Patent Application
20200274874
This application is based on and claims priority under 35 USC 119 from Japanese Patent Application No. 2019-031311 filed Feb. 25, 2019.
The present disclosure relates to a communication control apparatus, a communication system, and a non-transitory computer readable medium.
In an access restriction system that has recently been proposed, a user is able to conveniently determine access permission/rejection in accordance with history of access to web pages from a terminal and efficiently set an access permission/rejection list suitable for the terminal (for example, refer to Japanese Unexamined Patent Application Publication No. 2010-55202).
The access restriction system described in Japanese Unexamined Patent Application Publication No. 2010-55202 includes an access list update server that updates an access permission/rejection list for a client terminal as follows. The access list update server uses a unique user (UU) number (the number of users who view a web page), information concerning forbidden words, and link information and creates a tree structure that represents a link relation between web pages viewed by using the client terminal. Then, the access list update server selects the web page having the largest UU number as a page representative of the tree structure. The access list update server creates an access history list for the client terminal, the access history list being presented either for each page, for each tree, or for each domain and transmits the access history list to a master terminal. The access list update server receives from the master terminal access permission/rejection information that determines whether the client terminal is permitted to access each web page presented on the access history list. The access list update server updates the access permission/rejection list for the client terminal in accordance with the access permission/rejection information received from the master terminal.
Aspects of non-limiting embodiments of the present disclosure relate to providing a communication control apparatus, a communication system, and a non-transitory computer readable medium that provide decision materials necessary for updating a list of online destinations that is used for determining whether the access to an online destination is permitted.
Aspects of certain non-limiting embodiments of the present disclosure address the features discussed above and/or other features not described above. However, aspects of the non-limiting embodiments are not required to address the above features, and aspects of the non-limiting embodiments of the present disclosure may not address features described above.
According to an aspect of the present disclosure, there is provided a communication control apparatus including a decision unit, a receiving unit, an evaluation unit, and a generation unit. The decision unit refers to a list of online destinations in response to a request for access to an online destination from a source node and determines whether the access is permitted or rejected. The receiving unit receives from the source node an update request for updating the list of online destinations, the update request concerning the online destination to which access has been rejected by the decision unit. The evaluation unit acquires a plurality of pieces of evaluation information concerning a plurality of items for evaluating the online destination, for which the update request has been received, and calculates an evaluation value for each of the plurality of items in accordance with the plurality of pieces of evaluation information. The generation unit generates a piece of decision information for each of the plurality of items, the piece of decision information reflecting a result of comparison between the evaluation value and one or more thresholds that correspond to the evaluation value.
Exemplary embodiments of the present disclosure will be described in detail based on the following figures, wherein:
Exemplary embodiments according to the present disclosure will be described hereinafter with reference to the drawings. In the drawings, elements having substantially identical functions are referred to by the same reference signs, and duplicate descriptions thereof will be omitted.
Communication control apparatuses according to the present exemplary embodiments each include a decision unit, a receiving unit, an evaluation unit, and a generation unit. The decision unit refers to a list of online destinations in response to a request for access to an online destination from a source node and determines whether the access is permitted or rejected. The receiving unit receives from the source node an update request for updating the list of online destinations, the update request concerning the online destination to which access has been rejected by the decision unit. The evaluation unit acquires a plurality of pieces of evaluation information concerning a plurality of items for evaluating the online destination, for which the update request has been received, and calculates an evaluation value for each of the plurality of items in accordance with the plurality of pieces of evaluation information. The generation unit generates a piece of decision information for each of the plurality of items, the piece of decision information reflecting a result of comparison between the evaluation value and one or more thresholds that correspond to the evaluation value.
Examples of a source node include communication apparatuses such as a user terminal apparatus and an image forming apparatus connected to a network from which a communication originates. Examples of an online destination include a communication apparatus, such as a server apparatus, connected to a network that a communication reaches, and a website or a web page of the communication apparatus is also included. Examples of a list of online destinations include a white list and a black list. A white list is used to permit only a request for access to an online destination registered on the list. A black list is used to reject only a request for access to an online destination registered on the list. Pieces of information for identification, such as an IP address of a communication apparatus, a domain of a website or an email address, and a uniform resource locator (URL) of a web page, are recorded on a list of online destinations.
The plurality of user terminal apparatuses 2 and the administrator terminal apparatus 3 are connected to the gateway apparatus 5 via an internal network 4, and the gateway apparatus 5 and the plurality of server apparatuses 7 are connected to each other via an external network 6.
