公开(公告)号：US20080016335A1

公开(公告)日：2008-01-17

申请号：US11762412

申请日：2007-06-13

申请人： Aya Takahashi ,  Hisao Sakazaki ,  Seiichi Susaki ,  Kazuko Hamaguchi ,  Katsuyuki Umezawa ,  Ken Kobayashi ,  Kazuyoshi Hoshino

发明人： Aya Takahashi ,  Hisao Sakazaki ,  Seiichi Susaki ,  Kazuko Hamaguchi ,  Katsuyuki Umezawa ,  Ken Kobayashi ,  Kazuyoshi Hoshino

IPC分类号： H04L9/32

CPC分类号： H04L9/3263

摘要： Upon issuance of an attribute certificate, an attribute authority apparatus makes a determination policy available. The determination policy includes information designating at least one item to be checked by a service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination. The determination policy may be recorded in the attribute certificate, or released to public, or made available by issuing a determination policy certificate released to public. Information for obtaining the determination policy certificate may be recorded in or outside the attribute certificate and furnished to the service provider apparatus. In order to verify an attribute certificate transmitted from a user terminal, a service provider apparatus obtains the determination policy, and determines whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy.

摘要翻译： 在发布属性证书时，属性授权装置使得确定策略可用。 确定策略包括指定要由服务提供商设备检查的至少一个项目的信息，以确定要验证属性证书，以及用于确定的标准。 确定政策可以记录在属性证书中，或者发布给公众，或者通过发布给公众的决定政策证书提供。 用于获得确定政策证书的信息可以记录在属性证书内部或外部，并提供给服务提供商设备。 为了验证从用户终端发送的属性证书，服务提供者装置获得确定策略，并且确定在确定策略中指定的至少一个项目中的数据是否满足在确定策略中记录的准则。

公开(公告)号：US06189032B1

公开(公告)日：2001-02-13

申请号：US09015220

申请日：1998-01-29

申请人： Seiichi Susaki ,  Hisashi Umeki ,  Katsuyuki Umezawa ,  Seiji Miyazaki ,  Kazuo Matsunaga ,  Makoto Kitagawa

发明人： Seiichi Susaki ,  Hisashi Umeki ,  Katsuyuki Umezawa ,  Seiji Miyazaki ,  Kazuo Matsunaga ,  Makoto Kitagawa

IPC分类号： G06F15173

CPC分类号： G06F21/40 ,  G06F21/31

摘要： A client-server system is provided in which access to a service by a user can properly be controlled, even if an approval by another user is required for receiving the service. First, the server 2 executes a log-in processing by using a user identifier and password transmitted from the client terminal 2, and a user control file 202. Next, the server 2 executes a service control by using a service supply request transmitted from the client terminal 1 and a service control file 42 provided with the server. When the server determines that an approval by another user is required for providing the service, the server executes the approval request to the client terminal 1 that the concerned user uses. When the reply to the approval request is affirmative, the server executes the processing in accordance with the foregoing service supply request. When the reply is negative, the server informs to the user who made the foregoing service supply request that the approval is rejected.

摘要翻译： 提供了一种客户机 - 服务器系统，其中即使需要其他用户的批准来接收服务，用户可以正确地控制对服务的访问。 首先，服务器2通过使用从客户终端2发送的用户标识符和密码以及用户控制文件202来执行登录处理。接下来，服务器2通过使用从服务器2发送的服务提供请求来执行服务控制 客户终端1和提供有服务器的服务控制文件42。 当服务器确定需要其他用户的批准来提供服务时，服务器向相关用户使用的客户终端1执行批准请求。 当对批准请求的答复是肯定的时，服务器根据上述服务提供请求执行处理。 当答复为否定的时候，服务器向用户通知上述服务提供请求是否拒绝批准。

