Patents by Inventor Masayuki Nakae

Masayuki Nakae has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9288233
    Abstract: A communication control apparatus controls communication between a first apparatus and a second apparatus connected to the first apparatus via a plurality of relay apparatuses. The communication control apparatus comprises: a communication path generation unit that refers to a control policy including access control and supplementary control that is other than the access control from the first apparatus to the second apparatus and refers to network configuration information about a network configuration among the first apparatus, the second apparatus, and the plurality of relay apparatuses and generates a communication path that matches the control policy from the first apparatus to the second apparatus and goes through at least one of the plurality of relay apparatuses; and a communication path control unit that instructs a relay apparatus(es) on the communication path among the plurality of relay apparatuses to execute the access control and the supplementary control included in the control policy.
    Type: Grant
    Filed: June 15, 2012
    Date of Patent: March 15, 2016
    Assignee: NEC Corporation
    Inventors: Masayuki Nakae, Masaya Yamagata, Yoichiro Morita, Hideyuki Shimonishi, Kentaro Sonoda
  • Patent number: 9215611
    Abstract: A terminal communicating with a network including a forwarding device(s) for forwarding a packet and a control device for controlling the forwarding device(s) in accordance with a request from the forwarding device, includes: a communication unit that receives a processing rule indicating that a packet for communicating with a first destination is changed so as to communicate with a second destination, from the control device; a storage unit that stores the received processing rule, and a processing unit that in a case of communicating with the network, changes a destination of a packet in accordance with a processing rule that corresponds to the packet by referring to the processing rule stored in the storage unit.
    Type: Grant
    Filed: April 18, 2012
    Date of Patent: December 15, 2015
    Assignee: NEC CORPORATION
    Inventors: Kentaro Sonoda, Hideyuki Shimonishi, Masayuki Nakae, Masaya Yamagata, Yoichiro Morita
  • Patent number: 9215237
    Abstract: A communication system includes an information acquisition unit that acquires information for determining an isolation level to which a user terminal belongs, from the user terminal; an isolation level determination unit that determines an isolation level to which the user terminal belongs, based on the acquired information; an isolation level information storage unit that defines whether or not access is possible to respective access destinations for each isolation level; an access control unit that causes a forwarding node(s) to implement forwarding or dropping of a packet, in accordance with whether or not access is possible to the respective access destinations; and a forwarding node(s) that forwards a packet in accordance with control of the access control unit. Stepwise access control is realized using isolation levels.
    Type: Grant
    Filed: May 22, 2012
    Date of Patent: December 15, 2015
    Assignee: NEC CORPORATION
    Inventors: Kentaro Sonoda, Hideyuki Shimonishi, Masayuki Nakae, Masaya Yamagata, Yoichiro Morita
  • Patent number: 9178910
    Abstract: The present invention implements detailed access control according to access rights granted to users, by a simple configuration.
    Type: Grant
    Filed: December 22, 2011
    Date of Patent: November 3, 2015
    Assignee: NEC CORPORATION
    Inventors: Masaya Yamagata, Masayuki Nakae, Yoichiro Morita, Hideyuki Shimonishi, Kentaro Sonoda
  • Publication number: 20150236953
    Abstract: A control device reduces its load responding to a transmission request for control information, and includes a control information management unit managing control information including a match field and causes a packet matching the match field to be processed; a transmission request storage unit storing uncontrolled transmission requests in transmission requests for control information for packets received by a switch under the control from the switch; and a request processing unit selecting a piece of control information having a looser match field from among pieces of control information managed by the control information management unit, then selects an unprocessed transmission requests for control information matching the selected piece of control information having a looser match field in unprocessed transmission requests for control information stored in the transmission request storage unit, and replies control information with the looser match field to the switch transmitting the unprocessed transmis
    Type: Application
    Filed: September 10, 2013
    Publication date: August 20, 2015
    Applicant: NEC CORPORATION
    Inventors: Takayuki Sasaki, Masayuki Nakae, Yoichiro Morita, Hideyuki Shimonishi, Kentaro Sonoda, Yoichi Hatano, Masaya Yamagata
  • Publication number: 20150172129
    Abstract: In a filtering setting support device, a logical/physical mapping section generates mapping information that represents a path on the layout of a network by a combination of start nodes and end nodes, the path being, for each flow identifier, from a transmission source node to a destination node, based on node physical layout information and access policy information. The access policy information manages flow information including a combination of transmission source node and destination node, by attaching a flow identifier. A filtering point analysis section specifies as a filtering point a node where a plurality of flows are co-present. A common formal rule generating section generates common formal rules that are to be set at the filtering point. A common formal rule output section presents common formal rules to a network administrator.
    Type: Application
    Filed: July 23, 2013
    Publication date: June 18, 2015
    Applicant: NEC CORPORATION
    Inventor: Masayuki Nakae
  • Publication number: 20150172176
    Abstract: The present invention reduces load on a control device responding to a request to send control information that is issued from a switch. A control device includes: a control information management unit that manages control information including a match field and used for causing a packet which matches the match field to be processed; and a request processing unit that, when receiving, from a switch under control, a transmission request for control information for processing a packet which the switch receives, compares a match field of control information managed by the control information management unit with a field, which is to be compared with the match field, of a packet received by the switch, selects, from pieces of control information having match fields which match the field of the packet, a piece of control information having a looser match field, and replies to the switch with the selected piece of control information.
    Type: Application
    Filed: July 12, 2013
    Publication date: June 18, 2015
    Applicant: NEC Corporation
    Inventors: Takayuki Sasaki, Masayuki Nakae, Hideyuki Shimonishi, Kentaro Sonoda, Yoichi Hatano, Masaya Yamagata, Yoichiro Morita
  • Publication number: 20150172175
    Abstract: To control transmission of a control information transmission request from a switch to a control device. The switch includes: a packet processing unit that processes a received packet by using control information received from a preset control device control device; a communication unit that transmits and receives the control information to and from the control device; and a control unit that controls order of control information to be transmitted and received by the communication unit.
    Type: Application
    Filed: July 12, 2013
    Publication date: June 18, 2015
    Applicant: NEC Corporation
    Inventors: Takayuki Sasaki, Masayuki Nakae, Hideyuki Shimonishi, Kentaro Sonoda, Yoichi Hatano, Masaya Yamagata, Yoichiro Morita
  • Publication number: 20150124595
    Abstract: A communication system includes: a control apparatus setting control information in a forwarding node(s); a forwarding node(s); and an access control apparatus. The forwarding node(s) forwards packets by using first control information set by the control apparatus and second control information for forwarding packets that do not match a matching condition(s) in the first control information set by the control apparatus from a predetermined port of the forwarding node(s). The access control apparatus includes a determination unit determining whether to generate control information for the packets forwarded from the predetermined port of the forwarding node(s) and requesting the control apparatus to generate control information.
    Type: Application
    Filed: April 26, 2013
    Publication date: May 7, 2015
    Inventors: Masaya Yamagata, Yoichiro Morita, Takayuki Sasaki, Masayuki Nakae, Kentaro Sonoda, Yoichi Hatano, Hideyuki Shimonishi
  • Publication number: 20150078169
    Abstract: A communication terminal comprises: first means that communicates with a network system that includes a forwarding apparatus forwarding a packet and a control apparatus informing the forwarding apparatus of a processing rule prescribing a packet processing method; second means that determines a processing operation to be executed by the network system from among packet processing operations to be executed by the communication terminal; and third means that informs the forwarding apparatus of a processing rule corresponding to the determined packet processing operation.
    Type: Application
    Filed: September 14, 2012
    Publication date: March 19, 2015
    Applicant: NEC CORPORATION
    Inventors: Kentaro Sonoda, Yasuhiro Mizukoshi, Hideyuki Shimonishi, Yoichi Hatano, Masayuki Nakae, Masaya Yamagata, Yoichiro Morita, Takayuki Sasaki
  • Publication number: 20150081755
    Abstract: A visualization device is communicable with one or a plurality of host servers for hosting a virtual system, and includes an information acquisition unit for collecting configuration information on the virtual system and the host server, a storage unit for storing the configuration information therein, and a drawing unit for expressing a virtual machine and a virtual network configuring the virtual system with different axes based on the configuration information stored in the storage unit, expressing a connection relationship between a virtual machine and a virtual network by linking the lines extending from the respective axes, and grouping virtual machines in units of server on which the virtual machines operate thereby to generate drawing information for expressing the configuration of the virtual system and the host server.
