JP6895147B2 - Data transfer system - Google Patents

Description

The present invention executes data transfer from the second computer to the first computer through a data transfer system, particularly a first communication network to which the first computer is connected and a second communication network to which the second computer is connected. Regarding data transfer system.

There is a system that transfers data from a computer connected to the second communication network to a computer connected to the first communication network. In the system of Patent Document 1, when data is transmitted from the carry-in application terminal to the server device through an external network (for example, the Internet) corresponding to the second communication network, the internal network corresponding to the first communication network (for example, LGWAN) (Comprehensive administrative network)), the server device transmits data for browsing to the browsing terminal. In Patent Document 1, the data to be transferred is subjected to detoxification processing at the carry-in application terminal and conversion processing to a data format different from the original format at the server device.

Japanese Unexamined Patent Publication No. 2018-018317 (Fig. 1)

The server device of Patent Document 1 is connected to an external network. Therefore, this server device may be exposed to unauthorized intrusion through an external network. On the other hand, the server device of Patent Document 1 is connected to an internal network such as LGWAN, which requires a high degree of security. However, if the server device is vulnerable to attacks from the external network, the security requirements on the internal network side may not be satisfied.

An object of the present invention is to provide a data transfer system that can easily satisfy a high level of security required for connection with a communication network.

The data transfer system according to the first aspect of the present invention is the data from the second computer to the first computer through the first communication network to which the first computer is connected and the second communication network to which the second computer is connected. A data transfer system that executes transfer, the first reverse proxy server connected to the first communication network, the second reverse proxy server connected to the second communication network, and the second reverse proxy server. The target data storage means for storing the data transferred from the second computer via the second computer, the detoxification processing means for performing detoxification processing on the data to be transferred, and the second computer via the second reverse proxy server. An application server that transfers the data transmitted from the target data storage means to the target data storage means and transfers the data stored in the target data storage means to the first computer via the first reverse proxy server. The data that has been detoxified by the detoxification processing means is transferred from the target data storage means to the first computer via the first reverse proxy server, and the first computer and the first reverse are transferred. Communication between the proxy servers, communication between the second computer and the second reverse proxy server, and communication between the first reverse proxy server and the second reverse proxy server and the application server are different from each other. The protocol is used. The data transfer system according to the second aspect of the present invention is the data from the second computer to the first computer through the first communication network to which the first computer is connected and the second communication network to which the second computer is connected. A data transfer system that executes transfer, the first reverse proxy server connected to the first communication network, the second reverse proxy server connected to the second communication network, and the second reverse proxy server. The target data storage means for storing the data transferred from the second computer via the second computer and the detoxification processing means for performing detoxification processing on the data to be transferred are provided, and the detoxification processing means is detoxified. The processed data is transferred from the target data storage means to the first computer via the first reverse proxy server, and from either the first computer or the second computer to the target data storage means. Data can be transferred, and the data transferred from one of the first computer and the second computer is stored in the target data storage means together with information indicating a transfer destination user, and the first computer and the second computer are described. When a transfer instruction is input by the transfer destination user on the other side of the second computer, data is transferred from the target data storage means to the other side.

According to the data transfer system of the present invention, the data from the second computer is transferred to the target data storage means via the second reverse proxy server connected to the second communication network. Therefore, even if the second communication network side can directly access the second reverse proxy server, it cannot directly access the target data storage means side. Therefore, a robust system is realized against unauthorized intrusion from the second communication network side.

On the other hand, there is a risk that the security requirements associated with the connection with the communication network (for example, the security requirements when the first communication network is LGWAN) cannot be met only by being robust against attacks from the second communication network side. There is. It is not necessarily the case that the second reverse proxy server is provided, but the illegal data transfer due to the unauthorized intrusion from the first communication network side to the target data storage means side (for example, from the first communication network side to the second communication network side). This is because it cannot be said that it is easy to prevent data leakage.

Therefore, in the present invention, the data transfer from the target data storage means to the first computer is also performed via the first reverse proxy server. Therefore, even from the first communication network side, the target data storage means side cannot be directly accessed. In this way, the system is robust not only against unauthorized intrusion from the second communication network side but also against unauthorized intrusion from the first communication network side, so that even when high security is required, the request is made. A system that is easy to meet is realized.

Further, in the present invention, the data transferred from the second computer via the second reverse proxy server is transferred to the data by the detoxification processing means until the data is transferred to the first reverse proxy server. It is preferable to perform the detoxification treatment. According to this, the detoxification processing server is arranged in any of the data transfer paths from the second reverse proxy server to the first reverse proxy server. Therefore, neither the first communication network side nor the second communication network side can directly access the detoxification processing means. Therefore, a robust system is realized even against attacks aimed at detoxification.

From the first viewpoint, the communication between the first computer or the second computer and the first reverse proxy server or the second reverse proxy server, and the first reverse proxy server or the second reverse proxy server and the application server. Two different communication protocols are used with the communication between 110. Therefore, when attempting to illegally invade the application server 110 from the first communication network side or the second communication network, it is necessary to succeed in each of the communications of the two different communication protocols. Therefore, a robust system is realized against unauthorized intrusion into the application server.

Further, in the second aspect , the data is transferred to the computer only after the transfer destination user inputs the transfer instruction to the computer. Therefore, the transfer destination user can execute the data transfer to the computer at a desired timing.

Further, in the present invention, it is preferable that at least one of the reply message and the file can be transferred from the other to the one. According to this, the transfer destination user can return a message or a file to the transfer source user.

Further, in the present invention, data is transferred from the first computer or the second computer based on the address storage means for storing the e-mail address in association with the information indicating the user and the stored contents of the address storage means. It is preferable to provide an e-mail transmission means for transmitting an e-mail indicating the above to the e-mail address corresponding to the forwarding user. As described above, in order to execute the transfer, instructions from the transfer destination user are required. On the other hand, when the data is transferred to the target data storage means, an e-mail to that effect is sent to the e-mail address corresponding to the transfer destination user. Therefore, the transfer destination user can instruct data transfer based on the mail notification.

