+

WO2006001153A1 - Programme de gestion de fichiers - Google Patents

Programme de gestion de fichiers Download PDF

Info

Publication number
WO2006001153A1
WO2006001153A1 PCT/JP2005/009908 JP2005009908W WO2006001153A1 WO 2006001153 A1 WO2006001153 A1 WO 2006001153A1 JP 2005009908 W JP2005009908 W JP 2005009908W WO 2006001153 A1 WO2006001153 A1 WO 2006001153A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
user
user terminal
package
policy
Prior art date
Application number
PCT/JP2005/009908
Other languages
English (en)
Japanese (ja)
Inventor
Tao Wang
Tao Guo
Junichiro Kawaguchi
Jun Li
Chen Yu
Original Assignee
Easy Systems Japan Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Easy Systems Japan Ltd. filed Critical Easy Systems Japan Ltd.
Publication of WO2006001153A1 publication Critical patent/WO2006001153A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Definitions

  • the present invention relates to a file management program, and more particularly to a file management program for setting a use condition to package a file and using a packaged file within the range of the use condition.
  • Patent Document 1 Conventionally, as a distribution system that sets usage conditions and distributes data or software to users, there has been a distribution system as shown in Patent Document 1.
  • the distribution server encrypts data with usage agreement, software, and usage conditions by an encryption processing unit using an encryption key corresponding to the client terminal of the distribution destination, Send it after packaging in the package part.
  • the client terminal uses the encryption key in the encryption processing unit to decrypt the usage conditions, and when the usage conditions are available, the client terminal decrypts and installs the data and software.
  • Patent Document 1 Japanese Patent Application Laid-Open No. 2002-189526
  • the present invention has been made in view of such conventional problems, and the object of the present invention is to provide a file that can be centrally managed without impairing the convenience of the user. To provide a management program.
  • a file management program having a file package program that is stored and executed in a user terminal and performs central management of an original file created by an arbitrary user.
  • a file designating unit that accepts file specifications, a policy planning unit that formulates a policy for using the original file, a common key generated for each original file, and a policy generated based on the policy
  • a package unit that generates a package file by packaging the file and the original file encrypted with the common key, and only a user who satisfies the policy usage conditions can store the file in the policy file.
  • the usage rights for the common key and the original file can be expanded on the temporary memory of the user terminal, and A file management program for generating the package file so that the original file decrypted with the common key can be expanded only on the temporary memory and the original file can be used within the range of the use authority.
  • the file management program further includes a search unit for searching for information related to a package history of the package file and information related to a user access history to the package file.
  • the number of users who package the original file depends on the number of users who are given usage rights. Regardless, it is possible to share the original file among multiple users simply by creating a single package file and storing it in a storage medium that can be accessed by the user terminal that has been given the right to use it. Become.
  • a package file is generated in the package part, and a notification of sending the package file or sending the package file by e-mail attachment is sent to the user terminal of the user who is authorized to use the original file.
  • This is a file management program with a part.
  • the user's user terminal which has been given the authority to use the original file, cannot inadvertently know the existence of the package file in which the original file is packaged. As a result, a user who has been granted the right to use the original file can immediately use the original file.
  • the file management program comprises a file specification unit that accepts specification of a package file in which a source file to be used is packaged among package files, and a policy file in the package file. If the usage of the original file is within the range of the usage conditions, it is a common key generated for each original file and used for the encryption key.
  • the decryption key of the original file and the right to use the original file are -The contents of the package file are encrypted by the decryption key decryption unit that develops the decryption key and the usage authority on the temporary memory of the user terminal, and the acquired common key.
  • the use authority of the original file and the decryption key of the original file are included in the knock file so that they can be decrypted only when the use conditions are satisfied. Therefore, only when the user satisfies the usage conditions of the policy included in the knock file, the user is authorized to use the original file, and the user cannot use the original file. Will be provided.
  • the file management program 1 makes it possible to use the original file by a user who has been given usage rights while maintaining a high security level.
  • a user can share the same original file with other users as a result without accessing a user terminal other than the user terminal.
  • the same original file can be shared with other users because the original file is encrypted with the common key generated for each original file, and the number of users depends on the number of users. This is also due to the fact that one package file is generated.
  • the invention of claim 5 provides:
  • the file usage control unit controls the corresponding software of the original file, and performs the API hooking that performs the function call instruction based on the acquired usage authority to the OS or middleware of the user terminal. This is a file management program.
  • the file management program When the original file is repackaged, the file management program includes a notification unit that notifies the user terminal or server of the user who created the original file that the repackage has been performed.
  • the user or server that created the original file can immediately confirm that the original file has been updated.
  • the file management program includes a database generation unit that generates the user terminal in a state incapable of being performed.
  • the usage status database is generated in the user terminal, thereby preventing and detecting the unauthorized use of the original file in the user terminal other than the user terminal. I can do it.
  • the file usage program is a file management program that requests the server to check usage conditions in the policy file.
  • the policy file is encrypted with a key replaced by a replacement table generated for each server.
  • the replacement table stores the file management program in the user terminal and the user terminal. Is a file management program stored in
  • the usage conditions are described in association with a plurality of policy objects.
  • another policy object is opened. Keys can be obtained, and finally all policy object keys are opened, and only when all usage conditions are satisfied, the decryption key and usage rights can be extracted.
  • This file management program has a data structure.
  • It has an authentication interface that authenticates whether or not it is a registered user of the file management program, or whether or not it is a use-permitted user of the original file included in the use conditions, and the authentication interface is determined by a request from the user
  • It is a file management program that sends data to a server and requests verification with data already stored in the server.
  • the authentication interface includes template data stored in the sano or the user terminal if the authentication device includes encryption logic.
  • the template data corresponding to the login ID is obtained
  • the second password is obtained by verifying and decrypting the signature with the user's PKI certificate
  • the data already stored in the server is a file management program that requests verification.
  • the server or the user terminal can perform the user authentication regardless of the authentication device power of any kind and the user authentication result.
  • the number and combination of user authentication can be changed arbitrarily.
  • the user who packages the original file generates a single package file regardless of the number of users who are given usage rights, and the user terminal of the user who has given usage rights can access the memory.
  • the original file can be shared among multiple users simply by storing it on the medium.
  • the use authority of the original file and the decryption key of the original file are included in the package file so that they can be decrypted only when the use conditions are satisfied, the user includes them in the package file. Only when the usage conditions of the specified policy are satisfied, the usage rights of the original file are granted, and the usage rights are granted, so that the user cannot use the original file.
  • the file management program can perform centralized management and use of a file that maintains a high security level and does not impair the convenience of the user when generating a package file. become able to do.
  • the usage authority is limited to authority other than editing and saving, users other than the user who created the original file cannot change the original file.
  • the same original file is shared among users. This can be done by the user of the user who has been given the right to use the package file by e-mail attachment. Even when stored in the terminal, the same effect is obtained.
  • a user can share the same original file with other users as a result without accessing a user terminal other than the user terminal.
  • the same original file can be shared with other users because the original file is encrypted with the common key generated for each original file, and the number of users depends on the number of users. This is also due to the fact that one package file is generated.
