公开(公告)号：US08041822B2

公开(公告)日：2011-10-18

申请号：US11417054

申请日：2006-05-04

申请人： Kazuyoshi Hoshino ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kohei Sawada

发明人： Kazuyoshi Hoshino ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kohei Sawada

IPC分类号： G06F15/16

CPC分类号： H04L63/0428 ,  H04L29/06027 ,  H04L63/08 ,  H04L65/1006 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1023

摘要： A server device that represents a plurality of service provision servers implements authentication and a SIP message exchange with respect to a SIP server as a representative, and notifies a service provision server of client communication information that is acquired by the SIP message exchange. The service provision server communicates with a client on the basis of the client communication information that is notified from the representative server.

摘要翻译： 表示多个服务提供服务器的服务器装置以代表SIP服务器的身份执行认证和SIP消息交换，并向服务提供服务器通知由SIP消息交换获取的客户端通信信息。 服务提供服务器基于从代表服务器通知的客户端通信信息与客户端进行通信。

公开(公告)号：US07657035B2

公开(公告)日：2010-02-02

申请号：US11504767

申请日：2006-08-16

申请人： Akifumi Yato ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

发明人： Akifumi Yato ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/0428 ,  H04L9/083 ,  H04L9/0869 ,  H04L63/20

摘要： Each terminal registers the key generation information into each session management server, the information including a plurality of setting items necessary for determining set values to generated a key to be used by itself, and set value candidates which are stored in the setting items.When the encryption communications are established between the terminals, the individual session management servers and a key generation information management server are associated, so that the key generation information management server selects the algorithm suite based on the key generation information. The session management server generates the parameters based on the selected algorithm suite, acquires the information on the selected algorithm suite from the key generation information management server, generates the key for the encryption communications based on that information and distributes the key to the each terminal.

摘要翻译： 每个终端将密钥生成信息注册到每个会话管理服务器中，该信息包括确定设置值所需的多个设置项目以产生要自己使用的密钥，并设置存储在设置项目中的值候选。 当在终端之间建立加密通信时，各个会话管理服务器和密钥生成信息管理服务器相关联，使得密钥生成信息管理服务器基于密钥生成信息来选择算法套件。 会话管理服务器根据选择的算法套件生成参数，从密钥生成信息管理服务器获取所选算法套件的信息，根据该信息生成加密通信的密钥，并将密钥分配给每个终端。

公开(公告)号：US07443986B2

公开(公告)日：2008-10-28

申请号：US10931219

申请日：2004-09-01

申请人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

发明人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  H04L63/062

摘要： Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

摘要翻译： 管理服务器和验证服务器均已安装。 终端和终端注册设置信息可用于管理服务器中的加密通信。 当执行加密通信时，管理服务器搜索登记的设置信息以获得一致的设置信息。 管理服务器生成可由终端使用的加密通信的密钥，并将这些生成的密钥与重合的设置信息相结合。 管理服务器与验证服务器一起认证两个终端。 由于终端信任这样的结果，管理服务器分别对终端进行认证，所以这些终端不需要对相应的通信计数器终端进行认证。

公开(公告)号：US20070192587A1

公开(公告)日：2007-08-16

申请号：US11504767

申请日：2006-08-16

申请人： Akifumi Yato ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

发明人： Akifumi Yato ,  Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  H04L9/083 ,  H04L9/0869 ,  H04L63/20

摘要： Each terminal registers the key generation information into each session management server, the information including a plurality of setting items necessary for determining set values to generated a key to be used by itself, and set value candidates which are stored in the setting items. When the encryption communications are established between the terminals, the individual session management servers and a key generation information management server are associated, so that the key generation information management server selects the algorithm suite based on the key generation information. The session management server generates the parameters based on the selected algorithm suite, acquires the information on the selected algorithm suite from the key generation information management server, generates the key for the encryption communications based on that information and distributes the key to the each terminal.

