JP2010277487A - Information processor, information processing method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent information leakage by determining whether an extension of data is disguised in accordance with a transmission destination of the data. <P>SOLUTION: Transmission rule information associating transmission destination information specifying a transmission destination of a file and set information wherein it is set whether transmission of the file should be permitted or inhibited if an extension of the file is disguised for the transmission destination, with each other is stored, and it is determined whether or not a file format determined by data in the file and a file format determined by the extension of a file name of the file are equal to each other in response to a transmission request of the file output from a client device, and it is controlled whether the transmission of the file should be permitted or inhibited in accordance with transmission rule information corresponding to the transmission destination of the file when they are determined to be different. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an information processing apparatus, an information processing method, and a program, and more particularly to a data transmission control technique.

  A web mail service that enables browsing and transmission of electronic mail on a web server and a document management service that manages and shares document files are provided. Conventionally, these services have been performed by executing software on the user's computer. However, in recent years, the software is executed on the computer of the service provider on the computer network, and the user uses the service. More is being done. Until now, the use of such services has been mainly performed by general users, but in recent years, there have been an increasing number of cases where companies and the like use these services in business. These services are referred to as SaaS and are expected to be used in the future.

While these services are convenient, there is a risk that important information may be leaked to an external network when a company uses it as a business. In particular, since an increase in services for transmitting data files by HTTP communication is considered, control of data files transmitted by HTTP communication is important. In addition, there may be a situation in which important information is leaked by using a service other than that permitted for business use.

  In order to cope with the above problems, it is necessary to restrict HTTP access only to a specific website or to control transmission of a data file.

  As a technique for permitting access only to a specific website, for example, Patent Document 1 is disclosed. According to such a technique, it is possible to perform control such that HTTP access is permitted only to a specific site.

As a technique for determining the format of the data file, for example, Patent Document 2 is disclosed. According to such a technique, it is possible to analyze the characteristics of the data file and estimate the format of the data file from the result.
JP 2004-348202 A JP 2001-101049 A

  In order to control the data file transmitted by the HTTP request, it is necessary to determine the file format of the data file attached to the HTTP request.

Further, when checking whether a specific keyword is included in a data file, it is necessary to extract text information by a method suitable for the file format in advance, and it is necessary to determine the file format of the data file.

The file format of the data file attached to the HTTP request can be determined by Content-Type that is given to the HTTP request by an HTTP client such as a browser. However, since the HTTP client normally determines the Content-Type in association with the extension of the file, if the file has an incorrect extension or has been changed intentionally, the file from the Content-Type There is a problem that the format cannot be determined.

In addition, since Content-Type is provided by the HTTP client, there is a problem that it is not reliable in the first place. Therefore, in the control based on the Content-Type of the HTTP request, there is a problem that transmission of the data file by the HTTP request cannot be correctly controlled.

Therefore, for example, when operating a transmission control system in which only document data in a predetermined file format is permitted to be transmitted to a predetermined website in order to prevent information leakage, only control based on Content-Type is malicious. If a user changes the extension of a file name to an extension of a file format for which transmission is permitted, the file may be judged and transmitted as if the file is permitted to be transmitted. .
An object of the present invention is to provide a mechanism for preventing information leakage by determining whether a data extension is camouflaged according to a data transmission destination.

  The present invention is an information processing apparatus capable of communicating with a client device that outputs data and performing transmission control of the data, and includes transmission destination information that specifies a transmission destination of the file, and the file with respect to the transmission destination. Storage means for storing transmission rule information in association with setting information in which transmission or non-transmission of the file is permitted when there is a camouflaged extension of the file, and the file output from the client device An impersonation determination means for determining whether the file format determined from the data in the file is the same as the file format determined from the file name extension of the file, and the impersonation determination If it is determined that the file format is different, the transmission of the file is permitted according to the transmission rule information corresponding to the transmission destination of the file. And transmission control means for controlling or disabling, characterized in that it comprises a.

  The present invention is an information processing method in an information processing apparatus that is communicable with a client device that outputs data and performs transmission control of the data, wherein the storage unit specifies transmission destination information for specifying a transmission destination of a file, A storage step of storing transmission rule information in association with setting information in which transmission of the file is permitted or prohibited when the extension of the file is impersonated for the transmission destination; In response to the transmission request for the file output from the client device, the determination unit has the same file format determined from the data in the file and the file format determined from the file name extension of the file. If it is determined that the file format is different between the camouflage determination step and the transmission control means in the camouflage determination step, the file transmission process is performed. According to the transmission rule information corresponding to the first, characterized in that it comprises a transmission control step of controlling whether to permit or inhibit transmission of the file.

  The present invention is a program that can communicate with a client device that outputs data and that functions as an information processing device that performs transmission control of the data, and that includes transmission destination information for specifying a transmission destination of a file, and transmission destination information Storage means for storing transmission rule information in association with setting information set to allow or prohibit transmission of the file when there is a camouflaged extension of the file, and output from the client device An impersonation determining means for determining whether the file format determined from the data in the file and the file format determined from the file name extension of the file are the same in response to the file transmission request If the file format is determined to be different by the impersonation determination unit, the transmission rule information corresponding to the transmission destination of the file is followed. , Characterized in that to function as a transmission control means for controlling whether to permit or inhibit transmission of the file.

According to the present invention, it is possible to prevent information leakage by determining whether a data extension is camouflaged according to a data transmission destination.

