WO2024194993A1 - ファイル交換装置、ファイル交換システム、ファイル交換方法およびプログラム - Google Patents

ファイル交換装置、ファイル交換システム、ファイル交換方法およびプログラム Download PDF

Info

Publication number
WO2024194993A1
WO2024194993A1 PCT/JP2023/010923 JP2023010923W WO2024194993A1 WO 2024194993 A1 WO2024194993 A1 WO 2024194993A1 JP 2023010923 W JP2023010923 W JP 2023010923W WO 2024194993 A1 WO2024194993 A1 WO 2024194993A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
folder
information
content data
exchange device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2023/010923
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
亮 原田
大弥 岡田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to JP2025507966A priority Critical patent/JPWO2024194993A1/ja
Priority to PCT/JP2023/010923 priority patent/WO2024194993A1/ja
Publication of WO2024194993A1 publication Critical patent/WO2024194993A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Definitions

  • the present invention relates to file exchange technology between closed and open environments.
  • Patent Document 1 In order to reduce the waste of wireless communication bandwidth between networks as a result of malware infection, there is a technology in which a management device is provided to manage files input to a network to be protected, and the management device processes the input files before inputting them to the network to be protected (see, for example, Patent Document 1).
  • the technology disclosed in Patent Document 1 first tokenizes the content data contained in the input file to create content-managed tagged general content data, which is then verified, and a new instance of the input file is reproduced (or regenerated) with a specified file type specification to generate an output file. As a result, a substitute output file obtained from the content-managed and verified content data is input to the network to be protected.
  • Patent Document 1 makes it possible to remove malformed or malicious content data from input files before they are input to the network to be protected.
  • the tokenization technology used is a type of encryption process, and although it is highly secure, it imposes a large processing load. This is because data is originally constantly sent and received between the network to be protected and an external network, which is assumed by the technology disclosed in Patent Document 1, and the intrusion of malware is prevented only by the processing in the management device described above.
  • this technology requires excessive processing and places too high a load on the data protection network between network environments, such as those envisaged in this application, where sufficient security is already ensured by air-gap technology.
  • the present invention was made in consideration of the above circumstances, and aims to provide a technology that improves convenience while ensuring security when sending files from an open environment to a closed environment isolated by an air gap.
  • a reading unit that extracts predetermined extracted information from a file stored in a first folder in an open network
  • a transfer unit that stores the extracted information in a second folder in a closed network, the file includes content data and metadata associated with the content data
  • a file exchange device is provided, in which the extracted information includes the content data and information from the metadata that identifies a file name and a file format.
  • the file exchange device located in the open network; and the second folder located within the closed network.
  • a computer-implemented method for exchanging files between an open network and a closed network comprising: Extracting predetermined extracted information from a file stored in a first folder in the open network; storing the extracted information in a second folder in the closed network; the file includes content data and metadata associated with the content data;
  • a file exchange method is provided in which the extracted information includes the content data and information that identifies a file name and a file format from among the metadata.
  • a fourth aspect of the present invention On the computer, extracting, from a file stored in a first folder in the open network, the file including content data and metadata associated with the content data, predetermined extraction information including the content data and information among the metadata that identifies a file name and a file format; and storing the extracted information in a second folder within a closed network.
  • the storage medium can be a non-transient medium such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium.
  • the present invention can also be embodied as a computer program product.
  • the present invention aims to provide a technology that provides sufficient protection when sending files from an open environment to a closed environment isolated by an air gap, thereby improving convenience while ensuring security.
  • FIG. 1A is an explanatory diagram for explaining an overview of a conventional file exchange system
  • FIG. 1B is an explanatory diagram for explaining an overview of a file exchange system according to an embodiment of the present invention
  • 1 is a functional block diagram of an example of a file exchange system according to an embodiment of the present invention
  • FIG. 1A is an explanatory diagram for explaining an example of a file configuration according to an embodiment of the present invention
  • FIG. 1B is an explanatory diagram for explaining an example of a rule table according to an embodiment of the present invention
