Patents by Inventor Akifumi Yato
Akifumi Yato has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10523696Abstract: Proposed are a log analyzing system and a log analyzing method capable of more effectively defending a control system from unauthorized access. The log analyzing system which analyzes a communication log of a control device comprises a network device which receives a communication packet corresponding to the communication log from a network, and a monitoring device which monitors communication to the network device, wherein the monitoring device obtains a difference between a communication pattern of the communication packet and a stable pattern, which is a pattern of a communication in a state of no unauthorized access, restores the communication packet based on the difference, and notifies the restored communication packet.Type: GrantFiled: October 27, 2017Date of Patent: December 31, 2019Assignee: Hitachi, Ltd.Inventors: Hiroki Uchiyama, Akifumi Yato, Satoshi Ohkubo, Kohhei Yamaguchi
-
Publication number: 20180124083Abstract: Proposed are a log analyzing system and a log analyzing method capable of more effectively defending a control system from unauthorized access. The log analyzing system which analyzes a communication log of a control device comprises a network device which receives a communication packet corresponding to the communication log from a network, and a monitoring device which monitors communication to the network device, wherein the monitoring device obtains a difference between a communication pattern of the communication packet and a stable pattern, which is a pattern of a communication in a state of no unauthorized access, restores the communication packet based on the difference, and notifies the restored communication packet.Type: ApplicationFiled: October 27, 2017Publication date: May 3, 2018Inventors: Hiroki UCHIYAMA, Akifumi YATO, Satoshi OHKUBO, Kohhei YAMAGUCHI
-
Patent number: 8402524Abstract: An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate.Type: GrantFiled: February 1, 2011Date of Patent: March 19, 2013Assignee: Hitachi, Ltd.Inventors: Tadashi Kaji, Naoki Hayashi, Akifumi Yato, Shinichi Irube
-
Publication number: 20120254942Abstract: A connection destination determination device includes a control unit for performing an approval determination process to determine that a user authentication state in a connection destination request is approved if the user authentication state satisfies the user authentication state corresponding to a collaboration service. If the user authentication state is determined to be approved in the approval determination process, the control unit responds to a source of the connection destination determination request with the connection destination of service corresponding to the collaboration service which is the search key.Type: ApplicationFiled: February 9, 2012Publication date: October 4, 2012Applicant: Hitachi, Ltd.Inventors: Naoki Hayashi, Tadashi Kaji, Akifumi Yato, Shinichi Irube
-
Publication number: 20120254935Abstract: An authentication collaboration server of an authentication collaboration system performs a secrecy calculation process using authentication information as input for an authentication process, generating secret authentication information for each piece of the authentication information. An authentication information verification server obtains and compares sets of the combination of secret authentication information generated by the authentication server, and a user ID identifying a user of a user terminal using the authentication information that is a source of the secret authentication information. The authentication information verification server extracts the plurality of pieces of authentication information that have been applied.Type: ApplicationFiled: January 26, 2012Publication date: October 4, 2012Applicant: HITACHI, LTD.Inventors: Akifumi YATO, Tadashi KAJI, Naoki HAYASHI, Shinichi IRUBE
-
Publication number: 20120198039Abstract: A processing load on service is distributed to improve the availability of linkage service even if the details of the processing of the linkage service are unknown. A service dynamic linkage device (110) sequentially selects pieces of web service which can be executed on the basis of dependence relationship information having identified a web server which should have already been executed among pieces of web service included in a scenario, the execution of which has been requested from a user-side communication terminal (140), and repeatedly performs processing to be executed until there are no pieces of web service included in the scenario.Type: ApplicationFiled: February 15, 2010Publication date: August 2, 2012Applicant: Hitachi, Ltd.Inventors: Naoki Hayashi, Tadashi Kaji, Akifumi Yato, Dan Yamamoto, Shinichi Irube
-
Publication number: 20120084351Abstract: A user interaction type service collaboration system, in which a user terminal calls Web service provisioning servers in sequence via a Web portal server and a service scenario execution server, and each Web service provisioning server carries out interaction processing with the user terminal, is provided with a callback control server having: a callback control part responding to reception, from the Web service provisioning server, of the callback request accompanied by a callback user ID, and transmitting an interaction processing start request to the user terminal using an ID identifying the user terminal or a session due to the user terminal; and a callback ID management part associating and managing IDs and callback user IDs and acquiring IDs corresponding to callback user IDs.Type: ApplicationFiled: August 11, 2011Publication date: April 5, 2012Applicant: HITACHI, LTD.Inventors: Akifumi YATO, Tadashi KAJI, Naoki HAYASHI, Shinichi IRUBE