It is a figure which shows the structure of the system which concerns on one Embodiment of this invention. It is a figure which shows the hardware constitutions of information processing apparatus. FIG. 3 is a diagram illustrating a functional configuration of the proxy server 101. FIG. 4 is a flowchart showing an example of the first control process in the present invention. FIG. 5 is a flowchart showing an example of the second control process in the present invention. FIG. 6 is a diagram illustrating an example of a restriction rule setting screen. FIG. 7 is a diagram illustrating an example of a detailed regulation rule setting screen. FIG. 8 is a diagram illustrating an example of a restriction rule movement screen. FIG. 9 is a diagram illustrating an example of the regulation rule table. FIG. 10 is a flowchart showing an example of the third control process in the present invention. FIG. 11 is a flowchart showing the detailed process of step S1002 of the third control process shown in FIG. FIG. 12 is a diagram illustrating an example of the URL DB 1002. FIG. 13 is a flowchart showing an example of the fourth control process in the present invention. FIG. 14 is a diagram illustrating an example of a correspondence table between file format identifiers and signatures. FIG. 15 is a flowchart showing an example of a fifth control process in the present invention. FIG. 16 is a flowchart showing an example of the sixth control process in the present invention. FIG. 17 is an example of a table showing a correspondence between a file format identifier 1701 representing a file format and an extension 1702 generally given to the file format.

Hereinafter, the present invention will be described in detail according to preferred embodiments with reference to the accompanying drawings.
FIG. 1 is a diagram illustrating a configuration example of a system according to the present embodiment.

As shown in FIG. 1, the system according to the present embodiment includes a proxy server 101, a URL DB 102, a restriction rule DB 103, client PCs 104-1 to 104-3 (hereinafter collectively referred to as “client PC 104”), a LAN (local area network). ) 105, a wide area network 106 (hereinafter referred to as a network), and web servers 107-1 to 107-3 (hereinafter collectively referred to as "web server 107"). Hereinafter, those constituting the system according to the present embodiment will be described.
The proxy server 101 is a device that functions as an information processing device of the present invention, and relays data communication between the client PC 104 and the web server 107.

  In addition, the proxy server 101 includes a URL DB 102 that collects URLs of websites for each specific category, and a restriction rule that is used for control such as permitting / rejecting HTTP requests from the client PC 104 to the web server 107. A rule DB 103 is provided.

  The proxy server 101 also has a web server function for providing a setting page for registering, modifying, etc. information set in the restriction rule DB 103. Note that the URL DB 102 and the regulation rule DB 103 may be provided in the proxy server 101 or may be mounted in another computer.

The URL DB 102 is a database that collects URLs of websites for each category, and is usually purchased from a URL DB creator. The URL DB 102 may be updated by an update program of the proxy server 101 or may be updated by other means.
The client PC 104 is a terminal device used by a user who uses a service provided by the web server 107.

  A LAN (Local Area Network) 105 connects the proxy server 101 and the client PC 104 to each other so that data communication is possible. The wide area network 106 indicates a wide area network such as the Internet.

The web server 107 represents a server that provides various services provided on the web server such as a web mail service and a document management service.
FIG. 2 is a block diagram illustrating a hardware configuration of the proxy server 101.

In FIG. 2, reference numeral 201 denotes a CPU that controls the proxy server 101 as a whole using programs and data stored in a RAM 202 and a ROM 203, and executes each process to be described later performed by the proxy server 101.

A RAM 202 temporarily stores programs and data loaded from the HDD (hard disk drive) 204 and the recording medium drive 206 and programs and data received from other devices via the network I / F (interface) 205. Various areas such as an area to be used and a work area used when the CPU 201 executes various processes can be provided as appropriate.

A ROM 203 stores setting data of the proxy server 101, a boot program, and the like.

Reference numeral 204 denotes an HDD, which stores an OS (Operating System) and programs and data for causing the CPU 201 to execute processes described later performed by the proxy server 101, and these are loaded into the RAM 202 as appropriate under the control of the CPU 201. The CPU 201 is a processing target.

Reference numeral 205 denotes a network I / F for connecting the proxy server 101 to the LAN 105 and the wide area network 106. The proxy server 101 is connected to the LAN 105 and the wide area network 106 via the network I / F 205. Perform data communication with the device.

Reference numeral 206 denotes a recording medium drive that reads programs and data recorded on a recording medium such as a CD-ROM, CD-R / RW, DVD-ROM, DVD-R / RW, and DVD-RAM, and outputs them to the RAM 202 and HDD 204. To do. A part of the data held by the HDD 204 may be stored in these recording media.

Reference numeral 207 denotes a keyboard, and 208 denotes a pointing device configured by a mouse, a joystick, or the like, and functions as an input unit that inputs various instructions to the CPU 201 when operated by an operator of the proxy server 101.
A display unit 209 includes a CRT, a liquid crystal screen, and the like, and displays a processing result by the CPU 201 as an image or a character.

An external device connection I / F 210 is a port for connecting peripheral devices to the proxy server 101. The proxy server 101 performs data communication with peripheral devices via the external device connection I / F 210. The external device connection I / F 210 is configured by USB, IEEE 1394, or the like, and usually has a plurality of external device connection I / Fs 210. The connection form with the peripheral device may be wired or wireless.

Reference numeral 211 denotes a bus that connects the above-described units 201 to 210.

