TAMPERING MONITORING SYSTEM, MANAGEMENT APPARATUS, AND MANAGEMENT METHOD

US 20110265180A1
Filed: 04/19/2011
Published: 10/27/2011
Est. Priority Date: 04/26/2010
Status: Active Grant

First Claim

Patent Images

1. A management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management apparatus comprising:

a reception unit configured to receive, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules;

a detection unit configured to detect an abnormality by referring to fewer than all of the monitoring results received by the reception unit; and

an identification unit configured to identify, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information security apparatus (100c) includes a plurality of monitoring modules that monitor for tampering. A management apparatus (200c) includes a reception unit (230c) that receives a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module; a detection unit (220c) that detects an abnormality by referring to fewer than all of the received monitoring results; and an identification unit (210c) that identifies, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target of monitoring to the source of monitoring, starting from the monitoring module that generates the monitoring result related to the abnormality.

24 Citations

View as Search Results

15 Claims

1. A management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management apparatus comprising:
- a reception unit configured to receive, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules;
  
  a detection unit configured to detect an abnormality by referring to fewer than all of the monitoring results received by the reception unit; and
  
  an identification unit configured to identify, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The management apparatus of claim 1, whereinthe detection unit detects, as the abnormality, an inconsistency between two or more monitoring results for one of the monitoring modules, andthe identification unit identifies the monitoring module that has been tampered with by tracing back through chains of monitoring modules by referring to the two or more monitoring results.
  - 3. The management apparatus of claim 2, whereinthe monitoring modules in the information security apparatus each monitor one or more other monitoring modules for tampering at a point in time and transmit the monitoring results,the reception unit receives the monitoring results for the point in time,the detection unit detects the inconsistency by determining whether, among the monitoring results received by the reception unit, a first monitoring result and a second monitoring result for one of the monitoring modules match, andthe identification unit (i) consecutively traces back through chains of monitoring modules, respectively starting with the first monitoring result and the second monitoring result, by referring to other monitoring results that indicate no tampering, (ii) determines whether an identical monitoring module is arrived at, and (iii) when determining positively, identifies the identical monitoring module as the monitoring module that has been tampered with.
  - 4. The management apparatus of claim 2, whereinthe monitoring modules in the information security apparatus each monitor one or more of the other monitoring modules for tampering at a first point in time and at a later second point in time and transmit the monitoring results at the respective points in time,the reception unit receives the monitoring results for the first point in time and the monitoring results for the second point in time,the detection unit detects, among the monitoring results received by the reception unit, the inconsistency when (i) a first monitoring result by a first monitoring module for a second monitoring module at the first point in time indicates that the second monitoring module has been tampered with, and (ii) a second monitoring result by the first monitoring module for the second monitoring module at the second point in time indicates that the second monitoring module has not been tampered with, andwhen the detection unit detects the inconsistency, the identification unit identifies the first monitoring module as the monitoring module that has been tampered with.
  - 5. The management apparatus of claim 1, whereinthe monitoring modules in the information security apparatus each monitor one or more of the other monitoring modules for tampering at a first point in time and at a later second point in time and transmit the monitoring results at the respective points in time,the reception unit receives the monitoring results for the first point in time and the monitoring results for the second point in time,the detection unit detects, among the monitoring results received by the reception unit, the abnormality when (i) a first monitoring result by a first monitoring module for a second monitoring module at the first point in time indicates that the second monitoring module has been tampered with, and (ii) a second monitoring result by the second monitoring module for the first monitoring module at the second point in time indicates that the first monitoring module has not been tampered with, andwhen the first monitoring result indicates that the second monitoring module has been tampered with and the second monitoring result indicates that the first monitoring module has not been tampered with, the identification unit identifies the second monitoring module as the monitoring module that has been tampered with.

6. A management method used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management method comprising the steps of:
- a) receiving, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules;
  
  b) detecting an abnormality by referring to fewer than all of the monitoring results received in step a); and
  
  c) identifying, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.

7. A computer-readable recording medium having recorded thereon a computer program for management used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the computer program causing the management apparatus, which is a computer, to execute the steps of:
- a) receiving, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules;
  
  b) detecting an abnormality by referring to fewer than all of the monitoring results received in step a); and
  
  c) identifying, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.

8. An integrated circuit for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the integrated circuit comprising:
- a reception unit configured to receive, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules;
  
  a detection unit configured to detect an abnormality by referring to fewer than all of the monitoring results received by the reception unit; and
  
  an identification unit configured to identify, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.

9. A monitoring system formed by an information security apparatus that includes a plurality of monitoring modules that monitor for tampering and a management apparatus for managing the information security apparatus, the management apparatus comprising:
- a reception unit configured to receive, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules;
  
  a detection unit configured to detect an abnormality by referring to fewer than all of the monitoring results received by the reception unit; and
  
  an identification unit configured to identify, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.

10. A management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management apparatus comprising:
- an identification unit configured to identify a monitoring module that has been tampered with among the monitoring modules;
  
  a generation unit configured to generate a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and
  
  a transmission unit configured to transmit the monitoring patterns for the normal monitoring modules to the information security apparatus, whereinupon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern.
- View Dependent Claims (11)
- - 11. The management apparatus of claim 10, whereinthe monitoring patterns generated by the generation unit form a cyclic monitoring pattern.

12. A management method used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management method comprising the steps of:
- a) identifying a monitoring module that has been tampered with among the monitoring modules;
  
  b) generating a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and
  
  c) transmitting the monitoring patterns for the normal monitoring modules to the information security apparatus, whereinupon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern.

13. A computer-readable recording medium having recorded thereon a computer program for management used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the computer program causing the management apparatus, which is a computer, to execute the steps of:
- a) identifying a monitoring module that has been tampered with among the monitoring modules;
  
  b) generating a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and
  
  c) transmitting the monitoring patterns for the normal monitoring modules to the information security apparatus, whereinupon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern.

14. An integrated circuit for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the integrated circuit comprising:
- an identification unit configured to identify a monitoring module that has been tampered with among the monitoring modules;
  
  a generation unit configured to generate a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and
  
  a transmission unit configured to transmit the monitoring patterns for the normal monitoring modules to the information security apparatus, whereinupon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern.

15. A monitoring system formed by an information security apparatus that includes a plurality of monitoring modules that monitor for tampering and a management apparatus for managing the information security apparatus, the management apparatus comprising:
- an identification unit configured to identify a monitoring module that has been tampered with among the monitoring modules;
  
  a generation unit configured to generate a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and
  
  a transmission unit configured to transmit the monitoring patterns for the normal monitoring modules to the information security apparatus, whereinupon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Hasegawa, Shingo, Shizuya, Hiroki, Isobe, Shuji, Koizumi, Eisuke, UNAGAMI, Yuji, Sakai, Masao, Futa, Yuichi, Matsuzaki, Natsume

Granted Patent

US 8,707,430 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 11/3048   where the topology of the c...

G06F 11/3065   Monitoring arrangements det...

G06F 21/12   Protecting executable software

G06F 21/552   involving long-term monitor...

G06F 21/6281   at program execution time, ...

G06F 2221/2103   Challenge-response

G06F 2221/2143   Clearing memory, e.g. to pr...

TAMPERING MONITORING SYSTEM, MANAGEMENT APPARATUS, AND MANAGEMENT METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

TAMPERING MONITORING SYSTEM, MANAGEMENT APPARATUS, AND MANAGEMENT METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links