  • the file management program 1 is capable of viewing, printing, editing, and saving a file, such as a document, an image (a moving image or a still image) is included in a document file (hereinafter simply referred to as a file). It is used to prevent unauthorized use by leaking information to persons who do not have the right to use the file, etc., and to improve file safety by setting file usage conditions (policy). It is a program.
  • the file management program 1 is a program stored and executed in the user terminal 4.
  • An arbitrary user creates a package file from a file created by an arbitrary user in the user terminal 4,
  • File package program 2 for centralized management of files, and
  • a file usage program for users other than the file creation user to restore the original file from the package file holder and use the file on the user terminal 4 It is roughly divided into three.
  • “use of file” refers to actions such as viewing, printing, editing, and saving a file.
  • these user terminals 4 are connected to each other via a network 6 such as a LAN 6a inside the company, and outside the company via a network 6 such as the Internet 6b. Connected.
  • the internal user terminal 4a is used when accessing outside the company, requesting various authentications, registering various types of information, downloading the file management program 1 of the present invention, and using the file management program 1. Support via network 6 Connected to server 5.
  • the external user terminal 4b is also connected to the server 5 via the network 6 at the same time as described above.
  • the user terminal 4 stores the configuration required for storing and executing these programs (external storage devices such as CPU, temporary memory 43, hard disk 44, communication device, input / output device, etc.). What is necessary is just a normal computer.
  • the user and the user terminal 4 perform user registration with the server 5 in order to use the file management program 1 of the present invention, and register information about the user and the user terminal 4 in the server 5.
  • the user and the user terminal 4 are associated one-to-one, and one user ID is assigned to a set of one user and one user terminal 4.
  • the 2 user IDs shall be assigned.
  • One user ID may be given to one user regardless of the user terminal 4, or one user ID may be given to one user terminal 4 regardless of the user.
  • the server 5 has a configuration similar to that of the user terminal 4, and may be a normal server computer provided with server software.
  • the server 5 includes a user database 55 storing information such as user information and hardware information of the user terminal 4, an authentication database 57 storing authentication information necessary for user authentication, It is equipped with various databases such as the history database 56 that stores history information such as user history and package file creation history.
  • the file package program 2 is stored in the user terminal 4 and used in the user terminal 4, regardless of the storage method of the power program.
  • the server 5 power is downloaded to the user terminal 4 together with the installer.
  • a storage medium such as a CD-ROM may be copied to the user terminal 4.
  • the finale package program 2 mainly includes functional block capabilities of a file designation unit 21, a policy formulation unit 22, a knock unit 23, and a search request unit 24.
  • the file designation unit 21 is a means for receiving designation of a file that is to be managed among files stored in a storage medium that can be accessed by the user terminal 4.
  • the file specification unit 21 displays on the screen of the user terminal 4 identification information (title, creation date, creation user, file type (extension) that the user terminal 4 can manage at that time. Etc.), the file data size, etc.) is displayed, and the input device such as a keyboard or a mouse selects one of the information to accept the file specification.
  • the policy formulation unit 22 is a means for formulating a policy for using the finale received by the file designating unit 21 (hereinafter referred to as the original file).
  • the prepared policy is transmitted to the server 5 together with the identification information of the original file. These are not necessarily transmitted to the server 5.
  • the policy is, for example, authentication of whether or not a user is permitted to use the original file, Z authentication, password and other authentication, number of times the file can be used, expiration date of the original file, number of files that can be accessed simultaneously, access
  • usage conditions such as possible time, and usage rights granted when these usage conditions are satisfied (for example, usage modes such as viewing, printing, editing, and saving of the original file).
  • the server 5 includes a key generation unit 51 and a policy file generation unit 52 as functional blocks.
  • the key generation unit 51 is means for generating an encryption key (decryption key) for encrypting (decrypting) the original file.
  • file encryption and decryption are performed by a common key encryption method.
  • the encryption key and decryption key are common, and only one type is generated for each original file. Therefore, in the following description, the encryption key is also referred to as a decryption key.
  • the decryption key generated by the key generation unit 51 is a random number generated every time a policy is formulated by the policy formulation unit 22 (and for each original file). If the key is generated differently for each policy, it is not necessarily a random number.
  • the common key encryption method is used for file encryption and decryption, because the processing time required for file encryption and decryption at user terminal 4 is as follows. This is because the burden on the user terminal 4 is short compared to the encryption and decryption processing time when the public key cryptosystem is used.
  • the common key encryption method for example, when the encryption key generated by the server 5 is used for file encryption, or the encrypted file is used as an encryption key only for a specific user.
  • the key delivery method often becomes a problem. As long as the encryption key and decryption key are the same, once the key is known to a third party, anyone can decrypt the encrypted file, meaning the file has been encrypted. Because there will be no more.
  • the policy file generation unit 52 is a means for generating a policy file based on the policy formulated by the policy formulation unit 22 and the decryption key generated by the key generation unit 51.
  • the policy file is, for example, XML format data that describes the decryption key and the policy.
  • the usage conditions in the policy are described in association with a plurality of policy objects. When the usage conditions corresponding to a policy object are satisfied, a key for opening another policy object can be obtained, and finally all policy objects are opened, that is, all policies are opened. This is a chained data structure in which the decryption key and usage authority can be extracted only when the usage conditions are satisfied.
  • the generated policy file is stored in the user database 55 for storing user information with the identification ID of the policy file assigned to each user, and is also transmitted to the user terminal 4.
  • the decryption key generated by the key generation unit 51 may also be stored in the user database 55 and transmitted to the user terminal 4.
  • an identification ID is assigned to each policy object, and a key for opening the policy object is generated by the key generation unit 51, and this information is also stored in the user database 55.
  • the policy file generation unit 52 may be included as a functional block of the file package program 2 stored in the user terminal 4. In this case, the user terminal 4 does not transmit the policy to the server 5, generates the policy file itself, and stores the policy file identification ID in the user terminal 4.
  • the knocking unit 23 encrypts the original file with the decryption key generated by the key generation unit 51, and the encrypted original file,
  • the policy file and basic file information generated by the policy file generator 52 are packaged together and added with a header to generate a new file (called a package file).
  • Figure 3 shows a conceptual diagram when the package unit 23 generates a package file.
  • the encrypted original file cannot be taken out or used alone. It can be used only by linking with the policy file.
  • the usage authority can be acquired and the encrypted file can be decrypted. Even if it is sent to 4 or known, it will be encrypted if there is no package final and the conditions of use of all policies are not satisfied. Since the original file cannot be decrypted, the security of the encrypted file is ensured.
  • the decryption key is included in the policy file and packaged with the encrypted original file, the user is also aware of the key delivery, which is a problem of the common key cryptosystem. Without being done safely.
  • the file basic information includes the original file identification information in addition to information such as the title, creation date, creation user, original file type (extension, etc.), and original file data size.
  • the use permission of Z is included. It may also include the title that is the identification information of the knock file, creation (package date and time), creation user (packaged person), package file type, package file data size, and the like.
  • the encryption of the file basic information is arbitrary, and basically the contents of the file basic information can be known even by a user who does not have the authority to use the original file.
