JP5672899B2 - Information processing apparatus, information processing system, message processing method, and message processing program - Google Patents

Description

  The present invention relates to an information processing device, an information processing system, a message processing method, and a message processing program, and particularly relates to an information processing device, an information processing system, a message processing method, and a message processing program for processing a message from an application of another device. .

  An example of a configuration relating to data transfer in the TCP / IP (Transmission Control Protocol / Internet Protocol) communication field or the like in the client / server model is disclosed in JP-T-2006-067831 (Patent Document 1). That is, in the firewall, only an aggregate port obtained by aggregating one or a plurality of ports that allow passage is permitted. When connecting to a target connection request destination connected to the internal network, the communication source client issues connection request information in which the target connection request destination is set, with the aggregation port as the destination. In the relay server, the connection request information acquisition unit reads the connection request information input from the aggregation port through the firewall. The relay means changes the destination to the target connection request destination based on the connection request information, transmits the connection request information to the target connection request destination, makes a connection request, and obtains the connection acquired from the target connection request destination. The result information is transmitted to the communication source client.

  The following technique is disclosed in JP-T-2000-016201 (Patent Document 2). That is, an http communication program connected to an application program linked with a Web server by the HTTP (HyperText Transfer Protocol) incorporated in a plurality of client PCs and each client PC (Personal Computer) via the Internet and / or an intranet. And a Web server having a CGI (Common Gateway Interface) interface for executing the application and having a Web-type chat server. The Web-type chat server uses an application of a PC and each client communicates with the Internet and / or an intranet. The HTTP protocol-linked multimedia direct communication system configured to exchange electronic texts in a pseudo real-time state.

  Japanese Unexamined Patent Application Publication No. 2007-142675 (Patent Document 3) discloses the following technique. That is, the communication apparatus transmits a port number information message including the converted port number, which is converted by the network relay apparatus when the first message transmitted by the first protocol included in the predetermined protocol is transmitted to the server. A predetermined protocol includes a transmission / reception unit that receives a message, a UDP (User Datagram Protocol) processing unit that creates a second message in which the source port number is set to the same value as the converted port number, and a second message An ESP (Encapsulated Security Payload) processing unit that creates a third message encapsulated by the second protocol that is not, and a fourth message that is encapsulated by the third protocol included in the predetermined protocol A UDP processing unit for creating a server and a fourth message via a network relay device It transmits to and a transceiver.

  Japanese Patent Laid-Open No. 2010-093465 (Patent Document 4) discloses the following technique. That is, in a data transfer system that transmits a data packet including a header area, a payload area, and a trailer area from a data transmission source to a data transfer destination via a route selection device, the data transmission source A next data header adding unit for adding header information of the next data packet to the trailer area, wherein the route selection device is configured to generate a next data packet based on the next data header information attached to the data packet received from the data transmission source; A header analysis unit for determining a transfer destination port of the network.

JP 2006-067831 A Special table 2000-016201 JP 2007-142675 A JP 2010-093465 A

  FIG. 15 is a diagram for explaining Problem 1 of the related art.

  Referring to FIG. 15, in an application that performs TCP / IP communication, communication is not established if the port number of each application is duplicated. Specifically, if the port numbers corresponding to the applications 1 and 2 are in conflict with 8500, the server-side application 2 cannot be activated (Problem 1).

  FIG. 16 is a diagram for explaining Problem 2 of the related art.

  Referring to FIG. 16, in order to solve Problem 1, the firewall needs to perform port punching processing, that is, access restriction exception processing, for the number of services of the application that performs TCP / IP communication. Specifically, it is necessary to perform punching processing of two port numbers, port number 8500 corresponding to application 1 and port number 8501 corresponding to application 2. However, such a hole punching process becomes a factor that weakens the security of the firewall (Problem 2).

  Although it is possible to prepare a dedicated module and a dedicated server on the client side and aggregate the number of holes in the firewall, there is a problem that a module setting man-hour and a server purchase cost are required.

  Patent Documents 1 to 4 do not disclose a configuration for solving such a problem.

  The present invention has been made to solve the above-described problems, and an object of the present invention is to process a message from an application of another device with a simple configuration and to improve security. An apparatus, an information processing system, a message processing method, and a message processing program are provided.

In order to solve the above problems, an information processing apparatus according to an aspect of the present invention is an information processing apparatus for processing a message from an external application in another apparatus by its own internal application, and a plurality of the external apparatuses Corresponding to the message received by the message receiver and a message receiver for receiving a message generated by the external application from one or more external applications so as to include a common aggregate port number among applications A determination unit for determining the internal application to be performed; and a message transfer unit for transferring the message corresponding to the internal application determined by the determination unit.

In order to solve the above-described problems, an information processing system according to an aspect of the present invention includes a client and a server, and the client includes a common aggregate port number among the applications depending on the applications to be executed. messages generated transmit Previous SL server, the server determines its own application the messages containing the aggregated port number received from one or more of the application, corresponding to the received message, determines The corresponding message is transferred to the application.

In order to solve the above problems, a message processing method according to an aspect of the present invention is a message processing method in an information processing apparatus for processing a message from an external application in another apparatus by its own internal application, Receiving from one or more external applications a message generated by the external application so as to include a common aggregate port number among the plurality of external applications, and determining the internal application corresponding to the received message And transferring the corresponding message to the determined internal application.

In order to solve the above problems, a message processing program according to an aspect of the present invention is a message processing program in an information processing apparatus for processing a message from an external application in another apparatus by its own internal application, Receiving a message generated by the external application from one or more external applications so as to include a common aggregate port number among the plurality of external applications, and the internal corresponding to the received message A step of determining an application and a step of transferring the corresponding message to the determined internal application are executed.

  According to the present invention, it is possible to process a message from an application of another device and improve security with a simple configuration.

