JP2001257725A - Method for limiting utilization of network reception data utilizing intermediary server and its system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To realize transmission reception of data between only specific systems by placing a limit onto a data distribution path. SOLUTION: Intermediary servers 11, 12 have a stamp generator that generates a stamp and calculate the stamp at data transmission reception. In this case, an in-company network system 1 (2) and a data conversion module 111 (121) are in one-to-one correspondence. A transmitter side enterprise transmits a stamp and data in a pair to identify which data conversion module 121 of a receiver side enterprise is in operation to enter data to a software program. Simultaneously, illegal access with respect to data between paths until data are entered to the software can be avoided. In this case, since the stamp is generated from a unidirectional function, the stamp cannot be resolved. Moreover, even when the stamp is revised or falsified, because the stamp is destroyed, the discrimination of revision or falsification is possible and the operation of the data conversion module cannot be conducted.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method and a system for restricting the use of network reception data using a mediation server.

[0002]

2. Description of the Related Art Methods for preventing unauthorized use of data include a method using encryption technology and a method using digital watermarking technology. In the former case, the encrypted data can be decrypted only by an authorized user or system having an encryption key, so that even if the data is eavesdropped, it cannot be decrypted. This prevents unauthorized use of data during communication, but does not impose any restrictions on data distribution. The latter is a technology for detecting unauthorized duplication of data, and the original data of the data can be identified by embedding electronic signatures or symbols directly in the data. Even this technique does not impose any restrictions on data distribution.

[0003]

As described above, according to the prior art, no restriction can be imposed on the distribution of data at all, so that it is used, for example, for transferring important data between companies. I am worried. Also, even inside a company, there is a possibility of unauthorized use by employees, so it is necessary to restrict the distribution of data not only on the Internet but also on an in-house network.

[0004] The present invention has been made in view of the above circumstances, and by limiting data distribution routes, realizes network transmission and reception using an intermediary server that realizes data transmission and reception only between specific systems. It is an object of the present invention to provide a data use restriction method and a system thereof.

[0005]

According to a first aspect of the present invention, there is provided a method for restricting the use of network reception data using a mediation server, wherein the mediation server is provided for each network. When transmitting data, the intermediary server transmits a specific data sequence defined in the network of the receiving side that has been received from the receiving side together with transmission data, and when the data is received, the specific data sequence It was confirmed that the received data had a value determined in the network, and the received data was processed and taken in as necessary.

[0006] The invention described in claim 2 is the invention according to claim 1.
In the method for restricting the use of network reception data using an intermediary server described in the above, the intermediary server is connected via the Internet, and encrypts and transmits and receives the specific data and transmission / reception data. Thereby, the mediation server transmits the data together with a specific data sequence defined in the network of the receiving side previously received from the receiving side at the time of data transmission and transmits the specific data at the time of data reception. After confirming that the column has a value determined in the network on the receiving side, the transmission data is processed and taken in as necessary. Therefore, a restriction can be imposed on the data distribution route, and data transmission / reception can be realized only between specific systems.

According to a third aspect of the present invention, there is provided a system for restricting use of network reception data using a mediation server for each network, wherein the mediation server receives data from a receiving side when transmitting data. A transmitting device that transmits a specific data sequence determined in the receiving side network and transmission data together, and that, when receiving data, the specific data sequence has a value determined in its own network. And a receiving device that processes and transmits the transmission data as necessary.

[0008] The invention described in claim 4 is the invention according to claim 3.
2. In the system for restricting use of network reception data using the mediation server described in 1., the transmission device is one-to-one with a network system operating on each of the networks.
And a data conversion module that receives data arriving from one network and transmits the data together with the specific data, and prepares and operates the specific data generated by the data conversion module of the one network in advance. A list file for specifying the data conversion module is provided.

Further, the invention described in claim 5 is the third invention.
3. In the system for restricting use of network reception data using the mediation server described in 1., the reception device is one-to-one with a network system operating on each of the networks.
A data conversion module for inputting the transmission data in order to capture received data, and specific data for generating the specific data by calculating a hash value by a one-way function using a code of the data conversion module on the receiving side Generating device, separating the data and the specific data received from the network, comparing the specific data and the specific data generated by the data conversion module, and when matched, the data conversion module corresponding to the specific data A specific data confirmation device for transferring received data is provided.

With each of the above configurations, the mediation server has a stamp generation device that generates a stamp, and calculates the stamp when transmitting and receiving data. At this time, the network system and the data conversion module have a one-to-one correspondence. By transmitting the stamp and the data in pairs, it is possible to identify which data conversion module of the network system operates and inputs data to the corresponding software. At the same time, unauthorized access to data between paths until data is input to software is prevented. At this time, the stamp cannot be solved because it is generated from a one-way function. In addition, even when the stamp is changed or tampered with, the stamp is destroyed, so that the stamp can be discriminated and the data conversion module does not operate. Therefore, by restricting the data distribution channel, data transmission / reception can be realized only between specific systems.

