公开(公告)号：US20230018096A1

公开(公告)日：2023-01-19

申请号：US17786191

申请日：2019-12-25

Applicant: NEC Corporation

Inventor： Hirofumi UEDA ,  Ryo MIZUSHIMA ,  Tomohiko YAGYU

IPC: H04L9/40

Abstract: An analysis apparatus (10) includes an environment assessment unit (11) for assessing environmental metrics of a Common Vulnerability Scoring System (CVSS) as regards a vulnerability in an information system based on an attack path extracted from the information system to which the vulnerability to be analyzed is applied, a base assessment unit (12) for assessing base metrics of the CVSS as regards the vulnerability in the information system based on obtained CVSS base value information of the vulnerability and a predetermined base value countermeasure determination condition of the information system, and a determination unit (13) for determining whether or not the vulnerability in the information system needs to be addressed based on an assessment result of the environmental metrics and an assessment result of the base metrics.

公开(公告)号：US20170142747A1

公开(公告)日：2017-05-18

申请号：US15321877

申请日：2015-06-22

Applicant: NEC Corporation

Inventor： Norio YAMAGAKI ,  Shunichi KINOSHITA ,  Hirofumi UEDA ,  Norihito FUJITA

IPC: H04W72/12 ,  H04W72/02 ,  H04W74/08 ,  H04W74/02

CPC classification number: H04W72/1242 ,  H04L12/4625 ,  H04W72/02 ,  H04W72/121 ,  H04W74/02 ,  H04W74/0816 ,  H04W84/12

Abstract: A data-storing-terminal counting unit counts the number of communication terminals in which each of a number of data are stored. Based on the results of the counts, a communication terminal count estimation unit estimates the number of communication terminals that will transmit data with the same timing. An adjustment reference value calculation unit computes an adjustment reference value for constraining the number of communication terminals estimated by the communication terminal count estimation unit to be less than or equal to a preset allowable number. On the basis of the adjustment reference value computed by the adjustment reference value calculation unit, a determination unit determines whether or not to permit transmission of data stored by a storing means. If the determination unit permits the transmission of said data, a data transmission unit transmits the data to a communication terminal in which said data is not stored.

公开(公告)号：US20160006802A1

公开(公告)日：2016-01-07

申请号：US14769524

申请日：2013-12-04

Applicant: NEC Corporation

Inventor： Bounpadith KANNHAVONG ,  Norihito FUJITA ,  Hirofumi UEDA

IPC: H04L29/08 ,  H04W4/06

CPC classification number: H04L67/1076 ,  H04L67/1004 ,  H04L67/1059 ,  H04L67/16 ,  H04W4/06 ,  H04W84/12 ,  H04W84/18 ,  H04W84/20 ,  H04W88/04

Abstract: Individual communication terminals are connected to a communication network in which one communication terminal functions as a parent that has a relay function, the other communication terminals function as children, and transmitting and receiving of communication messages between child communication terminals are performed via the parent. Each communication terminal transmits a holding list that lists information about data that the own communication terminal holds, to other communication terminals. Further, each communication terminal temporarily stores holding lists received from other communication terminals. Each communication terminal, while it does not function as a parent, preferentially selects the holding list that does not match that of the own communication terminal and whose transmission source is the parent communication terminal, among the stored holding lists, and, while the own communication terminal functions as a parent, selects any holding list that does not match that of the own communication terminal. Each communication terminal transmits and receives communication messages with another communication terminal that is a transmission source of the selected holding list so that data sharing is performed.

Abstract translation: 单个通信终端连接到通信网络，其中一个通信终端用作具有中继功能的父母，其他通信终端用作儿童，并且通过父母来执行子通信终端之间的通信消息的发送和接收。 各个通信终端向其他通信终端发送列出有关自身通信终端所保持的关于数据的信息的保持列表。 此外，每个通信终端临时存储从其他通信终端接收的保持列表。 每个通信终端虽然不作为父级，但是在存储的保持列表中优先选择与自身的通信终端的不相符的保持列表，其发送源是父通信终端，并且在自己的通信 终端功能作为父级，选择与自己的通信终端不匹配的任何保持列表。 每个通信终端与作为所选保持列表的发送源的另一个通信终端发送和接收通信消息，从而执行数据共享。

公开(公告)号：US20250141910A1

公开(公告)日：2025-05-01

申请号：US18692860

申请日：2021-10-22

Applicant: NEC Corporation

Inventor： Hirofumi UEDA ,  Kohei Tatara

IPC: H04L9/40

Abstract: To provide a virtual model for a communication system, the virtual model being required for specific diagnosis of the security risk of the communication system. An acquisition unit (11) acquires the inspection result of an information security inspection on a device constituting a communication system, an extraction unit (12) extracts, from the inspection result, security inspection information including at least one of first information about a library function used by the constituent device or second information about the presence or absence of access to a file via the library function, and a generation unit (13) generates a virtual model for the communication system by using configuration information for identifying a constituent component of an information communication device and the security inspection information.

