JP2023129069A - Information processing device, information processing method, and information processing program - Google Patents

Abstract

To provide an information processing device, a method, and a program for managing appropriate use of an API key.SOLUTION: An information processing device includes: a storage unit that stores use history information indicating the history of use of an API key by a server device that is identified by a global IP address, for each global IP address; an acquisition unit that, based on the use history information, obtains both first use frequency information indicating the number of times a first server device that is determined not to be performing unauthorized use of an API key uses the API key and second use frequency information indicating the number of times a second server device that is identified by a second global IP address and uses the API key used by the first server device uses the API key; a calculation unit that calculates a score indicating whether the second server device is performing unauthorized use of the API key, based on comparison between the first use frequency and the second use frequency; and a determination unit that when the calculated score exceeds a predetermined threshold, determines that the second server device is performing unauthorized use of the API key.SELECTED DRAWING: Figure 3

Description

The present invention relates to an information processing device, an information processing method, and an information processing program.

Conventionally, techniques for protecting computer equipment and data from fraudulent activities are known. For example, when transmitting a packet, a terminal device requests a DNS server to resolve the host name of the destination of the packet to an IP address. The DNS server attempts name resolution from a host name to an IP address in response to a request from a terminal device. There is a known technique in which the DNS server notifies the terminal device of information regarding the name resolution result when the name resolution cannot be performed or when the name resolution result is an invalid IP address.

Japanese Patent Application Publication No. 2015-177434

However, in the above-mentioned conventional technology, the DNS server only notifies the terminal device of information regarding the name resolution result when the name resolution cannot be performed or when the name resolution result is an invalid IP address. Therefore, with the above-described conventional technology, it is not always possible to manage whether the API key is being used appropriately.

The present disclosure provides an information processing device, an information processing method, and an information processing program that can manage whether an API key is being used appropriately.

The information processing device according to the embodiment includes a storage unit that stores usage history information indicating a usage history of an API key by a server device identified by a global IP address for each global IP address, and based on the usage history information, first use count information indicating a first use count, which is the number of times the API key is used by a first server device that is determined to be not using the API key illegally; and use of the API key by a second server device that uses the API key identified by a second global IP address different from a first global IP address that identifies the first server device and used by the first server device. an acquisition unit that acquires second usage frequency information indicating a second usage frequency, and based on a comparison between the first usage frequency and the second usage frequency, the second server device determines whether the API key is illegally used. a calculation unit that calculates a score indicating whether or not the API key is being used; and a determination that the second server device is illegally using the API key when the score calculated by the calculation unit exceeds a predetermined threshold. and a determination unit that determines that the second server device is not illegally using the API key when the score calculated by the calculation unit is less than or equal to the predetermined threshold.

FIG. 1 is a diagram illustrating a configuration example of an information processing system according to an embodiment. FIG. 2 is a diagram for explaining the problem of illegal use of API keys. FIG. 3 is a diagram illustrating a configuration example of an information processing device according to an embodiment. FIG. 4 is a diagram illustrating an example of a usage history information storage unit according to the embodiment. FIG. 5 is a diagram illustrating an example of a normal IP set information storage unit according to the embodiment. FIG. 6 is a diagram illustrating an example of an unknown IP set information storage unit according to the embodiment. FIG. 7 is a diagram illustrating an example of a scoring condition storage unit according to the embodiment. FIG. 8 is a flowchart showing an information processing procedure according to the embodiment. FIG. 9 is a hardware configuration diagram showing an example of a computer that implements the functions of the information processing device.

DESCRIPTION OF THE PREFERRED EMBODIMENTS An information processing apparatus, an information processing method, and an information processing program according to the present application (hereinafter referred to as "embodiments") will be described in detail below with reference to the drawings. Note that the information processing apparatus, information processing method, and information processing program according to the present application are not limited to this embodiment. Further, in each of the embodiments below, the same parts are given the same reference numerals, and redundant explanations will be omitted.

(Embodiment)
[1. Introduction]
In recent years, in services that provide APIs (Application Programming Interfaces), there has been an increase in business models in which an API key is provided to each customer and the API is executed after confirming that the API key information is correct. Here, for customers who use API keys, leakage of API keys and unauthorized use of API keys are concerns. However, in the past, in order to notice unauthorized use of an API key, the customer had to monitor the usage status of the API key himself, which placed a burden on the customer. Therefore, a technology is desired in which an API provider side can detect unauthorized use of an API key and provide information on the detected unauthorized use to a customer. This is expected to lead to improved service quality as an API provider and improved customer service satisfaction.

Therefore, this embodiment consists of the following processes (1) to (5). (1) An API provider provides an API key to a customer. (2) The customer sets an API key on the customer's server device and implements a program that executes the API. (3) The information processing device is managed by the API provider. When an API is executed using an API key, the information processing device associates the API key with the global IP address of the server device that is the connection source, and records the usage history of the API key. Count the number of uses. (4) The information processing device performs a reverse lookup on the global IP address of the server device that is the connection source, and if an FQDN (Fully Qualified Domain Name) is obtained, it also attaches information about the FQDN, and then retrieves the API key usage history. Record. (5) If the information processing device receives a communication with the same API key but with a different global IP address or FQDN of the server device that is the connection source, or if the trend in the number of times the API key is used is significantly different from before, the information processing device will An alert will be raised to suspect leakage or unauthorized use (hereinafter also referred to as unauthorized use of API keys). Specifically, the information processing device handles cases where the global IP address or FQDN of the connecting server device is different and there is communication with the same API key, or when the trend of the number of API key uses is significantly different from before. If the calculated score exceeds a predetermined threshold, it is determined that the API key has been fraudulently used.

Thereby, the information processing device can detect unauthorized use of the API key. In addition, the information processing device determines whether the connection source server device is using the API key normally by calculating a score indicating whether the connection source server device is using the API key illegally. can also be managed. Therefore, the information processing device can manage whether the API key is being used appropriately.

[2. Configuration example of information processing system]
FIG. 1 is a diagram illustrating a configuration example of an information processing system 1 according to an embodiment. The information processing system 1 may include a terminal device 10, a server device 20, and an information processing device 100. The terminal device 10, the server device 20, and the information processing device 100 may be communicably connected via a predetermined network N by wire or wirelessly. Note that the information processing system 1 may include any number of terminal devices 10, any number of server devices 20, and any number of information processing devices 100.

The terminal device 10 is a first service provided by the server device 20, and is a computer used by a user of the first service that incorporates a second service that can be used by an API provided by the information processing device 100. It is. The terminal device 10 is realized by, for example, a smartphone, a tablet terminal, a PC (Personal Computer), a notebook PC, a mobile phone, a PDA (Personal Digital Assistant), or the like. Furthermore, the terminal device 10 transmits request information regarding the use of the second service to the server device 20.

The server device 20 is a server device that provides a first service that incorporates a second service that can be used using an API provided by the information processing device 100. The server device 20 implements a program that executes the API provided by the information processing device 100. The server device 20 executes the API of the information processing device 100 using an API key provided in advance by the API provider. API keys are issued for each business operator. The server device 20 is managed by an operator that provides the first service. Here, the business providing the first service is also a customer who uses the API provided by the information processing device 100. For example, the server device 20 provides, as the second service, a first service that incorporates a payment service that can be used using the payment API provided by the information processing device 100. Furthermore, the server device 20 provides, as a second service, a first service that incorporates a ticket issuing service that can be used using the ticket API provided by the information processing device 100. Furthermore, the server device 20 provides, as a second service, a first service that incorporates an on-demand bus ride reservation service that can be used using the ride reservation API provided by the information processing device 100. Furthermore, the server device 20 provides, as a second service, a first service incorporating an end user management service that can be used by the end user management API provided by the information processing device 100.

Further, when the server device 20 receives request information regarding the use of the second service from the terminal device 10, the server device 20 sends request information regarding the execution of the API to the information processing device 100 along with the API key according to the received request information. and send. Additionally, the server device 20 receives response information regarding the API execution result from the information processing device 100.

The information processing device 100 is a server device that provides an API and a second service that can be used by the API. The information processing device 100 is managed by an API provider. For example, the information processing device 100 provides a payment API and a payment service that can be used by the payment API. The information processing device 100 also provides a ticket API and a ticket issuing service that can be used with the ticket API. The information processing device 100 also provides a ride reservation API and an on-demand bus ride reservation service that can be used using the ride reservation API. Further, the information processing apparatus 100 provides an end user management API and an end user management service that can be used by the end user management API.

The information processing device 100 also receives request information regarding API execution from the server device 20 along with the API key. When the information processing apparatus 100 receives the request information, if the API key is correct, the information processing apparatus 100 executes the API according to the received request information. When the information processing device 100 executes the API, it transmits response information regarding the API execution result to the server device 20. Further, the information processing device 100 executes the processes (3) to (5) described above.

FIG. 2 is a diagram for explaining the problem of illegal use of API keys. The terminal device 10 shown in FIG. 2 is used by a user of a service provided by Company A (referred to as Company A service in FIG. 2). The Company A service corresponds to the first service described above. Further, the server device 20-1 is a server device (denoted as a company A server in FIG. 2) that provides company A services. The server device 20-1 corresponds to the server device 20 described above. In addition, the server device 20-2 is a server device (in FIG. 2, it is written as an API key exclusively for company A (ABCDEFG)) that is issued exclusively for company A by an API provider. , unauthorized access server).

In FIG. 2, the terminal device 10 accesses the server device 20-1 according to a user's operation. Specifically, the terminal device 10 transmits request information regarding the use of the above-described second service to the server device 20-1. When the server device 20-1 receives the request information from the terminal device 10, the server device 20-1 sends the request information regarding the execution of the API to the information processing device 100 along with the company A exclusive API key (ABCDEFG) according to the received request information. Send. When the information processing device 100 receives the request information, it determines whether the received API key exclusively for company A (ABCDEFG) matches the API key exclusively for company A (ABCDEFG) provided to company A in advance. In FIG. 2, the information processing device 100 determines that the received company A exclusive API key (ABCDEFG) matches the company A exclusive API key (ABCDEFG) provided to company A in advance, and executes the API. When the information processing device 100 executes the API, it transmits response information regarding the API execution result to the server device 20-1. When the information processing device 100 transmits the response information to the server device 20-1, the information processing device 100 charges Company A a fee for using the API.

Further, in FIG. 2, the server device 20-2 illegally obtains the API key (ABCDEFG) exclusive to company A, for example. The server device 20-2 transmits request information regarding execution of the API to the information processing device 100 along with an API key exclusively for company A (ABCDEFG). When the information processing device 100 receives the request information, it determines whether the received API key exclusively for company A (ABCDEFG) matches the API key exclusively for company A (ABCDEFG) provided to company A in advance. In FIG. 2, the information processing device 100 determines that the received company A exclusive API key (ABCDEFG) matches the company A exclusive API key (ABCDEFG) provided to company A in advance, and executes the API. When the information processing device 100 executes the API, it transmits response information regarding the API execution result to the server device 20-2. When the information processing device 100 transmits the response information to the server device 20-2, the information processing device 100 charges Company A the usage fee for the API.

As mentioned above, even if a third party unrelated to Company A illegally obtains the API key exclusive to Company A, and the API key exclusive to Company A is illegally used by an unauthorized access server, unauthorized access cannot occur. There is a problem in that the fee for using the API by the server is charged to Company A. In order to solve such problems, a technology is desired in which an API provider side can detect unauthorized use of an API key and provide information on the detected unauthorized use to a customer.

[3. Configuration example of information processing device]
FIG. 3 is a diagram illustrating a configuration example of the information processing device 100 according to the embodiment. The information processing device 100 may include a communication section 110, a storage section 120, and a control section 130. Note that the information processing device 100 includes an input unit (for example, a keyboard, a mouse, etc.) that receives various operations from an administrator of the information processing device 100, and a display unit (for example, a liquid crystal display, etc.) for displaying various information. May have.

(Communication Department 110)
The communication unit 110 is realized by, for example, a NIC (Network Interface Card). The communication unit 110 is connected to a network by wire or wirelessly, and transmits and receives information to and from the server device 20 and the terminal device 10, for example.

(Storage unit 120)
The storage unit 120 is realized by, for example, a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as a hard disk or an optical disk. Specifically, as shown in FIG. 3, the storage unit 120 includes a usage history information storage unit 121, a normal IP set information storage unit 122, an unknown IP set information storage unit 123, and a scoring condition storage unit 124. has. Furthermore, the storage unit 120 is not limited to the above information, and may store various types of information.

(Usage history information storage unit 121)
FIG. 4 is a diagram illustrating an example of the usage history information storage unit 121 according to the embodiment. The usage history information storage unit 121 stores various types of information regarding the usage history of API keys by the server device. In the example shown in FIG. 4, the usage history information storage unit 121 has items such as "date and time of usage", "API key", and "global IP". “Date and time of use” indicates the date and time of use of the API key by the server device. "API key" indicates identification information that identifies the API key used by the server device. "Global IP" indicates a global IP address that identifies the server device. As shown in FIG. 4, the usage history information storage unit 121 stores usage history information indicating the usage history of the API key by the server device identified by the global IP address for each global IP address. Although not shown, the usage history information storage unit 121 may store domain name information regarding an FQDN (Fully Qualified Domain Name) corresponding to a global IP address as usage history information.

(Normal IP set information storage unit 122)
FIG. 5 is a diagram illustrating an example of the normal IP set information storage unit 122 according to the embodiment. The normal IP set information storage unit 122 stores server devices (hereinafter also referred to as "normal server devices") that have been determined by the information processing device 100 to not be using the API key illegally (that is, using the API key normally). Stores various information related to

In the example shown in FIG. 5, the normal IP set information storage unit 122 has items such as "API key", "global IP", "reverse FQDN", and "number of uses (last week)". "API key" indicates identification information that identifies an API key used by a normal server device. "Global IP" indicates a global IP address that identifies a normal server device. “Reverse FQDN” indicates domain name information regarding the FQDN corresponding to the global IP address. The example shown in FIG. 5 shows that there is no FQDN corresponding to the global IP address. “Usage count (last week)” indicates the number of times the API key has been used by a normal server device in the last week.

(Unknown IP set information storage unit 123)
FIG. 6 is a diagram illustrating an example of the unknown IP set information storage unit 123 according to the embodiment. The unknown IP set information storage unit 123 stores server devices (hereinafter referred to as Stores various information regarding the server (also referred to as "unknown server device"). In other words, the unknown server device is a server that is currently being determined by the information processing device 100 as to whether or not the API key is being used illegally (that is, whether or not the API key is being used normally). It is a device. In other words, an unknown server device is a server device to be determined by the information processing device 100, and is a server that is identified by a global IP address that is different from the global IP address that identifies a normal server device, and that uses an API key that is used by a normal server device. It is a device.

In the example shown in FIG. 6, the unknown IP set information storage unit 123 has items such as "API key", "global IP", "reverse FQDN", and "number of uses (last week)". "API key" indicates identification information that identifies an API key used by an unknown server device. "Global IP" indicates a global IP address that identifies an unknown server device. “Reverse FQDN” indicates domain name information regarding the FQDN corresponding to the global IP address. The example shown in FIG. 6 shows that there is no FQDN corresponding to the global IP address. “Usage count (last one week)” indicates the number of times the API key has been used by the unknown server device in the last one week.

(Scoring condition storage unit 124)
FIG. 7 is a diagram illustrating an example of the scoring condition storage unit 124 according to the embodiment. The scoring condition storage unit 124 stores various types of information regarding scoring conditions, which are conditions for calculating a score indicating whether or not the second server device is illegally using an API key. In the example shown in FIG. 7, the scoring condition storage unit 124 has items such as “No.”, “scoring condition”, and “score”. "No." indicates identification information that identifies the scoring condition. The "scoring condition" indicates a condition for calculating a score indicating whether or not the second server device is illegally using the API key. "Score" indicates the score given to the second server device when the second server device satisfies the scoring condition.

(Control unit 130)
Returning to the explanation of FIG. 3. The control unit 130 is a controller, and for example, executes various programs (information processing programs) stored in a storage device inside the information processing device 100 by a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or the like. (corresponding to one example) is realized by being executed using RAM as a work area. Further, the control unit 130 is a controller, and is realized by, for example, an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array).

The control unit 130 includes an acquisition unit 131, a calculation unit 132, a determination unit 133, and a notification unit 134 as functional units, and realizes or executes the information processing operation described below. Note that the internal configuration of the control unit 130 is not limited to the configuration shown in FIG. 3, and may be any other configuration as long as it performs information processing to be described later. Further, each functional unit indicates a function of the control unit 130, and does not necessarily have to be physically distinct.

(Acquisition unit 131)
The acquisition unit 131 acquires, for each global IP address, usage history information indicating the usage history of the API key by the server device identified by the global IP address. When acquiring usage history information, the acquisition unit 131 stores the acquired usage history information in the usage history information storage unit 121 for each global IP address. Further, the acquisition unit 131 reversely looks up the global IP address and acquires the FQDN corresponding to the global IP address. For example, the acquisition unit 131 uses a known technique such as nslookup to acquire the FQDN corresponding to the global IP address. When acquiring the FQDN corresponding to the global IP address, the acquisition unit 131 stores the FQDN corresponding to the global IP address in the usage history information storage unit 121 in association with the global IP address. Note that if the acquisition unit 131 reverse-lookups the global IP address and does not acquire the FQDN corresponding to the global IP address, the acquisition unit 131 associates information indicating that the FQDN corresponding to the global IP address does not exist with the global IP address. and stored in the usage history information storage unit 121.

The acquisition unit 131 acquires normal usage number information indicating the number of times the API key is used by a normal server device based on the usage history information. Specifically, the acquisition unit 131 refers to the normal IP set information storage unit 122 and acquires a global IP address associated with a predetermined API key. For example, the acquisition unit 131 refers to the normal IP set information storage unit 122 shown in FIG. 5 and acquires the global IP address indicated by "192.0.2.101" that is associated with the API key indicated by "ABCDEFG".

Subsequently, when acquiring the global IP address, the acquisition unit 131 refers to the usage history information storage unit 121 and acquires usage history information for a predetermined period of time of the normal server device identified by the acquired global IP address. . For example, the acquisition unit 131 refers to the usage history information storage unit 121 shown in FIG. 4 and acquires usage history information for the past week of the normal server device identified by the global IP address indicated by “192.0.2.101”. do.

Subsequently, when acquiring usage history information for a predetermined period, the acquisition unit 131 acquires first usage count information indicating the number of times the API key is used by a normal server device during a predetermined period based on the acquired usage history information. do. For example, the acquisition unit 131 calculates the number of usage history records of a normal server device in a predetermined period based on usage history information in a predetermined period. For example, the acquisition unit 131 calculates the number of records of normal server devices identified by the global IP address indicated by "192.0.2.101" in the last week as "73". Subsequently, the acquisition unit 131 acquires information indicating the calculated number of records as first usage number information indicating the number of times the API key is used by the normal server device in a predetermined period. For example, the acquisition unit 131 may transmit information indicating the calculated number of records "73" to the number of times the API key has been used by a normal server device identified by the global IP address indicated by "192.0.2.101" in the past week. The information is obtained as the first usage count information shown in FIG.

Furthermore, the acquisition unit 131 acquires second usage number information indicating the number of times the API key is used by the unknown server device based on the usage history information. Specifically, the acquisition unit 131 refers to the unknown IP set information storage unit 123 and acquires a global IP address associated with a predetermined API key. For example, the acquisition unit 131 refers to the unknown IP set information storage unit 123 shown in FIG. 6 and acquires the global IP address indicated by "192.0.2.110" that is associated with the API key indicated by "ABCDEFG". The acquisition unit 131 also acquires the global IP address indicated by "198.51.100.52" that is associated with the API key indicated by "ABCDEFG".

Subsequently, when acquiring the global IP address, the acquisition unit 131 refers to the usage history information storage unit 121 and acquires usage history information for a predetermined period of time of the unknown server device identified by the acquired global IP address. . For example, the acquisition unit 131 refers to the usage history information storage unit 121 shown in FIG. do. The acquisition unit 131 also acquires usage history information for the last week of the unknown server device identified by the global IP address indicated by "198.51.100.52."

Subsequently, when acquiring usage history information for a predetermined period, the acquisition unit 131 acquires second usage frequency information indicating the number of times the API key is used by the unknown server device during the predetermined period based on the acquired usage history information. do. For example, the acquisition unit 131 calculates the number of usage history records of the unknown server device in a predetermined period based on the usage history information in the predetermined period. For example, the acquisition unit 131 calculates the number of records of unknown server devices identified by the global IP address indicated by "192.0.2.110" in the past week as "11". Furthermore, the acquisition unit 131 calculates the number of records of the unknown server device identified by the global IP address indicated by "198.51.100.52" in the most recent week as "20101." Subsequently, the acquisition unit 131 acquires information indicating the calculated number of records as second usage number information indicating the number of times the API key is used by the unknown server device in a predetermined period. For example, the acquisition unit 131 may transmit information indicating the calculated number of records "11" to the number of times the API key has been used by an unknown server device identified by the global IP address indicated by "192.0.2.110" in the past week. It is acquired as the second usage count information shown in FIG. Similarly, the acquisition unit 131 retrieves information indicating the calculated number of records "20101" from the usage of the API key by the unknown server device identified by the global IP address indicated by "198.51.100.52" in the last one week. It is acquired as second usage frequency information indicating the number of times.

(Calculation unit 132)
The calculation unit 132 calculates a score indicating whether the unknown server device is illegally using the API key based on a comparison between the number of times the API key is used by the normal server device and the number of times the API key is used by the unknown server device. do. Specifically, the calculation unit 132 calculates the number of times the API key is used by a normal server device during a predetermined period (e.g., the most recent one week) (hereinafter also referred to as the first number of uses), and the number of times the API key is used in a predetermined period (e.g., the most recent one week). A score is calculated based on a comparison with the number of times the API key is used by the unknown server device (hereinafter also referred to as the second number of uses). More specifically, the calculation unit 132 calculates that the ratio of the second number of uses to the first number of uses is a predetermined ratio, rather than the score when the ratio of the second number of uses to the first number of uses is less than or equal to a predetermined ratio. A higher score will be calculated if the value exceeds . For example, the calculation unit 132 calculates the score as "100" when the ratio of the second number of uses to the first number of uses exceeds 200%. Further, the calculation unit 132 calculates a score of "50" when the ratio of the second number of uses to the first number of uses is more than 50% but less than 200%. Further, the calculation unit 132 calculates a score of "25" when the ratio of the second number of uses to the first number of uses is 50% or less.

(Determination unit 133)
The determining unit 133 determines whether the unknown server device is illegally using the API key. Specifically, when the score calculated by the calculation unit 132 exceeds a predetermined threshold, the determination unit 133 determines that the unknown server device is illegally using the API key. For example, when the score calculated by the calculation unit 132 exceeds “100”, the determination unit 133 determines that the unknown server device is illegally using the API key.

On the other hand, when the score calculated by the calculation unit 132 is less than or equal to a predetermined threshold, the determination unit 133 determines that the unknown server device is not illegally using the API key. For example, when the score calculated by the calculation unit 132 is “100” or less, the determination unit 133 determines that the unknown server device is not illegally using the API key. When determining that the unknown server device is not illegally using the API key, the determination unit 133 deletes information regarding the global IP address that identifies the unknown server device from the unknown IP set information storage unit 123. Further, when determining that the unknown server device is not illegally using the API key, the determining unit 133 adds information regarding the global IP address that identifies the unknown server device to the normal IP set information storage unit 122.

(Notification section 134)
When the determining unit 133 determines that the unknown server device is using the API key illegally, the notification unit 134 notifies the administrator of the normal server device that illegal use of the API key has been detected. For example, the notification unit 134 transmits information indicating that unauthorized use of the API key has been detected to the normal server device.

[4. Information processing procedure]
FIG. 8 is a flowchart showing an information processing procedure according to the embodiment. In FIG. 8, the storage unit 120 of the information processing device 100 stores usage history information indicating the usage history of the API key by the server device for each global IP address (step S1). Further, the acquisition unit 131 of the information processing device 100 obtains, based on the usage history information stored in the storage unit 120, first usage number information indicating a first usage number, which is the number of times the API key is used by the first server device; Then, second usage number information indicating a second usage number, which is the number of times the API key is used by the second server device, is obtained (step S2). Further, the calculation unit 132 of the information processing device 100 calculates a score indicating whether or not the second server device is illegally using the API key, based on a comparison between the first number of times of use and the second number of times of use ( Step S3).

Further, the determination unit 133 of the information processing device 100 determines whether the score calculated by the calculation unit 132 exceeds a predetermined threshold (step S4). If the determination unit 133 determines that the score calculated by the calculation unit 132 exceeds a predetermined threshold (step S4; Yes), the determination unit 133 determines that the second server device is illegally using the API key (step S5). . When the determining unit 133 determines that the second server device is using the API key illegally, the notification unit 134 of the information processing device 100 notifies the administrator of the first server device that illegal use of the API key is detected. It is notified that this has been done (step S6). On the other hand, if the determining unit 133 determines that the score calculated by the calculating unit 132 does not exceed the predetermined threshold (step S4; No), the determining unit 133 determines that the second server device is not illegally using the API key ( Step S7).

[5. Modified example]
The processing according to the embodiment described above may be implemented in various different forms other than the embodiment described above.

In the embodiment described above, the calculation unit 132 determines whether the unknown server device is illegally using the API key based on the comparison between the number of times the API key is used by the normal server device and the number of times the API key is used by the unknown server device. We have explained the case of calculating the score indicating the Here, the calculation unit 132 calculates the domain name information based on the comparison between the domain name information regarding the FQDN corresponding to the global IP address that identifies the normal server device, and the domain name information regarding the FQDN corresponding to the global IP address that identifies the unknown server device. , the case of calculating the score will be explained.

Specifically, the acquisition unit 131 acquires first domain name information regarding an FQDN corresponding to a global IP address (hereinafter also referred to as a first global IP address) that identifies a normal server device. For example, if the acquisition unit 131 reversely looks up the first global IP address and obtains the FQDN corresponding to the first global IP address, the acquisition unit 131 acquires the FQDN corresponding to the first global IP address as the first domain name information. do. On the other hand, if the acquisition unit 131 reversely looks up the first global IP address and cannot obtain the FQDN corresponding to the first global IP address, the acquisition unit 131 retrieves the FQDN corresponding to the first global IP address as the first domain name information. Get information indicating that it does not exist. Further, the acquisition unit 131 acquires second domain name information regarding the FQDN corresponding to the global IP address (hereinafter also referred to as second global IP address) that identifies the unknown server device, in the same manner as the normal server device.

The calculation unit 132 calculates a score based on a comparison between the first domain name information and the second domain name information. More specifically, the calculation unit 132 calculates the score that corresponds to the first global IP address, rather than the score when the FQDN corresponding to the first global IP address and the FQDN corresponding to the second global IP address are the same. A high score is calculated when the FQDN and the FQDN corresponding to the second global IP address are different. For example, the calculation unit 132 calculates the score as "-1000" when the FQDN corresponding to the first global IP address and the FQDN corresponding to the second global IP address are the same. Further, the calculation unit 132 calculates a score of "100" when the FQDN corresponding to the first global IP address is different from the FQDN corresponding to the second global IP address. Further, the calculation unit 132 calculates the score as "100" when there is no FQDN corresponding to the second global IP address.

Note that in the above-described embodiment, a case has been described in which the information processing device 100 is a server device that provides an API and a second service that can be used by the API, but the information processing device 100 is a server device that provides an API gateway. It may be. The information processing device 100 is managed by an API gateway provider. For example, the information processing device 100 receives request information regarding API execution from the server device 20 along with an API key. When the information processing device 100 receives the request information, the information processing device 100 transfers the request information to an API server device that executes an API according to the received request information. The information processing device 100 receives response information regarding the API execution result from the API server device. When receiving the response information, the information processing device 100 transmits the received response information to the server device 20 .

[6. effect〕
As described above, the information processing apparatus 100 according to the embodiment includes the storage section 120, the acquisition section 131, the calculation section 132, and the determination section 133. The storage unit 120 stores, for each global IP address, usage history information indicating the usage history of the API key by the server device identified by the global IP address. The acquisition unit 131 obtains a first usage count indicating a first usage count that is the number of times the API key is used by a first server device that is a server device that has been determined not to have used the API key illegally, based on the usage history information. information, and a second server that is a server device to be determined and that is identified by a second global IP address that is different from a first global IP address that identifies the first server device and that uses an API key that is used by the first server device. Obtain second usage number information indicating a second usage number, which is the number of times the API key is used by the device. The calculation unit 132 calculates a score indicating whether or not the second server device is illegally using the API key, based on a comparison between the first number of uses and the second number of uses. The determining unit 133 determines that the second server device is illegally using the API key when the score calculated by the calculating unit 132 exceeds a predetermined threshold, and determines that the score calculated by the calculating unit 132 exceeds a predetermined threshold. If it is less than or equal to the threshold, it is determined that the second server device is not using the API key illegally.

In this way, the information processing device 100 determines whether the unknown server device is illegally using the API key based on the comparison between the number of times the API key is used by the normal server device and the number of times the API key is used by the unknown server device. Determine. Thereby, the information processing device 100 can determine whether the unknown server device is illegally using the API key even if there is no global IP address for identifying the unknown server device. The information processing device 100 also manages whether the server device is using the API key normally by calculating a score indicating whether the server device is using the API key illegally. can be made possible. Therefore, the information processing device 100 can manage whether the API key is being used appropriately. In addition, the information processing device 100 can manage whether API keys are being used appropriately, so that Goal 9 of the Sustainable Development Goals (SDGs) “Create a foundation for industry and technological innovation” is achieved. I can contribute to the achievement.

The calculation unit 132 also compares the number of times the API key is used by the first server device in a predetermined period as the first number of uses, and the number of times the API key is used by the second server device in the predetermined period as the second number of uses. Calculate the score based on.

Thereby, the information processing device 100 determines whether the unknown server device is illegally using the API key based on a comparison between the number of times the API key is used by the normal server device and the number of times the API key is used by the unknown server device during the same period. It is possible to appropriately determine whether

In addition, the calculation unit 132 calculates the score when the ratio of the second number of uses to the first number of uses exceeds a predetermined ratio than the score when the ratio of the second number of uses to the first number of uses is less than or equal to a predetermined ratio. Calculate a high score.

Thereby, the information processing device 100 can appropriately determine whether the unknown server device is illegally using the API key based on the ratio of the second number of uses to the first number of uses.

Furthermore, the storage unit 120 stores domain name information regarding an FQDN (Fully Qualified Domain Name) corresponding to a global IP address as usage history information. The acquisition unit 131 acquires first domain name information regarding the FQDN corresponding to the first global IP address and second domain name information regarding the FQDN corresponding to the second global IP address. The calculation unit 132 calculates a score based on a comparison between the first domain name information and the second domain name information.

As a result, the information processing device 100 can perform the following based on the comparison between the domain name information regarding the FQDN corresponding to the global IP address for identifying a normal server device and the domain name information regarding the FQDN corresponding to the global IP address for identifying an unknown server device. Therefore, it is possible to accurately determine whether the unknown server device is illegally using the API key.

In addition, the calculation unit 132 calculates that the FQDN corresponding to the first global IP address and 2. A high score is calculated when the global IP address and the corresponding FQDN are different.

As a result, the information processing device 100 determines whether the unknown server It is possible to accurately determine whether the device is illegally using the API key.

Furthermore, the information processing device 100 further includes a notification unit 134. When the determining unit 133 determines that the second server device is using the API key illegally, the notification unit 134 notifies the administrator of the first server device that illegal use of the API key has been detected. do.

Thereby, the information processing apparatus 100 can improve the quality of service as an API provider. Furthermore, the information processing device 100 can improve service satisfaction of customers who use the API.

[7. Hardware configuration]
Further, the information processing apparatus 100 according to the embodiments described above is realized by, for example, a computer 1000 having a configuration as shown in FIG. FIG. 9 is a hardware configuration diagram showing an example of a computer that implements the functions of the information processing device 100. The computer 1000 includes a CPU 1100, a RAM 1200, a ROM 1300, an HDD 1400, a communication interface (I/F) 1500, an input/output interface (I/F) 1600, and a media interface (I/F) 1700.

CPU 1100 operates based on a program stored in ROM 1300 or HDD 1400, and controls each section. The ROM 1300 stores a boot program executed by the CPU 1100 when the computer 1000 is started, programs depending on the hardware of the computer 1000, and the like.

The HDD 1400 stores programs executed by the CPU 1100, data used by the programs, and the like. Communication interface 1500 receives data from other devices via a predetermined communication network and sends it to CPU 1100, and transmits data generated by CPU 1100 to other devices via a predetermined communication network.

The CPU 1100 controls output devices such as a display and a printer, and input devices such as a keyboard and mouse via an input/output interface 1600. CPU 1100 obtains data from an input device via input/output interface 1600. Further, CPU 1100 outputs the generated data to an output device via input/output interface 1600. Note that an MPU (Micro Processing Unit) or a GPU (Graphics Processing Unit) may be used instead of the CPU 1100.

Media interface 1700 reads programs or data stored in recording medium 1800 and provides them to CPU 1100 via RAM 1200. CPU 1100 loads this program from recording medium 1800 onto RAM 1200 via media interface 1700, and executes the loaded program. The recording medium 1800 is, for example, an optical recording medium such as a DVD (Digital Versatile Disc) or a PD (Phase change rewritable disk), a magneto-optical recording medium such as an MO (Magneto-Optical disk), a tape medium, a magnetic recording medium, or a semiconductor memory. etc.

For example, when the computer 1000 functions as the information processing device 100, the CPU 1100 of the computer 1000 realizes the functions of the control unit 130 by executing a program loaded onto the RAM 1200. The CPU 1100 of the computer 1000 reads these programs from the recording medium 1800 and executes them, but as another example, these programs may be acquired from another device via a predetermined communication network.

Some of the embodiments of the present application have been described above in detail based on the drawings, but these are merely examples, and various modifications and variations may be made based on the knowledge of those skilled in the art, including the embodiments described in the disclosure section of the invention. It is possible to carry out the invention in other forms with modifications.

[8. others〕
Furthermore, among the processes described in the above embodiments and modified examples, all or part of the processes described as being performed automatically can be performed manually, or may be described as being performed manually. All or part of this processing can also be performed automatically using known methods. In addition, information including the processing procedures, specific names, and various data and parameters shown in the above documents and drawings may be changed arbitrarily, unless otherwise specified. For example, the various information shown in each figure is not limited to the illustrated information.

Furthermore, each component of each device shown in the drawings is functionally conceptual, and does not necessarily need to be physically configured as shown in the drawings. In other words, the specific form of distributing and integrating each device is not limited to what is shown in the diagram, and all or part of the devices can be functionally or physically distributed or integrated in arbitrary units depending on various loads and usage conditions. Can be integrated and configured.

Furthermore, the above-described embodiments and modifications can be combined as appropriate within a range that does not conflict with the processing contents.

1 Information processing system 10 Terminal device 20 Server device 100 Information processing device 110 Communication unit 120 Storage unit 121 Usage history information storage unit 122 Normal IP set information storage unit 123 Unknown IP set information storage unit 124 Scoring condition storage unit 130 Control unit 131 Acquisition unit 132 Calculation unit 133 Judgment unit 134 Notification unit

Claims (8)

a storage unit that stores, for each global IP address, usage history information indicating the usage history of the API key by the server device identified by the global IP address;
first usage number information indicating a first usage number, which is the number of times the API key is used by a first server device that is a server device that is determined to not be using the API key illegally based on the usage history information; and a second server device to be determined, which uses the API key that is identified by a second global IP address that is different from a first global IP address that identifies the first server device and is used by the first server device. an acquisition unit that acquires second usage number information indicating a second usage number that is the number of times the API key is used by the server device;
a calculation unit that calculates a score indicating whether or not the second server device is illegally using the API key based on a comparison between the first number of uses and the second number of uses;
If the score calculated by the calculation unit exceeds a predetermined threshold, the second server device determines that the API key is being used illegally, and the score calculated by the calculation unit is less than or equal to the predetermined threshold. a determination unit that determines that the second server device is not illegally using the API key if
An information processing device comprising: The calculation unit is
Comparison of the number of times the API key is used by the first server device in a predetermined period as the first number of uses, and the number of times the API key is used by the second server device in the predetermined period as the second number of uses. calculating the score based on
The information processing device according to claim 1. The calculation unit is
The score when the ratio of the second number of uses to the first number of uses exceeds a predetermined ratio than the score when the ratio of the second number of uses to the first number of uses is less than or equal to a predetermined ratio. calculate higher,
The information processing device according to claim 1 or 2. The storage unit includes:
storing domain name information regarding an FQDN (Fully Qualified Domain Name) corresponding to the global IP address as the usage history information;
The acquisition unit includes:
obtaining first domain name information regarding the FQDN corresponding to the first global IP address and second domain name information regarding the FQDN corresponding to the second global IP address;
The calculation unit is
calculating the score based on a comparison between the first domain name information and the second domain name information;
The information processing device according to any one of claims 1 to 3. The calculation unit is
The FQDN corresponding to the first global IP address and the second global IP address are higher than the score when the FQDN corresponding to the first global IP address and the FQDN corresponding to the second global IP address are the same. calculating the score to be high when the IP address and the corresponding FQDN are different;
The information processing device according to claim 4. If the determination unit determines that the second server device is using the API key illegally, the administrator of the first server device is notified that the illegal use of the API key has been detected. further comprising a notification section;
The information processing device according to any one of claims 1 to 5. An information processing method performed by a computer, the method comprising:
a storage step of storing usage history information indicating usage history of the API key by the server device identified by the global IP address in a storage unit for each global IP address;
first usage number information indicating a first usage number, which is the number of times the API key is used by a first server device that is a server device that is determined to not be using the API key illegally based on the usage history information; and a second server device to be determined, which uses the API key that is identified by a second global IP address that is different from a first global IP address that identifies the first server device and is used by the first server device. an acquisition step of acquiring second usage number information indicating a second usage number, which is the number of times the API key is used by the server device;
a calculation step of calculating a score indicating whether the second server device is illegally using the API key based on a comparison between the first number of uses and the second number of uses;
If the score calculated in the calculation step exceeds a predetermined threshold, the second server device determines that the API key is being used illegally, and the score calculated in the calculation step is less than or equal to the predetermined threshold. a determination step of determining that the second server device is not illegally using the API key;
Information processing methods including. a storage procedure for storing usage history information indicating a usage history of an API key by a server device identified by the global IP address in a storage unit for each global IP address;
first usage number information indicating a first usage number, which is the number of times the API key is used by a first server device that is a server device that is determined to not be using the API key illegally based on the usage history information; and a second server device to be determined, which uses the API key that is identified by a second global IP address that is different from a first global IP address that identifies the first server device and is used by the first server device. an acquisition procedure for acquiring second usage number information indicating a second usage number, which is the number of times the API key is used by the server device;
a calculation step of calculating a score indicating whether the second server device is illegally using the API key based on a comparison between the first number of times of use and the second number of times of use;
If the score calculated by the calculation procedure exceeds a predetermined threshold, the second server device determines that the API key is being used illegally, and the score calculated by the calculation procedure is less than or equal to the predetermined threshold. a determination procedure for determining that the second server device is not illegally using the API key;
An information processing program that causes a computer to execute.

Images