-
41.发明授权Management server, communication apparatus and program implementing key allocation system for encrypted communication 失效管理服务器,通信装置和程序实现加密通信的密钥分配系统公开(公告)号:US08238555B2
公开(公告)日:2012-08-07
申请号:US12255200
申请日:2008-10-21
IPC分类号: H04L29/06
CPC分类号: H04L63/0428 , H04L63/062
摘要: Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.
摘要翻译: 管理服务器和验证服务器均已安装。 终端和终端注册设置信息可用于管理服务器中的加密通信。 当执行加密通信时,管理服务器搜索登记的设置信息以获得一致的设置信息。 管理服务器生成可由终端使用的加密通信的密钥,并将这些生成的密钥与重合的设置信息相结合。 管理服务器与验证服务器一起认证两个终端。 由于终端信任这样的结果,管理服务器分别对终端进行认证,所以这些终端不需要对相应的通信计数器终端进行认证。
-
公开(公告)号:US07984290B2
公开(公告)日:2011-07-19
申请号:US11436048
申请日:2006-05-18
申请人: Yoko Hashimoto , Takahiro Fujishiro , Tadashi Kaji , Osamu Takata , Kazuyoshi Hoshino , Shinji Nakamura
发明人: Yoko Hashimoto , Takahiro Fujishiro , Tadashi Kaji , Osamu Takata , Kazuyoshi Hoshino , Shinji Nakamura
IPC分类号: H04L29/06
CPC分类号: H04L63/029 , H04L9/321 , H04L9/3268 , H04L9/3273 , H04L63/062 , H04L63/0823
摘要: In an encryption communication using VPN technologies, a load on a VPN system becomes large if the number of communication terminals increases. When an external terminal accesses via an internal terminal an application server, processes become complicated because it is necessary to perform authentication at VPN and authentication at the application server. A management server is provided for managing external terminals, internal terminals and application servers. The management server authenticates each communication terminal and operates to establish an encryption communication path between communication terminals. Authentication of each terminal by the management server relies upon a validation server. When the external terminal performs encryption communication with the application server via the internal terminal, two encryption communication paths are established and used between the external terminal and internal terminal and between the internal terminal and application server.
摘要翻译: 在使用VPN技术的加密通信中,如果通信终端的数量增加,则VPN系统的负载变大。 当外部终端通过内部终端访问应用服务器时,由于需要在VPN处进行认证并在应用服务器进行认证,所以处理变得复杂。 提供管理服务器,用于管理外部终端,内部终端和应用服务器。 管理服务器对每个通信终端进行认证,并且操作以在通信终端之间建立加密通信路径。 管理服务器对每个终端的认证依赖于验证服务器。 当外部终端通过内部终端与应用服务器进行加密通信时,在外部终端与内部终端之间以及内部终端与应用服务器之间建立并使用两个加密通信路径。
-
43.发明申请METHOD, PRODUCT AND APPARATUS FOR ACCELERATING PUBLIC-KEY CERTIFICATE VALIDATION 有权方法,产品和装置,用于加速公共关键证书的验证公开(公告)号:US20090259842A1
公开(公告)日:2009-10-15
申请号:US12488051
申请日:2009-06-19
IPC分类号: H04L9/00
CPC分类号: H04L9/3268 , H04L9/007 , H04L9/3265
摘要: A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.
摘要翻译: 证书的验证机构定期搜索和验证路径和证书撤销列表,并根据验证结果将路径分类为有效路径和无效路径,以便事先在数据库中注册路径。 此外,在从终端实体接收到认证证书的有效性的请求的情况下,验证机构通过检查有效路径数据库和无效路径数据库中的哪一个来判断公钥证书的有效性 登记与请求对应的路径。 另一方面,在与有效认证请求对应的路径未登记在任一数据库中的情况下,通过重新进行路径搜索和验证来认证公钥证书的有效性。
-
公开(公告)号:US07558952B2
公开(公告)日:2009-07-07
申请号:US10788417
申请日:2004-03-01
IPC分类号: H04L9/00
CPC分类号: H04L9/3268 , H04L9/007 , H04L9/3265
摘要: A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.
摘要翻译: 证书的验证机构定期搜索和验证路径和证书撤销列表,并根据验证结果将路径分类为有效路径和无效路径,以便事先在数据库中注册路径。 此外,在从终端实体接收到认证证书的有效性的请求的情况下,验证机构通过检查有效路径数据库和无效路径数据库中的哪一个来判断公钥证书的有效性 登记与请求对应的路径。 另一方面,在与有效认证请求对应的路径未登记在任一数据库中的情况下,通过重新进行路径搜索和验证来认证公钥证书的有效性。
-
45.发明申请Method for encrypted communication with a computer system and system therefor 失效用于与计算机系统及其系统进行加密通信的方法公开(公告)号:US20080098221A1
公开(公告)日:2008-04-24
申请号:US11907260
申请日:2007-10-10
IPC分类号: H04L9/32
CPC分类号: G06Q20/3674 , H04L63/0272 , H04L63/0428 , H04L63/0869 , H04L67/1002 , H04L67/1006 , H04L67/1008 , H04L67/1029
摘要: To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.
摘要翻译: 为了解决在使用VPN技术的加密通信中终端装置的数量增加,VPN终端装置与VPN装置之间的通信被加密的情况下,VPN装置的负载大的问题, 端到端加密通信,提供通信系统,包括:终端装置; 多个叶片; 以及管理服务器,其中:所述管理服务器选择刀片,对所述终端设备和所选择的刀片进行认证,并且中介所述终端设备与所选刀片之间的加密通信路径建立; 终端设备和刀片在没有管理服务器的中介的情况下执行加密的通信; 并且管理服务器请求验证服务器来认证每个终端。
-
46.发明申请公开(公告)号:US20070274525A1
公开(公告)日:2007-11-29
申请号:US11711892
申请日:2007-02-28
CPC分类号: H04L63/065
摘要: An encrypted communication system is provided, in which an encryption key for use in encrypted communication and settings information for the encrypted communication are distributed to each of a plurality of communication devices performing encrypted communication within a group, and in which traffic generated by distributing the encryption key and the like can be reduced. In the encrypted communication system according to the present invention, information including a key for use in the intra-group encrypted communication or a seed which generates the key is distributed to the communication devices belonging to the group that are participating (e.g., logged in) in the intra-group encrypted communication.
摘要翻译: 提供了一种加密通信系统,其中将用于加密通信的加密密钥和用于加密通信的设置信息分配给执行组内的加密通信的多个通信设备中的每一个,并且其中通过分发加密 钥匙等可以减少。 在根据本发明的加密通信系统中,包括用于组内加密通信的密钥或生成密钥的种子的信息被分发给属于正在参与(例如登录)的组的通信设备, 在组内加密通信中。
-
47.发明申请Communication support server, communication support method, and communication support system 失效通信支持服务器,通信支持方式和通信支持系统公开(公告)号:US20070192583A1
公开(公告)日:2007-08-16
申请号:US11317003
申请日:2005-12-27
IPC分类号: H04L9/00
CPC分类号: H04L9/0866 , H04L9/0891
摘要: When a cryptographic communicating part 208 of the communication support server 20 exchanges information with the information processing units 14, if the term of validity of a first key stored in a cryptographic key storing part 200 and corresponding to the identification information of the information processing unit 14 does not expire, the cryptographic communicating part 208 performs the cryptographic communication with the information processing unit 14 using the first key, without performing a process of authenticating the information processing units 14. When the term of validity of the first key expires or the first key corresponding to the identification information of the information processing units 14 is not stored, the key sharing part 202 shares the first key with the information processing units 14, and the cryptographic communicating part 208 performs the cryptographic communication with the information processing units 14 using a newly shared first key.
摘要翻译: 当通信支持服务器20的加密通信部分208与信息处理单元14交换信息时,如果存储在密码密钥存储部分200中并对应于信息处理单元14的识别信息的第一密钥的有效期限 密码通信部208使用第一密钥执行与信息处理部14的密码通信,不进行认证信息处理部14的处理。 当第一密钥的有效期到期或与信息处理单元14的识别信息相对应的第一密钥未被存储时,密钥共享部分202与信息处理单元14共享第一密钥,密码通信部分 208使用新共享的第一密钥执行与信息处理单元14的密码通信。
-
公开(公告)号:US20060288120A1
公开(公告)日:2006-12-21
申请号:US11417054
申请日:2006-05-04
IPC分类号: G06F15/173
CPC分类号: H04L63/0428 , H04L29/06027 , H04L63/08 , H04L65/1006 , H04L67/1002 , H04L67/1008 , H04L67/1023
摘要: A server device that represents a plurality of service provision servers implements authentication and a SIP message exchange with respect to a SIP server as a representative, and notifies a service provision server of client communication information that is acquired by the SIP message exchange. The service provision server communicates with a client on the basis of the client communication information that is notified from the representative server.