摘要翻译： 每个终端将密钥生成信息注册到每个会话管理服务器中，该信息包括确定设置值所需的多个设置项目以产生要自己使用的密钥，并设置存储在设置项目中的值候选。 当在终端之间建立加密通信时，各个会话管理服务器和密钥生成信息管理服务器相关联，使得密钥生成信息管理服务器基于密钥生成信息来选择算法套件。 会话管理服务器根据选择的算法套件生成参数，从密钥生成信息管理服务器获取所选算法套件的信息，根据该信息生成加密通信的密钥，并将密钥分配给每个终端。

公开(公告)号：US20060277406A1

公开(公告)日：2006-12-07

申请号：US11436048

申请日：2006-05-18

申请人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Osamu Takata ,  Kazuyoshi Hoshino ,  Shinji Nakamura

发明人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Osamu Takata ,  Kazuyoshi Hoshino ,  Shinji Nakamura

IPC分类号： H04L9/00

CPC分类号： H04L63/029 ,  H04L9/321 ,  H04L9/3268 ,  H04L9/3273 ,  H04L63/062 ,  H04L63/0823

摘要： In an encryption communication using VPN technologies, a load on a VPN system becomes large if the number of communication terminals increases. When an external terminal accesses via an internal terminal an application server, processes become complicated because it is necessary to perform authentication at VPN and authentication at the application server. A management server is provided for managing external terminals, internal terminals and application servers. The management server authenticates each communication terminal and operates to establish an encryption communication path between communication terminals. Authentication of each terminal by the management server relies upon a validation server. When the external terminal performs encryption communication with the application server via the internal terminal, two encryption communication paths are established and used between the external terminal and internal terminal and between the internal terminal and application server.

摘要翻译： 在使用VPN技术的加密通信中，如果通信终端的数量增加，则VPN系统的负载变大。 当外部终端通过内部终端访问应用服务器时，由于需要在VPN处进行认证并在应用服务器进行认证，所以处理变得复杂。 提供管理服务器，用于管理外部终端，内部终端和应用服务器。 管理服务器对每个通信终端进行认证，并且操作以在通信终端之间建立加密通信路径。 管理服务器对每个终端的认证依赖于验证服务器。 当外部终端通过内部终端与应用服务器进行加密通信时，在外部终端与内部终端之间以及内部终端与应用服务器之间建立并使用两个加密通信路径。

公开(公告)号：US08095676B2

公开(公告)日：2012-01-10

申请号：US11504765

申请日：2006-08-16

申请人： Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

发明人： Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

IPC分类号： G06F15/16

CPC分类号： H04L29/06027 ,  H04L65/1006 ,  H04L65/1069 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/2857

摘要： The present invention is to prevent user's attribute information from being distributed, in the case where it is to be determined whether or not the attribute information (for example, age, address, and the like) of the user satisfies a service providing condition, when a communication session is established across multiple session managing servers.According to the present invention, attribute information of a user who is using a client logging in a session managing server, and attribute information of a service operating on the client are managed, a condition (SEP) to establish a communication session among multiple session managing servers related to the session establishment is shared, and the session managing server which manages the attribute information compares the attribute information and the SEP to make an access judgment, in order to determine whether or not the communication session is to be established.

摘要翻译： 本发明是为了防止用户属性信息的分发，在确定用户的属性信息（例如，年龄，地址等）是否满足服务提供条件的情况下，当 跨多个会话管理服务器建立通信会话。 根据本发明，管理正在使用登录在会话管理服务器中的客户端的用户的属性信息和在客户端上操作的服务的属性信息，在多个会话管理中建立通信会话的条件（SEP） 与会话建立相关的服务器被共享，并且管理属性信息的会话管理服务器将属性信息和SEP进行访问判断，以便确定是否建立通信会话。

公开(公告)号：US08081758B2

公开(公告)日：2011-12-20

申请号：US11317003

申请日：2005-12-27

申请人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

发明人： Osamu Takata ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Kazuyoshi Hoshino

IPC分类号： H04K1/00

CPC分类号： H04L9/0866 ,  H04L9/0891

摘要： When a cryptographic communicating part 208 of the communication support server 20 exchanges information with the information processing units 14, if the term of validity of a first key stored in a cryptographic key storing part 200 and corresponding to the identification information of the information processing unit 14 does not expire, the cryptographic communicating part 208 performs the cryptographic communication with the information processing unit 14 using the first key, without performing a process of authenticating the information processing units 14. When the term of validity of the first key expires or the first key corresponding to the identification information of the information processing units 14 is not stored, the key sharing part 202 shares the first key with the information processing units 14, and the cryptographic communicating part 208 performs the cryptographic communication with the information processing units 14 using a newly shared first key.

