JP2022162518A - Program for determining target device information using response of device, apparatus and method, and database construction apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a target information device determination program for determining information on a device connected to a communication network based on information which is disclosed or can be acquired as Open-Source Intelligence, an apparatus and method, and a database construction apparatus.

SOLUTION: A program for determining target device information of a target device connected to a communication network causes a computer to function as target device information search means configured to: search a device specification database formed by recording a plurality of pieces of device specification information including device specification information acquired or determined based on device response information, which is information included or related to response from the devices, using device specification information on the target device as a search query, for corresponding device specification information; and determine the searched device specification information as target device information of the target device. The plurality of pieces of device specification information include at least one of series name information of a device, model name information of the device, and firmware version information related to the device.

SELECTED DRAWING: Figure 1

COPYRIGHT: (C)2023,JPO&INPIT

Description

The present invention relates to technology for obtaining or determining information about equipment connected to a communication network.

IoT (Internet of Things) connects and integrates various devices such as various sensors, cameras, terminals, communication devices, information processing devices, in-vehicle devices, manufacturing devices, drive devices, robots, and drones over the Internet. is spreading and expanding. Along with this, the need to grasp the status of such devices under management (hereinafter collectively referred to as IoT devices) and to acquire information on specific IoT devices has increased significantly.

As a technique for managing IoT devices connected to such a communication network, for example, Patent Document 1 discloses an information processing terminal connected to a plurality of communication devices such as projectors and printers via a network. Here, the information processing terminal transmits a search request for searching for a communication device to a plurality of communication devices, and includes device information specific to the communication device that received the search request and a transmission method of the communication device. It includes a transmission/reception unit that receives a search request response, a display control unit that displays a list of received device information, and an input reception unit that receives selection of device information from the list of device information.

Further, the display control unit of the information processing terminal displays a list of transmission methods corresponding to the selected device information, the input reception unit receives selection of a transmission method from the transmission method list, and the transmission/reception unit selects A device selection notification including the selection and the selected transmission method is transmitted to the communication device indicated by the selected device information. According to Patent Document 1, this makes it possible to specify a desired communication device even when the terminal name and the like cannot be displayed because the communication device is in use or in a standby state.

Further, for example, Patent Literature 2 discloses a device search server that searches for communicably connected devices. The device search server includes device data storage means for pre-correlating and storing an identifier of the device, location data of the device, and function data relating to executable functions of the device; Receiving means for receiving a request, referring to the position data and function data stored in the device data storage means in response to the received search request, and transmitting the identifier of the device and the function data to the user terminal. and search result transmission means for searching. According to Patent Document 2, such a device configuration makes it easy for a user to select a device having a desired function.

JP 2016-157181 A JP 2016-220175 A

Regarding IoT devices, it is strongly requested to grasp the details of the status of managed IoT devices and to obtain specific information on specific IoT devices for business operation, maintenance, or security measures. It is However, as described above, there are a huge number of types and numbers of IoT devices.

Therefore, even if the state and related information of a specific IoT device in a huge number of types and numbers of IoT devices are acquired, as in the technique described in Patent Document 1, a list of device information specific to the device in advance, It is impractical to create and keep a list of device transmission information. In addition, it is extremely difficult to associate and store device identifiers, position data, and function data for a huge number of types of IoT devices, as in the technology described in Patent Document 2. I have to say.

Therefore, the present invention provides a target information device determination program, device and method that can determine a plurality of pieces of information about devices connected to a communication network based on information that has been made public or available as OSINT. With the goal. It is another object of the present invention to provide a database construction device capable of constructing a database that can be used for the determination. By the way, OSINT stands for Open-Source Intelligence.

According to the present invention, a target device information determination program that causes a computer to determine target device information, which is information about at least one target device among devices connected to a communication network, comprising:
A plurality of device identifications including a plurality of device identification information that is information that identifies the device, and that is acquired or determined based on device response information that is information included in or related to a response from the device. A device identification database in which information is recorded in association with each other is searched for the device identification information corresponding to the target device using the device identification information for the target device as a search query, and the retrieved device identification information or causing the computer to function as target device information search means for determining information linked to the device specifying information as target device information of the target device;
The plurality of device-specific information recorded in the device-specific database in association with each other consist of identification information determined based on the device response information of a device corresponding to certain device-specific information or a combination thereof, and this certain device-specific information or information identifying the series name of the device, information identifying the model name of the device, and information identifying the model name of the device, determined from the identification information determined for the device using a signature, which is an identification pattern associated with the combination; and a plurality of device identification information including at least one of information identifying the firmware version of the device,
The identification information determined for the device is information relating to the state of files or directories on the device, or to the characteristics of the response itself from the device, and at least one of series name, model name, and firmware version. There is provided a target device information determination program characterized by information that can take different values or forms depending on.
Here, the identification information includes the identification number, time stamp, file size or directory size of the attribute information in the file or directory related to the device, the hash value of the contained predetermined data, the entity tag, and the At least one of response time, response format, error message format, URL (Uniform Resource Locator) or URL format, and API (Application Programming Interface) format as characteristics of the response itself. preferable.

As an embodiment of the target device information determination program according to the present invention, the program is
Determining at least one of the identifications of the device based on the device response information obtained from an external database and/or the device response information obtained or determined from a response to a request to the device, Generate the above-mentioned signature by associating the identification information determined in the device corresponding to certain device identification information or a combination thereof with this certain device identification information or a combination thereof, and use this signature to obtain the identification information of the device from, device identification information determination means for determining the device identification information about the device;
It is also preferable to cause the computer to further function as database building means for building the device-specific database by recording the device-specific information determined for each device in association with each other.

Further, as an embodiment of the target device information determination program according to the present invention, the target device information determination program is
Determining at least one of the identifications of the device based on the device response information obtained from an external database and/or the device response information obtained or determined from a response to a request to the device, generating the signature that associates the identification information determined in the device corresponding to certain device-specific information or a combination thereof with the certain device-specific information or a combination thereof, and using the signature to obtain information from the identification information of the device; , device identification information determination means for determining the device identification information for the device;
It is also preferable to cause the computer to further function as database construction means for constructing the device identification database by correlating and recording the device identification information determined for each device for each device.

Further, as another embodiment of the target device information determination program according to the present invention, the target device information search means uses the above signature to search the target device corresponding to the target device from the identification information acquired in the target device. It is also preferable to determine the device specifying information and determine the determined device specifying information or information linked to this device specifying information as the target device information of the target device.

Further, as still another embodiment of the target device information determination program according to the present invention, the target device information searching means searches the device specifying database using certain device specifying information or a combination thereof as a search query, and the retrieved It is also preferable to generate and output device statistical information by aggregating the device specifying information.

