1. Field of the Invention
The present invention relates to a system that stores and analyzes data communicated via a data communication network.
2. Description of the Related Art
LAN (Local Area Network), Internet and so on are known as networks for the data communication. The communication terminal can access to the server computer and acquire the data etc. from the server computer via the data communication networks. Furthermore, the communication terminal can perform the data communication with other communication terminals via the data communication network.
When the data supplying is executed using the server computer, there is a possibility that the leakages of the secret information stored in the server computer may occur. For example, there is a case that the information of high secret level are stored in the server computer and only the particular employees are allowed to browse the information, in a LAN within a company. In such case, it is common way that certification processing is performed using certification information, for example, an ID (Identification) or a password, and the browsing is allowed only when certificated. When a leakage of secret etc. are detected, the illegal access user is tried to be identified by analyzing the communication logs of each communication terminal connected to the LAN. However, the analyzing of the communication logs etc. needs a vast amount of human work, therefore, it needs long time period and high manpower costs.
Incidentally, when a data communication is executed between the communication terminals, there is a case where a proof is requested as to whether the data communication is actually executed or not. For example, in many cases of the electric commerce using the Internet, the customer executes an order processing using an input-form displayed on a web browser or an electronic mail. However, it is probable that the customer insists the order has been sent whereas the service provider insists the order has not been received. In such case, whether the data communication is executed can be checked using the communication data stored in both of the communication terminals. However, it is difficult to prove to the third party whether the data communication is executed, because the communication data or other kinds of the electrical data can be broken or modified easily.
For solving such problems, the way of using the relay device, which comprises the function for saving the communication packets, is known.
It is expected to reduce the time period and the manpower costs necessary for solving the illegal access by automatically saving the communication packets into the relay device of the LAN etc., and reappearing the header information and the communication data of the saved communication packets. Because, it become unnecessary to analyze the communication logs by each communication terminals, when the leakage of information described above is detected. In addition, the reliability of checking whether the data communication is actually executed can be improved, because it is difficult to break or modify the communication packets saved in the relay device.
The art for saving communication packets to a relay device of a data communication network is disclosed by the International Published Patent Application WO2002/029579 and the Japanese patent laid open publication No. 2008-182294, for example.
However, the system for saving communication packets to the relay device of the data communication network has following demerits.
In the case of saving the communication packets into the relay device, a hard disk storage unit is necessary, because the stored data becomes vast. However, the writing speed of the hard disk storage unit is 100 megabytes/second (i.e. 800 Mbps) at most. Therefore, the communication rate of the high-speed data communication network (e.g. 2000 Mbps) falls because of the writing processing.
In contrast, the art of the International Published Patent Application WO2002/029579 writes the communication packets into a working memory temporarily, before storing into the hard disk storage unit. However, the art of the International Published Patent Application WO2002/029579 has a risk of causing communication packet losses (i.e. occurrence of the not-stored communication packets) when the traffic increases in the data communication network of high rate and large capacity. Therefore, the art of the International Published Patent Application WO2002/029579 has a demerit that the reliability of the packet storage processing is not enough.
Incidentally, the art of the Japanese Patent laid open publication No. 2008-182294 suppresses the reduction of the communication rate by discarding a part of the communication packets (that is, by undoing the saving of a part of the communication packets) in the relay device on purpose. However, the art of the Japanese Patent laid open publication No. 2008-182294 has a demerit similar to the International Published Patent Application WO2002/029579, that is, the reliability of the packet storage processing is not enough.
In addition, when the art of saving the communication packets into the relay device is employed, the cost of the relay device is expensive. Furthermore, when the relay device is located, an additional computer for reappearing the header information, the communication data etc. from the saved communication packets is needed to be provided in the LAN. Consequently, the cost for network constructing increases substantially, and so it is very difficult for individuals or small companies to construct such network.