Abstract: A server device that represents a plurality of service provision servers implements authentication and a SIP message exchange with respect to a SIP server as a representative, and notifies a service provision server of client communication information that is acquired by the SIP message exchange. The service provision server communicates with a client on the basis of the client communication information that is notified from the representative server.

Abstract: An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate.

Abstract: To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.

Abstract: A data communication method for forwarding a session control message designating a destination server with an IP address to the destination server via a session management server, wherein, when an application program or encrypted communication software on a client issues a connection request designating a destination server with an IP address, the client or the session management server automatically converts the IP address into a desired resource identifier identifiable a domain, thereby to determine the domain to which the received connection request message should be forwarded.

Abstract: In an encryption communication using VPN technologies, a load on a VPN system becomes large if the number of communication terminals increases. When an external terminal accesses via an internal terminal an application server, processes become complicated because it is necessary to perform authentication at VPN and authentication at the application server. A management server is provided for managing external terminals, internal terminals and application servers. The management server authenticates each communication terminal and operates to establish an encryption communication path between communication terminals. Authentication of each terminal by the management server relies upon a validation server. When the external terminal performs encryption communication with the application server via the internal terminal, two encryption communication paths are established and used between the external terminal and internal terminal and between the internal terminal and application server.

Abstract: A method and a system for speeding up session establishment are provided, wherein the time required to establish a session is reduced, even in the case where a session management server requires a large amount of time to process respective functions required for establishing the session (such as making a decision regarding whether to permit or deny provision of a service, or generating a session key). The session management server is provided with means for conducting, in parallel, processing to issue processing requests for respective functions required for establishing a session (such as making a decision regarding whether to permit or deny provision of a service, or generating a session key) and processing to forward a communication message transmitted by a communications device or another session management server attempting to establish a session.

Abstract: A communication management apparatus for managing communication exchanged between communication apparatuses, including: a communication information management control portion for receiving, after communication under a communication session between first and second communication apparatuses, first information of quantity of the communication from the first communication apparatus and for receiving second information of quantity of the communication from the second communication apparatus; a communication information storage portion for storing both the first and second information received from the communication information management control portion; and a communication information verification portion for comparing the first and second information of quantity of the communication to verify any falsification thereof in a statistical process.

Abstract: An authentication server is dynamically changed in consideration of a user's situation, a kind of service used by the user and user's convenience. When a terminal device 1 is going to receive provision of service from a service providing server 2, an authentication intermediary server 4 selects an authentication server 3 among authentication servers 3 that satisfy selection conditions previously set by the user of the terminal device 1 such as presence information, priority, usage condition, service providing server conditions and the like, so that the user of the terminal device 1 undergo authentication by the selected authentication server 3.

Abstract: It takes time for an encryption data communication system to transfer encrypted data, because negotiations of security parameters are necessary prior to communications in order to protect security and integrity of a SIP message or public key cryptography is required to be used for an encryption process, a decryption process., an digital signature process and an digital digital signature verification process each time a SIP message is transmitted/received. When a SIP message is transferred between two entities, the message is encrypted by shared information if the information is being shared between the entities, or the message is encrypted by the public key of the transmission destination entity if the shared information is not being shared. The encrypted message contains shared information to be used for the transmission destination entity of the encrypted data to encrypt or decrypt the message, during communications after the encrypted data is generated.

Abstract: Cryptographic communication between communication terminals can be realized even when a plurality of cryptographic algorithms are present, and secure cryptographic communication for a longer time is realized without increasing a processing overhead at each of the communication terminals. A key management server manages cryptographic algorithms that can be used by each of the communication terminal, and searches for a cryptographic algorithm common to the communication terminals, and notifies each of the communication terminals of the cryptographic algorithm found by the search together with plural key generation informations, each piece containing a key to be used in the cryptographic algorithm or a key type for generating the key.

