JP3860420B2 - Communication device - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to information communication security.
[0002]
[Prior art]
Conventionally, when electronically exchanging information using a network, authentication for confirming a communication partner has been performed. In addition, a credit service or the like for inquiring a communication partner and confirming its reliability is provided. In addition, encryption technology for securing the communication path is used.
[0003]
Furthermore, a check service and a hacking service for confirming the safety of the system are also provided. This is, for example, a service that hacks an attempt on a system to be confirmed.
[0004]
However, conventionally, no method has been provided for the system to confirm the safety of the communication partner. For this reason, even if the communication partner is authenticated or the safety of the communication path is guaranteed, the partner may have a security hole. And there was a risk of information leaking from the communication partner to a third party. In addition, there is a risk that a third party may impersonate through the communication partner. Due to such fears, information exchange with a specific partner system may not be freely performed.
[0005]
[Problems to be solved by the invention]
The present invention has been made in view of such problems of the conventional technology. That is, the subject of this invention is providing the technique which communicates, after confirming the safety | security of a communicating party.
[0006]
[Means for Solving the Problems]
The present invention employs the following means in order to solve the above problems. That is, the present invention is a communication device (A) that electronically transmits or receives information using a network,
A communication unit (7) for accessing the network and a control unit (2) for controlling communication;
The control unit (2) inquires of the partner device (B) about the system information of the partner device (B) that is the partner of information transmission / reception, and determines whether or not to perform subsequent transmission / reception based on the system information. Judgment.
[0007]
Preferably, the system information includes information related to the safety of the counterpart device (B),
The control unit (2) may determine whether or not the counterpart device (B) is secured to a predetermined degree.
[0008]
Preferably, the control unit (2) may notify the partner device (B) of the fact or reason when it is determined that the safety of the partner device (B) is not ensured to a predetermined level. .
[0009]
Preferably, the communication device (A) further includes an information item management unit (5) that manages the relationship between the type of information to be transmitted and received and the item of system information to be queried.
The control unit (2) may select an item of system information from the information item management unit (5) according to the type of information to be transmitted / received, and make an inquiry to the counterpart device (B).
[0010]
Preferably, the control unit (2) further includes an acquisition information management unit (5) for managing acquired system information,
The control unit (2) refers to the acquisition information management unit (5) and inquires whether or not the acquired system information has been updated in the counterpart device (B). System information may be obtained.
[0011]
Preferably, the acquisition information management unit (5) manages the date and time when the information is acquired for each item of system information,
The said control part (2) may add the acquisition date to the item of the acquired system information, and may inquire the other party apparatus (B).
[0012]
Preferably, the control unit (2) may verify the counterpart device (B) based on the system information obtained from the counterpart device (B).
[0013]
Preferably, the control unit (2) transmits a test packet for verifying the obtained system information from the communication unit to the partner apparatus (B), and determines whether or not a response to the test packet is valid. The counterpart device (B) may be verified by
[0014]
The present invention also provides a communication device (22) that performs processing of the transmission source device (A) when electronic information is transmitted or received from the transmission source device (A) to the counterpart device (B). ,
A communication unit (7) for accessing the network and a control unit (2) for controlling communication;
The communication unit (7) receives a command from the transmission source device (A),
In accordance with the command, the control unit (2) inquires the counterpart device (B1, B2) about the system information related to the counterpart device (B1, B2), and performs subsequent transmission / reception based on the system information. It may be a judgment.
[0015]
Preferably, the control unit (2) replaces the partner device (B1, B2) with the partner device (B1, B2) instead of the partner device (B1, B2). The system information may be inquired.
[0016]
The present invention is a communication device (B) that electronically transmits or receives information using a network,
A communication unit (7) for accessing the network; a control unit (2) for controlling communication; and an information management unit (5).
The communication unit (7) receives an inquiry about the system information related to the communication device (B) from the counterpart device (A),
The information management unit (5) manages system information to be inquired,
The control unit (2) may search the system information of the information management unit (5) in response to the inquiry and reply from the communication unit (7).
[0017]
Preferably, the control unit (2) may return the updated system information and the unanswered system information in the returned system information.
[0018]
Preferably, the communication device (B) further includes an update history management unit (5) for managing the date and time when the system information is updated,
The communication unit (7) receives the current inquiry and the previous response date and time for the inquiry,
The control unit (2) may compare the previous response date with the updated date and return the system information updated after the previous response date.
[0019]
Preferably, the communication device (B) includes a transmission source device (A), a response history management unit (5) that manages items of system information inquired by the transmission source device (A) and a response date and time for the inquiry,
An update history management unit (5) for managing the date and time when the system information is updated;
When there is an inquiry from the transmission source device (A), the control unit (2) compares the response date / time for the inquiry with the date / time when the system information was updated, and updated system information after the previous response date / time. You may reply.
[0020]
Preferably, the control unit (2) may determine whether or not to reply to the system information in response to the inquiry, and may not reply to the system information that is determined not to be answered.
[0021]
Preferably, the communication device (B) further includes an input / output unit (6) that prompts the system administrator to make a decision,
The control unit (2) determines whether or not system information can be answered in response to an inquiry, and prompts the system administrator to determine whether or not the system information can be answered via the input / output unit (6) for the system information that cannot be determined as to whether or not to reply. Also good.
[0022]
Preferably, the communication device (B) further includes an input / output unit (6) that prompts the system administrator to make a decision,
The control unit (2) determines whether or not system information can be answered in response to the inquiry, does not reply to system information that is determined not to be answered, and determines whether or not to reply to the system administrator for system information that cannot be determined whether or not to reply You may be prompted.
[0023]
Preferably, the communication device (B) further includes a transmission source management unit (5) for managing information related to the attribute of the transmission source device (A),
The control unit (2) searches the transmission source management unit (5), determines whether or not system information can be returned according to the transmission source device (A), and does not return system information that is determined to be unresponsive. You may do it.
[0024]
Preferably, the communication device (B) further includes an input / output unit (6) that prompts the system administrator to make a decision,
The control unit (2) searches the transmission source management unit (5), determines whether system information can be returned according to the transmission source device (A), and returns a response to the transmission source device (A). The system administrator may be prompted to determine whether or not to reply to system information that cannot be determined.
[0025]
Preferably, the communication device (B) includes a transmission source management unit (5) that manages information relating to the attribute of the transmission source device (A),
An input / output unit (6) for prompting the system administrator to make a decision;
The control unit (2) searches the transmission source management unit (5), determines whether or not system information can be replied according to the transmission source device (A), and returns the system information that is determined to be unresponsive. For system information for which it is not possible to determine whether or not to reply, the system administrator may be prompted to determine whether or not to reply.
[0026]
Further, the present invention is a communication device (24) acting as a proxy for a system information inquiry from a transmission source device (A) to a partner device (B),
A communication unit (7) for accessing the network, a control unit (2) for controlling communication, and an information management unit (5C),
The communication unit (7) receives an inquiry about the system information related to the counterpart device (B) from the transmission source device (A),
The information management unit (5C) manages system information to be inquired about the counterpart device (B),
The control unit (2) may search the system information of the information management unit (5C) in response to the inquiry and reply from the communication unit instead of the counterpart device (B).
[0027]
Preferably, the communication unit (7) receives an inquiry of system information from the proxy device (22) acting on behalf of the source device (A) instead of the source device (A), and sends the inquiry to the proxy device. You may make it reply.
