WO2020044494A1 - Programme informatique, procédé de commande de communication, dispositif de commande de communication et dispositif relais - Google Patents

Programme informatique, procédé de commande de communication, dispositif de commande de communication et dispositif relais Download PDF

Info

Publication number
WO2020044494A1
WO2020044494A1 PCT/JP2018/032126 JP2018032126W WO2020044494A1 WO 2020044494 A1 WO2020044494 A1 WO 2020044494A1 JP 2018032126 W JP2018032126 W JP 2018032126W WO 2020044494 A1 WO2020044494 A1 WO 2020044494A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication data
communication
program
acquired
control unit
Prior art date
Application number
PCT/JP2018/032126
Other languages
English (en)
Japanese (ja)
Inventor
矢野 義博
伸乃助 仲谷
Original Assignee
大日本印刷株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大日本印刷株式会社 filed Critical 大日本印刷株式会社
Priority to JP2020539949A priority Critical patent/JP7215486B2/ja
Priority to PCT/JP2018/032126 priority patent/WO2020044494A1/fr
Publication of WO2020044494A1 publication Critical patent/WO2020044494A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Definitions

  • the present invention relates to a computer program, a communication control method, a communication control device, and a relay device.
  • the use of the Internet by client devices such as smartphones and tablet terminals has become active.
  • the user may be required to input a user ID and a password.
  • the service providing side authenticates the identity of the user based on the user ID and the password, and provides a service to the authenticated user (for example, see Patent Document 1).
  • an interface screen very similar to the interface screen prepared by the service providing side is provided, and the user ID and password input through the spoofed interface screen are transmitted to another server installed by a third party. If the program to be transmitted to the device is installed in the client device, the user ID and password may be stolen by a third party.
  • the present invention has been made in view of such circumstances, and it is an object of the present invention to provide a computer program, a communication control method, a communication control device, and a relay device that can suppress leakage of information from a client device. .
  • a computer program is a computer in which a plurality of programs having a function of communicating with an external device via a communication network are installed, and all communication data transmitted through the program is acquired, and the acquired communication data is acquired. And a computer program for executing a process of discarding communication data other than communication data transmitted through a specific program.
  • a computer program is a computer in which a plurality of programs having a function of communicating with an external device via a communication network are installed, and all communication data transmitted through the program is acquired, and the acquired communication data is acquired.
  • a communication program other than communication data transmitted through a specific program the computer program for executing a process of notifying the occurrence of transmission by a program other than the specific program.
  • a communication control method includes a computer in which a plurality of programs each having a function of communicating with an external device via a communication network are installed, acquiring all communication data transmitted through the programs, and acquiring the acquired communication data. A process of discarding communication data other than communication data transmitted through a specific program among data is performed.
  • a communication control device includes a storage unit that stores a plurality of programs having a function of communicating with an external device via a communication network, an acquisition unit that acquires all communication data transmitted through the programs, and an acquisition unit. And a communication discarding unit for discarding communication data other than communication data transmitted through a specific program among the communication data.
  • a relay device from a terminal device installed with a plurality of programs having a function of communicating with an external device via a communication network, an acquisition unit that acquires all communication data transmitted through the programs, A communication discarding unit that discards communication data other than communication data transmitted through a specific program from the acquired communication data.
  • FIG. 1 is a block diagram illustrating an overall configuration of a communication control system according to a first embodiment.
  • FIG. 9 is an explanatory diagram for explaining an illegal act by a malicious program.
  • FIG. 2 is a block diagram illustrating an internal configuration of a client device.
  • 6 is a flowchart illustrating a procedure of a process executed by the client device according to the first embodiment.
  • 15 is a flowchart illustrating a procedure of a process executed by the client device according to the second embodiment.
  • 15 is a flowchart illustrating a procedure of a process executed by the client device according to the third embodiment.
  • 15 is a flowchart illustrating a procedure of a process performed by a client device according to Embodiment 4.
  • FIG. 15 is a flowchart illustrating a procedure of a process performed by a client device according to Embodiment 5.
  • 15 is a flowchart illustrating a procedure of a process performed by a client device according to Embodiment 6.
  • FIG. 15 is a block diagram illustrating an overall configuration of a communication control system according to a seventh embodiment.
