Patent application number | Description | Published |
20080222694 | System, server, and program for access right management - Each domain is provided with an access right management device which creates a resource-sharing policy and performs processing for resource-sharing policy negotiation between a plurality of domain administrators. An access right management device that has created a resource-sharing policy identifies, for each policy unit included in the resource-sharing policy, an access right management device that is a negotiating partner to negotiate with about the policy unit in question. The access right management device generates negotiation information including an identification name of the identified negotiating-partner access right management device and the policy unit in question and sends the negotiation information to the negotiating-partner access right management device. Only when all policy units are agreed on by respective identified negotiating-partner access right management devices, the resource-sharing policy is set on shared resources. | 09-11-2008 |
20080282339 | ATTACK DEFENDING SYSTEM AND ATTACK DEFENDING METHOD - An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source. | 11-13-2008 |
20090268912 | DATA USE MANAGING SYSTEM - [Problems] To provide a data use managing system which forces a face- to face permission by an administrator of confidential data when using the confidential data stored in mobile terminal. | 10-29-2009 |
20110179412 | INFORMATION SHARING SYSTEM, COMPUTER, PROJECT MANAGING SERVER, AND INFORMATION SHARING METHOD USED IN THEM - A project managing unit | 07-21-2011 |
20110289550 | POLICY MANAGEMENT APPARATUS, POLICY MANAGEMENT SYSTEM, AND METHOD AND PROGRAM USED FOR THE SAME - There are provided a role information storing unit ( | 11-24-2011 |
20120246478 | INFORMATION SHARING SYSTEM, COMPUTER, PROJECT MANAGING SERVER, AND INFOMATION SHARING METHOD USED IN THEM - A project managing unit | 09-27-2012 |
20120296878 | FILE SET CONSISTENCY VERIFICATION SYSTEM, FILE SET CONSISTENCY VERIFICATION METHOD, AND FILE SET CONSISTENCY VERIFICATION PROGRAM - A check code generating means 10 generates, based on metadata of files satisfying a designated condition, a first check code uniquely representing a characteristic of a first file set whose components are files satisfying the condition. Moreover, the check code generating means | 11-22-2012 |
20130148500 | TERMINAL, CONTROL DEVICE, COMMUNICATION METHOD, COMMUNICATION SYSTEM, COMMUNICATION MODULE, PROGRAM, AND INFORMATION PROCESSING DEVICE - A terminal communicating via a network including a forwarding device(s) for forwarding a packet and a control device for controlling the forwarding device(s) in accordance with a request from the forwarding device, includes: a communication unit that receives a processing rule specifying a process of adding, to a packet, quality information related to communication quality with respect to the terminal, from the control device, a memory unit that stores the received processing rule, and a processing unit that in a case of communicating via the network, adds quality information to a packet in accordance with a processing rule that corresponds to the packet by referring to the processing rule stored in the memory unit. | 06-13-2013 |
20130159788 | OPERATION VERIFICATION SUPPORT DEVICE, OPERATION VERIFICATION SUPPORT METHOD AND OPERATION VERIFICATION SUPPORT PROGRAM - At a time of operation verification of programs associated with an update of a shared program, information about a functionality necessary to be verified on a target program of operation verification can be presented. | 06-20-2013 |
20130195112 | COMMUNICATION SYSTEM, POLICY MANAGEMENT APPARTATUS, COMMUNICATION METHOD, AND PROGRAM - Authentication apparatus authenticates user using host connected to forwarding node. Policy management apparatus holds access control policy for identifying host under access control using identifier of forwarding node or identifier of user, and links identifier of host under access control and identifier of forwarding node to which host is connected, or identifier of host under access control and identifier of user using host. Forwarding node transmits to policy management apparatus identifier of host connected to own forwarding node and identifier of own forwarding node. Authentication apparatus transmits to policy management apparatus identifier of host connected to forwarding node and identifier of user. Policy management apparatus refers to access control policy and, if host connected to forwarding node is under access control, notifies content of access control to control apparatus as access control list. Control apparatus generates processing rule in accordance with access control list and sets generated processing rule in forwarding nodes. | 08-01-2013 |
20130263214 | COMMUNICATION SYSTEM, CONTROL APPARATUS, POLICY MANAGEMENT APPARATUS, COMMUNICATION METHOD, AND PROGRAM - The present invention implements detailed access control according to access rights granted to users, by a simple configuration. A communication system includes: a plurality of forwarding nodes that process a received packet in accordance with a processing rule (packet handling operation) associating a matching rule for identifying a flow and processing content to be applied to a packet that conforms with the matching rule; a policy management apparatus provided with an access control policy storage unit that associates roles assigned to users and access rights set for each role, the policy management apparatus providing information related to access rights associated with a role of a user who is successfully authenticated, to a control apparatus; and the control apparatus that creates a path between a terminal of the user who is successfully authenticated and a resource that the user can access, based on information related to access rights received from the policy management apparatus, and sets a processing rule in a forwarding node in the path in question. | 10-03-2013 |
