JP2010068427A - Information control system, information control method, and, information relay apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce the risk of information leakage while suppressing reduction in convenience of access with respect to access from a destination of movement. <P>SOLUTION: A policy determining section 33 uses, as a search key, a utilization environment that is a combination of acquired user information and application position information to retrieve a policy DB 33b, acquires a corresponding policy and stores the acquired policy in a policy storage section 23. When a packet to be transferred to an outside network 12 is received, a policy application section 24 specifies access contents from the packet, determines whether the specified access contents are adapted to the policy stored in the policy storage section 23, and performs communication control to transfer a packet adapted to the policy and not to transfer a packet that is not adapted to the policy. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an information control system, an information control method, and a mobile relay device.

Conventionally, it has been generally performed to restrict access to an in-house intranet via the Internet from outside (business trip destination, etc.) using a VPN (Virtual Private Network) (for example, see Patent Document 1). reference).
JP 2006-197255 A

  However, communication via the Internet may cause unauthorized access from an unspecified number of other users, and it is necessary to take security measures.

  On the other hand, as a security measure, if the terminal is not allowed to be taken out of the office or access to the office from the outside is uniformly prohibited, the risk of unauthorized access is reduced, but the function itself cannot be used. Convenience is reduced and business efficiency at business trips is affected.

  In view of the above, the main object of the present invention is to solve the above-mentioned problems and to reduce the risk of information leakage while suppressing a decrease in the convenience of access for access from a destination.

In order to solve the above problems, the present invention is an information control system in which a mobile relay device that is carried by a user and a control device that exists in the company are connected via an outside network,
The mobile relay device includes an environment identification information collection unit, an environment authentication request unit, a policy storage unit, and a policy application unit,
The control device includes a usage environment authentication unit and a policy determination unit, and is connected to a usage location DB, a user DB, and a policy DB.
In the use position DB, use position specifying information for specifying the position of the mobile relay device and use position information indicating the position of the mobile relay device are stored in association with each other.
In the user DB, user specifying information for specifying a user of the mobile relay device and user information indicating a user of the mobile relay device are stored in association with each other,
In the policy DB, a usage environment that is a combination of the user information and the usage location information is stored in association with a policy indicating the content of communication control of the mobile relay device,
The environment specifying information collection unit uses the use position specifying information for specifying the position of the mobile relay device and the user specifying information for specifying a user of the mobile relay device as environment specifying information. Collect and
The environment authentication request unit requests the use environment authentication unit to authenticate the collected environment identification information,
The usage environment authentication unit searches the user DB using the requested user identification information as a search key based on the requested environment identification information, and acquires the corresponding user information, Search the usage location DB using the requested usage location specifying information as a search key, and obtain the corresponding usage location information;
The policy determination unit searches the policy DB using the usage environment that is a combination of the acquired user information and the usage location information as a search key, acquires a corresponding policy, and acquires the acquired policy as the policy. Stored in the storage unit,
When the policy application unit receives the packet to be transferred to the outside network, the access content is specified from the packet, and it is determined whether or not the specified access content is compatible with the policy stored in the policy storage unit. The communication control is performed so that the packet conforming to the policy is transferred and the packet not conforming to the policy is not transferred.
Other means will be described later.

  ADVANTAGE OF THE INVENTION According to this invention, it became possible to reduce the risk of information leak, suppressing the fall of the convenience of access about the access from a movement destination.

FIG. 1 is a configuration diagram illustrating an information control system. The information control system 100 is configured by connecting a mobile terminal 1, a mobile relay device 2, a control device 3, and a connection partner device 4 via a network.
The mobile network 11 is a communication network that connects the mobile terminal 1 and the mobile relay device 2, and is configured as a radio LAN (Local Area Network) radio wave reachable range transmitted from the mobile relay device 2, for example.
The outer network 12 is a communication network that connects the mobile network 11 and the inner network 13, and is configured, for example, as the Internet managed by a provider.
The inner network 13 is a communication network provided in a specific range such as in-house, and is configured as, for example, a corporate LAN.
In addition, the network connection form of the mobile network 11, the outer network 12, and the inner network 13 is not limited to the above-described example, and may be wired or wireless.

