-
1.发明申请公开(公告)号:US20140075510A1
公开(公告)日:2014-03-13
申请号:US14119827
申请日:2012-05-22
申请人: Yoichiro MORITA , Masayuki NAKAE , Hideyuki SHIMONISHI , Kentaro SONODA , Masaya YAMAGATA , NEC Corporation
IPC分类号: H04L29/06
CPC分类号: H04L63/105 , H04L63/0236 , H04L63/20
摘要: A communication system includes an information acquisition unit that acquires information for determining an isolation level to which a user terminal belongs, from the user terminal; an isolation level determination unit that determines an isolation level to which the user terminal belongs, based on the acquired information; an isolation level information storage unit that defines whether or not access is possible to respective access destinations for each isolation level; an access control unit that causes a forwarding node(s) to implement forwarding or dropping of a packet, in accordance with whether or not access is possible to the respective access destinations; and a forwarding node(s) that forwards a packet in accordance with control of the access control unit. Stepwise access control is realized using isolation levels.
摘要翻译: 通信系统包括从用户终端获取用于确定用户终端所属的隔离级别的信息的信息获取单元; 隔离级别确定单元,基于获取的信息确定用户终端所属的隔离级别; 隔离级别信息存储单元,其定义对于每个隔离级别是否可以访问相应的访问目的地; 访问控制单元,其使得转发节点根据是否可以访问相应的访问目的地来实现分组的转发或丢弃; 以及根据访问控制单元的控制转发分组的转发节点。 使用隔离级别实现逐步访问控制。
-
公开(公告)号:US09882962B2
公开(公告)日:2018-01-30
申请号:US14391169
申请日:2012-04-09
申请人: Yoichi Hatano , Hideyuki Shimonishi , Kentaro Sonoda , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki , Takeo Ohno
发明人: Yoichi Hatano , Hideyuki Shimonishi , Kentaro Sonoda , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki , Takeo Ohno
摘要: A visualization device is communicable with one or a plurality of host servers for hosting a virtual system, and includes an information acquisition unit for collecting configuration information on the virtual system and the host server, a storage unit for storing the configuration information therein, and a drawing unit for expressing a virtual machine and a virtual network configuring the virtual system with different axes based on the configuration information stored in the storage unit, expressing a connection relationship between a virtual machine and a virtual network by linking the lines extending from the respective axes, and grouping virtual machines in units of server on which the virtual machines operate thereby to generate drawing information for expressing the configuration of the virtual system and the host server.
-
3.发明申请公开(公告)号:US20130275620A1
公开(公告)日:2013-10-17
申请号:US13977115
申请日:2012-04-20
IPC分类号: H04L12/56
CPC分类号: H04L45/42 , H04L45/64 , H04L61/103 , H04L61/2015 , H04L63/102
摘要: A communication system comprises: a plurality of forwarding nodes processing an incoming packet in accordance with a processing rule (packet handling operation) in which a matching rule for determining a packet to be processed and a processing content applied to a packet matching the matching rule are associated with each other; an address management apparatus giving an address to a host; and a control apparatus first setting a first processing rule for realizing communication between the host and the address management apparatus in a forwarding node between the host and the address management apparatus and thereafter setting a second processing rule for realizing communication between a host given an address by the address management apparatus and a predetermined network resource.