[0011]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS FIG. 1 is a diagram showing a system configuration of a system for restricting the use of network reception data using a mediation server according to the present invention. Here, a configuration in which company systems 1 and 2 in a company are connected via the Internet 3 is illustrated. Intermediary servers 11 and 12 are connected between the in-house systems 1 and 2 and the Internet 3 respectively.
Is interposed. The in-house system 12 is a system for managing information used inside the company. Here, the in-house system 1 will be described as a transmitting company, and the in-house system 2 will be described as a receiving company.

The mediation servers 11 and 12 are a core part of the present invention, and the existing in-house network system 1
It is located between (2) and the Internet 3 and is the gateway for both data. The Internet 3 is a network used by an unspecified number of users. Mediation server 11
Is composed of a data conversion module 111 and a transmission stamp list file 112, and the mediation server 12
Is the data conversion module 121, the stamp generation device 1
23, constituted by a stamp confirmation device 124. Each configuration operation will be described later. Mediation server 11
(12) is installed in the in-house network system 1 (2) used by the sending company and the receiving company, and the mediation server 11 (12) stores data corresponding to each in-house network system 1 (2). Conversion module 111 (12
Have 1).

The data conversion module 111 (121)
Has a role of receiving data coming from the in-house network system 1 at the time of data transmission and transmitting it together with a stamp which is specific data. On the other hand, when receiving data, it has a role of inputting the data to the in-house network system 2 in order to capture the data. If the data format of the in-house network system 1 (2) differs between the sending company and the receiving company, data conversion suitable for each is performed. The transmission stamp list file 112 prepares a stamp generated by the data conversion module 121 of the receiving company in advance, and uses the stamp to specify the data conversion module 121 to be operated in the receiving company.

The stamp generator 123 calculates a hash value by a one-way function using the code value of the data conversion module 121, generates a stamp, and supplies the stamp to the stamp checker 124. The stamp confirmation device 124
It separates the stamp from the data received from the sending company, compares the stamp from the sending company with the stamp generated by the data conversion module 121 of the receiving company, and when the stamps match, the data corresponding to the stamp The data is passed to the conversion module 121, and if they do not match, the delivery of the data is refused.

Here, since the configuration of the mediation server 11 (12) is divided into a function of a transmitting company and a function of a receiving company, the mediation server 11
And a transmission stamp list file 112,
Further, the mediation server 12 includes a data conversion module 121
, A stamp generation device 123 and a stamp confirmation device 12
4 is described. However, since the mediation server 11 and the mediation server 12 actually have a transmission / reception function, they each have all components of a data conversion module, a transmission stamp list file, a stamp generation device, and a stamp confirmation device.

In the above configuration, the data conversion module 111 (121) and the in-house network system 1 (2)
Are in a one-to-one relationship. First, in the mediation server 11 of the in-house network system 1 of the transmitting company,
The data conversion module 111 is activated, a stamp that is a one-way function value is generated by a built-in stamp generator, and the stamp is transmitted together with transmission data. Mediation server 12 of in-house network system 2 of receiving company
Generates the stamp according to the method shown in FIG. 2 after receiving the data. That is, the data conversion module 12
1 is activated, and a stamp which is a one-way function value is generated by a built-in stamp generating device 123.

If the previously received stamp is compared with the stamp generated by the data conversion module 121 of the receiving company, it can be determined that the data is transmitted from a reliable partner if they match. Data conversion module 1
Since the stamp 11 (121) corresponds to the stamp, the in-house network system 1 (2) corresponding to the data conversion module 111 (121) can be specified, and data can be input. Further, since the path between the transmitting company and the receiving company is encrypted and transmitted / received by the existing encryption method, data can be transmitted / received without eavesdropping on the data. Since the stamp itself is a one-way function value, it is a value that can be found if tampered. The stamp is
Since the value is unique to the data conversion module 111 (121), the corresponding data conversion module 111 (121) does not operate when tampered. Thus, by restricting the data distribution route, data transmission / reception can be realized only between specific systems.

Hereinafter, a processing procedure for realizing a method for restricting the use of network reception data using the mediation server according to the present invention will be described with reference to FIG. First, as pre-processing, the transmitting company and the receiving company confirm and mutually agree on the data conversion module 111 (121) of the mediation server 11 (12) (step S3).
1). The hash function of the code in the executable format constituting the data conversion module 111 (121) will be hereinafter referred to as a stamp. The stamp is incorporated into the agreed upon data conversion module 121 of the mediation server 12 of the receiving company (step S32). Further, the stamp of the agreed data conversion module is set in the mediation server 11 of the transmitting company (step S33).

