Kouji Nakao

Abstract: When an access from an intruder is detected, a destination rewriting section 441 of a converting section 44 rewrites a destination [regular] which has been registered in an access command [http . . . /regular/doc] to a directory [decoy] of a decoy region 42. A communication application 43 accesses the decoy region 42 designated by the access command. A response converting section 442 of the converting section 44 rewrites a response [success/decoy/doc] returned from the communication application 43 to the content [success/regular/doc] expressing a message where the access to the regular region 41 has been succeeded.

Abstract: The authors have proposed a secure communications service element (SCSE) which can provide such security functions as authentification, information confidentiality, and data integrity (prevention of data modification), as application service elements (ASE) in the open-type system interconnection(OSI) application layer. The proposal is evaluated highly from the viewpoint of OSI protocol design technique to realize the security function. This paper attempts to verify the realizability of the proposed SCSE and the applicability to OSI communication. Further, it reports on the design of the SCSE software package and the implementation/evaluation. In the implementation/evaluation of the proposed package, especially, it is intended to demonstrate the applicability to OSI communication applications. As typical examples of SCSE applications, file transfer access and management (FTAM) assuming the totally duplicate communication function in the session layer, as well as document transfer and manipulation (DTAM) assuming the use of the semiduplicate communication function are adopted. Through the verification experiment such as the measurement of the processing load, the practical usefulness and the applicability of SCSE are evaluated. As a result, it is shown that the efficient OSI security communication system can be realized by SCSE. Since the proposed approach can be applied to the totally duplicate and the semiduplicate communications, it is shown that the method is applicable to all OSI communication applications.

Abstract: The authors have proposed a secure communications service element (SCSE) which can provide such security functions as authentification, information confidentiality, and data integrity (prevention of data modification), as application service elements (ASE) in the open-type system interconnection(OSI) application layer. The proposal is evaluated highly from the viewpoint of OSI protocol design technique to realize the security function. This paper attempts to verify the realizability of the proposed SCSE and the applicability to OSI communication. Further, it reports on the design of the SCSE software package and the implementation/evaluation. In the implementation/evaluation of the proposed package, especially, it is intended to demonstrate the applicability to OSI communication applications. As typical examples of SCSE applications, file transfer access and management (FTAM) assuming the totally duplicate communication function in the session layer, as well as document transfer and manipulation (DTAM) assuming the use of the semiduplicate communication function are adopted. Through the verification experiment such as the measurement of the processing load, the practical usefulness and the applicability of SCSE are evaluated. As a result, it is shown that the efficient OSI security communication system can be realized by SCSE. Since the proposed approach can be applied to the totally duplicate and the semiduplicate communications, it is shown that the method is applicable to all OSI communication applications.

Abstract: An apparatus is disclosed for permitting a mobile terminal having multiple, heterogeneous network connections (e.g., multiple wired or wireless transceivers of various types) to set up and maintain virtual connections over multiple networks to either the same or to multiple destinations. The mobile terminal can “load-share” traffic, i.e., it can distribute segments of traffic over a full set of heterogeneous networks, significantly improving the reliability and availability of communications. In a first embodiment, a mobile terminal is configured with multiple radio frequency (RF) transceivers. Operating system software is provided for dynamically establishing and maintaining traffic flow for user applications over multiple communications paths, and for automatically adapting to variations in the networking environment, application traffic flow requirements, end user preferences, or mobility. In a second embodiment, a software-defined radio is used to implement the physical layer protocols for each desired network, eliminating the need for multiple transceivers.

Abstract: Described are a system and method for detecting an unauthorized access point accessing a communication network. An authorized access point and/or an authorized mobile unit detects a beacon generated by a transmitting access point. The beacon includes identification information of the transmitting access point. A computing arrangement verifies the identification information of the transmitting access point with a preexisting database of the communication network. The preexisting database includes data corresponding to identification information of a plurality of authorized access points. The computing arrangement initiates a tracking procedure to determine a location of the unauthorized access point where the verification of the transmitting access point identification information with the preexisting database fails.

Abstract: In an embodiment of the present invention, a method of displaying data related to an intrusion event on a computer system comprising the steps of capturing data related to the intrusion event, decoding the captured data from a predetermined format to a predetermined format decipherable by humans, the decoded data comprising data components intrusion signature, data summary, and detailed data, correlating data components of the intrusion signature, data summary and detailed data to one another. The method further comprises the steps of retrieving an web browser-based template, and graphically displaying the correlated decoded data components using the web browser-based template.

Abstract: An apparatus and method is provided to shield contactless portable electronic consumer devices such as radio frequency identification devices (RFID), tokens, mini-cards, key fobs, cellular phones, smartcards, etc. from wireless interrogation. In one embodiment, a contactless portable consumer device which includes a first antenna is shielded from unauthorized wireless interrogation with a radio frequency (RF) shield. The RF shield includes electrically conductive, non-ferromagnetic material and is configured to prevent unauthorized data transfer between a second antenna external to the portable consumer device and the first antenna.

Abstract: An apparatus and method is provided to prevent contactless portable electronic consumer devices such as an RF identification device (RFID)3 tokens, mini-cards, key fobs, cellular phones, smart card, etc. from being wirelessly interrogated. In one embodiment, a decoy circuit capable of detecting wireless interrogation signals transmitted to a contactless portable consumer device is used to prevent one or more interrogation devices from interrogating an authentic circuit in the contactless portable consumer device.