Patents by Inventor Teruyoshi Yamaguchi

Teruyoshi Yamaguchi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210111874
    Abstract: A key management apparatus receives a key request including a first device identification information and a second device identification information, encrypts a common key using the first device identification information to generate a first encrypted common key, encrypts the common key using the second device identification information to generate a second encrypted common key, and transmits a key response including the first encrypted common key and the second encrypted common key. A first device receives the key response, decrypts the first encrypted common key using the first device identification information to obtain the common key, and transmits the second encrypted common key. A second device receives the second encrypted common key and decrypts the second encrypted common key using the second device identification information to obtain the common key.
    Type: Application
    Filed: April 14, 2017
    Publication date: April 15, 2021
    Applicant: Mitsubishi Electric Corporation
    Inventors: Masamichi TANJI, Makoto ITOI, Nobuhiro KOBAYASHI, Teruyoshi YAMAGUCHI
  • Publication number: 20210112062
    Abstract: An object of this invention is to obtain a whitelist generator with which the accuracy of data relating to the specifications of normal communication serving as an automatic generation source can be guaranteed, whereby the accuracy of a generated whitelist can be guaranteed over an entire whitelist generation flow. The whitelist generator is applied to a system formed from a plurality of devices, the plurality of devices being configured to exchange data with each other, in order to generate a whitelist used for whitelisting intrusion detection, and includes a model verification unit that verifies, on the basis of an input model, at least one of whether or not normal communication in the system has been modeled correctly and whether or not the model is logically consistent, and a model conversion unit that converts the verified model into a whitelist.
    Type: Application
    Filed: January 23, 2017
    Publication date: April 15, 2021
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Koichi SHIMIZU, Teruyoshi YAMAGUCHI, Tsunato NAKAI, Takeshi UEDA, Nobuhiro KOBAYASHI, Benoit BOYER
  • Publication number: 20210006570
    Abstract: A state detection section (105) detects states of a plurality of controllers (300, 400) included in a communication system (600). An attack determination section (103) selects, from among a plurality of whitelists (110) each of which is associated with a combination of states, a whitelist (110) associated with the combination of the states of the plurality of controllers (300, 400) detected by the state detection section (105). The attack determination section (103) detects an attack on the communication system (600) by using the selected whitelist (110).
    Type: Application
    Filed: April 26, 2016
    Publication date: January 7, 2021
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Tsunato NAKAI, Teruyoshi YAMAGUCHI, Koichi SHIMIZU, Nobuhiro KOBAYASHI
  • Patent number: 10826915
    Abstract: In the present invention, unauthorized access from outside a facility to a device disposed inside the facility is detected by effectively using the output from a mirror port of a network switch. A gateway device has: a monitored data acquisition unit for saving in a monitored data storage unit, as monitored data, packet data that is outputted from a mirror port of a switch, the packet data being outputted from a device being monitored; an unauthorized access detection unit for detecting unauthorized access by determining whether the monitored data is abnormal on the basis of a comparison between the monitored data and assessment rules; and an unauthorized access notification unit for notifying a server of a monitoring center, which is connected to an external network via an external communication unit, that unauthorized access has been detected.
    Type: Grant
    Filed: June 2, 2015
    Date of Patent: November 3, 2020
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Jin Kawasaki, Hiroyasu Tabata, Teruyoshi Yamaguchi, Nobuhiro Kobayashi
  • Publication number: 20200314130
    Abstract: In an attack detection device, a white list storage unit correlates and stores, for each system state, a white list defining system information permitted in the system state. A state estimation unit estimates a current system state of a control system on the basis of communication data communicated between a server device and equipment. An attack determination unit acquires the white list corresponding to the current system state from the white list storage unit, and determines whether or not an attack has been detected, on the basis of the acquired white list and the system information in the current system state.
    Type: Application
    Filed: January 19, 2017
    Publication date: October 1, 2020
    Applicant: Mitsubishi Electric Corporation
    Inventors: Tsunato NAKAI, Teruyoshi YAMAGUCHI, Koichi SHIMIZU, Nobuhiro KOBAYASHI
  • Publication number: 20200092313
    Abstract: An allowed communication list conversion unit (123) assigns one or more flags to request communication and response communication, between which a correspondence relationship is described in a detection rule, and describes, in an allowed communication list, details of a flag operation specifying a value to be set to the flag and a flag condition for determining whether the value to be set is set in the flag, in association with each other. A determination unit (103) sets the value after determining that communication data on the request communication is normal, determines whether the value is set in the flag based on the flag condition when determining whether communication data on the response communication to the request communication is normal, and determines that the communication data on the response communication is normal when the value is set, to thereby reset the flag.