The hardware configuration of the proxy server 101 will be described as having the configuration shown in FIG. 2, but is not necessarily limited to having the configuration shown in FIG. 2, and various processes described below performed by the proxy server 101 are executed. If possible, the configuration of the proxy server 101 may be changed as appropriate.

Also, the hardware configuration of the client PC 104 and the web server 107 is generally the same as that shown in FIG. 2 because a general computer is applied thereto.

  FIG. 3 is a diagram illustrating a functional configuration of the proxy server 101.

  As shown in FIG. 3, the proxy server 101 includes a restriction rule receiving unit 301, a restriction rule recording unit 302, a URL category determining unit 303, a detailed request information acquiring unit 304, a communication relay control unit 305, a communication permission / denial response. A transmission means 306 is provided.

  The restriction rule receiving unit 301 receives an input of a restriction rule for determining whether an HTTP request is permitted / not permitted. The restriction rule recording unit 302 registers the rule received by the restriction rule receiving unit 301 (details will be described later with reference to FIG. 9) in the restriction rule DB 103.

  The URL category determination unit 303 determines to which category the URL requested from the client PC 104 belongs based on information registered in the URL DB 102.

  The request detailed information acquisition unit 304 determines the file format of the data file from the signature of the data file attached to the HTTP request.

The communication relay control unit 305 checks the category information of the HTTP request acquired by the URL category determination unit 303 and the file format information acquired by the detailed information acquisition unit 304 of the request against the restriction rule recorded in the restriction rule DB 103, As a result, HTTP request permission / rejection control (transmission restriction control) is performed.

  The communication permission / denial response transmission unit 306 relays a response from the web server to the client PC 103 that has made the HTTP request permitted by the communication relay control unit 305, or the client PC that has made the HTTP request that is not permitted. Is notified that the HTTP request has been rejected.

  The HDD 204 of the proxy server 101 includes a restriction rule reception unit 301, a restriction rule recording unit 302, a URL category determination unit 303, a detailed request information acquisition unit 304, a communication relay control unit 305, and a communication permission / denial response transmission unit. As 306, a program for controlling the proxy server is recorded. The CPUs 201 of the proxy server 101 load these programs into the RAM 202 and execute them, so that the above-described units 301 to 306 are realized.

  Next, processing performed by the proxy server 101 will be described with reference to a flowchart.

  FIG. 4 is a flowchart showing an example of the first control process in the present invention, and corresponds to a flowchart showing an outline of the overall process performed by the proxy server 101. Note that the processing of this flowchart is realized by the CPU 201 of the proxy server 101 loading a program stored in the HDD 204 into the RAM 202 and executing it.

  First, the CPU 201 determines whether or not a restriction rule setting change request has been received from the user (step S401). If it is determined that a setting change request has been received (Yes in step S401), the CPU 201 performs a restriction rule setting process (step S402). Details of the process in step S402 will be described later with reference to FIG. Then, when the process of step S402 ends, the CPU 201 advances the process to step S403.

  In step S403, the CPU 201 determines the category from the URL requested by the client PC 104, acquires detailed information of the HTTP request, and checks the HTTP request control process based on the restriction rules set in step S402 based on the information. I do. Details of the process in step S403 will be described later with reference to FIG. Then, when the process of step S403 ends, the CPU 201 advances the process to step S404.

  In step S404, the CPU 201 determines whether an instruction to end the HTTP request control process has been received. If it is determined that an end instruction has not been received (No in step S404), the CPU 201 returns the process to step S401.

On the other hand, if it is determined that an instruction to end the HTTP request control process has been received (Yes in step S404), the CPU 201 ends the process of this flowchart as it is. That is, the CPU 201 repeats the above-described processing of S401 to S403 until receiving an instruction to end the HTTP request control processing (until it is determined Yes in step S404).
Hereinafter, with reference to FIG. 5, the regulation rule setting process shown in step S402 of FIG. 4 will be described in detail.

  FIG. 5 is a flowchart showing an example of the second control process in the present invention, and corresponds to the flowchart showing details of the restriction rule setting process shown in step S402 of FIG. That is, this process is performed by the CPU 201 of the proxy server 101. When this processing is performed, the CPU 201 loads a program for causing the proxy server 102 to function as the restriction rule receiving unit 301 and the web mail restriction rule recording unit 302 from the HDD 204 to the RAM 202, and based on the control of the program. The following processing is performed.

First, the CPU 201 of the proxy server 101 transmits display information for displaying a restriction rule setting screen 600 as shown in FIG. 6 to the client PC 104 that has transmitted the restriction rule setting request (step S501). In accordance with the display information, a restriction rule setting screen 600 is displayed on the display device of the client PC 104. Here, the regulation rule setting screen 600 will be described.

  FIG. 6 is a diagram illustrating an example of a restriction rule setting screen.

In FIG. 6, reference numeral 601 denotes a rule ID display field, which displays an ID that uniquely indicates a restriction rule. The restriction rules are applied in the order displayed on the restriction rule setting screen.
Reference numeral 602 denotes a rule name display field that displays a rule name set in the detailed rule.

  Reference numeral 603 denotes an operation display field, which displays whether to allow / disallow HTTP requests that match the rule.

  Each rule can be edited by pressing the edit button 604 in the row displaying the rule, and can be deleted by pressing the delete button 605. Further, by pressing the move button 606, a rule move screen is displayed, and the rule application order can be changed.

Further, when the add button 607 is pressed, a restriction rule can be added. The above is the description of the restriction rule setting screen shown in FIG.
Returning to the flowchart of FIG.