  • 5 is a flowchart illustrating an internal configuration of a relay device.
  • 26 is a flowchart illustrating a procedure of a process executed by the relay device according to the seventh embodiment.
  • FIG. 1 is a block diagram illustrating the overall configuration of the communication control system according to the first embodiment.
  • the communication control system according to the present embodiment includes a client device 10 and a server device 20 communicably connected to each other via a communication network N.
  • the client device 10 is a terminal device such as a personal computer and a smartphone used by a user, and it is assumed that software (application program) for accessing the server device 20 is installed.
  • the server device 20 performs user authentication when receiving access from the client device 10, and provides an appropriate service to the client device 10 when the user authentication is successful.
  • the server device 20 is a financial server installed by a financial institution or the like, and communication between the client device 10 and the server device 20 is performed through the financial application 122 (see FIG. 2) installed in the client device 10. The configuration to be performed will be described.
  • the user When trying to receive the service provided by the client device 10, the user starts the financial application 122 on the client device 10 and inputs a user ID and a password through an interface screen provided by the financial application 122.
  • the input user ID and password are transmitted to the server device 20 through the financial application 122.
  • the user authentication is successful in the server device 20, the user can enjoy the service provided from the server device 20.
  • FIG. 2 is an explanatory diagram for explaining a fraudulent act by a malicious program.
  • the financial application 122 properly installed on the client device 10 displays, for example, an interface screen 100A as shown in FIG. 2 on the display unit 14 of the client device 10. Let it.
  • the malicious program prepares an interface screen 100B (a disguised interface screen) very similar to the interface screen 100A of the financial application 122, and displays the interface screen 100A superimposed on the regular interface screen 100A.
  • the malicious program obtains the user ID and the password through the disguised interface screen 100B and transmits the user ID and the password to another server device installed by a third party, thereby obtaining the user ID and the user of the user using the client device 10. Get password incorrectly.
  • the communication data when communication data is transmitted to the outside through a program executed by the client device 10, the communication data is acquired, and other than a specific program (the financial application 122 in the present embodiment).
  • One of the features is to prevent information from being stolen by a third party by discarding communication data transmitted through the program.
  • FIG. 3 is a block diagram illustrating the internal configuration of the client device 10.
  • the client device 10 includes a control unit 11, a storage unit 12, a communication unit 13, a display unit 14, and an operation unit 15.
  • the control unit 11 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like.
  • the CPU included in the control unit 11 loads and executes various computer programs stored in the ROM or the storage unit 12 on the RAM, thereby causing the entire device to function as the communication control device of the present application.
  • the control unit 11 is not limited to the above configuration, and may be any processing circuit including one or more CPUs, a multi-core CPU, a microcomputer, and the like. Further, the control unit 11 may have a function such as a timer for measuring an elapsed time from when a measurement start instruction is given to when a measurement end instruction is given, and a counter for counting the number.
  • the storage unit 12 is configured by a nonvolatile memory such as an EEPROM (Electronically Erasable Programmable Read Only Memory), and stores various software (computer programs) and various data.
  • the software stored in the storage unit 12 includes a VPN application 121 for establishing a VPN with the server device 20, a financial application 122 for accessing the server device 20, and communication in the client device 10.
  • the communication control application 123 to be controlled is included.
  • the information stored in the storage unit 12 may include information (whitelist described later) used for restricting communication partners.
  • the program stored in the storage unit 12 may be provided by a non-transitory recording medium M1 that records the program in a readable manner.
  • the recording medium M1 is, for example, a portable memory such as a CD-ROM, a USB memory, an SD (Secure Digital) card, a micro SD card, and a compact flash (registered trademark).
  • the control unit 11 reads various programs from the recording medium M1 using a reading device (not shown), and installs the read various programs in the storage unit 12.
  • the program stored in the storage unit 12 may be provided by communication via the communication unit 13. In this case, the control unit 11 acquires various programs through the communication unit 13 and installs the acquired various programs in the storage unit 12.
  • the communication unit 13 includes an interface for communicating with the server device 20 via the communication network N.
  • the communication unit 13 transmits the input information to the server device 20 and controls information received from the server device 20 through the communication network N. Output to the unit 11.