[0028]
Further, the present invention is a communication method for electronically transmitting or receiving information using a network,
A step (S1) of inquiring the partner apparatus (B) for system information related to the partner apparatus (B) that is a partner of information transmission and reception;
A determination step (S3, S5) for determining whether to perform subsequent transmission / reception based on the system information may be included.
[0029]
Further, the present invention is a communication method that performs processing of the transmission source device (A) when electronic information is transmitted or received from the transmission source device (A) to the counterpart device (B1, B2).
Receiving a command from the transmission source device (A) (S100);
In accordance with the command, an inquiry step (S101) for inquiring the counterpart device (B1, B2) for system information related to the counterpart device (B1, B2);
And a step (S103, S105) for determining whether or not to perform subsequent transmission / reception based on the system information.
[0030]
The present invention is a communication method for electronically transmitting or receiving information using a network,
A receiving step (S1) for receiving an inquiry about system information from the transmission source device (A);
Retrieving system information for the inquiry (S22, S23);
A response step (S28) for returning the system information.
[0031]
In addition, the present invention is a communication method for acting a response to an inquiry about system information from a transmission source device (A) to a partner device (B1, B2),
A receiving step (S101) for receiving an inquiry of system information related to the counterpart device (B1, B2) from the transmission source device (A);
In response to the inquiry, a step (S102) of searching for system information related to the counterpart device (B1, B2);
It may have a step (S102) of replying from the communication unit in place of the counterpart device (B1, B2).
[0032]
Further, the present invention may be a computer-readable recording medium recorded with a program that causes a computer to realize the above functions.
[0033]
As described above, according to the present invention, the security level of the communication partner can be checked, and the risk of unauthorized access due to information leakage or spoofing through the communication partner when exchanging information is reduced. Further, by automating the management of such system information using a database, the burden on the administrator is reduced.
[0034]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of the present invention will be described below with reference to the drawings.
[0035]
<< First Embodiment >>
A first embodiment of the present invention will be described with reference to the drawings of FIGS.
[0036]
FIG. 1 is a configuration diagram of an information system for confirming a security level, FIG. 2 is a diagram showing a data structure of an inquiry item management database shown in FIG. 1, and FIG. FIG. 4 is a diagram showing a data structure of an acquired data management database for managing acquired data. FIG. 4 shows a data structure of a reply availability database for the reply side system shown in FIG. FIG. 5 is a diagram showing a data structure of a security data management database for managing security data returned by the response side system, and FIG. 6 shows a communication procedure between the inquiry side system and the response side system. FIG. 7 is a flowchart showing details of the security data inquiry process shown in FIG. FIG. 8 is a flowchart showing details of the security data reply process shown in FIG. 6, FIG. 9 is a flowchart showing details of the security determination process shown in FIG. 6, and FIG. FIG. 11 is a diagram illustrating a data structure of a response history management database according to a modified example of the first embodiment, and FIG. 11 is a diagram illustrating a process for confirming the date and time when information was provided in the past and the modified date and time in the modified example of the first embodiment; It is.
[0037]
<System configuration>
FIG. 1 is a configuration diagram of an information system for confirming a security level when exchanging information between systems. This information system includes a system A that provides information, a system B that receives information, and administrator terminals 12 and 13.
[0038]
The system A is configured by a personal computer, for example. When providing information, the system A inquires security information from an information provider (also referred to as an information acquisition side) in advance in order to determine the security level of the provider. A system that makes such an inquiry is called an inquiry system.
[0039]
On the other hand, the system B receiving the information responds to this inquiry. In this embodiment, such a system is called a response side system. This system B is also constituted by a personal computer, for example.
[0040]
Further, after receiving the information, the system B inquires of the system A about security data in order to determine whether or not the received information can be trusted. Therefore, the system B also functions as an inquiry side system.
[0041]
At this time, the system A responds to the inquiry. Therefore, the system A also functions as a response side system.
[0042]
System A and system B are connected to administrator terminals 12 and 13, respectively. Problems that cannot be determined in the system A are transferred to the administrator terminal 12. In addition, problems that cannot be determined in the system B are transferred to the administrator terminal 13. Such a problem is left to the judgment of each administrator.
[0043]
As shown in FIG. 1, the system A includes a central control unit 2 that controls each component of the system A, an information processing unit 3 that is configured by an application program for information processing, and that executes information processing. A security data check unit 4 that determines a security level, a database 5 that provides various types of information, an input / output unit 6 that communicates with the administrator terminal 12, a system B that provides access to a network, and the like And a network interface 7 for communication.
[0044]
The central control unit 2 is a so-called CPU and executes various programs to provide the functions of the system A.
[0045]
The information processing unit 3 is various application programs that are loaded on a memory (not shown) and executed by the central control unit 2. These application programs include, for example, a program that executes communication with the system B.
[0046]
The security data check unit 4 inquires of a providing destination to which information is provided from the information processing unit 3, for example, the system B, and determines its security level.
[0047]
The database 5 includes an inquiry item management database and an acquired data management database. These databases are used when system A functions as an inquiry system.
[0048]
The inquiry item management database manages items of security data that the security data check unit 4 inquires of the responding system. The acquired data management database manages security data that has been previously returned from the responding system.
[0049]
Further, the database 5 includes a reply availability database and a security data management database. These databases are referenced when system A functions as a responder system.
[0050]
The response availability database is used to determine whether it is possible to return security data or the like that has been queried from the inquiry side system to the inquiry side system.
[0051]
The security data management database manages security data of the system A itself. In this database, information to be responded to inquiries is managed.
[0052]
The input / output unit 6 executes communication with the administrator terminal 12 according to a command from the central control unit 2. The network interface 7 communicates with the system B or the like according to a command from the central control unit 2.
[0053]
The configuration of the system B is the same as the configuration of the system A. Therefore, the description of the configuration of the system B is omitted.
[0054]
<Data structure>
FIG. 2 shows the data structure of the inquiry item management database. When sending and receiving information between systems, the information source system (corresponding to the inquiry side system) refers to this database and provides information to the information acquisition side system (equivalent to the response side system) before providing the information. To decide.
[0055]
In addition, after obtaining the information, the system receiving the information (corresponding to the inquiry side system) refers to this database to determine whether the information can be trusted, and the information providing side system (response) Item to be inquired).
[0056]
The inquiry item management database is configured in a table format. Each row of this table has a type of information to be exchanged and a field of necessary security data items.
[0057]
The types of information exchanged include, for example, “transactions of less than 10 million yen”, “transactions of 10 million yen or more”, “confidential information with related parties”, “information A”, etc. Is described.
[0058]
On the other hand, necessary security data items include, for example, “OS”, “password encryption”, “log audit”, “item A”, “open port”, “anti-virus”, and the like.
[0059]
Here, “OS” is a designation for inquiring about the type of OS. “Password encryption” is a designation for inquiring whether or not there is a password encryption function.
[0060]
“Log audit” is a designation for inquiring whether there is an audit function for auditing the accumulated communication log and the frequency of the audit. “Open port” is a designation for inquiring about a port number for which an application layer protocol for processing received data is set.