-
Patent number: 8094337Abstract: To minimize risk of printing-out to a printer located at an improper base, where a network is established between the bases, terminal devices, a server, printers, and a management device which manages printers are provided. The management device manages position information of the printers installed in bases. Every time printing is requested, the management device extracts printer candidates located close to a terminal device and asks a user of the terminal device to select one of the printer candidates. The user visually confirms the installation locations of the extracted printer candidates included in a list and selects an appropriate printer for each printing. Accordingly, risk of erroneously printing using a printer installed in an improper base can be reduced.Type: GrantFiled: November 30, 2007Date of Patent: January 10, 2012Assignee: Hitachi, Ltd.Inventors: Yoko Hashimoto, Takahiro Fujishiro, Tadashi Kaji, Akifumi Yato, Kazuyoshi Hoshino
-
Publication number: 20110239284Abstract: An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate.Type: ApplicationFiled: February 1, 2011Publication date: September 29, 2011Inventors: Tadashi Kaji, Naoki Hayashi, Akifumi Yato, Shinichi Irube
-
Data communication system enabling data communication between communication devices through a server
Patent number: 7940780Abstract: A method and a system for speeding up session establishment are provided, wherein the time required to establish a session is reduced, even in the case where a session management server requires a large amount of time to process respective functions required for establishing the session (such as making a decision regarding whether to permit or deny provision of a service, or generating a session key). The session management server is provided with means for conducting, in parallel, processing to issue processing requests for respective functions required for establishing a session (such as making a decision regarding whether to permit or deny provision of a service, or generating a session key) and processing to forward a communication message transmitted by a communications device or another session management server attempting to establish a session.Type: GrantFiled: September 5, 2008Date of Patent: May 10, 2011Assignee: Hitachi, Ltd.Inventors: Dan Yamamoto, Tadashi Kaji, Akifumi Yato, Takahiro Fujishiro, Shinichi Irube -
Patent number: 7657035Abstract: Each terminal registers the key generation information into each session management server, the information including a plurality of setting items necessary for determining set values to generated a key to be used by itself, and set value candidates which are stored in the setting items. When the encryption communications are established between the terminals, the individual session management servers and a key generation information management server are associated, so that the key generation information management server selects the algorithm suite based on the key generation information. The session management server generates the parameters based on the selected algorithm suite, acquires the information on the selected algorithm suite from the key generation information management server, generates the key for the encryption communications based on that information and distributes the key to the each terminal.Type: GrantFiled: August 16, 2006Date of Patent: February 2, 2010Assignee: Hitachi, Ltd.Inventors: Akifumi Yato, Tadashi Kaji, Osamu Takata, Takahiro Fujishiro, Kazuyoshi Hoshino
-
Publication number: 20090089866Abstract: An access authorization system is provided, which can reduce the user wait time until the provision of a user-requested service. The access authorization system of the present invention specifies the next service to be provided to a UT (a client-side communication device) after the service currently being provided to the UT, and then executes process to make an authorization decision in advance regarding the next service with respect to the user of the UT, before the UT requests the next service.Type: ApplicationFiled: September 26, 2008Publication date: April 2, 2009Inventors: Akifumi Yato, Tadashi Kaji, Dan Yamamoto, Shinichi Irube, Naoki Hayashi
-
Publication number: 20090067439Abstract: A method and a system for speeding up session establishment are provided, wherein the time required to establish a session is reduced, even in the case where a session management server requires a large amount of time to process respective functions required for establishing the session (such as making a decision regarding whether to permit or deny provision of a service, or generating a session key). The session management server is provided with means for conducting, in parallel, processing to issue processing requests for respective functions required for establishing a session (such as making a decision regarding whether to permit or deny provision of a service, or generating a session key) and processing to forward a communication message transmitted by a communications device or another session management server attempting to establish a session.Type: ApplicationFiled: September 5, 2008Publication date: March 12, 2009Inventors: Dan Yamamoto, Tadashi Kaji, Akifumi Yato, Takahiro Fujishiro, Shinichi Irube