It is a functional block diagram which shows the whole structure of the data transfer system which concerns on one Embodiment of this invention. FIG. 1 is a diagram partially showing the functional blocks of FIG. 1 with respect to details of a gateway segment, an LGWAN public segment, and an external public segment. It is an image corresponding to the login screen displayed on the display of the committee side PC and the school side PC of FIG. This is an example of a home screen displayed on the display of the committee-side PC shown in FIG. This is an example of a screen for creating a new folder displayed on the display of the committee PC in FIG. 1. It is a flow chart which shows the process which the application server of FIG. 1 executes when a new folder is created. This is an example of the screen displayed on the display of the school PC in FIG. 1 when the school user selects an item corresponding to the folder created by the committee user on the home screen. It is a flow chart which shows the process which the application server of FIG. 1 executes when a reply is made to the folder creator from the sharing destination of a folder. This is an example of the screen displayed on the display of the committee-side PC in FIG. 1 when the committee-side user selects an item corresponding to the folder created by the committee-side user on the home screen. This is an example of a list screen of files being detoxified displayed on the displays of the committee side PC and the school side PC in FIG. 1.

Hereinafter, the data transfer system 1 according to the embodiment of the present invention will be described with reference to FIGS. 1 to 10. In the present embodiment, as shown in FIG. 1, the data transfer system 1 is provided on the computer terminal (hereinafter referred to as the committee side PC; the first computer in the present invention) 11 installed on the board of education side and on the school side. It is used to transfer data to and from an installed computer terminal (hereinafter referred to as a school-side PC; a second computer in the present invention) 21. The data transfer system 1 includes an application server 110, a database server 120 (target data storage means in the present invention), a detoxification processing server 103 (detoxification processing means in the present invention), a reverse proxy server 201, a mail transmission server 202, and a reverse proxy. It includes a server 301 and a mail transmission server 302. The reverse proxy server means a server that communicates with a client on behalf of a specific server. The specific functions of the reverse proxy servers 201 and 301 in this embodiment will be described later.

The committee side PC11, the school side PC21, the application server 110, the database server 120, the detoxification processing server 103, the reverse proxy servers 201 and 301, and the mail transmission servers 202 and 302 each have hardware including a computer and a data transfer system. It is equipped with software including a program that functions the hardware so as to realize the various functions of 1. Each computer includes a memory device such as a CPU (Central Processing Unit), a ROM (Read-Only Memory), and a RAM (Random Access Memory), and various interfaces such as an input / output interface. Further, an input device for receiving user input, an output device such as a display, a recording device such as a hard disk, and the like are connected to the computer as an external device or mounted as an internal device. The software consists of program data and the like recorded in a recording device such as a memory device and a hard disk. Then, hardware such as a computer executes various information processing such as arithmetic processing and input / output processing according to software. The committee side PC11, the school side PC21, the application server 110, the database server 120, the detoxification processing server 103, the reverse proxy servers 201 and 301, and the mail transmission servers 202 and 302 described below by the hardware functions according to the software. Various functions are realized.

As shown in FIG. 1, the application server 110, the database server 120, and the detoxification processing server 103 belong to a common segment (gateway segment 100). The reverse proxy server 201 and the mail transmission server 202 belong to a common segment (LGWAN public segment 200). The reverse proxy server 301 and the mail transmission server 302 belong to a common segment (external network public segment 300). The gateway segment 100 and the LGWAN public segment 200 are adjacent to each other via a firewall (hereinafter referred to as FW) 12. Further, the gateway segment 100 and the external network public segment 300 are adjacent to each other via the FW12. The application server 110 and the reverse proxy servers 201 and 301 communicate with each other via FW12 based on TCP / IP (Transmission Control Protocol / Internet Protocol). The application server 110 and the detoxification processing server 103 communicate with each other based on TCP / IP. The application server 110 and the database server 120 communicate with each other based on TCP / IP.

The LGWAN public segment 200 is connected to the LGWAN N1 (first communication network in the present invention) via the FW12 and the router 13 for LGWAN connection. A plurality of committee-side PC11s are connected to LGWAN N1. The external network public segment 300 is connected to the Internet N2 (second communication network in the present invention) via the FW12 and the router 14 for connecting to the Internet. A plurality of school-side PCs 21 are connected to the Internet N2 via the FW12 and the router 14.

The mutual communication between the application server 110, the reverse proxy servers 201 and 301, the committee side PC11, and the school side PC21 complies with the following specifications in order to improve security. First, the server belonging to the gateway segment 100 is not open to the public on the LGWAN N1 side or the Internet N2 side. On the other hand, the reverse proxy server 201 installed in the LGWAN public segment 200 has an IP address disclosed to LGWAN N1. Further, the reverse proxy server 301 installed in the external network public segment 300 has an IP address disclosed to the Internet N2. As a result, the application server 110 does not directly access the committee-side PC 11 and the school-side PC 21, but the reverse proxy server 201 or 301 accesses these PCs on its behalf. The committee-side PC 11 uses the public IP address of the reverse proxy server 201 or the corresponding URL (Uniform Resource Locator) to TCP / IP with the reverse proxy server 201 via LGWAN N1. Perform based communication. On the committee side PC 11, a web browser application (hereinafter referred to as a web browser) is used for communication with the reverse proxy server 201. Further, the school side PC 21 executes communication based on TCP / IP with the reverse proxy server 301 via the Internet N2 by using the public IP address of the reverse proxy server 301 or the URL corresponding thereto. In the school side PC 21, a web browser is used for communication with the reverse proxy server 201.