公开(公告)号：US06327658B1

公开(公告)日：2001-12-04

申请号：US09185644

申请日：1998-11-04

申请人： Seiichi Susaki ,  Katsuyuki Umezawa ,  Tadashi Kaji ,  Satoru Tezuka ,  Ryoichi Sasaki ,  Kuniaki Tabata ,  Takashi Akaosugi ,  Akira Kito

发明人： Seiichi Susaki ,  Katsuyuki Umezawa ,  Tadashi Kaji ,  Satoru Tezuka ,  Ryoichi Sasaki ,  Kuniaki Tabata ,  Takashi Akaosugi ,  Akira Kito

IPC分类号： H04L932

CPC分类号： H04L63/104 ,  G06F21/51 ,  H04L29/06 ,  H04L67/42

摘要： A distributed object system comprising at least one object distributing server, at least one client terminal and at least one server object execution server according to the present invention, including: an object distributing server for storing an object program to which an electronic signature is affixed; a client terminal including means for down-loading the object program from the object distributing server, means for verifying the electronic signature affixed to the object program, means for executing the client object program when the completeness of the object program is confirmed and the user of the client terminal beforehand permits execution of the client object program which is electronically signed by a signatory, and means for transmitting the electronic signature affixed to the object program to a server object execution server; and a server object execution server including means for verifying the signature received, and means for supplying services to the user of the client terminal when the completeness of the object program is confirmed and the user and the object program permit use of the services in advance, which makes it possible to prevent a client object which is down-loaded to a client terminal through a network and executed therein from carrying out unjustified processing (not intended by a user using the client terminal) by using authority of the user.

摘要翻译： 一种包括至少一个对象分发服务器，至少一个客户端终端和至少一个服务器对象执行服务器的分布式对象系统，包括：对象分发服务器，用于存储附加有电子签名的对象程序; 包括用于从对象分发服务器下载对象程序的装置的客户终端，用于验证附加到对象程序的电子签名的装置，当确认对象程序的完整性时执行客户对象程序的装置， 客户端预先允许执行由签名人电子签名的客户对象程序，以及用于将附加到对象程序的电子签名发送到服务器对象执行服务器的装置; 以及服务器对象执行服务器，包括用于验证所接收的签名的装置，以及当确认对象程序的完整性并且用户和对象程序预先使用服务时向客户端的用户提供服务的装置， 这使得可以通过使用用户的权限来防止通过网络向客户端终端下载的客户端对象并在其中执行，以执行不合理的处理（不是由用户使用客户终端的用户）。

公开(公告)号：US07386722B2

公开(公告)日：2008-06-10

申请号：US10766869

申请日：2004-01-30

申请人： Katsuyuki Umezawa ,  Hiroki Uchiyama ,  Seiichi Susaki ,  Toshiomi Kodama

发明人： Katsuyuki Umezawa ,  Hiroki Uchiyama ,  Seiichi Susaki ,  Toshiomi Kodama

IPC分类号： H04L9/00

CPC分类号： H04L63/0442 ,  H04L9/3234 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/0823 ,  H04L63/0853

摘要： A certificate management method is provided whereby a plurality of service providers have different reliable certificate authorities and, when certificates issued from the certificate authorities are implemented into a smart card, merely by revoking the certificate issued from the certificate authority on which the first service provider relies, all other implemented certificates can be revoked, and the certificates can be individually revoked. A system for implementing the method is provided. The certificate authorities n (n≧2) issue a certificate n by using a private key n′ corresponding to certificate n′ generated by using a certificate 1 issued from a certificate authority 1 which has previously been installed in the smart card and a corresponding private key 1. Thus, the issued certificates have a hierarchical chain relation. When the user wants to revoke all certificates, the certificate 1 issued from the certificate authority 1 is revoked.

