Patents by Inventor Tadashi Kaji

Tadashi Kaji has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9372995
    Abstract: A vulnerability countermeasure device stores configuration information associating multiple computers connected via a network and software possessed by each computer, vulnerability information associating the software with information related to the vulnerability of the software, and countermeasure policy information associating the software with a countermeasure policy to be executed if there is a vulnerability in the software; calculates the computer that data will reach based on information related to a route of the data included in the data received from a used terminal; acquires software existing in the computer based on the calculated computer and configuration information; assesses whether or not there is a vulnerability in the acquired software based on the acquired software and the vulnerability information; and is provided with countermeasure unit for executing a countermeasure to a vulnerability in accordance with a countermeasure policy with respect to the software assessed to have the vulnerabili
    Type: Grant
    Filed: September 8, 2011
    Date of Patent: June 21, 2016
    Assignee: HITACHI, LTD.
    Inventors: Tomohiro Shigemoto, Hirofumi Nakakoji, Tetsuro Kito, Hisashi Umeki, Satoshi Takemoto, Tadashi Kaji, Satoshi Kai
  • Publication number: 20150302213
    Abstract: Security measures taking into consideration significance of handled information is made applicable and prevents security requirement to be set in the system from missing, in system security design. In supporting requirement defining and measures planning, the system as the target of design is indicated divided in a plurality of zones and is classified into a path 420 communicably coupling the zones, a zone boundary 419 being a coupling part between the path 420 and each zone, and an in-zone 418, and has associated and registered to each a security requirement 403 and security measures 413 having measures to be taken divided into levels. The path 420 has also associated a level of transmitted data and the level 409 of the corresponding zone boundary 419 is determined according to the transmitted data level of the path.
    Type: Application
    Filed: March 13, 2015
    Publication date: October 22, 2015
    Applicant: Hitachi, Ltd.
    Inventors: YOKO Hashimoto, Tadashi Kaji, Yoshinobu Tanigawa, Shinya Iguchi, Yukiko Matsubara, Ryosuke Ando
  • Publication number: 20140373160
    Abstract: A vulnerability countermeasure device stores configuration information associating multiple computers connected via a network and software possessed by each computer, vulnerability information associating the software with information related to the vulnerability of the software, and countermeasure policy information associating the software with a countermeasure policy to be executed if there is a vulnerability in the software; calculates the computer that data will reach based on information related to a route of the data included in the data received from a used terminal; acquires software existing in the computer based on the calculated computer and configuration information; assesses whether or not there is a vulnerability in the acquired software based on the acquired software and the vulnerability information; and is provided with countermeasure unit for executing a countermeasure to a vulnerability in accordance with a countermeasure policy with respect to the software assessed to have the vulnerabili
    Type: Application
    Filed: September 8, 2011
    Publication date: December 18, 2014
    Applicant: Hitachi, Ltd.
    Inventors: Tomohiro Shigemoto, Hirofumi Nakakoji, Tetsuro Kito, Hisashi Umeki, Satoshi Takemoto, Tadashi Kaji, Satoshi Kai
  • Publication number: 20130333045
    Abstract: A security level of each service is calculated and visualized. The device includes a security level calculation unit and a security level visualization unit. The security level calculation unit receives information regarding security of the service from a plurality of sensors as observation information, and calculates a security level of each service based on the received observation information and a security level calculation policy. The security level visualization unit outputs the security level of each service, based on the security level calculated by the security level calculation unit and configuration information of the service. Further, the security level calculation policy has a service, a user using the service, and an observation item to be observed in the service. The security level calculation unit calculates the security level in association with the user of the service and the service, based on the security level calculation policy.
    Type: Application
    Filed: December 8, 2011
    Publication date: December 12, 2013
    Applicant: HITACHI, LTD.
    Inventors: Tomohiro Shigemoto, Hirofumi Nakakoji, Tetsuro Kito, Hisashi Umeki, Satoshi Takemoto, Tadashi Kaji, Satoshi Kai
  • Patent number: 8516245
    Abstract: A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.
    Type: Grant
    Filed: June 19, 2009
    Date of Patent: August 20, 2013
    Assignee: Hitachi, Ltd.
    Inventors: Yoko Kumagai, Takahiro Fujishiro, Tadashi Kaji, Shingo Hane, Hitoshi Shimonosono
  • Patent number: 8402524
    Abstract: An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate.
    Type: Grant
    Filed: February 1, 2011
    Date of Patent: March 19, 2013
    Assignee: Hitachi, Ltd.
    Inventors: Tadashi Kaji, Naoki Hayashi, Akifumi Yato, Shinichi Irube
  • Publication number: 20120254942
    Abstract: A connection destination determination device includes a control unit for performing an approval determination process to determine that a user authentication state in a connection destination request is approved if the user authentication state satisfies the user authentication state corresponding to a collaboration service. If the user authentication state is determined to be approved in the approval determination process, the control unit responds to a source of the connection destination determination request with the connection destination of service corresponding to the collaboration service which is the search key.
    Type: Application
    Filed: February 9, 2012
    Publication date: October 4, 2012
    Applicant: Hitachi, Ltd.
    Inventors: Naoki Hayashi, Tadashi Kaji, Akifumi Yato, Shinichi Irube
  • Publication number: 20120254935
    Abstract: An authentication collaboration server of an authentication collaboration system performs a secrecy calculation process using authentication information as input for an authentication process, generating secret authentication information for each piece of the authentication information. An authentication information verification server obtains and compares sets of the combination of secret authentication information generated by the authentication server, and a user ID identifying a user of a user terminal using the authentication information that is a source of the secret authentication information. The authentication information verification server extracts the plurality of pieces of authentication information that have been applied.
    Type: Application
    Filed: January 26, 2012
    Publication date: October 4, 2012
    Applicant: HITACHI, LTD.
    Inventors: Akifumi YATO, Tadashi KAJI, Naoki HAYASHI, Shinichi IRUBE
  • Publication number: 20120210125
    Abstract: An encrypted traffic test system is disclosed which tests whether or not traffic involving packets over a network is encrypted, the encrypted traffic test system including: a test data acquisition portion configured to receive each of the packets on the network so as to acquire test data from the received packet; an encrypted traffic test portion configured to evaluate the test data acquired by the test data acquisition portion for randomness using a random number testing scheme and, if the test data is evaluated to have randomness, to further determine that the traffic involving the packets including the test data is encrypted traffic; and a test result display portion configured to display a test result from the encrypted traffic test portion on a test result display screen.
    Type: Application
    Filed: February 8, 2012
    Publication date: August 16, 2012
    Applicant: HITACHI, LTD.
    Inventors: Tomohiro Shigemoto, Hirofumi Nakakoji, Tetsuro Kito, Hisashi Umeki, Satoshi Takemoto, Tadashi Kaji, Satoshi Kai
  • Patent number: 8238555
    Abstract: Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.
    Type: Grant
    Filed: October 21, 2008
    Date of Patent: August 7, 2012
    Assignee: Hitachi, Ltd.
    Inventors: Osamu Takata, Takahiro Fujishiro, Tadashi Kaji, Kazuyoshi Hoshino
  • Publication number: 20120198039
    Abstract: A processing load on service is distributed to improve the availability of linkage service even if the details of the processing of the linkage service are unknown. A service dynamic linkage device (110) sequentially selects pieces of web service which can be executed on the basis of dependence relationship information having identified a web server which should have already been executed among pieces of web service included in a scenario, the execution of which has been requested from a user-side communication terminal (140), and repeatedly performs processing to be executed until there are no pieces of web service included in the scenario.
    Type: Application
    Filed: February 15, 2010
    Publication date: August 2, 2012
    Applicant: Hitachi, Ltd.
    Inventors: Naoki Hayashi, Tadashi Kaji, Akifumi Yato, Dan Yamamoto, Shinichi Irube
  • Patent number: 8218769
    Abstract: An encrypted communication system is provided, in which an encryption key for use in encrypted communication and settings information for the encrypted communication are distributed to each of a plurality of communication devices performing encrypted communication within a group, and in which traffic generated by distributing the encryption key and the like can be reduced. In the encrypted communication system according to the present invention, information including a key for use in the intra-group encrypted communication or a seed which generates the key is distributed to the communication devices belonging to the group that are participating (e.g., logged in) in the intra-group encrypted communication.
    Type: Grant
    Filed: February 28, 2007
    Date of Patent: July 10, 2012
    Assignee: Hitachi, Ltd.
    Inventors: Osamu Takata, Tadashi Kaji, Takahiro Fujishiro, Kazuyoshi Hoshino, Keisuke Takeuchi
  • Patent number: 8205074
    Abstract: In a data communication method and a data communication system, a session control message designating a destination server with identification information unique to application is transferred to the destination via a session management server. When an application program or encrypted communication software on a client issues a connection request designating a destination with identification information unique to application, the client or the session management server automatically converts the identification information into a desired resource identifier identifiable a domain to thereby determine a domain as the destination of the received connection request message.
    Type: Grant
    Filed: December 13, 2006
    Date of Patent: June 19, 2012
    Assignee: Hitachi, Ltd.
    Inventors: Kazuyoshi Hoshino, Keisuke Takeuchi, Osamu Takata, Tadashi Kaji, Takahiro Fujishiro
  • Publication number: 20120084351
    Abstract: A user interaction type service collaboration system, in which a user terminal calls Web service provisioning servers in sequence via a Web portal server and a service scenario execution server, and each Web service provisioning server carries out interaction processing with the user terminal, is provided with a callback control server having: a callback control part responding to reception, from the Web service provisioning server, of the callback request accompanied by a callback user ID, and transmitting an interaction processing start request to the user terminal using an ID identifying the user terminal or a session due to the user terminal; and a callback ID management part associating and managing IDs and callback user IDs and acquiring IDs corresponding to callback user IDs.
