公开(公告)号：US20100014521A1

公开(公告)日：2010-01-21

申请号：US11722324

申请日：2005-12-15

申请人： Tomofumi Tamura ,  Yuji Hashimoto ,  Satoshi Iino ,  Kenichiro Iida ,  Atsushi Kamikura

发明人： Tomofumi Tamura ,  Yuji Hashimoto ,  Satoshi Iino ,  Kenichiro Iida ,  Atsushi Kamikura

IPC分类号： H04L12/56

CPC分类号： H04L29/12254 ,  H04L29/12367 ,  H04L29/12462 ,  H04L61/2038 ,  H04L61/2514 ,  H04L61/255 ,  H04L63/0281 ,  H04L69/08

摘要： It is possible to perform access from a global network side to a private network side so as to realize mutual communication between the global network and the private network while maintaining security. A table setting unit (307) decides a correspondence between a private IP address and a global IP address and registers it in an address conversion table (310). The address conversion table (310) holds the private IP address and the global IP address while correlating them to each other.

摘要翻译： 可以从全球网络侧到专用网络侧进行访问，以便在保持安全性的同时实现全球网络和专用网络之间的相互通信。 表设置单元（307）确定专用IP地址和全局IP地址之间的对应关系，并将其登记在地址转换表（310）中。 地址转换表（310）保持私有IP地址和全局IP地址，同时将它们相互关联。

公开(公告)号：US20090254658A1

公开(公告)日：2009-10-08

申请号：US11721784

申请日：2005-12-05

申请人： Atsushi Kamikura ,  Yuji Hashimoto ,  Kenichiro Iida ,  Tomofumi Tamura ,  Satoshi Iino

发明人： Atsushi Kamikura ,  Yuji Hashimoto ,  Kenichiro Iida ,  Tomofumi Tamura ,  Satoshi Iino

IPC分类号： G06F21/20 ,  G06F15/16

CPC分类号： H04L63/101 ,  H04L29/12066 ,  H04L61/1511

摘要： An access control unit and an access control method are provided for controlling an access to a secure host efficiently by reducing the consumption of resources such as a memory. In this access control device, an access control unit (302) performs an access control in accordance with whether the target IP address and the sender IP address of a packet are the IP address of a secure terminal or host or the IP address of a general terminal or host, while referring to a host list stored in a host information storage unit (304). The host information storage unit (304) stores the domain name and the IP address of a general host in an external network (200), as the host list. A host list updating unit (305) inquires the host list of the host information storage unit (304) whether the unregistered host is the secure host or the general host, and updates the host list in accordance with the result of the inquiry.

摘要翻译： 提供了访问控制单元和访问控制方法，用于通过减少诸如存储器的资源的消耗来有效地控制对安全主机的访问。 在该访问控制装置中，访问控制部（302）根据分组的目标IP地址和发送方IP地址是安全终端或主机的IP地址还是一般的IP地址进行访问控制 终端或主机，同时参考存储在主机信息存储单元（304）中的主机列表。 主机信息存储单元（304）将外部网络（200）中的一般主机的域名和IP地址存储为主机列表。 主机列表更新单元（305）向主机信息存储单元（304）的主机列表询问未注册的主机是安全主机还是一般主机，并根据查询结果更新主机列表。

公开(公告)号：US20100023620A1

公开(公告)日：2010-01-28

申请号：US11722328

申请日：2005-12-08

申请人： Atsushi Kamikura ,  Tomofumi Tamura ,  Kenichiro Iida ,  Yuji Hashimoto ,  Satoshi Iino

发明人： Atsushi Kamikura ,  Tomofumi Tamura ,  Kenichiro Iida ,  Yuji Hashimoto ,  Satoshi Iino

IPC分类号： G06F15/173

CPC分类号： H04L29/12066 ,  H04L61/1511 ,  H04L63/101 ,  H04L63/145

摘要： An access controller not requiring a large amount of resources such as a memory device and not needing to change the list of secure host devices each time the configuration of a network is changed. On receiving a DNS response through an access control section (103) of the access controller (100) a secure host list creating section (104) of the access controller registers the name of the secure host device contained in the DNS response, the IP address, and the IP address of a communication terminal which is a request of the DNS in a secure host list holding section (105) of the access controller (100) when the IP address of the host device contained in the DNS response is the one of the secure host device. The secure host list creating section (104) discards a packet when the communication terminal which is the packet sender is a normal communication terminal and when the packet address is stored in the secure host list holding section (105) and reports nonaccessiblity to the normal communication terminal.