摘要翻译： 提供了一种证书管理方法，其中多个服务提供者具有不同的可靠的证书颁发机构，并且当从证书颁发机构颁发的证书被实现到智能卡中时，仅通过撤销从第一服务提供商所依赖的证书颁发机构颁发的证书 ，所有其他实施的证书可以被撤销，证书可以被单独撤销。 提供了一种实现该方法的系统。 证书机构n（n> = 2）通过使用通过使用从先前安装在智能卡中的证书颁发机构1发出的证书1生成的证书n'的私钥n'发出证书n， 私钥1。 因此，颁发的证书具有分层链式关系。 当用户要撤销所有证书时，从证书颁发机构1发出的证书1被撤销。

公开(公告)号：US20070057044A1

公开(公告)日：2007-03-15

申请号：US11520645

申请日：2006-09-14

申请人： Hiroki Uchiyama ,  Katsuyuki Umezawa ,  Seiichi Susaki ,  Kenzi Matsumoto

发明人： Hiroki Uchiyama ,  Katsuyuki Umezawa ,  Seiichi Susaki ,  Kenzi Matsumoto

IPC分类号： G06K5/00

CPC分类号： G06F21/57 ,  G06F21/572 ,  G06F21/77 ,  G06F2221/2141 ,  G06Q20/3552 ,  G07F7/1008

摘要： A Smart card-based service providing system and method, in which a service application uses resources of a common application and which can easily cope with an addition of a service application into the Smart card and thereby efficiently utilize valuable resources of the Smart card, is provided. A management application specially designed for access control is installed in the Smart card to solely manage access management information. A management of or a decision on an access right is not performed by the service application or the common application but by the management application. When a new application is added to the Smart card, the service provider device receives a permission to update access management information beforehand from the card issuer device and, based on the permission, updates the access management information.

摘要翻译： 一种基于智能卡的服务提供系统和方法，其中服务应用使用通用应用的资源，并且可以容易地将服务应用程序的添加应用于智能卡中，从而有效地利用智能卡的有价值的资源。 提供。 智能卡中安装了专门用于访问控制的管理应用程序，用于管理访问管理信息。 访问权限的管理或决定不由服务应用程序或通用应用程序执行，而是由管理应用程序执行。 当将新的应用程序添加到智能卡时，服务提供者设备预先从卡发行者设备接收更新访问管理信息的许可，并且基于该许可更新访问管理信息。

公开(公告)号：US07357313B2

公开(公告)日：2008-04-15

申请号：US11520645

申请日：2006-09-14

申请人： Hiroki Uchiyama ,  Katsuyuki Umezawa ,  Seiichi Susaki ,  Kenzi Matsumoto

发明人： Hiroki Uchiyama ,  Katsuyuki Umezawa ,  Seiichi Susaki ,  Kenzi Matsumoto

IPC分类号： G06K5/00

CPC分类号： G06F21/57 ,  G06F21/572 ,  G06F21/77 ,  G06F2221/2141 ,  G06Q20/3552 ,  G07F7/1008

摘要： A Smart card-based service providing system and method, in which a service application uses resources of a common application and which can easily cope with an addition of a service application into the Smart card and thereby efficiently utilize valuable resources of the Smart card, is provided. A management application specially designed for access control is installed in the Smart card to solely manage access management information. A management of or a decision on an access right is not performed by the service application or the common application but by the management application. When a new application is added to the Smart card, the service provider device receives a permission to update access management information beforehand from the card issuer device and, based on the permission, updates the access management information.

摘要翻译： 一种基于智能卡的服务提供系统和方法，其中服务应用使用通用应用的资源，并且可以容易地将服务应用程序的添加应用于智能卡中，从而有效地利用智能卡的有价值的资源。 提供。 智能卡中安装了专门用于访问控制的管理应用程序，用于管理访问管理信息。 访问权限的管理或决定不由服务应用程序或通用应用程序执行，而是由管理应用程序执行。 当将新的应用程序添加到智能卡时，服务提供者设备预先从卡发行者设备接收更新访问管理信息的许可，并且基于许可更新访问管理信息。