An example of the user terminal apparatus 2 and the administrator terminal apparatus 3 is an information processing apparatus such as a personal computer (PC), a cell phone, or a multifunctional cell phone (smartphone), and an IP address is assigned to the information processing apparatus. The user terminal apparatus 2 may be an image forming apparatus.
The user terminal apparatus 2 and the administrator terminal apparatus 3 each include a display unit, an input unit, a controller, and a storage unit. The display unit is realized by using, for example, a liquid crystal display. The input unit is realized by using, for example, a keyboard and a mouse. The controller is realized by using, for example, a central processing unit (CPU) and an interface and performs control of, for example, input, display, and communication. The storage unit is constituted by using, for example, a read-only memory (ROM), a random-access memory (RAM), and a hard disk and stores software applications executed by the CPU and various kinds of data. The software applications include a web browser and a mailer. A web browser is application software executed to enable a user to view a web page. A mailer is application software executed to enable a user to view an email. The display unit and the input unit may be realized by using a touch panel display or the like, which integrates the display unit and the input unit as a single unit.
The internal network 4 is a network such as a local area network (LAN) or an intranet and may be a wired network or a wireless network. The external network 6 is, for example, the Internet.
The server apparatus 7 may have, for example, only a web server function, only a mail server function, or both of the functions.
The web server function is a function to provide the user terminal apparatus 2 with a web page corresponding to a URL requested by the user terminal apparatus 2 and to transmit and receive communication data to and from the user terminal apparatus 2. The mail server function is a function as a post office protocol (POP) server and a simple mail transfer protocol (SMTP) server for forwarding to a specified address an email transmitted from the user terminal apparatus 2 and an email addressed to the user terminal apparatus 2.
The controller 50 is constituted by a CPU, an interface, and the like. The CPU operates under the control of a program 510 and thus functions as various units such as a receiving unit 501, a communication control unit 502, an evaluation unit 503, a generation unit 504, and a registration unit 505. Details of each of the units 501 to 505 will be described below. The communication control unit 502 is an example of a decision unit. The registration unit 505 is an example of an update unit.
The storage unit 51 is constituted by a ROM, a RAM, a hard disk, and the like and stores the program 510, a white list 511, a link list 512, a risk database (DB) 513, template information 514, a user DB 515, and the like. The white list 511 is an example of a list of online destinations.
For example, URLs of web pages are registered on the white list 511 as pieces of information for identifying accessible online destinations on the Internet (alternatively referred to as access destinations). The IP address, the domain of the website or the email address, and the like of the server apparatus 7 may be registered on the white list 511.
URLs of destinations linked from the web pages registered on the white list 511 are registered on the link list 512. The link list 512 is updated by the controller 50 at regular intervals (such as a week, a month, or the like).
The risk DB 513 stores conversion formulas, a calculation formula, a plurality of thresholds, pieces of color information, and the like. Each of the conversion formulas is assigned to an item to calculate an evaluation value by using pieces of evaluation information. The calculation formula is used to calculate an overall score by using evaluation values each of which is calculated for an item. The plurality of thresholds are used for comparison with an evaluation value, and a piece of color information indicates a color to represent a result of comparison between the evaluation value and the plurality of thresholds. The evaluation unit 503 uses the conversion formulas and the calculation formula. The generation unit 504 uses the plurality of thresholds and the pieces of color information. Each item may have one threshold.
The internal communication unit 52 performs control of the transmission and reception of emails and control relating to a network and transmits and receives communication data via the internal network 4.
The external communication unit 53 performs control of the transmission and reception of emails and control relating to a network and transmits and receives communication data via the external network 6.
The message template 514a for one reason is formed so as to include parameters NAME, DATE, REASON, PRE, and TARGET. The message template 514b for two or more reasons is formed so as to include parameters NAME, DATE, REASON1, REASON2, REASONn, and TARGET. The reason list 514c has a column for a drop item, a column for a reason, and a column containing the parameter PRE. The column for a drop item contains drag-and-drop items for allowing the administrator to select a reason to reject a registration application, and the column for a reason contains reasons to be entered into the parameters REASON, REASON1, REASON2, and REASONn.
Next, each of the units 501 to 505 of the controller 50 will be described.
The receiving unit 501 receives from the user terminal apparatus 2 a registration application to register on the white list 511 an access destination to which the access has been rejected by the communication control unit 502.
