JP2005141654A - Information passing control system, information passing controller, service providing apparatus, program and recording medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent information from passing to the feigned address of a transmission source. <P>SOLUTION: A ticket issue server issues ticket information. A terminal uses the IP address of the ticket information as transmission source information and transmits a ticket-provided packet to a firewall 40. The IP address verification means 45 of the firewall 40 verifies the IP address of the ticket information based on an authenticator for the ticket information on the packet transmitted from the terminal and address verification key information retained on an address verification key retention means 44. A transmission source information verification means 47 verifies the transmission source information on the packet based on the verification-succeeded IP address. The communication means 41 of the firewall 40 passes the packet when the verification by the transmission source information verification means 47 finds success. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an information passage control system, an information passage control device, a service providing device, a program, and a recording medium for controlling whether or not information transmitted in a terminal device is passed.

2. Description of the Related Art Conventionally, there is known a firewall using a packet filtering technique that checks only a source IP (Internet Protocol) address inserted in a packet header and passes only a packet that satisfies a predetermined condition ( For example, see Patent Document 1.)
JP 2003-229915 A (page 7)

However, in the information passing control system including the above-described conventional firewall, a packet (hereinafter referred to as a “transmission source spoof packet”) in which a source IP address (hereinafter referred to as “transmission source address”) is spoofed is used. However, as long as the source address satisfies a predetermined condition on the firewall, it passes through the firewall, so a malicious user uses a source spoofed packet to perform an attack such as a SYN flood attack, for example. As a result, there was a problem that the destination device of the source spoofed packet was damaged.
The present invention has been made to solve the conventional problems, and an object of the present invention is to provide a technique capable of preventing passage of information in which a sender address is spoofed.

  In the present invention, in order to solve the above problems, a terminal device having an information transmission means for transmitting information, a ticket issuing device having a ticket creation means for creating ticket information, and information transmitted by the information transmission means An information passage control device having an information passage control means for controlling whether or not to pass, the ticket information includes address verification information used for verifying the address information, and the information transmission means adds the ticket information. The information passing control apparatus transmits the ticket-attached information to the information passing control apparatus. The information passing control apparatus includes an address verification key holding means that holds address verification key information used for verifying the address information, and the ticket attaching information transmitted by the information transmitting means. Based on the address verification information of the ticket information of the information and the address verification key information held in the address verification key holding means. Source information verification means for verifying the source information of the information with a ticket, and the information passing control means passes the information with the ticket when the verification in the transmission source information verification means is successful. A characteristic information passing control system is provided.

Here, in the information passing control system of the present invention, in the information passing control device, in order to pass only the information with the ticket for which the verification of the transmission source information is successful, the information with the ticket with the address information of the transmission source being spoofed is passed. Can be prevented.
Preferably, in the present invention, the ticket information further includes address information, and the information transmission means transmits the information with the ticket to the information passage control device using the address information of the ticket information as the transmission source information, and information passage control is performed. The apparatus performs address information verification of the ticket information based on the address verification information of the ticket information of the ticket-attached information transmitted by the information transmission unit and the address verification key information held by the address verification key holding unit. The transmission source information verification unit further verifies the transmission source information of the ticket-attached information based on the address information successfully verified by the address information verification unit.

  Here, the address information verification means can verify the validity of the address information by verifying the address information of the ticket information. Further, in the transmission source information verification unit, the validity of the transmission source information can be confirmed by verifying the transmission source information based on the address information that has been successfully verified by the address information verification unit. Further, the information passing control means allows the information with the ticket to pass when the verification by the transmission source information verification means is successful, so that only the packet whose transmission source information is valid can be passed. As a result, it is possible to prevent passage of ticket-added information in which the sender address information is spoofed.

In the present invention, it is preferable that the ticket issuing device includes an authentication unit that performs authentication based on the information transmitted by the information transmission unit, and the ticket creation unit displays the ticket information when authentication by the authentication unit is successful. It has a configuration to create.
With this configuration, the information passing control device passes only the ticket-attached information transmitted in the terminal device that has been successfully authenticated by the ticket issuing device, so compared to the case where the authentication processing of this ticket issuing device is not performed, It is possible to more reliably prevent the ticket-added information in which the sender address information is spoofed.

In the present invention, the ticket issuing device and the information passing control device are preferably the same device.
With this configuration, it is possible to easily construct the information passage control system of the present invention as compared with a configuration in which the ticket issuing device and the information passage control device are separate devices.
The information passing control system of the present invention preferably includes a service providing device having a service providing means for providing a service to the terminal device, and the ticket creating means is a service used for providing a service in the service providing means. Ticket information including service information and service verification information used for verification of service information is created, and the information passing control means passes the information with the ticket transmitted by the information transmitting means with the service providing device as a destination. The service providing apparatus includes a service verification key holding unit that holds service verification key information used for verification of service information, and a ticket information service of ticket-added information transmitted by the information transmission unit. Based on the verification information and the service verification key information held in the service verification key holding means Service information verification means for verifying service information of the ticket information, and the service providing means provides a service to the terminal device based on the service information when the verification by the service information verification means is successful. It has a configuration.

In this configuration, common ticket information is used for verification of both the information passing control device and the service providing device. Therefore, it is possible to reduce the amount of communication compared to a configuration in which separate ticket information is used for each verification of the information passing control device and the service providing device.
In the present invention, preferably, the service verification information and the address verification information are integrated ticket information verification information generated based on the service information and the address information.
With this configuration, it is possible to reduce the amount of communication compared to a configuration in which service verification information and address verification information are separate information.

  The information passing control system of the present invention preferably includes a service providing device having a service providing means for providing a service to the terminal device, and the ticket creating means uses the ticket information as ticket information other than the ticket information. The separate ticket information includes service information used for providing the service in the service providing means and service verification information used for verifying the service information. The information transmitting means includes the ticket information and the separate ticket information. The ticket-attached information with the ticket information is transmitted to the information passage control device using the address information of the ticket information as transmission source information, and the information passage control means sends the ticket-attached information transmitted from the information transmission means with the service providing device as the destination. The service providing apparatus is used to verify service information. Service verification key holding means holding service verification key information, service verification information of ticket information transmitted by the information transmitting means, and service verification key information held in the service verification key holding means Service information verification means for verifying the service information of the ticket information, and the service providing means provides the service to the terminal device based on the service information when the verification by the service information verification means is successful. It has a configuration.

  According to the present invention, it is possible to prevent passage of information in which a sender address is spoofed.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
(First embodiment)
First, the configuration of the information passage control system according to the first embodiment will be described.
FIG. 1 is a block diagram of an information passing control system 10 according to the present embodiment, FIG. 2 is a block diagram of a terminal device 20, FIG. 3 is a block diagram of ticket information used in the information passing control system 10, and FIG. 4 is an example of a packet configuration diagram. 5 is a block diagram of the ticket issuing server 30, FIG. 6 is a block diagram of the firewall 40, and FIG. 7 is a block diagram of the application server 50.