  • 13 is a flowchart of an example of a file migration process according to an embodiment of the present invention.
  • 1 is a diagram illustrating a hardware configuration of an example of a file exchange device according to an embodiment of the present invention.
  • FIG. 13A and 13B are diagrams showing the functional configuration of a modified example of a file exchange device according to an embodiment of the present invention.
  • FIG. 1A is an explanatory diagram for explaining an example of a rule table of another modified example of one embodiment of the present invention
  • FIG. 1B is an explanatory diagram for explaining an example of a second rule table of a modified example of one embodiment of the present invention.
  • the program is executed via a computer device, which includes, for example, a processor, a storage device, an input device, a communication interface, and, if necessary, a display device.
  • This computer device is also configured to be able to communicate, either wired or wirelessly, with internal or external devices (including computers) via the communication interface.
  • a and/or B is used to mean A or B, or A and B.
  • the file exchange system 101 of this embodiment ensures sufficient security with low load when sending files from an open environment network (open network, hereafter referred to as the open environment) to a closed environment network (closed network, hereafter referred to as the closed environment) that is protected from the open environment by an air gap.
  • open network open network
  • closed environment closed network
  • Figure 1(a) is a diagram for explaining the overview of the conventional file exchange system 900
  • Figure 1(b) is a diagram for explaining the overview of the file exchange system 101 of this embodiment.
  • a file exchange device is placed between the open environment and the closed environment.
  • An open-side folder (hereinafter, OP-side folder) that can be accessed from the file exchange device is provided in the open environment
  • a closed-side folder (hereinafter, CL-side folder) that can be accessed from the file exchange device is provided in the closed environment.
  • Files are exchanged between the two networks by the file exchange device accessing the OP-side folder and the CL-side folder, respectively.
  • a file exchange device 910 copies or moves the file in the OP-side folder 920, and then copies or moves the file to the CL-side folder 930.
  • the file exchange device 100 extracts the minimum necessary data from the file in the OP-side folder 210 and stores it in the CL-side folder 310. Then, on the closed environment side, a playback file is generated from the stored data.
  • the file exchange system 101 of this embodiment which achieves this, will be described below.
  • FIG. 2 is an overall configuration diagram of the file exchange system 101 of this embodiment.
  • the file exchange system 101 of this embodiment includes a file exchange device 100, an open environment side device (hereinafter, OP side device) 200, and a closed environment side device (hereinafter, CL side device) 300.
  • OP side device open environment side device
  • CL side device closed environment side device
  • the OP side device 200 is a device in an open environment (open network) 201 where the source of access is generally not limited. In other words, the OP side device 200 is a device that can be accessed from an external network such as the Internet.
  • the OP side device 200 of this embodiment includes an OP side folder 210 and a notification unit 220.
  • the OP-side folder 210 is a folder that can be accessed from the file exchange device 100. In this embodiment, it stores files to be sent to the CL-side device 300.
  • the notification unit 220 notifies the file exchange device 100, for example the reading unit 110 (described below), that a file has been stored in the OP-side folder 210.
  • the CL side device 300 is generally a device in a closed environment (closed network) 301 where the access source is limited.
  • the closed environment 301 is, for example, an in-house LAN (Local Area Network) or the like.
  • the CL side device 300 is configured so that it cannot be accessed from the outside (for example, via a WAN (Wide Area Network)).
  • the closed environment 301 is generally physically blocked (isolated) from the open environment 201, and is protected by a so-called air gap.
  • each CL system collects update data and fault countermeasure data, so-called patches, related to the CL system from open source and general-purpose product vendors, compares the collected information with the status of the CL system, automatically creates a treatment plan, and takes action. For this reason, the CL side device 300 of this embodiment collects this update data, patches, etc. (hereinafter collectively referred to as update data, etc.).
  • the CL side device 300 of this embodiment includes a CL side folder 310 and a playback unit 320.
  • the CL-side folder 310 is a folder that can be accessed from the file exchange device 100.
  • data is stored in the file exchange device 100, for example, by the transfer unit 120 described below.
  • the stored data is data that the file exchange device 100 has extracted from the OP-side device 200.
  • the playback unit 320 generates a playback file from the data stored in the CL side folder 310 by the file exchange device 100. Details will be described later.
  • the file exchange device 100 accesses a file stored in the OP-side folder 210, extracts only data of predetermined items from the file, and stores the data in the CL-side folder 310.
  • the file exchange device 100 of this embodiment includes a reading unit 110, a delivery unit 120, and a rule table 130.
  • the reading unit 110 selectively extracts data (extraction information) of predetermined items from files stored in the OP-side folder 210.
  • data extraction information
  • the reading unit 110 receives a notification from the notification unit 220, it accesses the OP-side folder 210 and extracts the extraction information from the stored files.
  • the extraction information includes data of predetermined items to be extracted.
  • the items to be extracted include, for example, content data, file names, and file formats.
  • the items to be extracted are predetermined and stored, for example, in the rule table 130.
  • the files transferred from the OP side device 200 to the CL side device 300 include update data and the like.
  • These files 500 include, for example, metadata 510 and content data 520 as items, as shown in FIG. 3(a).
  • Content data 520 is the content data that is the main body of file 500.
  • Metadata 510 is additional information that accompanies content data 520.
  • metadata 510 includes properties 511, which are attribute information of file 500, and control information 512.
  • Properties 511 include, for example, a file name, which is information that identifies file 500, a file format, which is information that identifies the type and storage format of data in file 500, file size, creator, header, and other information. In this embodiment, it includes at least the file name and file format.
  • Control information 512 is, for example, control codes such as tags, line feed codes, character modification codes, etc., used for communication control and for causing peripheral devices (displays, printers, etc.) to perform special operations (controls).
  • extraction target items 132 are registered for each file format 131.
  • the extraction target items 132 can be changed as desired.
  • the reading unit 110 of this embodiment first accesses the OP-side folder 210 and reads the file format 131 of the stored file 500. Then, by referring to the rule table 130, it extracts data of items registered in the extraction target items 132 in association with the read file format 131 from the file 500 stored in the OP-side folder 210.
  • the file format is docx, i.e., a Microsoft Word document
  • the file name, file format, and content data 520 are read.
  • the file format 131 is jpg, i.e., a still image data file in JPEG (Joint Photographic Experts Group) format
  • the file name, file format, resolution, and content data 520 are read.
  • the file format 131 is mp3, i.e., an audio data file compressed with MPEG (Moving Picture Experts Group) Audio Layer-3
  • the file name, file format, bit rate, and content data 520 are extracted.
  • the file format 131 is exe, i.e., a program file
  • the file name, file format, header, and content data 520 are extracted.
  • These items 132 to be extracted are determined in advance to include the minimum necessary items for using the contents of the file on the CL side device 300, and not to include items that are likely to contain malware (viruses), etc.
  • control information 512 for formatting the display and control information 512 used for communication control, etc. are excluded.
  • the transfer unit 120 stores the data extracted by the reading unit 110 in the CL side folder 310.
  • the storage timing may be a predetermined timing, or may be every time the reading unit 110 extracts data. In the following, this embodiment will be described using the latter case as an example.
  • the playback unit 320 holds in advance an application corresponding to a file format that may be transmitted. Then, using an application corresponding to the file format included in the data stored in the CL side folder 310, the data is opened and saved in that file format. As a result, the playback unit 320 generates a playback file in that file format.
  • the playback file when data in the docx file format is stored, the data is opened using Microsoft's Word application and re-saved with the file name in the data to generate a playback file.
  • the playback file for example, all metadata 510 other than the file name and file format is lost. For this reason, when the playback file is displayed on a display, for example, it may be displayed in a different manner than the file with the same name when it was stored in the OP side folder 210.
  • FIG. 4 shows the process flow when a file stored in the OP-side folder 210 of the OP-side device 200 of this embodiment is transferred to the CL-side device 300. This process is started when a file is stored in the OP-side folder 210.
  • the notification unit 220 sends a storage notification to the file exchange device 100 to notify the file exchange device 100 that the file has been stored (step S1101).
  • the reading unit 110 of the file exchange device 100 accesses the OP-side folder 210 and reads the file format (step S1102). The reading unit 110 then accesses the rules table 130 and refers to the extraction target items 132 stored in association with the read file format 131 to identify the extraction information (step S1103).
  • the reading unit 110 accesses the OP-side folder 210 and extracts the specified extracted information (data) (step S1104).
  • the transfer unit 120 then stores the extracted information (data) extracted by the reading unit 110 in the CL-side folder 310 (step S1105).
  • the playback unit 320 when the extracted information (data) is stored in the CL side folder 310, the playback unit 320 generates a playback file from the data (step S1106), assigns the file name in the extracted information, and re-saves it in that file format.