  • the search request unit 24 requests the search unit 53 in the server 5 to search the history information of the file package stored in the history database 56 and the information related to the access history of the package file. It is.
  • the history database 56 may store the same data as that stored in the user database 55, or the history information stored in the user database 55 may be searched! ,.
  • the search request unit 24 Alternatively, it may be a means of accessing the history information stored in a database (for example, a usage status database 33a described later) in the user terminal 4 of the file creation user.
  • the search request unit 24 specifies, for example, a search condition, and transmits the search condition to the server 5.
  • the search unit 53 of the server 5 extracts the history information that matches the search condition from the history database 56 and transmits it to the user terminal 4.
  • the user terminal 4 can further change the policy in the policy formulation unit 22 and change the file in the file specification unit 21. If any change is made, the knocking unit 23 repackages the file. This procedure is the same as the procedure for a new file package, as described above.
  • history database 56 also stores a user access history to the package file. Therefore, the user who has packaged the file can confirm from the search request section 24 who has accessed which package file from when.
  • the user who packages the original file can generate one package file and access it by the user terminal 4 of the user who has been given the use right regardless of the number of users to whom the use right is given.
  • the original file can be shared among multiple users simply by storing it in the storage medium.
  • the file management program 1 can perform centralized management of files while maintaining a high security level and without impairing the convenience of the user when generating a package file. It becomes like this.
  • the file usage program 3 is stored in the user terminal 4 and is stored in the user terminal 4 in the same manner as the file package program 2.
  • the file usage program 3 can be stored in the user terminal 4 together with the installer. It may be downloaded to the user terminal 4 or a storage medium such as a CD-ROM may be copied to the user terminal 4.
  • the file use program 3 may be programmed together with the file package program 2, and in this case, the file use program 3 is stored in the user terminal 4 as the file management program 1.
  • the file usage program 3 is mainly composed of a file designation unit 31, an authentication request unit 32, a database generation unit 33, a decryption key decryption unit 34, a decryption unit 35, a file usage control unit 36, and a re-noclusion unit 37. Consists of functional block force.
  • the file designating unit 31 is a means for accepting designation of a package file that is used by the original file among package files stored in a storage medium that can be accessed by the user terminal 4. It is. For example, the file designating unit 31 displays on the screen of the user terminal 4 the basic file information of the package file (package file or original file title, creation date, creation user, file type (extension, etc.), The use of the original file is allowed (Z non-permitted users, etc.), and the input device such as a keyboard or mouse can be used to select either of the information, and the specification of the knock file can be accepted.
  • the basic file information of the package file (package file or original file title, creation date, creation user, file type (extension, etc.), The use of the original file is allowed (Z non-permitted users, etc.), and the input device such as a keyboard or mouse can be used to select either of the information, and the specification of the knock file can be accepted.
  • the file package program 2 generates a package file in the package unit 23 and notifies the user terminal 4 of the user who has been given the authority to use the original file to notify the generation of the package file or In addition, it has a notification unit (not shown) for sending a knock file by mail attachment.
  • the usage rights of the original file can be granted only by preventing the user's user terminal 4 from inadvertently knowing the existence of the package file in which the original file is packaged.
  • the authorized file can be used immediately by the authorized user.
  • the authentication request unit 32 is means for requesting the server 5 to authenticate a user who intends to use the file use program 3. If one user ID is assigned to one user and one user terminal 4, the user terminal 4 is naturally not authenticated unless the user requests an authentication from the user terminal 4 to the server 5.
  • the authentication request unit 32 does not necessarily require the server 5 to authenticate, and may be means for authenticating the user by the user terminal 4 itself. This will be described later in Examples.
  • the database generation unit 33 may update the usage status (for example, the number of times used) of the original file by the user terminal 4. This is a means for generating the usable usage state database 33a in the user terminal 4 in such a state that it cannot be read and updated by the user terminal 4 other than the user terminal 4 of the user.
  • usage conditions of the policy formulated by the policy formulation unit 22 usage conditions that do not require the usage status of the original file to be updated each time the original file is used (for example, the usage permission of the original file is Z). If the policy is generated only by the authentication of whether it is an authorized user, password and other authentication, the expiration date of the original file, the number of simultaneous access to the same knock file, the access time, etc.
  • the generation unit 33 is not necessarily required to generate the usage status database 33a.
  • the database corresponding to the usage status database 33a is not necessarily the user terminal. It may be generated in the server 5 that does not need to be generated in 4. In this case, the database generation unit 33 is not required in the file package program 2.
  • the decryption key decryption unit 34 compares the policy usage conditions in all the policy objects constituting the policy file in the knock file, and decrypts the decryption key of the encrypted original file. And the user's usage authority, and the decryption key and usage authority are retrieved from the temporary memory 43 of the user terminal 4, and the verification / update means 34a for verifying the usage conditions and updating the usage status is provided. Have it.
  • the verification / update means 34a checks the usage conditions and the usage status stored in the usage status database 33a for a policy that requires the usage conditions and the usage status of the original file to be verified. If the usage status does not violate the usage conditions (for example, the usage status is 3 times against the usage condition of 10 usages), update the usage status in the usage status database 33a to create another policy object. Take out the key to open or the decryption key of the encrypted original file.
  • either the server 5 or the user terminal 4 needs a program (for example, counting means, timing means, etc.) for updating the contents of the usage status data base 33a. Also, the location where the usage database 33a is generated and how to update the usage status can be stored in the policy file! /.
  • a program for example, counting means, timing means, etc.
  • the collation / update means 34a does not need to update the usage status of the original file!
  • the server 5 may be requested to collate the usage conditions with the usage status (current status). It can also be performed in the user terminal 4.
  • the collation / update means 34a accesses the server 5 to check the usage conditions and the usage status.
  • the server 5 receives the verification result and the key of the policy object to be opened next from the server 5.
  • the server 5 can encrypt the verification result and key to the user terminal 4 with the user's public key generated in advance and transmit it to the user terminal 4.
  • the decryption key unit 35 uses the decryption key decrypted by the decryption key decryption unit 34 and taken out to the temporary memory 43 of the user terminal 4, and then decrypts the original file encrypted in the package file. Means for decryption. Further, the decryption unit 35 may be a means for decrypting other encrypted data in conjunction with the decryption key decryption unit 34 that only decrypts the encrypted original file. Good.
  • the file usage control unit 36 is means for controlling the usage of the original file decrypted based on the usage authority decrypted by the decryption key decrypting unit 34. Further, the file usage control unit 36 may also serve as means for starting the corresponding software 42 for opening the original file based on the file identification information of the original file.
  • the corresponding software 42 may be prepared in the file usage program 3. For example, viewer-specific software that can browse all types of original files may be made available on the user terminal 4.
  • the file usage control unit 36 may be a means for performing API (Application Program Interface) hooking. Specifically, the file usage control unit is provided when all or part of the functional capabilities of the viewer, etc. in the original file compatible software 42, is realized by calling the functions provided by the OS or middleware. 36 controls the corresponding software 42 and issues a function call instruction based on the acquired use authority from the corresponding software 42 to the OS or middleware. This makes it possible to control usage rights while using existing compatible software 42 without creating dedicated software that can be used for browsing, printing, editing, saving, etc. corresponding to all original files. It becomes.