It is a figure which shows the structure of the information processing system which concerns on the 1st Embodiment of this invention. It is a schematic block diagram of the server which concerns on the 1st Embodiment of this invention. It is a figure which shows an example of the content of the application determination database in the information processing apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows an example of the content of the src / dst information database in the information processing apparatus which concerns on the 1st Embodiment of this invention. It is a flowchart which shows the operation | movement procedure at the time of the information processing apparatus which concerns on the 1st Embodiment of this invention performing message processing. It is a flowchart which shows the operation | movement procedure at the time of the information processing apparatus which concerns on the 1st Embodiment of this invention performing message processing. It is a flowchart which shows the operation | movement procedure at the time of the information processing apparatus which concerns on the 1st Embodiment of this invention performing message processing. It is a figure which shows the structure of the information processing system which concerns on the 2nd Embodiment of this invention. It is a figure which shows an example of the content of the application data storage database in the information processing apparatus which concerns on the 2nd Embodiment of this invention. It is a flowchart which shows the operation | movement procedure at the time of the information processing apparatus which concerns on the 2nd Embodiment of this invention performing a message storage process. It is a figure which shows the structure of the information processing system which concerns on the 2nd Embodiment of this invention. It is a flowchart which shows the operation | movement procedure at the time of the information processing apparatus which concerns on the 2nd Embodiment of this invention performing a message learning process. It is a figure which shows the structure of the information processing system which concerns on the 2nd Embodiment of this invention. It is a figure which shows the structure of the information processing system which concerns on the 2nd Embodiment of this invention. It is a figure for demonstrating the subject 1 of related technology. It is a figure for demonstrating the subject 2 of related technology.

  Hereinafter, a first embodiment of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

<First Embodiment>
[Configuration and basic operation]
FIG. 1 is a diagram showing a configuration of an information processing system according to the first embodiment of the present invention.

  Referring to FIG. 1, the information processing system 401 includes a server 30 and clients 10 and 20 that are information processing apparatuses. In FIG. 1, the number of clients in the information processing system 401 is two, but the information processing system 401 may be configured to include one or three or more clients.

  The information processing apparatus according to the first embodiment of the present invention typically has a basic structure of a computer having a general-purpose architecture, and executes various programs as will be described later by executing a preinstalled program. Provide functionality. In general, such a program is stored in a recording medium such as a flexible disk and a CD-ROM (Compact Disk Read Only Memory) or distributed via a network or the like.

  The program according to the first embodiment of the present invention may be provided by being incorporated in a part of another program such as an OS. Even in this case, the program itself according to the first embodiment of the present invention does not include a module included in another program as described above, and the process is executed in cooperation with the other program. Is done. In other words, the program according to the first embodiment of the present invention may be a form incorporated in such another program.

  Alternatively, some or all of the functions provided by program execution may be implemented as a dedicated hardware circuit.

  FIG. 2 is a schematic configuration diagram of a server according to the first embodiment of the present invention. The configuration of the clients 10 and 20 is the same as that of the server 30, for example.

  Referring to FIG. 2, the server 30 includes a central processing unit (CPU) 101 that is an arithmetic processing unit, a main memory 102, a hard disk 103, an input interface 104, a display controller 105, and a data reader / writer 106. And a communication interface 107. These units are connected to each other via a bus 121 so that data communication is possible.

  The CPU 101 performs various operations by developing programs (codes) stored in the hard disk 103 in the main memory 102 and executing them in a predetermined order. The main memory 102 is typically a volatile storage device such as a DRAM (Dynamic Random Access Memory), and stores data indicating various arithmetic processing results in addition to programs read from the hard disk 103. To do. The hard disk 103 is a non-volatile magnetic storage device, and stores various setting values in addition to programs executed by the CPU 101. The program installed in the hard disk 103 is distributed in a state of being stored in the recording medium 111 as will be described later. In addition to the hard disk 103 or instead of the hard disk 103, a semiconductor storage device such as a flash memory may be employed.

  The input interface 104 mediates data transmission between the CPU 101 and an input unit such as a keyboard 108, a mouse 109, and a touch panel (not shown). That is, the input interface 104 receives an external input such as an operation command given by a user operating the input unit.

  The display controller 105 is connected to a display 110 that is a typical example of a display unit, and controls display on the display 110. That is, the display controller 105 displays the result of image processing by the CPU 101 to the user. The display 110 is, for example, an LCD (Liquid Crystal Display) or a CRT (Cathode Ray Tube).

  The data reader / writer 106 mediates data transmission between the CPU 101 and the recording medium 111. That is, the recording medium 111 is distributed in a state where a program executed by the server 30 is stored, and the data reader / writer 106 reads the program from the recording medium 111. Further, the data reader / writer 106 writes the processing result in the server 30 to the recording medium 111 in response to the internal command of the CPU 101. The recording medium 111 is, for example, a general-purpose semiconductor storage device such as CF (Compact Flash) and SD (Secure Digital), a magnetic storage medium such as a flexible disk, or a CD-ROM (Compact Disk Read Only). Memory).

  The communication interface 107 mediates data transmission between the CPU 101 and other personal computers and server devices. The communication interface 107 typically has an Ethernet (registered trademark) or USB (Universal Serial Bus) communication function. Instead of installing the program stored in the recording medium 111 in the server 30, a program downloaded from a distribution server or the like via the communication interface 107 may be installed in the server 30.

  Further, other output devices such as a printer may be connected to the server 30 as necessary.

[Control structure]
Next, a control structure for providing a message processing function in the server 30 will be described.

  FIG. 1 also shows a control structure provided by the information processing apparatus according to the first embodiment of the present invention. Each block in the server 30 shown in FIG. 1 is provided by developing a program (code) stored in the hard disk 103 in the main memory 102 and causing the CPU 101 to execute it. A part or all of the control structure shown in FIG. 1 may be realized by dedicated hardware and / or a wiring circuit.

