公开(公告)号：US08433922B2

公开(公告)日：2013-04-30

申请号：US12873729

申请日：2010-09-01

申请人： Yosuke Kaga ,  Osamu Takata ,  Yoshiaki Isobe ,  Kenta Takahashi ,  Takao Murakami

发明人： Yosuke Kaga ,  Osamu Takata ,  Yoshiaki Isobe ,  Kenta Takahashi ,  Takao Murakami

IPC分类号： G06F21/00 ,  G06K9/00

CPC分类号： G06F21/32 ,  G06F2221/2117

摘要： In additional enrollment of a template in a biometric authentication system, the template is automatically enrolled on the basis of a plurality of authentication results to assure a user's convenience and security. A post-migration authentication server receives a first template and a second template from a post-migration authentication terminal, performs authentication on the basis of the comparison result between the received first template and the user's preliminarily first enrolled template, and provisionally enrolls the first template and the second template. It repeats the reception, authentication, and provisional enrollment and calculates a match probability from a plurality of comparison results of the provisionally first enrolled templates, determines whether or not to store a second enrolled template on the basis of the match probability, and automatically enrolls the second template in the post-migration authentication server.

摘要翻译： 在生物认证系统中额外登记模板时，基于多个认证结果自动注册该模板，以确保用户的便利性和安全性。 迁移后认证服务器从迁移后认证终端接收第一模板和第二模板，根据接收到的第一模板与用户的初始登录模板之间的比较结果进行认证，并临时登记第一模板 和第二个模板。 它重复接收，认证和临时注册，并根据临时第一登记模板的多个比较结果计算匹配概率，基于匹配概率确定是否存储第二登记模板，并自动注册 后迁移认证服务器中的第二个模板。

公开(公告)号：US20130179957A1

公开(公告)日：2013-07-11

申请号：US13805628

申请日：2011-05-16

申请人： Osamu Takata ,  Yosuke Kaga ,  Yoshiaki Isobe ,  Masahiro Mimura ,  Nobuo Takahashi

发明人： Osamu Takata ,  Yosuke Kaga ,  Yoshiaki Isobe ,  Masahiro Mimura ,  Nobuo Takahashi

IPC分类号： H04L29/06

CPC分类号： H04L63/0861 ,  G06F21/32 ,  G06Q50/26 ,  G06Q50/265 ,  G07C9/00103 ,  G07C9/00158 ,  H04L9/3231

摘要： The present invention shortens the time required for watch list verification, and shortens the time required generally for the personal identification processing which includes watch list verification. In a personal identification system, a biometric information watch list comparison function (31) performs a first comparison of first biometric information in a traveler information DB (53), and biometric information on a biometric information watch list (52). Thereafter, a simplified alien immigration examination comparison function (41) performs a second comparison of the first biometric information in the traveler information DB (53), and second biometric information acquired by a biometric information acquisition function (62). As a result of the comparison, in the case where the difference between the time of the first comparison and the current time is within a previously defined time period, a terminal displays a first comparison result, and a second comparison result.

摘要翻译： 本发明缩短了观看列表验证所需的时间，缩短了包括观看列表验证在内的个人识别处理所需的时间。 在个人识别系统中，生物体信息观察列表比较功能（31）对旅行者信息DB（53）中的第一生物体信息和生物体信息监视列表（52）的生物体信息进行第一比较。 此后，简化的外来移民检查比较功能（41）对旅行者信息DB（53）中的第一生物特征信息和通过生物体信息获取功能（62）获取的第二生物信息进行第二比较。 作为比较的结果，在第一比较的时间与当前时间之间的差异在预定的时间段内的情况下，终端显示第一比较结果和第二比较结果。

公开(公告)号：US20130013527A1

公开(公告)日：2013-01-10

申请号：US13428044

申请日：2012-03-23

申请人： Osamu Takata ,  Yosuke Kaga ,  Yoshiaki Isobe ,  Takuya Kusunoki ,  Nobuo Takahashi

发明人： Osamu Takata ,  Yosuke Kaga ,  Yoshiaki Isobe ,  Takuya Kusunoki ,  Nobuo Takahashi

IPC分类号： G06Q99/00

CPC分类号： G07C9/00087 ,  G06Q50/26 ,  G07C9/00158

摘要： The present invention provides a system and a method for speeding up immigration. In first immigration, first biometric information is stored in a immigration biometric information DB. A normal immigration client terminal displays a first result of comparing an ID information watch list with a biometric information watch list. In subsequent second immigration, the first biometric information in the immigration biometric information DB is compared with second biometric information obtained by a simplified immigration client terminal. Then, the simplified immigration client terminal displays a second result of comparing the first biometric information with the watch list information that is added after the first comparison is done. Thus even if the number of registrations in a watch list database is large, a small amount of similar watch list information is displayed, reducing the time for checking the results by the operator.

摘要翻译： 本发明提供了一种用于加速移民的系统和方法。 在第一次移民中，第一个生物识别信息存储在移民生物识别信息DB中。 正常的移民客户终端显示将ID信息监视列表与生物特征信息监视列表进行比较的第一结果。 在随后的第二移民中，将移民生物特征信息DB中的第一生物特征信息与由简化的移民客户终端获得的第二生物特征信息进行比较。 然后，简化的移民客户终端显示将第一生物信息与在第一比较完成后添加的观察列表信息进行比较的第二结果。 因此，即使观察列表数据库中的注册数量较大，也显示少量类似的观看列表信息，从而减少了操作者检查结果的时间。

公开(公告)号：US20110314285A1

公开(公告)日：2011-12-22

申请号：US13034406

申请日：2011-02-24

申请人： SHINJI HIRATA ,  Kenta Takahashi ,  Osamu Takata

发明人： SHINJI HIRATA ,  Kenta Takahashi ,  Osamu Takata

IPC分类号： H04L9/32

CPC分类号： G06F21/32 ,  H04L63/0861

摘要： When a registration station appends an anonymous ID (AID), a linking validity of the anonymous ID and actual user ID (UID) is assured for an application businessperson in the case of applying to use a biometric authentication. Specifically, a biometric authentication service system includes a biometric authentication server, an application server, a registration station server and a client server, for holding a hash value alone of personal information (P) in the registration station server, supplying again the personal information on applying to use a template (T) for the application server, collating the hash with the previously held hash, and verifying that the user applying to use the template is identical with the user registered the biologic information in the registration station server, in addition, secret information (S) different for every user is added to the personal information to generate unique data and identify the user correctly.

摘要翻译： 当注册站附加匿名ID（AID）时，在申请使用生物特征认证的情况下，确保应用商人的匿名ID和实际用户ID（UID）的链接有效性。 具体地，生物体认证服务系统包括生物认证服务器，应用服务器，注册站服务器和客户端服务器，用于在注册站服务器中保存单独的个人信息（P）的散列值，再次提供个人信息 应用为应用服务器使用模板（T），将散列与先前保持的散列进行整理，并验证申请使用模板的用户与注册站服务器中生物信息的用户是否相同，另外， 向个人信息添加对于每个用户不同的秘密信息（S）以生成唯一数据并且正确地识别用户。

公开(公告)号：US08095676B2

公开(公告)日：2012-01-10

申请号：US11504765

申请日：2006-08-16

申请人： Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

发明人： Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

IPC分类号： G06F15/16

CPC分类号： H04L29/06027 ,  H04L65/1006 ,  H04L65/1069 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/2857

摘要： The present invention is to prevent user's attribute information from being distributed, in the case where it is to be determined whether or not the attribute information (for example, age, address, and the like) of the user satisfies a service providing condition, when a communication session is established across multiple session managing servers.According to the present invention, attribute information of a user who is using a client logging in a session managing server, and attribute information of a service operating on the client are managed, a condition (SEP) to establish a communication session among multiple session managing servers related to the session establishment is shared, and the session managing server which manages the attribute information compares the attribute information and the SEP to make an access judgment, in order to determine whether or not the communication session is to be established.

摘要翻译： 本发明是为了防止用户属性信息的分发，在确定用户的属性信息（例如，年龄，地址等）是否满足服务提供条件的情况下，当 跨多个会话管理服务器建立通信会话。 根据本发明，管理正在使用登录在会话管理服务器中的客户端的用户的属性信息和在客户端上操作的服务的属性信息，在多个会话管理中建立通信会话的条件（SEP） 与会话建立相关的服务器被共享，并且管理属性信息的会话管理服务器将属性信息和SEP进行访问判断，以便确定是否建立通信会话。

公开(公告)号：US08081758B2

公开(公告)日：2011-12-20

申请号：US11317003

申请日：2005-12-27

申请人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

发明人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

IPC分类号： H04K1/00

CPC分类号： H04L9/0866 ,  H04L9/0891

摘要： When a cryptographic communicating part 208 of the communication support server 20 exchanges information with the information processing units 14, if the term of validity of a first key stored in a cryptographic key storing part 200 and corresponding to the identification information of the information processing unit 14 does not expire, the cryptographic communicating part 208 performs the cryptographic communication with the information processing unit 14 using the first key, without performing a process of authenticating the information processing units 14. When the term of validity of the first key expires or the first key corresponding to the identification information of the information processing units 14 is not stored, the key sharing part 202 shares the first key with the information processing units 14, and the cryptographic communicating part 208 performs the cryptographic communication with the information processing units 14 using a newly shared first key.

