JP4981461B2 - Information concealment method and information concealment device - Google Patents

Description

  The present invention relates to an information concealment method and an information concealment device.

  As the use of services on the Web becomes widespread, many in-house business systems such as mailers, schedule management, and TODO management, which have been implemented as desktop applications executed on client devices so far, are Web information services (Web services). Has begun to be offered as.

  However, by using the Web service, there is a problem that personal privacy information, in-house sales information, and the like leak to the Web service provider side. Countermeasures against leakage of confidential information such as business information in the company, customer information acquired in business activities, and important secrets related to sales strategies are important issues for companies. Web applications provided as Web services are When the employee uses it for business, the input information is passed to the Web server (and its provider) that provides the Web application, and confidential information is leaked.

  In order to cope with this problem, Patent Document 1 stores a user's private key necessary for encryption and decryption performed when transmitting information to a Web service providing apparatus and a certification authority that provide services. And a method of protecting user privacy information by a device comprising a tamper resistant storage device and a CPU (Central Processing Unit) that performs encryption processing using the user's private key stored in the tamper resistant storage device. Are listed. According to this method, it is possible to reduce a troublesome processing operation for the user, and to reduce a risk that a user's privacy information such as a secret key is acquired by a third party.

In Patent Document 2, when the selected keyword and the selected element are kept secret and the transmitted purchase request information is received, the information providing device calculates a sending key from the purchase request information and the secret key. The user terminal selects the user key by providing a function for decrypting only the information corresponding to the selected keyword from the sending key, the selected element, and a plurality of information. A method is described in which details of selected information are provided to the user in a state where the information (abstract) is concealed from the information provider. According to this method, the user can acquire information desired to be acquired from the information provider while keeping secret what information is required from the information provider.
JP 2003-304234 A JP 2006-39674 A

  In the conventional technology, there is a problem that a device or program for concealing information must be installed in a device on the service user side or a device on the service provider side. Also, because the information concealment target is information that is communicated during the authentication process, or information that indicates the information that is desired to be acquired, it is limited and cannot be used for general purposes. There are challenges.

  The present invention has been made in view of these problems, and an object of the present invention is to provide information to be transmitted by a service user to the provider side without the need to modify the system environment on the service provider side and the user side. The service can be used as usual in a state where the password is concealed.

An information concealment method according to the present invention made to solve the above problems is
The second information stored in response to a request from the client by generating the second information from the first information using a client that transmits the first information and storing the second information from the first information using a Web application In a Web information service by a server that transmits information to the client, an information concealment device that is connectable to the server and the client is used to conceal information transmitted and received by the Web information service. An information concealment method in a concealment device, comprising:
The first information includes a URL (Uniform Resource Locator) for specifying the Web information service, a method indicating a processing type requested to the server, and a parameter which is data used when the method is executed Name as a request parameter,
The information concealment device is
The request information (first information) transmitted from the client to the server via the Web browser is received, and the ID including the character string not used in the first information and the second information is converted. The information is stored in the storage unit in association with the information before conversion, and the information before conversion included in the request parameter in the first information that needs to be concealed is associated with the storage unit . Reversibly convert to converted information and send to server.
In addition, response information (second information) to be transmitted from the server to the client is received, and the converted information included in the response information is replaced with the information before conversion and transmitted to the client.
Other means will be described in an embodiment described later.

  According to the present invention, the service user can use the service as usual in a state where the information to be transmitted to the provider side is concealed without the need to modify the system environment on the service provider side and the user side. can do.

  Hereinafter, the best mode for carrying out the present invention (hereinafter referred to as “embodiment”) will be described with reference to the drawings. In this embodiment, a user as a user of a Web information service (hereinafter referred to as “Web service” as appropriate) uses a Web browser of a Web client, which is a general computer, to provide a Web provided by a Web server. A case where an application function (Web service) is used will be described as an example. Web application functions (Web services) include mailer, schedule management, and TODO management. In this embodiment, schedule management will be described as an example.

<First Embodiment>
The overall configuration of the Web service system according to the present embodiment will be described with reference to FIG.
The Web service system according to the present embodiment includes a plurality of information processing apparatuses (10, 20, 30) connected to a network.
These information processing apparatuses (10, 20, 30) require (1) concealment included in request information (first information) transmitted from the Web browser 21 of the client to the Web server 30 that is the server. After the information is recorded, it is converted, and the converted request information is transmitted to the Web server 30, or a part of the response information (second information) returned from the Web server 30 to the Web browser 21 is replaced based on the recording. Then, by transmitting the replaced response information to the web browser 21, the function provided by the web server 30 without providing the confidential information transmitted from the web browser 21 directly to the web server is provided by the web browser. Information processing apparatus (hereinafter referred to as “information concealment proxy apparatus” as appropriate) 10 provided to 21, (2) provision of Web server 30 Information processing apparatus (hereinafter referred to as “Web client” as appropriate) 20, which is operated by the user to use the function, and (3) request information from the Web browser 21 of the Web client 20. Accordingly, an information processing apparatus (hereinafter referred to as “Web server” as appropriate) 30 that transmits response information generated by the Web application 31 to the Web client 20 is included.