公开(公告)号：US20240283792A1

公开(公告)日：2024-08-22

申请号：US18025162

申请日：2022-03-23

Applicant: NEC Corporation

Inventor： Shohei MITANI ,  Hirofumi UEDA ,  Nakul GHATE

IPC: H04L9/40

CPC classification number: H04L63/10

Abstract: An analysis apparatus according to an example embodiment of the present disclosure includes at least one memory configured to store instructions and at least one processor configured to execute the instructions to: acquire at least a data set in which a plurality of combinations of a first pattern of one or more elements indicating attributes of access and an action of access control corresponding to the first pattern are defined, and a second pattern of one or more elements indicating attributes of access that change over time; evaluate an execution cost when an action corresponding to the second pattern is changed over time by using at least transition information indicating a state transition in the one or more elements indicating attributes of access, and the second pattern; and determine the action corresponding to the second pattern by using at least a result of the evaluation and the data set.

公开(公告)号：US20220311786A1

公开(公告)日：2022-09-29

申请号：US17641506

申请日：2019-09-27

Applicant: NEC Corporation

Inventor： Hirofumi UEDA ,  Yoshinobu OHTA ,  Tomohiko YAGYU ,  Norio YAMAGAKI

IPC: H04L9/40

Abstract: Provided is an analysis system that can analyze the degree of impact of vulnerability on individual systems. An analysis unit 6 generates an attack pattern that includes an attack condition, an attack result, an attack means that is vulnerability that is used by an attack, and a segment where the attack can occur in a system to be diagnosed. A calculation unit 12 calculates an evaluation value, for each vulnerability, which indicates degree of impact of the vulnerability on the system to be diagnosed. Specifically, the calculation unit 12 calculates the evaluation value, for each vulnerability, based on the number of the attack patterns that include the vulnerability focused on as the attack means and the number of the segments indicated by each attack pattern that includes the vulnerability focused on as the attack means.

公开(公告)号：US20220147659A1

公开(公告)日：2022-05-12

申请号：US17430069

申请日：2019-02-14

Applicant: NEC corporation

Inventor： Taniya SINGH ,  Masafumi WATANABE ,  Hirofumi UEDA

IPC: G06F21/73 ,  G06F21/57 ,  G06F21/55

Abstract: The present disclosure provides a security assessment apparatus, a method, and a program capable of making an assessment of a security risk simply and appropriately. The security assessment apparatus according to the present disclosure is a security assessment apparatus of a facility to be controlled using a controller, including: an identification unit (15) configured to identify a compromised component which puts the facility into an unsafe situation based on data regarding a plurality of components provided in the facility and control program code of the controller, thereby generating a list of the compromised component; and a compromised behavior generating unit (16) configured to generate a compromised behavior of a selected component selected from the list of the compromised component.

公开(公告)号：US20170094582A1

公开(公告)日：2017-03-30

申请号：US15126776

申请日：2014-12-17

Applicant: NEC Corporation

Inventor： Hirofumi UEDA ,  Norihito FUJITA ,  Norio YAMAGAKI ,  Shunichi KINOSHITA

IPC: H04W40/24 ,  H04L12/935

CPC classification number: H04W40/24 ,  H04L12/6418 ,  H04L49/3009 ,  H04W84/18

Abstract: A communication terminal in an ad hoc network has a wireless communication part, a lower layer protocol part operating on a lower layer of the network, and an upper layer protocol part operating on an upper layer of the network. The lower layer protocol part has a routing table holding route information including a destination IP address and a next hop IP address associated with each other. The upper layer protocol part has: an information sharing management part transmitting and receiving a message including an IP address of the local communication terminal to and from a neighbor communication terminal through the wireless communication part by broadcast communication; and a route information registration part registering, into the routing table, the route information including the IP address included in the message received by broadcast communication as the destination IP address and as the next hop IP address.

公开(公告)号：US20240259375A1

公开(公告)日：2024-08-01

申请号：US18290363

申请日：2021-05-20

Applicant: NEC Corporation

Inventor： Shohei MITANI ,  Taniya SINGH ,  Nakul GHATE ,  Hirofumi UEDA

IPC: H04L9/40

CPC classification number: H04L63/10

Abstract: A policy generation apparatus according to one example embodiment of the present disclosure includes at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: acquire, regarding a plurality of elements related to access control, relation data indicating a relation between a plurality of elements and score data that defines at least one of a score which is based on a viewpoint of risk of access or a score which is based on a viewpoint of a need for access; and generate a policy for access control using the relation data and the score data.

公开(公告)号：US20230421595A1

公开(公告)日：2023-12-28

申请号：US18039208

申请日：2020-12-02

Applicant: NEC Corporation

Inventor： Shohei MITANI ,  Hirofumi UEDA ,  Taniya SINGH

IPC: H04L9/40

CPC classification number: H04L63/1433

Abstract: A network control apparatus (10) according to the present disclosure is a network control apparatus (10) configured to control a node included in a network, and the network control apparatus (10) includes a collecting unit (11) configured to collect data pertaining to a node included in a network, a calculating unit (12) configured to calculate a security index pertaining to a threat of the node based on the data collected by the collecting unit (11), and a determining unit (13) configured to determine a zone of the node based on the security index calculated by the calculating unit (12).