US20210165886A1 - Security risk management system, server, control method, and non-transitory computer-readable medium - Google Patents

Security risk management system, server, control method, and non-transitory computer-readable medium Download PDF

Info

Publication number
US20210165886A1
US20210165886A1 US16/953,940 US202016953940A US2021165886A1 US 20210165886 A1 US20210165886 A1 US 20210165886A1 US 202016953940 A US202016953940 A US 202016953940A US 2021165886 A1 US2021165886 A1 US 2021165886A1
Authority
US
United States
Prior art keywords
vulnerability information
vulnerability
investigation
unit
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/953,940
Inventor
Toshimitsu USUBA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to US16/953,940 priority Critical patent/US20210165886A1/en
Publication of US20210165886A1 publication Critical patent/US20210165886A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Definitions

  • the present disclosure relates to a security risk management system, a server, a control method, and a non-transitory computer-readable medium.
  • Terminals used by companies are subject to security risks including vulnerabilities in hardware or software. This raises a need for companies to manage the vulnerabilities of terminals in the companies.
  • a security risk management system that supports the management of vulnerabilities has been proposed (e.g., Patent Literature 1).
  • Patent Literature 1 Japanese Unexamined Patent Application Publication No. 2009-015570
  • a company using a security risk management system generally manages vulnerabilities as follows.
  • Patent Literature 1 stores, in a database, countermeasures taken against vulnerabilities of a terminal in association with a keyword indicating the type of vulnerabilities.
  • the technique disclosed in Patent Literature 1 is a technique that stores, in a database, countermeasures against vulnerabilities which have been actually taken in a terminal, and it is not a technique that reduces the time needed to take countermeasures against vulnerabilities.
  • An object of the present disclosure is to solve the above-described problem, and to provide a technique capable of reducing the time needed to take countermeasures against vulnerabilities.
  • a security risk management system includes a server, and an agent unit included in a terminal, wherein the server transmits vulnerability information to the agent unit before a release date and time of the vulnerability information, the agent unit investigates presence or absence of vulnerabilities in the terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information, and transmits vulnerability investigation results containing the investigation results to the server before the release date and time of the vulnerability information, and the server presents the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • a server includes a communication unit configured to transmit, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information, and receives, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before the release date and time of the vulnerability information, and a presentation unit configured to present the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • a control method is a control method of a server, including a transmission step of transmitting, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information, a step of receiving, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before the release date and time of the vulnerability information, and a presentation step of presenting the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • a non-transitory computer readable medium is a non-transitory computer readable medium storing a program causing a computer to execute a transmission step of transmitting, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information, a step of receiving, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before a release date and time of the vulnerability information, and a presentation step of presenting the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • a non-transitory computer readable medium is a non-transitory computer readable medium storing a program causing a computer to execute a receiving step of receiving, from a server, vulnerability information before a release date and time of the vulnerability information, an investigation step of investing presence or absence of vulnerabilities in a terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information before a release date and time of the vulnerability information, and a step of transmitting, to the server, vulnerability investigation results containing investigation results in the investigation step before the release date and time of the vulnerability information.
  • FIG. 1 is a view showing a configuration example of a security system according to a first embodiment.
  • FIG. 2 is a block diagram showing a block configuration example of a vulnerability information distribution system and a security risk management system according to the first embodiment.
  • FIG. 3 is a view showing a configuration example of the hardware configuration of a computer that implements the vulnerability information distribution system, a server and a terminal according to the first embodiment.
  • FIG. 4 is a flowchart showing an operation example that receives vulnerability information from a vulnerability information transmission system, creates vulnerability information data, and transmits the vulnerability information data to a server in the vulnerability information distribution system according to the first embodiment.
  • FIG. 5 is a view showing an example of vulnerability information data according to the first embodiment.
  • FIG. 6 is a flowchart showing an operation example that receives vulnerability information data from a vulnerability information distribution system and transmits the vulnerability information data to an agent unit in the server according to the first embodiment.
  • FIG. 7 is a flowchart showing an operation example that receives vulnerability information data from a server, investigates the presence or absence of vulnerabilities of a corresponding terminal, and transmits vulnerability investigation results to a server in the agent unit according to the first embodiment.
  • FIG. 8 is a view showing an example of vulnerability investigation results according to the first embodiment.
  • FIG. 9 is a flowchart showing an operation example that receives vulnerability investigation results from an agent unit and stores the vulnerability investigation results into a vulnerability investigation result storage unit in the server according to the first embodiment.
  • FIG. 10 is a flowchart showing an operation example that regularly checks vulnerability information data in a vulnerability information data storage unit, decrypts the vulnerability information data whose release date and time is before the current date and time, and stores the decrypted vulnerability information data again into the vulnerability information data storage unit in the server according to the first embodiment.
  • FIG. 11 is a flowchart showing an operation example that displays vulnerability information and vulnerability investigation results in the server according to the first embodiment.
  • FIG. 12 is a flowchart showing an operation example that regularly checks vulnerability information data in a vulnerability information data storage unit, decrypts the vulnerability information data whose release date and time is before the current date and time, and stores the decrypted vulnerability information data again into the vulnerability information data storage unit in the agent unit according to the first embodiment.
  • FIG. 13 is a flowchart showing an operation example that displays vulnerability information in the agent unit according to the first embodiment.
  • FIG. 14 is a block diagram showing a block configuration example of a security risk management system according to a second embodiment.
  • FIG. 15 is a sequence chart showing an operation example of the security risk management system according to the second embodiment.
  • FIG. 1 shows a configuration example of a security system according to a first embodiment.
  • FIG. 2 shows a block configuration example of a vulnerability information distribution system 210 and a security risk management system 305 according to the first embodiment.
  • the security system includes a vulnerability information transmission system 110 placed in a vulnerability information providing institution 100 , a vulnerability information distribution system 210 placed in a security risk management system providing company 200 , and a security risk management system 305 placed in a security risk management system using company 300 .
  • the vulnerability information providing institution 100 is an institution that provides vulnerability information including an overview of vulnerabilities, a method for investigation, a method for countermeasures and the like, and it is CERT (Computer Emergency Response Team), JPCERT (Japan Computer Emergency Response Team), IPA (Information-technology Promotion Agency) or the like, for example.
  • the security risk management system providing company 200 is a company that provides the security risk management system 305 .
  • the security risk management system using company 300 is a company that uses the security risk management system 305 provided by the security risk management system providing company 200 .
  • the security risk management system using company 300 manages vulnerabilities in terminals 330 of its own company by using the security risk management system 305 .
  • the vulnerability information providing institution 100 provides a software vendor that has created this software with vulnerability information regarding the vulnerability before its release date and time for the purpose of investigation in some cases.
  • the vulnerability information provided from the vulnerability information providing institution 100 to the software vendor can be used by the security risk management system providing company 200 .
  • use of the vulnerability information is limited to one's own use in the security risk management system providing company 200 . In this manner, the security risk management system providing company 200 is allowed to use, only in its own company, the vulnerability information provided from the vulnerability information providing institution 100 before the release date and time.
  • the first embodiment focuses attention on the fact that the security risk management system using company 300 can use vulnerability information before the release date and time provided by the vulnerability information providing institution 100 , and completes the investigation regarding the presence or absence of vulnerabilities in the terminals 330 by using the vulnerability information before the release date and time.
  • the vulnerability information transmission system 110 transmits vulnerability information to the vulnerability information distribution system 210 .
  • the vulnerability information transmission system 110 only needs to have the function of transmitting vulnerability information to the vulnerability information distribution system 210 , and this function can be implemented by a known technique, and therefore the description of its detailed block configuration is omitted.
  • the vulnerability information distribution system 210 includes a vulnerability information receiving unit 211 , a vulnerability information data creation unit 212 , a vulnerability information data encryption unit 213 , a common key storage unit 214 , a vulnerability information data storage unit 215 , and a vulnerability information data transmitting unit 216 .
  • the vulnerability information receiving unit 211 receives vulnerability information from the vulnerability information transmission system 110 .
  • the vulnerability information data creation unit 212 creates vulnerability information data in accordance with an operation performed by a vulnerability information data creator based on the vulnerability information received by the vulnerability information receiving unit 211 .
  • the vulnerability information data encryption unit 213 encrypts the vulnerability information data created by the vulnerability information data creation unit 212 by using a common key.
  • the common key storage unit 214 stores the common key to be used when the vulnerability information data encryption unit 213 encrypts the vulnerability information data.
  • the vulnerability information data storage unit 215 stores the vulnerability information data created by the vulnerability information data creation unit 212 .
  • the vulnerability information data transmitting unit 216 reads the vulnerability information data from the vulnerability information data storage unit 215 , and transmits the read vulnerability information data to a server 310 .
  • the security risk management system 305 includes a server 310 and an agent unit 320 .
  • the agent unit 320 is software which is also called agent software or agent.
  • the agent unit 320 corresponds to the terminal 330 whose vulnerabilities are managed by the security risk management system using company 300 , and it is installed into the corresponding terminal 330 .
  • FIG. 1 it is assumed that there are a plurality of terminals 330 , and a plurality of agent units 320 respectively corresponding to the plurality of terminals 330 are placed; however, when there is one terminal 330 , one agent unit 320 is placed.
  • the server 310 receives vulnerability information data from the vulnerability information distribution system 210 , transmits the received vulnerability information data to the agent unit 320 , and gives an instruction to conduct vulnerability investigation before the release date and time of vulnerability information. Further, the server 310 receives vulnerability investigation results from the agent unit 320 , and displays the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information. On the other hand, the agent unit 320 receives vulnerability information data from the server 310 , investigates the presence or absence of vulnerabilities in the corresponding terminal 330 , and transmits vulnerability investigation results to the server 310 before the release date and time of vulnerability information. Further, the agent unit 320 displays the vulnerability information on or after the release date and time of the vulnerability information.
  • the server 310 includes a vulnerability information data receiving unit 311 , a vulnerability information data storage unit 312 , a vulnerability information data distribution unit 313 , a vulnerability investigation result receiving unit 314 , a vulnerability investigation result storage unit 315 , a vulnerability release date and time checking unit 316 , a vulnerability information data decryption unit 317 , a common key storage unit 318 , and a vulnerability information and investigation result display unit 319 .
  • the vulnerability information data distribution unit 313 and the vulnerability investigation result receiving unit 314 are an example of elements of a communication unit.
  • the vulnerability information and investigation result display unit 319 is an example of a presentation unit.
  • the vulnerability information data storage unit 312 is an example of a vulnerability information storage unit.
  • the vulnerability release date and time checking unit 316 is an example of a release date and time checking unit.
  • the vulnerability investigation result storage unit 315 is an example of a vulnerability investigation result storage unit.
  • the vulnerability information data receiving unit 311 receives vulnerability information data from the vulnerability information distribution system 210 .
  • the vulnerability information data storage unit 312 stores the vulnerability information data received by the vulnerability information data receiving unit 311 .
  • the vulnerability information data distribution unit 313 reads the vulnerability information data from the vulnerability information data storage unit 312 , and transmits the read vulnerability information data to the agent unit 320 .
  • the vulnerability investigation result receiving unit 314 receives vulnerability investigation results from the agent unit 320 .
  • the vulnerability investigation result storage unit 315 stores the vulnerability investigation results received by the vulnerability investigation result receiving unit 314 .
  • the vulnerability release date and time checking unit 316 reads the vulnerability information data from the vulnerability information data storage unit 312 on a regular basis, checks the release date and time, makes the vulnerability information data decryption unit 317 decrypt the vulnerability information data whose release date and time has passed, and writes the decrypted vulnerability information data back into the vulnerability information data storage unit 312 .
  • the vulnerability information data decryption unit 317 receives the vulnerability information data from the vulnerability release date and time checking unit 316 , and decrypts the vulnerability information data by using a common key.
  • the common key storage unit 318 stores the common key to be used when the vulnerability information data decryption unit 317 decrypts the vulnerability information data.
  • the vulnerability information and investigation result display unit 319 reads the vulnerability information data whose release date and time has passed from the vulnerability information data storage unit 312 , reads the corresponding vulnerability investigation results from the vulnerability investigation result storage unit 315 based on the read vulnerability information data, and presents the vulnerability information and the vulnerability investigation results based on the read vulnerability investigation results. It is assumed hereinafter that the presentation is to display the information and the results on a screen of the server 310 .
  • the agent unit 320 includes a vulnerability information data receiving unit 321 , a vulnerability information data storage unit 322 , a vulnerability investigation unit 323 , a vulnerability information data decryption unit 324 , a common key storage unit 325 , a vulnerability investigation result storage unit 326 , a vulnerability investigation result transmitting unit 327 , a vulnerability release date and time checking unit 328 , and a vulnerability information display unit 329 .
  • the vulnerability information data receiving unit 321 and the vulnerability investigation result transmitting unit 327 are an example of components of a communication unit.
  • the vulnerability information display unit 329 is an example of a presentation unit.
  • the vulnerability information data storage unit 322 is an example of a vulnerability information storage unit.
  • the vulnerability release date and time checking unit 328 is an example of a release date and time checking unit.
  • the vulnerability investigation result storage unit 326 is an example of a vulnerability investigation result storage unit.
  • the vulnerability information data receiving unit 321 receives vulnerability information data from the server 310 .
  • the vulnerability information data storage unit 322 stores the vulnerability information data received by the vulnerability information data receiving unit 321 .
  • the vulnerability investigation unit 323 reads the vulnerability information data from the vulnerability information data storage unit 322 , makes the vulnerability information data decryption unit 324 decrypt the read vulnerability information data, investigates the presence or absence of vulnerabilities in the corresponding terminal 330 based on a method for investigation contained in the decrypted vulnerability information data, and stores vulnerability investigation results containing results of the investigation into the vulnerability investigation result storage unit 326 .
  • the vulnerability information data decryption unit 324 receives the vulnerability information data from the vulnerability investigation unit 323 and the vulnerability release date and time checking unit 328 , and decrypts the vulnerability information data by using a common key.
  • the common key storage unit 325 stores the common key to be used when the vulnerability information data decryption unit 324 decrypts the vulnerability information data.
  • the vulnerability investigation result storage unit 326 stores the vulnerability investigation results containing the investigation results investigated by the vulnerability investigation unit 323 .
  • the vulnerability investigation result transmitting unit 327 reads the vulnerability investigation results from the vulnerability investigation result storage unit 326 , and transmits the read vulnerability investigation results to the server 310 .
  • the vulnerability release date and time checking unit 328 reads the vulnerability information data from the vulnerability information data storage unit 322 on a regular basis, checks the release date and time, makes the vulnerability information data decryption unit 324 decrypt the vulnerability information data whose release date and time has passed, and writes the decrypted vulnerability information data back into the vulnerability information data storage unit 322 .
  • the vulnerability information display unit 329 reads the vulnerability information data whose release date and time has passed from the vulnerability information data storage unit 322 , reads the corresponding vulnerability investigation results from the vulnerability investigation result storage unit 326 based on the read vulnerability information data, and presents the vulnerability information based on the read vulnerability investigation results. It is assumed hereinafter that the presentation is to display the information on a screen of the corresponding terminal 330 .
  • the common key storage unit 214 in the vulnerability information distribution system 210 the common key storage unit 318 in the server 310 , and the common key storage unit 325 in the agent unit 320 share a common key, and store the shared common key.
  • FIG. 3 shows a configuration example of the hardware configuration of a computer 400 for implementing the vulnerability information distribution system 210 according to the first embodiment.
  • the vulnerability information distribution system 210 according to the first embodiment can be implemented by the computer 400 .
  • the computer 400 includes a processor 401 , a memory 402 , a storage 403 , an input/output interface (input/output I/F) 404 , a communication interface (communication I/F) 405 and the like.
  • the processor 401 , the memory 402 , the storage 403 , the input/output interface 404 and the communication interface 405 are connected through a data transmission line for transmitting and receiving data to and from one another.
  • the processor 401 is a processing unit such as CPU (Central Processing Unit) or GPU (Graphics Processing Unit).
  • the memory 402 is a memory such as RAM (Random Access Memory) or ROM (Read Only Memory).
  • the storage 403 is a storage device such as HDD (Hard Disk Drive), SSD (Solid State Drive) or memory card. Alternatively, the storage 403 may be a memory such as RAM or ROM.
  • the storage 403 stores a program for implementing the function of each processing unit (the vulnerability information receiving unit 211 , the vulnerability information data creation unit 212 , the vulnerability information data encryption unit 213 , the vulnerability information data transmitting unit 216 etc.) included in the vulnerability information distribution system 210 .
  • the processor 401 executes each program and thereby implements the function of each processing unit.
  • the processor 401 may execute each program after reading the program onto the memory 402 , or may execute each program without reading it onto the memory 402 . Further, the memory 402 and the storage 403 serve also as the common key storage unit 214 and the vulnerability information data storage unit 215 .
  • the above-described program can be stored and provided to the computer (which includes computer 400 ) using any type of non-transitory computer readable medium.
  • the non-transitory computer readable medium includes any type of tangible storage medium. Examples of the non-transitory computer readable medium include magnetic storage media (such as floppy disks, magnetic tapes, hard disk drives, etc.), optical magnetic storage media (e.g. magneto-optical disks), CD-ROM (Compact Disc-Read Only Memory), CD-R (CD-Recordable), CD-R/W (CD-ReWritable), and semiconductor memories (such as mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM (Random Access Memory), etc.).
  • magnetic storage media such as floppy disks, magnetic tapes, hard disk drives, etc.
  • optical magnetic storage media e.g. magneto-optical disks
  • CD-ROM Compact Disc-Read Only Memory
  • CD-R CD-Recordable
  • the program may be provided to a computer using any type of transitory computer readable medium.
  • Examples of the transitory computer readable medium include electric signals, optical signals, and electromagnetic waves.
  • the transitory computer readable medium can provide the program to a computer via a wired communication line such as an electric wire or optical fiber or a wireless communication line.
  • the input/output interface 404 is connected with a display device 4041 , an input device 4042 and the like.
  • the display device 4041 is a device that displays a screen corresponding to drawing data processed by the processor 401 , such as LCD (Liquid Crystal Display) or CRT (Cathode Ray Tube) display.
  • the input device 4042 is a device that receives an operation input by an operator, such as a keyboard, a mouse or a touch sensor, for example.
  • the display device 4041 and the input device 4042 may be integrated and implemented as a touch panel.
  • the communication interface 405 transmits and receives data to and from an external device.
  • the communication interface 405 communicates with an external device through a wired or wireless network.
  • server 310 and the terminal 330 can be implemented by the computer 400 shown in FIG. 3 .
  • the storage 403 stores a program for implementing the function of each processing unit (the vulnerability information data receiving unit 311 , the vulnerability information data distribution unit 313 , the vulnerability investigation result receiving unit 314 , the vulnerability release date and time checking unit 316 , the vulnerability information data decryption unit 317 , the vulnerability information and investigation result display unit 319 etc.) included in the server 310 .
  • the memory 402 and the storage 403 serve also as the vulnerability information data storage unit 312 , the vulnerability investigation result storage unit 315 and the common key storage unit 318 .
  • the storage 403 stores a program for implementing the function of each processing unit (the vulnerability information data receiving unit 321 , the vulnerability investigation unit 323 , the vulnerability information data decryption unit 324 , the vulnerability investigation result transmitting unit 327 , the vulnerability release date and time checking unit 328 , the vulnerability information display unit 329 etc.) included in the agent unit 320 . Further, the memory 402 and the storage 403 serve also as the vulnerability information data storage unit 322 , the common key storage unit 325 and the vulnerability investigation result storage unit 326 .
  • the vulnerability information receiving unit 211 receives vulnerability information transmitted from the vulnerability information transmission system 110 (S 101 ).
  • the vulnerability information contains information about an overview of vulnerabilities, information about a method for investigation, information about a method for countermeasures, and information about a release date and time.
  • the vulnerability information receiving unit 211 transmits the received vulnerability information to the vulnerability information data creation unit 212 .
  • the vulnerability information data creation unit 212 creates vulnerability information data in accordance with an operation performed by a vulnerability information data creator based on the vulnerability information (S 102 ).
  • the vulnerability information data has a format that contains a vulnerability information ID (Identifier), information about a release date and time, a release flag, information about an overview, information about a method for investigation, and information about a method for countermeasures.
  • the vulnerability information data corresponds to data created by adding a vulnerability information ID and a release flag to the vulnerability information (an overview of vulnerabilities, a method for investigation, a method for countermeasures, and a release date and time).
