WO2006001153A1 - File managing program - Google Patents
File managing program Download PDFInfo
- Publication number
- WO2006001153A1 WO2006001153A1 PCT/JP2005/009908 JP2005009908W WO2006001153A1 WO 2006001153 A1 WO2006001153 A1 WO 2006001153A1 JP 2005009908 W JP2005009908 W JP 2005009908W WO 2006001153 A1 WO2006001153 A1 WO 2006001153A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file
- user
- user terminal
- package
- policy
- Prior art date
Links
- 238000004806 packaging method and process Methods 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims description 20
- 230000006870 function Effects 0.000 claims description 17
- 238000009472 formulation Methods 0.000 claims description 11
- 239000000203 mixture Substances 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000000034 method Methods 0.000 description 41
- 238000003860 storage Methods 0.000 description 38
- 238000010586 diagram Methods 0.000 description 21
- 230000008569 process Effects 0.000 description 19
- 238000007726 management method Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 9
- 238000009826 distribution Methods 0.000 description 8
- 230000008859 change Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 239000000284 extract Substances 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 125000002066 L-histidyl group Chemical group [H]N1C([H])=NC(C([H])([H])[C@](C(=O)[*])([H])N([H])[H])=C1[H] 0.000 description 2
- 230000004075 alteration Effects 0.000 description 2
- 230000003247 decreasing effect Effects 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000002716 delivery method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- 210000003462 vein Anatomy 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
Definitions
- the present invention relates to a file management program, and more particularly to a file management program for setting a use condition to package a file and using a packaged file within the range of the use condition.
- Patent Document 1 Conventionally, as a distribution system that sets usage conditions and distributes data or software to users, there has been a distribution system as shown in Patent Document 1.
- the distribution server encrypts data with usage agreement, software, and usage conditions by an encryption processing unit using an encryption key corresponding to the client terminal of the distribution destination, Send it after packaging in the package part.
- the client terminal uses the encryption key in the encryption processing unit to decrypt the usage conditions, and when the usage conditions are available, the client terminal decrypts and installs the data and software.
- Patent Document 1 Japanese Patent Application Laid-Open No. 2002-189526
- the present invention has been made in view of such conventional problems, and the object of the present invention is to provide a file that can be centrally managed without impairing the convenience of the user. To provide a management program.
- a file management program having a file package program that is stored and executed in a user terminal and performs central management of an original file created by an arbitrary user.
- a file designating unit that accepts file specifications, a policy planning unit that formulates a policy for using the original file, a common key generated for each original file, and a policy generated based on the policy
- a package unit that generates a package file by packaging the file and the original file encrypted with the common key, and only a user who satisfies the policy usage conditions can store the file in the policy file.
- the usage rights for the common key and the original file can be expanded on the temporary memory of the user terminal, and A file management program for generating the package file so that the original file decrypted with the common key can be expanded only on the temporary memory and the original file can be used within the range of the use authority.
- the file management program further includes a search unit for searching for information related to a package history of the package file and information related to a user access history to the package file.
- the number of users who package the original file depends on the number of users who are given usage rights. Regardless, it is possible to share the original file among multiple users simply by creating a single package file and storing it in a storage medium that can be accessed by the user terminal that has been given the right to use it. Become.
- a package file is generated in the package part, and a notification of sending the package file or sending the package file by e-mail attachment is sent to the user terminal of the user who is authorized to use the original file.
- This is a file management program with a part.
- the user's user terminal which has been given the authority to use the original file, cannot inadvertently know the existence of the package file in which the original file is packaged. As a result, a user who has been granted the right to use the original file can immediately use the original file.
- the file management program comprises a file specification unit that accepts specification of a package file in which a source file to be used is packaged among package files, and a policy file in the package file. If the usage of the original file is within the range of the usage conditions, it is a common key generated for each original file and used for the encryption key.
- the decryption key of the original file and the right to use the original file are -The contents of the package file are encrypted by the decryption key decryption unit that develops the decryption key and the usage authority on the temporary memory of the user terminal, and the acquired common key.
- the use authority of the original file and the decryption key of the original file are included in the knock file so that they can be decrypted only when the use conditions are satisfied. Therefore, only when the user satisfies the usage conditions of the policy included in the knock file, the user is authorized to use the original file, and the user cannot use the original file. Will be provided.
- the file management program 1 makes it possible to use the original file by a user who has been given usage rights while maintaining a high security level.
- a user can share the same original file with other users as a result without accessing a user terminal other than the user terminal.
- the same original file can be shared with other users because the original file is encrypted with the common key generated for each original file, and the number of users depends on the number of users. This is also due to the fact that one package file is generated.
- the invention of claim 5 provides:
- the file usage control unit controls the corresponding software of the original file, and performs the API hooking that performs the function call instruction based on the acquired usage authority to the OS or middleware of the user terminal. This is a file management program.
- the file management program When the original file is repackaged, the file management program includes a notification unit that notifies the user terminal or server of the user who created the original file that the repackage has been performed.
- the user or server that created the original file can immediately confirm that the original file has been updated.
- the file management program includes a database generation unit that generates the user terminal in a state incapable of being performed.
- the usage status database is generated in the user terminal, thereby preventing and detecting the unauthorized use of the original file in the user terminal other than the user terminal. I can do it.
- the file usage program is a file management program that requests the server to check usage conditions in the policy file.
- the policy file is encrypted with a key replaced by a replacement table generated for each server.
- the replacement table stores the file management program in the user terminal and the user terminal. Is a file management program stored in
- the usage conditions are described in association with a plurality of policy objects.
- another policy object is opened. Keys can be obtained, and finally all policy object keys are opened, and only when all usage conditions are satisfied, the decryption key and usage rights can be extracted.
- This file management program has a data structure.
- It has an authentication interface that authenticates whether or not it is a registered user of the file management program, or whether or not it is a use-permitted user of the original file included in the use conditions, and the authentication interface is determined by a request from the user
- It is a file management program that sends data to a server and requests verification with data already stored in the server.
- the authentication interface includes template data stored in the sano or the user terminal if the authentication device includes encryption logic.
- the template data corresponding to the login ID is obtained
- the second password is obtained by verifying and decrypting the signature with the user's PKI certificate
- the data already stored in the server is a file management program that requests verification.
- the server or the user terminal can perform the user authentication regardless of the authentication device power of any kind and the user authentication result.
- the number and combination of user authentication can be changed arbitrarily.
- the user who packages the original file generates a single package file regardless of the number of users who are given usage rights, and the user terminal of the user who has given usage rights can access the memory.
- the original file can be shared among multiple users simply by storing it on the medium.
- the use authority of the original file and the decryption key of the original file are included in the package file so that they can be decrypted only when the use conditions are satisfied, the user includes them in the package file. Only when the usage conditions of the specified policy are satisfied, the usage rights of the original file are granted, and the usage rights are granted, so that the user cannot use the original file.
- the file management program can perform centralized management and use of a file that maintains a high security level and does not impair the convenience of the user when generating a package file. become able to do.
- the usage authority is limited to authority other than editing and saving, users other than the user who created the original file cannot change the original file.
- the same original file is shared among users. This can be done by the user of the user who has been given the right to use the package file by e-mail attachment. Even when stored in the terminal, the same effect is obtained.
- a user can share the same original file with other users as a result without accessing a user terminal other than the user terminal.
- the same original file can be shared with other users because the original file is encrypted with the common key generated for each original file, and the number of users depends on the number of users. This is also due to the fact that one package file is generated.
- the file management program 1 is capable of viewing, printing, editing, and saving a file, such as a document, an image (a moving image or a still image) is included in a document file (hereinafter simply referred to as a file). It is used to prevent unauthorized use by leaking information to persons who do not have the right to use the file, etc., and to improve file safety by setting file usage conditions (policy). It is a program.