20130275620 | COMMUNICATION SYSTEM, CONTROL APPARATUS, COMMUNICATION METHOD, AND PROGRAM - A communication system comprises: a plurality of forwarding nodes processing an incoming packet in accordance with a processing rule (packet handling operation) in which a matching rule for determining a packet to be processed and a processing content applied to a packet matching the matching rule are associated with each other; an address management apparatus giving an address to a host; and a control apparatus first setting a first processing rule for realizing communication between the host and the address management apparatus in a forwarding node between the host and the address management apparatus and thereafter setting a second processing rule for realizing communication between a host given an address by the address management apparatus and a predetermined network resource. | 10-17-2013 |
20130322257 | COMMUNICATION SYSTEM, CONTROL DEVICE, POLICY MANAGEMENT DEVICE, COMMUNICATION METHOD, AND PROGRAM - A communication system includes a control device; a forwarding node that processes, in accordance with a processing rule set by control device, a packet transmitted from a user terminal; and a policy management device that manages communication policy and notifies the control device of communication policy that corresponds to a user for whom authentication has succeeded; a setting request transmission permitting unit that, based on notification from the policy management device, sets to a forwarding node that receives a packet from the user terminal a first processing rule causing the forwarding node to make a setting request of processing rule with regard to a packet transmitted from the user terminal; and a path control unit that determines path from user terminal to access destination and sets to forwarding node along the path the second processing rule that corresponds to the path. | 12-05-2013 |
20130329738 | COMMUNICATION SYSTEM, DATA BASE, CONTROL APPARATUS, COMMUNICATION METHOD, AND PROGRAM - A communication system comprises: a plurality of forwarding nodes each of which processes an incoming packet in accordance with a packet handling operation; a data base which stores a first table for determining a role of a user of a source node from information about the source node and a second table for defining an accessible or inaccessible resource for each role and which transmits a response about a resource accessible or inaccessible by the user of the source node in response to a request from a control apparatus; and a control apparatus which uses, when receiving a request for setting the processing rule from any one of the forwarding nodes, information about the source node included in the request for setting the processing rule, querying the data base for a resource accessible or inaccessible by the user of the source node, creating the processing rule based on the response from the data base, and setting the processing rule in the forwarding node. | 12-12-2013 |
20140075510 | COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM - A communication system includes an information acquisition unit that acquires information for determining an isolation level to which a user terminal belongs, from the user terminal; an isolation level determination unit that determines an isolation level to which the user terminal belongs, based on the acquired information; an isolation level information storage unit that defines whether or not access is possible to respective access destinations for each isolation level; an access control unit that causes a forwarding node(s) to implement forwarding or dropping of a packet, in accordance with whether or not access is possible to the respective access destinations; and a forwarding node(s) that forwards a packet in accordance with control of the access control unit. Stepwise access control is realized using isolation levels. | 03-13-2014 |
20140079070 | TERMINAL, CONTROL DEVICE, COMMUNICATION METHOD, COMMUNICATION SYSTEM, COMMUNICATION MODULE, PROGRAM, AND INFORMATION PROCESSING DEVICE - A terminal communicating with a network including a forwarding device for forwarding a packet and a control device for controlling the forwarding device in accordance with a request from the forwarding device, includes: a communication unit that receives a processing rule specifying a method of processing the packet, which is determined by the control device, from the control device, a storage unit that stores the received processing rule, and a processing unit that in a case of communicating with the network, processes the packet in accordance with the processing rule that corresponds to the packet by referring to the processing rule stored in the storage unit. | 03-20-2014 |
20140098674 | COMMUNICATION SYSTEM, CONTROL DEVICE, AND PROCESSING RULE SETTING METHOD AND PROGRAM - A communication system includes: a plurality of forwarding nodes that process a packet transmitted from a user terminal, in accordance with a processing rule that has been set, and a control device that selects a forwarding node in which a processing rule is to be set, from among the plurality of forwarding nodes, such that processing rules are set so as not to be concentrated in a specific forwarding node, based on the number of processing rules that are set in each of the forwarding nodes. | 04-10-2014 |
20140123215 | COMMUNICATION CONTROL APPARATUS, COMMUNICATION CONTROL METHOD, AND PROGRAM - A communication control apparatus controls communication between a first apparatus and a second apparatus connected to the first apparatus via a plurality of relay apparatuses. The communication control apparatus comprises: a communication path generation unit that refers to a control policy including access control and supplementary control that is other than the access control from the first apparatus to the second apparatus and refers to network configuration information about a network configuration among the first apparatus, the second apparatus, and the plurality of relay apparatuses and generates a communication path that matches the control policy from the first apparatus to the second apparatus and goes through at least one of the plurality of relay apparatuses; and a communication path control unit that instructs a relay apparatus(es) on the communication path among the plurality of relay apparatuses to execute the access control and the supplementary control included in the control policy. | 05-01-2014 |