  Referring to FIG. 1, server 30 includes a message transmission / reception unit 33, a message transfer unit 35, a screen output unit 39, and a determination unit 41 as its control structure. The server 30 also includes an application determination database (application information storage unit) 38, a GUI (Graphical User Interface) 40, and an src / dst information database (connection information storage unit) 42. The determination unit 41 includes a database (DB) reference unit 41a, a consistency determination unit 41b, and a database (DB) rewriting unit 41c. The application determination database (DB) 38 and the src / dst information database (DB) 42 are stored in the main memory 102 or the hard disk 103 shown in FIG.

  Note that the GUI 40 is not limited to the configuration mounted on the server 30 and may be mounted on another device.

  An application 31 and an application 32 are installed on the server 30. An application 11 and an application 12 are mounted on the client 10. An application 21 and an application 22 are mounted on the client 20. The application 31, the application 11, and the application 21 correspond as the same type of application A, and the application 32, the application 12, and the application 22 correspond as the same type of application B.

  Also, the reception ports of the on-client applications (external applications) 11, 12, 21, 22 are 1111, 2222, 3333, 4444, respectively. The transmission destination ports of the applications 11, 12, 21, and 22 on the client to the server 30 are the port 8500, and the reception ports of the applications (internal applications) 31 and 32 on the server are the ports 8501 and 8502, respectively.

  The server 30 processes the message from the client application on the clients 10 and 20 by the application 31 and 32 on its own server.

  The clients 10 and 20 transmit the message generated by each application to be executed to the server 30 including the aggregated port number.

  The server 30 receives a message including the aggregate port number from each application, determines its own application corresponding to the received message, and transfers the corresponding message to the determined application.

  More specifically, in the server 30, the message sending / receiving unit 33 receives a message including the aggregate port number from each client application.

  The determination unit 41 determines an application on the server corresponding to the message received by the message transmission / reception unit 33.

  The message transfer unit 35 transfers a corresponding message to the server application determined by the determination unit 41.

  For example, the determination unit 41 determines the individual port number of the application on the server corresponding to the message based on the message received by the message transmission / reception unit 33.

  The message transfer unit 35 generates and transfers a message in which the aggregate port number of the message received by the message transmission / reception unit 33 is replaced with the individual port number determined by the determination unit 41.

  FIG. 3 is a diagram showing an example of the contents of the application determination database in the information processing apparatus according to the first embodiment of the present invention.

  Referring to FIG. 3, application determination database 38 stores application information indicating a determination rule, that is, a correspondence relationship between an application on the server and a predetermined character string included in a message. The application determination DB 38 is used by the consistency determination unit 41b in the determination unit 41 to obtain message transfer destination information.

  The determination unit 41 determines the application on the server corresponding to the message by collating the character string of the message received by the message transmission / reception unit 33 with a predetermined character string in the application information.

  For example, the application determination DB 38 stores an application name, a message direction, a transfer destination port to the application on the server, a comparison part, and a comparison character string.

  In the information processing system according to the first embodiment of the present invention, a discrimination rule given by an administrator is used.

  First, since a protocol specification is generally disclosed, a template is created for a message for which a discrimination rule can be prepared in advance and stored in the application discrimination DB 38.

  For example, an HTTP (HyperText Transfer Protocol) message published by RFC (Request for Comments) as the application B and the message direction is Client → Server is “GET ****** HTTP / ******”. Protocol header. Here, “***” is a non-fixed character string. Therefore, a fixed character string “GET” can be templated as a discrimination rule.

  Further, since a message whose message direction is Server → Client has a protocol header “HTTP / *** 200 OK”, a fixed character string “HTTP /” can be templated as a determination rule.

  In addition, it is possible to prepare discrimination rules in addition to these by adding an algorithm for creating discrimination rules. For example, for Simple Mail Transfer Protocol (SMTP), a fixed character string such as “HELO” can be templated as a determination rule.

  FIG. 4 is a diagram showing an example of the contents of the src / dst information database in the information processing apparatus according to the first embodiment of the present invention.

  Referring to FIG. 4, src / dst information database 42 stores connection information indicating identification information of an application on the server and a client executing a client application that has already established a connection with the application on the server.

  The determination unit 41 determines the application on the server corresponding to the message by collating the identification information of the transmission source of the message received by the message transmission / reception unit 33 with the identification information in the connection information.

  For example, the src / dst information DB 42 includes an application name, client information (source information) such as an IP address and a reception port for an application on the client, and a transfer destination port to the application on the server (by the DB rewriting unit 41 c in the determination unit 41. Destination information) is stored. The src / dst information DB 42 is used to transfer a message from the client application that has once established a connection to the application on the server without matching the determination rule in the application determination DB 38.

[Operation]
Next, the operation of the information processing apparatus according to the first embodiment of the present invention will be described with reference to the drawings. In the first embodiment of the present invention, the message processing method according to the first embodiment of the present invention is performed by operating the server 30. Therefore, the description of the message processing method according to the first embodiment of the present invention is replaced with the following description of the operation of the server 30. In the following description, FIG. 1 is referred to as appropriate.

  5 and 6 are flowcharts showing an operation procedure when the information processing apparatus according to the first embodiment of the present invention performs message processing.

  5 and 6, first, a message (step S303) transmitted from the application 11 in the client 10 is received by the message transmission / reception unit 33 in the server 30 and sent to the matching determination unit 41b (step S215). .

  Next, the matching determination unit 41b refers to the application determination DB 38 via the DB reference unit 41a (step S216).

  Next, the consistency determination unit 41b calls a determination rule stored in the application determination DB 38 via the DB reference unit 41a, checks whether there is a determination rule corresponding to the message (step S217), and whether there is a corresponding determination rule. The processing divided according to the case is performed.