  As shown in FIG. 1, the information passing control system 10 according to the present embodiment is a ticket as a ticket issuing device that issues a terminal device 20 (see FIG. 2) and ticket information 70 (see FIG. 3). An issuing server 30, a firewall 40 as an information passage control device that controls whether or not information transmitted in the terminal device 20 is passed, and an application server 50 as a service providing device that provides a service to the terminal device 20. I have. The service provided in the application server 50 includes, for example, a service for distributing contents such as movies and sports programs, an electronic commerce service, a communication service such as an e-mail, an IP phone, and an instant message, and WWW (World Wide Web). There are information circulation services.

Further, the terminal device 20, the ticket issuing server 30, and the firewall 40 are connected via a network 61. Further, the firewall 40 and the application server 50 are connected via a network 62. The network 61 and the network 62 may have any configuration. For example, the network 61 and the network 62 may be any of a wireless method and a wired method, and may be a LAN (Local Area Network) or the Internet.
As shown in FIG. 2, the terminal device 20 includes a communication unit 21 that communicates with a ticket issuing server 30 (see FIG. 1), a firewall 40 (see FIG. 1), and the like, and a user of the terminal device 20. User authentication information generating means 22 for generating user authentication information used for authentication, ticket information storage means 23 for storing ticket information 70 (see FIG. 3) transmitted in the ticket issuing server 30, and ticket information And a packet creation means 24 as ticketed information creating means for creating a packet 80 (see FIG. 4) as ticketed information with the ticket information 70 stored in the storage means 23. Here, the communication unit 21 transmits the user authentication information generated by the user authentication information generation unit 22 with the ticket issuing server 30 as the destination, or the packet 80 generated by the packet generation unit 24 is transmitted to the application server 50 ( The information transmission means is configured to transmit the message as a destination. The user authentication information created by the user authentication information generating means 22 includes, for example, a combination of a user name and password input by a user from an input device (not shown), an IC (Integrated Circuit) card. There are authentication information included in a hardware token such as a USB (Universal Serial Bus) key, biometric information of a user, and the like, but other information may be used.

Here, the communication unit 21, the user authentication information generation unit 22, the ticket information storage unit 23, and the packet creation unit 24 include a CPU (Central Processing Unit), a ROM (Read Only Memory), and a RAM (Random Access Memory) (not shown). ) And other general computer components.
As shown in FIG. 3, the ticket information 70 includes a user ID 71 as service information used for providing a service in the application server 50 (see FIG. 1), an IP address 72 as address information, And an authenticator 73 as address verification information used for verifying the IP address 72. If necessary, the time stamp 74 that records the date and time when the ticket information 70 itself was created, the expiration date 75 of the ticket information 70 itself, information that uniquely identifies the terminal device 20, and the model name of the terminal device 20 , Information on specifications such as size, information on processing capability, and the like may be included. The expiration date 75 may include an expiration date for paying out the IP address 72 in addition to the expiration date of the ticket information 70 itself.

As shown in FIG. 4, the packet 80 has a configuration in which a transmission source address 81 as transmission source information is inserted into a header portion, and ticket information 70 is attached to a part of the data portion. In the packet 80, the IP address 72 (see FIG. 3) of the ticket information 70 is inserted as the source address 81.
As shown in FIG. 5, the ticket issuing server 30 performs authentication based on communication means 31 that communicates with the terminal device 20 (see FIG. 1) and user authentication information transmitted from the terminal device 20. Address verification key information, which is a secret key used to create the authenticator 73 (see FIG. 3) from the authentication means 32 and the IP address 72 (see FIG. 3) of the ticket information 70 (see FIG. 3). Verification key holding means 33, ticket creation means 34 for creating ticket information 70 when authentication by the authentication means 32 is successful, and user ID storage means 35 for storing a predetermined user ID. ing. The ticket creation unit 34 includes a hash calculation unit 34 a that performs a hash calculation, an encryption unit 34 b that performs an encryption process, and a bit combination unit 34 c that performs bit combination. The ticket creation unit 34 holds the verification key storage unit 33. The ticket information 70 is created using the address verification key information. Moreover, as a one-way hash function used for the calculation of the hash calculation means 34a, MD5 etc. can be illustrated, for example. Furthermore, as a function used for the calculation of the encryption unit 34b, a common key encryption function such as AES (Advanced Encryption Standard) can be exemplified, and the secret key stored in the verification key holding unit 33 corresponds to the encryption function. It has become a thing.

Here, the communication unit 31, the authentication unit 32, the verification key holding unit 33, the ticket creation unit 34, and the user ID storage unit 35 are configured by general computer components such as a CPU, a ROM, and a RAM (not shown). Has been.
As shown in FIG. 6, the firewall 40 includes a communication unit 41 that communicates with the terminal device 20 (see FIG. 1) and the application server 50 (see FIG. 1), and a communication unit 21 of the terminal device 20 (see FIG. 1). 2), based on the time stamp 74 (see FIG. 3) and the expiration date 75 (see FIG. 3) of the ticket information 70 (see FIG. 4) of the packet 80 (see FIG. 4) transmitted. The expiration date determining means 42 for determining whether or not the ticket information 70 of the 80 is within the expiration date, and the packet 80 when it is determined by the expiration date determining means 42 that the ticket information 70 of the packet 80 is not within the expiration date. Stored in the ticket deleting means 43 for deleting the ticket information 70 from the verification key holding means 33 (see FIG. 5) of the ticket issuing server 30 (see FIG. 1). Address verification key holding means 44 holding the same address verification key information as the address verification key information, and an authenticator 73 of the ticket information 70 of the packet 80 transmitted by the communication means 21 of the terminal device 20 (see FIG. 3). ) And the IP address verification means 45 as the address information verification means for verifying the IP address 72 (see FIG. 3) of the ticket information 70 based on the address verification key information held in the address verification key holding means 44, Based on the authenticator deletion means 46 as the address verification information deletion means for deleting the authenticator 73 of the ticket information 70 when the verification in the address verification means 45 is successful, and the IP address 72 that has been successfully verified in the IP address verification means 45. Source information for verifying the source address 81 (see FIG. 4) of the packet 80. And a verification means 47. Here, the communication means 41 constitutes an information passage control means for controlling whether or not to pass the packet 80 transmitted from the communication means 21 with the application server 50 as a destination. The communication unit 41 allows the packet 80 to pass when the verification by the transmission source information verification unit 47 is successful. The IP address verification means 45 also includes a bit extraction means 45a for extracting the IP address 72 and the authenticator 73 from the ticket information 70 (see FIG. 3) of the packet 80, a decryption means 45b for decrypting the authenticator 73, and a hash operation. It has a hash calculation means 45c for performing comparison and a comparison means 45d for performing comparison. Here, the decryption means 45b performs decryption using a decryption function corresponding to the encryption function used by the encryption means 33 (see FIG. 5) of the ticket issuing server 30 (see FIG. 1), and also hashes. The computing unit 45a obtains a hash value using the same one-way hash function as the hash computing unit 34a (see FIG. 5) of the ticket issuing server 30 (see FIG. 1). The transmission source information verification unit 47 determines that the transmission source address 81 of the packet 80 is valid when the IP address 72 successfully verified by the IP address verification unit 45 matches the transmission source address 81 of the packet 80. It comes to verify.

