JP2016099924A - Information processing device, information processing system, information processing method, and computer program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing device or the like capable of issuing an arbitrary request by using information representing the validity of a request transmitted to a server, to be provided from the server.SOLUTION: An information processing device (801) includes first communication processing means (802) for receiving communication data including a first token representing the validity of a request transmitted to a server from the server (804) connected communicably through a communication line, and second communication processing means (803) which can generate the request including the first token held by the first communication processing means and transmit the generated request to the server, the second communication processing means being different from the first communication processing means.SELECTED DRAWING: Figure 8

Description

  The present invention relates to an information processing apparatus and the like that can transmit an arbitrary request to a server apparatus to which security measures are taken.

  In recent years, with the spread of communication network technology, various services have been provided via communication networks such as the Internet, and the number of websites that provide various services (Web services) using WWW (World Wide Web) has increased. Yes.

  As such websites increase, attacks targeting such users of the websites or services provided by the websites are also increasing. As one of such attacks, there is an attack method called request compulsion (Cross-site Request Forgery, hereinafter referred to as CSRF).

  A CSRF attack is a request (for example, unintended communication data) to another Web site to which the user is connected by allowing a user to access a link (for attack) or the like set on the Web site. , HTTP (Hyper Text Transfer Protocol) request), an attack technique forcing execution of operations on the Web application, and the like.

  As a specific example of a CSRF attack, using session information between a client (such as a web browser) used by a user and a server (hereinafter sometimes simply referred to as “server”) that constitutes a website, There is an attack that performs unauthorized HTTP request transmission. Such session information is, for example, data that can identify that an authentication process (hereinafter referred to as “Web authentication”) has been executed in a communication session between a client and a Web site. Shared with clients.

  In some cases, countermeasures against CSRF attacks are implemented on a website so as to suppress such attacks and not accept unauthorized requests not intended by the user. In this case, the server that configures the Web site uses an authentication token (hereinafter referred to as “CSRF token”) that is information used when verifying (authenticating) the validity of the request received by the server to the client. Provide (notify) content that contains it. In other words, the authentication token is information indicating the validity of the request transmitted from the client to the server, and the server can confirm the validity of the request by verifying (authentication) the authentication token. . Thereby, in communication between the server and the client, the authentication token (CSRF token) is transmitted / received separately from the session information.

  More specifically, for example, the server provides the client with content including a CSRF token as a hidden field (for example, a document described in HTML or the like). Then, the server authenticates the validity of the request based on whether or not the correct CSRF token is included in the request received from the client. If the CSRF token is invalid, the server excludes requests that contain such an illegal CSRF token. By performing such CSRF countermeasures, any request that does not include the correct CSRF token is eliminated on the server side.

  In relation to such CSRF countermeasures, for example, the following patent documents are disclosed.

  Patent Document 1 (Japanese Patent Laid-Open No. 2013-134655) discloses a technique for taking a countermeasure against vulnerability to CSRF attack in a web application. The technology disclosed in Patent Document 1 holds an authentication token set in content for CSRF countermeasures on the server side and a session ID (Identifier) that is shared between the server and the client. Calculate from the control value. Thereby, the technique disclosed in Patent Document 1 can confirm the validity of the authentication token given to the request transmitted from the client without holding the authentication ID itself in the memory on the server side. .

  Patent Document 2 (Japanese Patent Laid-Open No. 2013-003820) holds a token embedded in content for CSRF countermeasures, a cookie shared between the server and the client, and the server side, as in Patent Document 1 above. A technique for calculating using a hidden key is disclosed.

  Patent Document 3 (Japanese Patent Application Laid-Open No. 2010-165079) discloses a user terminal in which a user terminal is logged in to a specific server in a communication network including a server and a user terminal connected via a communication network. A technique for blocking a request to another server from the server is disclosed. Since the technique disclosed in Patent Document 3 uniformly restricts the transmission of requests to other servers when the user terminal is logged in to a specific server, the transmission of unauthorized requests can be uniformly suppressed. .

JP 2013-134655 A JP2013-003820A JP 2010-165079 A

  As described above, implementing CSRF countermeasures in a Web server or Web application is important from the viewpoint of security. However, when such a countermeasure is implemented, even if it is a legitimate request intended by the user, if the correct CSRF token is not included, the legitimate request is guarded (excluded) on the server side.

  When a user issues (transmits) an arbitrary request to a server (Web site), the correct CSRF token is not always included in the request. In many cases, the CSRF token is generated on the server side, and a value (for example, a random value) that cannot be guessed by an attacker is set. As a result, even if the user intentionally sends an arbitrary request to the server without going through the content including the CSRF token, it is difficult to obtain the CSRF token, and as a result, a valid request may not be sent. is there. In this case, there is a problem that user convenience is reduced. In addition, providing an application that can execute an arbitrary request in a Web browser or the like that has acquired content including a CSRF token is from the viewpoint of countermeasures against other security problems (for example, XSS (Cross Site Scripting)). Not necessarily desirable.

  On the other hand, Patent Document 1 and Patent Document 2 only disclose a technique related to a method for calculating and verifying CSRF tokens in known CSRF countermeasures, and are techniques that can solve the problems described above. Absent. Further, the technique disclosed in Patent Document 3 is a technique for blocking a request transmitted from a client to a server by a relay apparatus that performs transmission restriction, and is not a technique that can solve the above-described problem.

  The present invention has been made in view of the above circumstances. That is, the present invention provides an information processing apparatus and the like that can issue an arbitrary request to the server by using information provided from the server and indicating the validity of the request transmitted to the server. Is the main purpose.

