Patents by Inventor Hitoshi Fuji
Hitoshi Fuji has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190124058Abstract: To provide a terminal device that can share a session key for use in encryption communication with multiple terminal devices at a certain timing without relying on an existing server device.Type: ApplicationFiled: June 8, 2017Publication date: April 25, 2019Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yuto KAWAHARA, Hitoshi FUJI, Tetsutaro KOBAYASHI, Reo YOSHIDA, Tomohide YAMAMOTO
-
Patent number: 10218495Abstract: Data processing is performed while personal information is kept concealed. A registrant terminal splits a registration input password and allocates the split pieces to secure computation servers. The secure computation servers verify whether the password matches. The registrant terminal splits target data and allocates the data shared values to the secure computation servers. The secure computation servers store the data shared values. A user terminal splits a utilization input password and allocates the split pieces to the secure computation servers. The secure computation servers verify whether the password matches. The user terminal sends a data processing request to the secure computation servers. The secure computation servers execute secure computation of the data shared values to generate processing result shared values. The user terminal recovers the processing result from the processing result shared values.Type: GrantFiled: December 5, 2014Date of Patent: February 26, 2019Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Teruko Miyata, Hiroyoshi Takiguchi, Naoto Kiribuchi, Koji Chida, Dai Ikarashi, Gembu Morohashi, Hitoshi Fuji, Shigeru Kayaguchi
-
Publication number: 20180359234Abstract: A client apparatus converts second input authentication information having a data content compliant with a second authentication method different from a first authentication method into authentication target information in a data format compliant with the first authentication method and transmits information corresponding to the authentication target information to a communication server apparatus. A server apparatus is capable of carrying out both a first process of providing a first authentication server apparatus that carries out an authentication process compliant with the first authentication method with first information corresponding to the authentication target information and a second process of providing a second authentication server apparatus that carries out an authentication process compliant with the second authentication method with second information corresponding to the authentication target information.Type: ApplicationFiled: December 15, 2016Publication date: December 13, 2018Applicants: NIPPON TELEGRAPH AND TELEPHONE CORPORATION, NTT Innovation Institute, Inc.Inventors: Tetsutaro KOBAYASHI, Hitoshi FUJI, Akira NAGAI, Go YAMAMOTO
-
KEY EXCHANGE METHOD, KEY EXCHANGE SYSTEM, KEY DISTRIBUTION DEVICE, COMMUNICATION DEVICE, AND PROGRAM
Publication number: 20180183583Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit computes Ri and ci based on a twisted pseudo-random function. A session ID generation unit generates sid based on a target-collision resistant hash function and transmits (sid, R?, R?) to communication devices Ui. A second key generation unit of a representative communication device U1 computes T1 based on a pseudo-random function. A second key generation unit of general communication devices Uj computes Tj based on the pseudo-random function. A third key generation unit computes k? based on the twisted pseudo-random function and computes T?j with respect to each j. A session key generation unit of the general communication devices Uj computes Kjl and k1. The session key generation unit generates a common key K2 based on the pseudo-random function.Type: ApplicationFiled: April 21, 2016Publication date: June 28, 2018Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Reo YOSHIDA, Hitoshi FUJI, Tetsutaro KOBAYASHI, Tomohide YAMAMOTO, Yuto KAWAHARA, Kazuki YONEYAMA -
Publication number: 20180115414Abstract: A server sends a key update request for requesting updating of the key, to a client terminal. The client terminal sends, to a key delivery server, a key delivery request for requesting the delivery of a key to the client terminal. The key delivery server delivers a key to the client terminal. The client terminal sends, to the server, a key reception notice indicating that the delivered key was received. The server sends, to the client terminal, a key-use start notice indicating that the client terminal starts data transmission and reception by using the delivered key with a different client terminal from the aforementioned client terminal. The client terminal performs data transmission and reception with the different client terminal by using the delivered key.Type: ApplicationFiled: April 20, 2016Publication date: April 26, 2018Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Reo YOSHIDA, Hitoshi FUJI, Tetsutaro KOBAYASHI, Tomohide YAMAMOTO, Yuto KAWAHARA
-
