Abstract: A confidential information setting apparatus includes: a communication unit that acquires an encryption key and condition information, which is a condition for setting a secret key to a terminal, from a memory unit of a server and acquires a terminal ID, which is an identifier for uniquely identifying the terminal, and the secret key associated with the terminal ID and encrypted from a memory unit of a user apparatus; an encryption processing unit that decrypts the encrypted secret key with the encryption key; and a control unit that judges whether the decrypted secret key can be set to the terminal or not, based on the condition information and sets the secret key to the terminal when a result of the judgment indicates that the secret key can be set to the terminal.

Abstract: A confidential information setting apparatus includes: a communication unit that acquires an encryption key and condition information, which is a condition for setting a secret key to a terminal, from a memory unit of a server and acquires a terminal ID, which is an identifier for uniquely identifying the terminal, and the secret key associated with the terminal ID and encrypted from a memory unit of a user apparatus; an encryption processing unit that decrypts the encrypted secret key with the encryption key; and a control unit that judges whether the decrypted secret key can be set to the terminal or not, based on the condition information and sets the secret key to the terminal when a result of the judgment indicates that the secret key can be set to the terminal.

Abstract: The present invention efficiently displays in a tree structure form a file operation history. A file storage identifier, an operation identifier, and a count are stored as additional meta-information in an alternate data stream with respect to each file stored in a client terminal file system. The operation identifier manages a number of operations (operation generations). The count manages copy frequencies. This meta-information is also sent to a management apparatus, and used for displaying the file operation history in a tree structure form.

Abstract: The content of operations is identified and an alert is generated to an operation having a high risk of information leakage. An agent monitors, for example, operations performed with respect to a dialogue displayed on a client PC. If a file is selected by an operation performed with respect to the displayed dialogue, the agent assigns an identifier indicating a source for the file to the file. If the file is sent as an attached file, the agent identifies an output destination for the attached file as well as the source for the attached file; and if the output destination for the attached file is an external Web server and the source for the attached file is a mail server, the agent generates an alert by determining that an unauthorized operation has been executed; and then sends the generated alert to a management server.

Abstract: An application distribution control system is made up of an information processing apparatus including a data collecting part that collects and stores data of a use state when using an application of an application distribution server into a memory and a data moving part that moves the use state data to a client terminal; the client terminal including a data setting part that receives the use state data from the information processing apparatus to set a use state of the application in accordance with the use state data and a request transmitting part that transmits a use request for the application to the application distribution server; and the application distribution server including a service providing part that receives the use request for the application from the client terminal to allow for the use of the application through the network.

Abstract: There is a demand for a technique that enable plural terminals devices to be easily paired with plural mobile terminals possessed by their respective users in a room where the terminal devices that can be shared among the users are installed. Each terminal device searches for mobile terminals present within the wireless range. If the plural mobile terminals are present within a searchable area, the search result indicates plural mobile terminals, making it difficult to determine with what mobile terminal should the terminal device be paired. The current states of various sensors of the mobile terminals are included in information indicating the names of the mobile terminals and are searched by the terminal device. Under circumstances where the plural terminal devices and the plural mobile terminals exist within short distances, the mobile terminal unit to be paired with the terminal device can be found with ease.

Abstract: A client computer detects a user operation for transmitting data to a server or a storage device, determines whether the detected user operation is a fraudulent manipulation, and, if the determination is a positive result, performs security processing which is processing related to security of data to be transmitted. If the data is data within a group to which the user belongs and a destination of the data is a server or a storage device outside the group, the determination is a positive result.

Abstract: An embodiment of this invention detects an improper operation to a file in a computer of a monitoring target in a computer system including a plurality of computers connected via a network. The monitoring target computer receives a file. The computer receives acquisition source information on the file transmitted from a different computer. The computer refers to information on improper operation requirements to determine whether transmission of the file meets the improper operation requirements or not, based on a combination of the acquisition source of the file indicated by the acquisition source information and a transmission destination of the file and if the improper operation requirements are met, it determines that the transmission of the file is an improper operation.

Abstract: A client computer detects a user operation for transmitting data to a server or a storage device, determines whether the detected user operation is a fraudulent manipulation, and, if the determination is a positive result, performs security processing which is processing related to security of data to be transmitted. If the data is data within a group to which the user belongs and a destination of the data is a server or a storage device outside the group, the determination is a positive result.

Abstract: The present invention efficiently displays in a tree structure form a file operation history. A file storage identifier, an operation identifier, and a count are stored as additional meta-information in an alternate data stream with respect to each file stored in a client terminal file system. The operation identifier manages a number of operations (operation generations). The count manages copy frequencies. This meta-information is also sent to a management apparatus, and used for displaying the file operation history in a tree structure form.

