Patents by Inventor Akira Ohkado
Akira Ohkado has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9064110Abstract: An anomaly detection mechanism is provided that detects an anomaly in a control network, and includes an identifying unit to receive event information on an event that occurs, and to identify a group including a resource related to the event information by referring to a configuration management database for retaining dependence relationships between processes and resources including a control system; a policy storing unit to store one or more policies each of which associates one or more actions with a condition defining a situation suspected to have an anomaly; an adding unit to acquire group-related information needed for application to the one or more policies, and to add the acquired information to the event information; and a determining unit to apply the event information to the one or more policies and to determine the one or more actions associated with the matched condition as one or more actions to be taken.Type: GrantFiled: February 12, 2013Date of Patent: June 23, 2015Assignee: International Business Machines CorporationInventors: Kazuhito Akiyama, Akira Ohkado, Yukihiko Sohda, Masami Tada, Tadashi Tsumura
-
Patent number: 9037505Abstract: Deterioration of service quality due to shortage of resources and/or increased cost of support due to excessive resources is minimized in the case where the amount of requested services may change in cloud computing. Provided are mechanisms for executing a process specified by a user in a cloud computing environment and charging the user for the process. The mechanisms include a receiving part for receiving an instruction to execute the specified process and a determining part for determining an external resource to provision from a first other computer system for a charge. The mechanisms further comprise an external resource securing part for securing the external resource on the first other computer system and an executing part for causing the external resource to execute at least a part of the specified process.Type: GrantFiled: May 12, 2010Date of Patent: May 19, 2015Assignee: International Business Machines CorporationInventors: Kazuhito Akiyama, Kazuo Iwano, Akira Ohkado, Tadashi Tsumura
-
Publication number: 20140304840Abstract: A method, system, mediation server, client, and computer program for deleting a copied file in which a master file is duplicated while maintaining a certain level of security. A mediation server receives and stores a copied file in which a master file stored in a server is duplicated, generates private-key information and public-key information, and transmits the generated public-key information and the copied file to a client. The client receives and stores the copied file and the public-key information. In a case where the copied file is updated, the client encrypts difference information on the difference arising in the updating using the public-key information and transmits the difference information to the mediation server. The client determines whether the condition for being secure is satisfied when a process for updating the copied file becomes possible. When determining that the condition is not satisfied, the client deletes the copied file.Type: ApplicationFiled: August 1, 2012Publication date: October 9, 2014Applicant: International Business Machines CorporationInventor: Akira Ohkado
-
Patent number: 8782189Abstract: A method for dynamically updating a service level agreement, performed by a cloud computing server, includes storing a preference for service selection, acquiring an actual usage level of a first service provided to a user during a predetermined time period in accordance with a first service level agreement, determining a second service level agreement different from the first service level agreement based on the actual usage level acquired during the predetermined time period, and selecting a second service that satisfies the second service level agreement.Type: GrantFiled: November 22, 2010Date of Patent: July 15, 2014Assignee: International Business Machines CorporationInventors: Kazuhito Akiyama, Kazuo Iwano, Akira Ohkado, Tadashi Tsumura
-
Patent number: 8726085Abstract: An anomaly detection mechanism is provided that detects an anomaly in a control network, and includes an identifying unit to receive event information on an event that occurs, and to identify a group including a resource related to the event information by referring to a configuration management database for retaining dependence relationships between processes and resources including a control system; a policy storing unit to store one or more policies each of which associates one or more actions with a condition defining a situation suspected to have an anomaly; an adding unit to acquire group-related information needed for application to the one or more policies, and to add the acquired information to the event information; and a determining unit to apply the event information to the one or more policies and to determine the one or more actions associated with the matched condition as one or more actions to be taken.Type: GrantFiled: February 3, 2012Date of Patent: May 13, 2014Assignee: International Business Machines CorporationInventors: Kazuhito Akiyama, Akira Ohkado, Yukihiko Sohda, Masami Tada, Tadashi Tsumura
-
Patent number: 8683589Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.Type: GrantFiled: July 27, 2012Date of Patent: March 25, 2014Assignee: International Business Machines CorporationInventors: Seiji Munetoh, Akira Ohkado, Yukihiko Sohda, Masami Tada
