JP2021043863A - Server device and program - Google Patents

Abstract

To provide a server device which does not leave a security problem alone without interfering with the use of a computer more than necessary, and provide a program.SOLUTION: In an update system 1, a server device 10 includes an acquisition unit, a processing unit, and an instruction unit. The acquisition unit acquires a version of software installed on a client device 20. The processing unit determines an evaluation value which indicates severity of vulnerability regarding the version of the software, and determines whether to update the software on the basis of the evaluation value. When it is determined not to update the software, the instruction unit does not issue an instruction to update the software to the client device 20, or issues the update instruction when it is determined to update the software.SELECTED DRAWING: Figure 1

Description

Embodiments of the present invention relate to server devices and programs.

There is a technology called secure boot in which a computer checks at startup whether the OS (operating system), application software, and other software have been tampered with, and if tampering is detected, the computer stops booting because it is unsafe. In addition, when software tampering is detected, the software is tampered with by repairing the software using software that is sure to be genuine (no tampering) stored in advance on the server or the computer. There is a technology to make it in a non-existent state.

However, in software tampering detection, there are users who judge that it is safe because it is judged that there is no software tampering and neglect to update (update). If you neglect to update, software vulnerabilities will be left unattended, which is a security problem.

For software updates, technology that automatically updates is widely used. A computer to which such a technology is applied, for example, inquires of a server or the like whether or not the installed software is updated, downloads update data if there is an update, and executes the update.

However, when updating automatically, updates are automatically executed even for those that deal with minor vulnerabilities and those that are not related to vulnerabilities for the purpose of adding new functions. Therefore, such an update may be automatically executed even if there is no or few security problems, and the computer may become unusable during that time.

Japanese Unexamined Patent Publication No. 2012-252701

"What is System Restore?", [Online], April 20, 2018, Microsoft, [Search July 17, 2019], Internet (URL: https://support.microsoft.com/en-us/help / 959063 / what-is-system-restore)

An object to be solved by an embodiment of the present invention is to provide a server device and a program that do not unnecessarily interfere with the use of a computer and do not leave a state with a security problem.

The server device of the embodiment includes an acquisition unit, a processing unit, and an instruction unit. The acquisition unit acquires the version of the software installed on the client device. The processing unit obtains an evaluation value indicating the severity of the vulnerability of the version of the software, and determines whether or not to update the software based on the evaluation value. When it is determined not to update the software, the instruction unit does not instruct the client device to update the software, and when it is determined to update the software, the instruction unit gives the update instruction.

The block diagram which shows an example of the main part circuit composition about the update system which concerns on 1st Embodiment and the component elements included in the update system. The flowchart which shows an example of the process which concerns on 1st Embodiment by the processor of the client apparatus in FIG. The flowchart which shows an example of the process which concerns on 1st Embodiment by the processor of the server apparatus in FIG. The block diagram which shows an example of the main part circuit composition about the update system which concerns on 2nd Embodiment and the component elements included in the update system. The flowchart which shows an example of the process which concerns on 2nd Embodiment by the processor of the client apparatus in FIG. The flowchart which shows an example of the process which concerns on 2nd Embodiment by the processor of the server apparatus in FIG. The flowchart which shows an example of the process which concerns on 2nd Embodiment and 3rd Embodiment by the processor of the terminal apparatus in FIG. The flowchart which shows an example of the process which concerns on 3rd Embodiment by the processor of the server apparatus in FIG.

Hereinafter, the update system according to some embodiments will be described with reference to the drawings. It should be noted that each of the drawings used in the following embodiments may be omitted in configuration for the sake of explanation. Further, in each drawing and the following description, the same reference numerals indicate similar elements.
[First Embodiment]
FIG. 1 is a block diagram showing an example of a main circuit configuration of the update system 1 and the components included in the update system 1 according to the first embodiment. The update system 1 is a system for controlling the update and repair of software installed on the client device. In addition, within the scope of this specification and claims, "update" shall include upgrade. The update system 1 includes a server device 10 and a client device 20 as an example. Although FIG. 1 shows one server device 10 and one client device 20, typically, the number of each is plural. However, in the following description, basically, one server device 10 and one client device 20 will be focused on.

The server device 10 and the client device 20 are connected to the network NW. The network NW is typically a communication network that includes the Internet. The network NW is typically a communication network including a WAN (wide area network). The network NW may be a communication network including a private network such as an intranet. The network NW may be a communication network including a LAN (local area network). Further, the network NW may be a communication network including a public switched telephone network and a public mobile phone network.

As an example, the server device 10 includes a processor 11, a ROM (read-only memory) 12, a RAM (random-access memory) 13, an auxiliary storage device 14, and a communication interface 15. Then, a bus 16 or the like connects each of these parts.

The processor 11 corresponds to a central part of a computer that performs processing such as calculation and control necessary for the operation of the server device 10. The processor 11 controls each unit in order to realize various functions of the server device 10 based on programs such as firmware, system software, and application software stored in the ROM 12 or the auxiliary storage device 14. A part or all of the program may be incorporated in the circuit of the processor 11. The processor 11 includes, for example, a CPU (central processing unit), an MPU (micro processing unit), a SoC (system on a chip), a DSP (digital signal processor), a GPU (graphics processing unit), an ASIC (application specific integrated circuit), and the like. PLD (programmable logic device) or FPGA (field-programmable gate array). Alternatively, the processor 11 is a combination of a plurality of these.

The ROM 12 corresponds to the main storage device of a computer centered on the processor 11. The ROM 12 is a non-volatile memory used exclusively for reading data. The ROM 12 stores, for example, firmware among the above programs. Further, the ROM 12 stores data or various set values used by the processor 11 for performing various processes.