Here, the communication means 41, expiration date judgment means 42, ticket deletion means 43, address verification key holding means 44, IP address verification means 45, authenticator deletion means 46 and transmission source information verification means 47 are not shown in the figure. , ROM, RAM, and other general computer components.
As shown in FIG. 7, the application server 50 includes a communication unit 51 that communicates with the firewall 40 (see FIG. 1), and a communication unit 21 (see FIG. 2) of the terminal device 20 (see FIG. 1). Service providing means 52 for providing a service to the terminal device 20 based on the user ID 71 (see FIG. 3) of the ticket information 70 (see FIG. 4) of the packet 80 (see FIG. 4) transmitted in FIG. doing. The service providing unit 52 can use the user ID 71 for processing such as billing.

Here, the communication unit 51 and the service providing unit 52 are configured by general computer components such as a CPU, a ROM, and a RAM (not shown).
Next, an outline of the operation of the information passing control system 10 will be described.
FIG. 8 is a sequence diagram illustrating the operation of the information passing control system 10.
As illustrated in FIG. 8, the terminal device 20 transmits the user authentication information generated by the user authentication information generation unit 22 to the network 61 in the communication unit 21 with the ticket issuing server 30 as a destination (S91).

  When the user authentication information transmitted by the communication means 21 of the terminal device 20 reaches the ticket issuing server 30, the ticket issuing server 30 performs user authentication based on the user authentication information transmitted by the terminal device 20. If the authentication is successful, the ticket information 70 is transmitted to the network 61 in the communication means 31 with the terminal device 20 as the destination (S92). When the ticket issuing server 30 sends the ticket information 70 to the network 61 with the terminal device 20 as the destination, the information passing control system 10 uses, for example, a ticket issuing server 30 by an existing technology such as VPN (Virtual Private Network). And the communication path between the terminal devices 20 is protected. As a result, the ticket issuing server 30 can prevent the ticket information 70 transmitted to the network 61 with the terminal device 20 as the destination from being stolen by a device other than the terminal device 20. As a result, it is possible to prevent a device other than the terminal device 20 from transmitting a packet with the ticket information 70 for the terminal device 20 to the network 61.

When the ticket information 70 transmitted in the communication unit 31 of the ticket issuing server 30 reaches the terminal device 20, the terminal device 20 receives the reached ticket information 70 in the communication unit 21, and stores the received ticket information 70 in the ticket information storage. Store in the means 23.
The terminal device 20 uses the ticket information 70 stored in the ticket information storage unit 23 when requesting a service from the application server 50, and uses the packet creation unit 24 to transmit the packet 80 with the ticket information 70 added thereto. create. The created packet 80 is transmitted to the network 61 in the communication means 21 with the application server 50 as the destination (S93), whereby the terminal device 20 requests the application server 50 to establish a session. In the transmission in S93, the integrity of the packet may be guaranteed by using, for example, AH (Authentication Header) of IPsec (IP Security Protocol).

When the packet 80 transmitted from the terminal device 20 reaches the firewall 40, the firewall 40 verifies the transmission source address 81 of the packet 80. If the verification of the source address 81 of the packet 80 is successful, the firewall 40 passes the packet 80 (S94).
When the packet 80 transmitted by the communication unit 21 of the terminal device 20 reaches the application server 50, the application server 50 receives the reached packet 80 by the communication unit 51 and uses the ticket information 70 of the received packet 80. A session is established with the terminal device 20 based on the user ID 71, and the service providing means 52 provides a service to the terminal device 20 (S95).

Next, the operation of the ticket issuing server 30 in S91 to S92 shown in FIG. 8 will be described in detail.
FIG. 9 is a flowchart illustrating the operation of the ticket issuing server 30.
When the user authentication information transmitted in the communication means 21 of the terminal device 20 reaches the ticket issuing server 30, the ticket issuing server 30 receives the reached user authentication information in the communication means 31, as shown in FIG. (S101) Based on the received user authentication information, the authentication unit 32 performs authentication (S102).

Next, the ticket issuing server 30 determines whether or not the authentication in S102 is successful in the authentication unit 32 (S103), and ends the process when the authentication unit 32 determines in S103 that the authentication in S102 has failed. To do. On the other hand, when the authentication unit 32 determines in S103 that the authentication in S102 is successful, the ticket issuing server 30 generates the ticket information 70 in the ticket generating unit 34 (S104).
When the ticket information 70 is created in this example, for example, first, the hash calculation unit 34a receives the IP address of the terminal device 20, and the hash calculation unit 34a applies a one-way hash function to the IP address to generate a message digest. Generate. The generated message digest is sent to the encryption unit 34b. The encryption unit 34b uses the address verification key information extracted from the verification key holding unit 33 and a predetermined encryption function, and uses this message digest ciphertext (authenticator 73). ) Is generated. Next, the bit combination unit 34c receives the authenticator 73 from the encryption unit 34b, and the user ID 71 corresponding to the user who has been successfully authenticated from the user IDs stored in the user ID storage unit 35 in advance. And the IP address 72 of the terminal device 20 is received, and the ticket information 70 is generated by bit-combining these with the time stamp 74 and the expiration date 75.

  Note that the IP address received by the hash calculation unit 34 a and the bit combination unit 34 c is, for example, an IP address already assigned to the terminal device 20 when an IP address is already assigned to the terminal device 20. That is, for example, the IP address is transmitted from the terminal device 20 in the process of S101, received by the communication unit 31, and sent to the hash calculation unit 34a via the authentication unit 32. On the other hand, when the terminal device 20 does not hold an IP address when the ticket information 70 is created, for example, the ticket issuing server 30 selects from among a plurality of IP addresses previously secured by the ticket issuing server 30 itself. An IP address to be assigned to the terminal device 20 may be selected, and this IP address may be received by the hash calculation means 34a and the bit combination means 34c. If the terminal device 20 does not hold an IP address, after the ticket information 70 is sent to the terminal device 20, the terminal device 20 extracts the IP address 72 from the ticket information 70 and the source address of the packet 80 81 is set.

Thereafter, the ticket issuing server 30 transmits the ticket information 70 created by the ticket creating unit 34 to the network 61 by the communication unit 31 with the terminal device 20 as a destination (S105).
Next, the operation of the firewall 40 from S93 to S94 shown in FIG. 8 will be described in detail.
FIG. 10 is a flowchart illustrating the operation of the firewall 40.
When the packet 80 transmitted to the application server 50 in the communication unit 21 of the terminal device 20 reaches the firewall 40, as shown in FIG. 10, the firewall 40 converts the arrived packet 80 into the communication unit 41 (“ticketed information”). (Corresponding to “reception means”) (S111), based on the time stamp 74 and expiration date 75 of the ticket information 70 of the received packet 80, whether or not the ticket information 70 of the packet 80 is within the expiration date is valid. The determination is made by the determination means 42 (S112).

