公开(公告)号：US20080165970A1

公开(公告)日：2008-07-10

申请号：US11620474

申请日：2007-01-05

申请人： Hyen V. Chung ,  Yasumasa Kajinaga ,  Yuichi Nakamura ,  Fumiko Satoh ,  Masayoshi Teraguchi

发明人： Hyen V. Chung ,  Yasumasa Kajinaga ,  Yuichi Nakamura ,  Fumiko Satoh ,  Masayoshi Teraguchi

IPC分类号： H04L9/28 ,  H04L9/00 ,  G06F17/30

CPC分类号： H04L9/0897 ,  H04L63/06 ,  H04L63/12

摘要： Methods and arrangements to handle network messages containing security information are disclosed. Embodiments include transformations, code, state machines or other logic to handle network messages containing security information by configuring an application to generate messages containing security information. The configuring may include creating a data structure to store security information of network messages and storing security information, including a specification of a cryptographic key and a specification of a format to represent information about the cryptographic key in the data structure. The embodiments may also include dynamically linking to a runtime module, executing the runtime module, accessing the data structure to identify the cryptographic key and the format to represent the cryptographic key, storing security information in temporary storage based upon the identification of the cryptographic key, constructing a security token based upon the security information stored in temporary storage, and inserting the security token in a message.

摘要翻译： 公开了处理包含安全信息的网络消息的方法和布置。 实施例包括转换，代码，状态机或其他逻辑，以通过配置应用来生成包含安全信息的消息来处理包含安全信息的网络消息。 该配置可以包括创建数据结构以存储网络消息的安全信息并存储安全信息，包括加密密钥的规范和格式的规范，以表示关于数据结构中的加密密钥的信息。 实施例还可以包括动态地链接到运行时模块，执行运行时模块，访问数据结构以识别加密密钥和表示加密密钥的格式，基于加密密钥的标识将安全信息存储在临时存储中， 基于存储在临时存储器中的安全信息构建安全令牌，并将安全令牌插入消息中。

公开(公告)号：US20080168273A1

公开(公告)日：2008-07-10

申请号：US11620477

申请日：2007-01-05

申请人： Hyen V. Chung ,  Yasumasa Kajinaga ,  Yuichi Nakamura ,  Fumiko Satoh ,  Masayoshi Teraguchi

发明人： Hyen V. Chung ,  Yasumasa Kajinaga ,  Yuichi Nakamura ,  Fumiko Satoh ,  Masayoshi Teraguchi

IPC分类号： H04L9/00

CPC分类号： H04L63/168 ,  H04L63/0428 ,  H04L63/102 ,  H04L63/12

摘要： Methods and arrangements to handle network messages containing security information are disclosed. Embodiments include transformations, code, state machines or other logic to handle network messages containing security information by configuring an application to generate and process security information of network messages. An embodiment may involve creating a data structure to store security information of network messages and storing security information in the data structure. The security information may include a specification of a cryptographic key, a format to represent information about the cryptographic key, a policy to select a security token of a requestor when multiple security tokens are contained in network messages, or a policy to select a security token to determine the degree of trust to provide a message sender. The embodiment may include the generation of security information or consumption of security information of a message utilizing security information stored in the data structure.

摘要翻译： 公开了处理包含安全信息的网络消息的方法和布置。 实施例包括通过配置应用来生成和处理网络消息的安全信息的处理包含安全信息的网络消息的转换，代码，状态机或其他逻辑。 实施例可以涉及创建数据结构以存储网络消息的安全信息并将安全信息存储在数据结构中。 安全信息可以包括密码密钥的规范，表示关于加密密钥的信息的格式，当在网络消息中包含多个安全令牌时选择请求者的安全令牌的策略，或选择安全令牌的策略 以确定提供消息发送者的信任度。 该实施例可以包括使用存储在数据结构中的安全信息来生成安全信息或消息消息。

公开(公告)号：US07774450B2

公开(公告)日：2010-08-10

申请号：US12052297

申请日：2008-03-20

申请人： Takeshi Imamura ,  James Andrew Clark ,  Hiroshi Maruyama ,  Yumi Yamaguchi ,  Masayoshi Teraguchi ,  Takayuki Itoh ,  Fumiko Satoh