    Type: Application
    Filed: January 20, 2017
    Publication date: March 19, 2020
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Teruyoshi YAMAGUCHI, Tsunato NAKAI, Koichi SHIMIZU, Nobuhiro KOBAYASHI
  • Publication number: 20190141059
    Abstract: A state management unit (210) identifies a state of an operational system, and determines presence or absence of a state transition of the operational system based on the identified state. In a case where there has been a state transition of the operational system, the state management unit determines, with use of a state transition scenario indicating a transition pattern of state transition, whether the state transition of the operational system matches the transition pattern indicated in the state transition scenario. If the state transition of the operational system does not match the transition pattern, an alert output unit (293) outputs an alert. If the state transition of the operational system matches the transition pattern, a whitelist management unit (220) switches whitelists, and an intrusion detection unit (230) performs whitelist-type intrusion detection.
    Type: Application
    Filed: June 23, 2016
    Publication date: May 9, 2019
    Applicant: Mitsubishi Electric Corporation
    Inventors: Koichi SHIMIZU, Teruyoshi YAMAGUCHI, Tsunato NAKAI, Nobuhiro KOBAYASHI
  • Patent number: 10171252
    Abstract: A data determination apparatus of the present invention includes a state transition model storage unit to store a state transition model representing a state transition, a state management unit to hold an operating state of an own apparatus based on the state transition model, a communication permission list storage unit to store, as a communication permission list, communication permitted data whose communications are permitted in respective operating states, a communication unit to obtain communication determination data, and a determination unit to determine whether or not the communication determination data is communication permitted data whose communication has been permitted in a current operating state, using the current operating state and the communication permission list.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: January 1, 2019
    Assignee: Mitsubishi Electric Corporation
    Inventors: Teruyoshi Yamaguchi, Koichi Shimizu, Nobuhiro Kobayashi, Tsunato Nakai
  • Publication number: 20180183816
    Abstract: In the present invention, unauthorized access from outside a facility to a device disposed inside the facility is detected by effectively using the output from a mirror port of a network switch. A gateway device has: a monitored data acquisition unit for saving in a monitored data storage unit, as monitored data, packet data that is outputted from a mirror port of a switch, the packet data being outputted from a device being monitored; an unauthorized access detection unit for detecting unauthorized access by determining whether the monitored data is abnormal on the basis of a comparison between the monitored data and assessment rules; and an unauthorized access notification unit for notifying a server of a monitoring center, which is connected to an external network via an external communication unit, that unauthorized access has been detected.
    Type: Application
    Filed: June 2, 2015
    Publication date: June 28, 2018
    Applicant: Mitsubishi Electric Corporation
    Inventors: Jin KAWASAKI, Hiroyasu TABATA, Teruyoshi YAMAGUCHI, Nobuhiro KOBAYASHI
  • Patent number: 9979697
    Abstract: The present invention relates to: a packet filtering apparatus that represents a rule set for packet filtering being a technique for preventing a cyber-attack, using a tree structure suitable for calculation of a logical expression, thereby improving processing efficiency; and a packet filtering method thereof. The packet filtering apparatus includes: a rule set containing a rule in which a condition and an action are associated with each other, and a Zero-Suppressed Binary Decision Diagram (ZDD) that represents a logical expression in which the condition of the rule is described using a logical variable; a packet analyzing unit to analyze a packet received from a network and extract collation information being a character string to be collated; and a filtering unit to collate the collation information extracted by the packet analyzing unit with the ZDD, execute the action associated with the condition that the collation information matches, and permit or deny communication of the packet.
    Type: Grant
    Filed: May 15, 2015
    Date of Patent: May 22, 2018
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Koichi Shimizu, Teruyoshi Yamaguchi
  • Publication number: 20180069835
    Abstract: The present invention relates to: a packet filtering apparatus that represents a rule set for packet filtering being a technique for preventing a cyber-attack, using a tree structure suitable for calculation of a logical expression, thereby improving processing efficiency; and a packet filtering method thereof. The packet filtering apparatus includes: a rule set containing a rule in which a condition and an action are associated with each other, and a Zero-Suppressed Binary Decision Diagram (ZDD) that represents a logical expression in which the condition of the rule is described using a logical variable; a packet analyzing unit to analyze a packet received from a network and extract collation information being a character string to be collated; and a filtering unit to collate the collation information extracted by the packet analyzing unit with the ZDD, execute the action associated with the condition that the collation information matches, and permit or deny communication of the packet.
    Type: Application
    Filed: May 15, 2015
    Publication date: March 8, 2018
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Koichi SHIMIZU, Teruyoshi YAMAGUCHI
  • Patent number: 9838381
    Abstract: A certificate management apparatus retains an important certificate, while deleting the oldest referenced certificate. An update determination information output unit outputs update determination information being information for determining whether or not to update a certificate. A certificate cache stores the certificate on a volatile memory. An operation unit stores the update determination information output by the update determination information output unit in the certificate cache by relating to the certificate, and based on the update determination information stored in the certificate cache, updates the certificate related to the update determination information.