If the expiration date determination means 42 determines in S112 that the ticket information 70 of the packet 80 is not within the expiration date, the packet 80 is sent to the ticket deletion means 43, where the ticket information 70 is deleted (S113). ) And sent to the IP address verification means 45 and the authenticator deletion means 46. On the other hand, when it is determined that the ticket information 70 is within the expiration date, the packet 80 is sent from the expiration date determination unit 42 to the IP address verification unit 45 and the authenticator deletion unit 46 without passing through the ticket deletion unit 43. It is done.
When the packet 80 is sent to the IP address verification unit 45, the firewall 40 determines the IP address based on the authenticator 73 of the ticket information 70 of the packet 80 and the address verification key information held in the address verification key holding unit 44. The verification unit 45 verifies the IP address 72 of the ticket information 70 (S114). In this example, the packet 80 sent to the IP address verification means 45 is received by the bit extraction means 45a. The bit extracting means 45a extracts the IP address 72 and the authenticator 73 from the ticket information 70 of the received packet 80, sends the extracted authenticator 73 to the decrypting means 45b, and sends the IP address 72 to the hash calculating means 45c. The decryption unit 45b that has received the authenticator 73 decrypts the received authenticator 73 using a predetermined decryption function and the address verification key information extracted from the address verification key holding unit 44, and compares the decryption result with the comparison unit 45d. Send to. On the other hand, the hash calculator 45c that has received the IP address 72 calculates a hash value of the received IP address 72 and sends the hash value (message digest) to the comparator 45d. The comparison unit 45d compares the decryption result sent from the decryption unit 45b with the message digest sent from the hash calculation unit 45c, and it is assumed that the verification is successful if they match. Note that the packet 80 from which the ticket information 70 has been deleted in S113 and the packet that does not include the ticket information 70 from the beginning do not have the IP address 72 of the ticket information 70, so the verification by the IP address verification means 45 is successful. There is nothing.

  Next, the firewall 40 determines in the IP address verification means 45 whether or not the verification in S114 is successful (S115). Here, when it is determined that the verification in S114 has failed, the IP address verification unit 45 sends information indicating that the verification has failed to the authenticator deletion unit 46, and the authenticator deletion unit 46 that has received the information receives the packet. 80 is discarded, and the firewall 40 ends the processing. On the other hand, when it is determined that the verification in S114 is successful, the IP address verification unit 45 sends information indicating that the verification is successful to the authenticator deletion unit 46. The authenticator 73 of the ticket information 70 of 80 is deleted (S116).

The packet 80 from which the authenticator 73 has been deleted in S116 is sent to the transmission source information verification unit 47, and the transmission source information verification unit 47 that has received the packet 80 receives the IP address 72 that has been successfully verified by the IP address verification unit 45, and Based on the source address 81 of the packet 80, the source address 81 of the packet 80 is verified (S117). Specifically, for example, it is verified whether or not the verified IP address 72 matches the transmission source address 81 of the packet 80.
Next, the firewall 40 determines whether or not the verification in S117 is successful in the transmission source information verification unit 47 (S118), and when the transmission source information verification unit 47 determines in S118 that the verification in S117 has failed , The packet 80 is discarded and the processing ends. On the other hand, when the transmission source information verification unit 47 determines in S118 that the verification in S117 is successful, the firewall 40 sends the packet 80 to the communication unit 41, and the communication unit 41 passes the packet 80 to the network 62. Transmit (S119).

  As described above, the information passing control system 10 can prevent the packet 80 in which the source address 81 is spoofed from passing because the firewall 40 passes the packet 80 in which the source address 81 has been successfully verified. . Therefore, the information passage control system 10 can prevent the application server 50 from receiving an attack such as a SYN flood attack using a spoofed source address. In addition, the information passing control system 10 can also suppress a SYN flood attack using a source address that is not spoofed by leaving a user record in the ticket issuing server 30.

In addition, since the firewall 40 passes the packet 80 transmitted in the terminal device 20 that has been successfully authenticated by the ticket issuing server 30, the information passing control system 10 is transmitted by a device that has not been successfully authenticated by the ticket issuing server 30. Compared with the case where the firewall 40 allows the packet 80 to pass through, the packet 80 in which the source address 81 is spoofed can be prevented more reliably.
In this embodiment, when the verification by the IP address verification unit 45 is successful, the authenticator deletion unit 46 deletes the authenticator 73 of the ticket information 70 of the packet 80 (S116). Therefore, the authenticator 73 is not included in the packet 80 that has passed through the firewall 40. Therefore, the application server 50 that is the destination of the packet 80 does not have to be a special device that can process the packet 80 including the authenticator 73. Therefore, it is not necessary to prepare a device that can process the packet 80 including the authenticator 73 as the application server 50.

The information passing control system 10 may be configured such that the ticket creation unit 34 of the ticket issuing server 30 creates the ticket information 70 without the authentication by the authentication unit 32.
In the information passing control system 10, the ticket issuing server 30 as a ticket issuing device and the firewall 40 as an information passing control device are separate devices, but the ticket issuing device and the information passing control device are the same device. There may be. When the ticket issuing device and the information passing control device are the same device, the information passing control system 10 can be easily constructed as compared with a configuration in which the ticket issuing device and the information passing control device are separate devices. . For example, when the ticket issuing device and the information passing control device are the same device, when the ticket issuing device and the information passing control device are newly added to the network not including the ticket issuing device and the information passing control device, they are newly added. Since only one device is required, the effort to add the ticket issuing device and the information passing control device can be reduced as compared with the configuration in which the ticket issuing device and the information passing control device are separate devices. It is also possible to reduce the influence on other devices constituting the.

  In addition, the information passing control system 10 uses a common key encryption method that uses address verification key information that is a common secret key held in the verification key holding unit 33 of the ticket issuing server 30 and the address verification key holding unit 44 of the firewall 40. However, instead of the address verification key information, a predetermined secret key is held by the verification key holding unit 33 of the ticket issuing server 30 and corresponds to the secret key held by the verification key holding unit 33 of the ticket issuing server 30 The address verification key holding means 44 of the firewall 40 holds address verification key information that is a public key to be executed, and the secret key held in the verification key holding means 33 of the ticket issuing server 30 and the address verification key holding means 44 of the firewall 40. Even if a public key cryptosystem using address verification key information held in There.

Further, the authentication means 32 of the ticket issuing server 30 authenticates the user of the terminal device 20, but may authenticate matters other than the user of the terminal device 20. For example, the authentication unit 32 may authenticate a predetermined object (for example, an object such as a device, a process such as an operating program) on the terminal device 20. When the authentication unit 32 performs predetermined object authentication on the terminal device 20, the object ID is used as the service information instead of the user ID 71.
Further, since the authentication pass 73 is not included in the packet 80 that has passed through the firewall 40, the information passing control system 10 prepares a device that can process the packet 80 including the authentication pass 73 as the application server 50 that is the destination of the packet 80. There is no need. When the application server 50 can process the packet 80 including the authenticator 73, the firewall 40 may not include the authenticator deleting unit 46. Further, when the firewall 40 does not include the authenticator deletion unit 46, the firewall 40 only needs to execute S117 when the IP address verification unit 45 determines in S115 that the verification in S114 is successful.