After the above preprocessing, data transmission / reception and stamp processing are performed according to the procedure shown in FIG. In FIG. 3, blocks denoted by the same reference numerals as those in FIG. 1 are the same as those in FIG.
Also, the polygons denoted by the symbols A to D indicate a group of in-house network systems (application programs), and these have a one-to-one correspondence with each of the data conversion modules 111 (121) as described above.

First, the mediation server 11 of the transmitting company transmits the stamp of the data conversion module 121 incorporated in the mediation server 12 of the receiving company together with the data, thereby operating the data conversion module 12 operating on the receiving side.
Specify 1. The data conversion module 111 in the mediation server 11 of the transmitting company first refers to the transmission stamp list file 112 to operate the data conversion module 121 of the receiving company. Then, the data conversion module 111 transmits the stamp and the data (Step S34). Thereby, the mediation server 12 of the receiving company receives the data and the stamp. There, the data and the stamp are decrypted and separated. Thereafter, the data conversion module 121 in the mediation server 12 sends the stamp generation device 1 to identify the corresponding module.
23 generates a stamp using the code of the data conversion module 121 as an input (step S35).

The stamp confirmation device 124 compares the stamp of the data conversion module 121 with the stamp attached to the received data. Here, if the stamps match, the mediation server 12 of the receiving company sends the matched data conversion module 12
Execute 1. If not, the data conversion module 1
21 is rejected (step S36). After specifying the data conversion module 121 to be operated, the data is supplied to the in-house network system 2 which has a one-to-one relationship with the data conversion module 121, and the processing is completed (step S37).

Note that the data and the stamp are encrypted between the mediation server 11 of the transmitting company and the mediation server 12 of the receiving company by the existing encryption technology, so that the data and the stamp can be prevented from being wiretapped and falsified.

Hereinafter, a method of restricting the use of network reception data using the above-described mediation server of the present invention and a specific example in a case where the system is applied to the field of nursing care information distribution service will be described. In the field of nursing care information distribution services, many unique nursing care systems are prepared to provide facility management and services. The data handled in the field of nursing care information distribution services include personal data of care recipients, service usage status of nursing care service providers, data showing performance information, and care planners called care planners for care recipients. There is data to be created. Such data includes personal data and the like, and must be handled strictly so that it cannot be used by others without being leaked during the distribution process, and must be securely delivered to the receiving side.

The following situations are assumed for illegal use of data. One is unauthorized access on the route from the care planner to the care service provider, and the other is unauthorized access from inside the care service provider. Here, a method in which a care planner creates a care plan for a care recipient using a care plan creation system and transmits the data to a care service provider to prevent unauthorized use of the data in FIG. Shown in

First, the care planner creates a care plan in which details such as the type of service to be provided to the care-requiring person and the time to perform the care by the care plan creation system (care plan creation software) (step S41). Unauthorized access between the care plan creation software and the mediation server 41 is controlled by operation management of the in-house system. Next, the data conversion module corresponding to the care plan creation system calculates the stamp. At this time, the care plan creation software and the mediation server 41
During the period, unauthorized use from inside the company can be restricted by operation management of the in-house system. The mediation server 41 used in the present invention encrypts the data and the stamp and transmits them to the care service provider. Acts such as tampering with the mediation server 41 can be prevented to some extent by operation management of the in-house system. Even if the mediation server 41 can be falsified, an abnormality can be found because the value of the generated stamp is different (step S42).

In this data distribution route, the mediation server 41 controls the unauthorized use of data by encrypting the data (step S43). The data arriving via the Internet 43 is received by the mediation server 42 of the care service provider. The mediation server 42 of the care service provider decrypts the data, and each data conversion module group prepares a stamp. Then, it searches for a care system that matches the stamp sent with the transmission data. Thus, the data conversion module is identified. Step S4
As in 2, the unauthorized access is controlled by the operation management of the stamp and the in-house system (step S44). From the group of systems existing on the care service provider side, the data conversion module with the matched stamp inputs the received data to the corresponding service provided. Unauthorized access is controlled by operation management of the in-house system (step S4).
5).

