A method for preventing information portability by using a thin client or the like, and encryption of portable information implemented as USB (Universal Serial Bus) memory encryption or the like are known as techniques for preventing confidential information from being leaked.
The technique for preventing information portability disables on-the-spot reference to confidential information if the information becomes necessary outside the company. Accordingly, for example, even when a user stays in the office of a counterpart of a non-disclosure agreement, the user is unable to reference the confidential information, leading to an obstacle to business.
With the method for encrypting portable information, it is impossible to prevent decrypted data from leaking once encrypted information is decrypted as needed.
Additionally, techniques for preventing introduction of viruses include virus infection prevention using virus check software on a personal computer, and virus attack protection using a firewall in a network.
However, virus check software is unable to detect unknown viruses.
In the meantime, a firewall is able to detect some unknown viruses depending on a communication pattern. However, it is costly to provide a firewall, and providing a firewall exerts a lot of influence on communication performance. Therefore, it is difficult to install a firewall in each hub to which, for example, a personal computer brought back to a company from outside is connected.
Furthermore, diverse techniques are known as technology for controlling an access to a network. Some of such techniques are disclosed, for example, in Japanese Laid-open Patent Publication No. 2003-44441 and No. 2004-46460.
For example, according to a certain technique, an access to a communication network is controlled depending on a user by using storing means for storing access control information of each user.
Additionally, according to another certain technique, installation information of Web servers is used as part of information about user access rights to a file management server, and the access rights are controlled to vary depending on whether a user logs in to the file management server with a client via an in-house Web server or the user logs in to the file management server with the client via an external Web server.
However, these techniques control an access made from an outside, and do not control an access made from a local device to an outside.