公开(公告)号：US20150381471A1

公开(公告)日：2015-12-31

申请号：US14767136

申请日：2014-03-04

Applicant: NEC CORPORATION

Inventor： Hirofumi UEDA ,  Norihito FUJITA

IPC: H04L12/715

CPC classification number: H04L45/04 ,  H04L45/46 ,  H04L45/64 ,  H04W40/32

Abstract: The purpose of the present application is to provide a technique for the exchange of path information between different routing domains, which, while reducing the exchange of useless path information in the stage for constructing a hierarchical structure, can maintain robustness of path recognition that tolerates network partition. Of the management communication node identifiers which are described in hierarchical information included in a path control message received from a neighboring communication node and in hierarchical information held by the local communication node and which indicate a communication node that manages each level of the hierarchicalized network structure, the identifier indicating the highest level communication node and the identifier indicating the transmission source communication node are used to identify whether the routing domain to which the aforementioned neighboring communication node belongs is the same as the routing domain of the local communication node, and if the routing domain to which the aforementioned neighboring communication node belongs is different from the routing domain of the local communication node, the path information held by the local communication node is made known.

Abstract translation: 本申请的目的是提供用于在不同路由域之间交换路径信息的技术，其在减少用于构建分层结构的阶段中的无用路径信息的交换的同时，可以保持容忍网络的路径识别的鲁棒性 划分。 在从相邻通信节点接收的路径控制消息中包含的分层信息中描述的管理通信节点标识符和由本地通信节点保持的分层信息中，并且指示管理每个级别的分级网络结构的通信节点的管理通信节点标识符中， 指示最高级通信节点的标识符和表示发送源通信节点的标识符用于识别上述相邻通信节点所属的路由域是否与本地通信节点的路由域相同，并且如果路由 上述相邻通信节点所属的域与本地通信节点的路由域不同，使得由本地通信节点保持的路径信息是已知的。

公开(公告)号：US20240259375A1

公开(公告)日：2024-08-01

申请号：US18290363

申请日：2021-05-20

Applicant: NEC Corporation

Inventor： Shohei MITANI ,  Taniya SINGH ,  Nakul GHATE ,  Hirofumi UEDA

IPC: H04L9/40

CPC classification number: H04L63/10

Abstract: A policy generation apparatus according to one example embodiment of the present disclosure includes at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: acquire, regarding a plurality of elements related to access control, relation data indicating a relation between a plurality of elements and score data that defines at least one of a score which is based on a viewpoint of risk of access or a score which is based on a viewpoint of a need for access; and generate a policy for access control using the relation data and the score data.

公开(公告)号：US20230421595A1

公开(公告)日：2023-12-28

申请号：US18039208

申请日：2020-12-02

Applicant: NEC Corporation

Inventor： Shohei MITANI ,  Hirofumi UEDA ,  Taniya SINGH

IPC: H04L9/40

CPC classification number: H04L63/1433

Abstract: A network control apparatus (10) according to the present disclosure is a network control apparatus (10) configured to control a node included in a network, and the network control apparatus (10) includes a collecting unit (11) configured to collect data pertaining to a node included in a network, a calculating unit (12) configured to calculate a security index pertaining to a threat of the node based on the data collected by the collecting unit (11), and a determining unit (13) configured to determine a zone of the node based on the security index calculated by the calculating unit (12).

公开(公告)号：US20160006801A1

公开(公告)日：2016-01-07

申请号：US14769517

申请日：2013-12-04

Applicant: NEC CORPORATION

Inventor： Hirofumi UEDA ,  Norihito FUJITA

IPC: H04L29/08 ,  H04W8/24

CPC classification number: H04L67/1074 ,  H04L67/1076 ,  H04L67/1095 ,  H04W8/24 ,  H04W84/18

Abstract: Provided is a data sharing system in which data are shared between a plurality of communication terminals capable of wirelessly transmitting and receiving a communication message to and from each other. Each communication terminal determines whether or not the own communication terminal is a specified terminal. Each communication terminal, in case of it is determined that the own communication terminal is a specified terminal, transmits a holding list that lists information about data that the own communication terminal holds, to another communication terminal through use of a communication message. Each communication terminal, when receiving a holding list from another communication terminal, transmits and receives communication messages to and from the other communication terminal that is a source of the holding list that does not match the holding list of the own communication terminal so as to share data with each other.

Abstract translation: 提供了一种数据共享系统，其中在能够相互无线地发送和接收通信消息的多个通信终端之间共享数据。 每个通信终端确定自己的通信终端是否是指定的终端。 在确定自己的通信终端是指定终端的情况下，每个通信终端通过使用通信消息向另一个通信终端发送列出与自己的通信终端保持的关于数据的信息的保持列表。 每个通信终端在从另一个通信终端接收到保持列表时，向作为与本通信终端的保持列表不匹配的保持列表的源的其他通信终端发送和接收通信消息，以便共享 数据彼此。

公开(公告)号：US20150304371A1

公开(公告)日：2015-10-22

申请号：US14442848

申请日：2013-10-17

Applicant: NEC CORPORATION

Inventor： Norihito FUJITA ,  Hirofumi UEDA

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L65/403 ,  H04L12/189 ,  H04L67/10

Abstract: A communications terminal (a first communications terminal) that creates a holding list that lists information about remaining data, after the removal from data held by said communications terminal of at least one item of data which is not desired to be shared with another communications terminal (a second communications terminal), and sends said list to the second communications terminal by using a communications message. The second communications terminal determines what data, among the data in the holding list received from the first communications terminal, is not held by the second communications terminal, and sends a request for the determined data to the first communications terminal by using a communications message. The first communications terminal sends the data requested by the second communications terminal to the second communications terminal, by using a communications message.