摘要翻译: 一种通信系统包括:多个转发节点,根据处理规则(分组处理操作)处理输入分组,其中用于确定要处理的分组的匹配规则和应用于匹配规则匹配的分组的处理内容是 相互联系; 向主机发送地址的地址管理装置; 以及控制装置,首先在主机和地址管理装置之间的转发节点中首先设定用于实现主机与地址管理装置之间的通信的第一处理规则,然后设定用于实现给定地址的主机之间的通信的第二处理规则 地址管理装置和预定的网络资源。
-
公开(公告)号:US09935876B2
公开(公告)日:2018-04-03
申请号:US14389309
申请日:2013-03-29
申请人: Kentaro Sonoda , Hideyuki Shimonishi , Toshio Koide , Yoichi Hatano , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki , Yuki Ashino , Takeo Ohno
发明人: Kentaro Sonoda , Hideyuki Shimonishi , Toshio Koide , Yoichi Hatano , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki , Yuki Ashino , Takeo Ohno
IPC分类号: H04L12/28 , H04L12/56 , H04L12/741 , H04L12/717 , H04L12/751 , H04L12/721 , G06F9/455 , H04L12/24
CPC分类号: H04L45/74 , G06F9/45558 , G06F2009/45595 , H04L41/04 , H04L45/02 , H04L45/42 , H04L45/70
摘要: A communication system, includes: a node that requests a processing rule for processing a packet; and a control apparatus that notifies the node of the processing rule in response to the request. The control apparatus, upon being notified of change of a connection relationship between a communication apparatus to which a packet is addressed and the node, determines a forwarding path for a packet addressed to the communication apparatus and notifies the node of a processing rule for realizing the forwarding path.
-
5.发明授权Communication system, control apparatus, policy management apparatus, communication method, and program 有权通信系统,控制装置,策略管理装置,通信方式和程序公开(公告)号:US09178910B2
公开(公告)日:2015-11-03
申请号:US13991588
申请日:2011-12-22
IPC分类号: G06F7/04 , H04L29/06 , H04L12/927 , H04W12/08 , H04L12/24
CPC分类号: H04L63/20 , H04L41/0893 , H04L47/808 , H04L63/10 , H04W12/08
摘要: The present invention implements detailed access control according to access rights granted to users, by a simple configuration. A communication system includes: a plurality of forwarding nodes that process a received packet in accordance with a processing rule (packet handling operation) associating a matching rule for identifying a flow and processing content to be applied to a packet that conforms with the matching rule; a policy management apparatus provided with an access control policy storage unit that associates roles assigned to users and access rights set for each role, the policy management apparatus providing information related to access rights associated with a role of a user who is successfully authenticated, to a control apparatus; and the control apparatus that creates a path between a terminal of the user who is successfully authenticated and a resource that the user can access, based on information related to access rights received from the policy management apparatus, and sets a processing rule in a forwarding node in the path in question.
摘要翻译: 本发明通过简单的配置实现了根据授予用户的访问权限的详细的访问控制。 通信系统包括:多个转发节点,根据处理规则(分组处理操作)处理接收到的分组,所述处理规则(分组处理操作)将用于识别流的匹配规则和处理应用于符合匹配规则的分组的内容处理内容相关联; 策略管理装置,其具有将分配给用户的角色和为每个角色设定的访问权限相关联的访问控制策略存储单元,所述策略管理装置向与所述用户的成功认证的角色相关联的访问权限提供与所成功认证的用户有关的信息, 控制装置; 以及控制装置,其基于从所述策略管理装置接收到的访问权限的信息,创建成功认证的用户的终端和所述用户可以访问的资源之间的路径,并且在所述转发节点中设置处理规则 在有问题的道路上。
-
6.发明授权Communication system, policy management apparatus, communication method, and program 失效通信系统,策略管理设备,通信方式和程序公开(公告)号:US08681803B2
公开(公告)日:2014-03-25
申请号:US13822547
申请日:2012-09-14
申请人: Yoichiro Morita , Masayuki Nakae , Masaya Yamagata , Takayuki Sasaki , Hideyuki Shimonishi , Kentaro Sonoda , Yoichi Hatano
发明人: Yoichiro Morita , Masayuki Nakae , Masaya Yamagata , Takayuki Sasaki , Hideyuki Shimonishi , Kentaro Sonoda , Yoichi Hatano
IPC分类号: H04L12/28
摘要: Authentication apparatus authenticates user using host connected to forwarding node. Policy management apparatus holds access control policy for identifying host under access control using identifier of forwarding node or identifier of user, and links identifier of host under access control and identifier of forwarding node to which host is connected, or identifier of host under access control and identifier of user using host. Forwarding node transmits to policy management apparatus identifier of host connected to own forwarding node and identifier of own forwarding node. Authentication apparatus transmits to policy management apparatus identifier of host connected to forwarding node and identifier of user. Policy management apparatus refers to access control policy and, if host connected to forwarding node is under access control, notifies content of access control to control apparatus as access control list. Control apparatus generates processing rule in accordance with access control list and sets generated processing rule in forwarding nodes.
