JP5639501B2 - Theft state determination system and theft state determination program - Google Patents

Description

The present invention relates to prevention of leakage of information stored in a computer terminal, and more particularly to a technique for preventing leakage of information that occurs when the computer terminal itself is stolen.

In companies and schools, it is common to work using computer terminals. At that time, a method of storing and managing various data such as created information files and reference materials in a storage device such as a hard disk built in the terminal is often used. While this method is convenient in that necessary materials can be easily taken out and used, there is a problem that stored information is highly likely to leak to the outside. Specifically, when using a portable terminal such as a notebook computer, there is a problem of information leakage that occurs when the terminal itself is lost due to theft or misplacement.

As a means to solve the above problem, in the field of preventing information leakage due to theft of the terminal, etc., when the server communicates with the server when the terminal is activated and the server authenticates and determines that the terminal is not in the stolen state, the server On the other hand, there is a technique of transmitting a decryption circuit for stored data that has been encrypted in advance. In this technology, a terminal list in a stolen state is registered in advance on the server side, and the received terminal identification information and the stolen terminal list are compared and checked to determine whether the terminal is in a stolen state. The means of doing is used. This can reduce the risk of leakage of confidential information stored in the terminal by a third party. (See Patent Document 1)

Further, in a similar field, there is a technique in which communication with a server is performed when a terminal is activated, and if the server performs user authentication of the terminal and determines that it cannot be used, an instruction to erase data stored in the terminal is issued. In this technology, a user list that can be used by the terminal is stored in advance in the server, and the terminal is stolen by comparing the user information that is actually logged in with the available user list in the server when the terminal is activated. Means for determining whether or not the state is present is used. Thus, it is possible to automatically determine whether or not the terminal is in a stolen state without registering information related to the terminal state in advance. (See Patent Document 2)

JP 2006-293594 A JP 2006-163847 A

If the technique of patent document 1 is used, it can be determined whether the activated terminal is in a stolen state. However, it is necessary to list the current status of all the terminals to be managed and register them in the server. For this reason, in order to cope with a situation that changes in real time, the list registered in the server must be updated at any time, which is troublesome.

If the technique of Patent Literature 2 is used, it is possible to determine whether or not the terminal is in a stolen state without registering the current state list of the terminal in the server in advance. However, it is impossible to determine the possibility that a person registered as an available user is performing an illegal act.

An object of the present invention is to solve the above-mentioned problems of the prior art. Specifically, in the field of preventing information leakage due to theft of the terminal, etc., it is determined whether the terminal is in a stolen state according to a change in the status of use of the terminal, and information leakage prevention processing according to the determination result The task is to execute.

In order to solve the above problems, the theft state determination system of the present invention includes a management server including a processing device that determines whether a terminal connected via a communication network is in a theft state. The information processing unit of the environment information acquisition unit for acquiring information about the terminal itself and the surrounding conditions of the terminal as the environment information as information representing the operating environment of the terminal, and the terminal An operation information acquisition unit that acquires operation information executed by a user, a specific state generation unit that generates information about a usage state as specific state information from environment information and operation information of a specific terminal, and an environment information acquisition unit of environmental information, extracted by limiting the specific environmental information extracting unit that extracts the environment information of the specific terminal as a specific environment, a terminal having the same environmental information and specific terminal , Environmental information and the operation information of the extracted terminal, and the standard state information generation unit for generating information on the Use as standard state information, compares the specific state information and the standard status information, the theft risk of a particular terminal A theft state determination unit for determining, and a control unit for executing an information leakage prevention process for confidential information according to the determination result , and the environmental information acquisition unit includes, as environmental information, presence / absence of network connection, terminal operation time and time zone, or a software or applications any one or more of the activation state of is characterized that you get information about conditions around the terminal itself and the terminal at the time when the terminal is running.

By adopting the configuration of the present invention, it is possible to grasp the usage state for each of various operating environments in which a specific terminal operates. Furthermore, by comparing with the usage state of the terminals in the same operating environment, it is possible to detect a difference in the usage state between terminals in a similar operating environment. This makes it possible to determine whether the terminal is stolen according to various situations in which the terminal is used.

The theft state determination system of the present invention includes a terminal having a storage device for storing confidential information, and a management server including a processing device for determining whether the terminal is in a theft state. Generates, as information representing the operating environment , an environment information generating unit that generates information related to the terminal itself and a situation around the terminal when the terminal starts operation, and operation information executed by the user An operation information generation unit, and a usage state information generation unit that generates information about the usage status of the terminal itself from the environment information and the operation information as usage status information and transmits the usage status information to the management server. a specific state information generation unit for generating the acquired use state information from a specific terminal as the specific state information, among the environmental information included in the specific state information, of the specific terminal ring The specific environmental information extracting unit for extracting information as the specific environment, and extracted by limiting the terminals having the same environmental information and specific environments, the standard usage state information to obtain the use status information of the extracted terminal The standard state information generation unit to be generated, the specific state information and the standard state information are compared, the theft state determination unit that determines the theft risk of a specific terminal, and the information leakage prevention processing of confidential information is executed according to the determination result And the environment information generation unit includes, as environment information, any one or more of the presence / absence of network connection, the operation time / time zone of the terminal, or the activation state of software and applications. it may be configured as that generates acquire information about the status of the surrounding of the terminal itself and the terminal at the time of running.

By adopting the configuration of the present invention, it is possible to generate information related to its own usage state in the terminal. This eliminates the need for the management server to generate information regarding the usage state for each terminal, thereby reducing the processing load on the management server.

The theft state determination unit included in the processing device of the management server in the present invention indicates a difference calculation unit that calculates a difference between the specific state information and the standard state information, and indicates a risk that the terminal is in a theft state based on the calculated difference. It is good also as a structure of having the risk determination means which determines a risk.

By adopting the configuration of the present invention, it is possible to determine the danger that the terminal is in a stolen state and to execute information leakage prevention processing according to the situation. As a result, the damage to the user can be minimized.

The processing device of the management server in the present invention further includes a data amount acquisition unit that acquires the amount of confidential information stored in the storage device of the terminal, and the theft state determination unit determines that the terminal is in a stolen state based on the data amount. It is good also as a structure which has a risk change means to change the risk which shows a certain danger.

By configuring as in the present invention, it is possible to change the risk that the terminal is in a stolen state by using information on the amount of data stored in the terminal. As a result, it is possible to execute the determination of the theft state in consideration of the amount of information leaked due to theft of the terminal and the magnitude of the damage accompanying it, and the information leakage prevention process due to theft.

Note that the above-described features can be realized by causing the terminal of the present invention to read and execute the program. In other words, a program used for a theft state determination system, and as information representing the operating environment of a terminal, environmental information that acquires information on the terminal itself and the surrounding conditions of the terminal as environmental information when the terminal starts operating An acquisition function, an operation information acquisition function for acquiring operation information executed by a user on the terminal, a specific state generation function for generating information on a usage state as specific state information from environment information and operation information of a specific terminal, The specific environment information extraction function that extracts the environment information of the specific terminal as the specific environment from the environment information acquired by the environment information acquisition function and the terminals having the same environment information as the specific environment are extracted and extracted. from the environmental information and the operation information of the terminal, and the standard status information generating function of generating information on the use state as a standard state information, certain The management server processing device includes a theft state determination function that compares state information with the standard state information and determines the theft risk of a specific terminal, and a control function that executes information leakage prevention processing of confidential information according to the determination result In addition, the environment information acquisition function can be used when the terminal is operating, including, as environment information, one or more of the presence / absence of network connection, the operating time / time zone of the terminal, or the activation status of software and applications. the terminal itself and program that obtains information about the status of the surrounding of the terminal, the present invention may be constructed as a.