Abstract translation: 一种通信终端（第一通信终端），其在从所述通信终端保存的数据中删除不希望与其他通信终端共享的至少一个数据项之后，创建列出关于剩余数据的信息的保持列表（ 第二通信终端），并且通过使用通信消息将所述列表发送到第二通信终端。 第二通信终端确定从第一通信终端接收到的保持列表中的数据中的哪些数据不被第二通信终端保持，并且通过使用通信消息向第一通信终端发送对所确定的数据的请求。 第一通信终端通过使用通信消息将第二通信终端请求的数据发送到第二通信终端。

公开(公告)号：US20240411893A1

公开(公告)日：2024-12-12

申请号：US18701290

申请日：2021-11-09

Applicant: NEC Corporation

Inventor： Kazuaki NAKAJIMA ,  Io FURUYAMA ,  Hirofumi UEDA

IPC: G06F21/57

Abstract: A determination system according to an aspect of the present disclosure includes: at least one memory storing a set of instructions; and at least one processor configured to execute the set of instructions to: receive a first inspection result that is a result of a first inspection of vulnerability of target software; receive a second inspection result that is a result of a second inspection of vulnerability of the target software; determine validity of the first inspection from undetected vulnerability that is vulnerability detected in the result of the second inspection and not detected in the result of the first inspection; and output a result of determination of the validity.

公开(公告)号：US20240354182A1

公开(公告)日：2024-10-24

申请号：US18685320

申请日：2021-09-06

Applicant: NEC Corporation

Inventor： Shohei MITANI ,  Hirofumi UEDA

IPC: G06F11/07

CPC classification number: G06F11/0751 ,  G06F11/0793

Abstract: A causality search apparatus including: a causality information calculation unit that selects two different components from a plurality of components provided in a target system and calculating causality information indicating causality between the two selected components; and a causality information correction unit that corrects the causality information based on function information indicating functions respectively associated with the two selected components.

公开(公告)号：US20240056464A1

公开(公告)日：2024-02-15

申请号：US17641211

申请日：2019-09-27

Applicant: NEC Corporation

Inventor： Hirofumi UEDA ,  Yoshinobu OHTA ,  Tomohiko YAGYU ,  Norio YAMAGAKI

IPC: H04L9/40

CPC classification number: H04L63/1433

Abstract: Provided is an analysis system that allows a security administrator to understand the impact of known vulnerabilities on the system to be diagnosed. The topology identification unit 14 identifies network topology of devices included in a system to be diagnosed. The analysis unit 6 generates an attack pattern that includes an attack condition, an attack result, an attack means that is vulnerability that is used by an attack, and a segment where the attack can occur in the system to be diagnosed. The display control unit 8 displays segments included in attack patterns superimposed on the network topology, on a display device. At this time, the display control unit 8 changes a display mode of the segment according to a type of the vulnerability that corresponds to the attack means included in the attack pattern including the segment.

公开(公告)号：US20240022589A1

公开(公告)日：2024-01-18

申请号：US18032632

申请日：2020-10-27

Applicant: NEC Corporation

Inventor： Masaki INOKUCHI ,  Tomohiko YAGYU ,  Shunichi KINOSHITA ,  Hirofumi UEDA

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/1491 ,  H04L63/20 ,  H04L63/104

Abstract: A risk analysis is conducted without increasing the computational cost. A grouping means groups a plurality of hosts included in a system to be analyzed into a plurality of groups. A virtual analysis element generation means generates at least one virtual analysis element for each of the plurality of groups. An analysis means analyzes whether an attack against the virtual analysis element being an end point of an attack is possible by using the virtual analysis element. An analysis target element determination means determines, as a target of a risk analysis, a host corresponding to the virtual analysis element included in a path where the attack occurs among hosts included in the system to be analyzed. An analysis means analyzes whether an attack against the host being the end point of the attack is possible for the host determined as a target of the risk analysis.

公开(公告)号：US20220414229A1

公开(公告)日：2022-12-29

申请号：US17775941

申请日：2019-11-15

Applicant: NEC Corporation

Inventor： Yoshinobu OHTA ,  Hirofumi UEDA ,  Shunichi KINOSHITA ,  Ryo MIZUSHIMA

IPC: G06F21/57

Abstract: An analysis unit 6 generates one or more pairs of a start point fact which is a fact representing possibility of the attack in a device that is a start point and an end point fact which is a fact representing possibility of the attack in the device that is an end point, analyzes, for each pair, whether or not it is possible to derive the end point fact from the start point fact, based on facts representing states of the devices generated based on information regarding the device that is the start point and information regarding the device that is the end point, the start point fact, and one or more analysis rules for analyzing the attack, and generates an attack scenario in a case where it is possible to derive the end point fact from the start point fact.