主权项 |
1. A computer-implemented communication device comprising:
a network access authenticating unit configured to execute a network access authentication process with an authentication server in order to establish a connection to a network, the network access authentication process including generation of information shared with the authentication server; a communication unit configured to receive an authentication result message from the authentication server when succeeding in the network access authentication process, the authentication result message containing an authentication result indicating success in the network access authentication process and an encrypted network key; a key transport key generating unit configured to generate a key transport key by use of the information generated in the network access authentication process; and a network key acquiring unit configured to acquire a network key by decrypting the encrypted network key contained in the authentication result message with the key transport key, wherein the communication unit encrypts data with the network key and transmits encrypted data to the network, the communication unit executes a first session check process of transmitting a session check request message to the authentication server and receiving a session check response message containing an encrypted first network key from the authentication server, the network key acquiring unit acquires a first network key by decrypting the encrypted first network key contained in the session check response message with the key transport key, the communication unit encrypts data with the first network key, the communication unit receives encrypted data from the network, decrypts the encrypted data with the network key and, executes, when failing in decrypting the encrypted data, the first session check process, the authentication result message and the session check response message contain encrypted key identifiers of the network key and the first network key, the network key acquiring unit acquires key identifiers by decrypting the encrypted key identifiers, and manages the key identifiers in the way of being associated with the network key and the first network key, the encrypted data received by the communication unit is attached with a key identifier, and the communication unit decrypts the encrypted data by use of the network key associated with the key identifier attached to the encrypted data. |