JP2023033526A - Terminal, control method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To shorten a time required to take countermeasures against vulnerabilities.

SOLUTION: A terminal control method according to the present invention comprises a first step in which the terminal receives vulnerability information including publication date and time information, investigation method information, information on vulnerabilities existing in software, and a second step in which the terminal investigates whether or not the terminal has the vulnerability based on the investigation method information, and the first step is executed before the publication date and time indicated by the publication date and time information.

SELECTED DRAWING: Figure 14

COPYRIGHT: (C)2023,JPO&INPIT

Description

The present invention relates to a security risk management system, server, control method, and program.

Terminals used in companies have security risks such as vulnerabilities in hardware and software. Therefore, companies need to manage the vulnerabilities of terminals within the company. Recently, a security risk management system that supports vulnerability management has also been proposed (for example, Patent Document 1).

JP 2009-015570 A

By the way, a company that uses a security risk management system generally manages vulnerabilities in the following manner.
After the vulnerability information is disclosed, the security manager of the company uses the security risk management system to investigate the presence or absence of vulnerabilities in the terminals within the company.
If, as a result of the investigation, there is a terminal with a vulnerability, the security manager of the company uses the security risk management system to plan and implement countermeasures against the vulnerability.

However, if vulnerability information is disclosed, there is a risk that the terminal will be attacked by malicious individuals or groups, so it is necessary to reduce the time required to take countermeasures against vulnerabilities.
The technology disclosed in the above-mentioned Patent Literature 1 associates the handling status of terminal vulnerability with a keyword indicating the type of vulnerability and registers it in a database. In other words, the technology disclosed in Patent Document 1 is a technology for registering in a database the status of vulnerability countermeasures actually taken by a terminal, and is not a technology for shortening the time until vulnerability countermeasures are taken.

An object of the present invention is to solve the above-described problems and to provide a technique capable of shortening the time required to take countermeasures against vulnerabilities.

According to one aspect of the invention, a security risk management system comprises:
a server;
an agent unit provided in the terminal,
The server is
transmitting the vulnerability information to the agent unit before the date and time of disclosure of the vulnerability information;
The agent part
Before the date and time of disclosure of the vulnerability information, the presence or absence of vulnerability of the terminal is investigated based on the information of the vulnerability investigation method included in the vulnerability information, and the vulnerability investigation result including the investigation result is sent to the server. send to
The server is
The vulnerability information and the vulnerability investigation result are presented after the date and time of disclosure of the vulnerability information.

According to one aspect of the invention, the server comprises:
Before the vulnerability information disclosure date and time, the vulnerability information is transmitted to an agent unit provided in the terminal, and from the agent unit, the agent based on the vulnerability investigation method information included in the vulnerability information a communication unit that receives vulnerability investigation results including investigation results of the presence or absence of vulnerabilities of the terminal investigated by the unit;
a presentation unit that presents the vulnerability information and the vulnerability survey results after the vulnerability information disclosure date and time;
Prepare.

According to one aspect of the invention, a control method comprises:
A server control method comprising:
a transmission step of transmitting the vulnerability information to an agent unit provided in a terminal before the date and time of disclosure of the vulnerability information;
a step of receiving, from the agent unit, vulnerability investigation results including investigation results as to whether or not the terminal is vulnerable, which is investigated by the agent unit based on vulnerability investigation method information included in the vulnerability information; ,
a presentation step of presenting the vulnerability information and the vulnerability investigation results after the date and time of disclosure of the vulnerability information;
including.

According to one aspect of the invention, a program comprises:
to the computer,
a transmission procedure for transmitting the vulnerability information to an agent unit provided in a terminal before the date and time of disclosure of the vulnerability information;
Before the date and time of disclosure of the vulnerability information, from the agent unit, based on the information of the vulnerability investigation method included in the vulnerability information, the investigation result of the presence or absence of the vulnerability of the terminal investigated by the agent unit is sent. a procedure for receiving vulnerability findings including;
a presentation procedure for presenting the vulnerability information and the vulnerability investigation results after the date and time of disclosure of the vulnerability information;
It is a program for executing

According to one aspect of the invention, a program comprises:
to the computer,
a reception procedure for receiving the vulnerability information from the server before the date and time of disclosure of the vulnerability information;
an investigation procedure for investigating whether or not a terminal is vulnerable based on vulnerability investigation method information included in the vulnerability information before the vulnerability information is disclosed;
a procedure of transmitting vulnerability investigation results including investigation results of the investigation procedure to the server before the date and time of disclosure of the vulnerability information;
It is a program for executing

ADVANTAGE OF THE INVENTION According to this invention, the effect that shortening of the time until taking measures against vulnerability can be achieved is acquired.

1 is a diagram showing a configuration example of a security system according to Embodiment 1; FIG. 1 is a block diagram showing a block configuration example of a vulnerability information distribution system and a security risk management system according to Embodiment 1; FIG. 1 is a diagram showing a configuration example of a hardware configuration of a computer that realizes a vulnerability information distribution system, a server, and a terminal according to Embodiment 1; FIG. 4 is a flowchart showing an operation example of receiving vulnerability information from the vulnerability information transmission system, creating vulnerability information data, and transmitting the data to the server in the vulnerability information distribution system according to the first embodiment. 4 is a diagram showing an example of vulnerability information data according to Embodiment 1; FIG. 4 is a flow chart showing an operation example from reception of vulnerability information data from the vulnerability information distribution system to transmission of vulnerability information data to an agent unit in the server according to Embodiment 1. FIG. 5 is a flow chart showing an operation example of receiving vulnerability data from a server, examining the presence or absence of vulnerabilities in corresponding terminals, and transmitting vulnerability investigation results to the server in the agent unit according to Embodiment 1. FIG. FIG. 5 is a diagram showing an example of vulnerability research results according to Embodiment 1; 5 is a flow chart showing an operation example of receiving a vulnerability investigation result from an agent unit and storing the vulnerability investigation result in a vulnerability investigation result storage unit in the server according to the first embodiment; In the server according to the first embodiment, the vulnerability information data stored in the vulnerability information data storage unit is periodically checked, the vulnerability information data published before the current date and time is decrypted, and the decrypted vulnerability information data is obtained. is stored again in the vulnerability information data storage unit. 5 is a flowchart showing an operation example of displaying vulnerability information and vulnerability investigation results in the server according to the first embodiment; In the agent unit according to the first embodiment, the vulnerability information data in the vulnerability information data storage unit is periodically checked, the vulnerability information data published before the current date and time is decrypted, and the decrypted vulnerability information is obtained. It is a flowchart which shows the example of operation|movement which stores data in a vulnerability information data storage part again. 7 is a flowchart showing an operation example of displaying vulnerability information in the agent unit according to Embodiment 1; FIG. 9 is a block diagram showing a block configuration example of a security risk management system according to Embodiment 2; FIG. 10 is a sequence diagram showing an operation example of the security risk management system according to Embodiment 2;

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described with reference to the drawings.
(1) Embodiment 1
(1-1) Configuration of First Embodiment (1-1-1) Overall Configuration FIG. 1 shows a configuration example of a security system according to the first embodiment. FIG. 2 shows a block configuration example of the vulnerability information distribution system 210 and the security risk management system 305 according to the first embodiment.

1 and 2, the security system according to the first embodiment includes a vulnerability information transmission system 110 provided in a vulnerability information provider 100 and a vulnerability information transmission system 110 provided in a security risk management system provider 200. It has an information distribution system 210 and a security risk management system 305 provided at a security risk management system user company 300 .