    Type: Application
    Filed: April 9, 2012
    Publication date: March 19, 2015
    Inventors: Yoichi Hatano, Hideyuki Shimonishi, Kentaro Sonoda, Masayuki Nakae, Masaya Yamagata, Yoichiro Morita, Takayuki Sasaki, Takeo Ohno
  • Publication number: 20150063354
    Abstract: A communication system, includes: a node that requests a processing rule for processing a packet; and a control apparatus that notifies the node of the processing rule in response to the request. The control apparatus, upon being notified of change of a connection relationship between a communication apparatus to which a packet is addressed and the node, determines a forwarding path for a packet addressed to the communication apparatus and notifies the node of a processing rule for realizing the forwarding path.
    Type: Application
    Filed: March 29, 2013
    Publication date: March 5, 2015
    Inventors: Kentaro Sonoda, Hideyuki Shimonishi, Toshio Koide, Yoichi Hatano, Masayuki Nakae, Masaya Yamagata, Yoichiro Morita, Takayuki Sasaki, Yuki Ashino, Takeo Ohno
  • Publication number: 20150049766
    Abstract: A route request mediation apparatus comprises a resource management unit that manages a resource of a network to be managed; a request receiving unit that receives a route request with an added service level condition from a user or another route request mediation apparatus; a negotiation status management unit that forwards the route request to a destination specified by the route request, and manages a negotiation status based on a response from the destination; an acceptance assessment unit that assesses whether or not to accept the route request by referring to the negotiation status managed by the negotiation status management unit and to the resource management unit; and a response sending unit that responds with an assessment result that indicates whether or not the route request is accepted to the request source of the route request.
    Type: Application
    Filed: March 7, 2013
    Publication date: February 19, 2015
    Applicant: NEC CORPORATION
    Inventors: Masayuki Nakae, Masaya Yamagata, Takayuki Sasaki, Yoichiro Morita, Hideyuki Shimonishi, Kentaro Sonoda, Yoichi Hatano
  • Publication number: 20140341219
    Abstract: A communication terminal comprises: first unit that communicates with a network system that includes a forwarding apparatus forwarding a packet and a control apparatus informing the forwarding apparatus of a processing rule prescribing a packet processing method; second unit that determines a processing operation to be executed by the network system from among packet processing operations to be executed by the communication terminal; and third unit that requests the control apparatus to inform the forwarding apparatus of a processing rule corresponding to the determined packet processing operation.
    Type: Application
    Filed: September 14, 2012
    Publication date: November 20, 2014
    Applicant: NEC CORPORATION
    Inventors: Kentaro Sonoda, Yasuhiro Mizukoshi, Hideyuki Shimonishi, Yoichi Hatano, Masayuki Nakae, Masaya Yamagata, Yoichiro Morita, Takayuki Sasaki
  • Publication number: 20140341019
    Abstract: A communication system includes: a forwarding node(s) in which a first packet handling operation(s) for processing incoming packets is set and which processes packets in accordance with the packet handling operation(s); a first control apparatus setting the first packet handling operation(s) in the forwarding node(s); a flow control node(s) arranged upstream of the forwarding node(s); and a second control apparatus setting a second packet handling operation(s) in the flow control node(s). The flow control node(s) intercepts forwarding of packets that do not satisfy a predetermined condition(s) to the forwarding node(s) in accordance with the second packet handling operation(s).