  • the display unit 14 includes a display device such as a liquid crystal display or an organic EL display, and displays information to be notified to the user of the client device 10.
  • the operation unit 15 includes a touch panel and various buttons, receives an operation performed by a user of the client device 10, and outputs the received operation information to the control unit 11.
  • FIG. 4 is a flowchart illustrating a procedure of a process performed by the client device 10 according to the first embodiment.
  • the control unit 11 of the client device 10 When receiving the activation instruction of the financial application 122 through the operation unit 15, the control unit 11 of the client device 10 reads the financial application 122 from the storage unit 12, and activates the read financial application 122 (Step S101). Further, the control unit 11 reads the communication control application 123 from the storage unit 12, and activates the read communication control application 123 (Step S102).
  • the communication control application 123 is activated after the financial application 122 is activated, but the activation order of the financial application 122 and the communication control application 123 is not limited to the above.
  • the communication control application 123 is always activated, and the control unit 11 activates the financial application 122 when receiving an instruction to activate the financial application 122 in a state where the communication control application 123 is activated. Is also good.
  • the control unit 11 activates the VPN application 121 stored in the storage unit 12, and performs a VPN with the server device 20 on which the same VPN application (not shown) is executed.
  • a connection is established (step S103).
  • the VPN application 121 may be started in conjunction with the start of the financial application 122, or may be started when a user instruction is received through the operation unit 15.
  • control unit 11 determines whether or not communication data to be transmitted to the outside has been acquired through a program installed in the client device 10 (step S104). If not acquired (S104: NO), the control unit 11 shifts the processing to step S108 described later.
  • the processing from step S104 to step S107 described later is processing realized by the function of the communication control application 123 executed by the control unit 11.
  • the control unit 11 determines that the transmission source program of the acquired communication data is a specific program (finance). It is determined whether the application is the application 122) (step S105). In the present embodiment, in order to restrict transmission from any program other than the financial application 122, it is determined whether or not the source of the acquired communication data is the financial application 122.
  • the control unit 11 transmits the communication data to the destination device via the communication unit 13 (Step S106). .
  • the control unit 11 since a VPN is established between the client device 10 and the server device 20, communication data is transmitted to the server device 20.
  • the control unit 11 executes a process of discarding the communication data without transmitting the communication data (step S105). S107).
  • the program subject to transmission restriction is not limited to a so-called application program.
  • the program may be a single program executed by the control unit 11, or may be any application program such as a script, a command, an applet, a macro, or the like that is incorporated in an OS (Operating System) of the client device 10. May be included.
  • control unit 11 determines whether the financial application 122 has been stopped (step S108). When judging that it has not been stopped (S108: NO), the control unit 11 returns the process to step S104.
  • the control unit 11 stops the VPN application 121 and releases the VPN connection between the client device 10 and the server device 20 (Step S109). .
  • the control unit 11 stops the communication control application 123 (Step S110), and ends the processing according to the flowchart.
  • the application programs permitted to transmit data are limited to the financial application 122. It is not something to be done.
  • the application program permitted to transmit data may be a dedicated application program set in advance to communicate with a specific server, or a general application such as browser software that communicates with an unspecified number of servers. It may be a program.
  • communication data transmitted from another program may be discarded until processing executed through a specific interface screen is completed.
  • the financial application 122 provides an interface screen for receiving the input of the user ID and the password
  • the financial application 122 accepts the input of the user ID and the password through the interface screen, and transmits the received user ID and the password to the server device 20.
  • the communication data transmitted from another program may be discarded.
  • FIG. 5 is a flowchart illustrating a procedure of a process executed by the client device 10 according to the second embodiment.
  • the control unit 11 of the client device 10 determines whether to update the white list (Step S201).
  • the control unit 11 determines that the whitelist is to be updated when an instruction to update the whitelist is received through the operation unit 15 or when a timing set in advance as the whitelist update timing has been reached.
  • control unit 11 determines that the whitelist is to be updated (S201: YES)
  • the control unit 11 acquires a whitelist from the outside and updates the whitelist stored in the storage unit 12 (step S202).