摘要翻译： 当通信支持服务器20的加密通信部分208与信息处理单元14交换信息时，如果存储在密码密钥存储部分200中并对应于信息处理单元14的识别信息的第一密钥的有效期限 密码通信部208使用第一密钥执行与信息处理单元14的密码通信，而不执行对信息处理单元14进行认证的处理。当第一密钥的有效期到期或第一密钥 与信息处理单元14的识别信息相对应的密钥共享部202与信息处理单元14共享第一密钥，密码通信部208使用新的信息处理部14进行与信息处理部14的密码通信 共享第一个键。

公开(公告)号：US20060236091A1

公开(公告)日：2006-10-19

申请号：US11390459

申请日：2006-03-28

申请人： Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

发明人： Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

IPC分类号： H04L9/00

CPC分类号： H04L29/06027 ,  H04L9/0838 ,  H04L65/1006 ,  H04L65/607

摘要： It takes time for an encryption data communication system to transfer encrypted data, because negotiations of security parameters are necessary prior to communications in order to protect security and integrity of a SIP message or public key cryptography is required to be used for an encryption process, a decryption process., an digital signature process and an digital digital signature verification process each time a SIP message is transmitted/received. When a SIP message is transferred between two entities, the message is encrypted by shared information if the information is being shared between the entities, or the message is encrypted by the public key of the transmission destination entity if the shared information is not being shared. The encrypted message contains shared information to be used for the transmission destination entity of the encrypted data to encrypt or decrypt the message, during communications after the encrypted data is generated.

摘要翻译： 加密数据通信系统需要时间来传送加密数据，因为在通信之前需要安全参数的协商以保护SIP消息的安全性和完整性，或者需要使用公共密钥密码术来进行加密处理， 解密处理，每次发送/接收SIP消息时的数字签名处理和数字数字签名验证处理。 当SIP消息在两个实体之间传输时，如果信息在实体之间共享，则消息由共享信息加密，或者如果共享信息未被共享，则消息由发送目的地实体的公钥加密。 在加密数据生成之后的通信期间，加密消息包含要用于加密数据的发送目的地实体的共享信息，以加密或解密该消息。

公开(公告)号：US08238555B2

公开(公告)日：2012-08-07

申请号：US12255200

申请日：2008-10-21

申请人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

发明人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

IPC分类号： H04L29/06

CPC分类号： H04L63/0428 ,  H04L63/062

摘要： Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

摘要翻译： 管理服务器和验证服务器均已安装。 终端和终端注册设置信息可用于管理服务器中的加密通信。 当执行加密通信时，管理服务器搜索登记的设置信息以获得一致的设置信息。 管理服务器生成可由终端使用的加密通信的密钥，并将这些生成的密钥与重合的设置信息相结合。 管理服务器与验证服务器一起认证两个终端。 由于终端信任这样的结果，管理服务器分别对终端进行认证，所以这些终端不需要对相应的通信计数器终端进行认证。

公开(公告)号：US07984290B2

公开(公告)日：2011-07-19

申请号：US11436048

申请日：2006-05-18

申请人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Osamu Takata ,  Kazuyoshi Hoshino ,  Shinji Nakamura

发明人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Osamu Takata ,  Kazuyoshi Hoshino ,  Shinji Nakamura

IPC分类号： H04L29/06

CPC分类号： H04L63/029 ,  H04L9/321 ,  H04L9/3268 ,  H04L9/3273 ,  H04L63/062 ,  H04L63/0823

摘要： In an encryption communication using VPN technologies, a load on a VPN system becomes large if the number of communication terminals increases. When an external terminal accesses via an internal terminal an application server, processes become complicated because it is necessary to perform authentication at VPN and authentication at the application server. A management server is provided for managing external terminals, internal terminals and application servers. The management server authenticates each communication terminal and operates to establish an encryption communication path between communication terminals. Authentication of each terminal by the management server relies upon a validation server. When the external terminal performs encryption communication with the application server via the internal terminal, two encryption communication paths are established and used between the external terminal and internal terminal and between the internal terminal and application server.

摘要翻译： 在使用VPN技术的加密通信中，如果通信终端的数量增加，则VPN系统的负载变大。 当外部终端通过内部终端访问应用服务器时，由于需要在VPN处进行认证并在应用服务器进行认证，所以处理变得复杂。 提供管理服务器，用于管理外部终端，内部终端和应用服务器。 管理服务器对每个通信终端进行认证，并且操作以在通信终端之间建立加密通信路径。 管理服务器对每个终端的认证依赖于验证服务器。 当外部终端通过内部终端与应用服务器进行加密通信时，在外部终端与内部终端之间以及内部终端与应用服务器之间建立并使用两个加密通信路径。

公开(公告)号：US20080098221A1

公开(公告)日：2008-04-24

申请号：US11907260

申请日：2007-10-10

申请人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Osamu Takata ,  Kazuyoshi Hoshino

发明人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Osamu Takata ,  Kazuyoshi Hoshino

IPC分类号： H04L9/32

CPC分类号： G06Q20/3674 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/0869 ,  H04L67/1002 ,  H04L67/1006 ,  H04L67/1008 ,  H04L67/1029

摘要： To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.

摘要翻译： 为了解决在使用VPN技术的加密通信中终端装置的数量增加，VPN终端装置与VPN装置之间的通信被加密的情况下，VPN装置的负载大的问题， 端到端加密通信，提供通信系统，包括：终端装置; 多个叶片; 以及管理服务器，其中：所述管理服务器选择刀片，对所述终端设备和所选择的刀片进行认证，并且中介所述终端设备与所选刀片之间的加密通信路径建立; 终端设备和刀片在没有管理服务器的中介的情况下执行加密的通信; 并且管理服务器请求验证服务器来认证每个终端。