Abstract: Each terminal registers the key generation information into each session management server, the information including a plurality of setting items necessary for determining set values to generated a key to be used by itself, and set value candidates which are stored in the setting items. When the encryption communications are established between the terminals, the individual session management servers and a key generation information management server are associated, so that the key generation information management server selects the algorithm suite based on the key generation information. The session management server generates the parameters based on the selected algorithm suite, acquires the information on the selected algorithm suite from the key generation information management server, generates the key for the encryption communications based on that information and distributes the key to the each terminal.

Abstract: In order to reduce network loads in a large system, provided is a representative aspect of this invention is as follows. That is, there is provided a SIP server coupled to at least one client via a communication line to control a communication session of the at least one client. The SIP server receives a SIP message transmitted from the at least one client, transfers the received SIP message to one of another SIP server and another one of the at least one client, and analyzes the received SIP message. The SIP server comprising a storage unit for storing a result of the analysis. The SIP server compares the result of the analysis and a SIP message received after the analysis, rewrites the SIP message based on a result of the comparison, and changes a transfer destination of the SIP message based on the result of the comparison.

Abstract: Technology is provided for easily converting data for use with a plurality of receiving devices. The structure-specific message generator of an information providing server generates reference information by converting the data structure of information received from a transmitting device into a data structure processable by a plurality of receiving devices. A SOAP notification generator then generates notification information for each of the receiving device by replacing information at predetermined parts in the generated reference information with receiving device-specific information.

Abstract: A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.

Abstract: To provide a technology for enabling authentication according to a state of use of a device on a user side. When, on a communication device (10), a user requests a service providing server (16) to provide a service, an authentication server (17) acquires, from a presence server (19), presence information on a wireless terminal device (11), a softphone-equipped device (13), and a messenger-equipped device (15) held by the user requesting the service, selects an authentication method corresponding to the acquired presence information, and transmits a one-time password from an audio reproduction server (21) or an IM transmission server (22) to the wireless terminal device (11), the softphone-equipped device (13), or the messenger-equipped device (15).

Abstract: A server device that represents a plurality of service provision servers implements authentication and a SIP message exchange with respect to a SIP server as a representative, and notifies a service provision server of client communication information that is acquired by the SIP message exchange. The service provision server communicates with a client on the basis of the client communication information that is notified from the representative server.

Abstract: A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.

Abstract: In response to a sign request including a digital document from a document-creating device 10, a digital-signed-document exchange supporting server 30 canonicalizes the digital document, calculates a digest value thereof, and returns the digest value to the document creating device. When the document-creating device transmits a digital sign created by encrypting the digest value to the digital-signed-digital document exchange-supporting server 30, the server 30 creates a digital-signed document from the digital sign and the digital document, and returns the document to the document-creating device. On the other hand, in response to a validation request including a digital-signed-digital document and a public key from a sign validating device 20, the server 30 compares a value resulting from the decryption of the digital sign with the public key and a digest value of the digital document canonicalized and returns the result to the sign validating device.

Abstract: An encryption communication module on the side of a service providing server reports a global IP address allocated to an NAPT router on the service providing server side and a port number of an outside UDP header used on the global side to an authentication/key exchange server. When receiving an encryption packet from an encryption communication module on the user terminal side, the encryption communication module on the service providing server side overwrite a source/destination IP address of an inside IP header by a source/destination IP address of an outside IP header. The encryption communication module further changes a source port number of an inside TCP•UDP header to a unique value for each communication session in the encryption communication having the same source IP address in the outside IP header. The inverse header change is made when the packet is transmitted to the encryption communication module of the user terminal side.

Abstract: An access authorization system is provided, which can reduce the user wait time until the provision of a user-requested service. The access authorization system of the present invention specifies the next service to be provided to a UT (a client-side communication device) after the service currently being provided to the UT, and then executes process to make an authorization decision in advance regarding the next service with respect to the user of the UT, before the UT requests the next service.