In addition, the above-described features can be realized by causing a terminal to read and execute another program of the present invention. That is, as information representing the operating environment , an environment information generation function that generates information about the terminal itself and the situation around the terminal when the terminal starts operating as environment information, and operation information executed by the user are generated. From the operation information generation function, the environment information and the operation information, information on the usage status of the terminal itself is generated as usage status information, and the usage status information generation function to be transmitted to the management server is realized on the terminal and acquired from the identified terminal Same as the specific environment , the specific state information generation function that generates the usage state information as the specific state information, and the specific environment information extraction function that extracts the environment information of the specific terminal as the specific environment from the environment information included in the specific state information the extraction by limiting the terminal with environmental information, generates a standard usage state information to obtain the use status information of the extracted terminal The standard state information generation function, the specific state information and the standard state information are compared, the theft state determination function for determining the theft risk of a specific terminal, and the information leakage prevention process for confidential information according to the determination result The control function is implemented in the processing device of the management server , and the environment information generation function further includes at least one of the presence / absence of network connection, the operation time / time zone of the terminal, and the activation status of software and applications as environment information. including, it may constitute the present invention as a program, that generates and acquires information about the status of the surrounding of the terminal itself and the terminal at the time when the terminal is running.

These information leakage prevention programs also have the same effects as the information leakage prevention terminal described above.

The confidential information in the present invention refers to information files, programs, data, and the like stored in the terminal by the user. Specifically, a document file or a spreadsheet file in which various types of information are stored, data that can be used by a specific application, and the like can be considered as examples. The confidential information may not be all of the various information stored in the terminal, but may be predetermined as confidential information. Specifically, among the stored document files, for example, a format in which only those designated as “confidential information” in the file name in advance is handled as confidential information can be considered. A format in which a file including a predetermined keyword or content is handled as confidential information is also conceivable. Specifically, a method of searching a file in the terminal and extracting a file including a keyword, a method of extracting a file including a keyword in a file name included in operation information, and the like can be considered.

The operating environment in the present invention refers to the terminal itself and surrounding circumstances when the terminal starts operation. Specifically, hardware information indicating the hardware configuration of the terminal itself, affiliation information indicating a department or the like that manages the terminal, login user identification information of a user who has logged into the terminal, presence or absence of network connection, Examples include connection destination information related to connected networks and devices, time information and time zone indicating the time when the terminal is used, activation status of software and applications, authentication status and browsing status of specific software or website, etc. Is considered.

Further, as the user identification information, a login ID or a user ID uniquely set for each user can be considered as an example.

The operation information in the present invention refers to information generated when the user performs various operations on the terminal. Specifically, the date and time information indicating the date and time when the operation was executed, the processing content and the processing target (the file, folder, application, etc.) indicating the content of the executed operation, and the user who uses the terminal are uniquely identified. A series of information including at least user identification information to be identified is considered as an example.

The usage state in the present invention refers to information on how the managed terminal is used and its tendency, which is derived based on the contents of various operations performed by the user on the managed terminal.

The data amount in the present invention refers to the amount of confidential information stored in the terminal. Specifically, file number information indicating the number of stored information files, the number of bits indicating the size of the entire stored information, the number of bytes, and the like can be considered as examples.

According to the present invention configured as described above, a terminal that is used in a manner significantly different from the standard state is detected according to various situations in which the terminal is used, and the terminal is at risk of theft. Gender can be determined. Thereby, it is possible to quickly execute processing for preventing information leakage due to terminal theft.

The conceptual diagram which shows an example of the system configuration | structure of this invention. The conceptual diagram which shows an example of the hardware constitutions of the theft condition determination system of this invention. 1 is a functional block diagram illustrating an example of a system configuration in Embodiment 1. FIG. 3 is a flowchart illustrating an example of a processing process according to the first embodiment. The figure which shows an example of the operation information memorize | stored in the operation information storage part. The figure which shows an example of the environmental information produced | generated by the environmental information production | generation part 32. FIG. The figure which shows an example of the environmental information memorize | stored in the environmental information storage part. FIG. 6 is a diagram illustrating an example of a reference value table in the state determination unit 16b according to the first embodiment. The figure which shows an example of the warning display displayed on the terminal display device 4b of Example 1. FIG. The figure which shows an example of the warning display displayed on the management terminal display device 4c of Example 1. FIG. FIG. 9 is a functional block diagram illustrating an example of a system configuration according to a second embodiment. 10 is a flowchart illustrating an example of a processing process according to the second embodiment. The figure which shows an example of the operation information memorize | stored in the operation information storage part. The figure which shows an example of the specific environment information which the specific environment information extraction part 36 transmits. The figure which shows an example of the operation information which the use status information generation part 37 extracts. The figure which shows an example of the use condition information memorize | stored in the use condition information storage part 22. The figure which shows an example of the reference value table in the state determination means 16b of Example 2. FIG. FIG. 10 is a functional block diagram illustrating an example of a system configuration according to a third embodiment. 10 is a flowchart illustrating an example of a processing process according to the third embodiment. The figure which shows an example of the risk level table in the risk level determination means 16c. The figure which shows an example of the processing content table in the control part. FIG. 10 is a functional block diagram illustrating an example of a system configuration according to a fourth embodiment. 10 is a flowchart illustrating an example of a processing process according to a fourth embodiment. The figure which shows an example of the risk change table in the risk change means 16d.

Hereinafter, embodiments of the present invention will be described with reference to the drawings. The present invention is implemented in a client-server format. FIG. 1 conceptually shows an example of the overall configuration of the information leakage prevention system of the present invention. In the embodiment, as shown in FIG. 1, the operation status management server A (hereinafter referred to as “management server A”) has a plurality of managed client terminals B (hereinafter referred to as “terminal B”) and an administrator client terminal C. (Hereinafter referred to as “management terminal C”) and a communication network N (hereinafter referred to as “network N”).

FIG. 2 conceptually shows an example of the hardware configuration of the management server A, terminal B, or management terminal C.

The management server A includes a processing device 1 such as a CPU having an arithmetic device 6 that executes arithmetic processing of a program and a control device 7 that outputs a control instruction to each device based on the arithmetic result, a RAM that stores information, It has at least a storage device 2 such as a hard disk, and a communication device 5 that transmits and receives processing results of the processing device 1 and information stored in the storage device 2 via a network such as the Internet or a LAN. Each function (each unit) executed by the management server A is realized by the processing device 1 reading a program for executing the process.

The management server A may include an input device 3 such as a keyboard, a mouse, or a numeric keypad and a display device 4 such as a display (screen) as necessary. In addition, the management server A may have its functions distributed to a plurality of terminals or servers.

Hereinafter, for convenience of explanation, the processing device 1 constituting the management server A is referred to as “server processing device 1a”, the storage device 2 as “server storage device 2a”, the input device 3 as “server input device 3a”, and the display device 4 as “ The server display device 4a ”and the communication device 5 are referred to as“ server communication device 5a ”.

The hardware configuration of the terminal B and the management terminal C is the same as that of the management server A, and includes a processing device 1, a storage device 2, an input device 3, a display device 4, and a communication device 5, as shown in FIG.

Hereinafter, for convenience of explanation, the processing device 1 constituting the terminal B is referred to as “terminal processing device 1b”, the storage device 2 as “terminal storage device 2b”, the input device 3 as “terminal input device 3b”, and the display device 4 as “terminal”. The display device 4b "and the communication device 5 are referred to as" terminal communication device 5b ". Further, the processing device 1 constituting the management terminal C is “management terminal processing device 1c”, the storage device 2 is “management terminal storage device 2c”, the input device 3 is “management terminal input device 3c”, and the display device 4 is “management”. The terminal display device 4c "and the communication device 5 are referred to as" management terminal communication device 5c ".

The network N is a CSMA / CD (Carrier Sense Multiple Access Detection Detection) system including a cable that physically transmits information in a limited facility such as a company or a school, and a relay device such as a LAN switch or a hub. However, in addition to the LAN, the network N may be configured by an intranet using Internet technology, or may be constructed by a WAN (Wide Area Network) technology.