Then, while the first communication protocol is used between the committee side PC 11 or the school side PC 21 and the reverse proxy server 201 or 301, the application server 110 and the reverse proxy server 201 or 301 A second communication protocol different from the first communication protocol is used. As the first and second communication protocols, HTML (HyperText Markup Language) such as HTTP (Hypertext Transfer Protocol), HTTPS (Hypertext Transfer Protocol), etc. is described as HTML (HyperText Markup Language File), which is a data file (Transmission File). Of the plurality of communication protocols for this purpose, any two that are different from each other may be used. As described above, the protocol used for communication between the committee side PC 11 or the school side PC 21 and the reverse proxy server 201 or 301, and the protocol used for communication between the reverse proxy server 201 or 301 and the application server 110. Are different from each other. As a result, the session in the former communication and the session in the latter communication are clearly separated from each other. Therefore, when attempting to invade the application server 110, it is necessary to succeed in the two-step intrusion regardless of the intrusion route from the LGWAN N1 side and the Internet N2 side. Therefore, it is difficult to illegally invade the application server 110.

Hereinafter, the configurations and functions of the application server 110, the database server 120, and the detoxification processing server 103 will be described. These execute the data transfer process, which is the main process in the data transfer system 1. In the present embodiment, the data to be transferred is managed as a folder including a message exchanged between the transfer source and the transfer destination and a data file to be transferred (hereinafter, referred to as a file). In the present embodiment, there are three types of folders: "notification folder", "survey folder", and "shared folder such as style". The "notification folder" is used when notifying the forwarding destination. The "survey folder" is used when you want to request a survey from the forwarding destination. The "shared folder for forms, etc." is used when you want to share the forms, etc. of documents with the forwarding destination. Each folder is shared with other users specified by the source user. The sharing destination user can view the messages in the folder and download the file as described later. The sharing destination user is a person registered as a user of the data transfer system 1. In this embodiment, both the staff user on the board of education side and the user on the school side are targeted. Users are classified into four categories: "principal", "vice-principal", "office work", and "general". "General" corresponds to general faculty members.

As shown in FIG. 2, the database server 120 manages folder data 121 indicating the contents of the folder for each folder. The folder data 121 includes data indicating a folder creation date, expiration date, folder type, files and messages to be transferred, and user ID data indicating the folder creator and sharing destination. Further, the folder data 121 includes data indicating the status of the folder. The data indicating the status of the folder includes data indicating whether or not it has been confirmed, data indicating whether or not it has been replied, and data indicating whether or not it has been completed. The default folder status is not confirmed, not replied, and not completed. In addition, the database server 120 manages user data 122 indicating user IDs and other information about users for each registered user. The user data 122 indicates the user name, the board of education side / school side, the board of education name / school name, the principal, the principal, the general and office work when the user is the school side, and the e-mail address. Contains data.

The detoxification processing server 103 is a server that performs detoxification processing on a file to be transferred. The detoxification process of this embodiment is a process that reduces the risk of damage caused by malware contained in the original file at the transfer destination of the file, for example, by deleting a program such as a macro included in the file. To say. In addition, the detoxification process may include a process of converting a file of a specific file format into a file of a text format. In the present embodiment, only the files from the school PC21 transferred via the Internet N2 are detoxified. The detoxification processing server 103 performs detoxification processing on the file received from the application server 110, and when the detoxification processing is completed, transmits the detoxification processing file to the application server 110.

The application server 110 executes the data transfer process based on the request transmitted from the committee side PC 11 or the school side PC 21 via the reverse proxy server 201 or 301. As a functional unit for executing such data transfer processing, the application server 110 has a transfer processing management unit 111 and a detoxification processing management unit 112, as shown in FIG.

The transfer processing management unit 111 executes instructions to the database server 120 such as generation and update of folder data 121, and file transfer processing between the reverse proxy servers 201 and 301. Further, the transfer processing management unit 111 generates HTML files, image files, etc. indicating texts, images, etc. displayed by using a web browser on the committee side PC 11 and the school side PC 21, and transmits them to these PCs. In generating the data, the folder data 121 and the user data 122 managed by the database server 120 and the data stored in the storage device in the application server 110 are used. The generated HTML file can be selected by using a pointing device such as a mouse to select, for example, a list of users who can be candidates for sharing folders, information on folders for content confirmation / reply, etc. It contains data to be displayed on the display of a PC. The user list and folder information are acquired from the folder data 121 and the user data 122. Specific examples of the screen displayed on the display of the destination PC based on the HTML file are as described later (see FIGS. 4, 5 and 7). On the destination PC, the user selects a user to share the folder, a folder to check the contents, and a reply based on the screen display of the display. The selection result is transmitted from the PC to the application server 110 via the reverse proxy server 201 or 301. The transfer processing management unit 111 executes processing such as generation and update of folder data 121 and data transfer with respect to the user and the folder indicated by the transmitted selection result. Specific examples of such processing will be described later (see FIGS. 6 and 8). Further, the forwarding processing management unit 111 instructs the mail sending servers 202 and 302 to send a mail addressed to the mail address corresponding to the user indicated by the transmitted selection result. The e-mail address is acquired based on the user data 122. Instructions are sent to the mail transmission server 202 for the users on the committee side, and instructions are sent to the mail transmission server 302 for the users on the school side. The mail transmission servers 202 and 302 transmit mail to the users on the committee side and the school side based on the transmission instruction from the application server 110. Emails sent to committee users and school users both contain text messages only and no attachments.

When the file is transferred from the school PC 21 to the application server 110, the detoxification processing management unit 112 transmits the file to the detoxification processing server 103. Further, the detoxification processing management unit 112 receives the file detoxified by the detoxification processing server 103 from the detoxification processing server 103. The detoxified file is stored in the database server 120 as a part of the folder data 121 through the transfer processing management unit 111.

