公开(公告)号：US20130333045A1

公开(公告)日：2013-12-12

申请号：US14000489

申请日：2011-12-08

申请人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

发明人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

IPC分类号： G06F21/57

CPC分类号： G06F21/577 ,  G06F2221/034 ,  H04L41/0853 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L41/5096 ,  H04L63/20

摘要： A security level of each service is calculated and visualized. The device includes a security level calculation unit and a security level visualization unit. The security level calculation unit receives information regarding security of the service from a plurality of sensors as observation information, and calculates a security level of each service based on the received observation information and a security level calculation policy. The security level visualization unit outputs the security level of each service, based on the security level calculated by the security level calculation unit and configuration information of the service. Further, the security level calculation policy has a service, a user using the service, and an observation item to be observed in the service. The security level calculation unit calculates the security level in association with the user of the service and the service, based on the security level calculation policy.

摘要翻译： 计算和可视化每个服务的安全级别。 该设备包括安全级别计算单元和安全级别可视化单元。 安全级别计算单元从多个传感器接收关于服务的安全性的信息作为观察信息，并且基于接收到的观察信息和安全级别计算策略来计算每个服务的安全级别。 安全级别可视化单元基于由安全级别计算单元计算的安全级别和服务的配置信息输出每个服务的安全级别。 此外，安全级别计算策略具有服务，使用该服务的用户以及要在服务中观察的观察项目。 安全级别计算单元基于安全级别计算策略计算与服务和服务的用户相关联的安全级别。

公开(公告)号：US08402524B2

公开(公告)日：2013-03-19

申请号：US13018975

申请日：2011-02-01

申请人： Tadashi Kaji ,  Naoki Hayashi ,  Akifumi Yato ,  Shinichi Irube

发明人： Tadashi Kaji ,  Naoki Hayashi ,  Akifumi Yato ,  Shinichi Irube

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC分类号： H04L63/0815 ,  G06F21/305 ,  G06F21/46 ,  G06F21/6263

摘要： An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate.

摘要翻译： ID桥服务系统管理由应用服务系统提供服务所需的身份信息的类型和保证以及由多个认证服务系统管理的身份信息的类型和保证，并且具有选择认证服务的选择措施 系统，当从应用服务系统接收到认证请求时，管理与多个认证服务系统中的应用服务系统提供服务所需的身份信息相对应的身份信息，以及请求所选认证的请求度量 服务体系认证。

公开(公告)号：US20120210125A1

公开(公告)日：2012-08-16

申请号：US13368620

申请日：2012-02-08

申请人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

发明人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

IPC分类号： H04L29/06

CPC分类号： H04L63/1408 ,  H04L63/0428

摘要： An encrypted traffic test system is disclosed which tests whether or not traffic involving packets over a network is encrypted, the encrypted traffic test system including: a test data acquisition portion configured to receive each of the packets on the network so as to acquire test data from the received packet; an encrypted traffic test portion configured to evaluate the test data acquired by the test data acquisition portion for randomness using a random number testing scheme and, if the test data is evaluated to have randomness, to further determine that the traffic involving the packets including the test data is encrypted traffic; and a test result display portion configured to display a test result from the encrypted traffic test portion on a test result display screen.

摘要翻译： 公开了一种加密流量测试系统，其测试是否对通过网络进行分组的流量进行加密，所述加密流量测试系统包括：测试数据获取部分，被配置为接收网络上的每个分组，以便从 收到的包; 被配置为使用随机数测试方案来评估由测试数据获取部分获取的随机性的测试数据的加密流量测试部分，并且如果测试数据被评估为具有随机性，则进一步确定涉及包括测试的分组的流量 数据是加密流量; 以及测试结果显示部分，被配置为在测试结果显示屏幕上显示来自加密的流量测试部分的测试结果。

公开(公告)号：US20120198039A1

公开(公告)日：2012-08-02

申请号：US13201574

申请日：2010-02-15

申请人： Naoki Hayashi ,  Tadashi Kaji ,  Akifumi Yato ,  Dan Yamamoto ,  Shinichi Irube

发明人： Naoki Hayashi ,  Tadashi Kaji ,  Akifumi Yato ,  Dan Yamamoto ,  Shinichi Irube

IPC分类号： G06F15/173

CPC分类号： H04L67/02 ,  H04L29/12754 ,  H04L61/3085 ,  H04L67/1002 ,  H04L67/1014

摘要： A processing load on service is distributed to improve the availability of linkage service even if the details of the processing of the linkage service are unknown. A service dynamic linkage device (110) sequentially selects pieces of web service which can be executed on the basis of dependence relationship information having identified a web server which should have already been executed among pieces of web service included in a scenario, the execution of which has been requested from a user-side communication terminal (140), and repeatedly performs processing to be executed until there are no pieces of web service included in the scenario.

