-
公开(公告)号:US06327658B1
公开(公告)日:2001-12-04
申请号:US09185644
申请日:1998-11-04
申请人: Seiichi Susaki , Katsuyuki Umezawa , Tadashi Kaji , Satoru Tezuka , Ryoichi Sasaki , Kuniaki Tabata , Takashi Akaosugi , Akira Kito
发明人: Seiichi Susaki , Katsuyuki Umezawa , Tadashi Kaji , Satoru Tezuka , Ryoichi Sasaki , Kuniaki Tabata , Takashi Akaosugi , Akira Kito
IPC分类号: H04L932
CPC分类号: H04L63/104 , G06F21/51 , H04L29/06 , H04L67/42
摘要: A distributed object system comprising at least one object distributing server, at least one client terminal and at least one server object execution server according to the present invention, including: an object distributing server for storing an object program to which an electronic signature is affixed; a client terminal including means for down-loading the object program from the object distributing server, means for verifying the electronic signature affixed to the object program, means for executing the client object program when the completeness of the object program is confirmed and the user of the client terminal beforehand permits execution of the client object program which is electronically signed by a signatory, and means for transmitting the electronic signature affixed to the object program to a server object execution server; and a server object execution server including means for verifying the signature received, and means for supplying services to the user of the client terminal when the completeness of the object program is confirmed and the user and the object program permit use of the services in advance, which makes it possible to prevent a client object which is down-loaded to a client terminal through a network and executed therein from carrying out unjustified processing (not intended by a user using the client terminal) by using authority of the user.
摘要翻译: 一种包括至少一个对象分发服务器,至少一个客户端终端和至少一个服务器对象执行服务器的分布式对象系统,包括:对象分发服务器,用于存储附加有电子签名的对象程序; 包括用于从对象分发服务器下载对象程序的装置的客户终端,用于验证附加到对象程序的电子签名的装置,当确认对象程序的完整性时执行客户对象程序的装置, 客户端预先允许执行由签名人电子签名的客户对象程序,以及用于将附加到对象程序的电子签名发送到服务器对象执行服务器的装置; 以及服务器对象执行服务器,包括用于验证所接收的签名的装置,以及当确认对象程序的完整性并且用户和对象程序预先使用服务时向客户端的用户提供服务的装置, 这使得可以通过使用用户的权限来防止通过网络向客户端终端下载的客户端对象并在其中执行,以执行不合理的处理(不是由用户使用客户终端的用户)。
-
2.发明授权Mediating system and method to establish communication session, allowing private information to be protected 失效中介系统和方法建立通信会话,允许私人信息受到保护公开(公告)号:US08095676B2
公开(公告)日:2012-01-10
申请号:US11504765
申请日:2006-08-16
IPC分类号: G06F15/16
CPC分类号: H04L29/06027 , H04L65/1006 , H04L65/1069 , H04L67/2804 , H04L67/2819 , H04L67/2857
摘要: The present invention is to prevent user's attribute information from being distributed, in the case where it is to be determined whether or not the attribute information (for example, age, address, and the like) of the user satisfies a service providing condition, when a communication session is established across multiple session managing servers.According to the present invention, attribute information of a user who is using a client logging in a session managing server, and attribute information of a service operating on the client are managed, a condition (SEP) to establish a communication session among multiple session managing servers related to the session establishment is shared, and the session managing server which manages the attribute information compares the attribute information and the SEP to make an access judgment, in order to determine whether or not the communication session is to be established.
摘要翻译: 本发明是为了防止用户属性信息的分发,在确定用户的属性信息(例如,年龄,地址等)是否满足服务提供条件的情况下,当 跨多个会话管理服务器建立通信会话。 根据本发明,管理正在使用登录在会话管理服务器中的客户端的用户的属性信息和在客户端上操作的服务的属性信息,在多个会话管理中建立通信会话的条件(SEP) 与会话建立相关的服务器被共享,并且管理属性信息的会话管理服务器将属性信息和SEP进行访问判断,以便确定是否建立通信会话。
-
3.发明授权Communication support server, communication support method, and communication support system 失效通信支持服务器,通信支持方式和通信支持系统公开(公告)号:US08081758B2
公开(公告)日:2011-12-20
申请号:US11317003
申请日:2005-12-27
IPC分类号: H04K1/00
CPC分类号: H04L9/0866 , H04L9/0891
摘要: When a cryptographic communicating part 208 of the communication support server 20 exchanges information with the information processing units 14, if the term of validity of a first key stored in a cryptographic key storing part 200 and corresponding to the identification information of the information processing unit 14 does not expire, the cryptographic communicating part 208 performs the cryptographic communication with the information processing unit 14 using the first key, without performing a process of authenticating the information processing units 14. When the term of validity of the first key expires or the first key corresponding to the identification information of the information processing units 14 is not stored, the key sharing part 202 shares the first key with the information processing units 14, and the cryptographic communicating part 208 performs the cryptographic communication with the information processing units 14 using a newly shared first key.
