Patents by Inventor Teruyoshi Yamaguchi
Teruyoshi Yamaguchi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11914682Abstract: When a hash expected value, which is an expected value of a hash value of activation software, is stored in a storing unit (111), a security calculation unit (110) compares the hash value of the activation software with the hash expected value. A main calculation unit (109) activates the activation software when the hash value and the hash expected value match, and stops a process when both do not match. The main calculation unit (109) performs signature verification for the activation software when the hash expected value is not stored in the storing unit (111), and stores in the storing unit (111) as the hash value expected value, the hash value of the activation software as well as activates the activation software when the signature verification is successful. The main calculation unit (109) stops a process when the signature verification is not successful.Type: GrantFiled: March 3, 2021Date of Patent: February 27, 2024Assignee: MITSUBISHI ELECTRIC CORPORATIONInventors: Teruyoshi Yamaguchi, Nobuhiro Kobayashi
-
Publication number: 20230353589Abstract: An intrusion detection device (101) includes a fragment calculation unit (103) and a determination unit (105). The fragment calculation unit (103) receives a fragmented packet that conforms to the Internet protocol suite as a received packet. The determination unit (105) determines whether each of entries included in a whitelist is a partial match entry that is decided depending on the received packet. A transmission source IP address and a target partial payload that are indicated in the partial match entry respectively match a transmission source IP address and a payload that are indicated in the received packet. The target partial payload is data located in an area that is in a payload of the partial match entry and starts at a location corresponding to a fragment offset indicated in the received packet.Type: ApplicationFiled: June 23, 2023Publication date: November 2, 2023Applicant: Mitsubishi Electric CorporationInventors: Teruyoshi YAMAGUCHI, Daisuke SUZUKI
-
Patent number: 11665165Abstract: An object of this invention is to obtain a whitelist generator with which the accuracy of data relating to the specifications of normal communication serving as an automatic generation source can be guaranteed, whereby the accuracy of a generated whitelist can be guaranteed over an entire whitelist generation flow. The whitelist generator is applied to a system formed from a plurality of devices, the plurality of devices being configured to exchange data with each other, in order to generate a whitelist used for whitelisting intrusion detection, and includes a model verification unit that verifies, on the basis of an input model, at least one of whether or not normal communication in the system has been modeled correctly and whether or not the model is logically consistent, and a model conversion unit that converts the verified model into a whitelist.Type: GrantFiled: January 23, 2017Date of Patent: May 30, 2023Assignee: Mitsubishi Electric CorporationInventors: Koichi Shimizu, Teruyoshi Yamaguchi, Tsunato Nakai, Takeshi Ueda, Nobuhiro Kobayashi, Benoit Boyer
-
Publication number: 20230007019Abstract: A relay device includes a first input/output unit (111), a second input/output unit (112), a security monitoring unit (121) that determines whether or not a packet input to the first input/output unit (111) or the second input/output unit (112) is normal, and a relay unit (113) that outputs a packet determined to be normal by the security monitoring unit (121) from the first input/output unit (111) or the second input/output unit (112); the security monitoring unit (121) uses a whitelist to perform whitelist-based attack detection to determine whether or not a packet is normal, and uses a learning model learned through machine learning to perform machine-learning-based attack detection on a packet that is not determined to be normal through the whitelist-based attack detection, to determine whether or not the packet is normal.Type: ApplicationFiled: January 15, 2020Publication date: January 5, 2023Applicant: Mitsubishi Electric CorporationInventors: Tatsunori MINAMI, Teruyoshi YAMAGUCHI
-
Patent number: 11522685Abstract: A key management apparatus receives a key request including a first device identification information and a second device identification information, encrypts a common key using the first device identification information to generate a first encrypted common key, encrypts the common key using the second device identification information to generate a second encrypted common key, and transmits a key response including the first encrypted common key and the second encrypted common key. A first device receives the key response, decrypts the first encrypted common key using the first device identification information to obtain the common key, and transmits the second encrypted common key. A second device receives the second encrypted common key and decrypts the second encrypted common key using the second device identification information to obtain the common key.Type: GrantFiled: April 14, 2017Date of Patent: December 6, 2022Assignee: Mitsubishi Electric CorporationInventors: Masamichi Tanji, Makoto Itoi, Nobuhiro Kobayashi, Teruyoshi Yamaguchi