The vulnerability information provider 100 is an organization that provides vulnerability information including an overview of vulnerabilities, investigation methods, countermeasure methods, etc. Examples include CERT (Computer Emergency Response Team), JPCERT (Japan Computer Emergency Response Team), , and IPA (Information-technology Promotion Agency). The security risk management system provider company 200 is a company that provides the security risk management system 305 . The security risk management system user company 300 is a company that uses the security risk management system 305 provided by the security risk management system provider company 200 . The security risk management system user company 300 uses the security risk management system 305 to manage the vulnerabilities of the terminal 330 of its own company.

If there is a vulnerability in software, the vulnerability information provider 100 may provide the vulnerability information of the vulnerability to the software vendor that created the software for the purpose of investigation before the publication date and time. . The vulnerability information provided by the vulnerability information provider 100 to software vendors can be used by the security risk management system provider 200 . However, the security risk management system provider 200 limits the use of the vulnerability information to its own use if the vulnerability information is before the publication date and time. In this way, the security risk management system provider 200 can use the vulnerability information provided by the vulnerability information provider 100 before the publication date and time, although it is limited to its own use.

The first embodiment focuses on the fact that the security risk management system user company 300 can use the vulnerability information provided by the vulnerability information provider 100 before the publication date and time, and uses the vulnerability information before the publication date and time. Then, the investigation of whether or not the terminal 330 is vulnerable is completed.

(1-1-2) Configuration of Vulnerability Information Transmission System 110 The vulnerability information transmission system 110 transmits vulnerability information to the vulnerability information distribution system 210 . Note that the vulnerability information transmission system 110 only needs to have a function of transmitting vulnerability information to the vulnerability information distribution system 210, and this function can be realized with a well-known technique. omitted.

(1-1-3) Configuration of Vulnerability Information Distribution System 210 The vulnerability information distribution system 210 includes a vulnerability information reception unit 211, a vulnerability information data creation unit 212, a vulnerability information data encryption unit 213, and a common key storage unit. 214 , a vulnerability information data storage unit 215 , and a vulnerability information data transmission unit 216 .

The vulnerability information receiving unit 211 receives vulnerability information from the vulnerability information transmission system 110 . The vulnerability information data creating unit 212 creates vulnerability information data based on the vulnerability information received by the vulnerability information receiving unit 211 and according to the operation performed by the vulnerability information data creator. The vulnerability information data encryption unit 213 uses the common key to encrypt the vulnerability information data created by the vulnerability information data creation unit 212 . Common key storage unit 214 stores a common key used when vulnerability information data encryption unit 213 encrypts vulnerability information data. The vulnerability information data storage unit 215 stores vulnerability information data created by the vulnerability information data creating unit 212 . The vulnerability information data transmission unit 216 reads vulnerability information data from the vulnerability information data storage unit 215 and transmits the read vulnerability information data to the server 310 .

(1-1-4) Configuration of Security Risk Management System 305 The security risk management system 305 has a server 310 and an agent section 320 . The agent unit 320 is software called agent software or agent. The agent unit 320 corresponds to the terminal 330 whose vulnerability is managed by the company using the security risk management system 300 and is installed in the corresponding terminal 330 . In FIG. 1, it is assumed that there are a plurality of terminals 330, and a plurality of agent units 320 corresponding to each of the plurality of terminals 330 are provided. Become.

The server 310 receives vulnerability information data from the vulnerability information distribution system 210 before the vulnerability information disclosure date and time, transmits the received vulnerability information data to the agent unit 320, and instructs vulnerability investigation. In addition, the server 310 receives the vulnerability investigation result from the agent unit 320 and displays the vulnerability information and the vulnerability investigation result after the vulnerability information disclosure date and time. On the other hand, the agent unit 320 receives vulnerability information data from the server 310 before the vulnerability information release date and time, investigates whether the corresponding terminal 330 is vulnerable, and transmits the vulnerability investigation result to the server 310. do. Also, the agent unit 320 displays the vulnerability information after the date and time of disclosure of the vulnerability information.

(1-1-5) Configuration of server 310 The server 310 includes a vulnerability information data receiving unit 311, a vulnerability information data storage unit 312, a vulnerability information data distribution unit 313, a vulnerability investigation result receiving unit 314, and a vulnerability investigation. A result storage unit 315 , a vulnerability disclosure date/time confirmation unit 316 , a vulnerability information data decryption unit 317 , a common key storage unit 318 , and a vulnerability information/survey result display unit 319 are provided. Note that the vulnerability information data distribution unit 313 and the vulnerability investigation result reception unit 314 are examples of components of the communication unit. The vulnerability information/survey result display unit 319 is an example of a presentation unit. The vulnerability information data storage unit 312 is an example of a vulnerability information storage unit. The vulnerability disclosure date/time confirmation unit 316 is an example of a disclosure date/time confirmation unit. The vulnerability investigation result storage unit 315 is an example of a vulnerability investigation result storage unit.

The vulnerability information data receiving unit 311 receives vulnerability information data from the vulnerability information distribution system 210 . The vulnerability information data storage unit 312 stores the vulnerability information data received by the vulnerability information data reception unit 311 . The vulnerability information data distribution unit 313 reads vulnerability information data from the vulnerability information data storage unit 312 and transmits the read vulnerability information data to the agent unit 320 . The vulnerability investigation result receiving unit 314 receives vulnerability investigation results from the agent unit 320 . The vulnerability investigation result storage unit 315 stores the vulnerability investigation result received by the vulnerability investigation result reception unit 314 . The vulnerability disclosure date and time confirmation unit 316 periodically reads vulnerability information data from the vulnerability information data storage unit 312, checks the disclosure date and time, and deletes the vulnerability information data whose disclosure date and time has passed. In 317 , the decrypted vulnerability information data is written back to the vulnerability information data storage unit 312 . When the vulnerability information data decryption unit 317 receives the vulnerability information data from the vulnerability disclosure date/time confirmation unit 316, the vulnerability information data decryption unit 317 decrypts the vulnerability information data using the common key. Common key storage unit 318 stores a common key used when vulnerability information data decryption unit 317 decrypts vulnerability information data. The vulnerability information/survey result display unit 319 reads the vulnerability information data past the publication date and time from the vulnerability information data storage unit 312, and based on the read vulnerability information data, the corresponding vulnerability information data from the vulnerability survey result storage unit 315. Reads the vulnerability research results, and presents vulnerability information and vulnerability research results based on the read vulnerability research results. This presentation shall be displayed on the screen of the server 310 below.

(1-1-6) Configuration of agent unit 320 Agent unit 320 includes vulnerability information data receiving unit 321, vulnerability information data storage unit 322, vulnerability investigation unit 323, vulnerability information data decoding unit 324, and common key storage. A vulnerability investigation result storage unit 326 , a vulnerability investigation result transmission unit 327 , a vulnerability disclosure date/time confirmation unit 328 , and a vulnerability information display unit 329 are provided. The vulnerability information data reception unit 321 and the vulnerability investigation result transmission unit 327 are examples of components of the communication unit. The vulnerability information display section 329 is an example of a presentation section. The vulnerability information data storage unit 322 is an example of a vulnerability information storage unit. The vulnerability disclosure date/time confirmation unit 328 is an example of a disclosure date/time confirmation unit. The vulnerability investigation result storage unit 326 is an example of a vulnerability investigation result storage unit.

