公开(公告)号：US20130039491A1

公开(公告)日：2013-02-14

申请号：US13643671

申请日：2012-03-01

申请人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Shuji Isobe ,  Atsushi Umeta

发明人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Shuji Isobe ,  Atsushi Umeta

IPC分类号： H04L9/14

CPC分类号： G06F21/575 ,  G06F21/64 ,  G06F2221/2125 ,  H04L9/085 ,  H04L2209/16

摘要： A management device 200d comprises: a key share generation unit 251d generating a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and an output unit 252d outputting each of the key shares to a different one of a plurality of detection modules. The detection modules acquire and store therein the key shares. The protection control module 120d comprises: an acquisition unit 381d acquiring the key shares from the detection modules; a reconstruction unit 382d reconstructing the decryption key by composing the key shares; a decryption unit 383d decrypting the encrypted application program with use of the decryption key; and a deletion unit 384d deleting the decryption key, after the decryption by the decryption unit is completed.

摘要翻译： 管理设备200d包括：密钥共享生成单元251d，通过分解解密密钥生成多个密钥共享;解密密钥，用于解密作为应用程序的加密生成的加密应用程序; 以及将每个密钥共享输出到多个检测模块中的不同的检测模块的输出单元252d。 检测模块在其中获取和存储关键股。 保护控制模块120d包括：获取单元381d，从检测模块获取密钥共享; 重构单元382d，通过构成密钥份额来重构解密密钥; 解密单元383d，利用解密密钥对加密的应用程序进行解密; 以及在解密单元的解密完成之后删除解密密钥的删除单元384d。

公开(公告)号：US09311487B2

公开(公告)日：2016-04-12

申请号：US13643671

申请日：2012-03-01

申请人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Shuji Isobe ,  Atsushi Umeta

发明人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Shuji Isobe ,  Atsushi Umeta

IPC分类号： H04L9/14 ,  G06F21/57 ,  G06F21/64 ,  H04L9/08

CPC分类号： G06F21/575 ,  G06F21/64 ,  G06F2221/2125 ,  H04L9/085 ,  H04L2209/16

摘要： A management device 200d comprises: a key share generation unit 251d generating a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and an output unit 252d outputting each of the key shares to a different one of a plurality of detection modules. The detection modules acquire and store therein the key shares. The protection control module 120d comprises: an acquisition unit 381d acquiring the key shares from the detection modules; a reconstruction unit 382d reconstructing the decryption key by composing the key shares; a decryption unit 383d decrypting the encrypted application program with use of the decryption key; and a deletion unit 384d deleting the decryption key, after the decryption by the decryption unit is completed.

摘要翻译： 管理设备200d包括：密钥共享生成单元251d，通过分解解密密钥生成多个密钥共享;解密密钥，用于解密作为应用程序的加密生成的加密应用程序; 以及将每个密钥共享输出到多个检测模块中的不同的检测模块的输出单元252d。 检测模块在其中获取和存储关键股。 保护控制模块120d包括：获取单元381d，从检测模块获取密钥共享; 重构单元382d，通过构成密钥份额来重构解密密钥; 解密单元383d，利用解密密钥对加密的应用程序进行解密; 以及在解密单元的解密完成之后删除解密密钥的删除单元384d。

公开(公告)号：US08745735B2

公开(公告)日：2014-06-03

申请号：US13128080

申请日：2009-11-20

申请人： Manabu Maeda ,  Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

发明人： Manabu Maeda ,  Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

IPC分类号： H04L29/06 ,  G06F21/00

CPC分类号： G06F21/57 ,  G06F21/55

摘要： To aim to provide a monitoring system and a program execution apparatus that are capable of maintaining the security intensity even in the case where an unauthentic install module is invalidated. Install modules included in an apparatus each monitor an install module, which is a monitoring target indicated by a monitoring pattern included therein, as to whether the install module performs malicious operations. An install module that performs malicious operations is invalidated in accordance with an instruction from an update server. The monitoring patterns are restructured by the update server such that the install modules except the invalidated install module are each monitored by at least another one of the install modules. The restructured monitoring patterns are distributed to the install modules except the invalidated install module.