  • An ID for uniquely identifying the vulnerability information which is assigned by the vulnerability information data creation unit 212 , is set to the vulnerability information ID.
  • Information about the release date and time contained in the vulnerability information is set to the release date and time.
  • the vulnerability information data creation unit 212 transmits the vulnerability information data to the vulnerability information data encryption unit 213 .
  • the vulnerability information data encryption unit 213 reads a common key from the common key storage unit 214 , encrypts information about an overview, a method for investigation and a method for countermeasures in the vulnerability information data by using the read common key (S 104 ), and sends the encrypted vulnerability information data back to the vulnerability information data creation unit 212 .
  • the vulnerability information data creation unit 212 stores the vulnerability information data encrypted by the vulnerability information data encryption unit 213 into the vulnerability information data storage unit 215 (S 105 ).
  • the vulnerability information data creation unit 212 stores the vulnerability information data into the vulnerability information data storage unit 215 without encrypting it (S 105 ).
  • the vulnerability information data transmitting unit 216 reads the vulnerability information data from the vulnerability information data storage unit 215 (S 106 ), and transmits the read vulnerability information data to the server 310 (S 107 ).
  • the vulnerability information data receiving unit 311 receives vulnerability information data transmitted from the vulnerability information distribution system 210 (S 201 ).
  • the vulnerability information data receiving unit 311 stores the received vulnerability information data into the vulnerability information data storage unit 312 (S 202 ).
  • the vulnerability information data distribution unit 313 reads the vulnerability information data from the vulnerability information data storage unit 312 (S 203 ), and transmits the read vulnerability information data to the agent unit 320 (S 204 ).
  • the server 310 transmits the vulnerability information data to each of the plurality of agent units 320 .
  • the vulnerability information data receiving unit 321 receives the vulnerability information data transmitted from the server 310 (S 301 ).
  • the vulnerability information data receiving unit 321 stores the received vulnerability information data into the vulnerability information data storage unit 322 (S 302 ).
  • the vulnerability investigation unit 323 reads the vulnerability information data from the vulnerability information data storage unit 322 (S 303 ). When 0, which indicates “unreleased”, is set to the release flag of the read vulnerability information data (Yes in S 304 ), the vulnerability investigation unit 323 transmits the vulnerability information data to the vulnerability information data decryption unit 324 .
  • the vulnerability information data decryption unit 324 reads a common key for decryption from the common key storage unit 325 , decrypts the information about the method for investigation in the vulnerability information data by using the read common key (S 305 ), and sends the decrypted vulnerability information data back to the vulnerability investigation unit 323 .
  • the vulnerability investigation unit 323 investigates the presence or absence of vulnerabilities in the corresponding terminal 330 based on the information about the method for investigation in the vulnerability information data decrypted by the vulnerability information data decryption unit 324 (S 306 ).
  • the vulnerability investigation unit 323 investigates the presence or absence of vulnerabilities in the corresponding terminal 330 based on the information about the method for investigation (S 306 ).
  • the vulnerability investigation unit 323 creates vulnerability investigation results indicating investigation results regarding the presence or absence of vulnerabilities in the corresponding terminal 330 (S 307 ).
  • the vulnerability investigation results have a format that contains a vulnerability information ID, a terminal ID, information about an investigation date and time, information about investigation results as shown in FIG. 8 .
  • An ID for uniquely identifying the vulnerability information related to the investigated vulnerabilities which is the vulnerability information ID contained in the vulnerability information data, is set to the vulnerability information ID.
  • An ID for identifying the investigated terminal 330 is set to the terminal ID.
  • Information about the date and time when investigation is conducted is set to the investigation date and time. 0 is set to the investigation results when there are no vulnerabilities in the terminal 330 , and 1 is set to the investigation results when there are vulnerabilities in the terminal 330 .
  • the vulnerability investigation unit 323 stores the created vulnerability investigation results into the vulnerability investigation result storage unit 326 (S 308 ).
  • the vulnerability investigation result transmitting unit 327 reads the vulnerability investigation results from the vulnerability investigation result storage unit 326 (S 309 ) and transmits the read vulnerability investigation results to the server 310 (S 310 ).
  • each of the plurality of agent units 320 performs the operation of FIG. 7 described above.
  • the vulnerability investigation result receiving unit 314 receives the vulnerability investigation results transmitted from the agent unit 320 (S 401 ).
  • the vulnerability investigation result receiving unit 314 stores the received vulnerability investigation results into the vulnerability investigation result storage unit 315 (S 402 ).
  • the server 310 stores the vulnerability investigation results received from each of the plurality of agent units 320 into the vulnerability investigation result storage unit 315 .
  • the vulnerability release date and time checking unit 316 checks whether or not the vulnerability information data whose release flag is 0 indicating “unreleased” is stored in the vulnerability information data storage unit 312 on a regular basis (e.g., once in 10 minutes) (S 501 ), and when such vulnerability information data is stored (Yes in S 501 ), the vulnerability release date and time checking unit 316 reads one of such vulnerability information data (S 502 ). When the release date and time of the read vulnerability information data is before the current date and time (Yes in S 503 ), the vulnerability release date and time checking unit 316 transmits the vulnerability information data to the vulnerability information data decryption unit 317 .
  • the vulnerability information data decryption unit 317 reads a common key for decryption from the common key storage unit 318 , decrypts information about the overview, the method for investigation and the method for countermeasures in the vulnerability information data by using the read common key (S 504 ), and sends the decrypted vulnerability information data back to the vulnerability release date and time checking unit 316 .
  • the vulnerability release date and time checking unit 316 sets 1, which indicates “released”, to the release flag of the decrypted vulnerability information data (S 505 ).
  • the vulnerability release date and time checking unit 316 stores the decrypted vulnerability information data where 1 is set to its release flag again into the vulnerability information data storage unit 312 (S 506 ).
  • the vulnerability release date and time checking unit 316 stores the read vulnerability information data again into the vulnerability information data storage unit 312 without making any change (S 506 ). Processing on the vulnerability information data read in S 502 thereby ends.
  • the vulnerability release date and time checking unit 316 returns to the processing in S 502 .
  • the vulnerability release date and time checking unit 316 ends the process.
  • the vulnerability information and investigation result display unit 319 checks whether or not the vulnerability information data whose release flag is 1 indicating “released” is stored in the vulnerability information data storage unit 312 (S 601 ), and when such vulnerability information data is stored (Yes in S 601 ), the vulnerability information and investigation result display unit 319 reads one of such vulnerability information data (S 602 ). When the vulnerability investigation results having a matching vulnerability information ID with the read vulnerability information data and whose investigation results are 1 indicating the presence of vulnerabilities are stored in the vulnerability investigation result storage unit 315 (Yes in S 603 ), the vulnerability information and investigation result display unit 319 reads all of such vulnerability investigation results (S 604 ).
  • the vulnerability information and investigation result display unit 319 displays, on a screen of the server 310 , the overview and the method for investigation in the read vulnerability information data and a list of the terminal IDs in the read vulnerability investigation results (S 605 ).
  • the vulnerability information and investigation result display unit 319 does not display the results on the screen of the server 310 . Processing on the vulnerability information data read in S 602 thereby ends.
  • the vulnerability information and investigation result display unit 319 returns to the processing in S 602 .
  • the vulnerability information data whose release flag is 1 indicating “released” is not stored in the vulnerability information data storage unit 312 anymore (No in S 601 and No in S 606 )
  • the vulnerability information and investigation result display unit 319 ends the process.
  • timing to start the operation of FIG. 11 may be regular timing, or it may be timing when an operation indicating display of vulnerability information and vulnerability investigation results is performed.
  • the vulnerability release date and time checking unit 328 checks whether or not the vulnerability information data whose release flag is 0 indicating “unreleased” is stored in the vulnerability information data storage unit 322 on a regular basis (e.g., once in 10 minutes) (S 701 ), and when such vulnerability information data is stored (Yes in S 701 ), the vulnerability release date and time checking unit 328 reads one of such vulnerability information data (S 702 ). When the release date and time of the read vulnerability information data is before the current date and time (Yes in S 703 ), the vulnerability release date and time checking unit 328 transmits the vulnerability information data to the vulnerability information data decryption unit 324 .
  • the vulnerability information data decryption unit 324 reads a common key for decryption from the common key storage unit 325 , decrypts information about the overview, the method for investigation and the method for countermeasures in the vulnerability information data by using the read common key (S 704 ), and sends the decrypted vulnerability information data back to the vulnerability release date and time checking unit 328
  • the vulnerability release date and time checking unit 328 sets 1, which indicates “released”, to the release flag of the decrypted vulnerability information data (S 705 ).
  • the vulnerability release date and time checking unit 328 stores the decrypted vulnerability information data where 1 is set to its release flag again into the vulnerability information data storage unit 322 (S 706 ).
  • the vulnerability release date and time checking unit 328 stores the read vulnerability information data again into the vulnerability information data storage unit 322 without making any change (S 706 ). Processing on the vulnerability information data read in S 702 thereby ends.
  • the vulnerability release date and time checking unit 328 returns to the processing in S 702 .
  • the vulnerability release date and time checking unit 328 ends the process.
  • each of the plurality of agent units 320 performs the operation of FIG. 12 described above.
  • the vulnerability information display unit 329 checks whether or not the vulnerability information data whose release flag is 1 indicating “released” is stored in the vulnerability information data storage unit 322 (S 801 ), and when such vulnerability information data is stored (Yes in S 801 ), the vulnerability information display unit 329 reads one of such vulnerability information data (S 802 ). When the vulnerability investigation results having a matching vulnerability information ID with the read vulnerability information data and whose investigation results are 1 indicating the presence of vulnerabilities are stored in the vulnerability investigation result storage unit 326 (Yes in S 803 ), the vulnerability information display unit 329 reads such vulnerability investigation results (S 804 ).
  • the vulnerability information display unit 329 displays, on a screen of the corresponding terminal 330 , the overview and the method for investigation in the read vulnerability information data (S 805 ).
  • the vulnerability information display unit 329 does not display the results on the screen of the corresponding terminal 330 .
  • Processing on the vulnerability information data read in S 802 thereby ends.
  • the vulnerability information display unit 329 returns to the processing in S 802 .
  • the vulnerability information display unit 329 ends the process.
  • timing to start the operation of FIG. 13 may be regular timing, or it may be timing when an operation indicating display of vulnerability information is performed.
  • each of the plurality of agent units 320 performs the operation of FIG. 13 described above.
  • the server 310 transmits encrypted vulnerability information to the agent unit 320 so that the investigation regarding the presence or absence of vulnerabilities in the terminal 330 is completed before a release date and time, and then displays vulnerability investigation results on or after the release date and time.
  • a security administrator of the security risk management system using company 300 can know investigation results regarding the presence or absence of vulnerabilities in the terminals 330 of its own company on the release date and time of the vulnerability information, and immediately take the next step of developing countermeasures against vulnerabilities. It is thereby possible to reduce the time needed to take countermeasures against vulnerabilities.
  • the vulnerability information is decrypted for vulnerability investigation before a release date and time of the vulnerability information in the security risk management system 305 .
  • the decrypted vulnerability information is displayed on or after the release date and time.
  • a security administrator and employees of the security risk management system using company 300 are not able to see the vulnerability information before the release date and time, and therefore the secrecy of the vulnerability information is ensured.
  • FIG. 14 shows a block configuration example of a security risk management system 305 according to the second embodiment.
  • the security risk management system 305 includes a server 310 and an agent unit 320 , just like in the first embodiment.
  • the agent unit 320 corresponds to the terminal 330 whose vulnerabilities are to be managed (see FIG. 1 ), and it is installed into the corresponding terminal 330 .
  • FIG. 14 shows an example in which one agent unit 320 corresponding to one terminal 330 is placed, if there are a plurality of terminals 330 , a plurality of agent units 320 respectively corresponding to the plurality of terminals 330 are placed.
  • the server 310 includes a communication unit 3101 and a presentation unit 3102 .
  • the communication unit 3101 corresponds to an element that combines the vulnerability information data distribution unit 313 and the vulnerability investigation result receiving unit 314 according to the first embodiment described above.
  • the presentation unit 3102 corresponds to the vulnerability information and investigation result display unit 319 according to the first embodiment described above.
  • the agent unit 320 includes a communication unit 3201 and an investigation unit 3202 .
  • the communication unit 3201 corresponds to an element that combines the vulnerability information data receiving unit 321 and the vulnerability investigation result transmitting unit 327 according to the first embodiment described above.
  • the investigation unit 3202 corresponds to the vulnerability investigation unit 323 according to the first embodiment described above.
  • the operation of the security risk management system 305 according to the second embodiment is described hereinafter with reference to FIG. 15 .
  • the communication unit 3101 transmits vulnerability information to the agent unit 320 before the release date and time of the vulnerability information (S 901 ).
  • the server 310 transmits vulnerability information to each of the plurality of agent units 320 .
  • the communication unit 3201 receives vulnerability information transmitted from the server 310 before the release date and time of the vulnerability information (S 902 ).
  • the investigation unit 3202 investigates the presence or absence of vulnerabilities in the corresponding terminal 330 based on the method for investigation contained in the vulnerability information before the release date and time of the vulnerability information (S 903 ). Further, the investigation unit 3202 transmits vulnerability investigation results containing investigation results regarding the presence or absence of vulnerabilities in the terminal 330 to the server 310 before the release date and time of the vulnerability information (S 904 ).
  • each of the plurality of agent units 320 performs the operations of S 902 to S 904 described above.
  • the communication unit 3101 receives the vulnerability investigation results transmitted from the agent unit 320 before the release date and time of the vulnerability information (S 905 ).
  • the presentation unit 3102 presents the vulnerability information and the vulnerability investigation results (for example, displays them on a screen of the server 310 ) on or after the release date and time of the vulnerability information (S 906 ).
  • the server 310 transmits vulnerability information to the agent unit 320 so that the investigation regarding the presence or absence of vulnerabilities in the terminal 330 is completed before a release date and time, and then presents vulnerability investigation results on or after the release date and time.
  • a security administrator can know investigation results regarding the presence or absence of vulnerabilities in the terminals 330 on the release date and time of the vulnerability information, and immediately take the next step of developing countermeasures against vulnerabilities. It is thereby possible to reduce the time needed to take countermeasures against vulnerabilities.
  • the elements of the server 310 and the agent unit 320 according to the second embodiment may perform the same operations as the corresponding elements in the first embodiment described above. Further, the server 310 and the agent unit 320 according to the second embodiment may further include another element included in the server 310 and the agent unit 320 according to the first embodiment described above.
  • the server may investigate the presence or absence of vulnerabilities in a terminal.
  • the agent unit may collect only information necessary for investigation from the terminal, and transmits the collected information to the server.
  • the server investigates the presence or absence of vulnerabilities in each terminal based on the information collected from each agent unit.
  • vulnerability information data whose release flag indicates “released” is read, and then vulnerability investigation results are read based on the read vulnerability information data as shown in FIGS. 11 and 13 in the first embodiment described above, it is not limited thereto.
  • vulnerability investigation results indicating the presence of vulnerabilities may be read first, and then vulnerability information data may be read based on the read vulnerability investigation results.
  • a security risk management system comprising:
  • the server transmits vulnerability information to the agent unit before a release date and time of the vulnerability information
  • the agent unit investigates presence or absence of vulnerabilities in the terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information, and transmits vulnerability investigation results containing the investigation results to the server before the release date and time of the vulnerability information, and
  • the server presents the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • the server transmits the vulnerability information to the agent unit before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding a method for vulnerability investigation, and
  • the agent unit decrypts the information regarding a method for vulnerability investigation contained in the vulnerability information, and investigates presence or absence of vulnerabilities in the terminal based on the decrypted information regarding a method for vulnerability investigation before the release date and time of the vulnerability information.
  • the security risk management system wherein the server stores the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, and transmits the vulnerability information to the agent unit before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, and
  • the agent unit stores the vulnerability information before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures.
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information
  • the server reads the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the stored vulnerability information, and
  • the server decrypts the information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures contained in the read vulnerability information, sets a value indicating “released” to the release flag added to the read vulnerability information, and stores the read vulnerability information again.
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the server stores the vulnerability investigation results, reads the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the stored vulnerability information, reads the vulnerability investigation results containing the vulnerability information ID matching with the read vulnerability information and containing investigation results indicating presence of vulnerabilities in the terminal from among the stored vulnerability investigation results, and presents an overview and a method for countermeasures contained in the read vulnerability information and presents the terminal ID contained in the read vulnerability investigation results.
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information
  • the agent unit reads the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the stored vulnerability information, and
  • the agent unit decrypts the information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures contained in the read vulnerability information, sets a value indicating “released” to the release flag added to the read vulnerability information, and stores the read vulnerability information again.
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the agent unit stores the vulnerability investigation results, reads the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the stored vulnerability information, and when the vulnerability investigation results containing the vulnerability information ID matching with the read vulnerability information and containing investigation results indicating presence of vulnerabilities in the terminal are included in the stored vulnerability investigation results, presents an overview and a method for countermeasures contained in the read vulnerability information.
  • a server comprising:
  • a communication unit configured to transmit, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information, and receives, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before the release date and time of the vulnerability information, and
  • a presentation unit configured to present the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • a vulnerability information storage unit configured to store the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, wherein
  • the communication unit transmits the vulnerability information to the agent unit before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures.
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information
  • the release date and time checking unit reads the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and
  • the release date and time checking unit decrypts the information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures contained in the read vulnerability information, sets a value indicating “released” to the release flag added to the read vulnerability information, and stores the read vulnerability information again into the vulnerability information storage unit.
  • a vulnerability investigation result storage unit configured to store the vulnerability investigation results
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the presentation unit reads the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the vulnerability information stored in the vulnerability information storage unit, reads the vulnerability investigation results containing the vulnerability information ID matching with the read vulnerability information and containing investigation results indicating presence of vulnerabilities in the terminal from among the vulnerability investigation results stored in the vulnerability investigation result storage unit, and presents an overview and a method for countermeasures contained in the read vulnerability information and presents the terminal ID contained in the read vulnerability investigation results.
  • a control method of a server comprising:
  • the transmission step transmits the vulnerability information to the agent unit before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures.
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information
  • control method further comprises:
  • a step of reading the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • control method further comprises:
  • a step of reading the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the vulnerability information stored in the vulnerability information storage unit,
  • the presentation step presents an overview and a method for countermeasures contained in the read vulnerability information, and presents the terminal ID contained in the read vulnerability investigation results.
  • a non-transitory computer readable medium storing a program causing a computer to execute:
  • the transmission step transmits the vulnerability information to the agent unit before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures.
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information
  • the program causes the computer to further execute:
  • a step of reading the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the program causes the computer to further execute:
  • a step of reading the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the vulnerability information stored in the vulnerability information storage unit,
  • the presentation step presents an overview and a method for countermeasures contained in the read vulnerability information, and presents the terminal ID contained in the read vulnerability investigation results.
  • a non-transitory computer readable medium storing a program causing a computer to execute:
  • the receiving step receives, from the server, the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding a method for vulnerability investigation, and
  • the investigation step decrypts the information regarding a method for vulnerability investigation contained in the vulnerability information, and investigates presence or absence of vulnerabilities in the terminal based on the decrypted information regarding a method for vulnerability investigation before the release date and time of the vulnerability information.
  • the receiving step receives, from the server, the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, and
  • the program causes the computer to further execute:
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information
  • the program causes the computer to further execute:
  • a step of reading the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the program causes the computer to further execute:
  • a step of reading the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and