[0061]
In FIG. 2, “OS” and “password encryption” are specified as items of security data in the line of “transaction less than 10 million yen”. In this case, when the inquiry-side system provides information related to a transaction of less than 10 million yen, the inquiry-side system inquires about the type of OS and the presence or absence of the password encryption function.
[0062]
FIG. 3 shows the data structure of the acquired data management database. This table is used for managing security data obtained from the responding system by the inquiring system.
[0063]
The obtained data management database is configured in a table format. Each row of this table has fields of a responding system, items, acquisition date / time, and acquisition security data.
[0064]
The responding system is information that uniquely identifies the system that has returned the acquired data. This is, for example, a host name on the network. The system may be described using an IP (Internet Protocol) address or a MAC (Media Access Control) address instead of the host name.
[0065]
The item is the type of security data obtained. For example, “OS”, “open port”, “log audit frequency”, “item A”, “password encryption”, and the like.
[0066]
The date and time of acquisition is the date and time when the information was acquired. The obtained security data describes the obtained data. For example, Windows NT SP5 (Windows NT is a trademark of US Microsoft Corporation) is recorded for the item “OS”. In addition, 7, 23, 80, etc. are recorded for the item “open port”. Further, once / one day is designated for the item “log audit frequency”.
[0067]
FIG. 4 shows the data structure of the reply availability database. This database is used in the answering system to determine whether a reply to the inquiry is possible. This reply availability database is configured in a table format.
[0068]
Each row of this table has fields for inquiry system, item, and decision.
[0069]
The inquiry system is information that uniquely identifies the inquiry system. The item is the type of security data to be inquired. In the judgment, whether or not a response is possible is described.
[0070]
In FIG. 4, for example, “X”, that is, a reply impossible is specified for an inquiry from the system A to the item “OS”. In addition, in response to an inquiry from the system A regarding the item “open port”, “Yes”, that is, “response possible” is designated.
[0071]
In addition, in response to an inquiry about the item “OS” from the system C, Δ, that is, determination is impossible. In this case, the response side system, for example, the system B, inquires of the administrator terminal 13 about whether or not the response is possible and receives an instruction from the administrator.
[0072]
FIG. 5 shows the data structure of the security data management database. This database is used by the responding system to manage security data. The response side system responds to the inquiry from the inquiry side system with reference to this database.
[0073]
The security data management database is configured in a table format. Each row of this table has fields for items, security data, and update date / time.
[0074]
Among these items, items and security data are the same as the items and obtained security data in the obtained data management database shown in FIG.
[0075]
The update date / time is the update date / time of each security data. In FIG. 5, for example, it can be seen that the OS of this responding system was updated at 11:00 on January 13, 2000 to become Windows NT SP5. It can also be seen that the “open port” is set to 7, 23, 80 at 12:24 on March 31, 2000.
[0076]
<Action and effect>
FIG. 6 shows a communication procedure between the system A on the information providing side and the system B on the information obtaining side. In FIG. 6, before system A provides information to system B, the security of system B is verified. If the security is confirmed to be sufficient, system A provides information to system B.
[0077]
On the other hand, the system B conversely verifies the security of the system A to confirm whether or not the obtained information can be trusted.
[0078]
In FIG. 6, first, the system A queries the system B for security data (S1). Then, the system B returns corresponding security data (S2).
[0079]
Next, the system A executes a security determination process (S3). That is, the system A determines whether the security of the system B is sufficient based on the returned security data. When the security of the system B is not sufficient (in the case of NG in S3), the system A ends the process.
[0080]
On the other hand, when the security is sufficient (in the case of OK in S3), the system A transmits a test packet for verifying the obtained security data (S4). Based on the response to the test packet, it is determined whether or not the security data is correct (S5).
[0081]
For example, when the obtained security data item is “open port” and the obtained data is 7, 23, or 80, a packet of that port number is transmitted, and it is confirmed whether a response is returned. is there. Further, it may be confirmed that there is no response to a packet other than the port number.
[0082]
For example, nmap is known as an application for obtaining the type of OS of the partner system. nmap is described on the Internet homepage, http://www.insecure.org/nmap/index.html. For example, nmap sends a packet to a port connected to the application layer such as telnet or ftp to the other system, and collects a banner returned before logging into the system. With such a procedure, nmap obtains the OS type of the partner system. This is because such a banner includes the type and version of the OS.
[0083]
In addition, regarding the presence or absence of password encryption, the frequency of log audits, etc., the third party that conducts system audits is inquired. The information providing system and the providing system need only notify each other of the third party that conducts its own audit.
[0084]
If the security data is not correct as a result of the test packet confirmation as described above, the system A ends the process. On the other hand, when it is confirmed that the security data is correct, the system A provides information (S6). This is, for example, transmission of transaction information, transmission of related party confidential information, transmission of specific information, and the like.
[0085]
As a result, the system B obtains the information (S7). Next, the system B queries the system A for security data (S8). This is to confirm whether or not the obtained information can be trusted.
[0086]
In response to this, the system A returns security data (S9). Then, the system B executes a security determination process to confirm the security of the system A based on the obtained security data (SA).
[0087]
As a result, when the security of the system A is insufficient (when the SA processing result is NG), the system B ends the processing. On the other hand, when the security of the system A is sufficient (when the SA processing result is OK), a test packet for verifying the security data is transmitted to the system A (SB). Then, the system B confirms whether the security data is correct (SC). The processing of SB and SC is the same as the processing of S4-S5 in system A.
[0088]
As a result of the confirmation in the SC determination, if the security data of the system A is not correct, the system B ends the process. On the other hand, when it is confirmed that the security data of the system A is correct, the system B trusts and uses the provided security data.
[0089]
FIG. 7 shows details of the security data inquiry process (S1 or S8 in FIG. 6). Now, in FIG. 7, it is assumed that the system A makes an inquiry to the system B (the process of S1 in FIG. 6).
[0090]
First, the inquiry-side system A refers to the inquiry item management database and determines the item of security data to be inquired according to the information content to be transmitted / received (S11).
[0091]
Next, the system A determines whether or not the security data item to be inquired is registered in the obtained data management database (S12). In the acquired data management database, items of security data inquired in the past are recorded together with the acquisition date and time of the security data.
[0092]
Then, for the item registered in the acquired data management database, the system A inquires of the system B whether the data corresponding to the item has been changed (S13). This inquiry is made by attaching the date and time (time data) when the previous data was acquired to the inquiry item.
[0093]
On the other hand, for items not registered in the acquired data management database, the system A directly inquires of the system B (S14). The above has been described on the assumption that the system A makes an inquiry to the system B (the process of S1 in FIG. 6), but the same applies to the case where the system B makes an inquiry to the system A (the process of S8 in FIG. 6).
[0094]
FIG. 8 shows details of the security data response process (the process of S2 or S9 of FIG. 6). In FIG. 8, the case where security data is returned from system B to system A (the process of S2 in FIG. 6) is assumed.
[0095]
First, the system B checks the inquiry source system and recognizes that the inquiry source is the system A (S21). Next, the system B checks the inquiry item (S22).
[0096]
Next, the system B refers to the reply availability database (S23), and determines whether or not the combination of the inquiry source and the inquiry item can be answered (S24). When the inquiry source and the inquiry item stipulate that “response is allowed” in the response availability database, the system B refers to the security data management database to check the security of the item to be inquired. The data is referred to (S26).