20140247714 | TERMINAL, CONTROL DEVICE, COMMUNICATION METHOD, COMMUNICATION SYSTEM, COMMUNICATION MODULE, PROGRAM, AND INFORMATION PROCESSING DEVICE - A terminal communicating with a network including a forwarding device(s) for forwarding a packet and a control device for controlling the forwarding device(s) in accordance with a request from the forwarding device, includes: a communication unit that receives a processing rule indicating that a packet for communicating with a first destination is changed so as to communicate with a second destination, from the control device; a storage unit that stores the received processing rule, and a processing unit that in a case of communicating with the network, changes a destination of a packet in accordance with a processing rule that corresponds to the packet by referring to the processing rule stored in the storage unit. | 09-04-2014 |
20140341019 | COMMUNICATION SYSTEM, CONTROL APPARATUS, AND COMMUNICATION METHOD - A communication system includes: a forwarding node(s) in which a first packet handling operation(s) for processing incoming packets is set and which processes packets in accordance with the packet handling operation(s); a first control apparatus setting the first packet handling operation(s) in the forwarding node(s); a flow control node(s) arranged upstream of the forwarding node(s); and a second control apparatus setting a second packet handling operation(s) in the flow control node(s). The flow control node(s) intercepts forwarding of packets that do not satisfy a predetermined condition(s) to the forwarding node(s) in accordance with the second packet handling operation(s). | 11-20-2014 |
20140341219 | Communication Terminal, Method of Communication, Communication System and Control Apparatus - A communication terminal comprises: first unit that communicates with a network system that includes a forwarding apparatus forwarding a packet and a control apparatus informing the forwarding apparatus of a processing rule prescribing a packet processing method; second unit that determines a processing operation to be executed by the network system from among packet processing operations to be executed by the communication terminal; and third unit that requests the control apparatus to inform the forwarding apparatus of a processing rule corresponding to the determined packet processing operation. | 11-20-2014 |
20150049766 | ROUTE REQUEST MEDIATION APPARATUS, CONTROL APPARATUS, ROUTE REQUEST MEDIATION METHOD AND PROGRAM - A route request mediation apparatus comprises a resource management unit that manages a resource of a network to be managed; a request receiving unit that receives a route request with an added service level condition from a user or another route request mediation apparatus; a negotiation status management unit that forwards the route request to a destination specified by the route request, and manages a negotiation status based on a response from the destination; an acceptance assessment unit that assesses whether or not to accept the route request by referring to the negotiation status managed by the negotiation status management unit and to the resource management unit; and a response sending unit that responds with an assessment result that indicates whether or not the route request is accepted to the request source of the route request. | 02-19-2015 |
20150063354 | COMMUNICATION SYSTEM, CONTROL APPARATUS, COMMUNICATION APPARATUS, COMMUNICATION CONTROL METHOD, AND PROGRAM - A communication system, includes: a node that requests a processing rule for processing a packet; and a control apparatus that notifies the node of the processing rule in response to the request. The control apparatus, upon being notified of change of a connection relationship between a communication apparatus to which a packet is addressed and the node, determines a forwarding path for a packet addressed to the communication apparatus and notifies the node of a processing rule for realizing the forwarding path. | 03-05-2015 |
20150078169 | Communication Terminal, Method of Communication and Communication System - A communication terminal comprises: first means that communicates with a network system that includes a forwarding apparatus forwarding a packet and a control apparatus informing the forwarding apparatus of a processing rule prescribing a packet processing method; second means that determines a processing operation to be executed by the network system from among packet processing operations to be executed by the communication terminal; and third means that informs the forwarding apparatus of a processing rule corresponding to the determined packet processing operation. | 03-19-2015 |
20150081755 | VISUALIZATION DEVICE, VISUALIZATION SYSTEM, AND VISUALIZATION METHOD - A visualization device is communicable with one or a plurality of host servers for hosting a virtual system, and includes an information acquisition unit for collecting configuration information on the virtual system and the host server, a storage unit for storing the configuration information therein, and a drawing unit for expressing a virtual machine and a virtual network configuring the virtual system with different axes based on the configuration information stored in the storage unit, expressing a connection relationship between a virtual machine and a virtual network by linking the lines extending from the respective axes, and grouping virtual machines in units of server on which the virtual machines operate thereby to generate drawing information for expressing the configuration of the virtual system and the host server. | 03-19-2015 |