  • the transfer unit 120 When the transfer unit 120 stores the extracted information (data) in the CL-side folder 310, it deletes (erases) the extracted information (data) held within the file exchange device 100 (step S1107), and ends the process.
  • the file exchange device 100, OP device 200, and CL device 300 of this embodiment can be realized by so-called general-purpose information processing devices (computers).
  • general-purpose information processing devices computers
  • FIG. 1 An example of the hardware configuration of the file exchange device 100 is shown in FIG.
  • the file exchange device 100 of this embodiment includes, for example, a CPU (Central Processing Unit) 191, a main storage device (memory) 192, an auxiliary storage device 193, and an interface (I/F) 194, which are interconnected by an internal bus.
  • a CPU Central Processing Unit
  • main storage device main storage device
  • I/F interface
  • the CPU 191 for example, loads a program stored in the auxiliary storage device 193 into the main storage device 192 and executes it to realize the above-mentioned functions and to centrally control the entire information exchange device.
  • processors such as an MPU (Micro Processing Unit) may be used instead of the CPU 191.
  • the main memory device 192 is a memory such as a RAM (Random Access Memory).
  • the main memory device 192 is a work area used by the CPU 191 when processing programs executed by the file exchange device 100.
  • the auxiliary storage device 193 is, for example, a ROM (Read Only Memory), a HDD (Hard Disk Drive), or a SSD (Solid State Drive).
  • the auxiliary storage device 193 stores various programs executed by the file exchange device 100, data required when executing the programs, data obtained by executing the programs, and the like.
  • the rule table 130 is constructed in the auxiliary storage device 193.
  • data extracted by the reading unit 110 from the OP-side folder 210 is temporarily stored in the auxiliary storage device 193.
  • the auxiliary storage device 193 may also include storage media such as a flexible disk, a hard disk, an optical disk, a CD-ROM, a CD-R, a magnetic tape, a non-volatile memory card, a DVD, etc.
  • the program stored in the auxiliary storage device 193 can be provided as a program product recorded on a non-transitory computer-readable storage medium.
  • the auxiliary storage device 193 can be used to store various programs, such as a secure computing program, recorded on a non-transitory computer-readable storage medium for the medium to long term.
  • the I/F 194 transmits and receives signals and data via a wired or wireless connection.
  • a storage notification from the notification unit 220 is received via the I/F 194.
  • the reading unit 110 also extracts the extracted information via the I/F 194.
  • the transfer unit 120 also stores the extracted information in the CL side folder 310 via the I/F 194.
  • the I/F 194 may include, for example, a NIC (Network Interface Card) or the like.
  • a display device or an input device may be connected to the I/F 194.
  • the display device is, for example, an LCD monitor.
  • the input device is, for example, a device that accepts user operations such as a keyboard or a mouse.
  • the contents of the rule table 130 can be set arbitrarily by the user. When setting, the user may use, for example, an input device or a display device connected to the I/F 194.
  • Each of the above functions of the file exchange device 100 of this embodiment is realized by the CPU 191 loading a program stored in the auxiliary storage device 193 into the main storage device 192 and executing the program.
  • the file exchange device 100 may also include hardware not shown.
  • the OP side device 200 and the CL side device 300 each have a hardware configuration similar to that of the file exchange device 100.
  • the OP side folder 210 and the CL side folder 310 are constructed in their respective auxiliary storage devices. In addition, they accept access from the file exchange device 100 via an I/F. In addition, various data generated during processing is stored in the main storage device or the auxiliary storage device.
  • the programs that realize the above-mentioned functions of the file exchange device 100, OP side device 200, and CL side device 300 of this embodiment can be recorded on a computer-readable storage medium.
  • the storage medium can be a non-transient medium such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium.
  • the present invention can also be embodied as a computer program product.
  • Transferring files from the closed environment 301 to the open environment 201 is performed by copying or moving the files as usual.
  • the reading unit 110 accesses the CL-side folder 310 and copies or moves the file.
  • the copy or move destination is, for example, a temporary storage area provided in the auxiliary storage device 193 of the file exchange device 100.
  • the transfer unit 120 then stores the file saved in the temporary storage area by moving it to the OP-side folder 210.
  • the file exchange device 100 of the file exchange system 101 of this embodiment includes a reading unit 110 that extracts predetermined extraction information from a file stored in the OP-side folder 210 (first folder) of the OP-side device 200 in the open environment 201, and a transfer unit 120 that stores the extracted extraction information in the CL-side folder 310 (second folder) of the CL-side device 300 in the closed environment 301.
