WO2023084791A1 - 情報管理装置、システム及び方法、並びに、コンピュータ可読媒体 - Google Patents

情報管理装置、システム及び方法、並びに、コンピュータ可読媒体 Download PDF

Info

Publication number
WO2023084791A1
WO2023084791A1 PCT/JP2021/041971 JP2021041971W WO2023084791A1 WO 2023084791 A1 WO2023084791 A1 WO 2023084791A1 JP 2021041971 W JP2021041971 W JP 2021041971W WO 2023084791 A1 WO2023084791 A1 WO 2023084791A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
configuration information
software
configuration
evaluation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2021/041971
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
一彰 中島
啓文 植田
衣緒 古山
良彰 中嶋
亮太 佐藤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
NTT Inc
Original Assignee
NEC Corp
Nippon Telegraph and Telephone Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp, Nippon Telegraph and Telephone Corp filed Critical NEC Corp
Priority to JP2023559397A priority Critical patent/JP7794481B2/ja
Priority to CN202180104127.6A priority patent/CN118159949A/zh
Priority to EP21964144.6A priority patent/EP4411547A4/en
Priority to PCT/JP2021/041971 priority patent/WO2023084791A1/ja
Publication of WO2023084791A1 publication Critical patent/WO2023084791A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates to an information management device, system, method, and computer-readable medium, and more particularly to an information management device, system, method, and computer-readable medium for managing configuration information of an information system.
  • An information system consists of various components such as hardware such as a large number of information processing devices and network devices, software installed in each device, and communication networks connected to these devices. Therefore, an information system is constructed by intricately linking multiple components.
  • the information system is developed through the manufacturer of each component, the inspection business, and the system integrator, delivered to the user business, and operated by the user business. In this way, an information system involves a supply chain from manufacturers to user businesses.
  • Patent Document 1 discloses a technique related to a log collection control system for system administrators to monitor the risk of vulnerabilities in devices that make up a managed system.
  • the purpose of the present disclosure is to support the operation of information systems by sharing information obtained at each stage from manufacturing to operation regarding each component of the information system and the relationship between the elements.
  • An information management device includes: Acquiring first evaluation information for the first element in any first stage from the development stage of at least the first element among the plurality of elements constituting the information system to the operation stage of the information system. , a first registration means for registering in a database the first configuration information corresponding to the first element and the first evaluation information in association with each other; In a second stage other than the first stage among the development stage to the operation stage, first state information indicating the state of the first element is acquired, and the first configuration information and the first element are acquired.
  • a second registration means for registering in the database in association with the state information of
  • a plurality of pieces of configuration information corresponding to each of the plurality of elements are displayed in a connection form based on the relationship between the elements, and the first configuration information and the first state information are displayed.
  • display means for displaying the first evaluation information in a connection form based on the association in the database; Prepare.
  • An information management system includes: a database in which first configuration information corresponding to at least a first element among a plurality of elements constituting an information system is registered; an information management device connected to the database; with The information management device At any one stage from the development stage of the first element to the operation stage of the information system, first evaluation information for the first element is obtained, and the first configuration information and the first element are obtained. Register in the database in association with the evaluation information of 1, In a second stage other than the first stage among the development stage to the operation stage, first state information indicating the state of the first element is acquired, and the first configuration information and the first element are acquired.
  • a plurality of pieces of configuration information corresponding to each of the plurality of elements are displayed in a connection form based on the relationship between the elements, and the first configuration information and the first state information are displayed.
  • the first evaluation information is displayed in a connection form based on the association in the database.
  • An information management method includes: the computer Acquiring first evaluation information for the first element in any first stage from the development stage of at least the first element among the plurality of elements constituting the information system to the operation stage of the information system. , registering in a database the first configuration information corresponding to the first element and the first evaluation information in association with each other; acquiring first state information indicating the state of the first element in a second stage other than the first stage among the development stage to the operation stage; registering the first configuration information and the first state information in association with the database; In response to a display request, a plurality of pieces of configuration information corresponding to each of the plurality of elements are displayed in a connection form based on the relationship between the elements, and the first configuration information and the first state information are displayed. The first evaluation information is displayed in a connection form based on the association in the database.
  • a non-transitory computer-readable medium storing a program according to the fourth aspect of the present disclosure Acquiring first evaluation information for the first element in any first stage from the development stage of at least the first element among the plurality of elements constituting the information system to the operation stage of the information system. , a first registration process of associating the first configuration information corresponding to the first element with the first evaluation information and registering them in a database; In a second stage other than the first stage among the development stage to the operation stage, first state information indicating the state of the first element is acquired, and the first configuration information and the first element are acquired.
  • a second registration process for registering in the database in association with the state information of In response to a display request, a plurality of pieces of configuration information corresponding to each of the plurality of elements are displayed in a connection form based on the relationship between the elements, and the first configuration information and the first state information are displayed.
  • a method and program can be provided.
  • FIG. 1 is a block diagram showing the configuration of an information management device according to the first embodiment
  • FIG. 4 is a flow chart showing the flow of an information management method according to the first embodiment
  • FIG. 11 is a block diagram showing the overall configuration of an information management system according to a second embodiment
  • FIG. 11 is a diagram for explaining the concept of information sharing related to the information system according to the second embodiment
  • FIG. 11 is a diagram showing an example of a configuration information table in a shared database according to the second embodiment
  • FIG. FIG. 10 is a diagram showing examples of a state information table and an evaluation information table in a shared database according to the second embodiment
  • FIG. FIG. 11 is a block diagram showing the configuration of an information management apparatus according to the second embodiment
  • FIG. 11 is a sequence diagram showing the flow of an information management method according to the second embodiment;
  • FIG. 11 is a sequence diagram showing the flow of an information management method according to the second embodiment;
  • FIG. 10 is a diagram showing an example of a connection form of configuration information, status information, and evaluation information of an information system according to the second embodiment;
  • FIG. 10 is a diagram showing an example of display information of a plurality of pieces of configuration information, status information, and evaluation information according to the second embodiment;
  • FIG. 11 is a block diagram showing the configuration of an information management device according to a third embodiment;
  • FIG. FIG. 13 is a diagram showing the relationship between software configuration information and software inspection result information according to example 3-1 of the third embodiment;
  • FIG. 13 is a flow chart showing the flow of update processing according to example 3-1 of the third embodiment
  • FIG. FIG. 12 is a diagram showing the relationship among software configuration information, hash value history, and software inspection result information according to example 3-2 of the third embodiment
  • FIG. 13 is a flow chart showing the flow of update processing according to example 3-2 of the third embodiment
  • FIG. 13 is a diagram showing an example of display information of a plurality of pieces of configuration information, status information, and evaluation information according to example 3-2 of the third embodiment;
  • FIG. 1 is a block diagram showing the configuration of an information management device 1 according to the first embodiment.
  • the information management device 1 is an information processing device for managing information related to an information system (not shown) composed of a plurality of elements.
  • elements include the information system itself, hardware such as network equipment and computer servers, software installed in each hardware, hardware components, software components, and the like.
  • An “information system” is constructed through multiple stages, such as the development stage and inspection stage for multiple elements by various manufacturers, and the integration stage for building an information system by integrating each element by a system integrator. be.
  • each business acquires and generates status information and evaluation information regarding each element as necessary at each stage, and registers them in the database via the information management device 1 .
  • the information management device 1 associates the configuration information with the status information or the evaluation information and registers them in the database.
  • the system integrator inputs relationships between multiple elements to the information management apparatus 1 .
  • the information management device 1 associates a plurality of pieces of configuration information corresponding to each element based on the relationship between the elements and registers them in the database.
  • the user business provides services by operating the information system constructed through each stage by the various business operators described above.
  • the information management device in response to a request from a user business operator or another business operator, establishes the relationship between a plurality of configuration information regarding the information system and the relationship between each configuration information and the status information and the evaluation information. Visualize and display.
  • configuration information is information corresponding to the element.
  • the configuration information includes identification information of the entire information system, equipment, model, software, parts, etc., and information describing the contents and specifications thereof.
  • Specification is information that defines what kind of "intrinsic function" each system, device, component (hardware or software), etc. represented by the configuration information has and whether it is provided to the outside. be.
  • the specification defines the physical or electrical input/output (physical action, display, transmission/reception of data or signals, etc.) of the object.
  • Relationships between elements refer to connection relationships, topologies, inclusion relationships, and the like between elements in an information system. Examples of the relationship between elements include, but are not limited to, the relationship between an element “finished product” and the elements “parts” that constitute it, and the relationship between parts of a specific finished product.
  • State information is information resulting from an action or manipulation of an element. For example, the state information is a device or software log, resource usage, and the like.
  • evaluation information is information calculated based on an arbitrary index for an element. For example, evaluation information includes equipment, software, inspection results for the entire information system, and security risk information.
  • the information management device 1 includes a first registration unit 11, a second registration unit 12, and a display unit 13. It is assumed that the information management device 1 is connected to the above-described database and terminals of each business via a communication network. However, the information management device 1 may incorporate a database.
  • the first registration unit 11 acquires first evaluation information for a first element, and associates first configuration information corresponding to the first element with the first evaluation information.
  • Register in the database the first stage is any stage from the development stage of at least the first element among the plurality of elements constituting the information system to the operation stage of the information system.
  • each player (enterprise) in the supply chain includes each stage involved in the development, inspection, integration, operation, etc. of each element of the information system.
  • the second registration unit 12 acquires first state information indicating the state of the first element, associates the first configuration information with the first state information, and registers the first state information in the database.