- the file management program 1 is a program stored and executed in the user terminal 4.
- An arbitrary user creates a package file from a file created by an arbitrary user in the user terminal 4,
- File package program 2 for centralized management of files, and
- a file usage program for users other than the file creation user to restore the original file from the package file holder and use the file on the user terminal 4 It is roughly divided into three.
- “use of file” refers to actions such as viewing, printing, editing, and saving a file.
- these user terminals 4 are connected to each other via a network 6 such as a LAN 6a inside the company, and outside the company via a network 6 such as the Internet 6b. Connected.
- the internal user terminal 4a is used when accessing outside the company, requesting various authentications, registering various types of information, downloading the file management program 1 of the present invention, and using the file management program 1. Support via network 6 Connected to server 5.
- the external user terminal 4b is also connected to the server 5 via the network 6 at the same time as described above.
- the user terminal 4 stores the configuration required for storing and executing these programs (external storage devices such as CPU, temporary memory 43, hard disk 44, communication device, input / output device, etc.). What is necessary is just a normal computer.
- the user and the user terminal 4 perform user registration with the server 5 in order to use the file management program 1 of the present invention, and register information about the user and the user terminal 4 in the server 5.
- the user and the user terminal 4 are associated one-to-one, and one user ID is assigned to a set of one user and one user terminal 4.
- the 2 user IDs shall be assigned.
- One user ID may be given to one user regardless of the user terminal 4, or one user ID may be given to one user terminal 4 regardless of the user.
- the server 5 has a configuration similar to that of the user terminal 4, and may be a normal server computer provided with server software.
- the server 5 includes a user database 55 storing information such as user information and hardware information of the user terminal 4, an authentication database 57 storing authentication information necessary for user authentication, It is equipped with various databases such as the history database 56 that stores history information such as user history and package file creation history.
- the file package program 2 is stored in the user terminal 4 and used in the user terminal 4, regardless of the storage method of the power program.
- the server 5 power is downloaded to the user terminal 4 together with the installer.
- a storage medium such as a CD-ROM may be copied to the user terminal 4.
- the finale package program 2 mainly includes functional block capabilities of a file designation unit 21, a policy formulation unit 22, a knock unit 23, and a search request unit 24.
- the file designation unit 21 is a means for receiving designation of a file that is to be managed among files stored in a storage medium that can be accessed by the user terminal 4.
- the file specification unit 21 displays on the screen of the user terminal 4 identification information (title, creation date, creation user, file type (extension) that the user terminal 4 can manage at that time. Etc.), the file data size, etc.) is displayed, and the input device such as a keyboard or a mouse selects one of the information to accept the file specification.
- the policy formulation unit 22 is a means for formulating a policy for using the finale received by the file designating unit 21 (hereinafter referred to as the original file).
- the prepared policy is transmitted to the server 5 together with the identification information of the original file. These are not necessarily transmitted to the server 5.
- the policy is, for example, authentication of whether or not a user is permitted to use the original file, Z authentication, password and other authentication, number of times the file can be used, expiration date of the original file, number of files that can be accessed simultaneously, access
- usage conditions such as possible time, and usage rights granted when these usage conditions are satisfied (for example, usage modes such as viewing, printing, editing, and saving of the original file).
- the server 5 includes a key generation unit 51 and a policy file generation unit 52 as functional blocks.
- the key generation unit 51 is means for generating an encryption key (decryption key) for encrypting (decrypting) the original file.
- file encryption and decryption are performed by a common key encryption method.
- the encryption key and decryption key are common, and only one type is generated for each original file. Therefore, in the following description, the encryption key is also referred to as a decryption key.
- the decryption key generated by the key generation unit 51 is a random number generated every time a policy is formulated by the policy formulation unit 22 (and for each original file). If the key is generated differently for each policy, it is not necessarily a random number.
- the common key encryption method is used for file encryption and decryption, because the processing time required for file encryption and decryption at user terminal 4 is as follows. This is because the burden on the user terminal 4 is short compared to the encryption and decryption processing time when the public key cryptosystem is used.
- the common key encryption method for example, when the encryption key generated by the server 5 is used for file encryption, or the encrypted file is used as an encryption key only for a specific user.
- the key delivery method often becomes a problem. As long as the encryption key and decryption key are the same, once the key is known to a third party, anyone can decrypt the encrypted file, meaning the file has been encrypted. Because there will be no more.
- the policy file generation unit 52 is a means for generating a policy file based on the policy formulated by the policy formulation unit 22 and the decryption key generated by the key generation unit 51.
- the policy file is, for example, XML format data that describes the decryption key and the policy.
- the usage conditions in the policy are described in association with a plurality of policy objects. When the usage conditions corresponding to a policy object are satisfied, a key for opening another policy object can be obtained, and finally all policy objects are opened, that is, all policies are opened. This is a chained data structure in which the decryption key and usage authority can be extracted only when the usage conditions are satisfied.
- the generated policy file is stored in the user database 55 for storing user information with the identification ID of the policy file assigned to each user, and is also transmitted to the user terminal 4.
- the decryption key generated by the key generation unit 51 may also be stored in the user database 55 and transmitted to the user terminal 4.
- an identification ID is assigned to each policy object, and a key for opening the policy object is generated by the key generation unit 51, and this information is also stored in the user database 55.
- the policy file generation unit 52 may be included as a functional block of the file package program 2 stored in the user terminal 4. In this case, the user terminal 4 does not transmit the policy to the server 5, generates the policy file itself, and stores the policy file identification ID in the user terminal 4.
- the knocking unit 23 encrypts the original file with the decryption key generated by the key generation unit 51, and the encrypted original file,
- the policy file and basic file information generated by the policy file generator 52 are packaged together and added with a header to generate a new file (called a package file).
- Figure 3 shows a conceptual diagram when the package unit 23 generates a package file.
- the encrypted original file cannot be taken out or used alone. It can be used only by linking with the policy file.
- the usage authority can be acquired and the encrypted file can be decrypted. Even if it is sent to 4 or known, it will be encrypted if there is no package final and the conditions of use of all policies are not satisfied. Since the original file cannot be decrypted, the security of the encrypted file is ensured.
- the decryption key is included in the policy file and packaged with the encrypted original file, the user is also aware of the key delivery, which is a problem of the common key cryptosystem. Without being done safely.
- the file basic information includes the original file identification information in addition to information such as the title, creation date, creation user, original file type (extension, etc.), and original file data size.
- the use permission of Z is included. It may also include the title that is the identification information of the knock file, creation (package date and time), creation user (packaged person), package file type, package file data size, and the like.
- the encryption of the file basic information is arbitrary, and basically the contents of the file basic information can be known even by a user who does not have the authority to use the original file.
- the search request unit 24 requests the search unit 53 in the server 5 to search the history information of the file package stored in the history database 56 and the information related to the access history of the package file. It is.
- the history database 56 may store the same data as that stored in the user database 55, or the history information stored in the user database 55 may be searched! ,.
- the search request unit 24 Alternatively, it may be a means of accessing the history information stored in a database (for example, a usage status database 33a described later) in the user terminal 4 of the file creation user.
- the search request unit 24 specifies, for example, a search condition, and transmits the search condition to the server 5.
- the search unit 53 of the server 5 extracts the history information that matches the search condition from the history database 56 and transmits it to the user terminal 4.
- the user terminal 4 can further change the policy in the policy formulation unit 22 and change the file in the file specification unit 21. If any change is made, the knocking unit 23 repackages the file. This procedure is the same as the procedure for a new file package, as described above.
