Patents by Inventor Keisuke Takemori

Keisuke Takemori has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190305962
    Abstract: A data provision system includes a data provision device and a data security device installed in a vehicle. The data provision device includes a vehicle interface configured to transmit data to and receive data from the vehicle; and an cryptographic processing unit configured to generate an electronic signature of application data to be applied to an in-vehicle computer installed in the vehicle by using a secret key of the data provision device, wherein application data with the electronic signature, which is obtained by attaching the electronic signature to the application data, is transmitted to the vehicle through the vehicle interface. The data security device includes an interface unit configured to transmit data to and receive data from a device outside the data security device; and an cryptographic processing unit configured to verify the electronic signature of the application data with the electronic signature received from the data provision device.
    Type: Application
    Filed: April 11, 2017
    Publication date: October 3, 2019
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Seiichiro MIZOGUCHI, Ayumu KUBOTA
  • Patent number: 10419220
    Abstract: An automobile is equipped with a management device including a communication part for communicating with an ECU mounted on an automobile, an encryption processor for generating an encrypted key by encrypting a key, a key generation part for generating the key, and a key storage unit for storing the key generated by the key generation part. The communication part transmits the encrypted key to the ECU, while the encryption processor encrypts the key generated by the key generation part.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: September 17, 2019
    Assignee: KIDDI CORPORATION
    Inventors: Keisuke Takemori, Hideaki Kawabata
  • Publication number: 20190245691
    Abstract: A reuse system includes: a key generation device; an in-vehicle computer that is detached from a first vehicle and is installed in a second vehicle; and a data security device that is installed in the second vehicle. The key generation device includes a vehicle interface, and a key generation unit that generates a first key that is the same as a key stored in the in-vehicle computer from a time when being installed in the first vehicle by using an in-vehicle computer identifier, and a master key that is common to the first and second vehicles, and transmits the first key to the second vehicle. The data security device includes a first interface unit, and a first cryptographic processing unit that encrypts first data, which is applied to the in-vehicle computer, with the first key to generate encrypted first data, and transmits the encrypted first data to the in-vehicle computer.
    Type: Application
    Filed: July 26, 2017
    Publication date: August 8, 2019
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Seiichiro MIZOGUCHI, Hideaki KAWABATA, Ayumu KUBOTA
  • Publication number: 20190238325
    Abstract: A communication system is provided that allows communication between a vehicle and a server device. This communication system includes: the server device; a first arithmetic processing device installed in the vehicle; and a second arithmetic processing device that is a secure element and is installed in the vehicle. The second arithmetic processing device includes: a vehicle key storage unit that stores a first key and a second key; a vehicle authentication processing unit that performs authentication with the server device using the first key; and a vehicle key transmission/reception unit that transmits or receives a third key to or from the server device by encryption communication which uses the second key. The first arithmetic processing device includes a vehicle communication unit that performs encryption communication with the server device using the third key.
    Type: Application
    Filed: July 26, 2017
    Publication date: August 1, 2019
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Seiichiro MIZOGUCHI, Ayumu KUBOTA
  • Publication number: 20190222423
    Abstract: An in-vehicle computer generates a message authentication code about its own log using its own signature key and thereby transmits a log annotated with its message authentication code to a vehicle information collection device. The vehicle information collection device generates the signature key of the in-vehicle computer, verifies the message authentication code, which is included in the log annotated with its message authentication code received from the in-vehicle computer, using generated signature key, and thereby stores the log relating to the successfully verified message authentication code on storage media.
    Type: Application
    Filed: August 28, 2017
    Publication date: July 18, 2019
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Seiichiro MIZOGUCHI, Hideaki KAWABATA, Ayumu KUBOTA
  • Publication number: 20190199524
    Abstract: Provided are a key generation device and an in-vehicle computer which is installed in a vehicle. The key generation device includes a vehicle interface, a key generation unit that generates first and second keys, an cryptographic processing unit that encrypts the first key with an initial key to generate first encrypted data and encrypts the second key with the first key to generate second encrypted data, an expected value calculation unit that calculates an expected value of stored data using the second key, and a verification unit that verifies a received measured value on the basis of the expected value, and the key generation device transmits the first and second encrypted data to the vehicle. The in-vehicle computer includes an interface unit, an cryptographic processing unit that decrypts the received first encrypted data, and decrypts the received second encrypted data, and a measured value calculation unit.
    Type: Application
    Filed: March 28, 2017
    Publication date: June 27, 2019
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Seiichiro MIZOGUCHI, Hideaki KAWABATA, Ayumu KUBOTA
  • Publication number: 20190109716
    Abstract: A communication network system, in which a transmission node for transmitting a message is connected to a reception node for receiving the message, is configured to periodically transmit a count-value notification message to notify a count value, which is used to generate and check a message authentication code for the message, to the transmission node and the reception node.
