JP2006094019A - Computer system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a computer system provided with a computer for utilizing a VPN apparatus to carry out VPN communication the security of which is improved. <P>SOLUTION: A VPN router 26 of a particular financial agency is connected to an external firewall 14 as another segment than a web server 20 in order to apply VPN communication to transmission/reception of information between the web server 20 of the particular financial agency and a web server 38 of a related card company via the Internet 30 in cooperation with a VPN router 36 of the related card company. Thus, the unencrypted information transmitted/received between the VPN router 26 and the web server 20 is not transmitted through a communication path between the external firewall 14 and the Internet 30, and the external firewall 14 is interposed between the VPN router 26 and the web server 20 and the external firewall 14 is set so that the information whose destination and sender are converted passes attended with the VPN communication by the VPN router 26. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a computer system, and more particularly to a computer system including a computer that performs VPN communication using a VPN (Virtual Private Network) device.

  Conventionally, VPN is known as a technique for improving security in communication via the Internet. VPN is realized by installing a dedicated device (for example, a VPN router, hereinafter referred to as “VPN device”) having a VPN function between a pair of computers that transmit and receive information via the Internet and the Internet. Each VPN apparatus performs header conversion (specifically, addition of a new header) and encryption for information (packets) to be transmitted via the Internet, and for information (packets) received via the Internet. Performs header re-conversion (specifically, removal of the added new header) and decoding. By converting / reconverting the header, it becomes possible to perform communication using a communication protocol other than a private address or TCP / IP between a pair of computers (so-called tunneling), and the encryption / decryption described above. Thus, security can be improved.

  In connection with VPN, Patent Document 1 provides a secure communication protocol between an Internet user interface and a financial institution's virtual private network (VPN) so that the client can use the application server of the financial institution via VPN. A technique that enables execution of a trading application is disclosed.

Further, Patent Document 2 discloses a configuration in which a WAN (Wide Area Network) composed of a public line or the like and a LAN are connected by a security gateway device to an external PC connected to the WAN by dial-up connection. When implementing VPN using the IPsec (IP security) protocol (standardized communication protocol applicable to VPN), the DHCP (Dynamic Host Configuration Protocol) communication option is set to IKE data during IKE (Internet Key Exchange) communication prior to IPsec communication. And a technique for realizing designation of a source IP address for IPsec processing in a tunneled IP packet.
JP 2001-60235 A JP 2001-160828 A

  By the way, a computer that communicates via the Internet usually uses unauthorized access via the Internet (a person who does not have a legitimate access right to a certain computer exploits a security hole of a program executed on the computer). In order to improve the difficulty of obtaining access authority and performing unauthorized use such as stealing, deleting, or modifying a file), it is connected to the Internet via a firewall device. In this configuration, a VPN device (a VPN device provided on the second computer side) to enable the computer (referred to as the first computer) to perform VPN communication with another computer (referred to as the second computer) via the Internet. In order to distinguish it from the first VPN device), the arrangement position of the VPN device becomes a problem.

  That is, since unencrypted information is transmitted and received between the first computer and the first VPN device, for example, when the first VPN device is arranged between the firewall device and the Internet, the firewall device Unencrypted information is transmitted over a low-security channel between the Internet and the Internet, and there is a high possibility that information sent and received between the first computer and the second computer will be stolen. There's a problem. In addition, when the first VPN device is arranged between the firewall device and the first computer (when the first VPN device is arranged in the same segment as the first computer), the first VPN device is provided. There is a possibility that the difficulty of unauthorized access to the first computer may be lower than when there is not.

  That is, unauthorized access is achieved by exploiting a security hole in the program. For this reason, every time a new security hole is discovered for various programs, efforts are being made to close the detected security hole by updating the corresponding program. It is the actual situation that a security hole has been discovered, and it is considered that there is a security hole that has not been discovered in various programs. The same applies to the program executed on the VPN device, and it is difficult to completely eliminate the possibility of unauthorized access to the VPN device by exploiting the security hole of the program executed on the VPN device. is there. If the first VPN device is located in the same segment as the first computer, and if unauthorized access to the first VPN device is successful, the telnet protocol or the like is used to access the first computer. Since the unauthorized access can be easily realized via the first VPN device, the difficulty of unauthorized access to the first computer is reduced.

  The technique described in Patent Document 1 does not take into account the above-described problems. Further, the technique described in Patent Document 2 also has the above-described problems. If unauthorized access to the security gateway device is successful, unauthorized access to each computer in the LAN can be easily realized. There is a problem.

  The present invention has been made in consideration of the above facts, and an object thereof is to improve security in a computer system including a computer that performs VPN communication using a VPN apparatus.

  In order to achieve the above object, a computer system according to the first aspect of the present invention includes a firewall device connected to a predetermined network to which a second computer provided with a second VPN device is connected, and A first computer connected to the firewall device, and connected to the firewall device as a separate segment from the first computer, encrypts information received from the first computer addressed to the own device, and sets the transmission source to the own device The destination is converted to the second VPN device and transmitted, and the encrypted information received from the second VPN device addressed to the own device is decrypted, the source is set to the own device, and the destination is converted to the first computer. A first VPN device for transmitting the information, wherein the first computer transmits information to be transmitted to the second computer The VPN apparatus transmits to the VPN apparatus, and the firewall apparatus has a transmission source of the first computer and a destination of the information of the first VPN apparatus, a transmission source of the first VPN apparatus and a destination of the second VPN apparatus. Information, the source is the second VPN device and the destination is the information of the first VPN device, and the source is the first VPN device and the destination is the information of the first computer. It is characterized by being set.

  In the computer system according to the first aspect of the present invention, the firewall device is connected to a predetermined network to which a second computer provided with a second VPN device is connected. Connected to a firewall device. In addition, the computer system according to the first aspect of the invention encrypts information received from the first computer addressed to the own device, converts the transmission source to the own device, converts the destination to the second VPN device, and transmits the information. A first VPN device that decrypts the encrypted information received from the second VPN device addressed to the own device, converts the transmission source to the own device and converts the destination to the first computer, and transmits the first VPN device; VPN communication between the first computer and the second computer is realized by the device and the second VPN device described above. In the first aspect of the invention, the first VPN device is a separate segment from the first computer. Connected to a firewall device.