- history database 56 also stores a user access history to the package file. Therefore, the user who has packaged the file can confirm from the search request section 24 who has accessed which package file from when.
- the user who packages the original file can generate one package file and access it by the user terminal 4 of the user who has been given the use right regardless of the number of users to whom the use right is given.
- the original file can be shared among multiple users simply by storing it in the storage medium.
- the file management program 1 can perform centralized management of files while maintaining a high security level and without impairing the convenience of the user when generating a package file. It becomes like this.
- the file usage program 3 is stored in the user terminal 4 and is stored in the user terminal 4 in the same manner as the file package program 2.
- the file usage program 3 can be stored in the user terminal 4 together with the installer. It may be downloaded to the user terminal 4 or a storage medium such as a CD-ROM may be copied to the user terminal 4.
- the file use program 3 may be programmed together with the file package program 2, and in this case, the file use program 3 is stored in the user terminal 4 as the file management program 1.
- the file usage program 3 is mainly composed of a file designation unit 31, an authentication request unit 32, a database generation unit 33, a decryption key decryption unit 34, a decryption unit 35, a file usage control unit 36, and a re-noclusion unit 37. Consists of functional block force.
- the file designating unit 31 is a means for accepting designation of a package file that is used by the original file among package files stored in a storage medium that can be accessed by the user terminal 4. It is. For example, the file designating unit 31 displays on the screen of the user terminal 4 the basic file information of the package file (package file or original file title, creation date, creation user, file type (extension, etc.), The use of the original file is allowed (Z non-permitted users, etc.), and the input device such as a keyboard or mouse can be used to select either of the information, and the specification of the knock file can be accepted.
- the basic file information of the package file (package file or original file title, creation date, creation user, file type (extension, etc.), The use of the original file is allowed (Z non-permitted users, etc.), and the input device such as a keyboard or mouse can be used to select either of the information, and the specification of the knock file can be accepted.
- the file package program 2 generates a package file in the package unit 23 and notifies the user terminal 4 of the user who has been given the authority to use the original file to notify the generation of the package file or In addition, it has a notification unit (not shown) for sending a knock file by mail attachment.
- the usage rights of the original file can be granted only by preventing the user's user terminal 4 from inadvertently knowing the existence of the package file in which the original file is packaged.
- the authorized file can be used immediately by the authorized user.
- the authentication request unit 32 is means for requesting the server 5 to authenticate a user who intends to use the file use program 3. If one user ID is assigned to one user and one user terminal 4, the user terminal 4 is naturally not authenticated unless the user requests an authentication from the user terminal 4 to the server 5.
- the authentication request unit 32 does not necessarily require the server 5 to authenticate, and may be means for authenticating the user by the user terminal 4 itself. This will be described later in Examples.
- the database generation unit 33 may update the usage status (for example, the number of times used) of the original file by the user terminal 4. This is a means for generating the usable usage state database 33a in the user terminal 4 in such a state that it cannot be read and updated by the user terminal 4 other than the user terminal 4 of the user.
- usage conditions of the policy formulated by the policy formulation unit 22 usage conditions that do not require the usage status of the original file to be updated each time the original file is used (for example, the usage permission of the original file is Z). If the policy is generated only by the authentication of whether it is an authorized user, password and other authentication, the expiration date of the original file, the number of simultaneous access to the same knock file, the access time, etc.
- the generation unit 33 is not necessarily required to generate the usage status database 33a.
- the database corresponding to the usage status database 33a is not necessarily the user terminal. It may be generated in the server 5 that does not need to be generated in 4. In this case, the database generation unit 33 is not required in the file package program 2.
- the decryption key decryption unit 34 compares the policy usage conditions in all the policy objects constituting the policy file in the knock file, and decrypts the decryption key of the encrypted original file. And the user's usage authority, and the decryption key and usage authority are retrieved from the temporary memory 43 of the user terminal 4, and the verification / update means 34a for verifying the usage conditions and updating the usage status is provided. Have it.
- the verification / update means 34a checks the usage conditions and the usage status stored in the usage status database 33a for a policy that requires the usage conditions and the usage status of the original file to be verified. If the usage status does not violate the usage conditions (for example, the usage status is 3 times against the usage condition of 10 usages), update the usage status in the usage status database 33a to create another policy object. Take out the key to open or the decryption key of the encrypted original file.
- either the server 5 or the user terminal 4 needs a program (for example, counting means, timing means, etc.) for updating the contents of the usage status data base 33a. Also, the location where the usage database 33a is generated and how to update the usage status can be stored in the policy file! /.
- a program for example, counting means, timing means, etc.
- the collation / update means 34a does not need to update the usage status of the original file!
- the server 5 may be requested to collate the usage conditions with the usage status (current status). It can also be performed in the user terminal 4.
- the collation / update means 34a accesses the server 5 to check the usage conditions and the usage status.
- the server 5 receives the verification result and the key of the policy object to be opened next from the server 5.
- the server 5 can encrypt the verification result and key to the user terminal 4 with the user's public key generated in advance and transmit it to the user terminal 4.
- the decryption key unit 35 uses the decryption key decrypted by the decryption key decryption unit 34 and taken out to the temporary memory 43 of the user terminal 4, and then decrypts the original file encrypted in the package file. Means for decryption. Further, the decryption unit 35 may be a means for decrypting other encrypted data in conjunction with the decryption key decryption unit 34 that only decrypts the encrypted original file. Good.
- the file usage control unit 36 is means for controlling the usage of the original file decrypted based on the usage authority decrypted by the decryption key decrypting unit 34. Further, the file usage control unit 36 may also serve as means for starting the corresponding software 42 for opening the original file based on the file identification information of the original file.
- the corresponding software 42 may be prepared in the file usage program 3. For example, viewer-specific software that can browse all types of original files may be made available on the user terminal 4.
- the file usage control unit 36 may be a means for performing API (Application Program Interface) hooking. Specifically, the file usage control unit is provided when all or part of the functional capabilities of the viewer, etc. in the original file compatible software 42, is realized by calling the functions provided by the OS or middleware. 36 controls the corresponding software 42 and issues a function call instruction based on the acquired use authority from the corresponding software 42 to the OS or middleware. This makes it possible to control usage rights while using existing compatible software 42 without creating dedicated software that can be used for browsing, printing, editing, saving, etc. corresponding to all original files. It becomes.
- API Application Program Interface
- the decryption unit 35 and the file usage control unit 36 only use the decryption key and the usage authority extracted to the temporary memory 43 through the normal decryption process in the decryption key decryption unit 34. It is possible to decrypt and use the original file. For example, when a decryption key or usage right that is used alone is about to be decrypted or used, the decryption unit 35 and the file usage control unit 36 Can be stopped on the spot. Thereby, unauthorized use of the original file can be prevented.
- the repackaging unit 37 will edit the original file after editing. A means of packaging the file again with the policy file.
- the repackage unit 37 exchanges the original package file (or overwrites or updates the original package file). As a result, the original package file is deleted, and the package file is updated.
- the basic difference between the original package file and the repackaged package file is only the difference in the data capacity of the original file, and related data such as file basic information is accompanied by the repackage.
- the power that may be updated The file name and the decryption key of the original file do not change.
- the hash value also needs to be updated.
- the repackaging unit 37 should only function if the editing of the original file is permitted among the usage rights. In the first place, the editing of the original file is included in the usage rights. If not, the repackaging section 37 is not necessary. Furthermore, in this embodiment, the policy file cannot be edited by a user who is permitted to edit the original file. This is to prevent unauthorized use of the original file by editing the policy file.