  Note that a plurality of Web clients 20 (for example, the number of users) may exist, but only one is shown in FIG. Similarly, a plurality of Web servers 30 may exist, but only one is shown here for explanation. In addition, each information processing apparatus (10, 20, 30) has a normal hardware configuration (CPU, RAM (Random Access Memory), ROM (Read Only Memory), etc.) necessary for executing a program for realizing each function. Memory, a hard disk on which a program is installed, and the like.

Hereinafter, the functional configuration of the information concealment proxy device 10 will be described with reference to FIG.
The information concealment proxy device 10 as an information concealment device is composed of a request processing unit 101 and a response processing unit 102 realized by a CPU, processing setting information 103 and ID information 104 stored in a hard disk.
The request processing unit 101 receives a Web page acquisition request that is request information (first information) from the Web client 20 to the Web server 30, and receives the acquisition request based on information set in the processing setting information 103. After the information that needs to be concealed is recorded in the ID information 104, the request information updated by performing a predetermined conversion process is transmitted to the Web server 30.
In response to the request information, the response processing unit 102 acquires a Web page that is response information (second information) returned from the Web server 30, and stores the concealed information included in the acquired Web page as ID information. A replacement process is performed according to 104, and the updated response information is transmitted to the Web client 20.
The request processing unit 101 and the response processing unit 102 are realized by a program execution process or the like by a CPU provided in the information concealment proxy device 10.

  The processing setting information 103 holds information that sets the processing method of the request processing unit 101 when the request information transmitted from the Web client 20 is received. The processing setting information 103 is set in advance by an operation manager or the like, and is an information concealment proxy. It is stored in the hard disk of the device 10 or the like. FIG. 2 is a diagram illustrating an example of the processing setting information. The processing setting information 103a (103) stores processing setting information focusing on a Uniform Resource Locator (URL), method, and parameter name included in the request information. Here, in the HTTP (HyperText Transfer Protocol) request in which the URL to be accessed by the Web browser 21 is “http://foo.bar.com/calendar/add” and the method is “POST”, the parameter name is “Text” and When “Content” is specified, conversion processing is specified.

  Returning to FIG. 1, the ID information 104 is information in which the value of the request parameter included in the request information transmitted from the Web client 20 is recorded in association with the ID generated by the request processing unit 101. FIG. 3 is a diagram illustrating an example of ID information. The ID information 104a (104) has a format for holding an ID generated for the request parameter value (details will be described later in FIG. 4) and character string value information in which the request parameter value is recorded.

  With such a configuration, the information concealment proxy device 10 does not transmit to the web server 30 information that needs to be concealed among the request information necessary for using the service provided by the web application 31 of the web server 30. The function provided by the Web server 30 is provided to the Web client 20 (the user who uses the Web server 30) while keeping the information secret from the person (individual or business owner) who operates the Web server 30. In addition, it is preferable that the information concealment proxy device 10 is installed outside the Web service providing side network system (for example, if the user who uses the service is an employee of a company with a company, the network system within the company). Thereby, information shall not be leaked to the outside.

  The Web client 20 as a client is a general computer that is used in a service-use-side network system that uses a Web service and is operated by a user who uses the Web service, and includes a Web browser 21. When the user operates the Web client 20, a Web page acquisition request that is request information is transmitted to the Web server 30 via the information concealment proxy device 10, and the Web that is response information transmitted from the Web server 30. The page is transmitted to the Web client 20 via the information confidential proxy device 10. As a result, the web page requested by the user is displayed on the web browser 21 of the web client 20.

A web server 30 as a server is a general computer that includes a web application 31 that provides a web service and is used in a network system on the service providing side. In the present embodiment, schedule management will be described as an example, and the Web application 31 has functions such as schedule registration, browsing, and search.
When the Web server 30 provides a schedule registration screen to the user via the Web browser 21 of the Web client 20 and the user inputs the schedule information, the Web server 30 stores the input schedule information in its own storage unit (memory). Device). The schedule information registered by the user is displayed on the schedule browsing screen displayed on the Web client 20.