  • the second stage is a stage other than the first stage among the development stage to the operation stage of the information system described above. Therefore, the order of the first step and the second step can be either first or in parallel.
  • the information management device 1 acquires and registers at least the status information and the evaluation information regarding the common first element in different stages such as the first stage and the second stage.
  • different supply chain players may be used in the first stage and the second stage.
  • a plurality of departments within one player may provide information and request registration in the first and second stages, respectively.
  • connection form refers to a display form that visualizes the association between pieces of information, such as linking between pieces of configuration information and linking between pieces of configuration information, state information, and evaluation information.
  • connection form may be display information in which a predetermined topology is visualized.
  • the connection form may be tree type, ring type (loop type), daisy chain type (line type), star type, bus type, mesh type, or any other form, or a combination of some or all of these. etc.
  • FIG. 2 is a flow chart showing the flow of the information management method according to the first embodiment.
  • the first registration unit 11 acquires first evaluation information for a first element among a plurality of elements (S11). For example, the first registration unit 11 receives the first evaluation information from the terminal of one of the businesses mentioned above. At this time, the first registration unit 11 may acquire the first configuration information corresponding to the first element together with the first evaluation information. Alternatively, the first configuration information may be registered in the database in advance.
  • the first registration unit 11 associates the first configuration information with the first evaluation information and registers them in the database (S12).
  • the second registration unit 12 acquires first state information indicating the state of the first element (S13). For example, the second registration unit 12 receives the first state information from a terminal of a business operator different from that in step S11. At this time, the second registration unit 12 may acquire the first configuration information together with the first state information.
  • the second registration unit 12 associates the first configuration information with the first state information and registers them in the database (S14).
  • steps S11 and S12 and steps S13 and S14 are parallel in FIG. 2, the order of these steps does not matter as described above.
  • steps S11 and S12 of the first stage may be performed first, and then steps S13 and S14 of the second stage may be performed.
  • steps S13 and S14 of the second stage may be performed first, and then steps S11 and S12 of the first stage may be performed.
  • the display unit 13 receives a display request for information on the information system from any of the above-mentioned business operators' terminals.
  • the database has associated and registered a plurality of pieces of configuration information corresponding to each of the plurality of elements based on the relationship between the elements.
  • the display unit 13 displays the plurality of pieces of configuration information in a connection form based on the relationship between the elements, and displays the first configuration information, the first state information, and the first evaluation. information is displayed in the form of connection based on the association in the database (S15). It should be noted that step S15 may be continuously executed in the later stage between the first stage and the second stage.
  • status information and evaluation information regarding a specific element are acquired from different operators at different timings, and configuration information and status information corresponding to the specific element are stored in a common database. Evaluation information is associated and registered. Then, the information management device 1 visualizes the associated configuration information, status information, and evaluation information in a predetermined connection form. Therefore, the user who has made the display request can easily grasp the relationship between the configuration information, the status information, and the evaluation information. Further, in the first embodiment, a plurality of pieces of configuration information are visualized by connection forms based on relationships between elements. Therefore, a player in the supply chain who has made the display request, such as a user business operator, can easily grasp the relationships between the multiple elements that make up the information system.
  • the user company can browse the status information and evaluation information of specific elements by tracing the relationship between the configuration information.
  • the user company can obtain information that cannot be obtained only at the operation stage without inquiring of each company, and can grasp the security risks and the like of the information system and take appropriate measures. Therefore, supply chain risks can be reduced.
  • manufacturers and the like can easily check log information, alert information, evaluation information by a third party, and the like in the operation stage. This information can be used to improve our products. Therefore, information system operation can be supported by sharing information obtained at each stage from manufacturing to operation regarding each component of the information system and the relationship between the elements.
  • the database mentioned above is a storage location for electronic data realized by means that can be shared by each business operator.
  • the database may be connected to a plurality of computers via a network or the like and shared by each computer, and the sharing may be realized by various means.
  • the database is not limited to a relational database, and may be another database system.
  • the database may be placed on a publicly accessible web server and shared by freely accessing a URL (Uniform Resource Locator) as an ID of configuration information.
  • the database may be shared by a method of distribution using a P2P (Peer to Peer) network.
  • the database may be shared among businesses using blockchain.
  • the database may be written in an electronic recording medium such as a CD (Compact Disc) or a DVD (digital versatile disc), published periodically, and shared by each business operator.
  • the information management device 1 includes a processor, memory, and storage device (not shown). Further, the storage device stores a computer program in which the processing of the information management method according to the present embodiment is implemented. Then, the processor loads a computer program or the like from the storage device into the memory and executes the computer program. Thereby, the processor realizes the functions of the first registration unit 11 , the second registration unit 12 and the display unit 13 .
  • each component of the information management device 1 may be realized by dedicated hardware. Also, part or all of each component of each device may be implemented by general-purpose or dedicated circuitry, processors, etc., or combinations thereof. These may be composed of a single chip, or may be composed of multiple chips connected via a bus. A part or all of each component of each device may be implemented by a combination of the above-described circuits and the like and programs.
  • a processor a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), an FPGA (Field-Programmable Gate Array), a quantum processor (quantum computer control chip), or the like can be used.
  • the present embodiment is made to solve such a problem.
  • FIG. 3 is a block diagram showing the overall configuration of an information management system 1000 according to the second embodiment.
  • the information management system 1000 is a shared database that associates configuration information, status information, and evaluation information partially registered from each business operator in the supply chain related to the construction of the information system 400, and the relationship between each configuration information. 200.
  • the information management system 1000 includes terminals 100-1 to 100-6, a shared database 200, an information management device 300 and an information system 400.
  • FIG. Terminals 100-1 to 100-6, shared database 200, information management device 300 and information system 400 are connected via network N, respectively.
  • the network N is a wired or wireless communication line or communication network.
  • the network N does not care about the type of communication protocol.
  • the information system 400 is managed by the information management system 1000 .
  • the information system 400 includes, for example, a NW (Network) device 41 and servers 42 and 43 .
  • NW Network
  • the NW device 41 is a communication device that mediates communication between the network N and the servers 42 and 43 .
  • the NW device 41 may form a LAN (Local Area Network) between the servers 42 and 43 .
  • the NW device 41 includes hardware 411 and software 412 .
  • Software 412 is a computer program installed on hardware 411 .
  • the servers 42 and 43 are a group of computer servers that perform processing to provide services in the information system 400 .
  • the server 42 has hardware 421 and software 422
  • the server 43 has hardware 431 and software 432 .
  • Software 422 is a computer program installed on hardware 421 .
  • Software 432 is a computer program installed on hardware 431 .
  • the hardware 411 , 421 and 431 and the software 412 , 422 and 432 are examples of “elements” that make up the information system 400 . Therefore, the information system 400 may be at least one NW device 41 .
  • there are multiple elements of hardware 411 and software 412 and there is a relationship between the elements that hardware 411 includes software 412 .
  • the hardware 411 and the like and the software 412 and the like may each include one or more hardware components and software components as constituent elements.
  • the shared database 200 associates a plurality of pieces of configuration information corresponding to each of the plurality of elements that make up the information system 400 based on the relationship between the elements, and associates specific configuration information with status information and evaluation information for the configuration information. It is a database that is associated and managed.
  • the information management device 300 is an example of the information management device 1 described above.
  • the information management device 300 receives configuration information, status information, evaluation information, relationships between elements, etc. from the terminals 100-1 to 100-6 via the network N, appropriately associates the information, and registers them in the shared database 200. do. Further, when the information management device 300 receives a display request from the terminals 100-1 to 100-6 via the network N, the information management device 300 reads various types of information about the information system 400 from the shared database 200, and based on the relationship between the elements. Display information is generated by connecting the configuration information in the same connection form.
  • the information management device 300 reads the configuration information, the status information, and the evaluation information associated in the shared database 200 according to the display information, and generates display information connected in a connection form based on the association.
  • the information management device 300 returns the generated display information to the requesting terminal and displays it on the screen of the terminal.
  • the information management apparatus 300 may be made redundant by a plurality of servers, and each functional block may be realized by a plurality of computers. A detailed configuration of the information management device 300 will be described later.
  • Terminals 100 - 1 to 100 - 6 are information processing devices that access shared database 200 via information management device 300 .
  • the terminal 100-1 is operated by a parts manufacturer P1
  • the terminal 100-2 is operated by an equipment manufacturer P2
  • the terminal 100-3 is operated by a software vendor P3.
  • the terminal 100-4 is operated by the inspection company P4
  • the terminal 100-5 is operated by the system integrator P5
  • the terminal 100-6 is operated by the user company P6.
  • the terminals 100-1 to 100-6 are merely examples, and the parts manufacturer P1 or the like may have two or more terminals.
  • FIG. 4 is a diagram for explaining the concept of information sharing related to the information system according to the second embodiment.
  • a parts manufacturer P1, an equipment manufacturer P2, a software vendor P3, an inspection company P4, a system integrator P5, and a user company P6 are examples of supply chain players in the information system 400.
  • the parts manufacturer P1 is a business that develops and manufactures some parts of the hardware of the NW device 41, server 42 or 43.
  • the device manufacturer P2 is a business entity that develops and manufactures at least one product (device) of the NW device 41 and the server 42 or 43 .
  • the equipment manufacturer P2 may develop hardware and software for the equipment.
  • the software vendor P3 is a company that develops software for at least one of the NW device 41 and the server 42 or 43 .
  • the parts manufacturer P1, the equipment manufacturer P2, and the software vendor P3 use the terminal 100-1 or the like to generate the configuration information 21 of the parts, equipment, and software in the development stage of the parts, equipment, and software, and use the shared database 200 to register.
  • the parts manufacturer P1 or the like may generate status information and evaluation information (inspection information, etc.) of the relevant parts, etc., and register them in the shared database 200 as necessary.
  • the information management device 300 associates the configuration information 21 such as parts with the state information 22 and the evaluation information 23 and registers them in the shared database 200 .
  • different companies may develop multiple types of components, devices, and software.
  • the inspection company P4 is a company that inspects (tests) parts, equipment, software, or the entire information system 400 .
  • the inspection company P4 may perform inspections in response to requests from other companies in the supply chain.