  In the first aspect of the invention, the first computer transmits information to be transmitted to the second computer to the first VPN device, and the firewall device has the first computer as the transmission source and the destination as the first computer. VPN device information, the source is the first VPN device and the destination is the second VPN device information, the source is the second VPN device and the destination is the first VPN device information, and the source is the first In the VPN apparatus, the destination is set to pass the information of the first computer. Thus, information to be transmitted from the first computer to the second computer is first sent from the first computer to the first VPN device via the firewall device, and then from the first VPN device to the firewall device. Is sent to the second VPN apparatus via the network, and then sent from the second VPN apparatus to the second computer. The information transmitted from the second computer to the first computer is first sent from the second computer to the second VPN device, and then sent from the second VPN device to the first computer via a predetermined network and firewall device. To the first computer, and then sent from the first VPN device to the first computer via the firewall device.

  As described above, in the first aspect of the present invention, unencrypted information transmitted and received between the first VPN device and the first computer is transmitted through the communication path between the firewall device and the predetermined network. As compared with the case where the first VPN device is arranged between the firewall device and a predetermined network, information transmitted / received between the first computer and the second computer is stolen. Can reduce the risk. In the first aspect of the invention, since the first VPN device is connected to the firewall device as a separate segment from the first computer, there is no firewall device between the first VPN device and the first computer. In addition, the first VPN device converts the received information into information having a transmission source and destination different from the information and transmits the information, and the firewall device passes the information with the transmission source and destination converted. Therefore, even if unauthorized access to the first VPN device is successful, unauthorized access to the first computer is not easy, and the first VPN device is not connected between the firewall device and the first computer. The difficulty of unauthorized access to the first computer can be improved as compared with the case of arranging.

  Therefore, according to the first aspect of the present invention, it is possible to improve security in a computer system including a computer that performs VPN communication using a VPN apparatus. According to the first aspect of the present invention, since the security improvement equivalent to the case where two firewall devices are provided can be realized by one firewall device, the cost reduction of the computer system is also realized. be able to.

  In the first aspect of the present invention, for example, as described in the second aspect, the predetermined network may be the Internet, and the first computer stores the information on the first web page. Each time the information requesting the transmission of the information of the first web page is received from an external unspecified computer via the Internet, the information of the first web page is read from the first storage device and the transmission request source It is possible to provide a function as a web server that transmits to the external computer. In this case, the firewall device is set to pass information addressed to the first computer received from the external unspecified computer via the Internet and information addressed to the external unspecified computer received from the first computer. It only has to be done.

  Further, in the invention described in claim 2, the second computer is selected when a specific option in the first web page is selected while the first web page is displayed on the display device of the external computer. The computer may include a second storage device that stores information on a second web page to be transmitted to the external computer. In this case, the first computer may be configured as described in, for example, claim 3. When the information requesting the transmission of the second web page information is received by selecting a specific option from the external computer that has transmitted the information of the first web page, After the information requesting the transmission of the information on the second web page is transmitted to the first VPN device, the second computer, the Internet, the network, Ear wall unit, a first VPN device, the information of the second web page received via the firewall device, it is preferable to be transmitted to the external computer which is the transmission request source.

  According to the third aspect of the present invention, a customer who operates the external computer in a state where the first web page is displayed on the display device of the external computer selects a specific option in the first web page. When selected, the first computer requests the second computer to transmit the information on the second web page, and the information on the second web page received from the second computer is transmitted to the external computer. Thus, the second web page is displayed on the display device of the external computer. Thus, in the invention described in claim 3, the transmission request for the information on the second web page to the second computer and the transmission of the information on the second web page from the second computer to the external computer are routed through the first computer. Therefore, the web page displayed on the display device of the external computer, that is, the web page viewed by the customer operating the external computer is changed from the first web page to the second web page. The first computer (and the second computer) can recognize this even when switching to. Accordingly, when a specific option is selected, the first computer and the first computer are compared with the case where the information requesting the transmission of the information of the second web page is directly transmitted from the external computer to the second computer. It becomes possible for the two computers to share information about the customer, improving the convenience for the customer who operates the external computer, and reducing the load applied to the second computer.

  Specifically, in the invention described in claim 3, the first and second web pages are web pages provided only to authorized customers whose customer identification information and authentication information are registered in the first storage device. In this case, when the first computer receives information requesting transmission of the information of the first web page from an external computer, for example, as described in claim 4, customer identification information and authentication are received from the external computer. When information requesting transmission of information is transmitted and customer identification information and authentication information are received from the external computer according to an instruction of an operator of the external computer, the received customer identification information and authentication information are stored in the first storage device. By verifying with the registered customer identification information and authentication information, an authentication process is performed to confirm whether or not the operator is a legitimate customer. Only when it is confirmed that the operator is a legitimate customer, information on the requested first web page is transmitted to the external computer, and the operator is confirmed to be a legitimate customer. When information requesting transmission of information on the second web page is received from an external computer, information requesting transmission of information on the second web page to the second computer is addressed to the first VPN device. It can be configured to transmit.

  In the invention according to claim 4, it is confirmed by an authentication process performed by the first computer that the operator of the external computer that has transmitted the information requesting the transmission of the information on the first web page is an authorized customer. Only when the information of the requested first web page is transmitted to the external computer, the first computer receives information requesting transmission of the information of the second web page from the external computer. Thus, when the information requesting the second computer to transmit the information on the second web page is transmitted to the first VPN device, the information requesting the transmission of the information on the second web page is sent to the second computer. Even in the second computer received from one computer, the operator of the external computer requesting the transmission of the information on the second web page is correct. The second web page information is unconditionally sent to the external computer via the first computer without requiring the customer to send customer identification information and authentication information. Can be sent.

  Thereby, the customer needs to perform complicated operations such as sending customer identification information and authentication information every time the web page being browsed is switched from the first web page to the second web page or vice versa. Therefore, convenience for customers who operate external computers can be improved. In addition, since it is not necessary to perform authentication processing on the second computer, the load applied to the second computer can be reduced.

  Further, in the invention according to claim 3, when the first and second web pages are web pages providing different information for each customer, for example, as described in claim 5, the first storage device The attribute information of each customer is stored in the first computer, and when the first computer receives information requesting the transmission of the first web page information from the external computer, the customer operating the external computer is specified. 1st web page according to the customer specified as the 1st web page is generated based on the attribute information of the specified customer memorized by the 1st storage device, and the generated 1st web When the page information is transmitted to the external computer and the information requesting the transmission of the second web page information is received from the external computer, the information is addressed to the first VPN device. And transmits, to the information requesting the transmission of the information of the second web page to the second computer may be configured to add the attribute information of the customer identified.