The RAM 13 corresponds to the main storage device of a computer centered on the processor 11. The RAM 13 is a memory used for reading and writing data. The RAM 13 is used as a so-called work area or the like for storing data temporarily used by the processor 11 for performing various processes. The RAM 13 is typically a volatile memory.

The auxiliary storage device 14 corresponds to an auxiliary storage device of a computer centered on the processor 11. The auxiliary storage device 14 is, for example, an EEPROM (electric erasable programmable read-only memory), an HDD (hard disk drive), a flash memory, or the like. The auxiliary storage device 14 stores, for example, system software and application software among the above programs. Further, the auxiliary storage device 14 stores data used by the processor 11 for performing various processes, data generated by the processes of the processor 11, various setting values, and the like.

Further, the auxiliary storage device 14 stores the software DB (database) 141.
The software DB 141 stores and manages information about each software installed in the client device 20. The software DB 141 stores and manages data related to the vulnerabilities of each software. The software DB 141 stores and manages update data of each software. Further, the software DB 141 stores the hash value of the data of each version of the software. Further, the software DB 141 stores data that is certain to be genuine for each version of the software.

The program stored in the ROM 12 or the auxiliary storage device 14 includes a program for executing a process described later. As an example, the server device 10 is transferred to a user or an administrator of the server device 10 in a state where the program is not stored in the ROM 12 or the auxiliary storage device 14. Then, the program separately transferred to the user or administrator is written to the auxiliary storage device 14 under the operation of the user or administrator. However, the server device 10 may be transferred to the user, the administrator, or the like with the program stored in the ROM 12 or the auxiliary storage device 14. The transfer of the above-mentioned program can be realized, for example, by recording on a removable storage medium such as a magnetic disk, a magneto-optical disk, an optical disk, or a semiconductor memory, or by downloading via a network NW or the like.

The communication interface 15 is an interface for the server device 10 to communicate via a network NW or the like.

The bus 16 includes a control bus, an address bus, a data bus, and the like, and transmits signals sent and received by each part of the server device 10.

The client device 20 is, for example, a PC (personal computer), a server, a POS (point of sale) terminal, an office device, an industrial computer, an embedded device, an IoT device, or the like. As an example, the client device 20 includes a processor 21, a ROM 22, a RAM 23, an auxiliary storage device 24, a communication interface 25, a display device 26, and an input device 27. Then, a bus 28 or the like connects each of these parts.

The processor 21 corresponds to a central part of a computer that performs processing such as calculation and control necessary for the operation of the client device 20. The processor 21 controls each unit to realize various functions of the client device 20 based on programs such as firmware, system software, and application software stored in the ROM 22 or the auxiliary storage device 24. A part or all of the program may be incorporated in the circuit of the processor 21. The processor 21 is, for example, a CPU, MPU, SoC, DSP, GPU, ASIC, PLD, FPGA, or the like. Alternatively, the processor 21 is a combination of a plurality of these.

The ROM 22 corresponds to the main storage device of a computer centered on the processor 21. The ROM 22 is a non-volatile memory used exclusively for reading data. The ROM 22 stores, for example, firmware among the above programs. The ROM 22 also stores data or various set values used by the processor 21 to perform various processes.

The RAM 23 corresponds to the main storage device of a computer centered on the processor 21. The RAM 23 is a memory used for reading and writing data. The RAM 23 is used as a so-called work area or the like for storing data temporarily used by the processor 21 for performing various processes. The RAM 23 is typically a volatile memory.

The auxiliary storage device 24 corresponds to an auxiliary storage device of a computer centered on the processor 21. The auxiliary storage device 24 is, for example, an EEPROM, an HDD, a flash memory, or the like. The auxiliary storage device 24 stores, for example, system software such as an OS and application software among the above programs. Further, the auxiliary storage device 24 stores data used by the processor 21 for performing various processes, data generated by the processes of the processor 21, various setting values, and the like.

The program stored in the ROM 22 or the auxiliary storage device 24 includes a program for executing a process described later. As an example, the client device 20 is transferred to a user or an administrator of the client device 20 in a state where the program is not stored in the ROM 22 or the auxiliary storage device 24. Then, the program separately transferred to the user or administrator is written to the auxiliary storage device 24 under the operation of the user or administrator. However, the client device 20 may be transferred to the user, the administrator, or the like with the program stored in the ROM 22 or the auxiliary storage device 24. The transfer of the above-mentioned program can be realized, for example, by recording on a removable storage medium such as a magnetic disk, a magneto-optical disk, an optical disk, or a semiconductor memory, or by downloading via a network NW or the like.

The communication interface 25 is an interface for the client device 20 to communicate via the network NW or the like.

The display device 26 displays a screen for notifying the operator of the client device 20 of various information. The display device 26 is, for example, a display such as a liquid crystal display or an organic EL (electro-luminescence) display.

The input device 27 accepts an operation by the operator of the client device 20. The input device 27 is, for example, a keyboard, keypad, touchpad, mouse, or the like. A touch panel can also be used as the display device 26 and the input device 27. That is, the display panel provided on the touch panel can be used as the display device 26. Then, a touch input pointing device provided on the touch panel can be used as the input device 27.

The bus 28 includes a control bus, an address bus, a data bus, and the like, and transmits signals sent and received by each part of the client device 20.