  In order to achieve the above object, an information processing apparatus according to an aspect of the present invention includes the following arrangement. That is, the information processing apparatus according to an aspect of the present invention receives communication data including a first token indicating the validity of a request transmitted to the server from a server that is communicably connected via a communication line. Generating the request including the first communication processing means and the first token held by the first communication processing means, and transmitting the generated request to the server. Second communication processing means different from the communication processing means.

  An information processing method according to one embodiment of the present invention includes the following configuration. That is, in the information processing method according to one aspect of the present invention, the information processing apparatus receives a first token representing the validity of a request transmitted from a server connected to be communicable via a communication line. Receiving the communication data using the first communication processing means, generating the request including the first token held by the first communication processing means, and different from the first communication processing means The generated request is transmitted to the server using the two communication processing means.

  In addition, the same object is achieved by an information processing apparatus having the above-described configuration and a corresponding information processing method by a computer program realized by a computer, a computer-readable storage medium storing the computer program, and the like. Is also achieved.

  According to the present invention, it is possible to provide an information processing apparatus or the like that can issue an arbitrary request to the server by using information provided from the server and indicating the validity of the request transmitted to the server. is there.

FIG. 1 is a block diagram illustrating a functional configuration of a user terminal and a server device according to the first embodiment of the present invention. FIG. 2 is a diagram illustrating functions provided by the second client and script according to the first embodiment of this invention. FIG. 3 is a block diagram illustrating a functional configuration of the second client according to the first embodiment of this invention. FIG. 4 is a block diagram illustrating a functional configuration of the Web server according to the first embodiment of this invention. FIG. 5 is a sequence (part 1) illustrating the operation of the user terminal and the server device according to the first embodiment of the present invention. FIG. 6 is a sequence (part 2) illustrating the operation of the user terminal and the server device in the first embodiment of the present invention. FIG. 7 is a sequence (part 3) illustrating the operation of the user terminal and the server device in the first embodiment of the present invention. FIG. 8 is a block diagram illustrating a functional configuration of the information processing apparatus according to the second embodiment of this invention. FIG. 9 is a diagram illustrating a hardware configuration capable of realizing the information processing apparatus according to each embodiment of the present invention.

  Next, embodiments of the present invention will be described in detail with reference to the drawings. The configurations described in the following embodiments are merely examples, and the technical scope of the present invention is not limited thereto. In addition, the information processing apparatus described in each of the following embodiments may be realized by a dedicated hardware device, or a system realized by using one or more physical computers or virtual computers, or a combination thereof. It may be realized as. A hardware configuration capable of realizing such an information processing apparatus will be described later.

  Prior to the description of each embodiment of the present invention, technical background and problems related to the present invention will be described in detail in order to facilitate understanding of the present invention.

  With the development of information communication technology, information devices incorporating the Web service or Web application as described above are becoming popular. More specifically, for example, a Web server function may be implemented in a BMC (Base Board Management Controller) that can control an information processing apparatus (computer or the like) constituting various server apparatuses. .

  The BMC is incorporated in the information processing apparatus in the form of firmware (for example, firmware incorporated in a base board), for example, and executes power control, sensor monitoring, various information acquisition, and the like regarding the information processing apparatus. When the BMC has a Web server function, the information processing apparatus can be operated or information can be acquired using a request (HTTP request) to the Web server. In this case, the request may include various control commands for the BMC, for example.

  When the above-described well-known CSRF countermeasure is implemented in a BMC having a Web server function, a request that does not include a valid CSRF token is excluded by the Web server. That is, when such CSRF countermeasures are implemented, it may not be possible to freely issue various commands using an arbitrary request (HTTP request) to the BMC and acquire information. An arbitrary request in this case is transmitted to the BMC server without going through the content in which the CSRF token is set (for example, the HTML form in which the CSRF token is set in the “hidden” field). It is a request.

  More specifically, in this case, a client (for example, an application such as a web browser) directly provided with a CSRF token from a web server, or a CSRF token directly to a BMC web server without passing through setting contents, etc. It becomes difficult to send arbitrary requests. This may impair user convenience.

  In view of the above, in each embodiment described below, BMC having a Web server function is taken as a specific example, and information (CSRF token) indicating the validity of a request transmitted from the server is transmitted from the server. A technique for enabling an arbitrary request to be issued to the server will be described. In addition, this invention is not limited to this, It is applicable to arbitrary Web servers other than BMC.

<First Embodiment>
Hereinafter, a first embodiment of the present invention will be described. In the following, a system configured by a server device having a BMC that provides a Web server function and a client device (user terminal) that transmits various requests to the Web server will be described as a specific example.

  FIG. 1 is a block diagram illustrating a specific example of functional configurations of the client terminal 101 and the server apparatus 102 in the present embodiment. As illustrated in FIG. 1, in the present embodiment, a user terminal 101 and a server apparatus 102 including a BMC 103 are connected to be able to communicate with each other via an arbitrary communication network.

  The communication network that connects the user terminal 101 and the server apparatus 102 may be a wide area network such as the Internet, or a local area network such as a LAN (Local Area Network). In the present embodiment, it is assumed that the user terminal 101 and the server apparatus 102 can communicate with each other using the IP (Internet Protocol) protocol. Further, it is assumed that various requests using the HTTP protocol can be transmitted and received between the user terminal 101 and the server apparatus 102 (particularly, a Web server 103a described later).

    The user terminal 101 is an information processing apparatus that is communicably connected to a server apparatus 102 described later via a communication network (communication line). Such a user terminal may be, for example, any information processing apparatus (for example, various computers, portable information terminals, etc.) having a communication function.

  The user terminal 101 has a web browser 101a. A Web client 101b, a script 101c, and a second client program (hereinafter simply referred to as “second client”) 101d executed on the Web browser 101a and a user terminal 101a are a BMC 103 in the server apparatus 102 to be described later. Obtained from.

