JP2013168027A - Relay device, method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent a file with confidentiality from being transmitted to a service providing device.SOLUTION: A file to be uploaded to a service providing device 14 which provides a service in which files are uploaded is preliminarily determined whether or not it has confidentiality by a file management server 20, only files without confidentiality are stored in a file DB 54 and a file list is generated. A relay server 18 determines whether or not a form tag whose type attribute is "file" is included in a response to a terminal device 12 from the service providing device 14, and a script to display the file list at selection of a file to be uploaded is added when the tag is included. The relay server 18 acquires data of the file to be uploaded from the file management server 20 on the basis of attribute information included in an uploaded request to the service providing device 14 from the terminal device 12, adds the data to the upload request, and transmits it to the service providing device 14.

Description

  The disclosed technology relates to a relay device, a relay method, and a relay program.

  In recent years, opportunities to use various services provided on the web have increased. However, among services provided on the web, there are services based on the premise of uploading a file from a terminal device to a server that provides the service, such as a service that realizes file sharing and sharing. When a service that assumes file uploading is used in business, confidential files are mistakenly uploaded from the company to an external service provider server due to user carelessness, misjudgment, operation mistakes, etc. There is a risk. In this case, it leads to leakage of confidential information in the company.

  In relation to the above, a technique has been proposed in which, when an attachment operation for attaching an electronic file to an electronic mail is received, attribute information added to the electronic file is acquired by a server device. In this technology, the terminal device determines whether or not an electronic mail with an electronic file attached can be transmitted based on the acquired attribute information, thereby suppressing attachment to the electronic mail for each electronic file according to sensitivity. ing.

JP 2011-65330 A

  However, in the technology for determining whether or not an electronic mail with an electronic file attached can be transmitted by a terminal device, an application for transmitting and receiving an electronic mail (a so-called mailer) has a function of acquiring attribute information of an electronic file and determining whether or not transmission is possible. It is necessary to have. A general mailer does not have the above-described function, and it is necessary to modify the mailer in order to realize the above technique.

  In addition, the above technique cannot prevent an operation of transmitting an e-mail after rewriting the contents of an electronic file attached to the e-mail with a terminal device. For this reason, if a malicious user rewrites the contents of an electronic file attached to an e-mail to include confidential information and then performs an operation to send an e-mail, the confidential information will be leaked. Become.

  An object of the disclosed technique is to prevent a confidential file from being transmitted to a service providing apparatus.

  In the disclosed technology, when information transmitted from a service providing apparatus that provides a file handling service is relayed to a terminal apparatus, the analysis unit performs the following determination. In this determination, the information relayed to the terminal device includes a code that means that an operation for specifying a transmission target file to be transmitted from the terminal device to the service providing device is performed in the terminal device that has received the relay information. It is determined whether or not. In addition, when the analysis unit determines that the information relayed to the terminal device includes the code, the adding unit executes a program for causing the terminal device to execute the following processing on the information relayed to the terminal device. Append. In the processing, a file designation screen for displaying attribute information including the name of the file whose data is stored in the storage unit, which has been confirmed to be non-confidential, as an option for a file to be transmitted is displayed on the display unit of the terminal device. Includes processing to display. The above process includes a process of transmitting information including attribute information of the specified transmission target file to the service providing apparatus when an operation for specifying the transmission target file is performed through the file specification screen. Further, when relaying information transmitted from the terminal device to the service providing device, if the information relayed to the service providing device includes attribute information of the file to be transmitted designated through the file designation screen, The file transmission unit performs the following processing. In this process, the data of the designated transmission target file is acquired from the storage unit based on the attribute information, and the acquired transmission target file data is added to the information relayed to the service providing apparatus and transmitted to the service providing apparatus. Includes processing.

  The disclosed technique has an effect that a confidential file can be prevented from being erroneously transmitted to the service providing apparatus.

It is a functional block diagram of the computer system demonstrated by embodiment. It is a schematic block diagram of each computer of a computer system. It is a sequence diagram which shows the flow of the whole process in 1st Embodiment. It is a flowchart which shows the content of the file management process by the file management server which concerns on 1st Embodiment. It is a flowchart which shows the content of the script addition process by a relay server. It is explanatory drawing which shows an example of the script added by a script addition process. It is explanatory drawing which shows an example of the script added by a script addition process. It is a flowchart which shows the content of the file selection process by the terminal device which concerns on 1st Embodiment. (A), (C) is an upload screen, and (B) is an image diagram showing an example of a file list (child screen). It is a flowchart which shows the content of the file upload process by the relay server which concerns on 1st Embodiment. It is a sequence diagram which shows the flow of the whole process in 2nd Embodiment. It is a flowchart which shows the content of the file management process by the file management server which concerns on 2nd Embodiment. It is a flowchart which shows the content of the file selection process by the terminal device which concerns on 2nd Embodiment. It is a flowchart which shows the content of the file upload process by the relay server which concerns on 2nd Embodiment.

  Hereinafter, an example of an embodiment of the disclosed technology will be described in detail with reference to the drawings.

[First Embodiment]
FIG. 1 shows a computer system 10 according to the present embodiment. The computer system 10 includes a plurality of terminal devices 12, a service providing device 14, and a relay device 16 provided between the terminal device 12 and the service providing device 14. Although only one service providing device 14 is shown in FIG. 1, a plurality of service providing devices 14 may be provided in the same manner as the terminal device 12.

  The plurality of terminal devices 12 are composed of, for example, PCs (Personal Computers) and portable terminals, and are installed in the company for business operations in the company, and each includes a web page browsing unit 22. The web page browsing unit 22 requests the service providing apparatus 14 to provide a service by transmitting a request to the service providing apparatus 14. Further, the web page browsing unit 22 displays the web page data included in the response received from the service providing device 14 on the display 72 (see FIG. 2) of the terminal device 12 as a web page. In addition, when the response received from the service providing apparatus 14 includes a script, the web page browsing unit 22 executes the script.