For example, the user carries the mobile terminal 1 and the mobile relay device 2 and moves to a business trip destination.
The mobile terminal 1 is a movable network edge device and is used for communication with the connection partner apparatus 4.
The mobile relay device 2 is a movable ICRM (Information and Communications Rights Management) device that connects the mobile terminal 1 and the outside network 12. The mobile relay device 2 is configured, for example, as a network edge device, a portable wireless access point, a portable wired switch, or a portable gateway. The mobile relay device 2 controls communication to determine whether or not to transfer a packet transmitted from the mobile terminal 1 to the outside network 12 in order to prevent information leakage. Furthermore, the mobile relay device 2 collects the usage position of the mobile relay device 2 and the user's environment specifying information in order to specify the content of communication control.
The mobile terminal 1 and the mobile relay device 2 may be configured as separate casings or may be configured as the same casing. In the case of the same housing, for example, as a mobile phone terminal, a portable information terminal (smart phone, PDA (Personal Digital Assistant), mobile PC, etc.), IP phone, car navigation system, portable printer, portable scanner, portable network shredder Composed. And in order to make two units into the same housing | casing, the mobile relay apparatus 2 is comprised as a module for the mobile terminal 1 to be incorporated or connected (USB connection etc.).

In the office, a control device 3 and a connection partner device 4 (SIP (Session Initiation Protocol) server 4a, RTP (Real-time Transport Protocol) terminal 4b, etc.) are arranged.
The control device 3 is a device for relaying communication between the outer network 12 and the inner network 13. Further, the control device 3 determines the content of communication control of the mobile relay device 2, and a use position DB (Data Base) 32 a for specifying the location of the mobile relay device 2 and the user (use of the mobile relay device 2) A user DB 32b for specifying a user) and a policy DB 33b for defining a policy specified by the position of the mobile relay device 2 and the user are connected to each other.
Examples of the connection partner device 4 include an SIP server 4a that processes SIP messages and an RTP terminal 4b that processes RTP messages. As another example of the connection partner apparatus 4, an apparatus that processes various messages such as a mail server that processes an SMTP (Simple Mail Transfer Protocol) message may be applied.

  FIG. 2 is a configuration diagram showing the mobile relay device 2 and the control device 3.

The mobile relay device 2 includes a central control unit 29a configured by a CPU (Central Processing Unit), a memory 29b serving as a storage unit used when performing arithmetic processing, and an outer network I / for connection to the outer network 12. A computer having an F (Interface) unit 28a, a mobile network I / F unit 28b for connecting to the mobile network 11, and an input I / F unit 28c for inputting (collecting) environment specifying information Is done.
The operating system 25 is activated on the memory 29b in order to operate each processing unit in the memory 29b in FIG. 3 (left side).

The control device 3 includes a central control unit 39a constituted by a CPU, a memory 39b as a storage unit used when performing arithmetic processing, an outer network I / F unit 38b for connecting to the outer network 12, an inner side A computer having an inner network I / F unit 38 a for connecting to the network 13 is configured.
The operating system 34 is activated on the memory 39b in order to operate each processing unit in the memory 39b in FIG. 3 (right side).

FIG. 3 is a functional configuration diagram showing the mobile relay device 2 and the control device 3. Each processing unit in FIG. 3 is realized by an arithmetic processing unit configured by a CPU (Central Processing Unit) executing a program on a memory.
The memory 29b of the mobile relay device 2 includes an environment identification information collection unit 21 (use location identification information collection unit 21a, user identification information collection unit 21b), an environment authentication request unit 22, a policy storage unit 23, and a policy application A program that causes the CPU to function as the unit 24 (SIP / SDP (Session Description Protocol) processing unit 24a, RTP processing unit 24b, SMTP processing unit 24c, network control unit 24d) is stored.
The memory 39b of the control device 3 stores a use environment authentication unit 31 (use location authentication unit 31a, user authentication unit 31b) and a program that causes the CPU to function as the policy determination unit 33.

  The environment identification information collecting unit 21 collects environment identification information (a combination of use position identification information and user identification information) of the device itself. Specifically, the use position specifying information collecting unit 21a collects use position specifying information, and the user specifying information collecting unit 21b collects user specifying information.

The environment authentication requesting unit 22 transmits the environment specifying information collected by the environment specifying information collecting unit 21 to the control device 3 and requests authentication of the use environment.
The use environment authentication unit 31 requests the use position authentication unit 31a to authenticate the use position information using the use position specifying information transmitted from the environment authentication request unit 22 as an authentication key. The usage location authentication unit 31a searches the usage location DB 32a according to the request to identify the usage location information from the usage location specifying information, and responds with the specified usage location information as an authentication result.
The use environment authentication unit 31 requests the user authentication unit 31b to authenticate user information using the user identification information transmitted from the environment authentication request unit 22 as an authentication key. The user authenticating unit 31b searches the user DB 32b according to the request to identify user information from the user identifying information, and responds with the identified user information as an authentication result.

  The policy determination unit 33 specifies a policy from the usage environment by searching the policy DB 33b using the authenticated usage environment (combination of usage location information and user information) as a search key. It responds to the mobile relay device 2. The policy storage unit 23 stores the policy specified by the policy determination unit 33 in association with the usage environment.

The policy application unit 24 controls communication according to the policy stored in the policy storage unit 23 as to whether or not to transfer the communication packet of the mobile terminal 1. Since various types of protocols are used for the communication packet of the mobile terminal 1, processing units (SIP / SDP processing unit 24a, RTP processing unit 24b, SMTP for analyzing the packet structure for each protocol) A processing unit 24c and a network control unit 24d) are provided.
Here, the network control unit 24d interprets packet headers such as TCP / IP and UDP / IP.

Table 1 shows an example of the usage position DB 32a. The use position DB 32a is configured by associating use position specifying information with use position information.
For example, the use position information “in-house (room)” can be specified from the use position specifying information “latitude XX longitude ΔΔ” in the first row. For the measurement of latitude and longitude, a GPS device built in or circumscribed in the mobile relay device 2 is used. The use position specifying information on the second line indicates an address input as a character string via an input means such as a keyboard.

Table 2 shows an example of the user DB 32b. The user DB 32b is configured by associating user specifying information with user information.
For example, the user information “Mr. A (officer)” can be specified from the user specifying information “employee number = 001” on the first line. The second and third lines show user personal information (biometric authentication data) such as fingerprint information and iris information as an example of user specifying information. In addition to the user's personal information, any information for identifying an individual such as vein information can be used.

Table 3 shows an example of the policy DB 33b. The policy DB 33b is configured by associating a usage environment (a set of usage position information in Table 1 and user information in Table 2) with a policy (confidentiality, usage AP, usage media).
The “confidentiality” of the policy indicates the importance of the file to which access is permitted. As shown in FIG. 5, the notation “S / SS” indicates that access is permitted to files with importance S (secret) and files with importance SS (secret). “Confidential” means that the information access range is limited within the company.
The policy “Usage AP (Application)” indicates an application whose use is permitted.
The policy “used media” indicates the type (media) of a file permitted to be used (see the media type in FIG. 5).

For example, in the first row of Table 3, the usage environment “officer & company (living room)” and policy “confidentiality (S / SS / SSS), usage AP (email, telephone), usage media (text, voice) , Image, video) ”. In the policy in the first line, when an officer exists in the company (room), the officer can access the file of importance S, the file of importance SS, and the file of importance SSS. . The officer can then use email and phone applications. Further, the officer can use a text file, an audio file, an image file, and a video file.
Further, by disabling video transmission (RTP / SMTP) in the temporary staff, the temporary staff can disable transmission of the video shot in the company.

  The policy description example described above is merely an example, and other information (owner, distributor, etc.) that regulates usage restrictions may be defined as a policy.

FIG. 4 is an explanatory diagram showing data contents of the use position DB 32a and the user DB 32b.
As values that can be taken by the use position information (right side of Table 1) of the use position DB 32a, values shown in FIG. 4 are exemplified. For example, an example of “outside (other than home)” in Table 3 is outside (public organization).
As values that can be taken by the user information (right side of Table 2) of the user DB 32b, values shown in FIG. 4 are exemplified.

  FIG. 5 is an explanatory diagram showing data contents of the policy DB 33b (policy). As values that can be taken by the policy (right side of Table 3) of the policy DB 33b, values as shown in FIG. 5 are exemplified.

  FIG. 6 is a flowchart showing processing of the information control system.

  First, in S11 to S16, the procedure for setting the policy applied at the destination in the mobile relay device 2 (policy DB 33b in Table 3) as the mobile network 11 (mobile terminal 1, mobile relay device 2) moves is as follows. explain.