Furthermore, as still another embodiment of the target device information determination program according to the present invention, the device identification database is determined from the device response information of the device or from the information obtained from the device response information. The device identification/estimation information, which is information related to the identified state or inferred attributes of the device, is linked to the device and stored,
It is preferable that the target device information search means also determine the device identified/estimated information linked to the device related to the device specifying information searched as the target device information of the target device.

Further, in the target device information determination program according to the present invention, the plurality of device identification information recorded in the device identification database in association with each other are:
Information that identifies the IP (Internet Protocol) address of the device, information that identifies the port number of the device, information that identifies the communication protocol of the device, information that identifies the organization or individual that owns or manages the device , information specifying the location or region of the device, information specifying the ASN (Autonomous System number) of the network to which the device is connected, information specifying the host part in the IP address of the device, FQDN of the device ( (Fully Qualified Domain Name), information that identifies the type of the device, and information that identifies the organization or individual involved in the manufacture or sale of the device. device identification information.

According to the present invention, there is also provided a target device information determination program that causes a computer to determine target device information, which is information about at least one target device among devices connected to a communication network, comprising:
Information that identifies the device is used as device identification information, and identification information determined in a device that corresponds to certain device identification information or a combination thereof is used as a signature, which is an identification pattern associated with the device identification information or a combination thereof. Then, from the identification information acquired by the target device, the device specifying information corresponding to the target device is determined, and the determined device specifying information or information linked to this device specifying information is transferred to the target device. causing the computer to function as target device information determination means for determining the target device information of
The device identification information or a combination thereof includes at least one of information identifying the series name of the device, information identifying the model name of the device, and information identifying the firmware version of the device. device identification information or a combination thereof,
The identification information is information related to the status of files or directories in the device or the characteristics of the response itself, determined based on the device response information, which is information contained in or related to the response from the device, There is provided a target device information determination program characterized by information that can take different values or forms depending on at least one of series name, model name, and firmware version.

According to the present invention, there is further provided a target device information determination device for determining target device information that is information about at least one target device among devices connected to a communication network,
A plurality of device identifications including a plurality of device identification information that is information that identifies the device, and that is acquired or determined based on device response information that is information included in or related to a response from the device. A device identification database in which information is recorded in association with each other is searched for the device identification information corresponding to the target device using the device identification information for the target device as a search query, and the retrieved device identification information or having target device information searching means for determining information linked to the device specifying information as target device information of the target device,
The plurality of device identification information recorded in association with each other in the device identification database is composed of identification information determined based on the device response information of the device corresponding to certain device identification information or a combination of the device identification information and the device identification information. Using a signature, which is an identification pattern associated with information or a combination thereof, information identifying the series name of the device and the model name of the device determined from the identification information determined for the device a plurality of device identification information including at least one of information and information identifying a version of firmware associated with the device;
The identification information determined for the device is information relating to the state of files or directories on the device, or to the characteristics of the response itself from the device, and at least one of series name, model name, and firmware version. There is provided a target equipment information determination device characterized by information that can take different values or forms depending on.

According to the present invention, there is also provided a database construction device for constructing a database used for determining target device information, which is information about at least one target device among devices connected to a communication network, comprising:
This database searches for the device-specific information corresponding to the target device using the device-specific information, which is the information that specifies the device, as a search query, and A database that makes it possible to determine the information linked to the specific information as the target device information of the target device,
This database construction device
identification information determination means for determining at least one piece of identification information relating to the state of a file or directory in the device or relating to the characteristics of the response itself from device response information, which is information included in or related to a response from the device;
signature generation means for generating a signature, which is an identification pattern in which the identification information determined in the device corresponding to certain device identification information or a combination thereof is associated with the certain device identification information or a combination thereof;
Using this signature, the device-specific information about the device is determined from the identification information of the device, and for each device, the device-specific information determined for the device is recorded in association with each other. and database construction means for constructing the above database,
The plurality of pieces of device identification information recorded in the database in association with each other include information identifying the series name of the device, information identifying the model name of the device, and identifying the firmware version of the device. a plurality of device-specific information including at least one of the information;
A database construction device is provided, wherein the identification information of the device is information that can take different values or forms depending on at least one of the series name, model name, and firmware version.

According to the present invention, there is further provided a target device information determining method in a computer for determining target device information that is information about at least one target device among devices connected to a communication network, comprising:
A plurality of device identifications including a plurality of device identification information that is information that identifies the device, and that is acquired or determined based on device response information that is information included in or related to a response from the device. building a device identification database in which information is recorded in association with each other;
Using the device identification information of the target device as a search query in this device identification database, searching for the device identification information corresponding to the target device, and linking to the searched device identification information or this device identification information determining the obtained information as target device information of the target device;
The plurality of device identification information recorded in association with each other in the device identification database is composed of identification information determined based on the device response information of the device corresponding to certain device identification information or a combination of the device identification information and the device identification information. Using a signature, which is an identification pattern associated with information or a combination thereof, information identifying the series name of the device and the model name of the device determined from the identification information determined for the device a plurality of device identification information including at least one of information and information identifying a version of firmware associated with the device;
The identification information determined for the device is information relating to the state of files or directories on the device, or to the characteristics of the response itself from the device, and at least one of series name, model name, and firmware version. There is provided a target device information determination method characterized in that it is information that can take different values or forms depending on the device.

According to the present invention, there is further provided a target device information determination program that causes a computer to determine target device information, which is information about at least one target device among devices connected to a communication network, comprising:
A plurality of device identifications including a plurality of device identification information that is information that identifies the device, and that is acquired or determined based on device response information that is information included in or related to a response from the device. A device identification database in which information is recorded in association with each other is searched for the device identification information corresponding to the target device using the device identification information for the target device as a search query, and the retrieved device identification information Alternatively, there is provided a target device information determination program that causes a computer to function as target device information searching means for determining information linked to the device specifying information as target device information of the target device.

As an embodiment of the target device information determination program according to the present invention, the program is
Device identification that determines the device identification information for the device based on the device response information obtained from an external database and/or the device response information obtained or determined from the response to the request to the device an information determining means;
It is also preferable to cause the computer to further function as database building means for building a device-specific database from the determined device-specific information.

Further, in the above embodiment, the device identification information determination means determines at least one piece of identification information related to the state of a file or directory in the device or related to characteristics of the response from the device response information in the device,
generating a signature, which is an identification pattern that associates the identification information determined in the device corresponding to certain device-specific information or a combination thereof with the certain device-specific information or a combination thereof;
The signature is also preferably used to determine the device specific information about the device from the identification of the device.

Furthermore, the device identification database according to the present invention is
Determining from the device response information on the device at least one identifying information relating to the state of a file or directory on the device or relating to characteristics of the response, and the information determined on the device corresponding to certain device identification information or a combination thereof; generating a signature, which is an identification pattern in which identification information is associated with the certain device-specific information or a combination thereof, and using the signature to determine the device-specific information about the device from the identification information of the device; , preferably constructed by recording the device-specific information determined for each device in association with each other.