Hereinafter, the operation of the update system 1 according to the first embodiment will be described with reference to FIGS. 2 and 3. The content of the process in the following operation description is an example, and various processes capable of obtaining similar results can be appropriately used. FIG. 2 is a flowchart showing an example of processing by the processor 21 of the client device 20. The processor 21 executes this process based on, for example, a program included in the OS stored in the auxiliary storage device 24. FIG. 3 is a flowchart showing an example of processing by the processor 11 of the server device 10. The processor 11 executes this process based on, for example, a program stored in the ROM 12 or the auxiliary storage device 14.

The client device 20 loads the OS using a boot loader, for example, when the power is turned on. The processor 21 of the client device 20 starts the process shown in FIG. 2, for example, when the loaded OS starts executing.

In the ACT 12, the processor 21 acquires version information indicating the versions of the OS, application software, and other software installed in the client device 20. The version information is included in each software, for example.

In the ACT 13, the processor 21 acquires the hash values of the OS, application software, and other software installed in the client device 20. For example, the processor 21 acquires a hash value by calculating a hash value using a part or all of the data of each software as an input value.

In the ACT 11 of FIG. 2, the processor 21 performs the OS startup process halfway. Here, the processor 21 performs the OS startup process at least until the stage where the processes of ACT 14 to ACT 18 shown below can be executed.

In the ACT 14, the processor 21 generates software information. The software information includes various information about the OS, application software, and other software installed in the client device 20. The various information includes the version information acquired by ACT12 and the hash value acquired by ACT13. After generating the software information, the processor 21 instructs the communication interface 25 to transmit the software information to the server device 10. In response to this transmission instruction, the communication interface 25 transmits the software information to the server device 10. The transmitted software information is received by the communication interface 15 of the server device 10.

On the other hand, in the ACT 31 of FIG. 3, the processor 11 of the server device 10 waits for the software information to be received by the communication interface 15. When the software information is received, the processor 11 determines Yes in the ACT 31 and proceeds to the ACT 32. The software information received here is hereinafter referred to as "received software information".
Software information includes version information. Therefore, the processor 11 functions as an acquisition unit that acquires the version of the software installed in the client device by receiving the software information in cooperation with the communication interface 15. The software information also includes a hash value. Therefore, the processor 11 functions as an acquisition unit that acquires a hash value by receiving software information in cooperation with the communication interface 15.

In the ACT 32, the processor 11 selects one of the software whose received software information includes the hash value and the version information. However, the processor 11 selects software that has not yet been selected from the software. The software selected last in the processing of ACT32 is hereinafter referred to as "target software". The processor 11 performs the processes of ACT 33 to ACT 36 described below for the target software.

In the ACT 33, the processor 11 checks the consistency of the target software installed in the client device 20 by using the hash value and the version information of the target software included in the received software information. For this purpose, the processor 11 refers to the software DB and acquires a hash value corresponding to the version information included in the received software information. Then, the processor 11 determines whether or not the hash value included in the received software information and the hash value acquired from the software DB are the same.
Therefore, the processor 11 functions as a processing unit for detecting an error in data by performing the processing of the ACT 33.

In the ACT 34, the processor 11 determines whether or not an error has been detected in the data of the target software as a result of the processing of the ACT 33. The processor 11 determines that the data of the target software has an error when the hash values are not the same by the processing of the ACT 33. An error in the data of the target software occurs, for example, due to falsification or damage of the data. If the processor 11 detects an error in the data of the target software, the processor 11 determines Yes in the ACT 34 and proceeds to the ACT 35.

In the ACT 35, the processor 11 generates repair instruction information. The repair instruction information is information for instructing the client device 20 to repair the target software. The repair instruction information includes data necessary for repairing the target software and information indicating the repair method.
In the ACT 36, the processor 11 associates the target software with the repair instruction information and registers it in the repair list. The repair list is a list of target software that needs to be repaired.

The processor 11 proceeds to the ACT 37 after the processing of the ACT 36. If the processor 11 has not detected an error in the data of the target software, the processor 11 determines No in the ACT 34 and proceeds to the ACT 37.

In the ACT 37, the processor 21 determines if there is software that has not yet been selected in the processing of the ACT 32. If there is software that has not yet been selected, the processor 21 determines Yes in the ACT 37 and proceeds to the ACT 32. Thus, the processor 31 performs the processes of ACT32 to ACT36 for each of the software whose received software information includes the hash value and the version information. On the other hand, if there is no software that has not been selected yet, the processor 21 determines No in the ACT 37 and proceeds to the ACT 38.

In the ACT 38, the processor 11 evaluates the vulnerabilities of the client device 20 and the software installed in the client device 20 by using the version information of each software included in the received software information. For example, the processor 11 evaluates the vulnerability of each software from the version information of each software included in the receiving software and shows it as a numerical value (hereinafter referred to as "software vulnerability point"). Then, the processor 11 obtains, for example, a numerical value (hereinafter referred to as "client vulnerability point") indicating the vulnerability of the quatant device from the software vulnerability point of each software. For example, the processor 11 uses a numerical value obtained by adding the software vulnerability points of each software as a client vulnerability point. The software vulnerability point and client vulnerability point indicate the severity of the vulnerability as a numerical value. Here, the larger the numerical value, the higher the severity of the vulnerability (the greater the security problem). It shall be shown. On the contrary, it can be said that the smaller the numerical value of the software vulnerability point and the client vulnerability point, the higher the degree of security. Software vulnerability points and client vulnerability points are examples of evaluation values that indicate the severity of vulnerabilities.
In order to evaluate software vulnerabilities, the processor 11 uses a vulnerability information database such as JVN (Japan Vulnerability Notes) based on information such as the vendor name (software creator name), name and version of the software. By referring to it, you can find out what kind of vulnerabilities the software has. Then, the processor 11 examines the severity value by the CVSS (Common Vulnerability Scoring System) for each of the software vulnerabilities. Further, the processor 11 sets the maximum value among the values of the severity of the vulnerability as the vulnerability point of the software. Alternatively, the processor 11 sets the sum of all the values of the severity of the vulnerability as the vulnerability point of the software.
Further, the processor 11 may evaluate the vulnerability in consideration of the influence of the combination of two or more types of software. For example, the processor 11 evaluates a vulnerability in consideration of the fact that the severity of the vulnerability increases when a specific version of the specific software is combined with a specific version of software other than the specific software.