    Type: Application
    Filed: March 14, 2017
    Publication date: April 11, 2019
    Applicant: KDDI CORPORATION
    Inventors: Seiichiro MIZOGUCHI, Hideaki KAWABATA, Keisuke TAKEMORI, Ayumu KUBOTA
  • Publication number: 20190068381
    Abstract: A communication system is provided, including a plurality of terminal devices and a root certification authority. Each of the plurality of terminal devices includes a certification authority key generation unit, a certification authority public key certificate acquisition unit that acquires a certification authority public key certificate, a certification authority key storage unit, a transmission unit, and a verification unit that verifies the certification authority public key certificate with a root certification authority public key certificate, and verifies a user in a case where the verification succeeds. The root certification authority includes a root certification authority key storage unit, a communication unit, and a certification authority public key certificate generation unit that generates the certification authority public key certificate by encrypting the certification authority public key with the root certification authority secret key.
    Type: Application
    Filed: February 21, 2017
    Publication date: February 28, 2019
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Takamasa ISOHARA, Teruaki HONMA
  • Publication number: 20190028267
    Abstract: In a secure hardware extension (SHE)-B, an initial key is set to a KEY_N key usable in a verification process and a generation process for a message authentication code. In an SHE-A, a master key is set to a KEY_N key usable in the verification process and the generation process for the message authentication code, the master key being used together with an identifier of an authenticated electronic control unit (ECU) for generating the message authentication code to be used as the initial key. A central processing unit (CPU) causes the message authentication code for the identifier of the authenticated ECU to be generated using the master key through the SHE-A and executes a process of authenticating validity of the authenticated ECU by using the generated message authentication code.
    Type: Application
    Filed: January 5, 2017
    Publication date: January 24, 2019
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Seiichiro MIZOGUCHI, Hideaki KAWABATA, Ayumu KUBOTA
  • Publication number: 20190007217
    Abstract: An onboard computer system includes a first onboard computer configured to store a first public key certificate of a data delivering apparatus, a second onboard computer, and a secure element configured to store a second public key certificate relative to a second secret key used to generate the first public key certificate. The secure element verifies the first public key certificate by use of the second public key certificate. The first onboard computer includes an encryption processor configured to verify a first electronic signature attached to data delivered from the data delivering apparatus by use of the first public key certificate which is successfully verified by the secure element. The data attached with the first electronic signature, which is successfully verified by the encryption processor, is applied to the first onboard computer or the second onboard computer.
    Type: Application
    Filed: December 26, 2016
    Publication date: January 3, 2019
    Applicant: KDDI Corporation
    Inventors: Keisuke TAKEMORI, Hideaki KAWABATA
  • Publication number: 20180314813
    Abstract: A communication device includes: a first subscriber identification unit that stores first subscriber identification unit identification information associated with user identification information; and a communication unit that communicates with another communication device, the other communication device including a second subscriber identification unit that stores second subscriber identification unit identification information associated with user identification information.
    Type: Application
    Filed: October 19, 2016
    Publication date: November 1, 2018
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Takamasa ISOHARA, Yoshiyuki SHIBATA, Kei KATOU, Teruaki HONMA
  • Publication number: 20180227120
    Abstract: A management device installed in a vehicle includes a master key storing part configured to share the master key that is used to generate an initial key held by an ECU together with an identifier of the ECU; a communication part configured to communicate with the ECU; a key generation part configured to generate the initial key of the ECU by use of the master key stored on the master key storing part and the identifier of the ECU received from the ECU via the communication part; and an initial key storing part configured to store the initial key of the ECU that is generated by the key generation part in connection with the identifier of the ECU.
    Type: Application
    Filed: August 4, 2016
    Publication date: August 9, 2018
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Hideaki KAWABATA, Yasuaki KOBAYASHI
  • Publication number: 20180068107
    Abstract: A management device installed in an automobile includes an initially-delivered key storage unit for storing a plurality of initially-delivered keys corresponding to candidates of initially-delivered keys held by an ECU, a communication part for communicating with the ECU, a verification part for verifying encrypted data from the ECU with the initially-delivered key of the initially-delivered key storage unit, and a wireless communication part for receiving a new initially-delivered key held by a new ECU newly installed in the automobile from management server equipment through a wireless communication network. The initially-delivered key storage unit stores the new initially-delivered key received with the wireless communication part.
