SECURE AUDITING SYSTEM AND SECURE AUDITING METHOD

US 20120198553A1
Filed: 09/14/2009
Published: 08/02/2012
Est. Priority Date: 09/14/2009
Status: Abandoned Application

First Claim

Patent Images

1. A secure auditing system comprising a plurality of terminals connected to a network, each terminal executing a given program in response to an instruction from an operation unit, and a management server connected to the network and auditing a permit/prohibit of an execution of the program at each terminal,wherein the terminal includesa program storage unit that stores a given program in an update fashion,execution permit list generating means that generates a list of a predetermined program from among the given programs, and stores in an update fashion the list on an execution permit list storage unit,determining means that, in response to an execution instruction of one of the given programs provided by the operation unit, determines whether the given program is a program listed in the list stored on the execution permit list storage unit,first checking means that generates first checking information by reading the given program from the program storage unit if the determination of the determining means is affirmative, and checks a difference between the first checking information and information of the list corresponding to the program of the execution instruction on the execution permit list storage unit,checking information generating means that generates second checking information by reading the given program from the program storage unit if the determination of the determining means is non-affirmative, and transmits the second checking information to the management server, andexecution permit/prohibit means that gives an instruction to permit or prohibit the execution of the program in response to a reply signal from the management server responsive to the second checking information that the checking information generating means has transmitted to the management server, and in response to the difference determination result of the first checking means, andwherein the management server includesa checking source information storage unit that stores checking source information corresponding to the second checking information of the program when the given program is written on the program storage unit, andsecond checking means that checks the second checking information received from the terminal against the checking source information stored on the checking source information storage unit and returns the checking results as the reply signal to the terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a technique that audits security of a terminal connected to a network and executes a given program wherein a computer-virus free file is permitted to execute a program in a manner such that a computer virus is not activated. As a result, the terminal is maintained in a secure state.

