Abstract: The present invention is provided with a threat analysis processing unit that, on the basis of an analysis result from the vulnerability analysis unit, analyzes a threat to the system and outputs a threat analysis result; a countermeasure planning unit that, on the basis of the threat analysis result and vulnerability information, plans the countermeasure plan which reduces the impact of the vulnerability; a security test planning unit that plans the security test on the basis of the countermeasure plan; an evaluation calculation unit that performs an evaluation on the basis of the security test, and outputs an evaluation result; and a result processing unit that processes the evaluation result and generates a security countermeasure.

Abstract: When a client certificate is required to connect to a client according to a predetermined communication protocol, a server receives a connection request that is a message associated with specific information from the client in a handshake for connection with the client. The server makes a client judgement as to whether or not a cache hit occurs, which is to find a summary client certificate in a cache area using the specific information associated with the connection request. When the result of the client judgement is true, the server returns to the client a connection response including hit information indicating that a cache hit occurs.

Abstract: A security design planning support device which supports planning of a security design of an in-vehicle network, includes: a strategy policy creation unit which creates first strategy policy information representing a plurality of control strategies corresponding respectively to threats against the in-vehicle network; a merge processing unit which merges control strategies of a same type among the plurality of control strategies represented by the first strategy policy information created by the strategy policy creation unit and groups the plurality of control strategies; and a communication unit which externally outputs second strategy policy information representing a relationship of the threats and the plurality of control strategies grouped by the merge processing unit.

Abstract: The present invention is provided with a threat analysis processing unit that, on the basis of an analysis result from the vulnerability analysis unit, analyzes a threat to the system and outputs a threat analysis result; a countermeasure planning unit that, on the basis of the threat analysis result and vulnerability information, plans the countermeasure plan which reduces the impact of the vulnerability; a security test planning unit that plans the security test on the basis of the countermeasure plan; an evaluation calculation unit that performs an evaluation on the basis of the security test, and outputs an evaluation result; and a result processing unit that processes the evaluation result and generates a security countermeasure.

Abstract: A packet according to a secure protocol over a high-speed protocol has a small size header. A reception system estimates a packet number which is used in processing of a packet having a small size header on the basis of information indicating a packet number of a received packet. The header of each of one or more packets among N packets (where N is an integer of two or more) is a small size header, which is either a first header having one part of the packet number of the packet or a second header without the packet number of the packet. When the small size header is the first header, the header of each of the N packets is the first header. When the small size header is the second header, the header of each of the packets other than one packet among the N packets is the second header.

Abstract: An in-vehicle apparatus is an in-vehicle apparatus connected to a server via a network and mounted on a vehicle. The in-vehicle apparatus includes: a log collection unit configured to collect a log; a log storage unit for accumulation of at least a part of the log; a log priority information storage unit storing log priority information indicating a priority of a log to be accumulated in the log storage unit; an accumulation log determination unit configured to determine a log to be accumulated in the log storage unit based on the log priority information; a communication unit configured to transmit the log accumulated in the log storage unit to the server; and a log priority table management unit configured to update the log priority information stored in the log priority information storage unit based on an update command from the server.

Abstract: An information processing device including a security function related to information security and an information processing function related to predetermined information processing, includes: a control unit which performs control processing for realizing the security function and the information processing function; and a storage unit which stores information related to the security function and the information processing function, wherein: when the control unit detects an occurrence of a predetermined event related to the security function or the information processing function, the control unit determines an operation content of the security function based on the information stored in the storage unit.

Abstract: When a client certificate is required to connect to a client according to a predetermined communication protocol, a server receives a connection request that is a message associated with specific information from the client in a handshake for connection with the client. The server makes a client judgement as to whether or not a cache hit occurs, which is to find a summary client certificate in a cache area using the specific information associated with the connection request. When the result of the client judgement is true, the server returns to the client a connection response including hit information indicating that a cache hit occurs.

Abstract: An in-vehicle device includes: an acquiring unit that acquires comparison information; and a detecting unit that detects an abnormality in a positioning device based on position information on a host vehicle output from the positioning device mounted in the host vehicle and the comparison information different from the position information.

Abstract: An in-vehicle apparatus mounted in a vehicle equipped with a network configured of a plurality of pieces of equipment includes an incident detection processing unit that: acquires vehicle information indicating a control status of the vehicle; detects an incident which has occurred at the vehicle on the basis of the vehicle information: identifies equipment with vulnerability related to the detected incident within the network; and performs tentative handling with respect to the identified equipment.

Abstract: The present invention provides a security evaluation server including: a hierarchy generation unit configured to generate information regarding a plurality of system hierarchies in an evaluation subject system; an evaluation unit configured to, based on the information regarding the plurality of system hierarchies generated by the hierarchy generation unit, calculate an evaluation value of protection effectiveness based on a security function requirement included in each of the plurality of system hierarchies in the evaluation subject system, and calculate an evaluation value of protection effectiveness based on a combination of the security function requirements; and a verification unit configured to verify whether each of the security function requirements in the evaluation subject system is in excess or insufficient, based on each of the evaluation values calculated by the evaluation unit and a target value.

