1. Field of the Invention
The present invention relates to a network system where a terminal device on an external network and an application server on an internal network communicate with each other via a firewall connected between the external network and the internal network.
2. Description of the Related Art
In accompaniment with the spread of the Internet environment, the number of companies is increasing whose internal network is connected to an external network such as the Internet so that data can be transmitted to and received from the company via e-mail or the Web (HTTP).
Environments in which external networks like the Internet can be remotely accessed using a wireless LAN or PHS are also rapidly becoming more widespread.
In the midst of such environments, the demand has arisen for company employees to want to access the internal network of their own company from places outside the company. Conventionally, as means for responding to this demand, a dial-up facility has been prepared in the company. However, because the speed of dial-up connections is slow and costs are incurred, recently networks called VPN (Virtual Private Network) and SSL-VPN (Secure Socket Layer-Virtual Private Network) have come to be used to enable a user to connect to the internal network of the user's company from the Internet. In this case, for example, a server called a reverse proxy, which is disposed at the node between the internal network, such as a corporate LAN, and the Internet, and which relays access from the external network to a device in the network such as a Web server, is also sometimes used.
A VPN is a network where a private network is constructed on a shared network (e.g., the Internet). In a VPN, an encrypted channel is secured between a point A and a point B connected over the Internet to create a condition as if the two points were connected through a dedicated line. Thus, when a personal client PC connects to the Internet and accesses a VPN device disposed in the DMZ (demilitarized zone) of the company firewall, the personal client PC and the VPN device communicate with each other using an encrypted protocol, so that the user can safely use the internal network as if the client PC were connected to the network inside the company. However, in this case, it is necessary to dispose a VPN device (server) in the company and to dispose client software in the client PC.
An SSL-VPN is a network which attempts to provide functions similar to a VPN without installing special client software in the client PC in order to more easily access the resources in the company. In order to access the data within the company, ordinarily a Web browser pre-installed in the client PC is used. The method of accessing the data is limited to the range accessible with the Web browser, but because various corporate applications have recently come to be realized with a Web base, this often does not become that much of a problem from a practical standpoint. Thus, SSL-VPNs have been gaining attention particularly recently. Also, in contrast to a VPN which, when a client PC is connected in the VPN, can create a condition as if the client PC were connected directly to the corporate network, an SSL-VPN can be set so that only a predetermined Web server can be accessed even if connected. Thus, this is preferable from the standpoint of security.
It is common for a corporate network to be connected to an external network via a firewall in order for the corporate network to be protected from unauthorized access from the Internet or the like. With a firewall, the kinds of packets passed between the Internet and the corporate network can be set in detail. It is common for the firewall to be set so that common protocols such as HTTP and HTTPS are allowed to pass from the corporate network to the Internet and so that other protocols do not pass from the Internet to the corporate network.
However, because both VPNs and SSL-VPNs are networks for accessing the corporate network from the Internet, it is necessary to change the firewall settings to allow access to the corporate network from the Internet. There are also numerous cases where a company decides that changing the firewall settings is not permissible because doing so would pose a security threat.
In this regard, the SWANStor® access method of Japanese Patent Application Laid-Open Publication (JP-A) No. 2002-140239 has been devised. This invention is configured by two servers: an internal server within a corporate network, and the Internet or an external server disposed in the DMZ of a firewall. Connection requests are invariably sent from the internal server to the external server. Specifically, connection requests continue to be periodically sent from the internal server to the external server, to create a state where the servers are pseudo-continuously connected. Thus, the corporate network can be accessed from the Internet ordinarily without having to change the firewall settings.
Thus, when a client PC on the Internet connects to the external server and sends a request to connect to the corporate server, the external server transmits the request from the outside user to the internal server as a response to the connection request from the internal server.
Because the internal server is disposed on the corporate network, the internal server can normally access the corporate server. The internal server connects to the corporate server and sends the returned result to the external server. As a result, the external server sends internal data to the outside client PC, whereby the outside client PC can access the corporate server.
Moreover, a method has been proposed where data can be safely transmitted on a communication path between a client PC of a user and an external server, and between an external server and an internal server, using an encryption protocol called SSL (Secure Socket Layer), because the data is encrypted. Thus, an outside company employee can safely access the corporate server using a client PC, without the need for the firewall settings to be changed.
With this method, the problem arises that “absolute address information for identifying a specific server” is included in the data returned from the corporate server.
Namely, when address information identifying a specific corporate server, such as “http://intra.foo.var.co.jp/index.htm”, is included in the data returned from the internal server, and when the user selects that address information, the corporate server naturally cannot be directly accessed from the Internet. Thus, the problem arises that the error message “Server cannot be located” is displayed in the Web browser.
In this regard, processing to change the absolute address has already been proposed. Namely, when absolute address information is included in data to be transferred to the outside, the absolute address information is changed to address information passing through the external server. For example, assuming that the address of the external server is “https://outside.abc.net”, the address is changed to “https://outside.abc.net/intra.php?=“http://intra.foo.var.co. jp/index.htm”. When the address is changed in this manner, the external server receives that request, interprets the address designated by the argument to be the address to the corporate server, and sends a connection request to the corporate server.
However, even with this method, the following problems arise.
Namely, in the above method, the external server and the internal server, and the external server and the client PC, are connected using SSL, but the data sent from the internal server to the external server is temporarily decrypted by the external server, and is then again encrypted by the external server and sent to the client. Thus, unencrypted data is momentarily present on the external server.
When unencrypted data is present on the external server, for example, when the external server is operated on a service site that an independent service provider operates and that external server is shared by internal servers of several companies, confidential data of those companies that has not been encrypted remains on the service site, even if momentarily. From the standpoint of security, this leads to an undesirable situation because safety with respect to leakage of the data is entrusted to the management of the operating company.