-
Publication number: 20080256224Abstract: A data communication system is provided that is capable of increasing or decreasing the number of session management servers flexibly, and is further capable of implementing data communication while distributing the message processing load in the session management server. The data communication system includes multiple communication devices which perform data communications mutually, multiple session management servers which manage sessions of data communication between the communication devices, and a load balancer which assigns the session management servers for processing a message received from the communication device according to a predetermined criterion, wherein, the session management server is provided with a unit for managing a currently logged-in communication device and a state of the communication performed by the communication device, and a unit for acquiring information necessary for performing communication with the communication device.Type: ApplicationFiled: February 22, 2008Publication date: October 16, 2008Inventors: Tadashi Kaji, Takahiro Fujishiro, Akifumi Yato, Kazuyoshi Hoshino, Munetoshi Tsuge
-
Publication number: 20080219445Abstract: A communications audit support system is provided, which makes it possible to audit communications of an arbitrary encrypted communication session at any time. The communications audit support system of the present invention stores key information used for encrypted communication in a key management DB in association with a key ID each time the key information is created, stores IP addresses of a user terminal and a service providing server which perform an encrypted communication session using the key information in a communication state management DB in association with the key ID, and stores an encrypted packet sent in an encrypted communication session in a packet DB in association with IP addresses of a sender and a receiver of the encrypted packet.Type: ApplicationFiled: November 20, 2007Publication date: September 11, 2008Inventors: Akifumi Yato, Tadashi Kaji, Takahiro Fujishiro, Yoko Hashimoto, Kazuyoshi Hoshino
-
Publication number: 20080158597Abstract: To minimize risk of printing-out to a printer located at an improper base, where a network is established between the bases, terminal devices, a server, printers, and a management device which manages printers are provided. The management device manages position information of the printers installed in bases. Every time printing is requested, the management device extracts printer candidates located close to a terminal device and asks a user of the terminal device to select one of the printer candidates. The user visually confirms the installation locations of the extracted printer candidates included in a list and selects an appropriate printer for each printing. Accordingly, risk of erroneously printing using a printer installed in an improper base can be reduced.Type: ApplicationFiled: November 30, 2007Publication date: July 3, 2008Inventors: Yoko Hashimoto, Takahiro Fujishiro, Tadashi Kaji, Akifumi Yato, Kazuyoshi Hoshino
-
Publication number: 20070288754Abstract: An encrypted communication method, and a system for the method, can transfer a session control message designated by identification information inherent to an application to a connection destination through a session management server. When an application program of a client or encrypted communication software issues a connection request in the form designating an application server by identification information inherent to each application, the identification information is automatically changed to a desired address-of-record capable of domain identification and a transfer destination domain of a reception message is judged.Type: ApplicationFiled: March 30, 2007Publication date: December 13, 2007Inventors: Tadashi Kaji, Kazuyoshi Hoshino, Keisuke Takeuchi, Osamu Takata, Takahiro Fujishiro, Akifumi Yato
-
Publication number: 20070192587Abstract: Each terminal registers the key generation information into each session management server, the information including a plurality of setting items necessary for determining set values to generated a key to be used by itself, and set value candidates which are stored in the setting items. When the encryption communications are established between the terminals, the individual session management servers and a key generation information management server are associated, so that the key generation information management server selects the algorithm suite based on the key generation information. The session management server generates the parameters based on the selected algorithm suite, acquires the information on the selected algorithm suite from the key generation information management server, generates the key for the encryption communications based on that information and distributes the key to the each terminal.Type: ApplicationFiled: August 16, 2006Publication date: August 16, 2007Inventors: Akifumi Yato, Tadashi Kaji, Osamu Takata, Takahiro Fujishiro, Kazuyoshi Hoshino