公开(公告)号：US20170034166A1

公开(公告)日：2017-02-02

申请号：US15124787

申请日：2015-02-16

Applicant: NEC Corporation

Inventor： Kentaro SONODA ,  Takayuki SASAKI ,  Yoichi HATANO ,  Toshiki WATANABE ,  Takeo HAYASHI

IPC: H04L29/06 ,  G06F21/44

CPC classification number: H04L63/0876 ,  G06F21/44 ,  G06F21/56 ,  H04L12/6418 ,  H04L63/08 ,  H04L63/1441

Abstract: A network management apparatus that connects to a terminal by way of a communication apparatus, includes: a legitimate information generation unit configured to generate legitimate identification information that is identification information to identify the terminal on a network that the network management apparatus manages, the legitimate identification information being managed as legitimate information by the network management apparatus; a fake information generation unit configured to generate fake identification information that is different from the legitimate identification information and that cannot be used as it is for communication with another terminal; a management unit configured to manage the legitimate identification information and the fake identification information in association with each other; and a registration unit configured to register the fake identification information to the terminal.

Abstract translation: 一种通过通信装置连接到终端的网络管理装置，包括：合法信息生成部，生成作为识别信息的合法识别信息，以识别网络管理装置管理的网络上的终端，合法识别 由网络管理装置作为合法信息管理的信息; 假信息生成单元，其被配置为生成与所述合法识别信息不同的假标识信息，并且不能像原样用于与另一终端通信; 管理单元，被配置为相互关联地管理合法识别信息和伪造识别信息; 以及注册单元，其被配置为向所述终端注册所述假识别信息。

公开(公告)号：US20220358211A1

公开(公告)日：2022-11-10

申请号：US17620804

申请日：2019-06-25

Applicant: NEC Corporation

Inventor： Astha JADA ,  Toshiki KOBAYASHI ,  Takayuki SASAKI ,  Daniele Enrico ASONI ,  Adrian PERRIG

IPC: G06F21/54 ,  G06F21/53

Abstract: A semiconductor device (100) includes: a determination unit (110) configured to determine whether an avoidance condition of inspection of control flow integrity is satisfied (e.g., a degree of similarity with a previous input value is in a predetermined range) based on determination auxiliary information, which is at least an input value in a target code block to be executed among a plurality of code blocks in a predetermined program, and an inspection unit (120) configured to avoid inspection of control flow integrity in the target code block when it is determined that the avoidance condition is satisfied.

公开(公告)号：US20220327203A1

公开(公告)日：2022-10-13

申请号：US17761654

申请日：2019-09-27

Applicant: NEC Corporation

Inventor： Takayuki SASAKI

IPC: G06F21/55

Abstract: According to an embodiment, a whitelist generation apparatus includes merging means for merging a first whitelist in which first verification data that corresponds to a first program is listed with a second whitelist in which second verification data that corresponds to a second program stored in a library to which the first program is linked is listed, and thus generating a third whitelist in which third verification data is listed.

公开(公告)号：US20220284109A1

公开(公告)日：2022-09-08

申请号：US17636417

申请日：2019-08-27

Applicant: NEC Corporation

Inventor： Takayuki SASAKI ,  Yusuke SHIMADA

IPC: G06F21/57 ,  G06F8/75

Abstract: In a backdoor inspection apparatus, a specifying unit specifies a plurality of functional blocks respectively corresponding to a plurality of functions included in a target software. Inspection units executes inspection processing for each different type of backdoors. A distribution unit inputs the functional blocks specified by the specifying unit to at least some of the inspection units according to functions corresponding to each functional block specified by the specifying unit.

公开(公告)号：US20220277083A1

公开(公告)日：2022-09-01

申请号：US17632596

申请日：2020-07-06

Applicant: NEC Corporation

Inventor： Takayuki SASAKI ,  Yusuke SHIMADA

IPC: G06F21/57 ,  H04L9/32

Abstract: The present disclosure aims to provide a backdoor inspection device, a user device, a system, a method, and a non-transitory computer-readable medium that enable a third party to easily verify whether software contains a backdoor. A backdoor inspection device according to the present disclosure includes: a backdoor presuming means for analyzing a function and a structure of the software, performing backdoor inspection on the software, and identifying a presumed code that is presumed to be the backdoor from the software; and a certificate issuance means for issuing a certificate that includes information about the backdoor inspection and information that associates the information about the backdoor inspection with the software.