- the file utilization program 3 having the repackage unit 37 is repackaged in the user terminal 4 or the server 5 of the original file creation user. You may have a notification part (not shown) which notifies that. This allows the user and server that created the original file to immediately confirm that the original file has been updated.
- the usage authority of the original file and the decryption key of the original file can be decrypted only when the usage conditions are satisfied. Because the package is included in the package file, the user Only when the usage conditions of the policy included in the file are satisfied, the usage rights of the original file are granted, and the usage rights are granted, so that the user cannot use the original file. Become. In other words, the file management program 1 makes it possible to use the original file by a user who has been given usage rights while maintaining a high V security level.
- the user can share the same original file with other users as a result without accessing a user terminal other than the user terminal.
- the same original file can be shared with other users because the original file is encrypted with the common key generated for each original file, and the number of users depends on the number of users. This is also due to the fact that one package file is generated.
- Reading and updating the information in the usage status database 33a is performed only in the process of decrypting the decryption key and the use authority by the decryption key decryption means, and by the user and the Service-to-Self in other processes. It will not be updated or tampered with.
- the usage status database 33a generated in the user terminal 4 is a one-way function such as a hash value of the identification information (MAC address, BIOS serial number, hard disk 44 serial number, etc.) of the user terminal 4. May be encrypted.
- detection of unauthorized update, alteration, unauthorized use, etc. of the usage status in the usage status database 33a can be performed by using a known hash (one-way) function technique or the like.
- the usage status is always encrypted with the hash value of the usage status at the time of the last update or reading, and encrypted with the correct hash value at the next update or reading. Check the consistency of force.
- the usage status should be updated from 2 times to 3 times by setting a mechanism that can be increased or decreased only by a predetermined number, for example, by decreasing it by one. It is also possible to make it impossible to tamper with zero.
- the decryption key decryption will be stopped or the registry etc. Then, it is backed up, corrected, read the usage status, and the altered usage status database 33a is restored to the original state.
- a program that can generate the usage database 33a only when a new user tries to open a package file for the first time Before downloading, the server 5 recognizes the identification information (MAC address, BIOS serial number, hard disk 44 serial number, etc.) of the user terminal 4 in advance and downloads the usage status data based on the hash value of the identification information.
- the terminal 33a is encrypted, and a program that prevents the encrypted usage status database 33a from being decrypted is installed in a terminal having other identification information.
- the identification information of the user terminal 4 is set as one condition.
- the identification information of the user terminal 4 that is actually used as the usage status is checked, and the user terminal 4 of the user who is originally given the usage rights as the usage conditions is checked. If it does not match the identification information, the use of the original file may be stopped.
- the usage conditions naturally vary from user to user, so if you want to share a policy file, the usage conditions and keys of the policy objects related to the usage conditions are stored in the server 5. It may be stored.
- the decryption key decryption can be performed even if the usage status database 33a is substantially empty. If the part 34 confirms the existence of the usage status database 33a, the user and the user terminal 4 are automatically authenticated, and the user and the user terminal 4 who do not have the authority to use the original file. More effective in preventing unauthorized use.
- the knock file is used under the root directory, the key acquisition path directory indicating the acquisition path and acquisition order of the decryption key and the usage right, and the usage conditions indicating the usage conditions for each policy object. It consists of four directories: a condition directory, a file directory that stores encrypted original files, and basic file information.
- the key acquisition path directory and the usage condition directory correspond to the policy file, and the policy file, the encrypted original file, and the basic file information are packaged by the knocking unit 23.
- a plurality of policy objects are arranged in order under the key acquisition path directory, and the usage authority and the decryption key that can be finally acquired are also included.
- Each policy object includes a key for starting the collation / update means 34a and opening the next policy object.
- the policy object and the usage conditions in the portion surrounded by the dotted frame are not actually included in the policy file, but are stored in the server 5. In this way, a part or all of the policy file can be obtained from the server 5. Policy Placing some or all of the files in the server 5 can further prevent fraudulent actions such as policy file tampering.
- the usage condition directory includes initial values of usage conditions according to the type of policy object generated, and the database generation unit 33 uses the original file for the first time by the user terminal 4. Sometimes, the initial value of this usage condition is copied or moved to the usage status database 33a. It should be noted that even if the usage database 33a is generated and the usage status is updated, it may be stored in the usage conditions directory.
- the policy object that requires the initial value of the use condition is, for example, the use status of the original file is updated each time the file is used, and the next file is used. In use, this is a type of comparison with the updated usage status.
- a policy object that does not require an initial value is a type that compares a usage condition and a usage situation that does not require updating, such as the usage period of an original file.
- the initial value of the usage condition relating to the number of times of use is, for example, 10 times if it is 10.
- the numerical value stored in the power usage database 33a is "0 times" or "10 Times ".
- the usage status database 33a is updated to reduce the number of times by 1 each time the original file is used, and becomes “0 times”. Since the original file can no longer be used at that time, the collating work in the collating / updating means 34a becomes substantially unnecessary.
- the collation / update means 34a performs an update operation in the usage status database 33a to increase the number of usages, and checks the usage conditions. Work (judgment of power or less 10 times) is necessary.
- the verification / updating means 34a in the decryption key decryption unit 34 determines the location of the usage status database 33a corresponding to the key under the usage condition directory as shown in FIG. Search for power and update the usage database 33a to obtain the next key. In some cases, the corresponding usage conditions are searched from the usage conditions directory, and the usage conditions and usage status are collated. And in the policy file shown in Figure 5 It plays the role of linking the keys stored in each branched directory, usage conditions, and usage status storage locations.
- the usage authority and the decryption key are not acquired unless they are in a normal order. Also, if the data in one directory does not correspond to the data in the other directory, the decryption key cannot be decrypted, so only a part of the directory is copied or the storage location or path name of one of the directories changes. If this is the case, cooperation with the decryption key decryption means will not be performed, and unauthorized use will be difficult.
- FIG. 8 An example of a process in which a user A uses a file management program 1 to package a file, and then another user B uses the file included in the knock file. This will be described in detail with reference to the flowcharts of FIGS. 8 to 15 and the configuration diagrams of FIGS. 1, 2, 4, and 6.
- FIG. 8 An example of a process in which a user A uses a file management program 1 to package a file, and then another user B uses the file included in the knock file.
- both users A and B who use the file management program 1 must complete user registration after agreeing to the terms of use of the file management program 1.
- the user terminal 4 accesses the user registration home page stored in the computer such as the server 5 via the network 6, the user registration home page u
- the server 5 transmits the user registration home page data in the URL received from the user terminal 4 to the user terminal 4 (S115). [0141] The server 5 displays on the user terminal 4 a user registration screen in the user registration home page. The user inputs registration information such as user identification information and user terminal 4 identification information on the user registration screen, and transmits the registration information to the server 5 (S120). Note that the identification information and the like of the user terminal 4 may be automatically extracted and transmitted to the server 5 without the user inputting it.
- the server 5 checks the registration information also received by the user terminal 4 (S125), and if there is a deficiency such as omission of input (S130), an error message is transmitted to the user terminal 4 (S135).
- the user's e-mail address included in the registration information has already been registered in the user database 55 of the server 5 (S140), and some of the registration information is different from the registered information. In this case, it is determined that the registration information has been updated, and the registration information in the user database 55 of the server 5 is updated (S 145).
- the server 5 If there is no fear of incomplete registration or double registration in the registration information, the server 5 generates a user public key / private key pair and stores it in the user database 55 of the server 5 (S150).
- the public / private key pair generated here is used later when the user terminal 4 and the server 5 transmit / receive any data or when the user terminal 4 itself authenticates the user. Force key generation is not mandatory.
