TAMPERING MONITORING SYSTEM, MANAGEMENT APPARATUS, AND MANAGEMENT METHOD
First Claim
1. A management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management apparatus comprising:
- a reception unit configured to receive, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules;
a detection unit configured to detect an abnormality by referring to fewer than all of the monitoring results received by the reception unit; and
an identification unit configured to identify, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.
1 Assignment
0 Petitions
Accused Products
Abstract
An information security apparatus (100c) includes a plurality of monitoring modules that monitor for tampering. A management apparatus (200c) includes a reception unit (230c) that receives a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module; a detection unit (220c) that detects an abnormality by referring to fewer than all of the received monitoring results; and an identification unit (210c) that identifies, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target of monitoring to the source of monitoring, starting from the monitoring module that generates the monitoring result related to the abnormality.
24 Citations
15 Claims
-
1. A management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management apparatus comprising:
-
a reception unit configured to receive, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules; a detection unit configured to detect an abnormality by referring to fewer than all of the monitoring results received by the reception unit; and an identification unit configured to identify, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A management method used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management method comprising the steps of:
-
a) receiving, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules; b) detecting an abnormality by referring to fewer than all of the monitoring results received in step a); and c) identifying, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.
-
-
7. A computer-readable recording medium having recorded thereon a computer program for management used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the computer program causing the management apparatus, which is a computer, to execute the steps of:
-
a) receiving, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules; b) detecting an abnormality by referring to fewer than all of the monitoring results received in step a); and c) identifying, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.
-
-
8. An integrated circuit for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the integrated circuit comprising:
-
a reception unit configured to receive, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules; a detection unit configured to detect an abnormality by referring to fewer than all of the monitoring results received by the reception unit; and an identification unit configured to identify, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.
-
-
9. A monitoring system formed by an information security apparatus that includes a plurality of monitoring modules that monitor for tampering and a management apparatus for managing the information security apparatus, the management apparatus comprising:
-
a reception unit configured to receive, from the information security apparatus, a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module, the source and the target each being one of the monitoring modules; a detection unit configured to detect an abnormality by referring to fewer than all of the monitoring results received by the reception unit; and an identification unit configured to identify, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target to the source, starting from the monitoring module that generates the monitoring result related to the abnormality.
-
-
10. A management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management apparatus comprising:
-
an identification unit configured to identify a monitoring module that has been tampered with among the monitoring modules; a generation unit configured to generate a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and a transmission unit configured to transmit the monitoring patterns for the normal monitoring modules to the information security apparatus, wherein upon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern. - View Dependent Claims (11)
-
-
12. A management method used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management method comprising the steps of:
-
a) identifying a monitoring module that has been tampered with among the monitoring modules; b) generating a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and c) transmitting the monitoring patterns for the normal monitoring modules to the information security apparatus, wherein upon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern.
-
-
13. A computer-readable recording medium having recorded thereon a computer program for management used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the computer program causing the management apparatus, which is a computer, to execute the steps of:
-
a) identifying a monitoring module that has been tampered with among the monitoring modules; b) generating a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and c) transmitting the monitoring patterns for the normal monitoring modules to the information security apparatus, wherein upon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern.
-
-
14. An integrated circuit for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the integrated circuit comprising:
-
an identification unit configured to identify a monitoring module that has been tampered with among the monitoring modules; a generation unit configured to generate a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and a transmission unit configured to transmit the monitoring patterns for the normal monitoring modules to the information security apparatus, wherein upon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern.
-
-
15. A monitoring system formed by an information security apparatus that includes a plurality of monitoring modules that monitor for tampering and a management apparatus for managing the information security apparatus, the management apparatus comprising:
-
an identification unit configured to identify a monitoring module that has been tampered with among the monitoring modules; a generation unit configured to generate a plurality of monitoring patterns in one-to-one correspondence with a plurality of normal monitoring modules, the normal monitoring modules being the monitoring modules other than the monitoring module that has been tampered with, so that each normal monitoring module monitors one other normal monitoring module, and each normal monitoring module is monitored by one other normal monitoring module; and a transmission unit configured to transmit the monitoring patterns for the normal monitoring modules to the information security apparatus, wherein upon receiving the monitoring patterns for the normal monitoring modules, the information security apparatus causes the normal monitoring modules each to store the corresponding monitoring pattern.
-
Specification