JP2013250701A - File transfer gateway system and file transfer method and file transfer approval determination method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a file transfer gateway system for efficiently achieving file transfer between segments in an environment in which applications are different by determining the approval necessity of file transfer in a system-like manner.SOLUTION: The file transfer gateway system includes: a data storage part including transfer source LAN and transfer destination LAN information and file transfer permission necessity information; and a file transfer workflow processing part for starting file transfer between a first LAN segment and a second LAN segment in a system-like manner on the basis of the LAN information of the data storage part. When the gateway system receives a file transfer instruction, the file transfer workflow processing part specifies the communication direction or transfer direction of the file transfer on the basis of the LAN information, and starts the file transfer between the first LAN segment and the second LAN segment by passing a file transfer approval route or through the file transfer approval route on the basis of the file transfer permission necessity information.

Description

  The present invention relates to a file transfer gateway system, a file transfer method, and a file transfer approval determination method.

  In particular, the present invention relates to a workflow type file transfer gateway system suitable for use when transferring files between LAN segments in different environments.

  As background art of this technical field, there are JP-A-2001-175565 (Patent Document 1) and JP-A-2005-38145 (Patent Document 2).

  The gazette of Patent Document 1 states that “a metadata handler that manages first metadata information to be given to each combination of one or more of people, things, and information, and each of the combinations includes first policy information. In a security integrated operation management system in which a policy handler that is controlled in accordance with an integrated operation management server that manages second metadata information and second policy information is connected, the integrated operation management server includes the metadata The metadata type and value format as the first metadata information given by the handler are defined, the defined metadata type and value format, the metadata type and value format managed by the metadata handler, And the metadata handler is defined by the integrated operation management server. The first metadata information associated with a type is assigned to each of the combinations, and the integrated operation management server defines a first control action for each value of the metadata with respect to the second policy information The defined first control action is associated with the first policy information managed by the policy handler, and the policy handler detects the first metadata information assigned to each of the combinations. Then, each of the combinations based on the first policy information is controlled under the control action associated with the detected first metadata information by the integrated operation management server. Security integrated operation management system and various security controls that control people, goods and information. The operation of the product is described as reliably and flexibly performed "(see claim 1 and abstract).

  Further, the gazette of Japanese Patent Application Laid-Open Publication No. 2003-228561 discloses a method for determining an approval route of an approval document requested to be approved in an electronic approval system that executes an electronic document approval flow. Obtaining data specifying the document category, obtaining data specifying a group selected from a plurality of groups to which the drafter belongs from the drafter system, and from a pre-registered table according to authority An approval rule for specifying an approver and selecting an approval rule corresponding to the document category; and a user belonging to a group specified by the data for specifying the group, the authority of the determined approval rule An approval route having a step of selecting a user corresponding to, from a pre-registered table It is described as a constant process "and" to provide an electronic authorization system capable of document circulation by appropriate authorization rules in accordance with the document "(see claim 1 and abstract).

JP 2011-175565 A JP 2005-38145 A

  Patent Document 1 describes a security integrated operation management system that reliably and flexibly operates various security countermeasure products that control people, things, and information by controlling each combination based on policy information. ing.

  Further, Patent Document 2 describes an approval route determination method for determining a user corresponding to the authority of the determined approval rule using an authority table and a user table.

  However, the system disclosed in Patent Literature 1 and the approval route determination method disclosed in Patent Literature 2 are used to transfer file LAN information and destination LAN information (files) when a file is transferred between a plurality of segments in different environments. It is not taken into consideration that file transfer is performed by systematically determining whether or not a file needs to be approved based on information indicating the transfer / communication direction) and file check information.

  Therefore, the present invention provides a file transfer gateway system, a file transfer method, and a file that can make file transfer systematically determined when transferring files between segments in different usage environments. Provide an approval decision method.

  In addition, when a file transfer request is received from the file transfer source, the file is checked without obtaining the file transfer approval by checking the file, for example, checking the file transfer destination LAN, security, transfer approval necessity and the like, and the check result. Workflow-type file transfer gateway system that can automatically determine whether to start file transfer after passing the transfer approval process flow, or to start file transfer after obtaining approval from the approver via the file transfer approval process flow Provide file transfer method and file approval decision method.