[0097]
Next, when the date and time when security data was provided in the past is added to the inquiry, the system B confirms the date and time provided in the past and the date and time when the security data was changed by the system B (S27). ).
[0098]
If the security data has not been provided in the past (data provided for the first time), or if the security data has been changed after that, the system B returns the security data ( S28).
[0099]
On the other hand, if the security data has not been changed after being provided to the system A in the past, the system B responds to the system A that there is no change (S29).
[0100]
Further, when the inquiry source and the inquiry item stipulate that “Do not reply” in the reply availability database in the determination of S24, the system B returns the inquiry target security data to the system A. Reply (S2A).
[0101]
If it is determined in S24 that the inquiry source and the inquiry item stipulate that “response is not possible” in the response availability database, the system B sends a message asking the administrator terminal 13 whether the response is possible. And sends an administrator's command (S25).
[0102]
When the command from the administrator is “you can reply”, the system B responds to the system A by the processing of S26 and subsequent steps. On the other hand, when the command from the administrator is “Do not reply”, the system B replies that it cannot reply to the system A (S2A).
[0103]
FIG. 9 shows details of the security determination process (the SA process in FIG. 6). FIG. 9 illustrates a case where the system B determines information obtained from the system A.
[0104]
First, the system B checks the response content regarding the security data item from the system A (SA1). Next, the system B registers the response content and the acquisition date and time in the acquisition data management database (SA2).
[0105]
Next, the system B determines whether or not there is a problem in the response content (SA3). This is a process for determining the security level of the system A from the response content. When there is no problem in the response contents (when the processing result of SA3 is “no problem”), the system B determines that the security level of the system A is sufficient (OK) (SA5).
[0106]
Further, when there is a problem in the response content (when the processing result of SA3 is “problematic”), the system B notifies the other party (system A) of the fact and reason that the security level is insufficient (SA6). Thereby, the system B determines that the processing result is NG.
[0107]
Further, when it is not known whether there is a problem in the response content (when the processing result of SA3 is “I don't know”), the system B sends a message requesting the administrator terminal 13 to determine the security level of the system A. Then, the administrator's judgment is requested (SA4).
[0108]
When the administrator's judgment is “no problem”, the system B judges that the security level of the system A is sufficient (OK) (SA5). On the other hand, if the administrator's judgment is “problem”, the system B notifies the partner (system A) of the fact and reason that the security level is insufficient (SA6). Thereby, the system B determines that the processing result is NG.
[0109]
As described above, according to the information system of the present embodiment, the partner system that is the partner of information transmission / reception is inquired of the partner system. Then, each system determines whether or not to perform subsequent transmission / reception based on the security data. As a result, it is possible to avoid continuation of communication when the security level of the partner system is insufficient.
[0110]
Further, according to this information system, when it is determined that the security level of the response side system is insufficient, the inquiry side system notifies the response side system of the fact and reason. Thereby, the responding system system can recognize its own security flaw.
[0111]
Further, according to the information system, necessary security items are defined in the inquiry item management database in accordance with information exchanged. Thereby, each system can determine an appropriate inquiry item according to the information exchanged.
[0112]
Further, according to the present information system, the response side system has a security data management database for managing security data to be returned in response to an inquiry from the inquiry side system. As a result, the response side system can centrally manage the security data to be returned.
[0113]
Further, according to this information system, the response side system has a response availability database for determining whether or not a response to the inquiry is possible. As a result, the answering system can determine whether or not to reply to the inquiry from the relationship between the inquiry system and the inquiry content.
[0114]
In the present embodiment, the inquiry-side system has an acquired data management database that manages security data acquired from the response-side system. As a result, the inquiring system can inquire the responding system by adding the acquisition date and time for the security data inquired in the past.
[0115]
The responding subsystem has the update date and time of each security data in the security data management database. As a result, the responding system can reply only to the security data that has been updated or the security data that has been inquired for the first time among the security data that has been inquired.
[0116]
Further, according to this information system, the reply side system, for example, system B, is connected to the administrator terminal 13 and, when it is not possible to determine whether or not a response to the inquiry can be made, sends a message to the administrator terminal 13 asking for whether or not to reply. can do. Therefore, for a problem in which it is difficult to determine whether or not a response is possible, the determination can be left to the administrator, and a flexible response can be made according to the difficulty of the determination.
[0117]
Further, in this embodiment, when a system that inquires about security data, for example, system B, cannot determine whether the security of the partner system is sufficient from the security data, it sends a message requesting the determination to the administrator terminal 13. be able to. Therefore, when it is difficult to determine whether the security level is good or bad, the determination can be left to the administrator, and a flexible response can be made according to the difficulty of the determination.
[0118]
Other than the problem that it is difficult to determine whether or not to reply, the system processes based on the search result of the database. For this reason, an administrator's burden can be reduced.
[0119]
<Modification>
In the above embodiment, when an inquiry system, for example, system A inquires about security data, the obtained data management database is referred to and the date and time of inquiry in the past is added to the inquiry.
[0120]
However, the implementation of the present invention is not limited to such a configuration and action. For example, the response side system, for example, the system B has a response history management database that records the contents of responses in the past, and the changed security data is returned as compared with the change history of the security data management database. May be.
[0121]
FIG. 10 shows the data structure of the response history management database. The structure of this database is the same as that of the acquired data management database shown in FIG. This response history management database is configured in a table format. Each row of this table has fields of an inquiry side system, items, response date and time, and response security data.
[0122]
The inquiry system is information that uniquely identifies the system that inquired about the security data. The item is the type of security data returned. The response date and time is the date and time when the information is returned. The response security data describes the returned data.
[0123]
FIG. 11 shows a process of confirming the date and time of replying in the past (date and time provided in the past) and the date and time of change using this response history management database (a process replacing S27 in FIG. 8).
[0124]
The responding system that has received the inquiry, for example, system B, refers to the response history management database (S271), and determines whether or not the inquiry has already been answered (S272). If the security data is not answered to the inquiry side system in response to the inquiry, the system B advances the control to the process of S28 (FIG. 8). As a result, the inquired security data is returned.
[0125]
On the other hand, when the security data has been returned to the inquiry side system, the system B refers to the update date and time of the security data management database (FIG. 5) (S273). Then, the update date is compared with the response date in the response history database (S274).
[0126]
When the update date / time is later than the response date / time, the system B advances the control to the process of S28 (FIG. 8). As a result, the inquired security data is returned.
[0127]
If the update date / time is not later than the response date / time, the system B advances the control to the process of S29 (FIG. 8). As a result, a reply that there is no change is sent to the inquiry system.
[0128]
<< Second Embodiment >>
A second embodiment of the present invention will be described with reference to FIGS. 12 is a system configuration diagram of the information system according to the second embodiment, FIG. 13 is a diagram showing a data configuration of the reply side proxy designation database 23 shown in FIG. 12, and FIGS. FIG. 16 is a flowchart illustrating a communication procedure between an inquiry system and a response system in the second embodiment, and FIGS. 16 and 17 are system configuration diagrams of an information system according to a modification of the second embodiment.
[0129]
In the first embodiment, the system A that provides the information to the system B that determines the security level of the providing system B and provides no security problem when providing the information has been described.
[0130]
In addition, the process in which the system B receiving the information in this case confirms whether the information can be trusted by determining the security level of the system A has been described.