  • a file in the OP-side folder 210 includes content data 520 and metadata 510 associated with the content data 520.
  • the extraction information includes the content data 520 and information from the metadata 510 that identifies the file name and file format.
  • the file exchange system 101 of this embodiment only the content data 520 and the minimum data required to identify the file are extracted from the file stored in the OP-side folder 210. In other words, most of the metadata 510, which may contain malware, etc., is not received. This reduces the possibility that malware such as viruses will be brought into the closed environment 301 through file exchange. According to this embodiment, a highly secure file can be handed over to the closed side through the simple process of transferring only the minimum amount of data, without complex processing such as encryption or security checks.
  • update data can be collected automatically, quickly, and safely without human intervention, providing high convenience.
  • the file exchange device 100 includes a rule table 130, and extracts data of extraction target items 132 that are predefined for each file format 131 as extraction information.
  • the present invention is not limited to this method.
  • the extraction target items may be uniformly defined regardless of the file format.
  • the extraction target items may be the content data 520, the file name, and the file format.
  • the rule table 130 may not be provided.
  • items to be extracted may be associated with conditions other than file format.
  • the CL side device 300 includes the playback unit 320, which generates a playback file from the data (extracted information) stored in the CL side folder 310 by the delivery unit 120, but this configuration is not limited to this.
  • the CL side device 300 may not include the playback unit 320 and may hold the stored data (extracted information) in the CL side folder 310 as is. In this case, when the data (extracted information) is used in each system in the closed environment 301, the information is read by an application corresponding to the file format.
  • the playback unit 320 may also be included in the file exchange device 100.
  • An example of the functional configuration of the file exchange device 100a in this case is shown in FIG. 6(a).
  • the file exchange device 100a includes a reading unit 110, a transfer unit 120, a rules table 130, and a playback unit 150.
  • the rule table 130 and the reading unit 110 have the same functions as in the above embodiment.
  • the playback unit 150 basically has the same functions as the playback unit 320 of the above embodiment. In other words, it has applications that support various file formats. Then, it uses an application that corresponds to the file format included in the data (extracted information) read by the reading unit 110, opens the data, assigns the file name included in the extracted information, and saves it in that file format, thereby generating a playback file in that file format.
  • the transfer unit 120 stores the playback file generated by the playback unit 150 in the CL side folder 310.
  • the reading unit 110 may also read the file stored in the OP-side folder 210 as is, and after reading, extract the data of the extraction target items 132 as extraction information according to the rule table 130 within the file exchange device 100.
  • the file exchange device 100b may also include an inspection unit 140.
  • the inspection unit 140 performs a security check (virus check) on the data read by the reading unit 110 to determine whether or not there is a virus, etc. Then, if the inspection unit 140 determines that there is no virus, etc. and that the data is safe, the delivery unit 120 stores the data (extracted information) read by the reading unit 110 in the CL-side folder 310.
  • the inspection unit 140 is provided and performs a virus check on the data read by the reading unit 110 as extracted information, thereby further enhancing safety.
  • the inspection unit 140 performs a virus check only on the data items read as extracted information, thereby reducing the processing load of the virus check.
  • the inspection unit 140 does not have to perform a virus check on all data read by the reading unit 110. For example, it may be determined in advance whether or not to perform a virus check depending on the file format. Specifically, if the file format corresponds to a program file such as an exe file, a virus check is performed, and if the file format is other than that, a virus check is not performed, etc.
  • the reading unit 110 reads at least the file name and the file format from the metadata 510.
  • the reading unit 110 may be configured to further read the source of creation.
  • the metadata 510 (items to be extracted) read by the reading unit 110 may be determined for each source of creation.
  • FIG. 7(a) An example of the rule table 130a in this case is shown in FIG. 7(a).
  • extraction target items 132 are registered in association with the creation source 131a. For example, if all metadata 510 is to be extracted, "all" may be registered as the extraction target items 132.
  • the reading unit 110 may also be configured to change the processing (processing mode) depending on the creation source.
  • a processing mode 162 may be determined according to the creation source 161, and may be registered as a second rule table 160 in, for example, the auxiliary storage device 193.
