| 发明名称 | Tampering monitoring system, control device, and tampering control method | ||
| 摘要 | Provided is a tampering monitoring system that can identify a monitoring module that has been tampered with among a plurality of monitoring modules. A management apparatus is provided with an acquisition unit that acquires a new monitoring module that has not been tampered with, a generation unit that generates a decoy monitoring module by modifying the acquired monitoring module, a transmission unit that transmits the decoy monitoring module to the information security device and causes the information security device to install the decoy monitoring module therein, a reception unit that receives from the information security device, after the decoy monitoring module has been installed, monitoring results generated by the monitoring modules monitoring other monitoring modules, and a determination unit that identifies, by referring to the received monitoring results, a monitoring module that determines the decoy monitoring module to be valid and determines the identified monitoring module to be invalid. | ||
| 申请公布号 | US8800038(B2) | 申请公布日期 | 2014.08.05 |
| 申请号 | US201113375912 | 申请日期 | 2011.04.15 |
| 申请人 | Panasonic Corporation | 发明人 | Futa Yuichi;Unagami Yuji;Matsuzaki Natsume;Shizuya Hiroki;Sakai Masao;Isobe Shuji;Koizumi Eisuke;Hasegawa Shingo |
| 分类号 | G06F11/00;G06F21/55 | 主分类号 | G06F11/00 |
| 代理机构 | Wenderoth, Lind & Ponack, L.L.P. | 代理人 | Wenderoth, Lind & Ponack, L.L.P. |
| 主权项 | 1. A management apparatus for managing an information security device that includes a plurality of monitoring modules that monitor for tampering, the management apparatus comprising: a non-transitory memory device that stores a program; and a processing device that executes the program to cause the management apparatus to operate as: an acquisition unit comprising logic configured to acquire a new monitoring module that has not been tampered with;a generation unit comprising logic configured to generate a decoy monitoring module by modifying the acquired monitoring module;a transmission unit comprising logic configured to transmit the decoy monitoring module to the information security device and cause the information security device to install the decoy monitoring module therein;a reception unit comprising logic configured to receive from the information security device, after the decoy monitoring module has been installed, monitoring results generated by the monitoring modules monitoring other monitoring modules; anda determination unit comprising logic configured to identify, by referring to the received monitoring results, a monitoring module that determines the decoy monitoring module to be valid and to determine the identified monitoring module to be invalid, wherein the generation unit generates the decoy monitoring module to include an invalid verification certificate, wherein the transmission unit transmits the decoy monitoring module that includes the invalid verification certificate to the information security device and causes the information security device to install the decoy monitoring module therein, and wherein each monitoring module in the information security device determines whether the decoy monitoring module has been tampered with by referring to the verification certificate included in the decoy monitoring module. | ||
| 地址 | Osaka JP | ||