  In order to achieve the above object, the present invention checks a file systematically based on a holding unit that holds information necessary for file transfer, and information on the holding unit, and starts file transfer according to the check A file transfer work processing unit.

  The file transfer work processing unit includes, for example, a check function for checking the contents of a file, an approval function for determining whether file transfer approval is necessary based on the check function, a file transfer function for starting file transfer, and the like.

  For example, a file transfer gateway system, a file transfer method, and a file transfer that can reduce the risk of information leakage, efficiently transfer files, and improve operational efficiency in file transfers between multiple LAN segments in different usage environments An approval decision method can be provided.

It is a schematic block diagram of the example of application of the file transfer gateway system of this invention. It is a block diagram which shows the relationship between the approver terminal of a file transfer gateway system, a gateway system integrated database, and each LAN segment. It is a block diagram which shows the example of 1 structure of an approver terminal. It is a flowchart which shows the file transfer work processing flow from the file transfer start to completion in a file transfer gateway system. It is a figure which shows the example of the login screen displayed on the display of a file transfer terminal. It is a figure which shows the example of the transfer application screen displayed on the display of a file transfer terminal. It is a figure which shows the example of the approver screen displayed on the display of the output part (display part) of an approver terminal. It is a figure which shows the example of the security check result screen displayed on the display of the output part (display part) of an approver terminal. It is a figure which shows the content of the user management table in a gateway system integrated database. It is a figure which shows the content of the LAN information table in a gateway system integrated database. It is a figure which shows the content of the security check table in a gateway system integrated database. It is a figure which shows the content of the file transfer status table in a gateway system integrated database.

  Embodiments of the present invention will be described below with reference to the drawings. First, the file transfer system will be described.

  At present, with the advancement of information technology, information including files is actively exchanged between communication terminals via a network. Along with this, leakage of communication information, that is, secret information is increasing. Among them, information leaks due to human error to files containing confidential information are continually becoming one of the factors that cause corporate trust to be lost. Therefore, a system-like check function is required in order to prevent information leakage for file transfer via the network.

  As security measures, for example, security measures for people, things, and information in the organization, such as entry / exit management as security measures for people, asset management as security measures for goods, and document management as security measures for information, have been mainly used.

  In this situation, there is an increasing need for a system that specializes in security measures for electronic files. For example, security checks are mainly used for workflow-type approval actions. However, in order to improve operational efficiency while ensuring security measures, an approval act is not necessarily required depending on preset contents.

  The checks on the contents of the electronic file were mainly human checks. In addition, in the case of approval judgment, the approval is based on the declaration of the person in charge, the approver approves only by rough confirmation, or approves without confirmation, and transfers the electronic file that may contain confidential information. It was.

  In view of the actual situation, the present invention corrects the above-mentioned problem at the time of transferring an electronic file. For example, a holding unit for holding LAN information including a plurality of transfer destinations and transfer sources, information on file checking, and a file transfer workflow processing unit for enabling systematic determination of file transfer based on these information are provided. Is.

  The file transfer gateway system described below is a gateway system that is arranged between a plurality of LAN segments and performs file transfer between a transfer source LAN segment and a transfer destination LAN segment.

  The gateway system includes a storage device including a data holding unit including transfer source LAN information, transfer destination LAN information, and file check information of a plurality of LAN segments, and a transfer source LAN segment having information on the data holding unit of the storage device A file transfer approval apparatus including a file transfer work processing unit that systematically starts file transfer between LAN segments as transfer destinations.

  When the gateway system receives a file transfer instruction from the LAN segment of the transfer source, the file transfer work processing unit specifies the communication direction or transfer direction of the file transfer based on the LAN information (transfer source and transfer destination information), Based on the file check information, it is determined whether or not the file transfer between the transfer source LAN segment and the transfer destination LAN segment is necessary, that is, whether the file transfer approval route is passed or the file transfer approval route is passed, Start file transfer.

  Further, the file transfer method is arranged between the first LAN segment and the second LAN segment, and includes a database including a plurality of LAN information and check information for checking the contents of the file, and the database information. This is a file transfer method in a gateway system having a file transfer work processing unit for performing a systematic file transfer check and performing file transfer between a first LAN segment and the second LAN segment.