Hereinafter, an implementation example of the data transfer process executed by the data transfer system 1 will be described. On each of the committee-side PC 11 and the school-side PC 21, characters, images, and the like are displayed on the display connected to these PCs by the function of the web browser. As described above, these displays are executed based on the HTML file, image data, and the like transmitted from the transfer processing management unit 111 of the application server 110. 3 to 5, 7, 9, and 10 are examples of screen displays executed on a display connected to or mounted on either the committee-side PC 11 or the school-side PC 21. The user on the committee side or the school side inputs various information and instructions to the committee side PC 11 or the school side PC 21 using an input device such as a mouse or a keyboard based on the screen display of the display. The input information and instructions are transmitted to the application server 110 via the reverse proxy server 201 or 301 by the function of the web browser.

Image IM0 in FIG. 3 is an example of an information input screen for login. This screen is first displayed on the display when the access to the reverse proxy server 201 or 301 for which the URL is specified is started on the committee side PC 11 or the school side PC 21. In the image IM0, the images L1 to L3 can be selected by using a pointing device such as a mouse. The images L1 and L2 are images of a control for inputting a login ID and a password. In the present embodiment, the user ID is used as the login ID, but a character string or the like different from the user ID may be used as the login ID. When the image L3 is selected while the user ID and password are input to the controls of the images L1 and L2 using a keyboard or the like, the input user ID and password are input to the application server 110 via the reverse proxy server 201 or 301. Will be sent to. The application server 110 authenticates the transmitted user ID and password based on the result of inquiring the user data 122 of the database server 120.

If the user ID and password are successfully authenticated, the home screen is displayed on the display of the committee PC11 or the school PC21 where the login is executed. The home screen is displayed in the same layout on both the committee side PC11 and the school side PC21. The image IM1 of FIG. 4 is an example of a home screen displayed on the display of the committee-side PC11. The image IM1 includes areas A1 to A3 indicating information on a folder shared with other users, areas A4 including characters indicating an update history, and the like. Information about the survey folder and the notification folder shared with the user on the board of education side is displayed in the area A1. In the area A2, information about the survey folder and the notification folder shared with the user on the school side is displayed. Information about the shared folder such as the shared format is displayed in the area A3. For example, the image IM1 includes items F1 to F6 indicating information about the folder. Each item includes the folder name, the folder type, the folder creation date, the deadline date, the number of shared members (sharing destinations), the folder status, and each information of the creator. As shown in FIG. 4, the status of the folder is represented by two numbers in the "shared member" column. The number on the left shows the number of people who have confirmed the contents of the folder, and the number on the right shows the number of people who have replied.

In the image IM1, the controls of the images B1 to B5 and the items F1 to F6 can be selected by using a pointing device such as a mouse. Image B1 is an image of a control for creating a new folder. Image B2 is an image of a control for selecting a display mode of information about a folder. Image B3 is an image of a control for selecting whether to display information about the replied or completed folder. The image B4 is an image of a control for displaying a list of files being detoxified. Image B5 is an image of the control for logging out of the system. The processing and operation on the PC when the controls of the images B1, B3 and B4 are selected will be described later.

When the user selects the control of image B1, a screen for inputting information for creating a new folder is displayed on the display. As an example, the image IM2 of FIG. 5 shows a screen when a user on the educator's association side creates a survey folder with a user on the school side as a main sharing destination. The user on the committee side executes the process of creating a new folder using the image IM2. In addition, since the same process is performed when the user on the school side executes the newly created process, in the following, when the process is executed on the committee side PC 11 and when the process is executed on the school side PC 21. The explanation will be made assuming both of the above.

The image IM2 includes images B11 to B21 of controls that can be selected using a pointing device or input information using a keyboard or the like. The user can create a new folder by selecting the control of the image B11 to B19, inputting the information, and then selecting the control of the image B20. If you select the control of image B21, you can cancel the new creation of the folder.

The control of the image B11 is for selecting the type of the newly created folder. The control of the image B12 is a control for inputting the name of the folder. The control of the image B13 is for inputting the response deadline for the survey when the "survey folder" is selected in the control of the image B11. The control of the image B14 is for inputting a message directed to the sharing partner of the folder. The control of the image B15 is for inputting the file name of the file to be shared. When the "Delete" button of the image B16 is selected, the input file name is deleted. The control of the image B17 is an area where a file can be selected by a drag and drop operation. It is also possible to select a file using the standard dialog box by selecting the "Select File" button included in the control of image B17. The controls of images B18 and B19 are for selecting a sharing partner. The control of image B18 includes buttons for "select all", "cancel all", "all principals", "all vice-principals", "all general", and "all office work". Of these, if you select the "Select All" button image, you can select all the candidate users. If you select the "All Principals" button, you can select all the principal users from the candidate users. If you select the "All Vice-Principal" button, you can select all the Vice-Principal users among the candidate users. If you select the "All General" button, you can select all general users from the candidate users. If you select the "All office work" button, you can select all office work users from the candidate users. The control of image B19 is for displaying the selected user. The image B19 includes a display of a list of users who are candidates for sharing, and an image of a check box arranged in front of each item in the list. When a user is selected in the control of image B18, a check mark is displayed in the check box of image B19 corresponding to the selected user. Each checkbox is also a control that can be selected using a pointing device. When a check box is selected, the selection state of the user corresponding to the check box can be switched. FIG. 5 shows, as an example, a state in which one user on the board of education side and the principal user of each school are selected.