摘要翻译： 为了提供即使在不正当的安装模块被无效的情况下也能够保持安全强度的监视系统和程序执行装置。 安装在装置中的模块各自监视作为由其中包含的监视模式指示的监视目标的安装模块，关于该安装模块是否执行恶意操作。 根据更新服务器的指令，执行恶意操作的安装模块无效。 监视模式由更新服务器重构，使得除了无效的安装模块之外的安装模块各自由至少另一个安装模块监视。 重组的监控模式分发到除了无效的安装模块之外的安装模块。

公开(公告)号：US08600896B2

公开(公告)日：2013-12-03

申请号：US12601368

申请日：2008-11-06

申请人： Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Kaoru Yokota ,  Masao Nonaka ,  Yuji Unagami ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Marika Minagawa

发明人： Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Kaoru Yokota ,  Masao Nonaka ,  Yuji Unagami ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Marika Minagawa

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F8/65 ,  G06F21/562

摘要： To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

摘要翻译： 为了提供包括由多个安装模块组成的安装模块组（130）的软件更新装置。 每个更新模块具有从外部服务器（200）接收用于更新保护控制模块（120）的替换保护控制模块（121）的功能，所述保护控制模块具有验证预定应用是否已被 篡改。 每个安装模块同时运行由至少另一个同步运行的安装模块进行验证，以确定安装模块是否具有执行恶意操作的可能性。 如果任何安装模块被验证为具有执行恶意操作的可能性，则被验证为不具有可能性的另一个安装模块撤销已验证为具有可能性的任何安装模块。

公开(公告)号：US20110239297A1

公开(公告)日：2011-09-29

申请号：US13133029

申请日：2010-02-15

申请人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

发明人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

IPC分类号： G06F21/00

CPC分类号： H04N21/44236 ,  G06F21/55 ,  H04L2027/0034 ,  H04N1/0088

摘要： A management device detects whether any normal monitoring module that has not been tampered with exists by referring to monitoring results received from an information security device and selects, when existence is detected, one of the monitoring modules and assumes that the selected monitoring module has been tampered with. The monitoring device then successively applies a procedure to monitoring modules other than the selected monitoring module by referring to the monitoring results, starting from the selected monitoring module, the procedure being to assume that any monitoring module determining that a monitoring module assumed to have been tampered with is normal has also been tampered with. As a result of the procedure, when all of the monitoring modules are assumed to have been tampered with the management device determines the selected monitoring module to be a normal monitoring module that has not been tampered with.

摘要翻译： 管理设备通过参考从信息安全设备接收到的监视结果来检测是否存在尚未被篡改的任何正常监视模块，并且当检测到存在时选择监视模块中的一个并假定所选监控模块已被篡改 与。 然后，监视装置依次从所选择的监视模块开始，参考监视结果，对所选择的监视模块以外的监控模块应用程序，该过程是假设任何监视模块确定监视模块被假定为被篡改 与正常也被篡改。 作为该过程的结果，当假定所有监视模块被篡改时，管理装置将所选择的监视模块确定为未被篡改的正常监视模块。

公开(公告)号：US20100180343A1

公开(公告)日：2010-07-15

申请号：US12601894

申请日：2008-11-06

申请人： Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Kaoru Yokota ,  Masao Nonaka ,  Yuji Unagami ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Marika Minagawa

发明人： Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Kaoru Yokota ,  Masao Nonaka ,  Yuji Unagami ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Marika Minagawa

IPC分类号： G06F21/22 ,  G06F11/00 ,  G06F9/445

CPC分类号： G06F21/57 ,  G06F21/51

摘要： To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations.

摘要翻译： 为了提供包括由多个安装模块组成的安装模块组（130）的软件更新装置。 每个更新模块具有从外部服务器（200）接收用于更新保护控制模块（120）的替换保护控制模块（121）的功能，所述保护控制模块具有验证预定应用是否已被 篡改。 每个安装模块同时运行由至少另一个同步运行的安装模块进行验证，以确定安装模块是否具有执行恶意操作的可能性。

公开(公告)号：US08707430B2

公开(公告)日：2014-04-22

申请号：US13089433

申请日：2011-04-19

申请人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

发明人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F11/3048 ,  G06F11/3065 ,  G06F21/12 ,  G06F21/552 ,  G06F21/6281 ,  G06F2221/2103 ,  G06F2221/2143

摘要： An information security apparatus includes a plurality of monitoring modules that monitor for tampering. A management apparatus includes a reception unit that receives a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module; a detection unit that detects an abnormality by referring to fewer than all of the received monitoring results; and an identification unit that identifies, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target of monitoring to the source of monitoring, starting from the monitoring module that generates the monitoring result related to the abnormality.