    Type: Grant
    Filed: February 26, 2014
    Date of Patent: December 5, 2017
    Assignee: Mitsubishi Electric Corporation
    Inventors: Teruyoshi Yamaguchi, Nobuhiro Kobayashi
  • Publication number: 20170279622
    Abstract: A data determination apparatus of the present invention includes a state transition model storage unit to store a state transition model representing a state transition, a state management unit to hold an operating state of an own apparatus based on the state transition model, a communication permission list storage unit to store, as a communication permission list, communication permitted data whose communications are permitted in respective operating states, a communication unit to obtain communication determination data, and a determination unit to determine whether or not the communication determination data is communication permitted data whose communication has been permitted in a current operating state, using the current operating state and the communication permission list.
    Type: Application
    Filed: December 22, 2015
    Publication date: September 28, 2017
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Teruyoshi YAMAGUCHI, Koichi SHIMIZU, Nobuhiro KOBAYASHI, Tsunato NAKAI
  • Publication number: 20170187706
    Abstract: The present invention provides a certificate management apparatus which retains an important certificate, while deleting the oldest referenced certificate. An update determination information output unit outputs update determination information being information for determining whether or not to update a certificate. A certificate cache stores the certificate on a volatile memory. An operation unit stores the update determination information output by the update determination information output unit in the certificate cache by relating to the certificate, and based on the update determination information stored in the certificate cache, updates the certificate related to the update determination information.
    Type: Application
    Filed: February 26, 2014
    Publication date: June 29, 2017
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Teruyoshi YAMAGUCHI, Nobuhiro KOBAYASHI
  • Patent number: 8779825
    Abstract: A delay element delays an output signal Dt from an arithmetic circuit and outputs a delayed signal Dd. An XOR element compares the output signal Dt with the delayed signal Dd, and outputs an XORout signal with the signal value “0” when the signals match each other, and outputs an XORout signal with the signal value “1” when the signals do not match each other. In a flip-flop, when the signal value of the XORout signal at the rise of a clock of a clock signal CK is “0”, the output signal Dt is output from a flip-flop, and when the signal value of the XORout signal at the rise of the clock becomes “1” even once, a fixed value of the signal value “0” continues to be output.
    Type: Grant
    Filed: July 6, 2011
    Date of Patent: July 15, 2014
    Assignee: Mitsubishi Electric Corporation
    Inventors: Tsuneo Sato, Teruyoshi Yamaguchi
  • Publication number: 20130307600
    Abstract: A delay element 3 delays an output signal Dt from an arithmetic circuit 1 and outputs a delayed signal Dd. An XOR element 4 compares the output signal Dt with the delayed signal Dd, and outputs an XORout signal with the signal value “0” when the signals match each other, and outputs an XORout signal with the signal value “1” when the signals do not match each other. In a flip-flop 61, when the signal value of the XORout signal at the rise of a clock of a clock signal CK is “0”, the output signal Dt is output from a flip-flop 6, and when the signal value of the XORout signal at the rise of the clock becomes “1” even once, a fixed value of the signal value “0” continues to be output.
    Type: Application
    Filed: July 6, 2011
    Publication date: November 21, 2013
    Applicant: Mitsubishi Electric Corporation
    Inventors: Tsuneo Sato, Teruyoshi Yamaguchi
  • Publication number: 20110188652
    Abstract: An encryption part (103) inputs a picture data packet (110) including I slice data which is used for intra-frame prediction and a processing on which starts from leading data at a time of data decompression. The encryption part (103) extracts, from the leading portion of the I slice data, data having a data size sufficiently small compared to the data size of the I slice data as a whole, and encrypts only the extracted leading data. Intra-frame prediction cannot be performed when the leading data of the I slice data is not decrypted. Therefore unauthorized decryption and reproduction of motion picture data can be prevented with encryption of a small amount of data.
    Type: Application
    Filed: October 15, 2008
    Publication date: August 4, 2011
    Applicant: Mitsubishi Electric Corporation
    Inventors: Teruyoshi Yamaguchi, Tsuneo Sato
  • Publication number: 20090192068
    Abstract: There is provided a method for producing an essential oil emulsion without using a surfactant, wherein the essential oil emulsion can be easily diluted with water for its use and its emulsified state is stable, wherein the production method is characterized in that it comprises stirring an essential oil at a rotation number between 3,000 and 20,000 rpm in an alkaline solution with a pH value between 9 and 13 for emulsification, wherein the alkaline solution is either an aqueous solution of a compound (a base) that is dissolved in water to generate hydroxide ions (OH?), or an alkaline ionized water generated on the cathode side (on the negative electrode side) when an electrolyte solution containing an electrolyte is decomposed by electrical energy, wherein the aqueous solution preferably has a base concentration between 0.00001 N and 0.01 N and a pH value between pH 9 and 13.
    Type: Application
    Filed: December 24, 2004
    Publication date: July 30, 2009
    Inventors: Tomohiko Ogasawara, Teruyoshi Yamaguchi