In the ACT 39, the processor 11 determines whether or not the software installed on the client device 20 needs to be updated. The processor 11 determines, for example, that the update is necessary when the client device 20 or the software installed in the client device 20 is highly vulnerable. For this purpose, the processor 11 determines, for example, that the update is necessary if the client vulnerability point is equal to or higher than the threshold value T1. Alternatively, the processor 11 determines that the update is necessary when there is software whose client vulnerability point is the threshold value T1 or higher and the software vulnerability point of any software is the threshold value T2 or higher. Although the client vulnerability point is less than the threshold value T1, the processor 11 may determine that the update is necessary even when the software vulnerability point of any software is the threshold value T3 or more. If the processor 11 determines that the update is necessary, the processor 11 determines Yes in the ACT 39 and proceeds to the ACT 40.
The processor 11 functions as a processing unit that determines whether or not to update the software based on the evaluation value by performing the processing of the ACT 39.

In the ACT 40, the processor 11 generates update instruction information. The update instruction information includes information for instructing the client device 20 to update the software. In addition, the update instruction information includes update data necessary for updating the software. The processor 11 determines which of the software installed in the client device 20 is to be updated in order to generate the update instruction information. For example, the processor 11 targets software having a certain number of software vulnerability points or more. For example, the processor 11 preferentially updates those having a high software vulnerability point. For example, the processor 11 determines the software to be updated so that the client vulnerability point after the update is the threshold value T3 or less. For example, the processor 11 gives priority to software with high dependence as an update target. Here, the dependency indicates how many softwares refer to it. For example, the processor 11 lowers the priority of updating software that takes a long time to update and has a large data size of update data. In this way, the processor 11 determines the update target in consideration of various factors. For example, even if the software has a low software vulnerability point, the processor 11 can be postponed if the data size of the update data is large, and can be targeted for update if the data size of the update data is small. However, the processor 11 may target all software that can be updated. When determining the update target as described above, the processor 11 does not target the update target if it cannot be updated due to the latest software version or the like. Further, the processor 11 may be an update target for a predetermined specific software regardless of the software vulnerability point.
The processor 11 generates update instruction information including the information instructing to update the software determined as the update target and the update data to be updated as described above.

If the processor 11 does not determine that the software installed in the client device 20 needs to be updated, the processor 11 determines No in the ACT 39 and proceeds to the ACT 41.
In ACT 41, processor 11 determines if the repair list is empty. If the repair list is not empty, that is, if one or more softwares are registered in the repair list, the processor 11 determines No in the ACT 41 and proceeds to the ACT 42. Further, the processor 11 proceeds to the ACT 42 after the processing of the ACT 40.

In the ACT 42, the processor 11 generates instruction information. The instruction information includes at least one of update instruction information and repair instruction information. When the processor 11 proceeds from the ACT 40 to the ACT 42, that is, when the update instruction information is generated by the ACT 42, the processor 11 includes the update instruction information in the instruction information. Further, if the repair list is not empty, the processor 11 includes the repair instruction information associated with the software registered in the repair list in the instruction information. After generating the instruction information, the processor 11 instructs the communication interface 15 to transmit the instruction information to the client device 20. In response to this transmission instruction, the communication interface 15 transmits the instruction information to the client device 20. The transmitted instruction information is received by the communication interface 25 of the client device 20. The processor 11 proceeds to the ACT 31 after the processing of the ACT 42. When returning to the ACT 31, the processor 11 resets the repair list so that the software is not registered.

On the other hand, in the ACT 15 of FIG. 2, the processor 21 of the client device 20 determines whether or not the activation permission information has been received by the communication interface 25. If the activation permission information is not received, the processor 21 determines No in ACT15 and proceeds to ACT16. The activation permission information will be described later.

In the ACT 16, the processor 21 determines whether or not the instruction information has been received by the communication interface 25. If the instruction information is not received, the processor 21 determines No in the ACT 16 and returns to the ACT 15. Thus, the processor 21 repeats ACT 15 and ACT 16 until the activation permission information or instruction information is received.

If the instruction information is received while the ACT 15 and the ACT 16 are in the standby state, the processor 21 determines Yes in the ACT 16 and proceeds to the ACT 17.

In the ACT 17, the processor 21 determines whether or not the instruction information received in the ACT 16 includes the repair instruction information. If the instruction information includes the repair instruction information, the processor 21 determines Yes in the ACT 17 and proceeds to the ACT 18.

In the ACT 18, the processor 21 repairs the installed software based on the repair instruction information included in the instruction information.

The processor 21 proceeds to ACT 19 after processing ACT 18. If the instruction information does not include the repair instruction information, the processor 21 determines No in the ACT 17 and proceeds to the ACT 19.
In the ACT 19, the processor 21 determines whether or not the instruction information received in the ACT 16 includes the update instruction information. If the instruction information includes the update instruction information, the processor 21 determines Yes in the ACT 19 and proceeds to the ACT 20.

In the ACT 20, the processor 21 updates the installed software based on the update instruction information included in the instruction information.

The processor 21 proceeds to the ACT 21 after the processing of the ACT 20. If the instruction information does not include the update instruction information, the processor 21 determines No in the ACT 19 and proceeds to the ACT 21.
In the ACT 21, the processor 21 executes the continuation of the OS startup process that is being executed halfway, and completes the startup process. The processor 21 ends the process shown in FIG. 2 after the process of the ACT 21.

On the other hand, if the repair list is empty, the processor 11 determines Yes in the ACT 41 of FIG. 3 and proceeds to the ACT 43.

In the ACT 43, the processor 11 instructs the communication interface 15 to transmit the activation permission information to the auxiliary storage device 14. The start permission information notifies the client device 20 that the start may be completed without updating and repairing the software. In response to this transmission instruction, the communication interface 15 transmits the activation permission information to the auxiliary storage device 14. The transmitted activation permission information is received by the auxiliary storage device 14. The processor 11 returns to the ACT 31 after the processing of the ACT 43.
From the above, the processor 11 determines whether or not to transmit the update instruction information according to the processing result of the ACT 39. Therefore, the processor 11 cooperates with the communication interface 15 to function as an instruction unit that does not give an update instruction when it decides not to update the software, and gives an update instruction when it decides to update the software. Further, the processor 11 cooperates with the communication interface 15 and functions as an instruction unit for instructing the client device 20 to repair the software when an error is detected in the data.

On the other hand, if the activation permission information is received while the ACT 15 and ACT 16 in FIG. 2 are in the standby state, the processor 21 of the client device 20 determines Yes in the ACT 15 and proceeds to the ACT 21.

According to the update system 1 of the first embodiment, whether or not the server device 10 instructs the client device 20 to update the software according to the severity of the vulnerability of the software installed in the client device 20. decide. Since it takes time to update the software, the client device 20 cannot be used during that time. Therefore, the server device 10 does not unnecessarily hinder the use of the client device 20 by not instructing the update when the severity of the vulnerability is lower than the predetermined value. Further, when the severity of the vulnerability is higher than the predetermined value, the server device 10 gives an instruction to update the software, so that the state having a security problem is not left unattended.

Further, according to the update system 1 of the first embodiment, the server device 10 does not give an update instruction when the software vulnerability point or the client vulnerability point is less than the threshold value. As a result, the server device 10 does not cause the client device 20 to perform updates more than necessary.

Further, according to the update system 1 of the first embodiment, the server device 10 determines whether or not to instruct the update based on the time required for the update. When the time required for the update is short, the time for hindering the use of the client device 20 is also short, so that the security can be improved by updating regardless of the severity of the vulnerability.

Further, in the update system 1 of the first embodiment, when the server device 10 detects an error in the data in the software installed in the client device 20, the server device 10 instructs the client device 20 to repair the data. This improves the security of the client device 20.

[Second Embodiment]
FIG. 4 is a block diagram showing an example of a main circuit configuration of the update system 1b and the components included in the update system 1b according to the second embodiment.
The update system 1b of the second embodiment is particularly suitable for a client device 20 that requires work by a serviceman or the like to update or repair software. Examples of such a client device 20 include some IoT (internet of things) devices and control devices. The update system 1b includes the server device 10 and the client device 20 as in the update 1 system of the first embodiment. Further, the update system 1b includes a terminal device 30.

The terminal device 30 is, for example, a smart phone or a PC. As an example, the terminal device 30 includes a processor 31, a ROM 32, a RAM 33, an auxiliary storage device 34, a communication interface 35, and a touch panel 36. Then, a bus 37 or the like connects each of these parts.

The processor 31 corresponds to a central part of a computer that performs processing such as calculation and control necessary for the operation of the terminal device 30. The processor 31 controls each unit in order to realize various functions of the terminal device 30 based on a program such as firmware, system software, and application software stored in the ROM 32 or the auxiliary storage device 34 or the like. A part or all of the program may be incorporated in the circuit of the processor 31. The processor 31 is, for example, a CPU, MPU, SoC, DSP, GPU, ASIC, PLD, FPGA, or the like. Alternatively, the processor 31 is a combination of a plurality of these.

The ROM 32 corresponds to the main storage device of a computer centered on the processor 31. The ROM 32 is a non-volatile memory used exclusively for reading data. The ROM 32 stores, for example, firmware among the above programs. The ROM 32 also stores data or various set values used by the processor 31 to perform various processes.

The RAM 33 corresponds to the main storage device of a computer centered on the processor 31. The RAM 33 is a memory used for reading and writing data. The RAM 33 is used as a so-called work area or the like for storing data temporarily used by the processor 31 for performing various processes. The RAM 33 is typically a volatile memory.

The auxiliary storage device 34 corresponds to an auxiliary storage device of a computer centered on the processor 31. The auxiliary storage device 34 is, for example, an EEPROM, an HDD, a flash memory, or the like. The auxiliary storage device 34 stores, for example, system software and application software among the above programs. Further, the auxiliary storage device 34 stores data used by the processor 31 for performing various processes, data generated by the processes of the processor 31, various setting values, and the like.

The program stored in the ROM 32 or the auxiliary storage device 34 includes a program for executing a process described later. As an example, the terminal device 30 is transferred to a user or an administrator of the terminal device 30 in a state where the program is not stored in the ROM 32 or the auxiliary storage device 34. Then, the program separately transferred to the user or administrator is written to the auxiliary storage device 34 under the operation of the user or administrator. However, the terminal device 30 may be transferred to the user, the administrator, or the like with the program stored in the ROM 32 or the auxiliary storage device 34. The transfer of the above-mentioned program can be realized, for example, by recording on a removable storage medium such as a magnetic disk, a magneto-optical disk, an optical disk, or a semiconductor memory, or by downloading via a network NW or the like.

