JP2009163373A - Client terminal equipment, relay server, information processing system, control method for client terminal equipment, control method for relay server and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To ensure the security of encryption communication, and to execute the management and inspection of information without destroying the framework of cryptography such as the decryption of encrypted data by a third person when performing encryption communication. <P>SOLUTION: Client terminal equipment 100 is configured to specify an application for performing encryption communication to a HTTPS Web server 150, and to extract data prior to the encryption communication, that is, data to be transmitted through a specified application to a relay server 110. Then, the client terminal equipment 100 decides whether or not the extracted data satisfy the conditions of an inspection reference rule deciding conditions for performing the encryption communication with the HTTPS Web server 150, and transmits the decision result to a relay server 110. The relay server 110 decides whether or not to transmit the data from the client terminal equipment 100 to the HTTPS Web server 150 in response to a decision result transmitted from the client terminal equipment 100. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a client terminal device configured to be able to perform encrypted communication with an encrypted communication server and a control method thereof, a relay server that relays encrypted communication between the client terminal device and the encrypted communication server, and a control method thereof The present invention relates to an information processing system having a client terminal device and a relay server, and a program for causing a computer to execute the control method described above.

  With the development of network technology in recent years, the cost of information exchange has dropped dramatically, and individuals and companies can now communicate information efficiently through various services using the Internet, such as e-mail and web services. It was.

  However, organizations such as corporations, in particular, have been required to respond clearly to information management due to the enforcement of the Personal Information Protection Law. For example, as a measure against information leakage in a company, the content of an email sent externally from inside to outside is checked, and if the organization meets a predetermined standard, the email is permitted to be sent outside. Many companies have introduced information leakage countermeasure systems.

  Furthermore, not only a conventional information leakage countermeasure system for e-mail using SMTP (Simple Mail Transfer Protocol) but also a web service using HTTP (HyperText Transfer Protocol) as an information leakage path. For example, measures against posting to an electronic bulletin board system on the Internet and information leakage using a web mail service.

  For example, Patent Document 1 discloses that a service on the Internet is specified by a URL (Uniform Resource Locator) and information transmission is controlled for the service, which is different from the conventional electronic mail (SMTP). Information leakage countermeasures have been taken for protocol (HTTP) data without losing the convenience of the Internet.

  On the other hand, various services on the Internet themselves are increasingly working on information leakage countermeasures in response to recent reports of information leakage incidents and the improvement of user safety awareness. In particular, with regard to the webmail service, it employs HTTPS encrypted HTTP to prevent eavesdropping on the communication path, and prove that the server that provides the webmail service is not a fake. The place to carry out is increasing.

JP 2004-348202 A

  When such an encrypted web mail service is used from within an organization, since the information is encrypted when the information is transmitted from the user's terminal device, a malicious user can By deceiving the information leakage system, it is possible to intentionally leak information to the outside.

  Therefore, as a method for managing clear information in an organization, it is a general and simple measure to set a relay server in the organization in a blacklist manner so that a web mail service using HTTPS cannot be used. Often adopted as. However, with this blacklist method, it takes time to respond to new services, is incapable of publicly available sites, and can only be restricted on a host basis. There is an inadequate method.

  On the other hand, a management method using a man-in-the-middle attack method has also been proposed. This method is a method in which encrypted communication between a client terminal device, a relay server, and a web server that provides a web service is divided by functioning as a relay server, and the encrypted communication is decrypted in the relay server. .

  However, in this method, when viewed from the client terminal device, communication encryption is performed, but authentication of the relay server is only possible and authentication of the destination web server is impossible. For this reason, the management method using the man-in-the-middle attack method described above leaks information to the outside instead of being able to perform management and inspection of information without the user being aware even when accessing a fake web server. The risk of doing so will also increase and is not necessarily recommended.

  As described above, in order to implement clear information management including an encrypted web service, the safety of HTTPS is also ensured in the same manner as the conventional information leakage countermeasure system for SMTP and HTTP. There is a need for a method that can manage and inspect information without compromising performance.

  That is, in the past, when managing and inspecting information using encrypted communication, the security of encrypted communication is ensured without breaking the cryptographic framework such as decryption of encrypted communication by a third party. There was a problem that was difficult.

  The present invention has been made in view of the above-mentioned problems, and when performing management and inspection of information using encrypted communication, without breaking the cryptographic framework such as decryption of encrypted communication by a third party, An object is to enable management and inspection of information while ensuring the security of encrypted communication.

  An information processing system of the present invention includes a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, a relay server that relays encrypted communication between the client terminal device and the encrypted communication server, The client terminal device includes: a storage unit that stores rules in which conditions for performing encrypted communication with the encrypted communication server are stored; and an encryption method for the encrypted communication server. Specifying means for specifying an application for performing encrypted communication; and extracting means for extracting data transmitted to the relay server via the application specified by the specifying means before performing the encrypted communication; And first determination means for determining whether or not the data extracted by the extraction means satisfies a condition of the rule. Server has a determining means in response to said first determined by the determination means a determination result, determines whether to transmit the data to the encrypted communication server.

  According to another aspect of the information processing system of the present invention, a client terminal device configured to be capable of encrypted communication with an encrypted communication server, and relaying encrypted communication between the client terminal device and the encrypted communication server An information processing system including a relay server, wherein the client terminal device includes an identifying unit that identifies an application that performs encrypted communication with the encrypted communication server, and data before performing the encrypted communication. And extracting means for extracting data transmitted to the relay server via the application specified by the specifying means, wherein the relay server performs encrypted communication with the encrypted communication server. It is determined whether the storage means for storing the rule for which the condition is defined and the data extracted by the extraction means satisfy the rule condition. Has a first determining means, in response to said first determination means determined to be the determination result, and determining means for determining whether to transmit the data to the encrypted communication servers.

  A client terminal device of the present invention includes a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, a relay server that relays encrypted communication between the client terminal device and the encrypted communication server, And a storage means for storing a rule in which a condition for performing encrypted communication with the encrypted communication server is stored, and encryption for the encrypted communication server. Specifying means for specifying an application for communication; and extracting means for extracting data transmitted to the relay server via the application specified by the specifying means before the encrypted communication; First determination means for determining whether or not the data extracted by the extraction means satisfies the rule condition; and the first The result of the determination by the determination means and a transmission means for transmitting to the relay server.

  According to another aspect of the client terminal device of the present invention, a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and relay encrypted communication between the client terminal device and the encrypted communication server. A client terminal device in an information processing system having a relay server that performs identification processing for identifying an application that performs encrypted communication with the encrypted communication server, and data before performing the encrypted communication. And extracting means for extracting data transmitted to the relay server via the application specified by the specifying means, and transmitting means for transmitting the data extracted by the extracting means to the relay server.

  The relay server of the present invention includes a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server. A relay server in the information processing system having a determination result performed by the client terminal device, the data before performing the encrypted communication, wherein the encrypted communication is performed with respect to the encrypted communication server; A determination result as to whether or not the data transmitted to the relay server via the application to be executed satisfies a rule in which a condition for performing the encrypted communication with the encrypted communication server is satisfied. A receiving means for receiving from the device, and whether to transmit the data to the encrypted communication server according to the determination result received by the receiving means And a determination means for determining.

  According to another aspect of the relay server of the present invention, the client terminal device configured to be able to perform encrypted communication with the encrypted communication server, and the encrypted communication between the client terminal device and the encrypted communication server are relayed. The relay server in the information processing system having a relay server, the storage means storing a rule in which conditions for performing encrypted communication with the encrypted communication server are stored, and extracted by the client terminal device Data transmitted before the encrypted communication and transmitted to the relay server via the application performing the encrypted communication with the encrypted communication server from the client terminal device. A first determination for determining whether or not the receiving means for receiving and the data received by the receiving means satisfy the condition of the rule It has a stage, and a determination means in response to said first determination means determined to be the determination result, determines whether to transmit the data to the encrypted communication server.

  A method for controlling a client terminal device according to the present invention relays encrypted communication between a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and the client terminal device and the encrypted communication server. A method of controlling the client terminal device in an information processing system having a relay server, the storage step storing in a storage means a rule in which a condition for performing encrypted communication with the encrypted communication server is stored; A specifying step for specifying an application that performs encrypted communication with the encrypted communication server, and data before performing the encrypted communication, which are transmitted to the relay server via the application specified in the specifying step An extraction step of extracting the data to be extracted, and the data extracted in the extraction step is a condition of the rule Of whether a first judgment step of judging whether it meets the result of determination by the first determination step and a transmission step of transmitting to the relay server.

  Another aspect of the control method for a client terminal device according to the present invention includes a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and encryption between the client terminal device and the encrypted communication server. A method of controlling the client terminal device in an information processing system having a relay server that relays communication, the specifying step of specifying an application that performs encrypted communication with the encrypted communication server, and the encrypted communication An extraction step for extracting data to be transmitted to the relay server via the application identified in the identification step, and transmission for transmitting the data extracted in the extraction step to the relay server. Steps.

  The relay server control method according to the present invention includes a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and a relay that relays encrypted communication between the client terminal device and the encrypted communication server. A method for controlling the relay server in an information processing system having a server, which is a determination result performed by the client terminal device, and is data before performing the encrypted communication, the data being transmitted to the encrypted communication server Whether or not the data transmitted to the relay server via the application that performs the encrypted communication satisfies a rule that defines the conditions for performing the encrypted communication with the encrypted communication server. A reception step of receiving a result from the client terminal device, and the encrypted communication service according to the determination result received in the reception step. And a determining step of determining whether to transmit the data to the server.

  According to another aspect of the relay server control method of the present invention, a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and encrypted communication between the client terminal device and the encrypted communication server. A storage step of storing in a storage means a rule in which a condition for performing encrypted communication with the encrypted communication server is defined in an information processing system having a relay server that relays The data extracted by the client terminal device, the data before performing the encrypted communication, and transmitted to the relay server via the application that performs the encrypted communication to the encrypted communication server. Receiving data from the client terminal device, and the data received in the receiving step are And determining whether to transmit the data to the encrypted communication server according to a determination result determined in the first determination step and a determination result determined in the first determination step. A determination step.

  The program of the present invention includes a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server. A storage step of storing in a storage means a rule for causing a computer to execute a control method of the client terminal device in an information processing system, wherein a rule for performing encrypted communication with the encrypted communication server is defined A specifying step of specifying an application that performs encrypted communication with the encrypted communication server, and data before performing the encrypted communication, the relay server via the application specified in the specifying step An extraction step of extracting data transmitted to the data, and the data extracted in the extraction step For causing the computer to execute a first determination step for determining whether or not a condition of the rule is satisfied and a transmission step for transmitting the determination result determined in the first determination step to the relay server Is.

  Another aspect of the program of the present invention includes a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and a relay that relays encrypted communication between the client terminal device and the encrypted communication server. A program for causing a computer to execute a control method of the client terminal device in an information processing system having a server, the specifying step of specifying an application that performs encrypted communication with the encrypted communication server; Extracting the data before performing the communication, which is transmitted to the relay server via the application specified in the specifying step; and extracting the data extracted in the extracting step to the relay server This is for causing a computer to execute a transmission step of transmission.

  According to another aspect of the program of the present invention, a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and relay encrypted communication between the client terminal device and the encrypted communication server. A program for causing a computer to execute the control method of the relay server in an information processing system having a relay server that is a determination result performed by the client terminal device and data before performing the encrypted communication The conditions for the data transmitted to the relay server via the application that performs the encrypted communication to the encrypted communication server to perform the encrypted communication with the encrypted communication server are determined. A reception step of receiving a determination result as to whether or not a rule condition is satisfied from the client terminal device; Depending on the determination result received by the receiving step is for executing a determining step of determining whether to transmit the data to the encrypted communication server computer.

  According to another aspect of the program of the present invention, a client terminal device configured to be able to perform encrypted communication with an encrypted communication server, and relay encrypted communication between the client terminal device and the encrypted communication server. A program for causing a computer to execute the control method of the relay server in an information processing system having a relay server for storing, and a rule that defines a condition for performing encrypted communication with the encrypted communication server Storing data stored in the client terminal device and data extracted by the client terminal device before the encrypted communication via an application that performs the encrypted communication with the encrypted communication server A reception step of receiving data to be transmitted to the relay server from the client terminal device; According to the first determination step for determining whether the data received in the reception step satisfies the condition of the rule, and the determination result determined in the first determination step, the encrypted communication server receives the data And a determination step for determining whether or not to transmit data.

  According to the present invention, when managing and inspecting information using encrypted communication, the security of encrypted communication is ensured without breaking the cryptographic framework such as decryption of encrypted communication by a third party. Information management and inspection can be carried out.

  The best mode for carrying out the present invention will be described below in detail with reference to the accompanying drawings.

FIG. 1 is a diagram illustrating an example of a schematic configuration of an information processing system according to an embodiment of the present invention.
As shown in FIG. 1, the information processing system 1 according to the present embodiment includes an intranet 120, a wide area network 140, an HTTPS web server 150, and an HTTP web server 160.

  The intranet 120 includes a client terminal device 100, a relay server 110, an administrator terminal device 130, and a connection session 121 and a control session 122 that connect the client terminal device 100 and the relay server 110 so that they can communicate with each other. A communication path is configured. The client terminal device 100 includes an agent program 101, a key logger 102, and a web browser 103. Further, the relay server 110 is configured to include a relay server program 111. Hereinafter, each configuration of the information processing system 1 according to the present embodiment will be described.

  The client terminal device 100 is configured to be capable of encrypted communication with the HTTPS web server 150 that is an encrypted communication server, and further configured to be able to perform unencrypted communication with the HTTP web server 160 that is an unencrypted communication server. Has been.

  The agent program 101 of the client terminal device 100 is software installed in the client terminal device 100. The agent program 101 monitors the client terminal device 100, monitors input to an application (for example, the web browser 103) that executes encrypted communication, and cooperates with the relay server 110 (relay server program 111). It is for carrying out inspection and monitoring of encrypted communication and the like. The agent program 101 also performs processing for starting the key logger 102. The processing performed by this agent program 101 will be described later in detail.

  The key logger 102 of the client terminal device 100 is for recording a key input to an application (for example, the web browser 103) that executes the encrypted communication or the like.

  The web browser 103 of the client terminal device 100 connects to the relay server 110 via the connection session 121, accesses the HTTPS web server 150 via the wide area network 140, and various web pages provided by the HTTPS web server 150. Are used for browsing a desired web page via encrypted communication.

