专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09935876B2 Communication system, control apparatus, communication apparatus, communication control method, and program 有权
公开(公告)号：US09935876B2
公开(公告)日：2018-04-03
申请号：US14389309
申请日：2013-03-29
申请人： Kentaro Sonoda , Hideyuki Shimonishi , Toshio Koide , Yoichi Hatano , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki , Yuki Ashino , Takeo Ohno
发明人： Kentaro Sonoda , Hideyuki Shimonishi , Toshio Koide , Yoichi Hatano , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki , Yuki Ashino , Takeo Ohno
IPC分类号： H04L12/28 , H04L12/56 , H04L12/741 , H04L12/717 , H04L12/751 , H04L12/721 , G06F9/455 , H04L12/24
CPC分类号： H04L45/74 , G06F9/45558 , G06F2009/45595 , H04L41/04 , H04L45/02 , H04L45/42 , H04L45/70
摘要： A communication system, includes: a node that requests a processing rule for processing a packet; and a control apparatus that notifies the node of the processing rule in response to the request. The control apparatus, upon being notified of change of a connection relationship between a communication apparatus to which a packet is addressed and the node, determines a forwarding path for a packet addressed to the communication apparatus and notifies the node of a processing rule for realizing the forwarding path.

2. 发明授权

US09178910B2 Communication system, control apparatus, policy management apparatus, communication method, and program 有权
标题翻译：通信系统，控制装置，策略管理装置，通信方式和程序
公开(公告)号：US09178910B2
公开(公告)日：2015-11-03
申请号：US13991588
申请日：2011-12-22
申请人： Masaya Yamagata , Masayuki Nakae , Yoichiro Morita , Hideyuki Shimonishi , Kentaro Sonoda
发明人： Masaya Yamagata , Masayuki Nakae , Yoichiro Morita , Hideyuki Shimonishi , Kentaro Sonoda
IPC分类号： G06F7/04 , H04L29/06 , H04L12/927 , H04W12/08 , H04L12/24
CPC分类号： H04L63/20 , H04L41/0893 , H04L47/808 , H04L63/10 , H04W12/08
摘要： The present invention implements detailed access control according to access rights granted to users, by a simple configuration. A communication system includes: a plurality of forwarding nodes that process a received packet in accordance with a processing rule (packet handling operation) associating a matching rule for identifying a flow and processing content to be applied to a packet that conforms with the matching rule; a policy management apparatus provided with an access control policy storage unit that associates roles assigned to users and access rights set for each role, the policy management apparatus providing information related to access rights associated with a role of a user who is successfully authenticated, to a control apparatus; and the control apparatus that creates a path between a terminal of the user who is successfully authenticated and a resource that the user can access, based on information related to access rights received from the policy management apparatus, and sets a processing rule in a forwarding node in the path in question.
摘要翻译：本发明通过简单的配置实现了根据授予用户的访问权限的详细的访问控制。通信系统包括：多个转发节点，根据处理规则（分组处理操作）处理接收到的分组，所述处理规则（分组处理操作）将用于识别流的匹配规则和处理应用于符合匹配规则的分组的内容处理内容相关联; 策略管理装置，其具有将分配给用户的角色和为每个角色设定的访问权限相关联的访问控制策略存储单元，所述策略管理装置向与所述用户的成功认证的角色相关联的访问权限提供与所成功认证的用户有关的信息，控制装置; 以及控制装置，其基于从所述策略管理装置接收到的访问权限的信息，创建成功认证的用户的终端和所述用户可以访问的资源之间的路径，并且在所述转发节点中设置处理规则在有问题的道路上。

3. 发明授权

US08681803B2 Communication system, policy management apparatus, communication method, and program 失效
标题翻译：通信系统，策略管理设备，通信方式和程序
公开(公告)号：US08681803B2
公开(公告)日：2014-03-25
申请号：US13822547
申请日：2012-09-14
申请人： Yoichiro Morita , Masayuki Nakae , Masaya Yamagata , Takayuki Sasaki , Hideyuki Shimonishi , Kentaro Sonoda , Yoichi Hatano
发明人： Yoichiro Morita , Masayuki Nakae , Masaya Yamagata , Takayuki Sasaki , Hideyuki Shimonishi , Kentaro Sonoda , Yoichi Hatano
IPC分类号： H04L12/28
CPC分类号： H04L41/28 , H04L45/38 , H04L45/64
摘要： Authentication apparatus authenticates user using host connected to forwarding node. Policy management apparatus holds access control policy for identifying host under access control using identifier of forwarding node or identifier of user, and links identifier of host under access control and identifier of forwarding node to which host is connected, or identifier of host under access control and identifier of user using host. Forwarding node transmits to policy management apparatus identifier of host connected to own forwarding node and identifier of own forwarding node. Authentication apparatus transmits to policy management apparatus identifier of host connected to forwarding node and identifier of user. Policy management apparatus refers to access control policy and, if host connected to forwarding node is under access control, notifies content of access control to control apparatus as access control list. Control apparatus generates processing rule in accordance with access control list and sets generated processing rule in forwarding nodes.
摘要翻译：验证设备使用连接到转发节点的主机对用户进行认证。策略管理装置保存用于使用转发节点的标识符或用户的标识符的标识下的主机访问控制策略，以及主机所连接的主机的接入控制的标识符和主机所连接的转发节点的标识符，以及访问控制下的主机的标识符，以及使用主机的用户标识符。转发节点发送到连接到自己的转发节点的主机的策略管理设备标识符和自己的转发节点的标识符。认证装置向连接到转发节点的主机和用户的标识符的策略管理装置的标识符发送。策略管理装置是指访问控制策略，如果连接到转发节点的主机正在进行访问控制，则将访问控制的内容通知控制装置作为访问控制列表。控制装置根据访问控制列表生成处理规则，并在转发节点中设置生成的处理规则。

4. 发明申请

US20140075510A1 COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM 有权
标题翻译：通信系统，控制设备，通信方法和程序
公开(公告)号：US20140075510A1
公开(公告)日：2014-03-13
申请号：US14119827
申请日：2012-05-22
申请人： Yoichiro MORITA , Masayuki NAKAE , Hideyuki SHIMONISHI , Kentaro SONODA , Masaya YAMAGATA , NEC Corporation
发明人： Kentaro Sonoda , Hideyuki Shimonishi , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita
IPC分类号： H04L29/06
CPC分类号： H04L63/105 , H04L63/0236 , H04L63/20
摘要： A communication system includes an information acquisition unit that acquires information for determining an isolation level to which a user terminal belongs, from the user terminal; an isolation level determination unit that determines an isolation level to which the user terminal belongs, based on the acquired information; an isolation level information storage unit that defines whether or not access is possible to respective access destinations for each isolation level; an access control unit that causes a forwarding node(s) to implement forwarding or dropping of a packet, in accordance with whether or not access is possible to the respective access destinations; and a forwarding node(s) that forwards a packet in accordance with control of the access control unit. Stepwise access control is realized using isolation levels.
摘要翻译：通信系统包括从用户终端获取用于确定用户终端所属的隔离级别的信息的信息获取单元; 隔离级别确定单元，基于获取的信息确定用户终端所属的隔离级别; 隔离级别信息存储单元，其定义对于每个隔离级别是否可以访问相应的访问目的地; 访问控制单元，其使得转发节点根据是否可以访问相应的访问目的地来实现分组的转发或丢弃; 以及根据访问控制单元的控制转发分组的转发节点。使用隔离级别实现逐步访问控制。

5. 发明申请

US20130160076A1 ACCESS AUTHORITY GENERATION DEVICE 有权
标题翻译：访问授权生成设备
公开(公告)号：US20130160076A1
公开(公告)日：2013-06-20
申请号：US13819060
申请日：2011-06-10
申请人： Yoichiro Morita
发明人： Yoichiro Morita
IPC分类号： G06F21/00
CPC分类号： G06F21/00 , G06F21/604 , G06F2221/2141 , G06F2221/2145 , H04L63/105 , H04L63/20
摘要： A precedence constraint solving means generates a set of authorities without a precedence constraint into a temporary storing means from a set of authorities having a precedence constraint extracted for a role. At this moment, the precedence constraint solving means derives an authority in accordance with an order satisfying the precedence constraint from the set of authorities having the precedence constraint and, when an object of the derived authority includes an object of an authority having the same action already generated in the temporary storing means and permission/denial identifiers of both the authorities are different from each other, divides the derived authority into a plurality of authorities having objects of the same granularity as that of the included object, and stores only an authority having a different object from the included object into the temporary storing means.
摘要翻译：优先约束求解装置从具有为角色提取的优先约束的一组权限生成一组没有优先约束的权限到临时存储装置中。此时，优先约束求解装置根据具有优先约束的权限的集合，根据满足优先约束的顺序导出权限，并且当派生权威的对象包括具有相同动作的权限的对象时在临时存储装置中产生的两个权限的许可/拒绝标识符彼此不同，将派生权限划分为具有与所包含对象相同粒度的对象的多个权限，并且仅存储具有不同的对象从被包括的对象进入临时存储装置。

6. 发明授权

US09755918B2 Communication terminal, method of communication and communication system 有权
公开(公告)号：US09755918B2
公开(公告)日：2017-09-05
申请号：US14345218
申请日：2012-09-14
申请人： Kentaro Sonoda , Yasuhiro Mizukoshi , Hideyuki Shimonishi , Yoichi Hatano , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki
发明人： Kentaro Sonoda , Yasuhiro Mizukoshi , Hideyuki Shimonishi , Yoichi Hatano , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki
IPC分类号： H04L1/00 , H04L12/26 , H04L12/823 , H04L12/801
CPC分类号： H04L43/028 , H04L47/14 , H04L47/32
摘要： A communication terminal comprises: first means that communicates with a network system that includes a forwarding apparatus forwarding a packet and a control apparatus informing the forwarding apparatus of a processing rule prescribing a packet processing method; second means that determines a processing operation to be executed by the network system from among packet processing operations to be executed by the communication terminal; and third means that informs the forwarding apparatus of a processing rule corresponding to the determined packet processing operation.

7. 发明授权

US09363182B2 Communication system, control device, policy management device, communication method, and program 有权
标题翻译：通信系统，控制设备，策略管理设备，通信方式和程序
公开(公告)号：US09363182B2
公开(公告)日：2016-06-07
申请号：US13980029
申请日：2011-08-30
申请人： Hideyuki Shimonishi , Kentaro Sonoda , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita
发明人： Hideyuki Shimonishi , Kentaro Sonoda , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita
IPC分类号： H04L1/00 , H04L12/26 , H04L12/801 , H04L12/24 , H04L29/06
CPC分类号： H04L47/12 , H04L41/0893 , H04L63/0227 , H04L63/08 , H04L63/104 , H04L63/20
摘要： A communication system includes a control device; a forwarding node that processes, in accordance with a processing rule set by control device, a packet transmitted from a user terminal; and a policy management device that manages communication policy and notifies the control device of communication policy that corresponds to a user for whom authentication has succeeded; a setting request transmission permitting unit that, based on notification from the policy management device, sets to a forwarding node that receives a packet from the user terminal a first processing rule causing the forwarding node to make a setting request of processing rule with regard to a packet transmitted from the user terminal; and a path control unit that determines path from user terminal to access destination and sets to forwarding node along the path the second processing rule that corresponds to the path.
摘要翻译：通信系统包括控制装置; 转发节点，其根据由控制装置设置的处理规则处理从用户终端发送的分组; 以及管理通信策略并向所述控制设备通知与认证成功的用户对应的通信策略的策略管理设备; 设置请求发送许可单元，其基于来自所述策略管理装置的通知，对从所述用户终端接收到分组的转发节点设置使得所述转发节点针对a的处理规则进行设定请求的第一处理规则从用户终端发送的报文; 以及路径控制单元，其确定从用户终端到接入目的地的路径，并且沿着路径将对应于路径的第二处理规则设置为转发节点。

8. 发明授权

US09288233B2 Communication control apparatus, communication control method, and program 有权
标题翻译：通信控制装置，通信控制方法和程序
公开(公告)号：US09288233B2
公开(公告)日：2016-03-15
申请号：US14126744
申请日：2012-06-15
申请人： Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Hideyuki Shimonishi , Kentaro Sonoda
发明人： Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Hideyuki Shimonishi , Kentaro Sonoda
IPC分类号： H04L29/06 , H04L12/911 , H04L12/729 , G06F15/16 , G06F17/00 , G06F15/173
CPC分类号： H04L63/20 , H04L45/125 , H04L47/70
摘要： A communication control apparatus controls communication between a first apparatus and a second apparatus connected to the first apparatus via a plurality of relay apparatuses. The communication control apparatus comprises: a communication path generation unit that refers to a control policy including access control and supplementary control that is other than the access control from the first apparatus to the second apparatus and refers to network configuration information about a network configuration among the first apparatus, the second apparatus, and the plurality of relay apparatuses and generates a communication path that matches the control policy from the first apparatus to the second apparatus and goes through at least one of the plurality of relay apparatuses; and a communication path control unit that instructs a relay apparatus(es) on the communication path among the plurality of relay apparatuses to execute the access control and the supplementary control included in the control policy.
摘要翻译：通信控制装置经由多个中继装置控制第一装置与连接到第一装置的第二装置之间的通信。通信控制装置包括：通信路径产生单元，其参考包括从第一设备到第二设备的访问控制以外的访问控制和辅助控制的控制策略，并且参考关于网络配置的网络配置信息第一装置，第二装置和多个中继装置，并且生成与来自第一装置的控制策略相匹配的通信路径到第二装置，并且通过多个中继装置中的至少一个; 以及通信路径控制单元，其指示所述多个中继装置中的所述通信路径上的中继装置执行所述控制策略中包括的所述访问控制和所述辅助控制。

9. 发明授权

US09256716B2 Access authority generation device 有权
标题翻译：访问权限生成设备
公开(公告)号：US09256716B2
公开(公告)日：2016-02-09
申请号：US13819060
申请日：2011-06-10
申请人： Yoichiro Morita
发明人： Yoichiro Morita
IPC分类号： G06F21/00 , G06F21/60 , H04L29/06
CPC分类号： G06F21/00 , G06F21/604 , G06F2221/2141 , G06F2221/2145 , H04L63/105 , H04L63/20
摘要： A precedence constraint solving means generates a set of authorities without a precedence constraint into a temporary storing means from a set of authorities having a precedence constraint extracted for a role. At this moment, the precedence constraint solving means derives an authority in accordance with an order satisfying the precedence constraint from the set of authorities having the precedence constraint and, when an object of the derived authority includes an object of an authority having the same action already generated in the temporary storing means and permission/denial identifiers of both the authorities are different from each other, divides the derived authority into a plurality of authorities having objects of the same granularity as that of the included object, and stores only an authority having a different object from the included object into the temporary storing means.
摘要翻译：优先约束求解装置从具有为角色提取的优先约束的一组权限生成一组没有优先约束的权限到临时存储装置中。此时，优先约束求解装置根据具有优先约束的权限的集合，根据满足优先约束的顺序导出权限，并且当派生权威的对象包括具有相同动作的权限的对象时在临时存储装置中产生的两个权限的许可/拒绝标识符彼此不同，将派生权限划分为具有与所包含对象相同粒度的对象的多个权限，并且仅存储具有不同的对象从被包括的对象进入临时存储装置。

10. 发明申请

US20150078169A1 Communication Terminal, Method of Communication and Communication System 有权
标题翻译：通信终端，通信和通信系统方法
公开(公告)号：US20150078169A1
公开(公告)日：2015-03-19
申请号：US14345218
申请日：2012-09-14
申请人： Kentaro Sonoda , Yasuhiro Mizukoshi , Hideyuki Shimonishi , Yoichi Hatano , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki
发明人： Kentaro Sonoda , Yasuhiro Mizukoshi , Hideyuki Shimonishi , Yoichi Hatano , Masayuki Nakae , Masaya Yamagata , Yoichiro Morita , Takayuki Sasaki
IPC分类号： H04L12/26 , H04L12/801 , H04L12/823
CPC分类号： H04L43/028 , H04L47/14 , H04L47/32
摘要： A communication terminal comprises: first means that communicates with a network system that includes a forwarding apparatus forwarding a packet and a control apparatus informing the forwarding apparatus of a processing rule prescribing a packet processing method; second means that determines a processing operation to be executed by the network system from among packet processing operations to be executed by the communication terminal; and third means that informs the forwarding apparatus of a processing rule corresponding to the determined packet processing operation.
摘要翻译：通信终端包括：第一装置，其与包括转发分组的转发装置的网络系统和通知转发装置的控制装置进行通信，该处理规则规定分组处理方法; 第二装置，从通信终端执行的分组处理操作中确定由网络系统执行的处理操作; 第三装置向转发装置通知与所确定的分组处理操作相对应的处理规则。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式