| 摘要 |
A client device (100) determines whether or not access is allowed, based on security levels that are set for an application program and data held in a server device (200), and performs authentication with the server device (200) based on a challenge code generated using packet data from the application program. The server device (200), when the challenge code is transmitted thereto, transmits a preset response code to the client device (100), and permits access by the client device (100) if the server device (200) receives a set response to the response code from the client device (100). |
| 主权项 |
1. A sensitive information leakage prevention system for preventing leakage of sensitive information between a client device and a server device, comprising:
a client device realized by a computer and configured to execute an application program; and a server device realized by a computer and configured to hold data to be used by the application program, wherein a processor of the client device the client device determines whether or not access by the application program is allowed, based on a security level that is set for the application program and a security level that is provided to data held in the server device, and transmits, if it is determined that access is allowed, a challenge code that is generated using packet data from the application program to the server device and requests authentication, and a processor of the server device transmits, when the challenge code is transmitted thereto, a preset response code to the client device, determines that authentication is successful if the server device receives a set response to the response code from the client device, and thereafter permits access by the client device, wherein the client device assigns a label that indicates a preset security level to each of a plurality of application programs including the application program, wherein the client device monitors network access by the application programs, and upon network access by an application program having begun, determines s allowed in accordance the label assigned to the application program and a label of an access destination folder, wherein the server devices performs authentication processing with the client device in which access control is performed in accordance with the labels, and wherein the server device performs no authentication processing with the client device in which access control cannot be performed in accordance with the client device, such that all network communication is prohibited. |
