Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-09-22
2001-10-30
Trammell, James P. (Department: 2161)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S170000
Reexamination Certificate
active
06311277
ABSTRACT:
TECHNICAL FIELD
The present invention relates to a method of and a device for managing a computer network, and in particular, to a technique for ensuring the security of a network.
BACKGROUND ART
With development of open and global environments of computer communication such as the Internet, there occur an increasing number of unjustified practices, for example, to steal a glance at communication data or to falsify the data. Moreover, when a countermeasure is devise for an injustice, there immediately appears another trick for the injustice. Namely, there occurs a spiral of injustice and countermeasure. Compared with the conventional system of the past in which business and operation are carried out in a closed network of a firm, there exists an increased number of chances of unknown injustices in the system of today using the open environments. Consequently, there has been desired a new countermeasure which is not associated with a simple extension of the prior art. Turning out eyes to the immune system of the human body, the immune system prevents quite a large number of bacteria and viruses from entering the human body although there exist some exceptions. Additionally, even there appears an unknown bacterium or virus not existing in the space at present, the immune system can anyhow cope with such bacterium or virus. Assuming the human body to be a computer network and the bacteria and viruses to be injustices of various tricks, it is to be appreciated that there is required an immune system for the network. That is, it is desired to implement a function, like the immune system of the human body, to cope with a large number of unknown injustices taking place in the computer network.
An article “A Biologically Inspired Immune System For Computers” written by Jeffrey O. Kephart and published from MIT Press in 1994 has disclosed heretofore a method of detecting and coping with injustices in a computer network.
FIG. 9
shows a conventional method. In
FIG. 9
, reference numerals
1001
to
1018
respectively indicate computers each including a communicating function.
Assume that a computer virus enters the computer
1001
at time
1
and is rejected, and hence the computer
1001
is immune to the computer virus. In the immunized state, the computer retains a state in which the computer memorizes associated information to immediately cope with another invasion of the same computer virus. In this situation, the computer
1001
sends a “sterilization signal” to the computers
1002
to
1006
adjacent thereto. The sterilization signal notifies that the computer of the transmission source is infected with the computer virus and includes a scanning symbol string and restoring information useful for the receiving computer to detect and cope with the computer virus. Assume that among the computers
1002
to
1006
having received the sterilization signal, the computers
1002
,
1004
, and
1006
have already been infected with the computer virus. Furthermore, it is assumed that the computers
1007
,
1008
,
1011
,
1013
, and
1018
have also been infected with the computer virus at time 1.
At time 2, the computers
1002
to
1006
beforehand infected with the computer virus repulse the virus in accordance with the sterilization signal to obtain immunity against the virus. Thereafter, the computers
1002
to
1006
further send the sterilization signal to the adjacent computers. Although the computers
1003
and
1005
not infected with the virus obtain immunity against the virus in accordance with the sterilization signal, these computers do not further send the sterilization signal to the adjacent computers.
In this method, if the speed of propagation of the sterilization signal through the network is higher than the infection speed of the computer virus, it is possible to prevent infection of the computer virus to some extent.
However, the known example is attended with the following drawbacks or problems.
First, when two or more points are infected with the computer virus in an initial stage, the method cannot satisfactorily cope with the infection of the virus. For example, if the infection takes place in the computer
1010
in addition to the computer
1001
in
FIG. 10
, the sterilization signal from the computer
1001
is not passed to the computer
1010
and hence it is impossible to repulse the virus in the computer
1010
. As a result, there exits a fear that the computer virus infected from the computer
1010
possibly invades the network via another adjacent computer beyond the computer
1010
. Namely, although the computer virus is detected in the computer
1001
as the first virus infection place and the countermeasure is thus known, it is impossible to sufficiently utilize information of the event for the prevention of infection with the virus.
Second, the sterilization signal is not completely reliable. For example, the computer
1002
is invaded by the computer virus at time 1 and is hence partly unreliable. It cannot be confirmed at time 2 that the computer
1002
is completely recovered. The computer
1008
operates in response to the sterilization signal declared by the computer
1002
. Actually, however, the computer
1002
is not yet completely recovered at this point, and hence there is a fear that the computer
1002
sends an incorrect “sterilization signal” to deteriorate the overall network, which is not the object of the signal. In a paragraph of the conclusion of the article above, this point has been described as a problem to be solved in the future.
Third, consideration has been given only to injustices of computer viruses. For example, an attempt of an unauthorized access from an external device to the computer has not been taken into consideration. Such an injustice other than the computer virus cannot be sufficiently coped with by the transmission of the sterilization signal. Depending on cases, it is necessary to transmit a countermeasure software for its execution. Moreover, if a “suppression signal” to suppress operation at appropriate timing is not supplied to the countermeasure software, there possibly increases the chance of runaway of the software or the like to damage normal functions. However, this point has not been described in the above article.
Fourth, the method provides only insufficient quarantine for data from an external network. Heretofore, software called a firewall is installed in a place to be connected via the external network; alternatively, when a magnetic disk or a compact disk is mounted, there is introduced a vaccine software to prevent a program conducting injustices from entering the associated computers. However, in the present stage of art, there exists neither means to confirm reliability of the setting of the firewall nor means to guarantee management in which the latest vaccine software is activated in each computer.
Fifth, the quarantine is insufficient for data having possibility of injustice. The conventional vaccine software (fixed type security dedicated software) detects, in accordance with past instances of sufferings, a virus by use of a data layout characteristic to data when the virus is parasitic on a file system or a memory. In consequence, it is impossible at present to detect injustices caused by a virus of a new type.
It is therefore an object of the present invention to provide a method of and a device for managing a computer network capable of coping with simultaneous invasion of computer viruses at a plurality of positions of the computer network.
Another object of the present invention is to provide a method of and a device for managing a computer network capable of ensuring the reliability of a security software.
Still another object of the present invention is to provide a method of and a device for managing a computer network capable of suppressing a possible runaway of a security software.
Further another object of the present invention is to provide a method of and a device for managing a computer network capable of improving safety for data from an external network.
Another object of the pr
Domyo Seiichi
Takaragi Kazuo
Yoshiura Hiroshi
Antonelli Terry Stout & Kraus LLP
Elisca Pierre E.
Hitachi , Ltd.
Trammell James P.
LandOfFree
Method and device for managing computer network does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and device for managing computer network, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and device for managing computer network will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2599363