In S11, the mobile relay device 2 (environment specifying information collection unit 21) collects environment specifying information. Specifically, the use position specifying information collecting unit 21a collects use position specifying information, and the user specifying information collecting unit 21b collects user specifying information.
In S12, the mobile relay device 2 (environment authentication request unit 22) transmits the environment specifying information collected in S11 to the control device 3 and requests authentication of the usage environment.
In S13, the use environment authentication unit 31 requests the use location authentication unit 31a to authenticate the use location information using the use location specifying information transmitted in S12 as an authentication key. The usage location authentication unit 31a searches the usage location DB 32a according to the request to identify the usage location information from the usage location specifying information, and responds to the usage environment authentication unit 31 with the specified usage location information as an authentication result.
In S14, the use environment authentication unit 31 requests the user authentication unit 31b to authenticate the user information using the user identification information transmitted in S12 as an authentication key. The user authentication unit 31b searches the user DB 32b in accordance with the request to identify user information from the user identification information, and responds to the utilization environment authentication unit 31 with the identified user information as an authentication result.

In S15, the usage environment authentication unit 31 requests the policy determination unit 33 to specify a policy corresponding to the usage environment, using the set of authentication results in S13 and S14 as the usage environment. The policy determination unit 33 specifies the policy from the usage environment by searching the policy DB 33b according to the request, and returns the specified policy to the mobile relay device 2.
In S16, the mobile relay device 2 reflects the policy received in S15 in its own policy storage unit 23. Hereinafter, the mobile relay device 2 (policy application unit 24) transmits only packets permitted by the policy reflected in the policy storage unit 23 to the outer network 12. This policy setting is retained while the session is maintained.

Next, SIP session establishment processing between the mobile terminal 1 and the SIP server 4a in S21 to S25 will be described. Here, whether to establish a session is determined according to the policy set in S16.
In S21, the mobile terminal 1 transmits a session setting request (INVITE) in SIP with the SIP server 4a as a communication partner to the mobile relay device 2 via the mobile network I / F unit 28b. This INVITE message is a message for establishing a session between the mobile terminal 1 and the SIP server 4a, and an SDP tag describing the content of the session to be established is included in the INVITE message. Details of SDP are described in, for example, RFC (Request for Comments) 2327.
In S22, the mobile relay device 2 (policy application unit 24) analyzes the INVITE message received in S21 by the SIP / SDP processing unit 24a, and determines whether or not it conforms to the policy reflected in the policy storage unit 23. To do. If it does not conform to the policy, the process proceeds to S23, and if it conforms to the policy, the process proceeds to S24.

For example, the following SDP tag is determined as conforming to the policy by the policy DB 33b in Table 3. Note that o (owner / creator and session identifier) indicates the connection source, and c (connection
information) indicates a connection destination, and m (media name) indicates a video medium.
-Session description o (owner / creator and session identifier) = officer (user name) indicates the officer-Session description c (connection information) = HOME (network type) is outside (home) usage location・ Media description m (media name) = video (media type) indicates the media used for video.

On the other hand, the following SDP tag is determined not to conform to the policy by the policy DB 33b of Table 3.
-Session description o (owner / creator and session identifier) = staff (user name) indicates a general employee-Session description c (connection information) = OUT (network type) is outside (other than home) Indicates the use location ・ Media description m (media name) = video (media type) indicates the media used for the video.

In S23, the mobile relay device 2 (SIP / SDP processing unit 24a) returns a predetermined error message (an error of 4xx number in the case of SIP) to the mobile terminal 1 that has transmitted the INVITE message in S21. .
In S24, the mobile relay device 2 (SIP / SDP processing unit 24a) transfers the INVITE message of S21 to the SIP server 4a of the communication partner.
In S25, the SIP server 4a returns an OK message for the INVITE message received in S24 to the mobile terminal 1 via the mobile relay device 2. As a result, a SIP session is set between the mobile terminal 1 and the SIP server 4a.

  Furthermore, in S31 to S34, media transmission (RTP) processing between the mobile terminal 1 and the RTP terminal 4b will be described. This media transmission uses the session established in S25.

In S31, the mobile terminal 1 transmits an RTP message to the RTP terminal 4b.
In S32, the mobile relay device 2 (policy application unit 24) analyzes the RTP message by the RTP processing unit 24b, and then determines whether or not the RTP message in S31 can be transferred, as in S22. If it does not conform to the policy, the process proceeds to S33, and if it conforms to the policy, the process proceeds to S34.
In S22, the SDP tag is referenced, but in S32, the RTP message does not include the SDP tag. Therefore, in S32, the port number of the IP header for communicating the RTP message is referred to instead of the SDP tag, and the correspondence table between the port number and the port number and media type defined in advance is referred to. Specify the media type to communicate with in a message.
In S33, the mobile relay device 2 (RTP processing unit 24b) returns a predetermined error message to the mobile terminal 1 that has transmitted the RTP message in S31.
In S34, the mobile relay device 2 (RTP processing unit 24b) transfers the RTP message in S31 to the communication partner RTP terminal 4b.