  The web browser 103 connects to the relay server 110 via the connection session 121, accesses the HTTP web server 160 via the wide area network 140, and includes various web pages provided by the HTTP web server 160. It is also used for browsing a desired web page.

  The administrator terminal device 130 is used to access the relay server 110 and perform control operations and settings performed by the relay server 110. Further, the manager terminal device 130 transmits an HTTPS message (or HTTP message) transmitted from the client terminal device 100 and relayed to the HTTPS web server 150 (or HTTP web server 160) via the relay server 110. Is used for setting and browsing operations so that can be browsed.

  The relay server 110 corresponds to, for example, a proxy server, and relays encrypted data communication (or unencrypted data communication) between the client terminal device 100 and the HTTPS web server 150 (or HTTP web server 160). Is for. For example, the client terminal device 100 accesses a web page provided by the HTTPS web server 150, browses information on this web page, registers various services, or creates and receives an electronic mail (web mail). When an operation instruction such as transmission is input, the relay server 110 receives the operation instruction, and executes a process of relaying and transmitting the received operation instruction to the HTTPS web server 150 via encrypted communication. The processing performed by the relay server 110 will be described in detail later.

  The relay server program 111 of the relay server 110 is software installed on the relay server 110. The relay server program 111 receives, for example, a connection request to the HTTPS web server 150 from an application (for example, the web browser 103) that performs encrypted communication started on the client terminal device 100 via the connection session 121. In this case, the relay server program 111 checks and monitors the encrypted communication while coordinating with the agent program 101 via the control session 122. If there is no problem, the relay web server program 111 checks the HTTPS web via the wide area network 140. A process of relaying to the server 150 is performed. Similarly, the relay server program 111 checks and monitors the non-encrypted communication when performing non-encrypted communication. If there is no problem, the relay server program 111 sends it to the HTTP web server 160 via the wide area network 140. Perform relay processing. The processing performed by this relay server program 111 will be described in detail later.

  The connection session 121 is a communication path that connects the web browser 103 of the client terminal device 100 and the relay server 110 (relay server program 111) in a communicable manner.

  The control session 122 is a communication path that connects the agent program 101 of the client terminal device 100 and the relay server 110 (relay server program 111) in a communicable manner. Through this control session 122, the agent program 101 and the relay server program 111 perform data communication with each other and execute each control process in cooperation with each other. The cooperation process via the control session 122 will be described in detail later.

  The intranet 120 is configured by a network such as a LAN, for example. The wide area network 140 is a network represented by the Internet.

  The HTTPS web server 150 performs the same operation as that of a web server provided in a general provider, and requests the client terminal device 100 accessed via the relay server 110 and the wide area network 140. A web page corresponding to this is provided via encrypted communication.

  The HTTP web server 160 performs the same operation as a web server provided by a general provider, and requests the client terminal device 100 that has accessed through the relay server 110 and the wide area network 140. The web page corresponding to is provided.

  FIG. 2 is a block diagram illustrating an example of a hardware configuration of the client terminal device 100 and the relay server 110 illustrated in FIG.

  In FIG. 2, the CPU 201 performs overall control of the apparatus using programs and data stored in the RAM 202 and the ROM 203, and various processes described later performed by the apparatus (client terminal apparatus 100 or relay server 110). Execute.

  The RAM 202 temporarily stores programs and data loaded from the HDD (hard disk drive) 204 and the storage medium drive 206 or programs and data received from the outside via the network I / F (interface) 205. And various areas such as a work area used when the CPU 201 executes various processes are provided as appropriate.

  The ROM 203 stores setting data, a boot program, and the like of the device (client terminal device 100 or relay server 110).

  The HDD 204 is an OS (operating system), a program (such as the agent program 101 or the relay server program 111) for causing the CPU 201 to execute various processes described later performed by the device (the client terminal device 100 or the relay server 110), This is for storing various data, various files, and the like, which are appropriately loaded into the RAM 202 under the control of the CPU 201 and are processed by the CPU 201.

  The network I / F 205 is used to connect the device (the client terminal device 100 or the relay server 110) to the intranet 120 and the wide area network 140. The client terminal device 100 or the relay server 110 can perform data communication with each device connected to the intranet 120 and the wide area network 140 via the network I / F 205.

  The storage medium drive 206 reads a program and data recorded on a storage medium such as a CD-ROM, CD-R / RW, DVD-ROM, DVD-R / RW, and DVD-RAM, and outputs them to the RAM 202 and the HDD 204. . A part of the information stored in the RAM 202 or the HDD 204 may be recorded on this storage medium.

  A keyboard 207 and a pointing device 208 configured with a mouse, a joystick, and the like input various instructions to the CPU 201 when operated by an operator of the device.

  The display unit 209 is configured by a CRT, a liquid crystal screen, or the like, and displays the processing result by the CPU 201 with images, characters, and the like.

  The external device connection I / F 210 is an interface for connecting an external device (peripheral device) to the device. The client terminal device 100 or the relay server 110 performs data transmission / reception with an external device (peripheral device) via the external device connection I / F 210. For example, the external device connection I / F 210 is configured by USB, IEEE1394, or the like, and usually has a plurality of external device connection I / Fs. The connection form with the external device (peripheral device) by the external device connection I / F 210 may be wired or wireless.

  The bus 211 connects the above-described units (201 to 210) in a communicable manner.

  In the following description, the client terminal device 100 and the relay server 110 are described as having the hardware configuration shown in FIG. 2, but are not necessarily limited to having the configuration shown in FIG. . For example, as long as the later-described processing performed by the client terminal device 100 or the relay server 110 can be executed, the configuration may be changed as appropriate.

  In addition, as for the hardware configuration of the other terminal device for administrator 130, the HTTPS web server 150, and the HTTP web server 160, since a general computer is applied to them, the configuration shown in FIG. Have.

  Next, the client terminal device 100 accesses the web mail page provided by the HTTPS web server 150 via the relay server 110 and the wide area network 140 using encrypted communication, and the web mail page is displayed on the web mail page. Processing in the case of instructing creation, storage, transmission, etc. will be described.

  In the relay server 110, it is assumed that a program (relay server program 111) for causing the CPU 201 of the own device to execute the above-described processing and various data are stored in the HDD 204 of the own device. In the relay server 110, a program and various data stored in the HDD 204 are loaded into the RAM 202 according to control by the CPU 201, and the CPU 201 performs processing using the program and various data loaded in the RAM 202, which will be described later. Various processes of the relay server 110 are executed.

  Further, in the client terminal device 100, a program (an agent program 101, a program related to the key logger 102, a program related to the web browser 103) and various data for causing the CPU 201 of the own device to execute the above-described processing are transmitted to the relay server 110. Similarly, it is assumed that it is stored in the HDD 204 of its own device. In the client terminal device 100, a program and various data stored in the HDD 204 are loaded into the RAM 202 according to control by the CPU 201, and the CPU 201 performs processing using the program and data loaded in the RAM 202, which will be described later. Various processes of the client terminal device 100 are executed.

  First, processing at startup using the agent program 101 in the client terminal device 100 will be described.

  FIG. 3 is a flowchart illustrating an example of processing at the time of activation using the agent program 101 in the client terminal device 100. The agent program 101 is software that is started at the same time when the OS is started on the client terminal device 100, and the processing of FIG. 3 is performed by the CPU 201 of the client terminal device 100 executing the agent program 101.

First, in step S301, the CPU 201 of the client terminal apparatus 100 executes the agent program 101, reads a setting file stored in the HDD 204 of the own apparatus at startup, and accesses information such as the IP address or host name of the relay server 110 And the relay server 110 is detected based on the access information.
More specifically, the CPU 201 of the client terminal device 100 assigns a specific port number (P1) designated in advance to the relay server 110 corresponding to the access information (IP address or host name) via the intranet 120. And detecting that the relay server 110 is operating normally, and detecting the relay server 110.

  Subsequently, in step S302, the CPU 201 of the client terminal device 100 determines whether the detection of the relay server 110 performed in step S301 is successful.

  If it is determined in step S302 that the relay server 110 has been successfully detected (S302 / YES), the process proceeds to step S303. In step S <b> 303, the CPU 201 of the client terminal device 100 activates the key logger 102.

  The key logger 102 is used to record key inputs input from the keyboard 207 (and also the pointing device 208) of the client terminal device 100. As a first method of recording the key input by the key logger 102, there is a method of recording in association with an active application process as an input destination, and as a second method, an application process registered in advance is used. There is a method of recording in association (black list method), and a third method is a method of recording processes other than pre-registered applications (white list method). At this time, the first to third methods described above may be used alone or a plurality of methods may be used simultaneously.

  In addition, by synchronizing the processing performed by the key logger 102 with the input of the pointing device 208 of the client terminal device 100, for example, it is possible to detect the switching of the active window of the input destination in the OS running on the client terminal device 100. Accurate input value range.

  The key logger 102 may have, for example, an application authentication mechanism so that it can be called only from the agent program 101. In this case, the key logger 102 cannot reply to a call from an application that cannot be authenticated. As a result, in the client terminal device 100, for example, a malicious user or a third party who has entered through the wide area network 140 uses the keylogger 102 without permission or is recognized by a legitimate user. Without obtaining confidential information.

After the key logger 102 is activated, in step S304, the CPU 201 of the client terminal device 100 starts monitoring an application.
Here, as a method for monitoring an application, as a first method, when the network I / F 205 of the client terminal apparatus 100 is monitored and data transmission to the outside is detected, the application that attempted to transmit the data is ported. There is a method of monitoring data transmission outside the application by specifying the number. Further, as a second method, there is a method for monitoring only pre-registered applications (black list method). Further, as a third method, a method for monitoring data transmission to the outside in applications other than pre-registered applications. (White list method). At this time, the above-described first to third methods may be used alone, or a plurality of methods may be used in combination.

Subsequently, in step S305, the CPU 201 of the client terminal device 100 prepares to accept the control session 122 by the relay server program 111 simultaneously with the start of application monitoring in step S304.
Specifically, the preparation for accepting the control session 122 is to prepare the network I / F 205 of the client terminal apparatus 100 to accept communication at a specific port number (P2) designated in advance. This preparation for accepting the control session 122 is parallel processing in the processing by the agent program 101 and enters a reception standby state.

  When monitoring of the application is started in step S304 and preparation for accepting the control session 122 is completed in step S305, the CPU 201 of the client terminal device 100 subsequently performs the relay server cooperation processing (S401, S413) shown in FIG. Execute. This relay server cooperation processing will be described later in detail with reference to FIG.

  On the other hand, when it is determined in step S302 that the detection of the relay server 110 has failed (S302 / NO), the process proceeds to step S306. When the processing proceeds to step S306, the CPU 201 of the client terminal device 100 thereafter performs processing (application restriction processing) for restricting data transmission of an application (for example, the web browser 103) that performs data transmission from the client terminal device 100 to the outside. )I do.

  As a method of this application restriction processing, as a first method, when the network I / F 205 of the client terminal apparatus 100 is monitored and data transmission to the outside is detected, the process of the application that attempted to transmit the data is performed. There is a method for restricting data transmission outside the application by specifying the port number. Further, as a second method, there is a method of restricting only pre-registered applications (black list method), and as a third method, a method of restricting data transmission to the outside in applications other than pre-registered applications. (White list method). At this time, the above-described first to third methods may be used alone, or a plurality of methods may be used in combination.

  Subsequently, in step S307, the CPU 201 of the client terminal apparatus 100 determines whether or not a predetermined time has passed since the application restriction should not be implemented permanently. If it is determined in step S307 that the predetermined time has not elapsed (S307 / NO), the process returns to step S306. Then, the process of step S306 is performed until it is determined in step S307 that a certain time has elapsed.

  On the other hand, if it is determined in step S307 that the predetermined time has passed (S307 / YES), the process returns to step S301, and the relay server 110 is detected again.

  As described above, in the process at the time of activation using the agent program 101, the application restriction in the client terminal device 100 is continued until the relay server 110 is normally detected.

Next, the relay server cooperation processing (S401, S413) illustrated in FIG. 3 will be described.
FIG. 4 is a flowchart illustrating an example of relay server cooperation processing using the agent program 101 in the client terminal device 100. The processing in FIG. 4 is performed when the CPU 201 of the client terminal device 100 executes the agent program 101.

  Further, in the relay server cooperation processing shown in FIG. 4, the client terminal device 100 that performs processing using the agent program 101 and the relay server 110 that performs processing using the relay server program 111 mutually pass through a control session 122. In order to perform data communication, the relay server cooperation processing shown in FIG. 4 will be described in detail with reference to FIG.

  FIG. 5 is a flowchart illustrating an example of agent cooperation processing using the relay server program 111 in the relay server 110. The processing in FIG. 5 is performed when the CPU 201 of the relay server 110 executes the relay server program 111.

As described above, application monitoring is started in step S304 in FIG. 3, and when the preparation for accepting the control session 122 is completed in step S305 in FIG. 3, subsequently, in step S401 in FIG. Starts relay server cooperation processing.
At this time, in the present embodiment, as the application monitoring method, when the first method described above, that is, the network I / F 205 of the client terminal apparatus 100 is monitored and data transmission to the outside is detected, the data transmission is performed. It is assumed that a method is adopted in which an application to be executed is identified from a port number and data transmission to the outside of the application is monitored.

  Subsequently, in step S402, the CPU 201 of the client terminal device 100 monitors the network I / F 205 of the own device (that is, monitors the network port) and monitors data transmission to the outside.

  Subsequently, in step S403, the CPU 201 of the client terminal device 100 determines whether there is a connection request to a port number of SSL (Secure Socket Layer), that is, whether encrypted communication is started. If it is determined in step S403 that there is no connection request to the SSL port number (S403 / NO), the process returns to step S402. Then, the process of step S402 is performed until it is determined in step 403 that a connection request to the SSL port number has been made.

  On the other hand, if it is determined in step S403 that there is a connection request to the SSL port number (S403 / YES), it is determined that there is an HTTPS connection request from the web browser 103 to the HTTPS web server 150, and the process proceeds to step S404. move on.

  In step S404, the CPU 201 of the client terminal device 100 identifies the port number (P3) in the network I / F 205 of the client terminal device 100 to be connected to the relay server 110 via the connection session 121, and the port number. Is detected (for example, the web browser 103). At this time, the CPU 201 of the client terminal device 100 detects an application via, for example, an OS (operating system).