Publication number: 20170372086Abstract: An assumed use permission range storage stores a predetermined assumed use permission range. An unavailable state storage stores an information asset in an unavailable state by encryption. An available state storage stores an information asset in an available state by decryption. A leakage-concerned state storage stores an information asset in a leakage-concerned state. When use of an information asset in the unavailable state is requested by an application corresponding to the assumed use permission range, a state changing part decrypts the information asset into the available state. When use of the information asset in the available state by the application ends, the state changing part encrypts the information asset into the unavailable state. When use of an information asset in the unavailable state is requested by an application not corresponding to the assumed use permission range, a state monitoring part puts the information asset in the leakage-concerned state.Type: ApplicationFiled: January 14, 2016Publication date: December 28, 2017Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Reo YOSHIDA, Hitoshi FUJI, Tetsutaro KOBAYASHI, Junya AKIBA, Tomoaki WASHIO, Tsuyoshi MIYAMOTO
-
Publication number: 20170302445Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit 212 of the communication devices Ui computes Ri and ci, or ci based on a twisted pseudo-random function. A session ID generation unit 113 of a key distribution device S generates sid based on a target-collision resistant hash function and transmits sid to the communication devices Ui. A second key generation unit 214 of the communication devices Ui computes Ti based on a pseudo-random function. A third key generation unit 115 of the key distribution device S computes k? and T?i based on the twisted pseudo-random function. A session key generation unit 217 of the communication devices Ui generates the common key K2 based on a pseudo-random function.Type: ApplicationFiled: April 14, 2017Publication date: October 19, 2017Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tetsutaro KOBAYASHI, Reo YOSHIDA, Hitoshi FUJI, Tomohide YAMAMOTO, Yuto KAWAHARA, Kazuki YONEYAMA
-
Patent number: 9735963Abstract: A private key is held which conforms to an ElGamal encryption system on a semigroup, calculation of an order of an element of the semigroup being computationally difficult, information corresponding to ciphertext conforming to the ElGamal encryption system is input, a private key s is used to decrypt the information corresponding to the ciphertext in conformance to the ElGamal encryption system, and information corresponding to a result of decrypting the ciphertext is obtained and output. Alternatively, whether it is computationally difficult or easy to calculate the order of the element of the semigroup is determined, and the safety of a decryption service providing device is evaluated based on the determination result.Type: GrantFiled: January 15, 2014Date of Patent: August 15, 2017Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tetsutaro Kobayashi, Go Yamamoto, Hitoshi Fuji, Tomohide Yamamoto, Reo Yoshida
-
Publication number: 20170186255Abstract: At the time of setting authority, a management apparatus stores a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, and outputs information representing any of the registration identification information; and a permission apparatus receives and stores the information. At the time of exercising the authority, the terminal apparatus outputs information representing identification information, and the permission apparatus receives the information and, when the identification information corresponds to registration identification information comprised in setting information, outputs information representing authority exercise information required to exercise the authority.Type: ApplicationFiled: May 12, 2015Publication date: June 29, 2017Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Hitoshi FUJI, Tomohide YAMAMOTO, Tetsutaro KOBAYASHI, Reo YOSHIDA
-
Publication number: 20160330018Abstract: Data processing is performed while personal information is kept concealed. A registrant terminal splits a registration input password and allocates the split pieces to secure computation servers. The secure computation servers verify whether the password matches. The registrant terminal splits target data and allocates the data shared values to the secure computation servers. The secure computation servers store the data shared values. A user terminal splits a utilization input password and allocates the split pieces to the secure computation servers. The secure computation servers verify whether the password matches. The user terminal sends a data processing request to the secure computation servers. The secure computation servers execute secure computation of the data shared values to generate processing result shared values. The user terminal recovers the processing result from the processing result shared values.Type: ApplicationFiled: December 5, 2014Publication date: November 10, 2016Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Teruko MIYATA, Hiroyoshi TAKIGUCHI, Naoto KIRIBUCHI, Koji CHIDA, Dai IKARASHI, Gembu MOROHASHI, Hitoshi FUJI, Shigeru KAYAGUCHI
-
Publication number: 20150358162Abstract: A private key is held which conforms to an ElGamal encryption system on a semigroup, calculation of an order of an element of the semigroup being computationally difficult, information corresponding to ciphertext conforming to the ElGamal encryption system is input, a private key s is used to decrypt the information corresponding to the ciphertext in conformance to the ElGamal encryption system, and information corresponding to a result of decrypting the ciphertext is obtained and output. Alternatively, whether it is computationally difficult or easy to calculate the order of the element of the semigroup is determined, and the safety of a decryption service providing device is evaluated based on the determination result.Type: ApplicationFiled: January 15, 2014Publication date: December 10, 2015Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tetsutaro KOBAYASHI, Go YAMAMOTO, Hitoshi FUJI, Tomohide YAMAMOTO, Reo YOSHIDA
-