  • API Application Program Interface
  • the decryption unit 35 and the file usage control unit 36 only use the decryption key and the usage authority extracted to the temporary memory 43 through the normal decryption process in the decryption key decryption unit 34. It is possible to decrypt and use the original file. For example, when a decryption key or usage right that is used alone is about to be decrypted or used, the decryption unit 35 and the file usage control unit 36 Can be stopped on the spot. Thereby, unauthorized use of the original file can be prevented.
  • the repackaging unit 37 will edit the original file after editing. A means of packaging the file again with the policy file.
  • the repackage unit 37 exchanges the original package file (or overwrites or updates the original package file). As a result, the original package file is deleted, and the package file is updated.
  • the basic difference between the original package file and the repackaged package file is only the difference in the data capacity of the original file, and related data such as file basic information is accompanied by the repackage.
  • the power that may be updated The file name and the decryption key of the original file do not change.
  • the hash value also needs to be updated.
  • the repackaging unit 37 should only function if the editing of the original file is permitted among the usage rights. In the first place, the editing of the original file is included in the usage rights. If not, the repackaging section 37 is not necessary. Furthermore, in this embodiment, the policy file cannot be edited by a user who is permitted to edit the original file. This is to prevent unauthorized use of the original file by editing the policy file.
  • the file utilization program 3 having the repackage unit 37 is repackaged in the user terminal 4 or the server 5 of the original file creation user. You may have a notification part (not shown) which notifies that. This allows the user and server that created the original file to immediately confirm that the original file has been updated.
  • the usage authority of the original file and the decryption key of the original file can be decrypted only when the usage conditions are satisfied. Because the package is included in the package file, the user Only when the usage conditions of the policy included in the file are satisfied, the usage rights of the original file are granted, and the usage rights are granted, so that the user cannot use the original file. Become. In other words, the file management program 1 makes it possible to use the original file by a user who has been given usage rights while maintaining a high V security level.
  • the user can share the same original file with other users as a result without accessing a user terminal other than the user terminal.
  • the same original file can be shared with other users because the original file is encrypted with the common key generated for each original file, and the number of users depends on the number of users. This is also due to the fact that one package file is generated.
  • Reading and updating the information in the usage status database 33a is performed only in the process of decrypting the decryption key and the use authority by the decryption key decryption means, and by the user and the Service-to-Self in other processes. It will not be updated or tampered with.
  • the usage status database 33a generated in the user terminal 4 is a one-way function such as a hash value of the identification information (MAC address, BIOS serial number, hard disk 44 serial number, etc.) of the user terminal 4. May be encrypted.
  • detection of unauthorized update, alteration, unauthorized use, etc. of the usage status in the usage status database 33a can be performed by using a known hash (one-way) function technique or the like.
  • the usage status is always encrypted with the hash value of the usage status at the time of the last update or reading, and encrypted with the correct hash value at the next update or reading. Check the consistency of force.
  • the usage status should be updated from 2 times to 3 times by setting a mechanism that can be increased or decreased only by a predetermined number, for example, by decreasing it by one. It is also possible to make it impossible to tamper with zero.
  • the decryption key decryption will be stopped or the registry etc. Then, it is backed up, corrected, read the usage status, and the altered usage status database 33a is restored to the original state.
  • a program that can generate the usage database 33a only when a new user tries to open a package file for the first time Before downloading, the server 5 recognizes the identification information (MAC address, BIOS serial number, hard disk 44 serial number, etc.) of the user terminal 4 in advance and downloads the usage status data based on the hash value of the identification information.
  • the terminal 33a is encrypted, and a program that prevents the encrypted usage status database 33a from being decrypted is installed in a terminal having other identification information.
  • the identification information of the user terminal 4 is set as one condition.
  • the identification information of the user terminal 4 that is actually used as the usage status is checked, and the user terminal 4 of the user who is originally given the usage rights as the usage conditions is checked. If it does not match the identification information, the use of the original file may be stopped.
  • the usage conditions naturally vary from user to user, so if you want to share a policy file, the usage conditions and keys of the policy objects related to the usage conditions are stored in the server 5. It may be stored.
  • the decryption key decryption can be performed even if the usage status database 33a is substantially empty. If the part 34 confirms the existence of the usage status database 33a, the user and the user terminal 4 are automatically authenticated, and the user and the user terminal 4 who do not have the authority to use the original file. More effective in preventing unauthorized use.
  • the knock file is used under the root directory, the key acquisition path directory indicating the acquisition path and acquisition order of the decryption key and the usage right, and the usage conditions indicating the usage conditions for each policy object. It consists of four directories: a condition directory, a file directory that stores encrypted original files, and basic file information.
  • the key acquisition path directory and the usage condition directory correspond to the policy file, and the policy file, the encrypted original file, and the basic file information are packaged by the knocking unit 23.
  • a plurality of policy objects are arranged in order under the key acquisition path directory, and the usage authority and the decryption key that can be finally acquired are also included.
  • Each policy object includes a key for starting the collation / update means 34a and opening the next policy object.
  • the policy object and the usage conditions in the portion surrounded by the dotted frame are not actually included in the policy file, but are stored in the server 5. In this way, a part or all of the policy file can be obtained from the server 5. Policy Placing some or all of the files in the server 5 can further prevent fraudulent actions such as policy file tampering.
  • the usage condition directory includes initial values of usage conditions according to the type of policy object generated, and the database generation unit 33 uses the original file for the first time by the user terminal 4. Sometimes, the initial value of this usage condition is copied or moved to the usage status database 33a. It should be noted that even if the usage database 33a is generated and the usage status is updated, it may be stored in the usage conditions directory.
  • the policy object that requires the initial value of the use condition is, for example, the use status of the original file is updated each time the file is used, and the next file is used. In use, this is a type of comparison with the updated usage status.
  • a policy object that does not require an initial value is a type that compares a usage condition and a usage situation that does not require updating, such as the usage period of an original file.
  • the initial value of the usage condition relating to the number of times of use is, for example, 10 times if it is 10.
  • the numerical value stored in the power usage database 33a is "0 times" or "10 Times ".
  • the usage status database 33a is updated to reduce the number of times by 1 each time the original file is used, and becomes “0 times”. Since the original file can no longer be used at that time, the collating work in the collating / updating means 34a becomes substantially unnecessary.
  • the collation / update means 34a performs an update operation in the usage status database 33a to increase the number of usages, and checks the usage conditions. Work (judgment of power or less 10 times) is necessary.
  • the verification / updating means 34a in the decryption key decryption unit 34 determines the location of the usage status database 33a corresponding to the key under the usage condition directory as shown in FIG. Search for power and update the usage database 33a to obtain the next key. In some cases, the corresponding usage conditions are searched from the usage conditions directory, and the usage conditions and usage status are collated. And in the policy file shown in Figure 5 It plays the role of linking the keys stored in each branched directory, usage conditions, and usage status storage locations.
  • the usage authority and the decryption key are not acquired unless they are in a normal order. Also, if the data in one directory does not correspond to the data in the other directory, the decryption key cannot be decrypted, so only a part of the directory is copied or the storage location or path name of one of the directories changes. If this is the case, cooperation with the decryption key decryption means will not be performed, and unauthorized use will be difficult.
