公开(公告)号：US20090187721A1

公开(公告)日：2009-07-23

申请号：US12409868

申请日：2009-03-24

申请人： Atsushi UEOKA ,  Takeshi Ishizaki ,  Yasunori Kaneda ,  Masayuki Yamamoto

发明人： Atsushi UEOKA ,  Takeshi Ishizaki ,  Yasunori Kaneda ,  Masayuki Yamamoto

IPC分类号： G06F12/14 ,  G06F12/00 ,  G06F12/02 ,  G06F13/00

CPC分类号： G06F11/2069 ,  G06F3/0605 ,  G06F3/065 ,  G06F3/067

摘要： A computer system to prevent intervention and falsification by setting encrypted transfer between a host computer and a first storage device that provides a virtual volume and between the first storage device and second and third storage devices that provide a real volume corresponding to the virtual volume. A management computer specifies the second and third storage device that provide the real volume corresponding to the virtual volume by providing a volume corresponding to the virtual volume used by a host computer in which encrypted transfer becomes necessary, and setting the encrypted transfer to communication between the first storage device and the second and third storage devices, makes a reconnection thereof, and also sets the encrypted transfer to an I/O port used for the communication with the host computer in the first storage device.

摘要翻译： 一种计算机系统，用于通过在主计算机与提供虚拟卷的第一存储设备之间以及提供与虚拟卷相对应的实际卷的第一存储设备与第二和第三存储设备之间设置加密传输来防止干预和伪造。 管理计算机通过提供与由主计算机使用的虚拟卷相对应的卷来提供与虚拟卷相对应的实际卷的第二和第三存储设备，其中需要加密传输，并且将加密传输设置为 第一存储装置和第二和第三存储装置进行重新连接，并且还将加密的传送设置为用于与第一存储装置中的主计算机进行通信的I / O端口。

公开(公告)号：US07543150B2

公开(公告)日：2009-06-02

申请号：US11044956

申请日：2005-01-26

申请人： Yutaka Kudo ,  Futoshi Haga ,  Takeshi Ishizaki

发明人： Yutaka Kudo ,  Futoshi Haga ,  Takeshi Ishizaki

IPC分类号： H04L9/00

CPC分类号： G06F21/575

摘要： In a data center architecture or the like, the present invention provides a method for setting up hosting environments concurrently by loading a boot image by means of network boot or the like, allowing for fast booting even with a large boot image, while preserving security. A boot image is divided into a plurality of parts. Computer resources have their public keys stored in their BIOS ROMs and e-signatures are attached to the boot image parts with a private key corresponding to one of the public keys. Also, priority levels in e-signature verification are assigned to the boot image parts. A boot instruction includes priority level setting. Only for boot image parts with that priority level or higher, e-signature verification is performed. By this manner, booting can be performed faster than booting involving verification of the e-signature to a whole boot image.

摘要翻译： 在数据中心体系结构等中，本发明提供了一种通过网络引导等加载引导映像同时设置托管环境的方法，即使使用大的引导映像也能够快速启动，同时保持安全性。 引导图像被分成多个部分。 计算机资源将其公钥存储在其BIOS ROM中，并且使用与其中一个公钥相对应的私钥将电子签名附加到引导映像部分。 此外，电子签名验证中的优先级分配给引导映像部分。 引导指令包括优先级设置。 仅当具有该优先级或更高级别的引导映像部分时才执行电子签名验证。 通过这种方式，启动可以比启动涉及电子签名的验证更快地执行到整个启动映像。

公开(公告)号：US07519768B2

公开(公告)日：2009-04-14

申请号：US11320964

申请日：2005-12-30

申请人： Atsushi Ueoka ,  Takeshi Ishizaki ,  Yasunori Kaneda ,  Masayuki Yamamoto

发明人： Atsushi Ueoka ,  Takeshi Ishizaki ,  Yasunori Kaneda ,  Masayuki Yamamoto

IPC分类号： G06F12/00

CPC分类号： H04L63/0428 ,  G06F3/0605 ,  G06F3/0623 ,  G06F3/0631 ,  G06F3/0665 ,  G06F3/067 ,  H04L63/20

摘要： A computer system to prevent intervention and falsification by setting encrypted transfer between a host computer and a first storage device that provides a virtual volume and between the first storage device and second and third storage devices that provide a real volume corresponding to the virtual volume. A management computer specifies the second and third storage device that provide the real volume corresponding to the virtual volume by providing a volume corresponding to the virtual volume used by a host computer in which encrypted transfer becomes necessary, and setting the encrypted transfer to communication between the first storage device and the second and third storage devices, makes a reconnection thereof, and also sets the encrypted transfer to an I/O port used for the communication with the host computer in the first storage device.

