Bridging system, bridge, and bridging method

摘要

Bridges 30, 40 are interposed between a server 10 or a client 20 having two channels 2ch, one of the two channels making a LAN connection to either the server or the client and the other channel making the LAN connection to the internet. Each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, a scramble purpose encryption key management, and a bridging system authentication. Furthermore, each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, and a bridging system authentication for a packet derived from the server or the client. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. The bridge has a plurality of authentication purpose interfaces to perform a composite authentication. Each of the bridges performs a key management to manage and hold the common key in the authentication and performs a non-decryption file management which manages and holds a file information encrypting and transmitting a payload of an application communicated with a common key at an internal of a transmission side bridge.

主权项

1. A hardware bridge for performing a bridging to perform an encryption communication between a server and a client via a LAN (local area network), the hardware bridge comprising:
two channels, one of the channels making a LAN connection to either the server or the client and an other channel making a LAN connection to an internet; and a processor configured to perform a LAN packet scramble, an encryption key management and a bridging system authentication for a packet from either the sever or the client through a key exchange software mechanism, an encryption software mechanism, and an authentication information addition, wherein the hardware bridge is configured to perform a composite authentication management software mechanism provided with a plurality of authentication purpose interfaces configured to perform a composite authentication, wherein the hardware bridge is configured to perform: the composite authentication management software mechanism; and a concealment/save software mechanism; the composite authentication management software mechanism being provided with a procedure to perform a mutual authentication including an On/Off state of the concealment/save software mechanism with an opposing hardware bridge, to perform an automatic key management, and to determine a common key, and wherein the concealment/save software mechanism comprises: a key management process for managing and holding the common key even after the encryption communication when the concealment/save software mechanism is in an On state and for allowing decryption with the common key only on a sending side and preventing decryption with the common key on a receiving side; and a non-decryption file management process for managing and holding a file information encrypting and for transmitting a payload of an application communicated with the common key at an internal of a sending side hardware bridge.