(Request processing)
The processing procedure in the request processing unit of the information concealment proxy device will be described below according to the flow of FIG. FIG. 4 shows the request processing unit 101 in the information concealment proxy device 10 relaying and converting a Web page acquisition request as request information transmitted from the Web client 20 based on the information set in the processing setting information 103. (ID processing), the flow of processing when transmitting to the Web server 30 is shown in detail.
When the information concealment proxy device 10 receives a Web page acquisition request transmitted from the Web client 20, the request processing unit 101 performs the following processing. Here, as an example, it is assumed that the schedule information “2006/8/31 ΔΔ presentation” is registered, and the schedule information is included in the request information of the Web page acquisition request.

The request processing unit 101 analyzes the HTML source code of the request information included in the Web page acquisition request received by the information concealment proxy device 10, and determines whether there is a request parameter element (S401).
When there is a request parameter element (S401 → Yes), the request processing unit 101 performs the process from step S402 onward for the request parameter, and when there is no request parameter element, or in the HTML source code of the request information. If the processing from step S402 is performed on all the included request parameter elements (S401 → No), the process proceeds to step S405.

If there is an element (S401 → Yes), the request processing unit 101 checks with the processing setting information 103 to determine whether the request parameter is a processing target (S402). That is, it is determined whether or not the request parameter corresponds to the URL, method, and parameter name stored in the process setting information 103. A corresponding request parameter is detected by the processing of steps S401 and S402. For example, in the processing setting information 103a shown in FIG. 2, “Text” in the request information whose access destination URL is “http://www.foo.bar.com/calendar/add” and whose method is “POST”. And the request parameter with the parameter name “Content” is processed.
If there is no processing setting for the request parameter (S402 → No), the request processing unit 101 returns to the processing of step S401 and determines whether there is an element of the next request parameter.

On the other hand, when there is a setting for processing for the request parameter (S402 → Yes), the request processing unit 101 generates an ID for the value of the request parameter, and stores the generated ID and the value of the request parameter in the ID information 104. Register (S403). That is, the request parameter value (character string value) and the generated ID are associated with each other and recorded in the ID information 104 as one record.
The ID generated here is information that can uniquely determine the record registered in the ID information 104, and at the same time, a character string format that does not appear in the character string of the HTML source code of the response information provided by the Web server 30. Need to be. In the example shown in FIG. 3, a character string in which “[(]” and “[]]” are added before and after a natural number converted to a character string is used as an ID. Taking a way to increase. The ID information is not limited to a natural number, but may be any information that can uniquely identify each character string value. If the same character string value has already been registered in the ID information 104, the ID of the record is used without newly registering (without executing step S403).

  Next, the request processing unit 101 sets the generated ID (or the record, if the character string value has already been registered) instead of the original request parameter value, thereby requesting The parameter value is converted (S404).

  The request processing unit 101 performs necessary conversion processing on all the request parameter values included in the request information received from the Web client 20 by repeating the processing of steps S401 to S404. This conversion process may be hereinafter referred to as “ID conversion process”.

  The request processing unit 101 transmits, to the Web server 30, request information that is a Web page acquisition request including the request information that has been subjected to the request parameter conversion processing in steps S401 to S404 (S405).

FIG. 5 is a diagram illustrating an example of an acquisition request for Web pages as request information transmitted and received in the Web service system. An example of HTML source code of request information transmitted from the Web browser of the Web client to the Web server ( Part). Here, as an example, information “△△ Presentation” information is registered in the schedule.
FIG. 5A shows an HTML source code of request information (HTTP request) before conversion processing by the request processing unit, which is transmitted from the Web browser and received by the information concealment proxy device, and FIG. The HTML source code of the request information (HTTP request) after the conversion processing by the request processing unit of the information concealment proxy device is shown. Note that the information (reference numerals 503 and 504) below “Text” shown in FIGS. 5A and 5B is shown without URL encoding for explanation.

As described above, when the information concealment proxy device 10 receives a Web page acquisition request as request information from the Web client 20, the information concealment proxy device 10 refers to the processing setting information 103 and requests included in the HTML source code of the received request information Detect parameters that need to be converted.
For example, according to the processing setting information 103a of FIG. 2, in the acquisition request for the Web page with the method “POST” and the URL “http://foo.bar.com/calendar/add”, the parameter name is “Text”. 5 is specified, it is determined from the information indicated by reference numeral 501 in FIG. 5A that the method and URL correspond, and when “Text” indicated by reference numeral 502 is detected, information of reference numeral 503 is obtained. “Presentation of ΔΔ” is converted to “[(] 3 [)]” as indicated by reference numeral 504 in FIG. 5B (S404).

  The request information (Web page acquisition request) converted as shown in FIG. 5B is transmitted from the information concealment proxy device 10 to the Web server 30. That is, the information “ΔΔ presentation” is not transmitted to the Web server 30, and the converted information “[(] 3 [)]” is transmitted to the Web server 30 (S405). In step S403, information on “[(] 3 [)]” and “Presentation of ΔΔ” is registered in the ID information 104 (see FIG. 3).