  • the control unit 11 executes the process of step S203.
  • the financial application 122, the communication control application 123, and the VPN application 121 are activated in the same procedure as in the first embodiment, and a VPN connection is established with the server device 20 (steps S203 to S205).
  • control unit 11 determines whether or not communication data to be transmitted to the outside has been acquired through the program installed in the client device 10 (step S206). If not acquired (S206: NO), the control unit 11 shifts the processing to step S211 described below. The processing from step S206 to step S210 described later is processing realized by the function of the communication control application 123 executed by the control unit 11.
  • the control unit 11 When it is determined that the communication data transmitted to the outside through the program installed in the client device 10 has been acquired (S206: YES), the control unit 11 lists the transmission destination of the acquired communication data on the whitelist. It is determined whether or not it is the transmission destination (step S207). When it is determined that the destination is a destination listed in the white list (S207: YES), the control unit 11 shifts the processing to step S209.
  • the control unit 11 determines whether the transmission source program of the acquired communication data is a specific program (financial application 122). (Step S208).
  • the control unit 11 When determining that the transmission source of the acquired communication data is a specific program (financial application 122) (S208: YES), the control unit 11 transmits the communication data to the destination device via the communication unit 13 (Step S209). . In the present embodiment, since a VPN is established between the client device 10 and the server device 20, communication data is transmitted to the server device 20.
  • control unit 11 executes a process of discarding the communication data without transmitting the communication data (step S208). S210).
  • control unit 11 determines whether the financial application 122 has been stopped (step S211). When judging that it has not been stopped (S211: NO), the control unit 11 returns the process to step S206.
  • the control unit 11 stops the VPN application 121 and releases the VPN connection between the client device 10 and the server device 20 (Step S212). . Further, the control unit 11 stops the communication control application 123 (step S213), and ends the processing according to the flowchart.
  • the communication data is transmitted without being discarded. be able to.
  • FIG. 6 is a flowchart illustrating a procedure of a process executed by the client device 10 according to the third embodiment.
  • the control unit 11 of the client device 10 starts the financial application 122, the communication control application 123, and the VPN application 121 in the same procedure as in the first embodiment, and establishes a VPN connection with the server device 20 ( Steps S301 to S303).
  • control unit 11 determines whether or not communication data to be transmitted to the outside has been acquired through the program installed in the client device 10 (step S304). If not acquired (S304: NO), the control unit 11 shifts the processing to step S310 described later. Note that the processing from step S304 to step S309 described later is processing realized by the function of the communication control application 123 executed by the control unit 11.
  • control unit 11 determines that the transmission source program of the acquired communication data is a specific program (finance). It is determined whether the application is the application 122) (step S305).
  • the control unit 11 When determining that the transmission source of the acquired communication data is a specific program (financial application 122) (S305: YES), the control unit 11 transmits the communication data to the destination device via the communication unit 13 (step S306). . In the present embodiment, since a VPN is established between the client device 10 and the server device 20, communication data is transmitted to the server device 20.
  • the control unit 11 inquires of the user whether transmission is possible (step S307). Specifically, the control unit 11 causes the display unit 14 to display an interface screen for inquiring whether transmission is possible, and accepts a setting regarding transmission permission through the interface screen.
  • control unit 11 determines whether transmission from a program other than the specific program (financial application 122) is permitted (step S308). (S308: YES), the communication data is transmitted to the destination device (S306).
  • control unit 11 executes a process of discarding the communication data without transmitting the data (step S309).
  • control unit 11 determines whether the financial application 122 has been stopped (Step S310). When judging that it has not been stopped (S310: NO), the control unit 11 returns the process to step S304.
  • the control unit 11 stops the VPN application 121 and releases the VPN connection between the client device 10 and the server device 20 (step S311). . Further, the control unit 11 stops the communication control application 123 (step S312), and ends the processing according to the flowchart.
  • the communication data is transmitted without being discarded. be able to.
  • FIG. 7 is a flowchart illustrating a procedure of processing executed by the client device 10 according to the fourth embodiment.