Here, the description shifts to the description of FIG.
At this time, the CPU 201 of the relay server 110 is in a standby state so that data (including a connection request) from the client terminal device 100 can be received at any time. When a connection request is received from the client terminal device 100 in this standby state, in step S501 in FIG. 5, the CPU 201 of the relay server 110 determines whether or not the connection request is an encrypted communication connection request.

  If it is determined in step S501 that the connection request from the client terminal device 100 is not a request for encrypted communication connection (that is, a request for non-encrypted communication connection) (S501 / NO), the process proceeds to step S506. The CPU 201 of the relay server 110 performs a non-encrypted communication inspection process. This unencrypted communication inspection process will be described later in detail with reference to FIG.

  On the other hand, if it is determined in step S501 that the connection request from the client terminal device 100 is an encrypted communication connection request (S501 / YES), the process proceeds to step S502. For example, when an HTTPS connection request from the web browser 103 to the HTTPS web server 150 is generated in the client terminal device 100 (S403 / YES), the CPU 201 of the relay server 110 transmits the request from the client terminal device 100 via the connection session 121. A CONNECT connection request indicating the start of encrypted communication is received. In step S501, when there is a CONNECT connection request, it is determined that there is a request for encrypted communication connection from the client terminal device 100.

  Subsequently, in step S502, the CPU 201 of the relay server 110 determines from the packet in the encrypted communication connection request (CONNECT connection request) received in step S501, the IP address of the connection source client terminal device 100 and the connection source port. The number (P4) is detected.

  Subsequently, in step S <b> 503, the CPU 201 of the relay server 110 determines whether or not the control session 122 already exists with the client terminal device 100. At this time, since the control session 122 does not exist with the client terminal device 100, a negative determination is made in step S503 (S503 / NO), and the process proceeds to step S507.

  Subsequently, in step S507, the CPU 201 of the relay server 110 generates a new control session 122 for the IP address of the client terminal device 100 detected in step S502. In the generation of the new control session 122, a specific port number (P2) is set in advance, and the CPU 201 of the relay server 110 sends a connection request packet toward the corresponding port number (P2) of the client terminal device 100. Is transmitted (communication A).

Returning to the description of FIG.
At this time, since the client terminal device 100 does not have the control session 122 (S405 / NO), the process proceeds to step S408 in FIG. 4 and waits for a connection request in the control session 122 from the relay server 110. (Communication A). When a connection request is received within a certain time, the CPU 201 of the client terminal device 100 generates a control session 122 with the relay server 110 (relay server program 111).

  In step S409, the CPU 201 of the client terminal device 100 determines whether the control session 122 has been generated. As a result of this determination, if the control session 122 has not been generated (S409 / NO), the process proceeds to step S410.

  In step S410, the CPU 201 of the client terminal device 100 determines whether a certain time has elapsed and timed out. If the result of this determination is that a certain time has not elapsed and timed out (S410 / NO), the process returns to step S408.

  On the other hand, if it is determined in step S410 that a certain time has elapsed and timed out (S410 / YES), that is, if the connection request cannot be received within the certain time and the control session 122 is not generated. Advances to step S412. In step S412, the CPU 201 of the client terminal device 100 performs processing (application restriction processing) for restricting data transmission of an application (for example, the web browser 103) that performs data transmission from the client terminal device 100 to the outside. Do.

  When a control session 122 is generated between the relay server 110 (relay server program 111) and a connection request is received within a predetermined time, an affirmative determination is made in step S409 (S409 / YES), and the process proceeds to step S406. Will go on.

Returning to the description of FIG.
On the other hand, when the CPU 201 of the relay server 110 generates a new control session 122 for the IP address of the client terminal device 100 (S507), subsequently, in step S508, the CPU 201 and the client terminal device 100 (agent program 101). In the meantime, it is determined whether or not the control session 122 has been successfully generated. As a result of this determination, if the control session 122 cannot be generated normally (S508 / NO), the process proceeds to step S509.

  In step S509, the CPU 201 of the relay server 110 determines whether a certain time has elapsed and timed out. If the result of this determination is that a certain time has not elapsed and time-out has not occurred (S509 / NO), the process returns to step S507.

  On the other hand, if it is determined in step S509 that a certain time has elapsed and timed out (S509 / YES), that is, if a normal control session 122 could not be generated within a certain time, the process proceeds to step S511. move on. In step S 511, the CPU 201 of the relay server 110 performs processing for rejecting relay in response to HTTPS data transmission from the web browser 103.

  If a control session 122 is generated with the client terminal device 100 (agent program 101) within a certain time, an affirmative determination is made in step S508 (S508 / YES), and the flow proceeds to step S504.

  In step S504, the CPU 201 of the relay server 110 transmits the hash value and time information of the inspection reference rule to the client terminal device 100 via the generated control session 122 (communication B).

  Although the inspection standard rule will be described in detail later, the hash value is for detecting a change in the rule. For example, the hash value of the inspection standard rule using a hash function such as MD5 (Message Digest 5) is used. Or an incremental numerical value such as a version number can be used as a hash value using a monotonically increasing function.

  The time information of the inspection standard rule is time information based on the relay server 110. The reason for transmitting the time information to the client terminal device 100 is, for example, that the time information is different for each of the plurality of client terminal devices. This is because it is used as unified time information for the entire system in order to perform a certain evaluation.

Returning to the description of FIG.
On the other hand, in step S406, the CPU 201 of the client terminal device 100 is in a standby state waiting for reception of the hash value and time information of the inspection standard rule transmitted from the relay server 110 via the control session 122 (communication B). .

  In step S <b> 407, the CPU 201 of the client terminal device 100 determines whether or not the hash value and time information of the inspection reference rule have been normally received from the relay server 110 via the control session 122. As a result of this determination, if the hash value and time information of the inspection reference rule cannot be normally received from the relay server 110 (S407 / NO), the process proceeds to step S411.

  In step S411, the CPU 201 of the client terminal device 100 determines whether a certain time has elapsed and timed out. If the result of this determination is that a certain time has not passed and timed out (S411 / NO), the process returns to step S406.

  On the other hand, if it is determined in step S411 that a certain time has elapsed and timed out (S411 / YES), that is, the hash value and time information of the inspection reference rule are normally received from the relay server 110 within the certain time. If not, the process proceeds to step S412. In step S412, the CPU 201 of the client terminal device 100 performs processing (application restriction processing) for restricting data transmission of an application (for example, the web browser 103) that performs data transmission from the client terminal device 100 to the outside. Do.

  Further, if the hash value and time information of the inspection standard rule are normally received from the relay server 110 within a certain time, it can be determined that the connection by the control session 122 is successful, and an affirmative determination is made in step S407 (S407 / YES). Then, the control session success process (S701) shown in FIG. 7 is executed. This control session success process will be described later in detail with reference to FIG.

Returning to the description of FIG.
When the hash value and time information of the inspection standard rule are transmitted to the client terminal device 100 (S504), the CPU 201 of the relay server 110 subsequently determines whether or not the transmission of the hash value and time information of the inspection standard rule is successful. to decide. As a result of this determination, for example, when there is no response from the client terminal device 100 (agent program 101) and the transmission of the hash value and time information of the inspection standard rule to the client terminal device 100 has failed (S505 / NO). The process proceeds to step S510.

  In step S510, the CPU 201 of the relay server 110 determines whether a certain time has elapsed and timed out. If the result of this determination is that a certain time has not passed and timed out (S510 / NO), the process returns to step S504.

  On the other hand, if it is determined in step S510 that a certain time has elapsed and timed out (S510 / YES), that is, the client terminal device 100 transmits the hash value and the time information of the inspection reference rule within a certain time. If there is no such reply, the process proceeds to step S511. In step S 511, the CPU 201 of the relay server 110 performs processing for rejecting relay in response to HTTPS data transmission from the web browser 103.

  Also, if a reply related to the transmission of the hash value of the inspection standard rule and the time information is sent from the client terminal device 100 within a certain time, an affirmative determination is made in step S505 (S505 / YES), and the application capturing process shown in FIG. (S601) is executed. This application capturing process will be described later in detail with reference to FIG.

  In the description of FIG. 4 described above, the network port in the network I / F 205 of the client terminal device 100 is monitored in step S402. For example, an application that is not detected by monitoring the network port performs encrypted communication. Other forms to perform are also applicable. This case will be described below.

  In the processing using the agent program 101, the CPU 201 of the client terminal device 100 performs, for example, a blacklist method for application monitoring when an application that is not detected by network port monitoring performs encrypted communication, and When an application that is not listed in the black list performs encrypted communication, in the form according to the description of FIG. 4 described above, the application is in a standby state without being detected in step S402.

  However, the client terminal device 100 cannot access the external HTTPS web server 150 via the wide area network 140 unless the relay server 110 that is a proxy server is relayed. In other words, the relay server 110 can detect the start of encrypted communication in step S501 of FIG. At this time, the relay server 110 can detect the connection source in step S <b> 502 and generate a control session 122 for the connection source client terminal device 100 (agent program 101), or an existing control session 122 can be created. If there is, it can be notified to the client terminal device 100 (agent program 101) that encrypted communication has started (S413 in FIG. 4).

  Then, the CPU 201 of the client terminal device 100 can detect the start of the encrypted communication of the application that could not be detected by monitoring the network port by a notification from the relay server 110 that is a proxy server. Specifically, the CPU 201 of the client terminal device 100 can acquire the process of the application that uses the port number from the connection source port number notified from the relay server 110, and adds the application to the monitoring target. can do. When the start of the encrypted communication of the application is detected by the notification from the relay server 110, the process proceeds to step S406, and the subsequent processing is performed.

  Note that, in steps S408 to S410 of FIG. 4, the process for newly creating the control session 122 is included in the flowchart, but it is necessary to always wait for a connection request from the relay server 110 (relay server program 111). Needless to say, the process is not limited to that shown in FIG.

  Next, synchronization of capturing of the application to be monitored will be described in detail with reference to FIGS.

FIG. 6 is a flowchart illustrating an example of an application capturing process using the relay server program 111 in the relay server 110. The processing in FIG. 6 is performed by the CPU 201 of the relay server 110 executing the relay server program 111.
FIG. 7 is a flowchart illustrating an example of a control session success process using the agent program 101 in the client terminal device 100. The processing in FIG. 7 is performed by the CPU 201 of the client terminal device 100 executing the agent program 101.

First, the description of FIG. 7 will be given.
When the hash value and the time information of the inspection reference rule are normally received from the relay server 110 in step S406 in FIG. 4 (S407 / YES), the process proceeds to step S701 in FIG. 7 and the control session success process is started. In step S <b> 702, the CPU 201 of the client terminal device 100 determines whether the hash value of the inspection standard rule received from the relay server 110 matches the hash value of the inspection standard rule stored in the HDD 204 (or RAM 202) of its own device. Judge whether or not.

  As a result of the determination in step S702, if the hash value of the inspection standard rule received from the relay server 110 matches the hash value of the self-inspection rule (S702 / YES), it is currently stored in the client terminal device 100. Assuming that the inspection standard rule has not been changed, the inspection standard rule is set to be used as it is, and the process proceeds to step S703.

  On the other hand, as a result of the determination in step S702, if the hash value of the inspection standard rule received from the relay server 110 does not match the hash value of the inspection standard rule of the own device (S702 / NO), the process proceeds to step S708. In step S708, the CPU 201 of the client terminal device 100 requests the relay server 110 to acquire the inspection standard rule having the hash value received in step S406, and acquires the latest inspection standard rule from the relay server 110. To do. At this time, when the relay server 110 receives an inspection standard rule acquisition request from the client terminal device 100 via the control session 122, the relay server 110 returns a new inspection standard rule via the control session 122. Then, the CPU 201 of the client terminal apparatus 100 updates the inspection standard rule stored in the HDD 204 of the own apparatus based on the latest inspection standard rule acquired from the relay server 110. Thereby, the latest inspection standard rule is stored in the HDD 204 of the client terminal device 100.

  In step S709, the CPU 201 of the client terminal device 100 determines whether the acquisition of the inspection standard rule in step S708 has succeeded.

  As a result of the determination in step S709, if acquisition of the inspection standard rule in step S708 has failed (S709 / NO), the process proceeds to step S714. In step S714, the CPU 201 of the client terminal device 100 performs the application restriction process described above.

  On the other hand, as a result of the determination in step S709, if acquisition of the inspection standard rule in step S708 is successful (S709 / YES), the process proceeds to step S703. In step S <b> 703, the CPU 201 of the client terminal device 100 waits for an application capture command from the relay server 110. In the state of step S703, the client terminal device 100 is in a state of holding the latest inspection standard rule.

Here, the description shifts to the description of FIG.
Since the CPU 201 of the relay server 110 has already confirmed that the control session 122 has been normally generated in step S503 or step S508 in FIG. 5, the CPU 201 starts the application capturing process in step S601 in FIG. In step S602, the CPU 201 of the relay server 110 transmits an application capture command to the client terminal apparatus 100 via the control session 122 so as to capture the application that has transmitted the HTTPS connection request from the client terminal apparatus 100 ( Communication C). At this time, the CPU 201 of the relay server 110 transmits the application capture command with the connection source port number (P4) detected from the packet information attached thereto.

  Subsequently, in step S603, the CPU 201 of the relay server 110 determines whether or not the transmission of the application capture command in step S602 has succeeded. As a result of this determination, if the transmission of the application capture command in step S602 has failed (S603 / NO), the process proceeds to step S606. In step S606, the CPU 201 of the relay server 110 determines whether a certain time has elapsed and timed out.

  If the result of determination in step S606 is that a certain time has not elapsed and time-out has not occurred (S606 / NO), the process returns to step S602. On the other hand, as a result of the determination in step S606, if a predetermined time has elapsed and timed out (S606 / YES), the process proceeds to step S608, where the CPU 201 of the relay server 110 responds to HTTPS data transmission from the web browser 103. Process to reject the relay.

  If it is determined in step S603 that the transmission of the application capture command in step S602 is successful (S603 / YES), the process proceeds to step S604, and the CPU 201 of the relay server 110 determines the application capture result from the client terminal device 100. A waiting state is established (communication D).

Returning to the description of FIG.
The CPU 201 of the client terminal device 100 has confirmed that the inspection standard rule currently held is the latest through the processing of step S702 (or steps S708 and S709). The application capture command is in a standby state (S703).

  Subsequently, in step S <b> 704, the CPU 201 of the client terminal device 100 determines whether an application capture command has been received from the relay server 110. If the result of this determination is that an application capture command has not been received from the relay server 110 (S704 / NO), processing proceeds to step S710.