When the image B20 is selected, the information input in the controls of the images B11 to B19 is transmitted from the committee side PC11 or the school side PC21 to the application server 110 via the reverse proxy server 201 or 301. In response to this, the transfer processing management unit 111 of the application server 110 executes the processing shown in FIG. First, the application server 110 determines whether the source of the information is the committee-side PC11 or the school-side PC21 (step S11). When the transmission source of the information is the committee side PC 11 (step S11, the committee side PC), the transfer processing management unit 111 instructs the database server 120 to generate the folder data 121 based on the received information. (Step S12). Based on this, the database server 120 generates the folder data 121 corresponding to the information input in the controls of the images B11 to B19. Next, the transfer processing management unit 111 instructs the mail transmission server 202 or 302 to send a mail notifying that the folder has been created to the user who shares the folder (step S13). The e-mail address of the user to be shared is acquired from the user data 122 of the database server 120. In response to this, the mail transmission server 202 or 302 transmits the mail of the instructed content to the mail address instructed by the application server 110.

On the other hand, when it is determined in step S11 that the transmission source is the school side PC21, the application server 110 detoxifies the file in the transmitted information as shown in steps S14 to S17. The file is stored in the database server 120. First, the detoxification processing management unit 112 of the application server 110 transmits the file included in the received information to the detoxification processing server 103 (step S14). In response to this, the detoxification processing server 103 starts the detoxification processing of the file. Next, the transfer processing management unit 111 instructs the database server 120 to generate the folder data 121 based on the received information (step S15). Based on this, the database server 120 generates the folder data 121 corresponding to the information input in the controls of the images B11 to B19. However, since the detoxification of the file is not completed at this stage, the newly generated folder data 121 does not include the file. Next, the detoxification processing management unit 112 suspends the progress of the data transfer processing until it receives a notification from the detoxification processing server 103 that the detoxification processing is completed (step S16, NO). When the detoxification processing server 103 receives the notification that the detoxification processing is completed (step S16, YES), the detoxification processing management unit 112 receives the detoxification processing file from the detoxification processing server 103 and transfers it. The processing management unit 111 instructs the database server 120 to store the detoxified file in the folder data 121 of the database server 120 (step S17). In response to this, the database server 120 adds a detoxified file to the folder data 121. Then, the application server 110 executes step S13.

When the process of FIG. 6 is completed, the display of the home screen (for example, the image IM1 of FIG. 4) is displayed on the PC 11 of the committee side and the PC 21 of the school side on which the newly created process is executed as described above. Return to the display of. On the home screen, the items of the newly created folder are added to the corresponding one of the areas A1 and A2. On the other hand, among the committee side PC11 and the school side PC21, on the PC to which the newly created folder is shared, the item of the newly created folder is displayed on the corresponding side of the home screen areas A1 and A2. To. For example, a folder newly created on the committee-side PC11 with the sharing destination as the school-side user is displayed in area A2 on the home screen of the committee-side PC11 and in area A1 on the home screen of the school-side PC21. To. When the file related to the newly created folder is subject to the detoxification process, the folder item is displayed on the display of the sharing destination PC only after the detoxification process is completed.

On the home screen (for example, image IM1 of FIG. 4) displayed on the display of the committee side PC11 or the school side PC21, the user selects an item (for example, any of items F1 to F6 of FIG. 4) indicating detailed information of the folder. When is selected, information indicating which selected item is selected is transmitted from the PC to the application server 110. The application server 110 acquires the folder data 121 corresponding to the folder corresponding to the selected item from the database server 120, and generates an HTML file for displaying a screen showing detailed information of the folder based on the acquired folder data 121. And send it to the PC. On the display of the PC, a screen showing detailed information of the folder is displayed based on the HTML file transmitted from the application server 110.

The image IM3 of FIG. 7 shows an example of a screen displayed on the display when an item corresponding to the received folder is selected on the PC to which the folder is shared. In particular, the image IM3 shows a screen when the user of the school side of the sharing destination selects an item corresponding to the folder created by the user of the committee side. The user on the school side can execute the process of confirming the contents of the folder and replying using the image IM3. In addition, since the same processing is performed when the committee side user executes the content confirmation and reply processing of the folder created by the school side user, the processing is executed on the committee side PC 11 in the following. The description will be made assuming both the case and the case where the processing is executed on the school side PC21.

The image IM3 includes an information display unit C1 that displays information such as a message input by the folder creator and a reply deadline date, and an information display unit C2 that displays information such as the folder creator and the creation date. Further, the image IM3 includes images B31 to B40 of a control that can be selected by using a pointing device or input information by using a keyboard or the like. The user can reply to the creator of the folder by selecting the controls for images B36 to B39, entering the information, and then selecting the controls for images B40.

The control of the image B31 is for downloading all the files saved in the database server 120 at once when a new folder is created. The controls of images B32 and B33 are for downloading the files saved in the database server 120 for each file when a new folder is created. When the controls of images B31 to B33 are selected, the files corresponding to the file names displayed on the left side of images B32 and B33 can be downloaded all at once or individually. When the controls of images B31 to B33 are selected, a request to download a file corresponding to the selected control among the controls of images B31 to B33 is transmitted to the application server 110 via the reverse proxy server 201 or 301. To. In response to this, the application server 110 acquires the requested file from the database server 120 and transmits it to the committee side PC 11 or the school side PC 21 via the reverse proxy server 201 or 301.

When the control of the image B34 is selected, that fact is transmitted to the application server 110 via the reverse proxy server 201 or 301. In response to this, the application server 110 updates the status of the folder in the folder data 121 of the database server 120 to confirmed. When the control of image B35 is selected, the display returns to the home screen shown in FIG.

The control of the image B36 is for inputting the file name to be returned to the folder creator. When the "Delete" button of the image B37 is selected, the file name of the image B36 is deleted. The control of the image B38 is an area where a file can be selected by a drag and drop operation. It is also possible to select a file using the standard dialog box by selecting the "Select File" button included in the control of image B38. The control of image B39 is for inputting a message for the folder creator.