公开(公告)号：US20050120205A1

公开(公告)日：2005-06-02

申请号：US10766869

申请日：2004-01-30

申请人： Katsuyuki Umezawa ,  Hiroki Uchiyama ,  Seiichi Susaki ,  Toshiomi Kodama

发明人： Katsuyuki Umezawa ,  Hiroki Uchiyama ,  Seiichi Susaki ,  Toshiomi Kodama

IPC分类号： G06K19/10 ,  G06F21/33 ,  G06F21/34 ,  G06Q10/00 ,  G06Q50/00 ,  G06Q50/10 ,  G06Q50/26 ,  G09C1/00 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04L9/00

CPC分类号： H04L63/0442 ,  H04L9/3234 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/0823 ,  H04L63/0853

摘要： A certificate management method is provided whereby a plurality of service providers have different reliable certificate authorities and, when certificates issued from the certificate authorities are implemented into a smart card, merely by revoking the certificate issued from the certificate authority on which the first service provider relies, all other implemented certificates can be revoked, and the certificates can be individually revoked. A system for implementing the method is provided. The certificate authorities n (n≧2) issue a certificate n by using a private key n′ corresponding to certificate n′ generated by using a certificate 1 issued from a certificate authority 1 which has previously been installed in the smart card and a corresponding private key 1. Thus, the issued certificates have a hierarchical chain relation. When the user wants to revoke all certificates, the certificate 1 issued from the certificate authority 1 is revoked.

摘要翻译： 提供了一种证书管理方法，其中多个服务提供者具有不同的可靠的证书颁发机构，并且当从证书颁发机构颁发的证书被实现到智能卡中时，仅通过撤销从第一服务提供商所依赖的证书颁发机构颁发的证书 ，所有其他实施的证书可以被撤销，证书可以被单独撤销。 提供了一种实现该方法的系统。 证书机构n（n> = 2）通过使用通过使用从先前安装在智能卡中的证书颁发机构1发出的证书1生成的证书n'的私钥n'发出证书n， 私钥1。 因此，颁发的证书具有分层链式关系。 当用户要撤销所有证书时，从证书颁发机构1发出的证书1被撤销。

公开(公告)号：US20080086645A1

公开(公告)日：2008-04-10

申请号：US11843717

申请日：2007-08-23

申请人： HIROKI UCHIYAMA ,  Katsuyuki Umezawa ,  Ken Kobayashi ,  Kenji Matsumoto

发明人： HIROKI UCHIYAMA ,  Katsuyuki Umezawa ,  Ken Kobayashi ,  Kenji Matsumoto

IPC分类号： H04K1/00

CPC分类号： H04L63/0853 ,  G06F21/32 ,  G06F21/34 ,  G06Q20/341 ,  G06Q20/355 ,  G06Q20/409 ,  G07F7/1008 ,  G07F7/1091

摘要： To provide a novel authentication scheme to prevent PIN information from being exposed to the outside of a data carrier, without modifying an existing application for authentication management. The data carrier includes means for generating PIN information therein; a PIN storage unit for storing the generated PIN information with respect to the use of a service application; an authentication information storage unit for storing information unique to a user; an authentication application unit for authenticating the user by referring to the authentication information stored in the authentication information storage unit; means for verifying the PIN information stored in the PIN storage unit according to the authentication result by the authentication application; and a service application unit for performing a service according to the result of the verification of the PIN information by the verification means.

