JP2002026906A - Data distributor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a data distributor that realizes data transmission/reception excellent in reliability and security by eliminating the need for each user of a terminal or the like to execute management of destination information such as the security of a data transmission path, the encryption system, an encryption key, a compatible data form, and the type of an opposite device and the complicated processing before the transmission on the basis of destination information. SOLUTION: The data distributor is provided with a processing information storage section 4 that has a 1st database storing contents for processing to be applied to received data by each destination and a 2nd database that stores contents of processing to be applied to the received data by importance and with an analysis section 2 that extracts the destination and the importance included in a supplementary part storing supplementary information of the received data. The data distributor retrieves the 1st and 2nd databases, applies processing to the received data in response to the destination and the importance and distributes the resulting data.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a data distribution apparatus for storing data transmitted from a terminal or the like and transferring the data to another terminal or the like via a communication network.

[0002]

2. Description of the Related Art As an example of an electronic mail distribution system using a conventional data distribution device, Japanese Patent Laid-Open No. 10-303972 is disclosed.
FIG. 12 shows a configuration of a system disclosed in Japanese Unexamined Patent Publication (Kokai) No. H11-26095. In the figure, reference numeral 1001 denotes an electronic mail distribution device;
2, 1013, and 1014 are terminals, 1015 is a communication network, 1007, 1008, 1009, 101
0 and 1011 are communication lines.

[0003] The e-mail delivery device 1001 includes a receiving unit 1
01, a transmission unit 102, a storage / edit processing unit 103 for classifying and editing received e-mails for storage, an e-mail storage unit 104, and a transmission unit 10 for storing the stored e-mails.
2 is provided with a stored mail transmission start processing unit 105 to be sent to the storage mail transmission unit 2.

With this system, for example, a terminal 1012
To send an e-mail to terminal 1014 from terminal 1
The mail transmitted from 012 is received by the receiving unit 101 of the e-mail distribution device 1001 via the line 1009, the network 1015, and the line 1007. This e-mail is sent to the transmission unit 1 after the destination analysis is performed and the transmission destination is determined.
02 is transmitted. The sent mail is sent to line 100
8. Finally, it reaches the terminal 1014 via the network 1015 and the line 1011.

In the system shown in FIG. 12, there is only one e-mail distribution device, and data (e-mail) transmitted from a terminal reaches a target terminal via this one distribution device. In many cases, a plurality of distribution devices are provided so that a mail transmitted from a terminal reaches a target terminal via the plurality of distribution devices.

[0006] Data transmission paths in the above-described electronic mail distribution system include a dangerous path in which eavesdropping and tampering may be performed, and a safe path in which such a danger does not occur. When data is transmitted and received between different organizations, such as between companies, there are many cases where a dangerous route is included. Therefore, it is preferable to transmit the data after encrypting the data for security protection.

Further, in recent years, information communication devices capable of transmitting and receiving data via a network, such as mobile phones having a function of transmitting and receiving e-mails and images, have been diversified. There is an increasing number of cases where it is required to perform a task of converting a destination device into a format that can be supported. Further, when data is transmitted to a device such as a mobile phone having a low data transmission / reception rate, data compression is advantageous because the communication cost is reduced.

[0008]

As described above,
A user such as a terminal that wants to transmit data needs to determine whether or not encryption is necessary, in consideration of whether or not there is a dangerous path in a data transmission path in order to protect data confidentiality. In the case of encryption, data must be encrypted by setting an encryption key for each destination. Further, the user needs to perform format conversion and compression according to the device of the other party and the format of data that can be handled.

[0009] For this purpose, the user manages information including the security of the data transmission path, the encryption key, the applicable data format, the type of device, and the like as destination information, and transmits the data to the user. Prior to this, complicated processing such as encryption and format conversion must be performed according to the destination information.

[0010] However, when the number of destination information to be managed increases, especially in data communication between companies,
It becomes difficult for all users such as terminals in the company to properly manage the destination information, and data is processed with incorrect destination information or data is transmitted without processing such as encryption The risk of doing so increases. In this case, there is a risk that important data may be eavesdropped or falsified, and a situation may occur in which transmitted data does not reach the destination.