  The Web browser 101a is a software program (various computer programs) that can interpret various contents provided by the Web server. The Web browser 101a may be a well-known browser application that is now widely known. Note that the Web browser 101a may be provided as an application having a UI (User Interface, user interface) that can be used by the user 104 described later. The Web browser 101a may be provided as a library that provides functions for communication processing and content interpretation processing.

  The Web browser 101a acquires (receives) these by issuing a request to acquire the Web client 101b and the script 101c to the Web server 103a described later. At this time, an authentication process may be executed between the Web browser 101a and the Web server 103a, and a Cookie (session information) indicating a authenticated session and a CSRF token may be issued. Such a Cookie may be set in the Web browser 101a. Such CSRF token may be set in the acquired content (for example, the Web client 101b). When the Web browser 101a transmits a request (HTTP request) to the Web server 103a, the Cookie and CSRF token are added to the communication data. The authentication process, the cookie, and the CSRF token issuance may be executed between the Web client 101b and the Web server 103a described later.

  In response to a request from the user 104, the Web client 101b transmits various requests and receives responses with the Web server 103a described later. The Web client 101b includes a script 101c described later, and executes processing implemented in the script 101c. For example, the Web client 101b is held as the content 103b in the BMC 103 in the server apparatus 102, and is acquired by the Web browser 101a via the server 103a.

  The Web client 101b can be realized as content that is interpreted and executed by the Web browser 101a, for example. In this case, the content may be a document described in HTML (HyperText Markup Language) or the like. In addition, the content may be a program (computer program) executed on the user terminal 101 side described in a program description language such as JavaScript (registered trademark) or Java (registered trademark). The content may include, for example, processing using CGI (Common Gateway Interface), JSP (Java Server Pages), or the like processed in the Web server 103a.

  The Web client 101b may execute communication processing with the Web server 103a using the function of the Web browser 101a.

  The script 101c is content included in the Web client 101c, and may be realized as a part of the Web client 101c. For example, the script 101c is stored as the script 103c in the BMC 103, and is acquired by the Web browser 101a via the server 103a.

  As illustrated in FIG. 2, the script 101c (script 103c) has the following functions. These functions can be realized by a program in which processing for realizing each function is implemented. The script 101c and the script 103c may be the same.

A function for acquiring CSRF tokens (201 in FIG. 2),
A function for acquiring a second client program (202 in FIG. 2);
A function of providing a CSRF token and starting a second client program (203 in FIG. 2).

  The Web client 101b uses the function of the script 101c described above to acquire the second client 101d from the Web server 103a in response to a request from the user 104, and starts the acquired second client 101d. At this time, the Web client 101b (script 101c) provides the CSRF token to the second client 101d.

  For example, when the second client 101d is realized as a program implemented by Java (registered trademark) or the like, the Web client 101b may specify a CSRF token as an argument when starting the program. More specifically, for example, the Web client 101b dynamically generates an HTML including a CSRF token in a startup tag of a Java (registered trademark) program (such as an applet), and loads the HTML so that the second The client 101d may be activated. Note that the present embodiment is not limited to this, and the method for starting the second client 101d and the method for providing the CSRF token to the second client are specific implementations of the second client. You may select suitably according to etc.

  The second client 101d is a program (computer program) that can be executed on the user terminal 101, and executes transmission of various requests and reception of responses with the Web server 103a. For example, the second client 101d may be a program implemented in a program description language such as Java (registered trademark). For example, the second client 101d is held as the second client 103d in the BMC 103, and is acquired by the Web browser 101a via the server 103a.

  The second client 101d (second client 103d) has the following functions as illustrated in FIG. Note that the second client 101d and the second client 103d may be the same.

-Function for accepting input of information used to create an arbitrary quest (HTTP request) (204 in FIG. 2),
A function for generating an arbitrary request based on input information (205 in FIG. 2),
A function for adding a CSRF token when an arbitrary request is issued (transmitted) (206 in FIG. 2),
A function for receiving a response to the request (207 in FIG. 2).

  These functions can be realized by a program in which processing for realizing each function is implemented. The user 104 transmits an arbitrary request to the server apparatus 102 (particularly, the Web server 103a in the BMC 103) using these functions realized by the second client 101d. That is, the user 104 issues (transmits) an arbitrary request to the Web server 103a using the second client 101d separated from the Web browser 101a.

  FIG. 3 is a diagram illustrating a specific example of a functional configuration of the second client 101d. Note that the configuration illustrated in FIG. 3 is one specific example, and what component the second client 101d is divided into may be selected as appropriate.

  The information input unit 301 is an information input interface that receives input of information used for creating a request from the user 104. The information input unit 301 provides the user 104 with a UI including, for example, a field in which information used to generate a request can be set, a request transmission button, and a field for displaying a response to the request. Also good. How to configure such a UI may be arbitrarily determined. For example, the user 104 may input a command for executing various controls related to the server apparatus 102, a command for acquiring information on the server apparatus 102, and the like to the information input unit 301.

  The request creation unit 302 creates (generates) a request using the information input to the information input unit 301. Such a request is, for example, transmission data transmitted to the Web server 103a by a POST request in HTTP. The specific format of the transmission data may be appropriately selected according to the specifications of the server apparatus 102.

  The CSRF token adding unit 303 adds a CSRF token to the request created by the request creating unit 302. As described above, the CSRF token is provided from the Web client 101b (script 101c) when the second client 101d is activated. Accordingly, the CSRF token adding unit 303 can refer to the correct CSRF token provided from the Web server 103a. Accordingly, the CSRF token adding unit 303 can set a correct CSRF token for a request transmitted to the Web server 103a.

  The communication unit 304 transmits the request with the CSRF token added to the server apparatus 102 (particularly, the Web server 103a). In addition, the communication unit 304 receives a response to the transmitted request from the server apparatus 102 (particularly, the Web server 103a).