Example 1 Configuration
Hereinafter, a first embodiment of the present invention will be described with reference to the drawings. FIG. 3 shows a functional block diagram of the management server A, terminal B, and management terminal C constituting the information leakage prevention system of the present invention. Each component and each means in the present invention are only logically distinguished in function, and may be physically or virtually identical.

FIG. 3 shows only the minimum equipment, components, means and the like necessary in the present invention, and the description of the other devices, components, means, etc. is omitted.

The management server A has a server control interface 10 for transmitting / receiving various information to / from the server input device 3a, the server display device 4a, or the server communication device 5a. Further, the server communication device 5 a has a function capable of transmitting and receiving various information with the terminal B and the management terminal C via the network N.

The server processing device 1a of the management server A includes an operation information acquisition unit 11 that acquires operation information output from the terminal A, an environment information acquisition unit 12 that acquires environment information output from the terminal B, and a specific terminal from the operation information. A specific state information generation unit 13 that generates information about the usage state related to B, a specific environment information extraction unit 14 that extracts environment information about a specific terminal B, and a standard that generates information about the standard usage state of terminal B from the operation information The state information generation unit 15, the theft state determination unit 16 that determines the theft risk of the terminal B using the generated specific state information and standard state information, and the information leakage prevention process of confidential information stored in the terminal B The control part 17 to perform is provided.

Further, the theft state determination unit 16 in the server processing device 1a compares the specific state information generated by the specific state information generation unit 13 with the standard state information generated by the standard state information generation unit 15, and Difference calculating means 16a for calculating the difference and state determining means 16b for determining the theft risk of the terminal B based on the calculated difference are provided.

The server storage device 2a of the management server A includes an operation information storage unit 21 that stores the operation information of the terminal B acquired by the operation information acquisition unit 11, and an environment information that stores the environment information of the terminal B acquired by the environment information acquisition unit 12. A storage unit 22 is provided.

The terminal B has a terminal control interface 30 for transmitting and receiving various information to and from the terminal input device 3b, the terminal display device 4b, or the terminal communication device 5b. Further, the terminal communication device 5b has a function capable of transmitting and receiving various information with the management server A and the management terminal C via the network N.

The terminal processing device 1b of the terminal B includes an operation information generating unit 31 that generates information on various operations executed on the terminal B, an environment information generating unit 32 that generates information on the operating environment of the terminal B, and a terminal control interface 30. The terminal control unit 33 that executes control processing based on the various control information acquired in this manner is provided.

The terminal storage device 2b of the terminal B includes a confidential information storage unit 34 that stores confidential information for which an instruction to save in the terminal B is executed by the user.

The management terminal C has a management terminal control interface 40 for transmitting / receiving various information to / from the management terminal input device 3c, the management terminal display device 4c, or the management terminal communication device 5c. Furthermore, the management terminal communication device 5c has a function capable of transmitting and receiving various information to and from the management server A and the terminal B via the network N.

The management terminal processing device 1 c of the management terminal C includes a management terminal control unit 41 that executes control processing based on various control information acquired via the management terminal control interface 40.

The operation of each component will be described below based on the functional block diagram constituting the present invention shown in FIG. First, the components of the management server A that constitute the information leakage prevention system of the present invention will be described.

The operation information acquisition unit 11 acquires operation information of the terminal B connected to the network N via the server communication device 5 a and the server control interface 10. Then, the acquired operation information is transmitted to the operation information storage unit 21. The format of the operation information to be acquired may be in any format as long as the operation content executed by the user of the terminal B can be grasped. The operation information may include a later-described environment information.

In the present embodiment, the operation information refers to information indicating the content of the control process executed by the user using the input device 3 of the terminal B. Specifically, the terminal identification information that uniquely identifies the terminal B, the processing content that indicates the content of the control process, the user identification information that uniquely identifies the user who executed the process, and the date and time when the process was executed A series of information including date and time information can be considered as an example.

Further, the above processing content is information indicating the content of the operation executed in the terminal B, and means information indicating control by an application or hardware processed in the middleware or OS. More specifically, key input, pointing device operation (button press, move, etc.), external storage medium attachment / detachment, connection with external device (printer, etc.), file operation (create, delete, copy, move, folder name) Change), application operation (startup, termination, etc.), drive addition / deletion / detection, IP address change, network connection disconnection, network domain change, storage medium writing, printing, copy to clipboard, etc. There is. In addition, these are examples and are not limited.

The operation information storage unit 21 stores the operation information acquired by the operation information acquisition unit 11. The storage format at that time is preferably classified into each terminal using the terminal identification information and date / time information included in the operation information, and further stored in time series. If the operation information includes environment information, it can also serve as an environment information storage unit 22 described later.

The environment information acquisition unit 12 acquires the environment information of the terminal B connected to the network N via the server communication device 5a and the server control interface 10. Then, the acquired environmental information is transmitted to the environmental information storage unit 22.

The environment information storage unit 22 stores the environment information acquired by the environment information acquisition unit 12. The storage format at that time is preferably a format in which the information is classified and stored for each terminal to which the environmental information is output. Specifically, a format in which the information is classified into terminal identification information included in the environment information and stored is conceivable. In addition, the storage format may be a format in which current environment information in which the terminal B is operating can be grasped. For example, the format may be a format in which the existing environment information stored in the storage unit is overwritten with the newly generated environment information and stored, or the generated environment information is stored in time series. Further, the area for storing the environment information may be a temporary storage area. In this embodiment, a format for overwriting and storing is used.

First, the specific state information generation unit 13 performs a predesignated operation of the specific terminal B that is a target for determining whether or not it is a theft from the operation information of all the terminals B stored in the operation information storage unit 21. The operation information regarding is searched and extracted for a predetermined time. Next, information regarding the usage state in the specific terminal B is calculated as the specific state information from the extracted operation information. Then, the calculated specific state information is transmitted to the determination unit 16. There are various types of specific state information that can be generated. In this embodiment, the total value related to a predetermined usage pattern such as the number of executions of the specified operation, the execution interval, or the execution time zone is calculated as the specific state information. I decided to.

The specific environment information extraction unit 14 has terminal identification information of the specific terminal B designated in advance, which is a target for determining whether or not it is in a stolen state. Then, the environmental information of the specific terminal B is extracted as the specific environment from the environmental information acquired by the environmental information acquisition unit 12.

The standard state information generation unit 15 first acquires a specific environment from the specific environment information extraction unit 14. Then, terminal identification information of the terminal B having the specific environment is extracted from the environment information storage unit 22. By performing this processing, the terminal B that refers to the operation information when generating the standard state information can be limited to the terminal B having an operation environment close to the specific terminal B.

Next, the standard state information generation unit 15 searches the operation information stored in the operation information storage unit 21 for the operation information of the terminal B having the specific environment extracted above. Further, operation information related to the specified operation is extracted from the searched operation information for a predetermined time. Next, information on a standard use state is calculated as standard state information from the extracted operation information. Although various types of standard state information can be considered, in this embodiment, the standard state information is calculated using a total value such as the number of executions of the specified operation, the execution interval, or the execution time zone. And Specifically, a method of calculating standard state information from statistical values such as a maximum value, a minimum value, and an average value can be considered. It should be noted that the specified operation and total value elements are the same in the specific state information and the standard state information.

The theft state determination unit 16 first acquires the specific state information generated by the specific state information generation unit 13. Next, the standard state information generated by the standard state information generation unit 15 is acquired, and the specific state information is compared with the standard state information. Then, it is determined from the comparison result whether the specific terminal B is in a stolen state. In order to perform this determination process, a difference calculation unit 16a and a state determination unit 16b are provided in the theft state determination unit 16.

The difference calculation means 16a of the theft state determination unit 16 compares the specific state information with the standard state information, and calculates the difference between the two. Then, the calculated difference is transmitted to the state determination unit 16b.

The state determination unit 16b of the theft state determination unit 16 acquires the difference calculated by the difference calculation unit 16a, and determines whether the specific terminal B is in a theft state based on the content of the difference. There are various methods for determining whether or not the theft is present. In this embodiment, a predetermined reference value is set in the state determination unit 16b, and the difference obtained from the difference calculation unit 16a is obtained. A method of determining the theft risk by comparing the value with the reference value is used. As a result, if it is determined that “theft is present”, the content is transmitted to the control unit 15.

The control unit 17 generates control information for preventing confidential information stored in the specific terminal B from leaking in response to the determination result notification acquired from the state determination unit 16b of the theft state determination unit 16, and the server It transmits to the control interface 10. Then, the server communication device 5a transmits the control information acquired from the server control interface 10 to the specific terminal B via the network N.

In addition, the control unit 17 lists the terminals determined to be “theft” in response to the determination result notification acquired from the state determination unit 16b of the theft state determination unit 16 and identifies the listed information. It may be transmitted to the server control interface 10 as control information for preventing confidential information stored in the terminal B from leaking. Note that a theft state terminal storage unit (not shown) may be separately provided in the control unit 17 and the listed information may be stored therein. In that case, it is preferable that the information stored in the theft state terminal storage means is generated as control information at a predetermined timing and appropriately transmitted to the management terminal C.

Next, the component part of the terminal B which comprises the theft condition determination system of this invention is demonstrated.

First, the operation information generation unit 31 acquires information related to an operation performed on the terminal B by the user via the terminal control interface 30, and generates information combined with its own terminal identification information as operation information. Next, the generated operation information is transmitted to the terminal control interface 30. Then, the terminal communication device 5b transmits the operation information acquired from the terminal control interface 30 to the management server A via the network N.

The environment information generation unit 32 of the terminal B extracts information related to the operating environment of the terminal B from the terminal control interface 30 and various information stored in the terminal B, and uses the information combined with its own terminal identification information as the environment information. Generate as Then, the generated environment information is transmitted to the management server A via the terminal control interface 30 and the terminal communication device 5b. The environment information may be generated at every predetermined timing, or may be generated every time a change occurs in the operating environment. In this embodiment, a format for generating environment information at every predetermined timing is used.

The transmission format for transmitting the operation information and the environment information to the management server A may be a format in which the operation information and the environment information are transmitted every time the operation information and the environment information are generated. The operation information and the environment information generated so far may be transmitted together. The terminal control interface 30 has a function of monitoring whether the terminal communication device 5b is currently connected to the network N. Operation information and environment information when the terminal B is disconnected from the network are It may be possible to adopt a format in which operation information and environment information that are held in B and disconnected and disconnected when connected to the network N are collectively transmitted.

The terminal control unit 33 acquires the control information transmitted from the management server A received in the terminal communication device 5b through the terminal control interface 30, and executes various control processes in the terminal B according to the control information. In particular, when a control instruction for confidential information is received from the management server A, information leakage prevention processing for confidential information stored in the confidential information storage unit 34 of the terminal storage device 2b is executed according to the content of the control instruction.

The confidential information storage unit 34 stores confidential information instructed to be saved by the user. The stored confidential information is appropriately subjected to information leakage prevention processing by the terminal control unit 33.

Next, the component part of the management terminal C which comprises the theft condition determination system of this invention is demonstrated.

The management terminal control unit 41 of the management terminal control device 1c acquires the control information transmitted from the management server A received by the management terminal communication device 5c via the management terminal control interface 40, and manages the management terminal C according to the control information. Various control processes in are executed.

As an example of various control processes performed by the management terminal control unit 41, a process of displaying a list of terminals determined to be “theft” on the management terminal display device 4c according to the control information acquired from the management server A Can be considered. When the management terminal C executes such a warning notification, it promptly notifies the network administrator who operates the management terminal C of the possibility of theft of the terminal B, and prompts early execution of confidential information leakage prevention measures. Can do. This makes it possible to indirectly prevent leakage of confidential information stored in the terminal B.

With the above-described configuration, the comparison determination can be performed using the usage state of the specific terminal B and the standard usage state of the terminal B having the same environment information as the specific terminal B. This is to determine whether a terminal is in a stolen state based on a prediction that terminals used under the same environmental information will be similar to each other. In this way, even if there is a high possibility of being used in the same application, if there is a difference in the usage state over a predetermined value, it is determined that the theft is in use, and information leakage prevention processing is performed. It becomes possible to execute quickly.

Example 1 Treatment Process
Next, an example of a processing process in the information leakage prevention system of the present invention will be described with reference to the functional block diagram of FIG. 3, the flowchart of FIG.

The operation information generation unit 31 of the terminal B generates the operation information of the terminal B, and transmits the generated operation information to the terminal communication device 5b via the terminal control interface 30. The terminal communication device 5b transmits operation information to the management server A via the network N (S101). The transmission timing of the operation information in this processing process is transmitted to the management server A each time the operation information is generated in the operation information generation unit 31.

The server communication device 5 a of the management server A receives the operation information output from the terminal B via the network N. Next, the operation information acquisition unit 11 acquires the operation information of the terminal B received by the server communication device 5a via the server control interface 10. Then, the acquired operation information is stored in the operation information storage unit 21 (S102).

FIG. 5 shows an example of operation information stored in the operation information storage unit 21. As shown in this figure, the operation information acquired in this embodiment is “terminal identification information”, “user identification information”, “date and time information”, “processing contents”, “application name”, “file name”, “save” Information on eight items of “location” and “device name” is acquired. Further, the storage format of the operation information storage unit 21 in this processing process adopts a format in which it is divided according to terminal identification information, and further stored in the order of date and time information indicating the date and time when the processing was executed.

The environment information generation unit 32 of the terminal B generates the environment information of the terminal B, and transmits the generated environment information to the management server A via the terminal control interface 30 and the terminal communication device 5b. (S103). It is assumed that the environment information transmission timing in this processing process is transmitted to the management server A at a predetermined timing.

FIG. 6 shows an example of environment information generated by the environment information generation unit 32. As shown in this figure, the environment information is generated in association with the user identification information, and the environment information generated in this embodiment includes “terminal identification information”, “user identification information”, “affiliation”, “hardware”, “ Information on five items “network connection” and “start-up time zone” is generated. In this processing process, a case will be described as an example in which determination is performed using “time zone” in “startup time zone” as predetermined environment information.

The server communication device 5 a of the management server A receives environment information output from the terminal B via the network N. Next, the environment information acquisition unit 17 acquires the environment information of the terminal B received by the server communication device 5a via the server control interface 10. Then, the acquired environmental information is stored in the environmental information storage unit 22 (S104).

FIG. 7 shows an example of environment information stored in the environment information storage unit 22. As shown in this figure, this processing process adopts a format in which it is stored separately for each specific environment information.

The specific state information generation unit 13 extracts operation information for a predetermined time period specified in advance, and calculates a total value related to a predetermined usage pattern as specific state information. In this processing process, the predetermined time zone is set from “October 7, 2010 18:00” to “October 7, 2010 20:00”, and the aggregated value (specific state information about the predetermined usage mode) is set. ), A time zone not connected to the network N is calculated.

From the operation information stored in the operation information storage unit 21, the specific state information generation unit 13 starts from “2010 October 7, 18:00” to “2010” in the specific terminal B (terminal identification information “CLA005”). Operation information until “October 7th 20:00” is extracted. In this processing process, it is assumed that the operation information of the specific terminal “CLA005” extracted from the operation information storage unit 21 is as shown in FIG.

Next, the specific state information generation unit 13 specifies operation information indicating “network disconnection” and “network connection” from among the extracted operation information, and uses the date and time information output from each of them to specify the specific terminal “ The time when the “CLA005” is not connected to the network N is calculated. As a result, the time not connected to the network N is calculated as “75 minutes”. The specific state information generation unit 13 generates the calculated value as specific state information and transmits it to the theft state determination unit 16 (S105).

The specific environment information extraction unit 14 extracts the environment information of the specific terminal “CLA005” as the specific environment from the environment information acquired by the environment information acquisition unit 12 (S106). In this processing process, “after business hours” indicating information related to the activation time zone of the specific terminal “CLA005” is extracted as the specific environment.

First, the standard state information generation unit 15 acquires the specific environment “after business hours” from the specific environment information extraction unit 14. Then, with reference to the environment information storage unit 22, the terminal identification information of the terminal B having the environment information “after business hours” is extracted and acquired. When the information stored in the environment information storage unit 22 is as illustrated in FIG. 7, the acquired terminal identification information includes four types of “CLA004”, “CLA005”, “CLA006”, and “CLA007”.

Next, the standard state information generation unit 15 specifies the operation information of the terminal identification information “CLA004”, “CLA005”, “CLA006”, “CLA007” among the operation information stored in the operation information storage unit, Operation information in a predetermined time zone (from “October 7, 2010 18:00” to “October 7, 2010 20:00”) is extracted. Then, among the extracted operation information, the operation information indicating “network disconnection” and “network connection” is specified, and the time when the terminal B is not connected to the network N is determined by using the output date / time information. The average value per terminal B is calculated, and standard state information is generated. In this processing process, it is assumed that the calculated average value is “10 minutes”.

Then, the standard state information generation unit 15 generates the calculated average value “10 minutes” as the standard state information and transmits it to the theft state determination unit 16 (S107).

The difference calculation means 16a of the theft state determination unit 16 calculates the difference between the specific state information generated by the specific state information generation unit 13 and the standard state information generated by the standard state information generation unit 15 (S108). In this processing process, the difference between the two is calculated as “65”. And the difference calculation means 16a transmits the calculated difference value to the state determination means 16b.

The state determination unit 16b of the determination unit 16 includes therein a determination criterion table that stores predetermined determination criteria, and whether or not it is a theft based on the difference value calculated by the difference calculation unit 16a. Is determined (S109). When it is determined that the device is “theft”, determination result information including the determination result and the terminal identification information of the corresponding terminal B is generated and transmitted to the control unit 17 (S110). FIG. 8 shows an example of the determination criterion table. In this case, when the difference value is “60 or more”, it is determined that the device is in the stolen state. Therefore, the specific terminal “CLA005” is determined to be in the stolen state, and the determination result and the terminal identification information “CLS005” are determined. The result information is transmitted to the control unit 17.

Based on the determination result information received from the state determination unit 16b, the control unit 17 generates control information that causes the terminal B having the terminal identification information included in the determination result information to execute a predetermined confidential information leakage prevention process. Then, the data is transmitted to the server communication device 5a via the server control interface 10 (S111). In this processing process, the server communication device 5a transmits the received control information to the terminal B having the designated terminal identification information “CLA005” via the network N.

The terminal control unit 33 of the terminal B executes various information leakage prevention processes on each component in the terminal B according to the content of the control information from the management server A acquired through the terminal control interface 30 (S112). .

The contents of the information leakage prevention process included in the control information will be specifically described. For example, for the confidential information storage unit 34 of the terminal B, an instruction to erase confidential information stored therein, confidential information For example, an access restriction instruction or an encryption instruction for the terminal B, an instruction to erase all data stored in the hard disk constituting the storage device 2 of the terminal B, and the like can be considered.

In addition, with regard to the above-described information leakage prevention processing, an operation lock instruction that disables execution of all control instructions from the terminal input device 3b for the terminal control interface 30 of the terminal B, contents displayed on the terminal display device 4b A control process such as transmitting an instruction to display a terminal theft warning message on the terminal display device 4b or a blackout instruction (display blackout instruction) is possible. An example of this warning display is shown in FIG.

The control unit 17 of the management server A generates control information for executing a predetermined confidential information leakage prevention process based on the determination result information received from the state determination unit 16b, and the administrator terminal C via the server control interface 10 May be sent to.

The management terminal control unit 41 of the management terminal C executes various information leakage prevention processes on each component in the management terminal C according to the content of the control information from the management server A acquired through the management terminal control interface 40. To do.

The contents of the information leakage prevention process included in the control information will be specifically described. For example, a control process in which an instruction to display a terminal theft warning message on the management terminal display device 4c is transmitted. An example of this warning display is shown in FIG.

In the above-described processing process, determination is made using specific state information and standard state information including the same environment information (“out-of-business hours” in “start-up time zone information”) as environment information. It can also be determined using. The different environmental information here is the same environmental information item but different status (for example, “out of business hours” and “within business hours” in “start-up time zone information”). Specifically, an environment information item is extracted from the acquired specific state information, and a standard operation feature that matches the environment information item is acquired. And when the state in those environmental information differs, the reference value correction | amendment means (not shown) which correct | amends the preset reference value and sets a new reference value is provided, specific state information and standard state information This is a method for determining the risk of theft using the difference between and the new reference value. It is assumed that correction values when the states in the environment information are different are registered in advance. The correction value is preferably set to a larger value when the state in the environment information is different.

Example 2 Configuration
The second embodiment of the present invention will be described below with reference to the drawings. FIG. 11 shows a functional block diagram of the management server A, terminal B, and management terminal C constituting the information leakage prevention system of the present invention. Each component and each means in the present invention are only logically distinguished in function, and may be physically or virtually identical.

FIG. 11 shows only the minimum equipment, components, means and the like necessary in the present invention, and the description of the other devices, components, means, etc. is omitted. In addition, the same code | symbol is attached | subjected to the same structural part etc. as [Example 1-configuration], and the detailed explanation is omitted when performing the same operation.

In the present embodiment, an operation information storage unit 35 that stores operation information generated by the operation information generation unit 31 and a specific environment information extraction unit 36 that stores environment information generated by the environment information generation unit 32 inside the terminal B. And a usage state information generation unit 37 that generates information about its own usage state using the operation information and the environment information, and the usage output from the terminal B inside the management server A It differs from [Example 1-Configuration] in that it includes a usage status information acquisition unit 18 that acquires status information and a usage status information storage unit 23 that stores the acquired usage status information of the terminal B. .

Hereinafter, based on the functional block diagram which comprises this invention described in FIG. 11, operation | movement of each structure part is demonstrated. Detailed descriptions of the same components or operations as those in [Example 1-Configuration] are omitted.

The operation information storage unit 34 of the terminal B stores the operation information generated by the operation information generation unit 31. The storage format at that time is preferably a format in which the operation information is stored in time series according to the date and time when the operation information is generated. Specifically, when the operation information generated by the operation information generation unit 31 is in the operation information format, a format of storing in the order of the date / time information included in the operation information is conceivable.

The specific environment information extraction unit 36 has item information designated in advance for extracting specific environment information serving as a criterion for determining the theft risk. And the environmental information applicable to a specific item is extracted as specific environment among the environmental information which the environment information generation part 32 produced | generated. Furthermore, the specific environment information extraction unit 36 also extracts the date and time information on the terminal B in the specific environment, and transmits it to the use state information generation unit 37 as the specific environment information.

The usage state information generation unit 37 extracts the operation information output in the time zone of the specific environment acquired from the specific environment information extraction unit 36 from the operation information storage unit 35. Furthermore, based on the extracted operation information, usage state information in the specific environment of the terminal B is generated. Then, the generated usage state information is transmitted to the management server A via the terminal control interface 30 and the terminal communication device 5b.

The usage status information acquisition unit 18 of the management server A acquires the usage status information of the terminal B connected to the network N via the server communication device 5 a and the server control interface 10. Then, the acquired use state information is transmitted to the use state information storage unit 23.

The use state information storage unit 23 stores the use state information acquired by the use state information acquisition unit 18. The storage format at that time is preferably a format in which the usage status information is classified and stored for each terminal to which the usage status information is output. Specifically, a format in which data is classified and stored for each terminal identification information included in the usage state information is conceivable.

With the above-described configuration, it is possible to perform operation information and environment information generation to usage state information generation. For this reason, there is an effect that the processing load on the management server A can be reduced.

Example 2 Treatment Process
Next, an example of a processing process in the information leakage prevention system of the present invention will be described with reference to the functional block diagram of FIG. 11, the flowchart of FIG. Note that the operations of (S211) and (S212) in the flowchart of FIG. 12 are the same as those in [Example 1-Processing Process], and thus the details thereof are omitted.

The operation information generation unit 31 of the terminal B generates operation information of the terminal B, and stores the generated operation information in the operation information storage unit 35 (S201). FIG. 13 shows an example of operation information stored in the operation information storage unit 35. The configuration and storage format of the operation information is the same as in the case of [Example 1-Processing Process].

The environment information generation unit 32 of the terminal B generates the environment information of the terminal B and holds it in its own storage area. (S202).

The specific environment information extraction unit 36 determines whether or not the environment information acquired by the environment information acquisition unit 32 satisfies a predetermined condition. In this embodiment, as a predetermined condition, the case where the terminal B is not connected to the network N is determined as the specific environment. Furthermore, the specific environment information extraction unit 36 also extracts time information when the terminal B is in the specific environment, and transmits it to the use state information generation unit 37 as specific environment information (S203). FIG. 14 shows an example of the specific environment information to be transmitted.

Based on the specific environment information acquired from the specific environment information extraction unit 36, the usage state information generation unit 37 extracts the operation information of the terminal B being disconnected from the operation information storage unit 35. An example of the extracted operation information is shown in FIG. In this processing process, the operation information from “October 7, 2010 18:45” when the network is disconnected to “October 7, 2010 20:00” when the network is connected is extracted. Become.

Next, the usage state information generation unit 37 generates usage state information from the extracted operation information (S204). In this processing process, the number of times processing has been executed for a file including “confidential” in the “file name” (hereinafter referred to as “confidential file”) is extracted as usage state information. In this case, as shown in FIG. 15, in the extracted operation information, the processing execution count for the confidential file is calculated as “14 times”. Therefore, “14 times” is combined with the terminal identification information to indicate the usage state information. It is generated and transmitted to the management server N via the terminal control interface 30 and the terminal communication device 5b.

The terminal control interface 30 in this processing process has a function of monitoring whether the terminal communication device 5b is currently connected to the network N. Operation information when the terminal B is disconnected from the network N is the terminal information. The usage state information stored in B and generated at the time of connection to the network N is transmitted to the management server A. By configuring in this way, it is possible to determine whether or not the terminal B is in a stolen state according to the operation content when disconnected from the network N.

The server communication device 5 a of the management server A receives the usage state information output from the terminal B via the network N. Next, the usage state information acquisition unit 18 acquires the usage state information of the terminal B acquired by the server communication device 5 a via the server control interface 10. Then, the acquired use state information is stored in the use state information storage unit 23 (S205).

FIG. 16 shows an example of usage state information stored in the usage state information storage unit 22. As usage state information used in the present embodiment, information relating to three items of “terminal identification information”, “user identification information”, and “number of times the confidential file is executed during network disconnection” is acquired.

The specific state information generation unit 13 extracts from the use state information stored in the use state information storage unit 23 the time not connected to the network N outside the business hours at the specific terminal B. In this processing process, when the terminal having the terminal identification information “CL005” is a specific terminal, the extracted time is “14 times”. And this "one time" is produced | generated as specific state information, and is transmitted to the theft state determination part 16 (S206).

The standard status information generation unit 15 uses the usage statuses of all the terminals B stored in the usage status information storage unit 23, and calculates the average number of “processing execution times for confidential files during network disconnection” per unit. Calculate the value. It is assumed that the average value calculated in this processing process is “3 times”. Then, the average value “3 times” is generated as the standard state information and transmitted to the theft state determination unit 16 (S207).

The difference calculation means 16a of the theft state determination unit 16 calculates the difference between the specific state information generated by the specific state information generation unit 13 and the standard state information generated by the standard state information generation unit 15 (S208). In this processing process, the difference between the two is calculated as “11 times”. And the difference calculation means 16a transmits the calculated difference value to the state determination means 16b.

The state determination unit 16b of the theft state determination unit 16 has a determination criterion table for storing a predetermined determination criterion therein, and whether or not the theft state is based on the difference value calculated by the difference calculation unit 16a. It is determined whether or not (S209). When it is determined that the device is “theft”, determination result information including the determination result and the terminal identification information of the corresponding terminal B is generated and transmitted to the control unit 17 (S210). FIG. 17 shows an example of the determination criterion table. In this case, when the difference value is “5 or more”, it is determined that the device is in a stolen state. Therefore, the specific terminal “CLA005” is determined to be in the stolen state, and the determination result and the terminal identification information “CLS005” are determined. The result information is transmitted to the control unit 17.

In the above-described processing process, the usage state information is generated using the operation content while the terminal B is not connected to the network N. In addition, the specific environment information is transmitted to the network of the predetermined domain. It is also possible to generate usage status information by using the operation contents being connected to the network of a specific domain.

With the above-described configuration, since the usage state information can be generated inside the terminal B, even if the terminal B is not always connected to the management server A via the network N, the management server A It is possible to determine whether or not the terminal is in a stolen state based on the operation details of the terminal B state during the network disconnection. By doing so, it is possible to determine whether or not the terminal B is always in a stolen state even for the terminal B that is not in a connected state with the management server A.

Example 3 Configuration
Hereinafter, a third embodiment of the present invention will be described with reference to the drawings. FIG. 18 shows a functional block diagram of the management server A, terminal B, and management terminal C constituting the information leakage prevention system of the present invention. Each component and each means in the present invention are only logically distinguished in function, and may be physically or virtually identical.

FIG. 18 shows only the minimum equipment, components, means and the like necessary in the present invention, and the description of the other devices, components, means, etc. is omitted. In addition, the same code | symbol is attached | subjected to the same structural part etc. as [Example 1-configuration], and the detailed explanation is omitted when performing the same operation.

The server processing apparatus 1a of the management server A determines the degree of risk that the terminal A is in the theft state as the risk level based on the difference calculated by the difference calculation means 14a inside the theft state determination unit 16 It differs from [Example 1-Configuration] in that it includes a determination unit 14c.

The operation of each component will be described below based on the functional block diagram constituting the present invention shown in FIG. Detailed descriptions of the same components or operations as those in [Example 1-Configuration] are omitted.

The risk determination unit 16c of the theft state determination unit 16 acquires the difference calculated by the difference calculation unit 16a, and determines the risk level at which the terminal B is predicted to be in the theft state based on the content of the difference. As a result of the determination, if the degree of risk is equal to or greater than a predetermined value, the degree-of-risk determination unit 16a transmits the determined degree of risk to the control unit 17 assuming that the terminal B is “theft”. When the degree of risk is less than the predetermined value, the terminal B determines that “it is not in a stolen state”.

A process for determining whether or not the terminal B is in a stolen state in the above-described risk determination means 16c will be described. The greater the difference obtained from the difference calculation unit 14a, the greater the risk level determination unit 16c determines the risk level because the risk of the terminal B being stolen is high. There are various methods for determining the risk level. In this embodiment, a predetermined reference value is set in the risk level determination means 16a, and the obtained difference is compared with the reference value. Therefore, the method of determining the degree of risk is used.

The control unit 17 instructs the leakage prevention processing of confidential information stored in the terminal B via the server control interface 10 according to the risk acquired from the risk determination unit 16c. The information leakage prevention process executed in the terminal B that has received the execution instruction is preferably in a form in which a strict control process is executed as the degree of danger increases.

With the above-described configuration, it is possible to change and execute the control executed in accordance with the magnitude of the risk in consideration of the risk that the terminal is in a stolen state. As a result, an information leakage accident can be predicted and a response corresponding to the situation can be performed.

Example 3 Treatment Process
Next, an example of a processing process in the information leakage prevention system of the present invention will be described with reference to the functional block diagram of FIG. 18, the flowchart of FIG. The operations from (S301) to (S308) in the flowchart of FIG. 19 are the same as those in [Embodiment 1-Processing Process], and the details thereof are omitted. Further, in this processing process, as in the first embodiment, a case where the possibility of theft is determined using a time when the terminal B is not connected to the network N will be described as an example.

The risk level determination unit 16c of the theft state determination unit 16 has a risk level table in which a predetermined reference value and a risk level are associated with each other, and corresponds to the difference calculated by the difference calculation unit 16a. Is determined as the risk level indicating the risk that the terminal B is in a stolen state (S309). FIG. 20 shows an example of contents stored in the risk level table. In the case of this processing process, since the difference is “65”, the degree of risk is determined to be “1”.

Next, when the determined degree of risk is equal to or greater than a predetermined value, the degree-of-risk determination unit 16c determines that the theft is in progress (S310). In this processing process, if the degree of risk is “1” or higher, the terminal B determines that “theft is in progress”.

When the risk level determination unit 16 c determines that “theft is in progress”, the risk level determination unit 16 c transmits the determined risk level to the control unit 17. In the case of this processing process, since the degree of risk is “1”, it is determined that the device is stolen, and the degree of risk “1” is transmitted to the control unit 17.

The control unit 17 has a processing content table in which the risk level and the information leakage prevention processing content are associated with each other, and executes confidential information leakage prevention processing according to the risk level received from the risk level determination unit 16c. (S312). FIG. 21 shows an example of contents stored in the processing content table. In the case of this processing process, since the risk level is “1”, a control instruction to display a warning notification on the terminal display device 4 b of the terminal B is transmitted to the server control interface 10.

When the risk level is determined to be 2 or more for the control process by the control unit 17 described above, it is preferable that the information leakage prevention process below the determined level is also cumulatively executed. For example, if the determined risk level is “5”, the control unit 17 transmits a control instruction to display a warning notification on the terminal display device 4b of the terminal B via the server control interface 10 (risk level 1). Process), an operation lock instruction for invalidating the operation control instruction from the terminal input device 3b is transmitted (risk level 2 process), and a control instruction for blacking out portions other than the warning notification displayed on the terminal display device 4b (Risk level 3 processing), an instruction to delete information stored in the confidential information storage unit 34 (risk level 4 processing), and a control instruction for forcibly turning off the terminal B. A form in which information leakage prevention processing is cumulatively executed in the form of transmission (risk level 5 processing) is conceivable.

Moreover, the control part 17 is good also as a structure which has the process content table (not shown) for management terminals which prescribed | regulated the process content with respect to the management terminal C inside. Similarly to the above, this processing content table preferably has a format in which confidential information leakage prevention processing corresponding to the risk received from the risk determination means 16c is defined. More specifically, the management terminal display device 4c is notified of the list of terminals B in the stolen state as a risk 1 process in a message format, and the message format notification is emphasized as a recommendation notification as a risk 2 process. As a risk level 3 process, the recommendation notification is enlarged and highlighted as a warning notification, and as a risk level 4 process, the display is flashed together with the warning notification. The content of generating a warning sound together with the warning notification can be considered. Further, similarly to the control process for the terminal B described above, the control process for the management terminal C is preferably performed in a form that is cumulatively executed according to the risk level.

Example 4 Configuration
The fourth embodiment of the present invention will be described below with reference to the drawings. In FIG. 22, the functional block diagram of the management server A, the terminal B, and the management terminal C which comprise the information leakage prevention system of this invention is shown. Each component and each means in the present invention are only logically distinguished in function, and may be physically or virtually identical.

FIG. 22 shows only the minimum equipment, components, means and the like necessary in the present invention, and the description of other devices, components, means, etc. is omitted. In addition, the same code | symbol is attached | subjected to the same structural part etc. as [Example 1-configuration] and [Example 3-configuration], and the detailed explanation is omitted when performing the same operation.

The present invention is provided with a data amount generation unit 38 for generating information relating to the data amount of confidential information stored in the confidential information storage unit 34 inside the terminal B, and the server processing of the management server A. The device 1a includes a data amount acquisition unit 19 for acquiring the data amount of confidential information stored in the terminal B received by the server communication device 5a via the server control interface 10, and a risk determination unit of the theft state determination unit 16. It differs from [Embodiment 3-Configuration] in that it includes a risk changing means 16d for changing the risk determined in 16c.

The operation of each component will be described below based on the functional block diagram constituting the present invention shown in FIG. In addition, the detailed description is abbreviate | omitted about the structure part similar to [Example 1-configuration] and [Example 3-configuration] or the same operation.

The data amount generation unit 38 of the terminal B generates information related to the data amount stored in the confidential information storage unit 34. In the present embodiment, a case will be described in which the number of information files stored in the confidential information storage unit 34 as information relating to the data amount is generated. The data amount generation unit 38 generates data amount information obtained by combining the generated data amount with its own terminal identification information, and transmits the data amount information to the management server A via the terminal control interface 30 and the terminal communication device 5b. The transmission timing may be transmitted at every predetermined timing, or may be transmitted at a timing when a request from the management server A is received. In this embodiment, the request is transmitted at the timing when the request from the management server A is received.

The data amount receiving unit 19 of the management server A acquires the data amount information of the terminal B connected to the network N. And the acquired data amount information is hold | maintained for every terminal identification information. The holding format may be any format that allows the current amount of confidential information stored in the terminal B to be grasped. For example, a format having a primary storage area for holding data amount information is conceivable. The storage format at that time is preferably a format in which the existing data amount information already stored is overwritten and stored over the newly generated data amount information.

The risk determination unit 16c of the theft state determination unit 16 acquires the difference calculated by the difference calculation unit 16a, and determines the risk level that the terminal A is predicted to be in the theft state based on the content of the difference. As a result of the determination, if the degree of risk is equal to or greater than a predetermined value, the degree-of-risk determination unit 16c transmits the determined degree of risk to the degree-of-risk changing unit 16d, assuming that the terminal B is in a stolen state. When the degree of risk is less than the predetermined value, it is determined that the terminal B is not in a stolen state.

When the risk level change unit 16d receives the risk level from the risk level determination unit 16c, the risk level change unit 16d acquires the data amount of the confidential information from the data amount acquisition unit 19. Then, the degree of risk is changed based on the amount of data in consideration of the amount of information leakage damage that occurs when the terminal A is stolen. There are various methods for changing the risk level. In this embodiment, a predetermined reference value is set inside the risk change means 16d, and the acquired data amount is compared with the reference value. By doing so, the method of changing the risk level will be used. The changed risk level is transmitted to the control unit 17.

By adopting the above configuration, it is possible to determine the theft state considering not only the terminal theft risk, but also the predicted amount of confidential information that may be leaked due to theft, and the magnitude of the damage that accompanies it, Appropriate control according to the determined theft state can be executed.

Example 4 Treatment Process
Next, an example of a processing process in the information leakage prevention terminal of the present invention will be described with reference to the functional block diagram of FIG. 24, the flowchart of FIG. The operations from (S401) to (S408) and (S413) to (S414) in the flowchart of FIG. 25 are the same as those in [Example 1-Processing Process] and [Example 3-Processing Process]. The details are omitted. Further, in this processing process, as in the first embodiment, a case where the possibility of theft is determined using a time when the terminal B is not connected to the network N will be described as an example.

When the data amount generation unit 38 receives the data amount transmission request from the management server A, the data amount generation unit 38 generates data amount information using the number of information files stored in the confidential information storage unit 34 as the data amount. Send to. In this processing process, a case where the number of information files (data amount) stored in the confidential information storage unit 34 is “20” will be described as an example.

The risk level determination unit 16c of the theft state determination unit 14 has a risk level table in which a predetermined reference value and a risk level are associated with each other, and corresponds to the difference calculated by the difference calculation unit 16a. Is determined as the risk level indicating the risk that the terminal B is in a stolen state (S409). FIG. 20 shows an example of contents stored in the risk level table. In the case of this processing process, since the difference is “65”, the degree of risk is determined to be “1”.

Next, the risk determination means 16c determines that it is in a stolen state when the determined risk is equal to or greater than a predetermined value (S410). In this processing process, when the degree of risk is “1” or more, the terminal A is determined to be in a stolen state.

When the risk determination unit 16c determines that it is a theft state, the risk determination unit 16c transmits the determined risk to the risk change unit 16d. In the case of this processing process, since the risk level is “1”, it is determined that the device is in a stolen state, and the risk level “1” is transmitted to the risk level changing means 16d.

The data amount acquisition unit 19 acquires the data amount “20” and the terminal identification information as the data amount information from the terminal B. Further, the data amount “20” is stored in the storage area within itself in association with the terminal identification information (S411).

The risk level change means 16d has a risk level change table in which the reference value and the risk level change value are associated with each other. When the risk level is received from the risk level determination means 16c, the risk level is changed according to the risk level change value corresponding to the data volume acquired from the data volume acquisition unit 19 (S412). FIG. 24 shows an example of contents stored in the risk change table. In the case of this processing process, since the number of files is “20”, the risk level change value is “+4”, so the risk level is changed to “5”. The changed risk level is transmitted to the control unit 17.

A: Management server B: Terminal C: Management terminal N: Network 1: Processing device 1a: Server processing device 1b: Terminal processing device 1c: Management terminal processing device 2: Storage device 2a: Server storage device 2b: Terminal storage device 3: Input device 3a: Server input device 3b: Terminal input device 3c: Management terminal input device 4: Display device 4a: Server display device 4b: Terminal display device 4c: Management terminal display device 5: Communication device 5a: Server communication device 5b: Terminal Communication device 5c: Management terminal communication device 6: Arithmetic device 7: Control device 10: Server control interface 11: Operation information acquisition unit 12: Environmental information acquisition unit 13: Specific state information generation unit 14: Specific environment information extraction unit 15: Standard State information generation unit 16: Theft state determination unit 16a: Difference calculation unit 16b: State determination unit 17: Control unit 18: Usage state information Acquisition unit 21: Operation information storage unit 22: Environmental information storage unit 23: Usage state information storage unit 30: Terminal control interface 31: Operation information generation unit 32: Environmental information generation unit 33: Terminal control unit 34: Confidential information storage unit 35 : Operation information storage unit 36: Specific environment information extraction unit 37: Usage state information generation unit 38: Data amount generation unit 40: Management terminal control interface 41: Management terminal control unit

Claims (6)

A theft state determination system having a management server including a processing device for determining whether a terminal connected via a communication network is in a theft state,
The processing device of the management server is
As information representing the operating environment of the terminal, an environment information acquisition unit that acquires information on the terminal itself and the situation around the terminal as environment information when the terminal starts operation ;
An operation information acquisition unit for acquiring operation information executed by a user on the terminal;
A specific state generation unit that generates information on the use state as specific state information from environment information and operation information of a specific terminal;
Among the environment information acquired by the environment information acquisition unit, a specific environment information extraction unit that extracts the environment information of the specific terminal as a specific environment;
A standard state information generating unit that extracts a limited number of terminals having the same environment information as the specific environment, and generates information on the use state as standard state information from the extracted environment information and operation information of the terminal ;
A theft state determination unit that compares the specific state information with the standard state information and determines the theft risk of the specific terminal;
A control unit that executes information leakage prevention processing of the confidential information according to the determination result;
In addition,
The environment information acquisition unit includes, as environment information, any one or more of the presence / absence of network connection, the operation time / time zone of the terminal, or the activation state of software and applications, and the terminal itself when the terminal is operating and theft condition determination system characterized that you get information about the status of the surrounding of the terminal. A terminal having a storage device for storing confidential information;
A management server comprising a processing device for determining whether the terminal is stolen;
A theft status determination system connected via a communication network,
The terminal
As information representing the operating environment , an environment information generating unit that generates, as environment information, information related to the terminal itself and the situation around the terminal when the terminal starts operation ;
An operation information generation unit for generating operation information executed by the user;
From the environment information and the operation information, the information on the usage status of the terminal itself is generated as usage status information, and includes a usage status information generation unit that transmits to the management server,
The processing device of the management server is
A specific state information generation unit that generates use state information acquired from a specific terminal as specific state information;
Among the environment information included in the specific state information, a specific environment information extraction unit that extracts environment information of the specific terminal as a specific environment;
A standard state information generation unit that extracts a limited number of terminals having the same environment information as the specific environment , acquires use state information of the extracted terminals , and generates standard use state information;
A theft state determination unit that compares the specific state information with the standard state information and determines the theft risk of the specific terminal;
A control unit that executes information leakage prevention processing of the confidential information according to the determination result;
In addition,
The environment information generation unit includes, as environment information, any one or more of the presence / absence of network connection, the operation time / time zone of the terminal, or the activation state of software or application, and the terminal itself when operating the terminal and theft condition determination system characterized that you generated to obtain information about the status of the surrounding of the terminal. The theft state determination unit in the processing device of the management server,
Difference calculating means for calculating a difference between the specific state information and the standard state information;
A risk determination means for determining a risk indicating a risk that the terminal is in a stolen state based on the calculated difference;
The theft state determination system according to claim 1, further comprising: The processing device of the management server further includes:
A data amount acquisition unit for acquiring the amount of confidential information stored in the storage device of the terminal;
The theft state determination unit, a risk level changing means for changing a risk level indicating a risk that the terminal is in a theft state based on the data amount;
The theft state determination system according to claim 3 , wherein: A program used in a theft state determination system having a management server having a processing device for determining whether a terminal connected via a communication network is in a theft state,
In the processing device of the management server,
As information representing the operating environment of the terminal, an environment information acquisition function for acquiring information on the terminal itself and the situation around the terminal as environment information when the terminal starts operation ;
An operation information acquisition function for acquiring operation information executed by a user on the terminal;
A specific state generation function for generating information on a use state as specific state information from environment information and operation information of a specific terminal;
Of the environment information acquired by the environment information acquisition function, a specific environment information extraction function for extracting the environment information of the specific terminal as a specific environment;
A standard state information generation function for extracting a terminal having the same environment information as that of the specific environment, and generating information on the usage state as standard state information from the environment information and operation information of the extracted terminal ;
The theft status determination function for comparing the specific status information with the standard status information and determining the theft risk of the specific terminal;
A control function for executing information leakage prevention processing of the confidential information according to the determination result;
In addition,
The environment information acquisition function includes, as environment information, any one or more of the presence / absence of network connection, the operation time / time zone of the terminal, or the activation state of software and applications, and the terminal itself when the terminal operates and theft condition determination program characterized that you get information about the status of the surrounding of the terminal. A terminal having a storage device for storing confidential information;
A management server comprising a processing device for determining whether the terminal is stolen;
Is used in a theft state determination system connected via a communication network,
In the terminal,
As information representing the operating environment , an environment information generating function that generates information on the terminal itself and the situation around the terminal as environment information when the terminal starts operation ;
An operation information generation function for generating operation information executed by a user and transmitting the operation information to the management server;
From the environment information and the operation information, a use state information generation function for generating information on the use state of the terminal itself as use state information is executed,
In the processing device of the management server,
A specific state information generation function for generating use state information acquired from a specific terminal as specific state information;
Of the environment information included in the specific state information, a specific environment information extraction function for extracting the environment information of the specific terminal as a specific environment;
A standard state information generation function that extracts and restricts terminals having the same environment information as the specific environment , acquires the use state information of the extracted terminals , and generates standard use state information;
The theft status determination function for comparing the specific status information with the standard status information and determining the theft risk of the specific terminal;
A control function for executing information leakage prevention processing of the confidential information according to the determination result;
In addition,
The environment information generation function includes, as environment information, any one or more of the presence / absence of network connection, the operation time / time zone of the terminal, or the activation state of software or application, and the terminal itself when operating the terminal and theft condition determination program characterized that you generated to provide information on surroundings.

Images