  In step S710, the CPU 201 of the client terminal device 100 determines whether a certain time has elapsed and timed out. If the result of this determination is that a certain time has not passed and timed out (S710 / NO), the process returns to step S703.

  On the other hand, if it is determined in step S710 that a certain time has elapsed and timed out (S710 / YES), that is, if an application capture command is not received from the relay server 110 within the certain time, step The process proceeds to S714. In step S714, the CPU 201 of the client terminal device 100 performs the application restriction process described above.

  If it is determined in step S704 that an application capture command has been received from the relay server 110 (S704 / YES), the process proceeds to step S705. In step S705, the CPU 201 of the client terminal device 100 determines whether an application (for example, the web browser 103) can be detected. In step S705, if the application has already been detected in step S404 of FIG. 4, a positive determination is made.

  As a result of the determination in step S705, if the application is detected (S705 / YES), the process proceeds to step S706. In step S706, the CPU 201 of the client terminal device 100 detects the port number (P3) detected in step S404 and the port number (included in the application capture command transmitted from the relay server 110 via the control session 122). It is determined whether or not P4) matches.

  As a result of the determination in step S706, when the port number (P3) detected in step S404 matches the port number (P4) included in the application capture command transmitted from the relay server 110 (S706 / YES). Subsequently, in step S707, the CPU 201 of the client terminal device 100 returns an application capture success notification to the relay server 110 (relay server program 111) (communication D). Thereafter, the CPU 201 of the client terminal apparatus 100 executes an agent inspection process (S901) shown in FIG. This agent inspection process will be described later in detail with reference to FIG.

  On the other hand, if the port number (P3) detected in step S404 does not match the port number (P4) included in the application capture command transmitted from the relay server 110 as a result of the determination in step S706 (S706 / Next, in step S713, the CPU 201 of the client terminal device 100 returns an application capture failure notification to the relay server 110 (relay server program 111) (communication D). Thereafter, in step S714, the CPU 201 of the client terminal device 100 performs the above-described application restriction process.

  If the application is not detected as a result of the determination in step S705 (S705 / NO), the process proceeds to step S711. The case where a negative determination is made in step S705 is, for example, the case where the control session success process shown in FIG. 7 is started via step S413 in FIG. 4 without performing the process in step S404 in FIG. In step S711, the CPU 201 of the client terminal device 100 tries to detect an application that opens the port number (P4) included in the application capture command transmitted from the relay server 110 via the control session 122. Perform application capture processing.

  Subsequently, in step S712, the CPU 201 of the client terminal device 100 determines whether or not the application has been successfully captured. The determination in step S712 is made based on, for example, whether or not an application that has opened the port number (P4) included in the application capture command can be detected.

  If it is determined in step S712 that the application has been successfully captured (S712 / YES), the process proceeds to step S707. In step S707, the CPU 201 of the client terminal device 100 instructs the key logger 102 to add the application to the monitoring target, and then captures the application to the relay server 110 (relay server program 111). A success notification is returned (communication D). Thereafter, the CPU 201 of the client terminal apparatus 100 executes an agent inspection process (S901) shown in FIG. This agent inspection process will be described later in detail with reference to FIG.

  On the other hand, as a result of the determination in step S712, if acquisition of the application has failed (S712 / NO), the process proceeds to step S713. In step S713, the CPU 201 of the client terminal device 100 returns an application capture failure notification to the relay server 110 (relay server program 111) (communication D). Thereafter, in step S714, the CPU 201 of the client terminal device 100 performs the above-described application restriction process.

Returning to the description of FIG.
In step S604, the CPU 201 of the relay server 110 is in a standby state waiting for an application capture result from the client terminal device 100 (communication D). Subsequently, in step S <b> 605, the CPU 201 of the relay server 110 determines whether an application capture success notification has been received from the client terminal device 100 as a result of the communication D.

  As a result of the determination in step S605, if the application capture success notification has not been received from the client terminal device 100 (S605 / NO), for example, if the notification regarding the application capture has not been received from the client terminal device 100 ( Alternatively, when an application capture failure notification is received from the client terminal device 100), the process proceeds to step S607. In step S607, the CPU 201 of the relay server 110 determines whether a certain time has elapsed and timed out.

  As a result of the determination in step S607, if the predetermined time has not elapsed and the timeout has not occurred (S607 / NO), the process returns to step S604. On the other hand, if the result of determination in step S607 is that a certain time has elapsed and timed out (S607 / YES), the process proceeds to step S608, and the above-described relay rejection processing is performed.

  Further, as a result of the determination in step S605, if the application capture success notification is received from the client terminal device 100 (S605 / YES), the CPU 201 of the relay server 110 thereafter performs the relay server inspection process (S801) shown in FIG. ). This relay server inspection process will be described later in detail with reference to FIG.

  6 and 7 described above, the CPU 201 of the client terminal device 100 captures the application, and the CPU 201 of the relay server 110 is synchronized with the processing by the agent program 101 of the client terminal device 100. Become.

  Next, transmission data inspection processing performed in the relay server 110 and the client terminal device 100 will be described.

FIG. 8 is a flowchart illustrating an example of a relay server inspection process using the relay server program 111 in the relay server 110. The processing in FIG. 8 is performed when the CPU 201 of the relay server 110 executes the relay server program 111.
FIG. 9 is a flowchart illustrating an example of agent inspection processing using the agent program 101 in the client terminal device 100. The processing in FIG. 9 is performed by the CPU 201 of the client terminal device 100 executing the agent program 101.

  For the inspection items of each inspection process, the inspection setting is recorded in the above-described inspection standard rule, and each inspection process is performed based on this.

First, FIG. 8 will be described.
In the process by the relay server program 111 of the relay server 110, the encrypted communication data cannot be decrypted in principle when the encrypted communication data is received. In the processing by the relay server program 111, information obtained at this time is the host name or IP address of the HTTPS web server 150 to be connected and time information. Therefore, in the inspection using the relay server program 111 of the relay server 110, there are two types, that is, transmission destination host inspection (S802) and time zone inspection (S804).

  First, when starting the relay server inspection process in step S801, the CPU 201 of the relay server 110 performs a transmission destination host inspection process in step S802.

  Specifically, in the transmission destination host inspection in step S802, a transmission destination setting list in which relay permission / relay prohibition is set in advance for any host name or IP address is prepared, and this transmission destination setting list is relayed. The data is stored in the HDD 204 of the server 110. Then, the CPU 201 of the relay server 110 refers to the destination setting list for the host name or IP address of the HTTPS web server 150 that is the connection destination (transmission destination) requested from the web browser 103, and relay permission or relay is performed. By detecting the prohibition, the destination host is inspected. In this case, when the relay permission is detected, the destination host inspection is successful, and when the relay prohibition is detected, the destination host inspection is failed.

  In the transmission destination host inspection, initial values can be set in the HDD 204 in advance for transmission destination hosts having host names or IP addresses that are not set in the transmission destination setting list. With this initial value, it is possible to set either “all relay permitted” or “all relay prohibited”. If the host name or IP address of the HTTPS web server 150 is not set in the destination setting list, the initial value is referred to. If “Allow all relays” is set, the destination host inspection is successful. When “prohibit all relays” is set, the destination host inspection fails.

  Note that the transmission destination setting list described above is a case where relay permission / prohibition is set for the IP address of the transmission destination host, and the host name information of the HTTPS web server 150 as the transmission destination is acquired. If it is determined that the relay permission / relay prohibition setting cannot be detected by referring to the destination setting list, for example, the DNS server is inquired to obtain the IP address of the host name, and the obtained IP address Referring to the destination setting list based on the above, the destination host inspection is performed. In this case, for the acquired IP address, if relay permission is set in the destination setting list, the destination host inspection is successful, and if relay prohibition is set, the destination host inspection fails. .

  Subsequently, in step S803, the CPU 201 of the relay server 110 determines whether or not the transmission destination host check in step S802 is successful.

  As a result of step S803, when the destination host check in step S802 has failed (S803 / NO), the process proceeds to step S812. In step S812, the CPU 201 of the relay server 110 transmits an inspection failure notification to the client terminal device 100 (agent program 101) (communication E). Thereafter, in step S813, the CPU 201 of the relay server 110 performs processing for rejecting the relay for the HTTPS data transmission from the web browser 103.

  On the other hand, as a result of step S803, if the destination host check in step S802 is successful (S803 / YES), the process proceeds to step S804. In step S804, the CPU 201 of the relay server 110 performs time zone inspection processing.

  Specifically, in the time zone inspection in step S804, a time zone setting list in which relay permission / relay prohibition is set in advance is prepared for an arbitrary time zone, and this time zone setting list is stored in the HDD 204 of the relay server 110. Save to. Then, the CPU 201 of the relay server 110 refers to the time zone setting list for the time T1 of the relay server 110 at the time of receiving the connection request for encrypted communication from the web browser 103 (S501 in FIG. 5), and relays By detecting permission or relay prohibition, time zone inspection processing is performed. In this case, the time zone inspection is successful when relay permission is detected, and the time zone inspection fails when relay prohibition is detected.

  In the time zone inspection, if the time T1 is not set in the time zone setting list, an initial value for the time zone can be set in the HDD 204. With this initial value, it is possible to set either “all relay permitted” or “all relay prohibited”. When the time T1 is not set in the time zone setting list, the initial value is referred to. When “Allow all relays” is set, the time zone inspection is successful and “All relay prohibited” is set. If it is, the time zone inspection will fail.

  For example, assuming that the time T1 corresponds to a plurality of setting items in the time zone setting list, the priority order may be set in advance for each setting item in the time zone setting list. At this time, for example, the priority order may be assigned in the order of description in the time zone setting list. In this case, when relay permission is set in the highest setting item of the time zone setting list corresponding to time T1, the time zone inspection is successful, and relay prohibition is set in the highest setting item. In some cases, the time zone inspection fails.

  Subsequently, in step S805, the CPU 201 of the relay server 110 determines whether or not the time zone inspection in step S804 is successful.

  As a result of step S805, when the time zone inspection in step S804 fails (S805 / NO), the process proceeds to step S812. In step S812, the CPU 201 of the relay server 110 transmits an inspection failure notification to the client terminal device 100 (agent program 101) (communication E). Thereafter, in step S813, the CPU 201 of the relay server 110 performs the relay rejection process described above.

  On the other hand, as a result of step S805, when the time zone inspection in step S804 is successful (S805 / YES), the process proceeds to step S806. In step S806, since the destination host inspection and time zone inspection that can be performed on the relay server 110 side are completed, the CPU 201 of the relay server 110 waits for the result of the agent inspection from the client terminal device 100 ( Communication F).

  Subsequently, in step S <b> 807, the CPU 201 of the relay server 110 determines whether an agent inspection result has been received from the client terminal device 100. As a result of the determination, if the result of the agent inspection is not received from the client terminal device 100 (S807 / NO), the process proceeds to step S811. In step S811, the CPU 201 of the relay server 110 determines whether a predetermined time has elapsed and timed out.

  If the result of determination in step S811 is that a certain time has not passed and timed out (S811 / NO), the process returns to step S806. On the other hand, if the result of determination in step S811 is that a certain time has elapsed and timed out (S811 / YES), processing proceeds to step S812. In step S812, the CPU 201 of the relay server 110 transmits an inspection failure notification to the client terminal device 100 (agent program 101) (communication E). Thereafter, in step S813, the CPU 201 of the relay server 110 performs the relay rejection process described above. At this time, if communication with the client terminal device 100 via the control session 122 cannot be performed normally, the failure of the inspection may be notified by disconnecting the control session 122.

  On the other hand, if the result of the agent check is received from the client terminal device 100 as a result of the determination in step S807 (S807 / YES), the process proceeds to step S808. In step S808, the CPU 201 of the relay server 110 transmits a notification to the effect that the agent inspection result has been received to the client terminal device 100 (agent program 101) in order to synchronize the inspection result (communication G).

  Subsequently, in step S809, the CPU 201 of the relay server 110 determines whether or not the result of the agent check received in step S807 is successful. As a result of the determination, if the result of the agent inspection received in step S807 is successful (S809 / YES), the process proceeds to step S810. In step S810, the CPU 201 of the relay server 110 permits relaying in the connection request for encrypted communication from the web browser 103 of the client terminal device 100 to the HTTPS web server 150, and sends the connection request for encrypted communication to the HTTPS web. Relay to server 150.

  On the other hand, as a result of the determination in step S809, if the result of the agent check received in step S807 is failure (S809 / NO), the process proceeds to step S812. In step S812, the CPU 201 of the relay server 110 transmits an inspection failure notification to the client terminal device 100 (agent program 101) (communication E). Thereafter, in step S813, the CPU 201 of the relay server 110 performs the relay rejection process described above.

  Next, agent inspection processing using the agent program 101 performed by the CPU 201 of the client terminal device 100 will be described in detail with reference to FIG.

  The inspection using the agent program 101 is originally an inspection item to be performed in the inspection using the relay server program 111 of the relay server 110, but is an inspection that complements the inspection item that cannot be inspected for encrypted communication. Two types of inspections are performed, namely inspections that can be performed only by inspections using the agent program 101. Here, as an example of inspection items using the agent program 101, four inspection items of user authentication name inspection (S902), transmission destination inspection (S904), application specified inspection (S906), and keyword inspection (S908) will be described in detail. To do. FIG. 9 shows an overall flowchart of the agent inspection process using the agent program 101, and each inspection item shown in FIG. 9 will be described in detail with reference to FIGS.

  First, when the CPU 201 of the client terminal device 100 starts the agent inspection process in step S901, in step S902, the CPU 201 performs a user authentication name inspection process.

  FIG. 10 is a flowchart showing an example of detailed processing in the user authentication name check processing in step S902 of FIG. Hereinafter, the description of FIG. 10 will be given.

  Specifically, in the user authentication name check in step S902, relay permission / rejection is prohibited in advance for the login name (hereinafter referred to as “user authentication name”) used when the user logs in to the client terminal device 100. Is prepared, and this user authentication name list is stored in the HDD 204 of the client terminal device 100. Note that the user authentication name list may refer to a directory service such as LDAP. The user authentication name list is included in the above-described inspection standard rule, and the latest one is stored in the HDD 204 of the relay server 110.

  In step S1001 of FIG. 10, the CPU 201 of the client terminal device 100 determines whether or not the user authentication name exists in the user authentication name list stored in the HDD 204 of the own device (that is, the user authentication name is the inspection standard). To determine if it matches the rule). As a result of this determination, if the user authentication name does not exist in the user authentication name list (S1001 / NO), the CPU 201 of the client terminal device 100 determines that the user authentication name check has failed.

