ELECTRONIC TERMINAL, CONTROL METHOD, COMPUTER PROGRAM AND INTEGRATED CIRCUIT

US 20110004771A1
Filed: 03/19/2009
Published: 01/06/2011
Est. Priority Date: 03/25/2008
Status: Active Grant

First Claim

Patent Images

1. An electronic terminal comprising:

a first storage unit for storing therein confidential information to be protected;

a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route;

a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source;

a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source; and

a control unit operable to, when an attack to any of the plurality of protection measures has been detected, and a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, update a protection measure that can be updated among the remaining protection measures on the partial route, so that the sum of the defense level values on the partial route is greater than the value expressed by the value information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic terminal performs early detection of unauthorized analysis thereon and prevents unauthorized acquisition and falsification of confidential information that is not to be released to a third party. The electronic terminal stores confidential information that is protected by consecutive application of a plurality of protection measures for defense against an attack from a third party. The electronic terminal monitors for attacks to the protection measures from an external source, and upon detecting an attack on one protection measure, updates a protection state of the confidential information to a new protection state in which either a new protection measure has been added to a protection path from the one attacked protection means to the confidential information, or the one protection measure on the path has been updated to a higher defense level.

40 Citations

View as Search Results

13 Claims

1. An electronic terminal comprising:
- a first storage unit for storing therein confidential information to be protected;
  
  a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route;
  
  a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source;
  
  a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source; and
  
  a control unit operable to, when an attack to any of the plurality of protection measures has been detected, and a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, update a protection measure that can be updated among the remaining protection measures on the partial route, so that the sum of the defense level values on the partial route is greater than the value expressed by the value information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The electronic terminal of claim 1 whereinthe confidential information is encrypted by a predetermined algorithm, andthe protection measure that can be updated is a program for executing a decryption algorithm for decrypting the encrypted confidential information.
  - 3. The electronic terminal of claim 1 further comprising:
    - a third storage unit for storing therein a key generation program for generating a decryption key to be used in decrypting the confidential information that has been encrypted by a predetermined algorithm;
      
      a plurality of second protection measures that are provided along a second attack route extending to the confidential information stored in the first storage unit, via the key generation program stored in the third storage unit, and are operable to intercept an access from the external source to the key generation program via the second attack route; and
      
      a plurality of second monitoring units operable to monitor for an attack to any of the plurality of second protection measures from the external source, whereina plurality of defense level information pieces are each attached to one of the plurality of second protection measures, each expressing a defense level value of a corresponding second protection measure against an attack from the external source, andthe control unit is further operable to, when an attack to any of the second protection measures has been detected, and a sum of the defense level values for protection measures that have not been attacked remaining on a second partial route of the second attack route extending between the attacked second protection measure and the confidential information, is less than the value expressed by the value information, update the key generation program so that the sum of the defense level values on the second partial route is greater than the value expressed by the value information.
  - 4. The electronic terminal of claim 1 further comprising:
    - a third storage unit for storing therein a decryption key to be used in decrypting the confidential information that has been encrypted by a predetermined algorithm;
      
      a fourth storage unit for storing therein a predetermined program for accessing the decryption key;
      
      a plurality of second protection measures that are provided along a second attack route extending to the confidential, information stored in the first storage unit, via the predetermined program stored in the fourth storage unit, and are operable to intercept an access from the external source to the predetermined program via the second attack route; and
      