摘要翻译: 表示多个服务提供服务器的服务器装置以代表SIP服务器的身份执行认证和SIP消息交换,并向服务提供服务器通知由SIP消息交换获取的客户端通信信息。 服务提供服务器基于从代表服务器通知的客户端通信信息与客户端进行通信。
-
公开(公告)号:US20060204003A1
公开(公告)日:2006-09-14
申请号:US11363510
申请日:2006-02-28
IPC分类号: H04L9/30
CPC分类号: H04L9/14 , H04L9/083 , H04L9/0861 , H04L9/0891 , H04L9/3247 , H04L9/3268 , H04L63/065
摘要: Cryptographic communication between communication terminals can be realized even when a plurality of cryptographic algorithms are present, and secure cryptographic communication for a longer time is realized without increasing a processing overhead at each of the communication terminals. A key management server manages cryptographic algorithms that can be used by each of the communication terminal, and searches for a cryptographic algorithm common to the communication terminals, and notifies each of the communication terminals of the cryptographic algorithm found by the search together with plural key generation informations, each piece containing a key to be used in the cryptographic algorithm or a key type for generating the key. Each of the communication terminals sequentially switches the plural key generation informations notified from the key management server, and performs the cryptographic communication with a communication counterpart in accordance with the cryptographic algorithm notified from the key management server.
摘要翻译: 即使存在多个加密算法,也可以实现通信终端之间的加密通信,并且在不增加每个通信终端处理开销的情况下实现更长时间的安全密码通信。 密钥管理服务器管理可由每个通信终端使用的加密算法,并且搜索通信终端公用的加密算法,并且通过搜索发现的密码算法与多个密钥生成通知每个通信终端 信息,每个部分包含要在密码算法中使用的密钥或用于生成密钥的密钥类型。 每个通信终端顺序地切换从密钥管理服务器通知的多个密钥生成信息,并且根据从密钥管理服务器通知的密码算法,与通信对方进行密码通信。
-
公开(公告)号:US06327658B1
公开(公告)日:2001-12-04
申请号:US09185644
申请日:1998-11-04
申请人: Seiichi Susaki , Katsuyuki Umezawa , Tadashi Kaji , Satoru Tezuka , Ryoichi Sasaki , Kuniaki Tabata , Takashi Akaosugi , Akira Kito
发明人: Seiichi Susaki , Katsuyuki Umezawa , Tadashi Kaji , Satoru Tezuka , Ryoichi Sasaki , Kuniaki Tabata , Takashi Akaosugi , Akira Kito
IPC分类号: H04L932
CPC分类号: H04L63/104 , G06F21/51 , H04L29/06 , H04L67/42
摘要: A distributed object system comprising at least one object distributing server, at least one client terminal and at least one server object execution server according to the present invention, including: an object distributing server for storing an object program to which an electronic signature is affixed; a client terminal including means for down-loading the object program from the object distributing server, means for verifying the electronic signature affixed to the object program, means for executing the client object program when the completeness of the object program is confirmed and the user of the client terminal beforehand permits execution of the client object program which is electronically signed by a signatory, and means for transmitting the electronic signature affixed to the object program to a server object execution server; and a server object execution server including means for verifying the signature received, and means for supplying services to the user of the client terminal when the completeness of the object program is confirmed and the user and the object program permit use of the services in advance, which makes it possible to prevent a client object which is down-loaded to a client terminal through a network and executed therein from carrying out unjustified processing (not intended by a user using the client terminal) by using authority of the user.
摘要翻译: 一种包括至少一个对象分发服务器,至少一个客户端终端和至少一个服务器对象执行服务器的分布式对象系统,包括:对象分发服务器,用于存储附加有电子签名的对象程序; 包括用于从对象分发服务器下载对象程序的装置的客户终端,用于验证附加到对象程序的电子签名的装置,当确认对象程序的完整性时执行客户对象程序的装置, 客户端预先允许执行由签名人电子签名的客户对象程序,以及用于将附加到对象程序的电子签名发送到服务器对象执行服务器的装置; 以及服务器对象执行服务器,包括用于验证所接收的签名的装置,以及当确认对象程序的完整性并且用户和对象程序预先使用服务时向客户端的用户提供服务的装置, 这使得可以通过使用用户的权限来防止通过网络向客户端终端下载的客户端对象并在其中执行,以执行不合理的处理(不是由用户使用客户终端的用户)。
-
-
-
-
-
-
-
-
-
搜索结果
57 条记录 (耗时 0.037 秒)