  According to the fifth aspect of the present invention, when the first computer receives information requesting transmission of the information of the first web page from the external computer, the process of specifying the customer who operates the external computer is performed by the first computer. Is done by. This processing may be performed by transmitting customer identification information or the like from the external computer, for example, as in the invention of claim 4 described above, or as a cookie file in a storage device of the external computer, for example. It is also possible to refer to identification information stored in advance. And the 1st computer generates the 1st web page according to the customer specified as the 1st web page based on the attribute information of the specified customer memorized by the 1st storage device, and generated 1st Web page information is transmitted to the external computer. When the first computer receives information requesting transmission of the second web page information from the external computer, the first computer transmits the second web page to the first VPN device. The attribute information of the identified customer is added to information requesting transmission of page information.

  Thus, the second computer, like the first computer, uses the second web page based on the attribute information added to the information requesting transmission of the information of the second web page received from the first computer. As a result, it is possible to generate a second web page corresponding to the customer and transmit the information of the generated second web page to the external computer via the first computer. Thus, in the invention described in claim 5, since it is not necessary to perform the process of specifying the customer with the second computer, the load on the second computer can be reduced. Moreover, in the aspect which performs the process which specifies a customer based on the customer identification information etc. which were transmitted from the external computer, the browsing web page is changed from the first web page to the second web page, or vice versa. Since there is no need for the customer to perform complicated operations such as sending customer identification information each time switching to, convenience to the customer who operates the external computer can be improved.

  As described above, the present invention encrypts information received from the first computer addressed to the own device, converts the transmission source to the own device and converts the destination to the second VPN device, and transmits the information from the second VPN device. The first VPN device that decrypts the encrypted information received for the device itself, converts the transmission source to the device itself, converts the destination to the first computer and transmits it, is connected to the firewall device as a separate segment from the first computer. The information to be transmitted to the second computer is transmitted from the first computer to the first VPN device, the transmission source is the first computer and the destination is the first VPN device information, and the transmission source is the first VPN device. The destination is the second VPN device information, the source is the second VPN device and the destination is the first VPN device information, and the source is the first VPN device and the destination is the first computer information. The Having set the firewall apparatus so that it is possible to improve security in a computer system with a computer for VPN communication using VPN device has an excellent effect that.

  Hereinafter, an example of an embodiment of the present invention will be described in detail with reference to the drawings. FIG. 1 shows a computer system 10 according to the present embodiment. The computer system 10 is a financial institution system 12 installed in a specific financial institution, and a relation established in a credit card company (hereinafter referred to as an associated card company) that has a relationship with the specific financial institution and performs operations related to credit cards. A card company internal system 32 and a client terminal 28 possessed by a customer of a specific financial institution and related card company are connected to each other via the Internet 30. The client terminal 28 may be a personal computer (PC) or a portable terminal having a function of accessing the Internet 30, and includes a display device that includes an LCD or the like and can display a web page, An input device capable of inputting arbitrary information is provided (all are not shown), and a browser (a program for browsing a web page) is installed.

  The financial institution system 12 includes an external firewall 14 connected to the Internet 30. The external firewall 14 corresponds to the firewall device according to the present invention (specifically, the firewall device according to claim 2). The external firewall 14 is connected to a computer network 18 constructed in a specific financial institution via the internal firewall 16. The computer network 18 is configured by connecting a large number of computers for performing various operations in financial institutions to each other via a communication line. In addition, a web server 20 and an application server 22 for operating an online financial transaction website are sequentially connected to the external firewall 14, and the application server 22 constitutes an online financial transaction website. An HDD (Hard Disk Drive) 24 for storing information on each web page to be stored, a customer information DB (database), and an authentication information DB is connected. Although not shown, the web server 20 and the application server 22 include a CPU, a memory such as a ROM and a RAM, and an I / O port, which are connected to each other via a bus and a storage device such as an HDD. And an input device such as a keyboard and a display device such as a display are connected to the I / O port. The web server 20 and the application server 22 correspond to the first computer according to the present invention (specifically, the first computer according to claims 2 to 5).

  The specific financial institution according to the present embodiment is an online service operated by the web server 20 and the application server 22 as a service that enables a customer who has opened an account with the specific financial institution to perform an online financial transaction. An online financial transaction reception service is provided that receives online financial transaction execution instructions from customers using a financial transaction website. In the financial transaction using this online financial transaction reception service, the customer browses the web page of the online financial transaction website via the client terminal 28, and inputs necessary information on the web page. Information for instructing execution of a desired financial transaction (financial transaction instruction information) is transmitted from the client terminal 28 to the web server 20. Then, the financial transaction instruction information is transferred from the web server 20 to a predetermined computer in the computer network 18 so that the financial transaction instructed by the customer based on the financial transaction instruction information is executed by the predetermined computer. It has become so.

  A customer who uses an online financial transaction reception service applies to a specific financial institution in advance to use the service. The specific financial institution assigns a user ID (corresponding to the customer identification information according to claim 4) to the customer every time a customer applies for the use of the service, and the password (the customer sets the assigned user ID) The authentication information is registered in the above-described authentication information DB as authentication information. The authentication information registered in the authentication information DB is used to authenticate customers who make financial transactions using the online financial transaction acceptance service. For customer authentication, a contractor card distributed to individual customers by a specific financial institution In this case, a number written on a contractor card possessed by each customer may be added to the authentication information. Further, the customer information DB stores various attribute information of individual customers whose authentication information is registered in the authentication information DB. For example, for a customer who holds a credit card issued by a related card company, The credit card number of the credit card held by the customer is stored. As described above, the HDD 24 corresponds to the first storage device according to the present invention (specifically, the first storage device according to claims 4 and 5).

  The segment in which the web server 20, the application server 22, and the HDD 24 are provided is called a public segment, and is a segment different from the computer network 18 (internal segment). Further, a VPN router 26 for realizing VPN communication is connected to the external firewall 14 as a segment (a VPN router dedicated segment) separate from the public segment and the internal segment. The VPN router 26 corresponds to the first VPN device according to the present invention.