Citations

14 Claims

1. A secure auditing system comprising a plurality of terminals connected to a network, each terminal executing a given program in response to an instruction from an operation unit, and a management server connected to the network and auditing a permit/prohibit of an execution of the program at each terminal,wherein the terminal includesa program storage unit that stores a given program in an update fashion,execution permit list generating means that generates a list of a predetermined program from among the given programs, and stores in an update fashion the list on an execution permit list storage unit,determining means that, in response to an execution instruction of one of the given programs provided by the operation unit, determines whether the given program is a program listed in the list stored on the execution permit list storage unit,first checking means that generates first checking information by reading the given program from the program storage unit if the determination of the determining means is affirmative, and checks a difference between the first checking information and information of the list corresponding to the program of the execution instruction on the execution permit list storage unit,checking information generating means that generates second checking information by reading the given program from the program storage unit if the determination of the determining means is non-affirmative, and transmits the second checking information to the management server, andexecution permit/prohibit means that gives an instruction to permit or prohibit the execution of the program in response to a reply signal from the management server responsive to the second checking information that the checking information generating means has transmitted to the management server, and in response to the difference determination result of the first checking means, andwherein the management server includesa checking source information storage unit that stores checking source information corresponding to the second checking information of the program when the given program is written on the program storage unit, andsecond checking means that checks the second checking information received from the terminal against the checking source information stored on the checking source information storage unit and returns the checking results as the reply signal to the terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14)
- - 2. The secure auditing system according to claim 1, wherein the first checking information comprises a hash value generated from the file of each program.
  - 3. The secure auditing system according to claim 1, wherein each of the second checking information and the checking source information comprises the hash value generated from the file of a program and header related information corresponding to header information stored on a header region of the file of the program.
  - 4. The secure auditing system according to claim 1, wherein the terminal includes first transfer means that reads the given program from the program storage unit and transmits the given program to the management server if the checking results of the second checking means indicate no match,wherein the management server includes computer virus checking means that checks whether the given program transferred by the transfer means is infected with a computer virus, and returns to the execution permit/prohibit means a signal that prohibits the execution of the given program if the given program is infected with the computer virus.
  - 5. The secure auditing system according to claim 1, wherein the terminal includesdoubtful-operation list generating means that stores in an update fashion a list of macro programs, each having as a base a program listed in an execution permit list, on a doubtful-operation list storage unit different from the execution permit list storage unit, andsecond transfer means that transmits the macro program to the management server prior to an installation of the macro program on the program storage unit in response to the reception of an instruction from the operation unit, andwherein the management server includes a unique authentication information storage unit that stores unique authentication information to each terminal, andunique authentication information attaching means that attaches the unique authentication information of the terminal to the received file of the macro program and then returns to the terminal the file with the unique authentication information attached thereto, andwherein the terminal further includesinstall processing means that installs on the program storage unit the file of the macro program with the unique authentication information attached thereto, andunique authentication information checking means that outputs to the execution permit/prohibit means a signal that permits the execution of the program to be performed if it is determined in response to the execution instruction of the macro program from the operation unit that the unique authentication information attached to the macro program matches the information stored on the unique authentication information storage unit as the unique authentication information of the macro program.
  - 6. The secure auditing system according to claim 1, wherein the terminal includesprogram generating means that generates a program via the operation unit,doubtful-operation list generating means that stores in an update fashion on the doubtful-operation list storage unit a list of the new program generated by the program generating means, andsecond transfer means that transmits the new program to the management server prior to an installation of the new program on the program storage unit in response to the reception of an instruction from the operation unit, andwherein the management server includesa unique authentication information storage unit that stores unique authentication information to each terminal, andunique authentication information attaching means that attaches the unique authentication information of the terminal to the received file of the new program and then returns to the terminal the file with the unique authentication information attached, andwherein the terminal further includesinstall processing means that installs on the program storage unit the file of the new program with the unique authentication information attached thereto, andunique authentication information checking means that outputs to the execution permit/prohibit means a signal that permits the execution of the program to be performed if it is determined in response to the execution instruction of the new program from the operation unit that the unique authentication information attached to the new program matches the information stored on the unique authentication information storage unit as the unique authentication information of the new program.
  - 7. The secure auditing system according to claim 5, wherein the checking information generating means generates the second checking information and transmits the generated second checking information to the management server if the checking results of the unique authentication information checking means indicate no match, and wherein the second checking means checks the second checking information transmitted from the terminal against the checking source information stored on the checking source information storage unit, and returns the checking results as the reply signal to the terminal.
  - 8. The secure auditing system according to claim 1, wherein the terminal includesdoubtful-operation list generating means that stores in an update fashion a list of macro programs, each having as a base a program listed in an execution permit list, on a doubtful-operation list storage unit different from the execution permit list storage unit,wherein the management server includesa unique authentication information storage unit that stores unique authentication information to each terminal, andan issuing unit that issues the unique authentication information to the terminal in response to a request from the terminal, andwherein the terminal further includesunique authentication information attaching means that attaches, in response to an instruction from the operation unit, the issued unique authentication information to the file of the macro program prior to an installation of the macro program on the program storage unit,install processing means that installs on the program storage unit the file of the macro program with the unique authentication information attached thereto, andunique authentication information checking means that outputs to the execution permit/prohibit means a signal that permits the execution of the macro program to be performed if it is determined in response to the execution instruction of the macro program from the operation unit that the unique authentication information attached to the macro program matches the information stored on the unique authentication information storage unit as the unique authentication information of the macro program.
  - 9. The secure auditing system according to claim 1, wherein the terminal includesprogram generating means that generates a program via the operation unit, anddoubtful-operation list generating means that stores on a doubtful-operation list storage unit a list of new programs generated by the program generating means,wherein the management server includesa unique authentication information storage unit that stores unique authentication information to each terminal, andan issuing unit that issues the unique authentication information to the terminal in response to a request from the terminal, andwherein the terminal further includesunique authentication information attaching means that attaches, in response to an instruction from the operation unit, the issued unique authentication information to the file of the new program prior to an installation of the new program on the program storage unit,install processing means that installs on the program storage unit the file of the new program with the unique authentication information attached thereto, andunique authentication information checking means that outputs to the execution permit/prohibit means a signal that permits the execution of the new program to be performed if it is determined in response to the execution instruction of the new program from the operation unit that the unique authentication information attached to the new program matches the information stored on the unique authentication information storage unit as the unique authentication information of the new program.
  - 10. The secure auditing system according to claim 8, wherein the checking information generating means generates the second checking information and transmits the second checking information if the checking results of the unique authentication information checking means indicate no match, and wherein the second checking means checks the second checking information transmitted from the terminal against the checking source information stored on the checking source information storage unit, and returns the checking results as the reply signal to the terminal.
  - 11. The secure auditing system according to claim 1, wherein the terminal comprisesmonitoring means that monitors whether an unexecution state of the program listed in the execution permit list lasts longer than a predetermined period, andlist deleting means that deletes, from the execution permit list, a program having an unexecution state lasting longer than the predetermined period.
  - 13. The secure auditing system according to claim 6, wherein the checking information generating means generates the second checking information and transmits the generated second checking information to the management server if the checking results of the unique authentication information checking means indicate no match, and wherein the second checking means checks the second checking information transmitted from the terminal against the checking source information stored on the checking source information storage unit, and returns the checking results as the reply signal to the terminal.
  - 14. The secure auditing system according to claim 9, wherein the checking information generating means generates the second checking information and transmits the second checking information if the checking results of the unique authentication information checking means indicate no match, and wherein the second checking means checks the second checking information transmitted from the terminal against the checking source information stored on the checking source information storage unit, and returns the checking results as the reply signal to the terminal.

12. A secure auditing method controlling a permit/prohibit of an execution of a program by each terminal connected to a network, the secure auditing method comprisingstoring a given program on a program storage unit of the terminal in an update fashion,with execution permit list generating means of the terminal, generating a list of a predetermined program from among the given programs, and storing in an update fashion the list on an execution permit list storage unit,with determining means of the terminal, in response to an execution instruction of the given program provided by an operation unit, determining whether the given program is a program listed in the list stored on the execution permit list storage unit,with first checking means of the terminal, generating first checking information by reading the given program from the program storage unit if the determination of the determining means is affirmative, and checking a difference between the first checking information and information of the list corresponding to the program of the execution instruction on the execution permit list storage unit,with checking information generating means of the terminal, generating second checking information by reading the given program from the program storage unit if the determination of the determining means is non-affirmative, and transmitting the second checking information to a management server, andstoring checking source information corresponding to the second checking information of the given program on a checking source information storage unit of the management server connected to the network when the given program is written on the program storage unit,with second checking means of the management server, checking the second checking information received from the terminal against the checking source information stored on the checking source information storage unit and returning the results as a reply signal to the terminal, andwith execution permit/prohibit means of the terminal, giving an instruction to permit or prohibit the execution of the program in response to the reply signal from the management server responsive to the second checking information that the checking information generating means has transmitted to the management server, and in response to the difference determination results of the first checking means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Junko Suginaka, Kiyoshi Mori
Original Assignee
Junko Suginaka, Kiyoshi Mori
Inventors
Suginaka, Junko, Furukawa, Yoshihisa

Application Number

US13/395,236
Publication Number

US 20120198553A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

G06F 21/565 by checking file integrity

SECURE AUDITING SYSTEM AND SECURE AUDITING METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE AUDITING SYSTEM AND SECURE AUDITING METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links