摘要翻译： 一种计算机系统，用于通过在主计算机与提供虚拟卷的第一存储设备之间以及提供与虚拟卷相对应的实际卷的第一存储设备与第二和第三存储设备之间设置加密传输来防止干预和伪造。 管理计算机通过提供与由主计算机使用的虚拟卷相对应的卷来提供与虚拟卷相对应的实际卷的第二和第三存储设备，其中需要加密传输，并且将加密传输设置为 第一存储装置和第二和第三存储装置进行重新连接，并且还将加密的传送设置为用于与第一存储装置中的主计算机进行通信的I / O端口。

公开(公告)号：US20080225755A1

公开(公告)日：2008-09-18

申请号：US12060164

申请日：2008-03-31

申请人： Takeshi Ishizaki

发明人： Takeshi Ishizaki

IPC分类号： H04L12/28

CPC分类号： H04L12/4675 ,  H04L12/4645 ,  H04L12/467 ,  H04L12/4679

摘要： The present invention provides secure IP protocol capable storage devices using Virtual Local Area Network (VLAN) techniques. Specific embodiments of the present invention provide techniques for securing VLAN aware storage devices, and the like. In specific embodiments, techniques according to the present invention can provide Internet data centers that are responsible for keeping their customer's computers and storages safe and secure with the capability to strictly separate LAN access for different customers using VLAN (virtual LAN) technology.

摘要翻译： 本发明提供使用虚拟局域网（VLAN）技术的安全IP协议存储设备。 本发明的具体实施例提供了用于保护VLAN感知存储设备的技术等。 在具体实施例中，根据本发明的技术可以提供负责保持客户的计算机和存储安全和安全的因特网数据中心，其能够使用VLAN（虚拟LAN）技术来严格地分离不同客户的LAN接入。

公开(公告)号：US07350052B2

公开(公告)日：2008-03-25

申请号：US11180535

申请日：2005-07-14

申请人： Jun Mizuno ,  Takeshi Ishizaki ,  Masayuki Yamamoto

发明人： Jun Mizuno ,  Takeshi Ishizaki ,  Masayuki Yamamoto

IPC分类号： G06F12/10

CPC分类号： G06F3/0665 ,  G06F3/0604 ,  G06F3/0605 ,  G06F3/0631 ,  G06F3/0685 ,  H04L67/1097

摘要： Disclosed is a method for setting virtual volume groups in a storage network system. The system includes a lower storage apparatus, host computers, an upper storage apparatus, and an administrative server. The method for setting virtual volume groups, executed by the administrative server, includes the steps of acquiring information on the real volumes, and port information on the physical devices in which the real volumes reside, creating virtual volumes being linked to the real volumes, based on the information on the real volumes, forming one or more virtual volume groups by combining the virtual volumes, based on the port information, in such a way that a relation between the virtual volumes and the virtual volume group are identical to a relation between the real volumes and the physical devices, and establishing the created virtual volume groups in the upper storage apparatus.

摘要翻译： 公开了一种在存储网络系统中设置虚拟卷组的方法。 该系统包括下部存储装置，主机，上位存储装置和管理服务器。 由管理服务器执行的用于设置虚拟卷组的方法包括以下步骤：获取关于实际卷的信息，以及在实际卷所在的物理设备上的端口信息，创建链接到实际卷的虚拟卷 关于实际卷上的信息，通过基于端口信息组合虚拟卷来形成一个或多个虚拟卷组，使得虚拟卷和虚拟卷组之间的关系与虚拟卷之间的关系相同 实际卷和物理设备，并在上层存储设备中建立创建的虚拟卷组。

公开(公告)号：US20070094395A1

公开(公告)日：2007-04-26

申请号：US11312415

申请日：2005-12-21

申请人： Jun Mizuno ,  Takeshi Ishizaki

发明人： Jun Mizuno ,  Takeshi Ishizaki

IPC分类号： G06F15/173

CPC分类号： G06F3/0631 ,  G06F3/061 ,  G06F3/0683

摘要： Disclosed is to prevent deterioration in I/O performance of a computer resulted from a use of the same physical disk among different logical volumes. A volume management server 1010 groups together logical volumes which use the same physical disk of a storage device 1020 as a volume group and allocates a storage area on the physical disk to be used on a priority basis by this volume group to the volume group, and thereby a physical arrangement according to a present physical arrangement of the logical volume can be performed when an automatic expansion of the logical volume is performed thereafter so that the I/O performance deterioration of the computer caused by a mutual interference is avoided at the time of access from the computer 1030 to the storage device 1020.

摘要翻译： 公开了防止在不同逻辑卷之间使用相同物理盘导致计算机的I / O性能的恶化。 卷管理服务器1010将使用与卷组相同的存储装置1020的物理盘的逻辑卷组合在一起，并将物理磁盘上的存储区域分配给该卷组优先基于卷组的存储区域，以及 从而当其后执行逻辑卷的自动扩展时，可以执行根据逻辑卷的当前物理布置的物理布置，从而避免在相互干扰下引起的计算机的I / O性能恶化 从计算机1030访问到存储设备1020。

公开(公告)号：US20070011742A1

公开(公告)日：2007-01-11

申请号：US11274411

申请日：2005-11-16

申请人： Kojiro Nakayama ,  Masayuki Sakata ,  Takeshi Ishizaki ,  Kenya Nishiki

发明人： Kojiro Nakayama ,  Masayuki Sakata ,  Takeshi Ishizaki ,  Kenya Nishiki

IPC分类号： G06F12/14

CPC分类号： G06F21/554

摘要： A check rule for assuring system security is generated. A communication information monitoring apparatus includes a pseudo-client, a monitoring unit, and a unification unit. The pseudo-client transmits a request message containing a trace value as a parameter to a web application and analyzes a response message returned from the web application. The monitoring unit monitors whether the trace value transmitted by the pseudo-client is used in various positions in the system. The unification unit generates a check rule according to the processing result of the pseudo-client and the monitoring unit and a check policy registered in advance. The check policy contains the parameter use purpose and the process for the check processing.

摘要翻译： 生成用于确保系统安全性的检查规则。 通信信息监视装置包括伪客户端，监视单元和统一单元。 伪客户端将包含跟踪值的请求消息作为参数发送到web应用，并分析从web应用返回的响应消息。 监视单元监视伪客户端发送的跟踪值是否用于系统中的各种位置。 统一单元根据伪客户端和监视单元的处理结果和预先登记的检查策略生成检查规则。 检查策略包含参数使用目的和检查处理过程。

公开(公告)号：US20060075082A1

公开(公告)日：2006-04-06

申请号：US10998754

申请日：2004-11-30

申请人： Futoshi Haga ,  Yutaka Kudo ,  Takeshi Ishizaki

发明人： Futoshi Haga ,  Yutaka Kudo ,  Takeshi Ishizaki

IPC分类号： G06F15/173

CPC分类号： H04L67/06 ,  H04L67/26 ,  H04L67/2814 ,  H04L67/2842 ,  H04L69/329

摘要： The addition of IT resources is suppressed smaller when a service area of a content distribution system is expanded. Individual clients 8 have a storage 85, a registration means which registers a part or all of the storage 85 in a local server 6 as a resource pool, and a requesting means which sends a distribution request for contents to the local server 6. The local server 6 has a storing means which stores a resource pool management table and a content management table, a request accepting means which accepts a distribution request for contents from the individual clients 8, a specifying means which specifies the resource pool storing the contents, a distribution instructing means which sends a distribution instruction for the contents to the client 8 having the specified resource pool.

摘要翻译： 当内容分发系统的服务区域扩展时，IT资源的增加被抑制得更小。 各个客户端8具有存储器85，将本地服务器6中的一部分或全部存储器85登记为资源池的登记单元，以及向本地服务器6发送内容分发请求的请求单元。本地 服务器6具有存储资源池管理表和内容管理表的存储单元，接收来自各个客户端8的内容分发请求的请求接受单元8，指定存储内容的资源池的指定单元， 向具有指定资源池的客户机8发送内容分发指令的指令装置。

公开(公告)号：US20060026429A1

公开(公告)日：2006-02-02

申请号：US11044956

申请日：2005-01-26

申请人： Yutaka Kudo ,  Futoshi Haga ,  Takeshi Ishizaki

发明人： Yutaka Kudo ,  Futoshi Haga ,  Takeshi Ishizaki

IPC分类号： H04L9/00

CPC分类号： G06F21/575

摘要： In a data center architecture or the like, the present invention provides a method for setting up hosting environments concurrently by loading a boot image by means of network boot or the like, allowing for fast booting even with a large boot image, while preserving security. A boot image is divided into a plurality of parts. Computer resources have their public keys stored in their BIOS ROMs and e-signatures are attached to the boot image parts with a private key corresponding to one of the public keys. Also, priority levels in e-signature verification are assigned to the boot image parts. A boot instruction includes priority level setting. Only for boot image parts with that priority level or higher, e-signature verification is performed. By this manner, booting can be performed faster than booting involving verification of the e-signature to a whole boot image.

公开(公告)号：US5745711A

公开(公告)日：1998-04-28

申请号：US250661

申请日：1994-05-27

申请人： Chiho Kitahara ,  Takeshi Ishizaki ,  Shigeaki Kinoshita ,  Toshimitsu Hayashi ,  Masami Kameda ,  Tomomi Suzuki ,  Yoshiyuki Nakayama ,  Kenjiro Mori

发明人： Chiho Kitahara ,  Takeshi Ishizaki ,  Shigeaki Kinoshita ,  Toshimitsu Hayashi ,  Masami Kameda ,  Tomomi Suzuki ,  Yoshiyuki Nakayama ,  Kenjiro Mori

IPC分类号： G06F3/033 ,  G06F3/048 ,  G06F9/46 ,  H04N7/15 ,  G06F3/00

CPC分类号： G06F9/54 ,  G06F3/04842 ,  H04N7/15

摘要： In a conferencing system comprising telephones and workstations, a conference display control method for a visual user interface is provided. A conference window is displayed on a workstation display during a teleconference and includes a meeting table area as a shared space and a local area which cannot be seen by the other participants. Document objects corresponding to a document application program which is used in the conference are arranged on those areas. The distribution of the documents, reference of information, and execution of the application program can be executed by direct manipulation of objects using a mouse. In the conference window, the document object can be operated at both the cooperative work place and the local work place. Further, the conference window is displayed on the workstation display during the teleconference execution, the conference documents are sharingly executed by an OHP (overhead projector) object on the conference window, and the documents during the shared execution are displayed in an OHP area, so that the kind of document which is being executed can be grasped. Moreover, when a participant participates in a plurality of teleconferences on a communication network by one teleconference terminal, one teleconference can be recognized as a specific conference space, so that the user can selectively use a plurality of teleconferences without confusing them.

摘要翻译： 在包括电话和工作站的会议系统中，提供了一种用于可视用户界面的会议显示控制方法。 会议窗口在电话会议期间在工作站显示屏上显示，并且包括作为共享空间的会议桌区域和其他参与者不能看见的本地区域。 在会议中使用的与文件应用程序相对应的文档对象被布置在这些区域上。 可以通过使用鼠标直接操纵对象来执行文档的分发，信息的引用和应用程序的执行。 在会议窗口中，文档对象可以在合作工作地点和本地工作地点进行操作。 此外，在电话会议执行期间，会议窗口显示在工作站显示器上，会议文件由会议窗口上的OHP（高架投影仪）对象共享执行，共享执行期间的文档显示在OHP区域中，因此 可以掌握正在执行的文件的种类。 此外，当参与者通过一个电话会议终端在通信网络上参与多个电话会议时，可以将一个电话会议识别为特定的会议空间，使得用户可以选择性地使用多个电话会议而不混淆它们。