1. Field of the Invention
The present invention relates to utilization of application software of a web base from a client machine side. More specifically, the present invention relates to avoiding risks caused by having user data containing confidential information transmitted to external networks.
2. Description of the Related Art
In corporate activities, each user installs software to a client machine on a local network to process various data. In that case, each user needs to deal with various troubles generated for installing required software and for using the software. Particularly, a great number of software is required in accordance with various kinds of files and versatility of data processing methods, so that troublesome works each user needs to deal with are increased as well.
Therefore, recently, a form such as SaaS (Software As A Service) has drawn an attention in accordance with actualization of broadband network lines and advancement in web services. “SaaS” is a form which utilizes software on a remote site as a service via a web interface.
FIG. 12 shows explanatory diagrams showing a case where a user uses an application of a web base provided by SaaS from a client machine side. FIG. 12A shows a flow of actual data transmission, and FIG. 12B shows a state where the user is actually in operation. In FIG. 12, actual transmissions and receptions of a data tile and operation content information are all done via a network (Internet).
As shown in FIG. 12A, the user access to an application server (referred to as AP server hereinafter) 930 which also functions as a web server that is not on a local machine from a client machine 900 by using a web browser 910 via an Internet 920 to start an application 911a such as a word processor or a spreadsheet. User data 901 used by the user on the application soft 911a is transmitted to the AP server 930 from the client machine 900.
When the user accesses to the AP server 930 by the web browser 910 and starts the application 911a as shown in FIG. 12A, the application 911a started on the AP server 930 and the user data 901 used for the application 911a are displayed on a display 902 of the client machine 900 by the web browser 910 as shown in FIG. 12B, and a virtual state for the user to operate the application 911a on the AP server 930 on the client machine 900 is created.
The application 911a operated on the AP server 930 executes processing for the user data 901 in accordance with the operation content of the user transmitted from the web browser 910 on the client machine 900. At the same time, the operation result is displayed on the display 902 of the client machine 900 as the display content of the web browser 910 on the client machine 900.
In this manner, the user can utilize the application 911a provided by the AP server 930 via the web browser 910 without newly installing software to the client machine 900. This makes it possible to release the user from the troublesome work and time required for installation of the software to the respective client machine and for the maintenance thereof.
As documents of related techniques, there are following patent documents. Japanese Unexamined Patent Publication 2006-244481 (Patent Document 1) discloses a technique which executes migration of a virtual machine on a cluster system from a first node to a second node. Japanese Unexamined Patent Publication 2008-177821 (Patent Document 2) discloses a technique which is a system utilizing a web application operated on a remote area web server via a web browser, in which a client machine converts specific information transmitted from a user before transmitting it to the web server. Japanese Unexamined Patent Publication 2003-501715 (Patent Document 3) discloses an example of a technique which encrypts information that is transmitted to a web server from a client machine.
As described by referring to FIG. 12, when the user data is processed by utilizing the application of the web base, it is necessary to transmit the user data to the AP server. However, this user data may contain confidential information regarding the corporate activity. Particularly, under a condition where there may be possible data leakage, the AP server to be used cannot be considered a reliable server.
Even if the AP server itself is considered fully reliable, there is a risk of being tapped on the network (Internet) to be used. When transmitting the information to the AP server, normally, encrypted communication using protocol such as SSL or TSL is used. However, due to the recent improvements in the speed and performance of computers, it is undeniable that there is a risk of having the communication decoded unlawfully especially when the extent of encryption is insufficient.
For dealing with such concerns regarding information leakage caused by using the application of the web base, it simply needs in the first place to avoid transmission of the user data containing confidential information to a remote site from a local site that handles the confidential information. As one of such methods, there is a method which downloads and uses an application for processing data via a network, as disclosed in Patent Document 1. With this technique, it is true that there is no need to transmit the user data containing the confidential information to an external network.
However, with the method which downloads the application via the network, it is necessary to download the application even in a case where the user process data that does not contain confidential information. Thus, there are following issues with this method, for example. That is, a computer resource on the local site side to which the application is to be downloaded is consumed wastefully, and it is necessary to prepare a proper environment for the user to execute the application.
Among the Patent Documents, the techniques disclosed in. Patent Documents 2 and 3 transmit the data containing the confidential information from the client machine to the web server after encrypting the data. However, those are not the techniques with which the user data containing the confidential information does not have to be transmitted to the outside the local site.