Further, as another embodiment of the target device information determination program according to the present invention, the target device information search means uses the above signature to search the target device corresponding to the target device from the identification information acquired in the target device. It is also preferable to determine the device specifying information and determine the determined device specifying information or information linked to this device specifying information as the target device information of the target device.

Furthermore, the identification information according to the present invention is
The identification number, time stamp, size, hash value, and entity tag of attribute information in the file or directory related to the device, and the response time, response format, error message format, URL ( Uniform Resource Locator) or URL format, and API (Application Programming Interface) format.

Further, as still another embodiment of the target device information determination program according to the present invention, the target device information searching means searches the device specifying database using certain device specifying information or a combination thereof as a search query, and the retrieved It is also preferable to generate and output device statistical information by aggregating the device specifying information.

Furthermore, as still another embodiment of the target device information determination program according to the present invention, the device identification database is determined from the device response information of the device or from the information obtained from the device response information. The device identification/estimation information, which is information related to the identified state or inferred attributes of the device, is linked to the device and stored,
It is preferable that the target device information search means also determine the device identified/estimated information linked to the device related to the device specifying information searched as the target device information of the target device.

Further, the device identification information according to the present invention is
Information that identifies the IP (Internet Protocol) address of the device, information that identifies the port number of the device, information that identifies the communication protocol of the device, information that identifies the organization or individual that owns or manages the device , information specifying the location or region of the device, information specifying the ASN (Autonomous System number) of the network to which the device is connected, information specifying the host part in the IP address of the device, FQDN of the device ( (Fully Qualified Domain Name), information to identify the type of the device, information to identify the organization or individual involved in the manufacture or sale of the device, information to identify the series name of the device, It is also preferable that the information is at least one of information specifying the model name of the device and information specifying the version of the firmware associated with the device.

According to the present invention, there is also provided a target device information determination program that causes a computer to determine target device information, which is information about at least one target device among devices connected to a communication network, comprising:
Information that identifies the device is used as device identification information, and identification information determined in a device that corresponds to certain device identification information or a combination thereof is used as a signature, which is an identification pattern associated with the device identification information or a combination thereof. Then, from the identification information acquired by the target device, the device specifying information corresponding to the target device is determined, and the determined device specifying information or information linked to this device specifying information is transferred to the target device. causing the computer to function as target device information determination means for determining the target device information of
The identification information is determined based on the device response information, which is information included in or related to the response from the device, and is information related to the status of files or directories in the device or the characteristics of the response. There is provided a target device information determination program characterized by:

According to the present invention, there is further provided a target device information determination device for determining target device information that is information about at least one target device among devices connected to a communication network,
A plurality of device identifications including a plurality of device identification information that is information that identifies the device, and that is acquired or determined based on device response information that is information included in or related to a response from the device. A device identification database in which information is recorded in association with each other is searched for the device identification information corresponding to the target device using the device identification information for the target device as a search query, and the retrieved device identification information Alternatively, there is provided a target device information determining device having target device information searching means for determining information linked to the device specifying information as target device information of the target device.

According to the present invention, there is also provided a database construction device for constructing a database used for determining target device information, which is information about at least one target device among devices connected to a communication network, comprising:
This database searches for the device-specific information corresponding to the target device using the device-specific information, which is the information that specifies the device, as a search query, and A database that makes it possible to determine the information linked to the specific information as the target device information of the target device,
This database construction device
identification information determining means for determining at least one piece of identification information relating to the state of a file or directory in the device or relating to characteristics of the response from device response information, which is information included in or related to a response from the device;
signature generation means for generating a signature, which is an identification pattern in which the identification information determined in the device corresponding to certain device identification information or a combination thereof is associated with the certain device identification information or a combination thereof;
Using this signature, the device-specific information about the device is determined from the identification information of the device, and the device-specific information determined for the device is recorded in association with each other for each device, A database construction device is provided, comprising database construction means for constructing the above database.

According to the present invention, there is further provided a target device information determining method in a computer for determining target device information that is information about at least one target device among devices connected to a communication network, comprising:
A plurality of device identifications including a plurality of device identification information that is information that identifies the device, and that is acquired or determined based on device response information that is information included in or related to a response from the device. building a device identification database in which information is recorded in association with each other;
Using the device identification information of the target device as a search query in this device identification database, searching for the device identification information corresponding to the target device, and linking to the searched device identification information or this device identification information and determining the obtained information as target device information of the target device.

According to the target information device determination program, apparatus and method of the present invention, a plurality of pieces of information about devices connected to a communication network are determined based on information published or available as OSINT (Open-Source Intelligence). be able to. Further, according to the database construction device of the present invention, it is possible to construct a database that can be used for the determination.

1 is a functional block diagram showing a functional configuration in one embodiment of a target device information determination device according to the present invention; FIG. 4 is a table showing one specific example of signatures according to the present invention; It is a table showing one specific example of a device identification database according to the present invention. FIG. 10 is a display image diagram showing a specific example of search processing results (device specifying information determination processing results) by the target device information search/determination unit according to the present invention; 1 is a functional block diagram showing a functional configuration in one embodiment of a database construction device according to the present invention, and a schematic diagram showing another embodiment of a target device information determination device according to the present invention; FIG.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

[Target device information determination device]
FIG. 1 is a functional block diagram showing the functional configuration in one embodiment of the target device information determination device according to the present invention.

The target device information determining apparatus 1 of the present embodiment shown in FIG. 1 has "target device information is a device that determines

Here, hereinafter, "IoT devices" include, for example, various sensors, cameras, terminals such as smartphones, communication devices including routers and access points, various servers such as web servers and FTP servers, and personal computers (PCs). Information processing equipment including information processing equipment, in-vehicle equipment, manufacturing equipment, driving equipment, moving bodies including robots and drones, and various equipment connected to communication networks such as equipment groups constituting infrastructure management systems and

Also, the "target device information" to be determined by this device includes, for example, the type, series name, model name, and firmware version information of the target device (which will be described in detail later as device identification information). . There is an extremely high need to obtain such information for business operation, maintenance, or security measures, for example.

In order to realize the determination processing of the "target device information" as described above, the target device information determination device 1 has the following features:
(A1) A plurality of "device identification information" including "device identification information (of the relevant IoT device)" acquired or determined based on "device response information" which is information included in or related to the response from the IoT device , for the "equipment identification database" recorded in association with each other,
(A2) Using the "device-specific information" of the target device as a search query, search for further "device-specific information" that corresponds to the target device, and link the retrieved "device-specific information" or this "device-specific information" Target device information search means (target device information search/determination unit 113 in FIG. 1) for determining the attached information as “target device information” of the target device
It is equipped with

Of these, the "device identification information" of the IoT device in (A1) above is information that identifies the IoT device, and will be described in detail later. Device type, series name, model name, firmware version information, and the like can be used. Also, as will be described in detail later, such "device identification information" can also be acquired or determined based on "device response information".