  In other words, when there is no corresponding determination rule (NO in step S218), the consistency determination unit 41b discards the message (step S219).

  Next, the matching determination unit 41b displays the result on the GUI 40 from the screen output unit 39 and ends the process. The GUI 40 displays “unregistered message has been discarded” as error information (steps S220 and S221).

  On the other hand, if there is a corresponding determination rule (YES in step S218), the consistency determining unit 41b stores the source information and destination information of the message in the src / dst information DB 42 via the DB rewriting unit 41c. It is confirmed whether it is done (step S222).

  When the corresponding information is not stored in the src / dst information DB 42, the matching determination unit 41b stores the corresponding information in the src / dst information DB 42 in the DB rewrite unit 41c (step S223). That is, after determining the application on the server corresponding to the message received by the message transmission / reception unit 33 (YES in step S218), the consistency determination unit 41b determines that there is no connection information corresponding to the determined message (step S218). In S222, the server identification information of the client executing the application on the server corresponding to the determined message and the client application that has transmitted the message is added to the connection information in the src / dst information DB.

  Then, the matching determination unit 41b transfers the message from the message transfer unit 35 to the application on the server (step S224).

  On the other hand, when the corresponding information is stored in the src / dst information DB 42, the matching determination unit 41b simply transfers the message from the message transfer unit 35 to the application on the server (step S224).

  Next, the application on the server receives a message from the message transfer unit 35 (step S103) and transmits a response message (step S104).

  Next, the matching determination unit 41b receives a response message from the application on the server (step S225), and refers to the application determination DB 38 via the DB reference unit 41a (step S226).

  Next, the matching determination unit 41b calls the determination rule stored in the application determination DB 38 via the DB reference unit 41a, and checks whether there is a corresponding determination rule for the response message from the application on the server (step S227). Depending on the presence / absence of a corresponding determination rule, processing is performed according to the case.

  In other words, when there is no corresponding determination rule (NO in step S228), the consistency determination unit 41b discards the message (step S229).

  Next, the matching determination unit 41b displays the result on the GUI 40 from the screen output unit 39 and ends the process. The GUI 40 displays “unregistered message has been discarded” as error information (steps S230 and S231).

  On the other hand, if there is a corresponding determination rule (YES in step S228), the consistency determining unit 41b simply transmits the message from the message sending / receiving unit 33 to the client application (step S232).

  Next, the application on the client receives the message from the matching determination unit 41b (step S304).

  FIG. 7 is a flowchart showing an operation procedure when the information processing apparatus according to the first embodiment of the present invention performs message processing.

  FIG. 7 shows an operation in a state where the processing shown in FIGS. 5 and 6 is performed and a connection between the client application and the server application is established.

  First, in a state where the connection between the client application and the server application is established, a message is transmitted from the application 11 in the client 10 (step S305).

  Next, the message sending / receiving unit 33 in the server 30 receives the message and sends it to the matching determination unit 41b (step S233).

  Next, the matching determination unit 41b refers to the src / dst information DB 42 via the DB rewriting unit 41c, and based on the transmission source information included in the message, that is, the client IP address and the reception port of the application on the client, The destination information stored in the dst information DB 42, that is, the transfer destination port is called (step S234). Then, the matching determination unit 41b includes the destination information in the message and transfers the message from the message transfer unit 35 to the application (step S235).

  Next, the application 31 receives a message from the message transfer unit 35 (step S105) and transmits a response message (step S106).

  Next, the message transmitting / receiving unit 33 receives the response message (step S236), and simply transmits the response message to the application 11 in the client 10 (step S237).

  Next, the application 11 receives the response message from the message sending / receiving unit 33 (step S306).

  Next, when the application 11 does not disconnect the connection with the application 31 (NO in step S307), the process ends.

  On the other hand, when the application 11 disconnects the connection with the application 31 (YES in step S307), the application 11 transmits a FIN packet to the server 30 (step S308).

  Next, when receiving the FIN packet (step S238), the matching determination unit 41b transfers the FIN packet from the message transfer unit 35 to the application 31 (step S241).

  Here, when the information regarding the source of the FIN packet exists in the src / dst information DB 42 (YES in step S239), the matching determination unit 41b controls the DB rewriting unit 41c to set the corresponding information to src / dst. It deletes from information DB42 (step S240).

  Next, the application 31 receives the FIN packet (step S107) and transmits an ACK packet (step S108).

  Next, the message transmission / reception unit 33 receives an ACK packet from the application 31 (step S242), and transmits the ACK packet to the application 11 in the client 10 (step S243).

  Next, the application 11 in the client 10 receives the ACK packet and ends the processing (step S309).

  By the way, in an application that performs TCP / IP communication, communication is not established if the port number of each application is duplicated. Further, if the hole punching process is performed for the number of services of the application that performs TCP / IP communication, the firewall security is weakened.

  In addition, it is possible to prepare a dedicated module and dedicated server on the client side and aggregate the number of firewall holes, but it takes module setting man-hours and server purchase costs. Specifically, even if the configuration is to minimize the perforation of the firewall, when installing multiple applications on the client / server model, a dedicated module and dedicated server are prepared, application setting changes and message determination rules. Need to be set in advance, which requires man-hours and hardware costs.

  For example, since the configuration described in Patent Document 1 is a configuration in which a target connection request destination is included in a packet in the communication source client, a dedicated module or the like is required in the communication source client.

  On the other hand, in the information processing apparatus according to the first embodiment of the present invention, the message transmission / reception unit 33 receives a message including the aggregation port number from one or more applications on the client. The determination unit 41 determines an application on the server corresponding to the message received by the message transmission / reception unit 33. Then, the message transfer unit 35 transfers a corresponding message to the server application determined by the determination unit 41.