The communication interface 35 is an interface for the terminal device 30 to communicate via the network NW or the like.

The touch panel 36 is a stack of a display such as a liquid crystal display or an organic EL display and a pointing device by touch input. The display included in the touch panel 36 functions as a display device for displaying a screen for notifying the operator of the terminal device 30 of various information. Further, the touch panel 36 functions as an input device that accepts a touch operation by the operator.

The bus 37 includes a control bus, an address bus, a data bus, and the like, and transmits signals transmitted and received by each part of the terminal device 30.

In the second embodiment, the server device 10 stores the installation location information and the contact information of the client device 20 in the auxiliary storage device 14 or the like. The server device 10 stores, for example, the client ID, the installation location information, and the contact information in association with each other. The client ID is identification information uniquely assigned to each client device 20. The installation location information is information indicating the installation location of the client device 20. The installation location information includes, for example, the address of the location where the client device 20 is installed. Further, the contact information is information indicating the contact information of the user or the administrator who is using the client device 20.

Hereinafter, the operation of the update system 1b according to the second embodiment will be described with reference to FIGS. 5 and 6. The content of the process in the following operation description is an example, and various processes capable of obtaining similar results can be appropriately used. FIG. 5 is a flowchart showing an example of processing by the processor 21 of the client device 20. The processor 21 executes this process based on, for example, a program included in the OS stored in the auxiliary storage device 24. FIG. 6 is a flowchart showing an example of processing by the processor 11 of the server device 10. The processor 11 executes this process based on, for example, a program stored in the ROM 12 or the auxiliary storage device 14. FIG. 7 is a flowchart showing an example of processing by the processor 31 of the terminal device 30. The processor 31 executes this process based on a program stored in, for example, the ROM 32 or the auxiliary storage device 34.

In the second embodiment, the processor 11 of the server device 10 proceeds to the ACT 61 after the processing of the ACT 40 of FIG. If the processor 11 determines No in the ACT 41, the processor 11 proceeds to the ACT 61.
In the ACT 61, the processor 11 generates notification information. The notification information notifies the client device 20 that at least one of repair and update is required for the software installed on the client device 20. When the processor 11 proceeds from the ACT 40 to the ACT 61, the processor 11 generates notification information as a notification that the software installed in the client device 20 needs to be updated. Further, if the repair list is not empty, the processor 11 generates notification information as a notification that the software installed on the client device 20 needs to be repaired. After generating the notification information, the processor 11 instructs the communication interface 15 to transmit the notification information to the client device 20. In response to this transmission instruction, the communication interface 15 transmits the notification information to the client device 20. The transmitted notification information is received by the communication interface 25 of the client device 20.

On the other hand, in the second embodiment, the processor 21 of the client device 20 proceeds to the ACT 51 if it is determined to be No in the process of the ACT 15 of FIG.
In the ACT 51, the processor 21 determines whether or not the notification information has been received by the communication interface 25. If the notification information is not received, the processor 21 determines No in the ACT 51 and returns to the ACT 15. Thus, the processor 21 repeats ACT 15 and ACT 51 until the activation permission information or notification information is received.
If the activation permission information is received while the ACT 15 and the ACT 51 are in the standby state, the processor 21 determines Yes in the ACT 15 and proceeds to the ACT 21.

If the notification information is received while the ACT 15 and the ACT 51 are in the standby state, the processor 21 determines Yes in the ACT 51 and proceeds to the ACT 52.
In the ACT 52, the processor 21 generates an image corresponding to the notification screen. Then, the processor 21 instructs the display device 26 to display this generated image. Upon receiving the display instruction, the display device 26 displays the notification screen.
The notification screen is a screen for notifying the operator of the client device 20 that at least one of repair and update is required for the software installed in the client device 20. The notification screen includes an image indicating that the software needs to be repaired when the notification information received by the ACT 51 indicates that the software needs to be repaired. A character string or the like is also a type of image. In addition, the notification screen includes an image indicating that the software needs to be updated when the notification information indicates that the software needs to be updated. Further, the notification screen includes a start / stop button and a start button. The start / stop button is a button for the operator of the client device 20 to operate when instructing the client device 20 to stop starting the OS. The start button is a button for the operator to operate when instructing the client device 20 to continue starting the OS.

In the ACT 53, the processor 21 determines whether or not an operation instructing the OS to stop booting has been performed. That is, the processor 21 determines whether or not a predetermined operation such as operating the start / stop button has been performed. If the operation for instructing the OS to stop booting is not performed, the processor 21 determines No in the ACT 53 and proceeds to the ACT 54.

In the ACT 54, the processor 21 determines whether or not an operation instructing the OS to continue booting has been performed. That is, the processor 21 determines whether or not a predetermined operation such as operating the start button has been performed. If the operation instructing the OS to continue booting is not performed, the processor 21 determines No in the ACT 54 and returns to the ACT 53. Thus, the processor 21 repeats ACT53 and ACT54 until an operation instructing the OS to stop booting is performed or an operation instructing the OS to continue booting is performed.

If the processor 21 performs an operation instructing the OS to stop starting while the ACT 53 and the ACT 54 are in the standby state, the processor 21 determines Yes in the ACT 53 and proceeds to the ACT 55.

In the ACT 55, the processor 21 stops booting the OS. Then, the processor 21 shuts down, for example, the client device 20. After the processing of the ACT 55, the processor 21 ends the processing shown in FIG.