摘要翻译： 分配服务的处理负荷，以提高链接服务的可用性，即使链接服务的处理细节未知。 服务动态联动装置（110）依次选择可以基于已经在包含在场景中的多个web服务中已经执行的web服务器的依赖关系信息执行的web服务，其执行 已经从用户侧通信终端（140）请求，并且重复执行要执行的处理，直到在场景中没有包括web服务的片段。

公开(公告)号：US08041822B2

公开(公告)日：2011-10-18

申请号：US11417054

申请日：2006-05-04

申请人： Kazuyoshi Hoshino ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kohei Sawada

发明人： Kazuyoshi Hoshino ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kohei Sawada

IPC分类号： G06F15/16

CPC分类号： H04L63/0428 ,  H04L29/06027 ,  H04L63/08 ,  H04L65/1006 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1023

摘要： A server device that represents a plurality of service provision servers implements authentication and a SIP message exchange with respect to a SIP server as a representative, and notifies a service provision server of client communication information that is acquired by the SIP message exchange. The service provision server communicates with a client on the basis of the client communication information that is notified from the representative server.

摘要翻译： 表示多个服务提供服务器的服务器装置以代表SIP服务器的身份执行认证和SIP消息交换，并向服务提供服务器通知由SIP消息交换获取的客户端通信信息。 服务提供服务器基于从代表服务器通知的客户端通信信息与客户端进行通信。

公开(公告)号：US20100312887A1

公开(公告)日：2010-12-09

申请号：US12858040

申请日：2010-08-17

申请人： Yuko Sawai ,  Kazuyoshi Hoshino ,  Osamu Takata ,  Tadashi Kaji ,  Kohei Sawada

发明人： Yuko Sawai ,  Kazuyoshi Hoshino ,  Osamu Takata ,  Tadashi Kaji ,  Kohei Sawada

IPC分类号： G06F15/173

CPC分类号： H04L65/1006 ,  H04L67/00 ,  H04L67/28 ,  H04L67/2842

摘要： A communication management apparatus for managing communication exchanged between communication apparatuses, including: a communication information management control portion for receiving, after communication under a communication session between first and second communication apparatuses, first information of quantity of the communication from the first communication apparatus and for receiving second information of quantity of the communication from the second communication apparatus; a communication information storage portion for storing both the first and second information received from the communication information management control portion; and a communication information verification portion for comparing the first and second information of quantity of the communication to verify any falsification thereof in a statistical process.

摘要翻译： 一种用于管理在通信设备之间交换的通信的通信管理设备，包括：通信信息管理控制部分，用于在第一和第二通信设备之间的通信会话通信之后，接收来自第一通信设备的通信量的第一信息， 从第二通信设备接收通信量的第二信息; 通信信息存储部分，用于存储从通信信息管理控制部分接收的第一和第二信息; 以及通信信息验证部分，用于比较通信量的第一和第二信息，以在统计过程中验证其伪造。

公开(公告)号：US07657035B2

公开(公告)日：2010-02-02

申请号：US11504767

申请日：2006-08-16

申请人： Akifumi Yato ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

发明人： Akifumi Yato ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/0428 ,  H04L9/083 ,  H04L9/0869 ,  H04L63/20

摘要： Each terminal registers the key generation information into each session management server, the information including a plurality of setting items necessary for determining set values to generated a key to be used by itself, and set value candidates which are stored in the setting items.When the encryption communications are established between the terminals, the individual session management servers and a key generation information management server are associated, so that the key generation information management server selects the algorithm suite based on the key generation information. The session management server generates the parameters based on the selected algorithm suite, acquires the information on the selected algorithm suite from the key generation information management server, generates the key for the encryption communications based on that information and distributes the key to the each terminal.

摘要翻译： 每个终端将密钥生成信息注册到每个会话管理服务器中，该信息包括确定设置值所需的多个设置项目以产生要自己使用的密钥，并设置存储在设置项目中的值候选。 当在终端之间建立加密通信时，各个会话管理服务器和密钥生成信息管理服务器相关联，使得密钥生成信息管理服务器基于密钥生成信息来选择算法套件。 会话管理服务器根据选择的算法套件生成参数，从密钥生成信息管理服务器获取所选算法套件的信息，根据该信息生成加密通信的密钥，并将密钥分配给每个终端。

公开(公告)号：US20090113203A1

公开(公告)日：2009-04-30

申请号：US12255788

申请日：2008-10-22

申请人： Munetoshi Tsuge ,  Kazuyoshi Hoshino ,  Tadashi Kaji

发明人： Munetoshi Tsuge ,  Kazuyoshi Hoshino ,  Tadashi Kaji

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/0428 ,  H04L29/12377 ,  H04L29/12424 ,  H04L29/1249 ,  H04L61/2517 ,  H04L61/2535 ,  H04L61/256 ,  H04L63/08 ,  H04L63/164

摘要： An encryption communication module on the side of a service providing server reports a global IP address allocated to an NAPT router on the service providing server side and a port number of an outside UDP header used on the global side to an authentication/key exchange server. When receiving an encryption packet from an encryption communication module on the user terminal side, the encryption communication module on the service providing server side overwrite a source/destination IP address of an inside IP header by a source/destination IP address of an outside IP header. The encryption communication module further changes a source port number of an inside TCP•UDP header to a unique value for each communication session in the encryption communication having the same source IP address in the outside IP header. The inverse header change is made when the packet is transmitted to the encryption communication module of the user terminal side.

摘要翻译： 在服务提供服务器一侧的加密通信模块向服务提供服务器端报告分配给NAPT路由器的全局IP地址，以及全球方面使用的外部UDP头端口到认证/密钥交换服务器。 当从用户终端侧的加密通信模块接收到加密分组时，服务提供服务器侧的加密通信模块通过外部IP头部的源/目的地IP地址覆盖内部IP头部的源/目的地IP地址 。 加密通信模块进一步将内部TCP.UDP报头的源端口号改变为在外部IP报头中具有相同源IP地址的加密通信中的每个通信会话的唯一值。 当分组被发送到用户终端侧的加密通信模块时，进行反向报头改变。

公开(公告)号：US07443986B2

公开(公告)日：2008-10-28

申请号：US10931219

申请日：2004-09-01

申请人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

发明人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  H04L63/062

摘要： Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

摘要翻译： 管理服务器和验证服务器均已安装。 终端和终端注册设置信息可用于管理服务器中的加密通信。 当执行加密通信时，管理服务器搜索登记的设置信息以获得一致的设置信息。 管理服务器生成可由终端使用的加密通信的密钥，并将这些生成的密钥与重合的设置信息相结合。 管理服务器与验证服务器一起认证两个终端。 由于终端信任这样的结果，管理服务器分别对终端进行认证，所以这些终端不需要对相应的通信计数器终端进行认证。

公开(公告)号：US07392380B2

公开(公告)日：2008-06-24

申请号：US10456549

申请日：2003-06-09

申请人： Tadashi Kaji ,  Takahiro Fujishiro ,  Yoko Kumagai ,  Shingo Hane ,  Hiromi Nagano

发明人： Tadashi Kaji ,  Takahiro Fujishiro ,  Yoko Kumagai ,  Shingo Hane ,  Hiromi Nagano

IPC分类号： H04L9/00

CPC分类号： H04L9/006 ,  H04L9/3268

摘要： If a CRL is cached for an increased speed of a certificate validation process, when a certification authority issues a CRL in an urgent situation, the accuracy of the certificate validation result cannot be secured because the cached CRL is not the latest one. This problem is solved as follows. When it issues a CRL, the certification authority sends a CRL issuance notification to certificate validation servers. The certificate validation servers that received the CRL issuance notification cache the latest CRL. Thus, the accuracy of the certificate validation result can be secured.

摘要翻译： 如果CRL被缓存以提高证书验证过程的速度，当证书颁发机构在紧急情况下发布CRL时，证书验证结果的准确性无法保证，因为缓存的CRL不是最新的。 这个问题解决如下。 颁发CRL时，证书颁发机构向证书验证服务器发送CRL颁发通知。 接收CRL发布通知的证书验证服务器缓存最新的CRL。 因此，可以确保证书验证结果的准确性。