  • the control unit 11 of the client device 10 starts the financial application 122, the communication control application 123, and the VPN application 121 in the same procedure as in the first embodiment, and establishes a VPN connection with the server device 20 ( Steps S401 to S403).
  • control unit 11 determines whether or not communication data transmitted to the outside through the program installed in the client device 10 has been acquired (step S404). If not acquired (S404: NO), the control unit 11 shifts the processing to step S409 described below. Note that the processing from step S404 to step S408 described below is processing realized by the function of the communication control application 123 executed by the control unit 11.
  • control unit 11 determines that the transmission source program of the acquired communication data is a specific program (finance). It is determined whether it is the application 122) (step S405).
  • the control unit 11 When determining that the transmission source of the acquired communication data is a specific program (financial application 122) (S405: YES), the control unit 11 transmits the communication data to the destination device via the communication unit 13 (step S406). . In the present embodiment, since a VPN is established between the client device 10 and the server device 20, communication data is transmitted to the server device 20.
  • the control unit 11 determines whether the specific information is included in the communication data to be transmitted. A determination is made (step S407). Here, it is determined whether or not information that is not desirable to be leaked to the outside, such as a user ID and a password, is included in the communication data.
  • control unit 11 If it is determined that the specific information is not included (S407: NO), the control unit 11 transmits the communication data to the destination device (S406). On the other hand, when determining that the specific information is included (S407: YES), the control unit 11 executes a process of discarding the communication data without transmitting the communication data (step S408).
  • control unit 11 determines whether the financial application 122 has been stopped (step S409). When judging that it has not been stopped (S409: NO), the control unit 11 returns the process to step S404.
  • the control unit 11 stops the VPN application 121 and releases the VPN connection between the client device 10 and the server device 20 (Step S410). .
  • the control unit 11 stops the communication control application 123 (step S411), and ends the processing according to the flowchart.
  • the communication data from a program other than the financial application 122 does not include specific information such as a user ID and a password, the communication data is transmitted without being discarded. can do.
  • FIG. 8 is a flowchart illustrating a procedure of processing executed by the client device 10 according to the fifth embodiment.
  • the control unit 11 of the client device 10 starts the financial application 122, the communication control application 123, and the VPN application 121 in the same procedure as in the first embodiment, and establishes a VPN connection with the server device 20 ( Steps S501 to 503).
  • control unit 11 determines whether or not communication data to be transmitted to the outside has been acquired through the program installed in the client device 10 (step S504). If it has not been acquired (S504: NO), the control unit 11 shifts the processing to step S509 described below. Note that the processing from step S504 to step S508 described later is processing realized by the function of the communication control application 123 executed by the control unit 11.
  • control unit 11 determines that the transmission source program of the acquired communication data is a specific program (finance). It is determined whether the application is the application 122) (step S505).
  • the control unit 11 When determining that the transmission source of the acquired communication data is a specific program (financial application 122) (S505: YES), the control unit 11 transmits the communication data to the destination device via the communication unit 13 (Step S506). .
  • the control unit 11 since a VPN is established between the client device 10 and the server device 20, communication data is transmitted to the server device 20.
  • control unit 11 determines whether the transmission source is a non-target application set by the user. Is determined (step S507).
  • the control unit 11 transmits the communication data to the destination device (S506).
  • the control unit 11 executes a process of discarding the communication data without transmitting the communication data (step S508).
  • control unit 11 determines whether the financial application 122 has been stopped (step S509). If it is determined that the operation has not been stopped (S509: NO), the control unit 11 returns the process to step S504.
  • the control unit 11 stops the VPN application 121 and releases the VPN connection between the client device 10 and the server device 20 (Step S510). . Further, the control unit 11 stops the communication control application 123 (step S511), and ends the processing according to the flowchart.
  • the communication data is discarded if the security of the source program (application) is confirmed by the user. Can be sent without.
  • FIG. 9 is a flowchart illustrating a procedure of a process executed by the client device 10 according to the sixth embodiment.
  • the control unit 11 of the client device 10 starts the financial application 122, the communication control application 123, and the VPN application 121 in the same procedure as in the first embodiment, and establishes a VPN connection with the server device 20 ( Steps S601 to 603).