  Specifically, a “discrimination rule for discriminating an application by pattern matching” is prepared and stored in the application discrimination DB. This determination rule may be given by an administrator, may be obtained by automatic accumulation and learning, or may be obtained by some other method.

  Then, an application on the client is set to transmit a message to the aggregation port. Then, the server compares the message passing through the port with the determination rule in the application determination DB to determine consistency, and forwards the message to the reception port of the application that is the original transmission destination on the server. .

  As described above, in the information processing apparatus according to the first exemplary embodiment of the present invention, the used ports of a plurality of services are aggregated, and connections from clients of each service are received by the same port. As a result, it is possible to eliminate the firewall setting change and increase the security strength. In other words, in an environment where multiple applications coexist, without providing a dedicated module and dedicated server on the client side, aggregate the holes in the firewall, that is, aggregate the server-side acceptance ports for messages sent from the client to the server. And security can be maintained.

  Further, since it is not necessary to prepare a dedicated module and a dedicated server on the client side, the effect of reducing the man-hours for setting on the client side and the hardware cost can be significantly obtained as the environment becomes larger.

  That is, among the constituent elements in the information processing apparatus according to the first embodiment of the present invention, the minimum configuration including the message transmission / reception unit 33, the message transfer unit 35, and the determination unit 41 has a simple configuration, It is possible to achieve the object of the present invention of processing messages from applications of other devices and improving security.

  In the information processing apparatus according to the first embodiment of the present invention, the determination unit 41 determines the individual port number of the application on the server corresponding to the message based on the message received by the message transmission / reception unit 33. . Then, the message transfer unit 35 generates and transfers a message in which the aggregate port number of the message is replaced with the individual port number determined by the determination unit 41.

  With such a configuration, message transfer from the client application to the server application can be performed by simple processing on the server side.

  In the information processing apparatus according to the first embodiment of the present invention, the application determination database 38 stores application information indicating the correspondence between the application on the server and a predetermined character string included in the message. Then, the determination unit 41 determines the application on the server corresponding to the message by collating the character string of the message received by the message transmission / reception unit 33 with a predetermined character string in the application information.

  With this configuration, it is possible to determine the server application corresponding to the message received from the client application with a simple configuration and processing on the server side.

  In the information processing apparatus according to the first embodiment of the present invention, the src / dst information database 42 includes identification information of a client that executes an application on the server and an application on the client that has established a connection with the application on the server. The connection information shown is stored. Then, the determination unit 41 determines the application on the server corresponding to the message by collating the identification information of the transmission source of the message received by the message transmission / reception unit 33 with the identification information in the connection information.

  With such a configuration, a message from the application on the client that has established the connection can be transferred to the application on the server by a simple process without performing a matching process with the determination rule.

  In the information processing apparatus according to the first embodiment of the present invention, the determination unit 41 determines the application on the server corresponding to the message received by the message transmission / reception unit 33, and then the connection corresponding to the determined message. If the information does not exist, identification information of the client executing the application on the server corresponding to the determined message and the client application that has transmitted the message is added to the connection information.

  With such a configuration, necessary information can be appropriately added to the connection information, that is, the src / dst information database 42.

  In the information processing apparatus according to the first embodiment of the present invention, when the connection between the application on the server and the application on the client is disconnected, the determination unit 41 connects information corresponding to the application on the client. Remove from information.

  With such a configuration, unnecessary information can be appropriately deleted from the connection information, that is, the src / dst information database 42.

  In the information processing apparatus according to the first embodiment of the present invention, the message sending / receiving unit 33 receives a message from the application on the server. The determination unit 41 determines an application on the client corresponding to the message from the application on the server, and discards the message if it cannot be determined. Then, when the determination unit 41 can determine the client application corresponding to the message, the message transfer unit 35 transfers the message to the client application.

  With such a configuration, it is possible to prevent an erroneous transfer process for a message from the application on the server to the application on the client.

  In the information processing apparatus according to the first embodiment of the present invention, the determination unit 41 outputs error information when the application corresponding to the message received by the message transmission / reception unit 33 cannot be determined.

  With such a configuration, it is possible to appropriately notify the user of an abnormality in the message transfer process.

  The message transfer unit 35 is configured to generate and transfer a message in which the aggregated port number of the message received by the message sending / receiving unit 33 is replaced with the individual port number determined by the determination unit 41. However, the present invention is not limited to this. The message transfer unit 35 may be configured to add an individual port number to the message and transfer it to the application on the server, or transfer the message to the corresponding application on the server by some method without using the individual port number. It may be configured to.

  Next, another embodiment of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

<Second Embodiment>
The present embodiment relates to an information processing apparatus that constructs discrimination rules through automatic accumulation and learning. The contents other than those described below are the same as those of the information processing apparatus according to the first embodiment.

  FIG. 8 is a diagram showing a configuration of an information processing system according to the second embodiment of the present invention. FIG. 8 shows a message accumulation stage by the server 30.

  Referring to FIG. 8, the information processing system 402 includes a server 30 and clients 10 and 20 that are information processing apparatuses. In FIG. 8, the number of clients in the information processing system 402 is two, but the information processing system 402 may be configured to include one or three or more clients.

  As compared with the server 30 according to the first embodiment of the present invention, the server 30 further includes a storage unit 34 and a learning unit 36 as its control structure. The accumulation unit 34 includes a message storage unit 34a. The learning unit 36 includes a message calling unit 36a, a pattern analysis unit 36b, and a pattern storage unit 36c.

  The server 30 further includes an application data storage database (message storage unit) 37 as compared with the server according to the first embodiment of the present invention. An application data storage database (DB) 37 is stored in the main memory 102 or the hard disk 103 shown in FIG.

  FIG. 9 is a diagram showing an example of the contents of the application data storage database in the information processing apparatus according to the second embodiment of the present invention.

