WO2018193692A1 - Information processing device, information processing system, and program - Google Patents

Information processing device, information processing system, and program Download PDF

Info

Publication number
WO2018193692A1
WO2018193692A1 PCT/JP2018/004368 JP2018004368W WO2018193692A1 WO 2018193692 A1 WO2018193692 A1 WO 2018193692A1 JP 2018004368 W JP2018004368 W JP 2018004368W WO 2018193692 A1 WO2018193692 A1 WO 2018193692A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
information processing
security level
management
network
Prior art date
Application number
PCT/JP2018/004368
Other languages
French (fr)
Japanese (ja)
Inventor
松井 一樹
Original Assignee
富士通株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 富士通株式会社 filed Critical 富士通株式会社
Publication of WO2018193692A1 publication Critical patent/WO2018193692A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Definitions

  • the present invention relates to a security countermeasure technique for a system connected to a network.
  • the spread of the Internet has increased the risk of accessing data in organizations such as companies from various routes.
  • IoT Internet of Things
  • a wide variety of devices are connected to the Internet, and the risk of unauthorized access from malicious devices and cyber attacks is further increased.
  • the access destination server or gateway compares the image pattern, file content, extension, etc. when determining whether the file is permitted to be sent to the outside. It is carried out.
  • this technique has a problem that the processing load on the server or gateway increases.
  • An object of the present invention is, in one aspect, to provide a technique for preventing information from leaking to the outside even when there is unauthorized access.
  • An information processing apparatus manages a security level of first data when a request for access to first data managed by the information processing apparatus is received from outside a network to which the information processing apparatus is connected.
  • An inquiry unit that transmits an inquiry about the security level of the first data to the management device, and when the security level of the first data included in the response received from the management device is a predetermined level,
  • a generation unit configured to generate second data from the first data and transmit the second data to a request transmission source;
  • FIG. 1 is a diagram illustrating an overview of a system according to the first embodiment.
  • FIG. 2 is a functional block diagram of the server.
  • FIG. 3 is a functional block diagram of the network device.
  • FIG. 4 is a diagram illustrating an example of data stored in the management data storage unit.
  • FIG. 5 is a functional block diagram of the network device.
  • FIG. 6 is a functional block diagram of the user terminal.
  • FIG. 7 is a diagram showing a processing flow of processing executed in the system.
  • FIG. 8 is a diagram showing a processing flow of processing executed in the system.
  • FIG. 9 is a diagram illustrating an overview of a system according to the second embodiment.
  • FIG. 10 is a functional block diagram of the management server.
  • FIG. 11 is a hardware configuration diagram of the computer.
  • FIG. 12 is a hardware configuration diagram of the relay apparatus.
  • FIG. 1 is a diagram illustrating an overview of a system according to the first embodiment.
  • a user terminal 7 that is a personal computer and a network device 5 that is a router, for example, are connected to the network 9a of the organization A.
  • a server 1 that manages data used in the organization B and a network device 3 that is, for example, a router are connected to the network 9b of the organization B.
  • the network device 3 and the network device 5 relay communication between the user terminal 7 and the server 1.
  • the network 9a and the network 9b belong to the same intranet.
  • the number of servers 1 and user terminals 7 is 1, but the number of servers 1 and user terminals 7 may be two or more.
  • FIG. 2 is a functional block diagram of the server 1.
  • an application 12 that is a file management tool such as Explorer, and an OS (Operating System) 10 that is Windows (registered trademark) or Linux (registered trademark) are executed.
  • the server 1 also has a file storage unit 14.
  • the OS 10 includes a first control unit 101, a second control unit 102, a device driver 103, and an IO (Input / Output) control unit 104.
  • the first control unit 101 executes processing for inquiring the network device 3 about the security level of the file accessed from the user terminal 7.
  • the second control unit 102 executes processing for generating another file from the file accessed from the user terminal 7 based on the processing result of the first control unit 101.
  • the device driver 103 executes processing for controlling the hardware device of the server 1.
  • the IO control unit 104 executes reading and writing of the file stored in the file storage unit 14.
  • FIG. 3 is a functional block diagram of the network device 3.
  • the network device 3 includes a relay processing unit 31, a management unit 32, and a management data storage unit 33.
  • the relay processing unit 31 executes processing for relaying communication data.
  • the management unit 32 manages data stored in the management data storage unit 33.
  • FIG. 4 is a diagram illustrating an example of management data stored in the management data storage unit 33.
  • a URL Uniform Resource Identifier
  • the second control unit 102 rewrites the file.
  • FIG. 5 is a functional block diagram of the network device 5.
  • the network device 5 includes a relay processing unit 51.
  • the relay processing unit 51 executes processing for relaying communication data.
  • FIG. 6 is a functional block diagram of the user terminal 7.
  • the user terminal 7 includes an application 71 that is a browser, for example.
  • the application 71 accesses a file through communication with the application 12 of the server 1.
  • the application 71 of the user terminal 7 transmits a request for access to a file managed by the server 1 (hereinafter referred to as a file access request) to the network device 5 (FIG. 7: step S1).
  • the file access request includes the URL of the file to be accessed.
  • the relay processing unit 51 of the network device 5 transfers the received file access request to the network device 3. Then, the relay processing unit 31 of the network device 3 receives the file access request from the network device 5 (step S3). The relay processing unit 31 transfers the file access request received in step S3 to the server 1 that is the transmission destination (step S5).
  • the application 12 of the server 1 that is the transmission destination of the file access request receives the file access request from the network device 3 (step S7).
  • the file access request received from the network device 3 is a file access request from the outside of the network 9b. Communication data from other servers in the network 9b does not pass through the network device 3.
  • the first control unit 101 of the server 1 transmits an inquiry about the security level including the URL included in the received file access request to the network device 3 (step S9).
  • the management unit 32 of the network device 3 receives the inquiry from the server 1 (step S11).
  • the management unit 32 identifies the security level associated with the URL included in the inquiry received in step S11 from the management data storage unit 33 (step S13).
  • the management unit 32 transmits a response including information on the security level specified in step S13 to the server 1 (step S15).
  • the second control unit 102 of the server 1 receives a response from the network device 3 (step S17).
  • the second control unit 102 reads the file specified by the URL included in the file access request received in step S7 from the file storage unit 14 via the IO control unit 104 (step S19).
  • the second control unit 102 determines whether the security level of the file read in step S19 is a security level of “prohibit to take outside the organization” ( Step S21).
  • step S21 When the security level is not the security level of “prohibit to take outside the organization” (step S21: No route), there is no problem even if the contents of the file are known to organizations other than the organization B. Accordingly, the second control unit 102 outputs the file read in step S19 to the application 12 (step S25).
  • step S21 when the security level is the security level of “prohibit to take out outside the organization” (step S21: Yes route), there is a problem in the contents other than the organization B being known to the contents of the file. Accordingly, the second control unit 102 generates a file different from the file read out in step S19 (step S23).
  • step S23 for example, a file having the same file name but with the data in the file replaced with “0x0” is generated. Alternatively, file encryption is performed.
  • the application 12 transmits the file received from the second control unit 102 to the network device 3 (FIG. 8: step S26).
  • the relay processing unit 31 of the network device 3 receives the file from the server 1 (step S27).
  • the relay processing unit 31 transfers the file received in step S27 to the network device 5 (step S29).
  • the relay processing unit 51 of the network device 5 transfers the file received from the network device 3 to the user terminal 7. Then, the application 71 of the user terminal 7 receives a file from the network device 5 (step S31).
  • the method of the present embodiment does not depend on the application 12 to be used, and does not depend on user authentication information, device authentication information, or the like. Therefore, a highly versatile access control mechanism can be realized without increasing the burden on the user and without changing the application 12.
  • a combination of the existing user authentication and device authentication and the method of the present embodiment can realize a stronger access control mechanism. Even if authentication information is leaked to the outside, the contents of the original file are never known.
  • the operator of the user terminal 7 can confirm that the confidential information can be accessed due to a setting error of the administrator, etc. by sending the processed file instead of rejecting the access and not sending the file. I can know. If the operator of the user terminal 7 informs the administrator that the confidential information has been accessed, the administrator can quickly know that the security measures are inadequate. Further, when a malicious person receives a processed file, it becomes easy to specify a crime based on the fact that the file has been received.
  • FIG. 9 is a diagram illustrating an overview of a system according to the second embodiment.
  • a server 1 is connected to an intranet of an organization such as a company, and the server 1 is connected to a management server 2 installed in a DMZ (DeMilitarized Zone) inside the firewall.
  • the management server 2 is connected to a network device 5 that is a router, for example.
  • the network device 5 is connected to a network 9c that is the Internet.
  • a user terminal 7 is connected to the network 9c.
  • FIG. 10 is a functional block diagram of the management server 2.
  • the management server 2 includes a management unit 21 and a management data storage unit 22.
  • the management unit 21 manages data stored in the management data storage unit 22.
  • the management data storage unit 22 stores the same data as the management data storage unit 33 in the first embodiment.
  • the network device 5 of the second embodiment since the network device 5 of the second embodiment is connected to the network 9c that is the Internet, the possibility of unauthorized access to the network device 5 is increased. However, since the possibility of unauthorized access to the management server 2 installed in the DMZ is relatively low, the management data storage unit 22 is provided in the management server 2 to reduce the possibility of the management data being stolen or falsified. be able to.
  • the management unit and the management data storage unit are provided in a device different from the server 1, but the server 1 may be provided with the management unit and the management data storage unit. .