If the processor 21 performs an operation instructing the OS to continue starting while the ACT 53 and the ACT 54 are in the standby state, the processor 21 determines Yes in the ACT 54 and proceeds to the ACT 21.

On the other hand, in the ACT 62 of FIG. 6, the processor 11 of the server device 10 generates a serviceman notification. The serviceman notification is transmitted to notify the serviceman that at least one of repairs and updates is required for the software installed on the client device 20. The serviceman notification includes at least one of update instruction information and repair instruction information. When the processor 11 proceeds from ACT 40 to ACT 61, that is, when the update instruction information is generated by the ACT 42, the processor 11 includes the update instruction information in the instruction information. Further, if the repair list is not empty, the processor 11 includes the repair instruction information associated with the software registered in the repair list in the serviceman notification. Further, the serviceman notification includes installation location information and contact information about the client device 20. After generating the serviceman notification, the processor 11 instructs the communication interface 15 to transmit the serviceman notification to the terminal device 30. In response to this transmission instruction, the communication interface 15 transmits the serviceman notification to the terminal device 30. The transmitted serviceman notification is received by the communication interface 35 of the terminal device 30. The processor 11 returns to the ACT 31 after the processing of the ACT 62.
The processor 11 functions as a transmission unit that transmits a serviceman notification in cooperation with the communication interface 15 to transmit information instructing the software to be updated to the terminal device used by the serviceman.

On the other hand, in the ACT 71 of FIG. 7, the processor 31 of the terminal device 30 waits for the serviceman notification to be received by the communication interface 35. When the serviceman notification is received, the processor 31 determines Yes in the ACT 71 and proceeds to the ACT 72.

In the ACT 72, the processor 31 executes a notification operation for notifying the serviceman using the terminal device 30 that at least one of repair and update is required for the software installed in the client device 20. To do. The processor 31 outputs sound from a speaker or the like as a notification operation, for example. Further, the processor 31 vibrates the vibrator built in the terminal device 30 as a notification operation, for example. Further, the processor 31 causes, for example, display a notification screen on the touch panel 36 indicating that there is a client device 20 that requires at least one of repair and update of the installed software. The processor 31 returns to the ACT 71 after processing the ACT 72.

When the serviceman notification received by the ACT 71 includes update instruction information, the notification screen includes an image indicating that the software installed on the client device 20 needs to be updated. When the serviceman notification includes repair instruction information, the notification screen includes an image indicating that the software installed on the client device 20 needs to be repaired. Further, the notification screen includes an image showing the installation location indicated by the installation location information and the contact information indicated by the contact information for the client device 20.

The serviceman sees the information displayed on the notification screen and performs at least one of updating and repairing the software installed on the client device 20. For this purpose, the serviceman takes actions such as contacting the contact indicated by the contact information and heading to the installation location indicated by the installation location information. Then, for example, the serviceman performs maintenance of the client device 20 in order to update or repair the software installed in the client device 20 based on the repair instruction information and the update instruction information.

According to the update system 1b of the second embodiment, the server device 10 can obtain the same effect as that of the first embodiment even for the client device 20 that requires a serviceman.

[Third Embodiment]
Since the configuration of the update system 1b of the third embodiment is the same as that of the second embodiment, the description thereof will be omitted.

In the third embodiment, the server device 10 stores the version information of the installed OS, application software, and other software for each client device 20 in the auxiliary storage device 14 and the like. The server device 10 stores the version information in association with the client ID, for example.
The processor 11 of the server device 10 stores, for example, the version information transmitted from the client device 20. Alternatively, the processor 11 of the server device 10 stores the version information input by, for example, an operation by a serviceman or the like.

Hereinafter, the operation of the update system 1b according to the third embodiment will be described with reference to FIG. The content of the process in the following operation description is an example, and various processes capable of obtaining similar results can be appropriately used. FIG. 8 is a flowchart showing an example of processing by the processor 11 of the server device 10. The processor 11 executes this process based on, for example, a program stored in the ROM 12 or the auxiliary storage device 14.

In the ACT 81, the processor 11 determines whether or not to start the update process. The update process is a process of determining whether or not the software installed in the client device 20 needs to be updated, and executing an operation for updating the software when it is determined that the software needs to be updated. The processor 11 determines, for example, to start the update process at a specific date and time in order to execute the update process on a regular basis. Further, the processor 11 may determine that the software installed on the client device 20 starts the update process when new update data is added, that is, when a new version of the software is released. If the processor 11 does not determine that the update process is to be started, the processor 11 determines No in the ACT81 and repeats the ACT81. On the other hand, if the processor 11 determines that the update process is to be started, the processor 11 determines Yes in the ACT 81 and proceeds to the ACT 38.
The processor 11 performs the processing of the ACT 81 for each client device 20, and executes the processing after the ACT 81 for each of the target client devices 20 determined to be Yes in the processing of the ACT 81.

In the third embodiment, the processor 11 acquires and uses the version information stored in the auxiliary storage device 14 or the like in place of the version information of each software included in the received software information in the ACT 38.
Therefore, the processor 11 functions as an acquisition unit for acquiring the version of the software installed in the client device by acquiring the version information stored in the auxiliary storage device 14 or the like.

In the third embodiment, if the processor 11 determines No in the processing of the ACT 39, the processor 11 returns to the ACT 81. Further, in the third embodiment, the processor 11 proceeds to the ACT 82 after the processing of the ACT 40.