  On the other hand, if it is determined in step S1001 that the user authentication name exists in the user authentication name list (S1001 / YES), the process proceeds to step S1002. In step S1002, the CPU 201 of the client terminal device 100 determines whether or not the setting of the user authentication name in the user authentication name list is permitted to be relayed. As a result of this determination, when the setting of the user authentication name in the user authentication name list is not permitted to be relayed (S1002 / NO), that is, when the setting of the user authentication name is prohibited from relaying or the like. The CPU 201 of the client terminal device 100 determines that the user authentication name check has failed.

  On the other hand, as a result of the determination in step S1002, if the setting of the user authentication name in the user authentication name list is permitted to be relayed (S1002 / YES), the CPU 201 of the client terminal device 100 has succeeded in the user authentication name check. Judge.

Returning to the description of FIG.
When the user authentication name check process is performed in step S902, in step S903, the CPU 201 of the client terminal device 100 determines whether the user authentication name check in step S902 is successful.

  As a result of the determination in step S903, if the user authentication name check in step S902 fails (S903 / NO), the process proceeds to step S914. In step S914, the CPU 201 of the client terminal device 100 transmits an inspection failure notification to the relay server 110 (relay server program 111) (communication F). At this time, the CPU 201 of the client terminal device 100 transmits an inspection failure notification to the relay server 110 via the control session 122.

  On the other hand, as a result of the determination in step S903, if the user authentication name check in step S902 is successful (S903 / YES), the process proceeds to step S904. In step S904, the CPU 201 of the client terminal apparatus 100 performs transmission destination inspection processing.

  FIG. 11 is a flowchart illustrating an example of detailed processing in the transmission destination inspection processing in step S904 of FIG. Hereinafter, the description of FIG. 11 will be given.

Specifically, first, the difference between the transmission destination inspection in step S904 in FIG. 9 and the transmission destination host inspection performed in the relay server 110 in step S802 in FIG. 8 will be described.
Since the inspection by the relay server program 111 in step S802 in FIG. 8 is intended for encrypted communication, only the host name or IP address can be detected for the destination information. On the other hand, since the transmission destination check in step S904 in FIG. 9 is performed on the agent program 101, transmission destination information including a host name or IP address, for example, more detailed transmission destination information such as a URL is included. It is possible to perform an inspection based on this.

  As a result, for example, by registering a website of a financial institution or the like in a destination list described later in detail, for example, credit card numbers and other highly confidential personal information (confidential information) is more than necessary. Therefore, excessive information leakage management such as monitoring can be suppressed, and sound information management can be realized.

  Specifically, in the transmission destination inspection in step S904 in FIG. 9, relay permission / prohibition is set in advance for the transmission destination (for example, URL), or the transmission destination is set using a regular expression. The transmission destination list is prepared, and the transmission destination list is stored in the HDD 204 of the client terminal device 100. This transmission destination list is included in the above-described inspection standard rule, and the latest one is stored in the HDD 204 of the relay server 110.

  In step S1101 of FIG. 11, the CPU 201 of the client terminal apparatus 100 determines whether or not the transmission destination requested from the web browser 103 exists in the transmission destination list stored in the HDD 204 of the own apparatus (that is, transmission). Determine if the destination matches the inspection criteria rule). As a result of this determination, when the transmission destination does not exist in the transmission destination list (S1101 / NO), the CPU 201 of the client terminal device 100 determines that the transmission destination inspection has failed.

  In the process shown in FIG. 11, when the transmission destination does not exist in the transmission destination list (S1101 / NO), the transmission destination inspection is processed as failure. May be processed as a successful transmission destination check.

  On the other hand, if the result of determination in step S1101 is that the destination exists in the destination list (S1101 / YES), the process proceeds to step S1102. In step S1102, the CPU 201 of the client terminal apparatus 100 determines whether the setting of the transmission destination in the transmission destination list is permitted to be relayed. As a result of this determination, if the setting of the transmission destination in the transmission destination list is not relay permitted (S1102 / NO), that is, if the setting of the transmission destination is prohibited from relaying, the client The CPU 201 of the terminal device 100 determines that the transmission destination inspection has failed.

  On the other hand, as a result of the determination in step S1102, if the setting of the transmission destination in the transmission destination list is permitted to be relayed (S1102 / YES), the CPU 201 of the client terminal device 100 determines that the transmission destination inspection is successful. .

Returning to the description of FIG.
When the transmission destination inspection process is performed in step S904, in step S905, the CPU 201 of the client terminal device 100 determines whether the transmission destination inspection in step S904 is successful.

  As a result of the determination in step S905, when the transmission destination inspection in step S904 fails (S905 / NO), the process proceeds to step S914. In step S914, the CPU 201 of the client terminal device 100 transmits an inspection failure notification to the relay server 110 (relay server program 111) (communication F).

  On the other hand, as a result of the determination in step S905, if the transmission destination inspection in step S904 is successful (S905 / YES), the process proceeds to step S906. In step S906, the CPU 201 of the client terminal device 100 performs application-specified inspection processing.

  FIG. 12 is a flowchart showing an example of detailed processing in the application designated inspection processing in step S906 of FIG. Hereinafter, the description of FIG. 12 will be given.

  Specifically, in the application designation inspection in step S906 of FIG. 9, an application designation list in which relay permission / prohibition is set in advance is prepared for application information, for example, information such as a file name and an application name. The data is stored in the HDD 204 of the client terminal device 100. This application specification list is included in the above-described inspection standard rule, and the latest one is stored in the HDD 204 of the relay server 110.

  In step S1201 in FIG. 12, the CPU 201 of the client terminal device 100 stores information on the application captured in step S404 in FIG. 4 or step S711 in FIG. It is determined whether or not it exists (that is, it is determined whether or not the application information matches the inspection standard rule). As a result of this determination, if the application information does not exist in the application specification list (S1201 / NO), the CPU 201 of the client terminal device 100 determines that the application specification inspection has failed.

  In the process shown in FIG. 12, when the application information does not exist in the application designation list (S1201 / NO), the application designation inspection is treated as a failure. May be processed as successful application-designated inspection.

  In addition, when information about an unknown application that does not exist in the application specification list is detected, the information about the unknown application is automatically transmitted to the relay server 110 (relay server program 111) via the control session 122. May be. Thereby, for example, the system administrator can operate the administrator terminal device 130 based on the information of the unknown application to correct the above-described inspection standard rule.

  On the other hand, as a result of the determination in step S1201, if the application information exists in the application designation list (S1201 / YES), the process proceeds to step S1202. In step S1202, the CPU 201 of the client terminal device 100 determines whether or not the setting of the application information in the application designation list is permitted to be relayed. As a result of this determination, when the setting of the information of the application in the application designation list is not permitted to relay (S1202 / NO), that is, when the setting of the information of the application is prohibited from relaying. The CPU 201 of the client terminal device 100 determines that the application designation inspection has failed.

  On the other hand, as a result of the determination in step S1202, if the setting of the information of the application in the application specification list is permitted to be relayed (S1202 / YES), the CPU 201 of the client terminal device 100 determines that the application specification check is successful. To do.

Returning to the description of FIG.
When the application designation inspection process is performed in step S906, subsequently, in step S907, the CPU 201 of the client terminal device 100 determines whether or not the application designation inspection in step S906 is successful.

  As a result of the determination in step S907, if the application designation inspection in step S906 fails (S907 / NO), the process proceeds to step S914. In step S914, the CPU 201 of the client terminal device 100 transmits an inspection failure notification to the relay server 110 (relay server program 111) (communication F).

  On the other hand, as a result of the determination in step S907, if the application designated inspection in step S906 is successful (S907 / YES), the process proceeds to step S908. In step S908, the CPU 201 of the client terminal device 100 performs keyword inspection processing. This keyword check is for checking a keyword in a state before performing encrypted data communication.

  FIG. 13 is a flowchart showing an example of detailed processing in the keyword inspection processing in step S908 of FIG. Hereinafter, the description of FIG. 13 will be given.

  Specifically, in the keyword check in step S908 of FIG. 9, a keyword list in which relay permission / prohibition is set for a keyword prepared in advance is prepared, and this keyword list is stored in the HDD 204 of the client terminal device 100. Keep it. This keyword list is included in the above-described inspection standard rule, and the latest one is stored in the HDD 204 of the relay server 110.

  Here, the inspection target keywords include those composed of a single keyword and those composed of a plurality of keywords. For example, it is possible to specify the priority of logical operations such as AND operation, OR operation, NOT operation, and operations using parenthesis symbols. In addition, a single keyword composed of a plurality of words including a space symbol can be set by enclosing the keyword with double quotation marks.

  Furthermore, depending on the settings described in the inspection standard rule, for example, a plurality of format characters such as a full-width numeric character, a half-width numeric character, a numeric character surrounded by a round character, etc., but a plurality of characters having the same meaning are the same. It can also be treated as a character. For example, taking the number 1 as an example, “1”, “(1)”, “one”, “壱”, etc. can all be treated as “1”.

  In step S1301 of FIG. 13, the CPU 201 of the client terminal device 100 performs text extraction processing. At this time, the CPU 201 of the client terminal device 100 does not extract data related to highly confidential confidential information such as a credit card number. This text extraction process is a process of extracting a text character string to be subjected to keyword inspection from the application. This text extraction process will be described in detail later.

  Since there are a plurality of areas to be subjected to the text extraction process in step S1301, the individual text extracted in step S1301 is stored in the HDD 204 (or RAM 202) of the client terminal apparatus 100 as a text list in a list format. The

  In step S1302, the CPU 201 of the client terminal apparatus 100 extracts one text from the text list.

  Subsequently, in step S1303, the CPU 201 of the client terminal device 100 performs keyword inspection based on the inspection standard rule (keyword list) on the text extracted in step S1302. Specifically, in the keyword check in step S1303, whether or not the text extracted in step S1302 exists in the keyword list described above, and if it exists, the setting of the text (keyword) in the keyword list is relay permission. It is inspected whether or not.

  Subsequently, in step S1304, the CPU 201 of the client terminal device 100 determines whether or not the text extracted in step S1302 exists in the keyword list stored in the HDD 204 of the own device (that is, extracted in step S1302). Determine if the text matches the inspection criteria rule). As a result of the determination, if the text extracted in step S1302 does not exist in the keyword list (S1304 / NO), the process proceeds to step S1306.

  On the other hand, if it is determined in step S1304 that the text extracted in step S1302 exists in the keyword list (S1304 / YES), the process proceeds to step S1305. In step S1305, the CPU 201 of the client terminal device 100 determines whether the setting of the text (keyword) in the keyword list is permitted to be relayed. As a result of this determination, if the setting of the text (keyword) in the keyword list is not permitted to be relayed (S1305 / NO), that is, if the setting of the text (keyword) is prohibited from relaying. The CPU 201 of the client terminal device 100 determines that the keyword check has failed.

  On the other hand, as a result of the determination in step S1305, if the setting of the text (keyword) in the keyword list is permitted to be relayed (S1305 / YES), the process proceeds to step S1306.

  In step S1306, the CPU 201 of the client terminal device 100 determines whether or not a keyword check has been performed on all texts in the text list based on the text extracted in step S1301. As a result of the determination, if all the texts in the text list have not yet been subjected to keyword inspection (S1306 / NO), the process returns to step S1302, and in step S1302, the text that has not been subjected to keyword inspection is extracted from the text list. Thus, the processing after step S1303 is performed.

  On the other hand, as a result of the determination in step S1306, when the keyword check is performed for all the texts in the text list (S1306 / YES), the relay prohibition is not set for all the texts detected in step S1301. The CPU 201 of the client terminal device 100 determines that the keyword check is successful.

Returning to the description of FIG.
When the keyword checking process is performed in step S908, subsequently, in step S909, the CPU 201 of the client terminal device 100 determines whether or not the keyword checking in step S908 is successful.

  If the result of determination in step S909 is that the keyword check in step S908 has failed (S909 / NO), the process proceeds to step S914. In step S914, the CPU 201 of the client terminal device 100 transmits an inspection failure notification to the relay server 110 (relay server program 111) (communication F).

  On the other hand, as a result of the determination in step S909, if the keyword check in step S908 is successful (S909 / YES), the process proceeds to step S910.

  In step S910, the CPU 201 of the client terminal device 100 performs all agent checks performed on the client terminal device 100 side (user authentication name check in S902, destination check in S904, application specified check in S906, and keyword in S908). Since the (inspection) has succeeded, a successful inspection notification is transmitted to the relay server 110 (relay server program 111) (communication F). At this time, the CPU 201 of the client terminal device 100 transmits a successful inspection notification to the relay server 110 via the control session 122.

  In the processing up to this point, the CPU 201 of the client terminal device 100 transmits a successful inspection notification to the relay server 110 (relay server program 111) in step S910, or to the relay server 110 (relay server program 111) in step S914. An inspection failure notification is being sent.

  Subsequently, in step S911, the CPU 201 of the client terminal device 100 waits for receipt of the inspection result from the relay server 110 in order to confirm whether or not the relay server 110 has received the agent inspection result by the agent program 101. (Communication G).

  Subsequently, in step S912, the CPU 201 of the client terminal device 100 determines whether or not reception of the agent inspection result has been received from the relay server 110. As a result of the determination, if reception of the agent inspection result is received from the relay server 110 (S912 / YES), the process proceeds to step S913, and the CPU 201 of the client terminal device 100 performs an inspection end process.

  On the other hand, as a result of the determination in step S912, if reception of the agent inspection result is not received from the relay server 110 (S912 / NO), the process proceeds to step S915. In step S915, the CPU 201 of the client terminal device 100 determines whether a certain time has elapsed and timed out.

  As a result of the determination in step S915, when the predetermined time has not elapsed and the timeout has not occurred (S915 / NO), the process returns to step S911. On the other hand, as a result of the determination in step S915, if a predetermined time has elapsed and timed out (S915 / YES), the process proceeds to step S919, and the CPU 201 of the client terminal device 100, for example, even if the agent inspection is successful. Assuming that the linkage with the relay server 110 (relay server program 111) is no longer possible, an inspection failure process is performed.

  The inspection failure processing in step S919 may be processing such as the application restriction processing described above, for example. Preferably, a process of notifying the user of the client terminal device 100 of the inspection result and restricting only the encrypted data transmission is better. At this time, it is possible to notify the relay server 110 (relay server program 111) of the failure of the inspection result by disconnecting the control session 122, assuming that the communication with the relay server 110 (relay server program 111) is not normally performed.