  • the server 1 may be provided with the management unit and the management data storage unit.
  • synchronization should be performed so that the contents of the management data storage unit of each server 1 are always the same. Is preferred.
  • the present invention is not limited to this.
  • the functional block configurations of the server 1, the management server 2, the network device 3, the network device 5, and the user terminal 7 described above may not match the actual program module configuration.
  • the data configuration described above is an example, and it does not have to be the above configuration. Further, in the processing flow, the processing order can be changed if the processing result does not change. Further, it may be executed in parallel.
  • the same processing as in the present embodiment may be executed in a virtual environment.
  • first control unit 101 and the second control unit 102 may be implemented as software that operates on the OS 10 instead of being a part of the OS 10.
  • file storage unit 14 may not be built in the server 1.
  • the server 1, the management server 2, and the user terminal 7 described above are computer devices. As shown in FIG. 11, a memory 2501 and a CPU (Central Processing Unit) 25 are used. 03, a hard disk drive (HDD) 2505, and a display device 25 The display control unit 2507 connected to 09, the drive device 2513 for the removable disk 2511, the input device 2515, and the communication control unit 2517 for connecting to the network are connected by a bus 2519. An operating system (OS) and an application program for executing the processing in this embodiment are stored in the HDD 2505, and are read from the HDD 2505 to the memory 2501 when executed by the CPU 2503.
  • OS operating system
  • an application program for executing the processing in this embodiment are stored in the HDD 2505, and are read from the HDD 2505 to the memory 2501 when executed by the CPU 2503.
  • the CPU 2503 controls the display control unit 2507, the communication control unit 2517, and the drive device 2513 according to the processing content of the application program, and performs a predetermined operation. Further, data in the middle of processing is mainly stored in the memory 2501, but may be stored in the HDD 2505.
  • an application program for performing the above-described processing is stored in a computer-readable removable disk 2511 and distributed, and installed in the HDD 2505 from the drive device 2513. In some cases, the HDD 2505 may be installed via a network such as the Internet and the communication control unit 2517.
  • Such a computer apparatus realizes various functions as described above by organically cooperating hardware such as the CPU 2503 and the memory 2501 described above and programs such as the OS and application programs. .
  • the network device 3 and the network device 5 described above include a memory 2601, a CPU 2603, a hard disk drive (HDD) 2605, a display control unit 2607 connected to the display device 2609, and a removable disk.
  • a drive device 2613 for 2611, an input device 2615, and a communication control unit 2617 (2617a to 2617c in FIG. 12) for connecting to a network are connected by a bus 2619.
  • the display control unit 2607, the display device 2609, the drive device 2613, and the input device 2615 may not be included.
  • An operating system (OS: Operating System) and an application program for performing processing in the present embodiment are stored in the HDD 2605, and are read from the HDD 2605 to the memory 2601 when executed by the CPU 2603. If necessary, the CPU 2603 controls the display control unit 2607, the communication control unit 2617, and the drive device 2613 to perform necessary operations. Note that data input via any one of the communication control units 2617 is output via another communication control unit 2617. The CPU 2603 controls the communication control unit 2617 to appropriately switch the output destination. Further, data in the middle of processing is stored in the memory 2601 and stored in the HDD 2605 if necessary.
  • an application program for performing the above-described processing is stored in a computer-readable removable disk 2611 and distributed, and is installed from the drive device 2613 into the HDD 2605.
  • the HDD 2605 may be installed via a network such as the Internet and the communication control unit 2617.
  • Such a computer apparatus realizes various functions as described above by organically cooperating hardware such as the CPU 2603 and the memory 2601 described above with the OS and necessary application programs.
  • the information processing apparatus When the information processing apparatus according to the first aspect of the present embodiment receives a request for access to the first data managed by the information processing apparatus from the outside of the network to which the information processing apparatus is connected (A) An inquiry unit that transmits an inquiry about the security level of the first data to the management device that manages the security level of the first data (the first control unit 101 in the embodiment is an example of an inquiry unit). (B) When the security level of the first data included in the response received from the management apparatus is a predetermined level, the second data is generated from the first data, and the second data is requested. (A second control unit 102 in the embodiment is an example of a generation unit).
  • the management device may be a relay device that connects the network and another network.
  • the above relay device When receiving an access request from the outside of the network, the above relay device is usually installed, so that the above relay device can be used.
  • the management device may be a device in a demilitarized zone.
  • the management device When the management device is connected to an external network such as the Internet, it may be subject to attacks such as theft or rewriting of data in the relay device. However, if a device in the demilitarized zone is used, such an attack is received. Can be prevented.
  • the second data may be data obtained by rewriting at least part of the first data or data obtained by encrypting the first data.
  • the information processing system includes (C) an information processing device and (D) a management device that manages the security level of the first data managed by the information processing device.
  • the information processing apparatus receives a request for access to the first data from outside the network to which the information processing apparatus is connected, the information processing apparatus asks the management apparatus about the security level of the first data.
  • (1st control unit 101 in the embodiment is an example of an inquiry unit)
  • the security level of the first data included in the response received from the management device is predetermined.
  • the generation unit that generates the second data from the first data and transmits the second data to the request transmission source (the second control unit 102 in the embodiment is an example of the generation unit). ).
  • the management device includes (d1) a data storage unit that stores the security level of the first data (the management data storage unit 33 in the embodiment is an example of the data storage unit), and (d2) the information processing device.
  • a communication unit that reads the security level of the first data from the data storage unit and transmits a response including the security level of the first data to the information processing apparatus (the management unit 32 in the embodiment is a communication unit) For example).
  • a request for access to the first data managed by the information processing device is received from outside the network to which the information processing device is connected , Sending an inquiry about the security level of the first data to the management device that manages the security level of the first data, and (F) the security of the first data included in the response received from the management device
  • the level is a predetermined level, a process of generating second data from the first data and transmitting the second data to the transmission source of the request is included.
  • a program for causing the processor to perform the processing according to the above method can be created.
  • the program is, for example, a computer-readable storage medium such as a flexible disk, CD-ROM, magneto-optical disk, semiconductor memory, or hard disk. It is stored in a storage device.
  • the intermediate processing result is temporarily stored in a storage device such as a main memory.
  • (Appendix 1) An information processing apparatus, When a request for access to the first data managed by the information processing apparatus is received from outside the network to which the information processing apparatus is connected, the management apparatus manages the security level of the first data An inquiry unit for sending an inquiry about the security level of the first data; When the security level of the first data included in the response received from the management device is a predetermined level, the second data is generated from the first data, and the second data is requested to the request A generation unit that transmits to the transmission source of An information processing apparatus.
  • the management device is a relay device that connects the network and another network.
  • the information processing apparatus according to attachment 1.
  • the management device is a device located in a demilitarized zone, The information processing apparatus according to attachment 1.
  • the second data is data obtained by rewriting at least a part of the first data or data obtained by encrypting the first data.
  • the information processing apparatus according to any one of appendices 1 to 3.
  • the management apparatus manages the security level of the first data Send a query about the security level of the first data;
  • the security level of the first data included in the response received from the management device is a predetermined level, the second data is generated from the first data, and the second data is requested to the request Send to A program that executes processing.
  • An information processing device An information processing device; A management device for managing the security level of the first data managed by the information processing device; Have The information processing apparatus includes: An inquiry for transmitting an inquiry about the security level of the first data to the management apparatus when a request for access to the first data is received from outside the network to which the information processing apparatus is connected And When the security level of the first data included in the response received from the management device is a predetermined level, the second data is generated from the first data, and the second data is requested to the request A generation unit that transmits to the transmission source of Have The management device A data storage unit for storing a security level of the first data; A communication unit that, when receiving the inquiry from the information processing device, reads a security level of the first data from the data storage unit and transmits the response including the security level of the first data to the information processing device. When, An information processing system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

[Problem] To prevent leakage of information even if unauthorized access occurs. [Solution] This information processing device is provided with: an inquiry unit which, when a request to access first data managed by the information processing device has been received from outside of the network to which the information processing device is connected, transmits, to a management device for managing the security level of the first data, an inquiry as to the security level of the first data; and a generation unit which generates second data from the first data and transmits the second data to the source of transmission of the request if the security level of the first data as indicated in a response received from the management device is at a predetermined level.