  When the gateway system receives a file transfer instruction, the file transfer work processing unit specifies the communication direction or transfer direction of the file transfer from the first or second LAN segment based on the LAN information of the database, and checks information File transfer workflow processing function for checking the contents of a file based on the above.

  In the file transfer workflow process, in the step of determining whether or not the check information stored in the database matches, and the step of determining whether or not the check information matches, the second or first segment And the step of starting the file transfer after obtaining the approval of the manager if they do not match.

  According to the file transfer gateway system and the file transfer method of the embodiment, even if a plurality of LANs exist at the file transfer destination, the approver needs to approve the file transfer depending on the LAN segment and the electronic file check result. No setting is possible.

  For example, in some cases there is no confidential information, and if it is acceptable to transfer an electronic file, it is possible to transfer the file without approval, that is, without the approval effort by the approver. Can be done efficiently.

  More specifically, the file transfer workflow processing unit has a file check flow processing function, for example, a check function that systematically checks whether there is confidential information preset in the electronic file to be transferred, and an approval function. And a file transfer function.

  Check items for executing the check function can be arbitrarily added. When a file containing confidential information is unavoidably transferred, the check result is confirmed, and the file transfer is started when the approver approves it.

  As a result, it is possible to automatically check whether there is a problem because the file contains personal information, and the risk of information leakage can be reduced.

  For example, when a file transfer approval request from the transfer source to the transfer destination is received, it is possible to check whether personal information or the like is included in the file to be transferred systematically (automatically).

  In addition, a plurality of transfer destination LAN information (information indicating the communication direction), information for checking a file, and the like are held, and a policy can be determined for these information to make a systematic determination.

  In addition, a file transfer approval flow processing unit is provided that performs file transfer approval necessity when file transfer approval is required by the file check function of the file transfer workflow processing unit.

  The risk of information leakage can be reduced by the flow processing unit.

  In addition, the file check flow processing unit and the file transfer approval flow processing unit include a step of determining whether transfer of the transfer destination LAN is possible, and a step of enabling transfer approval of the transfer destination LAN, and further including the transfer destination An approval determination method comprising: determining whether or not LAN transfer is possible; performing transfer approval of the transfer destination LAN; and disabling approval of the transfer destination LAN.

  By adopting such a configuration, according to the method for determining the approval route of the transfer file requested for approval, the risk of information leakage can be reduced.

  In the file transfer approval flow process, the approval route can be changed depending on the transfer file requested to be approved, and whether or not the transfer to the transfer destination LAN is determined by the user. A flow is provided that does not require approval depending on the LAN of the transfer destination.

  In the present embodiment, an example of a workflow type file transfer gateway system suitable for use when performing file transfer between segments in different environments will be described. Here, between the segments in the environment where the usage is different may be not only the relationship environment within the company but also the relationship environment between the LAN segments between the company and the outside.

  FIG. 1 is a configuration diagram of a workflow type file transfer gateway system according to the present embodiment. A gateway system (hereinafter referred to as a GW system) 100 includes a storage device 110 and a file transfer approval device 120.

  The storage device 110 includes, for example, LAN information (information indicating the transfer direction / communication direction) including a plurality of transfer destinations and transfer sources, which will be described later, and information related to file checking (user ID, group ID, mail address, approval necessity, approval) A data holding unit that holds information such as possible group IDs and check references, and includes, for example, a gateway system integrated database 1101 (hereinafter referred to as a GW system integrated DB) described later.

  The file transfer approval device 120 includes, for example, a LAN 1 to a LAN 4 between an office automation (OA) LAN segment 200 of a department that performs internal work and a development LAN segment 300 of a department that develops a system based on a client's request. In the case of transferring a file via a device, the device approves the transfer and has an approver terminal 1201 to be described later. In this example, the user ID of the file transfer approval device 120 is set to user101, and the mail address is set to user101 @ zzz.

  A segment is a range in which a packet (divided communication data) sent from one device unconditionally reaches one unit of a network in a LAN (for example, 10BASE-2, 5, T). It can be said that it is a collection of network nodes connected by one cable, that is, one network configuration.