  Referring to FIG. 9, application data storage database 37 stores a plurality of messages received by message transmission / reception unit 33.

  For example, in the application data storage DB 37, the application name, client information, message direction, and the full message are stored by the message storage unit 34a in the storage unit 34. The application data storage DB 37 is used by the pattern analysis unit 36b in the learning unit 36 to create a message discrimination rule.

  That is, the pattern analysis unit 36b extracts a predetermined character string by performing pattern matching on a plurality of messages stored in the application data storage database 37, and the correspondence between the application on the server and the extracted predetermined character string. Generate application information showing the relationship.

  Here, as a precondition, since the accumulation stage and the learning stage are performed for each application, it is necessary that communication by a plurality of applications is not performed simultaneously. For example, after accumulation and learning are performed on the application 11, the accumulation and learning related to the application 21 are performed.

  First, the accumulation stage will be described with reference to the configuration diagram of FIG. 8 and the flowchart of FIG.

  FIG. 10 is a flowchart showing an operation procedure when the information processing apparatus according to the second embodiment of the present invention performs message accumulation processing.

  Referring to FIG. 10, the message (step S301) transmitted from application 11 in client 10 is received by message transmission / reception unit 33 of server 30 (step S201).

  Next, the message storage unit 34a stores the corresponding data in the application data storage DB 37 based on the message (step S202).

  Next, when the storage of the corresponding data in the application data storage DB 37 is completed, the message transfer unit 35 transfers the message to the application 31 (step S203). Here, the transmission destination port of the application on the client and the reception port of the application on the server are set in advance. Here, the destination port of the application on the client is the port 8500, and the reception port of the application on the server is the port 8501 or 8502.

  Next, the application 31 receives a message from the message transfer unit 35 (step S101) and transmits a response message (step S102).

  Next, the message storage unit 34a receives a response message from the application 31 (step S204), and stores the corresponding data in the application data storage DB 37 based on the response message (step S205).

  Note that when a response message is not transmitted as an application specification, a response message from the application on the server to the application on the client is not accumulated.

  Next, the message transmission / reception unit 33 transmits a response message to the application 11 in the client 10 (step S206).

  Next, the application 11 receives a response message from the message sending / receiving unit 33 (step S302).

  The server 30 accumulates messages in the application data accumulation DB 37 by repeating the above processing.

  Next, the learning stage will be described using the configuration diagram of FIG. 11 and the flowchart of FIG.

  FIG. 11 is a diagram showing a configuration of an information processing system according to the second embodiment of the present invention. FIG. 11 shows a message learning stage by the server 30. FIG. 12 is a flowchart showing an operation procedure when the information processing apparatus according to the second embodiment of the present invention performs a message learning process.

  Referring to FIGS. 11 and 12, first, message calling unit 36a calls a message stored from application data storage DB 37 (step S207).

  Next, the pattern analysis unit 36b performs message pattern matching (step S208).

  Here, a pattern matching algorithm will be described with reference to the application data storage DB 37 shown in FIG. For the message “APP11 *****” whose message direction is Client → Server, a character string is scanned from the head of all accumulated messages, and the same character string is extracted. “****” is a non-fixed character string.

  In this message example, the 1st to 5th bytes are extracted as the same character, but the 6th byte shift is a different character string for each message. For this reason, the information that “APP11” is described in the 1st to 5th bytes in all messages is extracted.

  Similarly, for the message “RETURN APP11” whose message direction is Server → Client, information that “RETURN APP11” is described in the 1st to 12th bytes in all response messages is extracted.

  Referring to FIG. 12 again, the subsequent processing is divided depending on whether the determination rule is a pattern that can be created.

  That is, when the discrimination rule cannot be created (NO in step S209), the pattern analysis unit 36b displays the result on the GUI 40 from the screen output unit 39 and ends the process. The GUI 40 displays “A message without a specific pattern” as an analysis result (steps S210 and S211).

  In this example, since the pattern analysis unit 36b was able to create a discrimination rule (YES in step S209), the pattern storage unit 36c stores the created discrimination rule in the application discrimination DB 38 (step S212). The contents of the application determination DB 38 are as shown in FIG. 3, for example.

  Next, the pattern storage unit 36 c displays the result on the GUI 40 from the screen output unit 39 and ends the process. The GUI 40 displays “Pattern analysis completed” as the analysis result (steps S213 and 214).

  13 and 14 are diagrams showing the configuration of the information processing system according to the second embodiment of the present invention. FIG. 13 shows message transfer processing in a state where the connection between the application on the client and the application on the server has not been established. FIG. 14 shows message transfer processing in a state where a connection between the application on the client and the application on the server is established.

  The message transfer process shown in FIGS. 13 and 14 is the same as the information processing system according to the first embodiment of the present invention.

  As described above, in the information processing apparatus according to the second embodiment of the present invention, the application data storage database 37 stores a plurality of messages received by the message transmission / reception unit 33. Then, the pattern analysis unit 36b extracts a predetermined character string by performing pattern matching on a plurality of messages stored in the application data storage database 37, and the correspondence between the application on the server and the extracted predetermined character string. Generate application information showing the relationship.

  With such a configuration, it is possible to automatically generate an appropriate discrimination rule.

  Since other configurations and operations are the same as those of the information processing apparatus according to the first embodiment, detailed description thereof will not be repeated here.

  The above embodiment should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

  The present invention can be applied to the TCP / IP communication field in the client / server model. Therefore, the present invention has industrial applicability.

  Although a part or all of the above embodiments can be described as the following supplementary notes, the scope of the present invention is not limited to the following supplementary notes.