  On the other hand, the related card company system 32 includes a firewall 34 connected to the Internet 30. The firewall 34 cooperates with the VPN router 26 of a specific financial institution to realize VPN communication. A VPN router 36, a web server 38, and an application server 40 are connected in order, and an HDD 42 is connected to the application server 40. Although not shown, the web server 38 and the application server 40 include a CPU, a memory such as a ROM and a RAM, and an I / O port, which are connected to each other via a bus and a storage device such as an HDD. And an input device such as a keyboard and a display device such as a display are connected to the I / O port.

  The web page of the online financial transaction website operated by the web server 20 and the application server 22 of a specific financial institution is a web page provided by an associated card company (hereinafter referred to as a card-related web page). A link for jumping is provided, and information on the card-related web page is stored in the HDD 42. In this embodiment, the card-related web page is distributed to customers as part of an online financial transaction website. That is, as will be described in detail later, when information requesting distribution of information on a specific card related web page is transmitted from the client terminal 28, the information is sent to the web of the related card company via the web server 20 of the specific financial institution. Transferred to server 38 and application server 40 The information on the card-related web page transmitted by the web server 38 and the application server 40 based on the above information is distributed to the client terminal via the web server 20 of the specific financial institution.

  The HDD 42 stores a customer information DB, and the authentication information DB stores individual customer attribute information relating to credit cards (for example, information such as credit card usage details for each individual customer). . The VPN router 36 corresponds to the second VPN device according to the present invention. The web server 38 and the application server 40 correspond to the second computer according to the present invention. Specifically, the HDD 42 includes the web server 38 and the application server in the second storage device according to claim 3. Reference numerals 40 respectively correspond to the second computers.

  Next, as an operation of the present embodiment, processing when a customer accesses an online financial transaction website through the client terminal 28 will be described. The online financial transaction website is accessed (see also step 50 in FIG. 2) by the customer operating the input device of the client terminal 28 while the browser is activated on the client terminal 28. This is done by performing an operation such as specifying a URL (Uniform Resource Locator) of the site. As a result, the distribution request information for requesting distribution of the web page corresponding to the designated URL is transmitted from the client terminal 28 to the web server 20 of the specific financial institution (see also step 52 in FIG. 2).

  The distribution request information transmitted from the client terminal 28 is transferred to the financial institution system 12 via the Internet 30 and is first received by the external firewall 14. In general, a firewall defines information (packets) that pass through a firewall on a definition table (for example, sets information such as a combination of a source IP address and a destination IP address in information to be passed). It is possible to prevent passage of undefined information in the definition table. However, since the IP address of the client terminal 28 that transmits the above distribution request information is indefinite, as shown in FIG. 4A, the definition table of the external firewall 14 includes a web page from any client terminal 28. Definition information (transmission source IP address:-(not set), destination IP address: A (IP address of the web server 20) information) that allows the distribution request information transmitted to the server 20 to pass is registered in advance. . Thereby, the distribution request information transmitted from the client terminal 28 and received by the external firewall 14 is transferred to the web server 20 through the external firewall 14 and received by the web server 20.

  Based on the transmission source IP address set in the received distribution request information, the web server 20 recognizes that the client terminal 28 (the customer who is operating the distribution request information) has not undergone authentication processing. . Then, the web server 20 reads the information on the login web page (login screen provided with user ID and password input fields) from the HDD 24 via the application server 22, and uses the read information as the client that requested the distribution. Transmit to the terminal 28 (see also step 54 in FIG. 2). The login screen information is also first received by the external firewall 14, but as shown in FIG. 4A, the definition table of the external firewall 14 is transmitted from the web server 20 to an arbitrary client terminal 28. Definition information (source IP address: A, destination IP address:-(unset) information) is registered in advance, so that the information passes through the external firewall 14 to the Internet 30. Sent out and received by the client terminal 28 of the distribution request source. Then, a login screen represented by information distributed from the web server 20 is displayed on the display device of the client terminal 28 by the browser activated on the client terminal 28 (see also step 56 in FIG. 2).

  When the login screen is displayed on the display device of the client terminal 28, the customer operating the client terminal 28 recognizes that the input of the user ID and password is required, and operates the input device of the client terminal 28. Thus, the user ID and password are entered in each entry field of the displayed login screen (see also step 58 in FIG. 2), and information indicating transmission is entered when the entry is completed. As a result, the client terminal 28 transmits information such as the user ID and password input by the customer to the web server 20 of the specific financial institution (see also step 60 in FIG. 2). Although not shown in FIG. 2, in the present embodiment, prior to the distribution of the login screen information from the web server 20 to the client terminal 28, in practice, between the client terminal 28 and the web server 20. Process for establishing encrypted communication session (determination of encryption algorithm, compression algorithm, etc., authentication of web server 20 based on server electronic certificate, authentication of client terminal 28 based on client electronic certificate, generation of common key And the above-described user ID and password are transmitted to the web server 20 in an encrypted state.

  Information such as a user ID and a password transmitted from the client terminal 28 passes through the Internet 30, passes through the external firewall 14, is received by the web server 20, and then transferred to the application server 22. Performs a user authentication process for checking whether or not the customer operating the client terminal 28 is a legitimate customer by searching whether or not the combination of the received user ID and password is registered in the authentication information DB. Perform (see also step 62 in FIG. 2). The user authentication process corresponds to the authentication process described in claim 4 and the customer specifying process described in claim 5, respectively.

  In this user authentication process, when it is confirmed that the customer operating the client terminal 28 is a legitimate customer (when the determination at step 64 in FIG. 2 is affirmed), the application server 22 uses the user ID. The customer information DB is searched using the key as a key to extract the customer attribute information from the customer information DB, or to request the transfer of information about the customer to a predetermined computer in the computer network 18 as necessary. Thus, information to be presented to the customer on the web page distributed to the client terminal 28 (for example, a message to the customer, a deposit balance of an account opened by the customer at a specific financial institution, etc.) is collected (FIG. 2). (See also step 66). Then, the application server 22 generates a web page to be distributed to the client terminal 28 based on the collected information and the web page information stored in the HDD 24, and the generated web page information is transmitted to the web server 20. To the client terminal 28 (see also step 68 in FIG. 2).

