Network system enabling transmission control
First Claim
1. A network system connected to an in-house network and capable of controlling transmission, comprising a transmission/receiving terminal having means for transmitting/receiving data and repeater means for relaying the data transmitted/received between said transmission/receiving terminal and said in-house network, wherein:
- said data includes information proper and additional information associated with said information proper;
said repeater means includes means for controlling the data transmission from said transmission/receiving terminal using said additional information, and means for removing said additional information from data transmissible outside of said in-house network; and
said repeater means includes;
a transmission permit list of transmittees external to said in-house network to which said transmission/receiving terminal is permitted to transmit data;
means for encrypting the data to be transmitted by said transmission/receiving terminal;
means for receiving the data to be transmitted by said transmission/receiving terminal;
means for determining whether said data is to be transmitted, with reference to said transmission permit list;
means for encrypting said data of which the transmission is permitted; and
means for transmitting said encrypted data outside of said in-house network.
1 Assignment
0 Petitions
Accused Products
Abstract
A network system capable of preventing the leakage of a confidential file by an inadvertent act of a transmitting party and capable of meeting the requirement for an arbitrary file format is disclosed. A label indicating a security level (“confidential” or “unclassified”) is attached to the file in a client terminal, which transmits the labeled file outside. A transmission management program on a gateway server checks the label of the file, and in the case where the security level is “unclassified”, transmits the file to an external network. Also, a label management program manages the labeled file in the client terminal.
-
Citations
8 Claims
-
1. A network system connected to an in-house network and capable of controlling transmission, comprising a transmission/receiving terminal having means for transmitting/receiving data and repeater means for relaying the data transmitted/received between said transmission/receiving terminal and said in-house network, wherein:
-
said data includes information proper and additional information associated with said information proper; said repeater means includes means for controlling the data transmission from said transmission/receiving terminal using said additional information, and means for removing said additional information from data transmissible outside of said in-house network; and said repeater means includes; a transmission permit list of transmittees external to said in-house network to which said transmission/receiving terminal is permitted to transmit data; means for encrypting the data to be transmitted by said transmission/receiving terminal; means for receiving the data to be transmitted by said transmission/receiving terminal; means for determining whether said data is to be transmitted, with reference to said transmission permit list; means for encrypting said data of which the transmission is permitted; and means for transmitting said encrypted data outside of said in-house network.
-
-
2. A network system connected to an in-house network and capable of controlling transmission, comprising a transmission/receiving terminal having means for transmitting/receiving data and repeater means for relaying the data transmitted/received between said transmission/receiving terminal and said in-house network, wherein:
-
said data includes information proper and additional information associated with said information proper; said repeater means includes means for controlling the data transmission from said transmission/receiving terminal using said additional information, and means for removing said additional information from data transmissible outside of said in-house network; and said additional information includes information representing a security level of said information proper, a feature value of said information proper, a first digital signature for the information indicating said security level and said feature value, and a second digital value for the information indicating said security level and said information proper.
-
-
3. A network system connected to an in-house network and capable of controlling transmission, comprising a transmission/receiving terminal having means for transmitting/receiving data and repeater means for relaying the data transmitted/received between said transmission/receiving terminal and said in-house network;
- wherein;
said data includes information proper and additional information associated with said information proper; said repeater means includes means for controlling the data transmission from said transmission/receiving terminal using said additional information, and means for removing said additional information from data transmissible outside of said in-house network; said transmission/receiving terminal includes a first operating system, a second operating system and a multi OS control program, said program controlling said first and second operating systems; said first operating system manages the application program handling said information proper; and said second operating system manages means for controlling access to said information proper using said additional information, and means for changing said additional information.
- wherein;
-
4. A network system capable of controlling transmission, comprising:
-
an information processing system including a first storage unit, a second storage unit for reading/writing data from and into removable media, means for accessing said first and second storage units, and an additional information list containing additional information to be added to each information proper; and a key management unit for managing an encryption key;
wherein;said access means includes means for recording the information proper from said first storage unit into said second storage unit; and said recording means includes means for determining whether said data is to be encrypted or not, by referring to the additional information of said information proper recorded in said additional information list, means for generating an encryption key in the case where said data can be encrypted, means for encrypting said data using said encryption key, means for registering said encryption key in said key management unit, means for receiving an identifier of said registered encryption key from said key management unit, means for generating data by adding said additional information to said information proper, and means for recording said encrypted data and said identifier in said second storage unit using said encryption key.
-
-
5. A network system capable of controlling transmission, comprising:
-
an information processing system including a first storage unit, a second storage unit for reading/writing data from and into removable media, means for accessing said first and second storage units, and an additional information list containing additional information to be added to each of said information proper; and a key management unit for managing an encryption key;
wherein;said access means includes means for recording the data from said second storage unit into said first storage unit; said data includes an identifier and encrypted data; said encrypted data includes an additional information section; said recording means includes means for transmitting said identifier to said key management unit and receiving the encryption key for a corresponding one of said encrypted data, means for decrypting said encrypted data using said encryption key, and means for adding said additional information to said additional information list; and said key management unit includes means for receiving said identifier from said recording means and transmitting the encryption key associated with said encrypted data to said recording means.
-
-
6. A network system capable of controlling transmission, comprising:
-
an information processing system including a first storage unit, a second storage unit for reading/writing data from and into removable media, and means for accessing said first and second storage units; and a key management unit for managing an encryption key;
wherein;said access means includes means for recording the data from said first storage unit into said second storage unit; said data includes information proper and additional information associated with said information proper; said recording means includes means for determining whether said data is to be encrypted or not, based on said additional information, means for generating an encryption key, means for encrypting said data using said encryption key, means for registering said encryption key in said key management unit, means for receiving an identifier of said registered encryption key from said key management unit, and means for recording said encrypted data and said identifier into said second storage unit; and said key management unit includes means for receiving said encryption key from said recording means and transmitting said identifier associated with said encryption key to said recording means.
-
-
7. A network system capable of controlling transmission, comprising:
-
an information processing system including a first storage unit, a second storage unit for reading/writing data from and into removable media, and means for accessing said first and second storage units; and a key management unit for managing an encryption key;
wherein;said access means includes means for recording the data from said second storage unit into said first storage unit; said data includes an identifier and encrypted data; said recording means includes means for transmitting said identifier to said key management unit and receiving the encryption key for said encrypted data, and means for decrypting said encrypted data using said encryption key; and said key management unit includes means for receiving said identifier from said recording means and transmitting said encryption key associated with said encrypted data to said recording means.
-
-
8. A network system connected to an in-house network and capable of controlling transmission, comprising a transmission/receiving terminal having means for transmitting/receiving data and repeater means for relaying the data transmitted/received between said transmission/receiving terminal and said in-house network, wherein:
-
said data includes information proper and additional information associated with said information proper; and said repeater means includes means for controlling the data transmission from said transmission/receiving terminal using said additional information, and means for removing said additional information from data transmissible outside of said in-house network; said additional information includes information representing an attribute of said information proper; said repeater means includes means for holding a transmission policy corresponding to said attribute, and means for determining whether the data to be transmitted by said transmission terminal can be transmitted in accordance with said transmission policy; said attribute is a security level; said additional information further includes settler information for said security level and hierarchical information of the settler; said transmission/receiving terminal includes means for changing said additional information; and said change means determines whether the security level of said data can be changed, with reference to the security level of the data of said additional information, the settlor information of said security level, the hierarchical information of said settlor, changer information of a person intending to change the additional information of said data and hierarchical information of said changer.
-
Specification