Abstract: A communication apparatus includes a decipher deciphering received ciphered data, a first processor configured to generate, when receiving deciphered data for which the ciphered data is deciphered, a header of a first protocol including the deciphered data in a payload and an addition value for which the deciphered data is added in a predetermined size unit, a packet including the deciphered data, the header of the first protocol, and a header of a second protocol and a header of a third protocol, a second processor configured to calculate a checksum value set to the header of the second protocol using the addition value and a transmitter configured to transmit the packet to which the checksum value is set.

Abstract: A communication device includes, a plurality of authentication generation processing units, which are respectively associated with different sequence number groups each including successive sequence numbers and which execute, in parallel, authentication generation processes for generating authentication information included in the packets based on sequence numbers allocated to the packets, a transmitting unit which transmits packets including the allocated sequence numbers to another communication device in an order in which authentication generation processes by the plurality of authentication generation processing units are completed, a receiving unit which receives a packet from the other communication device, and an authentication processing unit which executes a first authentication process in which the reception packet is authenticated based on a relationship between a sequence number of the reception packet and a sequence number of a preceding reception packet.

Abstract: A communication device includes, a packet transmission unit that generates and transmits a packet including a first bit string, which is a first part of a bit string of a sequence number indicating an order of transmission of the packet, in a sequence number region in the packet corresponding to sequence number information, a second bit string, which is a second part other than the first part of the bit string of the sequence number, in an extension region other than the sequence number region, and authentication information, which is generated based on the sequence number, in an authentication information region corresponding to the authentication information, and a packet reception unit that receives the packet including the sequence number and the authentication information from another communication device, and authenticates the received packet based on the sequence number and the authentication information included in the received packet.

Abstract: In a first transmission apparatus, a first head encryption unit encrypts a head block of first plain text using ID. A non-head encryption unit encrypts a block using the preceding encrypted block. A first transmitter transmits first encrypted data and the ID to a second transmission apparatus. A first holding unit holds end encrypted data. A second head encryption unit encrypts a head block of second plain text using the end encrypted data. A second transmitter transmits second encrypted data generated by the second head encryption unit to the second transmission apparatus. In the second transmission apparatus, a first decryption unit performs decryption on the first encrypted data using the ID. A second holding unit holds the end encrypted data included in the first encrypted data. A second decryption unit decrypts the second encrypted data using the end encrypted data.

Abstract: A communication apparatus includes: a memory configured to store negotiation information used to negotiate a path of encryption communication established with a opposite apparatus; and a processor coupled to the memory and configured to execute a monitoring process. The monitoring process includes a process of monitoring a monitoring target packet specified using the negotiation information among a plurality of packets transmitted and received on the path, and a process of detecting abnormality of the encryption communication in a case in which the monitoring target packet is not received within a predetermined time.

Abstract: A communication apparatus performs encryption on data transmitted from another communication apparatus by using first or second cryptographic algorithm, or performs decryption on the data that has been encrypted using the first or second cryptographic algorithm, by using one of the first and second cryptographic algorithms used for the encryption, where the second cryptographic algorithm provides a higher security level than the first cryptographic algorithm. The communication apparatus includes an encryption unit configured to perform, upon receiving the data including a cryptographic class identifying a parameter to be used for performing the encryption or the decryption, the encryption or the decryption by using one of the first and second cryptographic algorithms, based on the cryptographic class.

Abstract: An encrypted communication device includes: a pattern generation unit configured to judge whether or not a security association including as matching data a data portion whose data pattern matches between data in a packet targeted for processing and data in a sample packet is to be generated; a key information exchange unit configured to transmit to an opposite device a key information exchange packet including the matching data and key data when the pattern generation unit judges that the security association is to be generated, and receives from the opposite device a key information exchange packet including a security association identifier of the security association, thereby establishing the security association with the opposite device; and a key information unit configured to store the matching data, the key data, and the security association identifier of the security association established by the key information exchange unit.

Abstract: A communication apparatus performs encryption on data transmitted from another communication apparatus by using first or second cryptographic algorithm, or performs decryption on the data that has been encrypted using the first or second cryptographic algorithm, by using one of the first and second cryptographic algorithms used for the encryption, where the second cryptographic algorithm provides a higher security level than the first cryptographic algorithm. The communication apparatus includes an encryption unit configured to perform, upon receiving the data including a cryptographic class identifying a parameter to be used for performing the encryption or the decryption, the encryption or the decryption by using one of the first and second cryptographic algorithms, based on the cryptographic class.

Abstract: A system includes: a first radio base station including: a first processor which performs processes to transmit and receive a first encryption key, and an first interface which transmits or receives the encapsulated packet, the second radio base station includes: a second interface which transmits or receives the encapsulated packet; and a second processor which encrypts or decrypts the packet with the first encryption key, the host node includes: a third processor which encrypts or decrypts the packet, and during processing of a handover of the mobile station, the host node transmits the packet encrypted with the first encryption key to the first radio base station, the first radio base station transmits the packet to the second radio base station by the tunneling, and the second radio base station decapsulates the packet, decrypts the packet with the first encryption key, and then transmits the packet to the mobile station.