发明人： Takeshi Imamura ,  James Andrew Clark ,  Hiroshi Maruyama ,  Yumi Yamaguchi ,  Masayoshi Teraguchi ,  Takayuki Itoh ,  Fumiko Satoh

IPC分类号： G06F15/173

CPC分类号： H04L63/0823 ,  G06F21/64 ,  H04L63/0428

摘要： The present invention creates a SOAP message without using DOM by generating a body part by sequentially performing such a process of a message as encryption or signing for each piece of the message, generating a header part by using information acquired during the process, and by combining the body part and the header part. The present invention also breaks a SOAP message without using DOM by acquiring header information with parsing a received SOAP message and sequentially performing decode or verification of a signature of a body part according to the header information.

摘要翻译： 本发明通过以下步骤生成身体部位来生成SOAP消息：通过依次对消息的每一片段进行消息的加密或签名的处理，通过使用在该处理中获取的信息来生成头部部分，并通过组合 身体部位和头部。 本发明还通过解析接收到的SOAP消息并且根据标题信息顺序地执行身体部位的签名的解码或验证，而不使用DOM来中断SOAP消息。

公开(公告)号：US20080168166A1

公开(公告)日：2008-07-10

申请号：US12052297

申请日：2008-03-20

申请人： Takeshi Imamura ,  James Andrew Clark ,  Hiroshi Maruyama ,  Yumi Yamaguchi ,  Masayoshi Teraguchi ,  Takayuki Itoh ,  Fumiko Satoh

发明人： Takeshi Imamura ,  James Andrew Clark ,  Hiroshi Maruyama ,  Yumi Yamaguchi ,  Masayoshi Teraguchi ,  Takayuki Itoh ,  Fumiko Satoh

IPC分类号： G06F15/173

CPC分类号： H04L63/0823 ,  G06F21/64 ,  H04L63/0428

摘要： The present invention creates a SOAP message without using DOM by generating a body part by sequentially performing such a process of a message as encryption or signing for each piece of the message, generating a header part by using information acquired during the process, and by combining the body part and the header part. The present invention also breaks a SOAP message without using DOM by acquiring header information with parsing a received SOAP message and sequentially performing decode or verification of a signature of a body part according to the header information.

摘要翻译： 本发明通过以下步骤生成身体部位来生成SOAP消息：通过依次对消息的每一片段进行消息的加密或签名的处理，通过使用在该处理中获取的信息来生成头部部分，并通过组合 身体部位和头部。 本发明还通过解析接收到的SOAP消息并且根据标题信息顺序地执行身体部位的签名的解码或验证，而不使用DOM来中断SOAP消息。

公开(公告)号：US07349959B2

公开(公告)日：2008-03-25

申请号：US10794638

申请日：2004-03-05

申请人： Takeshi Imamura ,  Andy Clak ,  Hiroshi Maruyama ,  Yumi Yamaguchi ,  Masayoshi Teraguchi ,  Takayuki Itoh ,  Fumiko Satoh

发明人： Takeshi Imamura ,  Andy Clak ,  Hiroshi Maruyama ,  Yumi Yamaguchi ,  Masayoshi Teraguchi ,  Takayuki Itoh ,  Fumiko Satoh

IPC分类号： G06F15/173

CPC分类号： H04L63/0823 ,  G06F21/64 ,  H04L63/0428

摘要： The present invention creates a SOAP message without using DOM by generating a body part by sequentially performing such a process of a message as encryption or signing for each piece of the message, generating a header part by using information acquired during the process, and by combining the body part and the header part. The present invention also breaks a SOAP message without using DOM by acquiring header information with parsing a received SOAP message and sequentially performing decode or verification of a signature of a body part according to the header information.