  The service providing device 14 is a device that provides a predetermined service on the web to the terminal device 12. The service providing apparatus 14 includes, for example, a server computer, and is installed outside the company where the terminal apparatus 12 is installed, and includes a service providing unit 24 that performs processing for providing a predetermined service. The service providing unit 24 can apply any service that can be provided on the web as the predetermined service, but in the present embodiment, a service on the premise that a file is uploaded from the terminal device 12 to the service providing device 14. I will provide a. As a service on which the file upload is premised, for example, a service for publishing or sharing an uploaded file, a service for performing some processing on the uploaded file and returning a result, and the like can be cited.

  The relay device 16 is installed in the same company as the terminal device 12 and includes a relay server 18 and a file management server 20. The relay server 18 is a server that relays transmission / reception of information (request / response) between the terminal device 12 and the service providing device 14, and includes a request reception unit 26, a request analysis unit 28, a file acquisition unit 30, and a request generation unit. 32 and a request transfer unit 34. Further, the relay server 18 includes a response reception unit 36, a response analysis unit 38, a script addition unit 40, a response transfer unit 42, a user information management unit 44, and a URL management unit 46.

  The response analysis unit 38 is an example of an analysis unit in the disclosed technology, and the script addition unit 40 is an example of an addition unit in the disclosed technology. The request analysis unit 28, the file acquisition unit 30, the request generation unit 32, and the request transfer unit 34 are examples of a file transmission unit in the disclosed technology.

  The request receiving unit 26 receives a request transmitted from the terminal device 12 to the service providing device 14. The request analysis unit 28 analyzes the request received by the request reception unit 26 and acquires the user ID of the user who is operating the terminal device 12 that transmitted the request from the request. Further, when the request is an upload request for requesting upload of a file, the request analysis unit 28 acquires attribute information of the file to be uploaded from the upload request. The user information management unit 44 stores the user ID acquired by the request analysis unit 28.

  The file acquisition unit 30 acquires the data of the upload target file from the file management server 20 when the attribute information of the upload target file is acquired from the upload request by the request analysis unit 28. The request generation unit 32 generates a request to be transmitted to the service providing apparatus 14 by shaping the request received by the request reception unit 26. In addition, when the file acquisition unit 30 acquires the data of the upload target file, the request generation unit 32 adds the acquired upload target file data to transmit the upload request to be transmitted to the service providing apparatus 14. Generate.

  The request transfer unit 34 transfers the request generated by the request generation unit 32 to the service providing apparatus 14. The URL management unit 46 stores a URL (Uniform Resource Locator) of the service providing device 14 as a transmission destination of a request from the terminal device 12.

  The response receiving unit 36 receives a response transmitted from the service providing device 14 to the terminal device 12. The response analysis unit 38 analyzes the response received by the response reception unit 36 and acquires the session ID from the response. By the way, from the security aspect, browsers are restricted so that the location of intra (individuals and companies) resources does not pass to external services (specifications). With normal HTML tags, user misoperations occur when selecting files. It cannot be prevented. For this reason, the response analysis unit 38 searches whether the response received by the response reception unit 36 includes an <input type = "file"> tag. The user information management unit 44 stores the session ID acquired by the response analysis unit 38 in association with the user ID acquired by the request analysis unit 28.

  The script adding unit 40 generates and generates a script to be added to the response when the response analysis unit 38 obtains an analysis result that the <input type = "file"> tag is included in the response. Append the script to the response. The response transfer unit 42 transmits to the terminal device 12 a response that has been processed by the response analysis unit 38 and the script addition unit 40.

  The file management server 20 is a server that manages files that are scheduled to be uploaded from the terminal device 12 to the service providing device 14, and includes a file reception unit 48, a file management unit 50, and a file storage unit 52. The file management unit 50 is an example of a file management unit in the disclosed technology, and the file storage unit 52 is an example of a storage unit in the disclosed technology.

  The file receiving unit 48 receives a file scheduled to be uploaded to the service providing apparatus 14 from the terminal device 12. The file management unit 50 determines whether the file received by the file receiving unit 48 is a file that does not have confidentiality. The file storage unit 52 stores a file DB (database) 54. The file storage unit 52 associates the file confirmed to be non-confidential by the file management unit 50 with the user ID of the user who instructed transmission of the file to the file management server 20 in the file DB 54. Store.

  Further, the file management unit 50 generates a file list representing the file list stored in the file DB 54 for each user who has instructed transmission of a file to the file management server 20, and generates a file list for each user. The file list is transmitted to the relay server 18. The file list for each user transmitted to the relay server 18 is stored in the user information management unit 44 of the relay server 18.

  The terminal device 12 can be realized by, for example, the PC 60 shown in FIG. The PC 60 includes a CPU 62, a memory 64, a nonvolatile storage unit 68 and a communication I / F (interface) unit 70 which are realized by an HDD (Hard Disk Drive), a flash memory, or the like. The PC 60 is connected to a display 72, a keyboard 74, and a mouse 76, and is connected to a computer network (for example, a corporate LAN) 82 via a communication I / F unit 70. The storage unit 68 stores a browser program 80. The CPU 62 operates as the web page browsing unit 22 shown in FIG. 1 by executing the browser program 80.

  The service providing apparatus 14 can be realized by, for example, the application server 84 illustrated in FIG. The application server 84 includes a CPU 86, a memory 88, a nonvolatile storage unit 90 and a communication I / F unit 92 realized by an HDD (Hard Disk Drive), a flash memory, or the like. The application server 84 is connected to a computer network (for example, the Internet) 96 via the communication I / F unit 92. The storage unit 90 stores a service providing program 94. The CPU 86 operates as the service providing unit 24 illustrated in FIG. 1 by executing the service providing program 94.