  • control unit 11 determines whether or not communication data to be transmitted to the outside is acquired through the program installed in the client device 10 (step S604). If it has not been acquired (S604: NO), the control unit 11 shifts the processing to step S609 described later.
  • the processing from step S604 to step S607 described later is processing realized by the function of the communication control application 123 executed by the control unit 11.
  • control unit 11 determines that the transmission source program of the acquired communication data is a specific program (finance). It is determined whether the application is the application 122) (step S605).
  • the control unit 11 When determining that the transmission source of the acquired communication data is a specific program (financial application 122) (S605: YES), the control unit 11 transmits the communication data to the destination device via the communication unit 13 (step S606). . In the present embodiment, since a VPN is established between the client device 10 and the server device 20, communication data is transmitted to the server device 20.
  • the control unit 11 informs that the transmission processing of the communication data by a program other than the specific program has occurred. Is notified to the user (step S607). At this time, the control unit 11 may output information to the effect that transmission processing of communication data by a program other than the specific program has occurred to the display unit 14 and cause the display unit 14 to display the information.
  • the client device 10 includes an audio output unit
  • the user may be notified by voice or an alarm that a transmission process of communication data by a program other than a specific program has occurred.
  • the control unit 11 may notify the user of the information before transmitting communication data from a program other than the specific program, and may transmit the information to that effect after the transmission of the communication data is completed. The user may be notified.
  • control unit 11 determines whether the financial application 122 has been stopped (Step S608). When judging that it has not been stopped (S608: NO), the control unit 11 returns the process to step S604.
  • the control unit 11 stops the VPN application 121 and releases the VPN connection between the client device 10 and the server device 20 (Step S609). Further, the control unit 11 stops the communication control application 123 (Step S610), and ends the processing according to the flowchart.
  • the transmission process from any program other than the financial application 122 is notified to the user. Can be notified to the user that the information may have been stolen, and it is possible to take measures such as changing the user ID and the password.
  • FIG. 10 is a block diagram illustrating the overall configuration of the communication control system according to the seventh embodiment.
  • the communication control system according to the present embodiment includes a client device 10, a server device 20, and a relay device 30 that are communicably connected to each other via a communication network N.
  • the client device 10 is a terminal device such as a personal computer and a smartphone used by a user, and it is assumed that software (application program) for accessing the server device 20 is installed.
  • the server device 20 performs user authentication when receiving access from the client device 10, and provides an appropriate service to the client device 10 when the user authentication is successful.
  • the relay device 30 is a server that relays communication between the client device 10 and the server device 20.
  • the relay device 30 transmits communication data received from the client device 10 to the server device 20 and transmits communication data received from the server device 20. Send to client device 10.
  • the server device 20 is a financial server installed by a financial institution or the like and the relay device 30 relays communication data transmitted and received through the financial application 122 installed in the client device 10 will be described.
  • FIG. 11 is a flowchart illustrating the internal configuration of the relay device 30.
  • the relay device 30 includes a control unit 31, a storage unit 32, a communication unit 33, a display unit 34, and an operation unit 35.
  • the control unit 31 includes a CPU, a ROM, a RAM, and the like.
  • the CPU included in the control unit 31 loads various computer programs stored in the ROM or the storage unit 32 on the RAM and executes the computer programs, thereby causing the entire device to function as the relay device of the present application.
  • the control unit 31 is not limited to the above configuration, and may be any processing circuit including one or more CPUs, a multi-core CPU, a microcomputer, and the like. Further, the control unit 31 may have a function such as a timer for measuring an elapsed time from when a measurement start instruction is given to when a measurement end instruction is given, a counter for counting the number, and the like.
  • the storage unit 32 is configured by a nonvolatile storage device such as an EEPROM and a hard disk, and stores various software (computer programs) and various data.
  • the software stored in the storage unit 32 includes a VPN application 321 for establishing a VPN with the client device 10, a communication control application 322 for controlling communication in the relay device 30, and the like.
  • the information stored in the storage unit 32 may include information (whitelist described later) used for restricting communication partners.
  • the program stored in the storage unit 32 may be provided by a non-transitory recording medium M2 in which the program is readablely recorded.