  In the above description, in step S910, the CPU 201 of the client terminal device 100 transmits a successful agent check notification to the relay server 110 (relay server program 111). At this time, the relay server 110 (relay server program 111) is in the middle of checking the relay server. For example, in the case where the time zone check in step S804 has failed, the mutual communication is illustrated in FIGS. This will be described in more detail.

  In this case, the CPU 201 of the client terminal device 100 is in a standby state in which a notification of successful inspection is transmitted to the relay server 110 in step S910 (communication F), and a reception signal from the relay server 110 is awaited in step S911. On the other hand, the relay server 110 is in a state in which the time zone inspection in step S804 has failed and an inspection failure notification is transmitted to the client terminal device 100 (agent program 101) in step S812 (communication E). In this case, the CPU 201 of the client terminal device 100 receives the inspection failure notification from the relay server program 111 in step S916.

In step S917, the CPU 201 of the client terminal device 100 determines whether or not the result of the agent inspection by the agent program 101 has been transmitted to the relay server 110 (relay server program 111).
As a result of this determination, if the result of the agent inspection has not been transmitted to the relay server 110 (relay server program 111) (S917 / NO), the process proceeds to step S918, and the CPU 201 of the client terminal device 100 interrupts the agent inspection. Process. Thereafter, the process proceeds to step S919, and the above-described inspection failure process is performed.
On the other hand, as a result of the determination in step S917, if the result of the agent inspection has already been transmitted to the relay server 110 (relay server program 111) (S917 / YES), the process proceeds to step S919, and the above-described inspection failure processing is performed. Is called.

  In this example, since the result of the agent inspection has already been transmitted to the relay server 110 (relay server program 111), an affirmative determination is made in step S917, and then an inspection failure process in step S919 is performed.

  Next, the mutual communication when the CPU 201 of the relay server 110 determines that the relay server inspection has failed while the CPU 201 of the client terminal device 100 is in the inspection of the agent inspection will be described in more detail with reference to FIGS.

  For example, as in the above-described example, if it is determined that the time zone check in step S804 in FIG. 8 is unsuccessful, the CPU 201 of the relay server 110 transmits a check failure notification to the client terminal device (agent program 101) in step S812. (Communication E). Thereafter, the CPU 201 of the relay server 110 performs the above-described interruption rejection processing in step S813.

  At this time, the CPU 201 of the client terminal device 100 is in a state in which each inspection in steps S902 to S908 in FIG. In this state, the CPU 201 of the client terminal apparatus 100 receives the inspection failure notification from the relay server 110 in step S916 via the communication E. In this case, since the client terminal device 100 does not notify the relay server 110 of the inspection result, a negative determination is made in step S917, and in step S918, the ongoing agent inspection is interrupted. When the agent inspection is interrupted, in step S919, the CPU 201 of the client terminal device 100 performs an inspection failure process.

Next, details of the text extraction processing shown in step S1301 of FIG. 13 will be described.
14 to 16 are flowcharts showing an example of detailed processing in the text extraction processing in step S1301 of FIG. This text extraction process is to extract text information in a state before performing encrypted data communication. Hereinafter, description will be given of FIGS. 14 to 16.

The text extraction process shown in step S1301 of FIG. 13 is a process related to the keyword inspection process shown in step S908 of FIG. As the target of the keyword inspection in the agent inspection using the agent program 101, the following first to third aspects can be considered.
A first mode that is a target of keyword inspection is a display screen that displays an application captured by the CPU 201 of the client terminal device 100 on the display unit 209 of the client terminal device 100. In addition, as a second aspect to be subjected to keyword inspection, there are an attached file input to the application via the OS and text via a clipboard. Furthermore, a third aspect to be subjected to keyword inspection is text input via the keyboard 207 or pointing device 208 of the client terminal device 100 (that is, from the recording of the key logger 102).

  First, the text extraction processing (S1301-1) from the display screen displayed on the display unit 209 in the first aspect described above will be described in detail with reference to FIG.

  Since the currently used OS generally adopts a window system, the display screen of the application displayed on the display unit 209 of the client terminal device 100 includes various windows. Has an independent window ID.

  The CPU 201 of the client terminal device 100 that has detected the start of encrypted communication by synchronizing the processing by the agent program 101 and the processing by the relay server program 111, first, in step S1401, all the windows constituting the application at that time Enumerate IDs and extract windows.

  Subsequently, in step S1402, the CPU 201 of the client terminal device 100 determines whether or not one window extracted in step S1401 has a text attribute.

  If the result of determination in step S1402 is that the window has a text attribute (S1402 / YES), the process proceeds to step S1403. In step S1403, the CPU 201 of the client terminal device 100 performs processing for extracting text from the window. Subsequently, in step S1404, the CPU 201 of the client terminal device 100 performs processing for adding the text extracted in step S1403 to the text list.

  When the process of step S1404 is completed, or when it is determined in step S1402 that the window does not have the text attribute (S1402 / NO), the process proceeds to step S1405. In step S1405, the CPU 201 of the client terminal device 100 determines whether text extraction processing has been performed on the windows having all window IDs listed in step S1401.

  If it is determined in step S1405 that text extraction processing has not yet been performed for all windows with the window IDs listed in step S1401 (S1405 / NO), the process returns to step S1402, and text extraction is performed in step S1402. A window that has not been processed is extracted, and the subsequent processing is performed.

  On the other hand, if the result of determination in step S1405 is that text extraction processing has been performed for all windows with the window IDs listed in step S1401 (S1405 / YES), the text extraction processing shown in step S1301-1 in FIG. Exit.

  At the time of text extraction in step S1403, for example, a window having a password attribute can be excluded from extraction based on the above-described inspection standard rule, and sound information management that is not monitored more than necessary can be realized. .

  In the flowchart shown in FIG. 14, all window IDs constituting the application are listed in step S1401, and text is extracted from all windows based on the window ID. For example, in step S1401, the application The present invention is also applicable to a mode in which only the window ID of an active window (currently open window) is detected and text is extracted from only the active window.

  Next, a text extraction process (S1301-2 and S1301-3) from the attached file input via the OS or the clipboard in the second mode described above (S1301-2 and S1301-3) will be described in detail with reference to FIG.

  In order to extract an attached file input to the application via the OS or text via the clipboard, the CPU 201 of the client terminal device 100 causes the application to read “file read” or “paste clipboard”. “Taka” can be monitored. However, the CPU 201 of the client terminal device 100 may perform these operations before the application capturing process in step S711 in FIG.

  Therefore, the CPU 201 of the client terminal device 100 always performs monitoring of pasting from the clipboard as the first monitoring, and monitoring reading of the file as the second monitoring.

  The first monitoring of pasting from the clipboard, which is the first monitoring, always monitors the clipboard, records the pasting contents and the application name of the pasting destination at the stage when the pasting operation is performed, and records that If there is such an application, a series of processing shown in step S1301-2 in FIG. 15 is executed.

  In this case, in step S1501, the CPU 201 of the client terminal device 100 determines whether or not the clipboard content has a text format. If the result of this determination is that the contents of the clipboard are in a format with text (S1501 / YES), processing proceeds to step S1502. In step S1502, the CPU 201 of the client terminal device 100 extracts the text on the clipboard, and in step S1503, performs processing for adding the text extracted in step S1502 to the text list.

  When the process of step S1503 is completed, or when it is determined in step S1501 that the contents of the clipboard are not in a format having text (S1501 / NO), the text extraction process shown in step S1301-2 of FIG. 15 is terminated. To do.

  When monitoring the pasting from the clipboard, for example, the setting item of the application designated inspection in step S906 may be referred to and only the application designated by the setting item may be targeted.

  The second monitoring of file reading is a method of monitoring a UI program corresponding to the user interface function of the OS and recording a file name exchanged between the UI program and the UI program together with the application name, There is a method of determining the application name from the calling process by monitoring the OS file API and recording the file name together with the application name. When the application is included in the file name and application name recorded by these methods, a series of processes shown in step S1301-3 in FIG. 15 is executed.

  In this case, in step S1501, the CPU 201 of the client terminal device 100 determines whether or not the file content has a text format. If the result of this determination is that the content of the file is in a format with text (S1501 / YES), processing proceeds to step S1502. In step S1502, the CPU 201 of the client terminal device 100 extracts the text in the file, and then performs a process of adding the text extracted in step S1502 to the text list in step S1503.

  When the process of step S1503 is completed, or when the content of the file is not in a format having a text in step S1501 (S1501 / NO), the text extraction process shown in step S1301-3 of FIG. 15 is ended.

  Note that when monitoring the reading of a file, for example, the setting item of the application designated inspection in step S906 may be referred to and only the application designated by the setting item may be targeted.

  In particular, since the HTTPS web server 150 that performs the web mail service can send a file with a file attached, for example, the window displayed in the web browser 103 has a file name attribute in step S1403 of FIG. When the text extraction from the object is performed, the file name is known. At this time, the reading of the file may be monitored.

  In addition, since text extraction is not performed for all files, monitoring of file reading fails for files whose file format cannot be specified, or decompression is performed for compressed files and individual text extraction is performed. You may implement the process.

  Next, the text extraction processing (S1301-4) from the recording of the key logger 102 input via the keyboard 207 or the pointing device 208 of the client terminal device 100 in the third aspect described above will be described in detail with reference to FIG. explain.

  The key logger 102 is a program that records information input via the keyboard 207 and the pointing device 208 on the client terminal device 100. In the processing by the key logger 102, it is possible to clearly record after the application capture performed in step S711 of FIG. 7, but the information input before the application capture is added to the inspection target as in the above-described clipboard monitoring. Sometimes it is necessary.

  Therefore, the CPU 201 of the client terminal device 100 determines an active application that is currently the input target from information input via the keyboard 207 or the pointing device 208 of the client terminal device 100 by processing using the key logger 102. Judgment is made and the input to the application is recorded together with the information of the application. Further, for example, the setting item of the application designated inspection in step S906 may be referred to and only the input to the application designated by the setting item may be recorded.

  First, in step S1601, the CPU 201 of the client terminal apparatus 100 determines whether or not the recording by the key logger 102 is an input recording to the captured application. Specifically, in step S1601, after the application capture performed in step S711 of FIG. 7, input information is recorded more clearly, and whether or not the input record to the captured application is combined with the information before the capture. Judging.

  If it is determined in step S1601 that the recording by the key logger 102 is an input recording to the captured application, the process advances to step S1602. In step S1602, the CPU 201 of the client terminal device 100 performs processing for extracting text. Subsequently, in step S1603, the CPU 201 of the client terminal device 100 performs processing for adding the text extracted in step S1602 to the text list.

  When the process of step S1603 is completed, or when it is determined in step S1601 that the recording by the key logger 102 is not an input recording to the captured application (S1601 / NO), the text shown in step S1301-4 of FIG. The extraction process ends.

  In the processing by the key logger 102, input logging is performed for each window ID constituting the application. For example, an excessive logging is suppressed by using an inspection standard rule such as not recording input for a window for inputting a password. And sound information management can be implemented.

The overall image of each process of the flowcharts shown in FIGS. 3 to 16 described above will be described in detail with reference to FIGS.
FIGS. 17 and 18 illustrate control including processing using the agent program 101 and the key logger 102 executed by the CPU 201 of the client terminal apparatus 100 and processing using the relay server program 111 executed by the CPU 201 of the relay server 110. It is a sequence diagram which shows an example of a processing relationship.

  Specifically, FIG. 17 is a sequence diagram showing an example of a handshake sequence, showing the control processing relationship when the first connection is attempted from the client terminal device 100 to the HTTPS web server 150.

  At the time of starting the process according to the sequence diagram of FIG. 17, the client terminal device 100 is in a state of trying to access the HTTPS web server 150 that provides the web mail service. That is, it is assumed that there is no connection session 121 between the client terminal device 100 and the relay server 110.

  When the web browser 103 of the client terminal device 100 accesses the HTTPS web server 150 via the relay server 110, a connection session 121 is generated, and the start of encrypted communication is detected by processing using the relay server program 111. (S501 / YES). The CPU 201 of the relay server 110 generates a control session 122 for cooperation with the client terminal device 100 (agent program 101) in processing using the relay server program 111 (S507, communication A). Then, the CPU 201 of the relay server 110 synchronizes the inspection standard rule with the time information (S504, communication B), and further captures the application that is going to be connected to the HTTPS web server 150 from the client terminal device 100. A command is issued to 100 (S602, communication C).

  Subsequently, in the processing using the agent program 101, the CPU 201 of the client terminal device 100 issues an application capture command to the key logger 102, starts monitoring the web browser 103, and further successfully captures the application to the relay server 110. A notification is returned (S707, communication D).

  After synchronization with the relay server 110, the CPU 201 of the client terminal device 100 performs agent inspection using the agent program 101 (S901). On the other hand, the CPU 201 of the relay server 110 performs relay server inspection using the relay server program 111 (S801).

  Then, the CPU 201 of the relay server 110 completes the inspection based on the success notification of the agent inspection from the client terminal device 100 (S806 based on S910, communication F) and the inspection result receipt notification (S808, communication G), and performs the relay server inspection. When all the inspections including the above are successful, in step S810 of FIG. 8, the relay in the connection request of the encrypted communication from the web browser 103 of the client terminal device 100 to the HTTPS web server 150 is permitted.

  Thereafter, the CPU 201 of the relay server 110 relays a connection request for encrypted communication from the web browser 103 to the HTTPS web server 150 by processing using the relay server program 111 (S1701). Then, the CPU 201 of the relay server 110 receives the server certificate sent from the HTTPS web server 150 (S1702), transmits it to the web browser 103 of the client terminal device 100, and relays it (S1703). Thereafter, the CPU 201 of the relay server 110 receives the common key sent from the web browser 103 (S1704), and transmits it to the HTTPS web server 150 to perform relaying (S1705). Thereafter, the CPU 201 of the relay server 110 receives the encrypted data encrypted with the common key sent from the HTTPS web server 150 (S1706), and transmits the data to the web browser 103 for relaying (S1707). ).

  Through the processing shown in FIG. 17, the web browser 103 of the client terminal device 100 is in a state where the login screen of the web mail service provided by the HTTPS web server 150 is displayed.