    Type: Application
    Filed: March 10, 2016
    Publication date: March 8, 2018
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Hideaki KAWABATA
  • Publication number: 20170324558
    Abstract: An automobile is equipped with a management device including a communication part for communicating with an ECU mounted on an automobile, an encryption processor for generating an encrypted key by encrypting a key, a key generation part for generating the key, and a key storage unit for storing the key generated by the key generation part. The communication part transmits the encrypted key to the ECU, while the encryption processor encrypts the key generated by the key generation part.
    Type: Application
    Filed: December 14, 2015
    Publication date: November 9, 2017
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Hideaki KAWABATA
  • Publication number: 20170195878
    Abstract: In a communication network system connected between a transmission node and a reception node, both the transmission node and the reception node store the same secret information with their secret information storage units. The transmission node includes a counter configured to increase its transmission count value by 1 for transmitting each message, wherein a MAC generator generates MAC based on secret information, transmission data, and its transmission count value, thus transmitting a message including transmission data and MAC. The reception node includes a counter configured to increase a reception count value by 1 for receiving each message, wherein a MAC checking part generates MAC based on secret information, reception data, and its reception count value, obtained from the received message, thus checking whether the generated MAC matches the MAC obtained from the received message.
    Type: Application
    Filed: June 5, 2015
    Publication date: July 6, 2017
    Applicant: KDDI CORPORATION
    Inventors: Keisuke TAKEMORI, Hideaki KAWABATA
  • Patent number: 7673334
    Abstract: A communication system and a security assurance device are proposed, which are capable of assuring that a target party for communication is implementing security countermeasures. A server 3 transmits information 104 necessary for AC issuance to a security assurance authority 2. The security assurance authority 2 verifies the security of the server 3 during communication based upon this information necessary for AC issuance 104. And, when the security of the server 3 during communication is confirmed, the security assurance authority 2 issues an AC 105 which proves the security of the server 3 during communication, and transmits it to the server 3. Upon receipt of this AC 105, the server 3 transmits the AC 105 to a client 4, according to a connection request from the client 4. And, upon receipt of this AC 105, the client 4 verifies the security during communication of the server 3, based upon the AC 105.
    Type: Grant
    Filed: August 26, 2005
    Date of Patent: March 2, 2010
    Assignees: KDDI Corporation, KEIO University
    Inventors: Keisuke Takemori, Yutaka Miyake, Toshiaki Tanaka, Takamasa Isohara, Iwao Sasase
  • Publication number: 20060048228
    Abstract: A communication system and a security assurance device are proposed, which are capable of assuring that a target party for communication is implementing security countermeasures. A server 3 transmits information 104 necessary for AC issuance to a security assurance authority 2. The security assurance authority 2 verifies the security of the server 3 during communication based upon this information necessary for AC issuance 104. And, when the security of the server 3 during communication is confirmed, the security assurance authority 2 issues an AC 105 which proves the security of the server 3 during communication, and transmits it to the server 3. Upon receipt of this AC 105, the server 3 transmits the AC 105 to a client 4, according to a connection request from the client 4. And, upon receipt of this AC 105, the client 4 verifies the security during communication of the server 3, based upon the AC 105.
    Type: Application
    Filed: August 26, 2005
    Publication date: March 2, 2006
    Inventors: Keisuke Takemori, Yutaka Miyake, Toshiaki Tanaka, Takamasa Isohara, Iwao Sasase
  • Publication number: 20040250169
    Abstract: There is provided an IDS log analysis support apparatus, an IDS log analysis support method, and an IDS log analysis support program that enable logs that are different from normal logs to be extracted from logs output in great quantity from a variety of IDS, and enable the degree of abnormality thereof to be objectively evaluated. The apparatus has a log collection section that collects logs of IDS that are connected to a telecommunication network, a database that stores and manages logs collected by the log collection section, and a log analysis section that obtains statistics of logs managed by the database and performs analysis processing thereon.
    Type: Application
    Filed: April 14, 2004
    Publication date: December 9, 2004
    Applicant: KDDI Corporation
    Inventors: Keisuke Takemori, Koji Nakao
  • Publication number: 20020046351
    Abstract: When an access from an intruder is detected, a destination rewriting section 441 of a converting section 44 rewrites a destination [regular] which has been registered in an access command [http . . . /regular/doc] to a directory [decoy] of a decoy region 42. A communication application 43 accesses the decoy region 42 designated by the access command. A response converting section 442 of the converting section 44 rewrites a response [success/decoy/doc] returned from the communication application 43 to the content [success/regular/doc] expressing a message where the access to the regular region 41 has been succeeded.
    Type: Application
    Filed: September 27, 2001
    Publication date: April 18, 2002
    Inventors: Keisuke Takemori, Toshiaki Tanaka, Kouji Nakao