-
Patent number: 11089033Abstract: A state detection section (105) detects states of a plurality of controllers (300, 400) included in a communication system (600). An attack determination section (103) selects, from among a plurality of whitelists (110) each of which is associated with a combination of states, a whitelist (110) associated with the combination of the states of the plurality of controllers (300, 400) detected by the state detection section (105). The attack determination section (103) detects an attack on the communication system (600) by using the selected whitelist (110).Type: GrantFiled: April 26, 2016Date of Patent: August 10, 2021Assignee: MITSUBISHI ELECTRIC CORPORATIONInventors: Tsunato Nakai, Teruyoshi Yamaguchi, Koichi Shimizu, Nobuhiro Kobayashi
-
Patent number: 11070577Abstract: An allowed communication list conversion unit (123) assigns one or more flags to request communication and response communication, between which a correspondence relationship is described in a detection rule, and describes, in an allowed communication list, details of a flag operation specifying a value to be set to the flag and a flag condition for determining whether the value to be set is set in the flag, in association with each other. A determination unit (103) sets the value after determining that communication data on the request communication is normal, determines whether the value is set in the flag based on the flag condition when determining whether communication data on the response communication to the request communication is normal, and determines that the communication data on the response communication is normal when the value is set, to thereby reset the flag.Type: GrantFiled: January 20, 2017Date of Patent: July 20, 2021Assignee: MITSUBISHI ELECTRIC CORPORATIONInventors: Teruyoshi Yamaguchi, Tsunato Nakai, Koichi Shimizu, Nobuhiro Kobayashi
-
Patent number: 11057401Abstract: A state detection section (105) detects states of a plurality of controllers (300, 400) included in a communication system (600). An attack determination section (103) selects, from among a plurality of whitelists (110) each of which is associated with a combination of states, a whitelist (110) associated with the combination of the states of the plurality of controllers (300, 400) detected by the state detection section (105). The attack determination section (103) detects an attack on the communication system (600) by using the selected whitelist (110).Type: GrantFiled: April 26, 2016Date of Patent: July 6, 2021Assignee: MITSUBISHI ELECTRIC CORPORATIONInventors: Tsunato Nakai, Teruyoshi Yamaguchi, Koichi Shimizu, Nobuhiro Kobayashi
-
Publication number: 20210192014Abstract: When a hash expected value, which is an expected value of a hash value of activation software, is stored in a storing unit (111), a security calculation unit (110) compares the hash value of the activation software with the hash expected value. A main calculation unit (109) activates the activation software when the hash value and the hash expected value match, and stops a process when both do not match. The main calculation unit (109) performs signature verification for the activation software when the hash expected value is not stored in the storing unit (111), and stores in the storing unit (111) as the hash value expected value, the hash value of the activation software as well as activates the activation software when the signature verification is successful. The main calculation unit (109) stops a process when the signature verification is not successful.Type: ApplicationFiled: March 3, 2021Publication date: June 24, 2021Applicant: Mitsubishi Electric CorporationInventors: Teruyoshi YAMAGUCHI, Nobuhiro KOBAYASHI
-
Publication number: 20210111874Abstract: A key management apparatus receives a key request including a first device identification information and a second device identification information, encrypts a common key using the first device identification information to generate a first encrypted common key, encrypts the common key using the second device identification information to generate a second encrypted common key, and transmits a key response including the first encrypted common key and the second encrypted common key. A first device receives the key response, decrypts the first encrypted common key using the first device identification information to obtain the common key, and transmits the second encrypted common key. A second device receives the second encrypted common key and decrypts the second encrypted common key using the second device identification information to obtain the common key.Type: ApplicationFiled: April 14, 2017Publication date: April 15, 2021Applicant: Mitsubishi Electric CorporationInventors: Masamichi TANJI, Makoto ITOI, Nobuhiro KOBAYASHI, Teruyoshi YAMAGUCHI
-