The communication control unit 502 refers to the white list 511 in response to a request for access to an access destination, the request being submitted from the user terminal apparatus 2, and determines whether the access is permitted or rejected.
The evaluation unit 503 acquires a plurality of pieces of evaluation information concerning a plurality of items that are used to evaluate an access destination for which a registration application has been submitted. Then, the evaluation unit 503 calculates an evaluation value for each item in accordance with the plurality of piece of evaluation information by using the corresponding one of the conversion formulas stored in the risk DB 513 and calculates an overall score by using the calculated evaluation values and the calculation formula stored in the risk DB 513. An evaluation value is used to evaluate, for example, the credibility of an access destination. Accordingly, a higher evaluation value indicates higher credibility of an access destination.
Examples of the items used to evaluate the credibility include items denoted by “Time of Access”, “Certificate”, “JIT Included”, “Script Score”, “Link from White List”, and “Overall Score”. The items are not limited to these and may include information obtained from WHOIS information managed by domain registrars and the like. The items may also include information concerning history regarding registration applications stored in the user DB 515. The information concerning history may include, for example, either the numbers of registration applications and rejected registration applications or a ratio of the number of rejected registration applications to the number of registration applications.
The pieces of evaluation information concerning the items described above will be described. The item denoted by “Time of Access” relates to the time when a web page is accessed. The item denoted by “Certificate” indicates whether a certificate is attached to a web page, and the item also relates to the credibility of a certificate. Examples of a certificate include a secure sockets layer (SSL) certificate used for hypertext transfer protocol (HTTP) communication. The item denoted by “JIT Included” indicates whether a script having a possibility of enabling just-in-time (JIT) compilation (for example, JavaScript (registered trademark), Flash, and the like) is included. The item denoted by “Script Score” relates to the possibility of using a function having the risk of injection. The item denoted by “Link from White List” indicates whether an access destination is linked from the white list 511, and the item also includes the period during which the link has been registered. The item denoted by “Overall Score” relates to an overall evaluation value obtained by the comprehensive evaluation of the evaluation values for the items.
A conversion formula used to convert pieces of evaluation information to an evaluation value is determined, for example, as follows. An evaluation value ranges from 0 to 100 with 100 indicating the highest credibility and 0 indicating the lowest credibility. For the item denoted by “Time of Access”, an evaluation value of 100 is assigned if a web page is accessed during business hours, and an evaluation value of 0 is assigned if a web page is accessed outside business hours. For the item denoted by “Certificate”, a web page to which a certificate is attached gains a base value of 50, to which a value depending on the credibility of the certificate (for example, 20, 30, or the like for a relatively credible certificate) is added to obtain an evaluation value. For the item denoted by “JIT Included”, if a script having a possibility of enabling JIT compilation is not included, an evaluation value of 100 is gained, and if a script having a possibility of enabling JIT compilation is included, no evaluation value is gained. For the item denoted by “Script Score”, an evaluation value is assigned in accordance with the risk of injection (for example, 100 for no risk, 80 for a certain degree of risk, or the like). For the item denoted by “Link from White List”, a web page that is not linked from the white list 511 gains no evaluation value, and a web page that is linked from the white list 511 gains an evaluation value based on the period during which the web page has been registered (for example, 100 for a web page having been registered for a month or less, 70 for a web page having been registered for half a year or less, or the like).
A formula for calculating an overall score by using evaluation values calculated for the items may be, for example, an arithmetic average or a weighted average.
The generation unit 504 generates pieces of information that constitute a decision screen 30 (refer to
Upon receiving from the administrator terminal apparatus 3 an instruction to approve a registration application, namely an instruction to add a URL of a web page to the white list 511, the registration unit 505 registers the URL of the web page on the white list 511.
Next, an example operation of the communication system 1 will be described with reference to
In response to an attempt to access a web page from the user terminal apparatus 2 via the gateway apparatus 5 and the external network 6, the communication control unit 502 of the gateway apparatus 5 permits the access if the access destination is registered on the white list 511 and rejects (also referred to as “blocks”) the access if the access destination is not registered on the white list 511.
The communication control unit 502 transmits to the user terminal apparatus 2 the information constituting a notification screen reporting the blockage of the access and causes the display unit of the user terminal apparatus 2 to display the notification screen.