摘要翻译: 当通信支持服务器20的加密通信部分208与信息处理单元14交换信息时,如果存储在密码密钥存储部分200中并对应于信息处理单元14的识别信息的第一密钥的有效期限 密码通信部208使用第一密钥执行与信息处理单元14的密码通信,而不执行对信息处理单元14进行认证的处理。当第一密钥的有效期到期或第一密钥 与信息处理单元14的识别信息相对应的密钥共享部202与信息处理单元14共享第一密钥,密码通信部208使用新的信息处理部14进行与信息处理部14的密码通信 共享第一个键。
-
公开(公告)号:US20080256224A1
公开(公告)日:2008-10-16
申请号:US12071592
申请日:2008-02-22
IPC分类号: G06F15/16
CPC分类号: H04L65/1046 , H04L67/1002 , H04L67/1027 , H04L67/14
摘要: A data communication system is provided that is capable of increasing or decreasing the number of session management servers flexibly, and is further capable of implementing data communication while distributing the message processing load in the session management server. The data communication system includes multiple communication devices which perform data communications mutually, multiple session management servers which manage sessions of data communication between the communication devices, and a load balancer which assigns the session management servers for processing a message received from the communication device according to a predetermined criterion, wherein, the session management server is provided with a unit for managing a currently logged-in communication device and a state of the communication performed by the communication device, and a unit for acquiring information necessary for performing communication with the communication device.
摘要翻译: 提供能够灵活地增加或减少会话管理服务器的数量的数据通信系统,并且还能够在会话管理服务器中分发消息处理负载的同时实现数据通信。 数据通信系统包括相互执行数据通信的多个通信设备,管理通信设备之间的数据通信会话的多个会话管理服务器和分配会话管理服务器的负载平衡器,用于处理从通信设备接收的消息,根据 预定标准,其中,会话管理服务器设置有用于管理当前登录的通信设备的单元和由通信设备执行的通信的状态,以及用于获取与通信设备进行通信所需的信息的单元 。
-
5.发明申请公开(公告)号:US20060236091A1
公开(公告)日:2006-10-19
申请号:US11390459
申请日:2006-03-28
IPC分类号: H04L9/00
CPC分类号: H04L29/06027 , H04L9/0838 , H04L65/1006 , H04L65/607
摘要: It takes time for an encryption data communication system to transfer encrypted data, because negotiations of security parameters are necessary prior to communications in order to protect security and integrity of a SIP message or public key cryptography is required to be used for an encryption process, a decryption process., an digital signature process and an digital digital signature verification process each time a SIP message is transmitted/received. When a SIP message is transferred between two entities, the message is encrypted by shared information if the information is being shared between the entities, or the message is encrypted by the public key of the transmission destination entity if the shared information is not being shared. The encrypted message contains shared information to be used for the transmission destination entity of the encrypted data to encrypt or decrypt the message, during communications after the encrypted data is generated.
摘要翻译: 加密数据通信系统需要时间来传送加密数据,因为在通信之前需要安全参数的协商以保护SIP消息的安全性和完整性,或者需要使用公共密钥密码术来进行加密处理, 解密处理,每次发送/接收SIP消息时的数字签名处理和数字数字签名验证处理。 当SIP消息在两个实体之间传输时,如果信息在实体之间共享,则消息由共享信息加密,或者如果共享信息未被共享,则消息由发送目的地实体的公钥加密。 在加密数据生成之后的通信期间,加密消息包含要用于加密数据的发送目的地实体的共享信息,以加密或解密该消息。
-
公开(公告)号:US20050081037A1
公开(公告)日:2005-04-14
申请号:US10788417
申请日:2004-03-01
CPC分类号: H04L9/3268 , H04L9/007 , H04L9/3265
摘要: A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.
摘要翻译: 证书的验证机构定期搜索和验证路径和证书撤销列表,并根据验证结果将路径分类为有效路径和无效路径,以便事先在数据库中注册路径。 此外,在从终端实体接收到认证证书的有效性的请求的情况下,验证机构通过检查有效路径数据库和无效路径数据库中的哪一个来判断公钥证书的有效性 登记与请求对应的路径。 另一方面,在与有效认证请求对应的路径未登记在任一数据库中的情况下,通过重新进行路径搜索和验证来认证公钥证书的有效性。
-
7.发明申请CONNECTION DESTINATION DETERMINATION DEVICE, CONNECTION DESTINATION DETERMINATION METHOD, AND SERVICE COLLABORATION SYSTEM 审中-公开连接目的地确定设备,连接目的地确定方法和服务协作系统公开(公告)号:US20120254942A1
公开(公告)日:2012-10-04
申请号:US13369884
申请日:2012-02-09
申请人: Naoki Hayashi , Tadashi Kaji , Akifumi Yato , Shinichi Irube
发明人: Naoki Hayashi , Tadashi Kaji , Akifumi Yato , Shinichi Irube
IPC分类号: G06F21/00
CPC分类号: G06F9/505
摘要: A connection destination determination device includes a control unit for performing an approval determination process to determine that a user authentication state in a connection destination request is approved if the user authentication state satisfies the user authentication state corresponding to a collaboration service. If the user authentication state is determined to be approved in the approval determination process, the control unit responds to a source of the connection destination determination request with the connection destination of service corresponding to the collaboration service which is the search key. If the user authentication state is not determined to be approved in the approval determination process, the control unit responds to the source of the connection destination determination request with the connection destination of authentication service, in order to obtain the user authentication state that does not satisfy the user authentication state corresponding to the collaboration service which is the search key.