[Appendix 1]
An information processing apparatus for processing a message from an external application in another apparatus by its own internal application,
A message receiver for receiving a message including an aggregated port number from one or more of the external applications;
A determination unit for determining the internal application corresponding to the message received by the message reception unit;
An information processing apparatus comprising: a message transfer unit configured to transfer the message corresponding to the internal application determined by the determination unit.

[Appendix 2]
The determining unit determines an individual port number of the internal application corresponding to the message based on the message received by the message receiving unit,
The information processing apparatus according to claim 1, wherein the message transfer unit generates and transfers the message in which the aggregated port number of the message is replaced with the individual port number.

[Appendix 3]
The information processing apparatus further includes:
An application information storage unit for storing application information indicating a correspondence relationship between the internal application and a predetermined character string included in the message;
The discriminating unit discriminates the internal application corresponding to the message by collating the character string of the message received by the message receiving unit with the predetermined character string in the application information. 2. The information processing apparatus according to 2.

[Appendix 4]
The information processing apparatus further includes:
A connection information storage unit for storing connection information indicating identification information of the internal application and other devices that execute the external application that has already established a connection with the internal application;
The discriminating unit discriminates the internal application corresponding to the message by collating the identification information of the transmission source of the message received by the message receiving unit with the identification information in the connection information. To 4. The information processing apparatus according to any one of 3 to 4.

[Appendix 5]
After determining the internal application corresponding to the message received by the message receiving unit, the determining unit corresponds to the determined message when the connection information corresponding to the determined message does not exist The information processing apparatus according to appendix 4, wherein identification information of another apparatus that executes the internal application and the external application that has transmitted the message is added to the connection information.

[Appendix 6]
The information processing apparatus according to appendix 4 or 5, wherein the determination unit deletes information corresponding to the external application from the connection information when the connection between the internal application and the external application is disconnected.

[Appendix 7]
The message receiving unit receives a message from the internal application,
The determination unit determines the external application corresponding to the message from the internal application, and discards the message if it cannot be determined,
The information processing apparatus according to any one of appendices 1 to 6, wherein the message transfer unit transfers the message to the external application when the determination unit can determine the external application corresponding to the message.

[Appendix 8]
The information processing apparatus according to any one of appendices 1 to 7, wherein the determination unit outputs error information when the application corresponding to the message received by the message reception unit cannot be determined.

[Appendix 9]
The information processing apparatus further includes:
A message accumulating unit for accumulating a plurality of the messages received by the message receiving unit;
By performing pattern matching on the plurality of messages stored by the message storage unit, the predetermined character string is extracted, and application information indicating the correspondence between the internal application and the extracted predetermined character string is obtained. The information processing apparatus according to attachment 3, further comprising: a pattern analysis unit for generating.

[Appendix 10]
With the client,
With a server,
The client sends an aggregate port number in a message generated by each application to be executed to the server,
The server
An information processing system that receives a message including the aggregated port number from one or more of the applications, determines its own application corresponding to the received message, and transfers the message corresponding to the determined application.

[Appendix 11]
A message processing method in an information processing apparatus for processing a message from an external application in another apparatus by its own internal application,
Receiving a message including an aggregate port number from one or more of the external applications;
Determining the internal application corresponding to the received message;
Transferring the corresponding message to the determined internal application.

[Appendix 12]
In the step of determining the internal application, based on the received message, the individual port number of the internal application corresponding to the message is determined,
12. The message processing method according to claim 11, wherein in the step of transferring the message, the message in which the aggregated port number of the message is replaced with the individual port number is generated and transferred.

[Appendix 13]
The message processing method further includes:
Storing application information indicating a correspondence relationship between the internal application and a predetermined character string included in the message,
In the step of determining the internal application, the internal application corresponding to the message is determined by collating the received character string of the message with the predetermined character string in the application information. The message processing method described in 1.

[Appendix 14]
The message processing method further includes:
Storing connection information indicating identification information of the internal application and another device that executes the external application that has already established a connection with the internal application,
In the step of determining the internal application, the internal application corresponding to the message is determined by collating the identification information of the transmission source of the received message with the identification information in the connection information. The message processing method according to claim 13.

[Appendix 15]
In the step of determining the internal application, after determining the internal application corresponding to the received message, if the connection information corresponding to the determined message does not exist, the corresponding to the determined message 15. The message processing method according to appendix 14, wherein identification information of an internal application and another device that executes the external application that has transmitted the message is added to the connection information.

[Appendix 16]
In the step of determining the internal application, when the connection between the internal application and the external application is disconnected, information corresponding to the external application is deleted from the connection information. Message processing method.

[Appendix 17]
The message processing method further includes:
Receiving a message from the internal application;
Determining the external application corresponding to the message from the internal application, and discarding the message if it cannot be determined;
The message processing method according to any one of appendices 11 to 16, further comprising a step of transferring the message to the external application when the external application corresponding to the message can be determined.

[Appendix 18]
18. The message processing method according to any one of appendices 11 to 17, wherein in the step of determining the internal application or the external application, error information is output when an application corresponding to the received message cannot be determined.

[Appendix 19]
The message processing method further includes:
Accumulating a plurality of received messages;
Performing pattern matching on the plurality of accumulated messages to extract the predetermined character string, and generating application information indicating a correspondence relationship between the internal application and the extracted predetermined character string. The message processing method according to attachment 13.

[Appendix 20]
A message processing program in an information processing apparatus for processing a message from an external application in another apparatus by its own internal application,
Receiving a message including an aggregate port number from one or more of the external applications;
Determining the internal application corresponding to the received message;
And a step of transferring the corresponding message to the determined internal application.

[Appendix 21]
In the step of determining the internal application, based on the received message, the individual port number of the internal application corresponding to the message is determined,
The message processing program according to appendix 20, wherein in the step of transferring the message, the message in which the aggregated port number of the message is replaced with the individual port number is generated and transferred.

[Appendix 22]
The message processing program is further stored in a computer.
Storing application information indicating a correspondence relationship between the internal application and a predetermined character string included in the message;
In the step of determining the internal application, the internal application corresponding to the message is determined by collating the received character string of the message with the predetermined character string in the application information. Message processing program described in 1.

[Appendix 23]
The message processing program is further stored in a computer.
Storing the connection information indicating the identification information of the internal application and other devices that execute the external application that has already established a connection with the internal application; and
In the step of determining the internal application, the internal application corresponding to the message is determined by collating the identification information of the transmission source of the received message with the identification information in the connection information. 22. The message processing program according to any one of 22.

[Appendix 24]
In the step of determining the internal application, after determining the internal application corresponding to the received message, if the connection information corresponding to the determined message does not exist, the corresponding to the determined message The message processing program according to appendix 23, wherein identification information of an internal application and another device that executes the external application that has transmitted the message is added to the connection information.

[Appendix 25]
25. In the step of determining the internal application, when the connection between the internal application and the external application is disconnected, information corresponding to the external application is deleted from the connection information. Message processing program.

[Appendix 26]
The message processing program is further stored in a computer.
Receiving a message from the internal application;
Determining the external application corresponding to the message from the internal application, and discarding the message if it cannot be determined;
The message processing program according to any one of appendices 20 to 25, wherein when the external application corresponding to the message can be determined, a step of transferring the message to the external application is executed.

[Appendix 27]
27. The message processing program according to any one of appendices 20 to 26, wherein in the step of determining the internal application or the external application, error information is output when an application corresponding to the received message cannot be determined.

[Appendix 28]
The message processing program is further stored in a computer.
Accumulating a plurality of received messages;
Performing pattern matching on the plurality of stored messages to extract the predetermined character string, and generating the application information indicating the correspondence between the internal application and the extracted predetermined character string The message processing program according to attachment 22, wherein

10, 20 Client 11, 12, 21, 22, 31, 32 Application 30 Server 33 Message transmission / reception unit 34 Storage unit 34a Message storage unit 35 Message transfer unit 36 Learning unit 36a Message call unit 36b Pattern analysis unit 36c Pattern storage unit 37 Application data storage database (message storage unit)
38 Application discrimination database (application information storage unit)
39 Screen output unit 40 GUI
41 Discrimination Unit 41a Database Reference Unit 41b Consistency Determination Unit 41c Database Rewrite Unit 42 src / dst Information Database 101 CPU
DESCRIPTION OF SYMBOLS 102 Main memory 103 Hard disk 104 Input interface 105 Display controller 106 Data reader / writer 107 Communication interface 108 Keyboard 109 Mouse 110 Display 111 Recording medium 121 Bus 201 Information processing apparatus 401, 402 Information processing system

Claims (10)

An information processing apparatus for processing a message from an external application in another apparatus by its own internal application,
A message receiving unit for receiving a message generated by the external application so as to include a common aggregate port number among the plurality of external applications from one or more of the external applications;
A determination unit for determining the internal application corresponding to the message received by the message reception unit;
An information processing apparatus comprising: a message transfer unit configured to transfer the message corresponding to the internal application determined by the determination unit. The determining unit determines an individual port number of the internal application corresponding to the message based on the message received by the message receiving unit,
The information processing apparatus according to claim 1, wherein the message transfer unit generates and transfers the message in which the aggregate port number of the message is replaced with the individual port number. The information processing apparatus further includes:
An application information storage unit for storing application information indicating a correspondence relationship between the internal application and a predetermined character string included in the message;
The said determination part discriminate | determines the said internal application corresponding to the said message by collating the character string of the said message received by the said message receiving part, and the said predetermined character string in the said application information. Or the information processing apparatus according to 2; The information processing apparatus further includes:
A connection information storage unit for storing connection information indicating identification information of the internal application and other devices that execute the external application that has already established a connection with the internal application;
The determination unit determines the internal application corresponding to the message by comparing the identification information of the transmission source of the message received by the message reception unit with the identification information in the connection information. The information processing apparatus according to any one of 1 to 3.   After determining the internal application corresponding to the message received by the message receiving unit, the determining unit corresponds to the determined message when the connection information corresponding to the determined message does not exist The information processing apparatus according to claim 4, wherein identification information of another apparatus that executes the internal application and the external application that has transmitted the message is added to the connection information. The message receiving unit receives a message from the internal application,
The determination unit determines the external application corresponding to the message from the internal application, and discards the message if it cannot be determined,
The information processing apparatus according to claim 1, wherein the message transfer unit transfers the message to the external application when the determination unit can determine the external application corresponding to the message. . The information processing apparatus further includes:
A message accumulating unit for accumulating a plurality of the messages received by the message receiving unit;
By performing pattern matching on the plurality of messages stored by the message storage unit, the predetermined character string is extracted, and application information indicating the correspondence between the internal application and the extracted predetermined character string is obtained. The information processing apparatus according to claim 3, further comprising: a pattern analysis unit for generating. With the client,
With a server,
The client sends a message that is generated to include a common aggregate port numbers among the respective application by each application running Previous Stories server,
The server
An information processing system that receives a message including the aggregated port number from one or more of the applications, determines its own application corresponding to the received message, and transfers the message corresponding to the determined application. A message processing method in an information processing apparatus for processing a message from an external application in another apparatus by its own internal application,
Receiving from one or more external applications a message generated by the external application to include a common aggregate port number among the plurality of external applications;
Determining the internal application corresponding to the received message;
Transferring the corresponding message to the determined internal application. A message processing program in an information processing apparatus for processing a message from an external application in another apparatus by its own internal application,
Receiving from one or more external applications a message generated by the external application to include a common aggregate port number among the plurality of external applications;
Determining the internal application corresponding to the received message;
And a step of transferring the corresponding message to the determined internal application.

Images