- the server 5 generates a unique ID (user UID) for each user and a unique ID (user terminal UID) for each user terminal 4, and stores the registration information together with these IDs. (S155), and transmits the registration information stored, the generated public key and private key, the user UID and the user terminal UID together with the registration completion message to the user terminal 4 (S160). If the public key and private key are not generated, it is not necessary to send the key.
- the user terminal 4 stores the registration information in a predetermined location in the user terminal 4 specified by the server 5 (for example, a predetermined location in the registry) (S165). In addition, with this predetermined place The usage status database 33a generated in advance may be used.
- user A not only registers as server 5 as described above, but also installs file package program 2 as shown in FIG. 2 on user terminal A of user A. It shall be.
- the user terminal A activates the installed file package program 2 by double-clicking an icon on the screen (S210).
- a login screen for the file package program 2 appears on the screen of the user terminal A, so that the user terminal A authenticates whether or not it is a registered user (or the server 5). Therefore, it accepts input devices such as a keyboard for input of login ID and password (S215).
- the login ID is the user's email address registered at the time of user registration
- the password is specified by the user at the time of user registration
- the login ID corresponds to the authentication database 57 on the server 5. This is a character string that is stored.
- the second password is an authentication result obtained by the authentication device that can be arbitrarily specified by the user.
- the authentication device may be of any kind as long as it is connected to user terminal A.
- Authentication devices can be roughly classified into password-based authentication, property authentication (IC card, IC card using PKI certificate, USB key, USB token, etc.), biometric authentication (fingerprint, voiceprint, voiceprint, handwriting, (Face, vein, etc.)
- the server 5 or the user terminal A can perform user authentication regardless of the type of authentication device user, and the number of user authentications
- the server 5 or user terminal A has an authentication interface so that the combination can be changed arbitrarily.
- the authentication interface is in user terminal A because the user does not access the server 5 and This is a case where authentication within the terminal A is requested.
- the authentication interface uses the above authentication method as follows: (1) Those that contain cryptographic logic (some IC cards, USB keys, biometrics and other PKI), (2) Authentication result YESZNO binary (3) Those that output some character strings (some devices with device IDs such as USB key, MAC address, BIOS serial number, etc.) t As you can see, it is classified by the type of output data (second password) of the authentication device, and the login ID, password, second password, and authentication type of the second password are associated with each other, and the server 5 or user terminal Save to A.
- the second password is assigned to the user based on the PKI certificate.
- Data template data encrypted with the public key (hereinafter referred to as PKI public key) and signed with the user's private key (hereinafter referred to as PKI private key) is stored in server 5 or user terminal A.
- the authentication interface determines the authentication device determined by the request from the user, or the user's second password output from the authentication device determined in advance on the authentication interface side, and the type of the authentication device.
- the user terminal A force is received together with the password, and is compared with the data already stored.
- the authentication interface receives the template data corresponding to the mouth guin ID out of the template data already stored in the server 5 or the user terminal A, Using the user's PKI certificate, signature verification and decryption are performed to obtain the second password, which is verified against the data already stored.
- password verification may be omitted even if only the login ID and the second password are verified.
- the user can request user authentication by arbitrarily performing the number and combination of authentication types, In addition, since user authentication can be performed with a predetermined number of authentication types and combinations, an authentication device is added to the server 5 or the user terminal 4. It is possible to respond flexibly to the case. In addition, since the authentication is not performed using only one type of password, the accuracy of authentication is improved, and it is not necessary to maintain the confidentiality of the password completely, and the password itself can be stored in the user terminal 4.
- the authentication interface obtains an arbitrary authentication device power second password as described above (S220).
- user A selects either user authentication (local login) at user terminal A or user authentication (server login) at server 5 (S225).
- a pair of public key and private key of user A is generated in the user registration flow of Fig. 8, and the login ID, password, and second pass password are also generated.
- the generated private key Stored in user terminal A, and the generated private key must be stored in user terminal A with the second password encrypted. .
- the authentication interface displays the user information (login ID, password, second password, authentication type, public key and secret) required for user authentication on user terminal A. It is checked whether the key pair and the private key encrypted with the second password are registered (S230). If any one of the user information is not registered, the process proceeds to the server login flow in FIG. If local login is not selected, proceed to B in Figure 9.
- user information login ID, password, second password, authentication type, public key and secret
- the authentication interface compares the acquired user information with the user information stored in the user terminal A, and further, the user information is encrypted with the second password.
- the decrypted secret key is decrypted with the second pass key acquired by the authentication interface, and the decrypted secret key is compared with the secret key already stored in the user terminal A (S235).
- the secret key verification method in the present embodiment will be described in detail below.
- the usage status database 33a is generated on the user terminal A, and the usage status database is User information including the public key and private key of user A is stored in 33a.
- the usage status database 33a is encrypted.
- the replacement table is a kind of cryptanalysis table generated with random numbers and the like, and is a table showing the correspondence before and after replacement.
- the policy file is also encrypted using this substitution table. This makes it difficult to decipher or illegally use the policy file, which cannot be directly seen by the user or the Service-to-Self.
- the replacement table is stored in the server information storage file.
- the server information storage file is a file generated for each server 5, that is, a file for identifying the server 5. Accordingly, when the URL of the server 5 accessed by the user terminal A is changed, the server information storage file itself is also changed.
- the server information storage file includes a replacement table, a range of user IDs that the server 5 corresponding to the server information storage file allows to use the file management program 1, the URL of the program on the server 5 side, A key for communication between the terminal A and the server 5 (for example, the public key of the server 5) is included.
- the user ID range here may be the start value and mask value (range) of the user ID! /.
- the URL of the program on the server 5 side and the key for communication between the user terminal A and the server 5 initialize the program on the server 5 side when the user terminal A accesses the server 5, This is to reduce the burden on the server 5 and to decrypt the encrypted communication from the user terminal A.
- the server information storage file is stored together, and the server information storage file is stored together. If the file management program 1 is not stored, the file management program 1 cannot be stored. This prevents unauthorized use of the knock file alone.
- the authentication interface decrypts the encrypted secret key with the second password that has also acquired the authentication device power to obtain the secret key (S235), and further stores the secret key in the server information storage file.
- the encrypted usage database 33a is decrypted by replacing with the replacement table in the table.
- the user information stored in the decrypted usage database 33a and the authentication If there is no problem comparing the user information acquired by the interface, user A has succeeded in authentication (login) (S240, S245).
- the authentication interface checks whether the user terminal UID is registered in user terminal A (S310). In this embodiment, whether or not the user terminal UID is registered depends on whether or not the usage status database 33a is generated in the user terminal A and the user terminal UID is stored in the usage status database 33a. Can be confirmed. In addition, identification information such as the MAC address of user terminal A is also detected by the user terminal A itself, and it is also confirmed by a method such as whether the usage status database 33a encrypted with the identification information can be decrypted. I can do it.
- the authentication interface transmits the identification information of the user terminal A to the server 5 (S315).
- the server 5 generates and registers the user terminal UID based on the identification information of the user terminal A (S320).
- the authentication interface sends the login ID, password, second password, and second password authentication type of user A to server 5 (S325). .
- the server 5 collates the transmitted information with the information stored in the authentication database 57 in the authentication unit 54 shown in FIG. 2 (S330).
- the user information stored in is transmitted to the user terminal A (S335).
- the server 5 can transmit the mail address list of other registered users and the public key list together with the user information of the user terminal A.
- User A can activate the function block in the file package program 2 by clicking any button on the file package screen.
- the file designating unit 21 receives from the user A designation of a file to be managed (S410). In FIG. 17, this corresponds to the reference button for specifying the encryption target file, and in FIG.
- the policy formulation unit 22 receives from the user A policy formulation when another user uses the file specified by the file specification unit 21 (hereinafter referred to as the original file) (S420).
- the original file (hereinafter referred to as the original file)
- Fig. 17 it corresponds to the input on the security policy setting screen
- Fig. 18 it corresponds to the reception of the input force policy development on the policy setting screen.
- the user Z group for example, User B or development group A to whom the use authority of the original file is given, the expiration date of the original file, the number of times of use of the original file, and the original file are displayed.
- Develop policies such as the password to use and the authority to use the original file (usage mode).
- the policy consists of selecting an authorized user Z group, selecting an operation to be permitted (printing, editing, saving, viewing), and selecting viewing conditions (period, number of times, file password).
- operation view, print, save, edit
- period and number of times period, period, number of times
- server check right on server 5 each time it is used
- Power to check check rights with Sano 5 at a certain frequency Or limit the number of clients (terminals) that can be used) and password settings.
- the user who is given the authority to use the original file is limited to the registered user, and the user terminal A preliminarily receives the registered user's mail address list received from the server 5 based on the registered user's mail address list.
- Select a user For example, the users may be selected in a batch for each group.
- FIG. 22 shows an example of the screen for selecting the authorized user Z group in the screen of FIG. As shown in Fig. 22, from the address book displayed on the left side of the screen, the authorized user Z group is specified by clicking, etc., so that it is displayed in the allowed user Z group column on the right side.
- the policy formulation unit 22 generates an XML sentence based on the policy formulated by the user A on the user terminal A (S425).
- the XML sentence is generated here by clarifying the structure of the established policy, and it is easy to generate a policy file that includes the policy object, usage rights, decryption key, and usage conditions. The power to do that It is not always necessary to generate an XML sentence.
- the generation of the XML sentence may be performed, for example, when the encryption button is clicked in FIG. 17, or in FIG. 18, when the button for saving the policy is clicked. Also good.
- user A selects whether to generate a policy file on user terminal A (local package) or to generate a policy file on server 5 (server package) (S430).
- the user terminal A obtains a public key generated in advance for each authorized user (here, user B) of the original file (S435).
- the public key acquisition method is arbitrary.
- the server 5 may also receive the registered user's public key list upon successful login.
- user A performs user registration.
- a similar public key list may be received.
- the public key of the authorized user can be obtained.
- the public key since the public key is disclosed to the user, the local login cannot be performed when the original file is used for the user! / User terminal A cannot perform the server package.
- the key generation unit 51 of the user terminal A uses a random number decryption key for encrypting the original file as well as a key for opening a policy object of a policy finale generated later for the number of policy objects.
- the key generation unit 51 or the encryption unit (not shown) of the user terminal A first acquires the key for opening the policy object among the keys generated by the key generation unit 51. Encrypt with the public key of each authorized user (S445). This is because only the authorized user can use the original file by making it possible to decrypt the key only with the private key of the authorized user.
- the policy file generation unit 52 of the user terminal A combines the usage conditions, usage rights, decryption key, and key for opening the policy object into a directory structure as shown in FIG.
- a policy file is generated (S450).
- the policy file is generated in the XML format as well as the established policy.
- the policy file may be replaced by a predetermined replacement table.
- the server 5 receives the policy and analyzes the structure of the policy included in the XML sentence (S460). Here, a plurality of policy objects may be generated based on the policy.
- the key generation unit 51 of the server 5 Based on the received policy, the key generation unit 51 of the server 5 generates a random number decryption key for encrypting the original file and keys corresponding to the number of policy objects (S465).
- the policy file generation unit 52 of the server 5 Based on the key generated by the key generation unit 51, the policy file generation unit 52 of the server 5 The package history of the original file is stored in the history database 56 (S470), and a policy file is generated based on the key generated by the key generation unit 51 and the policy formulated by the policy formulation unit 22 (S475). The policy file should be replaced by the specified replacement table.
- the server 5 transmits the generated policy file to the user terminal A (S480).
- the package part 23 of the user terminal A decrypts the original file based on the policy file generated by the user terminal A in the case of a local package or the policy file generated by the server 5 in the case of a server package. Then, the encrypted original file and the policy file are packaged to generate a package file (S485). A series of flow from S425 force to S485 may be performed in accordance with the click of the B sound key in FIG. 17 or the policy setting button in FIG.
- user A may add a signature to the generated package file so that a user other than user A can detect that the original file has been tampered with.
- the signature is attached to the knock file by encrypting the hash value of the original file to be detected for alteration with the private key of User A.
- the package file is stored in a predetermined storage location designated by user A.
- the package file stored in the specified storage location is generated so that the authorized user can immediately open it.
- it is attached to the email addressed to the authorized user and sent. May be.
- information on the policy set for the permitted user may be displayed in the mail body.
- the search request unit 24 of the user terminal A can search the history of the package file created by the user A based on the history database 56.
- 20 and 21 show an example of a package history search screen displayed on the user terminal A.
- FIG. By using such a package history search screen, user A can grasp for which user and under what usage conditions the original file was packaged. It is also possible to review the policy and repackage the original file as the policy is revised.
- User B designates a package file stored in a storage medium that can be accessed by user terminal B by double-clicking on user terminal B (for example, user A first packages). S510).
- user B can receive a notification from user A that the original file that can be used by user B has been packaged, or, as shown in FIG.
- the user terminal A can automatically send an email with the package file attached to user terminal B! / ⁇ .
- the file usage program 3 may be started first so that the file specification unit 31 accepts the specification of the package file used by the user B.
- the user terminal B starts the installed file usage program 3 in conjunction with the designation of the knock file.
- the file usage program 3 The file format of the specified package file is checked (S515).
- the file usage program 3 extracts information (ID space information) on the range of user IDs that can use the package file from the package file (S520), and the file usage program 3 It is confirmed whether the server information storage file and replacement table corresponding to the extracted ID space information are stored in the user terminal B (S525). Here, if the replacement table does not exist, the package file is a file that cannot be used by the user B by the file use program 3, so an error notification is sent to the user terminal B (S530).
- ID space information information on the range of user IDs that can use the package file from the package file (S520)
- the file usage program 3 It is confirmed whether the server information storage file and replacement table corresponding to the extracted ID space information are stored in the user terminal B (S525).
- the replacement table does not exist, the package file is a file that cannot be used by the user B by the file use program 3, so an error notification is sent to the user terminal B (S530).
- the file using program 3 extracts the file basic information from the knock file (S535).
- the file usage program 3 Based on the extracted file basic information, the file usage program 3 displays on the screen of the user terminal B a user list such as a user Z who is not permitted to use the original file (S540). .
- User B is the authorized user of the original file based on the screen display of user terminal B. After confirming that it is included in the file, log in to the file usage program 3 (S545). An example of the log-in flow to the file usage program 3 is the same as that described for the log-in to the file package program 2 in the flowcharts of FIGS. .
- the database generation unit 33 when the specific package file is used for the first time, the database generation unit 33 generates the usage status database 33a in the user terminal B. It is assumed that the policy file contains three policy objects. These three policy objects are chained together in the policy file, and the policy object that contains the usage conditions to be checked at the end is encrypted. It is assumed that the decryption key of the original file and the authority to use the original file are connected.
- the decryption key decryption unit 34 included in the file usage program 3 is activated and starts decrypting the policy file (S610). If the policy file included in the package file is encrypted (S615), the decryption key decryption unit 34 (or decryption unit 35) decrypts the encrypted policy file. In order to enter, the replacement table stored in user terminal B is retrieved (S620).
- the decryption key decryption unit 34 extracts the key A stored in the file basic information of the server information storage file or package file (S630), and uses the replacement table to Replace A with key B (S635).
- the replacement table has been tampered with, and the tampering is detected and the subsequent steps are not allowed to proceed (S640).
- the replaced key B is expanded on the temporary memory 43 (S645).
- Decryption key decryption unit 34 decrypts the encrypted policy file by using key B (S710). If the encrypted policy file is not decrypted, it means that key B has been tampered with by someone, and that tampering is detected and the following steps cannot be taken! /, And so on (S715).
- the collation 'update means 34a of the decryption key decryption unit 34 shown in Fig. 6 is used corresponding to policy object 1 out of the three policy objects constituting the policy file.
- Condition 1 can be extracted (S720).
- the activation of the first verification 'update means 34a may be performed by, for example, the key 0 (shown in FIG. 6) sent from the server 5 when the user B has successfully logged in. Or by entering certain symbols.
- the usage conditions and keys may be stored entirely or partially in a storage medium such as the server 5 or CD-ROM where data cannot be rewritten. It may be issued to User B as a separate file from the policy file.
- the policy includes usage conditions that require a legitimate evaluation such as date and time, number of times, etc.
- all or part of the keys and usage conditions may be stored in the server 5.
- the policy file is different from the policy file, it is more effective for preventing unauthorized use of the original file.
- the user terminal 4 must access the server 5 each time the original file is used, which increases the burden of network connection. Care must be taken in the design of server 5.
- the collation / update means 34a checks whether or not the usage status 1 corresponding to the extracted usage condition 1 exists in the usage status database 33a in the user terminal B (S725).
- Book The usage condition 1 of the embodiment is a power that requires comparison and collation with the data stored in the usage status database 33a in the user terminal B. There are naturally usage conditions that can be verified by the user terminal B and usage conditions that can be verified by the server 5. In this case, the generation of the usage status database 33a is not essential.
- usage status database 33a itself or usage status 1 does not exist in user terminal B, it indicates that the original file is likely to be used illegally on user terminal 4 other than user terminal B. Therefore, it is not allowed to proceed to the subsequent steps (S730).
- the checking / updating means 34a is the force that the usage status 1 satisfies the usage condition 1, that is, the range of the usage condition 1. It is confirmed whether it is equivalent to the use in (S735).
- use condition 1 is "use limit number of times is 10"
- use condition 1 stored in user terminal B is "current use number of times 3”. Satisfied.
- the usage status 1 is currently 10 times of usage, it is assumed that the usage condition 1 has not been satisfied, and the subsequent steps are not allowed to proceed (S740).
- an example of an error screen displayed on user terminal B when it cannot proceed to the subsequent steps is shown in FIG.
- the usage status is automatically updated to a state where 1 is added to the remaining usage count, etc. Updated.
- the key 1 extracted from the policy object 1 opens the next policy object 2, and the use condition 2 corresponding to the policy object 2 is extracted (S810).
- the verification / updating means 34b of the decryption key decryption unit 34 checks with the server 5 whether or not the user B satisfies the usage condition 2 (S815). For example, if the usage condition 2 is the expiration date of the original file, the decryption key decryption unit 34 transmits the usage condition 2 to the server 5 and receives information on the current date and time from the server 5, or the server In 5, check the current date and usage conditions 2 and have the result sent.
- the decryption key decryption unit 34 sends the use condition 2 to the server 5, and the package file is transmitted from the server 5. Send information about the number of simultaneous accesses based on information such as login access history.
- the decryption unit 35 extracts the encrypted original file from the knock file and decrypts the encrypted original file using the previous decryption key (S835). .
- the decrypted original file is expanded on the temporary memory 43 instead of the hard disk 44 of the user terminal B, and the original file can be used on the temporary memory 43, as with the previous decryption key and usage authority. .
- the reason why the original file is not stored in the hard disk 44 of the user terminal B is to prevent the use of the original file ignoring the use conditions if it is stored in the hard disk 44. is there.
- the file usage control unit 36 downloads the corresponding software 42 according to the type of the original file that has been decrypted. It is started on the user terminal B (S840), and the original file can be used on the corresponding software 42. At that time, the operation of the corresponding software 42 is controlled based on the acquired use authority (S845). For example, if the usage right acquired by User B is only to view the original file, the save button and the print button that appear on the screen of the corresponding software 42 are not displayed. In addition, the file usage control unit 36 detects the operation and stops the use of the original file when the user B tries to perform usage (for example, printing or saving) outside the usage authority acquired. Or a warning display may be displayed on the screen of the user terminal B.
- the corresponding software 42 may be prepared in the user terminal B according to the type of the original file, or may be multi-compatible software that does not depend on the type of the original file. Also, the corresponding software 42 is included in the file usage program 3! /, Or even! /.
- the storage location of the set of packaging files may be moved or copied. Further, as one aspect of the usage authority, when the original file can be saved or edited, the original file itself can be saved on the node disk 44. -If the original file is stored in the hard disk 44, the original file can be used by starting the corresponding software 42 without starting the file use program 3 thereafter.
- the repackaging unit 37 reads the original file from the corresponding software 42. Get notified that Ayr has been edited.
- the repackaging unit 37 after finishing editing (for example, displaying a “re-nockage button” on the screen of the user terminal B and detecting that it has been clicked, etc.), reads the edited original file. Then, encrypt the original file before editing with the same decryption key, package it with the policy file and basic file information, and generate a knock file. The generated package file is overwritten on the original package file. In other words, the original package file is deleted, and a new package file is stored in the storage location of the original package file.
- the policy file is basically the same as the original policy file, but the file basic information may be used for repackaging when the contents are partially updated.
- the creation user of the original file may be notified to that effect.
- the access history and repackaging history of user B to server 5 are sequentially stored in the history database 56 of server 5, user A who created the original file can search from the search request unit 24 to the search unit 53 of server 5.
- a search for user B's original file usage history may be requested. This allows User A to track and manage the original file after it is created.
- Each means and database in the present invention is only logically distinguished in function, and may be physically or virtually identical. It goes without saying that a data file may be used instead of a database, and the description of a database includes a data file.
- a storage medium recording a software program that implements the functions of the present embodiment is supplied to the system, and the computer of the system reads and executes the program stored in the storage medium. This is also realized.
- the program itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the program constitutes the present invention.
- the program of the present invention is supplied mainly by a method of downloading to a computer via the network 6 such as the LAN 6a or the Internet 6b.
- a computer such as the LAN 6a or the Internet 6b.
- Others magnetic disk, light Portable storage media such as disks, magneto-optical disks, magnetic tapes, and non-volatile memory cards can also be supplied to computers.
- FIG. 1 is a diagram showing an embodiment of a connection configuration between a user terminal installed with a file management program and a server.
- FIG. 2 is a diagram illustrating an example of the configuration of a file package program and a server.
- FIG. 3 is a conceptual diagram showing an outline process for generating a package file.
- FIG. 4 is a diagram showing an example of the configuration of a file usage program and the configuration of a user terminal.
- FIG. 5 is a diagram showing an example of the data structure of a package file.
- FIG. 6 is a configuration diagram showing another embodiment of the configuration of the user terminal.
- FIG. 7 is a conceptual diagram showing an outline process for encrypting a policy file.
- FIG. 8 is a flowchart showing an example of a process flow of the present invention.
- FIG. 9 is a flowchart showing another example of the process flow of the present invention.
- FIG. 10 is a flowchart showing another example of the process flow of the present invention.
- FIG. 11 is a flowchart showing another example of the process flow of the present invention.
- FIG. 12 is a flowchart showing another example of the process flow of the present invention.
- FIG. 13 is a flowchart showing another example of the process flow of the present invention.
- FIG. 14 is a flowchart showing another example of the process flow of the present invention.