  • the reading unit 110 reads the content data 520 and all metadata 510 and passes them to the transfer unit 120 (mode A). For a file created by a creator determined to be of medium security, the reading unit 110 extracts the content data 520 and data of the extraction target items 132 corresponding to the file format 131 specified in the rule table 130, as in the above embodiment, and passes them to the transfer unit 120 (mode B). For files created by other creators, the content data 520 and data of the extraction target items 132 corresponding to the file format 131 specified in the rule table 130 are extracted, inspected by the inspection unit 140, and passed to the transfer unit 120 only if they pass (mode C).
  • the OP-side device 200 includes a notification unit 220, which notifies the file exchange system 101 that data has been stored in the OP-side folder 210, which triggers the reading unit 110 to access the OP-side folder 210 and extract the necessary data.
  • the timing of access to the OP-side folder 210 is not limited to this.
  • the reading unit 110 may access the OP-side folder 210 at a predetermined time interval, and if there are any unread files, read them. In this case, the notification unit 220 may not be necessary.
  • the transfer unit 120 stores the data or the data inspected by the inspection unit 140 in the CL side folder 310, but the storage timing is not limited to this.
  • the extracted information or inspected data extracted by the reading unit 110 is temporarily stored in the auxiliary storage device 193 of the file exchange device 100. Then, the transfer unit 120 extracts the extracted information etc. from the auxiliary storage device 193 at a predetermined time interval and stores it in the CL side folder 310. At this time, the reproduction file may be generated and then stored.
  • the OP-side folder 210 and the notification unit 220 are included in the OP-side device 200 in the open environment 201, but the present invention is not limited to this.
  • the OP-side folder 210 and the notification unit 220 may each be an independent device.
  • the open environment 201 may each be configured to include an OP-side folder device and a notification device that are connected via a network or the like.
  • the CL side folder 310 and the playback unit 320 may each be independent devices.
  • the closed environment 301 includes a CL side folder device and a playback device.
  • Appendix 1 a reading unit that extracts predetermined extracted information from a file stored in a first folder in an open network;
  • a transfer unit that stores the extracted information in a second folder in a closed network, the file includes content data and metadata associated with the content data;
  • a file exchange device wherein the extracted information includes the content data and information from the metadata that identifies a file name and a file format.
  • Appendix 2 2.
  • the metadata includes information about the origin of the file, It is preferable that the metadata extracted as the extracted information is predetermined for each creator of the file.
  • a verification unit that verifies the safety of the extracted information, It is preferable that, when the safety is confirmed by the inspection section, the delivery section stores the extracted information in the second folder.
  • the metadata includes information about the origin of the file, The inspection unit inspects the safety of files whose creators are other than a predetermined creator.
  • the computer system further comprises a playback device that is disposed within the closed network and plays back the file from the extracted information in the second folder.
  • a playback device that is disposed within the closed network and plays back the file from the extracted information in the second folder.
  • a notification device that is disposed within the open network and that notifies the file exchange device that the file has been stored in the first folder; It is preferable that the reading unit accesses the first folder when the reading unit receives a notification from the notification device. (Appendix 11) 1.
  • a computer-implemented method for exchanging files between an open network and a closed network comprising: Extracting predetermined extracted information from a file stored in a first folder in the open network; storing the extracted information in a second folder in the closed network; the file includes content data and metadata associated with the content data; A file exchange method, wherein the extracted information includes the content data and information among the metadata that identifies a file name and a file format.
  • Appendix 12 On the computer, extracting, from a file stored in a first folder in the open network, the file including content data and metadata associated with the content data, predetermined extraction information including the content data and information among the metadata that identifies a file name and a file format; and storing the extracted information in a second folder within a closed network.
  • each of the embodiments of Supplementary Notes 11 and 12 can be expanded into the embodiments of Supplementary Notes 2-7 in the same manner as the embodiment of Supplementary Note 1.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
PCT/JP2023/010923 2023-03-20 2023-03-20 ファイル交換装置、ファイル交換システム、ファイル交換方法およびプログラム Ceased WO2024194993A1 (ja)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2025507966A JPWO2024194993A1 (https=) 2023-03-20 2023-03-20
PCT/JP2023/010923 WO2024194993A1 (ja) 2023-03-20 2023-03-20 ファイル交換装置、ファイル交換システム、ファイル交換方法およびプログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2023/010923 WO2024194993A1 (ja) 2023-03-20 2023-03-20 ファイル交換装置、ファイル交換システム、ファイル交換方法およびプログラム

