JP2009086825A - Information leakage prevention system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information leakage prevention system for managing removal of a large volume of data easily and sufficiently. <P>SOLUTION: The system comprises a user terminal 1 communicatably connected through a network 3 and a management server 2 for managing removal of files. The user terminal 1 comprises a storage means 12 for storing removal right information and a removal management means 11 for managing removal based on the removal right information. The management server 2 comprises: an authentication processing means 21 for performing user authentication; a removal right information management means 22 for managing the removal right information; a removal quota management means 23 for managing data sizes of files to be removed; and a database 24 that stores a table 24A in which authentication information is set for each user, a table 24B in which file removal right information is set for each user, and a table 24C in which information for managing sizes of files to be removed by quota is set. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an information leakage prevention system for preventing information leakage due to output of data to an external medium, a network drive, or the like.

  Conventionally, a technique for preventing information leakage via a user terminal is known (see, for example, Patent Documents 1 and 2 and Non-Patent Document 1). Specifically, there is a technique of setting permission or non-permission for each user to take out data to an external medium, a network drive, etc., and managing based on this information.

  Non-Patent Document 1 sets permission or disapproval of data export for each user on the management server side, such as removable media, external bird disk, network drive, printer, etc. File export is prohibited until authentication is received from the management server. After authentication, file export is permitted or prohibited according to the permission / non-permission of export set for each user. It is possible to prevent.

In addition, a method has been proposed in which a user's file export log is acquired to detect an unauthorized operation of the user and to suppress the risk of information leakage. For example, Japanese Patent Application Laid-Open No. 2004-151561 describes a technique for monitoring file transmission / reception by a user and detecting transmission / reception satisfying a predetermined condition.
JP 2002-359648 A JP 2006-301798 A Information leakage prevention by take-out control, Hitachi Software Engineering Co., Ltd. [Search August 6, 2007], Internet <URL: http://hitachisoft.jp/hibun/product/ae_if.html>

  However, the conventional information leakage prevention system has a problem that a large amount of data cannot be easily and sufficiently managed. With simple permission / denial, it is not possible to sufficiently manage the export of large amounts of data. Therefore, files containing large amounts of highly sensitive and important information are maliciously copied or printed on an external medium. There is a threat that information is leaked to the outside. In addition, when a user takes a file containing a large amount of important information with high confidentiality to the outside and the recorded medium is lost by mistake, large-scale leakage of confidential information will occur.

  In addition, there are those that can specify the data size of a file to be taken out in units of bytes. However, it is cumbersome and time-consuming to set the data size of the judgment criteria for whether to take out appropriately to a value that is easy to operate while considering the difference in data size between different file formats. Was an operational obstacle.

  In view of the above situation, an object of the present invention is to provide an information leakage prevention system capable of easily and sufficiently managing the export of a large amount of data.

In order to solve the above problems, the present invention provides the following configurations.
The invention according to claim 1 includes a user terminal and a management server that are communicably connected via a network, and the user terminal obtains information from the management server and takes out a file that is an output of data to the outside In the information leakage prevention system for managing the file, the management server has a user ID, take-out authority information on the take-out destination permitted to take out the file for each user ID, and the file size for each user ID related to the file take-out And export quota information for managing the upper limit and remaining amount of the file, and managing the export destination and file size upper limit for file export, and the user terminal inputs a user ID and password to the user And receiving authentication information from the management server and receiving take-out authority information corresponding to the user ID. When the export is performed, the suitability of the export destination is determined based on the received export authority information, and when the export destination is approved, the user ID and the file size related to the export of the file are , And when it is determined that the file size of the user ID is less than or equal to the remaining amount of the file size of the user ID, it is determined that the file size is less than or equal to the remaining amount of the file size of the user ID And

  According to the first aspect of the present invention, a user terminal and a management server that are communicably connected via a network are provided, and the user terminal obtains information from the management server and takes out a file that is output to the outside of the data In the information leakage prevention system for managing files, the management server includes a user ID, take-out authority information relating to a take-out destination permitted to take out a file for each user ID, an upper limit of the file size for each user ID related to file take-out, and The export quota information for managing the remaining amount is stored, the export destination for file export and the upper limit of the file size are managed, the user terminal allows the user to input the user ID and password, and from the management server When the export authority information corresponding to the user ID is received after authentication and the file is exported, the received export When the export destination is approved based on the authority information and the export destination is approved, the user ID and the file size relating to the file export are transmitted to the management server, and the remaining file size of the user ID If it is determined whether or not the file size is less than or equal to the remaining amount of the file size of the user ID, file export is permitted, so that a large amount of data can be managed easily and sufficiently. A possible information leakage prevention system can be realized.

Hereinafter, embodiments of the present invention will be described with reference to the drawings showing examples.
FIG. 1 is a block diagram schematically showing an embodiment of an information leakage prevention system according to the present invention. As shown in FIG. 1, the information leakage prevention system is connected to a user terminal 1 that is communicably connected via a network 3 and outputs data such as files to the outside (hereinafter simply referred to as file export, data The management server 2 for managing the file size).

