Abstract: A communication management apparatus for managing communication exchanged between communication apparatuses, including: a communication information management control portion for receiving, after communication under a communication session between first and second communication apparatuses, first information of quantity of the communication from the first communication apparatus and for receiving second information of quantity of the communication from the second communication apparatus; a communication information storage portion for storing both the first and second information received from the communication information management control portion; and a communication information verification portion for comparing the first and second information of quantity of the communication to verify any falsification thereof in a statistical process.

Abstract: It takes time for an encryption data communication system to transfer encrypted data, because negotiations of security parameters are necessary prior to communications in order to protect security and integrity of a SIP message or public key cryptography is required to be used for an encryption process, a decryption process., an digital signature process and an digital digital signature verification process each time a SIP message is transmitted/received. When a SIP message is transferred between two entities, the message is encrypted by shared information if the information is being shared between the entities, or the message is encrypted by the public key of the transmission destination entity if the shared information is not being shared. The encrypted message contains shared information to be used for the transmission destination entity of the encrypted data to encrypt or decrypt the message, during communications after the encrypted data is generated.

Abstract: Presence information is shared between a plurality of applications, to grasp a change of presence information of a different kind of application. An IM(X) server 3 receives a notification of a change of presence information from a client A1 (S902), and sends a change notification message for notifying the change of the presence information to a presence server 5 (S906). Then, the presence server 5 sends the change notification message received from the IM(X) server 3 to the IM(Y) server 4 (S908). The IM(Y) server 4 sends the change notification message received from the presence server 5 to a client B2 (S910).

Abstract: Cryptographic communication between communication terminals can be realized even when a plurality of cryptographic algorithms are present, and secure cryptographic communication for a longer time is realized without increasing a processing overhead at each of the communication terminals. A key management server manages cryptographic algorithms that can be used by each of the communication terminal, and searches for a cryptographic algorithm common to the communication terminals, and notifies each of the communication terminals of the cryptographic algorithm found by the search together with plural key generation informations, each piece containing a key to be used in the cryptographic algorithm or a key type for generating the key.

Abstract: Each terminal registers the key generation information into each session management server, the information including a plurality of setting items necessary for determining set values to generated a key to be used by itself, and set value candidates which are stored in the setting items. When the encryption communications are established between the terminals, the individual session management servers and a key generation information management server are associated, so that the key generation information management server selects the algorithm suite based on the key generation information. The session management server generates the parameters based on the selected algorithm suite, acquires the information on the selected algorithm suite from the key generation information management server, generates the key for the encryption communications based on that information and distributes the key to the each terminal.

Abstract: A server device that represents a plurality of service provision servers implements authentication and a SIP message exchange with respect to a SIP server as a representative, and notifies a service provision server of client communication information that is acquired by the SIP message exchange. The service provision server communicates with a client on the basis of the client communication information that is notified from the representative server.

Abstract: An encryption communication module on the side of a service providing server reports a global IP address allocated to an NAPT router on the service providing server side and a port number of an outside UDP header used on the global side to an authentication/key exchange server. When receiving an encryption packet from an encryption communication module on the user terminal side, the encryption communication module on the service providing server side overwrite a source/destination IP address of an inside IP header by a source/destination IP address of an outside IP header. The encryption communication module further changes a source port number of an inside TCP•UDP header to a unique value for each communication session in the encryption communication having the same source IP address in the outside IP header. The inverse header change is made when the packet is transmitted to the encryption communication module of the user terminal side.

Abstract: In an IP packet communication apparatus, an operation and maintenance function capable of monitoring a transmission path is provided to a layer used to process a packet, which corresponds to an upper layer of an optical network. As one method for applying the operation and maintenance function to the packet layer, in the case of IP over PPP over WDM, an operation/maintenance frame is defined to a PPP frame so as to realize the operation/maintenance function of a PPP connection. In the case that a plurality of connections are multiplexed on the same transmission path, a maintenance frame is conducted in order to operate/manage these connections by being grouped, so that a fault occurring in the optical network is monitored. As another method for applying the operation and maintenance function to the packet layer, an operation/maintenance frame is defined to an IP packet so as to realize an operation and maintenance function of an IP flow.

Abstract: Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

Abstract: Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

Abstract: The present invention provides a communication control apparatus for controlling incoming and outgoing telephone calls (communication) in a corporate private telephone network and among a plurality of corporate telephone networks by using the IP. The communication control apparatus includes a plurality of interfaces connected to the plurality of corporate networks and processor, wherein when the processor receives an IP packet from a terminal that belongs to a first corporate network through any of the plurality of interfaces, the processor determines which of the corporate networks an incoming terminal for the packet belongs to based on outgoing SIP-URI and incoming SIP-URI contained in the header of the IP packet and performs necessary control so as to connect the outgoing terminal and the incoming terminal depending on each of the network to which the outgoing terminal belongs and other networks.