摘要翻译： 本发明通过以下步骤生成身体部位来生成SOAP消息：通过依次对消息的每一片段进行消息的加密或签名的处理，通过使用在该处理中获取的信息来生成头部部分，并通过组合 身体部位和头部。 本发明还通过解析接收到的SOAP消息并且根据标题信息顺序地执行身体部位的签名的解码或验证，而不使用DOM来中断SOAP消息。

公开(公告)号：US20050021799A1

公开(公告)日：2005-01-27

申请号：US10794638

申请日：2004-03-05

申请人： Takeshi Imamura ,  James Clark ,  Hiroshi Maruyama ,  Yumi Yamaguchi ,  Masayoshi Teraguchi ,  Takayuki Itoh ,  Fumiko Satoh

发明人： Takeshi Imamura ,  James Clark ,  Hiroshi Maruyama ,  Yumi Yamaguchi ,  Masayoshi Teraguchi ,  Takayuki Itoh ,  Fumiko Satoh

IPC分类号： H04L9/36 ,  G06F15/16 ,  G06F21/00 ,  H04L29/06

CPC分类号： H04L63/0823 ,  G06F21/64 ,  H04L63/0428

摘要： The present invention creates a SOAP message without using DOM by generating a body part by sequentially performing such a process of a message as encryption or signing for each piece of the message, generating a header part by using information acquired during the process, and by combining the body part and the header part. The present invention also breaks a SOAP message without using DOM by acquiring header information with parsing a received SOAP message and sequentially performing decode or verification of a signature of a body part according to the header information.

摘要翻译： 本发明通过以下步骤生成身体部位来生成SOAP消息：通过依次对消息的每一片段进行消息的加密或签名的处理，通过使用在该处理中获取的信息来生成头部部分，并通过组合 身体部位和头部。 本发明还通过解析接收到的SOAP消息并且根据标题信息顺序地执行身体部位的签名的解码或验证，而不使用DOM来中断SOAP消息。

公开(公告)号：US20050039054A1

公开(公告)日：2005-02-17

申请号：US10917712

申请日：2004-08-14

申请人： Fumiko Satoh ,  Takayuki Itoh ,  Masayoshi Teraguchi ,  Yumi Yamaguchi

发明人： Fumiko Satoh ,  Takayuki Itoh ,  Masayoshi Teraguchi ,  Yumi Yamaguchi

IPC分类号： G06F21/20 ,  G06F15/00 ,  G06F21/00 ,  G09C1/00 ,  H04L9/00 ,  H04L9/32 ,  H04L29/06

CPC分类号： H04L63/0815 ,  H04L63/0884

摘要： An authentication system with a single sign on having less influence on the service performance to provide a service via a network. The authentication system comprises a provider 20 for providing a service, a security token service 40, and a proxy service 30 interposed between the security token service 40 and the provider 20. The proxy service 30 preserves an authentication result of the security token service 40, and vicariously executes the authentication for a client based on the authentication result preserved by itself without transferring an authentication request received from the provider 20 to the security token service 40 under certain conditions. Moreover, when it is clear that a service can be provided to the client based on the service use history of the client 10 preserved by itself, the provider 20 provides the service to the client 10 without making the authentication request.

摘要翻译： 具有单一符号的认证系统对服务性能的影响较小，以通过网络提供服务。 认证系统包括用于提供服务的提供商20，安全令牌服务40和插入在安全令牌服务40和供应商20之间的代理服务30.代理服务30保留安全令牌服务40的认证结果， 并且在某些条件下，基于自身保留的认证结果，代理地执行对客户端的认证，而不将从提供者20接收的认证请求传送到安全令牌服务40。 此外，当清楚地可以基于自己保存的客户端10的服务使用历史向客户端提供服务时，提供商20将服务提供给客户端10而不进行认证请求。

公开(公告)号：US08800053B2

公开(公告)日：2014-08-05

申请号：US13540191

申请日：2012-07-02

申请人： Ai Ishida ,  Todd E. Kaplinger ,  Satoshi Makino ,  Masayoshi Teraguchi ,  Naohiko Uramoto

发明人： Ai Ishida ,  Todd E. Kaplinger ,  Satoshi Makino ,  Masayoshi Teraguchi ,  Naohiko Uramoto

IPC分类号： G06F7/04

CPC分类号： H04L63/0245 ,  H04L63/145

摘要： A executable content message stream filter applies a plurality of executable content filters to a stream of parsed elements of a network message. Each of the plurality of executable content filters targets executable content and is instantiated based on a set of one or more rule sets selected based, at least in part, on a type of the network message. For each of the plurality of executable content filters, it is determined if one or more of the stream of parsed elements includes executable content targeted by the executable content filter. The executable content message stream filter modifies those of the stream of parsed elements that include the executable content targeted by the plurality of executable content filters to disable the executable content.