  The relay server 18 in the relay device 16 can be realized by the server computer 100 shown in FIG. 2, for example. The server computer 100 includes a CPU 102, a memory 104, a nonvolatile storage unit 106 and a communication I / F unit 108 which are realized by an HDD (Hard Disk Drive), a flash memory, or the like. The server computer 100 is connected to the computer networks 82 and 96 via the communication I / F unit 108, respectively.

  The storage unit 106 serving as a recording medium stores a relay program 110 that causes the server computer 100 to function as the relay server 18. The CPU 102 reads the relay program 110 from the storage unit 106 and develops it in the memory 104, and sequentially executes the processes included in the relay program 110.

  The relay program 110 includes a request reception process 112, a request analysis process 114, a file acquisition process 116, a request generation process 118, a request transfer process 120, and a response reception process 122. The relay program 110 includes a response analysis process 124, a script addition process 126, a response transfer process 128, a user information management process 130, and a URL management process 132.

  The CPU 102 operates as the request reception unit 26 illustrated in FIG. 1 by executing the request reception process 112. The CPU 102 operates as the request analysis unit 28 illustrated in FIG. 1 by executing the request analysis process 114. The CPU 102 operates as the file acquisition unit 30 illustrated in FIG. 1 by executing the file acquisition process 116. The CPU 102 operates as the request generation unit 32 illustrated in FIG. 1 by executing the request generation process 118. The CPU 102 operates as the request transfer unit 34 illustrated in FIG. 1 by executing the request transfer process 120.

  The CPU 102 operates as the response reception unit 36 illustrated in FIG. 1 by executing the response reception process 122. The CPU 102 operates as the response analysis unit 38 shown in FIG. 1 by executing the response analysis process 124. The CPU 102 operates as the script adding unit 40 shown in FIG. 1 by executing the script adding process 126. The CPU 102 operates as the response transfer unit 42 illustrated in FIG. 1 by executing the response transfer process 128. The CPU 102 operates as the user information management unit 44 shown in FIG. 1 by executing the user information management process 130. The CPU 102 operates as the URL management unit 46 illustrated in FIG. 1 by executing the URL management process 132. As a result, the server computer 100 that has executed the relay program 110 functions as the relay server 18.

  The file management server 20 in the relay device 16 can be realized by, for example, the server computer 134 shown in FIG. The server computer 134 includes a CPU 136, a memory 138, a nonvolatile storage unit 140 and a communication I / F unit 142 realized by an HDD (Hard Disk Drive), a flash memory, or the like. The server computer 134 is connected to the computer network 82 via the communication I / F unit 142.

  In the storage unit 140 as a recording medium, a file management program 144 for causing the server computer 134 to function as the file management server 20 and a file DB 54 are stored. The CPU 136 reads the file management program 144 from the storage unit 140, expands it in the memory 138, and sequentially executes the processes included in the file management program 144.

  The file management program 144 has a file reception process 146 and a file management process 148. The CPU 136 operates as the file reception unit 48 illustrated in FIG. 1 by executing the file reception process 146. The CPU 136 operates as the file management unit 50 illustrated in FIG. 1 by executing the file management process 148. As a result, the server computer 134 that has executed the file management program 144 functions as the file management server 20. The relay program 110 and the file management program 144 are examples of a relay program in the disclosed technology.

  Next, the operation of the first embodiment will be described. As described above, the service providing unit 24 of the service providing apparatus 14 provides a service on the premise that a file is uploaded from the terminal device 12 to the service providing apparatus 14. For this reason, when using this service for business, a confidential file is mistakenly uploaded from the company to an external service providing server due to carelessness of the user who operates the terminal device 12, misjudgment, operation error, etc. There is a fear.

  As a technique for suppressing leakage of confidential information, a technique for setting an access right for a confidential file and a directory in which the file is stored is known. However, this technique cannot prevent a user who has an access right to a confidential file from erroneously uploading the confidential file.

  As another technique, there is a technique for restricting accessible sites by URL filtering processing by the relay server 18. However, this technology selects whether to allow or block an access request from a user based on the URL. Based on whether or not the file to be uploaded has confidentiality, the upload / The request cannot be passed or blocked.

  As another technique, it is also conceivable that the relay server 18 determines whether the upload target file included in the upload request has confidentiality, and performs a process of passing or blocking the upload request. . However, in this case, every time the relay server 18 receives an upload request, a load is applied to the relay server 18 and a time required for uploading the file becomes longer. In particular, when the size of a file to be uploaded is large or when upload requests are frequently transmitted, an excessive load is applied to the relay server 18 and communication in the computer network 82 becomes congested. There is a risk of malfunction.

  For this reason, in the first embodiment, a file to be uploaded is received in advance by the file management server 20, and the file management server 20 determines in advance whether or not the received file has confidentiality. Judgment. Then, the file management server 20 stores only the files that have been confirmed not to have confidentiality in the file DB 54.

  Further, the relay server 18 is a code (<input type = "file"> tag) that means that an operation for designating a file to be uploaded is performed on HTML data of a response from the service providing apparatus 14 to the terminal apparatus 12. Whether or not is included. The <input type = "file"> tag is a form tag whose type attribute is "file". When the code is included in the HTML data of the response, the relay server 18 uses, as the response, a script for displaying the file stored in the file DB 54 on the display 72 of the terminal device 12 as an option of the file to be uploaded. Append.