摘要翻译： 不需要诸如存储器装置的大量资源的访问控制器，并且每当网络的配置改变时不需要改变安全主机设备的列表。 在通过访问控制器（100）的访问控制部分（103）接收DNS响应时，访问控制器的安全主机列表创建部分（104）登记DNS响应中包含的安全主机设备的名称，IP地址 以及当DNS应答中包含的主机设备的IP地址是DNS响应中的一个时，作为访问控制器（100）的安全主机列表保存部分（105）中的DNS请求的通信终端的IP地址 安全主机设备。 当作为分组发送者的通信终端是普通通信终端时，当分组地址被存储在安全主机列表保持部分（105）中并且向不正常通信报告非可访问性时，安全主机列表创建部分（104）丢弃分组 终奌站。

公开(公告)号：US20100119069A1

公开(公告)日：2010-05-13

申请号：US12598591

申请日：2007-05-31

申请人： Atsushi Kamikura ,  Shinkichi Ikeda ,  Yuji Hashimoto

发明人： Atsushi Kamikura ,  Shinkichi Ikeda ,  Yuji Hashimoto

IPC分类号： H04L9/08

CPC分类号： H04L9/0841 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/164 ,  H04L2209/76 ,  H04L2209/80

摘要： A time required for actually starting encrypted communication after a trigger of an encrypted communication is shortened. When a key exchanging process is to be applied in order to exchange key information upon encrypting a communication performed between a communication terminal 11 and a gateway device 25, a network relay device 15 relays the key information, contents of the key exchanging process are divided into a former-half process and a later-half process, and the network relay device 15 executes the former-half process substitute for the communication terminal 11 to establish “IKE SA”. Then, information obtained as the result of the former-half process is transferred from the network relay device 15 to the communication terminal 11. Then, the later-half process of the key exchange process is executed between the communication terminal 11 and the gateway device 25, the communication terminal 11 and the gateway device 25 share common key information with each other to establish “IPsec SA”, and an encrypted communication is performed by using this key information.

摘要翻译： 在加密通信的触发之后实际启动加密通信所需的时间被缩短。 当为了在通信终端11和网关装置25之间进行的通信进行加密而交换密钥信息时应用密钥交换处理，网络中继装置15中继密钥信息，密钥交换处理的内容被分成 前半处理和后半处理，并且网络中继装置15执行通信终端11的前半处理替代以建立“IKE SA”。 然后，将作为前半处理的结果获得的信息从网络中继装置15传送到通信终端11.然后，在通信终端11和网关装置之间执行密钥交换处理的后半部分处理 如图25所示，通信终端11和网关装置25彼此共享公共密钥信息以建立“IPsec SA”，并且通过使用该密钥信息来执行加密通信。

公开(公告)号：US20090037728A1

公开(公告)日：2009-02-05

申请号：US12280675

申请日：2006-02-28

申请人： Atsushi Kamikura

发明人： Atsushi Kamikura

IPC分类号： H04L9/32 ,  H04L9/08 ,  H04L9/30

CPC分类号： H04L9/3263 ,  H04L2209/60 ,  H04L2209/80

摘要： Provided is an authentication system for improving user-friendliness. An IC card (100) of the authentication system (10) includes: a key/certificate storage unit (120) connected to a terminal device (200) and capable of storing a key pair and a temporary certificate or a permanent certificate while correlating them; a CE temporary public key certificate acquisition unit (170); and a CE public key/certificate acquisition control unit (150) connected to a CE device (300). When the key/certificate storage unit (120) has a key pair not correlated either to a temporary certificate or a permanent certificate, the CE temporary public key certificate acquisition unit (170) acquires a temporary certificate corresponding to the key pair from a public key certificate issuing station (400) by using the mobile terminal (200) and causes the key/certificate storage unit (120) to store it. When the key/certificate storage unit (120) has a key pair correlated a temporary certificate but not to a permanent certificate, the CE public key/certificate acquisition control unit (150) acquires a permanent certificate from the public key certificate issuing station (400) by using the temporary certificate via the CE device (300) and causes the key/certificate storage unit (120) to store it.

摘要翻译： 提供了一种用于提高用户友好性的认证系统。 认证系统（10）的IC卡（100）包括：密钥/证书存储单元（120），连接到终端设备（200），并能够存储密钥对和临时证书或永久证书，同时关联它们 ; CE临时公钥证书获取单元（170）; 以及连接到CE设备（300）的CE公钥/证书获取控制单元（150）。 当密钥/证书存储单元（120）具有与临时证书或永久证书不相关的密钥对时，CE临时公钥证书获取单元（170）从公钥获取与密钥对相对应的临时证书 通过使用移动终端（200）的证书发行站（400），并使密钥/证书存储单元（120）存储。 当密钥/证书存储单元（120）具有与临时证书相关联的密钥对而不是永久证书时，CE公钥/证书获取控制单元（150）从公开密钥证明书发行站（400 ）通过CE设备（300）使用临时证书，并使密钥/证书存储单元（120）存储。