(Response processing)
When the Web server 30 receives a Web page acquisition request, which is request information transmitted from the information concealment proxy device 10, the Web server 31 generates a Web page corresponding to the request information by the Web application 31 and transmits it to the Web client 20. That is, when the user inputs schedule information on the schedule registration screen on the Web browser 21 and the input content is transmitted from the Web client 20 to the Web server 30 via the information confidential proxy device 10, the Web application of the Web server 30 31 analyzes the contents and registers schedule information, generates a schedule information browsing screen including schedule information that has already been registered, and returns it to the Web client 20 as response information.

  When receiving the Web page (HTTP response) as the response information from the Web server 30, the information concealment proxy device 10 analyzes the HTML source code of the received response information and matches the ID recorded in the ID information 104. A character string is detected from the HTML source code. Then, the detected character string portion is replaced with a corresponding character string value in the ID information 104 (that is, a character string value of a record having the same ID as the detected character string) (hereinafter referred to as “replacement process” or Appropriately described as “ID decryption process”). The response processing unit 102 performs this replacement process on the entire received response information (HTML source code).

FIG. 6 is a diagram illustrating an example of a Web page as response information transmitted and received in the Web service system. An example (part) of HTML source code of response information transmitted from the Web application of the Web server to the Web client. Is shown. Here, as an example, schedule information such as “2006/08/30 patent meeting”, “2006/08/31 △△ presentation”, “2006/09/01 XX product design meeting” is stored in the storage unit of the Web server 30. It is assumed that the Web application 31 of the Web server 30 displays these pieces of information as a schedule browsing screen on the Web browser 21 of the Web client 20. However, in FIG. 6, a line number is added to the left end for the sake of explanation.
FIG. 6A shows an HTML source code of response information transmitted from the Web application and received by the information concealment proxy device before the replacement processing by the response processing unit, and FIG. 6B shows the information concealment proxy device. The HTML source code of the response information after the replacement processing by the response processing unit is shown.

  Hereinafter, a process in which the response processing unit 102 performs the replacement process with reference to the ID information 104a in FIG. 3 for the response information in FIG. 6A will be described.

In FIG. 6A, the response processing unit 102 detects that the character strings on the 8th, 12th, and 16th lines match the ID registered in the ID information 104a shown in FIG. Then, the detected character string is replaced with the character string value of the corresponding ID information 104a.
That is, the character string values recorded in the ID information 104a are “patent meeting”, “XX product design meeting”, and “△△ presentation”, and are replaced with the corresponding ID character string locations in the response information. Then, it becomes like the response information of FIG.6 (b). For example, the information “[(] 3 [)]” indicated by reference numeral 601 is replaced with “Presentation ΔΔ” indicated by reference numeral 602 and updated.

  By such a processing procedure, the information concealment proxy device 10 sets the parameter value of the response information as the original parameter value of the request information converted by the request processing unit 101 (that is, registered in the ID information 104). The HTML source code replaced with the generated character string value) is generated, and the Web page including the generated HTML source code is transmitted to the Web client 20 as response information.

  According to the present embodiment, by providing the information concealment proxy device 10 as a proxy server of the Web client 20 between the Web client 20 and the Web server 30 on the Web service system, information that should not be disclosed to the Web server 30 side ( In the above example, schedule information such as “Patent Meeting”, “XX Product Design Meeting”, “△△ Presentation”, etc.) is not transmitted directly to the Web server 30, but the information is stored in the information concealment proxy device 10. Record and send the converted information to the Web server 30. When a page is received from the Web server 30, the recorded information is used to replace the original information, and then transmitted to the Web client 20. Thereby, information can be kept secret while using the function (schedule management service in the above example) provided by the Web application 31 of the Web server 30.

  In addition, by setting the processing setting information 103 and setting the proxy server of the Web client 20 by the operation manager instead of the user, the user is not aware of the existence or processing of the information confidential proxy device 10 at all as usual. Web services can be used.

Second Embodiment
Next, a second embodiment of the present invention will be described. Note that the overall configuration of the Web service system according to the second embodiment is the same as that of the first embodiment shown in FIG.

  In the second embodiment, in addition to the processing of the request processing unit 101 shown in the first embodiment, the Web application 31 of the Web server 30 holds other information held on the Web server 30 side based on information input by the user. The processing of the information concealment proxy device 10 corresponding to the case where a function for generating a Web page is provided by the calculation will be described.