  • the inspection agency P4 uses the terminal 100-4 to generate status information and evaluation information (inspection information and security risk information) of the relevant parts, etc., and register them in the shared database 200.
  • FIG. At this time, the information management device 300 associates the configuration information 21 such as parts with the state information 22 and the evaluation information 23 and registers them in the shared database 200 .
  • the system integrator P5 is a business operator that builds the information system 400 by developing application programs as necessary, performing various settings for the NW devices 41, servers 42 and 43, and integrating them.
  • the system integrator P5 uses the terminal 100-5 to generate configuration information of the information system 400, specify relationships between elements, and register them in the shared database 200.
  • FIG. the information management device 300 associates each piece of configuration information 21 based on the relationship between the elements and registers them in the shared database 200 .
  • the system integrator P5 may generate status information and evaluation information (examination information, etc.) of the information system 400 and register them in the shared database 200 as necessary.
  • the information management device 300 associates the configuration information 21 of the information system 400 with the state information 22 and the evaluation information 23 and registers them in the shared database 200 .
  • the user business operator P6 is a business operator that conducts final evaluation of the constructed information system 400 and operates and maintains it. In the evaluation stage, the user operator P6 generates state information and evaluation information (security risk information) of the information system 400 using the terminal 100-6, and registers them in the shared database 200. FIG. At this time, the information management device 300 associates the configuration information 21 of the information system 400 with the status information 22 and the evaluation information 23 and registers them in the shared database 200 .
  • each of the NW device 41, server 42, and server 43 registers its own log information and alert information in the shared database 200.
  • the information management device 300 associates the relevant configuration information 21 with the state information 22 and registers them in the shared database 200 .
  • any one of the parts manufacturer P1 to the user business P6 can thereafter make a display request via the terminal 100-1 or the like, thereby obtaining each configuration information and status information of the information system 400 registered in the shared database 200.
  • the display information of the evaluation information can be browsed.
  • the partially registered information can be shared on the shared platform at different timings by a plurality of business operators.
  • the present embodiment has the following usage examples.
  • a given device manufacturer develops (manufactures) a device, it generates device configuration information that represents the hardware and software configuration of the device, and at the same time, "evaluation information" as a self-evaluation of the device. is shared in addition to the device configuration information. Then, the equipment maker shares the target equipment in this way, and then ships or distributes the target equipment to the market.
  • the parts manufacturer prior to the development stage of the above equipment, at the development stage of the parts (individual parts such as hardware parts and software parts) necessary for the development of the above equipment, the parts manufacturer must provide configuration information (or Generate and share self-assessment evaluation information). Then, the parts manufacturer shares the configuration information and the like of the parts, and then ships the parts and distributes them to the market.
  • the inspection business operator adds and shares the "evaluation information", which is the evaluation result of the product, to the "configuration information" of the product, etc.
  • the device maker and parts maker refer to the evaluation information associated with the configuration information of the product, etc., confirm the reliability of the product, etc., and then ship or distribute the product or parts to the market. be able to.
  • the device manufacturer refers to the configuration information (and associated "evaluation information") of the component when procuring the component manufactured by the component manufacturer, and evaluates the reliability of the component. After confirming, it is possible to determine whether or not the part can be used.
  • a device manufacturer other than the above procures the above-mentioned device as a base device, adds functions (processes), and when re-shipping the device, the content of the configuration Generate and share "configuration information" with updated information. Then, the other device maker ships and distributes the device after adding the functions to the market.
  • the user company that procured the above equipment will change the settings of the equipment and incorporate it into their own equipment.
  • the user company reflects (updates) the configuration change corresponding to the setting change etc. in the "configuration information" of the device and shares it. Then, the user company starts operating the target device.
  • the user business operator when a new device is incorporated into the company's equipment as described above, the user business operator will add the relationship with the device to the configuration information representing the "system" corresponding to the equipment. By specifying the information, the device configuration information is associated with the system configuration information, updated, and shared. Then, the user company starts or continues the operation of the target system.
  • the above-mentioned user business acquires "state information" that represents various operating conditions during operation from the system and the equipment that constitutes it.
  • the user business continues to update and share the configuration information of the system and the devices that make up the system each time during operation.
  • the above user business operator evaluates (for example, vulnerability inspection, risk assessment, etc.) based on "configuration information", “evaluation information”, and “state information” )I do. Then, the user business adds or updates new "evaluation information" to the configuration information, and updates and shares the configuration information of the system.
  • FIG. 5 is a diagram showing an example of the configuration information table in the shared database according to the second embodiment.
  • the system configuration table 210 manages configuration information regarding the information system.
  • the system configuration table 210 includes system ID 211, content information 212, device ID 2131, .
  • the system ID 211 is identification information of the information system 400 .
  • the content information 212 is text information or the like indicating the content of the information system 400, such as the name, application, overview, specifications, etc. of the system.
  • the device ID 2131 and the like are identification information of a plurality of devices forming the information system 400 .
  • the device configuration table 220 manages configuration information regarding the devices that make up the information system 400 .
  • the device configuration table 220 includes device configuration records 221-22n.
  • the device configuration record 221 is configuration information of a specific device, and includes a device ID 2211 , content information 2212 and model ID 2213 .
  • the device ID 2211 is identification information of the device, such as the manufacturing number of the product.
  • the content information 2212 is text information or the like indicating the content of the device, such as the name, outline, and specifications of the device.
  • the model ID 2213 is identification information of the model of the device.
  • the device configuration record 22n includes a device ID 22n1, content information 22n2, and model ID 22n3.
  • the system configuration table 210 and the device configuration table 220 are associated on a one-to-many basis.
  • the model configuration table 230 manages configuration information regarding the models that can be used for the devices.
  • the model configuration table 230 includes model configuration records 231 to 23i (i is a natural number equal to or greater than 1).
  • the model configuration record 231 is configuration information of a specific model, and includes a model ID 2311, content information 2312, and software IDs 23131 to 2313m (m is a natural number of 1 or more).
  • the model ID 2311 is model identification information, such as the model number of the device.
  • the content information 2312 is text information or the like indicating the content of the model, such as the name, outline, and specifications of the model.
  • the software ID 23131 is identification information of software installed in the device corresponding to the model.
  • the model configuration record 23i includes a model ID 23i1, content information 23i2, and software IDs 23i31 to 23i3j (j is a natural number equal to or greater than 1).
  • the model ID 2213 of the device configuration record 221, the model ID 22n3 of the device configuration record 22n, and the model ID 2311 of the device configuration record 231 are the same.
  • the device configuration record and the model configuration record are associated in a many-to-one relationship. For example, this applies when the servers 42 and 43, which are devices, are of the same model.
  • the device configuration record and the model configuration record may be associated at least one-to-one.
  • the device configuration table 220 and the model configuration table 230 may be one table.
  • model configuration information may be included as content information of the device configuration.
  • the software configuration table 240 manages configuration information regarding software installed in the device.
  • the software configuration table 240 includes software configuration records 241-24m.
  • the software configuration table 240 includes configuration information of software installed in models other than the model configuration record 231, but illustration is omitted.
  • the software configuration record 241 is configuration information of specific software and includes a software ID 2411 and content information 2412 .
  • the software ID 2411 is software identification information.
  • the content information 2412 is text information or the like indicating the content of the software, such as the name, type, outline, specifications, etc. of the software.
  • the types of software are, for example, modules, libraries, drivers, firmware, etc., but are not limited to these.
  • system configuration table 210 does not necessarily store the device ID 2131 and the like, and a separate table that associates the system ID 211 with the device IDs 2131 to 213n may be used.
  • the system ID 211 may be stored in each of the device configuration records 221 to 22n.
  • the system configuration information and the device configuration information may be associated by other implementation means.
  • the device configuration records 221 and the like of the device configuration table 220 do not necessarily store the model ID 2213 and the like, and a separate table that associates the device ID 2211 and the like with the model ID 2311 and the like may be used.
  • the device configuration information and the model configuration information may be associated by other implementation means.
  • model configuration record 231, etc. of the model configuration table 230 does not necessarily store the software ID 23131, etc., and a separate table that associates the model ID 2311, etc. with the software ID 2411, etc. may be used.
  • model configuration information and the software configuration information may be associated by other implementation means. For example, each piece of configuration information may be linked by a list structure of IDs.
  • FIG. 5 described above shows an example in which the system configuration, device configuration, model configuration, and software configuration are linked in a hierarchical structure as a plurality of pieces of configuration information.
  • elements may include hardware and software components. Therefore, the configuration information may include configuration information of a plurality of hardware components that configure a certain device.
  • device configuration information or model configuration information may be associated with configuration information of a plurality of hardware components.
  • the configuration information may include configuration information of a plurality of software components that constitute certain software.
  • software configuration information may be associated with configuration information of a plurality of software components.
  • Software components include the modules, libraries, drivers, firmware, etc. described above.
  • Hardware components and software components are sometimes developed, manufactured, evaluated, etc. separately by manufacturers different from the hardware products and software products that combine these components. Therefore, for example, configuration information of hardware components and software components may be associated with status information and evaluation information. Hardware components and software components are not necessarily used for one type of device, model, or software. In addition, hardware components and software components may be composed of other components by combining a plurality of components. Therefore, the hardware component configuration information may be associated with a plurality of pieces of device configuration information, model configuration information, and hardware component configuration information. Similarly, software component configuration information may be associated with a plurality of pieces of software configuration information or software component configuration information.
  • FIG. 6 is a diagram showing an example of the state information table and the evaluation information table in the shared database according to the second embodiment.
  • the state information table 250 manages state information.
  • the status information table 250 associates system IDs, device IDs, model IDs or software IDs with status information.
  • the status information includes log information, alert information, usage amount of resources such as CPU and memory, and the like.
  • the evaluation information table 260 manages evaluation information.
  • the evaluation information table 260 associates system IDs, device IDs, model IDs or software IDs with evaluation information.