摘要翻译: 验证设备使用连接到转发节点的主机对用户进行认证。 策略管理装置保存用于使用转发节点的标识符或用户的标识符的标识下的主机访问控制策略,以及主机所连接的主机的接入控制的标识符和主机所连接的转发节点的标识符,以及访问控制下的主机的标识符,以及 使用主机的用户标识符。 转发节点发送到连接到自己的转发节点的主机的策略管理设备标识符和自己的转发节点的标识符。 认证装置向连接到转发节点的主机和用户的标识符的策略管理装置的标识符发送。 策略管理装置是指访问控制策略,如果连接到转发节点的主机正在进行访问控制,则将访问控制的内容通知控制装置作为访问控制列表。 控制装置根据访问控制列表生成处理规则,并在转发节点中设置生成的处理规则。
-
7.发明授权Terminal, control device, communication method, communication system, communication module, program, and information processing device 有权终端,控制装置,通信方式,通信系统,通信模块,程序和信息处理装置公开(公告)号:US09397949B2
公开(公告)日:2016-07-19
申请号:US13818293
申请日:2012-04-16
IPC分类号: H04L12/851 , H04L12/721 , H04L12/725
CPC分类号: H04L47/2433 , H04L45/302 , H04L45/38
摘要: A terminal communicating via a network including a forwarding device(s) for forwarding a packet and a control device for controlling the forwarding device(s) in accordance with a request from the forwarding device, includes: a communication unit that receives a processing rule specifying a process of adding, to a packet, quality information related to communication quality with respect to the terminal, from the control device, a memory unit that stores the received processing rule, and a processing unit that in a case of communicating via the network, adds quality information to a packet in accordance with a processing rule that corresponds to the packet by referring to the processing rule stored in the memory unit.
摘要翻译: 一种通过网络进行通信的终端,包括:用于转发分组的转发设备和用于根据来自转发设备的请求控制转发设备的控制设备,包括:通信单元,其接收指定的处理规则 向所述分组提供与所述终端相关的与通信质量相关的质量信息的处理,所述质量信息来自所述控制装置,存储所接收的处理规则的存储单元,以及处理单元,所述处理单元在经由所述网络进行通信的情况下, 通过参照存储在存储单元中的处理规则,根据与分组对应的处理规则向分组添加质量信息。
-
8.发明授权Terminal, control device, communication method, communication system, communication module, program, and information processing device 有权终端,控制装置,通信方式,通信系统,通信模块,程序和信息处理装置公开(公告)号:US09338090B2
公开(公告)日:2016-05-10
申请号:US14112526
申请日:2012-04-17
IPC分类号: H04L12/741 , H04L12/725 , H04L12/24 , H04L12/26 , H04L29/06
CPC分类号: H04L45/74 , H04L41/0893 , H04L41/5041 , H04L43/026 , H04L45/308 , H04L63/0227 , H04L63/08
摘要: A terminal communicating with a network including a forwarding device for forwarding a packet and a control device for controlling the forwarding device in accordance with a request from the forwarding device, includes: a communication unit that receives a processing rule specifying a method of processing the packet, which is determined by the control device, from the control device, a storage unit that stores the received processing rule, and a processing unit that in a case of communicating with the network, processes the packet in accordance with the processing rule that corresponds to the packet by referring to the processing rule stored in the storage unit.