Abstract

A security risk management system (305) of the present disclosure includes a server (310) and an agent unit (320) included in a terminal. The server (310) transmits vulnerability information to the agent unit (320) before the release date and time of the vulnerability information. The agent unit (320) investigates the presence or absence of vulnerabilities in the terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information, and transmits vulnerability investigation results containing the investigation results to the server (310) before the release date and time of the vulnerability information. The server (310) presents the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This application is a Continuation of U.S. application Ser. No. 16/084,687 filed on Sep. 13, 2018, which is a National Stage of International Application No. PCT/JP2017/011586 filed Mar. 23, 2017, claiming priority based on Japanese Patent Application No. 2016-061774 filed Mar. 25, 2016, the disclosure of which is incorporated herein in their entirety by reference.
    • TECHNICAL FIELD
  • The present disclosure relates to a security risk management system, a server, a control method, and a non-transitory computer-readable medium.
    • BACKGROUND ART
  • Terminals used by companies are subject to security risks including vulnerabilities in hardware or software. This raises a need for companies to manage the vulnerabilities of terminals in the companies. In recent years, a security risk management system that supports the management of vulnerabilities has been proposed (e.g., Patent Literature 1).
    • CITATION LIST Patent Literature
  • Patent Literature 1: Japanese Unexamined Patent Application Publication No. 2009-015570
    • SUMMARY OF INVENTION Technical Problem
  • A company using a security risk management system generally manages vulnerabilities as follows.
  • After vulnerability information is released, a security administrator of the company investigates the presence or absence of vulnerabilities in terminals in the company by using the security risk management system.
  • When a vulnerable terminal is found as a result of the investigation, the security administrator of the company develops and implements countermeasures against the vulnerability by using the security risk management system
  • However, once vulnerability information is released, there is a risk that a terminal is attacked by a malicious individual or group of individuals, and it is necessary to reduce the time needed to take countermeasures against the vulnerability.
  • The technique disclosed in the above-mentioned Patent Literature 1 stores, in a database, countermeasures taken against vulnerabilities of a terminal in association with a keyword indicating the type of vulnerabilities. Specifically, the technique disclosed in Patent Literature 1 is a technique that stores, in a database, countermeasures against vulnerabilities which have been actually taken in a terminal, and it is not a technique that reduces the time needed to take countermeasures against vulnerabilities.
  • An object of the present disclosure is to solve the above-described problem, and to provide a technique capable of reducing the time needed to take countermeasures against vulnerabilities.
    • Solution to Problem
  • According to one aspect of the present disclosure, a security risk management system includes a server, and an agent unit included in a terminal, wherein the server transmits vulnerability information to the agent unit before a release date and time of the vulnerability information, the agent unit investigates presence or absence of vulnerabilities in the terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information, and transmits vulnerability investigation results containing the investigation results to the server before the release date and time of the vulnerability information, and the server presents the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • According to one aspect of the present disclosure, a server includes a communication unit configured to transmit, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information, and receives, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before the release date and time of the vulnerability information, and a presentation unit configured to present the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • According to one aspect of the present disclosure, a control method is a control method of a server, including a transmission step of transmitting, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information, a step of receiving, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before the release date and time of the vulnerability information, and a presentation step of presenting the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • According to one aspect of the present disclosure, a non-transitory computer readable medium is a non-transitory computer readable medium storing a program causing a computer to execute a transmission step of transmitting, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information, a step of receiving, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before a release date and time of the vulnerability information, and a presentation step of presenting the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
  • According to one aspect of the present disclosure, a non-transitory computer readable medium is a non-transitory computer readable medium storing a program causing a computer to execute a receiving step of receiving, from a server, vulnerability information before a release date and time of the vulnerability information, an investigation step of investing presence or absence of vulnerabilities in a terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information before a release date and time of the vulnerability information, and a step of transmitting, to the server, vulnerability investigation results containing investigation results in the investigation step before the release date and time of the vulnerability information.
    • Advantageous Effects of Invention
  • According to the exemplary aspects of the present disclosure, it is possible to reduce the time needed to take countermeasures against vulnerabilities.
    • BRIEF DESCRIPTION OF DRAWINGS
  • FIG. 1 is a view showing a configuration example of a security system according to a first embodiment.
  • FIG. 2 is a block diagram showing a block configuration example of a vulnerability information distribution system and a security risk management system according to the first embodiment.
  • FIG. 3 is a view showing a configuration example of the hardware configuration of a computer that implements the vulnerability information distribution system, a server and a terminal according to the first embodiment.
  • FIG. 4 is a flowchart showing an operation example that receives vulnerability information from a vulnerability information transmission system, creates vulnerability information data, and transmits the vulnerability information data to a server in the vulnerability information distribution system according to the first embodiment.
  • FIG. 5 is a view showing an example of vulnerability information data according to the first embodiment.
  • FIG. 6 is a flowchart showing an operation example that receives vulnerability information data from a vulnerability information distribution system and transmits the vulnerability information data to an agent unit in the server according to the first embodiment.
  • FIG. 7 is a flowchart showing an operation example that receives vulnerability information data from a server, investigates the presence or absence of vulnerabilities of a corresponding terminal, and transmits vulnerability investigation results to a server in the agent unit according to the first embodiment.
  • FIG. 8 is a view showing an example of vulnerability investigation results according to the first embodiment.
  • FIG. 9 is a flowchart showing an operation example that receives vulnerability investigation results from an agent unit and stores the vulnerability investigation results into a vulnerability investigation result storage unit in the server according to the first embodiment.
  • FIG. 10 is a flowchart showing an operation example that regularly checks vulnerability information data in a vulnerability information data storage unit, decrypts the vulnerability information data whose release date and time is before the current date and time, and stores the decrypted vulnerability information data again into the vulnerability information data storage unit in the server according to the first embodiment.
  • FIG. 11 is a flowchart showing an operation example that displays vulnerability information and vulnerability investigation results in the server according to the first embodiment.
  • FIG. 12 is a flowchart showing an operation example that regularly checks vulnerability information data in a vulnerability information data storage unit, decrypts the vulnerability information data whose release date and time is before the current date and time, and stores the decrypted vulnerability information data again into the vulnerability information data storage unit in the agent unit according to the first embodiment.
  • FIG. 13 is a flowchart showing an operation example that displays vulnerability information in the agent unit according to the first embodiment.
  • FIG. 14 is a block diagram showing a block configuration example of a security risk management system according to a second embodiment.
  • FIG. 15 is a sequence chart showing an operation example of the security risk management system according to the second embodiment.
    •  DESCRIPTION OF EMBODIMENTS
  • Embodiments of the present disclosure are described hereinafter with reference to the drawings.
    • (1) First Embodiment (1-1) Configuration of First Embodiment
  • (1-1-1) Overall Configuration
  • FIG. 1 shows a configuration example of a security system according to a first embodiment. FIG. 2 shows a block configuration example of a vulnerability information distribution system 210 and a security risk management system 305 according to the first embodiment.
  • Referring to FIGS. 1 and 2, the security system according to the first embodiment includes a vulnerability information transmission system 110 placed in a vulnerability information providing institution 100, a vulnerability information distribution system 210 placed in a security risk management system providing company 200, and a security risk management system 305 placed in a security risk management system using company 300.
  • The vulnerability information providing institution 100 is an institution that provides vulnerability information including an overview of vulnerabilities, a method for investigation, a method for countermeasures and the like, and it is CERT (Computer Emergency Response Team), JPCERT (Japan Computer Emergency Response Team), IPA (Information-technology Promotion Agency) or the like, for example. The security risk management system providing company 200 is a company that provides the security risk management system 305. The security risk management system using company 300 is a company that uses the security risk management system 305 provided by the security risk management system providing company 200. The security risk management system using company 300 manages vulnerabilities in terminals 330 of its own company by using the security risk management system 305.
  • When software has a vulnerability, the vulnerability information providing institution 100 provides a software vendor that has created this software with vulnerability information regarding the vulnerability before its release date and time for the purpose of investigation in some cases. The vulnerability information provided from the vulnerability information providing institution 100 to the software vendor can be used by the security risk management system providing company 200. However, when it is before the release date and time of the vulnerability information, use of the vulnerability information is limited to one's own use in the security risk management system providing company 200. In this manner, the security risk management system providing company 200 is allowed to use, only in its own company, the vulnerability information provided from the vulnerability information providing institution 100 before the release date and time.
  • The first embodiment focuses attention on the fact that the security risk management system using company 300 can use vulnerability information before the release date and time provided by the vulnerability information providing institution 100, and completes the investigation regarding the presence or absence of vulnerabilities in the terminals 330 by using the vulnerability information before the release date and time.
  • (1-1-2) Configuration of Vulnerability Information Transmission System 110
  • The vulnerability information transmission system 110 transmits vulnerability information to the vulnerability information distribution system 210. Note that the vulnerability information transmission system 110 only needs to have the function of transmitting vulnerability information to the vulnerability information distribution system 210, and this function can be implemented by a known technique, and therefore the description of its detailed block configuration is omitted.
  • (1-1-3) Configuration of Vulnerability Information Distribution System 210
  • The vulnerability information distribution system 210 includes a vulnerability information receiving unit 211, a vulnerability information data creation unit 212, a vulnerability information data encryption unit 213, a common key storage unit 214, a vulnerability information data storage unit 215, and a vulnerability information data transmitting unit 216.
  • The vulnerability information receiving unit 211 receives vulnerability information from the vulnerability information transmission system 110. The vulnerability information data creation unit 212 creates vulnerability information data in accordance with an operation performed by a vulnerability information data creator based on the vulnerability information received by the vulnerability information receiving unit 211. The vulnerability information data encryption unit 213 encrypts the vulnerability information data created by the vulnerability information data creation unit 212 by using a common key. The common key storage unit 214 stores the common key to be used when the vulnerability information data encryption unit 213 encrypts the vulnerability information data. The vulnerability information data storage unit 215 stores the vulnerability information data created by the vulnerability information data creation unit 212. The vulnerability information data transmitting unit 216 reads the vulnerability information data from the vulnerability information data storage unit 215, and transmits the read vulnerability information data to a server 310.
  • (1-1-4) Configuration of Security Risk Management System 305
  • The security risk management system 305 includes a server 310 and an agent unit 320. The agent unit 320 is software which is also called agent software or agent. The agent unit 320 corresponds to the terminal 330 whose vulnerabilities are managed by the security risk management system using company 300, and it is installed into the corresponding terminal 330. In FIG. 1, it is assumed that there are a plurality of terminals 330, and a plurality of agent units 320 respectively corresponding to the plurality of terminals 330 are placed; however, when there is one terminal 330, one agent unit 320 is placed.
  • The server 310 receives vulnerability information data from the vulnerability information distribution system 210, transmits the received vulnerability information data to the agent unit 320, and gives an instruction to conduct vulnerability investigation before the release date and time of vulnerability information. Further, the server 310 receives vulnerability investigation results from the agent unit 320, and displays the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information. On the other hand, the agent unit 320 receives vulnerability information data from the server 310, investigates the presence or absence of vulnerabilities in the corresponding terminal 330, and transmits vulnerability investigation results to the server 310 before the release date and time of vulnerability information. Further, the agent unit 320 displays the vulnerability information on or after the release date and time of the vulnerability information.
  • (1-1-5) Configuration of Server 310
  • The server 310 includes a vulnerability information data receiving unit 311, a vulnerability information data storage unit 312, a vulnerability information data distribution unit 313, a vulnerability investigation result receiving unit 314, a vulnerability investigation result storage unit 315, a vulnerability release date and time checking unit 316, a vulnerability information data decryption unit 317, a common key storage unit 318, and a vulnerability information and investigation result display unit 319. Note that the vulnerability information data distribution unit 313 and the vulnerability investigation result receiving unit 314 are an example of elements of a communication unit. The vulnerability information and investigation result display unit 319 is an example of a presentation unit. The vulnerability information data storage unit 312 is an example of a vulnerability information storage unit. The vulnerability release date and time checking unit 316 is an example of a release date and time checking unit. The vulnerability investigation result storage unit 315 is an example of a vulnerability investigation result storage unit.
  • The vulnerability information data receiving unit 311 receives vulnerability information data from the vulnerability information distribution system 210. The vulnerability information data storage unit 312 stores the vulnerability information data received by the vulnerability information data receiving unit 311. The vulnerability information data distribution unit 313 reads the vulnerability information data from the vulnerability information data storage unit 312, and transmits the read vulnerability information data to the agent unit 320. The vulnerability investigation result receiving unit 314 receives vulnerability investigation results from the agent unit 320. The vulnerability investigation result storage unit 315 stores the vulnerability investigation results received by the vulnerability investigation result receiving unit 314. The vulnerability release date and time checking unit 316 reads the vulnerability information data from the vulnerability information data storage unit 312 on a regular basis, checks the release date and time, makes the vulnerability information data decryption unit 317 decrypt the vulnerability information data whose release date and time has passed, and writes the decrypted vulnerability information data back into the vulnerability information data storage unit 312. The vulnerability information data decryption unit 317 receives the vulnerability information data from the vulnerability release date and time checking unit 316, and decrypts the vulnerability information data by using a common key. The common key storage unit 318 stores the common key to be used when the vulnerability information data decryption unit 317 decrypts the vulnerability information data. The vulnerability information and investigation result display unit 319 reads the vulnerability information data whose release date and time has passed from the vulnerability information data storage unit 312, reads the corresponding vulnerability investigation results from the vulnerability investigation result storage unit 315 based on the read vulnerability information data, and presents the vulnerability information and the vulnerability investigation results based on the read vulnerability investigation results. It is assumed hereinafter that the presentation is to display the information and the results on a screen of the server 310.