The vulnerability information data receiving unit 321 receives vulnerability information data from the server 310 . The vulnerability information data storage unit 322 stores vulnerability information data received by the vulnerability information data reception unit 321 . The vulnerability investigation unit 323 reads vulnerability information data from the vulnerability information data storage unit 322, decrypts the read vulnerability information data in the vulnerability information data decryption unit 324, and extracts the vulnerability information data included in the decrypted vulnerability information data. Based on the method, the presence or absence of vulnerability of the corresponding terminal 330 is investigated, and the vulnerability investigation result including the investigation result is stored in the vulnerability investigation result storage unit 326 . The vulnerability information data decoding unit 324, upon receiving the vulnerability information data from the vulnerability investigation unit 323 and the vulnerability disclosure date/time confirmation unit 328, decodes the vulnerability information data using the common key. Common key storage unit 325 stores a common key used when vulnerability information data decryption unit 324 decrypts vulnerability information data. The vulnerability investigation result storage unit 326 stores vulnerability investigation results including investigation results investigated by the vulnerability investigation unit 323 . The vulnerability investigation result transmission unit 327 reads the vulnerability investigation result from the vulnerability investigation result storage unit 326 and transmits the read vulnerability investigation result to the server 310 . The vulnerability disclosure date and time confirmation unit 328 periodically reads vulnerability information data from the vulnerability information data storage unit 322, confirms the disclosure date and time, and deletes the vulnerability information data whose disclosure date and time has passed through the vulnerability information data decryption unit. 324 , the decrypted vulnerability information data is written back to the vulnerability information data storage unit 322 . The vulnerability information display unit 329 reads the vulnerability information data past the publication date and time from the vulnerability information data storage unit 322, and based on the read vulnerability information data, displays the corresponding vulnerability investigation from the vulnerability investigation result storage unit 326. Reads the results and presents vulnerability information based on the read vulnerability investigation results. This presentation shall be displayed on the screen of the corresponding terminal 330 below.

The common key storage unit 214 of the vulnerability information distribution system 210, the common key storage unit 318 of the server 310, and the common key storage unit 325 of the agent unit 320 share a common key, and store the shared common key. are doing.

(1-1-7) Hardware Configuration FIG. 3 shows a configuration example of the hardware configuration of the computer 400 that implements the vulnerability information distribution system 210 according to the first embodiment.

Referring to FIG. 3, vulnerability information distribution system 210 according to the first embodiment can be realized by computer 400 . The computer 400 includes a processor 401, a memory 402, a storage 403, an input/output interface (input/output I/F) 404, a communication interface (communication I/F) 405, and the like. The processor 401, the memory 402, the storage 403, the input/output interface 404, and the communication interface 405 are connected by a data transmission path for mutual data transmission/reception.

The processor 401 is, for example, an arithmetic processing device such as a CPU (Central Processing Unit) or a GPU (Graphics Processing Unit). The memory 402 is, for example, a RAM (Random Access Memory) or a ROM (Read Only Memory). The storage 403 is, for example, a storage device such as a HDD (Hard Disk Drive), an SSD (Solid State Drive), or a memory card. Also, the storage 403 may be a memory such as a RAM or a ROM.

The storage 403 stores each processing unit (vulnerability information receiving unit 211, vulnerability information data creating unit 212, vulnerability information data encrypting unit 213, vulnerability information data transmitting unit 216, etc.) included in the vulnerability information distribution system 210. It stores programs that implement functions. The processor 401 implements the function of each processing unit by executing each program. Here, when executing each program, the processor 401 may execute these programs after reading them onto the memory 402 , or may execute them without reading them onto the memory 402 . The memory 402 and storage 403 also serve as a common key storage unit 214 and vulnerability information data storage unit 215 .

The input/output interface 404 is connected to a display device 4041, an input device 4042, and the like. The display device 4041 is a device that displays a screen corresponding to drawing data processed by the processor 401, such as an LCD (Liquid Crystal Display) or CRT (Cathode Ray Tube) display. The input device 4042 is a device that receives an operator's operation input, such as a keyboard, mouse, and touch sensor. The display device 4041 and the input device 4042 may be integrated and implemented as a touch panel.

A communication interface 405 transmits and receives data to and from an external device. For example, communication interface 405 communicates with external devices via a wired or wireless network.

Server 310 and terminal 330 can also be realized by computer 400 shown in FIG.
For example, when the server 310 is realized by the computer 400, the storage 403 includes each processing unit (vulnerability information data receiving unit 311, vulnerability information data distributing unit 313, vulnerability investigation result receiving unit 314, vulnerability A program that implements the functions of the publication date/time confirmation unit 316, the vulnerability information data decryption unit 317, and the vulnerability information/survey result display unit 319, etc.) is stored. The memory 402 and storage 403 also serve as a vulnerability information data storage unit 312 , a vulnerability investigation result storage unit 315 , and a common key storage unit 318 .

Further, when the terminal 330 is realized by the computer 400, the storage 403 includes each processing unit (vulnerability information data receiving unit 321, vulnerability research unit 323, vulnerability information data decoding unit 324, vulnerability research unit) included in the agent unit 320. Result transmission unit 327, vulnerability disclosure date and time confirmation unit 328, vulnerability information display unit 329, etc.) are stored. The memory 402 and storage 403 also serve as a vulnerability information data storage unit 322 , a common key storage unit 325 , and a vulnerability investigation result storage unit 326 .

(1-2) Operation of Embodiment 1 The operation of the security system according to Embodiment 1 will be described in detail below.
(1-2-1) First, in the vulnerability information distribution system 210, the operation of receiving vulnerability information from the vulnerability information transmission system 110, creating vulnerability information data, and transmitting it to the server 310 will be described with reference to FIG. 4 for explanation.

Referring to FIG. 4, in the vulnerability information distribution system 210, the vulnerability information receiving unit 211 receives vulnerability information transmitted from the vulnerability information transmission system 110 (S101). The vulnerability information includes vulnerability overview information, investigation method information, countermeasure method information, and publication date and time information. The vulnerability information receiving unit 211 sends the received vulnerability information to the vulnerability information data creating unit 212 . The vulnerability information data creating unit 212 creates vulnerability information data according to the operation performed by the vulnerability information data creator based on the vulnerability information (S102).

As shown in FIG. 5, the vulnerability information data has a format including a vulnerability information ID (Identifier), disclosure date/time information, disclosure flag, summary information, investigation method information, and countermeasure method information. Vulnerability information data corresponds to vulnerability information (summary of vulnerability, investigation method, countermeasure method, and publication date and time) added with a vulnerability information ID and a publication flag. The vulnerability information ID is numbered by the vulnerability information data creating unit 212 and set to an ID that uniquely identifies the vulnerability information. For the date and time of publication, set the information of the date and time of publication included in the vulnerability information. The public flag is set to 0 indicating undisclosed when the published date and time is later than the current date and time, and set to 1 which indicates published when the published date and time is earlier than the current date and time. Information on the overview, investigation method, and countermeasure method included in the vulnerability information is set in the outline, investigation method, and countermeasure method, respectively.

When the vulnerability information data creation unit 212 sets the disclosure flag of the vulnerability information data to 0 indicating undisclosed (Yes in S 103 ), the vulnerability information data creating unit 212 sends the vulnerability information data to the vulnerability information data encryption unit 213 . The vulnerability information data encryption unit 213 reads the common key from the common key storage unit 214, and uses the read common key to encrypt the vulnerability information data summary, investigation method, and countermeasure information (S104). ), and returns the encrypted vulnerability information data to the vulnerability information data creation unit 212 . The vulnerability information data creation unit 212 stores the vulnerability information data encrypted by the vulnerability information data encryption unit 213 in the vulnerability information data storage unit 215 (S105). On the other hand, when the vulnerability information data creation unit 212 sets 1 indicating that the vulnerability information data has been published (No in S103), the vulnerability information data creation unit 212 encrypts the vulnerability information data without encrypting it in the vulnerability information data storage unit. 215 (S105). The vulnerability information data transmission unit 216 reads vulnerability information data from the vulnerability information data storage unit 215 (S106), and transmits the read vulnerability information data to the server 310 (S107).