  The response analysis unit 305 analyzes the response received from the server apparatus 102 by the communication unit 304. The response analysis unit 305 extracts, for example, the results of executing various commands by the BMC 103, various information acquired from the server apparatus 102, and the like from the received responses. The response analysis unit 305 may notify the information input unit 301 of the analysis result. The information input unit 301 may display the analysis result of the response analysis unit 305 on the UI.

  The second client 101d configured as described above may refer to (acquire) the CSRF token by referring to the script 101c or the Web client 101b. As an example, the script 101c and the Web client 101b are contents described using HTML and main script languages, and the second client 101d is a program (for example, an applet) implemented using Java (registered trademark). Assume that there is a case. In this case, the second client 101d can refer to the content (for example, HTML) that is the substance of the script 101c or the Web client 101b. Accordingly, the second client 101d can refer to (acquire) the CSRF token by referring to a field including the CSRF token in the content, for example.

  Specific operations of the user terminal 101 configured as described above will be described later.

  Next, a functional configuration of the server apparatus 102 will be described. The server apparatus 102 is configured using an information processing apparatus such as a computer. As illustrated in FIG. 1, the server apparatus 102 includes a BMC 103.

  The BMC 103 is a component that can execute various controls related to the server apparatus 102. The BMC 103 may be configured by hardware such as an arithmetic device (processor) (not shown) and a storage device (for example, a flash memory). In this case, the function of the BMC 103 may be provided by storing firmware (computer program) in which the BMC function is implemented in the storage device and executing the firmware by an arithmetic device (not shown). Hereinafter, a functional configuration of the BMC 103 will be described.

  The BMC 103 includes at least a Web server 103a. In addition, the BMC 103 may include a service processing unit 103e. In addition, the BMC 103 holds content 103b, a script 103c, and a second client 103d.

  The Web server 103a executes communication using the HTTP with the user terminal 101. Specifically, the Web server 103a receives a request (HTTP request) from the user terminal 101 (in particular, the Web browser 101a, the Web client 101b, and the second client 101d) and transmits a response to them. To do. As described above, the Web server 103a performs authentication processing with the user terminal 101 (particularly, the Web browser 101a and the Web client 101b), and is a cookie (session information) indicating an authenticated session. And a CSRF token is issued.

  FIG. 4 is a diagram illustrating a functional configuration of the Web server 103a. Note that the configuration illustrated in FIG. 4 is one specific example, and what component the Web server 103a is divided into may be selected as appropriate.

  The communication unit 401 receives various requests (HTTP requests) from the user terminal 101. In addition, the communication unit 401 transmits a response (HTTP response) generated by a response return unit 405 described later to the user terminal 101.

  The request analysis unit 402 analyzes the request received by the communication unit 401. For example, the request analysis unit 402 may extract the Cookie and CSRF token included in the request by analyzing the received request.

  Further, when the request received from the user terminal is a request related to the authentication process, the request analysis unit 402 may notify the request processing unit 404 of the execution of the authentication process. In this case, the request processing unit 404 may execute an appropriate authentication process according to the specification of the server device 102 or the like.

  The CSRF token authenticating unit 403 executes processing for authenticating (verifying) the validity of the CSRF token based on the analysis result in the request analyzing unit 402. If the CSRF token authentication unit 403 is not normal (not a valid CSRF token), the CSRF token authentication unit 403 may notify the request processing unit 404 to reject the request. As a result, an unauthorized request that does not include a normal CSRF token is rejected (rejected) by the Web server 103a.

  The request processing unit 404 executes processing related to the request transmitted from the user terminal 101 based on the analysis result of the request analysis unit 402. The request processing unit 404 may request (notify) the service processing unit 103e to execute processing related to the request transmitted from the user terminal 101.

  When the request transmitted from the user terminal 101 is a request related to authentication processing, the request processing unit 404 executes processing related to authentication. The processing related to authentication may include, for example, processing such as login authentication to the BMC 103 (Web server 103a), generation of a cookie representing an authenticated session, and generation of a CSRF token. The CSRF token authentication unit 403 may generate the CSRF token.

  Further, when the CSRF token included in the request received from the user terminal 101 is not normal, the request processing unit 404 rejects (does not execute) the process related to the request.

  Next, the response return unit 405 generates a response (HTTP response) to be transmitted to the user terminal 101 using the processing result in the request processing unit 404. As described above, when the CSRF token is not normal, the response return unit 405 generates a response indicating an error to the user terminal 101. Note that the generated response is transmitted to the user terminal 101 by the communication unit 401.

  The Web server 103a can transmit the content 103b, the script 103c, and the second client 103d to the user terminal 101 in response to a request from the user terminal 101. The content 103b, the script 103c, and the second client 103d may be held in a storage device (not shown) in the BMC 103.

  The content 103b is arbitrary content including the Web client 101b described above. The script 103c is the same as the script 101c described above. Note that the script 103c may be included in a part of the content 103b. The second client 103d is the same as the second client 101d described above.

  The web server 103a may verify the CSRF token with respect to the request transmitted from the user terminal 101 and requesting acquisition of the content 103b, the script 103c, or the second client 103d.

  The service processing unit 103e executes various controls on the server apparatus 102 in response to various requests transmitted from the user terminal 101. For example, the service processing unit 103e may execute a control command for the BMC 103 transmitted from the user terminal 101, and notify the Web server 103a of the execution result.

  Next, operations of the user terminal 101 and the server apparatus 102 configured as described above according to the present embodiment will be described with reference to FIGS. In the following, it is assumed that the Web client 101b and the script 101c are acquired from the server apparatus 102 to the user terminal 101 based on the request of the user 104. In this case, for example, the user 104 may acquire the Web client 101b (content 103b) and the script 101c (script 103c) from the Web server 103a using the Web browser 101a.

  FIG. 5 is a sequence diagram illustrating operations of the user terminal 101 and the server apparatus 102 according to this embodiment. More specifically, FIG. 5 shows a sequence of authentication processing (including Cookie and CSRF token acquisition processing) between the Web client 101b and the Web server 103a, and a request including a CSRF token from the Web client 101b. A specific example relating to the sequence of issue (transmission) processing will be illustrated.

  First, the user 104 uses the user terminal 101 to access the server apparatus 102 (particularly, the Web server 103a) (step S501). More specifically, the user 104 executes processing for accessing the Web server 103a using the Web client 101b. In this case, the user 104 may operate the web client 101b via the web browser 101a, for example.

  The Web client 101b transmits an access request for the Web server to the Web server 103a (Step S502). In the following, it is assumed that the Web client 101b requests access to content that requires authentication in the Web server 103a.

  In response to such an access request, the web server 103a generates a response and transmits the response to the web client 101b (step S503). In this case, for example, the response may request the Web client 101b to input authentication information required by the Web server 103a. More specifically, for example, the Web server 103a may transmit content (for example, an authentication page) for inputting authentication information necessary for login authentication to the Web client 101b.

  Next, the Web client 101b transmits an authentication request including authentication information to the Web server 103a (Step S504).

  The Web server 103a that has received the authentication request executes a login authentication process (step S505). In this case, the Web server 103a may determine whether to permit login from the Web client 101b based on the authentication information transmitted from the Web client 101b.

  When the login authentication process in step S505 is successful, the web server 103a generates a cookie indicating that the session with the web client 101b has been authenticated (step S506).

  When the login authentication process in step S505 is successful, the Web server 103a generates a CSRF token that is information indicating the validity of a request transmitted / received to / from the Web client 101b (step S507).

  After executing the processing in steps S505 to S507, the web server 103a returns the cookie and CSRF token to the web client 101b (step S508). More specifically, the Web server 103a transmits a response including a cookie and a CSRF token to the Web client 101b.

  The Web client 101b that has received the response stores the cookie included in the response (step S509). Specifically, the Web client 101b writes (holds) the cookie to the Web browser 101a. Since a method for holding the cookie in the Web browser 101a is well known, detailed description thereof is omitted.

  Further, the Web client 101b holds the CSRF token included in the response received from the Web server 103a (Step S510). The web client 101b may hold the content itself including the CSRF token received as a response from the web server 101a. Further, the Web client 101b may extract the CSRF token from the content and hold the CSRF token.

  In the specific example illustrated in FIG. 5, the Web client 101b executes the processes of steps S502 to S510. However, the Web browser 101a may execute such processes. In this case, the Web browser 101a may receive content including the Web client 101b (and script 101c) as a response in which a cookie and a CSRF token are set from the Web server 103a.

  After steps S501 to S510, the user 104 executes a web operation using the user terminal 101 (step S511). For example, the user 104 may request acquisition of the second client 103d as the Web operation.

  Next, the web client 101b generates an HTTP request including a cookie and a CSRF token according to the content of the web operation in step S511 (step S512). That is, the CSRF token is added to the request transmitted to the Web server 103a in accordance with the Web operation after Step S511.

  Next, the Web client 101b transmits the HTTP request generated in Step S512 to the Web server 103a (Step S513).

  The Web server 103a authenticates (verifies) the CSRF token included in the request transmitted in step S513 (step S514). When the CSRF token issued in step S507 matches the CSRF token included in the request transmitted in step S513, the Web server 103a may authenticate the request as a valid request (authentication success).

  If the result of authenticating the CSRF token in step S514 is a valid request, the Web server 103a executes processing related to the request (step S515).

  Next, the web server 103a generates a response based on the result of the process in step S515, and returns (transmits) the response to the web client 101b (step S516).

  The Web client 101b receives the response transmitted in step S516 (step S517). Such a response may be displayed on the web browser 101a, for example.

  Steps S501 to S517 described above are request and response transmission / reception processing executed between the Web server 103a on which CSRF countermeasures are implemented and the Web client 101b.

  Next, with reference to FIG. 6, the operation when a request is issued directly from the Web browser 101a to the Web server 103a by the CSRF attack will be described. In the following description, it is assumed that the authentication process has been executed between the Web client 101b (or Web browser 101a) and the Web server 103a (step S601). Such authentication processing may be similar to, for example, steps S502 to S510 in FIG.

  First, an unintentional unauthorized HTTP request transmission is notified to the Web browser by the operation of the user 104 (step S602). For example, when the user 104 erroneously accesses an attack link prepared by the attacker, an unauthorized HTTP request is executed.

  When the HTTP request is executed, the Web browser 101a generates a request including the cookie held in the Web browser 101a (Step S603). Then, the web browser 101a issues (transmits) the request as an HTTP request to the web server 103a (step S604). Through the processing in steps S603 to S604, the cookie held by the web browser 101a is used for an unauthorized HTTP request. However, in a normal illegal HTTP request operation, the correct CSRF token is unknown, so the request generated in step S603 does not include the correct CSRF token.

  The Web server 103a that has received the request transmitted in step S604 executes CSRF authentication processing for the request (step S605). Such processing may be the same as step S514 in FIG.

  In this case, the Web server 103a confirms that the CSRF token included in the request transmitted in step S604 does not match the CSRF token for the Web client 101b (or the Web browser 101a). As a result, the Web server 103a determines that the request is not a valid request. Even when the CSRF token is not included in the request transmitted in step S604, the Web server 103a may determine that the request is not a valid request. As a result, the Web server 103a eliminates a request accompanying an unauthorized HTTP operation.