When the control of the image B40 is selected, the information input in the controls of the images B36 to B39 is transmitted from the committee side PC 11 or the school side PC 21 to the application server 110 via the reverse proxy server 201 or 301. In response to this, the application server 110 executes the process shown in FIG. First, the transfer processing management unit 111 of the application server 110 determines whether the source of the information is the committee-side PC11 or the school-side PC21 (step S21). When the transmission source of the information is the committee side PC 11 (step S21, the committee side PC), the transfer processing management unit 111 instructs the database server 120 to add the received information to the folder data 121 (step S21, the committee side PC). Step S22). Based on this, the database server 120 adds the information input in the controls of the images B36 to B39 to the corresponding folder data 121.

On the other hand, when it is determined in step S21 that the transmission source is the school side PC21, the application server 110 performs detoxification processing on the file in the transmitted information as shown in steps S24 to S27, and then performs the database. The file is stored in the server 120. First, the detoxification processing management unit 112 of the application server 110 transmits the file included in the received information to the detoxification processing server 103 (step S24). In response to this, the detoxification processing server 103 starts the detoxification processing of the file. Next, the transfer processing management unit 111 instructs the database server 120 to add the portion of the received information excluding the file to the folder data 121 (step S25). Based on this, the database server 120 adds the information input in the controls of the images B38 and B39 to the corresponding folder data 121. Next, the detoxification processing management unit 112 suspends the progress of the data transfer processing until it receives a notification from the detoxification processing server 103 that the detoxification processing is completed (step S26, NO). Upon receiving the notification from the detoxification processing server 103 that the detoxification processing is completed (step S26, YES), the detoxification processing management unit 112 receives the file after the detoxification processing from the detoxification processing server 103, and also receives the file from the detoxification processing server 103. The transfer processing management unit 111 instructs the database server 120 to store the detoxified file in the folder data 121 of the database server 120 (step S27). In response to this, the database server 120 adds a detoxified file to the folder data 121. Next, the forwarding processing management unit 111 instructs the mail sending server 202 to send a mail notifying that the reply has been made to the folder to the user on the committee side who is the folder creator (step S28). .. The e-mail address of the folder creator is obtained from the user data of the database server 120. In response to this, the mail transmission server 202 transmits the mail of the instructed content to the mail address instructed by the application server 110.

When the process of FIG. 8 is completed, the display of the display returns to the display of the home screen (for example, the image IM1 of FIG. 4). On the home screen, the display of the folder status in the items related to the confirmed folders is updated. Also, the information of the returned folder will not be displayed on the home screen. By selecting the control of the image B3 on the home screen (for example, the image IM1 of FIG. 4) where the folder information is once hidden, the information of the returned folder can be displayed on the home screen again.

The image IM4 of FIG. 9 shows an example of a screen displayed on the display when the folder creator selects an item corresponding to a folder created in the past on the home screen. In particular, the image IM4 shows a screen when the user selects an item corresponding to the folder created by the user on the committee side. The user on the committee side can execute the process of confirming the reply content from the sharing destination using the image IM4. The same process applies when the user on the school side executes the process of confirming the content of the reply from the sharing destination. Therefore, in the following, the process is executed on the committee side PC11 and on the school side PC21. The explanation will be made assuming both cases where the process is executed.

The image IM4 includes information display units C11 to C14 for displaying folder information. The information display unit C11 displays information such as a message input by the folder creator and a reply deadline date. The information display unit C12 displays information such as the folder creator and the creation date. The information display unit C13 displays the reply status from the sharing destination of the folder. As shown in "Icon type" in the image, the information display unit C13 includes the following four types of icons indicating the status of the folder: "read" icon indicating confirmed, not confirmed. An "unread" icon that represents, a "replied" icon that indicates that the reply has been sent, and a "no reply" icon that indicates that the reply has not been completed. At the top of the information display unit C13, the number to the right of the "read" icon indicates the number of shared destinations that have been confirmed, and the number to the right of the "replied" icon indicates the number of shared destinations that have been replied. There is. In addition, the icons on the right side of the "principal" and "vice-principal" indicate whether or not each user of the sharing destination has confirmed and whether or not the reply has been completed. The information display unit C14 displays a message exchanged with the sharing destination.

Further, the image IM4 includes images B51 to B63 of controls that can be selected by using a pointing device or input information by using a keyboard or the like. The control of the image B51 is for downloading all the files saved in the database server 120 at once when a new folder is created. The controls of images B52 and B53 are for downloading the files saved in the database server 120 for each file when a new folder is created. When the controls of images B51 to B53 are selected, the files corresponding to the file names displayed on the left side of the images B52 and B53 can be downloaded all at once or individually. When these buttons are selected, a request to download a file corresponding to the selected control among the controls of images B51 to B53 is transmitted to the application server 110 via the reverse proxy server 201 or 301. In response to this, the application server 110 acquires the requested file from the database server 120 and transmits it to the committee side PC 11 or the school side PC 21 via the reverse proxy server 201 or 301.

The controls of images B54 and B55 are for deleting the files saved in the database server 120 for each file when a new folder is created. When these buttons are selected, a request to delete a file corresponding to the selected control among the controls of the images B54 and B55 is transmitted to the application server 110 via the reverse proxy server 201 or 301. In response, the application server 110 instructs the database server 120 to delete the requested file. The database server 120 deletes the file.

When the control of image B56 is selected, that fact is transmitted to the application server 110 via the reverse proxy server 201 or 301. In response to this, the application server 110 updates the status of the folder in the folder data 121 of the database server 120 to completed. The completed folder information is no longer displayed on the home screen. By selecting the control of the image B3 on the home screen (for example, the image IM1 in FIG. 4) where the folder information is once hidden, the completed folder information can be displayed on the home screen again.