  In the present embodiment described above, a combination of a user and a use position is used as a use environment for specifying a policy. However, this combination is merely an example, and other information related to use is used as the use environment. It may be defined. For example, as a use condition, a predetermined policy may be applied when a predetermined user uses it at a predetermined time, or when a predetermined user uses at a predetermined position at a predetermined time. A predetermined policy may be applied.

  Then, by defining a policy corresponding to the relationship between the user of the mobile relay device 2 and the usage position, detailed information transmission restriction can be performed. This reduces the risk of information leakage by strictly restricting access from usage locations where the risk of information leakage is high, as well as user convenience by widely allowing access from usage locations where the risk of information leakage is low Can be improved.

  Furthermore, a communication control mechanism is provided in the mobile relay device 2 instead of providing a communication control mechanism for each application operated by the mobile terminal 1 or the connection partner device 4. As a result, communication control can be performed without changing the mobile terminal 1 and the connection partner apparatus 4 that have been used conventionally, so that low-cost and early introduction is possible.

In this embodiment, in order to specify a policy, not only the information of the user but also the information of the use condition is combined, and there is an effect superior to the following comparative example.
As a comparative example, access from outside the company is restricted by applications (e-mail, file access, etc.) that can be used by the access class (L1 / L2) set for each user in advance and sites (Internet, intranet) that can be browsed. Here are some examples.
In this comparative example, the accessible service cannot be controlled by the user's location (home, business trip destination, etc.) and user attribute (executive or general employee, etc.), depending on the usage environment , I had to change the access right settings each time.
In addition, when a voice service such as VoIP (Voice over Internet Protocol) or an access service such as a wireless LAN is performed in the same manner as in the comparative example, cooperation with a VoIP or wireless LAN system is required for each application, which cannot be easily realized. It was.

It is a block diagram which shows the information control system regarding one Embodiment of this invention. It is a block diagram which shows the mobile relay apparatus 2 and the control apparatus 3 regarding one Embodiment of this invention. It is a functional block diagram which shows the mobile relay apparatus 2 and the control apparatus 3 regarding one Embodiment of this invention. It is explanatory drawing which shows the data content of utilization position DB32a regarding one Embodiment of this invention, and user DB32b. It is explanatory drawing which shows the data content of policy DB33b regarding one Embodiment of this invention. It is a flowchart which shows the process of the information control system regarding one Embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Mobile terminal 2 Mobile relay apparatus 3 Control apparatus 4 Connection partner apparatus 4a SIP server 4b RTP terminal 11 Mobile network 12 Outer network 13 Inner network 21 Environment specific information collection part 21a Usage position specific information collection part 21b User specific information collection part 22 Environment authentication request unit 23 Policy storage unit 24 Policy application unit 24a SIP / SDP processing unit 24b RTP processing unit 24c SMTP processing unit 24d Network control unit 25 Operating system 28a Outer network I / F unit 28b Mobile network I / F unit 28c For input I / F unit 29a Central control unit 29b Memory 31 Usage environment authentication unit 31a Usage location authentication unit 32a Usage location DB
31b User authentication part 32b User DB
33 Policy judgment unit 33b Policy DB
34 Operating System 38a Inner Network I / F Unit 38b Outer Network I / F Unit 39a Central Control Unit 39b Memory 100 Information Control System

Claims (7)