Publications (1)

Publication Number Publication Date
WO2024194993A1 true WO2024194993A1 (ja) 2024-09-26

Family

ID=92841137

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2023/010923 Ceased WO2024194993A1 (ja) 2023-03-20 2023-03-20 ファイル交換装置、ファイル交換システム、ファイル交換方法およびプログラム

Country Status (2)

Country Link
JP (1) JPWO2024194993A1 (https=)
WO (1) WO2024194993A1 (https=)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003085073A (ja) * 2001-09-07 2003-03-20 Nippon Telegr & Teleph Corp <Ntt> ファイルダウンロード支援ファイルサーバ、同ダウンロード端末、同方法及び同プログラム並びに該プログラムを記録した記録媒体
JP2015181031A (ja) * 2008-12-18 2015-10-15 シマンテック コーポレーションSymantec Corporation マルウェアを示すヘッダフィールド属性の識別をコンピュータで実現する方法およびシステム
JP2016025657A (ja) * 2014-07-17 2016-02-08 パロ アルト リサーチ センター インコーポレイテッド 再構築可能なコンテンツオブジェクト
JP2020042689A (ja) * 2018-09-13 2020-03-19 株式会社リコー 中継装置、システム、および方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003085073A (ja) * 2001-09-07 2003-03-20 Nippon Telegr & Teleph Corp <Ntt> ファイルダウンロード支援ファイルサーバ、同ダウンロード端末、同方法及び同プログラム並びに該プログラムを記録した記録媒体
JP2015181031A (ja) * 2008-12-18 2015-10-15 シマンテック コーポレーションSymantec Corporation マルウェアを示すヘッダフィールド属性の識別をコンピュータで実現する方法およびシステム
JP2016025657A (ja) * 2014-07-17 2016-02-08 パロ アルト リサーチ センター インコーポレイテッド 再構築可能なコンテンツオブジェクト
JP2020042689A (ja) * 2018-09-13 2020-03-19 株式会社リコー 中継装置、システム、および方法

Also Published As

Publication number Publication date
JPWO2024194993A1 (https=) 2024-09-26

Similar Documents

Publication Publication Date Title
US10079835B1 (en) Systems and methods for data loss prevention of unidentifiable and unsupported object types
US9984006B2 (en) Data storage systems and methods
US9519794B2 (en) Desktop redaction and masking
US8219766B1 (en) Systems and methods for identifying the presence of sensitive data in backups
EP3252623B1 (en) System and method for a networked document management system with reduced storage requirements
JP2011100457A (ja) 複数のアプリケーションが使用するオブジェクト関連データを処理し管理するシステムおよび方法
EP2081127A1 (en) Controller for controlling logical volume-related settings
CN102323930B (zh) 对数据库系统中的数据变更进行镜像
US10354091B2 (en) Data processing system capable of securing files
US8655841B1 (en) Selection of one of several available incremental modification detection techniques for use in incremental backups
US8863304B1 (en) Method and apparatus for remediating backup data to control access to sensitive data
JP4837378B2 (ja) データの改竄を防止する記憶装置
US20210019442A1 (en) Sensitive data redaction in memory dump
US7900260B2 (en) Method for lifetime tracking of intellectual property
JP4516598B2 (ja) 文書のコピーを制御する方法
US12242609B2 (en) Exact restoration of a computing system to the state prior to infection
CN107832021A (zh) 一种电子证据固定方法、终端设备及存储介质
WO2024194993A1 (ja) ファイル交換装置、ファイル交換システム、ファイル交換方法およびプログラム
CN105279454B (zh) 安全同步装置及方法
JP5156559B2 (ja) 電子計算機のデータ管理方法、そのためのプログラム
KR100948386B1 (ko) 컴퓨터 시스템의 원본 보존 장치 및 방법
GB2561862A (en) Computer device and method for handling files
JP5047664B2 (ja) 電子文書管理装置、コンピュータプログラム、及び電子文書管理方法
EP4577930B1 (en) Methods and apparatuses for protecting file system and backup data from steganography attacks
JP6690453B2 (ja) 情報処理装置及びプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23928576

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2025507966

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2025507966

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 23928576

Country of ref document: EP

Kind code of ref document: A1