  Next, the web server 103a notifies the web browser 101a of a response indicating that the received request is invalid (step S606). The web browser 101a executes processing when the request fails based on the response from the web server 103a (step S607). In this case, the web browser 101a may display content indicating a request failure, for example.

  By the operation described above, an illegal request from other than the Web client 101 holding the correct CSRF token is eliminated in the Web server 103a.

  Next, transmission of a request to the Web server 103a using the second client 101d in the present embodiment will be described with reference to FIG. In the following description, it is assumed that authentication processing has been executed between the Web client 101b (or Web browser 101a) and the Web server 103a (step S701). Such authentication processing may be similar to, for example, steps S502 to S510 in FIG.

  First, the user 104 uses the user terminal 101 to execute an operation for acquiring the second client 101d (step S702).

  The Web client 101b that has received such an operation transmits a request for obtaining (downloading) the second client 101d (the second client 103d held by the BMC 103) to the Web server 103a (step S703). Note that the request transmitted at this time (the HTTP request may be given a CSRF token, and the Web server 103a may authenticate (verify) the CSRF token.

  The server 103a that has received the request transmitted in step S703 transmits the second client 103d held by the BMC 103 as a response (step S704).

  Next, the Web client 101b activates the second client acquired from the Web server 103a (Step S705). Specifically, the Web client 101b executes the second client 101d by executing a function (203 in FIG. 2) in which the script 101c is implemented. At this time, the Web client 101b provides the Cookie and CSRF token issued from the Web server 103a in the authentication process (step S701) to the second client 101d. Specifically, the Web client 101b may execute (activate) the second client 101d using a cookie and a CSRF token as parameters (arguments) at activation. Further, the second client 101d may acquire a cookie and a CSRF token by referring to the script 101c.

  As a result of step S705, the second client 101d is executed (activated) (step S706).

  Next, the user 104 performs an operation for requesting the second client 101d to transmit an arbitrary request (step S707). The request may include, for example, various control requests for the server device 102 (commands for the BMC 103), a request for acquiring information of the server device 102, and the like.

  Next, the second client 101d generates an HTTP request including a cookie and a CSRF token in response to the request requested in step S707 (step S708). That is, the correct CSRF token is included in the HTTP request generated in step S709.

  Next, the second client 101d transmits the HTTP request generated in step S708 to the Web server 103a (step S709).

  The Web server 103a authenticates (verifies) the CSRF token included in the request transmitted in step S709 (step S710). When the CSRF token issued in the authentication process (step S701) matches the CSRF token included in the request transmitted in step S709, the web server 103a may authenticate the request as a valid request ( Authentication successful).

  If the result of authenticating the CSRF token in step S710 is a valid request, the Web server 103a executes processing related to the request (step S711).

  Next, the Web server 103a generates a response based on the processing result in step S711, and returns (transmits) the response to the second client 101d (step S712).

  Steps S710 to S712 may be the same as steps S514 to S516 in FIG.

  Next, the second client 101d receives the response transmitted in step S712 (step S713). For example, the second client may display the response on the UI.

  Through the processing described above, the user 104 can transmit an arbitrary request to the Web server 103a by using the second client 101d independent of the Web browser 101a and the Web client 101b.

  According to the user terminal 101 (particularly, the Web client 101b and the second client 101d) in the present embodiment described above, an arbitrary request is sent to a Web server (Web server 103a or the like) on which CSRF countermeasures are implemented. It can be sent. This is because information (such as CSRF token) used for secure communication acquired from the server apparatus 102 (particularly, the web server 103a) on which CSRF countermeasures have been implemented is stored in the user terminal 101 (particularly, the web client 101b and This is because it is included in the request transmitted from the second client 101d). As described above, the CSRF token is information indicating the validity of the request transmitted to the server.

  More specifically, according to the present embodiment, the CSRF token is provided from the Web client 101b when the second client 101d is executed. The second client 101d can transmit a request including the correct CSRF token to the Web server 103a by referring to the CSRF token. Thereby, each request transmitted from the user terminal 101 to the server apparatus 102 includes a correct CSRF token.

  Further, according to the present embodiment, the path for transmitting a request from the user terminal 101 to the server apparatus 102 is not limited to the Web browser 101a or the Web client 101b. That is, according to the present embodiment, a request can be transmitted from the second client 101d independent of the Web browser 101a or the Web client 101b to the server apparatus 102 (particularly, the Web server 103a). As a result, not only the CSRF attack but also other attacks such as cross-site scripting (XSS) that target the Web browser 101a are enhanced.

  As described above, according to the present embodiment, it is possible to issue an arbitrary request to the server by using the information provided from the server (server device 102) indicating the validity of the request transmitted to the server. A simple information processing apparatus (user terminal 101) can be provided.

<Modification of First Embodiment>
A modification of the above-described first embodiment will be described. The functional configurations of the user terminal 101 and the server apparatus 102 in this modification may be the same as those in the first embodiment.

  In the first embodiment described above, the Web client 101b provides information such as CSRF token and Cookie when executing (starting) the second client 101d.

  In contrast, in this modification, when the Web server 103a transmits the second client 101d (second client 103d in the BMC 103) (step S704 in FIG. 7), the second client 101d Set (embed) CSRF token. In other words, the CSRF token is included (embedded) in the second client 101d acquired by the Web client 101b in step S703 and step S704.

  According to this modified example configured as described above, as in the first embodiment, the second client 101d refers to the set CSRF token, so that the request including the correct CSRF token is It can be transmitted to the Web server 103a. Thereby, each request transmitted from the user terminal 101 to the server apparatus 102 includes the CSRF token. In addition, since this modification has the same configuration as that of the first embodiment, the same effect as that of the first embodiment can be obtained.

  As described above, according to the present embodiment, an information processing apparatus (user) that can issue an arbitrary request by using information provided from the server (server apparatus 102) and indicating the validity of the request transmitted to the server. Terminal 101) can be provided.

