We Claim:
[Claim 1] A security monitoring device comprising:
a first identification information acquisition unit to acquire identification information on a terminal device connected to a first network switch to which a file server is connected, as first identification information, when the terminal device acquires a copy of an electronic file from the file server;
a second identification information acquisition unit to acquire identification information on a device, as second identification information, when the device is newly connected to a second network switch different from the first network switch; and
a restriction instruction unit to match the first identification information with
the second identification information and to instruct the second network switch to
restrict communication to and from the terminal device via the second network switch
in case where the first identification information coincides with the second
identification information.
[Claim 2] The security monitoring device according to claim 1, wherein
the restriction instruction unit instructs the second network switch to lift
restriction on the communication to and from the terminal device when notified by the
terminal device that the copy of the electronic file has been deleted from the terminal
device.
[Claim 3] The security monitoring device according to claim 1, wherein
the first identification information acquisition unit acquires the identification
information on the terminal device as the first identification information when the
terminal device acquires a confidential electronic file from the file server.
[Claim 4] A communication system comprising:
a terminal device including an electronic file acquisition unit to acquire a copy

of an electronic file from a file server connected to a first network switch, when connected to the first network switch; and
a security monitoring device including
a first identification information acquisition unit to acquire identification information on the terminal device as first identification information, when the terminal device acquires the copy of the electronic file from the file server,
a second identification information acquisition unit to acquire identification information on a device, as second identification information, when the device is newly connected to a second network switch different from the first network switch, and
a restriction instruction unit to match the first identification
information with the second identification information and to instruct the second
network switch to restrict communication to and from the terminal device via the
second network switch in case where the first identification information coincides with
the second identification information.
[Claim 5] The communication system according to claim 4, wherein
the terminal device further includes a checking unit to check whether the electronic file has been deleted from the terminal device or not and to notify the security monitoring device that the electronic file has been deleted from the terminal device in case where the electronic file has been deleted from the terminal device, and
the restriction instruction unit of the security monitoring device instructs the
second network switch to lift restriction on the communication to and from the terminal
device when notified by the terminal device that the copy of the electronic file has been
deleted from the terminal device.
[Claim 6] The communication system according to claim 5, wherein

the checking unit of the terminal device, upon acquisition by the electronic file acquisition unit of the copy of the electronic file in which a specific character string is included, checks whether the copy of the electronic file in which the specific character string is included has been deleted from the terminal device or not and notifies the second network switch that the copy of the electronic file in which the specific character string is included has been deleted from the terminal device in case where the copy of the electronic file in which the specific character string is included has been deleted from the terminal device, and
the checking unit of the terminal device, upon acquisition by the electronic file
acquisition unit of the copy of the electronic file having a specific file name, checks
whether the copy of the electronic file having the specific file name has been deleted
from the terminal device or not and notifies the security monitoring device that the copy
of the electronic file having the specific file name has been deleted from the terminal
device in case where the copy of the electronic file having the specific file name has
been deleted from the terminal device.
[Claim 7] The communication system according to claim 5, wherein
the checking unit of the terminal device, upon acquisition by the electronic file
acquisition unit of the copy of the electronic file in which a digital watermark is
included, checks whether the copy of the electronic file in which the digital watermark
is included has been deleted from the terminal device or not and notifies the security
monitoring device that the copy of the electronic file in which the digital watermark is
included has been deleted from the terminal device in case where the copy of the
electronic file in which the digital watermark is included has been deleted from the
terminal device.
[Claim 8] A security monitoring method comprising:

acquiring, by a computer, identification information on a terminal device connected to a first network switch to which a file server is connected, as first identification information, when the terminal device acquires a copy of an electronic file from the file server;
acquiring, by the computer, identification information on a device, as second identification information, when the device is newly connected to a second network switch different from the first network switch; and
matching, by the computer, the first identification information with the second
identification information and instructing the second network switch to restrict
communication to and from the terminal device via the second network switch in case
where the first identification information coincides with the second identification
information.
[Claim 9] A security monitoring program that causes a computer to execute:
a first identification information acquisition process of acquiring identification information on a terminal device connected to a first network switch to which a file server is connected, as first identification information, when the terminal device acquires a copy of an electronic file from the file server;
a second identification information acquisition process of acquiring identification information on a device, as second identification information, when the i device is newly connected to a second network switch different from the first network switch; and
a restriction instruction process of matching the first identification information with the second identification information and instructing the second network switch to restrict communication to and from the terminal device via the second network switch i in case where the first identification information coincides with the second