Patents by Inventor Kei Karasawa
Kei Karasawa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8775796Abstract: A terminal device 4 transmits a certificate issue request including a communication ID thereof and a sub ID to a certificate issuing device 7 via a NW1 (a first network). The certificate issuing device 7 inquires of a communication ID (identifier) checking device 5 whether or not the communication ID included in the certificate issue request is in use or not and inquires of a communication ID/sub ID checking device 6 whether or not the communication ID and the sub ID are associated with each other. If both the check results are OK, the certificate issuing device 7 generates a certificate including the ID of the certificate issuing device 7, the communication ID, the sub ID and a validity period and transmits the certificate to the terminal device 4. In this way, a certificate with a short validity period can be issued only based on the access to the NW1 using the communication ID and the sub ID.Type: GrantFiled: February 7, 2008Date of Patent: July 8, 2014Assignee: Nippon Telegraph and Telephone CorporationInventors: Kei Karasawa, Masahisa Kawashima, Yukio Tsuruoka, Kenji Takahashi, Shingo Orihara
-
Patent number: 8595816Abstract: At the user authentication apparatus 30, an identifier of a certification authority (CA) certificate that a CA information disclosure server 20 discloses in advance is registered in an identifier list of the CA. At the user terminal 10, a key pair consisting of a terminal public key and a terminal secret key is generated, the terminal signature is generated for information containing the terminal public key using the CA secret key acquired in advance, and a self-signed certificate of the same form as the certificate issued from CA, that is, a terminal certificate containing at least a terminal public key, a terminal signature, and a CA identifier, is created and stored, and registered in the user authentication apparatus 30.Type: GrantFiled: June 25, 2008Date of Patent: November 26, 2013Assignee: Nippon Telegraph and Telephone CorporationInventors: Kei Karasawa, Nachi Ueno, Kenji Takahashi, Yukio Tsuruoka, Shingo Orihara
-
Patent number: 8352743Abstract: At user registration, a client device obtains a signature for a user ID, a password, and a public key by using a private key, and sends user information that includes the signature and the above-described information items to a service providing apparatus. The service providing apparatus verifies the signature by using the public key and stores the user information by which the password and the public key are associated with each other. When a request for a service is made, the client device allows authentication processing by sending to the service providing apparatus an authentication response that includes the user ID together with password authentication information, a signature for a challenge sent from the service providing apparatus, or a signature for the password and the challenge, irrespective of whether the authentication method for the service is password authentication, public key authentication, or public-key-and-password combination authentication.Type: GrantFiled: February 7, 2008Date of Patent: January 8, 2013Assignee: Nippon Telegraph and Telephone CorporationInventors: Yukio Tsuruoka, Shingo Orihara, Kei Karasawa, Kenji Takahashi
-
Patent number: 8291231Abstract: A secret key of a second apparatus is stored in a relay apparatus. A first apparatus specifies secret information used to identify a common key, generates encrypted secret information by encrypting the secret information by using a public key of the second apparatus, and transmits the encrypted secret information to the relay apparatus. Then, the relay apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. The relay apparatus transmits the encrypted secret information to the second apparatus. The second apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. Finished messages corresponding to communication log information and the secret information are exchanged between the first apparatus and the relay apparatus and between the second apparatus and the relay apparatus.Type: GrantFiled: November 6, 2008Date of Patent: October 16, 2012Assignee: Nippon Telegraph and Telephone CorporationInventors: Nachi Ueno, Shingo Orihara, Kei Karasawa, Yukio Tsuruoka
-
Publication number: 20110185171Abstract: A terminal device 4 transmits a certificate issue request including a communication ID thereof and a sub ID to a certificate issuing device 7 via a NW1. The certificate issuing device 7 inquires of a communication ID checking device 5 whether or not the communication ID included in the certificate issue request is in use or not and inquires of a communication ID/sub ID checking device 6 whether or not the communication ID and the sub ID are associated with each other. If both the check results are OK, the certificate issuing device 7 generates a certificate including the ID of the certificate issuing device 7, the communication ID, the sub ID and a validity period and transmits the certificate to the terminal device 4. In this way, a certificate with a short validity period can be issued only based on the access to the NW1 using the communication ID and the sub ID.Type: ApplicationFiled: February 7, 2008Publication date: July 28, 2011Applicant: Nippon Telegraph and Telephone Corp.Inventors: Kei Karasawa, Masahisa Kawashima, Yukio Tsuruoka, Kenji Takahashi, Shingo Orihara
-
Publication number: 20110047373Abstract: At the user authentication apparatus 30, an identifier of a certification authority (CA) certificate that a CA information disclosure server 20 discloses in advance is registered in an identifier list of the CA. At the user terminal 10, a key pair consisting of a terminal public key and a terminal secret key is generated, the terminal signature is generated for information containing the terminal public key using the CA secret key acquired in advance, and a self-signed certificate of the same form as the certificate issued from CA, that is, a terminal certificate containing at least a terminal public key, a terminal signature, and a CA identifier, is created and stored, and registered in the user authentication apparatus 30.Type: ApplicationFiled: June 25, 2008Publication date: February 24, 2011Applicant: Nippon Telegraph and Telephone CorporationInventors: Kei Karasawa, Nachi Ueno, Kenji Takahashi, Yukio Tsuruoka, Shingo Orihara
