基本信息:
- 专利标题: 密钥生成源确定装置、密钥生成源确定方法和密钥生成源确定程序
- 专利标题(英):KEY GENERATION SOURCE IDENTIFICATION DEVICE, KEY GENERATION SOURCE IDENTIFICATION METHOD, AND KEY GENERATION SOURCE IDENTIFICATION PROGRAM
- 申请号:CN201680086556.4 申请日:2016-06-16
- 公开(公告)号:CN109313688A 公开(公告)日:2019-02-05
- 发明人: 西川弘毅 , 祢宜知孝 , 河内清人
- 申请人: 三菱电机株式会社
- 申请人地址: 日本东京都
- 专利权人: 三菱电机株式会社
- 当前专利权人: 三菱电机株式会社
- 当前专利权人地址: 日本东京都
- 代理机构: 北京三友知识产权代理有限公司
- 代理人: 马建军; 邓毅
- 国际申请: PCT/JP2016/067929 2016.06.16
- 国际公布: WO2017/216924 JA 2017.12.21
- 进入国家日期: 2018-12-07
- 主分类号: G06F21/56
- IPC分类号: G06F21/56 ; H04L9/00
A key generation source identification device (10) comprises: a key identification unit (11) which causes malware to execute an encryption process, acquires an execution trace which represents an execution state of the encryption process, and, on the basis of the execution trace, identifies an encryption key used in the encryption process as an analysis key; and an extraction unit (31) which extracts from the execution trace a list of instructions which the analysis key depends upon as an instruction list. The key generation source identification unit (10) further comprises an acquisition unit(32) for assessing whether a function which is called by a call instruction which is included in the instruction list is a dynamic acquisition function which acquires dynamic information which changes dynamically, and, if the called function is the dynamic acquisition function, acquiring the instruction list as a key generation source candidate which is at least a portion of a program which has generated the analysis key in the encryption process.
IPC结构图谱:
| G | 物理 |
| --G06 | 计算;推算;计数 |
| ----G06F | 电数字数据处理 |
| ------G06F21/00 | 防止未授权行为的保护计算机或计算机系统的安全装置 |
| --------G06F21/10 | .保护分布式程序或内容,例如版权资料的出售或许可 |
| ----------G06F21/52 | ..在程序执行过程中,例如堆栈完整性、缓冲区溢出或防止不必要的数据擦除 |
| ------------G06F21/56 | ...计算机恶意软件检测或处理,例如反病毒装置 |