Description

情報処理装置、情報処理システム及びプログラムInformation processing apparatus, information processing system, and program
 本発明は、ネットワークに接続されたシステムのセキュリティ対策技術に関する。 The present invention relates to a security countermeasure technique for a system connected to a network.
 インターネットが普及したことにより、様々な経路から企業等の組織内のデータにアクセスされるリスクが高まっている。また、IoT(Internet of Things)の本格化に伴って多種多様なデバイスがインターネットに接続されるようになっており、悪意を有するデバイスからの不正アクセスやサイバー攻撃のリスクがさらに高まっている。 The spread of the Internet has increased the risk of accessing data in organizations such as companies from various routes. In addition, along with the full-scale implementation of IoT (Internet of Things), a wide variety of devices are connected to the Internet, and the risk of unauthorized access from malicious devices and cyber attacks is further increased.
 セキュリティ対策を重畳的に施せば、システムの安全性を高めることはできる。しかし、利用者の負担(例えば、ID(IDentifier)及びパスワードの入力作業)は増加し、また、セキュリティ対策自体の管理及びメンテナンス等のコストは増加する。 シ ス テ ム System security can be improved if security measures are implemented in a superimposed manner. However, the burden on the user (for example, ID (IDentifier) and password input work) increases, and the costs for management and maintenance of the security measures themselves increase.
 従来技術においては、不正アクセスへの対策として、アクセス先のサーバ或いはゲートウェイが、外部への送信が許可されたファイルであるか否かを判定する際にイメージパターン、ファイル内容及び拡張子等の比較を行っている。しかし、この技術にはサーバ或いはゲートウェイの処理負荷が高くなるという問題が有る。 In the prior art, as a countermeasure against unauthorized access, the access destination server or gateway compares the image pattern, file content, extension, etc. when determining whether the file is permitted to be sent to the outside. It is carried out. However, this technique has a problem that the processing load on the server or gateway increases.
特開2006-48193号公報JP 2006-48193 A 特開2009-258852号公報JP 2009-258852 A
 本発明の目的は、1つの側面では、不正アクセスがあった場合においても外部に情報が流出することを防ぐための技術を提供することである。 An object of the present invention is, in one aspect, to provide a technique for preventing information from leaking to the outside even when there is unauthorized access.
 一態様に係る情報処理装置は、情報処理装置が接続されるネットワークの外部から、情報処理装置が管理する第1のデータへのアクセスの要求を受信した場合、第1のデータのセキュリティレベルを管理する管理装置に対して、第1のデータのセキュリティレベルについての問合せを送信する問合せ部と、管理装置から受信した応答に含まれる、第1のデータのセキュリティレベルが、所定のレベルである場合、第1のデータから第2のデータを生成し、第2のデータを要求の送信元に送信する生成部とを有する。 An information processing apparatus according to an aspect manages a security level of first data when a request for access to first data managed by the information processing apparatus is received from outside a network to which the information processing apparatus is connected. An inquiry unit that transmits an inquiry about the security level of the first data to the management device, and when the security level of the first data included in the response received from the management device is a predetermined level, A generation unit configured to generate second data from the first data and transmit the second data to a request transmission source;
 1つの側面では、不正アクセスがあった場合においても外部に情報が流出することを防げるようになる。 In one aspect, it is possible to prevent information from leaking outside even if there is unauthorized access.
図1は、第1の実施の形態のシステムの概要を示す図である。FIG. 1 is a diagram illustrating an overview of a system according to the first embodiment. 図2は、サーバの機能ブロック図である。FIG. 2 is a functional block diagram of the server. 図3は、ネットワーク機器の機能ブロック図である。FIG. 3 is a functional block diagram of the network device. 図4は、管理データ格納部に格納されるデータの一例を示す図である。FIG. 4 is a diagram illustrating an example of data stored in the management data storage unit. 図5は、ネットワーク機器の機能ブロック図である。FIG. 5 is a functional block diagram of the network device. 図6は、利用者端末の機能ブロック図である。FIG. 6 is a functional block diagram of the user terminal. 図7は、システムにおいて実行される処理の処理フローを示す図である。FIG. 7 is a diagram showing a processing flow of processing executed in the system. 図8は、システムにおいて実行される処理の処理フローを示す図である。FIG. 8 is a diagram showing a processing flow of processing executed in the system. 図9は、第2の実施の形態のシステムの概要を示す図である。FIG. 9 is a diagram illustrating an overview of a system according to the second embodiment. 図10は、管理サーバの機能ブロック図である。FIG. 10 is a functional block diagram of the management server. 図11は、コンピュータのハードウエア構成図である。FIG. 11 is a hardware configuration diagram of the computer. 図12は、中継装置のハードウエア構成図である。FIG. 12 is a hardware configuration diagram of the relay apparatus.
[実施の形態1]
 図1は、第1の実施の形態のシステムの概要を示す図である。組織Aのネットワーク9aには、パーソナルコンピュータである利用者端末7と、例えばルータであるネットワーク機器5とが接続される。組織Bのネットワーク9bには、組織Bで使用されるデータを管理するサーバ1と、例えばルータであるネットワーク機器3とが接続される。ネットワーク機器3及びネットワーク機器5は、利用者端末7とサーバ1との間の通信を中継する。ネットワーク9a及びネットワーク9bは同じイントラネットに属している。図1においてサーバ1及び利用者端末7の数は1であるが、サーバ1及び利用者端末7の数は2以上であってもよい。 [Embodiment 1]
FIG. 1 is a diagram illustrating an overview of a system according to the first embodiment. A user terminal 7 that is a personal computer and a network device 5 that is a router, for example, are connected to the network 9a of the organization A. To the network 9b of the organization B, a server 1 that manages data used in the organization B and a network device 3 that is, for example, a router are connected. The network device 3 and the network device 5 relay communication between the user terminal 7 and the server 1. The network 9a and the network 9b belong to the same intranet. In FIG. 1, the number of servers 1 and user terminals 7 is 1, but the number of servers 1 and user terminals 7 may be two or more.
 図2は、サーバ1の機能ブロック図である。サーバ1においては、例えばエクスプローラ等のファイル管理ツールであるアプリケーション12と、例えばWindows(登録商標)或いはLinux(登録商標)であるOS(Operating System)10とが実行される。また、サーバ1はファイル格納部14を有する。 FIG. 2 is a functional block diagram of the server 1. In the server 1, for example, an application 12 that is a file management tool such as Explorer, and an OS (Operating System) 10 that is Windows (registered trademark) or Linux (registered trademark) are executed. The server 1 also has a file storage unit 14.
 OS10は、第1制御部101と、第2制御部102と、デバイスドライバ103と、IO(Input/Output)制御部104とを含む。第1制御部101は、利用者端末7からアクセスされるファイルのセキュリティレベルをネットワーク機器3に問い合わせる処理を実行する。第2制御部102は、第1制御部101の処理結果に基づき、利用者端末7からアクセスされるファイルから別のファイルを生成する処理を実行する。デバイスドライバ103は、サーバ1のハードウエアデバイスを制御する処理を実行する。IO制御部104は、ファイル格納部14に格納されたファイルの読出し及び書き込みを実行する。 The OS 10 includes a first control unit 101, a second control unit 102, a device driver 103, and an IO (Input / Output) control unit 104. The first control unit 101 executes processing for inquiring the network device 3 about the security level of the file accessed from the user terminal 7. The second control unit 102 executes processing for generating another file from the file accessed from the user terminal 7 based on the processing result of the first control unit 101. The device driver 103 executes processing for controlling the hardware device of the server 1. The IO control unit 104 executes reading and writing of the file stored in the file storage unit 14.
 図3は、ネットワーク機器3の機能ブロック図である。ネットワーク機器3は、中継処理部31と、管理部32と、管理データ格納部33とを含む。中継処理部31は、通信データを中継する処理を実行する。管理部32は、管理データ格納部33に格納されているデータを管理する。 FIG. 3 is a functional block diagram of the network device 3. The network device 3 includes a relay processing unit 31, a management unit 32, and a management data storage unit 33. The relay processing unit 31 executes processing for relaying communication data. The management unit 32 manages data stored in the management data storage unit 33.
 図4は、管理データ格納部33に格納される管理データの一例を示す図である。図4の例では、ファイルのアドレスを示すURL(Uniform Resource Identifier)と、ファイ
ルのセキュリティレベルとが格納される。本実施の形態においては、ファイルのセキュリティレベルが「組織外持ち出し禁止」のセキュリティレベルである場合、第2制御部102によりファイルの書き換えが行われる。 FIG. 4 is a diagram illustrating an example of management data stored in the management data storage unit 33. In the example of FIG. 4, a URL (Uniform Resource Identifier) indicating the file address and the file security level are stored. In the present embodiment, when the security level of the file is a security level of “prohibit to take outside the organization”, the second control unit 102 rewrites the file.
 図5は、ネットワーク機器5の機能ブロック図である。ネットワーク機器5は、中継処理部51を有する。中継処理部51は、通信データを中継する処理を実行する。 FIG. 5 is a functional block diagram of the network device 5. The network device 5 includes a relay processing unit 51. The relay processing unit 51 executes processing for relaying communication data.
 図6は、利用者端末7の機能ブロック図である。利用者端末7は、例えばブラウザであるアプリケーション71を含む。アプリケーション71は、サーバ1のアプリケーション12との通信によりファイルへのアクセスを行う。 FIG. 6 is a functional block diagram of the user terminal 7. The user terminal 7 includes an application 71 that is a browser, for example. The application 71 accesses a file through communication with the application 12 of the server 1.
 次に、図7及び図8を用いて、図1に示したシステムにおいて実行される処理について
説明する。 Next, processing executed in the system shown in FIG. 1 will be described with reference to FIGS.
 まず、利用者端末7のアプリケーション71は、サーバ1が管理するファイルへのアクセスの要求(以下、ファイルアクセス要求と呼ぶ)をネットワーク機器5に送信する(図7:ステップS1)。ファイルアクセス要求は、アクセスされるファイルのURLを含む。 First, the application 71 of the user terminal 7 transmits a request for access to a file managed by the server 1 (hereinafter referred to as a file access request) to the network device 5 (FIG. 7: step S1). The file access request includes the URL of the file to be accessed.
 ネットワーク機器5の中継処理部51は、受信したファイルアクセス要求をネットワーク機器3に転送する。そして、ネットワーク機器3の中継処理部31は、ファイルアクセス要求をネットワーク機器5から受信する(ステップS3)。中継処理部31は、ステップS3において受信したファイルアクセス要求を、送信先であるサーバ1に転送する(ステップS5)。 The relay processing unit 51 of the network device 5 transfers the received file access request to the network device 3. Then, the relay processing unit 31 of the network device 3 receives the file access request from the network device 5 (step S3). The relay processing unit 31 transfers the file access request received in step S3 to the server 1 that is the transmission destination (step S5).
 ファイルアクセス要求の送信先であるサーバ1のアプリケーション12は、ネットワーク機器3からファイルアクセス要求を受信する(ステップS7)。なお、ネットワーク機器3から受信したファイルアクセス要求は、ネットワーク9bの外部からのファイルアクセス要求である。ネットワーク9b内の他のサーバ等からの通信データは、ネットワーク機器3を経由しない。 The application 12 of the server 1 that is the transmission destination of the file access request receives the file access request from the network device 3 (step S7). The file access request received from the network device 3 is a file access request from the outside of the network 9b. Communication data from other servers in the network 9b does not pass through the network device 3.
 サーバ1の第1制御部101は、受信されたファイルアクセス要求に含まれるURLを含む、セキュリティレベルについての問合せを、ネットワーク機器3に送信する(ステップS9)。 The first control unit 101 of the server 1 transmits an inquiry about the security level including the URL included in the received file access request to the network device 3 (step S9).
 ネットワーク機器3の管理部32は、サーバ1から問合せを受信する(ステップS11)。 The management unit 32 of the network device 3 receives the inquiry from the server 1 (step S11).
 管理部32は、ステップS11において受信した問合せに含まれるURLに対応付けられているセキュリティレベルを、管理データ格納部33から特定する(ステップS13)。 The management unit 32 identifies the security level associated with the URL included in the inquiry received in step S11 from the management data storage unit 33 (step S13).
 管理部32は、ステップS13において特定したセキュリティレベルの情報を含む応答を、サーバ1に送信する(ステップS15)。 The management unit 32 transmits a response including information on the security level specified in step S13 to the server 1 (step S15).
 サーバ1の第2制御部102は、ネットワーク機器3から応答を受信する(ステップS17)。 The second control unit 102 of the server 1 receives a response from the network device 3 (step S17).
 第2制御部102は、ステップS7において受信されたファイルアクセス要求に含まれるURLで特定されるファイルを、IO制御部104を介してファイル格納部14から読み出す(ステップS19)。 The second control unit 102 reads the file specified by the URL included in the file access request received in step S7 from the file storage unit 14 via the IO control unit 104 (step S19).
 第2制御部102は、ステップS17において受信した応答に含まれるセキュリティレベルの情報に基づき、ステップS19において読み出されたファイルのセキュリティレベルが「組織外持ち出し禁止」のセキュリティレベルであるか判定する(ステップS21)。 Based on the security level information included in the response received in step S17, the second control unit 102 determines whether the security level of the file read in step S19 is a security level of “prohibit to take outside the organization” ( Step S21).
 セキュリティレベルが「組織外持ち出し禁止」のセキュリティレベルではない場合(ステップS21:Noルート)、ファイルの中身が組織B以外の組織に知られても問題は無い。従って、第2制御部102は、ステップS19において読み出されたファイルをアプリケーション12に出力する(ステップS25)。 When the security level is not the security level of “prohibit to take outside the organization” (step S21: No route), there is no problem even if the contents of the file are known to organizations other than the organization B. Accordingly, the second control unit 102 outputs the file read in step S19 to the application 12 (step S25).
 一方、セキュリティレベルが「組織外持ち出し禁止」のセキュリティレベルである場合(ステップS21:Yesルート)、ファイルの中身が組織B以外の組織に知られることには問題が有る。従って、第2制御部102は、ステップS19において読み出されたファイルから当該ファイルとは異なるファイルを生成する(ステップS23)。ステップS23においては、例えば、ファイル名は同じであるがファイル内のデータが「0x0」で置き換えられたファイルが生成される。或いは、ファイルの暗号化が実行される。 On the other hand, when the security level is the security level of “prohibit to take out outside the organization” (step S21: Yes route), there is a problem in the contents other than the organization B being known to the contents of the file. Accordingly, the second control unit 102 generates a file different from the file read out in step S19 (step S23). In step S23, for example, a file having the same file name but with the data in the file replaced with “0x0” is generated. Alternatively, file encryption is performed.
 そして、第2制御部102は、ステップS23において生成されたファイルをアプリケーション12に出力する(ステップS25)。そして処理は端子A乃至Cを介して図8に移行する。 And the 2nd control part 102 outputs the file produced | generated in step S23 to the application 12 (step S25). Then, the processing shifts to FIG. 8 through terminals A to C.
 図8の説明に移行し、アプリケーション12は、第2制御部102から受け取ったファイルをネットワーク機器3に送信する(図8:ステップS26)。 8, the application 12 transmits the file received from the second control unit 102 to the network device 3 (FIG. 8: step S26).
 ネットワーク機器3の中継処理部31は、サーバ1からファイルを受信する(ステップS27)。中継処理部31は、ステップS27において受信したファイルをネットワーク機器5に転送する(ステップS29)。 The relay processing unit 31 of the network device 3 receives the file from the server 1 (step S27). The relay processing unit 31 transfers the file received in step S27 to the network device 5 (step S29).
 ネットワーク機器5の中継処理部51は、ネットワーク機器3から受信したファイルを利用者端末7に転送する。そして、利用者端末7のアプリケーション71は、ネットワーク機器5からファイルを受信する(ステップS31)。 The relay processing unit 51 of the network device 5 transfers the file received from the network device 3 to the user terminal 7. Then, the application 71 of the user terminal 7 receives a file from the network device 5 (step S31).
 以上のような処理を実行すれば、不正アクセスがあった場合においても外部に情報が流出することを防ぐことができるようになる。ネットワークの端点に有るネットワーク機器に管理データを持たせることで、管理対象および制限範囲がシンプル且つ明確になる。 If the above processing is executed, it will be possible to prevent information from leaking outside even if there is unauthorized access. By providing the management data to the network device at the end point of the network, the management target and the restriction range become simple and clear.
 また、本実施の形態の方法は、利用されるアプリケーション12に依存せず、ユーザ認証情報およびデバイス認証情報等にも依存しない。従って、汎用性が高いアクセス制御機構を、ユーザの負担を増加させることなく且つアプリケーション12に変更を加えることなく実現することができる。 Further, the method of the present embodiment does not depend on the application 12 to be used, and does not depend on user authentication information, device authentication information, or the like. Therefore, a highly versatile access control mechanism can be realized without increasing the burden on the user and without changing the application 12.
 また、既存のユーザ認証およびデバイス認証等と本実施の形態の方法とを組み合わせれば、より強固なアクセス制御機構を実現することができる。たとえ認証情報が外部に漏洩したとしても、元のファイルの内容が知られてしまうことはない。 Further, a combination of the existing user authentication and device authentication and the method of the present embodiment can realize a stronger access control mechanism. Even if authentication information is leaked to the outside, the contents of the original file are never known.
 また、アクセスを拒否してファイルを送らないようにするのではなく、加工されたファイルを送ることで、管理者の設定誤り等によって機密情報にアクセスできたことを利用者端末7の操作者は知ることができる。利用者端末7の操作者が、機密情報にアクセスできたことを管理者に知らせれば、セキュリティ対策に不備があることを管理者は早期に知ることができる。また、悪意を有する者が加工されたファイルを受け取れば、そのファイルを受け取ったことを証拠として犯行を特定することが容易になる。 In addition, the operator of the user terminal 7 can confirm that the confidential information can be accessed due to a setting error of the administrator, etc. by sending the processed file instead of rejecting the access and not sending the file. I can know. If the operator of the user terminal 7 informs the administrator that the confidential information has been accessed, the administrator can quickly know that the security measures are inadequate. Further, when a malicious person receives a processed file, it becomes easy to specify a crime based on the fact that the file has been received.
 但し、ファイルの書き換えや暗号化ではなく、ファイルを送らないような方法に変更してもよい。 However, instead of rewriting or encrypting the file, it may be changed to a method that does not send the file.
[実施の形態2]
 図9は、第2の実施の形態のシステムの概要を示す図である。企業等の組織のイントラネットにはサーバ1が接続されており、サーバ1は、ファイアウォールの内側のDMZ(DeMilitarized Zone)に設置された管理サーバ2と接続される。管理サーバ2は、例えばルータであるネットワーク機器5に接続される。ネットワーク機器5は、インターネット
であるネットワーク9cに接続される。ネットワーク9cには利用者端末7が接続される。 [Embodiment 2]
FIG. 9 is a diagram illustrating an overview of a system according to the second embodiment. A server 1 is connected to an intranet of an organization such as a company, and the server 1 is connected to a management server 2 installed in a DMZ (DeMilitarized Zone) inside the firewall. The management server 2 is connected to a network device 5 that is a router, for example. The network device 5 is connected to a network 9c that is the Internet. A user terminal 7 is connected to the network 9c.
 図10は、管理サーバ2の機能ブロック図である。管理サーバ2は、管理部21と、管理データ格納部22とを含む。管理部21は、管理データ格納部22に格納されているデータを管理する。管理データ格納部22には、第1の実施の形態における管理データ格納部33と同じデータが格納される。 FIG. 10 is a functional block diagram of the management server 2. The management server 2 includes a management unit 21 and a management data storage unit 22. The management unit 21 manages data stored in the management data storage unit 22. The management data storage unit 22 stores the same data as the management data storage unit 33 in the first embodiment.
 図9に示すように、第2の実施の形態のネットワーク機器5はインターネットであるネットワーク9cに接続されるため、ネットワーク機器5に対する不正アクセスが行われる可能性が高まる。しかし、DMZに設置された管理サーバ2に対する不正アクセスの可能性は相対的に低いので、管理サーバ2に管理データ格納部22を設けることで、管理データに対する盗難或いは改竄等の可能性を低くすることができる。 As shown in FIG. 9, since the network device 5 of the second embodiment is connected to the network 9c that is the Internet, the possibility of unauthorized access to the network device 5 is increased. However, since the possibility of unauthorized access to the management server 2 installed in the DMZ is relatively low, the management data storage unit 22 is provided in the management server 2 to reduce the possibility of the management data being stolen or falsified. be able to.
[実施の形態3]
 第1の実施の形態および第2の実施の形態においては管理部及び管理データ格納部がサーバ1とは別の装置に設けられるが、サーバ1に管理部及び管理データ格納部を設けてもよい。但し、サーバ1の数が複数であって各サーバ1に管理部及び管理データ格納部を設ける場合には、各サーバ1の管理データ格納部の内容が常に同じになるように同期が行われることが好ましい。 [Embodiment 3]