Abstract: A plurality of in-vehicle information collecting devices mounted on a plurality of vehicles; a center server to manage each in-vehicle information collecting device as a communication target; and a communication unit to relay communication between each in-vehicle information collecting device and the center server are included. Each in-vehicle information collecting device has an in-vehicle controller to transmit/receive information including vehicle information to/from the center server, and the center server includes a server controller to transmit/receive information to/from each in-vehicle controller. The server controller, when receiving the vehicle information from each in-vehicle controller, analyzes the received vehicle information, generates speed information defining a transmission speed of the vehicle information based on an analysis result, and transmits the generated speed information to each in-vehicle controller.

Abstract: A security design planning support device which supports planning of a security design of an in-vehicle network, includes: a strategy policy creation unit which creates first strategy policy information representing a plurality of control strategies corresponding respectively to threats against the in-vehicle network; a merge processing unit which merges control strategies of a same type among the plurality of control strategies represented by the first strategy policy information created by the strategy policy creation unit and groups the plurality of control strategies; and a communication unit which externally outputs second strategy policy information representing a relationship of the threats and the plurality of control strategies grouped by the merge processing unit.

Abstract: A packet according to a secure protocol over a high-speed protocol has a small size header. A reception system estimates a packet number which is used in processing of a packet having a small size header on the basis of information indicating a packet number of a received packet. The header of each of one or more packets among N packets (where N is an integer of two or more) is a small size header, which is either a first header having one part of the packet number of the packet or a second header without the packet number of the packet. When the small size header is the first header, the header of each of the N packets is the first header. When the small size header is the second header, the header of each of the packets other than one packet among the N packets is the second header.

Abstract: An in-vehicle information communication system is configured from an in-vehicle communication device, an electronic control device that is installed in a vehicle, and an information processing device that is not installed in a vehicle. The electronic control device comprises an electronic control device storage unit, a message generation unit, a MAC generation unit, and an electronic control device communication unit which sends the message and the MAC to the information processing device via the in-vehicle communication device. The information processing device comprises an information processing device storage unit, a message authentication code verification unit, a response code generation unit, and an information processing device communication unit which sends the response code to the electronic control device via the in-vehicle communication device. The electronic control device further comprises a response code verification unit.

Abstract: A storage unit of a computer includes: a product configuration information holding unit; a component-vulnerability correspondence holding unit indicating security holes; an asset information holding unit that stores asset values of the respective component of the product; a security countermeasure classification holding unit that stores defense target components for the respective security countermeasures and coefficients of countermeasure effects; and an attack map holding unit that stores attack maps indicating attack paths. A processing unit executes a program, to form: an information collection processing unit; an attack map creation processing unit that creates an attack map for each product; and a vulnerability evaluation processing unit that calculates priority order among countermeasures from threat levels of security holes of the respective components on the basis of the asset values.

Abstract: An information sharing system includes a server and an in-vehicle system. The server includes: a first storage part; a first key generation part configured to generate a first private key and a first public key, if keys can be exchanged with the in-vehicle system; and a signature generation part configured to generate a signature value of the first public key using a server private key. The in-vehicle system includes: a second storage part configured to store a public key certificate including a server public key; a signature verification part configured to verify the first public key and a signature value received from the server, using a public key certificate; and a second key generation part configured to generate a second private key and a second public key, if a combination of the first public key and the signature value is correct as a result of the verification.

Abstract: A plurality of in-vehicle information collecting devices mounted on a plurality of vehicles; a center server to manage each in-vehicle information collecting device as a communication target; and a communication unit to relay communication between each in-vehicle information collecting device and the center server are included. Each in-vehicle information collecting device has an in-vehicle controller to transmit/receive information including vehicle information to/from the center server, and the center server includes a server controller to transmit/receive information to/from each in-vehicle controller. The server controller, when receiving the vehicle information from each in-vehicle controller, analyzes the received vehicle information, generates speed information defining a transmission speed of the vehicle information based on an analysis result, and transmits the generated speed information to each in-vehicle controller.

Abstract: An in-vehicle apparatus is an in-vehicle apparatus connected to a server via a network and mounted on a vehicle. The in-vehicle apparatus includes: a log collection unit configured to collect a log; a log storage unit for accumulation of at least a part of the log; a log priority information storage unit storing log priority information indicating a priority of a log to be accumulated in the log storage unit; an accumulation log determination unit configured to determine a log to be accumulated in the log storage unit based on the log priority information; a communication unit configured to transmit the log accumulated in the log storage unit to the server; and a log priority table management unit configured to update the log priority information stored in the log priority information storage unit based on an update command from the server.

Abstract: The present invention is directed to solve a problem that time is required for a process related to verification of a public key certificate of a message sender. An in-vehicle device mounted on a vehicle has a memory for holding information of a device which failed in verification of a public key certificate. At the time of performing communication between vehicles or between a vehicle and a roadside device, a check is made to see whether or not information of a device included in a message transmitted matches information of a device which failed and held in the memory. When the information matches, verification of a public key certificate is not performed.