  • the recording medium M2 is, for example, a portable memory such as a CD-ROM, a USB memory, an SD (Secure Digital) card, a micro SD card, and a compact flash (registered trademark).
  • the control unit 31 reads various programs from the recording medium M2 using a reading device (not shown), and installs the read various programs in the storage unit 32.
  • the program stored in the storage unit 32 may be provided by communication via the communication unit 33. In this case, the control unit 31 acquires various programs through the communication unit 33 and installs the acquired various programs in the storage unit 32.
  • the communication unit 33 includes an interface for communicating with the client device 10 and the server device 20 through the communication network N.
  • the communication unit 33 transmits the input information to the client device 10 or the server device 20 and receives the information through the communication network N.
  • the information from the client device 10 or the server device 20 is output to the control unit 31.
  • the display unit 34 includes a display device such as a liquid crystal display and an organic EL display, and displays information to be notified to the administrator of the relay device 30.
  • the operation unit 35 includes a touch panel and various buttons, receives an operation performed by an administrator of the relay device 30, and outputs the received operation information to the control unit 31.
  • FIG. 12 is a flowchart illustrating a procedure of a process executed by the relay device 30 according to the seventh embodiment.
  • the control unit 31 of the relay device 30 Prior to the communication with the client device 10, the control unit 31 of the relay device 30 reads the communication control application 322 from the storage unit 32 and activates the read communication control application 322 (step S701).
  • the control unit 31 activates the VPN application 321 stored in the storage unit 32 and establishes a VPN connection with the client device 10 on which the VPN application 121 is also executed (step S702).
  • control unit 31 determines whether or not communication data transmitted from the client device 10 has been acquired through the communication unit 33 (step S703). If it has not been acquired (S703: NO), the control unit 31 shifts the processing to step S707 described below.
  • the processing from step S703 to step S706, which will be described later, is processing realized by the function of the communication control application 322 executed by the control unit 31.
  • the control unit 31 determines that the transmission source program of the acquired communication data is a specific program (financial application) installed in the client device 10. 122) is determined (step S704). In the present embodiment, in order to restrict transmission from any program other than the financial application 122, it is determined whether or not the source of the acquired communication data is the financial application 122.
  • the control unit 31 When determining that the transmission source of the acquired communication data is a specific program (financial application 122) (S704: YES), the control unit 31 transmits the communication data to the relay destination server device 20 through the communication unit 33. (Step S705).
  • a VPN may be constructed between the relay device 30 and the server device 20.
  • the control unit 31 executes a process of discarding the communication data without transmitting the communication data (step S704). S706).
  • transmission of communication data to a destination specified by an arbitrary program other than the financial application 122 is avoided, so that a malicious program that steals various information such as a user ID and a password is installed.
  • the transmission of data from the program can be stopped.
  • control unit 31 determines whether or not the financial application 122 has been stopped in the client device 10 (step S707). If it is determined that the operation has not been stopped (S707: NO), the control unit 31 returns the process to step S703.
  • the control unit 31 stops the VPN application 321 and releases the VPN connection between the relay device 30 and the client device 10 (step S708). .
  • the control unit 31 stops the communication control application 322 (step S709), and ends the processing according to the flowchart.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un programme informatique, un procédé de commande de communication, un dispositif de commande de communication et un dispositif relais. Dans la présente invention, une pluralité de programmes est installée sur un ordinateur et celui-ci est pourvu d'une fonction pour communiquer avec des dispositifs externes par l'intermédiaire d'un réseau de communication. Ce programme informatique sert à faire exécuter par l'ordinateur un traitement dans lequel toutes les données de communication à transmettre par l'intermédiaire des programmes sont obtenues et, à partir des données de communication obtenues, des données de communication autres que des données de communication devant être transmises par l'intermédiaire d'un programme spécifique sont supprimées.
PCT/JP2018/032126 2018-08-30 2018-08-30 Programme informatique, procédé de commande de communication, dispositif de commande de communication et dispositif relais WO2020044494A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2020539949A JP7215486B2 (ja) 2018-08-30 2018-08-30 コンピュータプログラム、通信制御方法、通信制御装置及び中継装置
PCT/JP2018/032126 WO2020044494A1 (fr) 2018-08-30 2018-08-30 Programme informatique, procédé de commande de communication, dispositif de commande de communication et dispositif relais