  In this script, when a file to be uploaded is selected and an upload is instructed by the user, the terminal device 12 performs processing for setting the attribute information of the selected file in the upload request transmitted to the service providing apparatus 14. Make it. When the relay server 18 receives an upload request from the terminal device 12 to the service providing device 14, the relay server 18 acquires data of a file in which attribute information is set in the request from the file management server 20 and adds the data to the request.

  Hereinafter, with reference to FIGS. 3 to 10, in the computer system 10 according to the first embodiment, a series of processes and user operations for using the service provided by the service providing apparatus 14 will be described in order.

  In the first embodiment, the service provided by the service providing device 14 is a service on the premise that a file is uploaded from the terminal device 12 to the service providing device 14. For this reason, when using the service provided by the service providing device 14, the user stores the file scheduled for uploading in the corresponding monitoring folder via the terminal device 12 as advance preparation for using the service. An operation is performed (see also step 200 in FIG. 3).

  The monitoring folder is provided in the storage unit 140 of the file management server 20 for each individual user who uses the computer system 10. The file reception unit 48 of the file management server 20 constantly monitors whether a new file is stored in any monitoring folder. As described above, when a file scheduled to be uploaded is newly stored in any monitoring folder, the file management server 20 performs the file management process shown in FIG.

  In step 250 of the file management process, the file reception unit 48 retrieves the file newly stored in the monitoring folder from the monitoring folder and obtains the user ID of the user corresponding to the monitoring folder in which the file is newly stored. To do. In the next step 252, the file management unit 50 determines whether or not there is confidentiality by, for example, searching whether or not a preset keyword is included in the file extracted from the monitoring folder by the file receiving unit 48. Determine (see also step 202 in FIG. 3). The presence / absence of confidentiality is not limited to determination by keyword search, and various known techniques can be applied, for example, determination using a file name or attribute information.

  In the next step 254, the file management unit 50 determines whether or not the file extracted from the monitoring folder is a non-confidential file based on the determination result in step 252 (see also step 204 in FIG. 3). If the file extracted from the monitoring folder contains a keyword such as “confidential” or “confidential”, for example, the file is determined to have confidentiality, and the determination in step 254 is denied, and the flow returns to step 262. Transition. In this case, in step 262, the file management unit 50 indicates that the file stored in the monitoring folder cannot be stored in the file DB 54 because the file stored in the monitoring folder is confidential to the terminal device 12 that has performed processing for storing the file in the monitoring folder. Send error information to notify

  On the other hand, if it is determined that the file extracted from the monitoring folder is not confidential, the determination in step 254 is affirmed and the process proceeds to step 256. In the file DB 54 stored in the file storage unit 52, a storage folder is provided for each individual user who uses the computer system 10. In step 256, the file management unit 50 stores the data of the file extracted from the monitoring folder in the storage folder corresponding to the user ID acquired by the file reception unit 48 in the file DB 54 (FIG. 3). (See also step 206).

  In the next step 258, the file management unit 50 adds the information of the file extracted this time to the file list of a specific user corresponding to the storage folder in which the current file is newly stored. For example, as shown in FIG. 9B, the file list is “file name”, “check date / time”, “path name” (not shown) for each file stored in the storage folder for each storage folder. ) Each attribute information is set. In step 260, the file management unit 50 transmits the updated file list to the relay server 18 together with the user ID (see also step 208 in FIG. 3). The file list and user ID transmitted from the file management server 20 to the relay server 18 are stored in association with each other by the user information management unit 44 of the relay server 18 (see also step 210 in FIG. 3).

  As described above, after the file to be uploaded is stored in the file DB 54, the user performs an operation for requesting the service providing apparatus 14 to provide the service via the terminal apparatus 12. (See also step 212 in FIG. 3). In this operation, for example, a browser (web page browsing unit 22) is started on the terminal device 12, and the URL of the service providing device 14 (specifically, the URL of the upload screen in the site of the service providing device 14) is designated as the access destination. It is done by doing. As a result, a request for distribution of the upload screen is transmitted from the terminal device 12 to the service providing device 14 as a destination, and this request is received by the relay server 18. Script addition processing is performed.

  In step 270 of the script addition process, the request reception unit 26 receives a request addressed to the service providing apparatus 14 received from the terminal apparatus 12. The request analysis unit 28 analyzes the request received by the request reception unit 26 and acquires the user ID set in the request (the ID of the user who operates the terminal device 12 that transmitted the request). (See also step 214 in FIG. 3). The user information management unit 44 stores the user ID acquired by the request analysis unit 28. Further, the request transfer unit 34 transmits the request received by the request receiving unit 26 to the service providing apparatus 14 as it is.

  When the service providing apparatus 14 receives the request transmitted from the terminal apparatus 12 via the relay server 18, the service providing apparatus 14 reads from the storage unit 90 the data of the upload screen requested to be distributed by the request. Then, the service providing apparatus 14 shapes and transmits the upload screen data read from the storage unit 90 into a response addressed to the terminal apparatus 12 (see also step 216 in FIG. 3).

  When the request transmitted from the service providing apparatus 14 is received by the relay server 18, the response receiving unit 36 receives the response addressed to the terminal apparatus 12 received from the service providing apparatus 14 in step 272 of the script addition process. . Further, the response analysis unit 38 analyzes the response received by the response reception unit 36, and acquires the session ID set in the response (see also step 218 in FIG. 3). In the next step 274, the user information management unit 44 stores the session ID acquired by the response analysis unit 38 in association with the previously stored user ID.

  In step 276, the response analysis unit 38 searches whether the response received by the response reception unit 36 includes an <input type = "file"> tag. In step 278, the script adding unit 40 determines whether or not an <input type = "file"> tag has been found by the search performed by the response analysis unit 38 (see also step 220 in FIG. 3). The <input type = "file"> tag means that an operation for specifying a file to be uploaded from the terminal device 12 to the service providing device 14 is performed in the terminal device 12 that has received the response.

  If the determination in step 278 is negative, it can be determined that the terminal device 12 that has received the response does not perform an operation for designating the file to be uploaded, so the process proceeds from step 278 to step 288. In step 288, the response transfer unit 42 transmits the response from the service providing apparatus 14 to the terminal apparatus 12 as it is (without adding a script), and ends the script adding process.

  On the other hand, if the determination in step 278 is affirmed, it can be determined that the terminal device 12 that has received the response performs an operation for designating a file to be uploaded, so the process proceeds from step 278 to step 280. In step 280, the script adding unit 40 acquires the user ID stored in the user information management unit 44 in association with the session ID acquired by the response analysis unit 38 from the user information management unit 44. In addition, the script adding unit 40 reads out the file list stored in the user information management unit 44 in association with the acquired user ID from the user information management unit 44.

  In the next step 282, the script adding unit 40 generates a script for displaying the file list read in step 280 on the display 72 of the terminal device 12 when the terminal device 12 selects a file to be uploaded. . An example of the script generated by the script adding unit 40 is shown in FIGS. 6 and 7, the script generated by the script adding unit 40 is a portion surrounded by a broken line and shown in bold.

  The script shown in FIG. 6 is a script related to the upload screen (parent screen). As shown in FIGS. 9A and 9C, the upload screen 150 is provided with a “reference” button 152 for displaying a candidate file to be uploaded and an “upload” button 154 for instructing the upload. It has been. The upload screen is also provided with a display field 156 for displaying the path name of the file to be uploaded. The script related to the parent screen generated by the script adding unit 40 includes a script that opens a new window and calls a file list list screen (child screen) when the “reference” button 152 is selected. In addition, a script that defines how to pass data between the request destination and the child screen, a script that receives a file path name from the child screen, and a request is transmitted when the “upload” button 154 is selected. A script is also included.

  Further, the script shown in FIG. 7 is a script related to the child screen. As shown in FIG. 9B, the file list list screen 160 is provided with a character string 162 indicating a user name and a file list list 164. The file list list screen 160 is an example of a file designation screen in the disclosed technology. The script related to the child screen generated by the script adding unit 40 includes a script for generating the child screen. In addition, when any file displayed in the file list 164 is selected, a script that includes the path name of the selected file to the script on the parent screen is also included. The script adding unit 40 generates a script for generating a sub-screen based on the file list list read from the user information management unit 44.

In the next step 284, the script adding unit 40 has received a script (for example, the following script) including the <input type = "file"> tag found by the search by the response analyzing unit 38 by the request receiving unit 26. Remove from request.
<input type = "file" name = "data"/><br>

The script adding unit 40 adds the script generated in step 282 to the request received by the request receiving unit 26 instead of the deleted script (see also step 222 in FIG. 3). In the next step 286, the response transfer unit 42 transmits the response to which the script is added by the script adding unit 40 to the terminal device 12, and ends the script adding process.

  In the terminal device 12 that has received the response to which the script is added by the relay server 18 as described above, the script added to the received response is interpreted and executed by the web page browsing unit 22 (browser), so that FIG. The file selection process shown in FIG.

  In step 300 of the file selection process, the web page browsing unit 22 displays an upload screen 150 as shown in FIG. 9A on the display 72 of the terminal device 12 (see also step 224 in FIG. 3). In the next step 302, the web page browsing unit 22 waits until the “reference” button 152 in the upload screen 150 is selected. When the “reference” button 152 is selected, the process proceeds from step 302 to step 304, and the web page browsing unit 22 displays a sub-screen (file list list screen 160 shown in FIG. 9B) for displaying the file list. Display (see also step 226 in FIG. 3).

  When the “Browse” button 152 in the upload screen 150 is selected, in general, a list of files stored in a folder arbitrarily set in advance is displayed, and a folder to be displayed can be changed (directory movement). Because there is, any file can be selected. For this reason, there is a possibility that a confidential file is erroneously selected as the upload target file.

  On the other hand, in this embodiment, when the “reference” button 152 in the upload screen 150 is selected, the file list list screen 160 is displayed by the script added by the relay server 18. In the file list list 164 in the file list screen 160, only files that have been confirmed by the file management server 20 to have no confidentiality are listed as options. This prevents a file having confidentiality from being erroneously selected as a file to be uploaded.

  In the next step 306, the web page browsing unit 22 waits until one of the files listed in the file list 164 is selected. During this time, the user refers to the file list 164 and performs an operation of selecting a file to be uploaded from the displayed files (see also step 228 in FIG. 3). When any file is selected as an upload target, the process proceeds from step 306 to step 308, and the web page browsing unit 22 displays the file name, path name, and check date and time of the selected file on the parent screen (script). Deliver and clear the display of the sub-screen. Further, the web page browsing unit 22 displays the path name of the file transferred to the parent screen in the display field 156 as shown in FIG.

  In the next step 310, the web page browsing unit 22 waits until the “upload” button 152 in the upload screen 150 is selected. When the “upload” button 152 is selected, the process proceeds from step 310 to step 312. In step 312, the web page browsing unit 22 transmits an upload request including the file name, path name, and check date and time of the file selected as the upload target (see also step 230 in FIG. 3). ). The upload request includes the attribute information of the file name, path name, and check date / time of the file to be uploaded, but does not include the data of the file to be uploaded.

  Next, with reference to FIG. 10, a file upload process executed by the relay server 18 when an upload request addressed to the service providing apparatus 14 (a request including the attribute information of the file to be uploaded) is received from the terminal apparatus 12 will be described. I will explain.

  In step 320 of the file upload process, the request receiving unit 26 receives an upload request addressed to the service providing apparatus 14 received from the terminal apparatus 12. Further, the request analysis unit 28 analyzes the upload request received by the request reception unit 26. In the next step 322, the request analysis unit 28 acquires the session ID, the file name of the upload target file, the path name, and the check date / time from the upload request received by the request reception unit 26.

  In step 324, the file acquisition unit 30 acquires data of the upload target file from the file management server 20 based on the path name acquired by the request analysis unit 28 (see also step 232 in FIG. 3). In the next step 326, the request generation unit 32 adds the data of the upload target file acquired by the file acquisition unit 30 to the upload request received by the request reception unit 26. Further, the request generation unit 32 shapes the upload request for transmission to the service providing apparatus 14. As a process for shaping the upload request, for example, a process for rewriting header information (for example, content type) can be cited.

  In step 328, the request transfer unit 34 transmits the upload request, which is formatted by adding the data of the file to be uploaded by the request generation unit 32, to the service providing apparatus 14 (see also step 234 in FIG. 3). When the upload request is received by the service providing apparatus 14, the service providing unit 24 of the service providing apparatus 14 performs a process of providing a predetermined service (see also step 236 in FIG. 3).

  As described above, in this embodiment, when selecting a file to be uploaded, only files that have been confirmed in advance by the file management server 20 as having no confidentiality are displayed as a list. Thereby, it is possible to prevent a file having confidentiality from being erroneously selected as a file to be uploaded, and to prevent a file having confidentiality from being transmitted to the service providing apparatus 14.

  In the present embodiment, since the file management server 20 determines in advance whether or not the file to be uploaded has confidentiality, the relay server 18 performs the above determination when relaying the upload request. There is no need to do it. As a result, the load applied to the relay server 18 when relaying the upload request is reduced, and even when the size of the file to be uploaded is large or when the upload request is frequently transmitted, the file upload is short. Complete in time.

  In the present embodiment, since the upload request transmitted from the terminal device 12 does not include data of the file to be uploaded, the traffic between the terminal device 12 and the relay server 18 is reduced. On the other hand, when the relay server 18 receives the upload request, the relay server 18 acquires the data of the file to be uploaded from the file management server 20, so that the traffic between the relay server 18 and the file management server 20 increases. However, in this embodiment, the file selected as the upload target by the user is a file that has been confirmed in advance by the file management server 20 to have no confidentiality, and the selected file is confidential. There will be no point uploading failure. For this reason, after a file to be uploaded is selected by the user, data of a file that cannot be uploaded due to confidentiality is sent and received as compared with the case where it is determined whether or not the file has confidentiality. Things will disappear. Therefore, useless traffic in the computer network 82 is reduced, and traffic of the computer network 82 as a whole can be reduced.

  Furthermore, depending on the type of service provided by the service providing apparatus 14, when data having been modified (for example, adding some information to the header) that causes an increase or decrease in the amount of data to the original file is uploaded, service providing processing is performed. May result in an error. On the other hand, in the present embodiment, a file whose data is stored in the file DB 54 after the file management server 20 confirms that it is not confidential is managed by the file list. For this reason, in this embodiment, it is not necessary to modify the data of a file that has been confirmed to be non-confidential, and since the modification is not performed, the processing result of the service providing process may result in an error. Can be prevented.

  Further, the technology described in the present embodiment can be realized if a browser is installed in the terminal device 12. For this reason, it is not necessary to install a dedicated application in the terminal device 12 or to modify an application (for example, a mailer) installed in the terminal device 12 and can be easily implemented.

[Second Embodiment]
Next, a second embodiment of the disclosed technique will be described. Since the second embodiment has the same configuration as that of the first embodiment, the same reference numerals are given to the respective parts and description of the configuration is omitted, and the operation of the second embodiment will be described below. Only portions different from the embodiment will be described.

  In the second embodiment, when the file management server 20 confirms that the file management server 20 does not have confidentiality and uploads a file in which data is stored in the file DB 54, the second embodiment confirms falsification of the file. Is different. Details will be described below with reference to FIGS.

  The file management server 20 according to the second embodiment performs the file management process shown in FIG. 12 when a file scheduled to be uploaded is newly stored in any monitoring folder. In this file management process, it is determined that the file extracted from the monitoring folder is not confidential (the determination in step 254 is affirmative), and the data of the file is stored in the storage folder of the file DB 54 (step 256). Later, the process proceeds to step 264. In step 264, the file management unit 50 calculates the hash value of the file taken out from the monitoring folder and stored in the file DB 54 (see also step 238 in FIG. 11).

  In the next step 266, the file management unit 50 adds the hash value calculated in step 264 to the file list of a specific user corresponding to the storage folder in which the current file is newly stored as information on the file extracted this time. Add each information to be included. Accordingly, in the next step 260, the file list including the hash value is transmitted from the file management unit 50 to the relay server 18 together with the user ID (see also step 208 in FIG. 11). The file list and user ID transmitted from the file management server 20 to the relay server 18 are stored in association with each other by the user information management unit 44 of the relay server 18 (see also step 210 in FIG. 11).

  The script addition process performed by the relay server 18 according to the second embodiment is the same as the process described in the first embodiment (FIG. 5), but the script generated by the script addition unit 40 and added to the response. Is slightly different. That is, as described above, in the second embodiment, the file list includes the hash value of each file as one piece of information of each file. In the second embodiment, the hash value of each file is included. Is excluded from the transmission target to the terminal device and is not included in the script. In the second embodiment, the script adding unit 40 generates a script that causes the web page browsing unit 22 (browser) of the terminal device 12 to perform the file selection process shown in FIG. Hereinafter, a file selection process performed by the web page browsing unit 22 (browser) of the terminal device 12 will be described with reference to FIG.

  In this file selection process, when a file to be uploaded is selected by the user while the file list screen 160 is displayed on the display 72 of the terminal device 12 (see also step 228 in FIG. 3), step 306 is performed. To step 314. In step 314, the web page browsing unit 22 acquires data of the upload target file selected by the user from the file management server based on the path name included in the script (see also step 240 in FIG. 11). In the next step 316, the web page browsing unit 22 calculates the hash value of the upload target file based on the upload target file data acquired in step 314 (see also step 242 in FIG. 11). In step 318, the web page browsing unit 22 passes the file name, path name, check date and time of the upload target file, and the calculated hash value to the parent screen (its script), and erases the child screen display.

  In the next step 310, the web page browsing unit 22 waits until the “upload” button 152 in the upload screen 150 is selected, as in the first embodiment. When the “upload” button 152 is selected, the process proceeds from step 310 to step 319. In step 319, the web page browsing unit 22 transmits an upload request including the file name, path name, check date / time, and hash value of the file to be uploaded to the service providing apparatus 14 (see also step 230 in FIG. 11). ). The upload request includes the attribute information of the file name, path name, check date and hash value of the file to be uploaded, but does not include the data of the file to be uploaded.

  When the relay server 18 according to the second embodiment receives an upload request addressed to the service providing device 14 from the terminal device 12, the relay server 18 performs the file upload processing illustrated in FIG. In step 320 of the file upload process, the request reception unit 26 receives an upload request addressed to the service providing apparatus 14 received from the terminal apparatus 12. Further, the request analysis unit 28 analyzes the upload request received by the request reception unit 26.

  In the next step 330, the request analysis unit 28 acquires the session ID, the file name, the path name, the check date / time, and the hash value of the upload target file from the upload request received by the request reception unit 26. In step 324, the file acquisition unit 30 acquires the user ID stored in the user information management unit 44 in association with the session ID acquired by the request analysis unit 28. Subsequently, the file acquisition unit 30 reads the file list stored in the user information management unit 44 in association with the acquired user ID from the user information management unit 44 (see also step 244 in FIG. 11).

  In the next step 334, the file acquisition unit 30 determines whether or not the hash value acquired by the request analysis unit 28 matches the hash value of the same file set in the read file list (see FIG. 11 step 246). If the hash values do not match, the file data stored in the file DB 54 may have been tampered with after the file management server 20 has confirmed that it does not have confidentiality. Therefore, if the determination in step 334 is negative, the process proceeds to step 336, where the relay server 18 notifies the terminal device 12 that the file cannot be uploaded to the service providing device 14, and ends the file upload process. To do.

  If the hash values match, the determination at step 334 is affirmed and the routine proceeds to step 324. The subsequent processing is the same as in the first embodiment, and the data of the file to be uploaded is acquired from the file management server 20 (step 324), the data is added to the upload request, and the upload request is formatted (step 324). Step 326). Then, the upload request is transmitted to the service providing apparatus 14 (step 328), and the service providing unit 24 of the service providing apparatus 14 performs a process of providing a predetermined service (see also step 236 in FIG. 11).

  As described above, in the second embodiment, when it is confirmed that the file scheduled to be uploaded is not confidential, the hash value is calculated and stored, and the file is uploaded. The hash value is calculated again and compared. As a result, even when a file that has been confirmed to have no confidentiality and is stored in the file DB 54 has been tampered with the confidential information added before the file is uploaded, Confidential information can be prevented from being leaked by uploading. Other functions and effects are the same as those of the first embodiment, and a description thereof will be omitted.

  In the above description, a mode has been described in which a file that has been confirmed to have no confidentiality is stored and managed in the file DB 54 in units of users. However, files may be stored and managed in units of users' groups. .

  In the above description, the terminal device 12 and the relay device 16 are installed in the company. However, the disclosed technology is not limited to this, and the terminal device 12 and the relay device 16 are installed in a home, for example. May be. In the above description, the mode in which the relay device 16 is divided into the relay server 18 and the file management server 20 has been described. However, the present invention is not limited to this, and the functions of the relay server 18 and the file management server 20 are combined into a single device. It may be realized by (computer).

  Of the relay program 110 and the file management program 144 that are examples of the relay program of the disclosed technology, the relay program 110 is stored in the storage unit 106 in advance, and the file management program 144 is stored in the storage unit 140 in advance. The aspect which has been demonstrated. However, the present invention is not limited to this, and the relay program of the disclosed technique can be provided in a form recorded on a recording medium such as a CD-ROM or a DVD-ROM.

  All documents, patent applications and technical standards mentioned in this specification are to the same extent as if each individual document, patent application and technical standard were specifically and individually stated to be incorporated by reference. Incorporated by reference in the book.

DESCRIPTION OF SYMBOLS 10 Computer system 12 Terminal apparatus 14 Service provision apparatus 16 Relay apparatus 18 Relay server 20 File management server 26 Request reception part 28 Request analysis part 30 File acquisition part 32 Request generation part 34 Request transfer part 36 Response reception part 38 Response analysis part 40 Script addition unit 42 Response transfer unit 44 User information management unit 48 File reception unit 50 File management unit 52 File storage unit 54 File DB
82 Computer Network 100 Server Computer 102 CPU
104 Memory 106 Storage Unit 110 Relay Program 134 Server Computer 136 CPU
138 Memory 140 Storage unit 144 File management program

Claims (8)