Here, this "device response information" is, for example, the response from the web server to the request of the client browser, the banner information in the HTTP (Hyper Text Transfer Protocol) reply header included in it, and the error message included in the response etc., generally
(a) It can be obtained as open source intelligence (OSINT, Open-Source INTelligence) from various websites that publish the content of responses from IoT devices.
Also, this "device response information" is, for example,
(b) Information (for example, time stamp, response time, etc.) obtained or determined from the response (response) obtained by actually sending a (normal or legitimate) request to the IoT device, and You can also

Therefore, the above (A1) "equipment identification information" and, by extension, the "equipment identification database" can be generated and constructed from information that has been made public or available as OSINT. Accordingly, a plurality of "target device information" (including, for example, device specific information used for searching) can be determined based on information published or available as OSINT. Hereinafter, the functional configuration of the target device information determination device 1 of this embodiment will be described in detail.

[Equipment functional configuration, target equipment information determination program and method]
Similarly, according to the functional block diagram of FIG. It has a result storage unit 105, a keyboard (KB)/display (DP) 106, and a processor/memory.

Here, the processor memory stores an embodiment of the target device information determination program according to the present invention, and has a computer function. By executing this target device information determination program, the target Perform device information determination processing. Accordingly, the target device information determination device 1 may be a device dedicated to this target device information determination process, but may be a cloud server, a non-cloud server, or a personal computer equipped with the target device information determination program according to the present invention. (PC), notebook or tablet computer, or smart phone.

Further, the processor memory includes a device identification information determination unit 111 including an identification information determination unit 111a and a signature generation unit 111b, a database construction unit 112, a device statistical information determination unit 113a, and a device known/guessed information determination unit 113b. a target device information search/determination unit 113 , a communication control unit 121 , and an input/output control unit 122 . These functional configuration units can be regarded as the functions of the target device information determination program stored in the processor memory. The flow of processing connected by arrows can also be understood as an embodiment of the target device information determination method according to the present invention.

Similarly, in the functional block diagram of FIG.
(a) "device response information" acquired from an external database, for example, a database of a website that publishes the content of IoT device responses, via the communication interface 101 and the communication control unit 121; "device response information" obtained or determined from the response (received via the communication interface 101 and the communication control unit 121) to a (normal or legitimate) request to the device
Based on one or both of them (both in this embodiment), the device identification information about the IoT device is determined and stored in the device identification information storage unit 102 as appropriate.

Regarding (a) above, a plurality of websites are known that collect and publish responses obtained when a request is sent to a certain IP (Internet Protocol) address. From such a website, it is possible to obtain, for example, device response information associated with an IP address as OSINT. Incidentally, information collected from overseas websites often contains problems such as garbled characters. In this case, it is also preferable to perform data shaping processing on the collected information. It is also preferable to delete redundant information that is not related to subsequent processing at this stage.

Furthermore, regarding the above (b), for example, regarding the IP address obtained from a website that publishes the IP address, the device response information linked to the IP address is obtained from the response obtained when the request is actually sent. may be obtained. Here, for example, it is also possible to use WHOIS information, which is public information about registrants of IP addresses and domain names.

Furthermore, in a wireless LAN (Local Area Network) such as Wi-Fi (registered trademark), SSID is usually included in various signals exchanged within the LAN (including probe responses and beacons from routers and access points). (Service Set IDentifier), MAC (Media Access Control) address, etc., and furthermore, there are cases where the global IP address can be legally identified from the various signals. It is also preferable to acquire such various signals as device response information. Incidentally, in acquiring such information, it is also preferable to install or stay the device 1 in the wireless LAN from which the information is to be acquired.

Next, the device identification information is determined from the device response information described above.
(a) information identifying the IP address of the IoT device;
(B) Information identifying the port number in the IoT device,
(c) information that specifies the protocol in communication of IoT devices,
(d) Information that identifies an organization or individual (hereinafter abbreviated as organization) related to the ownership or management of IoT devices,
(e) Information that identifies the location or area (hereinafter abbreviated as city) of the IoT device,
(f) Information identifying the ASN (Autonomous System number) of the network to which the IoT device is connected,
(g) information identifying the host part in the IP address of the IoT device;
(h) Information that identifies the FQDN (Fully Qualified Domain Name) of the IoT device,
(i) information that identifies the type, which is the device type of the IoT device;
(j) Information that identifies an organization or individual involved in the manufacture or sale of IoT devices (hereinafter abbreviated as manufacturer (or vendor));
(M) Information identifying the series name of the IoT device,
(H) Information identifying the model name of the IoT device,
(m) Information identifying the firmware version of the IoT device,
(c) information specifying the SSID of the LAN to which the IoT device is connected, and (x) information specifying the MAC address of the IoT device. It is also preferable that at least one of them is determined from the device response information as the device identification information.

For example, in the banner information (HTTP reply header) included in the acquired device response information,
HTTP/1.1******
Server: 00-router***
Date: *** *** *** *** **
If there is a character string like this, the series name (equipment specific information) in (S) above can be determined as "00-router". In addition, the same character string may exist in the error message included in the acquired device response information, and in this case as well, it is possible to determine the series name (device specific information) from the error message. be.

Similarly, in the functional block diagram of FIG. 1, the device identification information determination unit 111 determines the "identification information" of the IoT device from the device response information in this embodiment in order to determine further device identification information from the device response information. Then, using a “signature” that is an identification pattern generated in advance, (further) device identification information about the IoT device is determined from the determined “identification information”.

Specifically, the identification information determination unit 111a of the device identification information determination unit 111, from the device response information acquired from the response to the request to the IoT device,
・(a) attribute information identification number (e.g. inode number), (b) time stamp (e.g. mtime (last modified time)), (c) file size (number of bytes) or Size of the directory (number of bytes), (d) Hash value of predetermined data contained, and (e) Entity tag (Etag)
may be determined as "static identification information".

For example, the inode number in (a) above is a number assigned to the attribute information of the file or directory associated with the accessed IoT device, and is often included in the device response information. It may have a different value depending on the model name and firmware version. In this way, the inode number can serve as identification information when determining the device identification information of the IoT device.

In addition, the time stamp (e.g., mtime) of (b) above, the file size (or directory size) of (c), and the hash value of the predetermined data of (d) above, which may be included in the device response information, for example Depending on the series name, model name, and firmware version of the IoT device, it usually has a different value (or may have a different value), and can serve as identification information.

Furthermore, the Etag in (e) above is an identifier associated with a specific version of the resource obtained from the URL (Uniform Resource Locator) associated with the accessed IoT device, and is often included in the device response information. However, the ID value may differ depending on, for example, the series name, model name, or firmware version of the IoT device. In other words, Etag can also be used as identification information when determining device identification information for an IoT device.