An object of the present invention is to provide security of a data transmission path, an encryption method, an encryption key, a compatible data format,
It eliminates the need for each user to perform management of destination information including the type of device, etc., and complicated processing before transmission according to the destination information, realizing data transmission and reception with excellent reliability and security. To provide a data distribution device that performs

[0012]

SUMMARY OF THE INVENTION The object of the present invention is to receive, from a transmission source, data composed of a main body part and an auxiliary part for storing additional information including at least a destination of a transmission destination, and to transmit the received data to a transmission destination. A data distribution device for transferring the received data to a first database in which contents of processing to be performed on the received data are stored for each destination; and a means for extracting additional information included in an additional portion of the received data.
The data distribution apparatus according to the present invention retrieves a database of the above, performs processing on received data according to a destination included in the additional information extracted from the data, and distributes the data.

[0013] The above object is also achieved by receiving data from a transmission source, the data comprising a main body part and an auxiliary part for storing additional information including at least the destination of the transmission destination and the importance of the data. A first database storing contents of processing to be performed on received data for each destination, a second database storing contents of processing to be performed on received data for each importance, Means for extracting additional information included in the additional part of the data, searching the first and second databases, and determining whether the received data has the destination and importance included in the additional information extracted from the data. The problem is solved by a data distribution device characterized in that the distribution is performed after performing the corresponding processing.

[0014] The first database can store at least one of permission / prohibition of encryption, an encryption method, an encryption key, a compression method, and an acceptable data format of a destination for each destination. The second database can store at least the possibility of distribution in plain text for each importance.

[0015]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiment 1. FIG. 1 shows the configuration of a data distribution apparatus according to the present invention. In the figure, 1 is a receiving unit for receiving data from another data distribution device or a user's terminal, 2 is an analyzing unit for analyzing information of an additional part added to the main body of the received data, and 4 is a receiving unit. A processing information storage unit 3 for storing information necessary for data processing, a processing determination unit 3 for comparing the analysis result of the analysis unit 2 with information in the processing information storage unit 4 and determining processing of the received data;
Reference numeral 5 denotes a data processing unit that processes data in accordance with the determination of the processing determination unit 3, and reference numeral 6 denotes a transmission unit that specifies a device to which the processed data is to be transferred next and sends it.

FIG. 2 shows the configuration of the processing information storage unit 4. The processing information storage unit 4 includes a destination information database 41 and a database 42 for each importance. The destination information database 41 stores information on the necessity of encryption, information on compression, information on an acceptable data format, and the like for each destination. The importance-specific database 41 stores information on the possibility of transmission in plain text, information on the degree of compression, and the like according to importance.

FIG. 3 shows an example of the configuration of a system for transmitting and receiving electronic mails by using the data distribution device of FIG. 1 as an electronic mail server. In the figure, 501 is an e-mail server according to the present invention, 502, 503 and 504 are other e-mail servers, 511, 512, 523, 514,
And 515, terminals for sending and receiving electronic mail.

Mail server 501 and mail server 502
The path between is in a secure area. Mail server 503
Although it is in a secure area, the route to the mail server 501 is in a dangerous area where eavesdropping and the like may occur. The mail server 504 is located in a dangerous area,
The route to the mail server 501 is also in a dangerous area. “Plain text” in the figure indicates data exchange in a state where encryption is not performed, and “cryptographic” indicates data exchange in an encrypted state.

FIG. 4 shows an example of the format of data transmitted and received. As shown in the figure, the data 8 includes an additional portion 81 including a destination, a date, a data format, and the like, and a main body portion 82 including a data main body. FIG. 4A shows an example in which data is composed of one additional part 81 and one subsequent main part 82, and FIG. 4B shows one additional part 81 on both sides of one main part 82, respectively. (C) is an example in which the incidental portions 81 and the main body portion 82 are alternately arranged.

Next, a case where an electronic mail is transmitted from the terminal 511 to the terminal 513 in the above system will be described. As shown in FIG. 5, the e-mail data 8 is composed of an additional part 81 including a destination, a date, a data format, and the like, and a data body 82 composed of a text. The line with “TO:” in the ancillary part 81 indicates the destination, and “X-Pri
ority: "indicates the importance.

FIG. 6 is a flowchart for explaining a process in which the mail server 501 encrypts an e-mail received from the terminal 511.

The data transmitted from the terminal 511 is received and accepted by the receiving section 1 of the mail server 501 (step S101). This data is analyzed by the analysis unit 2, and additional information such as the destination is extracted from the TO: line, the cc: line, the bcc: line, and the like (step S102). Subsequent steps S
The processing from 103 to step S109 is a loop processing, and is performed for all destinations included in the data.

The processing determining unit 3 searches the destination information database 41 included in the processing information storage unit 4, and obtains information on the necessity of encryption, the encryption method, the encryption key, and the like for each destination (step S104). ), It is determined whether the received data is to be distributed or rejected by checking whether there is a corresponding destination in the destination information database 41 (step S105).

If it is determined that the data should be rejected, a return process for rewriting the data to return data to the sender is performed (step S110), and the data is distributed to the sender (step S10).
8).

If it is determined that the data should be distributed to the other party, it is determined whether or not the data should be encrypted based on the information obtained in step S104, and if so, which encryption method should be used. Further, it determines which encryption key to use (step S106).

The data processing unit 5 encrypts data as necessary based on the decision of the processing decision unit 3 (step S1).
07), and sends it to the transmission unit 6 to perform distribution processing (Step S)
108).

In the first embodiment, terminals 511 to 5
Since there is a dangerous part in the route to the destination 13, the destination information database 41 has a column 513 for the destination, information indicating that encryption is necessary, an encryption method that can be supported by the terminal 513, and an encryption key. Is written in advance. Therefore, the user who sends the e-mail can transmit the data as it is without knowing such information and conscious of the necessity of encryption. When this data is received by the e-mail server 501, it is automatically encrypted and then distributed to the destination.

Since the route from the terminal 511 to the terminal 512 is in a secure area, the destination information database 4
Information indicating that encryption is unnecessary is written in the column of the item for which the destination of 1 is 512. Therefore, data transmitted from the terminal 513 is delivered to the terminal 512 as plain text via the mail servers 501 and 502. Also in this case, the user does not need to be aware of the necessity of encryption.

Embodiment 2 In the system shown in FIG. 3, the operation of the mail server 501 according to the present invention for processing an e-mail sent from a terminal according to its importance is described in the case of transmitting data to the terminals 511 to 514. This will be described with reference to FIG.

The data transmitted from the terminal 511 is received and accepted by the receiving unit 1 of the mail server 501 (step S201). This data is analyzed by the analysis unit 2 and the destination is from TO: line, cc: line, bcc: line, etc., and X-Pr
Additional information such as importance is extracted from the iority: line (step S202). The processing determining unit 3 further searches the importance-based database 42 and obtains information such as whether or not distribution with the detected importance is possible without encryption and distribution with or without encryption (step S1). S203). The subsequent processing from step S204 to step S209 is a loop processing, which is performed for all destinations included in the data.

The processing determining section 3 further searches the destination information database 41 included in the processing information storage section 4 (step S205) and checks whether or not there is a corresponding destination in the destination information database 41. Is to be distributed or rejected (step S
206).

If it is determined that the data should be rejected, a return process for rewriting the data to return data to the sender is performed (step S212), and the data is distributed to the sender (step S20).
8).

If it is determined that the data should be distributed to the destination, it is determined whether the importance of the received data can be distributed in plain text according to the information obtained in step S203 (step S207). If it is determined that the data can be distributed, the data is transmitted to the transmitting unit 6 to perform a distribution process (step S208), and the data is distributed to the other party in plain text.

If it is determined that distribution is not possible in plain text, it is determined whether or not the other party supports encryption and can accept encrypted text based on the information obtained in step S205 (step S210). If encryption is not possible, a return process is performed to rewrite the data to return data to the sender (step S212), and the data is distributed to the sender (step S208).

If the data can be encrypted, the data processing unit 5 encrypts the data based on the information obtained in step S205 (step S211), and sends the data to the transmission unit 6 for distribution processing (step S208).

In the second embodiment, when data is transmitted through a dangerous route such as the route between the mail servers 501 and 504, transmission of low-priority data in plain text is permitted. The transmission of data with high data as plain text is prohibited. Therefore, information indicating that plain text distribution is permitted is written in the column of the low importance item in the importance-based database 42 of the information processing storage unit 4, and information disabling plain text distribution is written in the column of the high importance item. Information such as an encryption method that the other party can support is written in the database 41.

Therefore, a user who sends an e-mail
By simply designating the importance of the data, the data can be transmitted as it is without being aware of the necessity of encryption. When this data is received by the e-mail server 501, if the importance is high, it is automatically encrypted and then distributed to the destination. If the destination does not support encryption, the transmission is rejected and returned to the sender.

Embodiment 3 FIG. 8 shows a home monitoring system using the data distribution device of the present invention as an image data relay device for transferring image data from a monitoring camera to a remote location. In the figure, reference numeral 601 denotes an image data relay device; 602, a surveillance camera having a function of photographing a monitoring target, assigning a destination to the image data, and transmitting the image data;
3 is a television, 604 is a mobile phone, and 605 is a mobile phone base station.

The operation of relaying an image from the monitoring camera 602 to the television 603 or the mobile phone 604 in the monitoring system will be described with reference to the flowchart of FIG.

The image data transmitted from the monitoring camera 602 is received and accepted by the receiver 1 of the image relay device 601 (step S301). This image data is analyzed by the analysis unit 2, and the destination is extracted as additional information (step S302). The subsequent processing from step S303 to step S309 is a loop processing, and is performed for all destinations included in the image data.

The processing determining section 3 searches the destination information database 41 included in the processing information storage section 4 (step S3).
04), it is determined whether the received data should be transferred or rejected by checking whether there is a corresponding destination in the destination information database 41 (step S305).

If it is determined that the image data should be rejected, the image data is discarded (step S310). If it is determined that the image data should be transferred, the format conversion is required based on the search result of the destination information database 41 in step S304. It is determined whether it is not (step S306).

When the image data is to be transferred to the television, it is determined that there is no need for format conversion, and the image data is transmitted to the transmission unit 6 and distributed to the television (step S30).
8). When the image data is to be transferred to the mobile phone 604 having a lower resolution than the monitoring camera 602, it is determined that format conversion is necessary, and the format conversion is performed by the data processing unit 5 (step S307). Is converted into low-resolution image data, and then sent to the transmission unit 6 to execute distribution processing to the mobile phone 604 (step S308).

The resolution information, the compatible image format, and the like are written in advance in the destination information database 41 of the processing information storage unit 4 in the column of each destination item such as a television, a mobile phone, etc. Relay device 60
The image data sent to 1 is automatically subjected to format conversion as required and delivered to the relay destination. Therefore, it is not necessary to provide the surveillance camera 602 with format conversion information and a format conversion function.

Embodiment 4 The case where image data is compressed from the surveillance camera 602 and then sent to the television 603 or the mobile phone 604 in the monitoring system of FIG. 8 will be described with reference to the flowchart of FIG.

The image data transmitted from the monitoring camera 602 is received and accepted by the receiver 1 of the image relay device 601 (step S401). This image data is analyzed by the analysis unit 2, and the destination is extracted as supplementary information (step S402). The subsequent processing from step S403 to step S409 is a loop processing, and is performed for all destinations included in the image data.

The processing determining section 3 searches the destination information database 41 included in the processing information storage section 4 (step S4).
04), it is determined whether the received data should be transferred or rejected by checking whether there is a corresponding destination in the destination information database 41 (step S405). If it is determined that the image data should be rejected, the image data is discarded (step S410). If you decide to transfer,
It is determined whether data compression is necessary based on the information obtained in step S404 (step S406).

When the destination is the television 603, it is determined that compression is not necessary,
3 (step S408). If the destination is the mobile phone 604, it is determined that compression is necessary, and the data is compressed by the data processing unit 5 according to the compression ratio information obtained by searching the destination information database 41 in step S406 (step S407), and the transmission unit 6 And delivered to the mobile phone 604 (step S408).

As described above, when relaying image data, high-quality image data is transmitted without compression when transferring the image data to a television, and communication costs are not excessively increased when transferring the image data to a mobile phone having a low communication speed. In order to compress and send the image data, information indicating that compression is unnecessary is written in advance in the column of the item of the destination of the television 603 in the destination information database 41, and the destination is set to the mobile phone 604.
The information that data compression is necessary and the information about the compression ratio are written in the column of the item. As a result, the image data sent from the monitoring camera 602 to the image data relay device 601 is automatically compressed according to the destination and distributed to the relay destination. Therefore, it is not necessary to provide the monitoring camera 602 with image compression information and an image compression function for each destination.

Embodiment 5 An operation in the case where image data of the monitoring camera 602 is relayed to the mobile phone 604 and the image data is compressed according to the importance of the image data will be described with reference to the flowchart of FIG.

The image data transmitted from the monitoring camera 602 is received and accepted by the receiving unit 1 of the image relay device 601 (step S501). The image data is analyzed by the analysis unit 2, and the importance is extracted as incidental information (step S502).

The processing determining section 5 searches the database 42 for each degree of importance in the processing information storage section 4 and obtains information on the necessity of compression of the image data at the extracted degree of importance and the compression ratio (step S503). In addition, the processing determining unit 3 searches the destination information database 41 of the processing information storage unit 4 and checks whether there is a corresponding destination in the destination information database 41, and determines whether to transfer or reject the received image data. Is determined (step S504).

If it is determined that the image data should be rejected, the image data is discarded (step S508). If it is determined that the data should be transferred, it is determined whether the data needs to be compressed based on the information obtained in step S503.
It is determined how much the compression ratio should be (step S50).
5).

If it is determined that there is no need for compression, the image data is sent to the transmitting section 6 as it is and distributed to the mobile phone 604 (step S507). If it is determined that compression is necessary, the image data is compressed by the data processing device 5 in accordance with the compression ratio information obtained by searching the importance-specific database 42 in step S503 (step S506), and is sent to the transmission unit 6. Delivery to mobile phone 604 (step S50)
7).

When image data is relayed to the mobile phone 604, compressing the image data is advantageous because the communication cost can be reduced, but important image data must be viewed at a high resolution. For this reason, information on the necessity of image compression and the compression ratio is previously written in the importance-based database 42 for each importance. As a result, the image data sent from the monitoring camera 602 to the image data relay device is automatically compressed according to the degree of importance, and is delivered to the relay destination. Therefore, it is unnecessary to provide the monitoring camera 602 with image compression information and an image compression function for each importance.

[0056]

According to the first aspect of the present invention, the processing according to the destination is automatically executed on the transmission data, so that the originator of the data can maintain the safety of the data transmission path and the destination. There is no need to manage information such as a data format that can be handled, and the sender can transmit the data as plain text without being conscious of such information.

According to the invention described in claim 2, according to claim 1
In addition to the effects of the invention described in (1), encryption processing or processing such as setting of a compression ratio of image data is automatically performed on transmission data only by designating the importance of data.

According to the third aspect of the present invention, the transmission data can be encrypted or not, the encryption method, the encryption key,
The compression method, conversion to a data format acceptable to the other party, and the like are automatically executed.

According to the fourth aspect of the present invention, it is possible to prevent important data from being sent as plain text on a dangerous route where wiretapping, tampering, and the like may occur.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a data distribution device of the present invention.

FIG. 2 is a diagram showing an internal configuration of a processing information storage unit of the apparatus of FIG.

FIG. 3 is a configuration diagram of an e-mail distribution system using the data distribution device of the present invention.

FIG. 4 is a diagram showing a configuration of data distributed by the data distribution device.

FIG. 5 is a diagram showing a configuration of electronic mail data distributed by the data distribution device.

FIG. 6 is a flowchart illustrating the operation of the data distribution device according to the first embodiment of the present invention.

FIG. 7 is a flowchart illustrating an operation of the data distribution device according to the second embodiment of the present invention.

FIG. 8 is a configuration diagram of a data distribution device according to a third embodiment of the present invention.

FIG. 9 is a flowchart illustrating an operation of the data distribution device according to the third embodiment of the present invention.

FIG. 10 is a flowchart illustrating the operation of a data distribution device according to a fourth embodiment of the present invention.

FIG. 11 is a flowchart illustrating an operation of the data distribution device according to the fifth embodiment of the present invention.

FIG. 12 is a configuration diagram of an e-mail distribution system using a conventional data distribution device.

[Explanation of symbols]

1 receiver, 2 analyzer, 3 processing determiner, 4
Processing information storage unit, 5 data processing unit, 6 transmission unit,
8 data, 81 ancillary parts, 82 body part,
41 Destination information database, 42 Database by importance, 501, 502, 503, 504 Mail server, 511, 512, 513, 514 Terminal, 6
01 image data relay device, 602 surveillance camera,
603 TV, 604 mobile phone, 605 base station.

Claims (4)

[Claims] 1. A data distribution apparatus for receiving, from a transmission source, data composed of a main body part and an auxiliary part for storing additional information including at least a destination of a transmission destination, and transferring the received data to a transmission destination. A first database storing contents of processing to be performed on the received data for each destination, and a unit for extracting additional information included in an additional part of the received data, and searching the first database;
A data distribution apparatus, which performs processing on received data according to a destination included in supplementary information extracted from the data, and then distributes the data. 2. Receiving data from a transmission source comprising a main body portion and an auxiliary portion for storing additional information including at least the destination of the transmission destination and the importance of the data, and transferring the received data to the transmission destination. In the data distribution device, a first database storing the contents of processing to be performed on received data for each destination, a second database storing contents of processing to be performed on received data by importance, Means for extracting additional information included in the additional part, searching the first and second databases,
A data distribution device, which performs processing on received data according to a destination and importance included in supplementary information extracted from the data, and then distributes the data. 3. The method according to claim 1, wherein the first database stores at least one of encryption availability, an encryption method, an encryption key, a compression method, and a data format acceptable to the other party for each destination. The data distribution device according to claim 1 or 2, wherein 4. The data distribution apparatus according to claim 2, wherein the second database stores at least one of availability of plaintext distribution and a data compression ratio for each importance.