-
Patent number: 8677484Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.Type: GrantFiled: March 14, 2012Date of Patent: March 18, 2014Assignee: International Business Machines CorporationInventors: Seiji Munetoh, Akira Ohkado, Yukihiko Sohda, Masami Tada
-
Patent number: 8640209Abstract: A system, method, and computer program product are provided to facilitate changing authentication information in an environment having two or more configuration items. Establishing a connection between the configuration items may require matching authentication information corresponding to the first configuration item with authentication information transmitted from the second configuration item. The system may include a repository storing at least one predetermined attribute corresponding to a configuration item, and a relation between the configuration item and another configuration item. The attribute and/or the relation may be updated by discovery that detects information regarding configuration items. In response to a request to change authentication information corresponding to the first configuration item, and based on the relation, an identification unit may identify a second configuration item influenced by the change.Type: GrantFiled: March 6, 2010Date of Patent: January 28, 2014Assignee: International Business Machines CorporationInventor: Akira Ohkado
-
Patent number: 8548916Abstract: Disclosed embodiments include a computer system for receiving an encrypted password from an ID management system. The computer system sends the encrypted password to a decryption system, where the decryption system decrypts the encrypted password. The decrypted password is then transmitted to the computer system, and the computer system transfers the decrypted password to a configuration item disposed on a network. Based on the password, the configuration item sends data concerning the configuration item to the computer system.Type: GrantFiled: May 11, 2009Date of Patent: October 1, 2013Assignee: International Business Machines CorporationInventor: Akira Ohkado
-
Patent number: 8549147Abstract: A computer network connects to a first computer, a second computer, other multiple computers, and a job category database A service to be executed by any of the other multiple computers is divided into multiple jobs; the job category is associated with each of the divided jobs; a region code and an instruction to execute the service are received from the first computer; and for each of the multiple jobs, the job category database is searched with the received region code and the associated job category as keys to acquire the operation identifier list corresponding to the job; the operation identifier list is transmitted to at least one of the other multiple computers; and a combination of the job, the identifier of that other computer and the identifier list are transmitted to the first computer.Type: GrantFiled: October 28, 2010Date of Patent: October 1, 2013Assignee: International Business Machines CorporationInventors: Kazuhito Akiyama, Kazuo Iwano, Akira Ohkado, Tadashi Tsumura, Naohiko Uramoto
-
Publication number: 20120296685Abstract: A method of managing an access right to at least one asset associated with at least one digital work order, to at least one first element associated with the at least one asset, or to at least one second element associated with an access path to the at least one asset or the first element, and relates to a system and a computer program for the same.Type: ApplicationFiled: August 2, 2012Publication date: November 22, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yasutaka Nishimura, Akira Ohkado, Tadashi Tsumura
-
Publication number: 20120297445Abstract: A method, system and computer program of managing an access right to at least one asset associated with at least one digital work order, or to at least one element associated with the asset, and provides a system and a computer program for the same. The method includes the steps of: loading a security policy associated with the work order, the asset, or the element; starting to monitor location information of the asset or the element and a moving object, or a elapsed time of the moving object at the location; and issuing an event for managing the asset, the element or the moving object in response to the start of the work order or in response to the fact that the loaded security policy is violated by any of the locations, a change in the location, or the elapsed time at the location obtained by the monitoring.Type: ApplicationFiled: August 2, 2012Publication date: November 22, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yasutaka Nishimura, Takashi Ogura, Akira Ohkado, Tadashi Tsumura
-
Publication number: 20120297452Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.Type: ApplicationFiled: July 27, 2012Publication date: November 22, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Seiji Munetoh, Akira Ohkado, Yukihiko Sohda, Masami Tada
-
Publication number: 20120254951Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.Type: ApplicationFiled: March 14, 2012Publication date: October 4, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Seiji Munetoh, Akira Ohkado, Yukihiko Sohda, Masami Tada
-