Abstract: The content of operations is identified and an alert is generated to an operation having a high risk of information leakage. An agent monitors, for example, operations performed with respect to a dialogue displayed on a client PC. If a file is selected by an operation performed with respect to the displayed dialogue, the agent assigns an identifier indicating a source for the file to the file. If the file is sent as an attached file, the agent identifies an output destination for the attached file as well as the source for the attached file; and if the output destination for the attached file is an external Web server and the source for the attached file is a mail server, the agent generates an alert by determining that an unauthorized operation has been executed; and then sends the generated alert to a management server.

Abstract: A network quarantine management system eliminates registration or updating work of a quarantine-exempted device and prevents a fraudulent device from abusing authorized network information registered as a quarantine-exempted device and from impersonation. When a quarantine management system detects network connection of a new device, the system judges the type (printer, NAS, etc.) of the device by port scanning. The system enables the device to communicate with another device coupled to a business network without an inspection for connecting the device to the business network, if the newly coupled device is judged to be of an authorized type. The device type judgment is conducted whenever a connection is made and is repeatedly conducted after establishment of the connection to check that the type is of an authorized type and, if the type is found to be an unauthorized type, the device is isolated for inspection.

Abstract: A thin client terminal that can perform information processing in an off-line state is provided. A thin client terminal 101a sends a request for registration of data to be used off-line and designation of application software to be used off-line to a management server 107 through a remote computer 104. The management server 107 registers the data and application software according to the request. The thin client terminal 101 requests the management server 107 to acquire the requested data and application software, receives the data and application software, and stores the received data and application software into a storage medium 110.

Abstract: This information processing limitation system includes an information processing server computer 103 which provides an information processing service, and a terminal computer 101 which is coupled to the information processing server computer 103 and utilizes that information processing service. The terminal computer 101, when utilizing the information processing service, limits the utilization of the information processing service on the basis of a security state which is required for the utilization of the information processing service.

Abstract: An application distribution control system is made up of an information processing apparatus including a data collecting part that collects and stores data of a use state when using an application of an application distribution server into a memory and a data moving part that moves the use state data to a client terminal; the client terminal including a data setting part that receives the use state data from the information processing apparatus to set a use state of the application in accordance with the use state data and a request transmitting part that transmits a use request for the application to the application distribution server; and the application distribution server including a service providing part that receives the use request for the application from the client terminal to allow for the use of the application through the network.

Abstract: A thin client terminal that can perform information processing in an off-line state is provided. A thin client terminal 101a sends a request for registration of data to be used off-line and designation of application software to be used off-line to a management server 107 through a remote computer 104. The management server 107 registers the data and application software according to the request. The thin client terminal 101 requests the management server 107 to acquire the requested data and application software, receives the data and application software, and stores the received data and application software into a storage medium 110.

Abstract: To provide a mechanism for preventing information leakage by erasing stored information if a preset condition is not satisfied, because if an external storage device in which the information is stored is stolen or lost the risk of information leakage through decryption still remains even in the case where the information is encrypted. An external storage device has a locking management function capable of setting available conditions for stored information and controlling permission/prohibition of user access depending on whether the conditions are satisfied. User access is permitted if the available conditions are satisfied. The stored information is erased if the available conditions are not satisfied.

Abstract: A network quarantine management system eliminates registration or updating work of a quarantine-exempted device and prevents a fraudulent device from abusing authorized network information registered as a quarantine-exempted device and from impersonation. when a quarantine management system detects network connection of a new device, the system judges the type (printer, NAS, etc.) of the device by port scanning. The system enables the device to communicate with another device coupled to a business network without an inspection for connecting the device to the business network, if the newly coupled device is judged to be of an authorized type. The device type judgment is conducted whenever a connection is made and is repeatedly conducted after establishment of the connection to check that the type is of an authorized type and, if the type is found to be an unauthorized type, the device is isolated for inspection.

Abstract: An information processor, which controls an incident response device to perform an incident response toward a communication device, realizes the following functions: detecting an incident occurrence in the communication device; storing response information which is information indicative of the incident response that the incident response unit should perform, and target information which is information to identify the communication device, with corresponding policy information regarding a response policy to an incident; outputting a list of the policy information when the incident occurrence is detected; receiving a selection of the policy information; retrieving the response information and the target information corresponding to the selected policy information, from the memory; and sending the incident response unit a command to perform the incident response based on the retrieved response information toward the communication device identified based on the retrieved target information.

Abstract: In an integrated management system for providing a network system having a plurality of computers with a security function and managing a plurality of target products, implementation of the management system itself is facilitated by providing the management system with setting information templates prepared for respective target products, a management program for managing setting information files of target products actually used in a target network, an edit program for editing setting information files, and an install program for installing setting information files created by using the management program and the edit program in respective target devices.