  • (1-1-6) Configuration of Agent Unit 320
  • The agent unit 320 includes a vulnerability information data receiving unit 321, a vulnerability information data storage unit 322, a vulnerability investigation unit 323, a vulnerability information data decryption unit 324, a common key storage unit 325, a vulnerability investigation result storage unit 326, a vulnerability investigation result transmitting unit 327, a vulnerability release date and time checking unit 328, and a vulnerability information display unit 329. Note that the vulnerability information data receiving unit 321 and the vulnerability investigation result transmitting unit 327 are an example of components of a communication unit. The vulnerability information display unit 329 is an example of a presentation unit. The vulnerability information data storage unit 322 is an example of a vulnerability information storage unit. The vulnerability release date and time checking unit 328 is an example of a release date and time checking unit. The vulnerability investigation result storage unit 326 is an example of a vulnerability investigation result storage unit.
  • The vulnerability information data receiving unit 321 receives vulnerability information data from the server 310. The vulnerability information data storage unit 322 stores the vulnerability information data received by the vulnerability information data receiving unit 321. The vulnerability investigation unit 323 reads the vulnerability information data from the vulnerability information data storage unit 322, makes the vulnerability information data decryption unit 324 decrypt the read vulnerability information data, investigates the presence or absence of vulnerabilities in the corresponding terminal 330 based on a method for investigation contained in the decrypted vulnerability information data, and stores vulnerability investigation results containing results of the investigation into the vulnerability investigation result storage unit 326. The vulnerability information data decryption unit 324 receives the vulnerability information data from the vulnerability investigation unit 323 and the vulnerability release date and time checking unit 328, and decrypts the vulnerability information data by using a common key. The common key storage unit 325 stores the common key to be used when the vulnerability information data decryption unit 324 decrypts the vulnerability information data. The vulnerability investigation result storage unit 326 stores the vulnerability investigation results containing the investigation results investigated by the vulnerability investigation unit 323. The vulnerability investigation result transmitting unit 327 reads the vulnerability investigation results from the vulnerability investigation result storage unit 326, and transmits the read vulnerability investigation results to the server 310. The vulnerability release date and time checking unit 328 reads the vulnerability information data from the vulnerability information data storage unit 322 on a regular basis, checks the release date and time, makes the vulnerability information data decryption unit 324 decrypt the vulnerability information data whose release date and time has passed, and writes the decrypted vulnerability information data back into the vulnerability information data storage unit 322. The vulnerability information display unit 329 reads the vulnerability information data whose release date and time has passed from the vulnerability information data storage unit 322, reads the corresponding vulnerability investigation results from the vulnerability investigation result storage unit 326 based on the read vulnerability information data, and presents the vulnerability information based on the read vulnerability investigation results. It is assumed hereinafter that the presentation is to display the information on a screen of the corresponding terminal 330.
  • Note that the common key storage unit 214 in the vulnerability information distribution system 210, the common key storage unit 318 in the server 310, and the common key storage unit 325 in the agent unit 320 share a common key, and store the shared common key.
  • (1-1-7) Hardware Configuration
  • FIG. 3 shows a configuration example of the hardware configuration of a computer 400 for implementing the vulnerability information distribution system 210 according to the first embodiment. Referring to FIG. 3, the vulnerability information distribution system 210 according to the first embodiment can be implemented by the computer 400. The computer 400 includes a processor 401, a memory 402, a storage 403, an input/output interface (input/output I/F) 404, a communication interface (communication I/F) 405 and the like. The processor 401, the memory 402, the storage 403, the input/output interface 404 and the communication interface 405 are connected through a data transmission line for transmitting and receiving data to and from one another.
  • The processor 401 is a processing unit such as CPU (Central Processing Unit) or GPU (Graphics Processing Unit). The memory 402 is a memory such as RAM (Random Access Memory) or ROM (Read Only Memory). The storage 403 is a storage device such as HDD (Hard Disk Drive), SSD (Solid State Drive) or memory card. Alternatively, the storage 403 may be a memory such as RAM or ROM.
  • The storage 403 stores a program for implementing the function of each processing unit (the vulnerability information receiving unit 211, the vulnerability information data creation unit 212, the vulnerability information data encryption unit 213, the vulnerability information data transmitting unit 216 etc.) included in the vulnerability information distribution system 210. The processor 401 executes each program and thereby implements the function of each processing unit. The processor 401 may execute each program after reading the program onto the memory 402, or may execute each program without reading it onto the memory 402. Further, the memory 402 and the storage 403 serve also as the common key storage unit 214 and the vulnerability information data storage unit 215.
  • The above-described program can be stored and provided to the computer (which includes computer 400) using any type of non-transitory computer readable medium. The non-transitory computer readable medium includes any type of tangible storage medium. Examples of the non-transitory computer readable medium include magnetic storage media (such as floppy disks, magnetic tapes, hard disk drives, etc.), optical magnetic storage media (e.g. magneto-optical disks), CD-ROM (Compact Disc-Read Only Memory), CD-R (CD-Recordable), CD-R/W (CD-ReWritable), and semiconductor memories (such as mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM (Random Access Memory), etc.). The program may be provided to a computer using any type of transitory computer readable medium. Examples of the transitory computer readable medium include electric signals, optical signals, and electromagnetic waves. The transitory computer readable medium can provide the program to a computer via a wired communication line such as an electric wire or optical fiber or a wireless communication line.
  • The input/output interface 404 is connected with a display device 4041, an input device 4042 and the like. The display device 4041 is a device that displays a screen corresponding to drawing data processed by the processor 401, such as LCD (Liquid Crystal Display) or CRT (Cathode Ray Tube) display. The input device 4042 is a device that receives an operation input by an operator, such as a keyboard, a mouse or a touch sensor, for example. The display device 4041 and the input device 4042 may be integrated and implemented as a touch panel.
  • The communication interface 405 transmits and receives data to and from an external device. For example, the communication interface 405 communicates with an external device through a wired or wireless network.
  • Note that the server 310 and the terminal 330 can be implemented by the computer 400 shown in FIG. 3.
  • For example, in the case where the server 310 is implemented by the computer 400, the storage 403 stores a program for implementing the function of each processing unit (the vulnerability information data receiving unit 311, the vulnerability information data distribution unit 313, the vulnerability investigation result receiving unit 314, the vulnerability release date and time checking unit 316, the vulnerability information data decryption unit 317, the vulnerability information and investigation result display unit 319 etc.) included in the server 310. Further, the memory 402 and the storage 403 serve also as the vulnerability information data storage unit 312, the vulnerability investigation result storage unit 315 and the common key storage unit 318.
  • In the case where the terminal 330 is implemented by the computer 400, the storage 403 stores a program for implementing the function of each processing unit (the vulnerability information data receiving unit 321, the vulnerability investigation unit 323, the vulnerability information data decryption unit 324, the vulnerability investigation result transmitting unit 327, the vulnerability release date and time checking unit 328, the vulnerability information display unit 329 etc.) included in the agent unit 320. Further, the memory 402 and the storage 403 serve also as the vulnerability information data storage unit 322, the common key storage unit 325 and the vulnerability investigation result storage unit 326.
    • (1-2) Operation of First Embodiment
  • The operation of the security system according to the first embodiment is described hereinafter in detail.
  • (1-2-1) First, the operation of the vulnerability information distribution system 210 that receives vulnerability information from the vulnerability information transmission system 110, creates vulnerability information data and transmits it to the server 310 is described with reference to FIG. 4.
  • Referring to FIG. 4, in the vulnerability information distribution system 210, the vulnerability information receiving unit 211 receives vulnerability information transmitted from the vulnerability information transmission system 110 (S101). The vulnerability information contains information about an overview of vulnerabilities, information about a method for investigation, information about a method for countermeasures, and information about a release date and time. The vulnerability information receiving unit 211 transmits the received vulnerability information to the vulnerability information data creation unit 212. The vulnerability information data creation unit 212 creates vulnerability information data in accordance with an operation performed by a vulnerability information data creator based on the vulnerability information (S102).
  • As shown in FIG. 5, the vulnerability information data has a format that contains a vulnerability information ID (Identifier), information about a release date and time, a release flag, information about an overview, information about a method for investigation, and information about a method for countermeasures. The vulnerability information data corresponds to data created by adding a vulnerability information ID and a release flag to the vulnerability information (an overview of vulnerabilities, a method for investigation, a method for countermeasures, and a release date and time). An ID for uniquely identifying the vulnerability information, which is assigned by the vulnerability information data creation unit 212, is set to the vulnerability information ID. Information about the release date and time contained in the vulnerability information is set to the release date and time. 0, which indicates “unreleased”, is set to the release flag when the release date and time is after the current date and time, and 1, which indicates “released” is set to the release flag when the release date and time is before the current date and time. The overview, the method for investigation and the method for countermeasures contained in the vulnerability information are respectively set to the overview, the method for investigation and the method for countermeasures.
  • When 0, which indicates “unreleased”, is set to the release flag of the vulnerability information data (Yes in S103), the vulnerability information data creation unit 212 transmits the vulnerability information data to the vulnerability information data encryption unit 213. The vulnerability information data encryption unit 213 reads a common key from the common key storage unit 214, encrypts information about an overview, a method for investigation and a method for countermeasures in the vulnerability information data by using the read common key (S104), and sends the encrypted vulnerability information data back to the vulnerability information data creation unit 212. The vulnerability information data creation unit 212 stores the vulnerability information data encrypted by the vulnerability information data encryption unit 213 into the vulnerability information data storage unit 215 (S105). On the other hand, when 1, which indicates “released”, is set to the vulnerability information data (No in S103), the vulnerability information data creation unit 212 stores the vulnerability information data into the vulnerability information data storage unit 215 without encrypting it (S105). The vulnerability information data transmitting unit 216 reads the vulnerability information data from the vulnerability information data storage unit 215 (S106), and transmits the read vulnerability information data to the server 310 (S107).
  • (1-2-2) Next, the operation of the server 310 that receives vulnerability information data from the vulnerability information distribution system 210 and transmits vulnerability information data to the agent unit 320 is described with reference to FIG. 6.
  • Referring to FIG. 6, in the server 310, the vulnerability information data receiving unit 311 receives vulnerability information data transmitted from the vulnerability information distribution system 210 (S201). The vulnerability information data receiving unit 311 stores the received vulnerability information data into the vulnerability information data storage unit 312 (S202). The vulnerability information data distribution unit 313 reads the vulnerability information data from the vulnerability information data storage unit 312 (S203), and transmits the read vulnerability information data to the agent unit 320 (S204).
  • In the case where there are a plurality of agent units 320, the server 310 transmits the vulnerability information data to each of the plurality of agent units 320.
  • (1-2-3) The operation of the agent unit 320 that receives vulnerability information data from the server 310, investigates the presence or absence of vulnerabilities in the corresponding terminal 330, and transmits vulnerability investigation results indicating results of the investigation to the server 310 is described with reference to FIG. 7.
  • Referring to FIG. 7, in the agent unit 320, the vulnerability information data receiving unit 321 receives the vulnerability information data transmitted from the server 310 (S301). The vulnerability information data receiving unit 321 stores the received vulnerability information data into the vulnerability information data storage unit 322 (S302). The vulnerability investigation unit 323 reads the vulnerability information data from the vulnerability information data storage unit 322 (S303). When 0, which indicates “unreleased”, is set to the release flag of the read vulnerability information data (Yes in S304), the vulnerability investigation unit 323 transmits the vulnerability information data to the vulnerability information data decryption unit 324. The vulnerability information data decryption unit 324 reads a common key for decryption from the common key storage unit 325, decrypts the information about the method for investigation in the vulnerability information data by using the read common key (S305), and sends the decrypted vulnerability information data back to the vulnerability investigation unit 323. The vulnerability investigation unit 323 investigates the presence or absence of vulnerabilities in the corresponding terminal 330 based on the information about the method for investigation in the vulnerability information data decrypted by the vulnerability information data decryption unit 324 (S306). On the other hand, when 1, which indicates “released”, is set to the release flag of the read vulnerability information data (No in S304), because the information about the method for investigation in the read vulnerability information data is not decrypted, the vulnerability investigation unit 323 investigates the presence or absence of vulnerabilities in the corresponding terminal 330 based on the information about the method for investigation (S306). The vulnerability investigation unit 323 creates vulnerability investigation results indicating investigation results regarding the presence or absence of vulnerabilities in the corresponding terminal 330 (S307).
  • The vulnerability investigation results have a format that contains a vulnerability information ID, a terminal ID, information about an investigation date and time, information about investigation results as shown in FIG. 8. An ID for uniquely identifying the vulnerability information related to the investigated vulnerabilities, which is the vulnerability information ID contained in the vulnerability information data, is set to the vulnerability information ID. An ID for identifying the investigated terminal 330 is set to the terminal ID. Information about the date and time when investigation is conducted is set to the investigation date and time. 0 is set to the investigation results when there are no vulnerabilities in the terminal 330, and 1 is set to the investigation results when there are vulnerabilities in the terminal 330.
  • The vulnerability investigation unit 323 stores the created vulnerability investigation results into the vulnerability investigation result storage unit 326 (S308). The vulnerability investigation result transmitting unit 327 reads the vulnerability investigation results from the vulnerability investigation result storage unit 326 (S309) and transmits the read vulnerability investigation results to the server 310 (S310).
  • In the case where there are a plurality of agent units 320, each of the plurality of agent units 320 performs the operation of FIG. 7 described above.
  • (1-2-4) The operation of the server 310 that receives vulnerability investigation results from the agent unit 320 and stores the vulnerability investigation results into the vulnerability investigation result storage unit 315 is described with reference to FIG. 9.
  • Referring to FIG. 9, in the server 310, the vulnerability investigation result receiving unit 314 receives the vulnerability investigation results transmitted from the agent unit 320 (S401). The vulnerability investigation result receiving unit 314 stores the received vulnerability investigation results into the vulnerability investigation result storage unit 315 (S402).
  • In the case where there are a plurality of agent units 320, the server 310 stores the vulnerability investigation results received from each of the plurality of agent units 320 into the vulnerability investigation result storage unit 315.
  • (1-2-5) The operation of the server 310 that regularly checks the vulnerability information data in the vulnerability information data storage unit 312, decrypts the vulnerability information data whose release date and time is before the current date and time, and stores the decrypted vulnerability information data again into the vulnerability information data storage unit 312 is described with reference to FIG. 10.
