 11. The non
Assignees
Inventors
Classifications
- H04L67/141Primary
Setup of application sessions (admission control or resource allocation in data switching networks H04L47/70) · CPC title
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
- H04L63/06Primary
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11924286B2 cover?
- An information processing apparatus includes circuitry that detects reception of first data from a connection source apparatus. The first data includes information about establishment of a session for encrypted communication between the source apparatus using a service and a connection destination apparatus providing the service. The circuitry converts the first data into a first message follow…
- Who is the assignee on this patent?
- Yamamoto Satoru, Ricoh Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L67/141. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 05 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).