-
Patent number: 7861288Abstract: An address allocated to a user by an authentication server is used as an IP address of a packet which is transmitted from a user terminal, preventing an illicit use if the IP address were eavesdropped. An authentication server 100 performs an authentication of a user based on a user authentication information which is transmitted from the user terminal, and upon a successful authentication, allocates an address to the user terminal, and issues a ticket containing the address to be returned to the user terminal. The user terminal sets up the address contained in the ticket as a source address, and transmits the ticket to the application server 300, requesting a session to be established. After verifying that the ticket is authentic, the server 300 stores the ticket and establishes a session with the user terminal. The user terminal transmits a service request packet containing the source address to the server 300 utilizing the session.Type: GrantFiled: July 12, 2004Date of Patent: December 28, 2010Assignee: Nippon Telegraph and Telephone CorporationInventors: Yukio Tsuruoka, Yoshinao Kikuchi, Shintaro Mizuno, Kenji Takahashi, Kei Karasawa
-
Publication number: 20100250951Abstract: A secret key of a second apparatus is stored in a relay apparatus. A first apparatus specifies secret information used to identify a common key, generates encrypted secret information by encrypting the secret information by using a public key of the second apparatus, and transmits the encrypted secret information to the relay apparatus. Then, the relay apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. The relay apparatus transmits the encrypted secret information to the second apparatus. The second apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. Finished messages corresponding to communication log information and the secret information are exchanged between the first apparatus and the relay apparatus and between the second apparatus and the relay apparatus.Type: ApplicationFiled: November 6, 2008Publication date: September 30, 2010Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIIONInventors: Nachi Ueno, Shingo Orihara, Kei Karasawa, Yukio Tsuruoka
-
Publication number: 20100088519Abstract: In a user authentication system according to the present invention, at user registration, a client device obtains a signature for a user ID, a password, and a public key by using a private key corresponding to the public key, and sends user information that includes the signature and the above-described information items to a service providing apparatus. The service providing apparatus verifies the signature by using the public key and stores the user information by which the password and the public key are associated with each other.Type: ApplicationFiled: February 7, 2008Publication date: April 8, 2010Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yukio Tsuruoka, Shingo Orihara, Kei Karasawa, Kenji Takahashi
-
Patent number: 7539858Abstract: When a packet is received from a counterpart apparatus 3 connected to the Internet 2, it is determined by a decryption determination part 16 whether to decrypt or bypass the received packet by referring to a filter information storage part 15 based on a sending source and sending destination IP addresses and port numbers and a protocol. If it is determined that decryption is to be performed, then the received packet is decrypted based on cryptographic communication channel information agreed in advance between the counterpart apparatus 3 and a terminal 5 which does not have an IPSec function, in a cryptographic communication channel information storage part 12, and sent to the terminal 5.Type: GrantFiled: April 4, 2005Date of Patent: May 26, 2009Assignee: Nippon Telegraph and Telephone CorporationInventors: Kei Karasawa, Katsunori Matsuura
-
Publication number: 20060184789Abstract: When a packet is received from a counterpart apparatus 3 connected to the Internet 2, it is determined by a decryption determination part 16 whether to decrypt or bypass the received packet by referring to a filter information storage part 15 based on a sending source and sending destination IP addresses and port numbers and a protocol. If it is determined that decryption is to be performed, then the received packet is decrypted based on cryptographic communication channel information agreed in advance between the counterpart apparatus 3 and a terminal 5 which does not have an IPSec function, in a cryptographic communication channel information storage part 12, and sent to the terminal 5.Type: ApplicationFiled: April 4, 2005Publication date: August 17, 2006Applicant: Nippon Telegraph and Telephone Corp.Inventors: Kei Karasawa, Katsunori Matsuura
-
Publication number: 20060048212Abstract: An address allocated to a user by an authentication server is used as an IP address of a packet which is transmitted from a user terminal, preventing an illicit use if the IP address were eavesdropped. An authentication server 100 performs an authentication of a user based on a user authentication information which is transmitted from the user terminal, and upon a successful authentication, allocates an address to the user terminal, and issues a ticket containing the address to be returned to the user terminal. The user terminal sets up the address contained in the ticket as a source address, and transmits the ticket to the application server 300, requesting a session to be established. After verifying that the ticket is authentic, the server 300 stores the ticket and establishes a session with the user terminal. The user terminal transmits a service request packet containing the source address to the server 300 utilizing the session.Type: ApplicationFiled: July 12, 2004Publication date: March 2, 2006Applicant: Nippon Telegraph And Telephone CorporationInventors: Yukio Tsuruoka, Yoshinaro Kikuchi, Shintaro Mizuno, Kenji Takahashi, Kei Karasawa