  • Referring to FIG. 10, in the server 310, the vulnerability release date and time checking unit 316 checks whether or not the vulnerability information data whose release flag is 0 indicating “unreleased” is stored in the vulnerability information data storage unit 312 on a regular basis (e.g., once in 10 minutes) (S501), and when such vulnerability information data is stored (Yes in S501), the vulnerability release date and time checking unit 316 reads one of such vulnerability information data (S502). When the release date and time of the read vulnerability information data is before the current date and time (Yes in S503), the vulnerability release date and time checking unit 316 transmits the vulnerability information data to the vulnerability information data decryption unit 317. The vulnerability information data decryption unit 317 reads a common key for decryption from the common key storage unit 318, decrypts information about the overview, the method for investigation and the method for countermeasures in the vulnerability information data by using the read common key (S504), and sends the decrypted vulnerability information data back to the vulnerability release date and time checking unit 316. The vulnerability release date and time checking unit 316 sets 1, which indicates “released”, to the release flag of the decrypted vulnerability information data (S505). The vulnerability release date and time checking unit 316 stores the decrypted vulnerability information data where 1 is set to its release flag again into the vulnerability information data storage unit 312 (S506). On the other hand, when the release date and time of the read vulnerability information data is after the current date and time (No in S503), the vulnerability release date and time checking unit 316 stores the read vulnerability information data again into the vulnerability information data storage unit 312 without making any change (S506). Processing on the vulnerability information data read in S502 thereby ends. When the vulnerability information data whose release flag is 0 indicating “unreleased” is still stored in the vulnerability information data storage unit 312 (Yes in S507), the vulnerability release date and time checking unit 316 returns to the processing in S502. On the other hand, when the vulnerability information data whose release flag is 0 indicating “unreleased” is not stored in the vulnerability information data storage unit 312 anymore (No in S501 and No in S507), the vulnerability release date and time checking unit 316 ends the process.
  • (1-2-6) The operation of the server 310 that displays the vulnerability information and the vulnerability investigation results is described with reference to FIG. 11.
  • Referring to FIG. 11, in the server 310, the vulnerability information and investigation result display unit 319 checks whether or not the vulnerability information data whose release flag is 1 indicating “released” is stored in the vulnerability information data storage unit 312 (S601), and when such vulnerability information data is stored (Yes in S601), the vulnerability information and investigation result display unit 319 reads one of such vulnerability information data (S602). When the vulnerability investigation results having a matching vulnerability information ID with the read vulnerability information data and whose investigation results are 1 indicating the presence of vulnerabilities are stored in the vulnerability investigation result storage unit 315 (Yes in S603), the vulnerability information and investigation result display unit 319 reads all of such vulnerability investigation results (S604). The vulnerability information and investigation result display unit 319 displays, on a screen of the server 310, the overview and the method for investigation in the read vulnerability information data and a list of the terminal IDs in the read vulnerability investigation results (S605). On the other hand, when the vulnerability investigation results having a matching vulnerability information ID with the read vulnerability information data and whose investigation results are 1 indicating the presence of vulnerabilities are not stored in the vulnerability investigation result storage unit 315 (No in S603), the vulnerability information and investigation result display unit 319 does not display the results on the screen of the server 310. Processing on the vulnerability information data read in S602 thereby ends. When the vulnerability information data whose release flag is 1 indicating “released” is still stored in the vulnerability information data storage unit 312 (Yes in S606), the vulnerability information and investigation result display unit 319 returns to the processing in S602. On the other hand, when the vulnerability information data whose release flag is 1 indicating “released” is not stored in the vulnerability information data storage unit 312 anymore (No in S601 and No in S606), the vulnerability information and investigation result display unit 319 ends the process.
  • Note that the timing to start the operation of FIG. 11 may be regular timing, or it may be timing when an operation indicating display of vulnerability information and vulnerability investigation results is performed.
  • (1-2-7) The operation of the agent unit 320 that regularly checks the vulnerability information data in the vulnerability information data storage unit 322, decrypts the vulnerability information data whose release date and time is before the current date and time, and stores the decrypted vulnerability information data again into the vulnerability information data storage unit 322 is described with reference to FIG. 12.
  • Referring to FIG. 12, in the agent unit 320, the vulnerability release date and time checking unit 328 checks whether or not the vulnerability information data whose release flag is 0 indicating “unreleased” is stored in the vulnerability information data storage unit 322 on a regular basis (e.g., once in 10 minutes) (S701), and when such vulnerability information data is stored (Yes in S701), the vulnerability release date and time checking unit 328 reads one of such vulnerability information data (S702). When the release date and time of the read vulnerability information data is before the current date and time (Yes in S703), the vulnerability release date and time checking unit 328 transmits the vulnerability information data to the vulnerability information data decryption unit 324. The vulnerability information data decryption unit 324 reads a common key for decryption from the common key storage unit 325, decrypts information about the overview, the method for investigation and the method for countermeasures in the vulnerability information data by using the read common key (S704), and sends the decrypted vulnerability information data back to the vulnerability release date and time checking unit 328 The vulnerability release date and time checking unit 328 sets 1, which indicates “released”, to the release flag of the decrypted vulnerability information data (S705). The vulnerability release date and time checking unit 328 stores the decrypted vulnerability information data where 1 is set to its release flag again into the vulnerability information data storage unit 322 (S706). On the other hand, when the release date and time of the read vulnerability information data is after the current date and time (Yes in S703), the vulnerability release date and time checking unit 328 stores the read vulnerability information data again into the vulnerability information data storage unit 322 without making any change (S706). Processing on the vulnerability information data read in S702 thereby ends. When the vulnerability information data whose release flag is 0 indicating “unreleased” is still stored in the vulnerability information data storage unit 322 (Yes in S707), the vulnerability release date and time checking unit 328 returns to the processing in S702. On the other hand, when the vulnerability information data whose release flag is 0 indicating “unreleased” is not stored in the vulnerability information data storage unit 322 anymore (No in S701 and No in S707), the vulnerability release date and time checking unit 328 ends the process.
  • In the case where there are a plurality of agent units 320, each of the plurality of agent units 320 performs the operation of FIG. 12 described above.
  • (1-2-8) The operation of the agent unit 320 that displays the vulnerability information is described with reference to FIG. 13.
  • Referring to FIG. 13, in the agent unit 320, the vulnerability information display unit 329 checks whether or not the vulnerability information data whose release flag is 1 indicating “released” is stored in the vulnerability information data storage unit 322 (S801), and when such vulnerability information data is stored (Yes in S801), the vulnerability information display unit 329 reads one of such vulnerability information data (S802). When the vulnerability investigation results having a matching vulnerability information ID with the read vulnerability information data and whose investigation results are 1 indicating the presence of vulnerabilities are stored in the vulnerability investigation result storage unit 326 (Yes in S803), the vulnerability information display unit 329 reads such vulnerability investigation results (S804). The vulnerability information display unit 329 displays, on a screen of the corresponding terminal 330, the overview and the method for investigation in the read vulnerability information data (S805). On the other hand, when the vulnerability investigation results having a matching vulnerability information ID with the read vulnerability information data and whose investigation results are 1 indicating the presence of vulnerabilities are not stored in the vulnerability investigation result storage unit 326 (No in S803), the vulnerability information display unit 329 does not display the results on the screen of the corresponding terminal 330. Processing on the vulnerability information data read in S802 thereby ends. When the vulnerability information data whose release flag is 1 indicating “released” is still stored in the vulnerability information data storage unit 322 (Yes in S806), the vulnerability information display unit 329 returns to the processing in S802. On the other hand, when the vulnerability information data whose release flag is 1 indicating “released” is not stored in the vulnerability information data storage unit 322 anymore (No in S801 and No in S806), the vulnerability information display unit 329 ends the process.
  • Note that the timing to start the operation of FIG. 13 may be regular timing, or it may be timing when an operation indicating display of vulnerability information is performed.
  • In the case where there are a plurality of agent units 320, each of the plurality of agent units 320 performs the operation of FIG. 13 described above.
    • (1-3) Effects of First Embodiment
  • As described above, according to the first embodiment, the server 310 transmits encrypted vulnerability information to the agent unit 320 so that the investigation regarding the presence or absence of vulnerabilities in the terminal 330 is completed before a release date and time, and then displays vulnerability investigation results on or after the release date and time.
  • Therefore, a security administrator of the security risk management system using company 300 can know investigation results regarding the presence or absence of vulnerabilities in the terminals 330 of its own company on the release date and time of the vulnerability information, and immediately take the next step of developing countermeasures against vulnerabilities. It is thereby possible to reduce the time needed to take countermeasures against vulnerabilities.
  • It should be noted that, according to the first embodiment, the vulnerability information is decrypted for vulnerability investigation before a release date and time of the vulnerability information in the security risk management system 305. However, the decrypted vulnerability information is displayed on or after the release date and time. Thus, a security administrator and employees of the security risk management system using company 300 are not able to see the vulnerability information before the release date and time, and therefore the secrecy of the vulnerability information is ensured.
    • (2) Second Embodiment
  • A second embodiment corresponds to one embodiment where the dominant conception of the above-described first embodiment is extracted. FIG. 14 shows a block configuration example of a security risk management system 305 according to the second embodiment.
  • Referring to FIG. 14, the security risk management system 305 according to the second embodiment includes a server 310 and an agent unit 320, just like in the first embodiment. The agent unit 320 corresponds to the terminal 330 whose vulnerabilities are to be managed (see FIG. 1), and it is installed into the corresponding terminal 330. Although FIG. 14 shows an example in which one agent unit 320 corresponding to one terminal 330 is placed, if there are a plurality of terminals 330, a plurality of agent units 320 respectively corresponding to the plurality of terminals 330 are placed.
  • The server 310 includes a communication unit 3101 and a presentation unit 3102. The communication unit 3101 corresponds to an element that combines the vulnerability information data distribution unit 313 and the vulnerability investigation result receiving unit 314 according to the first embodiment described above. The presentation unit 3102 corresponds to the vulnerability information and investigation result display unit 319 according to the first embodiment described above.
  • The agent unit 320 includes a communication unit 3201 and an investigation unit 3202. The communication unit 3201 corresponds to an element that combines the vulnerability information data receiving unit 321 and the vulnerability investigation result transmitting unit 327 according to the first embodiment described above. The investigation unit 3202 corresponds to the vulnerability investigation unit 323 according to the first embodiment described above.
  • The operation of the security risk management system 305 according to the second embodiment is described hereinafter with reference to FIG. 15.
  • Referring to FIG. 15, in the server 310, the communication unit 3101 transmits vulnerability information to the agent unit 320 before the release date and time of the vulnerability information (S901). In the case where there are a plurality of agent units 320, the server 310 transmits vulnerability information to each of the plurality of agent units 320.
  • In the agent unit 320, the communication unit 3201 receives vulnerability information transmitted from the server 310 before the release date and time of the vulnerability information (S902). The investigation unit 3202 investigates the presence or absence of vulnerabilities in the corresponding terminal 330 based on the method for investigation contained in the vulnerability information before the release date and time of the vulnerability information (S903). Further, the investigation unit 3202 transmits vulnerability investigation results containing investigation results regarding the presence or absence of vulnerabilities in the terminal 330 to the server 310 before the release date and time of the vulnerability information (S904). In the case where there are a plurality of agent units 320, each of the plurality of agent units 320 performs the operations of S902 to S904 described above.
  • In the server 310, the communication unit 3101 receives the vulnerability investigation results transmitted from the agent unit 320 before the release date and time of the vulnerability information (S905). The presentation unit 3102 presents the vulnerability information and the vulnerability investigation results (for example, displays them on a screen of the server 310) on or after the release date and time of the vulnerability information (S906).
  • As described above, according to the second embodiment, the server 310 transmits vulnerability information to the agent unit 320 so that the investigation regarding the presence or absence of vulnerabilities in the terminal 330 is completed before a release date and time, and then presents vulnerability investigation results on or after the release date and time.
  • Therefore, a security administrator can know investigation results regarding the presence or absence of vulnerabilities in the terminals 330 on the release date and time of the vulnerability information, and immediately take the next step of developing countermeasures against vulnerabilities. It is thereby possible to reduce the time needed to take countermeasures against vulnerabilities.
  • Note that, although the operations of the elements of the server 310 and the agent unit 320 according to the second embodiment are briefly described above, the elements of the server 310 and the agent unit 320 according to the second embodiment may perform the same operations as the corresponding elements in the first embodiment described above. Further, the server 310 and the agent unit 320 according to the second embodiment may further include another element included in the server 310 and the agent unit 320 according to the first embodiment described above.
  • While the present disclosure has been particularly shown and described with reference to embodiments thereof, the present disclosure is not limited to these embodiments. It will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present disclosure as defined by the claims.
  • For example, although the agent unit investigates the presence or absence of vulnerabilities in a terminal in the above-described embodiments, the server may investigate the presence or absence of vulnerabilities in a terminal. In this case, the agent unit may collect only information necessary for investigation from the terminal, and transmits the collected information to the server. The server investigates the presence or absence of vulnerabilities in each terminal based on the information collected from each agent unit.
  • Further, although vulnerability information data whose release flag indicates “released” is read, and then vulnerability investigation results are read based on the read vulnerability information data as shown in FIGS. 11 and 13 in the first embodiment described above, it is not limited thereto. For example, vulnerability investigation results indicating the presence of vulnerabilities may be read first, and then vulnerability information data may be read based on the read vulnerability investigation results.
  • Furthermore, although a plurality of steps (processing steps) are sequentially described in the plurality of flowcharts used in the description above, the order of performing the steps to be performed in the above-described embodiments is not limited to the sequence described above. In the above-described embodiments, the sequence of steps shown in the figures may be changed as appropriate.
  • Further, the whole or part of the embodiments disclosed above can be described as, but not limited to, the following supplementary notes.
    • (Supplementary Note 1)
  • A security risk management system comprising:
  • a server; and
  • an agent unit included in a terminal, wherein
  • the server transmits vulnerability information to the agent unit before a release date and time of the vulnerability information,
  • the agent unit investigates presence or absence of vulnerabilities in the terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information, and transmits vulnerability investigation results containing the investigation results to the server before the release date and time of the vulnerability information, and
  • the server presents the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