Further, the information passing control system 10 uses the IP address 72 as the address information, but may use address information other than the IP address.
In addition, the information passing control system 10 creates the authenticator 73 of the ticket information 70 from the IP address 72 in the ticket creation means 34 of the ticket issuing server 30, but the user ID 71, time stamp 74, valid The authenticator 73 may be created from the information in the ticket information 70 other than the IP address 72 such as the expiration date 75 and the IP address 72. For example, when the information creation control system 10 is configured to create the authenticator 73 from the IP address 72 and the user ID 71 in the ticket creation means 34, the IP address verification means 45 of the firewall 40 sets the user ID 71. Tampering can be detected, and the integrity of the user ID 71 in the ticket information 70 can be guaranteed until the packet 80 reaches the firewall 40 from the terminal device 20.

Further, if the information passing control system 10 records a set of the user ID 71 and the IP address 72 as a log by the firewall 40, the same IP address is used by a plurality of users having different user IDs. It is possible to easily detect the presence of an IP address, and it is possible to suppress the use of an unauthorized IP address.
The information passing control system 10 uses the authenticator 73 as the address verification information, but may use information other than the authenticator 73 as the address verification information. For example, when the ticket creation means 34 of the ticket issuing server 30 creates a digital signature based on the IP address 72 using a secret key and includes the created digital signature in the ticket information 70 instead of the authenticator 73, information passing control is performed. The system 10 can use the digital signature of the ticket information 70 as address verification information.

  The information passing control system 10 uses information (for example, a user ID 71) used in the application server 50 among the information in the ticket information 70 of the packet 80 transmitted from the firewall 40 to the application server 50. This system is suitable for a case where it is guaranteed that no alteration is made in the network 62. For example, the network 61 is the Internet, and an ISP (Internet Services Provider) that connects the application server 50 to the network 61 via the firewall 40 is a trusted company and manages the firewall 40 with responsibility, and the application server When the network 62 between the ISP 50 and the ISP is also trustworthy, the ISP connecting the application server 50 to the network 61 via the firewall 40 sends an illegal packet whose source address is spoofed from the terminal device 20 to the other party's network. It is possible to prevent the firewall 40 from entering the network 62 through the network 61.

(Second Embodiment)
First, the configuration of the information passage control system according to the second embodiment will be described. This embodiment is a modification of the first embodiment. Below, about the structure similar to the structure of the information passage control system 10 (refer FIG. 1) which concerns on 1st Embodiment among the structures of the information passage control system which concerns on 2nd Embodiment, it is information passage. The same reference numerals as those in the configuration of the control system 10 are used and detailed description thereof is omitted.
11 is a block diagram of the information passing control system 210 according to the present embodiment, FIG. 12 is a block diagram of the ticket issuing server 230, and FIG. 13 is a configuration of the ticket information 270 used in the information passing control system 210. FIG. 14 illustrates a block diagram of the application server 250, and FIG. 15 illustrates a configuration diagram of a packet 280 used in the information passing control system 210.

  As shown in FIG. 11, the difference between the information passing control system 210 according to the present embodiment and the information passing control system 10 according to the first embodiment (see FIG. 1) is provided in the information passing control system 10. Instead of the ticket issuing server 30 (see FIG. 1) and the application server 50 (see FIG. 1), the information passing control system 210 has a ticket issuing server 230 as a ticket issuing device and an application server 250 as a service providing device. It is a point provided with. Other configurations of the information passing control system 210 are the same as those of the information passing control system 10.

As shown in FIG. 12, the difference between the configuration of the ticket issuing server 230 and the ticket issuing server 30 (see FIG. 5) of the first embodiment is that the verification key holding means provided in the ticket issuing server 30 The ticket issuing server 30 (see FIG. 5) includes a verification key holding unit 233 and a ticket creating unit 234 in place of 33 (see FIG. 5) and the ticket creating unit 34 (see FIG. 5). Other configurations of the ticket issuing server 230 are the same as those of the ticket issuing server 30.
Here, the verification key holding means 233 is a service that is a secret key used for verifying the address verification key information that is a secret key and the user ID 71 (see FIG. 13) of the ticket information 270 (see FIG. 13). And verification key information. Further, the ticket creation unit 234 creates the ticket information 270 using the address verification key information and the service verification key information held in the verification key holding unit 233 when the authentication in the authentication unit 32 is successful. ing.

Here, the verification key holding unit 233 and the ticket creation unit 234 are configured by general computer components such as a CPU, a ROM, and a RAM (not shown).
As shown in FIG. 13, the ticket information 270 is configured such that the ticket information 70 (see FIG. 3) newly includes an authenticator 273 as service verification information used for verification of the user ID 71. It is the same.
As shown in FIG. 14, the application server 250 includes service verification key information held in the service providing unit 252 and the verification key holding unit 233 (see FIG. 12) of the ticket issuing server 230 (see FIG. 11). Packet 280 (see FIG. 2) as ticket-added information transmitted by the communication verification means 21 (see FIG. 2) of the terminal device 20 (see FIG. 2) and the service verification key holding means 253 that holds the same service verification key information. 15)) based on the authenticator 273 (see FIG. 13) of the ticket information 270 (see FIG. 15) and the service verification key information held in the service verification key holding means 253, the user of the ticket information 270 User ID verification means 254 as service information verification means for verifying ID 71 (see FIG. 13), And a 51. The service providing unit 252 determines the terminal device 20 based on the user ID 71 of the ticket information 70 of the packet 280 transmitted by the communication unit 21 of the terminal device 20 when the verification by the user ID verification unit 254 is successful. To provide services.

Here, the service providing unit 252, the service verification key holding unit 253, and the user ID verification unit 254 are configured by general computer components such as a CPU, a ROM, and a RAM (not shown).
As shown in FIG. 15, the configuration of packet 280 is the same as the configuration in which packet 80 (see FIG. 4) includes ticket information 270 instead of ticket information 70 (see FIG. 4).
Next, the operation of the information passing control system 210 will be described. The operation of the information passing control system 210 is almost the same as the operation of the information passing control system 10 (see FIG. 1), and therefore the operation of the information passing control system 210 is the same as the operation of the information passing control system 10. A description of such operations will be omitted.

The ticket issuing server 230 uses the ticket information 270 using the service verification key information held in the verification key holding unit 233 and the one-way hash function when the ticket creation unit 234 creates the ticket information 270. The authenticator 273 is created from the person ID 71 (for example, by the same method as in the first embodiment).
Further, when the packet 280 transmitted by the communication unit 21 of the terminal device 20 reaches the application server 250, as illustrated in FIG. 16, the application server 250 transmits the received packet 280 to the communication unit 51 (“ticketed information reception”). The user ID verification means based on the authenticator 273 of the ticket information 270 of the received packet 280 and the service verification key information held in the service verification key holding means 253. In 254, the user ID 71 of the ticket information 270 is verified (S292) (for example, by a method similar to the verification of the IP address of the first embodiment).