(1-2-2) Next, referring to FIG. 6, the server 310 receives vulnerability information data from the vulnerability information distribution system 210 and transmits the vulnerability information data to the agent unit 320. to explain.

Referring to FIG. 6, in the server 310, the vulnerability information data receiving unit 311 receives vulnerability information data transmitted from the vulnerability information distribution system 210 (S201). The vulnerability information data receiving unit 311 stores the received vulnerability information data in the vulnerability information data storage unit 312 (S202). The vulnerability information data distribution unit 313 reads vulnerability information data from the vulnerability information data storage unit 312 (S203), and transmits the read vulnerability information data to the agent unit 320 (S204).

When there are multiple agent units 320 , the server 310 transmits vulnerability information data to each of the multiple agent units 320 .

(1-2-3) Next, the agent unit 320 receives the vulnerability data from the server 310, investigates whether or not the corresponding terminal 330 is vulnerable, and sends the vulnerability investigation result representing the investigation result to the server 310. The operation up to the transmission to , will be described with reference to FIG.

Referring to FIG. 7, in agent section 320, vulnerability information data receiving section 321 receives vulnerability information data transmitted from server 310 (S301). The vulnerability information data receiving unit 321 stores the received vulnerability information data in the vulnerability information data storage unit 322 (S302). The vulnerability investigation unit 323 reads vulnerability information data from the vulnerability information data storage unit 322 (S303). The vulnerability investigation unit 323 sends the vulnerability information data to the vulnerability information data decoding unit 324 when 0 representing undisclosed is set in the public flag of the read vulnerability information data (Yes in S304). The vulnerability information data decryption unit 324 reads the common key for decryption from the common key storage unit 325, uses the read common key to decrypt the vulnerability information data investigation method information (S305), and decrypts the information. The obtained vulnerability information data is returned to the vulnerability investigation unit 323 . The vulnerability investigation unit 323 investigates whether or not the corresponding terminal 330 is vulnerable based on the vulnerability information data investigation method information decrypted by the vulnerability information data decryption unit 324 (S306). On the other hand, if the public flag of the read vulnerability information data is set to 1 indicating that it has been published (No in S304), the vulnerability research unit 323 encrypts the research method information of the read vulnerability information data. Therefore, based on the information of the investigation method, the presence or absence of vulnerability of the corresponding terminal 330 is investigated (S306). The vulnerability research unit 323 creates a vulnerability research result indicating whether or not the corresponding terminal 330 is vulnerable (S307).

As shown in FIG. 8, the vulnerability investigation result has a format including vulnerability information ID, terminal ID, investigation date and time information, and investigation result information. The vulnerability information ID is set to an ID that uniquely identifies the vulnerability information of the investigated vulnerability, that is, the vulnerability information ID included in the vulnerability information data. An ID for identifying the terminal 330 that performed the investigation is set in the terminal ID. Information on the date and time when the survey was conducted is set in the date and time of survey. If the terminal 330 is not vulnerable, 0 is set to the investigation result, and 1 is set if the terminal 330 is vulnerable.

The vulnerability investigation unit 323 stores the created vulnerability investigation result in the vulnerability investigation result storage unit 326 (S308). The vulnerability investigation result transmission unit 327 reads the vulnerability investigation result from the vulnerability investigation result storage unit 326 (S309), and transmits the read vulnerability investigation result to the server 310 (S310).

Note that when there are a plurality of agent units 320, each of the plurality of agent units 320 performs the operation shown in FIG.

(1-2-4) Next, in the server 310, see FIG. 9 for the operation of receiving the vulnerability investigation result from the agent unit 320 and storing the vulnerability investigation result in the vulnerability investigation result storage unit 315. and explain.

Referring to FIG. 9, in the server 310, the vulnerability investigation result receiving unit 314 receives the vulnerability investigation result transmitted from the agent unit 320 (S401). The vulnerability investigation result receiving unit 314 stores the received vulnerability investigation result in the vulnerability investigation result storage unit 315 (S402).

When there are multiple agent units 320 , the server 310 stores the vulnerability investigation results received from each of the multiple agent units 320 in the vulnerability investigation result storage unit 315 .

(1-2-5) Next, in the server 310, the vulnerability information data in the vulnerability information data storage unit 312 is periodically checked, and the vulnerability information data published before the current date and time is decrypted, The operation of storing the decrypted vulnerability information data in the vulnerability information data storage unit 312 again will be described with reference to FIG.

Referring to FIG. 10, in the server 310, the vulnerability disclosure date/time confirmation unit 316 periodically (for example, once every 10 minutes) checks that the vulnerability information data whose disclosure flag is 0 representing undisclosed It is checked whether or not it is stored in the vulnerability information data storage unit 312 (S501), and if such vulnerability information data is stored (Yes in S501), one of the vulnerability information data is stored. Read out (S502). Vulnerability disclosure date and time confirmation unit 316 sends the vulnerability information data to vulnerability information data decoding unit 317 when the disclosure date and time of the read vulnerability information data is before the current date and time (Yes in S503). The vulnerability information data decryption unit 317 reads out the common key for decryption from the common key storage unit 318, and uses the read common key to decrypt the vulnerability information data overview, investigation method, and countermeasure method information. ( S<b>504 ), and the decrypted vulnerability information data is returned to the vulnerability disclosure date/time confirmation unit 316 . The vulnerability disclosure date and time confirmation unit 316 sets the disclosure flag of the decrypted vulnerability information data to 1 indicating that it has been disclosed (S505). The vulnerability disclosure date and time confirmation unit 316 stores the decrypted vulnerability information data with the disclosure flag set to 1 again in the vulnerability information data storage unit 312 (S506). On the other hand, if the disclosure date and time of the read vulnerability information data is later than the current date and time (No in S503), the vulnerability disclosure date and time confirmation unit 316 stores the read vulnerability information data in the vulnerability information data storage unit 312. store again as it is (S506). Thus, the processing for the vulnerability information data read in S502 is completed. If vulnerability information data whose disclosure flag is set to 0 indicating undisclosed is still stored in the vulnerability information data storage unit 312 (Yes in S507), the vulnerability disclosure date and time confirmation unit 316 performs the processing of S502. back to On the other hand, if vulnerability information data whose disclosure flag is set to 0 indicating undisclosed is no longer stored in the vulnerability information data storage unit 312 (No in S501 and No), the process ends.

(1-2-6) Next, the operation of displaying vulnerability information and vulnerability investigation results in server 310 will be described with reference to FIG.

Referring to FIG. 11, in the server 310, the vulnerability information/survey result display unit 319 displays vulnerability information data whose disclosure flag is set to 1 indicating that the vulnerability information data storage unit 312 stores vulnerability information data. (S601), and if such vulnerability information data is stored (Yes in S601), one of the vulnerability information data is read out (S602). The vulnerability information/survey result display unit 319 displays the vulnerability survey results that match the vulnerability information ID of the read vulnerability information data and that the survey result is 1 indicating that there is a vulnerability. If it is stored in the storage unit 315 (Yes in S603), all the vulnerability investigation results are read out (S604). The vulnerability information/survey result display unit 319 displays a summary of the read vulnerability information data, countermeasures, and a list of terminal IDs of the read vulnerability survey results on the screen of the server 310 (S605). On the other hand, the vulnerability information/survey result display unit 319 matches the vulnerability information ID of the read vulnerability information data, and the vulnerability survey result is 1 indicating that there is a vulnerability. If it is not stored in the investigation result storage unit 315 (No in S603), it is not displayed on the screen of the server 310. FIG. Thus, the processing for the vulnerability information data read in S602 is completed. If the vulnerability information data whose public flag is 1 indicating that it has been published is still stored in the vulnerability information data storage unit 312 (Yes in S606), the vulnerability information/survey result display unit 319 return to the process of On the other hand, the vulnerability information/survey result display unit 319 displays the vulnerability information data whose public flag is set to 1 indicating that the vulnerability information data storage unit 312 has already been stored (No in S601 and No in S606), the process ends.