  • FIG. 8 An example of a process in which a user A uses a file management program 1 to package a file, and then another user B uses the file included in the knock file. This will be described in detail with reference to the flowcharts of FIGS. 8 to 15 and the configuration diagrams of FIGS. 1, 2, 4, and 6.
  • FIG. 8 An example of a process in which a user A uses a file management program 1 to package a file, and then another user B uses the file included in the knock file.
  • both users A and B who use the file management program 1 must complete user registration after agreeing to the terms of use of the file management program 1.
  • the user terminal 4 accesses the user registration home page stored in the computer such as the server 5 via the network 6, the user registration home page u
  • the server 5 transmits the user registration home page data in the URL received from the user terminal 4 to the user terminal 4 (S115). [0141] The server 5 displays on the user terminal 4 a user registration screen in the user registration home page. The user inputs registration information such as user identification information and user terminal 4 identification information on the user registration screen, and transmits the registration information to the server 5 (S120). Note that the identification information and the like of the user terminal 4 may be automatically extracted and transmitted to the server 5 without the user inputting it.
  • the server 5 checks the registration information also received by the user terminal 4 (S125), and if there is a deficiency such as omission of input (S130), an error message is transmitted to the user terminal 4 (S135).
  • the user's e-mail address included in the registration information has already been registered in the user database 55 of the server 5 (S140), and some of the registration information is different from the registered information. In this case, it is determined that the registration information has been updated, and the registration information in the user database 55 of the server 5 is updated (S 145).
  • the server 5 If there is no fear of incomplete registration or double registration in the registration information, the server 5 generates a user public key / private key pair and stores it in the user database 55 of the server 5 (S150).
  • the public / private key pair generated here is used later when the user terminal 4 and the server 5 transmit / receive any data or when the user terminal 4 itself authenticates the user. Force key generation is not mandatory.
  • the server 5 generates a unique ID (user UID) for each user and a unique ID (user terminal UID) for each user terminal 4, and stores the registration information together with these IDs. (S155), and transmits the registration information stored, the generated public key and private key, the user UID and the user terminal UID together with the registration completion message to the user terminal 4 (S160). If the public key and private key are not generated, it is not necessary to send the key.
  • the user terminal 4 stores the registration information in a predetermined location in the user terminal 4 specified by the server 5 (for example, a predetermined location in the registry) (S165). In addition, with this predetermined place The usage status database 33a generated in advance may be used.
  • user A not only registers as server 5 as described above, but also installs file package program 2 as shown in FIG. 2 on user terminal A of user A. It shall be.
  • the user terminal A activates the installed file package program 2 by double-clicking an icon on the screen (S210).
  • a login screen for the file package program 2 appears on the screen of the user terminal A, so that the user terminal A authenticates whether or not it is a registered user (or the server 5). Therefore, it accepts input devices such as a keyboard for input of login ID and password (S215).
  • the login ID is the user's email address registered at the time of user registration
  • the password is specified by the user at the time of user registration
  • the login ID corresponds to the authentication database 57 on the server 5. This is a character string that is stored.
  • the second password is an authentication result obtained by the authentication device that can be arbitrarily specified by the user.
  • the authentication device may be of any kind as long as it is connected to user terminal A.
  • Authentication devices can be roughly classified into password-based authentication, property authentication (IC card, IC card using PKI certificate, USB key, USB token, etc.), biometric authentication (fingerprint, voiceprint, voiceprint, handwriting, (Face, vein, etc.)
  • the server 5 or the user terminal A can perform user authentication regardless of the type of authentication device user, and the number of user authentications
  • the server 5 or user terminal A has an authentication interface so that the combination can be changed arbitrarily.
  • the authentication interface is in user terminal A because the user does not access the server 5 and This is a case where authentication within the terminal A is requested.
  • the authentication interface uses the above authentication method as follows: (1) Those that contain cryptographic logic (some IC cards, USB keys, biometrics and other PKI), (2) Authentication result YESZNO binary (3) Those that output some character strings (some devices with device IDs such as USB key, MAC address, BIOS serial number, etc.) t As you can see, it is classified by the type of output data (second password) of the authentication device, and the login ID, password, second password, and authentication type of the second password are associated with each other, and the server 5 or user terminal Save to A.
  • the second password is assigned to the user based on the PKI certificate.
  • Data template data encrypted with the public key (hereinafter referred to as PKI public key) and signed with the user's private key (hereinafter referred to as PKI private key) is stored in server 5 or user terminal A.
  • the authentication interface determines the authentication device determined by the request from the user, or the user's second password output from the authentication device determined in advance on the authentication interface side, and the type of the authentication device.
  • the user terminal A force is received together with the password, and is compared with the data already stored.
  • the authentication interface receives the template data corresponding to the mouth guin ID out of the template data already stored in the server 5 or the user terminal A, Using the user's PKI certificate, signature verification and decryption are performed to obtain the second password, which is verified against the data already stored.
  • password verification may be omitted even if only the login ID and the second password are verified.
  • the user can request user authentication by arbitrarily performing the number and combination of authentication types, In addition, since user authentication can be performed with a predetermined number of authentication types and combinations, an authentication device is added to the server 5 or the user terminal 4. It is possible to respond flexibly to the case. In addition, since the authentication is not performed using only one type of password, the accuracy of authentication is improved, and it is not necessary to maintain the confidentiality of the password completely, and the password itself can be stored in the user terminal 4.
  • the authentication interface obtains an arbitrary authentication device power second password as described above (S220).
  • user A selects either user authentication (local login) at user terminal A or user authentication (server login) at server 5 (S225).
  • a pair of public key and private key of user A is generated in the user registration flow of Fig. 8, and the login ID, password, and second pass password are also generated.
  • the generated private key Stored in user terminal A, and the generated private key must be stored in user terminal A with the second password encrypted. .
  • the authentication interface displays the user information (login ID, password, second password, authentication type, public key and secret) required for user authentication on user terminal A. It is checked whether the key pair and the private key encrypted with the second password are registered (S230). If any one of the user information is not registered, the process proceeds to the server login flow in FIG. If local login is not selected, proceed to B in Figure 9.
  • user information login ID, password, second password, authentication type, public key and secret
  • the authentication interface compares the acquired user information with the user information stored in the user terminal A, and further, the user information is encrypted with the second password.
  • the decrypted secret key is decrypted with the second pass key acquired by the authentication interface, and the decrypted secret key is compared with the secret key already stored in the user terminal A (S235).
  • the secret key verification method in the present embodiment will be described in detail below.
  • the usage status database 33a is generated on the user terminal A, and the usage status database is User information including the public key and private key of user A is stored in 33a.
  • the usage status database 33a is encrypted.
  • the replacement table is a kind of cryptanalysis table generated with random numbers and the like, and is a table showing the correspondence before and after replacement.
  • the policy file is also encrypted using this substitution table. This makes it difficult to decipher or illegally use the policy file, which cannot be directly seen by the user or the Service-to-Self.
  • the replacement table is stored in the server information storage file.
  • the server information storage file is a file generated for each server 5, that is, a file for identifying the server 5. Accordingly, when the URL of the server 5 accessed by the user terminal A is changed, the server information storage file itself is also changed.
  • the server information storage file includes a replacement table, a range of user IDs that the server 5 corresponding to the server information storage file allows to use the file management program 1, the URL of the program on the server 5 side, A key for communication between the terminal A and the server 5 (for example, the public key of the server 5) is included.
  • the user ID range here may be the start value and mask value (range) of the user ID! /.
  • the URL of the program on the server 5 side and the key for communication between the user terminal A and the server 5 initialize the program on the server 5 side when the user terminal A accesses the server 5, This is to reduce the burden on the server 5 and to decrypt the encrypted communication from the user terminal A.
  • the server information storage file is stored together, and the server information storage file is stored together. If the file management program 1 is not stored, the file management program 1 cannot be stored. This prevents unauthorized use of the knock file alone.
  • the authentication interface decrypts the encrypted secret key with the second password that has also acquired the authentication device power to obtain the secret key (S235), and further stores the secret key in the server information storage file.
  • the encrypted usage database 33a is decrypted by replacing with the replacement table in the table.
  • the user information stored in the decrypted usage database 33a and the authentication If there is no problem comparing the user information acquired by the interface, user A has succeeded in authentication (login) (S240, S245).
  • the authentication interface checks whether the user terminal UID is registered in user terminal A (S310). In this embodiment, whether or not the user terminal UID is registered depends on whether or not the usage status database 33a is generated in the user terminal A and the user terminal UID is stored in the usage status database 33a. Can be confirmed. In addition, identification information such as the MAC address of user terminal A is also detected by the user terminal A itself, and it is also confirmed by a method such as whether the usage status database 33a encrypted with the identification information can be decrypted. I can do it.
  • the authentication interface transmits the identification information of the user terminal A to the server 5 (S315).
  • the server 5 generates and registers the user terminal UID based on the identification information of the user terminal A (S320).
  • the authentication interface sends the login ID, password, second password, and second password authentication type of user A to server 5 (S325). .
  • the server 5 collates the transmitted information with the information stored in the authentication database 57 in the authentication unit 54 shown in FIG. 2 (S330).
  • the user information stored in is transmitted to the user terminal A (S335).
  • the server 5 can transmit the mail address list of other registered users and the public key list together with the user information of the user terminal A.
  • User A can activate the function block in the file package program 2 by clicking any button on the file package screen.
  • the file designating unit 21 receives from the user A designation of a file to be managed (S410). In FIG. 17, this corresponds to the reference button for specifying the encryption target file, and in FIG.
  • the policy formulation unit 22 receives from the user A policy formulation when another user uses the file specified by the file specification unit 21 (hereinafter referred to as the original file) (S420).
  • the original file (hereinafter referred to as the original file)
  • Fig. 17 it corresponds to the input on the security policy setting screen
  • Fig. 18 it corresponds to the reception of the input force policy development on the policy setting screen.
  • the user Z group for example, User B or development group A to whom the use authority of the original file is given, the expiration date of the original file, the number of times of use of the original file, and the original file are displayed.
  • Develop policies such as the password to use and the authority to use the original file (usage mode).
  • the policy consists of selecting an authorized user Z group, selecting an operation to be permitted (printing, editing, saving, viewing), and selecting viewing conditions (period, number of times, file password).
  • operation view, print, save, edit
  • period and number of times period, period, number of times
  • server check right on server 5 each time it is used
  • Power to check check rights with Sano 5 at a certain frequency Or limit the number of clients (terminals) that can be used) and password settings.
  • the user who is given the authority to use the original file is limited to the registered user, and the user terminal A preliminarily receives the registered user's mail address list received from the server 5 based on the registered user's mail address list.
  • Select a user For example, the users may be selected in a batch for each group.
  • FIG. 22 shows an example of the screen for selecting the authorized user Z group in the screen of FIG. As shown in Fig. 22, from the address book displayed on the left side of the screen, the authorized user Z group is specified by clicking, etc., so that it is displayed in the allowed user Z group column on the right side.
  • the policy formulation unit 22 generates an XML sentence based on the policy formulated by the user A on the user terminal A (S425).
  • the XML sentence is generated here by clarifying the structure of the established policy, and it is easy to generate a policy file that includes the policy object, usage rights, decryption key, and usage conditions. The power to do that It is not always necessary to generate an XML sentence.
  • the generation of the XML sentence may be performed, for example, when the encryption button is clicked in FIG. 17, or in FIG. 18, when the button for saving the policy is clicked. Also good.
  • user A selects whether to generate a policy file on user terminal A (local package) or to generate a policy file on server 5 (server package) (S430).
  • the user terminal A obtains a public key generated in advance for each authorized user (here, user B) of the original file (S435).
  • the public key acquisition method is arbitrary.
  • the server 5 may also receive the registered user's public key list upon successful login.
  • user A performs user registration.
  • a similar public key list may be received.
  • the public key of the authorized user can be obtained.
  • the public key since the public key is disclosed to the user, the local login cannot be performed when the original file is used for the user! / User terminal A cannot perform the server package.
  • the key generation unit 51 of the user terminal A uses a random number decryption key for encrypting the original file as well as a key for opening a policy object of a policy finale generated later for the number of policy objects.
  • the key generation unit 51 or the encryption unit (not shown) of the user terminal A first acquires the key for opening the policy object among the keys generated by the key generation unit 51. Encrypt with the public key of each authorized user (S445). This is because only the authorized user can use the original file by making it possible to decrypt the key only with the private key of the authorized user.
  • the policy file generation unit 52 of the user terminal A combines the usage conditions, usage rights, decryption key, and key for opening the policy object into a directory structure as shown in FIG.
  • a policy file is generated (S450).
  • the policy file is generated in the XML format as well as the established policy.
  • the policy file may be replaced by a predetermined replacement table.
  • the server 5 receives the policy and analyzes the structure of the policy included in the XML sentence (S460). Here, a plurality of policy objects may be generated based on the policy.
  • the key generation unit 51 of the server 5 Based on the received policy, the key generation unit 51 of the server 5 generates a random number decryption key for encrypting the original file and keys corresponding to the number of policy objects (S465).
  • the policy file generation unit 52 of the server 5 Based on the key generated by the key generation unit 51, the policy file generation unit 52 of the server 5 The package history of the original file is stored in the history database 56 (S470), and a policy file is generated based on the key generated by the key generation unit 51 and the policy formulated by the policy formulation unit 22 (S475). The policy file should be replaced by the specified replacement table.
  • the server 5 transmits the generated policy file to the user terminal A (S480).
  • the package part 23 of the user terminal A decrypts the original file based on the policy file generated by the user terminal A in the case of a local package or the policy file generated by the server 5 in the case of a server package. Then, the encrypted original file and the policy file are packaged to generate a package file (S485). A series of flow from S425 force to S485 may be performed in accordance with the click of the B sound key in FIG. 17 or the policy setting button in FIG.
  • user A may add a signature to the generated package file so that a user other than user A can detect that the original file has been tampered with.
  • the signature is attached to the knock file by encrypting the hash value of the original file to be detected for alteration with the private key of User A.
  • the package file is stored in a predetermined storage location designated by user A.
  • the package file stored in the specified storage location is generated so that the authorized user can immediately open it.
  • it is attached to the email addressed to the authorized user and sent. May be.
  • information on the policy set for the permitted user may be displayed in the mail body.
  • the search request unit 24 of the user terminal A can search the history of the package file created by the user A based on the history database 56.
  • 20 and 21 show an example of a package history search screen displayed on the user terminal A.
  • FIG. By using such a package history search screen, user A can grasp for which user and under what usage conditions the original file was packaged. It is also possible to review the policy and repackage the original file as the policy is revised.
  • User B designates a package file stored in a storage medium that can be accessed by user terminal B by double-clicking on user terminal B (for example, user A first packages). S510).
  • user B can receive a notification from user A that the original file that can be used by user B has been packaged, or, as shown in FIG.
  • the user terminal A can automatically send an email with the package file attached to user terminal B! / ⁇ .
  • the file usage program 3 may be started first so that the file specification unit 31 accepts the specification of the package file used by the user B.
  • the user terminal B starts the installed file usage program 3 in conjunction with the designation of the knock file.
  • the file usage program 3 The file format of the specified package file is checked (S515).
  • the file usage program 3 extracts information (ID space information) on the range of user IDs that can use the package file from the package file (S520), and the file usage program 3 It is confirmed whether the server information storage file and replacement table corresponding to the extracted ID space information are stored in the user terminal B (S525). Here, if the replacement table does not exist, the package file is a file that cannot be used by the user B by the file use program 3, so an error notification is sent to the user terminal B (S530).
  • ID space information information on the range of user IDs that can use the package file from the package file (S520)
  • the file usage program 3 It is confirmed whether the server information storage file and replacement table corresponding to the extracted ID space information are stored in the user terminal B (S525).
  • the replacement table does not exist, the package file is a file that cannot be used by the user B by the file use program 3, so an error notification is sent to the user terminal B (S530).
  • the file using program 3 extracts the file basic information from the knock file (S535).
  • the file usage program 3 Based on the extracted file basic information, the file usage program 3 displays on the screen of the user terminal B a user list such as a user Z who is not permitted to use the original file (S540). .
  • User B is the authorized user of the original file based on the screen display of user terminal B. After confirming that it is included in the file, log in to the file usage program 3 (S545). An example of the log-in flow to the file usage program 3 is the same as that described for the log-in to the file package program 2 in the flowcharts of FIGS. .
  • the database generation unit 33 when the specific package file is used for the first time, the database generation unit 33 generates the usage status database 33a in the user terminal B. It is assumed that the policy file contains three policy objects. These three policy objects are chained together in the policy file, and the policy object that contains the usage conditions to be checked at the end is encrypted. It is assumed that the decryption key of the original file and the authority to use the original file are connected.
  • the decryption key decryption unit 34 included in the file usage program 3 is activated and starts decrypting the policy file (S610). If the policy file included in the package file is encrypted (S615), the decryption key decryption unit 34 (or decryption unit 35) decrypts the encrypted policy file. In order to enter, the replacement table stored in user terminal B is retrieved (S620).
  • the decryption key decryption unit 34 extracts the key A stored in the file basic information of the server information storage file or package file (S630), and uses the replacement table to Replace A with key B (S635).
  • the replacement table has been tampered with, and the tampering is detected and the subsequent steps are not allowed to proceed (S640).
  • the replaced key B is expanded on the temporary memory 43 (S645).
  • Decryption key decryption unit 34 decrypts the encrypted policy file by using key B (S710). If the encrypted policy file is not decrypted, it means that key B has been tampered with by someone, and that tampering is detected and the following steps cannot be taken! /, And so on (S715).
  • the collation 'update means 34a of the decryption key decryption unit 34 shown in Fig. 6 is used corresponding to policy object 1 out of the three policy objects constituting the policy file.
  • Condition 1 can be extracted (S720).
  • the activation of the first verification 'update means 34a may be performed by, for example, the key 0 (shown in FIG. 6) sent from the server 5 when the user B has successfully logged in. Or by entering certain symbols.
  • the usage conditions and keys may be stored entirely or partially in a storage medium such as the server 5 or CD-ROM where data cannot be rewritten. It may be issued to User B as a separate file from the policy file.
  • the policy includes usage conditions that require a legitimate evaluation such as date and time, number of times, etc.
  • all or part of the keys and usage conditions may be stored in the server 5.
  • the policy file is different from the policy file, it is more effective for preventing unauthorized use of the original file.
  • the user terminal 4 must access the server 5 each time the original file is used, which increases the burden of network connection. Care must be taken in the design of server 5.
  • the collation / update means 34a checks whether or not the usage status 1 corresponding to the extracted usage condition 1 exists in the usage status database 33a in the user terminal B (S725).
  • Book The usage condition 1 of the embodiment is a power that requires comparison and collation with the data stored in the usage status database 33a in the user terminal B. There are naturally usage conditions that can be verified by the user terminal B and usage conditions that can be verified by the server 5. In this case, the generation of the usage status database 33a is not essential.
  • usage status database 33a itself or usage status 1 does not exist in user terminal B, it indicates that the original file is likely to be used illegally on user terminal 4 other than user terminal B. Therefore, it is not allowed to proceed to the subsequent steps (S730).
  • the checking / updating means 34a is the force that the usage status 1 satisfies the usage condition 1, that is, the range of the usage condition 1. It is confirmed whether it is equivalent to the use in (S735).
  • use condition 1 is "use limit number of times is 10"
  • use condition 1 stored in user terminal B is "current use number of times 3”. Satisfied.
  • the usage status 1 is currently 10 times of usage, it is assumed that the usage condition 1 has not been satisfied, and the subsequent steps are not allowed to proceed (S740).
  • an example of an error screen displayed on user terminal B when it cannot proceed to the subsequent steps is shown in FIG.
  • the usage status is automatically updated to a state where 1 is added to the remaining usage count, etc. Updated.
  • the key 1 extracted from the policy object 1 opens the next policy object 2, and the use condition 2 corresponding to the policy object 2 is extracted (S810).
  • the verification / updating means 34b of the decryption key decryption unit 34 checks with the server 5 whether or not the user B satisfies the usage condition 2 (S815). For example, if the usage condition 2 is the expiration date of the original file, the decryption key decryption unit 34 transmits the usage condition 2 to the server 5 and receives information on the current date and time from the server 5, or the server In 5, check the current date and usage conditions 2 and have the result sent.
  • the decryption key decryption unit 34 sends the use condition 2 to the server 5, and the package file is transmitted from the server 5. Send information about the number of simultaneous accesses based on information such as login access history.
  • the decryption unit 35 extracts the encrypted original file from the knock file and decrypts the encrypted original file using the previous decryption key (S835). .
  • the decrypted original file is expanded on the temporary memory 43 instead of the hard disk 44 of the user terminal B, and the original file can be used on the temporary memory 43, as with the previous decryption key and usage authority. .
  • the reason why the original file is not stored in the hard disk 44 of the user terminal B is to prevent the use of the original file ignoring the use conditions if it is stored in the hard disk 44. is there.