  When the information on the web page is received by the client terminal 28 via the Internet 30, the display device of the client terminal 28 has different information for each customer (specific to the customer who operates the client terminal 28). (For example, a message to the customer, a deposit balance of the account held by the customer, etc.) is displayed (see also step 70 in FIG. 2). Further, when the customer desires to execute an arbitrary financial transaction (for example, transfer or transfer, transaction details inquiry, etc.), the customer operates the input device of the client terminal 28 to execute the desired financial transaction. Is input (see also step 72 in FIG. 2). In this case, information (financial transaction instruction information) indicating an instruction input by the customer is transmitted from the client terminal 28 to the web server 20 (see also step 74 in FIG. 2).

  When the financial transaction instruction information is received by the web server 20 via the Internet 30 and then transferred to the application server 22, the application server 22 checks the content of the received financial transaction instruction information, and the financial transaction If there is no error in the contents of the instruction information, a process for executing the financial transaction instructed by the received financial transaction instruction information (for example, the received financial transaction instruction information is edited into information in a predetermined format and is instructed. The process of instructing the execution of the financial transaction is performed by transmitting to a predetermined computer in the computer network 18 that executes the financial transaction (see also step 76 in FIG. 2). Then, a web page for notifying the customer that execution of the instructed financial transaction has been accepted is generated, and information on the generated web page is transmitted to the client terminal 28 via the web server 20 (FIG. 2). (See also step 78). When the information on the web page is received by the client terminal 28 via the Internet 30, a web page notifying the customer that the execution of the designated financial transaction has been accepted is displayed on the display device of the client terminal 28. (See also step 80 in FIG. 2), the customer can recognize that the execution of the indicated financial transaction has been accepted.

  Subsequently, the customer who holds the credit card issued by the related card company operates the input device of the client terminal 28 to jump to the card related web page provided on the web page of the online financial transaction website. Processing when a jump to a card-related web page is instructed by selecting a link for the above will be described. In the present embodiment, the above link is associated with the URL managed by the web server 20 of the specific financial institution, and the above operation is performed by the customer (see also step 100 in FIG. 3). The distribution request information about the card-related web page to be transmitted (see also step 102 in FIG. 3) is transferred to the web server 20 and received by the web server 20.

  When the web server 20 receives distribution request information about the card-related web page (information requesting the distribution of the web page with the URL associated with the link) from the client terminal 28, the web server 20 receives the received distribution request information from the application server. The application server 22 searches the customer information DB by using the user ID of the customer who is operating the client terminal 28 recognized in the user authentication process described above as a key to search for the customer attribute information. And the card number (card number of the credit card held by the customer) included in the extracted attribute information is extracted (see also step 104 in FIG. 3). This card number corresponds to the customer attribute information described in claim 5. In addition, the application server 22 generates a session ID (for example, information such as the current time can be used as the session ID), and information such as the generated session ID and the previously extracted card number (related card company) Information to be transferred to the web server 38), a hash value is generated and added by a predetermined algorithm, and the information added with the hash value (referred to as transfer information) is different from the URL associated with the link. Information (redirect instruction information) for instructing the browser of the client terminal 28 to request a page with a predetermined URL is transmitted to the client terminal 28 via the web server 20 (see also step 106 in FIG. 3).

  When the redirection instruction information and the transfer information are received by the client terminal 28 via the Internet 30, a new screen is displayed on the display device of the client terminal 28 by the browser activated on the client terminal 28 (FIG. 3). Next, the redirect process is performed, and the distribution request information for requesting the distribution of the web page of the predetermined URL instructed by the redirect instruction information (the client terminal 28 includes the web server in the distribution request information). (Transfer information received from 20 is also added) is transmitted from the client terminal 28 (see also step 110 in FIG. 3), and this distribution request information is transferred to the web server 20 and received by the web server 20.

  In the present embodiment, the predetermined URL is used as a switch for determining whether or not the received distribution request information should be transferred to the web server 38 of the related card company, and the web server 20 is received from the client terminal 28. When it is detected that the distribution request information is information requesting distribution of a web page with a predetermined URL, it is determined that the received distribution request information is information to be transferred to the web server 38 of the associated card company (FIG. (See also step 112 in step 3). In this embodiment, VPN communication by the VPN routers 26 and 36 is performed as communication between the web server 20 of the specific financial institution and the web server 38 of the related card company. For this reason, the web server 20 adds information indicating that the final destination is the web server 38 of the related card company to the received distribution request information, and uses the information as an actual data part. Information in which the header part in which the IP address of the web server 20 is set as the transmission source and the IP address of the VPN router 26 as the destination is added to the data router is transmitted to the VPN router 26 (see FIG. 4B). Server (IP address: A) → VPN router (IP address: B) information)

  In this embodiment, the web server 20 and the VPN router 26 belong to different segments, and the external firewall 14 exists on the communication path from the web server 20 to the VPN router 26. For this reason, in the definition table of the external firewall 14, as shown in FIG. 4A, the definition information (source IP address: A) that passes the above information transmitted from the web server 20 to the VPN router 26 is included. (IP address of the web server 20) and destination IP address: B (IP address of the VPN router 26) are also registered in advance, and the information transmitted from the web server 20 passes through the external firewall 14. And received by the VPN router 26.

  On the other hand, destination conversion in the VPN router (addition of a new header part in which different destinations and transmission sources are set) is usually information (packets) for destination conversion and destination conversion for defining the destination / transmission source after conversion for the information. This is done by referring to the definition table. The VPN router 26 transmits the information received from the web server 20 to the VPN router 36 on the associated card company side, which is the original destination, and the destination of the information is the VPN router 36 and the transmission source is its own device (VPN). The definition information that defines the conversion to the router 26) is registered in advance in the destination conversion definition table (source IP address: A and destination IP address: B information shown in FIG. 4A). : B, destination IP address: C (refer to the information that defines the conversion to the IP address of the VPN router 36).

  When the VPN router 26 receives information from the web server 20, the VPN router 26 encrypts the received information using a key exchanged with the VPN router 36 using a communication protocol such as IKE (Internet Key Exchange). At the same time, the encrypted information is used as a real data part, and the IP address of the VPN router 26 as a transmission source and the VPN router 36 as a destination according to the definition information registered in the destination conversion definition table in the real data part. Information to which the header part in which the IP address is set is added is transmitted to the VPN router 36 (step 114 in FIG. 3 and VPN router (IP address: B) → VPN router (IP address: C) shown in FIG. 4B). See also information).