  The OALAN segment 200, the development LAN segment 300, and the service providing LAN segment 400 are connected via a network (LAN in this example). The development LAN segment 300 and the service providing LAN segment 400 include a plurality of directories.

  Further, when the file transfer approval device 120 receives a file from the file transfer terminal 001 of the OALAN segment 200, for example, the file transfer approval device 120 receives the file transfer approval request from the recording processing function for temporarily storing the file, the storage device 110 And a file transfer processing function for performing a file transfer workflow process for the file based on the information of the GW system integration DB 1101. The file transfer approval is performed by an approver from an input unit such as a keyboard of the file transfer approval device 120.

  The LAN segment 200 includes a plurality of file transfer terminals 001 and 002 and a LAN 1 to which these are connected.

  The development LAN segment 300 includes a plurality of file transfer terminals 006 and 007 and a LAN 2 to which these are connected.

  The plurality of file transfer terminals 001, 002 and 006, 007, 008, 00x are constituted by information processing apparatuses capable of transferring files between them. Hereinafter, the file transfer terminal will be described.

  The plurality of file transfer terminals 001 and 002 are set with user IDs “user001” and “user002” and mail addresses “user001 @ zzzz” and “user002 @ zzzz”, respectively. Similarly, in the plurality of file transfer terminals 006 and 007, user IDs are set to user006 and user007, and mail addresses are set to user006 @ zzz and user007 @ zzz, respectively.

  FIG. 2 is a configuration diagram showing a relationship between the approver terminal 1201 of the file transfer approval device 120 in the GW system 100, the GW system integration DB 1101, and the file transfer terminals 001, 006, 007, 008, and 00x of each segment 200 and 300. is there.

  The file transfer terminal 001, the approver terminal 1201, and the file transfer terminals 006, 007, 008, 00x are connected to LAN1 and LAN2 to LAN4. The number of LANs is not limited and any number of LANs may be accommodated.

  The GW system 100 includes a GW system integration DB 1101 in addition to the approver terminal 1201.

  The GW system integration DB 1101 has a database for managing a user management table T1, a LAN information table T2, a security check table T3, and a file transfer status table T4.

  The user management table T1 is a table for managing users (users) and approvers. For example, as shown in FIG. 5, user IDT11 (user001 ...), group IDT12 (grp01 ...), authority T13 (user, SV ...), e-mail address (user001 @ zzzz ...) T14, etc. Have each information. Here, the e-mail address is used when the administrator's approval is required in the security check process.

  The LAN information table T2 is a table for managing an administrator group that can be authorized by each LAN. For example, as shown in FIG. 6, including a transfer source LAN (LAN1...) T21 and a transfer destination LAN (LAN2...) T22, information indicating a communication / transfer direction and a group ID (grp01...) T23, It includes approval information (necessity required) T24 and approveable group ID (grp03, Null...) T25.

  The security check table T3 is a table that defines a reference that determines what kind of security check is executed. For example, as shown in FIG. 7, each item includes check item T31 for specifying confidential information and a plurality of check references T32, T33, T34, and T35. The check item T31 includes, for example, a telephone number, an address, a credit card number, an account transfer number, and the check reference includes information corresponding to the item's phone number, address, credit card number, account transfer number, and the like. Is stored. The check references T32 to T35 can be freely added and deleted by the user, and the number of check references T32 to T35 may be set without limitation.

  The file transfer status table T4 is a table for managing the status of file transfer. For example, as shown in FIG. 8, applicant user ID (user001 ...) T41, transfer source LAN (LAN1 ...) T42, transfer destination LAN (LAN2 ...) T43, approver user ID (user101, Null) ...) T44, approval result (approval, return, Null...) T45, security check (OK, NG), transfer result (OK, Null).

  FIG. 3 is a configuration diagram illustrating an example of the approver terminal 1201 of the GW system 100. The approver terminal 1201 includes an information processing apparatus, and includes a CPU 1200, a storage unit (memory) 1201, an input unit 12013, an output unit 12014, a file transfer unit 12015, and a memory 12016.

  The CPU 12011 has file transfer work processing flow units 120111 to 120116 that manage the GW system integration DB 1101 and perform control based on a program for realizing a file transfer work process flow to be described later.

  That is, the CPU 12011 executes the login determination processing function, the file transfer instruction function, the LAN information check processing function, the security check processing function, the administrator approval processing function, the file transfer approval necessity check processing function, and the like according to the program. Have

  The storage unit 12012 has a memory for storing a program for executing a workflow. The input unit 12013 includes a keyboard, a mouse, and the like on which an approver performs file transfer approval necessity.

  The output unit 12014 includes a display unit such as a display for displaying information necessary for processing operations such as file transfer approval by the administrator. The memory 12016 temporarily stores a transfer file from the file transfer terminal 001.

  FIG. 9 is a diagram showing a login screen that is displayed on the display and is manually operated when performing GW system login from the file transfer terminal 001 for file transfer, for example.

  For example, as shown in FIG. 9, the login screen 001A includes a user ID 001A1, a password 001A2, and a transmission button 001A3. The user ID and password can be input from the login screen, and the transmission button can be pressed.

  FIG. 10 is a diagram showing a transfer application screen displayed on the display when file transfer is performed.

  The transfer application screen 001B includes, for example, a user ID 001B1, an approver 001B2, a transfer LAN 001B3, a transfer file 001B4, a transfer file content 001B5, a transfer reason 001B6, a send button 001B7, and a cancel button 001B8, as shown in FIG. On the application screen 001B, the approver, transfer LAN, transfer file, transfer file content, transfer reason, and the like can be input. The number of transfer file input fields need not be three. Further, the transmission button 001B7 and the cancel button 001B8 can be pressed.

  FIG. 11 is a diagram showing an approver screen that is displayed on the display of the approver terminal 1201 and allows the transfer LAN, transfer file, transfer file content, and transfer reason to be input.

  For example, as shown in FIG. 11, the approver screen 12014A includes an approver ID 12014A1, an approval requester ID 12014A2, a transfer LAN 12014A3, a transfer file 12014A4, a transfer file content 12014A5, a transfer reason 12014A6, a transfer file security check result 12014A7, and an approval button 12014A8. , A return button 12014A9 and a cancel button 12014A10, and the approver screen allows the transfer LAN, transfer file, transfer file contents, transfer reason, and the like to be input.

  The number of input fields of the transfer file 1029A4 may not be three. The approver ID 12014A1 and the approval requester ID 12014A2 may be displayed. Further, the approval button 12014A8, the return button 12014A9, and the cancel button 12014A10 can be pressed. Also, it is assumed that the transfer file security check result 12014A7 can be confirmed.

  FIG. 12 is a diagram showing a screen displayed on the display of the approver terminal 1201 and allowing confirmation of the details of the transfer file security check result.

  The security check confirmation screen 12014B includes, for example, a name (OK) 12014B1, TEL (NG) 12014B2, a credit card (OK) 12014B3, an approval button 12014B8, a return button 12014B9, and a cancel button 12014B10 as shown in FIG. The security check status can be confirmed on the screen.

Next, the file transfer work process flow will be described.
FIG. 4 is a flowchart showing the operation from the start of transfer based on the file transfer approval request from the file transfer terminal 001 of the OALAN segment 200 to the completion of transfer to the file transfer terminal 006 of the development LAN segment 300, for example.

  A user who transfers a file first executes a GW system login process flow of the file transfer work process flow from the file transfer terminal 001.

  That is, the user ID 001A1 and the password 001A2 are input on the login screen 001A (see FIG. 9) of the file transfer terminal 001. Thereafter, the transmission button 001A3 is pressed to log in to the GW system 100 (step S401).

  Then, the file transfer terminal 001 determines whether or not login has been completed by confirming the user ID and password on the login screen (step S402).

  As a result of the determination, if the login is successful (Yes), the user inputs information 001B1 to 001B6 that can be input on the transfer application screen 001B (see FIG. 10) of the file transfer terminal 001. Thereafter, the transmission button 001B7 is pressed to instruct file transfer (step S403).

  Here, when login is not possible (No), the process proceeds to GW system login (step S401). This file transfer instruction (step S403) is made based on information (authority T13) in the user management table T1.

  After the file transfer terminal 001 issues a file transfer instruction to the GW system 100 (step S403), the GW system 100 executes the following file transfer work process flow. The file transfer workflow process includes a check workflow process for checking file contents and security, and a file transfer approval work process flow.

  First, LAN information sent from the file transfer terminal 001 based on the LAN information (table information) T2 in the LAN information table T2 (see FIG. 6), that is, information such as the transfer source LAN and the transfer destination LAN is stored in the LAN information table. It is confirmed whether or not it exists or matches T2 (step S404).

  If it exists or matches (Yes), a file security check is performed (step S405).

  If it exists or does not match (No), the process proceeds to a file transfer instruction (step S403).

  The security check (step S405) is performed based on the security check information (table information) T3 of the security check table T3 (see FIG. 7). That is, it is confirmed whether or not the check items T31 to T35 set in the security check table T3 exist or match (step S405).

  If it exists or matches (Yes), a transfer approval necessity check is performed by busing the file transfer approval route of an administrator notification process (step S404) and an administrator approval process (step S408) described later (step S406). The transfer approval necessity check (step S406) confirms whether transfer approval is necessary based on the approval necessity information T24 in the LAN information table T2.

  In the reinsurance approval necessity check (step S406), if transfer approval is required (Yes), the process proceeds to the administrator notification process (step S407) of the file transfer approval route.

  That is, if approval is required, the administrator notification process (step S407) is performed in the security check (step S405) regardless of the check result OK (Yes) or NG (No). The administrator notification is performed using the mail address T14 of the user management table T1.

  If transfer approval is not required (No), notification to the administrator and approval are not obtained, that is, the file transfer approval route (steps S407 and S408) is bused to start file transfer from the file transfer terminal 001 ( In step S409, the file is transferred to the file transfer terminal 006 of the development LAN segment 300.

  After this file transfer is completed (step S410), the file transfer work process flow is ended (step S411).

  On the other hand, when the security check (step S405) does not match the information in the check item T31 of the security check table T31 (No), the process proceeds to the administrator notification of the file transfer approval route (step S407).

  The administrator notification (step S407) is obtained by pressing the approval button 12014A8 after inputting information 12014A3 and 12014A4 that can be input by the approver on the approver screen 12014A (see FIG. 11) of the approver terminal 1201. Based on the approval necessity information T24 of T2, it is confirmed whether or not manager approval (file transfer approval) is necessary (step S408).

  If administrator approval is required (Yes), file transfer from the file transfer terminal 001 is started after obtaining approval from the administrator (step S409), and file transfer is performed to the file transfer terminal 006 of the development LAN segment 300. Do.

  After this file transfer is completed (step S410), the file transfer work process flow is ended (step S411). If administrator approval is not required, the file work processing flow ends.

  If there is a problem with the security check (step S405), check contents 12014B1 to 12014Bx are confirmed on the security check result screen (FIG. 12) from the approver screen (see FIG. 10) of the approver terminal 1201, and the file transfer work process The flow ends (step S411), and appropriate measures are taken.

  According to the above-described embodiment, when an administrator's approval is required at the time of file transfer between different segments, the approver terminal 1201 having a function for preventing leakage of confidential information is systematically checked. In particular, it can be expected to reduce the risk of information leakage at the time of file transfer between different segments.

  In addition, this invention is not limited to the Example mentioned above, Various modifications are included. For example, the above-described embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described. In addition, a part of the configuration of the embodiment can be replaced with another configuration. Further, it is possible to add, delete, and replace other configurations for a part of the configuration of the embodiment.

  Moreover, you may implement | achieve the said structure, a function, a process part, a process means, etc. with hardware by designing a part or all of them with an integrated circuit. The above configuration, functions, and the like may be realized by software by the processor interpreting and executing a program that realizes each function. Information such as programs and tables for realizing each function can be stored in a recording device such as a memory or a hard disk, or a recording medium such as an IC card.

  Further, the control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.

100 Gateway system 200 OALAN segment 300 Development LAN segment 001 to 00x File transfer terminal 1201 Approver terminal 1101 GW system integrated DB
12012 Storage unit 12013 Input unit (keyboard)
12014 Output unit (display)
12015 File transfer unit T1 User management table T2 LAN information table T3 Security check table T4 File transfer status table 12011 CPU
120111 GW system login case processor 120112 file transfer instruction processor 120113 LAN information check processor 120114 security check processor 120115 administrator approval processor 120116 file transfer approval necessity check processor 001A login screen 001B transfer application screen 12014A approver screen 12014B Security check result screen

Claims (6)

A gateway system that is arranged between a plurality of LAN segments and performs file transfer between a transfer source LAN segment and a transfer destination LAN segment,
The gateway system is
A storage device including a data holding unit including transfer source LAN, transfer destination LAN information and file check information of the plurality of LAN segments;
A file transfer approval device including a file transfer workflow processing unit that systematically starts file transfer between the transfer source LAN segment and the transfer destination LAN segment with the information of the data holding unit;
The file transfer workflow processing unit
When the gateway system receives a file transfer instruction from the LAN segment of the transfer source, the communication system or transfer direction of the file transfer is specified based on the LAN information, and the transfer source of the transfer source is determined based on the file check information. A file transfer gateway system for determining whether a file transfer between a LAN segment and the LAN segment of the transfer destination passes a file transfer approval route or a file transfer approval route, and starts file transfer. . The file transfer gateway system according to claim 1,
In the data holding unit, the file check information includes file security check information and file transfer approval necessity check information, and based on the information, the file transfer information is transferred from the transfer source segment to the transfer destination. A flow that checks the contents of application information, and if the check results require approval by an approver, the file transfer can be performed after obtaining approval by the approver via the file transfer approval route A file transfer gateway system characterized by having a processing function. The file transfer gateway system according to claim 1,
When the file transfer workflow processing unit receives the file transfer instruction,
Based on the information in the data holding unit, file transfer application information from the transfer source LAN segment to the transfer destination LAN segment is checked in the LAN of the communication direction or transfer direction of the file, the security check of the file, whether the file transfer approval is required If a security check has been performed as a result of the security check and the file transfer approval is rejected, the file transfer is started. If the security check has not been performed or the file transfer approval is required The file transfer gateway system, wherein the file transfer is started after the administrator approval process of the file transfer approval route. A database that is arranged between the first LAN segment and the second LAN segment and includes a plurality of LAN information and check information for checking the contents of the file, and systematic file transfer check based on the database information A file transfer method in a gateway system having a file transfer workflow processing unit for performing file transfer between the first LAN segment and the second LAN segment,
The file transfer work processing unit
When the gateway system receives a file transfer instruction, based on the LAN information in the database, the communication direction or transfer direction of the file transfer is specified from the first or second LAN segment, and the check information is also stored. And having a file transfer workflow processing function for checking the contents of the file, in the file transfer workflow processing, determining whether or not the check information stored in the database matches, whether or not the match In the step of determining the file, if it matches, the step of starting the file transfer to the second or first segment, and if not, start the file transfer with the approval of the administrator. And a file transfer gateway system characterized by comprising: Kicking file transfer method. A file transfer method in the file transfer gateway system according to claim 4,
When the file transfer workflow processing unit receives the file transfer instruction,
Performing LAN information check of file transfer application information from the first or second LAN segment based on the information in the database;
Performing a file security check based on the database information; and
Performing a file transfer approval necessity check based on the information in the database;
As a result of the security check, if the check has been made and if transfer approval is necessary or not, the step of starting file transfer;
If the check has not been made, and if the transfer approval is required, after receiving the manager approval process, starting file transfer; and
A file transfer method in a file transfer gateway system, comprising: A database that is arranged between the first LAN segment and the second LAN segment and includes communication direction information from a plurality of transfer source LAN information and transfer destination information, and a system file based on the information in the database File transfer approval determination method for determining a file transfer approval route between the first LAN segment and the second LAN segment in a gateway system having a file check flow processing unit and a file transfer approval flow processing unit for performing a transfer check Because
Determining whether or not to transfer the transfer destination LAN in the file check flow processing unit and the file transfer approval flow processing unit;
Enabling transfer approval of the transfer destination LAN;
And determining whether transfer of the transfer destination LAN is possible,
Performing transfer approval of the transfer destination LAN;
Making it unnecessary to approve the transfer destination LAN;
And a file transfer approval determination method.

Images