摘要翻译： 当通信支持服务器20的加密通信部分208与信息处理单元14交换信息时，如果存储在密码密钥存储部分200中并对应于信息处理单元14的识别信息的第一密钥的有效期限 密码通信部208使用第一密钥执行与信息处理单元14的密码通信，而不执行对信息处理单元14进行认证的处理。当第一密钥的有效期到期或第一密钥 与信息处理单元14的识别信息相对应的密钥共享部202与信息处理单元14共享第一密钥，密码通信部208使用新的信息处理部14进行与信息处理部14的密码通信 共享第一个键。

公开(公告)号：US20060236091A1

公开(公告)日：2006-10-19

申请号：US11390459

申请日：2006-03-28

申请人： Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

发明人： Tadashi Kaji ,  Osamu Takata ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino

IPC分类号： H04L9/00

CPC分类号： H04L29/06027 ,  H04L9/0838 ,  H04L65/1006 ,  H04L65/607

摘要： It takes time for an encryption data communication system to transfer encrypted data, because negotiations of security parameters are necessary prior to communications in order to protect security and integrity of a SIP message or public key cryptography is required to be used for an encryption process, a decryption process., an digital signature process and an digital digital signature verification process each time a SIP message is transmitted/received. When a SIP message is transferred between two entities, the message is encrypted by shared information if the information is being shared between the entities, or the message is encrypted by the public key of the transmission destination entity if the shared information is not being shared. The encrypted message contains shared information to be used for the transmission destination entity of the encrypted data to encrypt or decrypt the message, during communications after the encrypted data is generated.

摘要翻译： 加密数据通信系统需要时间来传送加密数据，因为在通信之前需要安全参数的协商以保护SIP消息的安全性和完整性，或者需要使用公共密钥密码术来进行加密处理， 解密处理，每次发送/接收SIP消息时的数字签名处理和数字数字签名验证处理。 当SIP消息在两个实体之间传输时，如果信息在实体之间共享，则消息由共享信息加密，或者如果共享信息未被共享，则消息由发送目的地实体的公钥加密。 在加密数据生成之后的通信期间，加密消息包含要用于加密数据的发送目的地实体的共享信息，以加密或解密该消息。

公开(公告)号：US08218769B2

公开(公告)日：2012-07-10

申请号：US11711892

申请日：2007-02-28

申请人： Osamu Takata ,  Tadashi Kaji ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino ,  Keisuke Takeuchi

发明人： Osamu Takata ,  Tadashi Kaji ,  Takahiro Fujishiro ,  Kazuyoshi Hoshino ,  Keisuke Takeuchi

IPC分类号： H04K1/00

CPC分类号： H04L63/065

摘要： An encrypted communication system is provided, in which an encryption key for use in encrypted communication and settings information for the encrypted communication are distributed to each of a plurality of communication devices performing encrypted communication within a group, and in which traffic generated by distributing the encryption key and the like can be reduced. In the encrypted communication system according to the present invention, information including a key for use in the intra-group encrypted communication or a seed which generates the key is distributed to the communication devices belonging to the group that are participating (e.g., logged in) in the intra-group encrypted communication.

摘要翻译： 提供了一种加密通信系统，其中将用于加密通信的加密密钥和用于加密通信的设置信息分配给执行组内的加密通信的多个通信设备中的每一个，并且其中通过分发加密 钥匙等可以减少。 在根据本发明的加密通信系统中，包括用于组内加密通信的密钥或生成密钥的种子的信息被分发给属于正在参与（例如登录）的组的通信设备， 在组内加密通信中。

公开(公告)号：US08019996B2

公开(公告)日：2011-09-13

申请号：US11907260

申请日：2007-10-10

申请人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Osamu Takata ,  Kazuyoshi Hoshino

发明人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Osamu Takata ,  Kazuyoshi Hoshino

IPC分类号： H04L9/32

CPC分类号： G06Q20/3674 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/0869 ,  H04L67/1002 ,  H04L67/1006 ,  H04L67/1008 ,  H04L67/1029

摘要： To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.

摘要翻译： 为了解决在使用VPN技术的加密通信中终端装置的数量增加，VPN终端装置与VPN装置之间的通信被加密的情况下，VPN装置的负载大的问题， 端到端加密通信，提供通信系统，包括：终端装置; 多个叶片; 以及管理服务器，其中：所述管理服务器选择刀片，对所述终端设备和所选择的刀片进行认证，并且中介所述终端设备与所选刀片之间的加密通信路径建立; 终端设备和刀片在没有管理服务器的中介的情况下执行加密的通信; 并且管理服务器请求验证服务器来认证每个终端。