公开(公告)号：US20230056552A1

公开(公告)日：2023-02-23

申请号：US17794366

申请日：2020-02-05

Applicant: NEC Corporation

Inventor： Shunichi KINOSHITA ,  Masaki INOKUCHI ,  Yoshinobu OTHA

IPC: G06F21/57 ,  G06F21/55 ,  G06F21/54

Abstract: An analysis system includes: an unconfirmed fact generation unit which generates facts that indicate unknown information of a system to be diagnosed or a device among facts that indicate a state related to security in the system to be diagnosed or the device included in the system to be diagnosed, as unconfirmed facts.

公开(公告)号：US20200090096A1

公开(公告)日：2020-03-19

申请号：US16616597

申请日：2017-05-30

Applicant: NEC CORPORATION

Inventor： Masaki INOKUCHI

IPC: G06Q10/06 ,  G06Q30/02 ,  G06Q20/06 ,  G06F16/23

Abstract: A resource management system of the invention includes: one or more functional units 501 that provide a predetermined function as a service; a resource allocation unit 502 that allocates a resource for executing a service, to each of the functional units 501; and a points management unit 503 that, for each user and each of the functional units 501, manages the number of points held, said points being virtual currency required for receiving a service. Each of the functional units 501 provides a service for exchanging for each of the points held by the requesting user or other functional unit. The resource allocation unit 502 allocates the resource by reducing each of the points held by a functional unit that is the allocation destination.

公开(公告)号：US20250103730A1

公开(公告)日：2025-03-27

申请号：US18971407

申请日：2024-12-06

Applicant: NEC CORPORATION

Inventor： Masaki INOKUCHI

IPC: G06F21/57 ,  G06F21/56 ,  G06F21/60 ,  G06F21/71

Abstract: To implement a security assessment system capable of assessing an attack path including an air gap path, there is provided an information processing apparatus including a system configuration detector that detects at least two hosts included in a system and a communication link between the at least two hosts, an air gap path detector that detects, among the at least two hosts, a pair of hosts between which there is no communication link but data movement can occur, and a security assessment unit that performs security assessment using a detection result by the system configuration detector and a detection result by the air gap path detector.

公开(公告)号：US20240095345A1

公开(公告)日：2024-03-21

申请号：US18273429

申请日：2021-01-28

Applicant: NEC Corporation

Inventor： Masaki INOKUCHI ,  Tomohiko YAGYU

IPC: G06F21/55 ,  H04L9/14

CPC classification number: G06F21/55 ,  H04L9/14

Abstract: A display apparatus (10) includes an acquiring unit (11) configured to acquire configuration information of an information system that includes a plurality of nodes; a determining unit (12) configured to determine a display method of displaying an object of security information display concerning a node in the acquired configuration information, based on a security characteristic of an attackable element used to attack the object of security information display and a security characteristic of a preventive measure element preventing an attack on the object of security information display; and a display unit (13) configured to, when displaying a system configuration of the information system, display the object of security information display in accordance with the determined display method.

公开(公告)号：US20200305165A1

公开(公告)日：2020-09-24

申请号：US16086183

申请日：2017-01-12

Applicant: NEC CORPORATION

Inventor： Masaki INOKUCHI ,  Kazushi MURAOKA

IPC: H04W72/04

Abstract: An apparatus (1 or 3) adjusts a bandwidth, throughput, or radio resource used for device-to-device (D2D) transmission from a remote terminal (1) to a relay terminal (2), based on an amount of pending uplink data in the relay terminal (2) to be transmitted from the relay terminal (2) to a base station (3). In this way, for example, it is possible to contribute to avoiding inconsistency of performance between sidelink transmission from the remote terminal to the relay terminal and uplink transmission from the relay terminal to the base station.

公开(公告)号：US20220237303A1

公开(公告)日：2022-07-28

申请号：US17617619

申请日：2019-06-17

Applicant: NEC Corporation

Inventor： Masaki INOKUCHI ,  Yoshinobu OHTA

IPC: G06F21/57

Abstract: An attack graph processing device includes a node extraction unit which extracts a node relating to a rule classified into a predetermined group from an attack graph that is configured from one or more nodes indicating the state of a system to be diagnosed, or the state of the primary agent of an attack on the system to be diagnosed, and one or more edges indicating the relationship among a plurality of nodes, the attack graph being generated using rules indicating a condition in which the attack can be executed, and a graph configuration unit which simplifies the attack graph on the basis of the extracted node.