The control of image B57 is for deleting the folder. When this control is selected, a message to that effect is sent to the application server 110. The application server 110 instructs the database server 120 to delete the folder data 121 corresponding to the folder. The database server 120 deletes the folder data 121 based on the instruction. When the folder is deleted, the information of the deleted folder is not displayed on the home screen regardless of the switching by the control of the image B3 in the image IM1. When the control of image B58 is selected, the display returns to the home screen shown in FIG. The control of the image B62 is for inputting a message directed to the folder sharing destination that is the reply source. When the control of the image B63 is selected, the message input to the control of the image B62 is transmitted to the application server 110 via the reverse proxy server 201 or 301. The application server 110 instructs the database server 120 to add the transmitted message to the folder data 121. The database server 120 adds a message to the folder data 121 corresponding to the corresponding folder.

The controls of the images B59 and B60 are for individually downloading the files returned from the sharing destination user. The frames including the descriptions such as "principal" and "vice-principal" included in these images can be individually selected. If you select one of these slots, you can download the file returned by the user corresponding to that slot. Further, the control of the image B61 is for collectively downloading the files returned from all the sharing destination users. When the controls of images B59 to B61 are selected, a request to download a file corresponding to the selected control among the controls of images B59 to B61 is transmitted to the application server 110 via the reverse proxy server 201 or 301. To. In response to this, the application server 110 acquires the requested file from the database server 120 and transmits it to the committee side PC 11 or the school side PC 21 via the reverse proxy server 201 or 301.

The above is a description of a series of processes mainly executed for the survey folder. On the other hand, regarding the notification folder, only the file download and confirmed processing can be executed at the folder sharing destination for the messages and files contained in the folder. That is, the contents of the above processing for the survey folder are the same except that the reply processing is not performed for the folder. In addition, regarding the shared folder such as style, the file included in the folder is only downloaded at the shared destination of the folder. In this specification, in order to avoid duplication of description, detailed description of the processing related to the notification folder and the shared folder such as the format will be omitted.

When the user selects the control of the image B4 on the home screen (for example, the image IM1 of FIG. 4) on the committee side PC11 or the school side PC21, a list of files being detoxified is displayed on the display. The image IM5 of FIG. 10 is an example of a file list displayed on the display. In the image IM5, a list is displayed separately for the file being transmitted and the file being received. Each item in the list contains the name of the folder that contains the file being detoxified, the type of folder, the name of the file being detoxified, the file registration date, and information about the folder creator. ..

According to the present embodiment described above, the reverse proxy server 301 is installed in the external network public segment 300 adjacent to the gateway segment 100. As a result, the file from the school side PC 21 is transferred to the application server 110 installed in the gateway segment 100 via the reverse proxy server 301. The IP address of the reverse proxy server 301 is open to the Internet N2 side, but the IP address of the server (for example, application server 110) in the gateway segment 100 is not open to the Internet N2 side. That is, direct access from the Internet N2 side is limited to the reverse proxy server 301 and not to the gateway segment 100. Therefore, the data transfer system 1 is robust against unauthorized intrusion from the Internet N2 side.

On the other hand, LGWAN N1 is an administrative network that ensures a high degree of security. Therefore, high security is required for the system connected to LGWAN N1. Therefore, it may not be possible to meet the security requirements of the LGWAN N1 side only by being robust against attacks from the Internet N2 side. For example, simply providing a reverse proxy server 301 in the external network public segment 300 does not necessarily mean that illegal data transfer due to unauthorized intrusion from the LGWAN N1 side into the gateway segment 100 (for example, data leakage from the LGWAN N1 side to the Internet N2 side). ) Is not easy to prevent.

Therefore, in the data transfer system 1 according to the present embodiment, the reverse proxy server 201 is provided in the LGWAN public segment 200. Therefore, the gateway segment 100 cannot be directly accessed even from the LGWAN N1 side. In this way, the system is robust not only against unauthorized intrusion from the Internet N2 side but also against unauthorized intrusion from the LGWAN N1 side, so that a system that can easily satisfy the high security requirements of LGWAN N1 is realized.

Further, in the present embodiment, the detoxification processing server 103 is installed in the gateway segment 100. Therefore, the detoxification processing server 103 cannot be directly accessed from either the LGWAN N1 side or the Internet N2 side. Therefore, a robust system is realized even against an attack targeting the detoxification processing server 103. The detoxification processing server 103 may be provided in the data transfer system 1 so as to perform detoxification processing on the file while the file is transferred from the reverse proxy server 301 to the reverse proxy server 201. That is, the detoxification processing server 103 may perform detoxification processing on the file as long as it is located on any of the file transfer routes from the reverse proxy server 301 to the reverse proxy server 201. For example, after the file is once transferred to the database server 120, the file may be transferred to the detoxification processing server 103 in the gateway segment 100 to be detoxified.

Further, in the present embodiment, the protocol used for communication between the committee side PC 11 or the school side PC 21 and the reverse proxy server 201 or 301, and the communication between the reverse proxy server 201 or 301 and the application server 110 The protocols used are different from each other. Therefore, when attempting to invade the application server 110 from LGWAN N1 or the Internet N2, it is necessary to succeed in each of the communications of two different communication protocols. Therefore, a robust system is realized against unauthorized intrusion into the application server 110.

Further, in the present embodiment, the user who shares the newly created folder is in the process of confirming the folder (for example, the process using the image IM3 of FIG. 7 and the process using the image IM4 of FIG. 9). By instructing the download of the file, the file is downloaded to the committee PC11 or the school PC21 of the sharing destination user. That is, the data is transferred to the committee-side PC 11 or the school-side PC 21 only after the sharing destination user inputs the transfer instruction to the committee-side PC 11 or the school-side PC 21. Therefore, the sharing destination user can execute the data transfer to the committee side PC 11 or the school side PC 21 at a desired timing.

Further, in the present embodiment, when a new folder is created, the folder is newly created from the application server 110 via the mail transmission server 202 or 302 to the mail address corresponding to the user who shares the folder. An email will be sent. Therefore, the sharing destination user can check the contents of the folder and download the file based on the e-mail notification.

<Modification example>
The above is a description of a preferred embodiment of the present invention, but the present invention is not limited to the above-described embodiment, and various changes can be made as long as it is described in the means for solving the problem. It is possible.