Patent number: 7636942Abstract: A monitoring device monitors a packet transmitted to a communication device that is a target of the denial-of-service attack, and detects traffic abnormality information indicating an abnormality of traffic due to the packet with respect to the communication device. A performance measuring device measures performance of the communication device, and detects performance abnormality information indicating an abnormality of throughput of the communication device. An attack determining device determines whether the communication device received the denial-of-service attack, based on the traffic abnormality information and the performance abnormality information.Type: GrantFiled: August 19, 2005Date of Patent: December 22, 2009Assignee: Nippon Telegraph and Telephone CorporationInventors: Masaki Hamada, Hitoshi Fuji, Makoto Iwamura
-
Publication number: 20070166051Abstract: A repeater device receives from a first repeater device, which is adjacent to the repeater device on a network, a signature for controlling passage of a packet through the repeater device and determines whether to send the received signature to a second repeater device, which is adjacent to the repeater device on the network, based on contents of the received signature, and sends the received signature to the second repeater device when determining that the received signature is to be sent to the second repeater device.Type: ApplicationFiled: September 20, 2005Publication date: July 19, 2007Applicant: NIPPON TELEGRAPH AND TELEPHONE CORP.Inventors: Katsuhiro Sebayashi, Hiroshi Kurakami, Yuji Soejima, Eric Chen, Hitoshi Fuji
-
Publication number: 20070118896Abstract: A network attack mitigation device defends a victim device against an attack from an attacker device while collaborating with other network attack mitigation devices. When the attack ends, the network attack mitigation device decides whether to terminate mitigation measure taken against the attack. This decision is made based on a status of other network attack mitigation device that is nearer to the attacker device than the network attack mitigation device. When deciding not to prepare for resume of the attack, the network attack mitigation device deletes information relating to the attack and returns to a normal state. When deciding to prepare for resume of the attack, the network attack mitigation device prepares to resume of the attack without deleting the information relating to the attack.Type: ApplicationFiled: May 12, 2005Publication date: May 24, 2007Applicant: Nippon Telegraph and Telephone CorporationInventors: Yuji Soejima, Masaki Onishi, Hitoshi Fuji
-
Publication number: 20070067839Abstract: A monitoring device monitors a packet transmitted to a communication device that is a target of the denial-of-service attack, and detects traffic abnormality information indicating an abnormality of traffic due to the packet with respect to the communication device. A performance measuring device measures performance of the communication device, and detects performance abnormality information indicating an abnormality of throughput of the communication device. An attack determining device determines whether the communication device received the denial-of-service attack, based on the traffic abnormality information and the performance abnormality information.Type: ApplicationFiled: August 19, 2005Publication date: March 22, 2007Applicant: NIPPON TELEGRAPH AND TELEPHONE CORP.Inventors: Masaki Hamada, Hitoshi Fuji, Makoto Iwamura
-
Patent number: 7188366Abstract: When DDoS attack packets are transmitted from the attacker to the victim's server, the attack packets are detected in the edge router of the LAN accommodating the server. These packets are then destroyed, the address of the upstream routers close to the attack source are retrieved, and attack source retrieval modules are transmitted from the edge router to all the upstream routers. By executing the retrieval modules in the upstream routers, verification is performed as to whether the attack packets are passing through those upstream routers. The results are notified to the transmission source router and if the attack packets are passing through, the retrieval modules are transmitted to routers at the upper stream. When the router at the uppermost stream is reached, a protection module is executed to destroy the attack packets. When the attacks cease, the protection module deletes itself and the protection process is ended.Type: GrantFiled: September 7, 2001Date of Patent: March 6, 2007Assignee: Nippon Telegraph and Telephone CorporationInventors: Eric Yi-hua Chen, Hitoshi Fuji
-
Publication number: 20020032854Abstract: When DDoS attack packets are transmitted from the attacker to the victim's server, the attack packets are detected in the edge router of the LAN accommodating the server. These packets are then destroyed, the address of the upstream routers close to the attack source are retrieved, and attack source retrieval modules are transmitted from the edge router to all the upstream routers. By executing the retrieval modules in the upstream routers, verification is performed as to whether the attack packets are passing through those upstream routers. The results are notified to the transmission source router and if the attack packets are passing through, the retrieval modules are transmitted to routers at the upper stream. When the router at the uppermost stream is reached, a protection module is executed to destroy the attack packets. When the attacks cease, the protection module deletes itself and the protection process is ended.Type: ApplicationFiled: September 7, 2001Publication date: March 14, 2002Inventors: Eric Yi-Hua Chen, Hitoshi Fuji