  In step S502, the CPU 201 determines whether a detailed setting request for a regulation rule has been received. This detailed setting request is issued when the add button 607 or the edit button 604 of the restriction rule setting screen 600 displayed on the display of the client PC is pressed.

When the add button 607 is pressed, a new detailed setting is performed, and when the edit button 604 is pressed, the already set detailed setting is changed.

  When it is determined that the detailed setting request for the regulation rule has been received (Yes in step S502), the CPU 201 displays the display information for displaying the detailed regulation rule setting screen (FIG. 7) as the detailed setting request for the regulation rule. Is transmitted to the client PC 104 that has transmitted (step S503). Hereinafter, the regulation rule detail setting screen 700 of FIG. 7 will be described.

In FIG. 7, reference numeral 701 denotes a rule ID display field, which is a rule ID (condition ID) display field that uniquely indicates a regulation rule. This ID may be automatically given or set based on an input instruction from the user input unit (duplication within the regulation rule is not allowed).
Reference numeral 702 denotes a restriction rule name input field that accepts an input of the name of the restriction rule.

  In the URL condition, it is possible to select whether a specific URL is specified (a URL radio button 703 is selected) or a category is specified (a category radio button 704 is selected). When the URL radio button 703 is selected, input to the URL input field 705 can be performed. When the category radio button 704 is selected, a category can be selected using the category selection select box 706. In this embodiment, the URL condition is set by either URL designation or category designation. However, it is of course possible to set both at the same time. If the URL of the HTTP request transmitted from the client PC matches these conditions, it is determined that the URL conditions match.

  Reference numeral 707 denotes a select box for selecting the file format of the attached data file, which selects the file format of the data file.

Reference numeral 708 denotes an attachment file size input field for inputting the size of the attachment file. Reference numeral 709 denotes a radio button for selecting whether the size of the attached file is larger than or smaller than the size specified in 708. If the size of the attached file is larger than the size designated in 708, if the rule should be matched, If the size is less than or equal to the size specified in 708, if you want to match the rule, specify:

  710 is a radio button for designating whether or not the file format of the attached file matches the attached extension. When the file format of the attached file and the attached extension match, it is desired to match the rule. If the file format and the assigned extension do not match, specify that they do not match if you want to match the rule.

Reference numeral 711 denotes a keyword condition input field for inputting a keyword condition that matches the data file attached to the HTTP request and the text information described in the other fields of the HTTP request. It is possible to input a plurality of keywords in the keyword input field, and the combination condition (AND condition: set with “&”, for example, OR condition: set with “|”, for example, combination priority setting: for example parentheses It is also possible to set “()”.

  When the above conditions are met (the URL condition, the attachment file condition, and the keyword condition are combined with an AND condition), the operation radio button 712 specifies whether to set the HTTP request to be permitted or not permitted. Setting for setting an area for inputting the URL condition, attachment file condition, and keyword condition combining method, inputting the combining condition in the area, and permitting / disallowing transmission when the combining condition is satisfied. Of course, you can use.

When the update button 713 is pressed, a request for registering the set detailed rule is made to the proxy server 101. If the cancel button 714 is pressed, the detailed setting process of the regulation rule is terminated without changing or adding the rule. The above is the description of the restriction rule detail setting screen 700 shown in FIG.
Returning to the flowchart of FIG.

  In step S504, the CPU 201 determines whether a restriction rule movement request has been accepted. This request is issued when the move button 606 of the restriction rule setting screen 600 displayed on the display of the client PC is pressed.

  If it is determined that a restriction rule movement request has been received (Yes in step S504), the CPU 201 transmits a restriction rule movement request as display information for displaying the restriction rule movement screen (FIG. 8). Is transmitted to the client PC 104 (step S505). Here, the regulation rule movement screen 800 will be described.

FIG. 8 is a diagram illustrating an example of the regulation rule movement screen 800. The priority of the restriction rules increases in the order displayed on the restriction rule setting screen 600. Application of restriction rules to HTTP requests is performed in descending order of priority, and when there is a restriction rule that matches the condition, an operation is performed when the condition expression indicated by the restriction rule is met. Therefore, the application of the regulation rule having a lower priority than the regulation rule that matches the condition is basically not performed. The restriction rule movement screen 800 is used to change the order of rules displayed on the restriction rule setting screen 600.
In FIG. 8, reference numeral 801 denotes a row number display field of a restriction rule to be moved, which represents which line the restriction rule is moved.

  Reference numeral 802 denotes an input field for inputting in which line the restriction rule is moved above or below the target restriction rule. Reference numeral 803 denotes a select box for selecting whether to move the target restriction rule above or below the line number restriction rule specified in 802, and to move the target restriction rule above the line number restriction rule specified in 802. Select up if you want to move down, or down if you want to move down.

When the move button 804 is pressed, the proxy server 101 is requested to move the restriction rule set above. If the cancel button 805 is pressed, the restriction rule moving process is terminated without moving the restriction rule. The above is the description of the regulation rule movement screen 800 shown in FIG.
Returning to the flowchart of FIG.

  In step S506, the CPU 201 determines whether or not the input information input via the restriction rule detail setting screen and the movement screen has been received. If it is determined that it has been received (Yes in step S506), the CPU 201 stores the received information in the restriction rule DB 103 (step S507). The received information is registered in the restriction rule table 900 of FIG. Here, the regulation rule table 900 will be described.

  FIG. 9 is a diagram illustrating an example of the regulation rule table 900. In this table, the regulation rule input via the regulation rule detailed setting screen 700 is registered. Also, the application order set on the restriction rule movement screen 800 is registered.

  In FIG. 9, reference numeral 901 denotes a rule ID, in which ID information for uniquely identifying the regulation rule is registered. Reference numeral 902 denotes the application order, in which the priority order of application of the regulation rules is registered. Reference numeral 903 denotes a rule name in which the rule name of the regulation rule is registered.

In 904, a URL is registered. In 905, a category is registered. In 906, the file format of the attached file is registered. In 907, the size of the attached file is registered. In 908, information on whether to match the rule when the size of the attached file is equal to or larger than the size registered in 907 is registered. In 909, a matching condition between the file format and the extension is registered. In 910, keyword conditions are registered. The setting of the transmission control (relay control) method of permitting / disallowing the transmission of the web mail that matches the conditional expression in 910 operation is registered. The above is the description of the regulation rule table 900 of FIG.
Returning to the flowchart of FIG.

  In step S508, the CPU 201 transmits a restriction rule setting screen 600 including the information stored in the restriction rule DB 103 in step S507 to the client PC 104, and the process returns to step S502.

  If it is determined in step S506 that the input information input via the restriction rule detail setting screen 700 and the restriction rule movement screen 800 has not been received (No in step S506), the CPU 201 Then, the process proceeds to step S509.

  In step S509, the CPU 201 determines whether or not an instruction to end the restriction rule setting process has been received. The restriction rule setting process end instruction is issued, for example, when an end button (not shown) in the restriction rule setting screen 600 is pressed or when a browser application end instruction is issued.

  If it is determined that an instruction to end the restriction rule setting process has not been received (No in step S509), the CPU 201 returns the process to step S502.

  On the other hand, if it is determined that an instruction to end the restriction rule setting process has been received (Yes in step S509), the CPU 201 ends the process of this flowchart as it is. That is, the CPU 201 repeats the above-described processing of S502 to S508 until receiving an instruction to end the regulation rule setting processing (until it is determined Yes in step S509). The above is an example of the regulation rule information setting process performed by the CPU 201 of the proxy server 101.

  Hereinafter, the HTTP request control process shown in step S403 of FIG. 4 will be described in detail with reference to FIG.

  FIG. 10 is a flowchart showing an example of the third control process in the present invention, and corresponds to the flowchart showing the details of the HTTP request control process shown in step S403 of FIG. That is, this process is performed by the CPU 201 of the proxy server. When this processing is performed, the CPU 201 causes the proxy server 101 to function as the URL category determination unit 303, the detailed request information acquisition unit 304, the communication relay control unit 305, and the communication permission / denial response transmission unit 306. The program is loaded from the HDD 204 to the RAM 202, and the following processing is performed based on the control of the program.

  The CPU 201 of the proxy server 101 constantly monitors packets flowing on the LAN 105 at all times. Then, an HTTP request is received from the client PC 104 to the web server 107 installed in the wide area network 106 (step S1001).

  The CPU 201 confirms whether the requested URL is registered in the URL DB 102 and determines a category (step S1002). Details of the URL category determination process will be described with reference to FIG.

  FIG. 11 is a flowchart showing an example of the third control process in the present invention, and corresponds to the flowchart showing the details of the URL category determination process shown in step S1002 of FIG. That is, this process is performed by the CPU 201 of the proxy server. When this process is performed, the CPU 201 loads a program for causing the proxy server 101 to function as the URL category determination unit 303 from the HDD 204 to the RAM 202, and performs the following process based on the control of the program. Become.

  In step S1101 of FIG. 11, the CPU 201 searches for a category to which the URL requested from the URL DB 102 belongs. Details of the URLDB will be described with reference to FIG.

  FIG. 12 is a diagram illustrating an example of the URL DB 1002. In FIG. 12, each URL 1203 is classified into a large category 1201 and a small category 1202 and stored.

  In step S1101 of FIG. 11, a search is performed as to which category the URL requested from the URL DB 1002 belongs.

Next, in step S1102, if there is no corresponding category as a result of searching in step S1101, the CPU 201 determines that there is no category (No in step S1102).

  On the other hand, if it is determined in step S1102 that there is a corresponding category (Yes in step S1102), the process proceeds to step S1103, category information for the HTTP request is set, and the subsequent processing is performed.

Hereinafter, the description returns to the flowchart of FIG.

  In step S1003 of FIG. 10, the CPU 201 acquires detailed information of the HTTP request. Details of the file format determination process will be described with reference to FIG.

  FIG. 13 is a flowchart showing an example of the fourth control process according to the present invention, and corresponds to the flowchart showing the details of the request detailed information acquisition process shown in step S1003 of FIG. That is, this process is performed by the CPU 201 of the proxy server. When this processing is performed, the CPU 201 loads a program for causing the proxy server 101 to function as the request detailed information acquisition unit 304 from the HDD 204 to the RAM 202, and performs the following processing based on the control of the program. It will be.

  In step S1301 of FIG. 13, it is determined whether a data file is attached to the HTTP request. If no data file is attached (No in step S1301), the process proceeds to step S1307.

  On the other hand, if it is determined in step S1301 that the data file is attached to the HTTP request (Yes in step S1301), the file format of the data file is determined from the signature at the beginning or end of the data file in step S1302. . For the determination of the file format of the data file, a correspondence table of file format identifiers and signatures as shown in FIG. 14 is used. This is stored in the storage area of the proxy server 101. If the attached file is compressed data, the data is decompressed, and the subsequent processing is performed using the decompressed data.