In addition, the identification information determination unit 111a determines device response information including request transmission time, response reception time, etc. (or the time required for the transmission and reception) from the response to the request to the IoT device, and from this device response information,
・(f) response time, (g) response format, (h) error message format, (i) URL or URL format, and (j) API (Application Programming Interface) in the response from the IoT device At least one of the formats may be determined as a "dynamic identity."

For example, the response time in (f) above is a value calculated and determined from the device response information as described above, but it may be a different value depending on the IoT device series name, model name, or firmware version, for example. Therefore, it can be used as identification information when determining the device identification information of the IoT device.

In addition, the above (g) response format, the above (h) error message format, the above (i) URL format, and the above (j) API (Application Programming Interface) that can be included in the device response information Regarding the format, for example, the form may differ depending on the series name, model name, and firmware version of the IoT device (for example, differences in characters, symbols, logos, etc. in or around them, and differences in description positions, etc.). It can be used as identification information.

Furthermore, for the URL in (i) above, for example, among the responses from the IoT device, the URL may be different between a normal response and a response containing an error message. can be used as identification information.

(Static and dynamic) identification information (a) to (j) has been mentioned above, but of course, information other than the above (a) to (j) can be obtained or determined from the device response information. can be used as identification information. However, in practice, it is also preferable to adopt at least one of the above (a) to (j) as identification information, and it is more preferable to use a plurality of the above (a) to (j) as identification information. of.

Similarly in the functional block diagram of FIG. A “signature”, which is an identification pattern associated with , is generated and stored in the signature storage unit 103 as appropriate.

FIG. 2 is a table showing one specific example of signatures according to the present invention.

As shown in FIG. 2, the signature of this specific example is recorded in association with corresponding static identification information and/or dynamic identification information for each device identification information or combination thereof (for each device identification information ID). It is table information. for example,
・(Device specific information ID) = 000x: {..., (series name) = "00-router", (firmware version) = "1.2.**",...}
contains a pair of identification information: {inode=***, mtime=2021-**-** **:**:**, ..., r_time=***, URL=***** ***, . . . } are associated. where r_time is the response time. For identification information that could not be acquired or determined, the column can be left blank (or none).

As soon as a new relationship between the device identification information and the identification information relating to the IoT device is clarified, for example, from the newly collected information about the IoT device or from the newly determined identification information, the signature generation unit 111b It is also preferable to update the signature thus generated based on the new relationship. As a result, it is possible to determine more device identification information for each IoT device and to increase the accuracy rate of the determined device identification information. It is also possible to build a device identification database that appropriately reflects the current situation.

Returning to the functional block diagram of FIG. 1, the device identification information determination unit 111 determines the content of the “signature” (generated/updated and stored in the signature storage unit 103) as described above and the content of the “signature” to the IoT device. By matching the "identification information" determined from the device response information acquired from the response to the request, the device identification information for the IoT device is further determined.

Specifically, in the above example, in a certain IoT device, a set of identification information: {inode = ***, mtime = 2021-**-** **:**:**, ..., r_time = ***, URL = ********, ... } is obtained, and the series name: 00-router is obtained as the device specific information, the above (device specific information ID ) = 000x: {..., (series name) = "00-router", (firmware version) = "1.2.**",...}, the firmware (as device specific information) of the relevant IoT device The version can be determined as 1.2.**. Here, of course, as a result of matching (a set of) identification information with a "signature", it is possible that certain device identification information is not uniquely determined, and a plurality of candidates that may be applicable may be obtained. For example, in the above example, another (device specific information ID)=000y may give rise to the possibility that the firmware version (as device specific information) of the IoT device is 1.3.**. In such a case, no determination may be made for a type of device identification information that is not uniquely determined, or a plurality of obtained device identification information (for example, (firmware version) = “1.2.**” and “ 1.3.**”) can also be determined as device specific information (as a candidate).

Incidentally, the more identification information different from each other is obtained (for example, the more sets of identification information are obtained, each consisting of two or more static identification information and two or more dynamic identification information) case), the number of uniquely determined device-specific information may also be greater. In any case, the device identification information determination unit 111 compares the “signature” with the collected identification information (a set) for each IoT device whose information is collected, and determines the device identification information that has not yet been identified. We will make as many decisions as possible and grasp as much device-specific information as possible for each IoT device.

Similarly, in the functional block diagram of FIG. 1, the database constructing unit 112 creates a device identification database by correlating and recording device identification information (sets) determined for each IoT device for which information has been collected. It constructs and stores it in the device identification DB storage unit 104 as appropriate.

FIG. 3 is a table showing one specific example of the device identification database according to the present invention.

As shown in FIG. 3, in the device identification database of this specific example, for each record (each record ID) corresponding to one row of the table, (a set of) device identification information determined for one IoT device is mutually It is table information that is associated and recorded. Specifically, for example (record ID) = 000y,
・Set of device specific information: {(IP address) = "1**.1**.2**.4*", (type) = "router", (series name) = "00-router", ( model name)="ABC98700YZ3", (firmware version)="1.3.12", . It should be noted that the column for the device identification information that could not be acquired or determined can be left blank (or none).

Here, such a device identification database is, for example, device identification information initially acquired for a certain IoT device, device identification information obtained or determined from the device response information, and further generated from a DB template prepared in advance. It can be constructed by inputting device specific information further determined using the signature obtained.

Further, as soon as the device identification information related to the IoT device is newly determined, for example, from the newly collected information about the IoT device or using the updated signature, the database construction unit 112 constructs the constructed device identification database. It is also preferable to update with new device-specific information. As a result, it is also possible to improve the search accuracy in the target device information search process, which will be described later.

Returning to the functional block diagram of FIG. 1, the target device information searching/determining unit 113 searches the device specifying database stored in the device specifying DB storing unit 104 for the target device to be information determined (for example, already acquired). device-specific information) is used as a search query to search for (further) device-specific information that corresponds to this target device, and the searched device-specific information or information linked to this device-specific information is used as this target device "Target device information".

Here, in this embodiment, the target device information search/determination unit 113
(a) Receiving a search request and search query information from the terminal of the searcher (FIG. 1) via the communication interface 101 and the communication control unit 121, performing search processing (device specific information determination processing) based on this, and searching The processing result (device identification information determination processing result) may be returned to the terminal of the searcher who requested it, or
(b) Receive the search request and search query information input from the keyboard (KB) 106 via the input/output control unit 122, perform search processing (device specific information determination processing) based on this, and search processing results ( The device identification information determination processing result) may be displayed on the display (DP) 106, or appropriately stored in the search result storage unit 105 for management.