[0131]
In order to determine the security of the partner system as described above, the system A inquires the system B about necessary security data. The system B also inquired about the security data of the system A in order to confirm whether or not the obtained information can be trusted.
[0132]
In this embodiment, an example in which such a security data inquiry or response is exchanged through a proxy system will be described. Other configurations and operations are the same as those in the first embodiment. Therefore, the same components are denoted by the same reference numerals and description thereof is omitted. Further, the drawings in FIGS. 1 to 11 are referred to as necessary.
[0133]
<System configuration>
FIG. 12 shows a system configuration diagram of the information system in the present embodiment. This information system includes an inquiry-side system A, an inquiry-side proxy system 22, a response-side proxy system 24, response-side systems B1, B2, and the like.
[0134]
When the system A provides information to the systems B1, B2, etc., the system A notifies the inquiry side proxy system 22 of the type of information to be provided. Here, the inquiry-side proxy system 22 acting on behalf of the system A is defined in the inquiry-side proxy designation file 21.
[0135]
Then, the inquiry-side proxy system 22 refers to the inquiry item management database 5A and determines the items of security data to be inquired to the information providing destination system (systems B1, B2, etc.) as in the case of the system A in the first embodiment. To do.
[0136]
Next, the inquiry-side proxy system 22 searches whether or not the security data item to be inquired is stored in the acquired data management database 5B. When the item of the security data is stored in the acquired data management database 5B, the acquisition date and time of the security data is searched. Then, the inquiry side proxy system 22 makes an inquiry with the date and time.
[0137]
At this time, the inquiry-side proxy system 22 makes an inquiry to the response-side proxy system 24 without directly making an inquiry to the systems B1, B2, etc. The response side proxy systems 24 such as B1 and B2 are defined in the response side proxy designation database 23.
[0138]
Then, the response side proxy system 24 returns the security data to the inquiry side proxy system 22 in place of the systems B1, B2 and the like that are the targets of the inquiry. At this time, the processing of the reply side proxy system 24 is the same as that of the system B in the first embodiment.
[0139]
That is, the reply-side proxy system 24 refers to the security data management database 5C and the query availability database 5D configured for each inquiry target system, and returns the security data that is allowed to be returned to the inquiry-side system A. To do.
[0140]
The inquiry proxy system 22 that has received the returned security data returns the stored security data in the acquired data management database 5B. Further, the inquiry-side proxy system 22 determines whether or not the security is sufficient and returns it to the system A.
[0141]
<Data structure>
FIG. 13 shows the configuration of the reply side proxy designation database 23. This database is configured in a table format. Each row of this table has fields of a responding system and a responding proxy system.
[0142]
Information for uniquely identifying the responding system is designated in the field of the responding system. In the field of the reply side proxy system, information for uniquely identifying the reply side proxy system is designated.
[0143]
In FIG. 13, for example, D1 is designated as each of the reply side proxy systems of the reply side systems B1 and B2. Further, D2 is designated as each of the response side proxy systems of the response side system B3. Thus, the reply side proxy system may be a proxy for a plurality of reply side systems.
[0144]
For this reason, the security data management database 5C and response availability database 5D shown in FIG. 12 hold data for each of the responding systems B1 and B2 to be represented.
[0145]
In the inquiry-side proxy designation file 21 shown in FIG. 12, at least one piece of information for identifying itself (for example, the system A) inquiry-side proxy system is defined. This is, for example, the host name, IP address, MAC address, etc. of the inquiry-side proxy system 22.
[0146]
<Action and effect>
FIG. 14 and FIG. 15 are flowcharts showing communication procedures between the inquiry system and the response system in the present embodiment. 14 and 15, inquiry side proxy systems V and X are systems that provide the same functions as the inquiry side proxy system 22 in FIG. 14 and 15, the reply side proxy systems W and Y are systems that operate in the same manner as the reply side proxy system 24 in FIG. 12.
[0147]
The flowchart of FIG. 14 shows a process in which the system A that provides information uses the inquiry-side proxy system V and the response-side proxy system W to determine the security level for the system B that is the information providing destination.
[0148]
In this process, the system A attaches the information providing destination system B and the type of information to be provided, and requests the inquiry proxy system V to inquire about security data (S100).
[0149]
Then, the inquiry-side proxy system V executes a security data inquiry process (S101). This process is almost the same as the process of S1 shown in the first embodiment. However, the inquiry side proxy system V sends an inquiry to the response side proxy system W defined in the response side proxy designation database 23.
[0150]
Then, the reply-side proxy system W returns security data in the system B that is the target of the inquiry (S102). This process is the same as the process of S2 shown in FIG.
[0151]
Then, the inquiry-side proxy system V executes security determination processing (S103) and transmission of a test packet for verifying security data (S104).
[0152]
Next, the inquiry-side proxy system V determines whether the security data is correct from the response to the test packet (S105). If the security data is correct, the inquiry-side proxy system V replies to that to the system A. As a result, the system A provides information to the system B (S106).
[0153]
FIG. 15 is a flowchart showing a process in which the system B determines whether or not the obtained information can be trusted by the inquiry-side proxy system X and the response-side proxy system Y.
[0154]
The system B requests the inquiry proxy system X to inquire about the security data with the type of information obtained and the location to which the information is obtained (S10E). Then, the inquiry-side proxy system X executes security data inquiry processing (S108). Then, the reply-side proxy system Y returns the inquiry target security data (S109).
[0155]
In response to this, the inquiry-side proxy system X executes a security determination process (S10A), and further transmits a test packet for verifying the security data (S10B). Based on the response, the inquiry-side proxy system X determines whether the security data is correct (S10C).
[0156]
If the security data is correct, the system B assumes that the obtained information can be trusted and continues the subsequent processing (S10D).
[0157]
As described above, in this embodiment, instead of the inquiry-side system A, the inquiry-side proxy system V performs security data inquiry. Further, instead of the response-side system B or the like, the response-side proxy system W returns security data. Further, the system B determines whether the obtained information can be trusted through the inquiry-side proxy system X and the response-side proxy system Y.
[0158]
Therefore, the exchange of security data is integrated between the inquiry-side proxy system V (X) and the response-side proxy system W (Y). As a result, traffic when security data is exchanged is reduced. Further, the system B (or A) on the response side can omit the trouble of replying to individual inquiries and can improve the execution efficiency of the original application.
[0159]
<Modification>
In the above embodiment, as shown in FIG. 16, the inquiry item management database 5 </ b> A is referenced from the inquiry-side proxy system 22. However, instead of this, for example, the system A that makes the inquiry may directly refer to the inquiry item management database 5A to determine the item of the security data to make the inquiry. Then, the system A may request the inquiry side proxy system 22 to inquire about the item.
[0160]
Moreover, in the said embodiment, the inquiry side proxy system 22 represented the inquiry of security data. However, in addition to this, the inquiry-side proxy system 22 may also perform information provision from the system A to the systems B1, B2, etc.
[0161]
In the above embodiment, the inquiry proxy system 22 is provided instead of the inquiry system A, and the response proxy system 24 is provided instead of the response systems B1, B2, and the like.
[0162]
However, the implementation of the present invention is not limited to such a configuration. For example, only the inquiry side proxy system 22 may be provided without providing the response side proxy system 24. FIG. 16 is a system configuration diagram of such an information system. In this system, an inquiry is requested from the inquiry-side system A to the inquiry-side proxy system 22 as in the above embodiment. However, the inquiry-side proxy system 22 transmits the inquiry directly to the response-side systems B1, B2, etc.
[0163]
Further, for example, only the response side proxy system 24 may be provided without providing the inquiry side proxy system 22 or the like. FIG. 17 shows an example of such a configuration. In this configuration, the inquiry-side system A refers to the response-side proxy designation database 23 and makes an inquiry to the response-side proxy system 24.
[0164]
<Computer-readable recording medium>
A program that causes a computer to realize the functions of the systems A and B, the inquiry-side proxy systems V and X, or the response-side proxy systems W and Y in the above embodiment can be recorded on a computer-readable recording medium. Then, by causing the computer to read and execute the program of the recording medium, the computer functions as the systems A and B, the inquiry side proxy systems V and X, or the response side proxy systems W and Y described in the above embodiment. Can do.
[0165]
Here, the computer-readable recording medium refers to a recording medium in which information such as data and programs is accumulated by electrical, magnetic, optical, mechanical, or chemical action and can be read from a computer. Examples of such a recording medium that can be removed from the computer include a floppy disk, a magneto-optical disk, a CD-ROM, a CD-R / W, a DVD, a DAT, an 8 mm tape, and a memory card.
[0166]
Further, there are a hard disk, a ROM (read only memory), and the like as a recording medium fixed to the computer.
[0167]
<< Data communication signal embodied in carrier wave >>
The program can be stored in a hard disk or memory of a computer and distributed to other computers through a communication medium. In this case, the program is transmitted through a communication medium as a data communication signal embodied by a carrier wave. The computer that has received the distribution can function as the systems A and B, the inquiry-side proxy systems V and X, or the response-side proxy systems W and Y shown in the above embodiment.
[0168]
Here, the communication medium may be a wired communication medium, for example, metal cables including a coaxial cable and a twisted pair cable, an optical communication cable, or the like, or a wireless communication medium, for example, satellite communication or terrestrial radio communication.
[0169]
The carrier wave is an electromagnetic wave or light for modulating the data communication signal. However, the carrier wave may be a DC signal. In this case, the data communication signal has a baseband waveform without a carrier wave. Therefore, the data communication signal embodied in the carrier wave may be either a modulated broadband signal or an unmodulated baseband signal (corresponding to a case where a DC signal having a voltage of 0 is used as a carrier wave).
[0170]
<Others>
Furthermore, this embodiment discloses the following invention.
[0171]
(Appendix 1) A communication device that electronically transmits or receives information using a network,
A communication unit that accesses the network, and a control unit that controls communication;
The control unit is a communication device that inquires the partner device about system information related to a partner device that is a partner of information transmission / reception, and determines whether to perform subsequent transmission / reception based on the system information. (1)
(Appendix 2) The system information includes information related to the safety of the counterpart device,
The communication device according to supplementary note 1, wherein the control unit determines whether to perform the transmission / reception based on whether or not the safety of the counterpart device is ensured to a predetermined level. (2)
(Additional remark 3) The said control part is a communication apparatus of Additional remark 2 which notifies the other party apparatus of the fact or reason, when it judges that the safety | security of the other party apparatus is not ensured to the predetermined degree.
[0172]
(Additional remark 4) The information item management part which manages the relationship between the kind of information transmitted / received and the item of the system information to inquire is further provided,
The communication device according to appendix 1 or 2, wherein the control unit selects an item of system information from the information item management unit according to a type of information to be transmitted / received, and inquires of a counterpart device.
[0173]
(Additional remark 5) It further has the acquisition information management part which manages the acquired system information,
The control unit refers to the acquired information management unit, inquires whether the acquired system information has been updated in the counterpart device, and acquires the updated system information and the unacquired system information Or the communication apparatus of 2.
[0174]
(Additional remark 6) The said acquisition information management part manages the date which acquired the system information for every item of system information,
The communication device according to appendix 5, wherein the control unit adds an acquisition date and time to an item of acquired system information and inquires of the counterpart device.
[0175]
(Additional remark 7) The said control part is a communication apparatus of Additional remark 1 which verifies the other party apparatus based on the system information acquired from the other party apparatus. (3)
(Supplementary Note 8) The control unit transmits a test packet for verifying the acquired system information from the communication unit to the counterpart device, and determines whether the response to the test packet is valid or not. The communication device according to appendix 7, wherein (4)
(Supplementary Note 9) A communication device that performs processing of a transmission source device when electronic information is transmitted or received from a transmission source device to a partner device.
A communication unit that accesses the network, and a control unit that controls communication;
The communication unit receives a command from a transmission source device,
According to the command, the control unit inquires of the partner device about system information related to the partner device, and determines whether or not to perform subsequent transmission / reception based on the system information. (5)
(Additional remark 10) The said control part is a communication apparatus of Additional remark 9 which replaces the said other party apparatus and inquires the proxy apparatus which performs the process of the other party apparatus about the system information which concerns on the said other party apparatus.
[0176]
(Additional remark 11) It is a communication apparatus which transmits or receives information electronically using a network,
A communication unit that accesses the network, a control unit that controls communication, and an information management unit;
The communication unit receives an inquiry about the system information related to the communication device from the transmission source device,
The information management unit manages system information to be inquired,
The control unit searches for system information of the information management unit in response to an inquiry and responds from the communication unit. (6)
(Additional remark 12) The said control part is a communication apparatus of Additional remark 11 which responds the updated system information and the unanswered system information of the returned system information.
[0177]
(Additional remark 13) The update history management part which manages the date which updated system information was further provided,
The communication unit receives the current inquiry and the previous reply date and time for the inquiry,
The communication device according to appendix 11, wherein the control unit compares the previous response date and time with the updated date and time, and returns system information updated after the previous response date and time.
[0178]
(Supplementary Note 14) A response history management unit that manages a transmission source device, an item of system information inquired by the transmission source device, and a response date and time for the inquiry,
An update history management unit for managing the date and time when the system information is updated;
The control unit, when an inquiry is made from the transmission source device, compares the previous response date and time with the date and time when the system information was updated, and returns the updated system information after the previous response date and time. 11. The communication device according to 11.
[0179]
(Supplementary note 15) The communication device according to supplementary note 11, wherein the control unit determines whether or not the system information can be answered in response to the inquiry, and does not reply to the system information that is determined not to be answered.
[0180]
(Supplementary Note 16) The system further includes an input / output unit that prompts the system administrator to make a decision.
12. The communication apparatus according to appendix 11, wherein the control unit determines whether system information can be answered in response to an inquiry, and urges a system administrator to determine whether the system information cannot be answered via the input / output unit.
[0181]
(Supplementary Note 17) The system further includes an input / output unit that prompts the system administrator to make a decision.
The control unit determines whether or not system information can be answered in response to the inquiry, does not reply to system information that is determined not to be answered, and urges the system administrator to determine whether or not to reply to system information that cannot determine whether or not to reply 11. The communication device according to 11.
[0182]
(Supplementary Note 18) A transmission source management unit that manages information related to the attribute of the transmission source device is further provided.
The communication device according to appendix 11, wherein the control unit searches the transmission source management unit, determines whether or not system information can be returned according to the transmission source device, and does not return system information that is determined to be non-responseable. (7)
(Supplementary note 19) The system further includes an input / output unit for prompting the system administrator to make a decision.