For example, in the above-described embodiment, different communication protocols are used for the communication between the committee side PC 11 or the school side PC 21 and the reverse proxy server 201 or 301 and the communication between the reverse proxy server 201 or 301 and the application server 110. It is used. However, a common communication protocol may be used for these communications.

Further, in the above-described embodiment, the detoxification processing server 103 is provided in the gateway segment 100. However, a means for performing detoxification processing may be provided outside the gateway segment 100. For example, the detoxification processing server 103 may be provided so as to be connected to the Internet N2 and communicate with the school PC21 and the reverse proxy server 301 via the Internet N2. In this case, the file transmitted from the school PC 21 to the detoxification processing server 103 via the Internet N2 is detoxified, and the detoxification processing server 103 is detoxified to the reverse proxy server 301 via the Internet N2. The completed file is sent.

Further, in the above-described embodiment, the application server 110, the database server 120, and the detoxification processing server 103 are configured as independent servers. However, a server having the functions of two or three of these servers may be provided instead. For example, when a server having the functions of the application server 110 and the database server 120 is used instead of these, such a server corresponds to the data storage means in the present invention.

Further, in the above-described embodiment, the user of the sharing destination of the newly created folder instructs the user to download the file, so that the file is downloaded to the committee side PC 11 or the school side PC 21 of the sharing destination user. However, for example, when the detoxification process for the file transferred from the school PC 21 via the reverse proxy server 301 is completed, the application server 110 is automatically connected to the LGWAN N1 via the reverse proxy server 201. The data transfer system 1 may be configured to transfer the detoxified file to the computer or server of the server.

Further, as an implementation example of the data transfer process executed by the data transfer system 1, each time the screen displayed on the display of the committee side PC 11 or the school side PC 21 is changed, the committee side PC 11 or the school side PC 21 The data transfer system 1 may be configured so that the communication session executed regarding the communication between the user and the application server 110 is temporarily disconnected. Specifically, for example, each time a transition from the screen of the image IM0 of FIG. 3 to the screen of the image IM1 of FIG. 4 or a transition from the screen of the image IM1 of FIG. 4 to the screen of the image IM2 of FIG. 5 is made. In addition, after the communication session between the committee side PC 11 or the school side PC 21 and the reverse proxy server 201 or 301 and the communication session between the reverse proxy server 201 or 301 and the application server 110 are temporarily disconnected, new communication is performed. It is preferable that the data transfer system 1 is configured so that each session is started. In this case, it is necessary to ensure continuity with the old communication session in the new communication session. As a specification for this, for example, the user ID and password held during the login period on the committee side PC11 or the school side PC21 are changed every time the screen is changed, that is, every time a new communication session is started. A configuration may be adopted in which transmission is transmitted from the side PC 11 or the school side PC 21 to the application server 110, and these authentications are performed in the application server 110. According to this, the application server 110 can grasp that the new communication session is by the same user as the old communication session. Based on this, the application server 110 executes the data transfer process in the new session as the process related to the same user as the old communication session and as the process in the continuous communication session from the old communication session.

N1 LGWAN
N2 Internet 11 Committee side PC
21 School side 1 Data transfer system 100 Gateway segment 103 Detoxification processing server 110 Application server 120 Database server 200 LGWAN public segment 201 Reverse proxy server 202 Mail transmission server 300 External network public segment 301 Reverse proxy server 302 Mail transmission server

Claims (5)

A data transfer system that executes data transfer from the second computer to the first computer through the first communication network to which the first computer is connected and the second communication network to which the second computer is connected.
The first reverse proxy server connected to the first communication network,
A second reverse proxy server connected to the second communication network,
A target data storage means for storing data transferred from the second computer via the second reverse proxy server, and a target data storage means.
Detoxification processing means that detoxifies the data to be transferred,
The data transmitted from the second computer via the second reverse proxy server is transferred to the target data storage means, and the data stored in the target data storage means is transferred to the target data storage means via the first reverse proxy server. It is equipped with an application server that transfers data to the first computer.
The data that has been detoxified by the detoxification processing means is transferred from the target data storage means to the first computer via the first reverse proxy server .
Communication between the first computer and the first reverse proxy server, communication between the second computer and the second reverse proxy server, the first reverse proxy server, the second reverse proxy server, and the application server. A data transfer system characterized in that different communication protocols are used for communication between. A data transfer system that executes data transfer from the second computer to the first computer through the first communication network to which the first computer is connected and the second communication network to which the second computer is connected.
The first reverse proxy server connected to the first communication network,
A second reverse proxy server connected to the second communication network,
A target data storage means for storing data transferred from the second computer via the second reverse proxy server, and a target data storage means.
It is equipped with a detoxification processing means that detoxifies the data to be transferred.
The data that has been detoxified by the detoxification processing means is transferred from the target data storage means to the first computer via the first reverse proxy server .
Data can be transferred from either the first computer or the second computer to the target data storage means.
The data transferred from one of the first computer and the second computer is stored in the target data storage means together with information indicating the transfer destination user.
Data characterized in that data is transferred from the target data storage means to the other when a transfer instruction is input by the transfer destination user on the other of the first computer and the second computer. Transfer system. The detoxification processing means performs the detoxification processing on the data until the data transferred from the second computer via the second reverse proxy server is transferred to the first reverse proxy server. The data transfer system according to claim 1 or 2. The data transfer system according to claim 2 , wherein at least one of a reply message and a file can be transferred from the other to the other. An address storage means that stores an email address in association with information that indicates a user,
An e-mail transmission means for transmitting an e-mail indicating that data has been transferred from the first computer or the second computer to an e-mail address corresponding to the transfer destination user based on the stored contents of the address storage means. The data transfer system according to claim 2 or 4 , wherein the data transfer system comprises.

Images