    Type: Application
    Filed: August 11, 2011
    Publication date: April 5, 2012
    Applicant: HITACHI, LTD.
    Inventors: Akifumi YATO, Tadashi KAJI, Naoki HAYASHI, Shinichi IRUBE
  • Patent number: 8095676
    Abstract: The present invention is to prevent user's attribute information from being distributed, in the case where it is to be determined whether or not the attribute information (for example, age, address, and the like) of the user satisfies a service providing condition, when a communication session is established across multiple session managing servers. According to the present invention, attribute information of a user who is using a client logging in a session managing server, and attribute information of a service operating on the client are managed, a condition (SEP) to establish a communication session among multiple session managing servers related to the session establishment is shared, and the session managing server which manages the attribute information compares the attribute information and the SEP to make an access judgment, in order to determine whether or not the communication session is to be established.
    Type: Grant
    Filed: August 16, 2006
    Date of Patent: January 10, 2012
    Assignee: Hitachi Ltd.
    Inventors: Tadashi Kaji, Osamu Takata, Takahiro Fujishiro, Kazuyoshi Hoshino
  • Patent number: 8094337
    Abstract: To minimize risk of printing-out to a printer located at an improper base, where a network is established between the bases, terminal devices, a server, printers, and a management device which manages printers are provided. The management device manages position information of the printers installed in bases. Every time printing is requested, the management device extracts printer candidates located close to a terminal device and asks a user of the terminal device to select one of the printer candidates. The user visually confirms the installation locations of the extracted printer candidates included in a list and selects an appropriate printer for each printing. Accordingly, risk of erroneously printing using a printer installed in an improper base can be reduced.
    Type: Grant
    Filed: November 30, 2007
    Date of Patent: January 10, 2012
    Assignee: Hitachi, Ltd.
    Inventors: Yoko Hashimoto, Takahiro Fujishiro, Tadashi Kaji, Akifumi Yato, Kazuyoshi Hoshino
  • Publication number: 20120005362
    Abstract: A streaming data delivery system contrived to curtail the procedure until a session is established between a delivery server and a user terminal includes a delivery device, a server for provisional coupling, format conversion servers, a terminal, and a 3PCC device which implements Third Party Call Control. The 3PCC device obtains format information from the terminal and establishes a session between the terminal and the server for provisional coupling; also obtains data format information from the data delivery device and establishes a session between the delivery device and the server for provisional coupling; further selects a format conversion server, transfers the session between the delivery device and the server for provisional coupling into a session between the delivery device and the selected format conversion server, and transfers the session between the terminal and the server for provisional coupling into a session between the terminal and the selected format conversion server.
    Type: Application
    Filed: March 24, 2011
    Publication date: January 5, 2012
    Inventors: NAOKI HAYASHI, Tadashi Kaji, Dan Yamamoto, Shinichi Irube
  • Patent number: 8081758
    Abstract: When a cryptographic communicating part 208 of the communication support server 20 exchanges information with the information processing units 14, if the term of validity of a first key stored in a cryptographic key storing part 200 and corresponding to the identification information of the information processing unit 14 does not expire, the cryptographic communicating part 208 performs the cryptographic communication with the information processing unit 14 using the first key, without performing a process of authenticating the information processing units 14. When the term of validity of the first key expires or the first key corresponding to the identification information of the information processing units 14 is not stored, the key sharing part 202 shares the first key with the information processing units 14, and the cryptographic communicating part 208 performs the cryptographic communication with the information processing units 14 using a newly shared first key.
    Type: Grant
    Filed: December 27, 2005
    Date of Patent: December 20, 2011
    Assignee: Hitachi, Ltd.
    Inventors: Osamu Takata, Takahiro Fujishiro, Tadashi Kaji, Kazuyoshi Hoshino
  • Patent number: 8041822
    Abstract: A server device that represents a plurality of service provision servers implements authentication and a SIP message exchange with respect to a SIP server as a representative, and notifies a service provision server of client communication information that is acquired by the SIP message exchange. The service provision server communicates with a client on the basis of the client communication information that is notified from the representative server.
    Type: Grant
    Filed: May 4, 2006
    Date of Patent: October 18, 2011
    Assignee: Hitachi, Ltd.
    Inventors: Kazuyoshi Hoshino, Tadashi Kaji, Osamu Takata, Takahiro Fujishiro, Kohei Sawada
  • Publication number: 20110239284
    Abstract: An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate.
    Type: Application
    Filed: February 1, 2011
    Publication date: September 29, 2011
    Inventors: Tadashi Kaji, Naoki Hayashi, Akifumi Yato, Shinichi Irube