Note that the timing of starting the operation in FIG. 11 may be regular timing, or may be timing when an operation is performed to instruct display of vulnerability information and vulnerability investigation results.

(1-2-7) Next, the agent unit 320 periodically checks the vulnerability information data in the vulnerability information data storage unit 322 and decrypts the vulnerability information data published before the current date and time. , the operation of storing the decrypted vulnerability information data again in the vulnerability information data storage unit 322 will be described with reference to FIG.

Referring to FIG. 12, in the agent unit 320, the vulnerability disclosure date/time confirmation unit 328 periodically (for example, once every 10 minutes) checks the vulnerability information data whose disclosure flag is 0 indicating undisclosed. is stored in the vulnerability information data storage unit 322 (S701), and if such vulnerability information data is stored (Yes in S701), one of the vulnerability information data read one (S702). Vulnerability disclosure date and time confirmation unit 328 sends the vulnerability information data to vulnerability information data decoding unit 324 when the disclosure date and time of the read vulnerability information data is before the current date and time (Yes in S703). The vulnerability information data decryption unit 324 reads the common key for decryption from the common key storage unit 325, and uses the read common key to decrypt the vulnerability information data overview, investigation method, and countermeasure method information. ( S<b>704 ), and the decrypted vulnerability information data is returned to the vulnerability disclosure date/time confirmation unit 328 . The vulnerability disclosure date and time confirmation unit 328 sets the disclosure flag of the decrypted vulnerability information data to 1 indicating that it has been disclosed (S705). The vulnerability disclosure date and time confirmation unit 328 stores the decrypted vulnerability information data with the disclosure flag set to 1 again in the vulnerability information data storage unit 322 (S706). On the other hand, if the disclosure date and time of the read vulnerability information data is after the current date and time (Yes in S703), the vulnerability disclosure date and time confirmation unit 328 stores the read vulnerability information data in the vulnerability information data storage unit 328. is stored again as it is (S706). This completes the processing for the vulnerability information data read in S702. If the vulnerability information data whose disclosure flag is set to 0 indicating undisclosed is still stored in the vulnerability information data storage unit 322 (Yes in S707), the vulnerability disclosure date and time confirmation unit 328 performs the processing of S702. back to On the other hand, if vulnerability information data whose disclosure flag is set to 0 indicating undisclosed is no longer stored in the vulnerability information data storage unit 322 (No in S701 and No), the process ends.

Note that when there are a plurality of agent units 320, each of the plurality of agent units 320 performs the operation shown in FIG. 12 described above.

(1-2-8) Next, the operation of displaying vulnerability information in the agent unit 320 will be described with reference to FIG.

Referring to FIG. 13, in the agent unit 320, the vulnerability information display unit 329 determines whether or not vulnerability information data whose disclosure flag is set to 1 indicating that it has been disclosed is stored in the vulnerability information data storage unit 322. (S801), and if such vulnerability information data is stored (Yes in S801), one of the vulnerability information data is read out (S802). The vulnerability information display unit 329 displays the vulnerability information ID of the vulnerability information data read out and the vulnerability information ID of the vulnerability information data that is 1 indicating that there is a vulnerability. (Yes in S803), the vulnerability investigation result is read out (S804). The vulnerability information display unit 329 displays the outline of the read vulnerability information data and countermeasures on the screen of the corresponding terminal 330 (S805). On the other hand, the vulnerability information display unit 329 stores vulnerability investigation results that match the vulnerability information ID of the read vulnerability information data and that the investigation result is 1 indicating that there is a vulnerability. If it is not stored in the unit 326 (No in S803), it is not displayed on the screen of the corresponding terminal 330. FIG. This completes the processing for the vulnerability information data read in S802. If the vulnerability information data whose public flag is set to 1 indicating that it has been published is still stored in the vulnerability information data storage unit 322 (Yes in S806), the vulnerability information display unit 329 returns to the processing of S802. return. On the other hand, if the vulnerability information data whose public flag is 1 indicating that the vulnerability information data storage unit 322 has not been stored in the vulnerability information data storage unit 322 (No in S801 and No in S806). ) and terminate the process.

Note that the timing of starting the operation in FIG. 13 may be regular timing, or may be timing when an operation to instruct display of vulnerability information is performed.
Also, when there are a plurality of agent units 320, each of the plurality of agent units 320 performs the operation shown in FIG.

(1-3) Effect of Embodiment 1 As described above, according to Embodiment 1, server 310 transmits encrypted vulnerability information to agent unit 320 before the publication date and time. , the vulnerability investigation of the terminal 330 is completed, and the vulnerability investigation result is displayed when the publication date and time has passed.
Therefore, the security administrator of the company 300 using the security risk management system can grasp the results of the investigation of whether or not the terminal 330 of the company is vulnerable at the time when the vulnerability information is disclosed, and immediately formulate countermeasures against the vulnerability. You can move to the next step. Therefore, it is possible to obtain an effect that it is possible to shorten the time until countermeasures against vulnerabilities are taken.

According to the first embodiment, the security risk management system 305 internally decrypts vulnerability information for vulnerability investigation before the vulnerability information disclosure date and time. However, the decrypted vulnerability information will be displayed after the release date and time. Therefore, security managers and employees of the company using the security risk management system 300 cannot see the vulnerability information before the publication date and time, so the confidentiality of the vulnerability information is ensured.

(2) Embodiment 2
The second embodiment corresponds to an embodiment in which a higher concept of the first embodiment is extracted. FIG. 14 shows a block configuration example of the security risk management system 305 according to the second embodiment.

Referring to FIG. 14, a security risk management system 305 according to the second embodiment includes a server 310 and an agent section 320 as in the first embodiment. The agent unit 320 corresponds to the terminal 330 (see FIG. 1) that manages vulnerability, and is installed in the corresponding terminal 330 . FIG. 14 shows an example in which only one agent unit 320 corresponding to one terminal 330 is provided.

The server 310 has a communication section 3101 and a presentation section 3102 . A communication unit 3101 corresponds to a component obtained by combining the vulnerability information data distribution unit 313 and the vulnerability investigation result reception unit 314 of the first embodiment described above. The presentation unit 3102 corresponds to the vulnerability information/survey result display unit 319 of the first embodiment described above.

The agent section 320 has a communication section 3201 and an investigation section 3202 . The communication unit 3201 corresponds to a component obtained by combining the vulnerability information data reception unit 321 and the vulnerability investigation result transmission unit 327 of the first embodiment described above. The investigation unit 3202 corresponds to the vulnerability investigation unit 323 of the first embodiment described above.

The operation of the security risk management system 305 according to the second embodiment will be described below with reference to FIG.
Referring to FIG. 15, in the server 310, the communication unit 3101 transmits vulnerability information to the agent unit 320 before the date and time of disclosure of the vulnerability information (S901). Note that when there are multiple agent units 320 , the server 310 transmits vulnerability information to each of the multiple agent units 320 .

In the agent unit 320, the communication unit 3201 receives the vulnerability information transmitted from the server 310 before the date and time of disclosure of the vulnerability information (S902). The investigation unit 3202 investigates whether or not the corresponding terminal 330 is vulnerable based on the vulnerability investigation method included in the vulnerability information before the vulnerability information disclosure date and time (S903). Further, the investigation unit 3202 transmits the vulnerability investigation result including the investigation result of whether or not the terminal 330 is vulnerable to the server 310 before the vulnerability information disclosure date and time (S904). Note that when there are a plurality of agent units 320, each of the plurality of agent units 320 performs the operations of S902 to S904 described above.

In the server 310, the communication unit 3101 receives the vulnerability investigation result transmitted from the agent unit 320 before the vulnerability information release date and time (S905). The presentation unit 3102 presents (for example, displays on the screen of the server 310) the vulnerability information and the vulnerability investigation results after the date and time of disclosure of the vulnerability information (S906).

As described above, according to the second embodiment, the server 310 transmits the vulnerability information to the agent unit 320 before the disclosure date and time, and completes the investigation of the vulnerability of the terminal 330. , when the publication date and time have passed, the vulnerability survey results will be presented.
Therefore, the security administrator can grasp the investigation result of whether or not the terminal 330 is vulnerable on the date and time when the vulnerability information is disclosed, and can immediately move to the next step of formulating countermeasures against the vulnerability. . Therefore, it is possible to obtain an effect that it is possible to shorten the time until countermeasures against vulnerabilities are taken.

In the above description, the operations of the components in server 310 and agent unit 320 according to the second embodiment have been briefly described, but the components in server 310 and agent unit 320 according to the second embodiment may operate in the same manner as the corresponding components in the first embodiment described above. Moreover, the server 310 and the agent unit 320 according to the second embodiment may further include other components that the server 310 and the agent unit 320 according to the above-described first embodiment have.

Although the present invention has been described with reference to the embodiments, the present invention is not limited to the above. Various changes can be made to the configuration and details of the present invention within the scope of the invention that can be understood by those skilled in the art.

For example, in the above embodiments, the agent unit investigates whether or not the terminal is vulnerable, but the server may investigate whether or not the terminal is vulnerable. In this case, the agent unit collects only information necessary for investigation from the terminal and transmits the collected information to the server. The server investigates whether each terminal is vulnerable based on the information collected from each agent.

Further, in the first embodiment described above, in FIGS. 11 and 13, first, the vulnerability information data whose public flag is already published is read, and based on the read vulnerability information data, the vulnerability investigation result is obtained. Although it is read, it is not limited to this. For example, contrary to the above, the vulnerability information data may be read based on the read vulnerability investigation results that are vulnerable.

Also, in the plurality of flowcharts used in the above description, a plurality of steps (processes) are described in order, but the execution order of the steps executed in the above embodiments is not limited to the described order. . In the above-described embodiment, the order of the illustrated steps can be changed within a range that does not interfere with the content.