Publication number: 20120210158Abstract: An anomaly detection mechanism is provided that detects an anomaly in a control network, and includes an identifying unit to receive event information on an event that occurs, and to identify a group including a resource related to the event information by referring to a configuration management database for retaining dependence relationships between processes and resources including a control system; a policy storing unit to store one or more policies each of which associates one or more actions with a condition defining a situation suspected to have an anomaly; an adding unit to acquire group-related information needed for application to the one or more policies, and to add the acquired information to the event information; and a determining unit to apply the event information to the one or more policies and to determine the one or more actions associated with the matched condition as one or more actions to be taken.Type: ApplicationFiled: February 3, 2012Publication date: August 16, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Kazuhito Akiyama, Akira Ohkado, Yukihiko Sohda, Masami Tada, Tadashi Tsumura
-
Publication number: 20120209411Abstract: A mechanism is provided for effectively detecting an abnormality occurring in a control system and isolating the control system in which abnormality is acknowledged. The mechanism receives, from one or more control systems in the plurality of control systems, respective abnormality notifications for respective counter control systems to be monitored by the plurality of control systems. The mechanism adds up abnormality notifications transmitted from respective monitoring sections of the plurality of control systems so as to evaluate the reputation of a control system suspected to have an abnormality. The mechanism causes a protected area for operating the control system suspected to have an abnormality to restrict outbound traffic from at least the inside of the protected area, when an indication is identified that the control system is abnormal according to criteria from a result of the evaluation.Type: ApplicationFiled: February 3, 2012Publication date: August 16, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Akira Ohkado, Yukihiko Sohda, Masami Tada, Tadashi Tsumura
-
Publication number: 20120144466Abstract: Disclosed embodiments include a method for receiving, at a configuration information server, an encrypted password associated with a configuration item, where the encrypted password is encrypted using an encryption key. The method further includes encrypting a decrypted password to generate a reencrypted password, where the decrypted password is derived from the encrypted password. The method further includes transmitting the reenrypted password to the configuration item and removing the decrypted password from the configuration information collection server.Type: ApplicationFiled: February 14, 2012Publication date: June 7, 2012Applicant: International Business Machines CorporationInventor: Akira Ohkado
-
Publication number: 20120095797Abstract: A method of managing an access right to at least one asset associated with at least one digital work order, to at least one first element associated with the at least one asset, or to at least one second element associated with an access path to the at least one asset or the first element, and relates to a system and a computer program for the same.Type: ApplicationFiled: September 27, 2011Publication date: April 19, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yasutaka Nishimura, Akira Ohkado, Tadashi Tsumura
-
Publication number: 20120095926Abstract: A method, system and computer program of managing an access right to at least one asset associated with at least one digital work order, or to at least one element associated with the asset, and provides a system and a computer program for the same. The method includes the steps of: loading a security policy associated with the work order, the asset, or the element; starting to monitor location information of the asset or the element and a moving object, or a elapsed time of the moving object at the location; and issuing an event for managing the asset, the element or the moving object in response to the start of the work order or in response to the fact that the loaded security policy is violated by any of the locations, a change in the location, or the elapsed time at the location obtained by the monitoring.Type: ApplicationFiled: September 21, 2011Publication date: April 19, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yasutaka Nishimura, Takashi Ogura, Akira Ohkado, Tadashi Tsumura
-
Publication number: 20120072318Abstract: Deterioration of service quality due to shortage of resources and/or increased cost of support due to excessive resources is minimized in the case where the amount of requested services may change in cloud computing. Provided are mechanisms for executing a process specified by a user in a cloud computing environment and charging the user for the process. The mechanisms include a receiving part for receiving an instruction to execute the specified process and a determining part for determining an external resource to provision from a first other computer system for a charge. The mechanisms further comprise an external resource securing part for securing the external resource on the first other computer system and an executing part for causing the external resource to execute at least a part of the specified process.Type: ApplicationFiled: May 12, 2010Publication date: March 22, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Kazuhito Akiyama, Kazuo Iwano, Akira Ohkado, Tadashi Tsumura