FIG. 4 is a display image diagram showing a specific example of a search processing result (device identification information determination processing result) by the target device information search/determination unit 113. As shown in FIG. The display image shown in FIG. 4 is an image displayed on the terminal screen or display 106 of the searcher (FIG. 1).

According to the display image in FIG. 4, (series name)=“00-router” is entered in the upper search window as a search query, and (IP address)=“1**.1**.2**. .4*" is also specified (or entered as a search query), and as a result of performing search processing using the device identification database (device identification information determination processing), various applicable device identification information is device information”.

Specifically, other device characteristic information (target device information ) as
(a) (port number) = "8080", (b) (organization) = "**One Corporation", (c) (city) = "Kobe", (d) (ASN) = "****" , (e) (host) = "1**.1**.2**.4*", (f) (type) = "router", (g) (manufacturer) = "zero zero device", (h ) (model name) = "ABC98700YZ3" and (i) (firmware version) = "1.3.12"
has been determined.

In this specific example, the date and time of acquisition, which is the date and time when the displayed device identification information was first acquired and determined, and the last date and time of acquisition, which is the date and time of the last update, are also displayed.

Here, as a specific search method, the target device information determination device 1 is capable of, for example, the following type of search.
(a) Free word search Device-specific information that includes the character string entered in the search window, or information that is linked to it in advance (for example, maintenance information or update history information of the applicable device) that includes the character string Search for
(b) IP address search Device specific information corresponding to the IP address entered in the search window, and information associated with it in advance (for example, maintenance information and update history information of the relevant device) are searched. Here, it is also possible to specify addresses in CIDR (Classless Inter-Domain Routing) notation.
(c) Port search Searches for device specific information corresponding to the port number entered in the search window and information linked in advance.
(d) Protocol search Searches for device-specific information corresponding to the protocol entered in the search window and information associated with it in advance.
(e) City search Search for device specific information corresponding to the city (city name) entered in the search window and information linked to it in advance.

(f) ASN search Search for device specific information corresponding to the ASN entered in the search window and information linked in advance.
(g) Organization search Search for device-specific information corresponding to the organization entered in the search window and information associated with it in advance.
(h) FQDN search Searches for device specific information corresponding to the FQDN entered in the search window and information associated with it in advance.
(i) Type search Device identification information corresponding to the type entered in the search window (device identification information for IoT devices of that type) and information linked in advance to it are searched.
(j) Manufacturer (or vendor) search Device identification information corresponding to the manufacturer (or vendor) entered in the search window (device identification information for the IoT device of the manufacturer (or vendor)) and information linked in advance Search for information.

(k) Series search Device specific information corresponding to the series name entered in the search window (device specific information for the IoT device with the series name) and information associated with it in advance are searched.
(l) Model search Device specific information corresponding to the model name entered in the search window (device specific information in the IoT device with the model name) and information associated with it in advance are searched.
(m) Firmware version search Search for device identification information corresponding to the firmware version entered in the search window (device identification information for IoT devices corresponding to the firmware version) and information associated with it in advance.

(n) Title search Information acquired from device response information (banner information, etc.) having a title that includes the character string input in the search window is searched.
(o) Server search Searches for the device specific information of the server corresponding to the character string entered in the search window.
(p) Banner search Information obtained from a response (or banner information) containing a character string entered in the search window is searched.
(q) Period-designated search Searches for device-specific information that corresponds to a period designated (or entered in the search window) and information that is linked to it in advance.

Furthermore, in this specific example, the target device information determination device 1 can also perform AND searches and OR searches using a plurality of pieces of device identification information as search queries. In addition, a NOT search for searching for items that do not satisfy (contents of) certain device specifying information is also possible.

Here, for example, as in the case where the search query is an IP address and other limited device-specific information, the retrieved device-specific information set (corresponding IoT device) may be one. Naturally, depending on the search query, there are often two or more corresponding sets (corresponding IoT devices). A preferred embodiment of presenting search results (device identification information determination results) in such a case will be described below.

Returning to the functional block diagram of FIG. 1, the device statistical information determination unit 113a of the target device information search/determination unit 113 searches the device identification database using certain device identification information or a combination thereof as a search query. Generates and outputs "equipment statistical information" that aggregates the retrieved equipment identification information.

Specifically, the device statistical information determination unit 113a collects, for example, a large number of searched port number information obtained as a result of performing a search using (series name)=“00-router” as a search query, and Information" includes information such as "The most frequently used port number in 00-router is ***, and the second most frequently used port number is ***...", and " 00-router's port number" ranking information may be generated and output.

Similarly, as "equipment statistical information", for example, ranking information of "city where 00-router is located", ranking information of "model name of 00-router used", and furthermore, "in 00-router It may also be possible to generate and output information such as "distribution of firmware versions in use".

Similarly, in the functional block diagram of FIG. 1, the device identification/guessed information determination unit 113b of the target device information search/determination unit 113 extracts information linked (tagged) to the IoT device related to the retrieved device identification information. is also determined as the target device information of the target device.

Here, "identified/guessed device information" refers to information related to the identified state or assumed attribute of the IoT device, which is determined from the device response information of the IoT device or from the information obtained from this device response information. Thus, the device identification database associates (tags) this “identified device/guessed information” with the corresponding IoT device (for example, the corresponding record ID) and saves it. Here, for example, information from the website of the manufacturer (vendor) of the IoT device, the website introducing the IoT device, or the like may be used to determine this "device identification/guessed information".

Specifically, as device identification / guess information (tag information), for example,
(a) Information to the effect that the IoT device is determined to use a vulnerable protocol or a vulnerable chipset based on the device response information and the acquired/determined device identification information;
(b) Information to the effect that the IoT device is determined to be in the initial state at the time of shipment from the device response information and the acquired/determined device identification information;
(c) Information to the effect that it is an IoT device for which information related to default IDs and passwords has been found to have leaked from the acquired/determined information;
(d) Information to the effect that it is an IoT device whose default ID and password information has been publicly known from the acquired device manual, etc.
(e) Information to the effect that it is an IoT device for which manufacturer support has been found to have ended, based on the acquired/determined device identification information;
(f) Information to the effect that it is an IoT device for which it has been found that the authentication mechanism does not exist or the authentication mechanism has not been activated, based on the acquired/determined information;
(g) Information to the effect that it is an IoT device whose support period is not specified and that a predetermined period (for example, one year) has passed since the last firmware update, based on the acquired/determined information;
(h) Information to the effect that it is an IoT device that has been found not to have the latest firmware version from the acquired/determined device identification information,
(i) Information to the effect that it is an IoT device whose type is presumed to be "***" from the device response information (especially banner information);
(j) Information to the effect that it is an IoT device whose manufacturer (or vendor) is presumed to be "***" from the device response information (especially banner information);
(k) Information to the effect that it is an IoT device whose series name is presumed to be "***" from the device response information (especially banner information);
(l) From the device response information (especially the banner information), the information that the model name is assumed to be "***", and (m) From the device response information (especially the banner information), the firmware At least one piece of information indicating that the device is an IoT device whose version is assumed to be "***" can be adopted.