Next, the sequence diagram of FIG. 18 will be described.
Specifically, FIG. 18 shows the control processing relationship of the input inspection of the web browser 103 detected by the CPU 201 of the client terminal device 100 through the processing using the agent program 101 after the handshake sequence shown in FIG. It is a sequence diagram showing an example of an inspection sequence.

  Here, in the web browser 103 of the client terminal device 100, the user logs in to the web mail service provided by the HTTPS web server 150, creates a web mail, and presses the “Send” button.

  The CPU 201 of the client terminal device 100 that is capturing the web browser 103 records key inputs to the web browser 103 by processing using the key logger 102. Further, the CPU 201 of the client terminal device 100 is a process using the agent program 101, and performs a text extraction process by monitoring file attachment to the web browser 103 (S1301-3 in FIG. 15) or by monitoring pasting via the clipboard. Text extraction processing is performed (S1301-2 in FIG. 15).

  Here, when the send button is pressed on the screen of the web browser 103, the web browser 103 enters a state of starting encrypted communication with the HTTPS web server 150. At this time, the CPU 201 of the relay server 110 causes the web browser 103 to A request to start encrypted communication is received from (S501). Subsequently, the CPU 201 of the relay server 110 transmits an application capture command to the client terminal device 100 (agent program 101) by processing using the relay server program 111 (S602, communication C).

  Here, since the CPU 201 of the client terminal device 100 has already captured the web browser 103, it returns a notification of successful capture of the application (S707, communication D).

  The CPU 201 of the client terminal device 100 captures the state of the display screen of the web browser 103 by processing using the agent program 101, and performs text extraction processing (S1301-1 in FIG. 14). Furthermore, the CPU 201 of the client terminal device 100 performs text extraction processing from the recording of the key logger 102 (S1301-4 in FIG. 16). Then, the CPU 201 of the client terminal device 100 performs agent inspection including keyword inspection by the text extraction process described above (S901).

  On the other hand, the CPU 201 of the relay server 110 performs relay server inspection by processing using the relay server program 111 (S801), and waits for the result of agent inspection from the client terminal device 100.

  Then, the CPU 201 of the relay server 110 completes the inspection based on the success notification of the agent inspection from the client terminal device 100 (S806 based on S910, communication F) and the inspection result receipt notification (S808, communication G), and performs the relay server inspection. When all the inspections including that are successful, in step S810 of FIG. 8, the relay in the transmission request of the encrypted communication from the web browser 103 of the client terminal device 100 to the HTTPS web server 150 is permitted.

  Thereafter, the CPU 201 of the relay server 110 relays the encrypted communication transmission request from the web browser 103 to the HTTPS web server 150 by the processing using the relay server program 111 (S1801). Then, the CPU 201 of the relay server 110 receives the session ID sent from the HTTPS web server 150 (S1802), and transmits it to the web browser 103 of the client terminal device 100 to perform relaying (S1803). Thereafter, the CPU 201 of the relay server 110 receives the encrypted data sent from the web browser 103 (S1804), and transmits it to the HTTPS web server 150 for relaying (S1805). Thereafter, the CPU 201 of the relay server 110 receives the encrypted data sent from the HTTPS web server 150 (S1806), and transmits it to the web browser 103 for relaying (S1807).

  Through the processing shown in FIG. 18, the web browser 103 of the client terminal device 100 is in a state in which transmission of mail is completed via the encrypted communication path from the web mail service provided by the HTTPS web server 150. .

Next, an inspection standard rule used in the information processing system 1 of the present embodiment will be described.
FIG. 19 is a schematic diagram illustrating an example of an inspection standard rule used in the information processing system according to the embodiment of the present invention. FIG. 19 shows an example of inspection items performed in the information processing system 1 of the present embodiment, an inspection position indicating a place where inspection of each inspection item is performed, and setting of inspection standard rules relating to inspection of each inspection item The contents are shown.

  FIG. 20 is an image diagram showing an example of a setting screen for setting the inspection standard rule shown in FIG. The setting screen shown in FIG. 20 is displayed on the display unit 209 shown in FIG. 2, and an inspection standard rule is set by inputting from the pointing device 208, for example. 20 includes inspection item selection units 2001 to 2009 for setting inspection standard rules for each inspection item shown in FIG. 19. In the example shown in FIG. A case is shown in which the selection unit 2006 is selected and an inspection standard rule for the keyword inspection is set.

Next, a protocol for a control session using the agent program 101 and the relay server program 111 will be described.
FIG. 21 is a schematic diagram illustrating an example of a protocol for a control session using the agent program 101 and the relay server program 111. FIG. 21 shows an example of a protocol of a control session using the agent program 101 and the relay server program 111 for each communication (communication A to communication G).

Next, the unencrypted communication inspection process in step S506 in FIG. 5 will be described.
FIG. 22 is a flowchart illustrating an example of an unencrypted communication inspection process using the relay server program 111 in the relay server 110.
The unencrypted communication inspection process shown in FIG. 22 is performed when a connection request related to unencrypted communication is received from the client terminal apparatus 100 in step S501 of FIG. The non-encrypted communication inspection process will be described below with reference to FIGS. 11 and 13 together with FIG.

  Unlike the encrypted communication inspection described above, in the non-encrypted communication inspection, the CPU 201 of the relay server 110 can inspect all the communication by the process using the relay server program 111. At this time, representative data to be inspected in the non-encrypted communication inspection includes a header portion including a connection destination URL (transmission destination URL), a query portion in a GET connection request on HTTP communication, and a POST connection request. Data corresponding to the message body part. Note that the data to be subjected to the non-encrypted communication inspection is not limited to these, and it goes without saying that the communication data via various non-encrypted protocols such as FTP communication data is a target.

  When there is a connection request related to non-encrypted communication from the web browser 103 of the client terminal device 100 and the non-encrypted communication inspection process in step S506 is started, first, in step S2201, the CPU 201 of the relay server 110 A transmission destination inspection process is performed for the transmission destination related to the encrypted communication. The transmission destination inspection process performed in step S2201 is the same process as the process shown in FIG.

  In this transmission destination inspection, a transmission destination list in which relay permission / prohibition is set for a transmission destination (for example, URL) or a transmission destination is set using a regular expression is prepared in advance. . This transmission destination list is included in the above-described inspection standard rule, and the latest one is stored in the HDD 204 of the relay server 110.

Here, FIG. 11 will be described.
In step S1101 of FIG. 11, the CPU 201 of the relay server 110 determines whether or not the transmission destination requested from the web browser 103 exists in the transmission destination list stored in the HDD 204 of the own apparatus (that is, transmission destination). Determines whether or not matches the inspection criteria rule). As a result of this determination, when the transmission destination does not exist in the transmission destination list (S1101 / NO), the CPU 201 of the relay server 110 determines that the transmission destination inspection has failed.

  In the process shown in FIG. 11, when the transmission destination does not exist in the transmission destination list (S1101 / NO), the transmission destination inspection is processed as failure. May be processed as a successful transmission destination check.

  On the other hand, if the result of determination in step S1101 is that the destination exists in the destination list (S1101 / YES), the process proceeds to step S1102. In step S1102, the CPU 201 of the relay server 110 determines whether or not the setting of the transmission destination in the transmission destination list is permitted to be relayed. As a result of this determination, if the setting of the transmission destination in the transmission destination list is not permitted to relay (S1102 / NO), that is, if the setting of the transmission destination is prohibited from relaying, etc. The CPU 201 of the server 110 determines that the transmission destination inspection has failed.

  On the other hand, as a result of the determination in step S1102, if the setting of the transmission destination in the transmission destination list indicates that the relay is permitted (S1102 / YES), the CPU 201 of the relay server 110 determines that the transmission destination inspection is successful.

Now, the description returns to FIG.
When the transmission destination inspection process is performed in step S2201, subsequently, in step S2202, the CPU 201 of the relay server 110 determines whether the transmission destination inspection in step S2201 is successful.

  If the destination check in step S2201 fails as a result of the determination in step S2202 (S2202 / NO), the process proceeds to step S2208, and the CPU 201 of the relay server 110 performs unencrypted communication (HTTP data transmission) from the web browser 103. ) To reject the relay.

  On the other hand, as a result of the determination in step S2202, if the transmission destination inspection in step S2201 is successful (S2202 / YES), the process proceeds to step S2203. In step S2203, the CPU 201 of the relay server 110 performs time zone inspection processing. The time zone inspection process performed in step S2203 is the same as the time zone inspection process described in step S804 of FIG.

  Specifically, in the time zone inspection in step S2203, a time zone setting list in which relay permission / prohibition is set in advance is prepared for an arbitrary time zone, and this time zone setting list is stored in the HDD 204 of the relay server 110. Save to. Then, the CPU 201 of the relay server 110 refers to the time zone setting list for the time T1 of the relay server 110 at the time of receiving the connection request for unencrypted communication from the web browser 103 (S501 in FIG. 5). The time zone inspection process is performed by detecting relay permission or prohibition. In this case, the time zone inspection is successful when relay permission is detected, and the time zone inspection fails when relay prohibition is detected.

  In the time zone inspection, if the time T1 is not set in the time zone setting list, an initial value for the time zone can be set in the HDD 204. With this initial value, it is possible to set either “all relay permitted” or “all relay prohibited”. When the time T1 is not set in the time zone setting list, the initial value is referred to. When “Allow all relays” is set, the time zone inspection is successful and “All relay prohibited” is set. If it is, the time zone inspection will fail.

  For example, assuming that the time T1 corresponds to a plurality of setting items in the time zone setting list, the priority order may be set in advance for each setting item in the time zone setting list. At this time, for example, the priority order may be assigned in the order of description in the time zone setting list. In this case, when relay permission is set in the highest setting item of the time zone setting list corresponding to time T1, the time zone inspection is successful, and relay prohibition is set in the highest setting item. In some cases, the time zone inspection fails.

  Subsequently, in step S2204, the CPU 201 of the relay server 110 determines whether or not the time zone inspection in step S2203 is successful.

  As a result of step S2204, when the time zone inspection in step S2203 has failed (S2204 / NO), the process proceeds to step S2208, and the CPU 201 of the relay server 110 performs the above-described relay rejection processing.

  On the other hand, as a result of step S2204, when the time zone inspection in step S2203 is successful (S2204 / YES), the process proceeds to step S2205. In step S2205, the CPU 201 of the relay server 110 performs keyword inspection processing.

  The keyword checking process in step S2205 is the same as the keyword checking process shown in FIG. 13 in step S908 in FIG. 9, but the inspection target is non-encrypted communication, so the text extraction process in step S1301 in FIG. There is no need to carry out a keyword check, and a keyword check can be carried out directly on unencrypted communication data.

  In the keyword check in step S2205, a keyword list in which relay permission / relay prohibition is set for a prepared keyword is prepared, and the keyword list is stored in the HDD 204 of the relay server 110. This keyword list is included in the inspection standard rule and is the latest.

  Here, the inspection target keywords include those composed of a single keyword and those composed of a plurality of keywords. For example, it is possible to specify the priority of logical operations such as AND operation, OR operation, NOT operation, and operations using parenthesis symbols. In addition, a single keyword composed of a plurality of words including a space symbol can be set by enclosing the keyword with double quotation marks.

  Furthermore, depending on the settings described in the inspection standard rule, for example, a plurality of format characters such as a full-width numeric character, a half-width numeric character, a numeric character surrounded by a round character, etc., but a plurality of characters having the same meaning are the same. It can also be treated as a character. For example, taking the number 1 as an example, “1”, “(1)”, “one”, “壱”, etc. can all be treated as “1”.

Here, FIG. 13 will be described.
In the keyword checking process in step S2205, first, a text list is created based on the text directly extracted from the non-encrypted communication data. In step S1302 in FIG. 13, the CPU 201 of the relay server 110 selects 1 from the text list. Take out one text.

  Subsequently, in step S1303, the CPU 201 of the relay server 110 performs keyword inspection based on the inspection standard rule (keyword list) on the text extracted in step S1302. Specifically, in the keyword check in step S1303, whether or not the text extracted in step S1302 exists in the keyword list described above, and if it exists, the setting of the text (keyword) in the keyword list is relay permission. It is inspected whether or not.

  Subsequently, in step S1304, the CPU 201 of the relay server 110 determines whether or not the text extracted in step S1302 exists in the keyword list described above (that is, the text extracted in step S1302 matches the inspection standard rule). Or not). As a result of the determination, if the text extracted in step S1302 does not exist in the keyword list (S1304 / NO), the process proceeds to step S1306.

  On the other hand, if it is determined in step S1304 that the text extracted in step S1302 exists in the keyword list (S1304 / YES), the process proceeds to step S1305. In step S1305, the CPU 201 of the relay server 110 determines whether the setting of the text (keyword) in the keyword list is permitted to be relayed. As a result of this determination, if the setting of the text (keyword) in the keyword list is not permitted to be relayed (S1305 / NO), that is, if the setting of the text (keyword) is prohibited from relaying. The CPU 201 of the relay server 110 determines that the keyword check has failed.

  On the other hand, as a result of the determination in step S1305, if the setting of the text (keyword) in the keyword list is permitted to be relayed (S1305 / YES), the process proceeds to step S1306.

  In step S1306, the CPU 201 of the relay server 110 determines whether or not a keyword check has been performed on all texts in the text list. As a result of the determination, if all the texts in the text list have not yet been subjected to keyword inspection (S1306 / NO), the process returns to step S1302, and in step S1302, the text that has not been subjected to keyword inspection is extracted from the text list. Thus, the processing after step S1303 is performed.

  On the other hand, as a result of the determination in step S1306, if all the texts in the text list are checked for a keyword (S1306 / YES), relay prohibition is not set for all texts extracted from the unencrypted communication data. Therefore, the CPU 201 of the relay server 110 determines that the keyword check is successful.

Now, the description returns to FIG.
When the keyword checking process is performed in step S2205, subsequently, in step S2206, the CPU 201 of the relay server 110 determines whether or not the keyword checking in step S2205 is successful.

  If it is determined in step S2206 that the keyword check in step S2205 has failed (NO in step S2206), the process advances to step S2208, and the CPU 201 of the relay server 110 performs the above-described relay rejection process.

  On the other hand, as a result of step S2206, when the keyword check in step S2205 is successful (S2206 / YES), the process proceeds to step S2207, and the CPU 201 of the relay server 110 transfers the HTTP web server 160 from the web browser 103 of the client terminal device 100. Relay in the connection request of unencrypted communication is permitted, and the connection request of unencrypted communication is relayed to the HTTP web server 160.