    • (Supplementary Note 2)
  • The security risk management system according to Supplementary Note 1, wherein
  • the server transmits the vulnerability information to the agent unit before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding a method for vulnerability investigation, and
  • the agent unit decrypts the information regarding a method for vulnerability investigation contained in the vulnerability information, and investigates presence or absence of vulnerabilities in the terminal based on the decrypted information regarding a method for vulnerability investigation before the release date and time of the vulnerability information.
    • (Supplementary Note 3)
  • The security risk management system according to Supplementary Note 1 or 2, wherein the server stores the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, and transmits the vulnerability information to the agent unit before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, and
  • the agent unit stores the vulnerability information before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures.
    • (Supplementary Note 4)
  • The security risk management system according to Supplementary Note 3, wherein
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information,
  • the server reads the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the stored vulnerability information, and
  • when a release date and time contained in the read vulnerability information is before a current date and time, the server decrypts the information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures contained in the read vulnerability information, sets a value indicating “released” to the release flag added to the read vulnerability information, and stores the read vulnerability information again.
    • (Supplementary Note 5)
  • The security risk management system according to Supplementary Note 4, wherein
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information,
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the server stores the vulnerability investigation results, reads the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the stored vulnerability information, reads the vulnerability investigation results containing the vulnerability information ID matching with the read vulnerability information and containing investigation results indicating presence of vulnerabilities in the terminal from among the stored vulnerability investigation results, and presents an overview and a method for countermeasures contained in the read vulnerability information and presents the terminal ID contained in the read vulnerability investigation results.
    • (Supplementary Note 6)
  • The security risk management system according to Supplementary Note 3, wherein
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information,
  • the agent unit reads the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the stored vulnerability information, and
  • when a release date and time contained in the read vulnerability information is before a current date and time, the agent unit decrypts the information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures contained in the read vulnerability information, sets a value indicating “released” to the release flag added to the read vulnerability information, and stores the read vulnerability information again.
    • (Supplementary Note 7)
  • The security risk management system according to Supplementary Note 6, wherein
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information,
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the agent unit stores the vulnerability investigation results, reads the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the stored vulnerability information, and when the vulnerability investigation results containing the vulnerability information ID matching with the read vulnerability information and containing investigation results indicating presence of vulnerabilities in the terminal are included in the stored vulnerability investigation results, presents an overview and a method for countermeasures contained in the read vulnerability information.
    • (Supplementary Note 8)
  • A server comprising:
  • a communication unit configured to transmit, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information, and receives, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before the release date and time of the vulnerability information, and
  • a presentation unit configured to present the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
    • (Supplementary Note 9)
  • The server according to Supplementary Note 8, wherein the communication unit transmits the vulnerability information to the agent unit before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding a method for vulnerability investigation.
    • (Supplementary Note 10)
  • The server according to Supplementary Note 8 or 9, further comprising:
  • a vulnerability information storage unit configured to store the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, wherein
  • the communication unit transmits the vulnerability information to the agent unit before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures.
    • (Supplementary Note 11)
  • The server according to Supplementary Note 10, further comprising:
  • a release date and time checking unit, wherein
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information,
  • the release date and time checking unit reads the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and
  • when a release date and time contained in the read vulnerability information is before a current date and time, the release date and time checking unit decrypts the information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures contained in the read vulnerability information, sets a value indicating “released” to the release flag added to the read vulnerability information, and stores the read vulnerability information again into the vulnerability information storage unit.
    • (Supplementary Note 12)
  • The server according to Supplementary Note 11, further comprising:
  • a vulnerability investigation result storage unit configured to store the vulnerability investigation results, wherein
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information,
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the presentation unit reads the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the vulnerability information stored in the vulnerability information storage unit, reads the vulnerability investigation results containing the vulnerability information ID matching with the read vulnerability information and containing investigation results indicating presence of vulnerabilities in the terminal from among the vulnerability investigation results stored in the vulnerability investigation result storage unit, and presents an overview and a method for countermeasures contained in the read vulnerability information and presents the terminal ID contained in the read vulnerability investigation results.
    • (Supplementary Note 13)
  • A control method of a server, comprising:
  • a transmission step of transmitting, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information;
  • a step of receiving, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before the release date and time of the vulnerability information; and
  • a presentation step of presenting the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
    • (Supplementary Note 14)
  • The control method according to Supplementary Note 13, wherein the transmission step transmits the vulnerability information to the agent unit before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding a method for vulnerability investigation.
    • (Supplementary Note 15)
  • The control method according to Supplementary Note 13 or 14, further comprising:
  • a step of storing, into a vulnerability information storage unit, the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, wherein
  • the transmission step transmits the vulnerability information to the agent unit before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures.
    • (Supplementary Note 16)
  • The control method according to Supplementary Note 15, wherein
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information, and
  • the control method further comprises:
  • a step of reading the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and
  • a step of, when a release date and time contained in the read vulnerability information is before a current date and time, decrypting the information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures contained in the read vulnerability information, setting a value indicating “released” to the release flag added to the read vulnerability information, and storing the read vulnerability information again into the vulnerability information storage unit.
    • (Supplementary Note 17)
  • The control method according to Supplementary Note 16, wherein
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information,
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the control method further comprises:
  • a step of storing the vulnerability investigation results into a vulnerability investigation result storage unit,
  • a step of reading the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the vulnerability information stored in the vulnerability information storage unit,
  • a step of reading the vulnerability investigation results containing the vulnerability information ID matching with the read vulnerability information and containing investigation results indicating presence of vulnerabilities in the terminal from among the vulnerability investigation results stored in the vulnerability investigation result storage unit, and
  • the presentation step presents an overview and a method for countermeasures contained in the read vulnerability information, and presents the terminal ID contained in the read vulnerability investigation results.
    • (Supplementary Note 18)
  • A non-transitory computer readable medium storing a program causing a computer to execute:
  • a transmission step of transmitting, to an agent unit included in a terminal, vulnerability information before a release date and time of the vulnerability information;
  • a step of receiving, from the agent unit, vulnerability investigation results containing investigation results regarding presence or absence of vulnerabilities in the terminal investigated by the agent unit based on information regarding a method for vulnerability investigation contained in the vulnerability information before a release date and time of the vulnerability information; and
  • a presentation step of presenting the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.
    • (Supplementary Note 19)
  • The non-transitory computer readable medium according to Supplementary Note 18, wherein the transmission step transmits the vulnerability information to the agent unit before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding a method for vulnerability investigation.
    • (Supplementary Note 20)
  • The non-transitory computer readable medium according to Supplementary Note 18 or 19, wherein the program causes the computer to further execute:
  • a step of storing, into a vulnerability information storage unit, the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, wherein
  • the transmission step transmits the vulnerability information to the agent unit before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures.
    • (Supplementary Note 21)
  • The non-transitory computer readable medium according to Supplementary Note 20, wherein
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information, and
  • the program causes the computer to further execute:
  • a step of reading the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and
  • a step of, when a release date and time contained in the read vulnerability information is before a current date and time, decrypting the information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures contained in the read vulnerability information, setting a value indicating “released” to the release flag added to the read vulnerability information, and storing the read vulnerability information again into the vulnerability information storage unit.
    • (Supplementary Note 22)
  • The non-transitory computer readable medium according to Supplementary Note 21, wherein
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information,
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the program causes the computer to further execute:
  • a step of storing the vulnerability investigation results into a vulnerability investigation result storage unit,
  • a step of reading the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the vulnerability information stored in the vulnerability information storage unit,
  • a step of reading the vulnerability investigation results containing the vulnerability information ID matching with the read vulnerability information and containing investigation results indicating presence of vulnerabilities in the terminal from among the vulnerability investigation results stored in the vulnerability investigation result storage unit, and
  • the presentation step presents an overview and a method for countermeasures contained in the read vulnerability information, and presents the terminal ID contained in the read vulnerability investigation results.
    • (Supplementary Note 23)
  • A non-transitory computer readable medium storing a program causing a computer to execute:
  • a receiving step of receiving, from a server, vulnerability information before a release date and time of the vulnerability information;
  • an investigation step of investing presence or absence of vulnerabilities in a terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information before a release date and time of the vulnerability information; and
  • a step of transmitting, to the server, vulnerability investigation results containing investigation results in the investigation step before the release date and time of the vulnerability information.
    • (Supplementary Note 24)
  • The non-transitory computer readable medium according to Supplementary Note 23, wherein
  • the receiving step receives, from the server, the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding a method for vulnerability investigation, and
  • the investigation step decrypts the information regarding a method for vulnerability investigation contained in the vulnerability information, and investigates presence or absence of vulnerabilities in the terminal based on the decrypted information regarding a method for vulnerability investigation before the release date and time of the vulnerability information.
    • (Supplementary Note 25)
  • The non-transitory computer readable medium according to Supplementary Note 23 or 24, wherein
  • the receiving step receives, from the server, the vulnerability information before a release date and time of the vulnerability information, the vulnerability information containing encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures, and
  • the program causes the computer to further execute:
  • a step of storing the vulnerability information into a vulnerability information storage unit before the release date and time of the vulnerability information, the vulnerability information containing the encrypted information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures.
    • (Supplementary Note 26)
  • The non-transitory computer readable medium according to Supplementary Note 25, wherein
  • a release flag to which a value indicating whether the vulnerability information is unreleased or released is set is added to the vulnerability information,
  • the program causes the computer to further execute:
  • a step of reading the vulnerability information to which the release flag to which a value indicating “unreleased” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and
  • a step of, when a release date and time contained in the read vulnerability information is before a current date and time, decrypting the information regarding an overview of vulnerabilities, a method for investigation and a method for countermeasures contained in the read vulnerability information, setting a value indicating “released” to the release flag added to the read vulnerability information, and storing the read vulnerability information again into the vulnerability information storage unit.
    • (Supplementary Note 27)
  • The non-transitory computer readable medium according to Supplementary Note 26, wherein
  • a vulnerability information ID for identifying the vulnerability information is further added to the vulnerability information,
  • the vulnerability investigation results contain a vulnerability information ID for identifying the vulnerability information related to investigated vulnerabilities, a terminal ID for identifying the terminal, and investigation results indicating presence or absence of vulnerabilities in the terminal,
  • the program causes the computer to further execute:
  • a step of storing the vulnerability investigation results into a vulnerability investigation result storage unit,
  • a step of reading the vulnerability information to which the release flag to which a value indicating “released” is set is added from among the vulnerability information stored in the vulnerability information storage unit, and
  • a step of, when the vulnerability investigation results containing the vulnerability information ID matching with the read vulnerability information and containing investigation results indicating presence of vulnerabilities in the terminal are included in the vulnerability investigation results stored in the vulnerability investigation result storage unit, presenting an overview and a method for countermeasures contained in the read vulnerability information.
    • REFERENCE SIGNS LIST
    • 100 VULNERABILITY INFORMATION PROVIDING INSTITUTION
    • 110 VULNERABILITY INFORMATION TRANSMISSION SYSTEM
    • 200 SECURITY RISK MANAGEMENT SYSTEM PROVIDING COMPANY
    • 210 VULNERABILITY INFORMATION DISTRIBUTION SYSTEM
    • 211 VULNERABILITY INFORMATION RECEIVING UNIT
    • 212 VULNERABILITY INFORMATION DATA CREATION UNIT
    • 213 VULNERABILITY INFORMATION DATA ENCRYPTION UNIT
    • 214 COMMON KEY STORAGE UNIT
    • 215 VULNERABILITY INFORMATION DATA STORAGE UNIT
    • 216 VULNERABILITY INFORMATION DATA TRANSMITTING UNIT
    • 300 SECURITY RISK MANAGEMENT SYSTEM USING COMPANY
    • 305 SECURITY RISK MANAGEMENT SYSTEM
    • 310 SERVER
    • 311 VULNERABILITY INFORMATION DATA RECEIVING UNIT
    • 312 VULNERABILITY INFORMATION DATA STORAGE UNIT
    • 313 VULNERABILITY INFORMATION DATA DISTRIBUTION UNIT
    • 314 VULNERABILITY INVESTIGATION RESULT RECEIVING UNIT
    • 315 VULNERABILITY INVESTIGATION RESULT STORAGE UNIT
    • 316 VULNERABILITY RELEASE DATE AND TIME CHECKING UNIT 316
    • 317 VULNERABILITY INFORMATION DATA DECRYPTION UNIT
    • 318 COMMON KEY STORAGE UNIT
    • 319 VULNERABILITY INFORMATION AND INVESTIGATION RESULT DISPLAY UNIT
    • 3101 COMMUNICATION UNIT
    • 3102 PRESENTATION UNIT
    • 320 AGENT UNIT
    • 321 VULNERABILITY INFORMATION DATA RECEIVING UNIT
    • 322 VULNERABILITY INFORMATION DATA STORAGE UNIT
    • 323 VULNERABILITY INVESTIGATION UNIT
    • 324 VULNERABILITY INFORMATION DATA DECRYPTION UNIT
    • 325 COMMON KEY STORAGE UNIT
    • 326 VULNERABILITY INVESTIGATION RESULT STORAGE UNIT
    • 327 VULNERABILITY INVESTIGATION RESULT TRANSMITTING UNIT
    • 328 VULNERABILITY RELEASE DATE AND TIME CHECKING UNIT
    • 329 VULNERABILITY INFORMATION DISPLAY UNIT
    • 3201 COMMUNICATION UNIT
    • 3202 INVESTIGATION UNIT
    • 330 TERMINAL
    • 400 COMPUTER
    • 401 PROCESSOR
    • 402 MEMORY
    • 403 STORAGE
    • 404 INPUT/OUTPUT INTERFACE
    • 4041 DISPLAY DEVICE
    • 4042 INPUT DEVICE
    • 405 COMMUNICATION INTERFACE