As described above, the target device information search/determining unit 113 of the present embodiment determines device identification information, device statistical information, and device identification/guessed information as “target device information”. All of the information is useful and can be of great use in terms of business operations, maintenance, or security measures.

For example, in the present embodiment, by obtaining such information, it is possible to check whether or not unintended IoT devices are exposed at the global IP address managed by the user, It is also possible to check the usage status of IoT devices that have been installed or are scheduled to be introduced (or that are specific) in a predetermined area.

In addition, it is possible to understand trends in firmware versions used for specific IoT devices, and to check the distribution of ports used in botnets of IoT devices reported in the news. You can also Furthermore, it is possible to check whether or not there is a port that can be used as a stepping stone in the user's network, and how the ports are distributed.

In addition, it is possible to visualize the status of disclosure to the outside of IoT devices managed by users, grasp whether or not there are IoT devices used for attacks, It is also possible to search what kind of IoT equipment is being used.

Furthermore, as the above-mentioned device identification/guessing information (tag information), actively adopt information related to maintenance and security of IoT devices (for example, information on whether IoT devices have security problems), It is also possible to provide a maintenance/security alarm service that appropriately presents such information to the user. For example, a service may be provided that presents an alarm to the effect that the default ID of the user's IoT device has been leaked, and prompts the user to change the ID.

Furthermore, a company that promotes telework can provide a security service to check whether there are any security problems with IoT devices such as PCs and routers in each employee's home. In addition, it is possible to carry out sales promotion/marketing activities such as, for example, urging replacement of IoT equipment for which the manufacturer's support period has expired.

<Another embodiment related to determination of target device information>
The process of searching for device identification information using the "device identification database" and determining target device information has been described above. Hereinafter, an embodiment of determining target device information without using the "device identification database" will be described. Give an explanation.

Similarly, in the functional block diagram of FIG. Device specifying information corresponding to this target device is determined from the identification information, and the determined device specifying information or information linked to this device specifying information is determined as the target device information of this target device.

Here, the identification information can be one or both of static identification information (eg, timestamp) and dynamic identification information (eg, response time) determined based on the device response information. Therefore, from the device response information obtained as a result of actually sending a request to the target device, such identification information can be determined on the spot, and then immediately using the signature, further device specific information of the target device (target device information) can also be determined. That is, it is also possible to acquire target device information (device specific information) in real time.

Note that the target device information determination apparatus 1 can perform both (a) target device information determination processing using the device identification database and (b) target device information determination processing directly using the signatures described above. Alternatively, the apparatus may be capable of performing only one of the processes. For example, the device specifying information (target device information) may be determined only by the signature without providing (not constructing) the device specifying database.

[Database construction device]
FIG. 5 is a functional block diagram showing the functional configuration in one embodiment of the database construction device according to the present invention, and a schematic diagram showing another embodiment of the target device information determining device according to the present invention.

Specifically, in the embodiment shown in FIG. 5, in place of the "target device information determination device 1" (FIG. 1) connected to the Internet in the embodiment shown in FIG. It adopts the "database construction device 2" and the "target device information determination device 3".

Here, the target device information determination device 3 has a communication function, a data input/output function, and a target device information search/determination unit 313. This target device information search/determination unit 313 is the target device information determination device 1 It has the same function as the target device information search/determination unit 113 (FIG. 1) of FIG.

The database construction device 2 includes a communication interface 201, a device identification information storage unit 202, a signature storage unit 203, a device identification DB storage unit 204, an identification information determination unit 211a, and a signature generation unit 211b. 211, and these (functional) configuration units perform the same functions as the (functional) configuration units with the same names in the target device information determination device 1 (FIG. 1). Furthermore, the database building/accessing unit 212 of the database building device 2 performs the same function as the database building unit 112 (FIG. 1), but furthermore, the target device information searching/determining unit 313 of the target device information determining device 3 ( ) to mediate exchanges between the device identification database and the target device information search/determination unit 313 .

By adopting the configuration described above, the target device information determination device 3 entrusts the construction and management of the device identification database to the database construction device 2, and does not have the device identification database by itself, but performs the device identification information search process ( Target device information determination processing) can be implemented. Here, of course, it is also preferable that the target device information determination device 3 can access the database construction device 2 and execute target device information (device specific information) determination processing directly using the above-described signature.

In this embodiment, the searcher (FIG. 5) may operate the target device information determination device 3 to search for device specific information (determine target device information), or determine target device information from an external terminal. A search processing request may be transmitted to the device 3 to execute device identification information search processing (target device information determination processing). Furthermore, the database construction device 2 may be a device that provides the constructed device identification database and signatures to an external information processing device for use there.

As described in detail above, according to the present invention, a plurality of pieces of information about devices connected to a communication network can be determined based on information published or available as OSINT. Also, a database that can be used for the determination can be constructed.

By the way, currently, with the spread and expansion of IoT, for business operation, maintenance, or as a security measure, we want to grasp the details of the status of managed devices and obtain specific information about specific devices. There is a very high demand for The present invention can sufficiently meet such needs.

For the various embodiments of the present invention described above, various changes, modifications and omissions within the spirit and scope of the present invention can be easily made by those skilled in the art. The foregoing description is exemplary only and is not intended to be limiting. The invention is to be limited only as limited by the claims and the equivalents thereof.

1, 3 Target device information determination device 101, 201 Communication interface 102, 202 Device identification information storage unit 103, 203 Signature storage unit 104, 204 Device identification database (DB) storage unit 105 Search result storage unit 106 Keyboard (KB)/display (DP)
111, 211 device identification information determination unit 111a, 211a identification information determination unit 111b, 211b signature generation unit 112 database construction unit 113, 313 target device information search/determination unit (target device information search means, target device information determination means)
113a device statistical information determination unit 113b device identification/estimation information determination unit 121, 221 communication control unit 122 input/output control unit 2 database construction device 212 database construction/access unit

Claims (11)