  As shown in FIG. 14, when the data file is PDF, the first 4 bytes are% PDF. Since the data file has a signature unique to each data file at the beginning and end of the data file in this way, the file format of the data file is determined in step S1302 using this information.

  In step S1303, the extension given to the data file is acquired.

  In step S1304, the size of the data file is acquired.

  Thereafter, it is determined in step S1305 whether the determined file format of the attached file is a format including text information. If the format is an image that does not include text information (No in step S1305), the process proceeds to step S1307.

  On the other hand, if the attached file has a format including text information (Yes in step S1305), the text information is acquired from the data file by a method suitable for the file format of the data file acquired in step S1302 (step S1306).

In step S1307, when text information is included in the HTTP request body other than the field of the attached file, the text information is acquired from these fields. The text information acquired in this process is used to determine whether or not the keyword condition is met in the regulation rule application process described below.
Hereinafter, the description returns to the flowchart of FIG.

In step 1004 of FIG. 10, the CPU 201 applies the restriction rule based on the URL category acquired in steps S1002 and S1003, information on the attached file, and the like. Details of the regulation rule application processing will be described later with reference to FIG.

  Next, in step S1005, the CPU 201 determines whether or not communication is permitted in the restriction rule application processing in step S1004. When it is determined that communication is not permitted in the application process of the regulation rule (No in step S1005), the CPU 201 transmits a rejection response to the client PC 104 that has transmitted the HTTP request (step S1006). The process of this flowchart is complete | finished.

On the other hand, if it is determined in step S1005 that communication is permitted in the restriction rule application process in step S1004 (Yes in step S1005), the CPU 201 advances the process to step S1007.
In step S1007, the CPU 201 relays the HTTP request permitted for transmission in step S1005 to the web server.

In step S1008, the CPU 201 stands by until a response from the web server is received. If it is determined that the response from the web server has been received, the CPU 201 advances the process to step S1009.

  In step S1009, the CPU 201 relays the web server response to the client PC 104 that has transmitted the HTTP request, and ends the processing of this flowchart.

  Hereinafter, with reference to FIG. 15, the application process of the regulation rule shown in step S1004 of FIG. 10 will be described in detail.

  FIG. 15 is a flowchart showing an example of the fifth control process in the present invention, and corresponds to the flowchart showing details of the restriction rule application process shown in step S1004 of FIG. That is, this process is performed by the CPU 201 of the proxy server. When this processing is performed, the CPU 201 loads a program for causing the proxy server 101 to function as the communication relay control unit 305 from the HDD 204 to the RAM 202, and performs the following processing based on the control of the program. Become.

  In step S1501 of FIG. 15, it is determined whether there is a restriction rule that has not yet been applied. If there is a restriction rule that has not yet been applied (Yes in step S1501), the CPU 201 acquires a restriction rule that has not yet been registered in the restriction rule table 900 in accordance with the application order 902 (step S1502).

  In step S1503, the CPU 201 determines whether the HTTP request URL or the category to which the URL belongs, the file format of the attached file, the extension, and the like match (match) the conditions of the restriction rule acquired in step S1502. . Further, in the process for determining whether or not the regulation rule matches, it is also checked whether the file format of the attached file matches the extension. Here, details of the process for determining whether the HTTP request matches the regulation rule will be described with reference to FIG.

FIG. 16 is a flowchart showing an example of the sixth control process in the present invention, and corresponds to the flowchart showing details of the process for determining whether the HTTP request matches the restriction rule shown in step S1503 of FIG. That is, this process is performed by the CPU 201 of the proxy server.

  In step S1601 of FIG. 16, it is determined whether or not the URL is registered in the URL 904 of the restriction rule acquired in step S1502 among the restriction rules 900. If the URL is not registered (No in step S1601), the CPU 201 advances the process to step S1603. On the other hand, if the URL is registered (Yes in step S1601), the CPU 201 advances the process to step S1602.

  In step S1602, it is determined whether the URL of the HTTP request matches the URL registered in the URL 904. If it is determined that they do not match (No in step S1602), it is determined that the restriction rule does not match the HTTP request, and the process ends (step S1614). On the other hand, if it is determined that they match (Yes in step S1602), the CPU 201 advances the process to step S1603.

  In step S1603, it is determined whether or not a category is registered in the URL 905 of the restriction rule acquired in step S1502 in the restriction rule 900. If the category is not registered (No in step S1603), the CPU 201 advances the process to step S1605. On the other hand, if the category is registered (Yes in step S1603), the CPU 201 advances the process to step S1604.

  In step S1604, it is determined whether the category acquired by the URL category determination unit 303 from the HTTP request matches the category registered in the category 905. If it is determined that they do not match (No in step S1604), it is determined that the restriction rule does not match the HTTP request, and the process ends (step S1614). Also, if the URL category determination unit 303 determines that there is no category, it is determined that the restriction rule does not match the HTTP request, and the process ends (step S1614). On the other hand, if it is determined that they match (Yes in step S1604), the CPU 201 advances the process to step S1605.

  In step S1605, it is determined whether the file format is registered in the file format 906 of the restriction rule acquired in step S1502 in the restriction rule 900. If the file format is not registered (No in step S1605), the CPU 201 advances the process to step S1607. On the other hand, if the file format is registered (Yes in step S1605), the CPU 201 advances the process to step S1606.