An information control system in which a mobile relay device portable to a user and a control device existing in the company are connected via an outside network,
The mobile relay device includes an environment identification information collection unit, an environment authentication request unit, a policy storage unit, and a policy application unit,
The control device includes a usage environment authentication unit and a policy determination unit, and is connected to a usage location DB, a user DB, and a policy DB.
In the use position DB, use position specifying information for specifying the position of the mobile relay device and use position information indicating the position of the mobile relay device are stored in association with each other.
In the user DB, user specifying information for specifying a user of the mobile relay device and user information indicating a user of the mobile relay device are stored in association with each other,
In the policy DB, a usage environment that is a combination of the user information and the usage location information is stored in association with a policy indicating the content of communication control of the mobile relay device,
The environment specifying information collecting unit uses the use position specifying information for specifying the position of the mobile relay device and the user specifying information for specifying a user of the mobile relay device as environment specifying information. Collect and
The environment authentication request unit requests the use environment authentication unit to authenticate the collected environment identification information,
The usage environment authentication unit searches the user DB using the requested user identification information as a search key based on the requested environment identification information, and acquires the corresponding user information, Search the usage location DB using the requested usage location specifying information as a search key, and obtain the corresponding usage location information;
The policy determination unit searches the policy DB using the usage environment that is a combination of the acquired user information and the usage location information as a search key, acquires a corresponding policy, and acquires the acquired policy as the policy. Stored in the storage unit,
When the policy application unit receives a packet to be transferred to the outside network, the policy application unit specifies the access content from the packet, and determines whether or not the specified access content matches the policy stored in the policy storage unit. An information control system characterized in that communication control is performed so that packets conforming to the policy are transferred and packets not conforming to the policy are not transferred. The information control system according to claim 1, wherein the environment specifying information collection unit collects latitude and longitude information acquired from a GPS device as the use position specifying information. The information control system according to claim 1, wherein the environment specifying information collection unit collects biometric information acquired by biometric authentication of the user as the user specifying information. The policy application unit, when a packet to be transferred to the outside network is a session connection request, acquires an access content for comparison with a policy from a tag indicating the content of the session. The information control system according to any one of claims 3 to 4. 2. The policy application unit, when a packet transferred to the outside network is media transfer data, acquires an access content for comparison with a policy from a port number of an IP header of the packet. The information control system according to any one of claims 3 to 4. An information control method by an information control system in which a mobile relay device carried by a user and a control device existing in the company are connected via an outside network,
The mobile relay device includes an environment identification information collection unit, an environment authentication request unit, a policy storage unit, and a policy application unit,
The control device includes a usage environment authentication unit and a policy determination unit, and is connected to a usage location DB, a user DB, and a policy DB.
In the use position DB, use position specifying information for specifying the position of the mobile relay device and use position information indicating the position of the mobile relay device are stored in association with each other.
In the user DB, user specifying information for specifying a user of the mobile relay device and user information indicating a user of the mobile relay device are stored in association with each other,
In the policy DB, a usage environment that is a combination of the user information and the usage location information is stored in association with a policy indicating the content of communication control of the mobile relay device,
The environment specifying information collecting unit uses the use position specifying information for specifying the position of the mobile relay device and the user specifying information for specifying a user of the mobile relay device as environment specifying information. Collect and
The environment authentication request unit requests the use environment authentication unit to authenticate the collected environment identification information,
The usage environment authentication unit searches the user DB using the requested user identification information as a search key based on the requested environment identification information, and acquires the corresponding user information, Search the usage location DB using the requested usage location specifying information as a search key, and obtain the corresponding usage location information;
The policy determination unit searches the policy DB using the usage environment that is a combination of the acquired user information and the usage location information as a search key, acquires a corresponding policy, and acquires the acquired policy as the policy. Stored in the storage unit,
When the policy application unit receives a packet to be transferred to the outside network, the policy application unit specifies the access content from the packet, and determines whether or not the specified access content matches the policy stored in the policy storage unit. And a communication control for transferring a packet conforming to the policy and not transferring a packet not conforming to the policy. A mobile relay device used as a module in a mobile terminal that is used in an information control system in which a control device existing in the company is connected to an outside network,
The mobile relay device includes an environment identification information collection unit, an environment authentication request unit, a policy storage unit, and a policy application unit,
The environment specifying information collecting unit uses the use position specifying information for specifying the position of the mobile relay device and the user specifying information for specifying a user of the mobile relay device as environment specifying information. Collect and
The environment authentication request unit requests the control device to specify a policy specified from the collected environment specifying information, is associated with the transmitted environment specifying information, and is acquired as a response to the request from the control device. Stored policy in the policy storage unit,
When the policy application unit receives a packet to be transferred to the outside network, the policy application unit specifies the access content from the packet, and determines whether or not the specified access content matches the policy stored in the policy storage unit. The mobile relay device is characterized in that a packet conforming to the policy is forwarded and communication is controlled so that a packet not conforming to the policy is not forwarded.

Images