A target device information determination program that causes a computer to determine target device information, which is information about at least one target device among devices connected to a communication network, comprising:
A plurality of device identifications including a plurality of device identification information that is information that identifies the device, and that is acquired or determined based on device response information that is information included in or related to a response from the device. A device identification database in which information is recorded in association with each other is searched for the device identification information corresponding to the target device using the device identification information for the target device as a search query, and the retrieved device identification information or causing the computer to function as target device information search means for determining information linked to the device specifying information as target device information of the target device;
The plurality of device identification information recorded in association with each other in the device identification database includes identification information determined based on the device response information of the device corresponding to certain device identification information or a combination thereof, and the device identification information. or information specifying the series name of the device, information specifying the model name of the device, determined from the identification information determined for the device using a signature, which is an identification pattern associated with a combination thereof , and a plurality of device identification information including at least one of information identifying the firmware version of the device,
The identification information determined for the device is information relating to the state of files or directories on the device, or to the characteristics of the response itself from the device, and at least one of series name, model name, and firmware version. A target device information determination program characterized by being information that can take different values or forms depending on. The identification information includes the identification number, time stamp, file size or directory size of the attribute information in the file or directory related to the device, the hash value and entity tag of the contained predetermined data, and the response itself from the device. characterized by at least one of response time, response format, error message format, URL (Uniform Resource Locator) or URL format, and API (Application Programming Interface) format The target device information determination program according to claim 1. Determining at least one of the identifications of the device based on the device response information obtained from an external database and/or the device response information obtained or determined from a response to a request to the device, generating the signature that associates the identification information determined in the device corresponding to certain device-specific information or a combination thereof with the certain device-specific information or a combination thereof, and using the signature to obtain information from the identification information of the device; , device identification information determination means for determining the device identification information for the device;
2. The computer further functions as database construction means for constructing the device identification database by recording, for each device, the device identification information determined for the device in association with each other. 3. The target device information determination program according to 2. The target device information searching means uses the signature to determine the device specifying information corresponding to the target device from the identification information acquired in the target device, and determines the device specifying information or the device specifying information. 4. The target device information determination program according to any one of claims 1 to 3, wherein the information linked to the information is also determined as the target device information of the target device. The target device information search means searches the device identification database for certain device identification information or a combination thereof as a search query, and generates and outputs device statistical information obtained by aggregating the retrieved device identification information. The target device information determination program according to any one of claims 1 to 4, characterized by: The device identification database is information related to the identified state or the inferred attribute of the device, determined from the device response information of the device or from the information obtained from the device response information. Information is stored in association with the device,
2. The target device information searching means also determines the device identified/estimated information linked to the device related to the searched device specifying information as the target device information of the target device. 6. The target device information determination program according to any one of 5. The plurality of device-specific information recorded in the device-specific database in association with each other include information specifying the IP (Internet Protocol) address of the device, information specifying the port number of the device, and protocol in communication of the device. information that identifies the device, information that identifies the organization or individual who owns or manages the device, information that identifies the location or region of the device, and the ASN (Autonomous System number) of the network to which the device is connected information, information specifying the host part in the IP address of the device, information specifying the FQDN (Fully Qualified Domain Name) of the device, information specifying the type of the device, and manufacturing or 7. The target device information determination program according to any one of claims 1 to 6, wherein the target device information determination program is a plurality of device specifying information including at least one of information specifying an organization or an individual involved in sales. A target device information determination program that causes a computer to determine target device information, which is information about at least one target device among devices connected to a communication network, comprising:
Information that identifies the device is used as device identification information, and identification information determined in a device that corresponds to certain device identification information or a combination thereof is used as a signature, which is an identification pattern associated with the device identification information or a combination thereof. Then, from the identification information acquired by the target device, the device specifying information corresponding to the target device is determined, and the determined device specifying information or information linked to the device specifying information is transferred to the target device. causing the computer to function as target device information determination means for determining the target device information of
The device identification information or a combination thereof includes at least one of information identifying the series name of the device, information identifying the model name of the device, and information identifying the firmware version of the device. device identification information or a combination thereof,
The identification information is information related to the status of files or directories in the device or the characteristics of the response itself, determined based on the device response information, which is information contained in or related to the response from the device, A target device information determination program characterized by being information that can take different values or forms depending on at least one of a series name, a model name, and a firmware version. A target device information determination device that determines target device information that is information about at least one target device among devices connected to a communication network,
A plurality of device identifications including a plurality of device identification information that is information that identifies the device, and that is acquired or determined based on device response information that is information included in or related to a response from the device. A device identification database in which information is recorded in association with each other is searched for the device identification information corresponding to the target device using the device identification information for the target device as a search query, and the retrieved device identification information or having target device information searching means for determining information linked to the device specifying information as target device information of the target device,
The plurality of device identification information recorded in association with each other in the device identification database includes identification information determined based on the device response information of the device corresponding to certain device identification information or a combination thereof, and the device identification information. or information specifying the series name of the device, information specifying the model name of the device, determined from the identification information determined for the device using a signature, which is an identification pattern associated with a combination thereof , and a plurality of device identification information including at least one of information identifying the firmware version of the device,
The identification information determined for the device is information relating to the state of files or directories on the device, or to the characteristics of the response itself from the device, and at least one of series name, model name, and firmware version. A target device information determination device characterized by being information that can take different values or forms depending on the device. A database construction device for constructing a database used for determining target device information, which is information about at least one target device among devices connected to a communication network,
The database searches for the device-specific information corresponding to the target device using device-specific information, which is information that specifies the device, as a search query, and searches for the device-specific information or the device A database that makes it possible to determine the information linked to the specific information as the target device information of the target device,
The database construction device is
identification information determination means for determining at least one piece of identification information relating to the state of a file or directory in the device or relating to the characteristics of the response itself from device response information, which is information included in or related to a response from the device;
signature generation means for generating a signature, which is an identification pattern in which the identification information determined in the device corresponding to certain device identification information or a combination thereof is associated with the certain device identification information or a combination thereof;
The signature is used to determine the device-specific information about the device from the identification information of the device, and for each device, the plurality of device-specific information determined for the device are recorded in association with each other. and database construction means for constructing the database,
The plurality of pieces of device specifying information recorded in the database in association with each other include information specifying the series name of the device, information specifying the model name of the device, and information specifying the firmware version of the device. A plurality of device-specific information including at least one of
A database construction device, wherein the identification information of the device is information that can take different values or forms depending on at least one of the series name, model name, and firmware version. A target device information determination method in a computer for determining target device information that is information about at least one target device among devices connected to a communication network, comprising:
A plurality of device identifications including a plurality of device identification information that is information that identifies the device, and that is acquired or determined based on device response information that is information included in or related to a response from the device. building a device identification database in which information is recorded in association with each other;
Searching the device identification database for the device identification information corresponding to the target device using the device identification information for the target device as a search query, and linking to the searched device identification information or the device identification information determining the obtained information as target device information of the target device;
The plurality of device identification information recorded in association with each other in the device identification database includes identification information determined based on the device response information of the device corresponding to certain device identification information or a combination thereof, and the device identification information. or information specifying the series name of the device, information specifying the model name of the device, determined from the identification information determined for the device using a signature, which is an identification pattern associated with a combination thereof , and a plurality of device identification information including at least one of information identifying the firmware version of the device,
The identification information determined for the device is information relating to the state of files or directories on the device, or to the characteristics of the response itself from the device, and at least one of series name, model name, and firmware version. A method for determining target device information, characterized in that the information can take different values or forms depending on the device.

Images