SECURE AUDITING SYSTEM AND SECURE AUDITING METHOD
First Claim
1. A secure auditing system comprising a plurality of terminals connected to a network, each terminal executing a given program in response to an instruction from an operation unit, and a management server connected to the network and auditing a permit/prohibit of an execution of the program at each terminal,wherein the terminal includesa program storage unit that stores a given program in an update fashion,execution permit list generating means that generates a list of a predetermined program from among the given programs, and stores in an update fashion the list on an execution permit list storage unit,determining means that, in response to an execution instruction of one of the given programs provided by the operation unit, determines whether the given program is a program listed in the list stored on the execution permit list storage unit,first checking means that generates first checking information by reading the given program from the program storage unit if the determination of the determining means is affirmative, and checks a difference between the first checking information and information of the list corresponding to the program of the execution instruction on the execution permit list storage unit,checking information generating means that generates second checking information by reading the given program from the program storage unit if the determination of the determining means is non-affirmative, and transmits the second checking information to the management server, andexecution permit/prohibit means that gives an instruction to permit or prohibit the execution of the program in response to a reply signal from the management server responsive to the second checking information that the checking information generating means has transmitted to the management server, and in response to the difference determination result of the first checking means, andwherein the management server includesa checking source information storage unit that stores checking source information corresponding to the second checking information of the program when the given program is written on the program storage unit, andsecond checking means that checks the second checking information received from the terminal against the checking source information stored on the checking source information storage unit and returns the checking results as the reply signal to the terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a technique that audits security of a terminal connected to a network and executes a given program wherein a computer-virus free file is permitted to execute a program in a manner such that a computer virus is not activated. As a result, the terminal is maintained in a secure state.
-
Citations
14 Claims
-
1. A secure auditing system comprising a plurality of terminals connected to a network, each terminal executing a given program in response to an instruction from an operation unit, and a management server connected to the network and auditing a permit/prohibit of an execution of the program at each terminal,
wherein the terminal includes a program storage unit that stores a given program in an update fashion, execution permit list generating means that generates a list of a predetermined program from among the given programs, and stores in an update fashion the list on an execution permit list storage unit, determining means that, in response to an execution instruction of one of the given programs provided by the operation unit, determines whether the given program is a program listed in the list stored on the execution permit list storage unit, first checking means that generates first checking information by reading the given program from the program storage unit if the determination of the determining means is affirmative, and checks a difference between the first checking information and information of the list corresponding to the program of the execution instruction on the execution permit list storage unit, checking information generating means that generates second checking information by reading the given program from the program storage unit if the determination of the determining means is non-affirmative, and transmits the second checking information to the management server, and execution permit/prohibit means that gives an instruction to permit or prohibit the execution of the program in response to a reply signal from the management server responsive to the second checking information that the checking information generating means has transmitted to the management server, and in response to the difference determination result of the first checking means, and wherein the management server includes a checking source information storage unit that stores checking source information corresponding to the second checking information of the program when the given program is written on the program storage unit, and second checking means that checks the second checking information received from the terminal against the checking source information stored on the checking source information storage unit and returns the checking results as the reply signal to the terminal.
-
12. A secure auditing method controlling a permit/prohibit of an execution of a program by each terminal connected to a network, the secure auditing method comprising
storing a given program on a program storage unit of the terminal in an update fashion, with execution permit list generating means of the terminal, generating a list of a predetermined program from among the given programs, and storing in an update fashion the list on an execution permit list storage unit, with determining means of the terminal, in response to an execution instruction of the given program provided by an operation unit, determining whether the given program is a program listed in the list stored on the execution permit list storage unit, with first checking means of the terminal, generating first checking information by reading the given program from the program storage unit if the determination of the determining means is affirmative, and checking a difference between the first checking information and information of the list corresponding to the program of the execution instruction on the execution permit list storage unit, with checking information generating means of the terminal, generating second checking information by reading the given program from the program storage unit if the determination of the determining means is non-affirmative, and transmitting the second checking information to a management server, and storing checking source information corresponding to the second checking information of the given program on a checking source information storage unit of the management server connected to the network when the given program is written on the program storage unit, with second checking means of the management server, checking the second checking information received from the terminal against the checking source information stored on the checking source information storage unit and returning the results as a reply signal to the terminal, and with execution permit/prohibit means of the terminal, giving an instruction to permit or prohibit the execution of the program in response to the reply signal from the management server responsive to the second checking information that the checking information generating means has transmitted to the management server, and in response to the difference determination results of the first checking means.
Specification