The control unit searches the transmission source management unit, determines whether or not to reply to system information according to the transmission source device, and notifies the system administrator about system information that cannot determine whether or not to reply to the transmission source device. Item 19. The communication device according to appendix 18, which prompts the user to decide whether or not to reply.
[0183]
(Supplementary Note 20) A transmission source management unit that manages information related to attributes of a transmission source device;
An input / output unit for prompting the system administrator to make a decision;
The control unit searches the transmission source management unit, determines whether or not system information can be returned according to the transmission source device, does not respond to system information that is determined not to be able to respond, and cannot determine whether or not to reply The communication apparatus according to appendix 11, which prompts a system administrator to determine whether or not to reply to information.
[0184]
(Additional remark 21) It is a communication apparatus acting on behalf of a response to a system information inquiry from a transmission source apparatus to a partner apparatus
A communication unit that accesses the network, a control unit that controls communication, and an information management unit;
The communication unit receives an inquiry about the system information related to the counterpart device from the transmission source device,
The information management unit manages system information related to the counterpart device;
The control unit is a communication device that searches for system information of the information management unit in response to an inquiry and returns a response from the communication unit on behalf of the counterpart device. (8)
(Additional remark 22) The said communication part is a communication apparatus of Additional remark 21 which replaces with the said transmission origin apparatus, receives the inquiry of system information from the proxy apparatus acting for the process of a transmission origin apparatus, and responds to the proxy apparatus.
[0185]
(Supplementary note 23) A communication method for electronically transmitting or receiving information using a network.
Inquiring of the partner device for system information related to the partner device that is the partner of information transmission and reception;
And a determination step of determining whether to perform subsequent transmission / reception based on the system information. (9)
(Supplementary Note 24) The system information includes information related to the safety of the counterpart device,
24. The communication method according to appendix 23, wherein in the determination step, it is determined whether or not to perform the transmission / reception based on whether or not the safety of the counterpart device is ensured to a predetermined level.
[0186]
(Supplementary note 25) The communication method according to supplementary note 24, further comprising a step of notifying the partner device of the fact or reason when it is determined in the determining step that the safety of the partner device is not secured to a predetermined level. .
[0187]
(Supplementary note 26) The communication method according to supplementary note 23 or 24, further comprising a step of selecting an item of system information to be inquired according to a type of information to be transmitted and received.
[0188]
(Supplementary Note 27) A reference step for referring to an acquisition information management unit that manages acquired system information;
An inquiry step for inquiring whether the acquired system information has been updated in the counterpart device;
25. The communication method according to appendix 23 or 24, further comprising a step of obtaining updated system information and unacquired system information.
[0189]
(Supplementary Note 28) The acquisition information management unit manages the date and time when the information is acquired for each item of the system information.
In the reference step, the acquisition date for each item of the system information is referenced,
28. The communication method according to appendix 27, wherein in the inquiry step, the item of system information is inquired with the date and time of acquisition.
[0190]
(Supplementary note 29) The communication method according to supplementary note 23, further comprising a verification step of verifying the counterpart device based on the system information returned from the counterpart device.
[0191]
(Supplementary Note 30) The method further includes a step of transmitting a test packet for verifying the obtained system information to the counterpart device,
30. The communication method according to appendix 29, wherein in the verification step, the counterpart device is verified based on a response to the test packet.
[0192]
(Additional remark 31) When transmitting or receiving electronic information from a transmission source device to a partner device, a communication method that performs processing of the transmission source device.
Receiving a command from the transmission source device;
According to the command, an inquiry step for inquiring the partner apparatus for system information related to the partner apparatus;
And determining whether or not to perform subsequent transmission / reception based on the system information.
[0193]
(Supplementary note 32) The communication method according to supplementary note 31, wherein, in the inquiry step, system information related to the partner device is inquired to a proxy device acting on behalf of the partner device instead of the partner device.
[0194]
(Supplementary note 33) A communication method for electronically transmitting or receiving information using a network.
A receiving step of receiving an inquiry of system information from the transmission source device;
Retrieving system information for the query;
A communication method having a response step of returning the system information.
[0195]
(Supplementary note 34) The communication method according to supplementary note 33, wherein in the reply step, the updated system information and the unanswered system information in the reply system information are returned.
[0196]
(Additional remark 35) The step which refers to the update log | history management part which manages the date which updated system information,
Comparing the date and time of reply to the previous inquiry with the date and time when the system information was updated,
In the reception step, a response date and time for the previous inquiry is received together with the inquiry,
34. The communication method according to appendix 33, wherein in the reply step, system information updated after the reply date and time is returned.
[0197]
(Supplementary Note 36) A step of referring to a transmission source device, an item of system information inquired by the transmission source device, and a response history management unit that manages a response date and time for the inquiry;
A step of comparing the previous response date and time and the date and time when the system information was updated when an inquiry is made from the transmission source device;
34. The communication method according to appendix 33, wherein, in the reply step, the updated system information is replied after the previous reply date and time.
[0198]
(Supplementary note 37) The communication method according to supplementary note 33, further comprising a step of determining whether or not system information can be answered in response to an inquiry, wherein the system information that is determined not to be answered is not returned.
[0199]
(Supplementary note 38) The communication method according to supplementary note 37, further comprising a step of prompting a system administrator to determine whether or not to reply to system information for which it is not possible to determine whether or not to reply.
[0200]
(Supplementary Note 39) A step of searching a transmission source management unit that manages information related to the attribute of the transmission source device;
34. The communication method according to supplementary note 33, further comprising a step of determining whether or not a response is possible according to the transmission source device.
[0201]
(Supplementary note 40) The communication method according to supplementary note 39, further comprising a step of prompting a system administrator to determine whether or not to reply to the system information that cannot determine whether or not to reply to the transmission source device.
[0202]
(Supplementary note 41) A communication method that performs a response to an inquiry about system information from a transmission source device to a partner device,
A receiving step of receiving an inquiry of system information related to the counterpart device from the transmission source device;
In response to the inquiry, searching for system information related to the counterpart device;
A communication method including a step of replying from the communication unit on behalf of the counterpart device.
[0203]
(Supplementary note 42) The communication method according to supplementary note 41, wherein, in the reception step, an inquiry about system information is received from a proxy device acting on behalf of the processing of the transmission source device instead of the transmission source device.
[0204]
(Supplementary note 43) A program for causing a computer to transmit or receive information electronically using a network,
Inquiring of the partner device for system information related to the partner device that is the partner of information transmission and reception;
A computer-readable recording medium on which a program having a determination step for determining whether or not to perform subsequent transmission / reception based on the system information is recorded. (10)
(Supplementary Note 44) The system information includes information related to the safety of the counterpart device,
44. A computer-readable recording medium on which the program according to appendix 43, in which whether or not to perform the transmission / reception is determined based on whether or not the safety of the counterpart device is ensured to a predetermined level in the determination step.
[0205]
(Supplementary Note 45) The program according to supplementary note 44, further comprising a step of notifying the partner device of the fact or reason when it is determined in the determining step that the safety of the partner device is not secured to a predetermined level. A recorded computer-readable recording medium.