In the first embodiment and the second embodiment, the management unit and the management data storage unit are provided in a device different from the server 1, but the server 1 may be provided with the management unit and the management data storage unit. . However, when there are a plurality of servers 1 and each server 1 is provided with a management unit and a management data storage unit, synchronization should be performed so that the contents of the management data storage unit of each server 1 are always the same. Is preferred.
 以上本発明の一実施の形態を説明したが、本発明はこれに限定されるものではない。例えば、上で説明したサーバ1、管理サーバ2、ネットワーク機器3、ネットワーク機器5及び利用者端末7の機能ブロック構成は実際のプログラムモジュール構成に一致しない場合もある。 Although one embodiment of the present invention has been described above, the present invention is not limited to this. For example, the functional block configurations of the server 1, the management server 2, the network device 3, the network device 5, and the user terminal 7 described above may not match the actual program module configuration.
 また、上で説明したデータ構成は一例であって、上記のような構成でなければならないわけではない。さらに、処理フローにおいても、処理結果が変わらなければ処理の順番を入れ替えることも可能である。さらに、並列に実行させるようにしても良い。 In addition, the data configuration described above is an example, and it does not have to be the above configuration. Further, in the processing flow, the processing order can be changed if the processing result does not change. Further, it may be executed in parallel.
 また、本実施の形態と同様の処理を仮想環境で実行してもよい。 Also, the same processing as in the present embodiment may be executed in a virtual environment.
 また、第1制御部101及び第2制御部102は、OS10の一部としてではなくOS10上で動作するソフトウエアとして実装されてもよい。 Further, the first control unit 101 and the second control unit 102 may be implemented as software that operates on the OS 10 instead of being a part of the OS 10.
 また、ファイル格納部14はサーバ1に内蔵されていなくてもよい。 Further, the file storage unit 14 may not be built in the server 1.
 なお、上で述べたサーバ1、管理サーバ2及び利用者端末7は、コンピュータ装置であって、図11に示すように、メモリ2501とCPU(Central Processing Unit)25
03とハードディスク・ドライブ(HDD:Hard Disk Drive)2505と表示装置25
09に接続される表示制御部2507とリムーバブル・ディスク2511用のドライブ装置2513と入力装置2515とネットワークに接続するための通信制御部2517とがバス2519で接続されている。オペレーティング・システム(OS:Operating System)及び本実施例における処理を実施するためのアプリケーション・プログラムは、HDD2505に格納されており、CPU2503により実行される際にはHDD2505からメモリ2501に読み出される。CPU2503は、アプリケーション・プログラムの処理内容に応じて表示制御部2507、通信制御部2517、ドライブ装置2513を制御して、所定の動作を行わせる。また、処理途中のデータについては、主としてメモリ2501に格納されるが、HDD2505に格納されるようにしてもよい。本発明の実施例では、上で述べた処理を実施するためのアプリケーション・プログラムはコンピュータ読み
取り可能なリムーバブル・ディスク2511に格納されて頒布され、ドライブ装置2513からHDD2505にインストールされる。インターネットなどのネットワーク及び通信制御部2517を経由して、HDD2505にインストールされる場合もある。このようなコンピュータ装置は、上で述べたCPU2503、メモリ2501などのハードウエアとOS及びアプリケーション・プログラムなどのプログラムとが有機的に協働することにより、上で述べたような各種機能を実現する。 The server 1, the management server 2, and the user terminal 7 described above are computer devices. As shown in FIG. 11, a memory 2501 and a CPU (Central Processing Unit) 25 are used.
03, a hard disk drive (HDD) 2505, and a display device 25
The display control unit 2507 connected to 09, the drive device 2513 for the removable disk 2511, the input device 2515, and the communication control unit 2517 for connecting to the network are connected by a bus 2519. An operating system (OS) and an application program for executing the processing in this embodiment are stored in the HDD 2505, and are read from the HDD 2505 to the memory 2501 when executed by the CPU 2503. The CPU 2503 controls the display control unit 2507, the communication control unit 2517, and the drive device 2513 according to the processing content of the application program, and performs a predetermined operation. Further, data in the middle of processing is mainly stored in the memory 2501, but may be stored in the HDD 2505. In the embodiment of the present invention, an application program for performing the above-described processing is stored in a computer-readable removable disk 2511 and distributed, and installed in the HDD 2505 from the drive device 2513. In some cases, the HDD 2505 may be installed via a network such as the Internet and the communication control unit 2517. Such a computer apparatus realizes various functions as described above by organically cooperating hardware such as the CPU 2503 and the memory 2501 described above and programs such as the OS and application programs. .
 また、上で述べたネットワーク機器3及びネットワーク機器5は、図12に示すように、メモリ2601とCPU2603とハードディスク・ドライブ(HDD)2605と表示装置2609に接続される表示制御部2607とリムーバブル・ディスク2611用のドライブ装置2613と入力装置2615とネットワークに接続するための通信制御部2617(図12では、2617a乃至2617c)とがバス2619で接続されている構成の場合もある。なお、場合によっては、表示制御部2607、表示装置2609、ドライブ装置2613、入力装置2615は含まれない場合もある。オペレーティング・システム(OS:Operating System)及び本実施の形態における処理を実施するためのアプリケーション・プログラムは、HDD2605に格納されており、CPU2603により実行される際にはHDD2605からメモリ2601に読み出される。必要に応じてCPU2603は、表示制御部2607、通信制御部2617、ドライブ装置2613を制御して、必要な動作を行わせる。なお、通信制御部2617のいずれかを介して入力されたデータは、他の通信制御部2617を介して出力される。CPU2603は、通信制御部2617を制御して、適切に出力先を切り替える。また、処理途中のデータについては、メモリ2601に格納され、必要があればHDD2605に格納される。本技術の実施例では、上で述べた処理を実施するためのアプリケーション・プログラムはコンピュータ読み取り可能なリムーバブル・ディスク2611に格納されて頒布され、ドライブ装置2613からHDD2605にインストールされる。インターネットなどのネットワーク及び通信制御部2617を経由して、HDD2605にインストールされる場合もある。このようなコンピュータ装置は、上で述べたCPU2603、メモリ2601などのハードウエアとOS及び必要なアプリケーション・プログラムとが有機的に協働することにより、上で述べたような各種機能を実現する。 Further, as shown in FIG. 12, the network device 3 and the network device 5 described above include a memory 2601, a CPU 2603, a hard disk drive (HDD) 2605, a display control unit 2607 connected to the display device 2609, and a removable disk. There may be a configuration in which a drive device 2613 for 2611, an input device 2615, and a communication control unit 2617 (2617a to 2617c in FIG. 12) for connecting to a network are connected by a bus 2619. In some cases, the display control unit 2607, the display device 2609, the drive device 2613, and the input device 2615 may not be included. An operating system (OS: Operating System) and an application program for performing processing in the present embodiment are stored in the HDD 2605, and are read from the HDD 2605 to the memory 2601 when executed by the CPU 2603. If necessary, the CPU 2603 controls the display control unit 2607, the communication control unit 2617, and the drive device 2613 to perform necessary operations. Note that data input via any one of the communication control units 2617 is output via another communication control unit 2617. The CPU 2603 controls the communication control unit 2617 to appropriately switch the output destination. Further, data in the middle of processing is stored in the memory 2601 and stored in the HDD 2605 if necessary. In an embodiment of the present technology, an application program for performing the above-described processing is stored in a computer-readable removable disk 2611 and distributed, and is installed from the drive device 2613 into the HDD 2605. In some cases, the HDD 2605 may be installed via a network such as the Internet and the communication control unit 2617. Such a computer apparatus realizes various functions as described above by organically cooperating hardware such as the CPU 2603 and the memory 2601 described above with the OS and necessary application programs.
 以上述べた本発明の実施の形態をまとめると、以下のようになる。 The embodiments of the present invention described above are summarized as follows.
 本実施の形態の第1の態様に係る情報処理装置は、(A)情報処理装置が接続されるネットワークの外部から、情報処理装置が管理する第1のデータへのアクセスの要求を受信した場合、第1のデータのセキュリティレベルを管理する管理装置に対して、第1のデータのセキュリティレベルについての問合せを送信する問合せ部(実施の形態における第1制御部101は問合せ部の一例である)と、(B)管理装置から受信した応答に含まれる、第1のデータのセキュリティレベルが、所定のレベルである場合、第1のデータから第2のデータを生成し、第2のデータを要求の送信元に送信する生成部(実施の形態における第2制御部102は生成部の一例である)とを有する。 When the information processing apparatus according to the first aspect of the present embodiment receives a request for access to the first data managed by the information processing apparatus from the outside of the network to which the information processing apparatus is connected (A) An inquiry unit that transmits an inquiry about the security level of the first data to the management device that manages the security level of the first data (the first control unit 101 in the embodiment is an example of an inquiry unit). (B) When the security level of the first data included in the response received from the management apparatus is a predetermined level, the second data is generated from the first data, and the second data is requested. (A second control unit 102 in the embodiment is an example of a generation unit).
 上で述べたような構成であれば、たとえ要求が不正アクセスの要求であったとしても、要求の送信元に元のデータが送信されることは無くなる。よって、不正アクセスがあった場合においても外部に情報が流出することを防げるようになる。 With the configuration as described above, even if the request is a request for unauthorized access, the original data is not transmitted to the transmission source of the request. Therefore, it is possible to prevent information from leaking outside even when there is unauthorized access.
 また、管理装置は、ネットワークと他のネットワークとを接続する中継装置であってもよい。 Also, the management device may be a relay device that connects the network and another network.
 ネットワークの外部からアクセスの要求を受信する場合、普通、上記のような中継装置が設置されるので、上記のような中継装置を利用することができる。 When receiving an access request from the outside of the network, the above relay device is usually installed, so that the above relay device can be used.
 また、管理装置は、非武装地帯に有る装置であってもよい。 Further, the management device may be a device in a demilitarized zone.