As described above, the present invention provides the mediation server 1
1 (12) enables data exchange between a plurality of, for example, corporate networks, and can exchange data via the Internet 3. The mediation servers 11 and 12 have a stamp generation device (123) for generating a stamp, and calculate the stamp when transmitting and receiving data. At this time, the in-house network system 1 (2) and the data conversion module 111 (121)
There is a one-to-one correspondence. By transmitting the stamp and the data in pairs, the transmitting company identifies which data conversion module 121 of the receiving company operates and inputs data to the corresponding software. At the same time, unauthorized access to data between paths until data is input to software is prevented. At this time, the stamp cannot be solved because it is generated from a one-way function. In addition, even when the stamp is changed or tampered with, the stamp is destroyed, so that the stamp can be discriminated and the data conversion module does not operate.
When the present invention is applied to the care information distribution service field, the care planner and the care service provider can control unauthorized access to data by stamping and encryption.

[0028]

As described above, according to the present invention, when transmitting data, the mediation server transmits a specific data sequence defined in its own network and transmission data together, and when transmitting data, Confirm that the specific data sequence has a value determined in the network of the receiving side that was previously received from the receiving side, and by processing and taking in the transmission data as needed, the data distribution route Thus, it is possible to provide a method of restricting the use of network reception data using an intermediary server and a system thereof that realizes data transmission and reception only between specific systems.

As described above, the present invention is to prevent data from being illegally used by installing an intermediary server in each company having a business relationship or a cooperative relationship such as a commercial transaction or a joint development. The mediation server ensures the security of communication between the companies and prevents unauthorized use of data from the inside of the company that receives the data. Therefore, according to the present invention, illegal use of data from outside and inside the company, which is a major problem in business between companies using the Internet, can be prevented.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a system configuration example of a network reception data use restriction system using a mediation server according to the present invention.

FIG. 2 is a diagram cited for describing a stamp generation method of the mediation server in FIG. 1;

FIG. 3 is an operation conceptual diagram cited for describing a data transmission / reception and stamp processing procedure according to the present invention.

FIG. 4 is a diagram cited for explaining an application example of the method of the present invention for illegal use of data.

[Explanation of symbols]

1 (2) ... in-house network system, 3 ... Internet, 11 (12) ... mediation server, 111 (121) ...
Data conversion module, 112: stamp list file for transmission, 123: stamp generation device, 124: stamp confirmation device

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G09C 1/00 660 H04L 11/20 B 9A001 H04L 12/22 11/26 29/06 13/00 305Z (72 ) Inventor Kaori Nakagawa 3-15, Baba-cho, Chuo-ku, Osaka-shi, Osaka F-term in Nippon Telegraph and Telephone Corporation (reference) 5B085 AE29 BG07 5B089 GA19 GA21 GB02 HA06 HA10 JA40 JB22 KA12 KB06 KH29 KH30 5J104 AA02 AA08 LA01 NA11 5K030 GA15 HB16 HC01 HD05 HD06 JA11 5K034 AA05 FF01 FF11 HH01 HH02 HH14 HH16 LL01 MM37 MM39 9A001 CC02 EE03 JJ27 JZ25 LL03

Claims (5)

[Claims] 1. A method for restricting the use of network reception data using a mediation server for each network, wherein the mediation server is configured to receive data from a receiving side when transmitting data. The specific data sequence and the transmission data defined in the above are transmitted together, and upon receiving data, it is confirmed that the specific data sequence has a value determined in its own network. A method for restricting the use of network received data using an intermediary server, characterized by processing and importing data. 2. The use of the network reception data using the mediation server according to claim 1, wherein the mediation server is connected via the Internet, and encrypts and transmits the specific data and the transmission / reception data. Restriction method. 3. A system for restricting use of network reception data using a mediation server for each network, wherein the mediation server is configured to receive data from a receiving side during data transmission. A transmitting device that transmits a specific data sequence and transmission data determined in accordance with the above, and upon receiving data, confirms that the specific data sequence has a predetermined value in its own network, and if necessary, And a receiving device for processing and taking in the transmission data by using a mediation server. 4. A data conversion module, which corresponds to the network system operating on each of the networks on a one-to-one basis, receives data coming from one of the networks, and transmits the data together with the specific data, 4. The use of the mediation server according to claim 3, further comprising: a list file for preparing the specific data generated by the data conversion module of one network in advance and specifying the data conversion module to be operated. System for restricting the use of received network data. 5. The data conversion module according to claim 1, wherein the reception device corresponds one-to-one with a network system operating on each of the networks, and includes a data conversion module for inputting the transmission data to capture reception data, and a data conversion module for a reception side. A specific data generation device that calculates a hash value by a one-way function using a code to generate the specific data, separates data and specific data received from the network, and generates the specific data and the data conversion module. A specific data confirmation device that compares the specified data and transfers the received data to a data conversion module corresponding to the specified data when they match with each other. 4. The intermediary server according to claim 3, further comprising: Use restriction system for network received data.