  • the evaluation information is inspection results, security risk information, and the like.
  • the state information table 250 includes a plurality of records in which a system ID 251 and state information 271, a system ID 252 and state information 272, .
  • the evaluation information table 260 includes a plurality of records in which the system ID 261 and the evaluation information 281, the system ID 262 and the evaluation information 282, .
  • the system IDs 251, 252, 261 and 262 are assumed to be the same as the system ID 211 of the system configuration table 210 described above. That is, the system configuration table 210 and the status information table 250 are associated on a one-to-many basis, and the system configuration table 210 and the evaluation information table 260 are associated on a one-to-many basis.
  • the status information table 250 includes a plurality of records in which the device ID 253 and the status information 273, the device ID 254 and the status information 274, .
  • the evaluation information table 260 also includes a plurality of records in which the device ID 263 and the evaluation information 283, the device ID 264 and the evaluation information 284, .
  • the device configuration table 220 and the status information table 250 are associated one-to-many
  • the device configuration table 220 and the evaluation information table 260 are associated one-to-many.
  • the state information table 250 includes a plurality of records in which the model ID 255 and state information 275, the model ID 256 and the state information 276, .
  • the evaluation information table 260 also includes a plurality of records in which the model ID 265 and the evaluation information 285, the model ID 266 and the evaluation information 286, .
  • the model configuration table 230 and the status information table 250 are associated on a one-to-many basis
  • the model configuration table 230 and the evaluation information table 260 are associated on a one-to-many basis.
  • the state information table 250 includes a plurality of records in which software IDs 257 and state information 277, software IDs 258 and state information 278, .
  • the evaluation information table 260 also includes a plurality of records in which the software ID 267 and the evaluation information 287, the software ID 268 and the evaluation information 288, .
  • the software configuration table 240 and the status information table 250 are associated on a one-to-many basis
  • the software configuration table 240 and the evaluation information table 260 are associated on a one-to-many basis.
  • system configuration information does not necessarily have to be associated with status information and evaluation information.
  • state information and evaluation information may not be registered for some configuration information.
  • FIG. 7 is a block diagram showing the configuration of the information management device 300 according to the second embodiment.
  • the information management device 300 includes a storage section 310 , a memory 320 , a communication section 330 and a control section 340 .
  • the storage unit 310 is an example of a storage device such as a hard disk or flash memory.
  • Storage unit 310 stores program 311 .
  • a program 311 is a computer program in which acquisition processing, registration processing, display processing, and the like according to the second embodiment are implemented.
  • the memory 320 is a volatile storage device such as RAM (Random Access Memory), and is a storage area for temporarily holding information when the control unit 340 operates.
  • a communication unit 330 is a communication interface with the network N. FIG.
  • the control unit 340 is a processor that controls each component of the information management device 300, that is, a control device.
  • the control unit 340 loads the program 311 from the storage unit 310 into the memory 320 and executes the program 311 .
  • the control unit 340 implements the functions of the acquisition unit 341 , the registration unit 342 and the display unit 343 .
  • a configuration including the acquisition unit 341 and the registration unit 342 is an example of the first registration unit 11, the second registration unit 12, and the third registration unit described above.
  • the display unit 343 is an example of the display unit 13 described above.
  • the acquisition unit 341 acquires configuration information corresponding to predetermined elements at a plurality of stages from the component development stage to the operation stage of the information system 400 . In addition, the acquisition unit 341 acquires state information and evaluation information indicating the state of the element at any stage. Alternatively, the acquisition unit 341 acquires evaluation information evaluated based on the configuration information and the state information at any stage. The acquisition unit 341 also acquires relationships between multiple elements.
  • the registration unit 342 associates the configuration information with the state information and registers them in the shared database 200 .
  • the registration unit 342 also registers the configuration information and the evaluation information in the shared database 200 in association with each other. Further, the registration unit 342 registers the configuration information in the shared database 200 by associating the configuration information based on the relationship between the elements. For example, when receiving the first relationship between the first element and the second element, the registration unit 342 registers the first configuration information and the second configuration information based on the first relationship. are registered in the shared database 200 in association with each other.
  • the display unit 343 In response to a display request, the display unit 343 generates display information that displays a plurality of pieces of configuration information corresponding to each of a plurality of elements in a connection form based on the relationship between the elements. In particular, the display unit 343 generates display information that displays the first configuration information and the second configuration information in a connection form based on the association in the shared database 200 . In addition, the display unit 343 generates display information for displaying the first configuration information, the first state information, and the first evaluation information in a connection form based on the association in the shared database 200 in response to the display request. do. Then, the display unit 343 transmits the generated display information to the requesting terminal and displays it on the screen of the terminal.
  • FIGS. 8 and 9 are sequence diagrams showing the flow of the information management method according to the second embodiment.
  • the equipment manufacturer P21 develops equipment and software (S201). For example, the equipment manufacturer P21 develops the hardware 411 and software 412 of the NW equipment 41 .
  • the device maker P21 generates configuration information A1 (device configuration information, model configuration information, software configuration information) of the NW device 41 using a terminal (not shown).
  • the equipment manufacturer P21 evaluates the developed equipment (and software) (S202). Specifically, the equipment manufacturer P21 inspects whether or not the hardware 411 and software 412 of the NW equipment 41, which are manufactured products, meet the shipping standards, and uses the terminal to check the evaluation information E1 including the inspection results. to generate
  • the device manufacturer P21 uses a terminal to transmit the configuration information A1, the evaluation information E1, and the relationship to the information management device 300 via the network N (S203).
  • the relationship means, for example, that the device configuration information of the NW device 41 includes model configuration information, and the model configuration information includes software configuration information.
  • the relationship may indicate that the device configuration information and model configuration information correspond to the hardware 411 of the NW device 41 and the software configuration information corresponds to the software installed on the hardware 411 .
  • the relationship may include a correspondence relationship between the configuration information A1 and the evaluation information E1.
  • the information management device 300 receives the configuration information A1, the evaluation information E1, and the relationship from the terminal of the equipment manufacturer P21 via the network N. Then, the information management device 300 associates the configuration information A1 and the evaluation information E1 based on the received relationship and registers them in the shared database 200 (S204). At the same time, the information management device 300 associates the device configuration information with the model configuration information in the configuration information A1 based on the received relationship, associates the model configuration information with the software configuration information, and registers them in the shared database 200 . Steps S201 to S204 are in the development stage.
  • the equipment manufacturer P22 develops equipment and software (S205). For example, equipment manufacturer P22 develops hardware 421 and software 422 for server 42 . At this time, the device maker P22 generates configuration information A2 (device configuration information, model configuration information, software configuration information) of the server 42 using a terminal (not shown).
  • configuration information A2 device configuration information, model configuration information, software configuration information
  • the equipment manufacturer P22 evaluates the developed equipment (and software) (S206). Specifically, the equipment manufacturer P22 inspects whether or not the hardware 421 and software 422 of the server 42, which are manufactured products, meet the shipping standards, and uses a terminal to transmit the evaluation information E2 including the inspection results. Generate.
  • the equipment manufacturer P22 uses a terminal to transmit the configuration information A2, the evaluation information E2, and the relationship to the information management device 300 via the network N (S207).
  • the information management device 300 receives the configuration information A2, the evaluation information E2, and the relationship from the terminal of the device manufacturer P22 via the network N.
  • the information management device 300 associates the configuration information A2 and the evaluation information E2 based on the received relationship and registers them in the shared database 200 (S208).
  • the information management device 300 associates the device configuration information with the model configuration information in the configuration information A2 based on the received relationship, associates the model configuration information with the software configuration information, and registers them in the shared database 200 .
  • Steps S205 to S208 are in the development stage.
  • the system integrator P5 uses the terminal 100-5 to acquire the configuration information A1 and A2 from the shared database 200 via the network N (S209). Then, the system integrator P5 system integrates the configuration information A1 and A2 (S210). For example, the system integrator P5 develops necessary application programs for the NW device 41 and the servers 42 and 43, integrates the systems, and constructs the information system 400. FIG. At this time, system integrator P5 generates configuration information A0 of information system 400 using terminal 100-5.
  • the system integrator P5 evaluates the information system 400 (S211). Specifically, the system integrator P5 inspects whether or not the information system 400 satisfies the shipping standards, and uses the terminal to generate the evaluation information E0 including the inspection results.
  • the system integrator P5 then uses the terminal 100-5 to transmit the configuration information A0, A1 and A2, the evaluation information E0 and the relationship to the information management device 300 via the network N (S212).
  • the relationship includes, for example, system configuration information of the information system 400 including device configuration information of the NW device 41 and the servers 42 and 43 .
  • the relationship may include a correspondence relationship between the configuration information A0 and the evaluation information E0.
  • the information management device 300 receives the configuration information A0, A1 and A2, the evaluation information E0 and the relationship from the terminal 100-5 via the network N. Then, the information management device 300 associates the configuration information A0 with A1 and A2 based on the received relationship and registers them in the shared database 200 (S213). At the same time, the information management device 300 associates the configuration information A0 and the evaluation information E2 based on the received relationship and registers them in the shared database 200 (S214). Steps S209 to S214 are the integration stage.
  • the NW device 41 outputs the state information L1 and the device ID (A1) to the information management device 300 via the network N. That is, the information management device 300 acquires the state information L1 and the device ID (A1) of the NW device 41 (S215). Then, the information management device 300 identifies the configuration information A1 of the NW device 41 from the device ID, associates the configuration information A1 with the state information L1, and registers them in the shared database 200 (S216). Thereby, the configuration information A1 of the NW device 41 is associated with the evaluation information E1 acquired in the development stage and the state information L1 acquired in the operation stage.
  • the user business operator P6 uses the terminal 100-6 to send a display request designating the system ID (A0) to the information management device 300 via the network N (S217).
  • the information management device 300 receives a display request via the network N from the terminal 100-6. Then, the information management device 300 designates the system ID included in the display request and searches the shared database 200 (S218). Then, the information management device 300 acquires information associated with the system ID from the shared database 200 via the network N (S219). Specifically, the information management device 300 acquires the configuration information A0 and the configuration information A1 and A2 (associated with the configuration information A0).
  • the information management apparatus 300 also includes status information L1 (associated with configuration information A1), evaluation information E0, evaluation information E1 (associated with configuration information A1), and evaluation information E2 (associated with configuration information A2). to get
  • the information management device 300 associates a plurality of pieces of configuration information, and generates connection form display information in which the configuration information, the state information, and the evaluation information are associated (S220). Specifically, the information management device 300 generates display information of the connection topology that associates the configuration information A0, A1, and A2. In addition, the information management device 300 generates display information of the connection configuration in which the configuration information A0 and the evaluation information E0 are associated with each other. In addition, the information management device 300 generates display information of a connection configuration in which the configuration information A1, the state information L1, and the evaluation information E1 are associated with each other. In addition, the information management device 300 generates display information of the connection configuration in which the configuration information A2 and the evaluation information E2 are associated with each other.
  • the information management device 300 then transmits the generated display information to the terminal 100-6 via the network N (S221). Then, the terminal 100-6 (user operator P6) receives the display information from the information management device 300 via the network N, and displays the received display information on the screen (S222).
  • FIG. 10 is a diagram showing an example of a connection form of configuration information, status information, and evaluation information of the information system according to the second embodiment.
  • the display information 5 is information that displays the configuration information of a plurality of elements that constitute the information system 400 in a connection form based on the relationship between the elements, and displays the configuration information in a connection form that is associated with each piece of configuration information, status information, and evaluation information. be.
  • Display information 5 is an example of displaying the connection form in a tree structure.
  • system configuration information 511 connects device configuration information 521, 522, . This is an example in which 541, 542, . . . are connected as child nodes.
  • connection form 51 is a display example in which a plurality of pieces of configuration information are connected based on the parent-child relationship between elements.
  • a connection form 52 is an example in which the system configuration information 511 connects status information 5111 . . . and evaluation information 5112 .
  • the connection form 52 is a display example in which the configuration information, the status information, and the evaluation information are associated and connected.
  • the device configuration information 521 connects status information 5211 and evaluation information 5212 as child nodes
  • the model configuration information 531 connects status information 5311 and evaluation information 5312 as child nodes. It is a connection form connected as a node.
  • a connection form 53 is an example in which the software configuration information 541 connects the status information 5411 . . . and the evaluation information 5412 .
  • the software configuration information 542 is a connection form in which state information 5421 . . . and evaluation information 5422 .
  • FIG. 11 is a diagram showing an example of display information of multiple pieces of configuration information, status information, and evaluation information according to the second embodiment.
  • the display information 6 is a specific example of each configuration information, status information and evaluation information.
  • System configuration information 611 is a root node, and in this example, NW device configuration information 621, server device configuration information 622 and 623, system integration test result 6112-1, and system security risk information 6112-2 are connected as child nodes.
  • the system configuration information 611 is configuration information corresponding to the entire information system 400 .
  • the NW device configuration information 621 and the server device configuration information 622 and 623 are, for example, configuration information corresponding to the NW device 41 and the servers 42 and 43, respectively.
  • the system integration inspection result 6112-1 and system security risk information 6112-2 are specific examples of the evaluation information 5112 in FIG. 10 described above.
  • the NW device configuration information 621 is an example in which the NW device configuration information 631, the NW device log 6211, and the NW device inspection result 6212-1 are connected as child nodes.
  • the NW model configuration information 631 is configuration information of the model of the NW device 41
  • the NW device log 6211 is log information (status information) acquired from the NW device 41
  • the NW device inspection result 6212-1 is the NW device 41.
  • server device configuration information 623 is an example in which server model configuration information 633, server log 6231, and server inspection result 6232-1 are connected as child nodes.
  • the server model configuration information 633 is configuration information of the model of the server 43
  • the server log 6231 is log information (status information) acquired from the server 43
  • the server inspection result 6232-1 is evaluation information for the server 43.
  • the model configuration information, server log, and server inspection result associated with the server device configuration information 622 are omitted from the illustration.
  • the server device configuration information 622 may be associated with the same server model configuration information 633 as the server device configuration information 623 as a child node.
  • the NW model configuration information 631 is an example in which the software configuration information 641, 642, . . . and the NW model security risk information 6312-2, .
  • the software configuration information 641, 642, . . . are configuration information of the software 412, .
  • the NW model security risk information 6312-2 is evaluation information for the model of the NW device 41. FIG.
  • the software configuration information 641 is an example in which SW logs 6411..., SW inspection results 6412-1..., and SW security risk information 6412-2 are connected as child nodes.
  • SW logs 6411 . . . are log information (state information) acquired from the software 412 .
  • SW security risk information 6412 - 2 is evaluation information for software 412 .
  • the software configuration information 642 is an example in which SW logs 6421 . . . , SW inspection results 6422-1 .
  • SW logs 6421 . . . are log information (status information) acquired from other software of the NW device 41 .
  • SW security risk information 6422-2 is evaluation information for other software.
  • the display information 6 shows an example in which the system configuration information 611 and the NW model configuration information 631 are not associated with the state information, they may be associated with each other. In addition, the display information 6 does not need to be appropriately associated with the status information or the evaluation information with respect to each piece of configuration information.
  • the relationships between the configuration information of the information system 400 and the relationships between the configuration information, the status information, and the evaluation information can be shared among the players in the supply chain.
  • the information individually registered by each player is collectively visualized in a connection form according to the relationship between elements, configuration information, status information, and evaluation information.
  • status information and inspection results for the same component are registered by different players at different timings, and a link structure (display information) that associates the component, status information, and evaluation information can be displayed for a certain player.
  • the user company can easily and comprehensively check not only the device configuration information of the NW device to be checked, but also the inspection result history of the parts manufacturer and the device manufacturer. Therefore, if the user company determines that the NW device has not been sufficiently inspected by the software maker or device maker, additional inspection can be performed as necessary.
  • the user company can raise the urgency level when an alert is raised during monitoring for a device whose inspection result is lower than the standard.
  • the user company can adjust the monitoring level by performing all necessary inspections on all devices and lowering the urgency level when an alert is issued to a NW device for which there is no concern about the inspection results.
  • security can be maintained at all times by ensuring transparency starting from security inspections of NW equipment.
  • security inspection technology inspection of backdoors, impersonation and alteration
  • monitoring and analysis technology throughout the supply chain and operation of communication equipment.
  • technical specifications such as data that visualizes (digitize) the security status and processing tools through the consortium.
  • the third embodiment is an improved example of the software configuration information of the second embodiment described above.
  • hardware can be uniquely identified with a fingerprint, and software with a binary hash.
  • the hardware configuration is relatively rarely changed by the device manufacturer during the operation stage.
  • software is frequently upgraded by software makers for reasons such as security measures and additional functions. Therefore, every time the software is updated, the binary hash will also change. Therefore, when the inspection result (evaluation information) is associated with the software configuration information, the link with the inspection result becomes invalid due to the modification of the binary hash. In other words, there is a problem that after the software is updated, it is impossible to trace the history of inspection results for the software before the update.
  • the second registration unit acquires the third evaluation information for the updated first element. Then, the second registration unit further associates the third evaluation information with the first configuration information and registers it in the database while maintaining the association between the first configuration information and the first evaluation information.
  • FIG. 12 is a block diagram showing the configuration of the information management device 300a according to the third embodiment.
  • the information management apparatus 300a differs from the above-described FIG. 7 in that the program 311a is changed and a calculation section 344 and a history management section 345 are added to the control section 340.
  • the configuration of the information management system 1000 is the same as that of the second embodiment described above, the illustration and description of overlapping contents are omitted as appropriate.
  • the program 311a is the program 311 described above with additional processes such as hash value calculation processing and association between the data hash value and the inspection result hash value.
  • the calculation unit 344 calculates a data hash value from binary data of software. Note that the calculation unit 344 may calculate the inspection result hash value from the inspection result data.
  • the history management unit 345 maintains the association between the pre-update software data hash value and the inspection result hash value. For example, when the software is updated, the history management unit 345 changes the pre-update data hash value (first hash value) to the first hash value while maintaining the association with the inspection result hash value (second hash value). 1 to the history area of the configuration information.
  • the registration unit 342 associates the data hash value with the inspection result hash value and registers them in the shared database 200 . Further, when the software is updated, the registration unit 342 associates the data hash value calculated from the updated software with the inspection result hash value calculated from the inspection result of the updated software, and stores the data in the shared database 200. register.
  • software configuration information includes a latest hash value area for storing the latest data hash value and a data hash value history area.
  • the data hash value is saved from the latest hash value area to the history area.
  • the link between the data hash value saved in the history area and the inspection result hash value before update is maintained. Therefore, even if the data hash value after update is stored (overwritten) in the latest hash value area, the inspection result history can be changed by linking the original data hash value held in the history area and the inspection result hash value before update. can be traced.
  • FIG. 13 is a diagram showing the relationship between software configuration information and software inspection result information according to example 3-1 of the third embodiment.
  • the software configuration table 240a includes software configuration records 241a.
  • the software configuration record 241a includes a software ID 2411, version information 24121, function information 24122, target data storage destination 24123, latest hash value area 2413, history area 24141...2414k (k is a natural number of 1 or more).
  • the version information 24121 is information indicating the version of the corresponding software.
  • the function information 24122 is information describing the function of the corresponding software. Note that the function information 24122 preferably includes software specifications.
  • the target data storage destination 24123 is information indicating the storage destination of the binary data (target data) of the software. Note that the version information 24121, the function information 24122, and the target data storage destination 24123 are examples of the content information 2412 described above.
  • the latest hash value area 2413 is a storage area for the latest hash value calculated from the binary data stored in the target data storage destination 24123 .
  • the history area 24141 or the like is a storage area for a history of data hash values for each version.
  • history area 24141 stores a set of version information 24151 and data hash value 24152 .
  • the history area 24141 and the like may store function information 24122 and target data storage location 24123 in addition to version information.
  • the evaluation information table 260a includes SW inspection result information 291, 292, and so on.
  • the SW inspection result information 291 includes a software ID 2911 , an inspection result storage destination 2912 and an inspection result hash value 2913 .
  • the software ID 2911 is identification information of software to be inspected.
  • the inspection result storage destination 2912 is information indicating the storage destination of inspection result (evaluation information) data for software to be inspected.
  • the inspection result hash value 2913 is a hash value calculated from the inspection result saved in the inspection result storage destination 2912 .
  • the SW inspection result information 292 is inspection result information for the corresponding software after the SW inspection result information 291, that is, after the update.
  • the SW inspection result information 292 includes a software ID 2921 , an inspection result storage destination 2922 and an inspection result hash value 2923 .
  • the inspection result storage destination 2922 is information indicating the storage destination of inspection result (evaluation information) data for the updated software.
  • the inspection result hash value 2923 is a hash value calculated from the inspection result saved in the inspection result storage destination 2922 .
  • the software ID 2411 of the software configuration record 241a, the software ID 2911 of the SW inspection result information 291, and the software ID 2921 of the SW inspection result information 292 are assumed to be the same. That is, the software configuration table 240a and the evaluation information table 260a are associated on a one-to-many basis.
  • FIG. 14 is a flowchart showing the flow of update processing according to example 3-1 of the third embodiment. It is assumed that the specific software configuring the information system 400 has not been updated, and the data hash value 24131 of the software configuration record 241 a is associated with the inspection result hash value 2913 of the SW inspection result information 291 . Also, at this point, the history area 24141 does not have to have saved data, and the SW inspection result information 292 is not registered.
  • the information management device 300a receives a software update notification from the terminal 100-3 via the network N (S31).
  • the information management device 300a identifies the software configuration record 241a in the software configuration table 240a from the software ID included in the update notification.
  • the information management device 300a saves the latest data hash value 24131 stored in the latest hash value area 2413 to the history area 24141 (S32).
  • the information management device 300a copies the set of the version information 24121 and the data hash value 24131 of the software configuration record 241a and stores it in the history area 24141 as the set of the version information 24151 and the data hash value 24152.
  • the information management device 300a may newly associate the data hash value 24152 and the inspection result hash value 2913 and register them in the shared database 200 .
  • the information management device 300a calculates a data hash value from the binary data of the updated software (S33). For example, if the pre-update software is overwritten by the post-update software, the post-update software is stored in the target data storage destination 24123 . Therefore, the information management device 300a reads the binary data stored in the target data storage destination 24123 and calculates the hash value. After that, the information management device 300a stores the calculated data hash value in the latest hash value area 2413 (S34). That is, the data hash value 24131 in the latest hash value area 2413 is updated to the hash value of the updated software. Therefore, the association between the data hash value 24131 and the inspection result hash value 2913 becomes invalid. However, as described above, the association between the data hash value 24152 in the history area 24141 and the pre-update inspection result hash value 2913 is maintained.
  • the software vendor P3 and the inspection company P4 inspect the updated software and calculate an inspection result hash value from the inspection results. Then, the software vendor P3 or the like uses the terminal 100-3 or the like to transmit the software inspection result information including the storage destination of the inspection result and the inspection result hash value to the information management apparatus 300a via the network N. Therefore, the information management device 300a acquires software inspection result information (inspection result hash value) (S35). Then, the information management device 300a associates the SW inspection result information 292 with the software configuration record 241a and additionally registers it in the shared database 200 (S36).
  • the information management device 300a makes the software ID 2921 of the SW inspection result information 292 the same as the software ID 2411 of the software configuration record 241a, and stores the received inspection result storage destination 2922 and inspection result hash value 2923 in the shared database. Register with 200.
  • the information management device 300a associates the data hash value 24131 of the latest hash value area 2413 with the additionally registered inspection result hash value 2923 and registers them in the shared database 200 (S37).
  • the user operator P6 uses the terminal 100-6 to transmit a display request to the information management device 300a, receives the display information regarding the information system 400, and displays it on the screen. do.
  • the software configuration information 641 of FIG. 11 described above has been updated.
  • the display information 6 is displayed by connecting two SW inspection results to the software configuration information 641 .
  • the two SW inspection results are SW inspection result information 291 for software before update and SW inspection result information 292 for software after update.
  • the connection between the software configuration information 641 and the SW inspection result information 291 is because the association between the data hash value 24152 of the history area 24141 of the software configuration record 241a and the inspection result hash value 2913 of the SW inspection result information 291 is maintained. is.
  • an association between the data hash value 24131 of the latest hash value field 2413 of the software configuration record 241a and the inspection result hash value 2923 of the SW inspection result information 292 is added. because it was registered.
  • the user business P6 can easily trace the history of the inspection results of the pre-update software along with the latest inspection results of the updated software. Therefore, it is possible to appropriately determine the priority of response to the alert of the software. For example, in the case of a minor update, the SW inspection result information 291 before update can be emphasized and the priority can be lowered. Alternatively, in the case of a minor update, the inspection results before the update can be reused.
  • Example 3-2 uses version information and a data hash value as elements separately from software configuration information, and individually connects and displays them as configuration information. Therefore, the data hash value is not saved in the software configuration table, and a separate hash history table is provided to hold the data hash value for each version.
  • FIG. 15 is a diagram showing the relationship between software configuration information, hash value history, and software inspection result information according to example 3-2 of the third embodiment.
  • the software configuration record 241b includes a software ID 2411, version information 24121, function information 24122, and target data storage destination 24123.
  • the hash history table 240c is a table for holding software data hash values for each version.
  • the hash history table 240c includes history records 242, history records 243, and so on.
  • the history record 242 is a history of hash values of software before update.
  • History record 242 includes software ID 2421 , version information 2422 and data hash value 2423 .
  • a data hash value 2423 is a hash value calculated from software before update.
  • a history record 243 is a history of hash values of updated software.
  • History record 243 includes software ID 2431 , version information 2432 and data hash value 2433 .
  • a data hash value 2433 is a hash value calculated from the updated software.
  • the set of software ID 2411 and version information 24121 of software configuration record 241b is the same as the set of software ID 2421 and version information 2422 of history record 242 and the set of software ID 2431 and version information 2432 of history record 243, respectively. That is, the software configuration table 240b and the hash history table 240c are associated one-to-many.
  • the evaluation information table 260b includes SW inspection result information 291b, 292b, and so on.
  • the SW inspection result information 291b is inspection result information of software before update, and includes version information 2914 in addition to a software ID 2911, inspection result storage destination 2912, inspection result hash value 2913.
  • FIG. The inspection result hash value 2913 is associated with the pre-update data hash value 2423 .
  • the SW inspection result information 292b is inspection result information of software after update, and includes version information 2924 in addition to a software ID 2921, an inspection result storage destination 2922, and an inspection result hash value 2923.
  • the inspection result hash value 2923 is associated with the updated data hash value 2433 .
  • the set of the software ID 2411 and version information 24121 of the software configuration record 241b is the same as the set of the software ID 2911 and version information 2914 of the SW inspection result information 291b, and the set of the software ID 2921 and version information 2924 of the SW inspection result information 292b. is. That is, the software configuration table 240b and the evaluation information table 260b are associated on a one-to-many basis.
  • FIG. 16 is a flowchart showing the flow of update processing according to example 3-2 of the third embodiment. It is assumed that the specific software configuring the information system 400 has not yet been updated. Then, it is assumed that the history record 242 has been registered in the hash history table 240c and the history record 243 has not been registered, and that the SW inspection result information 291b has been registered and the SW inspection result information 292b has not been registered in the evaluation information table 260b. . It is assumed that the data hash value 2423 of the history record 242 and the inspection result hash value 2913 of the SW inspection result information 291b are associated.
  • the information management device 300a receives a software update notification from the terminal 100-3 via the network N (S31). The information management device 300a then calculates a data hash value from the binary data of the updated software (S33).
  • the information management device 300a stores the calculated data hash value in the hash history table 240c (S34a). Specifically, the information management device 300a generates a history record 243 including a set of the same software ID 2431 and version information 2432 as the software configuration record 241b and the data hash value 2433 calculated in step S33. The information management device 300a then registers the history record 243 in the hash history table 240c.
  • the information management device 300a acquires software inspection result information (inspection result hash value) (S35). Then, the information management device 300a associates the SW inspection result information 292b with the software configuration record 241b and additionally registers it in the shared database 200 (S36a). Specifically, the information management device 300a creates SW inspection result information 292b that includes the same set of software ID 2921 and version information 2924 as the software configuration record 241b, and the acquired inspection result storage location 2922 and inspection result hash value 2923. Generate. Then, the information management device 300a registers the SW inspection result information 292b in the evaluation information table 260b.
  • the information management device 300a associates the data hash value 2433 of the history record 243 with the additionally registered inspection result hash value 2923 and registers them in the shared database 200 (S37a).
  • the user operator P6 uses the terminal 100-6 to transmit a display request to the information management device 300a, receives the display information regarding the information system 400, and displays it on the screen. do.
  • FIG. 17 is a diagram showing an example of display information of a plurality of pieces of configuration information, status information, and evaluation information according to example 3-2 of the third embodiment.
  • the display information 6b indicates nodes after the software configuration information 640 connected to the NW model configuration information 631 of FIG. 11 described above.
  • Software configuration information 640 is an example in which version information 651, 652, . . . , and SW security risk information 653 are connected as child nodes.
  • Version information 651 is an example in which data hash value 6511, SW log 6512, and SW inspection result 6513 are connected as child nodes.
  • the version information 651 indicates the pre-update version of the corresponding software.
  • a data hash value 6511 indicates a hash value calculated from software before updating.
  • the SW log 6512 indicates log information acquired from software before update.
  • the SW inspection result 6513 indicates the inspection result for software before update.
  • the SW inspection result 6513 is an example in which the inspection result hash value 65131 is connected as a child node.
  • the data hash value 6511 and the inspection result hash value 65131 are connected based on association.
  • the version information 652 is an example in which the data hash value 6521, SW log 6522, and SW inspection result 6523 are connected as child nodes.
  • the version information 652 indicates the updated version of the corresponding software.