  Next, the application server 250 determines whether or not the verification in S292 is successful in the user ID verification means 254 (S293), and the user ID verification means 254 determines in S293 that the verification in S292 has failed. If so, the packet 280 is discarded and the process is terminated. On the other hand, when the user ID verification unit 254 determines in S293 that the verification in S292 is successful, the application server 250 determines whether the verification is successful in the user ID verification unit 254 based on the user ID 71. A session is established during this period, and the service providing means 252 provides a service to the terminal device 20 (S294).

As described above, the information passage control system 210 operates in substantially the same manner as the information passage control system 10 (see FIG. 1), so that the same effect as the information passage control system 10 can be obtained.
Further, since the information passing control system 210 uses the ticket information 270 common to both the firewall 40 and the application server 250 for verification, the firewall 40 and the application server 250 use different ticket information for verification. In comparison, the amount of communication can be reduced.

  Further, the information passing control system 210 uses a common key encryption that uses service verification key information that is a common secret key held in the verification key holding unit 233 of the ticket issuing server 230 and the service verification key holding unit 253 of the application server 250. However, instead of the service verification key information, a predetermined secret key is held by the verification key holding unit 233 of the ticket issuing server 230, and the secret key held by the verification key holding unit 233 of the ticket issuing server 230 is used. The service verification key information that is the corresponding public key is held by the service verification key holding unit 253 of the application server 250, the secret key held by the verification key holding unit 233 of the ticket issuing server 230, and the service verification key of the application server 250. Service held in holding means 253 The public key encryption method using the Akashikagi information may be adopted.

  Further, the information passing control system 210 is configured to create the authenticator 273 of the ticket information 270 from the user ID 71 in the ticket creation means 234 of the ticket issuing server 230, but the IP address 72, the time stamp 74, the valid The authenticator 273 may be created from information in the ticket information 270 other than the user ID 71 such as the time limit 75 and the user ID 71. For example, when the information creation control unit 210 creates the authenticator 273 from the user ID 71 and the IP address 72 in the ticket creation unit 234, the user ID verification unit 254 of the application server 250 uses the IP address. 72 can be detected, and the integrity of the IP address 72 in the ticket information 270 can be guaranteed until the packet 280 reaches the application server 250 from the terminal device 20.

The information passing control system 210 uses the authenticator 273 as service verification information, but may use information other than the authenticator 273 as service verification information. For example, when the ticket creation unit 234 of the ticket issuing server 230 creates a digital signature based on the user ID 71 using a secret key and includes the created digital signature in the ticket information 270 instead of the authenticator 273, information passing control is performed. The system 210 can use the digital signature of the ticket information 270 as service verification information.
In the information passing control system 210, the information used in the application server 250 (for example, the user ID 71) among the information in the ticket information 270 of the packet 280 transmitted from the firewall 40 to the application server 250 is the firewall 40. The system is suitable not only when it is guaranteed not to be tampered with in the network 62 but also when it is not guaranteed. For example, when a company that constructs the network 61 as an in-house network manages the firewall 40, the company that manages the firewall 40 sends an illegal packet whose source address is spoofed from the terminal device 20 to its own network 61. It is possible to prevent the firewall 40 from exiting to the other person's network 62 via the network. Further, when the company managing the firewall 40 and the network 61 changes the configuration of the address verification information, it only changes the configuration of the terminal device 20, the ticket issuing server 230, and the firewall 40 connected to its own network 61. It is not necessary to request the administrator of the network 62 or the application server 250 to change the configuration of the network 62 or the application server 250.

(Third embodiment)
This embodiment is a modification of the second embodiment. In the following, the configuration of the information passing control system according to the third embodiment is the same as the configuration of the information passing control system 210 (see FIG. 11) according to the second embodiment. The same reference numerals as those in the configuration of the control system 210 are attached and detailed description thereof is omitted.
The configuration of the information passing control system according to the present embodiment is that the address verification key information and the service verification key information are the same information (hereinafter referred to as “verification key information”), and the ticket creation means 234 of the ticket issuing server 230. (See FIG. 12.) The ticket information 370 (see FIG. 17) is created instead of the ticket information 270 (see FIG. 13), and the firewall 40 and the application server 250 have the authenticator 73 (see FIG. 12) of the ticket information 270. 13) and the authenticator 273 (see FIG. 13) instead of the authenticator 373 (see FIG. 17) of the ticket information 370 is different from the information passing control system 210 shown in FIG. Is similar to the information passing control system 210.

Here, as illustrated in FIG. 17, in the configuration of the ticket information 370, the ticket information 270 (see FIG. 13) is replaced with an authenticator 73 (see FIG. 13) and an authenticator 273 (see FIG. 13). Thus, the configuration is the same as that having an authenticator 373 (corresponding to “ticket information verification information”) as address verification information and service verification information.
The ticket issuing server 230 uses the ticket information 370 by using the verification key information and the one-way hash function held in the verification key holding unit 233 when the ticket creation unit 234 creates the ticket information 370. An integrated authenticator 373 is created based on the person ID 71 and the IP address 72 (for example, by the same method as in the first embodiment).

Since the authenticator 373 of the ticket information 370 is used by both the firewall 40 and the application server 250, the firewall 40 in the information passage control system according to the present embodiment has a configuration that does not include the authenticator deletion unit 46. is there.
Since the information passage control system according to the present embodiment operates in substantially the same manner as information passage control system 210 (see FIG. 11), the same effects as information passage control system 210 can be obtained.
Further, the information passing control system according to the present embodiment is compared with the configuration in which the service verification information and the address verification information are separate information as in the information passing control system 210 according to the second embodiment. The amount of communication can be reduced. Furthermore, it is possible to reduce the quantity of key information that the ticket issuing server 230 must hold.

  In addition, the information passing control system according to the present embodiment has the common information held in the verification key holding unit 233 of the ticket issuing server 230, the address verification key holding unit 44 of the firewall 40, and the service verification key holding unit 253 of the application server 250. Although the common key cryptosystem using the verification key information which is the secret key of the ticket is issued, the verification key holding means 233 of the ticket issuing server 230 holds a predetermined secret key instead of the verification key information, and the ticket issuing server 230, the verification key information that is the public key corresponding to the secret key held by the verification key holding means 233 is held by the address verification key holding means 44 of the firewall 40 and the service verification key holding means 253 of the application server 250, and the ticket issuing server. The secret held in the verification key holding means 233 of 230 When, it may be employed a public key cryptography method using a verification key information held in the service verification key holding unit 253 of address verification key holding unit 44 and the application server 250 of the firewall 40.

In the information passing control system according to the present embodiment, the ticket creation unit 234 of the ticket issuing server 230 creates the authenticator 373 of the ticket information 370 from the user ID 71 and the IP address 72. The authenticator 373 may be created from information in the ticket information 370 other than the user ID 71 and the IP address 72 such as the time stamp 74 and the expiration date 75 and the user ID 71 and the IP address 72.
The information passing control system according to the present embodiment uses the authenticator 373 as the address verification information and the service verification information. However, information other than the authenticator 373 is used as the address verification information and the service verification information. It may be used. For example, the ticket creation means 234 of the ticket issuing server 230 creates a digital signature based on the user ID 71 and the IP address 72 using a secret key, and includes the created digital signature in the ticket information 370 instead of the authenticator 373. The information passing control system according to the present embodiment can use the digital signature of the ticket information 370 as address verification information and service verification information.

