ELECTRONIC TERMINAL, CONTROL METHOD, COMPUTER PROGRAM AND INTEGRATED CIRCUIT
First Claim
1. An electronic terminal comprising:
- a first storage unit for storing therein confidential information to be protected;
a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route;
a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source;
a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source; and
a control unit operable to, when an attack to any of the plurality of protection measures has been detected, and a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, update a protection measure that can be updated among the remaining protection measures on the partial route, so that the sum of the defense level values on the partial route is greater than the value expressed by the value information.
1 Assignment
0 Petitions
Accused Products
Abstract
An electronic terminal performs early detection of unauthorized analysis thereon and prevents unauthorized acquisition and falsification of confidential information that is not to be released to a third party. The electronic terminal stores confidential information that is protected by consecutive application of a plurality of protection measures for defense against an attack from a third party. The electronic terminal monitors for attacks to the protection measures from an external source, and upon detecting an attack on one protection measure, updates a protection state of the confidential information to a new protection state in which either a new protection measure has been added to a protection path from the one attacked protection means to the confidential information, or the one protection measure on the path has been updated to a higher defense level.
40 Citations
13 Claims
-
1. An electronic terminal comprising:
-
a first storage unit for storing therein confidential information to be protected; a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route; a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source; a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source; and a control unit operable to, when an attack to any of the plurality of protection measures has been detected, and a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, update a protection measure that can be updated among the remaining protection measures on the partial route, so that the sum of the defense level values on the partial route is greater than the value expressed by the value information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A control method for an electronic terminal,
the electronic terminal comprising: -
a first storage unit for storing therein confidential information to be protected; a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route; a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source; and a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source;
whereinin the control method, when an attack to any of the plurality of protection measures has been detected, a judgment is made whether a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, and if the sum is less than the value, a protection measure that can be updated among the remaining protection measures on the partial route is updated so that the sum of the defense level values on the partial route is greater than the value expressed by the value information.
-
-
12. A computer program for performing control on an electronic terminal,
the electronic terminal comprising: -
a first storage unit for storing therein confidential information to be protected; a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route; a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source; and a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source;
whereinthe computer program causes a computer of the electronic terminal to perform the processing of; judging, when an attack to any of the plurality of protection measures has been detected, whether a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, and if the sum is less than the value, updating a protection measure that can be updated among the remaining protection measures on the partial route so that the sum of the defense level values on the partial route is greater than the value expressed by the value information.
-
-
13. An integrated circuit used in an electronic terminal, the electronic terminal comprising:
-
a first storage unit for storing therein confidential information to be protected; a plurality of protection measures that are provided along an attack route extending from an external source to the confidential information stored in the first storage unit, and are operable to intercept an access from the external source to the confidential information via the attack route; a plurality of monitoring units operable to monitor for an attack to any of the plurality of protection measures from the external source; a second storage unit for storing therein (i) value information that is attached to the confidential information and expresses a value of the confidential information, and (ii) a plurality of defense level information pieces each attached to one of the plurality of protection measures and expressing a defense level value of a corresponding protection measure against an attack from the external source; and a control unit operable to, when an attack to any of the plurality of protection measures has been detected, and a sum of defense level values for protection measures that have not been attacked remaining on a partial route of the attack route extending between the attacked protection measure and the confidential information is less than the value expressed by the value information, update a protection measure that can be updated among the remaining protection measures on the partial route, so that the sum of the defense level values on the partial route is greater than the value expressed by the value information.
-
Specification