If a user operates the input unit of the user terminal apparatus 2 and selects the button 20b labeled “Report”, the controller of the user terminal apparatus 2 transmits to the gateway apparatus 5 a registration application for the URL of the blocked web page along with access information. The access information includes the URL of the access destination, the time of access, the user ID, and the like. The access information may be acquired by the evaluation unit 503 from the communication history information managed by the communication control unit 502 for each of the user terminal apparatuses 2 or for each of the user IDs.
The receiving unit 501 of the gateway apparatus 5 receives the registration application and the access information that are transmitted from the user terminal apparatus 2 (step S1).
After acquiring files constituting the web page for which the registration application has been submitted, the evaluation unit 503 analyzes the files and acquires pieces of evaluation information concerning each of the plurality of items (step S2).
At this time, the evaluation unit 503 uses a sandbox to monitor the files and analyzes whether an invalid operation is observed. Specifically, if a script is present, the evaluation unit 503 acquires information concerning the script, examines whether the script has a possibility of enabling JIT compilation, and assesses the risk of injection. Further, the evaluation unit 503 examines whether a certificate is attached to the web page, and if a certificate is attached, the evaluation unit 503 evaluates the credibility of the certificate. In addition, the evaluation unit 503 examines whether the URL of the web page is registered on the link list 512. The information concerning the script includes the name of the script and the like.
Next, the evaluation unit 503 calculates an evaluation value for each of the plurality of items by using the plurality of pieces of evaluation information that are acquired in step S2 described above and calculates the overall score by using the calculated evaluation values (step S3).
For example, in the case of the first row of the decision screen 30, which is depicted in
Next, the generation unit 504 generates information constituting the decision screen 30, transmits the information constituting the decision screen 30 to the administrator terminal apparatus 3, and causes the display unit of the administrator terminal apparatus 3 to display the decision screen 30 (step S4).
In the column titled “URL”, the URL of an access destination is displayed in each row. In the column titled “Time of Access”, the time of access is displayed in each row. In the column titled “Applicant ID”, the ID of the user who has submitted the registration application is displayed in each row. In the column titled “Certificate”, whether a certificate is present and whether the certificate is credible are displayed in each row. In the column titled “JIT Included”, whether a script having a possibility of enabling JIT compilation is included is displayed in each row. In the column titled “Script Score”, a script score is displayed in each row. In the column titled “Link from White List”, whether the access destination is linked from the white list 511 is displayed in each row. If the access destination is linked from the white list 511, a hyperlink to the link destination may be set. In the column titled “Overall Score”, the overall score is displayed in each row.
A cell representing an item corresponding to one of the pieces of evaluation information has a background color based on the level of an evaluation value. The generation unit 504 compares the evaluation value with a plurality of thresholds corresponding to the item and determines the background color as follows. Red (cross-hatched in
If the administrator rejects the registration application in the first row (represented by the URL https://www.aaa . . . . ) on the decision screen 30 depicted in
If the administrator rejects the registration application in the third row (represented by the URL http://www.ccc . . . . ) on the decision screen 30 depicted in
If the administrator approves the registration application in the second row (represented by the URL https://search.bbb . . . . ) on the decision screen 30 depicted in
The controller of the administrator terminal apparatus 3 transmits the result of a decision to the gateway apparatus 5 (step S5). The result of a decision to reject the application includes the URL and at least one item cited as a reason for rejection. The result of a decision to approve the application includes the URL.
If the administrator rejects the registration application, namely the registration is not approved (No in step S6), the generation unit 504 reads the message template 514a or 514b, whichever matches the number of reasons, from the template information 514 and generates a reply message including at least one reason. Then, the generation unit 504 refers to the user DB 515 and notifies the user of the result by transmitting the reply message to the email address of the user (step S7).
Specifically, if the number of reasons is two or more, the generation unit 504 reads the message template 514b, which is the message template for two or more reasons, from the template information 514, substitutes reasons selected from the reason list 514c into the parameters, and generates the reply message 21 including the reasons as depicted in
If the number of reasons is one, the generation unit 504 reads the message template 514a, which is the message template for one reason, from the template information 514, substitutes a reason selected from the reason list 514c into the parameter, and generates the reply message 21 including the reason as depicted in
If the administrator approves the registration application, namely the registration is approved (Yes in step S6), the registration unit 505 registers the URL of the web page on the white list 511 (step S8).
An evaluation unit 503 calculates a distance (for example, a Euclidean distance or the like) between a set of evaluation values determined for a target web page and a set of proficiency levels. An evaluation value and a proficiency level are determined for each item. The distance represents the degree of matching. A smaller distance indicates that the administrator has the ability better suited for deciding whether the web page is to be registered on the white list 511.