In the ACT 82, the processor 11 determines whether or not to cause the client device 20 to execute the automatic update. The server device 10 stores, for example, whether or not to execute an automatic update for each client device 20 as a setting or the like. The processor 11 determines whether or not to execute the automatic update based on the setting. The setting is, for example, a setting for executing automatic update if the client device 20 can be automatically updated. Further, for example, if a serviceman is required to update the software installed in the client device 20, the setting is set so that the automatic update is not executed. If the processor 11 determines that the automatic update is to be executed, the processor 11 determines Yes in the ACT 82 and proceeds to the ACT 83.

In the ACT 83, the processor 11 generates instruction information. However, the instruction information generated in the ACT 83 includes the update instruction information. After generating the instruction information, the processor 11 instructs the communication interface 15 to transmit the instruction information to the client device 20. In response to this transmission instruction, the communication interface 15 transmits the instruction information to the client device 20. The transmitted instruction information is received by the communication interface 25 of the client device 20. The processor 11 returns to the ACT 81 after processing the ACT 83.
On the other hand, the client device 20 that has received the instruction information here performs the same processing as the ACT 20 of FIG. 2 of the first embodiment.

On the other hand, if the processor 11 does not determine to execute the automatic update, it determines No in the ACT 82 of FIG. 8 and proceeds to the ACT 84.

In the ACT 84, the processor 11 generates a serviceman notification. However, the serviceman notification generated in the ACT 84 is transmitted to notify the serviceman that the software installed in the client device 20 needs to be updated. Further, the serviceman notification generated in the ACT 84 includes update instruction information. After generating the serviceman notification, the processor 11 instructs the communication interface 15 to transmit the serviceman notification to the terminal device 30. In response to this transmission instruction, the communication interface 15 transmits the serviceman notification to the terminal device 30. The transmitted serviceman notification is received by the communication interface 35 of the terminal device 30. The processor 11 returns to the ACT 81 after processing the ACT 84.
On the other hand, the terminal device 30 that has received the serviceman notification here performs the same processing as the ACT 72 of FIG. 7 of the second embodiment. However, here, the processor 31 of the terminal device 30 executes a notification operation for notifying the serviceman that the software installed in the client device 20 needs to be updated.

According to the update system 1b of the third embodiment, the server device 10 cancels the periodic update when the severity of the vulnerability is lower than the predetermined value. As a result, the server device 10 does not interfere with the use of the client device 20 more than necessary.

The above-mentioned first to third embodiments can be modified as follows.
In the first embodiment and the second embodiment, the update system 1 performs processing such as transmission of software information, repair processing, and update processing when the OS of the client device 20 is started. However, the update system 1 may perform the same processing when the application software of the client device 20 is started.

In the first embodiment and the second embodiment, the processor 11 of the server device 10 performed the consistency check of the target software using the hash value. However, the processor 11 is not limited to the hash value, and uses, for example, the file size of the target software, the creation date and time, the modification date and time, the checksum, the hash value, other feature information indicating the characteristics of the target software, or a plurality of these. You may perform a consistency check. Then, the processor 11 determines that an error has been detected in the data when the feature information is not the same in the consistency check.

The software DB does not have to store the hash value. In this case, the processor 11 calculates the hash value from software data that is certain to be genuine.

In the second and third embodiments, the notification information includes data necessary for updating and repairing. However, the update system of the embodiment may be in a form in which a serviceman separately acquires data necessary for updating and repairing from the server device 10.

The processor 11, the processor 21, and the processor 31 may realize a part or all of the processing realized by the program in the above embodiment by the hardware configuration of the circuit.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other embodiments, and various omissions, replacements, and changes can be made without departing from the gist of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are also included in the scope of the invention described in the claims and the equivalent scope thereof.

1,1b ... Update system, 10 ... Server device, 11,21,31 ... Processor, 12,22,32 ... ROM, 13,23,33 ... RAM, 14,24,34 ... Auxiliary storage Device, 15, 25, 35 ... Communication interface, 16, 28, 37 ... Bus, 20 ... Client device, 26 ... Display device, 27 ... Input device, 30 ... Terminal device, 36 ... Touch panel, 141 …… Software DB

Claims (6)

An acquisition unit that acquires the version of the software installed on the client device,
A processing unit that obtains an evaluation value indicating the severity of the vulnerability of the version of the software and determines whether or not to update the software based on the evaluation value.
A server device including an instruction unit that does not instruct the client device to update the software when it is determined not to update the software, and gives an instruction to update the software when it is determined to update the software. The acquisition unit acquires feature information indicating the features of the software, and obtains the feature information.
The processing unit detects an error in the data of the software using the feature information, and detects an error in the data of the software.
The server device according to claim 1, wherein the instruction unit instructs the client device to repair the software when an error is detected in the data. The server device according to claim 1 or 2, wherein the processing unit determines the time required for updating the software, and determines whether or not to update the software based on the evaluation value and the time. The server device according to any one of claims 1 to 3, wherein the processing unit determines that the software is not updated when the evaluation value is less than the threshold value. An acquisition unit that acquires the version of the software installed on the client device,
A processing unit that obtains an evaluation value indicating the severity of the vulnerability of the version of the software and determines whether or not to update the software based on the evaluation value.
A server device comprising a transmitter that, when determined to update the software, transmits information instructing the serviceman to update the software to a terminal device used by a serviceman. The processor of the server device,
An acquisition unit that acquires the version of the software installed on the client device,
A processing unit that obtains an evaluation value indicating the severity of the vulnerability of the version of the software and determines whether or not to update the software based on the evaluation value.
When it is decided not to update the software, the client device is not instructed to update the software, and when it is decided to update the software, a program for functioning as an instruction unit for instructing the update. ..

Images