JPH02189636A - Secrecy protection system for intra-network transfer data - Google Patents

Abstract

PURPOSE:To transfer data through only a permitted repeating node by adding the information of a system group allowing the repeat with a transmitted opposite system to transfer data and executing data transfer without including a system inhibiting access to the transfer data in a transfer route. CONSTITUTION:The information of an accessible system group specified from a user, i.e. the system group allowing repeat is added to transfer data 6 together with an opposite system name. The information of the accessible system group to be an attribute 4 attached to the data is compared with route information 3 indicating a route group to the opposite system 2 controlled by the system by a route selecting means 5 in a transmitting system 1. The route capable of arriving at the system 2 through only the accessible repeating system group is searched and the transfer data 6 are transferred in the network 7 through the route. Thus, the informations of the transmitted opposite system and the repeat enabled system group are added to the transfer data 6 to transfer the transfer data 6 in the network 7.

Description

[Detailed Description of the Invention] [Summary] In order to protect the security of data transferred in a computer network, this invention relates to a security protection system for data transferred within a network that restricts the data transfer path. The purpose of this is to provide a mechanism for transferring data only via relay nodes that are connected to the computer system. route selection means for selecting a transfer route using route information indicating all routes within the transfer destination and data attributes indicating a system group that is permitted to access the transfer data among systems other than the transmission destination; Information on the transmission destination system and a group of systems that are allowed to be relayed is added to the data transfer route, so that the data transfer is performed without including in the transfer route any systems that are not allowed to access the transferred data.

[Industrial application field]

The present invention relates to a security system in a computer system, and more particularly to a security system for data transferred within a network that limits a data transfer path in order to protect the security of data transferred in a computer network.

BACKGROUND OF THE INVENTION Computer networks are expanding and various types of data are being transferred over the networks, and as a result, there is a need to strengthen the security of data transferred within the networks.

Network expansion is being carried out in the form of, for example, connecting internal networks across multiple companies or using ■AN, and the number of systems connected by networks is increasing dramatically. As a result, the transfer of confidential data and other data, which previously was not a problem when networks were closed within the company, now has the risk of being leaked outside the company.

For this reason, as the physical connectivity of networks expands, a logical network that is closed within a certain range from the perspective of transferred data is required. There is a need for functionality that guarantees that data is never transferred to

[Conventional technology]

In the data security function of conventional networks, for example, at the time of connection, passwords are exchanged to confirm the other node, and checks are performed to prevent connections with unauthorized nodes.

FIG. 6 is a diagram showing an example of a network composed of five computer systems. In the figure, there are computer systems, that is, nodes N to N5. If data is to be transferred from node N+ to node N5, the route PI from NI to N via N2 and N4, the route P2 from N to N5 via N2,
A route P3 from N, via N2, via N3, to N.
, and a route P4 from NI to N via Nl.

Here, if it is not allowed to transfer the transfer data from node NI via node N3, that is, if node N□ is not allowed to access the data, Pl or P2 must be selected as the data transfer path. It will not happen.

Conventional data transfer route selection methods include a method in which the network uniquely determines the optimal route, and a method in which the network uniquely determines the optimal route;
There is a method of specifying a transfer route for each transfer data. Compared to the latter, the former method does not require specifying individual routes, and if a certain route is unavailable,
It has the advantage of being able to automatically select an alternative route.

However, with this method, there are no restrictions on the data that can be transferred between authorized nodes, so it is not possible to select a route for each data, which poses problems in terms of protecting the security of transferred data. There is.

[Problem to be solved by the invention]

As individual networks become interconnected and networks grow in size, the transfer route becomes connected to nodes that suffer losses if the contents of the data to be transferred are referenced or the existence of the data itself is known. In some cases, it is not possible to restrict access to data sent to such nodes or to keep records of what kind of access was made. Furthermore, in order to maintain network integrity, network routes are becoming multiplexed and more complex, making it difficult for users to instruct data transfer routes.

For this reason, problems have arisen in that data is intentionally or inadvertently transferred to an unauthorized node, or unauthorized access is allowed to data passing through a relay node.

According to the present invention, during data transfer within a network,
The purpose is to provide a mechanism for transferring data only via authorized relay nodes.