<Second Embodiment>
Next, a second embodiment of the present invention will be described.

  FIG. 8 is a block diagram illustrating a functional configuration of the information processing apparatus 801 in the present embodiment. As illustrated in FIG. 8, the information processing apparatus 801 in this embodiment includes a first communication processing unit 802 and a second communication processing unit 803. Further, the information processing apparatus 801 is connected to the server 804 via an arbitrary communication line so as to be communicable. Hereinafter, components of the information processing apparatus 801 will be described.

  The first communication processing unit 802 receives communication data including a first token representing the validity of a request transmitted to the server from a server 804 that is communicably connected via a communication line. The first communication processing unit 802 may be the same as the Web client 101b in the first embodiment, for example.

  The second communication processing unit 803 generates another request including the first token held by the first communication processing unit. Then, the second communication processing unit 803 transmits the generated request to the server. The 2nd communication part 803 which concerns is a transmission means different from the said 1st communication process part 802 which can transmit communication data with respect to the said server. For example, the second communication processing unit 803 may be the same as the second client 101d in the first embodiment.

  As a specific example, it is assumed that a CSRF countermeasure is implemented in the server device 804. In this case, for example, the first communication processing unit 802 receives a CSRF token (first token) that is information indicating the validity of the communication data transmitted to the server 804 from the server 804. Then, the second communication processing unit 803 generates a request including the CSRF token received by the first communication processing tool 802 and transmits the generated request to the server 804. In this case, for example, the first communication processing unit 802 may hold the first token and provide the first token to the second history processing unit 803. As a result, the second communication processing unit 803 sends an arbitrary request to the server 804 using information (CSRF token) representing the validity of the request transmitted from the server 804 and transmitted to the server 804. Can be sent.

  As described above, the information processing apparatus 801 according to the present embodiment can issue an arbitrary request by using the information provided from the server (server 804) and indicating the validity of the request transmitted to the server. This is because the second communication processing unit 803 can make a request including the first token received by the first communication processing unit 802 from the server 804 to the server 804.

<Configuration of hardware and software program (computer program)>
Hereinafter, a hardware configuration capable of realizing each of the above-described embodiments will be described.

  In the following description, the user terminal 101, the information processing apparatus 801, and the server apparatus 102 described in the above embodiments are collectively referred to simply as “information processing apparatus”. In addition, the components of the user terminal 101, the information processing device 801, and the server device 102 are simply referred to as “components of the information processing device”.

  The information processing apparatus described in each of the above embodiments may be configured by a dedicated hardware device. In that case, each component shown in each of the above drawings may be realized as hardware (an integrated circuit or the like on which processing logic is mounted) that is partially or fully integrated.

  For example, when each component is realized by hardware, an integrated circuit capable of providing each function may be mounted by SoC (System on a Chip) or the like. In this case, for example, the data held by each component may be stored in a RAM (Random Access Memory) area or a flash memory area integrated as SoC.

  In this case, a well-known communication bus may be adopted as a communication line for connecting each component. Further, the communication line connecting each component is not limited to bus connection, and each component may be connected by peer-to-peer.

  Further, the information processing apparatus described above may be configured by general-purpose hardware exemplified in FIG. 9 and various software programs (computer programs) executed by the hardware.

  The arithmetic device 901 in FIG. 9 is an arithmetic processing device such as a general-purpose CPU (Central Processing Unit) or a microprocessor. The arithmetic device 901 may read various software programs stored in a nonvolatile storage device 903, which will be described later, into the storage device 902, and execute processing according to the software programs. For example, the Web client 101b, the second client 101d, the Web server 103a, the first communication processing unit 802, the second communication processing unit 803, and the like in the above embodiments are software programs executed by the arithmetic device 901. It is feasible.

  The storage device 902 is a memory device such as a RAM that can be referred to from the arithmetic device 901, and stores software programs, various data, and the like. Note that the storage device 902 may be a volatile memory device.

  The nonvolatile storage device 903 is a nonvolatile storage device such as a magnetic disk drive or a semiconductor storage device using flash memory. The nonvolatile storage device 903 can store various software programs, data, and the like.

  The network interface 906 is an interface device that connects to a communication network. For example, a wired and wireless LAN (Local Area Network) connection interface device or the like may be employed. In each of the above embodiments, the user terminal 101 may be connected to the server apparatus 102 via the network interface 906. Further, the information processing apparatus 801 may be connected to the server 804 via the network interface 906.

  The drive device 904 is, for example, a device that processes reading and writing of data with respect to a storage medium 905 described later.

  The storage medium 905 is an arbitrary recording medium capable of recording data, such as an optical disk, a magneto-optical disk, and a semiconductor flash memory.

  The input / output interface 907 is a device that controls input / output with an external device.

  The present invention described by taking the above-described embodiments as examples, for example, configures an information processing device by the hardware device illustrated in FIG. 9 and realizes the functions described in the above-described embodiments for the hardware device. It may be realized by supplying possible software programs. In this case, the present invention may be realized by the arithmetic device 901 executing the software program supplied to the device.

  In each of the above-described embodiments, each unit illustrated in each of the above drawings (for example, FIG. 1, FIG. 3, FIG. 4, and FIG. 8) is a function (processing) unit of a software program executed by the above-described hardware. It can be realized as a software module. However, the division of each software module shown in these drawings is a configuration for convenience of explanation, and various configurations can be assumed for implementation.

  For example, when the above-described units are realized as software modules, these software modules are stored in the nonvolatile storage device 903, and these software modules are stored in the storage device 902 when the arithmetic device 901 executes each process. You may comprise so that it may read.

  In addition, various kinds of data may be transmitted between these software modules by an appropriate method such as shared memory or interprocess communication. With such a configuration, these software modules can be connected so as to communicate with each other.

  Further, each software program is recorded in the storage medium 905, and the software program is stored in the nonvolatile memory 903 through the drive device 904 as appropriate at the shipping stage or operation stage of the communication device or the like. May be.

  In the above case, the method of supplying various software programs to the information processing apparatus is installed in the apparatus using an appropriate jig at the manufacturing stage before shipment or the maintenance stage after shipment. You may adopt the method of doing. As a method for supplying various software programs, a general procedure may be adopted at present, such as a method of downloading from the outside via a communication line such as the Internet.

  In such a case, the present invention can be understood to be constituted by a code constituting the software program or a computer-readable storage medium in which the code is recorded.

  In addition, the information processing apparatus described above or a component of the information processing apparatus includes a virtual environment obtained by virtualizing the hardware device illustrated in FIG. 9 and various software programs (computers) executed in the virtual environment. -A program). In this case, the components of the hardware device illustrated in FIG. 9 are provided as virtual devices in the virtual environment. In this case as well, the present invention can be realized with the same configuration as when the hardware device illustrated in FIG. 9 is configured as a physical device.

  In the above, this invention was demonstrated as an example applied to exemplary embodiment mentioned above. However, the technical scope of the present invention is not limited to the scope described in the above embodiments. It will be apparent to those skilled in the art that various modifications and improvements can be made to such embodiments. In such a case, new embodiments to which such changes or improvements are added can also be included in the technical scope of the present invention. Furthermore, the embodiments described above, or embodiments obtained by combining the new embodiments with such changes or improvements can also be included in the technical scope of the present invention. This is clear from the matters described in the claims.

101 User terminal 101a Web browser 101b Web client 101c Script 101d Second client 102 Server device 103 BMC
103a Web server 103b Content 103c Script 103d Second client 103e Service processing unit 301 Information input unit 302 Request creation unit 303 CSRF token addition unit 304 Communication unit 305 Response analysis unit 401 Communication unit 402 Request analysis unit 403 CSRF token authentication unit 404 Request Processing unit 405 Response return unit 801 Information processing device 802 First communication processing unit 803 Second communication processing unit 804 Server 901 Arithmetic device 902 Storage device 903 Non-volatile storage device 904 Drive device 905 Storage medium 906 Network interface 907 Input / output interface

Claims (10)

First communication processing means for receiving communication data including a first token representing the validity of a request transmitted to the server from a server communicably connected via a communication line;
A second different from the first communication processing means capable of generating the request including the first token held by the first communication processing means and transmitting the generated request to the server. An information processing apparatus. The first communication processing means provides the first token received from the server to the second communication processing means.
Information processing device. The second communication processing means includes:
Accepts input of data regarding the generation of any said request,
Generating the request including the first token using the received data;
The information processing apparatus according to claim 1, wherein the generated request is transmitted to the server. The first communication processing means includes:
Sending the request including an authentication request to the server;
The communication including the second token representing the authenticated communication session between the server, the first communication processing means, and the first token generated by the server that has received the request Receiving data from the server,
The second communication processing means includes:
The information processing apparatus according to any one of claims 1 to 3, wherein the request including the first token and the second token is transmitted to the server. The second communication processing means is an application that can be executed in its own device,
The first communication processing means includes:
Generating the request including the first token requesting acquisition of the application;
The application is acquired from the server by sending the generated request to the server,
Execute the acquired application on its own device,
The information processing apparatus according to any one of claims 1 to 4. First communication processing means for receiving communication data including a first token representing the validity of a request transmitted to the server from a server communicably connected via a communication line;
A second communication processing unit different from the first communication processing unit capable of generating the request including the first token and transmitting the request to the server;
The second communication processing means is an application that can be executed in its own device, held in the server, and in which the first token is set by the server.
The first communication processing means includes:
Generating the request including the first token requesting acquisition of the application;
The application is acquired from the server by sending the generated request to the server,
Execute the acquired application on its own device,
Information processing device. An information processing apparatus according to any one of claims 1 to 6,
A server device communicably connected to the information processing device via a communication line,
The server device
In response to a request from the information processing apparatus, the communication data including the first token representing the validity of the request transmitted from the information processing apparatus to the server apparatus is transmitted to the information processing apparatus.
Based on the result of comparing the first token transmitted to the information processing device and the first token included in the other request received from the second communication processing unit in the information processing device, When it is determined that the other received request is not an illegal request, based on the received other request, a process according to a request from the information processing apparatus is executed.
Information processing system. An information processing device according to claim 5 or 6,
A server device communicably connected to the information processing device via a communication line,
The server device
In response to a request from the information processing apparatus, the communication data including the first token representing the validity of the request transmitted from the information processing apparatus to the server apparatus is transmitted to the information processing apparatus.
In response to a request from the information processing apparatus, an application executable in the information processing apparatus is transmitted to the information processing apparatus,
Based on a result of comparing the first token transmitted to the information processing device and the first token included in another request received from the application executed in the information processing device, the reception When it is determined that the other request is not an illegal request, based on the received other request, a process according to a request from the information processing device is executed.
Information processing system. Information processing device
From a server connected to be able to communicate via a communication line, communication data including a first token representing the validity of a request transmitted to the server is received using the first communication processing unit,
Generating the request including the first token held by the first communication processing unit;
An information processing method for transmitting the generated request to the server using a second communication processing unit different from the first communication processing unit. A process of receiving communication data including a first token representing the validity of a request transmitted to the server from a server communicably connected via a communication line using the first communication processing unit;
Processing for generating the request including the first token held by the first communication processing unit;
A computer program that causes a computer to execute a process of transmitting the generated request to the server using a second communication processing unit different from the first communication processing unit.

Images