  • a data hash value 6521 indicates a hash value calculated from the updated software.
  • the SW log 6522 indicates log information acquired from the updated software.
  • the SW inspection result 6523 indicates the inspection result for the updated software.
  • the SW inspection result 6523 is an example in which the inspection result hash value 65231 is connected as a child node.
  • the data hash value 6521 and the inspection result hash value 65231 are connected based on association.
  • the SW security risk information 653 indicates the security risk value in the software configuration information 640. Note that the history of the SW security risk information 653 may also be held for each version.
  • the data hash value, the log, the inspection result, and the inspection result hash value are associated and connected for each version of the software corresponding to the software configuration information 640.
  • the data hash value and inspection result hash value are linked within the same version. Therefore, even if the version is upgraded, the inspection results of the past version can be easily traced. Therefore, it is possible to obtain the same effects as those of the above-described embodiment 3-1.
  • the inspection result hash value may be the configuration information within the inspection result.
  • Embodiment 4 is an improved example of Embodiment 2 or 3 described above.
  • the evaluation of each element constituting the information system 400 may be performed by the manufacturer of each element or the system integrator P5, or may be performed by an external inspection agency P4.
  • the inspection company P4 may perform inspection (evaluation) by the evaluation server during the operation stage upon request from the user company P6 or the like. Then, the evaluation server associates the inspection results (evaluation information) with the configuration information and registers them in the shared database 200 via the information management device 300 .
  • the second registration unit transmits an evaluation request including the first configuration information and the first state information to the evaluation server, and acquires the second evaluation information for the first element from the evaluation server. Then, the second registration unit registers the second evaluation information in the shared database 200 in association with the first configuration information while maintaining the association between the first configuration information and the first evaluation information.
  • the third party software vendor P3 evaluates the first element Additional registration of the second evaluation information.
  • the user company P6 can verify the validity of the evaluation by the manufacturer or the like, and trace the history of the evaluation.
  • the information management device 300 may additionally register evaluation information and may not delete or change the existing evaluation information. This is for ensuring the reliability of the evaluation information and the shared database 200 .
  • the information management device 300 preferably includes a notification unit that notifies the user of the disclosure destination when information is registered in the shared database 200 . This makes it easier for the parts manufacturer P1 to the user business P6, who are the users of the disclosure destinations, to recognize the new registration information, thereby further promoting information sharing. Real-time sharing of registration information can also be realized.
  • the program includes instructions (or software code) that, when read into a computer, cause the computer to perform one or more of the functions described in the embodiments.
  • the program may be stored in a non-transitory computer-readable medium or tangible storage medium.
  • computer readable media or tangible storage media may include random-access memory (RAM), read-only memory (ROM), flash memory, solid-state drives (SSD) or other memory technology, CDs - ROM, digital versatile disc (DVD), Blu-ray disc or other optical disc storage, magnetic cassette, magnetic tape, magnetic disc storage or other magnetic storage device.
  • the program may be transmitted on a transitory computer-readable medium or communication medium.
  • transitory computer readable media or communication media include electrical, optical, acoustic, or other forms of propagated signals.
  • (Appendix A1) Acquiring first evaluation information for the first element in any first stage from the development stage of at least the first element among the plurality of elements constituting the information system to the operation stage of the information system. , a first registration means for registering in a database the first configuration information corresponding to the first element and the first evaluation information in association with each other; In a second stage other than the first stage among the development stage to the operation stage, first state information indicating the state of the first element is acquired, and the first configuration information and the first element are acquired.
  • a second registration means for registering in the database in association with the state information of
  • a plurality of pieces of configuration information corresponding to each of the plurality of elements are displayed in a connection form based on the relationship between the elements, and the first configuration information and the first state information are displayed.
  • An information management device comprising (Appendix A2) when a first relationship between the first element and a second element among the plurality of elements is received, the first configuration information and the second element are configured based on the first relationship; further comprising third registration means for registering in the database in association with second configuration information corresponding to the elements of The information management apparatus according to appendix A1, wherein the display means displays the first configuration information and the second configuration information in a connection form based on association in the database. (Appendix A3) said first stage is after said second stage; The second registration means performs the first evaluation evaluated based on the first state information associated with the first configuration information in the second step and the first configuration information.
  • the information management device according to appendix A1 or A2, which acquires information.
  • the second registration means is transmitting an evaluation request including the first configuration information and the first state information to an evaluation server; obtaining second evaluation information for the first element from the evaluation server; The information management device according to appendix A3, wherein the second evaluation information is further associated with the first configuration information and registered in the database.
  • the information management apparatus according to any one of Appendices A1 to A4, further comprising notification means for notifying a user to whom the information is disclosed when the information is registered in the database.
  • the second registration means is When the first element is updated, obtain third evaluation information for the updated first element, The information management device according to any one of appendices A1 to A5, wherein the third evaluation information is further associated with the first configuration information and registered in the database.
  • the first element is software;
  • the first configuration information includes a latest hash value area storing a first hash value calculated from the software and a hash value history area,
  • the first evaluation information includes a first inspection result of the software and a second hash value calculated from the first inspection result,
  • the second registration means is registering the first hash value and the second hash value in association with the database; when the software is updated, saving the first hash value to a history area of the first configuration information while maintaining the association with the second hash value; calculating a third hash value from the updated software; storing the third hash value in the latest hash value area; obtaining the third evaluation information including a second inspection result of the updated software and a fourth hash value calculated from the second inspection result;
  • the information management device according to appendix A6, further relating the third evaluation information to the first configuration information, and further relating the third hash value and the fourth hash value to be registered in the database.
  • the first element is software; third configuration information among the plurality of configuration information is a first hash value calculated from the software;
  • the first evaluation information is a first inspection result of the software and is associated with fourth configuration information that is a second hash value calculated from the first inspection result,
  • the second registration means is registering the third configuration information and the fourth configuration information in association with each other in the database; when the software is updated, a third hash value is calculated from the updated software and set as fifth configuration information; obtaining the third evaluation information including a second inspection result of the updated software and a fourth hash value calculated from the second inspection result; While maintaining the association between the third configuration information and the fourth configuration information, the fifth configuration information and the third evaluation information are further associated with the first configuration information and registered in the database.
  • the information management device according to appendix A6.
  • Appendix A9 The information management apparatus according to any one of Appendices A1 to A8, wherein the plurality of elements include hardware and software installed on the hardware.
  • Appendix B1 a database in which first configuration information corresponding to at least a first element among a plurality of elements constituting an information system is registered; an information management device connected to the database; with The information management device At any one stage from the development stage of the first element to the operation stage of the information system, first evaluation information for the first element is obtained, and the first configuration information and the first element are obtained.
  • first state information indicating the state of the first element is acquired, and the first configuration information and the first element are acquired. is registered in the database in association with the state information of
  • a plurality of pieces of configuration information corresponding to each of the plurality of elements are displayed in a connection form based on the relationship between the elements, and the first configuration information and the first state information are displayed.
  • An information management system that displays the first evaluation information in a connection form based on association in the database.
  • Appendix B2 The information management device when a first relationship between the first element and a second element among the plurality of elements is received, the first configuration information and the second element are configured based on the first relationship; register in the database in association with the second configuration information corresponding to the elements of The information management system according to appendix B1, wherein the first configuration information and the second configuration information are displayed in a connection form based on association in the database.
  • Appendix C1 the computer Acquiring first evaluation information for the first element in any first stage from the development stage of at least the first element among the plurality of elements constituting the information system to the operation stage of the information system.
  • a plurality of pieces of configuration information corresponding to each of the plurality of elements are displayed in a connection form based on the relationship between the elements, and the first configuration information and the first state information are displayed.
  • (Appendix D1) Acquiring first evaluation information for the first element in any first stage from the development stage of at least the first element among the plurality of elements constituting the information system to the operation stage of the information system. , a first registration process of associating the first configuration information corresponding to the first element with the first evaluation information and registering them in a database; In a second stage other than the first stage among the development stage to the operation stage, first state information indicating the state of the first element is acquired, and the first configuration information and the first element are acquired.
  • a second registration process for registering in the database in association with the state information of In response to a display request, a plurality of pieces of configuration information corresponding to each of the plurality of elements are displayed in a connection form based on the relationship between the elements, and the first configuration information and the first state information are displayed.
  • 1 information management device 11 first registration unit 12 second registration unit 13 display unit 1000 information management system N network 100, 100-1 to 100-6 terminal P1 parts manufacturer P2 equipment manufacturer P21 equipment manufacturer P22 equipment manufacturer P3 software vendor P4 inspection provider P5 system integrator P6 user provider 200 shared database 300 information management device 400 information system 41 NW device 411 hardware 412 software 42 server 421 hardware 422 software 43 server 431 hardware 432 software 21 configuration information 22 status information 23 Evaluation information 210 System configuration table 211 System ID 212 content information 2131 device ID 213n Device ID 220 device configuration table 221 device configuration record 2211 device ID 2212 Content information 2213 Model ID 22n Device Configuration Record 22n1 Device ID 22n2 Content information 22n3 Model ID 230 Model Configuration Table 231 Model Configuration Record 2311 Model ID 2312 Content information 23131 Software ID 2313m Software ID 23i Model configuration record 23i1 Model ID 23i2 Content information 23i31 Software ID 23i3j software ID 240 software configuration table 241 software configuration record 2411 software ID 2412 Content information 24m Software configuration record 24m1 Software ID

