Abstract: It takes a processing time to perform a security process on a time synchronization message, thus the difference of a delay time required for the security process can be made between a time at which the time synchronization message is actually transmitted and a transmission time assigned to the time synchronization message, and therefore, the difference between the actual transmission time of the time synchronization message and the assigned transmission time needs to be reduced. In generation of a secure time synchronization message in the synchronization system according to embodiments of the present invention, most of the security processes is performed in an upper layer which is an MAC layer or a higher layer, and processes including the assignment of the transmission time and assignment of authentication information for authenticating validity of the transmission time are performed in a physical layer.

Abstract: In a network registration system including a communicator to be registered on a network and a register registering the communicator on the network, either of the communicator and the register includes a check information generator generating a check information signal according to check information for prompting the user to check that the communicator is treated as an object to be registered in the network registration system; and a check information output section outputting the check information signal in a form sensible to the user. The other of the communicator and the register includes an evaluation criterion supplier supplying evaluation criterion information allowing the user to evaluate the suitability of the check information emitted from the check information output section. Thus, the network registration system can prevent an incorrect registration while easily registering the communicator to the network.

Abstract: It takes a processing time to perform a security process on a time synchronization message, thus the difference of a delay time required for the security process can be made between a time at which the time synchronization message is actually transmitted and a transmission time assigned to the time synchronization message, and therefore, the difference between the actual transmission time of the time synchronization message and the assigned transmission time needs to be reduced. In generation of a secure time synchronization message in the synchronization system according to embodiments of the present invention, most of the security processes is performed in an upper layer which is an MAC layer or a higher layer, and processes including the assignment of the transmission time and assignment of authentication information for authenticating validity of the transmission time are performed in a physical layer.

Abstract: First communication units use a public key thereof certified by a certification authority on a PKI (Public Key Infrastructure), which is held by the first communication units in advance, and a secret key of the first communication units or delegation information generated by using secret information, as public key certificate, of the first communication units to thereby allow a proxy server to perform security processing, i.e. key exchange processing, authentication processing or processing for providing compatibility of encryption schemes, between the first communication units and a second communication unit on behalf of the first communication units.

Abstract: In a sensor network system, a transmitter device uses a message authentication key generated by a message generator to transmit a message with authenticator to plural receiver devices, which in reply produce a certification by a certification generator from a message with authenticator held by a message holder to transmit the certification to the transmitter device. An information generator of the transmitter device uses an identification from a reception checker and the message authentication key thus generated to generate an authentication key notification, which will be transmitted to receiver devices having transmitted the certification. In the receiver devices, the message holder holds the authentication key notification, from which an authentication key acquirer acquires the message authentication key, which a message authenticator uses to compare the message with authenticator generated with the message with authenticator held in the message holder to confirm the received message.

Abstract: A communication terminal generates a temporary network key based on a managed master network key and on key identification used for security processing on a communication frame. The security processing is performed on the communication frame using the temporary network key. A secure communication frame is produced in which the identification of the key is indicated.

Abstract: In a network registration system including a communicator to be registered on a network and a register registering the communicator on the network, either of the communicator and the register includes a check information generator generating a check information signal according to check information for prompting the user to check that the communicator is treated as an object to be registered in the network registration system; and a check information output section outputting the check information signal in a form sensible to the user. The other of the communicator and the register includes an evaluation criterion supplier supplying evaluation criterion information allowing the user to evaluate the suitability of the check information emitted from the check information output section. Thus, the network registration system can prevent an incorrect registration while easily registering the communicator to the network.

Abstract: There is provided a secure communication system comprising first and second communication apparatuses carrying out encrypted communication. The first communication apparatus includes: a first established communication path managing unit managing information on an encrypted communication path established with the second communication apparatus; and a first communication path reestablishing unit notifying the second communication apparatus of first communication apparatus identification information and operating with the second communication apparatus to reestablish an encrypted communication path using the information on the established encrypted communication path.

Abstract: A communication method in which an operation, such as authentication, required when a new communication terminal participates in a mesh network is carried out in a more efficient manner. A second communication terminal that has already established an adjacent communication link with at least two first communication terminals, out of a plurality of communication terminals, distributes an adjacent terminal list including terminal identifiers of the first communication terminals along with a temporal key generated by the second communication terminal. One of the first communication terminals that received the adjacent terminal list and the temporal key distributes adjacent registration information, which is generated using a second temporal key.

Abstract: A communication device receives secure communication frames on which a security transform has been performed to permit authentication. The communication device maintains an authentication history and a local time varying parameter. In multi-hop communication, the communication device provisionally verifies the freshness of a received secure communication frame by verifying that identifying information extracted from the frame is not already present in the authentication history and that a received time varying parameter extracted from the frame is not older than the local time varying parameter by more than a certain margin. If these freshness tests both pass, the frame is authenticated. If authentication succeeds, the frame is transmitted on the next hop without performance of a new security transform.

Abstract: A receiving device sends challenge information to a transmitting device. The transmitting device initializes a time varying parameter and transmits communication data together with data derived from the challenge information to the receiving device. Subsequent communication data, if any, are then transmitted together with data derived from the time varying parameter. The receiving device uses the challenge information to verify the freshness of the communication data transmitted first, and uses the time varying parameter to verify the freshness of the subsequent communication data. Freshness can be verified without having to maintain any type of verification data during sleep periods, and without having to send a separate challenge for each data transmission.

Abstract: A transmission terminal includes an information generation unit, a transmission unit, a delivery management unit, and a reception unit. The information generation unit generates information that is to be transmitted to a destination reception terminal. The transmission unit transmits information that the information generation unit has generated. The delivery management unit manages transmission of information. The reception unit receives information that the destination reception terminal transmits. Furthermore, the information generation unit generates or receives transmission information that is to be transmitted to the destination reception terminal and generates redundant information for the destination reception terminal to restore the transmission information.

Abstract: In a message authentication system in which a message is transmitted from a message transmission apparatus 100 to individual message reception apparatuses 120 through wireless communication connecting the message transmission apparatus 100 with the message reception apparatuses 120 via intermediary message reception apparatuses and the message is authenticated at each message reception apparatus, the message transmission apparatus first transmits an electronic signature to each message reception apparatus as a message transmission notification and then transmits the message and an authentication key to the message reception apparatus after allowing a predetermined time lag. Thus, the message reception apparatus does not need to hold the message before the authentication key is published (FIG. 7).

Abstract: A wireless network system, information providing apparatus and wireless terminal that can prevent the leak of information such as an address of the wireless terminal. A wireless network system includes an information providing apparatus that provides service information over a wireless network, and multiple wireless terminals each of which receives the service information provided from the information providing apparatus. In this case, the information providing apparatus includes destination possibility data in the service information, and each of the wireless terminals determines the destination possibility that the destination of the provided service information is the wireless terminal based on the destination possibility data included in the provided service information accepts the provided service information only if it is determined that there is the destination possibility.

Abstract: The invention provides a key update system for a multihop network system including an authentication management device that manages keys using a hierarchical structure. That device constructs key information having a hierarchical structure in accordance with the structure of the multihop network. In addition, that device determines respective encryption keys for encrypting the keys based on the key information, and the communication terminals obtain the respective keys. In this system, that device includes a key tree management portion that constructs and manages the key information; an encryption portion that encrypts the keys using the keys included in the key information; and a transmission portion that transmits the encrypted keys. Each communication terminal includes a receiving portion that receives the encrypted keys; a key management portion that manages the keys that need to be held and stored by the given communication terminal; and a decryption portion that decrypts the encrypted keys.

Abstract: In a sensor network system, a transmitter device uses a message authentication key generated by a message generator to transmit a message with authenticator to plural receiver devices, which in reply produce a certification by a certification generator from a message with authenticator held by a message holder to transmit the certification to the transmitter device. An information generator of the transmitter device uses an identification from a reception checker and the message authentication key thus generated to generate an authentication key notification, which will be transmitted to receiver devices having transmitted the certification. In the receiver devices, the message holder holds the authentication key notification, from which an authentication key acquirer acquires the message authentication key, which a message authenticator uses to compare the message with authenticator generated with the message with authenticator held in the message holder to confirm the received message.

Abstract: There is provided an unauthorized terminal inferring device (100) device that is connected to a plurality of communications terminal devices (IDi) by a multi-hop network.

Abstract: A message sending device sends a message. A message receiving device generates reception authentication information of the message when receiving the message, and further generates reception confirmation information of the message by using the reception authentication information of the message, to send the reception confirmation information of the message to a reception confirmation information verification device. The reception confirmation information verification device verifies the received reception confirmation information. The message sending device obtains a reception confirmation of the message for the message receiving device based on the verification result. This configuration reduces a processing load in each node as much as possible for confirming whether data to large numbers of nodes under a multihop environment have been received in each node.

Abstract: A communication device receives secure communication frames on which a security transform has been performed to permit authentication. The communication device maintains an authentication history and a local time varying parameter. In multi-hop communication, the communication device provisionally verifies the freshness of a received secure communication frame by verifying that identifying information extracted from the frame is not already present in the authentication history and that a received time varying parameter extracted from the frame is not older than the local time varying parameter by more than a certain margin. If these freshness tests both pass, the frame is authenticated. If authentication succeeds, the frame is transmitted on the next hop without performance of a new security transform.

Abstract: A communication terminal generates a temporary network key based on a managed master network key and on key identification used for security processing on a communication frame. The security processing is performed on the communication frame using the temporary network key. A secure communication frame is produced in which the identification of the key is indicated.