 管理装置がインターネット等の外部ネットワークに接続される場合、中継装置内のデータの盗難や書き換え等の攻撃を受けることがあるが、非武装地帯に有る装置を利用すれば、そのような攻撃を受けることを防げるようになる。 When the management device is connected to an external network such as the Internet, it may be subject to attacks such as theft or rewriting of data in the relay device. However, if a device in the demilitarized zone is used, such an attack is received. Can be prevented.
 また、第2のデータは、第1のデータの少なくとも一部が書き換えられたデータ又は第1のデータが暗号化されたデータであってもよい。 Further, the second data may be data obtained by rewriting at least part of the first data or data obtained by encrypting the first data.
 第1のデータの内容が特定されることを防げるようになる。 It becomes possible to prevent the content of the first data from being specified.
 本実施の形態の第2の態様に係る情報処理システムは、(C)情報処理装置と、(D)情報処理装置が管理する第1のデータのセキュリティレベルを管理する管理装置とを有する。そして、情報処理装置は、(c1)情報処理装置が接続されるネットワークの外部から、第1のデータへのアクセスの要求を受信した場合、管理装置に対して、第1のデータのセキュリティレベルについての問合せを送信する問合せ部(実施の形態における第1制御部101は問合せ部の一例である)と、(c2)管理装置から受信した応答に含まれる、第1のデータのセキュリティレベルが、所定のレベルである場合、第1のデータから第2のデータを生成し、第2のデータを要求の送信元に送信する生成部(実施の形態における第2制御部102は生成部の一例である)とを有する。そして、管理装置は、(d1)第1のデータのセキュリティレベルを格納するデータ格納部(実施の形態における管理データ格納部33はデータ格納部の一例である)と、(d2)情報処理装置から問合せを受信した場合、第1のデータのセキュリティレベルをデータ格納部から読み出し、第1のデータのセキュリティレベルを含む応答を情報処理装置に送信する通信部(実施の形態における管理部32は通信部の一例である)とを有する。 The information processing system according to the second aspect of the present embodiment includes (C) an information processing device and (D) a management device that manages the security level of the first data managed by the information processing device. When the information processing apparatus receives a request for access to the first data from outside the network to which the information processing apparatus is connected, the information processing apparatus asks the management apparatus about the security level of the first data. (1st control unit 101 in the embodiment is an example of an inquiry unit) and (c2) the security level of the first data included in the response received from the management device is predetermined. The generation unit that generates the second data from the first data and transmits the second data to the request transmission source (the second control unit 102 in the embodiment is an example of the generation unit). ). The management device includes (d1) a data storage unit that stores the security level of the first data (the management data storage unit 33 in the embodiment is an example of the data storage unit), and (d2) the information processing device. When the inquiry is received, a communication unit that reads the security level of the first data from the data storage unit and transmits a response including the security level of the first data to the information processing apparatus (the management unit 32 in the embodiment is a communication unit) For example).
 本実施の形態の第3の態様に係るアクセス管理方法は、(E)情報処理装置が接続されるネットワークの外部から、情報処理装置が管理する第1のデータへのアクセスの要求を受信した場合、第1のデータのセキュリティレベルを管理する管理装置に対して、第1のデータのセキュリティレベルについての問合せを送信し、(F)管理装置から受信した応答に含まれる、第1のデータのセキュリティレベルが、所定のレベルである場合、第1のデータから第2のデータを生成し、第2のデータを要求の送信元に送信する処理を含む。 In the access management method according to the third aspect of the present embodiment, (E) a request for access to the first data managed by the information processing device is received from outside the network to which the information processing device is connected , Sending an inquiry about the security level of the first data to the management device that manages the security level of the first data, and (F) the security of the first data included in the response received from the management device When the level is a predetermined level, a process of generating second data from the first data and transmitting the second data to the transmission source of the request is included.
 なお、上記方法による処理をプロセッサに行わせるためのプログラムを作成することができ、当該プログラムは、例えばフレキシブルディスク、CD-ROM、光磁気ディスク、半導体メモリ、ハードディスク等のコンピュータ読み取り可能な記憶媒体又は記憶装置に格納される。尚、中間的な処理結果はメインメモリ等の記憶装置に一時保管される。 A program for causing the processor to perform the processing according to the above method can be created. The program is, for example, a computer-readable storage medium such as a flexible disk, CD-ROM, magneto-optical disk, semiconductor memory, or hard disk. It is stored in a storage device. The intermediate processing result is temporarily stored in a storage device such as a main memory.
 以上の実施例を含む実施形態に関し、さらに以下の付記を開示する。 Regarding the embodiment including the above examples, the following additional notes are disclosed.
(付記1)
 情報処理装置であって、
 前記情報処理装置が接続されるネットワークの外部から、前記情報処理装置が管理する第1のデータへのアクセスの要求を受信した場合、前記第1のデータのセキュリティレベルを管理する管理装置に対して、前記第1のデータのセキュリティレベルについての問合せを送信する問合せ部と、
 前記管理装置から受信した応答に含まれる、前記第1のデータのセキュリティレベルが、所定のレベルである場合、前記第1のデータから第2のデータを生成し、前記第2のデータを前記要求の送信元に送信する生成部と、
 を有する情報処理装置。 (Appendix 1)
An information processing apparatus,
When a request for access to the first data managed by the information processing apparatus is received from outside the network to which the information processing apparatus is connected, the management apparatus manages the security level of the first data An inquiry unit for sending an inquiry about the security level of the first data;
When the security level of the first data included in the response received from the management device is a predetermined level, the second data is generated from the first data, and the second data is requested to the request A generation unit that transmits to the transmission source of
An information processing apparatus.
(付記2)
 前記管理装置は、前記ネットワークと他のネットワークとを接続する中継装置である、
 付記1記載の情報処理装置。 (Appendix 2)
The management device is a relay device that connects the network and another network.
The information processing apparatus according to attachment 1.
(付記3)
 前記管理装置は、非武装地帯に有る装置である、
 付記1記載の情報処理装置。 (Appendix 3)
The management device is a device located in a demilitarized zone,
The information processing apparatus according to attachment 1.
(付記4)
 前記第2のデータは、前記第1のデータの少なくとも一部が書き換えられたデータ又は前記第1のデータが暗号化されたデータである、
 付記1乃至3のいずれか1つ記載の情報処理装置。 (Appendix 4)
The second data is data obtained by rewriting at least a part of the first data or data obtained by encrypting the first data.
The information processing apparatus according to any one of appendices 1 to 3.
(付記5)
 情報処理装置に、
 前記情報処理装置が接続されるネットワークの外部から、前記情報処理装置が管理する第1のデータへのアクセスの要求を受信した場合、前記第1のデータのセキュリティレベルを管理する管理装置に対して、前記第1のデータのセキュリティレベルについての問合せを送信し、
 前記管理装置から受信した応答に含まれる、前記第1のデータのセキュリティレベルが、所定のレベルである場合、前記第1のデータから第2のデータを生成し、前記第2のデータを前記要求の送信元に送信する、
 処理を実行させるプログラム。 (Appendix 5)
In the information processing device,
When a request for access to the first data managed by the information processing apparatus is received from outside the network to which the information processing apparatus is connected, the management apparatus manages the security level of the first data Send a query about the security level of the first data;
When the security level of the first data included in the response received from the management device is a predetermined level, the second data is generated from the first data, and the second data is requested to the request Send to
A program that executes processing.
(付記6)
 情報処理装置と、
 前記情報処理装置が管理する第1のデータのセキュリティレベルを管理する管理装置と、
 を有し、
 前記情報処理装置は、
 前記情報処理装置が接続されるネットワークの外部から、前記第1のデータへのアクセスの要求を受信した場合、前記管理装置に対して、前記第1のデータのセキュリティレベルについての問合せを送信する問合せ部と、
 前記管理装置から受信した応答に含まれる、前記第1のデータのセキュリティレベルが、所定のレベルである場合、前記第1のデータから第2のデータを生成し、前記第2のデータを前記要求の送信元に送信する生成部と、
 を有し、
 前記管理装置は、
 前記第1のデータのセキュリティレベルを格納するデータ格納部と、
 前記情報処理装置から前記問合せを受信した場合、前記第1のデータのセキュリティレベルを前記データ格納部から読み出し、前記第1のデータのセキュリティレベルを含む前記応答を前記情報処理装置に送信する通信部と、
 を有する情報処理システム。 (Appendix 6)
An information processing device;
A management device for managing the security level of the first data managed by the information processing device;
Have
The information processing apparatus includes:
An inquiry for transmitting an inquiry about the security level of the first data to the management apparatus when a request for access to the first data is received from outside the network to which the information processing apparatus is connected And
When the security level of the first data included in the response received from the management device is a predetermined level, the second data is generated from the first data, and the second data is requested to the request A generation unit that transmits to the transmission source of
Have
The management device
A data storage unit for storing a security level of the first data;
A communication unit that, when receiving the inquiry from the information processing device, reads a security level of the first data from the data storage unit and transmits the response including the security level of the first data to the information processing device. When,
An information processing system.
1 サーバ
10 OS  12 アプリケーション
14 ファイル格納部  101 第1制御部
102 第2制御部  103 デバイスドライバ
104 IO制御部
2 管理サーバ
21 管理部  22 管理データ格納部
3 ネットワーク機器
31 中継処理部  32 管理部
33 管理データ格納部
5 ネットワーク機器
51 中継処理部
7 利用者端末
71 アプリケーション
9a,9b,9c ネットワーク DESCRIPTION OF SYMBOLS 1 Server 10 OS 12 Application 14 File storage part 101 1st control part 102 2nd control part 103 Device driver 104 IO control part 2 Management server 21 Management part 22 Management data storage part 3 Network equipment 31 Relay processing part 32 Management part 33 Management Data storage unit 5 Network device 51 Relay processing unit 7 User terminal 71 Application 9a, 9b, 9c Network

