| 发明名称 | Unauthorized operation detection system and unauthorized operation detection method | ||
| 摘要 | The content of operations is identified and an alert is generated to an operation having a high risk of information leakage.;An agent monitors, for example, operations performed with respect to a dialogue displayed on a client PC. If a file is selected by an operation performed with respect to the displayed dialogue, the agent assigns an identifier indicating a source for the file to the file. If the file is sent as an attached file, the agent identifies an output destination for the attached file as well as the source for the attached file; and if the output destination for the attached file is an external Web server and the source for the attached file is a mail server, the agent generates an alert by determining that an unauthorized operation has been executed; and then sends the generated alert to a management server. | ||
| 申请公布号 | US8850592(B2) | 申请公布日期 | 2014.09.30 |
| 申请号 | US201012808130 | 申请日期 | 2010.04.02 |
| 申请人 | Hitachi, Ltd. | 发明人 | Kayashima Makoto;Tsunoo Shinichi;Nakagoe Hiroshi;Isokawa Hiromi;Suzuki Norio |
| 分类号 | G06F21/00;G06F21/60;G06F21/55;G06F21/52;H04L29/06 | 主分类号 | G06F21/00 |
| 代理机构 | Foley & Lardner LLP | 代理人 | Foley & Lardner LLP |
| 主权项 | 1. A system comprising: a computer configured to execute at least one application program which stores and accesses a file in the computer, according to user operations; and a management server configured to manage a monitoring result of a monitoring device,wherein the computer is configured to: (1) import first information from a first server computer into the file according to a user importing operation, comprising: (1a) storing a source identifier designating a source of the first information, in a metadata of the file, wherein the source identifier is acquired by a communication procedure for receiving the first information, according to a communication protocol which is an upper layer protocol relative to TCP (transmission control protocol)/IP (internet protocol) protocol, and (2) export information in the file to a second server computer, according to a user exporting operation designating the file and exports destination, comprising: (2a) acquiring the source identifier from the metadata of the file; and(2b) checking a condition to send an alert to the monitoring server using the source identifier and an identifier of the exports destination. | ||
| 地址 | Tokyo JP | ||