The evaluation unit 503 calculates a distance D by using, for example, the following equation (1).
D=Σ(100−En−Mn)2, (1)
where En is an evaluation value, Mn is a proficiency level, and n is an integer equal to or larger than 1.
For example, if evaluation values for items denoted by “Time of Access”, “Certificate”, “JIT Included”, “Script Score”, and “Link from White List” are assumed to be 100, 50, 0, 20, and 100, respectively, distances D for administrators having administrator IDs 11, 12, and 21 are 4000, 7100, and 26650, respectively.
A generation unit 504 transmits the information constituting a decision screen to the administrator terminal apparatus 3 used by the administrator having the administrator ID 11, who has the smallest distance D.
The assignment may be changed so that the workload is equalized in consideration of the differences between the number of users handled by the selected administrator and the numbers of users handled by other administrators and the distances. For example, an evaluation formula such as d1×1000>d2 may be used, where d1 is the difference between the numbers of users and d2 is the difference between the distance scores. In the example in
A storage unit 51 of a gateway apparatus 5 stores the black list 517 instead of the white list 511. URLs of web pages, for example, are registered on the black list 517. The IP address, the domain of the website or the email address, and the like of a server apparatus 7 may be registered on the black list 517.
An evaluation unit 503 acquires a plurality of pieces of evaluation information concerning a plurality of items and calculates an evaluation value for each item by using an item denoted by “Link from Black List” instead of the item denoted by “Link from White List”. If a web page is linked from the black list 517, a low evaluation value is assigned to the web page because the web page is expected to have a high risk. If a web page is not linked from the black list 517, a high evaluation value is assigned to the web page because the web page is expected to have a low risk. In
When a request for access to a web page is rejected, a user submits a registration application to register the web page on the white list 511 in the first exemplary embodiment. In the present exemplary embodiment, the user submits an application to remove the web page from the black list 517. An application to remove a web page is an example of an update request.
A result of a past decision made for a web page similar to a web page for which a registration application is submitted is sometimes useful for a decision on the web page for which a registration application is submitted. Results of the past decisions are stored in the storage unit 51 as a log of results of decisions along with evaluation information concerning the corresponding web pages. The evaluation result based on evaluation values of the web page for which a registration application is submitted may be compared with each entry on a list of evaluation results associated with past decisions, and the similarity between the web page and each entry may be determined. Then, an entry in closer proximity than a predetermined threshold to the web page may be selected, and the result of the decision associated with the selected entry may be presented to the administrator to help in making a decision on the registration application. The distance or the degree of matching used for determining the assignment of administrators may be used to make a decision on the proximity to the web page. Techniques for evaluating the degree of similarity in appearance frequencies of words on a web page or the degree of similarity in evaluation information (for example, such as the degree of similarity measured by using the Levenshtein distance or link information) may be used.
A generation unit 504 according to the second modification generates visual information visualized by comparing the degree of similarity with thresholds and transmits the visual information to the administrator terminal apparatus 3.
The exemplary embodiments according to the present disclosure have been described as above, but the exemplary embodiments according to the present disclosure are not limited to the exemplary embodiments described above. Various modifications and practices are possible without departing from the spirit of the present disclosure.
A portion or all of each unit of the controller 50 may be constituted by a hardware circuit, such as a reconfigurable circuit (for example, a field programmable gate array (FPGA)) or an application specific integrated circuit (ASIC).
Further, some of the elements of the exemplary embodiments described above may be removed or modified without departing from the spirit of the present disclosure.
Further, addition, removal, modification, exchange, and the like of the steps in the flow in the exemplary embodiments described above are possible without departing from the spirit of the present disclosure. The programs used in the exemplary embodiments described above may be recorded on a computer-readable recording medium, such as a compact-disc ROM (CD-ROM), and provided. Alternatively, the programs used in the exemplary embodiments described above may be stored in an external server such as a cloud server and used via a network.
The foregoing description of the exemplary embodiments of the present disclosure has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Obviously, many modifications and variations will be apparent to practitioners skilled in the art. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, thereby enabling others skilled in the art to understand the disclosure for various embodiments and with the various modifications as are suited to the particular use contemplated. It is intended that the scope of the disclosure be defined by the following claims and their equivalents.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2019-031311 | Feb 2019 | JP | national |