As described above, the following processing is performed in the client terminal device 100 and the relay server 110 that configure the information processing system 1 according to the embodiment of the present invention.
The client terminal device 100 stores an inspection standard rule (FIG. 19) in which conditions for performing encrypted communication with the HTTPS web server 150, which is an encrypted communication server, are stored in the HDD 204 of its own device.
First, the client terminal device 100 specifies an application that performs encrypted communication with the HTTPS web server 150 (S711).
Further, the client terminal device 100 extracts data that is data before encrypted communication and is transmitted to the relay server 110 via the application specified in step S711 (for example, S1301). .
Then, the client terminal device 100 performs a first determination for determining whether or not the extracted data satisfies the condition of the inspection standard rule (for example, S909). Thereafter, the client terminal device 100 transmits the first determination result to the relay server 110 (S910, S914).
Then, the relay server 110 determines whether to transmit data to the HTTPS web server 150 according to the first determination result (S809).
In the above-described embodiment, the mode in which the first determination described above is performed on the client terminal device 100 side is shown, but the mode in which the first determination is performed on the relay server 110 side is also applicable to the present invention. It is.
In this case, the client terminal device 100 transmits the extracted data to the relay server 110 via the control session 122. Then, the relay server 110 takes a form in which a first determination is made to determine whether or not the extracted data satisfies the condition of the inspection standard rule stored in the HDD 204 of the own device. Thereafter, as in the above-described embodiment, the relay server 110 determines whether to transmit data to the HTTPS web server 150 according to the first determination result (S809).

In addition, a connection session (first session) 121 for performing encrypted communication (or non-encrypted communication) and the connection session 121 are provided between the client terminal device 100 and the relay server 110. Thus, a control session (second session) 122 for performing control is formed.
Then, the client terminal device 100 uses the control session 122 to transmit the determination result of the first determination to the relay server 110 (S910, S914).

Further, the relay server 110 holds the latest inspection standard rule. If the latest rule held by the relay server 110 and the inspection standard rule stored in the HDD 204 of the own device do not match, the client terminal device 100 determines that the client terminal device 100 is based on the latest rule held by the relay server 110. The inspection standard rule stored in the HDD 204 of the apparatus is updated (S708).
In addition, a plurality of conditions are defined in the inspection standard rule as shown in FIG. 19, and in the first determination performed by the client terminal device 100, among the plurality of conditions defined in the inspection standard rule (S902 to S909), on the other hand, the relay server 110 determines whether other conditions other than the partial conditions defined in the inspection standard rule are satisfied. A second determination is made (S802 to S805).
Then, the relay server 110 determines whether to transmit data to the HTTPS web server 150 based on the determination result of the first determination and the determination result of the second determination (S805). , S809).

Furthermore, the client terminal device 100 is configured to be able to perform non-encrypted communication with the HTTP web server 160 that is an unencrypted communication server.
The relay server 110 relays data transmitted from the client terminal device 100 to the HTTPS web server 150 or the HTTP web server 160 in accordance with a communication connection request from the client terminal device 100 (S501).

  As described above, encrypted communication is performed by linking the processing using the agent program 101 in the client terminal device 100 and the processing using the relay server program 111 in the relay server 110 via the control session 122. In doing so, it is possible to manage and inspect information while ensuring the security of encrypted communication without breaking the cryptographic framework such as decryption of encrypted data by a third party. For example, this embodiment is suitable for monitoring and checking encrypted communication using HTTPS such as a web mail service or unencrypted communication using HTTP.

  It should be noted that the configuration and contents of the various data described above are not limited to this, and it is needless to say that they are configured with various contents according to applications and purposes.

  Although one embodiment according to the present invention has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and more specifically, a relay server. 110 and the client terminal device 100 may be applied to a system composed of a plurality of devices or a system composed of a single device.

  It goes without saying that the present invention can also be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program represented by software for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

  Furthermore, by downloading and reading a program represented by software for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention. It becomes.

  In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

It is a figure which shows an example of schematic structure of the information processing system which concerns on embodiment of this invention. It is a block diagram which shows an example of the hardware constitutions of the client terminal device and relay server which are shown in FIG. It is a flowchart which shows an example of the process at the time of starting using the agent program in a client terminal device. It is a flowchart which shows an example of the relay server cooperation process using the agent program in a client terminal device. It is a flowchart which shows an example of the agent cooperation process using the relay server program in a relay server. It is a flowchart which shows an example of the application capture process using the relay server program in a relay server. It is a flowchart which shows an example of the control session success process using the agent program in a client terminal device. It is a flowchart which shows an example of the relay server inspection process using the relay server program in a relay server. It is a flowchart which shows an example of the agent test | inspection process using the agent program in a client terminal device. It is a flowchart which shows an example of the detailed process in the user authentication name check process of step S902 of FIG. 23 is a flowchart illustrating an example of detailed processing in the transmission destination inspection processing in step S904 in FIG. 9 (or step S2201 in FIG. 22). FIG. 10 is a flowchart illustrating an example of detailed processing in application-designated inspection processing in step S906 of FIG. 9; FIG. 23 is a flowchart illustrating an example of detailed processing in the keyword inspection processing in step S908 in FIG. 9 (or step S2205 in FIG. 22). It is a flowchart which shows an example of the detailed process in the text extraction process of step S1301 of FIG. It is a flowchart which shows an example of the detailed process in the text extraction process of step S1301 of FIG. It is a flowchart which shows an example of the detailed process in the text extraction process of step S1301 of FIG. FIG. 9 is a sequence diagram showing an example of a handshake sequence, showing a control processing relationship when an initial connection is attempted from a client terminal device to an HTTPS web server. FIG. 17 is a sequence diagram showing an example of the inspection sequence, showing the control processing relationship of the input inspection of the web browser detected by the CPU of the client terminal device through the processing using the agent program after the handshake sequence shown in FIG. It is. It is a schematic diagram which shows an example of the test | inspection reference | standard rule used with the information processing system which concerns on embodiment of this invention. It is an image figure which shows an example of the setting screen for setting the inspection reference | standard rule shown in FIG. It is a schematic diagram which shows an example of the protocol of the control session using an agent program and a relay server program. It is a flowchart which shows an example of the non-encrypted communication inspection process using the relay server program in a relay server.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information processing system 100 Client terminal device 101 Agent program 102 Keylogger 103 Web browser 110 Relay server 111 Relay server program 120 Intranet 121 Connection session 122 Control session 130 Administrator terminal device 140 Wide area network 150 HTTPS web server 160 HTTP web server 201 CPU
202 RAM
203 ROM
204 HDD
205 Network I / F
206 Storage medium drive 207 Keyboard 208 Pointing device 209 Display unit 210 External device connection I / F
211 Bus

Claims (20)

An information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server. ,
The client terminal device
Storage means for storing rules in which conditions for performing encrypted communication with the encrypted communication server are defined;
Identifying means for identifying an application that performs encrypted communication with the encrypted communication server;
Extraction means for extracting data transmitted to the relay server via the application identified by the identification means, before the encrypted communication;
First determination means for determining whether the data extracted by the extraction means satisfies a condition of the rule; and
The relay server is
An information processing system comprising: a determination unit that determines whether to transmit the data to the encrypted communication server according to a determination result determined by the first determination unit.   Between the client terminal device and the relay server, a first session for performing the encrypted communication and a second session for performing control are provided independently of the first session. The information processing system according to claim 1, wherein:   The said client terminal device further has a transmission means which transmits the determination result determined by the said 1st determination means to the said relay server using the said 2nd session. Information processing system. The relay server holds the latest rule,
When the latest rule held by the relay server and the rule stored in the storage unit do not match, the client terminal device updates the rule stored in the storage unit based on the latest rule The information processing system according to any one of claims 1 to 3, further comprising updating means for performing the update. The rule has a plurality of conditions,
The first determination unit determines whether or not a part of a plurality of conditions defined in the rule is satisfied,
The relay server further includes second determination means for determining whether the data satisfies a condition other than the partial condition defined in the rule,
The determination unit determines whether to transmit the data to the encrypted communication server based on the determination result determined by the first determination unit and the determination result determined by the second determination unit. The information processing system according to claim 1, wherein the information processing system is determined.   The information according to any one of claims 1 to 5, wherein the extraction unit does not extract data related to confidential information with high confidentiality when extracting data transmitted to the relay server. Processing system. The client terminal device is further configured to be capable of non-encrypted communication with a non-encrypted communication server,
The relay server relays data transmitted from the client terminal device to the encrypted communication server or the non-encrypted communication server in accordance with a communication connection request from the client terminal device. The information processing system according to any one of 6. An information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server. ,
The client terminal device
Identifying means for identifying an application that performs encrypted communication with the encrypted communication server;
Extraction means for extracting data transmitted to the relay server via the application identified by the identification means before the encrypted communication;
The relay server is
Storage means for storing rules in which conditions for performing encrypted communication with the encrypted communication server are defined;
First determination means for determining whether the data extracted by the extraction means satisfies a condition of the rule;
An information processing system comprising: a determination unit that determines whether to transmit the data to the encrypted communication server according to a determination result determined by the first determination unit. The client in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A terminal device,
Storage means for storing rules in which conditions for performing encrypted communication with the encrypted communication server are defined;
Identifying means for identifying an application that performs encrypted communication with the encrypted communication server;
Extraction means for extracting data transmitted to the relay server via the application identified by the identification means, before the encrypted communication;
First determination means for determining whether the data extracted by the extraction means satisfies a condition of the rule;
A client terminal apparatus comprising: a transmission unit configured to transmit a determination result determined by the first determination unit to the relay server. The client in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A terminal device,
Identifying means for identifying an application that performs encrypted communication with the encrypted communication server;
Extraction means for extracting data transmitted to the relay server via the application identified by the identification means, before the encrypted communication;
A client terminal apparatus comprising: a transmission unit configured to transmit the data extracted by the extraction unit to the relay server. The relay in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A server,
It is a determination result made at the client terminal device, and is data before the encrypted communication, and is transmitted to the relay server via an application that performs the encrypted communication to the encrypted communication server A receiving means for receiving, from the client terminal device, a determination result as to whether or not the data satisfies a rule condition in which a condition for performing the encrypted communication with the encrypted communication server is satisfied;
A relay server comprising: a determining unit that determines whether to transmit the data to the encrypted communication server according to a determination result received by the receiving unit. The relay in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A server,
Storage means for storing rules in which conditions for performing encrypted communication with the encrypted communication server are defined;
The data extracted by the client terminal device and the data before performing the encrypted communication, and transmitted to the relay server via the application that performs the encrypted communication to the encrypted communication server Receiving means for receiving data from the client terminal device;
First determination means for determining whether data received by the reception means satisfies the conditions of the rule;
A relay server comprising: a determination unit that determines whether to transmit the data to the encrypted communication server according to a determination result determined by the first determination unit. The client in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A terminal device control method,
A storage step of storing in the storage means a rule in which conditions for performing encrypted communication with the encrypted communication server are established;
A specific step of identifying an application that performs encrypted communication with the encrypted communication server;
An extraction step of extracting data transmitted to the relay server via the application specified in the specifying step, the data before performing the encrypted communication;
A first determination step of determining whether or not the data extracted in the extraction step satisfies the rule condition;
And a transmission step of transmitting the determination result determined in the first determination step to the relay server. The client in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A terminal device control method,
A specific step of identifying an application that performs encrypted communication with the encrypted communication server;
An extraction step of extracting data transmitted to the relay server via the application specified in the specifying step, the data before performing the encrypted communication;
And a transmission step of transmitting the data extracted in the extraction step to the relay server. The relay in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A server control method,
It is a determination result made at the client terminal device, and is data before the encrypted communication, and is transmitted to the relay server via an application that performs the encrypted communication to the encrypted communication server A reception step of receiving, from the client terminal device, a determination result as to whether or not the data satisfies a rule condition in which a condition for performing the encrypted communication with the encrypted communication server is satisfied;
A determination step of determining whether or not to transmit the data to the encrypted communication server in accordance with the determination result received in the reception step. The relay in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A server control method,
A storage step of storing in the storage means a rule in which conditions for performing encrypted communication with the encrypted communication server are established;
The data extracted by the client terminal device and the data before performing the encrypted communication, and transmitted to the relay server via the application that performs the encrypted communication to the encrypted communication server Receiving data from the client terminal device; and
A first determination step of determining whether or not the data received in the reception step satisfies a condition of the rule;
A determination step of determining whether or not to transmit the data to the encrypted communication server according to the determination result determined in the first determination step. The client in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A program for causing a computer to execute a terminal device control method,
A storage step of storing in the storage means a rule in which conditions for performing encrypted communication with the encrypted communication server are established;
A specific step of identifying an application that performs encrypted communication with the encrypted communication server;
An extraction step of extracting data transmitted to the relay server via the application specified in the specifying step, the data before performing the encrypted communication;
A first determination step of determining whether or not the data extracted in the extraction step satisfies the rule condition;
A program for causing a computer to execute a transmission step of transmitting a determination result determined in the first determination step to the relay server. The client in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A program for causing a computer to execute a terminal device control method,
A specific step of identifying an application that performs encrypted communication with the encrypted communication server;
An extraction step of extracting data transmitted to the relay server via the application specified in the specifying step, the data before performing the encrypted communication;
A program for causing a computer to execute a transmission step of transmitting the data extracted in the extraction step to the relay server. The relay in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A program for causing a computer to execute a server control method,
It is a determination result made at the client terminal device, and is data before the encrypted communication, and is transmitted to the relay server via an application that performs the encrypted communication to the encrypted communication server A reception step of receiving, from the client terminal device, a determination result as to whether or not the data satisfies a rule condition in which a condition for performing the encrypted communication with the encrypted communication server is satisfied;
A program for causing a computer to execute a determination step of determining whether to transmit the data to the encrypted communication server according to the determination result received in the reception step. The relay in an information processing system comprising: a client terminal device configured to be able to perform encrypted communication with an encrypted communication server; and a relay server that relays encrypted communication between the client terminal device and the encrypted communication server A program for causing a computer to execute a server control method,
A storage step of storing in the storage means a rule in which conditions for performing encrypted communication with the encrypted communication server are established;
The data extracted by the client terminal device and the data before performing the encrypted communication, and transmitted to the relay server via the application that performs the encrypted communication to the encrypted communication server Receiving data from the client terminal device; and
A first determination step of determining whether or not the data received in the reception step satisfies a condition of the rule;
A program for causing a computer to execute a determination step of determining whether or not to transmit the data to the encrypted communication server according to the determination result determined in the first determination step.

Images