Abstract: In a first transmission apparatus, a first head encryption unit encrypts a head block of first plain text using ID. A non-head encryption unit encrypts a block using the preceding encrypted block. A first transmitter transmits first encrypted data and the ID to a second transmission apparatus. A first holding unit holds end encrypted data. A second head encryption unit encrypts a head block of second plain text using the end encrypted data. A second transmitter transmits second encrypted data generated by the second head encryption unit to the second transmission apparatus. In the second transmission apparatus, a first decryption unit performs decryption on the first encrypted data using the ID. A second holding unit holds the end encrypted data included in the first encrypted data. A second decryption unit decrypts the second encrypted data using the end encrypted data.

Abstract: When being triggered by a call setting request that has been made, dummy information that is different from information to be transmitted and is information used for creating a path on which encrypted communication is to be performed is generated. The path on which the encrypted communication is to be performed is established by using the generated dummy information. A responding process of responding to the call setting request is performed after the path on which the encrypted communication is to be performed has been established. Thus, in the case where information that is obtained after the responding process of responding to the call setting request is encrypted and transmitted, it is possible to transmit the information while maintaining the real-time characteristics of the information to be transmitted.

Abstract: An encrypted communication device includes: a pattern generation unit configured to judge whether or not a security association including as matching data a data portion whose data pattern matches between data in a packet targeted for processing and data in a sample packet is to be generated; a key information exchange unit configured to transmit to an opposite device a key information exchange packet including the matching data and key data when the pattern generation unit judges that the security association is to be generated, and receives from the opposite device a key information exchange packet including a security association identifier of the security association, thereby establishing the security association with the opposite device; and a key information unit configured to store the matching data, the key data, and the security association identifier of the security association established by the key information exchange unit.

Abstract: A communication apparatus performs encryption on data transmitted from another communication apparatus by using first or second cryptographic algorithm, or performs decryption on the data that has been encrypted using the first or second cryptographic algorithm, by using one of the first and second cryptographic algorithms used for the encryption, where the second cryptographic algorithm provides a higher security level than the first cryptographic algorithm. The communication apparatus includes an encryption unit configured to perform, upon receiving the data including a cryptographic class identifying a parameter to be used for performing the encryption or the decryption, the encryption or the decryption by using one of the first and second cryptographic algorithms, based on the cryptographic class.

Abstract: A packet is transmitted from a transmitting device to an active communication device which transmits a reception history identifying the received packets to the transmitting device. The transmitting device transmits an active-mode request message to a standby communication device when having failed to receive the reception history from the active communication device within a predetermined time period. Then, the standby communication device becomes a new active communication device, and the active communication device becomes an old active communication device. The new active communication device transmits to the transmitting device a switching request message for switching a destination of the packet from the old active communication device to the new active communication device.

Abstract: This is a method for transmitting packets. The transmission method includes measuring a time taken for feedback indicating that a packet including context information has been lost; and switching between a first mode and a second mode based on the measured time taken for the feedback, the first mode being a mode for periodically transmitting a packet including the context information and the second mode being a mode for transmitting a packet including the context information in response to the feedback indicating that a packet including the context information has been lost.

Abstract: A communication apparatus that performs encrypted communication of data to an opposing apparatus, the communication apparatus comprising, a communication unit which uses an encryption key to perform encrypted communication of the data, a rekey unit which updates the encryption key; and a control unit which, after it is confirmed that communication using the encryption key after updating has been enabled, starts encrypted communication of the data using the encryption key after updating.

Abstract: A communication apparatus includes a processor configured to determine whether a secure path has been established between the communication apparatus and a first communication apparatus, when communication apparatus transmits to the first communication apparatus, a command that causes execution of a given operation; an acquirer that acquires a transmission-side key having a given correspondence relation with a reception-side key that is acquired by the first communication apparatus; and a transmitter that transmits to the first communication apparatus a packet that includes the acquired transmission-side key and the command, if the processor has determined that the secure path has not been established.

Abstract: A system includes: a first radio base station including: a first processor which performs processes to transmit and receive a first encryption key, and an first interface which transmits or receives the encapsulated packet, the second radio base station includes: a second interface which transmits or receives the encapsulated packet; and a second processor which encrypts or decrypts the packet with the first encryption key, the host node includes: a third processor which encrypts or decrypts the packet, and during processing of a handover of the mobile station, the host node transmits the packet encrypted with the first encryption key to the first radio base station, the first radio base station transmits the packet to the second radio base station by the tunneling, and the second radio base station decapsulates the packet, decrypts the packet with the first encryption key, and then transmits the packet to the mobile station.

Abstract: A packet is transmitted from a transmitting device to an active communication device which transmits a reception history identifying the received packets to the transmitting device. The transmitting device transmits an active-mode request message to a standby communication device when having failed to receive the reception history from the active communication device within a predetermined time period. Then, the standby communication device becomes a new active communication device, and the active communication device becomes an old active communication device. The new active communication device transmits to the transmitting device a switching request message for switching a destination of the packet from the old active communication device to the new active communication device.

Abstract: A packet transmitting apparatus 2 includes: a packet transmitting unit 20 which transmits a packet having a preassigned sequence number to a destination apparatus 3; a transmitted-packet indication information generating unit 21 which generates transmitted-packet indication information that indicates the packet transmitted by the packet transmitting unit 20; and a transmitted-packet indication information transmitting unit 23 which transmits the transmitted-packet indication information to the destination apparatus 3 separately from the packet.