摘要翻译: 一种与网络通信的终端,包括:根据来自转发设备的请求,转发分组的转发设备和用于控制转发设备的控制设备,包括:通信单元,接收指定处理分组的方法的处理规则 由控制装置从控制装置确定存储接收到的处理规则的存储单元,以及处理单元,在与网络进行通信的情况下,根据对应于 参考存储在存储单元中的处理规则。
-
9.发明授权Terminal, control device, communication method, communication system, communication module, program, and information processing device 有权终端,控制装置,通信方式,通信系统,通信模块,程序和信息处理装置公开(公告)号:US09215611B2
公开(公告)日:2015-12-15
申请号:US14112520
申请日:2012-04-18
IPC分类号: H04L12/28 , G06F15/173 , H04W28/02 , H04L12/725 , H04L12/721 , H04L12/803 , H04W48/04
CPC分类号: H04L47/12 , H04L45/308 , H04L45/38 , H04L47/125 , H04L47/33 , H04W28/0215 , H04W48/04
摘要: A terminal communicating with a network including a forwarding device(s) for forwarding a packet and a control device for controlling the forwarding device(s) in accordance with a request from the forwarding device, includes: a communication unit that receives a processing rule indicating that a packet for communicating with a first destination is changed so as to communicate with a second destination, from the control device; a storage unit that stores the received processing rule, and a processing unit that in a case of communicating with the network, changes a destination of a packet in accordance with a processing rule that corresponds to the packet by referring to the processing rule stored in the storage unit.
摘要翻译: 一种与网络通信的终端,包括:根据来自转发设备的请求,转发分组的转发设备和用于控制转发设备的控制设备,包括:通信单元,其接收指示 改变与第一目的地进行通信的分组,以便从控制装置与第二目的地进行通信; 存储单元,存储接收到的处理规则;以及处理单元,在与网络进行通信的情况下,通过参照存储在所述处理规则中的处理规则,根据与所述分组对应的处理规则来改变分组的目的地 存储单元。
-
10.发明申请COMMUNICATION SYSTEM, DATA BASE, CONTROL APPARATUS, COMMUNICATION METHOD, AND PROGRAM 审中-公开通信系统,数据库,控制装置,通信方法和程序公开(公告)号:US20130329738A1
公开(公告)日:2013-12-12
申请号:US14000541
申请日:2012-02-20
IPC分类号: H04L12/851
CPC分类号: H04L47/24 , H04L45/02 , H04L45/308 , H04L45/54 , H04L47/808 , H04L63/08 , H04L63/10 , H04L63/20
摘要: A communication system comprises: a plurality of forwarding nodes each of which processes an incoming packet in accordance with a packet handling operation; a data base which stores a first table for determining a role of a user of a source node from information about the source node and a second table for defining an accessible or inaccessible resource for each role and which transmits a response about a resource accessible or inaccessible by the user of the source node in response to a request from a control apparatus; and a control apparatus which uses, when receiving a request for setting the processing rule from any one of the forwarding nodes, information about the source node included in the request for setting the processing rule, querying the data base for a resource accessible or inaccessible by the user of the source node, creating the processing rule based on the response from the data base, and setting the processing rule in the forwarding node.
摘要翻译: 通信系统包括:多个转发节点,每个转发节点根据分组处理操作处理进入的分组; 存储用于根据关于源节点的信息确定源节点的用户的角色的第一表的数据库和用于为每个角色定义可访问或不可访问的资源的第二表,并且其发送关于可访问或不可访问的资源的响应 由所述源节点的用户响应于来自控制装置的请求; 以及控制装置,当从所述转发节点中的任何一个接收到设置来自所述转发节点的所述处理规则的请求时,所述控制装置在所述数据库中查询可用于或不可访问的资源, 源节点的用户,根据数据库的响应创建处理规则,并在转发节点中设置处理规则。
-
-
-
-
-
-
-
-
-
搜索结果
40 条记录 (耗时 0.031 秒)