Claims (6)

  1.  情報処理装置であって、
     前記情報処理装置が接続されるネットワークの外部から、前記情報処理装置が管理する第1のデータへのアクセスの要求を受信した場合、前記第1のデータのセキュリティレベルを管理する管理装置に対して、前記第1のデータのセキュリティレベルについての問合せを送信する問合せ部と、
     前記管理装置から受信した応答に含まれる、前記第1のデータのセキュリティレベルが、所定のレベルである場合、前記第1のデータから第2のデータを生成し、前記第2のデータを前記要求の送信元に送信する生成部と、
     を有する情報処理装置。     An information processing apparatus,
    When a request for access to the first data managed by the information processing apparatus is received from outside the network to which the information processing apparatus is connected, the management apparatus manages the security level of the first data An inquiry unit for sending an inquiry about the security level of the first data;
    When the security level of the first data included in the response received from the management device is a predetermined level, the second data is generated from the first data, and the second data is requested to the request A generation unit that transmits to the transmission source of
    An information processing apparatus.
  2.  前記管理装置は、前記ネットワークと他のネットワークとを接続する中継装置である、
     請求項1記載の情報処理装置。     The management device is a relay device that connects the network and another network.
    The information processing apparatus according to claim 1.
  3.  前記管理装置は、非武装地帯に有る装置である、
     請求項1記載の情報処理装置。     The management device is a device located in a demilitarized zone,
    The information processing apparatus according to claim 1.
  4.  前記第2のデータは、前記第1のデータの少なくとも一部が書き換えられたデータ又は前記第1のデータが暗号化されたデータである、
     請求項1乃至3のいずれか1つ記載の情報処理装置。     The second data is data obtained by rewriting at least a part of the first data or data obtained by encrypting the first data.
    The information processing apparatus according to any one of claims 1 to 3.
  5.  情報処理装置に、
     前記情報処理装置が接続されるネットワークの外部から、前記情報処理装置が管理する第1のデータへのアクセスの要求を受信した場合、前記第1のデータのセキュリティレベルを管理する管理装置に対して、前記第1のデータのセキュリティレベルについての問合せを送信し、
     前記管理装置から受信した応答に含まれる、前記第1のデータのセキュリティレベルが、所定のレベルである場合、前記第1のデータから第2のデータを生成し、前記第2のデータを前記要求の送信元に送信する、
     処理を実行させるプログラム。     In the information processing device,
    When a request for access to the first data managed by the information processing apparatus is received from outside the network to which the information processing apparatus is connected, the management apparatus manages the security level of the first data Send a query about the security level of the first data;
    When the security level of the first data included in the response received from the management device is a predetermined level, the second data is generated from the first data, and the second data is requested to the request Send to
    A program that executes processing.
  6.  情報処理装置と、
     前記情報処理装置が管理する第1のデータのセキュリティレベルを管理する管理装置と、
     を有し、
     前記情報処理装置は、
     前記情報処理装置が接続されるネットワークの外部から、前記第1のデータへのアクセスの要求を受信した場合、前記管理装置に対して、前記第1のデータのセキュリティレベルについての問合せを送信する問合せ部と、
     前記管理装置から受信した応答に含まれる、前記第1のデータのセキュリティレベルが、所定のレベルである場合、前記第1のデータから第2のデータを生成し、前記第2のデータを前記要求の送信元に送信する生成部と、
     を有し、
     前記管理装置は、
     前記第1のデータのセキュリティレベルを格納するデータ格納部と、
     前記情報処理装置から前記問合せを受信した場合、前記第1のデータのセキュリティレベルを前記データ格納部から読み出し、前記第1のデータのセキュリティレベルを含む前記応答を前記情報処理装置に送信する通信部と、
     を有する情報処理システム。     An information processing device;
    A management device for managing the security level of the first data managed by the information processing device;
    Have
    The information processing apparatus includes:
    An inquiry for transmitting an inquiry about the security level of the first data to the management apparatus when a request for access to the first data is received from outside the network to which the information processing apparatus is connected And
    When the security level of the first data included in the response received from the management device is a predetermined level, the second data is generated from the first data, and the second data is requested to the request A generation unit that transmits to the transmission source of
    Have
    The management device
    A data storage unit for storing a security level of the first data;
    A communication unit that, when receiving the inquiry from the information processing device, reads a security level of the first data from the data storage unit and transmits the response including the security level of the first data to the information processing device. When,
    An information processing system.
PCT/JP2018/004368 2017-04-19 2018-02-08 Information processing device, information processing system, and program WO2018193692A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2017-082505 2017-04-19
JP2017082505A JP2018181128A (en) 2017-04-19 2017-04-19 Information processing apparatus, information processing system, and program

Publications (1)

Publication Number Publication Date
WO2018193692A1 true WO2018193692A1 (en) 2018-10-25

Family

ID=63857065

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/004368 WO2018193692A1 (en) 2017-04-19 2018-02-08 Information processing device, information processing system, and program

Country Status (2)

Country Link
JP (1) JP2018181128A (en)
WO (1) WO2018193692A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004310637A (en) * 2003-04-10 2004-11-04 Fuji Xerox Co Ltd Data file distribution device, data file distribution method, and its program
JP2010072992A (en) * 2008-09-19 2010-04-02 Fuji Xerox Co Ltd Document management system, document generation apparatus, document utilization management apparatus, and program
JP2015133087A (en) * 2014-01-15 2015-07-23 富士ゼロックス株式会社 File management device, file management system, and program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004310637A (en) * 2003-04-10 2004-11-04 Fuji Xerox Co Ltd Data file distribution device, data file distribution method, and its program
JP2010072992A (en) * 2008-09-19 2010-04-02 Fuji Xerox Co Ltd Document management system, document generation apparatus, document utilization management apparatus, and program
JP2015133087A (en) * 2014-01-15 2015-07-23 富士ゼロックス株式会社 File management device, file management system, and program

Also Published As

Publication number Publication date
JP2018181128A (en) 2018-11-15

Similar Documents

Publication Publication Date Title
US11652792B2 (en) Endpoint security domain name server agent
CN108259474B (en) Computing device and method for privacy-preserving lossless cloud threat analysis
US9749292B2 (en) Selectively performing man in the middle decryption
US9654453B2 (en) Symmetric key distribution framework for the Internet
US9658891B2 (en) System and method for providing key-encrypted storage in a cloud computing environment
US6804777B2 (en) System and method for application-level virtual private network
US10776489B2 (en) Methods and systems for providing and controlling cryptographic secure communications terminal operable to provide a plurality of desktop environments
US20090193503A1 (en) Network access control
CN107637044B (en) Secure in-band service detection
WO2016064888A1 (en) Data computation in a multi-domain cloud environment
JP2014041652A (en) Authentication for distributed secure content management system
CA2909799A1 (en) Selectively performing man in the middle decryption
US10554688B1 (en) Ransomware locked data decryption through ransomware key transposition
EP3306900B1 (en) Dns routing for improved network security
KR101219662B1 (en) Security system of cloud service and method thereof
US20140123269A1 (en) Filtering of applications for access to an enterprise network
US10397225B2 (en) System and method for network access control
CN107257344B (en) Server access method and system
US11736516B2 (en) SSL/TLS spoofing using tags
WO2018193692A1 (en) Information processing device, information processing system, and program
CN111031075B (en) Network service security access method, terminal, system and readable storage medium
KR102694475B1 (en) Data transmitting method via gateway relaying
WO2024176924A1 (en) Network management system
US20230239138A1 (en) Enhanced secure cryptographic communication system
JP7444596B2 (en) information processing system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18787423

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18787423

Country of ref document: EP

Kind code of ref document: A1