公开(公告)号：US20210111900A1

公开(公告)日：2021-04-15

申请号：US16498504

申请日：2017-03-30

Applicant: NEC CORPORATION

Inventor： Masaki INOKUCHI

IPC: H04L9/32 ,  G06F21/64 ,  G06F21/60

Abstract: A verification information attaching device (51) of the present invention is provided with a nonce setting means (511) for performing a setting process in which: in order for a process value obtained when a one-way function is applied to a first data block having a predetermined data structure that has a nonce area in which is set a nonce that is verification information, or applied to data based on the first data block, to satisfy a predetermined rule, a nonce is set to a predetermined nonce area of the first data block; and a value is set to the nonce area and the process value is actually computed, whereby the nonce is set.

公开(公告)号：US20200007558A1

公开(公告)日：2020-01-02

申请号：US16485483

申请日：2017-02-24

Applicant: NEC Corporation

Inventor： Masaki INOKUCHI ,  Tomohiko YAGYU

IPC: H04L29/06 ,  G06F16/23

Abstract: At least one of nodes included in the second node group comprises a request means (521) for transmitting a request signal including verification information to at least any node of the first node group, and a verification means (522) for verifying response information for the request signal, the verification means determines, regarding the response information, whether or not desired information that is information requested by the request signal or a digest thereof is included, whether or not correct verification information is included, whether or not a value obtained by applying a one-way function to the response information satisfies a predetermined rule, and a response time that is the time taken between the transmission of the request signal and the obtainment of the desired information, and on the basis of the determination results thereof, assesses the presence or absence of reliability of the desired information or the degree of reliability thereof.

公开(公告)号：US20240022589A1

公开(公告)日：2024-01-18

申请号：US18032632

申请日：2020-10-27

Applicant: NEC Corporation

Inventor： Masaki INOKUCHI ,  Tomohiko YAGYU ,  Shunichi KINOSHITA ,  Hirofumi UEDA

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/1491 ,  H04L63/20 ,  H04L63/104

Abstract: A risk analysis is conducted without increasing the computational cost. A grouping means groups a plurality of hosts included in a system to be analyzed into a plurality of groups. A virtual analysis element generation means generates at least one virtual analysis element for each of the plurality of groups. An analysis means analyzes whether an attack against the virtual analysis element being an end point of an attack is possible by using the virtual analysis element. An analysis target element determination means determines, as a target of a risk analysis, a host corresponding to the virtual analysis element included in a path where the attack occurs among hosts included in the system to be analyzed. An analysis means analyzes whether an attack against the host being the end point of the attack is possible for the host determined as a target of the risk analysis.

公开(公告)号：US20230214496A1

公开(公告)日：2023-07-06

申请号：US17927640

申请日：2020-05-29

Applicant: NEC Corporation ,  B. G. Negev Technologies and Applications Ltd., at Ben-Gurion University

Inventor： Masaki INOKUCHI ,  Tomohiko YAGYU ,  Yuval ELOVICI ,  Asaf SHABTAI ,  Ron BITTON ,  Noam MOSCOVICH

IPC: G06F21/57 ,  G06F21/55 ,  G06N5/022

CPC classification number: G06F21/577 ,  G06F21/552 ,  G06N5/022

Abstract: The knowledge generation apparatus (2000) obtains a plural pieces of attack result information (100), which includes a configuration of an attack performed on the computer environment, a configuration of the computer environment attacked, and a result of the attack. By comparing the obtained attack result information (100), the knowledge generation apparatus (2000) detects environment conditions, which is regarding the configuration of the computer environment that are necessary for the success of the attack. The knowledge generation apparatus (2000) performs selection on the detected environment conditions based on a selection rule (200), and generates the knowledge information (300) that includes the selected environment conditions. The selection rule represents a rule for determining whether to include the environment condition in the knowledge information (300), with respect to a feature of a set of attacks that are affected by the environment condition.