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Debugging And Monitoring (AREA)
PCT/JP2021/041971 2021-11-15 2021-11-15 情報管理装置、システム及び方法、並びに、コンピュータ可読媒体 Ceased WO2023084791A1 (ja)

Priority Applications (4)

Application Number Priority Date Filing Date Title
JP2023559397A JP7794481B2 (ja) 2021-11-15 2021-11-15 情報管理装置、システム及び方法、並びに、プログラム
CN202180104127.6A CN118159949A (zh) 2021-11-15 2021-11-15 信息管理装置、系统和方法以及计算机可读介质
EP21964144.6A EP4411547A4 (en) 2021-11-15 2021-11-15 INFORMATION MANAGEMENT DEVICE, SYSTEM AND METHOD, AND COMPUTER-READABLE MEDIUM
PCT/JP2021/041971 WO2023084791A1 (ja) 2021-11-15 2021-11-15 情報管理装置、システム及び方法、並びに、コンピュータ可読媒体

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/041971 WO2023084791A1 (ja) 2021-11-15 2021-11-15 情報管理装置、システム及び方法、並びに、コンピュータ可読媒体

Publications (1)

Publication Number Publication Date
WO2023084791A1 true WO2023084791A1 (ja) 2023-05-19

Family

ID=86335543

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/041971 Ceased WO2023084791A1 (ja) 2021-11-15 2021-11-15 情報管理装置、システム及び方法、並びに、コンピュータ可読媒体

Country Status (4)

Country Link
EP (1) EP4411547A4 (https=)
JP (1) JP7794481B2 (https=)
CN (1) CN118159949A (https=)
WO (1) WO2023084791A1 (https=)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024247106A1 (ja) * 2023-05-30 2024-12-05 日本電気株式会社 情報出力装置、情報出力方法、及び記録媒体
WO2025141834A1 (ja) * 2023-12-28 2025-07-03 日本電気株式会社 検査情報共有支援装置、検査情報管理装置、検査情報共有支援方法、検査情報管理方法、検査情報共有支援プログラムが格納された記録媒体、及び、検査情報管理プログラムが格納された記録媒体

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0916392A (ja) * 1995-06-27 1997-01-17 Mitsubishi Electric Corp ソフトウェア開発支援方式
WO2014045554A1 (ja) * 2012-09-18 2014-03-27 日本電気株式会社 プロセスデータベース、プロセス管理装置、プロセスデータベース作成方法、プロセスデータベース検索方法、および、プログラム
JP2016062342A (ja) * 2014-09-18 2016-04-25 ハマゴムエイコム株式会社 プロジェクト管理システムおよび統合プロセス管理システム
JP2016170568A (ja) 2015-03-12 2016-09-23 株式会社日立製作所 ログ管理制御システムおよびログ管理制御方法

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5949999A (en) * 1996-11-25 1999-09-07 Siemens Corporate Research, Inc. Software testing and requirements tracking
US6336217B1 (en) * 1998-12-30 2002-01-01 International Business Machines Corporation Systems, methods and computer program products for end-to-end software development process automation
JP2003162504A (ja) 2001-11-26 2003-06-06 Hitachi Ltd 障害分析支援システム
US10963243B2 (en) * 2018-10-25 2021-03-30 Jpmorgan Chase Bank, N.A. System and method for automated generation of software development life cycle audit documentation
US11212117B2 (en) * 2018-12-03 2021-12-28 T-Mobile Usa, Inc. Tamper-resistant software development lifecycle provenance

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0916392A (ja) * 1995-06-27 1997-01-17 Mitsubishi Electric Corp ソフトウェア開発支援方式
WO2014045554A1 (ja) * 2012-09-18 2014-03-27 日本電気株式会社 プロセスデータベース、プロセス管理装置、プロセスデータベース作成方法、プロセスデータベース検索方法、および、プログラム
JP2016062342A (ja) * 2014-09-18 2016-04-25 ハマゴムエイコム株式会社 プロジェクト管理システムおよび統合プロセス管理システム
JP2016170568A (ja) 2015-03-12 2016-09-23 株式会社日立製作所 ログ管理制御システムおよびログ管理制御方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP4411547A4

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024247106A1 (ja) * 2023-05-30 2024-12-05 日本電気株式会社 情報出力装置、情報出力方法、及び記録媒体
WO2025141834A1 (ja) * 2023-12-28 2025-07-03 日本電気株式会社 検査情報共有支援装置、検査情報管理装置、検査情報共有支援方法、検査情報管理方法、検査情報共有支援プログラムが格納された記録媒体、及び、検査情報管理プログラムが格納された記録媒体

Also Published As

Publication number Publication date
EP4411547A4 (en) 2025-07-30
JPWO2023084791A1 (https=) 2023-05-19
CN118159949A (zh) 2024-06-07
EP4411547A1 (en) 2024-08-07
JP7794481B2 (ja) 2026-01-06

Similar Documents

Publication Publication Date Title
US9712385B2 (en) Managing configurations of distributed devices
US10318412B1 (en) Systems, methods, and apparatus for dynamic software generation and testing
US20110161284A1 (en) Workflow systems and methods for facilitating resolution of data integration conflicts
CN105580032B (zh) 用于降低升级软件时的不稳定性的方法和系统
US11411830B2 (en) Systems and methods for determining entry points for mapping a network
US8140578B2 (en) Multilevel hierarchical associations between entities in a knowledge system
US10013339B2 (en) System and method for automating testing without scripting
US20120310906A1 (en) Building Information Tracking System and Method of Use
JP7794481B2 (ja) 情報管理装置、システム及び方法、並びに、プログラム
CN112162761A (zh) 自动化部署项目至公有云容器化平台的方法、系统及设备
US12547400B2 (en) Catalog for managing modular code
US20200059423A1 (en) Indicator value aggregation in a multi-instance computing environment
CN114064475B (zh) 云原生应用测试方法、装置、设备及存储介质
JP2017062628A (ja) 適用管理装置、適用管理方法及び適用管理プログラム
US20180285490A1 (en) Method, apparatus, and computer program product for simulating client and application interface integration
Minna et al. Analyzing and mitigating (with LLMs) the security misconfigurations of Helm charts from Artifact Hub
US20210304070A1 (en) Machine learning model operation management system, operation management method, and computer readable recording medium
JP2022153237A (ja) セキュリティテストシステム
US20240095337A1 (en) Security compliance for modular code
US8589207B1 (en) System and method for determining and visually predicting at-risk integrated processes based on age and activity
CN119938127A (zh) 基于目标脚本的软件管理方法、装置、设备及存储介质
JPWO2013161522A1 (ja) ログ収集サーバ、ログ収集システム、ログ収集方法
CN120196356A (zh) 信息处理装置和信息处理方法
CN115268931A (zh) 一种基于云原生场景的数据采集系统、方法、设备及介质
CN113742103B (zh) 跨数据源的服务实现方法及装置、电子设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21964144

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 18706159

Country of ref document: US

ENP Entry into the national phase

Ref document number: 2021964144

Country of ref document: EP

Effective date: 20240429

ENP Entry into the national phase

Ref document number: 2023559397

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 202180104127.6

Country of ref document: CN