      a plurality of second monitoring units operable to monitor for an attack to any of the plurality of second protection measures from the external source, whereina plurality of defense level information pieces are each attached to one of the plurality of second protection measures, each expressing a defense level value of a corresponding second protection measure against an attack from the external source, andthe control unit is further operable to, when an attack to any of the second protection measures has been detected, and a sum of the defense level values for protection measures that have not been attacked remaining on a second partial route of the second attack route extending between the attacked second protection measure and the confidential information, is less than the value expressed by the value information, update the predetermined program so that the sum of the defense level values on the second partial route is greater than the value expressed by the value information.
  - 5. The electronic terminal of claim 4 whereinthe predetermined program for accessing the decryption key is a decryption program for decrypting the encrypted decryption key when the decryption key has been encrypted.
  - 6. The electronic terminal of claim 5 whereinthe decryption program has been obfuscated.
  - 7. The electronic terminal of claim 1 further comprising:
    - a third storage unit for storing therein a protection measure to be used for performing an update, whereinthe control unit updates the protection measure that can be updated with use of the protection measure to be used for performing the update, that is stored in the third storage unit.
  - 8. The electronic terminal of claim 1 further comprising:
    - a communication unit connected to an external management device that manages the electronic terminal, whereinthe control unit is further operable to, when an attack to any of the plurality of protection measures has been detected, and a sum of the defense level values for protection measures remaining on the partial route is less than the value expressed by the value information, transmit detection information indicating the detection and the comparison to the management device via the communication unit, receive a new protection measure from the management device, in accordance with the detection information, such that the sum of the defense level values for the protection measures remaining on the partial route is greater than the value expressed by the value information, and update the protection measure that can be updated to the new protection measure.
  - 9. The electronic terminal of claim 1 further comprising:
    - a communication unit connected to an external management device that manages the electronic terminal, whereinthe control unit is further operable to, when an attack to any of the plurality of protection measures has been detected, and a sum of the defense level values for remaining protection measures on the partial route is less than the value expressed by the value information, transmit detection information indicating the detection and the comparison to the management device via the communication unit, receive a new protection measure from the management device, in accordance with the detection information, such that the sum of the defense level values for the protection measures remaining on the partial route is greater than the value expressed by the value information, and add the new protection measure to the partial route.
  - 10. The electronic terminal of claim 1 further comprising:
    - a communication unit connected to an external management device that manages the electronic terminal; and
      
      a third storage unit for storing therein a plurality of second defense level information pieces received from the management device, each expressing an updated value of a defense level value of a corresponding protection measure, whereinthe control unit is further operable to (i) compare each piece of defense level information stored in the second storage unit to a piece of corresponding defense level information stored in the third storage unit, (ii) when a result of the comparison is that the defense level value expressed by the defense level information is less than the defense level value expressed by the second defense level information, calculate a sum of defense levels for the plurality of protection measures with reference to the second defense level information, and (iii) when the calculated sum is less than the value expressed by the value information, update a protection measure corresponding to the second defense level information that is less than the defense level information so that the total of the defense level values on the attack route is greater than the value expressed by the value information.

11. A control method for an electronic terminal,the electronic terminal comprising:
- a first storage unit for storing therein confidential information to be protected;
  
  a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route;
  
  a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source; and
  
  a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source;
  
  whereinin the control method, when an attack to any of the plurality of protection measures has been detected, a judgment is made whether a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, and if the sum is less than the value, a protection measure that can be updated among the remaining protection measures on the partial route is updated so that the sum of the defense level values on the partial route is greater than the value expressed by the value information.

12. A computer program for performing control on an electronic terminal,the electronic terminal comprising:
- a first storage unit for storing therein confidential information to be protected;
  
  a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route;
  
  a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source; and
  
  a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source;
  
  whereinthe computer program causes a computer of the electronic terminal to perform the processing of;
  
  judging, when an attack to any of the plurality of protection measures has been detected, whether a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, andif the sum is less than the value, updating a protection measure that can be updated among the remaining protection measures on the partial route so that the sum of the defense level values on the partial route is greater than the value expressed by the value information.

13. An integrated circuit used in an electronic terminal, the electronic terminal comprising:
- a first storage unit for storing therein confidential information to be protected;
  
  a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route;
  
  a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source;
  
  a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source; and
  
  a control unit operable to, when an attack to any of the plurality of protection measures has been detected, and a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, update a protection measure that can be updated among the remaining protection measures on the partial route, so that the sum of the defense level values on the partial route is greater than the value expressed by the value information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Matsushima, Hideki, Yokota, Kaoru, Haga, Tomoyuki, Matsuzaki, Natsume

Granted Patent

US 8,438,402 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/556   involving covert channels, ...

G06F 21/6209   to a single file or object,...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2151   Time stamp

H04L 2463/101   applying security measures ...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

ELECTRONIC TERMINAL, CONTROL METHOD, COMPUTER PROGRAM AND INTEGRATED CIRCUIT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

ELECTRONIC TERMINAL, CONTROL METHOD, COMPUTER PROGRAM AND INTEGRATED CIRCUIT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links