  Specifically, for example, in the Web application 31 that provides a schedule management function, the user inputs a search condition (search character string) on the schedule search screen, and the schedule that matches the search condition is stored in the storage unit of the Web server 30. There is a function of retrieving from the information stored in the web browser 20 and displaying the search result on the web browser 21 of the web client 20. When the user uses this function, the converted ID character string (for example, “[(] 3 [)]”) is stored in the Web server 30 even if the processing flow shown in the first embodiment is applied. Therefore, even if a search character string (for example, “ΔΔ presentation”) or a newly generated ID character string is transmitted to the Web server 30 as it is, the intended result cannot be obtained.

  In order to correspond to such a function of the Web server 30, in the second embodiment, the request processing unit 101 searches for a character string value registered in the ID information 104, and searches using the search result. A character string is generated and transmitted to the Web server 30 as a search term.

FIG. 7 is a diagram illustrating an example of the processing setting information. Compared with the processing setting information 103a illustrated in FIG. 2, processing items are newly added. By this processing item, processing to be performed by the request processing 101 is specified for each request parameter included in the received request information.
In the example of the process setting information 103b shown in FIG. 7, as shown in the first record and the second record, when the ID conversion process (ID generation, registration, and conversion process) described in the first embodiment is performed, “ In the case of URL “http://www.foo.bar.com/calendar/search”, method “GET”, parameter name “Query” as described in the third record, It is described as “search string conversion process”. That is, in this embodiment, the processing method is changed according to the information of the newly added process.

  Hereinafter, the processing procedure in the request processing unit in the present embodiment will be described according to the processing flow of FIG. In addition, about the process similar to 1st Embodiment shown in FIG. 4, the same code | symbol is attached | subjected and description is abbreviate | omitted.

  If it is determined in step S402 that processing has been set for the request parameter (S402 → Yes), the request processing unit 101 refers to the processing setting information 103b (see FIG. 7), and the request corresponding to the URL, method, and parameter name. A process set for the parameter is detected (S801).

  When the detected process is “ID process” (S801 → ID process), the request processing unit 101 performs the same process (S403, 404) as in the first embodiment.

  On the other hand, when the detected process is “search string conversion process” (S801 → search string conversion process), the request processing unit 101 searches the ID information 104 for a record including the character string value of the request parameter. The corresponding ID is detected (S802), the detected ID is generated as a search character string (S803: A search character string is generated as an OR condition), and the parameter value is converted into the generated search character string (S804). Update. That is, the ID detected in step S802 is set instead of the value of the request parameter. If a plurality of records are detected in step S802, a character string obtained by concatenating the ID of each record with a blank character or the like so as to become a search character string for a plurality of candidate searches (OR conditions) in step S803. As the value of the request parameter.

  More specifically, for example, when the value of the request parameter that is the search value input by the user is “meeting”, the request processing unit 101 determines “patent meeting” and “o” from the ID information 104a in FIG. ○ Two records containing the character string “Product design meeting” are detected. Therefore, instead of the original request parameter value “Meeting”, the request parameter value is “[(] 1 [)] [(] 2 [)]”, which is the ID of the detected record concatenated with a blank character. Set.

  When searching for a plurality of words using OR conditions, the main search service providing site inputs a character string obtained by concatenating a plurality of words with a blank character string as a search character string. Although the method of concatenating a plurality of words with a blank character string has been described, if the search function provided by the Web server 30 allows a multi-word search to be input by another method, a search character string is generated according to the method. .

  Returning to FIG. 8, the request processing unit 101 of the information concealment proxy device 10 requests an acquisition request for a Web page having request information that has undergone request parameter conversion processing in steps S 401 to S 404 and steps S 801 to S 804. As in the first embodiment, it is transmitted to the Web server 30 (S405).

  According to the second embodiment, the information concealment proxy device 10 conceals information input by the user and registers it in the Web server 30, and allows the registered information to be browsed according to the information input by the user. In addition to providing the functions described in the embodiments, the web application 31 performs computations with other information held on the web server 30 side based on information input by the user (for example, search processing) while keeping the information secret. Even if there is a function for generating a Web page, the function can be used.

<Third Embodiment>
Next, a third embodiment of the present invention will be described.
In the third embodiment, in addition to the processing of the request processing unit 101 shown in the first embodiment and the second embodiment, the web application 31 of the web server 30 generates a web page corresponding to information input by the user. Processing of the information concealment proxy device 10 corresponding to the case where such a function is provided will be described.

  In the first embodiment, a character string input by the user on the Web server 30 side is converted into an ID by converting a character string portion that needs to be concealed in the HTML source code of the Web page generated by the Web server 30. The user was able to view the Web page based on the input character string while transmitting only the converted ID without transmitting. However, for example, when a character string input by the user indicates a URL, the Web application 31 of the Web server 30 has a function of performing processing such as displaying as an HTML anchor tag (A tag) indicating a link to the URL. There is a case to prepare. In this case, only the function of the first embodiment described above causes the URL character string converted to the information-secret protocol device 10 to be displayed as it is on the Web page by the page generation function of the Web server 30, so that a link is created. Do not show.

  That is, if the Web server 30 has a function of using a result of performing some conversion processing using a character string input by the user as a part of the HTML source code of the Web page, the character input by the user is simply used. In the method of performing the column and ID replacement process, a result different from the Web page normally generated by the Web server 30 is displayed.

  Therefore, in the third embodiment, after the replacement process (ID decryption process) of the response processing unit 102, a process of converting a character string portion indicating a URL into an anchor tag is performed. Details will be described below.

FIG. 9 is a diagram illustrating the overall configuration of the Web service system and the functional configuration of the information concealment proxy device according to the third embodiment. According to this, as different from FIG. 1, response processing setting information (processing definition information) 105 stored in the hard disk is newly arranged in the information concealment proxy device 10.
The response processing setting information 105 records processing performed by the response processing unit 102 in correspondence with specific information included in the response information received from the Web server 30.

  FIG. 10 is a diagram illustrating an example (part) of response processing setting information. According to the response processing setting information 105a (105), the URL included in the response information from the Web server 30 (for example, the target URL at which the Web client 20 is currently accessing the Web application 31) is “http: // www. In the case of “foo.bar.com/calendar/view” (first record), the response processing unit 102 indicates that “ID decryption processing” similar to that in the first embodiment is performed. In addition, when the target URL is “http://www.foo.bar.com/blog” (second record), after “ID decryption processing”, “HTML conversion processing” indicates a character indicating the URL. It shows that the process of converting the column part into an anchor tag is performed.

  The processing flow of the request processing unit 101 in the third embodiment is the same as that in the first embodiment or the second embodiment.

Processing of the response processing unit 102 in the third embodiment will be described.
The response processing unit 102 of the information concealment proxy device 10 analyzes the response information received from the Web server 30 and detects the processing for the URL currently being accessed from the response processing setting information 105. This will be specifically described below.
Here, by the ID processing of the request processing unit 101 in advance, a record of ID “[(] 4 [)]” and character string value “http://www.foo.bar.com/link” is stored in the ID information 104. As a result of the user accessing the URL “http://www.foo.bar.com/blog” of the Web application 31 via the Web client 20, the response information (Web page returned by the Web server 30) The case where the character string “[(] 4 [)]” is included in the HTML source code) will be described as an example.

The response processing unit 102 detects the URL “http://www.foo.bar.com/blog” included in the received response information. Then, with reference to the response processing setting information 105a shown in FIG. 9, it is determined that “ID decoding processing” and “HTML conversion processing” are performed as processing to be executed on the response information (HTML source code).
First, as “ID decryption processing”, the character string value “http://www.foo.bar.” That holds the part of “[(] 4 [)]” included in the HTML source code is stored in the ID information 104 record. Replace with com / link ”. Subsequently, as “HTML conversion processing”, the character string of the replacement result (in this example, “http://www.foo.bar.com/link” which is the entire replacement result character string) indicates the URL. And the character string of the detected URL is replaced with a character string “<A href='http://www.foo.bar.com/link'> http://www.foo.bar .com / link </a> ”.

  According to the third embodiment, the information concealment proxy device 10 is also applicable to a web service that returns a web page obtained by performing some processing (for example, HTML processing) on the information input by the user. The response processing unit 102 has the same function as the processing included in the Web server 30, and it is possible to cope with this by setting processing corresponding to information received from the Web server 30 in the response processing setting information 105. In other words, the information concealment proxy device 10 performs various processes using the information of the response process setting information 105, so that it is equivalent to the process to be performed by the Web application 31 without transmitting the information to be concealed to the Web server 30. Functions can be provided to the user.

  In the present embodiment, the information stored in the response process setting information 105 is described as a URL, and the response processing unit 102 executes the process set for each URL. Information obtained by analyzing the contents of the received Web page information (such as a title and message body) may be used as long as it can identify a necessary process.

<Fourth embodiment>
In the first to third embodiments described above, as shown in FIG. 1 and FIG. 9, the information concealment proxy device 10 (10a) is arranged between the Web client 20 and the Web server 30 on the network. I'm taking it. Here, when a plurality of Web clients 20 are connected to one information concealment proxy device 10 and execute the Web browser 21, the ID information 104 generated and registered based on the request information received from the other Web clients 20 is stored. It is shared by a plurality of Web clients 20. Therefore, as long as the Web clients 20 are connected to the same information concealment proxy device 10, it is possible to share information by browsing the schedule information of the other Web clients 20 (by a replacement process).