公开(公告)号：US20220261476A1

公开(公告)日：2022-08-18

申请号：US17626975

申请日：2019-07-22

Applicant: NEC Corporation

Inventor： Yusuke MORITA ,  Takayuki SASAKI ,  Toshiki KOBAYASHI

IPC: G06F21/53

Abstract: A security management device (20) has a processing unit (21) operating in a normal environment (10A) and a processing unit (22) operating in a secure environment (10B). The processing unit (21) acquires information about an “inspection target”. The “inspection target” is a target of an inspection about normality, and programs executed in an execution environment included in the normal environment (10A) (an OS (operating system) and the like) are included. After the inspection about the normality of the inspection target based on the information about the inspection target acquired by the processing unit (21) is performed, the processing unit (22) inspects normality of the processing unit (21).

公开(公告)号：US20220245054A1

公开(公告)日：2022-08-04

申请号：US17618930

申请日：2019-06-25

Applicant: NEC Corporation

Inventor： Astha JADA ,  Toshiki KOBAYASHI ,  Takayuki SASAKI ,  Daniele Enrico ASONI ,  Adrian PERRIG

IPC: G06F11/36

Abstract: A semiconductor device (100) includes: first storage means (110) storing, in advance, a plurality of pieces of execution order inspection information (111˜11n) used for inspection of an execution order of a plurality of code blocks in a predetermined program, second storage means (120), which is a cache for the first storage means, and prediction means (130) for predicting a storage area of the execution order inspection information based on prediction auxiliary information in a first code block of the plurality of code blocks and a control flow graph of the program, the storage area being a prefetch target to be prefetched from the first storage means to the second storage means.

公开(公告)号：US20180165156A1

公开(公告)日：2018-06-14

申请号：US15573033

申请日：2015-05-11

Applicant: NEC Corporation

Inventor： Takayuki SASAKI ,  Adrian PERRIG ,  Srdjan CAPKUN ,  Claudio SORIENTE ,  Ramya Jayaram MASTI ,  Jason LEE

IPC: G06F11/14 ,  H04L29/06 ,  G06F21/44

CPC classification number: G06F11/1402 ,  G06F9/461 ,  G06F9/52 ,  G06F11/14 ,  G06F11/1438 ,  G06F21/44 ,  G06F21/577 ,  G06F21/606 ,  H04L29/06632 ,  H04L29/06755 ,  H04L45/56 ,  H04L45/742 ,  H04L63/12

Abstract: A communication apparatus comprising: a plurality of communication processes, each performing communication process on a flow associated thereto; a plurality of network interfaces, each of the network interfaces adapted to be connected to a network; a dispatcher that receives a packet from the network interface and dispatches the packet to an associated communication process, based on a dispatch rule that defines association of a flow to a communication process to which the flow is dispatched; and a control unit that performs control to roll back each of the communication processes using saved image thereof.

公开(公告)号：US20180159716A1

公开(公告)日：2018-06-07

申请号：US15572871

申请日：2015-05-11

Applicant: NEC Corporation

Inventor： Takayuki SASAKI ,  Adrian PERRIG ,  Srdjan CAPKUN ,  Claudio SORIENTE ,  Ramya Jayaram MASTI ,  Jason LEE

IPC: H04L29/06 ,  G06F21/53

Abstract: A communication apparatus comprising a plurality of communication processes, each of the communication processes configured to be executed in an environment allocated thereto and isolated from each of one or more environments arranged for remaining one or more processes, each of the communication processes performing communication processing on a flow associated thereto, a network interface connected to a network; a dispatcher that dispatches a packet to the communication process based on a dispatch rule that defines association of a flow with a communication process.

公开(公告)号：US20180131754A1

公开(公告)日：2018-05-10

申请号：US15860712

申请日：2018-01-03

Applicant: NEC Corporation

Inventor： Yoichi HATANO ,  Hideyuki SHIMONISHI ,  Kentaro SONODA ,  Masayuki NAKAE ,  Masaya YAMAGATA ,  Yoichiro MORITA ,  Takayuki SASAKI ,  Takeo OHNO

IPC: H04L29/08 ,  H04L29/14 ,  H04L12/24

CPC classification number: H04L67/10 ,  H04L41/12 ,  H04L41/22 ,  H04L69/40

Abstract: A visualization device is communicable with one or a plurality of host servers for hosting a virtual system, and includes an information acquisition unit for collecting configuration information on the virtual system and the host server, a storage unit for storing the configuration information therein, and a drawing unit for expressing a virtual machine and a virtual network configuring the virtual system with different axes based on the configuration information stored in the storage unit, expressing a connection relationship between a virtual machine and a virtual network by linking the lines extending from the respective axes, and grouping virtual machines in units of server on which the virtual machines operate thereby to generate drawing information for expressing the configuration of the virtual system and the host server.