Publication number: 20210112062Abstract: An object of this invention is to obtain a whitelist generator with which the accuracy of data relating to the specifications of normal communication serving as an automatic generation source can be guaranteed, whereby the accuracy of a generated whitelist can be guaranteed over an entire whitelist generation flow. The whitelist generator is applied to a system formed from a plurality of devices, the plurality of devices being configured to exchange data with each other, in order to generate a whitelist used for whitelisting intrusion detection, and includes a model verification unit that verifies, on the basis of an input model, at least one of whether or not normal communication in the system has been modeled correctly and whether or not the model is logically consistent, and a model conversion unit that converts the verified model into a whitelist.Type: ApplicationFiled: January 23, 2017Publication date: April 15, 2021Applicant: MITSUBISHI ELECTRIC CORPORATIONInventors: Koichi SHIMIZU, Teruyoshi YAMAGUCHI, Tsunato NAKAI, Takeshi UEDA, Nobuhiro KOBAYASHI, Benoit BOYER
-
Publication number: 20210006570Abstract: A state detection section (105) detects states of a plurality of controllers (300, 400) included in a communication system (600). An attack determination section (103) selects, from among a plurality of whitelists (110) each of which is associated with a combination of states, a whitelist (110) associated with the combination of the states of the plurality of controllers (300, 400) detected by the state detection section (105). The attack determination section (103) detects an attack on the communication system (600) by using the selected whitelist (110).Type: ApplicationFiled: April 26, 2016Publication date: January 7, 2021Applicant: MITSUBISHI ELECTRIC CORPORATIONInventors: Tsunato NAKAI, Teruyoshi YAMAGUCHI, Koichi SHIMIZU, Nobuhiro KOBAYASHI
-
Patent number: 10826915Abstract: In the present invention, unauthorized access from outside a facility to a device disposed inside the facility is detected by effectively using the output from a mirror port of a network switch. A gateway device has: a monitored data acquisition unit for saving in a monitored data storage unit, as monitored data, packet data that is outputted from a mirror port of a switch, the packet data being outputted from a device being monitored; an unauthorized access detection unit for detecting unauthorized access by determining whether the monitored data is abnormal on the basis of a comparison between the monitored data and assessment rules; and an unauthorized access notification unit for notifying a server of a monitoring center, which is connected to an external network via an external communication unit, that unauthorized access has been detected.Type: GrantFiled: June 2, 2015Date of Patent: November 3, 2020Assignee: MITSUBISHI ELECTRIC CORPORATIONInventors: Jin Kawasaki, Hiroyasu Tabata, Teruyoshi Yamaguchi, Nobuhiro Kobayashi
-
Publication number: 20200314130Abstract: In an attack detection device, a white list storage unit correlates and stores, for each system state, a white list defining system information permitted in the system state. A state estimation unit estimates a current system state of a control system on the basis of communication data communicated between a server device and equipment. An attack determination unit acquires the white list corresponding to the current system state from the white list storage unit, and determines whether or not an attack has been detected, on the basis of the acquired white list and the system information in the current system state.Type: ApplicationFiled: January 19, 2017Publication date: October 1, 2020Applicant: Mitsubishi Electric CorporationInventors: Tsunato NAKAI, Teruyoshi YAMAGUCHI, Koichi SHIMIZU, Nobuhiro KOBAYASHI
-
Publication number: 20200092313Abstract: An allowed communication list conversion unit (123) assigns one or more flags to request communication and response communication, between which a correspondence relationship is described in a detection rule, and describes, in an allowed communication list, details of a flag operation specifying a value to be set to the flag and a flag condition for determining whether the value to be set is set in the flag, in association with each other. A determination unit (103) sets the value after determining that communication data on the request communication is normal, determines whether the value is set in the flag based on the flag condition when determining whether communication data on the response communication to the request communication is normal, and determines that the communication data on the response communication is normal when the value is set, to thereby reset the flag.Type: ApplicationFiled: January 20, 2017Publication date: March 19, 2020Applicant: MITSUBISHI ELECTRIC CORPORATIONInventors: Teruyoshi YAMAGUCHI, Tsunato NAKAI, Koichi SHIMIZU, Nobuhiro KOBAYASHI
-