  However, if the user does not want to view the schedule information by other Web client 20 users who share the information confidential proxy device 10, or the operation manager of the information confidential proxy device 10 stores the information in the ID information 104. If you want to keep the information confidential. In that case, it is good also as taking the structure equipped with the function with which the information concealment proxy apparatus 10 is provided in the Web client 20 as 4th Embodiment. Specifically, there are a method of mounting as a proxy functioning on the Web client 20 and a method of mounting as a (extended) function of the Web browser 21. In this case, it is necessary to add a function to the Web client 20.

  In addition, a configuration information server for managing the processing configuration information 103 and the ID information 104 may be installed, and the configuration information server may be accessed from the information concealment proxy device 10 or the web client 20 when using the web service. This is effective not only when a proxy is placed on the Web client 20 but also when a plurality of proxy devices are arranged.

  According to the present invention described above, the Web client 20 that transmits the first information and the Web application 31 are used to generate the second information from the first information and store the second information in the storage device. Information that is connectable to the Web server 30 and the Web client 20 in a Web information service by the Web server 30 that transmits the stored second information to the Web client 20 in response to a request from the Web server 20 The secret proxy device 10 is configured to act as a proxy device that mediates communication between the two. Then, the information concealment proxy device 10 reversibly converts and updates a predefined parameter value in the request information transmitted from the Web client 20 to the Web server 30 to a value different from the parameter value, Information having the updated parameter value is transmitted to the Web server 30 as request information transmitted by the Web client 20. The value of the parameter transmitted from the Web client 20 (information before conversion) and the value converted with the parameter (information after conversion) by the information concealment proxy device 10 are recorded as ID information 104 in the information concealment proxy device 10. Keep it.

  The web server 30 that has received the request information generates a web page by the web application 31 and transmits it as response information to the web client 20. The information concealment proxy device 10 that has received this response information detects a part of the response information that matches the converted value (information after conversion) of the parameter recorded during the conversion process of the request information. A process of updating the replaced part with the original value (information before conversion) using the ID information 104 is performed. The information concealment proxy device 10 performs the replacement process over the entire HTML source code of the response information, and then transmits the HTML source code to the Web client 20 as response information.

  Note that the value for converting the parameter value in the information concealment proxy device 10 is a character string in a format that cannot appear in the HTML source code generated by the Web server 30, and can be restored to the original parameter value. Any value is acceptable. For example, as described above, each time a replacement process is performed, a character string indicating a natural number that increases by 1 and a character string in a format that cannot appear in the HTML source code generated by the Web server before and after the character string (for example, “[(] It is conceivable to use a character string in which “and“ [)] ”) are arranged.

  As another method, a method of replacing a parameter value with a value encrypted by a reversible conversion algorithm (for example, DES (Data Encryption Standard), Triple DES, AES (Advanced Encryption Standard), etc.) can be used. . In this case, it is not necessary to record the correspondence information between the parameter value and the replaced value in the information concealment proxy device 10. That is, the ID information 104 is not necessary.

This allows the user to keep the information confidential from the Web service provider side without the need for modifications such as installation of special devices or programs in the system environment of the Web service provider side and the user side. You can use the service. That is, it is possible to provide the user with an environment in which the Web service can be used without passing confidential information that is not desired to be disclosed to the outside to the Web server 30 (and its provider) on the Web service providing side.
Furthermore, even when a third party who does not share and use the information confidential proxy device 10 uses the Web service, browsing of information registered by a user who uses the information confidential proxy device 10 can be prevented. Therefore, the effect of concealing information not only to the Web service provider but also to a third party can be obtained. Therefore, the user can use the Web service without worrying about information leakage, and can promote the use of the Web service.
In addition, according to this invention, if it is between the users who are sharing and using the information concealment proxy apparatus, the information concealed by the user can be shared and browsed.

  According to the second embodiment of the present invention, the request processing unit 101 performs processing according to the processing content set for each URL, method, and parameter, so that the information is input to the user while keeping the information confidential. It is possible to provide a function of generating a Web page by calculation with other information held on the Web server 30 side based on the information.

  In addition, according to the third embodiment, the information concealment proxy device 10 performs processing based on information received from the web application 31 of the web server 30 using the response processing setting information 105, so that information to be concealed can be obtained. A function equivalent to the process to be performed by the Web application 31 can be provided to the user without being transmitted to the Web server 30.

  Further, by combining the second embodiment and the third embodiment, the present invention can cope with various Web services.

  Further, according to the fourth embodiment, it is possible to adopt a configuration according to the user's situation by adopting a configuration in which the function of the information concealment proxy device is provided in the Web client 20.