摘要翻译： 提供一种新颖的认证方案，以防止PIN信息暴露于数据载体的外部，而不修改现有的用于认证管理的应用。 数据载体包括用于在其中产生PIN信息的装置; PIN存储单元，用于存储关于使用服务应用的生成的PIN信息; 验证信息存储单元，用于存储用户唯一的信息; 验证应用单元，用于通过参考存储在认证信息存储单元中的认证信息来认证用户; 用于根据认证应用的认证结果验证存储在PIN存储单元中的PIN信息的装置; 以及服务应用单元，用于根据验证装置对PIN信息的验证结果执行服务。

公开(公告)号：US20100269153A1

公开(公告)日：2010-10-21

申请号：US12709241

申请日：2010-02-19

申请人： Takatoshi Kato ,  Katsuyuki Umezawa ,  Makoto Kayashima ,  Masaya Umemura ,  Akira Kanehira

发明人： Takatoshi Kato ,  Katsuyuki Umezawa ,  Makoto Kayashima ,  Masaya Umemura ,  Akira Kanehira

IPC分类号： H04L9/32

CPC分类号： H04L9/3273 ,  G06F21/31 ,  G06F2221/2101 ,  G06F2221/2111 ,  G06F2221/2129 ,  H04L9/321

摘要： In a terminal system for managing terminals coupled to a network, a terminal management server includes: a terminal information registration module for registering, in advance, information unique to each user of the terminal; an authentication module for executing authentication by comparing an ID and authentication information which are contained in an authentication request received from the terminal to user information set in advance; an authenticity determination module for determining, based on a predetermined investigation result received from the terminal, whether or not the terminal suffers falsification; and a unique information transmission module for transmitting, when the authentication is successful, and when the authenticity determination module has determined that the terminal does not suffer the falsification, the information unique to the each user to the terminal. The terminal outputs the information unique to the each user received from the terminal management server to a display unit.

摘要翻译： 在终端管理服务器的终端系统中，终端管理服务器包括：终端信息登记模块，用于预先登记终端的每个用户唯一的信息; 认证模块，用于通过将从终端接收到的认证请求中包含的ID和认证信息与预先设置的用户信息进行比较来执行认证; 一个真实性确定模块，用于根据终端收到的预定调查结果确定终端是否遭受伪造; 以及唯一的信息传输模块，用于在认证成功时发送，并且当真实性确定模块确定终端没有遭受伪造时，将每个用户唯一的信息发送给终端。 终端将从终端管理服务器接收的每个用户唯一的信息输出到显示单元。

公开(公告)号：US08413214B2

公开(公告)日：2013-04-02

申请号：US12709241

申请日：2010-02-19

申请人： Takatoshi Kato ,  Katsuyuki Umezawa ,  Makoto Kayashima ,  Masaya Umemura ,  Akira Kanehira

发明人： Takatoshi Kato ,  Katsuyuki Umezawa ,  Makoto Kayashima ,  Masaya Umemura ,  Akira Kanehira

IPC分类号： G06F7/04

CPC分类号： H04L9/3273 ,  G06F21/31 ,  G06F2221/2101 ,  G06F2221/2111 ,  G06F2221/2129 ,  H04L9/321

摘要： In a terminal system for managing terminals coupled to a network, a terminal management server includes: a terminal information registration module for registering, in advance, information unique to each user of the terminal; an authentication module for executing authentication by comparing an ID and authentication information which are contained in an authentication request received from the terminal to user information set in advance; an authenticity determination module for determining, based on a predetermined investigation result received from the terminal, whether or not the terminal suffers falsification; and a unique information transmission module for transmitting, when the authentication is successful, and when the authenticity determination module has determined that the terminal does not suffer the falsification, the information unique to the each user to the terminal. The terminal outputs the information unique to the each user received from the terminal management server to a display unit.

摘要翻译： 在终端管理服务器的终端系统中，终端管理服务器包括：终端信息登记模块，用于预先登记终端的每个用户唯一的信息; 认证模块，用于通过将从终端接收到的认证请求中包含的ID和认证信息与预先设置的用户信息进行比较来执行认证; 一个真实性确定模块，用于根据终端收到的预定调查结果确定终端是否遭受伪造; 以及唯一的信息传输模块，用于在认证成功时发送，并且当真实性确定模块确定终端没有遭受伪造时，将每个用户唯一的信息发送给终端。 终端将从终端管理服务器接收的每个用户唯一的信息输出到显示单元。