  Since the VPN router 26 is connected to the external firewall 14, the information transmitted from the VPN router 26 to the VPN router 36 is also temporarily received by the external firewall 14. For this reason, in the definition table of the external firewall 14, as shown in FIG. 4A, the definition information (source IP address: B, B) that passes the information transmitted from the VPN router 26 to the VPN router 36 is also included. Destination IP address: C (IP address of VPN router 36)) is also registered in advance, and the above information transmitted from the VPN router 26 passes through the external firewall 14, passes through the Internet 30 and the firewall 34. Is received by the VPN router 36 of the related card company system 32. Although illustration is omitted, definition information that allows the above information to pass is also set in the definition table of the firewall 34.

  When the VPN router 36 receives information from the VPN router 26, it removes the header portion of the received information and uses the key exchanged with the VPN router 26 for the actual data portion after removing the header portion. Decrypt. Thereby, the information transmitted from the web server 20 to the VPN router 26 is restored. As described above, the restored information includes the header portion in which the IP address of the web server 20 is set as the transmission source and the IP address of the VPN router 26 as the destination, and the final destination is the related card company in the distribution request information. It is composed of an actual data part to which information indicating that the web server 38 is added. Based on the information added to the actual data part, the VPN router 36 rewrites the IP address of the destination set in the header part to the IP address of the web server 38, and transmits it to the web server 38 as distribution request information. (See also step 116 in FIG. 3 and VPN router (IP address: C) → web server (IP address: D) information shown in FIG. 4B)).

  Upon receiving the above distribution request information, the web server 38 transfers the received distribution request information to the application server 40. The application server 40 uses the application server 22 of the specific financial institution from the transferred distribution request information. The generated transfer information is extracted, and a predetermined algorithm (same as the algorithm used by the application server 22 of the specific financial institution to generate the hash value) is used for information such as a session ID and a card number included in the extracted transfer information. The hash value is generated by the algorithm), and it is checked whether or not the transfer information is falsified by determining whether or not the generated hash value matches the hash value included in the transfer information. (See also step 118 in FIG. 3).

  When it is confirmed that the transfer information has not been tampered with, the customer operating the distribution request source client terminal 28 is searched by searching the customer information DB of the HDD 42 using the card number included in the transfer information as a key. Information to be presented to the customer (for example, a message to the customer, a payment amount of the customer, etc.) is collected. Then, the application server 40 generates a card-related web page to be distributed to the client terminal 28 based on the collected information and the web page information stored in the HDD 42, and the generated card-related web page information is generated as a web page. Transmit via server 38. However, as described above, in this embodiment, since VPN communication is performed by the VPN routers 26 and 36 as communication between the web server 20 of the specific financial institution and the web server 38 of the related card company, the web server 38 adds information indicating that the final destination is the web server 20 of the specific financial institution to the information on the card-related web page to be transmitted, embeds the transfer information described above, and implements the information. A data part is transmitted to the VPN router 36, with information added with a header part in which the IP address of the web server 38 is set as the transmission source and the IP address of the VPN router 36 is set as the destination. (See also step 120).

  The VPN router 36 sends the information received from the web server 38 to the VPN router 26 on the specific financial institution side which is the original destination, and the destination of the information is the VPN router 26 and the transmission source is the own device (VPN). The definition information that defines the conversion to the router 36) is registered in advance in the destination conversion definition table (source IP address: D and destination IP address: C information shown in FIG. 4A). : C, destination IP address: see information defining that conversion to B). When the VPN router 36 receives information from the web server 38, the VPN router 36 encrypts the received information using a key exchanged with the VPN router 26, and uses the encrypted information as a real data part. Information in which the actual data portion is added with a header portion in which the IP address of the VPN router 36 is set as the transmission source and the IP address of the VPN router 26 is set as the transmission destination in accordance with the definition information registered in the destination conversion definition table. Is transmitted to the VPN router 26 (see also step 124 in FIG. 3).

  Definition information for allowing the above information to pass is also set in the definition table of the firewall 34 (not shown), and the information transmitted from the VPN router 36 passes through the firewall 34 and passes through the Internet 30 to a financial institution. It is received once by the external firewall 14 of the internal system 12. As shown in FIG. 4A, in the definition table of the external firewall 14, definition information (source IP address: C, destination IP address: that passes the above information transmitted from the VPN router 36 to the VPN router 26). B information) is also registered in advance, and the information transmitted from the VPN router 36 is received by the VPN router 26 through the external firewall 14.

  When the VPN router 26 receives information from the VPN router 36, it removes the header portion of the received information and uses the key exchanged with the VPN router 36 for the actual data portion after the header portion is removed. Decrypt. As a result, the information transmitted from the web server 38 to the VPN router 36 is restored. The restored information includes a header portion in which the IP address of the web server 38 is set as the transmission source and the IP address of the VPN router 36 as the destination, and the final destination is the web of the specific financial institution in the information on the card related web page. -It is comprised from the real data part to which the information showing that it is the server 20 is added. Based on the information added to the actual data part, the VPN router 26 rewrites the IP address of the destination set in the header part to the IP address of the web server 20 and transmits it to the web server 20 (FIG. 3). (See also step 126).

  The above information is also temporarily received by the external firewall 14, but as shown in FIG. 4A, the definition table of the external firewall 14 passes the above information transmitted from the VPN router 26 to the web server 20. Definition information (source IP address: B, destination IP address: A) is registered in advance, and the information transmitted from the VPN router 26 is received by the web server 20 through the external firewall 14. Is done. When the web server 20 recognizes that the information received from the VPN router 26 is originally the card-related web page information transmitted from the web server 38 of the related card company system 32, the web server 20 stores the information. Then, the distribution request information for requesting the distribution of the card related web page is transmitted to the client terminal 28 that has received it. When the information on the web page passes through the external firewall 14 and is received by the client terminal 28 via the Internet 30, the display device of the client terminal 28 has different information (for example, the client terminal 28) for each customer. A card-related web page that presents a message to the customer who is operating the card, the payment amount, etc. (see also step 128 in FIG. 3).

  Further, a customer who refers to the card-related web page displayed on the display device presents a card-related web page different from the displayed web page (for example, a web page that presents the usage details of a credit card or service registration contents). When it is desired to browse the web page), the customer operates the input device of the client terminal 28 to instruct a distribution request for another card-related web page (see also step 130 in FIG. 3). In this case, information (distribution request information) representing an instruction input by the customer is transmitted from the client terminal 28 to the web server 20 (see also step 132 in FIG. 3). It should be noted that transfer information (card number, session ID, etc.) is embedded in the information of the card-related web page previously received by the client terminal 28 as described above, and the distribution request information transmitted from the client terminal 28. Also, the above transfer information is embedded.

  When the delivery request information is received by the web server 20, the delivery request information received by the web server 20 is based on the fact that the transfer information is embedded in the received delivery request information. It is determined that the information should be transferred to the server 38 (see also step 134 in FIG. 3), and information indicating that the final destination is the web server 38 of the related card company is added to the received distribution request information. In addition, this information is used as a real data part, and information obtained by adding a header part in which the IP address of the web server 20 is set as the transmission source and the IP address of the VPN router 26 is set as the destination is added to the real data part. 26. This information passes through the external firewall 14 and is received by the VPN router 26. The VPN router 26 encrypts the information received from the web server 20, and uses the encrypted information as a real data part. In accordance with the above definition information registered in the destination conversion definition table, the VPN router 36 includes information in which a header portion in which the IP address of the VPN router 26 is set as a transmission source and the IP address of the VPN router 36 is set as a destination is added to the VPN router 36. (See also step 136 in FIG. 3).

  The information transmitted from the VPN router 26 passes through the external firewall 14 and is received by the VPN router 36 of the related card company system 32 via the Internet 30 and the firewall 34. The VPN router 36 removes the header part of the information received from the VPN router 26 and decrypts the real data part after removing the header part, thereby obtaining the information transmitted from the web server 20 to the VPN router 26. The destination IP address set in the header portion of the restored information is rewritten to the IP address of the web server 38 and transmitted to the web server 38 as distribution request information (see also step 138 in FIG. 3).

  When the web server 38 receives the above distribution request information, it transfers the received distribution request information to the application server 40, and the application server 40 extracts the transfer information embedded in the transferred distribution request information. Information that is presented to the customer on the card-related web page for which distribution is requested (for example, (for example, credit card usage details) by searching the customer information DB of the HDD 42 using the card number included in the extracted transfer information as a key 3 (see also step 140 in FIG. 3), and the application server 40 distributes it to the client terminal 28 based on the collected information and the web page information stored in the HDD 42. Card-related web page to be generated, and the generated card-related web page Information indicating that the final destination is the web server 20 of the specific financial institution and the transfer information are embedded in the information, and the information is used as a real data part. The information with the header part in which the IP address of the server 38 is set as the destination and the IP address of the VPN router 36 is sent to the VPN router 36 (see also step 142 in FIG. 3).

  When the VPN router 36 receives the information from the web server 38, the VPN router 36 encrypts the received information, and uses the encrypted information as a real data portion. In the real data portion, the IP address of the VPN router 36 is set as a transmission source. Is sent to the VPN router 26 with the header portion in which the IP address of the VPN router 26 is set as the destination (see also step 144 in FIG. 3). The information transmitted from the VPN router 36 passes through the firewall 34, passes through the Internet 30, passes through the external firewall 14, and is received by the VPN router 26. When the VPN router 26 receives information from the VPN router 36, the VPN router 26 removes the header portion of the received information and decrypts the real data portion after removing the header portion, so that the VPN router 36 transmits the information from the web server 38. Is restored, and the destination IP address set in the header of the restored information is rewritten to the IP address of the web server 20 and transmitted to the web server 20 (see also step 146 in FIG. 3). ).

  The information transmitted from the VPN router 26 passes through the external firewall 14 and is received by the web server 20. When the web server 20 recognizes that the information received from the VPN router 26 is originally the card-related web page information transmitted from the web server 38 of the related card company system 32, the received information is It transmits to the client terminal 28 which is the transmission source of the distribution request information received earlier. When this information passes through the external firewall 14 and is received by the client terminal 28 via the Internet 30, a new card-related web page requested by the customer is displayed on the display device of the client terminal 28. (See also step 148 in FIG. 3).

  As described above, in the institutional financial institution 12 according to the present embodiment, unencrypted information transmitted and received between the VPN router 26 and the web server 20 is communicated on the Internet 30 side with respect to the external firewall 14. Since the route is not transmitted, the web server 20 of a specific financial institution and the web server 38 of an associated card company are compared with the case where the VPN router 26 is arranged between the external firewall 14 and the Internet 30. It is possible to suppress the risk that information transmitted and received between the devices will be stolen.

  In this embodiment, since the VPN router 26 is connected to the external firewall 14 as a separate segment from the web server 20, information transmitted and received between the VPN router 26 and the web server 20 is always an external firewall. Since the external firewall 14 is set so that the information once received by the wall 14 and the destination and the source converted in accordance with the VPN communication by the VPN router 26 is passed, the unauthorized access to the VPN router 26 has succeeded. However, unauthorized access to the web server 20 is not easy, and when the VPN router 26 is disposed between the external firewall 14 and the web server 20 (when the VPN router 26 and the web server 20 are disposed in the same segment). Unauthorized access to the web server 20 compared to It is possible to improve the difficulty. Therefore, the financial institution system 12 according to the present embodiment can ensure high security.

  In this embodiment, when the online financial transaction website is accessed by the client terminal 28, the web server 20 of the specific financial institution performs an authentication process for the client terminal 28 (the customer who operates the client terminal 28). When the distribution request information for requesting the distribution of the card related web page is received from the client terminal 28 that has confirmed that the operator is an authorized customer by the authentication process, the received distribution request information is sent to the web server 38 of the card related company. Therefore, in the web server 38 and the application server 40 of the card affiliated company, the client terminal 28 that is the transmission source of the distribution request information transferred from the web server 20 indicates that the operator is an authorized customer by the authentication process. It is assumed that the client terminal 28 has been confirmed to exist. Succoth can, it is possible to perform processing to deliver a card-related web page without performing an authentication process to the client terminal 28 (customer you are working with). Thereby, when a customer browses a card related web page, it becomes unnecessary to input a user ID and a password again, and the convenience of the customer can be improved. In addition, since it is not necessary for the related card company system 32 to store authentication information for authenticating the customer, the configuration of the related card company system 32 can be simplified, and the related card company system Since the authentication process on the 32nd side becomes unnecessary, the load applied to the web server 38 and the application server 40 of the card related company can be reduced.

  Furthermore, in this embodiment, when the application server 22 of a specific financial institution receives distribution request information requesting distribution of a card-related web page from the client terminal 28, the customer's user ID recognized during the authentication process is used as a key. By retrieving the information DB, the card number of the credit card possessed by the customer is acquired, and the distribution request information added with the distribution request information with the acquired card number added is transferred to the web server 38 of the card affiliated company. Therefore, in the web server 38 and the application server 40 of the card-related company, the customer operating the client terminal 28 that is the transmission source of the distribution request information transferred from the web server 20 adds to the distribution request information. To be a customer who has a credit card with a given card number A process of delivering a card related web page without performing a process for specifying a customer (in this embodiment, the authentication process performed by the application server 22 also serves as a process for specifying a customer). It can be carried out. Thereby, when a customer browses a card related web page, it becomes unnecessary to input information (for example, user ID) for specifying a customer, and the convenience of a customer can be improved. Further, since it is not necessary to perform processing for specifying a customer on the related card company internal system 32 side, it is possible to reduce the load applied to the web server 38 and the application server 40 of the card related company.

  In the above description, for simplicity of explanation, the related card company system 32 has a configuration in which a VPN router 36 and a web server 38 are sequentially connected to a firewall 34 (the VPN router 36 and the web server 38 are in the same segment). However, the present invention is not limited to this. For the related card company system 32, the VPN router 36 is separated from the web server 38 in the same manner as the financial institution system 12. It goes without saying that a configuration arranged in the segment may be adopted.

  Further, in the above description, in the firewall such as the external firewall 14, the example in which the upstream information and the downstream information that pass through the firewall are defined on the definition table has been described, but the present invention is not limited to this. For example, only uplink information is defined on the definition table, and when downlink information is received, it is determined whether or not the response is for uplink information based on the TCP / IP session ID set in the received information. By doing so, a firewall configured to select pass / block may be used.

  Further, in the above, the web server 20 and the application server 22 that operate a website for online financial transactions (deliver a web page for instructing execution of financial transactions online) as the first computer according to the present invention, Although the example which applied the web server 38 and the application server 40 which perform the process which delivers a card-related web page as a 2nd computer based on this invention was demonstrated, it is not limited to this, The 1st and 2nd The computer may be a web server or application server that distributes web pages other than those described above, and the present invention is used when linking arbitrary web pages (web sites) stored and managed in different web servers. Applicable. In the present invention, the first and second computers may be computers that perform processing other than web page distribution.

It is a schematic block diagram of the computer system which concerns on this embodiment. It is a sequence diagram which shows a normal sequence when the website of a financial institution is accessed. FIG. 10 is a sequence diagram showing a sequence when a jump from a financial institution site to an associated card company page in the site is instructed. (A) is a conceptual diagram showing an example of firewall and VPN router settings, and (B) is a conceptual diagram showing an example of information (IP packets) sent and received between a web server and a VPN router.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Computer system 12 Financial institution system 14 External firewall 20 Web server 22 Application server 24 HDD
26 VPN router 28 Client terminal 30 Internet 32 Related card company system 34 Firewall 36 VPN router 38 Web server 40 Application server 42 HDD

Claims (5)

A firewall device connected to a predetermined network to which a second computer provided with a second VPN device is connected;
A first computer connected to the firewall device;
It is connected to the firewall device as a separate segment from the first computer, encrypts information received from the first computer addressed to the own device, converts the transmission source to the own device, and converts the destination to the second VPN device. A first VPN device that transmits and decrypts the encrypted information received from the second VPN device addressed to the device, converts the transmission source to the device and the destination to the first computer, and
Including
The first computer transmits information to be transmitted to the second computer to the first VPN device,
The firewall device has a source that is the first computer and a destination that is the information of the first VPN device, a source that is the first VPN device and a destination that is the information of the second VPN device, and a source that is the source The second VPN device has a destination set to pass the information of the first VPN device, and the transmission source is set to pass the first VPN device and the destination has to pass the information of the first computer. Computer system. The predetermined network is the Internet;
The first computer includes a first storage device that stores information on a first web page, and receives information requesting transmission of the information on the first web page from an external unspecified computer via the Internet. Each time, it has a function as a web server that reads the information of the first web page from the first storage device and transmits it to the external computer that is the transmission request source,
The firewall apparatus passes information destined for the first computer received from an external unspecified computer via the Internet and information destined for the external unspecified computer received from the first computer. The computer system according to claim 1, wherein the computer system is set. The second computer transmits to the external computer when a specific option in the first web page is selected while the first web page is displayed on a display device of the external computer. A computer comprising a second storage device for storing information of a second web page to be
When the first computer receives information requesting transmission of the information on the second web page by selecting the specific option from an external computer that has transmitted the information on the first web page In addition, after transmitting information requesting the second computer to transmit the information of the second web page to the first VPN device, the second computer transmits the information to the second VPN device and the Internet. The second web page information received via the firewall device, the first VPN device, and the firewall device is transmitted to the external computer that is the transmission request source. The computer system according to claim 2. The first and second web pages are web pages provided only to authorized customers whose customer identification information and authentication information are registered in the first storage device,
When the first computer receives information requesting transmission of information on the first web page from an external computer, the first computer transmits information requesting transmission of customer identification information and authentication information to the external computer, When customer identification information and authentication information are received from the external computer according to an instruction from an operator of the external computer, the received customer identification information and authentication information are registered in the first storage device. The authentication process for confirming whether or not the operator is an authorized customer is performed by comparing with the above, and only when the operator confirms that the operator is an authorized customer by the authentication process. The information on one web page is transmitted to the external computer, and the operator confirms that the operator is an authorized customer. When information requesting transmission of information on the second web page is received, information requesting the second computer to transmit information on the second web page is addressed to the first VPN device. 4. The computer system according to claim 3, wherein the transmission is performed. The first and second web pages are web pages that provide different information for each individual customer,
The first storage device stores individual customer attribute information;
When the first computer receives information requesting transmission of the information of the first web page from an external computer, the first computer performs processing for identifying a customer who is operating the external computer, and stores the information in the first storage device. Based on the stored attribute information of the specified customer, a first web page corresponding to the specified customer is generated as the first web page, and the generated information on the first web page is used as the external web page. To the second computer, the information is transmitted to the first VPN device when the information requesting the transmission of the information of the second web page is received from the external computer. 4. The computer according to claim 3, wherein the attribute information of the identified customer is added to information requesting transmission of information of the second web page. System.

Images