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/032126 WO2020044494A1 (fr) 2018-08-30 2018-08-30 Programme informatique, procédé de commande de communication, dispositif de commande de communication et dispositif relais

Publications (1)

Publication Number Publication Date
WO2020044494A1 true WO2020044494A1 (fr) 2020-03-05

Family

ID=69644006

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/032126 WO2020044494A1 (fr) 2018-08-30 2018-08-30 Programme informatique, procédé de commande de communication, dispositif de commande de communication et dispositif relais

Country Status (2)

Country Link
JP (1) JP7215486B2 (fr)
WO (1) WO2020044494A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002207672A (ja) * 2001-01-12 2002-07-26 Canon Inc 電子メールの送信制御装置、方法、プログラム及び記憶媒体
JP2014170327A (ja) * 2013-03-01 2014-09-18 Canon Electronics Inc 情報処理装置およびその制御方法、並びに、情報処理システム
JP2016213774A (ja) * 2015-05-13 2016-12-15 富士通株式会社 通信システム

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5988407B1 (ja) * 2015-05-13 2016-09-07 Necプラットフォームズ株式会社 通信経路制御装置、通信経路制御システム、通信経路制御方法及び通信経路制御プログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002207672A (ja) * 2001-01-12 2002-07-26 Canon Inc 電子メールの送信制御装置、方法、プログラム及び記憶媒体
JP2014170327A (ja) * 2013-03-01 2014-09-18 Canon Electronics Inc 情報処理装置およびその制御方法、並びに、情報処理システム
JP2016213774A (ja) * 2015-05-13 2016-12-15 富士通株式会社 通信システム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NTT LEARNING SYSTEMS CORPORATION: ".com Master ★★ 2009 NTT Communications Internet Certification Study Book (.com Master textbook)", 2009, SHOEISHA, ISBN: 978-4-7981-1913-7, article "Port Filtering", pages: 104 - 105 *

Also Published As

Publication number Publication date
JP7215486B2 (ja) 2023-01-31
JPWO2020044494A1 (ja) 2021-08-12

Similar Documents

Publication Publication Date Title
JP6224792B2 (ja) プロキシ認証のための方法、システム、およびコンピュータ読取り可能な記録媒体
US20140282992A1 (en) Systems and methods for securing the boot process of a device using credentials stored on an authentication token
JP6412140B2 (ja) リモートリソースへのアクセスを確実に許可すること
US20200329032A1 (en) Secure gateway onboarding via mobile devices for internet of things device management
EP3225008B1 (fr) Approbation basée sur l'authentification d'utilisateur d'un premier dispositif par l'intermédiaire d'une communication avec un deuxième dispositif
US20150350910A1 (en) Shared network connection credentials on check-in at a user's home location
WO2019015516A1 (fr) Procédé et appareil d'authentification d'une ouverture de session de compte commun
WO2018095372A1 (fr) Procédé d'accès à un réseau, terminal de commande et routeur
US9977888B2 (en) Privacy protected input-output port control
EP2974123B1 (fr) Systèmes et procédés pour une récupération de compte à l'aide d'un justificatif d'identité d'attestation de plateforme
US9443069B1 (en) Verification platform having interface adapted for communication with verification agent
CN110213760B (zh) 路由器、移动终端及其网路连接方法及存储介质
CN111355723A (zh) 单点登录方法、装置、设备及可读存储介质
US20190306153A1 (en) Adaptive risk-based password syncronization
US9984217B2 (en) Electronic authentication of an account in an unsecure environment
EP4172821B1 (fr) Procédé et système de sécurisation de communications de vpn
JP6984387B2 (ja) 情報処理装置、アクセス制御方法、プログラムおよびシステム
KR20210022532A (ko) 정보 처리 장치, 정보 처리 방법 및 프로그램
KR20210011577A (ko) 심툴킷과 애플릿을 이용한 개인 정보 인증 장치 및 방법
JP6322976B2 (ja) 情報処理装置及びユーザ認証方法
JP2021152975A (ja) 情報処理装置、制御方法、およびプログラム
WO2020044494A1 (fr) Programme informatique, procédé de commande de communication, dispositif de commande de communication et dispositif relais
CN108259456B (zh) 实现用户免登录的方法、装置、设备、计算机存储介质
JP4702041B2 (ja) アクセス制御システム及びアクセス制御方法及びアクセス制御装置
JP2006040197A (ja) 記憶装置及びデータ管理システム及びデータ無効化方法及びデータ無効化プログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18932068

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020539949

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18932068

Country of ref document: EP

Kind code of ref document: A1