  It should be noted that the request processing unit 101, response processing unit 102, processing setting information 103, ID information 104, response processing setting information 105, etc. executed by the information concealment proxy device 10 (10a) shown in FIGS. The information concealment system according to the embodiment of the present invention may be realized by recording in a readable recording medium, causing the computer system to read and execute the program recorded in the recording medium.

  As mentioned above, although an example was shown about suitable embodiment of this invention, this invention is not limited to the said embodiment, In the example which does not deviate from the meaning of this invention, it can change suitably. For example, the present invention may be applied not only to a schedule management service but also to a mailer, a TODO management service, or a Web service that combines a plurality of them.

The figure which shows the whole structure of the Web service system which concerns on this invention, and the function structure of an information concealment proxy apparatus The figure which shows an example of the process setting information in 1st Embodiment. The figure which shows an example of ID information in 1st Embodiment Processing flow of the request processing unit in the first embodiment Diagram showing an example of request information Diagram showing an example of response information The figure which shows an example of the process setting information in 2nd Embodiment Processing flow of the request processing unit in the second embodiment The figure which shows the whole structure of the web service system which concerns on 3rd Embodiment, and the function structure of an information concealment proxy apparatus. The figure which shows an example of the response process setting information in 3rd Embodiment

Explanation of symbols

10 Information Concealment Proxy Device (Information Concealment Device)
20 Web client (client)
30 Web server (server)
101 Request processing unit 102 Response processing unit 103, 103a, 103b Processing setting information 104, 104a ID information 105, 105a Response processing setting information (processing definition information)

Claims (4)

The second information stored in response to a request from the client by generating the second information from the first information using a client that transmits the first information and storing the second information from the first information using a Web application In a Web information service by a server that transmits information to the client, an information concealment device that is connectable to the server and the client is used to conceal information transmitted and received by the Web information service. An information concealment method in a concealment device, comprising:
The first information includes a URL (Uniform Resource Locator) for specifying the Web information service, a method indicating a processing type requested to the server, and a parameter which is data used when the method is executed Name as a request parameter,
The information concealment device is an upstream process in which information is transmitted from the client to the server,
First information transmitted from the client to the server via a Web browser is received, and information that needs to be concealed included in the request parameter in the first information is detected as information before conversion. A first step to:
An ID including a character string that is not used in the first information and the second information is stored as information after conversion in a storage unit in association with the information before conversion, and in the first step A second step of reversibly converting the detected pre-conversion information into post-conversion information associated with the storage unit, and updating the first information;
Performing the third step of transmitting the updated first information to the server;
The information concealment device is configured as a downstream process in which information is transmitted from the server to the client.
A fourth step of receiving from the server second information corresponding to the first information generated by the server using the Web application;
A fifth step of detecting the converted information included in the second information received from the server;
A sixth step of replacing the detected post-conversion information with the pre-conversion information and updating the second information;
And executing the seventh step of transmitting the updated second information to the client. The information concealment device is
The second information is updated by replacing the information after the conversion with the information before the conversion based on the information in the storage unit when executing the sixth step. Information concealment method described in 1. The information concealment device is
Processing definition information in which processing performed on the second information and information specifying the processing are stored in association with each other;
After executing the sixth step, information for specifying the process included in the second information is detected, and the second information is determined based on the process definition information from the information for specifying the detected process. identify the process to be performed on the information, performs processing said identified for the second information, according to claim 1 or claim the second information subjected to the processing and transmitting to the client Item 3. The information concealment method according to Item 2 . The second information stored in response to a request from the client by generating the second information from the first information using a client that transmits the first information and storing the second information from the first information using a Web application In a Web information service by a server that transmits a message to the client, an information concealment device that is connectable to the server and the client,
The first information includes a URL (Uniform Resource Locator) for specifying the Web information service, a method indicating a processing type requested to the server, and a parameter which is data used when the method is executed Name as a request parameter,
As upstream processing in which information is transmitted from the client to the server, the first information transmitted from the client to the server via a Web browser is received, and the request parameter in the first information is received. Information that needs to be concealed is detected as information before conversion, and an ID including a character string that is not used in the first information and the second information is information after conversion. stored in said conversion information before the association with the storage unit, the information before the conversion that the detected, reversibly convert to the first information to the information after the conversion which is associated with the said storage unit A request processing unit for updating and transmitting the updated first information to the server;
As a downstream process in which information is transmitted from the server to the client, the server receives second information corresponding to the first information generated using the Web application from the server, and The post-conversion information included in the second information received from the server is detected, the post-conversion information detected is replaced with the pre-conversion information, and the second information is updated. An information concealment device, comprising: a response processing unit that transmits second information to the client.

Images