摘要翻译： 信息安全装置包括监视篡改的多个监视模块。 管理装置包括：接收单元，其接收由监视目标监视模块的源监视模块生成的多个监视结果; 检测单元，通过参照少于全部所接收到的监视结果来检测异常; 以及识别单元，其在检测到异常时识别从（i）产生与异常相关的监视结果的监视模块中被篡改的监视模块，以及（ii）由所述异常检测到的一个或多个监视模块， 从产生与异常相关的监测结果的监控模块开始，通过连续监控模块从监控目标追溯到监控源。

公开(公告)号：US20110271344A1

公开(公告)日：2011-11-03

申请号：US13143594

申请日：2010-02-15

申请人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

发明人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

IPC分类号： G06F21/00

CPC分类号： G06F21/554

摘要： A malicious-module identification device (200a) identifies and deactivates a malicious module operating in an information processing device (100a) connected thereto via a network. The malicious-module identification device is provided with a reception unit (2310) for receiving results of tampering detection from a plurality of modules for detecting tampering, a determination unit (210a) for assuming that a module among the plurality of modules is a normal module, determining, based on the assumption, whether a contradiction occurs in the received results of tampering detection, and identifying the module assumed to be a normal module as a malicious module when determining that a contradiction occurs, and a deactivation unit (2320) for outputting an instruction to deactivate the module identified as the malicious module.

摘要翻译： 恶意模块识别装置（200a）通过网络识别和去激活与其连接的信息处理装置（100a）中工作的恶意模块。 恶意模块识别装置设置有用于从多个用于检测篡改的模块接收篡改检测结果的接收单元（2310），用于假定多个模块中的模块是正常模块的确定单元（210a） 基于所述假设，确定在接收到的篡改检测结果中是否发生矛盾，以及在确定发生矛盾时将被认为是正常模块的模块识别为恶意模块;以及用于输出的停用单元（2320） 禁用标识为恶意模块的模块的指令。

公开(公告)号：US08800038B2

公开(公告)日：2014-08-05

申请号：US13375912

申请日：2011-04-15

申请人： Yuichi Futa ,  Yuji Unagami ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

发明人： Yuichi Futa ,  Yuji Unagami ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

IPC分类号： G06F11/00 ,  G06F21/55

CPC分类号： G06F21/55 ,  G06F21/57 ,  G06F2221/2123 ,  G06F2221/2143

摘要： Provided is a tampering monitoring system that can identify a monitoring module that has been tampered with among a plurality of monitoring modules. A management apparatus is provided with an acquisition unit that acquires a new monitoring module that has not been tampered with, a generation unit that generates a decoy monitoring module by modifying the acquired monitoring module, a transmission unit that transmits the decoy monitoring module to the information security device and causes the information security device to install the decoy monitoring module therein, a reception unit that receives from the information security device, after the decoy monitoring module has been installed, monitoring results generated by the monitoring modules monitoring other monitoring modules, and a determination unit that identifies, by referring to the received monitoring results, a monitoring module that determines the decoy monitoring module to be valid and determines the identified monitoring module to be invalid.

摘要翻译： 提供了可以识别在多个监视模块中被篡改的监视模块的篡改监视系统。 一种管理装置，具备获取单元，其获取未被篡改的新的监视模块;生成单元，其通过修改获取的监视模块来生成诱饵监视模块;发送单元，将所述诱饵监视模块发送到所述信息 安全装置，使信息安全装置安装诱饵监视模块，在安装了诱饵监视模块之后从信息安全装置接收监视其他监视模块的监视模块生成的监视结果的接收部，以及 确定单元，其通过参考所接收的监视结果来识别监视模块，其将所述诱饵监视模块确定为有效并且将所识别的监视模块确定为无效。

公开(公告)号：US08726374B2

公开(公告)日：2014-05-13

申请号：US13133029

申请日：2010-02-15

申请人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

发明人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

IPC分类号： H04N21/442 ,  H04N1/00 ,  G06F21/55 ,  H04L27/00

CPC分类号： H04N21/44236 ,  G06F21/55 ,  H04L2027/0034 ,  H04N1/0088

摘要： A management device detects whether any normal monitoring module that has not been tampered with exists by referring to monitoring results received from an information security device and selects, when existence is detected, one of the monitoring modules and assumes that the selected monitoring module has been tampered with. The monitoring device then successively applies a procedure to monitoring modules other than the selected monitoring module by referring to the monitoring results, starting from the selected monitoring module, the procedure being to assume that any monitoring module determining that a monitoring module assumed to have been tampered with is normal has also been tampered with. As a result of the procedure, when all of the monitoring modules are assumed to have been tampered with the management device determines the selected monitoring module to be a normal monitoring module that has not been tampered with.

摘要翻译： 管理设备通过参考从信息安全设备接收到的监视结果来检测是否存在尚未被篡改的任何正常监视模块，并且当检测到存在时选择监视模块中的一个并假定所选监控模块已被篡改 与。 然后，监视装置依次从所选择的监视模块开始，参考监视结果，对所选择的监视模块以外的监控模块应用程序，该过程是假设任何监视模块确定监视模块被假定为被篡改 与正常也被篡改。 作为该过程的结果，当假定所有监视模块被篡改时，管理装置将所选择的监视模块确定为未被篡改的正常监视模块。