    Type: Application
    Filed: September 12, 2012
    Publication date: November 20, 2014
    Applicant: NEC CORPORATION
    Inventors: Masaya Yamagata, Hideyuki Shimonishi, Kentaro Sonoda, Yoichi Hatano, Masayuki Nakae, Yoichiro Morita, Takayuki Sasaki
  • Patent number: 8875221
    Abstract: There are provided a role information storing unit (11) that stores role information including information indicative of subject sets, and information capable of specifying inclusion relationships between subject sets, a policy description storing unit (12) that stores policy descriptions including information indicative of policies and information for identifying subject sets to which the policies are to be applied, a policy stratifying unit (13) that generates a policy hierarchy in which two or more policies are stratified based on inclusion relationships between subject sets to which each policy is applied, and a policy ordering unit (14) that totally orders policy sets made of the two or more policies to be totally ordered based on information indicative of the policy hierarchy while maintaining a higher/lower relationship in a hierarchy.
    Type: Grant
    Filed: January 26, 2010
    Date of Patent: October 28, 2014
    Assignee: NEC Corporation
    Inventor: Masayuki Nakae
  • Publication number: 20140247714
    Abstract: A terminal communicating with a network including a forwarding device(s) for forwarding a packet and a control device for controlling the forwarding device(s) in accordance with a request from the forwarding device, includes: a communication unit that receives a processing rule indicating that a packet for communicating with a first destination is changed so as to communicate with a second destination, from the control device; a storage unit that stores the received processing rule, and a processing unit that in a case of communicating with the network, changes a destination of a packet in accordance with a processing rule that corresponds to the packet by referring to the processing rule stored in the storage unit.
    Type: Application
    Filed: April 18, 2012
    Publication date: September 4, 2014
    Applicant: NEC Corporation
    Inventors: Kentaro Sonoda, Hideyuki Shimonishi, Masayuki Nakae, Masaya Yamagata, Yoichiro Morita
  • Publication number: 20140123215
    Abstract: A communication control apparatus controls communication between a first apparatus and a second apparatus connected to the first apparatus via a plurality of relay apparatuses. The communication control apparatus comprises: a communication path generation unit that refers to a control policy including access control and supplementary control that is other than the access control from the first apparatus to the second apparatus and refers to network configuration information about a network configuration among the first apparatus, the second apparatus, and the plurality of relay apparatuses and generates a communication path that matches the control policy from the first apparatus to the second apparatus and goes through at least one of the plurality of relay apparatuses; and a communication path control unit that instructs a relay apparatus(es) on the communication path among the plurality of relay apparatuses to execute the access control and the supplementary control included in the control policy.
    Type: Application
    Filed: June 15, 2012
    Publication date: May 1, 2014
    Applicant: NEC Corporation
    Inventors: Masayuki Nakae, Masaya Yamagata, Yoichiro Morita, Hideyuki Shimonishi, Kentaro Sonoda
  • Patent number: 8700532
    Abstract: A project managing unit 11 authenticates users of virtual machines 24-1 to 24-N and specifies a project to which the users belong. A key managing unit 12 distributes an encryption key, which is assigned in advance to the project specified by the project managing unit 11, to encryption processing units 232-1 to 232-N of virtualizing units 23-1 to 23-N. Input/output monitoring units 231-1 to 231-N of the virtualizing units 23-1 to 23-N receive input/output data generated between the virtual machines 24-1 to 24-N and devices 22-1 to 22-N, and deliver the data to the encryption processing units 232-1 to 232-N. The encryption processing units 232-1 to 232-N encrypt output (write) data and decrypt input (read) data by using the distributed encryption key.
    Type: Grant
    Filed: June 1, 2012
    Date of Patent: April 15, 2014
    Assignee: NEC Corporation
    Inventors: Masayuki Nakae, Takayuki Sasaki
  • Publication number: 20140098674
    Abstract: A communication system includes: a plurality of forwarding nodes that process a packet transmitted from a user terminal, in accordance with a processing rule that has been set, and a control device that selects a forwarding node in which a processing rule is to be set, from among the plurality of forwarding nodes, such that processing rules are set so as not to be concentrated in a specific forwarding node, based on the number of processing rules that are set in each of the forwarding nodes.
    Type: Application
    Filed: June 1, 2012
    Publication date: April 10, 2014
    Applicant: NEC Corporation
    Inventors: Kentaro Sonoda, Hideyuki Shimonishi, Masayuki Nakae, Masaya Yamagata, Yoichiro Morita