Some or all of the above-described embodiments can also be described as the following additional remarks, but are not limited to the following.
(Appendix 1)
a server;
an agent unit provided in the terminal,
The server is
transmitting the vulnerability information to the agent unit before the date and time of disclosure of the vulnerability information;
The agent part
Before the date and time of disclosure of the vulnerability information, the presence or absence of vulnerability of the terminal is investigated based on the information of the vulnerability investigation method included in the vulnerability information, and the vulnerability investigation result including the investigation result is sent to the server. send to
The server is
Presenting the vulnerability information and the vulnerability survey results after the date and time of disclosure of the vulnerability information;
Security risk management system.
(Appendix 2)
The server is
transmitting the vulnerability information to the agent unit in a state in which information on a vulnerability investigation method included in the vulnerability information is encrypted before the date and time of disclosure of the vulnerability information;
The agent part
Decrypting the vulnerability research method information included in the vulnerability information before the vulnerability information disclosure date and time, and researching whether or not the terminal is vulnerable based on the decrypted vulnerability research method information. ,
The security risk management system according to Appendix 1.
(Appendix 3)
The server is
before the date and time of disclosure of the vulnerability information, storing the vulnerability information in a state in which the vulnerability outline, investigation method, and countermeasure method information included in the vulnerability information are encrypted;
transmitting the vulnerability information to the agent unit in a state in which the vulnerability overview, investigation method, and countermeasure method information included in the vulnerability information are encrypted before the date and time of disclosure of the vulnerability information;
The agent part
Before the date and time of disclosure of the vulnerability information, the vulnerability information is stored in a state in which the vulnerability overview, investigation method, and countermeasure method information included in the vulnerability information are encrypted.
The security risk management system according to appendix 1 or 2.
(Appendix 4)
The vulnerability information includes
A public flag is added to which a value indicating that the vulnerability information is undisclosed or published is set,
The server is
reading out the vulnerability information to which the public flag set with a value indicating undisclosed is added, from the stored vulnerability information;
If the disclosure date and time included in the read vulnerability information is earlier than the current date and time, decrypt the vulnerability overview, investigation method, and countermeasure information included in the read vulnerability information, and setting a value indicating that the disclosure flag attached to the vulnerability information read out has been set to the disclosure flag, and then storing the read vulnerability information again;
The security risk management system according to appendix 3.
(Appendix 5)
The vulnerability information includes
A vulnerability information ID that identifies the vulnerability information is further added,
In the vulnerability survey results,
A vulnerability information ID that identifies the vulnerability information of the investigated vulnerability, a terminal ID that identifies the terminal, and a survey result indicating whether or not the terminal is vulnerable,
The server is
storing the vulnerability survey results;
reading out the vulnerability information to which the public flag set with a value indicating that it has been published is added, from the stored vulnerability information;
said vulnerability investigation results including, among said stored vulnerability investigation results, investigation results including said vulnerability information ID matching said read vulnerability information and indicating that said terminal has a vulnerability; read out
Presenting an outline and a countermeasure method included in the read vulnerability information, and presenting the terminal ID included in the read vulnerability investigation result;
The security risk management system according to appendix 4.
(Appendix 6)
The vulnerability information includes
A public flag is added to which a value indicating that the vulnerability information is undisclosed or published is set,
The agent part
reading out the vulnerability information to which the public flag set with a value indicating undisclosed is added, from the stored vulnerability information;
If the disclosure date and time included in the read vulnerability information is earlier than the current date and time, decrypt the vulnerability overview, investigation method, and countermeasure information included in the read vulnerability information, and setting a value indicating that the disclosure flag attached to the vulnerability information read out has been set to the disclosure flag, and then storing the read vulnerability information again;
The security risk management system according to appendix 3.
(Appendix 7)
The vulnerability information includes
A vulnerability information ID that identifies the vulnerability information is further added,
In the vulnerability survey results,
A vulnerability information ID that identifies the vulnerability information of the investigated vulnerability, a terminal ID that identifies the terminal, and a survey result indicating whether or not the terminal is vulnerable,
The agent part
storing the vulnerability survey results;
reading out the vulnerability information to which the public flag set with a value indicating that it has been published is added, from the stored vulnerability information;
The vulnerability investigation including, in the stored vulnerability investigation results, the vulnerability information ID that matches the read vulnerability information and investigation results indicating that the terminal has a vulnerability. If there is a result, presenting an overview and countermeasures included in the read vulnerability information,
The security risk management system according to appendix 6.
(Appendix 8)
Before the vulnerability information disclosure date and time, the vulnerability information is transmitted to an agent unit provided in the terminal, and from the agent unit, the agent based on the vulnerability investigation method information included in the vulnerability information a communication unit that receives vulnerability investigation results including investigation results of the presence or absence of vulnerabilities of the terminal investigated by the unit;
a presentation unit that presents the vulnerability information and the vulnerability survey results after the vulnerability information disclosure date and time;
A server with
(Appendix 9)
The communication unit
before the date and time of disclosure of the vulnerability information, transmitting the vulnerability information to the agent unit in a state in which information on a vulnerability investigation method included in the vulnerability information is encrypted;
The server of Appendix 8.
(Appendix 10)
A vulnerability information storage unit that stores the vulnerability information in a state in which the vulnerability overview, investigation method, and countermeasure method information included in the vulnerability information are encrypted before the disclosure date and time of the vulnerability information. further comprising
The communication unit
transmitting the vulnerability information to the agent unit before the date and time of disclosure of the vulnerability information, in a state in which the vulnerability overview, investigation method, and countermeasure method information included in the vulnerability information are encrypted;
A server according to Appendix 8 or 9.
(Appendix 11)
The vulnerability information further includes a publication date and time confirmation unit.
A public flag is added to which a value indicating that the vulnerability information is undisclosed or published is set,
The publication date and time confirmation unit
reading out the vulnerability information to which the public flag set with a value representing undisclosed is added, from among the vulnerability information stored in the vulnerability information storage unit;
If the disclosure date and time included in the read vulnerability information is earlier than the current date and time, decrypt the vulnerability overview, investigation method, and countermeasure information included in the read vulnerability information, and After setting a value indicating that the disclosure flag attached to the vulnerability information read to the disclosure flag has been disclosed, the read vulnerability information is stored again in the vulnerability information storage unit;
The server according to Appendix 10.
(Appendix 12)
further comprising a vulnerability investigation results storage unit that stores the vulnerability investigation results;
The vulnerability information includes
A vulnerability information ID that identifies the vulnerability information is further added,
In the vulnerability survey results,
A vulnerability information ID that identifies the vulnerability information of the investigated vulnerability, a terminal ID that identifies the terminal, and a survey result indicating whether or not the terminal is vulnerable,
The presentation unit
reading out the vulnerability information to which the public flag set with a value indicating that it has been published is added, from among the vulnerability information stored in the vulnerability information storage unit;
A survey that includes the vulnerability information ID that matches the read vulnerability information and indicates that the terminal has a vulnerability, among the vulnerability survey results stored in the vulnerability survey result storage unit. reading said vulnerability survey results containing results;
Presenting an outline and a countermeasure method included in the read vulnerability information, and presenting the terminal ID included in the read vulnerability investigation result;
The server according to Supplementary Note 11.
(Appendix 13)
A server control method comprising:
a transmission step of transmitting the vulnerability information to an agent unit provided in a terminal before the date and time of disclosure of the vulnerability information;
a step of receiving, from the agent unit, vulnerability investigation results including investigation results as to whether or not the terminal is vulnerable, which is investigated by the agent unit based on vulnerability investigation method information included in the vulnerability information; ,
a presentation step of presenting the vulnerability information and the vulnerability investigation results after the date and time of disclosure of the vulnerability information;
Control method including.
(Appendix 14)
In the sending step,
before the date and time of disclosure of the vulnerability information, transmitting the vulnerability information to the agent unit in a state in which information on a vulnerability investigation method included in the vulnerability information is encrypted;
The control method according to appendix 13.
(Appendix 15)
Before the disclosure date and time of the vulnerability information, the vulnerability information is stored in the vulnerability information storage unit in a state in which the vulnerability outline, investigation method, and countermeasure method information included in the vulnerability information are encrypted. and
In the sending step,
transmitting the vulnerability information to the agent unit before the date and time of disclosure of the vulnerability information, in a state in which the vulnerability overview, investigation method, and countermeasure method information included in the vulnerability information are encrypted;
15. The control method according to appendix 13 or 14.
(Appendix 16)
The vulnerability information includes
A public flag is added to which a value indicating that the vulnerability information is undisclosed or published is set,
The control method is
a step of reading out the vulnerability information to which the public flag set with a value representing undisclosed is added, among the vulnerability information stored in the vulnerability information storage unit;
If the disclosure date and time included in the read vulnerability information is earlier than the current date and time, decrypt the vulnerability overview, investigation method, and countermeasure information included in the read vulnerability information, and setting the public flag added to the vulnerability information read to a value indicating that it has been published, and then storing the read vulnerability information again in the vulnerability information storage unit;
The control method according to appendix 15.
(Appendix 17)
The vulnerability information includes
A vulnerability information ID that identifies the vulnerability information is further added,
In the vulnerability survey results,
A vulnerability information ID that identifies the vulnerability information of the investigated vulnerability, a terminal ID that identifies the terminal, and a survey result indicating whether or not the terminal is vulnerable,
The control method is
a step of storing the vulnerability investigation result in a vulnerability investigation result storage unit;
a step of reading out the vulnerability information to which the public flag set with a value indicating that it has been published is added, from among the vulnerability information stored in the vulnerability information storage unit;
A survey that includes the vulnerability information ID that matches the read vulnerability information and indicates that the terminal has a vulnerability, among the vulnerability survey results stored in the vulnerability survey result storage unit. retrieving the vulnerability survey results including results;
In the presenting step,
Presenting an outline and a countermeasure method included in the read vulnerability information, and presenting the terminal ID included in the read vulnerability investigation result;
The control method according to appendix 16.
(Appendix 18)
to the computer,
a transmission procedure for transmitting the vulnerability information to an agent unit provided in a terminal before the date and time of disclosure of the vulnerability information;
Before the date and time of disclosure of the vulnerability information, from the agent unit, based on the information of the vulnerability investigation method included in the vulnerability information, the investigation result of the presence or absence of the vulnerability of the terminal investigated by the agent unit is sent. a procedure for receiving vulnerability findings including;
a presentation procedure for presenting the vulnerability information and the vulnerability investigation results after the date and time of disclosure of the vulnerability information;
program to run the
(Appendix 19)
In the transmission procedure,
before the date and time of disclosure of the vulnerability information, transmitting the vulnerability information to the agent unit in a state in which information on a vulnerability investigation method included in the vulnerability information is encrypted;
18. The program according to Appendix 18.
(Appendix 20)
to the computer;
further executing a procedure for storing the vulnerability information in a vulnerability information storage unit in a state where the vulnerability overview, investigation method, and countermeasure method information included in the vulnerability information are encrypted;
In the transmission procedure,
transmitting the vulnerability information to the agent unit before the date and time of disclosure of the vulnerability information, in a state in which the vulnerability overview, investigation method, and countermeasure method information included in the vulnerability information are encrypted;
19. A program according to Appendix 18 or 19.
(Appendix 21)
The vulnerability information includes
A public flag is added to which a value indicating that the vulnerability information is undisclosed or published is set,
to the computer;
a step of reading out the vulnerability information to which the public flag set with a value indicating undisclosed is added, among the vulnerability information stored in the vulnerability information storage unit;
If the disclosure date and time included in the read vulnerability information is earlier than the current date and time, decrypt the vulnerability overview, investigation method, and countermeasure information included in the read vulnerability information, and setting the public flag added to the vulnerability information read to a value indicating that it has been published, and then re-storing the read vulnerability information in the vulnerability information storage unit;
20. The program according to Appendix 20.
(Appendix 22)
The vulnerability information includes
A vulnerability information ID that identifies the vulnerability information is further added,
In the vulnerability survey results,
A vulnerability information ID that identifies the vulnerability information of the investigated vulnerability, a terminal ID that identifies the terminal, and a survey result indicating whether or not the terminal is vulnerable,
to the computer;
a procedure for storing the vulnerability investigation result in a vulnerability investigation result storage unit;
a step of reading out the vulnerability information to which the public flag set with a value representing "published" is added, among the vulnerability information stored in the vulnerability information storage unit;
A survey that includes the vulnerability information ID that matches the read vulnerability information and indicates that the terminal has a vulnerability, among the vulnerability survey results stored in the vulnerability survey result storage unit. further executing a step of retrieving the vulnerability survey results including the results;
In the presentation procedure,
Presenting an outline and a countermeasure method included in the read vulnerability information, and presenting the terminal ID included in the read vulnerability investigation result;
21. The program according to Appendix 21.
(Appendix 23)
to the computer,
a reception procedure for receiving the vulnerability information from the server before the date and time of disclosure of the vulnerability information;
an investigation procedure for investigating whether or not a terminal is vulnerable based on vulnerability investigation method information included in the vulnerability information before the vulnerability information is disclosed;
a procedure of transmitting vulnerability investigation results including investigation results of the investigation procedure to the server before the date and time of disclosure of the vulnerability information;
program to run the
(Appendix 24)
In the receiving procedure,
receiving the vulnerability information from the server in a state in which the vulnerability investigation method information included in the vulnerability information is encrypted before the date and time of disclosure of the vulnerability information;
In the investigation procedure,
Decrypting the vulnerability research method information included in the vulnerability information before the vulnerability information disclosure date and time, and researching whether or not the terminal is vulnerable based on the decrypted vulnerability research method information. ,
23. The program according to Appendix 23.
(Appendix 25)
In the receiving procedure,
receiving the vulnerability information from the server before the date and time of disclosure of the vulnerability information in a state in which the vulnerability overview, investigation method, and countermeasure method information included in the vulnerability information are encrypted;
to the computer;
Before the disclosure date and time of the vulnerability information, the vulnerability information is stored in the vulnerability information storage unit in a state in which the vulnerability outline, investigation method, and countermeasure method information included in the vulnerability information are encrypted. to perform further steps to
25. The program according to Appendix 23 or 24.
(Appendix 26)
The vulnerability information includes
A public flag is added to which a value indicating that the vulnerability information is undisclosed or published is set,
to the computer;
a step of reading out the vulnerability information to which the public flag set with a value indicating undisclosed is added, among the vulnerability information stored in the vulnerability information storage unit;
If the disclosure date and time included in the read vulnerability information is earlier than the current date and time, decrypt the vulnerability overview, investigation method, and countermeasure information included in the read vulnerability information, and setting the public flag added to the vulnerability information read to a value indicating that it has been published, and then re-storing the read vulnerability information in the vulnerability information storage unit;
25. The program according to Appendix 25.
(Appendix 27)
The vulnerability information includes
A vulnerability information ID that identifies the vulnerability information is further added,
In the vulnerability survey results,
A vulnerability information ID that identifies the vulnerability information of the investigated vulnerability, a terminal ID that identifies the terminal, and a survey result indicating whether or not the terminal is vulnerable,
to the computer;
a procedure for storing the vulnerability investigation result in a vulnerability investigation result storage unit;
a step of reading out the vulnerability information to which the public flag set with a value representing "published" is added, among the vulnerability information stored in the vulnerability information storage unit;
The vulnerability information ID that matches the read vulnerability information is included in the vulnerability investigation results stored in the vulnerability investigation result storage unit and indicates that the terminal has a vulnerability. If there is the vulnerability investigation result including the investigation result, a procedure for presenting an overview and countermeasures included in the read vulnerability information is further executed.
27. The program according to Appendix 26.