[0206]
(Additional remark 46) The computer-readable recording medium which recorded the program of additional remark 43 or 44 which further has the step which selects the item of the system information to inquire according to the kind of information to transmit / receive.
[0207]
(Supplementary Note 47) A reference step for referring to an acquisition information management unit that manages acquired system information;
An inquiry step for inquiring whether the acquired system information has been updated in the counterpart device;
The computer-readable recording medium which recorded the program of additional statement 43 or 44 which further has the step which acquires the updated system information and unacquired system information.
[0208]
(Supplementary Note 48) The acquisition information management unit manages the date and time when the information is acquired for each item of system information.
In the reference step, the acquisition date for each item of the system information is referenced,
48. A computer-readable recording medium on which the program according to appendix 47, in which the date of acquisition is added and an item of system information is inquired in the inquiry step.
[0209]
(Additional remark 49) The computer-readable recording medium which recorded the program of Additional remark 43 which further has the verification step which verifies the other party apparatus based on the system information returned from the other party apparatus.
[0210]
(Supplementary Note 50) The method further includes a step of transmitting a test packet for verifying the obtained system information to the counterpart device,
The computer-readable recording medium storing the program according to appendix 49, wherein in the verification step, the counterpart device is verified based on a response to the test packet.
[0211]
(Supplementary Note 51) A program that causes a computer to perform processing of a transmission source device when electronic information is transmitted or received from a transmission source device to a partner device.
Receiving a command from the transmission source device;
According to the command, an inquiry step for inquiring the partner apparatus for system information related to the partner apparatus;
A computer-readable recording medium having recorded thereon a program having a step of determining whether to perform subsequent transmission / reception based on the system information.
[0212]
(Additional remark 52) It replaces with the said other party apparatus, and the computer-readable record which recorded the program of Additional remark 51 in which the system information which concerns on the other party apparatus is inquired with respect to the proxy apparatus acting on behalf of the other party apparatus. Medium.
[0213]
(Supplementary Note 53) A program that causes a computer to transmit or receive information electronically using a network,
A receiving step of receiving an inquiry of system information from the transmission source device;
Retrieving system information for the query;
A computer-readable recording medium on which a program having a response step for returning the system information is recorded.
[0214]
(Additional remark 54) The computer-readable recording medium which recorded the program of Additional remark 53 in which the updated system information and the unanswered system information of the returned system information are replied in the said reply step.
[0215]
(Supplementary Note 55) A step of referring to an update history management unit that manages the date and time when the system information is updated;
Comparing the date and time of reply to the previous inquiry with the date and time when the system information was updated,
In the reception step, a response date and time for the previous inquiry is received together with the inquiry,
In the reply step, a computer-readable recording medium recording the program according to appendix 53, in which system information updated after the reply date and time is returned.
[0216]
(Supplementary Note 56) A step of referring to a transmission source device, an item of system information inquired by the transmission source device, and a response history management unit that manages a response date and time for the inquiry;
A step of comparing the previous response date and time and the date and time when the system information was updated when an inquiry is made from the transmission source device;
In the reply step, a computer-readable recording medium recording the program according to appendix 53 in which updated system information is returned after the previous reply date and time.
[0217]
(Supplementary note 57) A computer-readable recording medium on which the program according to supplementary note 53 is recorded, further including a step of determining whether or not system information can be answered in response to an inquiry.
[0218]
(Supplementary note 58) A computer-readable recording medium storing the program according to supplementary note 57, further comprising a step of prompting a system administrator to determine whether or not to reply to system information for which it is not possible to determine whether or not to reply.
[0219]
(Supplementary Note 59) A step of searching a transmission source management unit that manages information related to the attribute of the transmission source device;
54. A computer-readable recording medium on which the program according to appendix 53 is recorded, the method including a step of determining whether or not a response is possible according to the transmission source device.
[0220]
(Supplementary note 60) A computer-readable recording medium on which the program according to supplementary note 59 is recorded, further comprising a step of prompting a system administrator to judge whether or not a reply can be made with respect to system information that cannot determine whether or not a reply to the transmission source device.
[0221]
(Supplementary Note 61) A program that makes a computer act as a proxy for a response to an inquiry about system information from a transmission source device to a partner device,
A receiving step of receiving an inquiry of system information related to the counterpart device from the transmission source device;
In response to the inquiry, searching for system information related to the counterpart device;
A computer-readable recording medium storing a program including a step of replying from a communication unit on behalf of the counterpart device.
[0222]
(Supplementary Note 62) In the reception step, a computer-readable recording medium recording the program according to Supplementary Note 61, in which an inquiry about system information is received from a proxy device acting on behalf of the transmission source device instead of the transmission source device .
[0223]
【The invention's effect】
As described above, according to the present invention, communication can be performed after confirming the safety of the communication partner.
[Brief description of the drawings]
FIG. 1 is a configuration diagram of an information system for confirming a security level according to a first embodiment of the present invention.
FIG. 2 is a diagram showing the data structure of an inquiry item management database
FIG. 3 is a diagram showing the data structure of an obtained data management database
FIG. 4 is a diagram showing the data structure of a reply availability database
FIG. 5 is a diagram showing a data structure of a security data management database
FIG. 6 is a flowchart showing a communication procedure between the inquiry system and the response system.
FIG. 7 is a flowchart showing details of security data inquiry processing;
FIG. 8 is a flowchart showing details of security data response processing;
FIG. 9 is a flowchart showing details of security judgment processing.
FIG. 10 is a diagram showing a data structure of a response history management database in a modification of the first embodiment.
FIG. 11 is a diagram showing processing for confirming the date and time when information was provided in the past and the date and time when the information was changed in a modification of the first embodiment;
FIG. 12 is a system configuration diagram of an information system according to a second embodiment.
FIG. 13 is a diagram showing a data configuration of a reply-side proxy designation database 23
FIG. 14 is a flowchart (1) showing a communication procedure between an inquiry system and a response system in the second embodiment.
FIG. 15 is a flowchart (2) showing a communication procedure between the inquiry system and the reply system in the second embodiment.
FIG. 16 is a system configuration diagram (1) of an information system according to a modification of the second embodiment.
FIG. 17 is a system configuration diagram of an information system according to a modification of the second embodiment (2).
[Explanation of symbols]
A, B system
2 Central control unit
3 Information processing department
4 Security data check section
5 Database
6 Input / output section
7 Network interface
12, 13 Administrator terminal
21 Inquiry proxy specification file
22, V, X Inquiry proxy system
23 Reply proxy specification database
24, W, Y Reply proxy system

Claims (2)

A communication device that electronically transmits or receives information using a network,
A communication unit accessing the network;
A control unit for controlling communication;
An information item management unit that manages the relationship between the type of information to be transmitted and received and the item of information related to the safety of the inquiring device ,
Wherein the control unit, depending on the type of information to be transmitted and received, and selects an item of the information items related information from the management unit to the safety of the partner device, the safety of the remote device according to the partner apparatus is a counterpart of the transmitting and receiving information A communication device that inquires the partner device for information related to the sex, and determines whether or not to perform subsequent transmission / reception based on whether or not the partner device has a certain degree of safety . The control unit transmits a test packet for verifying information related to the safety of the obtained partner device from the communication unit to the partner device, and determines whether or not a response to the test packet is valid. The communication device according to claim 1, wherein the counterpart device is verified by the method.

Images