Publication number: 20190141059Abstract: A state management unit (210) identifies a state of an operational system, and determines presence or absence of a state transition of the operational system based on the identified state. In a case where there has been a state transition of the operational system, the state management unit determines, with use of a state transition scenario indicating a transition pattern of state transition, whether the state transition of the operational system matches the transition pattern indicated in the state transition scenario. If the state transition of the operational system does not match the transition pattern, an alert output unit (293) outputs an alert. If the state transition of the operational system matches the transition pattern, a whitelist management unit (220) switches whitelists, and an intrusion detection unit (230) performs whitelist-type intrusion detection.Type: ApplicationFiled: June 23, 2016Publication date: May 9, 2019Applicant: Mitsubishi Electric CorporationInventors: Koichi SHIMIZU, Teruyoshi YAMAGUCHI, Tsunato NAKAI, Nobuhiro KOBAYASHI
-
Patent number: 10171252Abstract: A data determination apparatus of the present invention includes a state transition model storage unit to store a state transition model representing a state transition, a state management unit to hold an operating state of an own apparatus based on the state transition model, a communication permission list storage unit to store, as a communication permission list, communication permitted data whose communications are permitted in respective operating states, a communication unit to obtain communication determination data, and a determination unit to determine whether or not the communication determination data is communication permitted data whose communication has been permitted in a current operating state, using the current operating state and the communication permission list.Type: GrantFiled: December 22, 2015Date of Patent: January 1, 2019Assignee: Mitsubishi Electric CorporationInventors: Teruyoshi Yamaguchi, Koichi Shimizu, Nobuhiro Kobayashi, Tsunato Nakai
-
Publication number: 20180183816Abstract: In the present invention, unauthorized access from outside a facility to a device disposed inside the facility is detected by effectively using the output from a mirror port of a network switch. A gateway device has: a monitored data acquisition unit for saving in a monitored data storage unit, as monitored data, packet data that is outputted from a mirror port of a switch, the packet data being outputted from a device being monitored; an unauthorized access detection unit for detecting unauthorized access by determining whether the monitored data is abnormal on the basis of a comparison between the monitored data and assessment rules; and an unauthorized access notification unit for notifying a server of a monitoring center, which is connected to an external network via an external communication unit, that unauthorized access has been detected.Type: ApplicationFiled: June 2, 2015Publication date: June 28, 2018Applicant: Mitsubishi Electric CorporationInventors: Jin KAWASAKI, Hiroyasu TABATA, Teruyoshi YAMAGUCHI, Nobuhiro KOBAYASHI
-
Patent number: 9979697Abstract: The present invention relates to: a packet filtering apparatus that represents a rule set for packet filtering being a technique for preventing a cyber-attack, using a tree structure suitable for calculation of a logical expression, thereby improving processing efficiency; and a packet filtering method thereof. The packet filtering apparatus includes: a rule set containing a rule in which a condition and an action are associated with each other, and a Zero-Suppressed Binary Decision Diagram (ZDD) that represents a logical expression in which the condition of the rule is described using a logical variable; a packet analyzing unit to analyze a packet received from a network and extract collation information being a character string to be collated; and a filtering unit to collate the collation information extracted by the packet analyzing unit with the ZDD, execute the action associated with the condition that the collation information matches, and permit or deny communication of the packet.Type: GrantFiled: May 15, 2015Date of Patent: May 22, 2018Assignee: MITSUBISHI ELECTRIC CORPORATIONInventors: Koichi Shimizu, Teruyoshi Yamaguchi
-
Publication number: 20180069835Abstract: The present invention relates to: a packet filtering apparatus that represents a rule set for packet filtering being a technique for preventing a cyber-attack, using a tree structure suitable for calculation of a logical expression, thereby improving processing efficiency; and a packet filtering method thereof. The packet filtering apparatus includes: a rule set containing a rule in which a condition and an action are associated with each other, and a Zero-Suppressed Binary Decision Diagram (ZDD) that represents a logical expression in which the condition of the rule is described using a logical variable; a packet analyzing unit to analyze a packet received from a network and extract collation information being a character string to be collated; and a filtering unit to collate the collation information extracted by the packet analyzing unit with the ZDD, execute the action associated with the condition that the collation information matches, and permit or deny communication of the packet.Type: ApplicationFiled: May 15, 2015Publication date: March 8, 2018Applicant: MITSUBISHI ELECTRIC CORPORATIONInventors: Koichi SHIMIZU, Teruyoshi YAMAGUCHI