Abstract: A time required for actually starting encrypted communication after a trigger of an encrypted communication is shortened. When a key exchanging process is to be applied in order to exchange key information upon encrypting a communication performed between a communication terminal 11 and a gateway device 25, a network relay device 15 relays the key information, contents of the key exchanging process are divided into a former-half process and a later-half process, and the network relay device 15 executes the former-half process substitute for the communication terminal 11 to establish “IKE SA”. Then, information obtained as the result of the former-half process is transferred from the network relay device 15 to the communication terminal 11.

Abstract: An access controller not requiring a large amount of resources such as a memory device and not needing to change the list of secure host devices each time the configuration of a network is changed. On receiving a DNS response through an access control section (103) of the access controller (100) a secure host list creating section (104) of the access controller registers the name of the secure host device contained in the DNS response, the IP address, and the IP address of a communication terminal which is a request of the DNS in a secure host list holding section (105) of the access controller (100) when the IP address of the host device contained in the DNS response is the one of the secure host device. The secure host list creating section (104) discards a packet when the communication terminal which is the packet sender is a normal communication terminal and when the packet address is stored in the secure host list holding section (105) and reports nonaccessiblity to the normal communication terminal.

Abstract: It is possible to perform access from a global network side to a private network side so as to realize mutual communication between the global network and the private network while maintaining security. A table setting unit (307) decides a correspondence between a private IP address and a global IP address and registers it in an address conversion table (310). The address conversion table (310) holds the private IP address and the global IP address while correlating them to each other.

Abstract: An access control unit and an access control method are provided for controlling an access to a secure host efficiently by reducing the consumption of resources such as a memory. In this access control device, an access control unit (302) performs an access control in accordance with whether the target IP address and the sender IP address of a packet are the IP address of a secure terminal or host or the IP address of a general terminal or host, while referring to a host list stored in a host information storage unit (304). The host information storage unit (304) stores the domain name and the IP address of a general host in an external network (200), as the host list. A host list updating unit (305) inquires the host list of the host information storage unit (304) whether the unregistered host is the secure host or the general host, and updates the host list in accordance with the result of the inquiry.

Abstract: Provided is an authentication system for improving user-friendliness. An IC card (100) of the authentication system (10) includes: a key/certificate storage unit (120) connected to a terminal device (200) and capable of storing a key pair and a temporary certificate or a permanent certificate while correlating them; a CE temporary public key certificate acquisition unit (170); and a CE public key/certificate acquisition control unit (150) connected to a CE device (300). When the key/certificate storage unit (120) has a key pair not correlated either to a temporary certificate or a permanent certificate, the CE temporary public key certificate acquisition unit (170) acquires a temporary certificate corresponding to the key pair from a public key certificate issuing station (400) by using the mobile terminal (200) and causes the key/certificate storage unit (120) to store it.