When relaying information transmitted from a service providing device that provides a file handling service to a terminal device, the terminal device that has received the information to be relayed in the information relayed to the terminal device from the terminal device An analysis unit for determining whether or not a code indicating that an operation for specifying a transmission target file to be transmitted to the service providing apparatus is performed is included;
When the analysis unit determines that the information relayed to the terminal device includes the code, the information relayed to the terminal device is confirmed to have no confidentiality, and data is stored in the storage unit. An operation for causing the display unit of the terminal device to display a file designation screen for displaying attribute information including the name of the file in which the file is stored as an option of the transmission target file, and designating the transmission target file through the file designation screen Is added, an adding unit for adding a program for causing the terminal device to execute processing for transmitting information including attribute information of the designated file to be transmitted to the service providing device;
When relaying information transmitted from the terminal device to the service providing device, the information relayed to the service providing device includes attribute information of the file to be transmitted designated through the file designation screen. In this case, the data of the specified transmission target file is acquired from the storage unit based on the attribute information, and the acquired data of the transmission target file is added to the information relayed to the service providing apparatus. A file transmission unit for transmitting to the providing device;
A relay device including In the storage unit, the data of the file confirmed to have no confidentiality is stored in a user unit or a user group unit,
The analysis unit also determines a user who has performed an operation for requesting the service providing apparatus to provide the service via the terminal device,
The adding unit includes, in the information relayed to the terminal device, the name of the file corresponding to the user determined by the analyzing unit among the files stored in the storage unit as the file designation screen. The relay device according to claim 1, wherein a program for causing the terminal device to execute a process including a process of displaying a file designation screen for displaying attribute information as an option of the transmission target file on the display unit of the terminal device is added. . When a file in which data is to be stored in the storage unit is specified, it is determined whether or not the specified file has no confidentiality, and only when it is confirmed that the file has no confidentiality, Further comprising a file management unit for storing data in the storage unit and holding attribute information of the file storing the data in the storage unit,
The said addition part acquires the attribute information of the said file displayed on the said file designation | designated screen as an option of the said transmission target file from the said file management part, and produces | generates the said program based on the acquired said attribute information. Or the relay apparatus of Claim 2. The file management unit calculates a hash value of the file when a file in which data is to be stored in the storage unit is specified and it is confirmed that the specified file is not confidential, and the calculated hash Holding the value as one of the attribute information of the file,
When the operation for specifying the transmission target file is performed on the information relayed to the terminal device through the file specification screen, the addition unit acquires the data of the specified transmission target file from the storage unit. A program for causing the terminal device to execute processing for transmitting the information including the calculated hash value to the service providing apparatus as attribute information of the specified file to be transmitted. ,
The file transmission unit, when the attribute information of the transmission target file is included in the information transmitted from the terminal device and relayed to the service providing device, the hash value of the transmission target file is set to the file Information that relays the data of the transmission target file to the service providing device when the hash value included in the attribute information is acquired from the management unit and matches the hash value acquired from the file management unit The relay apparatus according to claim 3, wherein the relay apparatus transmits the information to the service providing apparatus. The information transmitted from the service providing apparatus to the terminal device is HTML data representing a screen to be displayed on the display unit of the terminal device,
The addition unit is configured to send, as the program, a script executed by a browser that operates on the terminal device and generates a screen to be displayed on the display unit of the terminal device from HTML data, and sends the terminal device from the service providing device to the destination. The relay device according to claim 1, wherein the relay device is added to the information transmitted as. The information transmitted from the service providing apparatus to the terminal device is HTML data representing a screen to be displayed on the display unit of the terminal device,
The analysis unit determines, as the code, whether or not a form tag whose type attribute is “file” is included in the HTML data as information transmitted from the service providing apparatus to the terminal device as a destination. The relay device according to any one of claims 1 to 5. The relay device
When relaying information transmitted from a service providing device that provides a file handling service to a terminal device, the terminal device that has received the information to be relayed in the information relayed to the terminal device from the terminal device It is determined whether or not a code indicating that an operation for specifying a transmission target file to be transmitted to the service providing apparatus is performed is included.
In the analysis step, when it is determined that the information relayed to the terminal device includes the code, the information relayed to the terminal device is confirmed to have no confidentiality, and data is stored in the storage unit. An operation for causing the display unit of the terminal device to display a file designation screen for displaying attribute information including the name of the stored file as an option for the transmission target file and designating the transmission target file through the file designation screen. When done, a program for causing the terminal device to execute processing for transmitting information including attribute information of the designated file to be transmitted to the service providing device is added,
When relaying information transmitted from the terminal device to the service providing device, the information relayed to the service providing device includes attribute information of the file to be transmitted designated through the file designation screen. In this case, the data of the specified transmission target file is acquired from the storage unit based on the attribute information, and the acquired data of the transmission target file is added to the information relayed to the service providing apparatus. A relay method characterized by transmitting to a providing device. On the computer,
When relaying information transmitted from a service providing device that provides a file handling service to a terminal device, the terminal device that has received the information to be relayed in the information relayed to the terminal device from the terminal device An analysis step for determining whether or not a code indicating that an operation for specifying a transmission target file to be transmitted to the service providing apparatus is performed is included;
In the analysis step, when it is determined that the information relayed to the terminal device includes the code, the information relayed to the terminal device is confirmed to have no confidentiality, and data is stored in the storage unit. An operation for causing the display unit of the terminal device to display a file designation screen for displaying attribute information including the name of the stored file as an option for the transmission target file and designating the transmission target file through the file designation screen. An additional step of adding a program for causing the terminal device to execute a process of transmitting information including attribute information of the designated file to be transmitted to the service providing device;
When relaying information transmitted from the terminal device to the service providing device, the information relayed to the service providing device includes attribute information of the file to be transmitted designated through the file designation screen. In this case, the data of the specified transmission target file is acquired from the storage unit based on the attribute information, and the acquired data of the transmission target file is added to the information relayed to the service providing apparatus. A file sending step to send to the providing device;
Relay program for executing processing that includes