[Means to solve the problem]

FIG. 1 is a block diagram of the principle of the present invention. In the figure, it is assumed that data is transmitted from a source system 1 to a destination system 2 via a network 7. The route selection means 5 in the source system 1 receives route information 3 for data transfer indicating all routes that can reach the destination system 2 within the network 7, and data transfer route information 3 indicating all routes that can reach the destination system 2 within the network 7. , and data attribute 4 indicating a system group that is permitted to access the transfer data 6, the data transfer route is selected.

In the transfer data 6, information about the transmission destination system 2 and a group of systems that are allowed to be relayed within the network 7 is added to the transfer data body.

[For production]

As shown in FIG. 1, in the present invention, information on a group of systems that can be accessed as instructed by the user, that is, a group of systems that allow relaying, is added to the transfer data 6 together with the system information of the other party. The route selection means 5 in the source system 1 selects the information on the accessible system group as the attribute 4 attached to the data and the destination system 2 managed by the system.
The route information 3 indicating the route group to will be transferred.

Furthermore, as described above, the information on the accessible relay system group is added to the transfer data 6 as its control data, so that similar processing can be performed at the relay destination system group, for example.

As described above, according to the present invention, the transfer data 6 is transferred within the network 7 with information about the transmission destination system and the system group that can be relayed added.

〔Example〕

FIG. 2 shows an example of data transfer route information 3 and data attributes 4 of transfer data used by the route selection means 5 in the source system 1. This figure corresponds to an example of a transfer route and data attributes when data is transmitted from node N1 to node N5 in FIG. 6.

As shown in (a), the route from NI held as transfer route information within the source system, that is, node N1, to node N5 is N via N2 and N4.
Route P+ leading to 5, route Pz leading to N via Nz
, Nz, there is a route P3 that leads to N via N3, and a route P4 that leads to N5 via N3.

In addition, in FIG. 2(b) showing the attributes of the transferred data,
It is shown that N2 and N4 are allowed as relay nodes, and node N3 is not allowed.

FIG. 3 shows an example of the format of transfer data. In the figure, the transferred data consists of a control section and a data section, and the control section contains a destination node Ns, which is the destination of the data.
and a relay node N2 that allows access to the data.
and N4 are shown. Here, it is assumed that the destination node and the relay node are input together with the data body by, for example, a keyboard input by the user.

FIG. 4 shows an embodiment of a transfer route designation method for job transfer. In the figure, the control statement of the job to be transferred is a control statement J1 indicating that node N5 is the destination node of the transmission destination, and indicating that the relay nodes that can be accessed are limited to nodes N2 and N4. This shows that it consists of control statement J2.

FIG. 5 is an embodiment of a flowchart of route selection processing when transferring a job. In the figure, when the transmission process starts,
First, SIO determines whether or not it is possible to transmit to the destination node of the transmission destination. If transmission is possible, the Sll selects all transmission routes that can reach the destination node.

Then, for all the selected routes, only the relayable nodes permitted by control statement J2 in FIG. 4 are passed through,
It is determined whether there is a route through which data can be transferred. If such a route exists, transmission is possible; if such a route does not exist, transmission is disabled.

〔Effect of the invention〕

As explained above, according to the present invention, it is possible to guarantee that data is not transferred to any system other than the one that allows access specified by the user, and data is transferred within a network where various systems are connected. This greatly contributes to improving the level of data security.

destination system, route information, data attributes, route selection means; transfer data, network.

[Brief explanation of the drawing]

Figure 1 is a block diagram of the principle of the present invention, Figure 2 is an example of data transfer route information and data attributes of transferred data, Figure 3 is an example of the format of transferred data, and Figure 4 is job transfer. FIG. 5 is an example of a flowchart of a route selection process when transferring a job. FIG. 6 is a diagram showing an example of a network composed of five computer systems. 1... Source system,

Claims (1)

[Claims] In a network constituted by a plurality of computer systems, all routes within the network (7) that can reach the destination system (2) are shown in the data source system (1). route selection means (5) for selecting a transfer route using route information (3) and a data attribute (4) indicating a system group other than the transmission destination that is permitted to access the transfer data (6); information about the transmission destination system and a group of systems that are allowed to be relayed to the transfer data (6), and performs data transfer without including in the transfer route any systems that are not allowed to access the transfer data (6); A security protection method for data transferred within a network is characterized by: