Abstract: A peer-to-peer communication apparatus connected to an IP network acquires, from a peer's communication apparatus, presence information including information for judging a communication security environment of the peer's communication apparatus and a security policy to be applied by the peer's communication apparatus to a packet, displays the presence information and security policy information such that a user can judge the prosperity of the security policy information based on the presence information, and processes a data packet to be transmitted to the peer's communication apparatus in accordance with the security policy approved by the user.

Abstract: Upon issuance of an attribute certificate, an attribute authority apparatus makes a determination policy available. The determination policy includes information designating at least one item to be checked by a service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination. The determination policy may be recorded in the attribute certificate, or released to public, or made available by issuing a determination policy certificate released to public. Information for obtaining the determination policy certificate may be recorded in or outside the attribute certificate and furnished to the service provider apparatus. In order to verify an attribute certificate transmitted from a user terminal, a service provider apparatus obtains the determination policy, and determines whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy.

Abstract: An encrypted communication method, and a system for the method, can transfer a session control message designated by identification information inherent to an application to a connection destination through a session management server. When an application program of a client or encrypted communication software issues a connection request in the form designating an application server by identification information inherent to each application, the identification information is automatically changed to a desired address-of-record capable of domain identification and a transfer destination domain of a reception message is judged.

Abstract: An encrypted communication system is provided, in which an encryption key for use in encrypted communication and settings information for the encrypted communication are distributed to each of a plurality of communication devices performing encrypted communication within a group, and in which traffic generated by distributing the encryption key and the like can be reduced. In the encrypted communication system according to the present invention, information including a key for use in the intra-group encrypted communication or a seed which generates the key is distributed to the communication devices belonging to the group that are participating (e.g., logged in) in the intra-group encrypted communication.

Abstract: A method serves to compose a VPN (Virtual Private Network) over a plurality of networks, each of which is managed by a different Internet Service Provider (ISP). When a packet with a first capsule header used for composing a VPN in a first ISP network is transmitted to a second ISP network, a route for outputting the packet to the second ISP network is determined based on the information both in the capsule header and in the IP header. In addition, a second capsule header used for composing a VPN in the second ISP network is determined based on the above information.

Abstract: Each terminal registers the key generation information into each session management server, the information including a plurality of setting items necessary for determining set values to generated a key to be used by itself, and set value candidates which are stored in the setting items. When the encryption communications are established between the terminals, the individual session management servers and a key generation information management server are associated, so that the key generation information management server selects the algorithm suite based on the key generation information. The session management server generates the parameters based on the selected algorithm suite, acquires the information on the selected algorithm suite from the key generation information management server, generates the key for the encryption communications based on that information and distributes the key to the each terminal.

Abstract: When a cryptographic communicating part 208 of the communication support server 20 exchanges information with the information processing units 14, if the term of validity of a first key stored in a cryptographic key storing part 200 and corresponding to the identification information of the information processing unit 14 does not expire, the cryptographic communicating part 208 performs the cryptographic communication with the information processing unit 14 using the first key, without performing a process of authenticating the information processing units 14. When the term of validity of the first key expires or the first key corresponding to the identification information of the information processing units 14 is not stored, the key sharing part 202 shares the first key with the information processing units 14, and the cryptographic communicating part 208 performs the cryptographic communication with the information processing units 14 using a newly shared first key.

Abstract: The present invention is to prevent user's attribute information from being distributed, in the case where it is to be determined whether or not the attribute information (for example, age, address, and the like) of the user satisfies a service providing condition, when a communication session is established across multiple session managing servers. According to the present invention, attribute information of a user who is using a client logging in a session managing server, and attribute information of a service operating on the client are managed, a condition (SEP) to establish a communication session among multiple session managing servers related to the session establishment is shared, and the session managing server which manages the attribute information compares the attribute information and the SEP to make an access judgment, in order to determine whether or not the communication session is to be established.

Abstract: In a data communication method and a data communication system, a session control message designating a destination server with identification information unique to application is transferred to the destination via a session management server. When an application program or encrypted communication software on a client issues a connection request designating a destination with identification information unique to application, the client or the session management server automatically converts the identification information into a desired resource identifier identifiable a domain to thereby determine a domain as the destination of the received connection request message.

Abstract: Provided is a computer system including: a first computer; a second computer including a second processor and a second memory; and a communication controller for controlling communication between the first and second computers, in which: upon reception of a packet from the first computer, the communication controller translates address information of the received packet to transfer the packet to the second computer; the second memory stores SA candidate information as SA information in which a part of the address information is unknown; and the second processor decrypts the packet encrypted by the first computer by using the SA candidate information upon reception of the encrypted packet from the first computer, and creates SA information based on the SA candidate information used for the decryption and the address information of the encrypted packet upon successful decryption of the encrypted packet.

Abstract: A server device that represents a plurality of service provision servers implements authentication and a SIP message exchange with respect to a SIP server as a representative, and notifies a service provision server of client communication information that is acquired by the SIP message exchange. The service provision server communicates with a client on the basis of the client communication information that is notified from the representative server.

Abstract: In an encryption communication using VPN technologies, a load on a VPN system becomes large if the number of communication terminals increases. When an external terminal accesses via an internal terminal an application server, processes become complicated because it is necessary to perform authentication at VPN and authentication at the application server. A management server is provided for managing external terminals, internal terminals and application servers. The management server authenticates each communication terminal and operates to establish an encryption communication path between communication terminals. Authentication of each terminal by the management server relies upon a validation server. When the external terminal performs encryption communication with the application server via the internal terminal, two encryption communication paths are established and used between the external terminal and internal terminal and between the internal terminal and application server.

Abstract: It takes time for an encryption data communication system to transfer encrypted data, because negotiations of security parameters are necessary prior to communications in order to protect security and integrity of a SIP message or public key cryptography is required to be used for an encryption process, a decryption process., an digital signature process and an digital digital signature verification process each time a SIP message is transmitted/received. When a SIP message is transferred between two entities, the message is encrypted by shared information if the information is being shared between the entities, or the message is encrypted by the public key of the transmission destination entity if the shared information is not being shared. The encrypted message contains shared information to be used for the transmission destination entity of the encrypted data to encrypt or decrypt the message, during communications after the encrypted data is generated.

Abstract: In inter-peer communication between an application server for providing service such as Voice over IP or contents distribution and a client using the service, the client or the application server notifies a log management server of a communication log by a log information process. The log management server verifies consistency of the notified communication log by a log compare process requested by the client or the application server. Because the log information process and the log compare process are executed periodically during inter-peer communication, the client and the application server can detect inconsistency of the communication log instantaneously and notify each other of the consistency of the communication log.

Abstract: Cryptographic communication between communication terminals can be realized even when a plurality of cryptographic algorithms are present, and secure cryptographic communication for a longer time is realized without increasing a processing overhead at each of the communication terminals. A key management server manages cryptographic algorithms that can be used by each of the communication terminal, and searches for a cryptographic algorithm common to the communication terminals, and notifies each of the communication terminals of the cryptographic algorithm found by the search together with plural key generation informations, each piece containing a key to be used in the cryptographic algorithm or a key type for generating the key.

Abstract: A data communication method for forwarding a session control message designating a destination server with an IP address to the destination server via a session management server, wherein, when an application program or encrypted communication software on a client issues a connection request designating a destination server with an IP address, the client or the session management server automatically converts the IP address into a desired resource identifier identifiable a domain, thereby to determine the domain to which the received connection request message should be forwarded.

Abstract: Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

Abstract: A session management server, which is provided with a service determination table having a plurality of entries each indicating a service identifier in association with possible particular items of information which may be extracted from a session setup request packet, receives a session setup request packet issued from a client to a particular application server and determines whether the client terminal is authorized to receive an information service by referring to the determination table, in place of the particular application server. When the determination results in success, the session setup request packet is forwarded to the particular application server.

Abstract: Presence information is shared between a plurality of applications, to grasp a change of presence information of a different kind of application. An IM(X) server 3 receives a notification of a change of presence information from a client A1 (S902), and sends a change notification message for notifying the change of the presence information to a presence server 5 (S906). Then, the presence server 5 sends the change notification message received from the IM(X) server 3 to the IM(Y) server 4 (S908). The IM(Y) server 4 sends the change notification message received from the presence server 5 to a client B2 (S910).

Abstract: In an IP packet communication apparatus, an operation and maintenance function capable of monitoring a transmission path is provided to a layer used to process a packet, which corresponds to an upper layer of an optical network. As one method for applying the operation and maintenance function to the packet layer, in the case of IP over PPP over WDM, an operation/maintenance frame is defined to a PPP frame so as to realize the operation/maintenance function of a PPP connection. In the case that a plurality of connections are multiplexed on the same transmission path, a maintenance frame is conducted in order to operate/manage these connections by being grouped, so that a fault occurring in the optical network is monitored. As another method for applying the operation and maintenance function to the packet layer, an operation/maintenance frame is defined to an IP packet so as to realize an operation and maintenance function of an IP flow.