  The user terminal 1 includes, for example, a carry-out management unit 11 configured by a program and performing predetermined processing necessary for managing file export, and export authority information 12A required for managing file export and described in detail below. Storage means 12 for storing. Here, it is assumed that the takeout management means 11 performs authentication necessary for managing file takeout, such as authentication information including a user ID and password, and encryption of the takeout authority information 12A. Hereinafter, description will be made assuming that the authentication information includes a user ID and a password.

  The management server 2 includes an authentication information management table 24A in which authentication information for each user is set, a take-out authority management table 24B in which take-out authority information relating to authority for each user regarding file export is set, and file export data A take-out control management database (hereinafter simply referred to as a take-out control management DB) 24 storing a take-out quota management table 24C in which information for managing the amount of data in units of quota (hereinafter referred to as take-out quota information) is set. Prepare.

FIG. 2 is a conceptual diagram illustrating each table stored in the take-out control management database.
In the authentication information management table 24A, a user ID 201 and a password 202 referred to by user authentication are set. An arbitrary alphanumeric character string is set for the user ID 201 and the password 202. Since the user ID 201 is a primary key of each table, uniqueness is maintained so as not to overlap.

  In the take-out authority management table 24B, a user ID 201 and take-out authority information 203 are set. The export authority information 203 includes “permitted” or “non-permitted” in units of data output destinations (hereinafter referred to as “export destinations”) such as removable media, external bird disks, network drives, and printing. Is set.

  A user ID 201 and take-out quota information are set in the take-out quota management table 24C. In the take-out quota information, a take-out quota remaining amount 204, a maximum take-out quota value 205 for each set user, and the like are set. Here, the maximum value of the export quota means the upper limit of the total amount of data that can be exported, and the remaining quota of the export quota means the remaining quota after the file is exported. In the take-out quota information, for example, a numerical value is set in units of bytes.

  The management server 2 can further generate, for example, a GUI (Graphical User Interface) and the like, an authentication processing unit 21 that performs predetermined processing such as user authentication based on the received authentication information, and a take-out authority management table A take-out authority information managing unit 22 for managing 24B, a take-out quota management table 24C, and a take-out quota managing unit 23 for managing the file size of the file related to file take-out are provided.

  Here, the authentication processing means 21 can set the user ID 201 and the password 202, which are used as verification originals in the user authentication, in the authentication information management table 24A, and can decrypt the received user ID and password as necessary. The user ID and password are verified against the verification original set in the authentication information management table 24A to perform user authentication.

  The take-out authority information management means 22 makes it possible to set the take-out authority information 203 for each user in the take-out authority management table 24B, and outputs the take-out authority information 203 in response to a request. The take-out quota management means 23 can set the maximum value of the take-out quota for each user in the take-out quota management table 24C, record the remaining amount of the take-out quota in the take-out quota management table 24C, and take out the data when taking out the file. Manage file size.

FIG. 3 is a flowchart illustrating processing performed when the user terminal logs in.
When the user ID and password are input to the user terminal 1, the carry-out management unit 11 encrypts the input user ID and password and transmits them to the management server 2 (S101).

  Next, the management server 2 receives the user ID and password, and decrypts the user ID and password received by the authentication processing means 21 (S102). As a result, the user ID and password of the user to be authenticated are obtained. Next, the authentication processing means 21 refers to the authentication information management table 24A, compares the user ID and password of this user with the user ID and password of the verification source (S103), and determines whether or not authentication has been performed. (S104).

  When authentication is obtained in step S104, the takeout authority information management unit 22 reads out the takeout authority information 203 corresponding to the user ID from the takeout authority management table 24B, and the management server 2 returns (S105). The takeout authority information 203 is received, and the takeout management means 11 encrypts the takeout authority information 203 and stores it in the storage means 12 (S106).

  If authentication is not obtained in step S104, the management server 2 returns a message indicating that user authentication has failed (S107), and the user terminal 1 receives and displays, for example, a dialog indicating that user authentication has failed (S108).

FIG. 4 is a flowchart for explaining processing performed in connection with file export.
When a file export operation is performed on the user terminal 1, the export management unit 11 compares the export destination with the export authority information 12A stored in the storage unit 12 (S201), and whether the export destination is approved. It is determined whether or not (S202).

  When it is determined in step S202 that the export destination is not approved, the export management unit 11 prohibits file export, that is, data output to the outside (S203), and when it is determined that the export destination is approved, the export management unit 11 Transmits the user ID input to the user terminal 1 and the file size of the data to be taken out to the management server 2 (S204).

  When the user ID and the file size are transmitted in step S204, the management server 2 receives them, and the export quota management means 23 refers to the export quota management table 24C to store the remaining export quota corresponding to the user ID. The amount is acquired and the remaining amount of the export quota assigned to the user is compared with the received file size (S205), and it is determined whether the file size exceeds the remaining amount of the export quota (S206).

  When it is determined in step S206 that the file size exceeds the remaining amount of the export quota, the export quota management means 23 returns a message to that effect to the user terminal 1 (S207), and the user terminal 1 is short of the remaining amount of the export quota. Is displayed (S208), and the export management unit 11 prohibits file export to the outside (S203).

  When it is determined in step S206 that the file size does not exceed the remaining capacity of the export quota, the export quota management unit 23 updates the remaining capacity of the export quota by subtracting the file size from the remaining capacity of the export quota (S209). The file export permission and the updated export quota remaining amount are returned to the user terminal 1 (S210). The user terminal 1 receives the information returned from the management server 2 and displays a dialog indicating the remaining amount of the updated export quota (S211), and the export management unit 11 permits file export to the outside (S212).

  FIG. 5 is a flowchart for explaining the setting processing of take-out quota information. Here, it is assumed that the administrator selects several sample files in the management server 2 and stores them in the directory as a guide for the size of the file to be taken out per time, and sets the number of times of the carry-out and the file compression option. .

  First, the take-out quota management means 23 determines whether or not the selected sample file is stored in a predetermined directory (S301), and continues this process until it is stored. It is determined whether or not the compression option has been set (S302), and this process is continued until it is set.

  Next, the export quota management unit 23 determines whether or not the set file compression option is on (S303). When it is determined that the file compression option is on, all the selected files are compressed. Then, the file sizes are added together to obtain a reference size for one export (S304). When it is determined in step S303 that the file compression option is not on, that is, it is turned off, the export quota management unit 23 adds the file sizes of all the selected files to obtain a reference size for one export (S305). .

  Next, the take-out quota management means 23 calculates and holds the product of the standard size for one take-out and the take-out guide count (S306), and displays a dialog asking whether or not the maximum value of the take-out quota needs to be initialized. (S307). Here, when the administrator inputs that the maximum value of the take-out quota is to be initialized, the administrator specifies the user ID to be initialized.

  Next, the take-out quota management means 23 determines whether or not the input to the dialog displayed in step S307 indicates initialization of the maximum value of the take-out quota (S308), and initialization of the maximum value of the take-out quota in step S308. Is determined, the maximum value of the export quota for the specified user ID is initialized (S309). If it is determined in step S308 that initialization of the maximum value of the take-out quota is not indicated, the process ends.

FIG. 6 is a flowchart for explaining the replenishment processing for the remaining amount of the take-out quota. Here, it is assumed that the remaining amount of the take-out quota is supplemented with a maximum value or a value designated by the administrator.
First, the take-out quota management means 23 displays a dialog asking whether or not the remaining amount of the take-out quota is to be initialized (S401). Here, the management server 2 specifies the response to the display in step S401 and the target user ID.

  Next, the take-out quota management unit 23 determines whether or not to perform initialization (S402), and when it is determined to perform initialization, the remaining amount of the take-out quota of the specified user ID is determined for the corresponding take-out quota. Initialization is performed with the maximum value (S403). When it is determined in step S402 that the initialization is not performed, the take-out quota management unit 23 displays a dialog prompting the designation of the remaining amount (S404).

  Next, the take-out quota management means 23 determines whether or not the designated value input for the dialog display in step S404 is less than or equal to the maximum take-out quota value of the designated user ID (S405). When it is determined, the remaining amount of the quota for the designated user ID is initialized with the designated value (S406). When it is determined in step S405 that the specified value is not less than the maximum value of the export quota for the specified user ID, the export quota management means 23 displays an error message indicating that the remaining amount of the export quota exceeds the maximum value. (S407).

1 is a block diagram schematically showing an embodiment of an information leakage prevention system according to the present invention. It is a conceptual diagram explaining each table stored in a take-out control management database. It is a flowchart explaining the process performed when there exists login in a user terminal. It is a flowchart explaining the process performed in relation to file export. It is a flowchart explaining the setting process of take-out quota information. It is a flowchart explaining the replenishment process of the remaining amount of take-out quota.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 User terminal 2 Management server 3 Network 11 Export management means 12 Storage means 12A Export authority information 21 Authentication processing means 22 Export authority information management means 23 Export quota management means 24 Export control management database 24A Authentication information management table 24B Export authority management table 24C Take-out quota management table 201 User ID
202 Password 203 Exporting authority information 204 Remaining amount of export quota 205 Maximum value of export quota

Claims (1)

In an information leakage prevention system comprising a user terminal and a management server that are communicably connected via a network, wherein the user terminal obtains information from the management server and manages file export that is an output of data to the outside ,
In order for the management server to manage the user ID, the export authority information related to the export destination where the export of the file for each user ID is permitted, and the upper limit and remaining amount of the file size for each user ID related to the export of the file File export quota information, and manage the export destination and file size upper limit for file export,
When the user terminal allows the user to input a user ID and a password, obtains authentication from the management server, receives take-out authority information corresponding to the user ID, and when the file is taken out, the received take-out authority information The user ID and the file size relating to the file export are transmitted to the management server when the export destination is approved, and the remaining file size of the user ID is determined. An information leakage prevention system characterized in that, when it is determined whether or not the file size is less than or equal to the amount, and when it is determined that the file size is less than or equal to the remaining file size of the user ID, file export is permitted.

Images