摘要翻译： 可执行内容消息流过滤器将多个可执行内容过滤器应用于网络消息的解析元素流。 多个可执行内容过滤器中的每一个可针对可执行内容，并且基于至少部分地基于网络消息的类型而选择的一个或多个规则集的集合来实例化。 对于多个可执行内容过滤器中的每一个，确定解析元素流中的一个或多个是否包括可执行内容过滤器所针对的可执行内容。 可执行内容消息流过滤器修改包含多个可执行内容过滤器所针对的可执行内容的已解析元素流的那些，以禁用可执行内容。

公开(公告)号：US08769700B2

公开(公告)日：2014-07-01

申请号：US13603486

申请日：2012-09-05

申请人： Takuya Mishina ,  Masayoshi Teraguchi ,  Sachiko Yoshihama

发明人： Takuya Mishina ,  Masayoshi Teraguchi ,  Sachiko Yoshihama

IPC分类号： G06F7/04 ,  G06F21/10 ,  G06F17/30 ,  H04N7/16

CPC分类号： G06F21/10 ,  G06F21/64 ,  G11B20/00086 ,  G11B20/0021

摘要： Determining confidentiality of an office document shared by multiple organizations. Each block of a document data set is stored in association with confidentiality information indicating whether the block is confidential. The document data set is dividable into blocks each being a unit including properties evaluated as having a certain characteristic. A document data set targeted for the confidentiality determination is acquired, and it is determined whether a document data set, including a block similar to each block of the acquired document data set, is stored. If the document data set including the similar block is stored, it is determined whether the confidentiality information indicating that the block is confidential is assigned to the block of the acquired document data corresponding to the similar block. If the confidentiality information indicating that the block is confidential is assigned, the acquired document data set is determined as confidential.

摘要翻译： 确定多个组织共享的办公文件的机密性。 与保密信息相关联地存储文档数据集的每个块，指示该块是否是机密的。 文档数据集可分为块，每个块是包含被评估为具有特定特性的属性的单元。 获取针对机密性确定的文档数据集，并且确定是否存储包括与获取的文档数据集的每个块相似的块的文档数据集。 如果存储包括相似块的文档数据集，则确定表示该块是机密的机密性信息是否被分配给与该相似块对应的所获取的文档数据的块。 如果分配了表示该机密信息的机密信息，则取得的文档数据集被确定为机密信息。

公开(公告)号：US08656037B2

公开(公告)日：2014-02-18

申请号：US12166007

申请日：2008-07-01

申请人： Takayuki Itoh ,  Masayoshi Teraguchi ,  Yumi Yamaguchi ,  Akiko Nishikai

发明人： Takayuki Itoh ,  Masayoshi Teraguchi ,  Yumi Yamaguchi ,  Akiko Nishikai

IPC分类号： G06F15/16

CPC分类号： H04L67/2804 ,  H04L63/04 ,  H04L63/12 ,  H04L67/02 ,  H04L67/28 ,  H04L69/326

摘要： Reduces time for processing a request Simple Object Access Protocol, SOAP, message in a request means such as mobile equipment or the like. Sequence definition means divides one parent SOAP message as one request concerning a Web Service into segments of a Simple Object Access Protocol header and a SOAP body. Segment creation means creates the segment of the Simple Object Access Protocol body of the parent SOAP message and the segment of the SOAP header of the parent Simple Object Access Protocol message in this order. Sending means executes sending processing in parallel with creation processing by the segment creation means. Specifically, the sending means assigns one child Simple Object Access Protocol message enveloping the content of a segment to each of the segments, and sends each of the child Simple Object Access Protocol messages to the provider in accordance with a creation sequence of the segments.

摘要翻译： 减少处理请求的时间简单对象访问协议，SOAP，请求中的消息，例如移动设备等。 序列定义意味着将一个父SOAP消息作为一个关于Web服务的请求划分为简单对象访问协议头和SOAP主体的段。 段创建意味着以此顺序创建父SOAP消息的简单对象访问协议主体的段和父简单对象访问协议消息的SOAP头部的段。 发送装置与段创建装置的创建处理并行地执行发送处理。 具体地，发送装置将包含段的内容的一个子简单对象访问协议消息分配给每个段，并且根据段的创建顺序将每个子简单对象访问协议消息发送到提供者。