Claims (17)

1-15. (canceled)
16. A method performed by a terminal, the method comprising:
receiving, from a server, vulnerability information concerning vulnerability, including a release date and time, and a method for investigation, before the release date and time, wherein the vulnerability information is received by the server from a vulnerability information distribution system; and
investigating the terminal using the method for investigation.
17. The method according to claim 16, wherein
the investigating is performed before the release date and time.
18. The method according to claim 16, further comprising:
sending a result of the investigating to the server.
19. The method according to claim 16, wherein the vulnerability information is encrypted, and the method further comprising:
decrypting the encrypted vulnerability information before the investigating is performed.
20. A method comprising:
receiving, from a vulnerability information distribution system, vulnerability information concerning vulnerability, including a release date and time, and a method for investigation;
transmitting the vulnerability information to a terminal before the release date and time; and
receiving, from the terminal, a result of investigation performed in the terminal using the method for investigation.
21. The method according to claim 20, further comprising:
displaying the result before the release date and time.
22. A method for a system including a server and a terminal comprising:
receiving, by the server from a vulnerability information distribution system, vulnerability information concerning vulnerability, including a release date and time, and a method for investigation;
transmitting, by the server, the vulnerability information to the terminal before the release date and time;
investigating the terminal using the method for investigation; and
receiving, from the terminal, a result of the investigating.
23. A terminal comprising:
one or more processors; and
one or more memories storing executable instructions that, when executed by the one or more processors, causes the one or more processors to perform:
receiving, from a server, vulnerability information concerning vulnerability, including a release date and time, and a method for investigation, before the release date and time, wherein the vulnerability information is received by the server from a vulnerability information distribution system; and
investigating the terminal using the method for investigation.
24. The terminal according to claim 23, wherein
the investigating is performed before the release date and time.
25. The terminal according to claim 23, wherein the one or more processors further perform sending a result of the investigating to the server.
26. The terminal according to claim 23, wherein the vulnerability information is encrypted, and
the one or more processors further perform decrypting the encrypted vulnerability information before the investigating is performed.
27. A server comprising:
one or more processors; and
one or more memories storing executable instructions that, when executed by the one or more processors, causes the one or more processors to perform:
receiving, from a vulnerability information distribution system, vulnerability information concerning vulnerability, including a release date and time, and a method for investigation;
transmitting the vulnerability information to a terminal before the release date and time; and
receiving, from the terminal, a result of investigation performed in the terminal using the method for investigation.
28. The server according to claim 20, wherein the one or more processors further perform:
displaying the result before the release date and time.
29. A system comprising:
a terminal;
a server;
one or more processors; and
one or more memories storing executable instructions that, when executed by the one or more processors, causes the one or more processors to perform:
receiving, by the server from a vulnerability information distribution system, vulnerability information concerning vulnerability, including a release date and time, and a method for investigation;
transmitting, by the server, the vulnerability information to a terminal before the release date and time;
investigating the terminal using the method for investigation; and
receiving, from the terminal, a result of the investigating.
30. A non-transitory computer readable information recording medium storing a program, that when executed by a processor, causes the processor to execute:
receiving, from a server, vulnerability information concerning vulnerability, including a release date and time, and a method for investigation, before the release date and time, wherein the vulnerability information is received by the server from a vulnerability information distribution system; and
investigating the terminal using the method for investigation.
31. A non-transitory computer readable information recording medium storing a program, that when executed by a processor, causes the processor to execute:
receiving, from a vulnerability information distribution system, vulnerability information concerning vulnerability, including a release date and time, and a method for investigation;
transmitting the vulnerability information to a terminal before the release date and time; and
receiving, from the terminal, a result of investigation performed in the terminal using the method for investigation.
US16/953,940 2016-03-25 2020-11-20 Security risk management system, server, control method, and non-transitory computer-readable medium Abandoned US20210165886A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US16/953,940 US20210165886A1 (en) 2016-03-25 2020-11-20 Security risk management system, server, control method, and non-transitory computer-readable medium