Abstract: A data communication system is provided that is capable of increasing or decreasing the number of session management servers flexibly, and is further capable of implementing data communication while distributing the message processing load in the session management server. The data communication system includes multiple communication devices which perform data communications mutually, multiple session management servers which manage sessions of data communication between the communication devices, and a load balancer which assigns the session management servers for processing a message received from the communication device according to a predetermined criterion, wherein, the session management server is provided with a unit for managing a currently logged-in communication device and a state of the communication performed by the communication device, and a unit for acquiring information necessary for performing communication with the communication device.

Abstract: To validate a certificate of a service provider apparatus, a service receiving apparatus determines a certificate validation method on based on a combination of the performance of the service receiving apparatus, the performance of a CRL repository apparatus, the performance of a certificate validation apparatus, and the performance of a network, and performs validation of a certificate by the determined method. Furthermore, to validate a certificate of a service provider apparatus, a service receiving apparatus requests a method selection apparatus to validate the certificate, and the method selection apparatus determines a certificate validation method based on a combination of the performance of the method selection apparatus, the performance of the CRL repository apparatus, the performance of the certificate validation apparatus and the performance of the network, validates the certificate by the determined method, and notifies a validation result to the service receiving apparatus.

Abstract: A communications audit support system is provided, which makes it possible to audit communications of an arbitrary encrypted communication session at any time. The communications audit support system of the present invention stores key information used for encrypted communication in a key management DB in association with a key ID each time the key information is created, stores IP addresses of a user terminal and a service providing server which perform an encrypted communication session using the key information in a communication state management DB in association with the key ID, and stores an encrypted packet sent in an encrypted communication session in a packet DB in association with IP addresses of a sender and a receiver of the encrypted packet.

Abstract: At least three storage devices are connected via a network to each other. Backup data is concurrently transferred from one of the storage devices, i.e., from a copy source storage device to other ones thereof, i.e., to copy destination storage devices. The amount of data transferred from the copy source storage device to each copy destination storage device is dynamically changed according to a state of a communication connection therebetween. At occurrence of a failure in the copy source storage device, necessary data can be concurrently read from the backup storage devices to restore the data in the copy source storage device at a high speed.

Abstract: To minimize risk of printing-out to a printer located at an improper base, where a network is established between the bases, terminal devices, a server, printers, and a management device which manages printers are provided. The management device manages position information of the printers installed in bases. Every time printing is requested, the management device extracts printer candidates located close to a terminal device and asks a user of the terminal device to select one of the printer candidates. The user visually confirms the installation locations of the extracted printer candidates included in a list and selects an appropriate printer for each printing. Accordingly, risk of erroneously printing using a printer installed in an improper base can be reduced.

Abstract: Session Initiation Protocol (SIP), a protocol used in VoIP (Voice over IP) communications, enables a caller to send a SIP message to a callee with his/her UserID concealed from the callee, which in turn, prevents A SIP server from making an attempt to manage the caller. If the same IP Telephone address is used whenever the IP call is made, a third party may guess the IP address easily during conversation. The SIP message sent by the caller is converted and conversion tables are managed by the SIP server. The IP Telephone modifies its IP address for each IP call. Thus, the caller can make a call to the callee with his/her UserID concealed from the callee using the SIP server with a message conversion function and communications carriers having SIP servers installed to manage the callers using their conversion tables. It is difficult to any malicious third party to guess the IP Telephone address, because the IP Telephone address is modified for each call.

Abstract: To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.

Abstract: A system is provided that includes session management servers which mediate a secure communication performed between communication apparatuses. The session management servers create and maintain communication logs for recording at a start and end of the secure communication. The system includes log management servers which manage the communication logs of the secure communication. The communication source apparatus, the communication destination apparatus and the session management servers transmit their own communication logs to the corresponding log management server in the same domain to which they belong. One of the log management servers obtains those communication logs from the others based on a request and performs verification of consistency among them. Accordingly, it is possible to create reliable communication logs of the secure communication performed between the communication source apparatus and the communication destination apparatus.

Abstract: A secure storage system for securely accessing a storage device on a network and improving volume management scalability, consisting of a client having a VPN capability; a storage device in an SAN; a management apparatus having a means for managing a storage capacity and a logical volume allocated to the storage device; a converter for converting a protocol used in the SAN to a protocol used in a LAN/MAN/WAN and vice versa; and a conversion apparatus having the VPN capability. A VPN is provided between the client and the conversion apparatus. The conversion apparatus is provided with a mapping between the VPN and an access range of the storage device. A VPN-ID is used for identifying the VPN. An address in the logical volume is used for the access range of the storage device.