(Fourth embodiment)
This embodiment is a modification of the second embodiment. In the following, regarding the configuration of the information passing control system according to the fourth embodiment, the configuration similar to the configuration of the information passing control system 210 (see FIG. 11) according to the second embodiment will be described. The same reference numerals as those in the configuration of the control system 210 are attached and detailed description thereof is omitted.
In the configuration of the information passing control system according to the present embodiment, the ticket creation means 234 (see FIG. 12) of the ticket issuing server 230 replaces the ticket information 270 (see FIG. 13) with the ticket information 70 (see FIG. 3). ) And ticket information 470 (see FIG. 18) as other ticket information different from the ticket information 70, and the packet creation means 24 (see FIG. 2) of the terminal device 20 is configured with the packet 280. (Refer to FIG. 15.) Instead of creating the packet information 480 (see FIG. 19) as ticket-attached information with the ticket information 70 and the ticket information 470, the firewall 40 uses the authenticator 73 ( Instead of using the authenticator 73 (see FIG. 3) of the ticket information 70, the application server 250 is 11 is different from the information passing control system 210 shown in FIG. 11 in that the authentication information 273 of the ticket information 470 (see FIG. 18) is used instead of the authentication information 273 of the authentication information 270 (see FIG. 13). Is similar to the information passing control system 210.

FIG. 18 is an example of a configuration diagram of ticket information 470 used in the information passage control system according to the present embodiment, and FIG. 19 is an example of a configuration diagram of packet 480.
As illustrated in FIG. 18, the configuration of the ticket information 470 is the same as the configuration in which the authenticator 73 (see FIG. 13) is deleted from the ticket information 270 (see FIG. 13).
As shown in FIG. 19, the packet 480 has a configuration in which the packet 280 (see FIG. 15) includes ticket information 70 and ticket information 470 instead of the ticket information 270 (see FIG. 15). It is the same.

Since the information passage control system according to the present embodiment operates in substantially the same manner as information passage control system 210 (see FIG. 11), the same effects as information passage control system 210 can be obtained.
(Fifth embodiment)
This embodiment is a modification of the first embodiment. In the following, regarding the configuration of the information passing control system according to the fifth embodiment, the configuration similar to the configuration of the information passing control system 10 (see FIG. 1) according to the first embodiment is referred to as information passing. The same reference numerals as those in the configuration of the control system 10 are used and detailed description thereof is omitted.

The difference between the information passing control system of the present embodiment and the information passing control system 10 of the first embodiment is that a terminal device 520 is provided instead of the terminal device 20 included in the information passing control system 10. is there. Other points are the same as those of the information passing control system 10.
FIG. 20 is a block diagram illustrating terminal device 520 in the present embodiment.
As shown in FIG. 20, the terminal device 520 includes an address deleting unit 525 that deletes an IP address from ticket information, in addition to the communication unit 21, the user authentication information generating unit 22, the ticket information storing unit 23, and the packet creating unit 24. doing.

Next, the processing of this embodiment will be described.
Also in this embodiment, first, as in the first embodiment, the communication unit 21 of the terminal device 20 receives the ticket information 70 transmitted from the ticket issuing server 30 through the network 61. The communication means 21 sends the received ticket information 70 to the ticket information storage means 23 and stores it therein.
When creating the packet 80, the packet creation unit 24 extracts the IP address 72 from the ticket information 70 stored in the ticket information storage unit 23 and sets it as the transmission source address 81 of the packet 80. The address deleting unit 525 extracts the ticket information 70 from the ticket information storage unit 23 and deletes the IP address 72 from the ticket information 70. This is the difference from the first embodiment.

FIG. 21 is a diagram illustrating a configuration of the ticket information 570 from which the IP address 72 is deleted in this way.
As illustrated in FIG. 21, the ticket information 570 in the present embodiment has a configuration in which the IP address 72 is removed from the ticket information 70 in the first embodiment.
This ticket information 570 is sent to the packet creation means 24 and used to generate the packet 80.
Subsequent processing is the same as that in the first embodiment, except that the processing performed using the IP address 72 of the ticket information 70 is performed using the source address 81 of the packet 80. It is the same as the form.

Even if it does in this way, the effect similar to 1st Embodiment can be acquired. In this embodiment, since the packet 80 is generated using the ticket information 570 from which the IP address 72 is deleted, the size of the ticket information 570 given to the packet 80 can be reduced.
When the configuration in each of the above-described embodiments is realized by a computer, the processing contents of the functions that each device should have are described by a program. The processing functions are realized on the computer by executing the program on the computer.

  The program describing the processing contents can be recorded on a computer-readable recording medium. The computer-readable recording medium may be any medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, or a semiconductor memory. Specifically, for example, the magnetic recording device may be a hard disk device or a flexible Discs, magnetic tapes, etc. as optical disks, DVD (Digital Versatile Disc), DVD-RAM (Random Access Memory), CD-ROM (Compact Disc Read Only Memory), CD-R (Recordable) / RW (ReWritable), etc. As the magneto-optical recording medium, MO (Magneto-Optical disc) or the like can be used, and as the semiconductor memory, EEP-ROM (Electronically Erasable and Programmable-Read Only Memory) or the like can be used.

The program is distributed by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.
A computer that executes such a program first stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. When executing the process, the computer reads a program stored in its own recording medium and executes a process according to the read program. As another execution form of the program, the computer may directly read the program from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to the computer. Each time, the processing according to the received program may be executed sequentially. Also, the program is not transferred from the server computer to the computer, and the above-described processing is executed by a so-called ASP (Application Service Provider) type service that realizes the processing function only by the execution instruction and result acquisition. It is good. Note that the program in this embodiment includes information that is used for processing in an electronic computer and that conforms to the program (data that is not a direct command to a computer but has a property that defines the processing of the computer).

In each of the above-described embodiments, the present apparatus is configured by executing a predetermined program on a computer. However, at least a part of the processing contents may be realized by hardware. Good.
The present invention is not limited to the above-described embodiments. For example, the various processes described above are not only executed in time series according to the description, but may also be executed in parallel or individually as required by the processing capability of the apparatus that executes the processes. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing. Needless to say, other modifications are possible without departing from the spirit of the present invention.

1 is a block diagram of an information passage control system according to a first embodiment of the present invention. The block diagram of the terminal device of the information passage control system shown in FIG. The block diagram of the ticket information utilized in the information passage control system shown in FIG. The block diagram of the packet utilized in the information passage control system shown in FIG. The block diagram of the ticket issuing server of the information passage control system shown in FIG. The block diagram of the firewall of the information passage control system shown in FIG. The block diagram of the application server of the information passage control system shown in FIG. The sequence diagram of operation | movement of the information passage control system shown in FIG. 6 is a flowchart of the operation of the ticket issuing server shown in FIG. 7 is a flowchart of the operation of the firewall shown in FIG. The block diagram of the information passage control system which concerns on the 2nd Embodiment of this invention. The block diagram of the ticket issuing server of the information passage control system shown in FIG. The block diagram of the ticket information utilized in the information passage control system shown in FIG. The block diagram of the application server of the information passage control system shown in FIG. The block diagram of the packet utilized in the information passage control system shown in FIG. The flowchart of operation | movement of the application server shown in FIG. The block diagram of the ticket information utilized in the information passage control system which concerns on the 3rd Embodiment of this invention. The block diagram of the ticket information utilized in the information passage control system which concerns on the 4th Embodiment of this invention. The block diagram of the packet utilized in the information passage control system which concerns on the 4th Embodiment of this invention. The block diagram of the terminal device which concerns on the 5th Embodiment of this invention. The block diagram of the ticket information utilized in the information passage control system which concerns on the 5th Embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Information passage control system 20 Terminal device 21 Communication means (information transmission means)
30 Ticket issuing server (ticket issuing device)
32 Authentication means 34 Ticket creation means 40 Firewall (information passage control device)
41 Communication means (information passage control means)
44 Address verification key holding means 45 IP address verification means (address information verification means)
46 Authentication code deletion means (address verification information deletion means)
47 Transmission source information verification means 50 Application server (service providing apparatus)
52 Service providing means 70 Ticket information 71 User ID (service information)
72 IP address (address information)
73 Authentication code (address verification information)
80 packets (information with ticket)
81 Source address (source information)
210 Information passing control system 230 Ticket issuing server (ticket issuing device)
234 Ticket creation means 250 Application server (service providing apparatus)
252 Service providing unit 253 Service verification key holding unit 254 User ID verification unit (service information verification unit)
270 ticket information 273 authenticator (service verification information)
280 packets (information with ticket)
370 ticket information 373 authenticator (address verification information, service verification information)
470 Ticket information (separate ticket information)
480 packets (information with ticket)

Claims (13)

A terminal device having an information transmission means for transmitting information, a ticket issuing device having a ticket creation means for creating ticket information, and an information passage for controlling whether or not the information transmitted by the information transmission means is to be passed An information passage control device having a control means,
The ticket information is
Contains address verification information used for address information verification,
The information transmitting means includes
Sending the ticket-attached information with the ticket information to the information passing control device;
The information passing control device includes:
Address verification key holding means holding address verification key information used for verification of the address information;
Based on the address verification information of the ticket information of the ticket-attached information transmitted by the information transmitting means and the address verification key information held by the address verification key holding means, the sender information of the ticket-added information Source information verification means for verifying,
Have
The information passing control means includes
Passing the ticket-attached information when the verification by the transmission source information verification means is successful;
An information passage control system characterized by that. The ticket information is:
Including address information,
The information transmitting means includes
The ticket-attached information is transmitted to the information passage control device using the address information of the ticket information as the transmission source information,
The information passing control device includes:
Based on the address verification information of the ticket information of the ticket-attached information transmitted by the information transmission unit and the address verification key information held by the address verification key holding unit, the address information of the ticket information It further has address information verification means for performing verification,
The transmission source information verification means includes
Based on the address information that has been successfully verified by the address information verification means, the source information of the ticket-attached information is verified.
The information passing control system according to claim 1. The ticket issuing device
Authentication means for performing authentication based on the information transmitted by the information transmission means;
The ticket creating means includes:
Creating the ticket information when authentication by the authentication means is successful;
The information passing control system according to claim 1. The ticket issuing device and the information passing control device are:
The same device,
The information passing control system according to claim 1. A service providing device having service providing means for providing a service to the terminal device;
The ticket creating means includes:
Creating the ticket information including service information used for providing the service in the service providing means and service verification information used for verifying the service information;
The information passing control means includes
Controlling whether or not to pass the ticketed information transmitted by the information transmitting means, with the service providing apparatus as a destination,
The service providing apparatus includes:
Service verification key holding means holding service verification key information used for verification of the service information;
The service information of the ticket information based on the service verification information of the ticket information of the ticket-attached information transmitted by the information transmission unit and the service verification key information held by the service verification key holding unit. Service information verification means for verifying,
Have
The service providing means includes:
Providing a service to the terminal device based on the service information when verification by the service information verification unit is successful;
The information passing control system according to claim 1. The service verification information and the address verification information are:
Integrated ticket information verification information generated based on the service information and the address information.
The information passage control system according to claim 5, wherein: A service providing device having service providing means for providing a service to the terminal device;
The ticket creating means includes:
Create another ticket information different from the ticket information together with the ticket information,
The separate ticket information is
Service information used to provide a service in the service providing means, and service verification information used to verify the service information,
The information transmitting means includes
Sending the ticket-attached information with the ticket information and the other ticket information to the information passing control device using the address information of the ticket information as transmission source information;
The information passing control means includes
Controlling whether or not to pass the information with a ticket transmitted by the information transmission means with the service providing apparatus as a destination;
The service providing apparatus includes:
Service verification key holding means holding service verification key information used for verification of the service information;
Based on the service verification information of the other ticket information of the ticket-attached information transmitted by the information transmitting means and the service verification key information held by the service verification key holding means, the service of the different ticket information Service information verification means for verifying service information;
Have
The service providing means includes:
Providing a service to the terminal device based on the service information when verification by the service information verification unit is successful;
The information passing control system according to claim 1. Address verification key holding means holding address verification key information used for verifying address information;
Ticketed information receiving means for receiving ticketed information to which ticket information including address verification information used for verifying address information is attached;
Based on the address verification information of the ticket information of the ticketed information received by the ticketed information receiving unit and the address verification key information stored in the address verification key holding unit, the transmission of the ticketed information is performed. Source information verification means for verifying source information;
Information passing control means for passing the ticket-attached information when verification in the transmission source information verification means is successful;
An information passage control device comprising: Based on the address verification information of the ticket information of the ticket-attached information transmitted by the information transmission unit and the address verification key information held by the address verification key holding unit, the address information of the ticket information It further has address information verification means for performing verification,
The transmission source information verification means includes
Based on the address information that has been successfully verified by the address information verification means, the source information of the ticket-attached information is verified.
The information passage control device according to claim 8, wherein Service verification key holding means holding service verification key information used for verification of service information used for providing services;
Ticket-attached information receiving means for receiving ticket-attached information to which ticket information (referred to as “information including the service information and service verification information used to verify the service information”) is attached;
Based on the service verification information of the ticket information of the ticket-attached information received by the ticket-attached information receiving unit and the service verification key information held by the service verification key holding unit, the ticket information for the service Service information verification means for verifying information;
Service providing means for providing a service based on the service information when the verification by the service information verification means is successful;
A service providing apparatus comprising:   A program for causing a computer to function as the information passage control device according to claim 8.   A program for causing a computer to function as the service providing apparatus according to claim 10.   A computer-readable recording medium storing the program according to claim 11 or 12.

Images