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
JP2016-061774 2016-03-25
JP2016061774A JP6690346B2 (en) 2016-03-25 2016-03-25 Security risk management system, server, control method, program
PCT/JP2017/011586 WO2017164269A1 (en) 2016-03-25 2017-03-23 Security risk management system, server, control method, and non-transitory computer-readable medium
US201816084687A 2018-09-13 2018-09-13
US16/953,940 US20210165886A1 (en) 2016-03-25 2020-11-20 Security risk management system, server, control method, and non-transitory computer-readable medium

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
PCT/JP2017/011586 Continuation WO2017164269A1 (en) 2016-03-25 2017-03-23 Security risk management system, server, control method, and non-transitory computer-readable medium
US16/084,687 Continuation US10860722B2 (en) 2016-03-25 2017-03-23 Security risk management system, server, control method, and non-transitory computer-readable medium

Publications (1)

Publication Number Publication Date
US20210165886A1 true US20210165886A1 (en) 2021-06-03

Family

ID=59900346

Family Applications (2)

Application Number Title Priority Date Filing Date
US16/084,687 Active 2037-12-28 US10860722B2 (en) 2016-03-25 2017-03-23 Security risk management system, server, control method, and non-transitory computer-readable medium
US16/953,940 Abandoned US20210165886A1 (en) 2016-03-25 2020-11-20 Security risk management system, server, control method, and non-transitory computer-readable medium

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US16/084,687 Active 2037-12-28 US10860722B2 (en) 2016-03-25 2017-03-23 Security risk management system, server, control method, and non-transitory computer-readable medium

Country Status (6)

Country Link
US (2) US10860722B2 (en)
JP (1) JP6690346B2 (en)
CN (1) CN108885667A (en)
SG (1) SG11201807787PA (en)
TW (1) TWI690863B (en)
WO (1) WO2017164269A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10084811B1 (en) * 2015-09-09 2018-09-25 United Services Automobile Association (Usaa) Systems and methods for adaptive security protocols in a managed system
JP6690346B2 (en) * 2016-03-25 2020-04-28 日本電気株式会社 Security risk management system, server, control method, program
US10990683B2 (en) * 2018-05-25 2021-04-27 At&T Intellectual Property I, L.P. Virtual reality for security augmentation in home and office environments
JP7198122B2 (en) * 2019-03-07 2022-12-28 本田技研工業株式会社 AGENT DEVICE, CONTROL METHOD OF AGENT DEVICE, AND PROGRAM

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110119765A1 (en) * 2009-11-18 2011-05-19 Flexilis, Inc. System and method for identifying and assessing vulnerabilities on a mobile communication device
US20140082736A1 (en) * 2012-09-18 2014-03-20 International Business Machines Corporation Certifying server side web applications against security vulnerabilities
US20140373160A1 (en) * 2011-09-08 2014-12-18 Hitachi, Ltd. Vulnerability countermeasure device and vulnerability countermeasure method
US20160241574A1 (en) * 2015-02-16 2016-08-18 Taasera, Inc. Systems and methods for determining trustworthiness of the signaling and data exchange between network systems
US20180136921A1 (en) * 2015-09-04 2018-05-17 Siemens Aktiengesellschaft Patch management for industrial control systems
US20190052663A1 (en) * 2017-08-10 2019-02-14 Electronics And Telecommunications Research Institute Apparatus for enhancing network security and method for the same
US10579803B1 (en) * 2016-11-17 2020-03-03 Jpmorgan Chase Bank, N.A. System and method for management of application vulnerabilities
US10860722B2 (en) * 2016-03-25 2020-12-08 Nec Corporation Security risk management system, server, control method, and non-transitory computer-readable medium

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7130611B2 (en) * 2000-11-16 2006-10-31 Ntt Docomo, Inc. Moving status information providing method and server
US6873988B2 (en) * 2001-07-06 2005-03-29 Check Point Software Technologies, Inc. System and methods providing anti-virus cooperative enforcement
AU2003273085A1 (en) * 2002-10-22 2004-05-13 Unho Choi Integrated emergency response system in information infrastructure and operating method therefor
JP2004259197A (en) * 2003-02-27 2004-09-16 International Network Securitiy Inc Information security audit system
JP4186987B2 (en) * 2003-07-11 2008-11-26 日本電信電話株式会社 Database access control method, database access control device, database access control program, and recording medium storing the program
JP2006011510A (en) * 2004-06-22 2006-01-12 Yokogawa Electric Corp Fragility checking system
JP4617781B2 (en) * 2004-08-31 2011-01-26 沖電気工業株式会社 Communication system, communication method, and communication program
JP4137044B2 (en) * 2004-10-29 2008-08-20 株式会社コナミデジタルエンタテインメント GAME PROGRAM, GAME DEVICE, AND GAME CONTROL METHOD
TWI269157B (en) 2004-12-30 2006-12-21 Secureuni Technologies Co Ltd Method for operation of vulnerability management
JP2007122408A (en) * 2005-10-28 2007-05-17 Hitachi Ltd Client security management system
JP2009015570A (en) 2007-07-04 2009-01-22 Nippon Telegr & Teleph Corp <Ntt> System and method for distributing vulnerability information
WO2009015671A1 (en) * 2007-07-31 2009-02-05 Sony Corporation Automatically protecting computer systems from attacks that exploit security vulnerabilities
CN101510285A (en) * 2009-03-25 2009-08-19 钟明 Self-service inquisition system and inquisition method
US9256746B2 (en) * 2012-12-14 2016-02-09 Vmware, Inc. Device and method for remediating vulnerabilities
US20140366140A1 (en) * 2013-06-10 2014-12-11 Hewlett-Packard Development Company, L.P. Estimating a quantity of exploitable security vulnerabilities in a release of an application
US9298923B2 (en) * 2013-09-04 2016-03-29 Cisco Technology, Inc. Software revocation infrastructure
US10360271B2 (en) * 2014-02-25 2019-07-23 Sap Se Mining security vulnerabilities available from social media
US9654497B2 (en) * 2015-04-04 2017-05-16 International Business Machines Corporation Virus-release-date-based priority virus scanning
US9990501B2 (en) * 2015-06-24 2018-06-05 Alcatel Lucent Diagnosing and tracking product vulnerabilities for telecommunication devices via a database

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110119765A1 (en) * 2009-11-18 2011-05-19 Flexilis, Inc. System and method for identifying and assessing vulnerabilities on a mobile communication device
US20140373160A1 (en) * 2011-09-08 2014-12-18 Hitachi, Ltd. Vulnerability countermeasure device and vulnerability countermeasure method
US20140082736A1 (en) * 2012-09-18 2014-03-20 International Business Machines Corporation Certifying server side web applications against security vulnerabilities
US20160241574A1 (en) * 2015-02-16 2016-08-18 Taasera, Inc. Systems and methods for determining trustworthiness of the signaling and data exchange between network systems
US20180136921A1 (en) * 2015-09-04 2018-05-17 Siemens Aktiengesellschaft Patch management for industrial control systems
US10860722B2 (en) * 2016-03-25 2020-12-08 Nec Corporation Security risk management system, server, control method, and non-transitory computer-readable medium
US10579803B1 (en) * 2016-11-17 2020-03-03 Jpmorgan Chase Bank, N.A. System and method for management of application vulnerabilities
US20190052663A1 (en) * 2017-08-10 2019-02-14 Electronics And Telecommunications Research Institute Apparatus for enhancing network security and method for the same

Also Published As

Publication number Publication date
JP6690346B2 (en) 2020-04-28
JP2017174289A (en) 2017-09-28
SG11201807787PA (en) 2018-10-30
US10860722B2 (en) 2020-12-08
WO2017164269A1 (en) 2017-09-28
US20190080095A1 (en) 2019-03-14
TW201740320A (en) 2017-11-16
TWI690863B (en) 2020-04-11
CN108885667A (en) 2018-11-23

Similar Documents

Publication Publication Date Title
US20210165886A1 (en) Security risk management system, server, control method, and non-transitory computer-readable medium
CN110245510B (en) Method and apparatus for predicting information
KR101882207B1 (en) Hospital security system that stores patient information on a blockchain basis
CN110582987B (en) Method and system for exchanging sensitive information between multiple entity systems
US10074088B2 (en) Methods, apparatus and computer program products for securely accessing account data
US11283778B2 (en) Data exchange system, method and device
EP3393081B1 (en) Selective data security within data storage layers
CN105809042A (en) Information protection method and device, information display method and device, and terminal
US9779258B2 (en) Confidential extraction of system internal data
US20150312217A1 (en) Client-side encryption of form data
US10528708B2 (en) Prevention of unauthorized resource updates
US20170200020A1 (en) Data management system, program recording medium, communication terminal, and data management server
CN110545542A (en) Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment
CN113794706B (en) Data processing method and device, electronic equipment and readable storage medium
JP7468717B2 (en) Terminal, control method, and program
JP6911967B2 (en) Security risk management system, terminal, server, control method, program
CN113992345A (en) Method and device for encrypting and decrypting webpage sensitive data, electronic equipment and storage medium
CN117390658B (en) Data security engine, data security access system and access method
CN113505364B (en) Password protection method, electronic device and computer-readable storage medium
US20230396444A1 (en) Data transaction management apparatus, data transaction management method, and computer readable medium
CN114844694B (en) Information processing method, apparatus, device and storage medium
US20200110887A1 (en) Protecting displayed data by encrypting pixels
TWI501103B (en) Sequential data safekeeping system
CN115238310A (en) Data encryption and decryption method, device, equipment and storage medium
CN115270106A (en) Data processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
STPP Information on status: patent application and granting procedure in general

Free format text: APPLICATION DISPATCHED FROM PREEXAM, NOT YET DOCKETED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION