会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明申请
    • ACCESS CONTROL DEVICE, AND ACCESS CONTROL METHOD
    • 访问控制设备和访问控制方法
    • US20090254658A1
    • 2009-10-08
    • US11721784
    • 2005-12-05
    • Atsushi KamikuraYuji HashimotoKenichiro IidaTomofumi TamuraSatoshi Iino
    • Atsushi KamikuraYuji HashimotoKenichiro IidaTomofumi TamuraSatoshi Iino
    • G06F21/20G06F15/16
    • H04L63/101H04L29/12066H04L61/1511
    • An access control unit and an access control method are provided for controlling an access to a secure host efficiently by reducing the consumption of resources such as a memory. In this access control device, an access control unit (302) performs an access control in accordance with whether the target IP address and the sender IP address of a packet are the IP address of a secure terminal or host or the IP address of a general terminal or host, while referring to a host list stored in a host information storage unit (304). The host information storage unit (304) stores the domain name and the IP address of a general host in an external network (200), as the host list. A host list updating unit (305) inquires the host list of the host information storage unit (304) whether the unregistered host is the secure host or the general host, and updates the host list in accordance with the result of the inquiry.
    • 提供了访问控制单元和访问控制方法,用于通过减少诸如存储器的资源的消耗来有效地控制对安全主机的访问。 在该访问控制装置中,访问控制部(302)根据分组的目标IP地址和发送方IP地址是安全终端或主机的IP地址还是一般的IP地址进行访问控制 终端或主机,同时参考存储在主机信息存储单元(304)中的主机列表。 主机信息存储单元(304)将外部网络(200)中的一般主机的域名和IP地址存储为主机列表。 主机列表更新单元(305)向主机信息存储单元(304)的主机列表询问未注册的主机是安全主机还是一般主机,并根据查询结果更新主机列表。
    • 3. 发明申请
    • ACCESS CONTROLLER
    • 访问控制器
    • US20100023620A1
    • 2010-01-28
    • US11722328
    • 2005-12-08
    • Atsushi KamikuraTomofumi TamuraKenichiro IidaYuji HashimotoSatoshi Iino
    • Atsushi KamikuraTomofumi TamuraKenichiro IidaYuji HashimotoSatoshi Iino
    • G06F15/173
    • H04L29/12066H04L61/1511H04L63/101H04L63/145
    • An access controller not requiring a large amount of resources such as a memory device and not needing to change the list of secure host devices each time the configuration of a network is changed. On receiving a DNS response through an access control section (103) of the access controller (100) a secure host list creating section (104) of the access controller registers the name of the secure host device contained in the DNS response, the IP address, and the IP address of a communication terminal which is a request of the DNS in a secure host list holding section (105) of the access controller (100) when the IP address of the host device contained in the DNS response is the one of the secure host device. The secure host list creating section (104) discards a packet when the communication terminal which is the packet sender is a normal communication terminal and when the packet address is stored in the secure host list holding section (105) and reports nonaccessiblity to the normal communication terminal.
    • 不需要诸如存储器装置的大量资源的访问控制器,并且每当网络的配置改变时不需要改变安全主机设备的列表。 在通过访问控制器(100)的访问控制部分(103)接收DNS响应时,访问控制器的安全主机列表创建部分(104)登记DNS响应中包含的安全主机设备的名称,IP地址 以及当DNS应答中包含的主机设备的IP地址是DNS响应中的一个时,作为访问控制器(100)的安全主机列表保存部分(105)中的DNS请求的通信终端的IP地址 安全主机设备。 当作为分组发送者的通信终端是普通通信终端时,当分组地址被存储在安全主机列表保持部分(105)中并且向不正常通信报告非可访问性时,安全主机列表创建部分(104)丢弃分组 终奌站。
    • 4. 发明申请
    • NETWORK RELAY DEVICE, COMMUNICATION TERMINAL, AND ENCRYPTED COMMUNICATION METHOD
    • 网络继电器设备,通信终端和加密通信方法
    • US20100119069A1
    • 2010-05-13
    • US12598591
    • 2007-05-31
    • Atsushi KamikuraShinkichi IkedaYuji Hashimoto
    • Atsushi KamikuraShinkichi IkedaYuji Hashimoto
    • H04L9/08
    • H04L9/0841H04L63/0428H04L63/061H04L63/164H04L2209/76H04L2209/80
    • A time required for actually starting encrypted communication after a trigger of an encrypted communication is shortened. When a key exchanging process is to be applied in order to exchange key information upon encrypting a communication performed between a communication terminal 11 and a gateway device 25, a network relay device 15 relays the key information, contents of the key exchanging process are divided into a former-half process and a later-half process, and the network relay device 15 executes the former-half process substitute for the communication terminal 11 to establish “IKE SA”. Then, information obtained as the result of the former-half process is transferred from the network relay device 15 to the communication terminal 11. Then, the later-half process of the key exchange process is executed between the communication terminal 11 and the gateway device 25, the communication terminal 11 and the gateway device 25 share common key information with each other to establish “IPsec SA”, and an encrypted communication is performed by using this key information.
    • 在加密通信的触发之后实际启动加密通信所需的时间被缩短。 当为了在通信终端11和网关装置25之间进行的通信进行加密而交换密钥信息时应用密钥交换处理,网络中继装置15中继密钥信息,密钥交换处理的内容被分成 前半处理和后半处理,并且网络中继装置15执行通信终端11的前半处理替代以建立“IKE SA”。 然后,将作为前半处理的结果获得的信息从网络中继装置15传送到通信终端11.然后,在通信终端11和网关装置之间执行密钥交换处理的后半部分处理 如图25所示,通信终端11和网关装置25彼此共享公共密钥信息以建立“IPsec SA”,并且通过使用该密钥信息来执行加密通信。
    • 5. 发明申请
    • Authentication System, CE Device, Mobile Terminal, Key Certificate Issuing Station, And Key Certificate Acquisition Method
    • 认证系统,CE设备,移动终端,密钥证书颁发站和密钥证书获取方法
    • US20090037728A1
    • 2009-02-05
    • US12280675
    • 2006-02-28
    • Atsushi Kamikura
    • Atsushi Kamikura
    • H04L9/32H04L9/08H04L9/30
    • H04L9/3263H04L2209/60H04L2209/80
    • Provided is an authentication system for improving user-friendliness. An IC card (100) of the authentication system (10) includes: a key/certificate storage unit (120) connected to a terminal device (200) and capable of storing a key pair and a temporary certificate or a permanent certificate while correlating them; a CE temporary public key certificate acquisition unit (170); and a CE public key/certificate acquisition control unit (150) connected to a CE device (300). When the key/certificate storage unit (120) has a key pair not correlated either to a temporary certificate or a permanent certificate, the CE temporary public key certificate acquisition unit (170) acquires a temporary certificate corresponding to the key pair from a public key certificate issuing station (400) by using the mobile terminal (200) and causes the key/certificate storage unit (120) to store it. When the key/certificate storage unit (120) has a key pair correlated a temporary certificate but not to a permanent certificate, the CE public key/certificate acquisition control unit (150) acquires a permanent certificate from the public key certificate issuing station (400) by using the temporary certificate via the CE device (300) and causes the key/certificate storage unit (120) to store it.
    • 提供了一种用于提高用户友好性的认证系统。 认证系统(10)的IC卡(100)包括:密钥/证书存储单元(120),连接到终端设备(200),并能够存储密钥对和临时证书或永久证书,同时关联它们 ; CE临时公钥证书获取单元(170); 以及连接到CE设备(300)的CE公钥/证书获取控制单元(150)。 当密钥/证书存储单元(120)具有与临时证书或永久证书不相关的密钥对时,CE临时公钥证书获取单元(170)从公钥获取与密钥对相对应的临时证书 通过使用移动终端(200)的证书发行站(400),并使密钥/证书存储单元(120)存储。 当密钥/证书存储单元(120)具有与临时证书相关联的密钥对而不是永久证书时,CE公钥/证书获取控制单元(150)从公开密钥证明书发行站(400 )通过CE设备(300)使用临时证书,并使密钥/证书存储单元(120)存储。