  In step S 1606, it is determined whether the file format acquired by the request detailed information acquisition unit 304 from the HTTP request matches the file format registered in the file format 906. If it is determined that they do not match (No in step S1606), it is determined that the restriction rule does not match the HTTP request, and the process ends (step S1614). If no data file is attached to the HTTP request, it is determined that the restriction rule does not match the HTTP request, and the process is terminated (step S1614). On the other hand, if it is determined that there is a match (Yes in step S1606), the CPU 201 advances the process to step S1607.

  In step S1607, it is determined whether the size 907 and the size condition 908 are registered in the restriction rule acquired in step S1502 in the restriction rule 900. If the size and the size condition are not registered (No in step S1607), the CPU 201 advances the process to step S1609. On the other hand, if the size and the size condition are registered (Yes in step S1607), the CPU 201 advances the process to step S1608.

  In step S 1608, it is determined whether or not the size of the data file acquired by the request detailed information acquisition unit 304 from the HTTP request matches the conditions registered in the size 907 and the size condition 908. If it is determined that they do not match (No in step S1608), it is determined that the restriction rule does not match the HTTP request, and the process ends (step S1614). If no data file is attached to the HTTP request, it is determined that the restriction rule does not match the HTTP request, and the process is terminated (step S1614). On the other hand, if it is determined that there is a match (Yes in step S1608), the CPU 201 advances the process to step S1609.

  In step S1609, it is determined whether or not a matching condition between the file format and the extension is registered in the restriction rule file format and extension 909 of the restriction rule 900 acquired in step S1502. If the matching condition between the file format and the extension is not registered (No in step S1609), the CPU 201 advances the process to step S1611. On the other hand, if the matching condition between the file format and the extension is registered (Yes in step S1609), the CPU 201 advances the process to step S1610.

  In step S1610, it is determined whether or not the file format and extension of the data file acquired by the detailed request acquisition unit 304 from the HTTP request match the conditions registered in the file format and extension 909. Here, processing for confirming whether the file format of the attached file matches the extension will be described with reference to FIG.

  FIG. 17 shows a correspondence between a file format identifier 1701 representing a file format and an extension 1702 generally assigned to the file format. The correspondence table illustrated in FIG. 17 is stored in the proxy server 101. Here, the file format identifier 1701 of FIG. 17 corresponds to the file format identifier 1401 of the data 1400 (FIG. 14) for determining the file format of the data file attached to the HTTP request. The extension correspondence data 1700 for the file format identifier may be incorporated in the restriction rule application processing program, or may be held in another format.

  In determining whether or not the file format of the attached file matches the attached extension, the file format of the attached file and the attached extension are compared with the correspondence data 1700 of the extension with respect to the file format identifier. , Judge whether they match or not. That is, an identifier corresponding to the file format of the attached file is searched from the file format identifier 1701, and an extension 1702 generally given to the file format is acquired. If the extension given to the attached file is in the acquired extension 1702, it is judged that the file format of the attached file matches the given extension, and if not, it is judged not to match.

Hereinafter, the description returns to the flowchart of FIG.

In step S1610, it is determined whether the file format and extension of the data file acquired from the HTTP request by the request detailed information acquisition unit 304 match the conditions registered in the file format and extension 909, and it is determined that they do not match. In such a case (No in step S1610), it is determined that the restriction rule does not match the HTTP request, and the process ends (step S1614). If no data file is attached to the HTTP request, it is determined that the restriction rule does not match the HTTP request, and the process is terminated (step S1614). On the other hand, if it is determined that there is a match (Yes in step S1610), the CPU 201 advances the process to step S1611.

  In step S1611, it is determined whether or not a keyword is registered in the restriction rule keyword 910 acquired in step S1502 in the restriction rule 900. If the keyword is not registered (No in step S1611), the CPU 201 advances the process to step S1613. On the other hand, when the keyword is registered (Yes in step S1611), the CPU 201 advances the process to step S1612.

  In step S <b> 1612, it is determined whether the text information acquired by the request detailed information acquisition unit 304 from the HTTP request matches the keyword registered in the keyword 910. If it is determined that they do not match (No in step S1612), it is determined that the restriction rule does not match the HTTP request, and the process ends (step S1614). If the HTTP request does not include text information, it is determined that there is no match, and the process ends (step S1614). On the other hand, if it is determined that there is a match (Yes in step S1612), the CPU 201 advances the process to step S1613.

In step S1613, it is determined that the HTTP request matches the regulation rule, and the process ends.
Returning to the flowchart of FIG.

When it is determined that the condition of the regulation rule is met (matched) (Yes in step S1503), the CPU 201 performs the control indicated as the operation of the regulation rule (permitted / denied) (step S1504), The process of this flowchart is complete | finished.
On the other hand, if it is determined that the conditions of the regulation rule do not match (match) (No in step S1503), the CPU 201 returns the process to step S1501.

  If it is determined in step S1501 that there is no restriction rule that has not yet been applied (No in step S1501), the CPU 201 sets a default (not conforming to all restriction rules) set in the restriction rule DB 103 in advance. Operation) (permitted / unpermitted) (step S1505), and the process of this flowchart ends. The above is the detailed description of the restriction rule application processing in step S1004 of FIG.

  As described above, according to the present invention, the file format of the data file attached to the HTTP request is determined regardless of the Content-Type assigned to the HTTP request, and the file format of the data file is suitable. Data file information can be acquired by the method, and transmission control of the data file can be performed. Further, even when the file format of the data file does not match the assigned extension, it is possible to perform control such that the HTTP request is permitted or not permitted.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

  Further, the IP address of the client PC may be set on the restriction rule detail setting screen 700. In this case, it is possible to perform control such that a restriction rule is applied to an HTTP request made by the client PC 104 having a specific IP address.

Or you may enable it to set a user and a user group in the regulation rule detailed setting screen 700. FIG. In this case, it is possible to perform control such that a restriction rule is applied to an HTTP request made by a specific user and user group.

  In addition, in the case of encrypted communication such as HTTPS, it is not possible to obtain detailed request information and apply a regulation rule. In that case, if it is encrypted communication, the request can be set not to be permitted. May be. Of course, when the detailed information of the encrypted request can be acquired by some means, the restriction rule may be applied to perform permission / denial control.

As described above, according to the present embodiment, it is possible to prevent information leakage by determining whether a data extension is camouflaged according to a data transmission destination.

Although one embodiment of the present invention has been described in detail above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, storage medium, or the like. You may apply to the system comprised from an apparatus, and may apply to the apparatus which consists of one apparatus.

Another object of the present invention is to supply a storage medium storing software program codes for realizing the functions of the above-described embodiments to a system or apparatus, and the computer (or CPU or MPU) of the system or apparatus stores the storage medium. Needless to say, this can also be achieved by reading and executing the program code stored in.

In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the program code itself and the storage medium storing the program code constitute the present invention.

As a storage medium for supplying the program code, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a CD-R, a magnetic tape, a nonvolatile memory card, a ROM, or the like can be used.

Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (basic system or operating system) running on the computer based on the instruction of the program code. Needless to say, a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

Further, after the program code read from the storage medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function is determined based on the instruction of the program code. It goes without saying that the CPU or the like provided in the expansion board or function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

DESCRIPTION OF SYMBOLS 101 Proxy server 102 URL database 103 Periodic rule database 104-1 Client PC 104-2 Client PC 104-3 Client PC 105 LAN 106 Wide area network 107-1 Web server 107-2 Web server 107-3 Web server

Claims (6)

An information processing apparatus capable of communicating with a client apparatus that outputs data and performing transmission control of the data,
Associating the destination information that identifies the destination of the file with the setting information that specifies whether to permit or prohibit the transmission of the file when the extension of the file is forged against the destination Storage means for storing the transmission rule information,
In response to a transmission request for the file output from the client device, it is determined whether the file format determined from the data in the file is the same as the file format determined from the file name extension of the file Impersonation determination means to perform,
When it is determined that the file format is different by the impersonation determination unit, according to the transmission rule information corresponding to the transmission destination of the file, a transmission control unit that controls whether to permit or prohibit transmission of the file;
An information processing apparatus comprising: The transmission rule information stored in the storage means further stores a file format permitted to be transmitted in correspondence with the transmission destination information,
In response to the file transmission request output from the client device, the file format determined from the data in the file is stored in the transmission rule information, and transmission is permitted corresponding to the transmission destination of the file. Permission format determination means for determining whether the file format is
Format transmission control means for controlling whether to permit or prohibit transmission of the file according to the determination result by the permission format determination means;
Further comprising
The information processing apparatus according to claim 1, wherein the format transmission control unit preferentially executes transmission control by the transmission control unit. The storage means further stores a priority order of applying the transmission rule information to a plurality of transmission rule information,
The information processing according to claim 1, wherein the transmission control unit controls whether to permit or prohibit the transmission of the file according to the transmission rule information applied in the order of the priorities. apparatus. The transmission destination information of the transmission rule information stored in the storage means includes a category indicating the field of the transmission destination,
Category storage means for storing category information including a file destination and a category indicating the field of the destination;
Category determination means for determining a category corresponding to the transmission destination from the transmission destination of the file according to the category information stored in the category storage means;
Further comprising
The format transmission control means uses the transmission rule information to determine a file format that permits transmission according to the category determined by the category determination means;
The information processing apparatus according to claim 1, further comprising: An information processing method in an information processing apparatus capable of communicating with a client device that outputs data and performing transmission control of the data,
Setting information in which the storage means sets transmission destination information for specifying the transmission destination of the file and whether to permit or prohibit transmission of the file when the transmission destination has the extension of the file extension. A storage step of storing transmission rule information in association with
For the file transmission request output from the client device, the file format determined from the data in the file is the same as the file format determined from the file name extension of the file. A camouflage determination step for determining whether or not
Transmission control for controlling whether transmission of the file is permitted or prohibited according to the transmission rule information corresponding to the transmission destination of the file when the transmission control means determines that the file format is different in the impersonation determination step Process,
An information processing method comprising: A program that can communicate with a client device that outputs data and that functions as an information processing device that performs transmission control of the data,
Associating the destination information that identifies the destination of the file with the setting information that specifies whether to permit or prohibit the transmission of the file when the extension of the file is forged against the destination Storage means for storing the transmission rule information,
In response to a transmission request for the file output from the client device, it is determined whether the file format determined from the data in the file is the same as the file format determined from the file name extension of the file Impersonation determination means to perform,
When it is determined that the file format is different by the impersonation determination unit, it functions as a transmission control unit that controls whether transmission of the file is permitted or prohibited according to the transmission rule information corresponding to the transmission destination of the file A program characterized by

Images