摘要翻译: 连接目的地确定装置包括控制单元,用于执行批准确定处理以确定如果用户认证状态满足与协作服务对应的用户认证状态,则连接目的地请求中的用户认证状态被批准。 如果在批准确定处理中确定用户认证状态被批准,则控制单元使用与作为搜索关键字的协作服务相对应的服务连接目的地来响应连接目的地确定请求的源。 如果在批准确定处理中没有确定用户认证状态被批准,则控制单元用认证服务的连接目的地对连接目的地确定请求的源进行响应,以获得不满足的用户认证状态 与作为搜索关键字的协作服务对应的用户认证状态。
-
8.发明授权公开(公告)号:US08218769B2
公开(公告)日:2012-07-10
申请号:US11711892
申请日:2007-02-28
IPC分类号: H04K1/00
CPC分类号: H04L63/065
摘要: An encrypted communication system is provided, in which an encryption key for use in encrypted communication and settings information for the encrypted communication are distributed to each of a plurality of communication devices performing encrypted communication within a group, and in which traffic generated by distributing the encryption key and the like can be reduced. In the encrypted communication system according to the present invention, information including a key for use in the intra-group encrypted communication or a seed which generates the key is distributed to the communication devices belonging to the group that are participating (e.g., logged in) in the intra-group encrypted communication.
摘要翻译: 提供了一种加密通信系统,其中将用于加密通信的加密密钥和用于加密通信的设置信息分配给执行组内的加密通信的多个通信设备中的每一个,并且其中通过分发加密 钥匙等可以减少。 在根据本发明的加密通信系统中,包括用于组内加密通信的密钥或生成密钥的种子的信息被分发给属于正在参与(例如登录)的组的通信设备, 在组内加密通信中。
-
9.发明授权Method for encrypted communication with a computer system and system therefor 失效用于与计算机系统及其系统进行加密通信的方法公开(公告)号:US08019996B2
公开(公告)日:2011-09-13
申请号:US11907260
申请日:2007-10-10
IPC分类号: H04L9/32
CPC分类号: G06Q20/3674 , H04L63/0272 , H04L63/0428 , H04L63/0869 , H04L67/1002 , H04L67/1006 , H04L67/1008 , H04L67/1029
摘要: To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.
摘要翻译: 为了解决在使用VPN技术的加密通信中终端装置的数量增加,VPN终端装置与VPN装置之间的通信被加密的情况下,VPN装置的负载大的问题, 端到端加密通信,提供通信系统,包括:终端装置; 多个叶片; 以及管理服务器,其中:所述管理服务器选择刀片,对所述终端设备和所选择的刀片进行认证,并且中介所述终端设备与所选刀片之间的加密通信路径建立; 终端设备和刀片在没有管理服务器的中介的情况下执行加密的通信; 并且管理服务器请求验证服务器来认证每个终端。
-
公开(公告)号:US08010793B2
公开(公告)日:2011-08-30
申请号:US11258418
申请日:2005-10-26
IPC分类号: H04L29/00
CPC分类号: H04L29/12009 , H04L29/12783 , H04L61/35 , H04L63/0428 , H04L63/164 , H04L63/166 , H04L67/14
摘要: A data communication method for forwarding a session control message designating a destination server with an IP address to the destination server via a session management server, wherein, when an application program or encrypted communication software on a client issues a connection request designating a destination server with an IP address, the client or the session management server automatically converts the IP address into a desired resource identifier identifiable a domain, thereby to determine the domain to which the received connection request message should be forwarded.
摘要翻译: 一种用于经由会话管理服务器将指定具有IP地址的目的地服务器的会话控制消息转发到目的地服务器的数据通信方法,其中,当客户端上的应用程序或加密通信软件发出指定目的地服务器的连接请求时, IP地址,客户端或会话管理服务器自动将IP地址转换为可识别的域的所需资源标识符,从而确定所接收的连接请求消息应转发到的域。
-
-
-
-
-
-
-
-
-
搜索结果
57 条记录 (耗时 0.038 秒)