100 Vulnerability information provider 110 Vulnerability information transmission system 200 Security risk management system provider 210 Vulnerability information distribution system 211 Vulnerability information reception unit 212 Vulnerability information data creation unit 213 Vulnerability information data encryption unit 214 Common key storage Unit 215 Vulnerability information data storage unit 216 Vulnerability information data transmission unit 300 Security risk management system user company 305 Security risk management system 310 Server 311 Vulnerability information data reception unit 312 Vulnerability information data storage unit 313 Vulnerability information data distribution unit 314 Vulnerability research result reception unit 315 Vulnerability research result storage unit 316 Vulnerability disclosure date and time confirmation unit 317 Vulnerability information data decoding unit 318 Common key storage unit 319 Vulnerability information/survey result display unit 3101 Communication unit 3102 Presentation unit 320 Agent Unit 321 Vulnerability information data reception unit 322 Vulnerability information data storage unit 323 Vulnerability investigation unit 324 Vulnerability information data decryption unit 325 Common key storage unit 326 Vulnerability investigation result storage unit 327 Vulnerability investigation result transmission unit 328 Vulnerability disclosure Date and time confirmation unit 329 Vulnerability information display unit 3201 Communication unit 3202 Investigation unit 330 Terminal 400 Computer 401 Processor 402 Memory 403 Storage 404 Input/output interface 4041 Display device 4042 Input device 405 Communication interface

Claims (10)

A terminal control method comprising:
a first step in which the terminal receives vulnerability information including release date/time information, investigation method information, and information on vulnerabilities existing in software;
a second step in which the terminal investigates whether or not the terminal has the vulnerability based on the investigation method information;
including
the first step is executed before the publication date and time indicated by the publication date and time information;
control method. A terminal control method comprising:
a first step in which the terminal receives vulnerability information including release date/time information, investigation method information, and information on vulnerabilities existing in software;
a second step in which the terminal investigates whether or not the terminal has the vulnerability based on the investigation method information;
including
the second step is executed before the publication date and time indicated by the publication date and time information;
control method. In the first step, receiving the vulnerability information from the server;
The control method is
further comprising a third step in which the terminal sends the result of the second step to the server;
The control method according to claim 1 or 2. When the execution time of the first step is before the publication date and time indicated by the publication date and time information, the investigation method information is encrypted,
In the second step, after decoding the investigation method information, the presence or absence of the vulnerability is investigated for the own terminal,
The control method according to any one of claims 1 to 3. a first means for receiving vulnerability information including disclosure date/time information, investigation method information, and information on vulnerabilities existing in software;
a second means for investigating whether or not the terminal has the vulnerability based on the investigation method information;
with
The first means performs the reception before the publication date and time indicated by the publication date and time information.
terminal. a first means for receiving vulnerability information including disclosure date/time information, investigation method information, and information on vulnerabilities existing in software;
a second means for investigating whether or not the terminal has the vulnerability based on the investigation method information;
with
The second means conducts the investigation before the publication date and time indicated by the publication date and time information.
terminal. The first means receives the vulnerability information from a server,
The terminal is
further comprising a third means for transmitting to the server results of the investigation by the second means;
A terminal according to claim 5 or 6. If the time when the first means performs the reception is before the publication date and time indicated by the publication date and time information, the investigation method information is encrypted,
the second means, after decrypting the investigation method information, investigates the presence or absence of the vulnerability in the own terminal;
A terminal according to any one of claims 5 to 7. to the terminal,
a first step of receiving vulnerability information including disclosure date/time information, research method information, and information about vulnerabilities present in software;
a second step of investigating whether or not the terminal has the vulnerability based on the investigation method information;
A program for executing
the first procedure is executed before the publication date and time indicated by the publication date and time information;
program. to the terminal,
a first step of receiving vulnerability information including disclosure date/time information, research method information, and information about vulnerabilities present in software;
a second step of investigating whether or not the terminal has the vulnerability based on the investigation method information;
A program for executing
the second procedure is executed before the publication date and time indicated by the publication date and time information;
program.

Images