- FIG. 15 is a flowchart showing another example of the process flow of the present invention.
- FIG. 16 is a diagram showing an example of a login screen.
- FIG. 17 is a diagram showing an example of a file package screen.
- FIG. 18 is a diagram showing another example of a file package screen.
- FIG. 19 is a diagram showing an example of a mail transmission screen.
- FIG. 20 is a diagram showing an example of a package history search screen.
- FIG. 21 is a diagram showing another example of a package history search screen.
- FIG. 22 is a diagram showing an example of an allowed user group selection screen.
- FIG. 23 is a diagram showing an example of an error screen.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004190754A JP2008026925A (en) | 2004-06-29 | 2004-06-29 | File management program |
JP2004-190754 | 2004-06-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006001153A1 true WO2006001153A1 (en) | 2006-01-05 |
Family
ID=35781679
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/009908 WO2006001153A1 (en) | 2004-06-29 | 2005-05-30 | File managing program |
Country Status (2)
Country | Link |
---|---|
JP (1) | JP2008026925A (en) |
WO (1) | WO2006001153A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011152468A1 (en) * | 2010-06-03 | 2011-12-08 | 株式会社 東芝 | Access control device and recording medium |
JP2012083922A (en) * | 2010-10-08 | 2012-04-26 | Fujitsu Ltd | Data monitoring program, data monitoring method, and data monitoring device |
JP2023016044A (en) * | 2017-11-09 | 2023-02-01 | ブロードリッジ・ファイナンシャル・ソリューションズ・インコーポレイテッド | Database-centric computer network system and computer-implementation method for cryptographically protected distributed data management |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009217577A (en) * | 2008-03-11 | 2009-09-24 | Ri Co Ltd | Backup program |
JP2009265854A (en) * | 2008-04-23 | 2009-11-12 | Soriton Syst:Kk | Confidential file management system |
JP2009271609A (en) * | 2008-04-30 | 2009-11-19 | Soriton Syst:Kk | Confidential file management system |
JP5097987B2 (en) * | 2008-06-13 | 2012-12-12 | 株式会社マイクロフォーサム | Electronic file vending machine management system |
CN102227734B (en) * | 2008-11-28 | 2014-02-26 | 国际商业机器公司 | Client computer for protecting confidential file, server computer therefor, method therefor |
JP2011004385A (en) * | 2009-03-16 | 2011-01-06 | Ricoh Co Ltd | Information processing apparatus, mutual authentication method, mutual authentication program, information processing system, information processing method, information processing program, and recording medium |
JP2010229775A (en) * | 2009-03-30 | 2010-10-14 | Mitsubishi Motors Corp | Vehicle control device |
JP5509888B2 (en) * | 2010-02-02 | 2014-06-04 | 日本電気株式会社 | Document management system and document management method |
JP2014174721A (en) * | 2013-03-08 | 2014-09-22 | Genetec Corp | Information sharing system |
JP5995341B1 (en) * | 2016-06-27 | 2016-09-21 | 株式会社 ゼネテック | Browsing file browsing method, browsing file browsing program, information sharing system, information sharing system server |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003218851A (en) * | 2001-12-12 | 2003-07-31 | Pervasive Security Systems Inc | Method and apparatus for safeguarding digital asset |
JP2003345931A (en) * | 2002-05-28 | 2003-12-05 | Nippon Telegr & Teleph Corp <Ntt> | Private information distribution management method, private information identification device in private information distribution management system, private information using environment identification device, private information providing device, private information using device, disclosure use rule determination program. and program for each device. |
-
2004
- 2004-06-29 JP JP2004190754A patent/JP2008026925A/en not_active Withdrawn
-
2005
- 2005-05-30 WO PCT/JP2005/009908 patent/WO2006001153A1/en not_active Application Discontinuation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003218851A (en) * | 2001-12-12 | 2003-07-31 | Pervasive Security Systems Inc | Method and apparatus for safeguarding digital asset |
JP2003345931A (en) * | 2002-05-28 | 2003-12-05 | Nippon Telegr & Teleph Corp <Ntt> | Private information distribution management method, private information identification device in private information distribution management system, private information using environment identification device, private information providing device, private information using device, disclosure use rule determination program. and program for each device. |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011152468A1 (en) * | 2010-06-03 | 2011-12-08 | 株式会社 東芝 | Access control device and recording medium |
JP2011253450A (en) * | 2010-06-03 | 2011-12-15 | Toshiba Corp | Access control program and device |
CN102859530A (en) * | 2010-06-03 | 2013-01-02 | 株式会社东芝 | Access control device and recording medium |
US8719950B2 (en) | 2010-06-03 | 2014-05-06 | Kabushiki Kaisha Toshiba | Access control apparatus and storage medium |
JP2012083922A (en) * | 2010-10-08 | 2012-04-26 | Fujitsu Ltd | Data monitoring program, data monitoring method, and data monitoring device |
JP2023016044A (en) * | 2017-11-09 | 2023-02-01 | ブロードリッジ・ファイナンシャル・ソリューションズ・インコーポレイテッド | Database-centric computer network system and computer-implementation method for cryptographically protected distributed data management |
JP7434480B2 (en) | 2017-11-09 | 2024-02-20 | ブロードリッジ・ファイナンシャル・ソリューションズ・インコーポレイテッド | Database-centric computer network system and computer implementation method for cryptographically secured distributed data management |
Also Published As
Publication number | Publication date |
---|---|
JP2008026925A (en) | 2008-02-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104662870B (en) | data security management system | |
US6173402B1 (en) | Technique for localizing keyphrase-based data encryption and decryption | |
JP5270694B2 (en) | Client computer, server computer thereof, method and computer program for protecting confidential file | |
CA2578186C (en) | System and method for access control | |
JP4853939B2 (en) | Offline access in document control systems | |
KR100464755B1 (en) | User authentication method using user's e-mail address and hardware information | |
US20070177740A1 (en) | Encryption key distribution system, key distribution server, locking terminal, viewing terminal, encryption key distribution method, and computer-readable medium | |
US7707416B2 (en) | Authentication cache and authentication on demand in a distributed network environment | |
US20050055552A1 (en) | Assurance system and assurance method | |
US20040177248A1 (en) | Network connection system | |
US12289310B2 (en) | Decentralized application authentication | |
US20080010453A1 (en) | Method and apparatus for one time password access to portable credential entry and memory storage devices | |
US7487535B1 (en) | Authentication on demand in a distributed network environment | |
US8850563B2 (en) | Portable computer accounts | |
WO2006001153A1 (en) | File managing program | |
US7178169B1 (en) | Method and apparatus for securing transfer of and access to digital content | |
JP2002041347A (en) | Information presentation system and device | |
JPH10260939A (en) | Computer network client machine authentication method, client machine, host machine and computer system | |
WO2006072994A1 (en) | Login-to-network-camera authentication system | |
JP4587688B2 (en) | Encryption key management server, encryption key management program, encryption key acquisition terminal, encryption key acquisition program, encryption key management system, and encryption key management method | |
JP2011077740A (en) | Key information management apparatus | |
JP3833635B2 (en) | Information management system, key distribution server, information management method, and program | |
JP2004213265A (en) | Electronic document management device, document creator device, document viewer device, electronic document management method, and electronic document management system | |
JP6464544B1 (en) | Information processing apparatus, information processing method, information processing program, and information processing system | |
JP4683856B2 (en) | Authentication program and authentication server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: COMMUNICATION UNDER RULE 69 EPC ( EPO FORM 1205A DATED 26/06/07 ) |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 05743349 Country of ref document: EP Kind code of ref document: A1 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 5743349 Country of ref document: EP |