  • the file usage control unit 36 downloads the corresponding software 42 according to the type of the original file that has been decrypted. It is started on the user terminal B (S840), and the original file can be used on the corresponding software 42. At that time, the operation of the corresponding software 42 is controlled based on the acquired use authority (S845). For example, if the usage right acquired by User B is only to view the original file, the save button and the print button that appear on the screen of the corresponding software 42 are not displayed. In addition, the file usage control unit 36 detects the operation and stops the use of the original file when the user B tries to perform usage (for example, printing or saving) outside the usage authority acquired. Or a warning display may be displayed on the screen of the user terminal B.
  • the corresponding software 42 may be prepared in the user terminal B according to the type of the original file, or may be multi-compatible software that does not depend on the type of the original file. Also, the corresponding software 42 is included in the file usage program 3! /, Or even! /.
  • the storage location of the set of packaging files may be moved or copied. Further, as one aspect of the usage authority, when the original file can be saved or edited, the original file itself can be saved on the node disk 44. -If the original file is stored in the hard disk 44, the original file can be used by starting the corresponding software 42 without starting the file use program 3 thereafter.
  • the repackaging unit 37 reads the original file from the corresponding software 42. Get notified that Ayr has been edited.
  • the repackaging unit 37 after finishing editing (for example, displaying a “re-nockage button” on the screen of the user terminal B and detecting that it has been clicked, etc.), reads the edited original file. Then, encrypt the original file before editing with the same decryption key, package it with the policy file and basic file information, and generate a knock file. The generated package file is overwritten on the original package file. In other words, the original package file is deleted, and a new package file is stored in the storage location of the original package file.
  • the policy file is basically the same as the original policy file, but the file basic information may be used for repackaging when the contents are partially updated.
  • the creation user of the original file may be notified to that effect.
  • the access history and repackaging history of user B to server 5 are sequentially stored in the history database 56 of server 5, user A who created the original file can search from the search request unit 24 to the search unit 53 of server 5.
  • a search for user B's original file usage history may be requested. This allows User A to track and manage the original file after it is created.
  • Each means and database in the present invention is only logically distinguished in function, and may be physically or virtually identical. It goes without saying that a data file may be used instead of a database, and the description of a database includes a data file.
  • a storage medium recording a software program that implements the functions of the present embodiment is supplied to the system, and the computer of the system reads and executes the program stored in the storage medium. This is also realized.
  • the program itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the program constitutes the present invention.
  • the program of the present invention is supplied mainly by a method of downloading to a computer via the network 6 such as the LAN 6a or the Internet 6b.
  • a computer such as the LAN 6a or the Internet 6b.
  • Others magnetic disk, light Portable storage media such as disks, magneto-optical disks, magnetic tapes, and non-volatile memory cards can also be supplied to computers.
  • FIG. 1 is a diagram showing an embodiment of a connection configuration between a user terminal installed with a file management program and a server.
  • FIG. 2 is a diagram illustrating an example of the configuration of a file package program and a server.
  • FIG. 3 is a conceptual diagram showing an outline process for generating a package file.
  • FIG. 4 is a diagram showing an example of the configuration of a file usage program and the configuration of a user terminal.
  • FIG. 5 is a diagram showing an example of the data structure of a package file.
  • FIG. 6 is a configuration diagram showing another embodiment of the configuration of the user terminal.
  • FIG. 7 is a conceptual diagram showing an outline process for encrypting a policy file.
  • FIG. 8 is a flowchart showing an example of a process flow of the present invention.
  • FIG. 9 is a flowchart showing another example of the process flow of the present invention.
  • FIG. 10 is a flowchart showing another example of the process flow of the present invention.
  • FIG. 11 is a flowchart showing another example of the process flow of the present invention.
  • FIG. 12 is a flowchart showing another example of the process flow of the present invention.
  • FIG. 13 is a flowchart showing another example of the process flow of the present invention.
  • FIG. 14 is a flowchart showing another example of the process flow of the present invention.
  • FIG. 15 is a flowchart showing another example of the process flow of the present invention.
  • FIG. 16 is a diagram showing an example of a login screen.
  • FIG. 17 is a diagram showing an example of a file package screen.
  • FIG. 18 is a diagram showing another example of a file package screen.
  • FIG. 19 is a diagram showing an example of a mail transmission screen.
  • FIG. 20 is a diagram showing an example of a package history search screen.
  • FIG. 21 is a diagram showing another example of a package history search screen.
  • FIG. 22 is a diagram showing an example of an allowed user group selection screen.
  • FIG. 23 is a diagram showing an example of an error screen.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L’invention concerne un programme de gestion de fichiers pour consolider les fichiers sans réduire la commodité des utilisateurs. Le programme de gestion des fichiers a un bloc de spécification de fichiers (21) qui reçoit la spécification d’un fichier original devant être géré, un bloc de formulation des modes (22) pour formuler un mode pour lequel le fichier original est utilisé, et un bloc d’emballage (23) pour emballer un fichier de modes créé conformément à une clé commune créée pour chaque fichier original et le mode et le fichier original crypté avec la clé commune et créant ainsi un fichier d’emballage. Le fichier d’emballage est ainsi créé de façon à ce que seul l’utilisateur satisfaisant à la condition d'utilisation du mode puisse développer la clé commune dans le fichier de modes et le droit d'utiliser le fichier original sur une mémoire temporaire d'un terminal (4) de l’utilisateur, puisse développer le fichier original crypté avec la clé commune uniquement sur la mémoire temporaire, et puisse utiliser le fichier original dans le cadre du droit d’utilisation.
PCT/JP2005/009908 2004-06-29 2005-05-30 Programme de gestion de fichiers WO2006001153A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004190754A JP2008026925A (ja) 2004-06-29 2004-06-29 ファイル管理プログラム
JP2004-190754 2004-06-29

Publications (1)

Publication Number Publication Date
WO2006001153A1 true WO2006001153A1 (fr) 2006-01-05

Family

ID=35781679

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/009908 WO2006001153A1 (fr) 2004-06-29 2005-05-30 Programme de gestion de fichiers

Country Status (2)

Country Link
JP (1) JP2008026925A (fr)
WO (1) WO2006001153A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011152468A1 (fr) * 2010-06-03 2011-12-08 株式会社 東芝 Dispositif de contrôle d'accès et support d'enregistrement
JP2012083922A (ja) * 2010-10-08 2012-04-26 Fujitsu Ltd データ監視プログラム、データ監視方法及びデータ監視装置
JP2023016044A (ja) * 2017-11-09 2023-02-01 ブロードリッジ・ファイナンシャル・ソリューションズ・インコーポレイテッド 暗号学的に保護された分散データ管理のためのデータベース中心のコンピュータ・ネットワーク・システムおよびコンピュータ実装方法

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009217577A (ja) * 2008-03-11 2009-09-24 Ri Co Ltd バックアッププログラム
JP2009265854A (ja) * 2008-04-23 2009-11-12 Soriton Syst:Kk 機密ファイル管理システム
JP2009271609A (ja) * 2008-04-30 2009-11-19 Soriton Syst:Kk 機密ファイル管理システム
JP5097987B2 (ja) * 2008-06-13 2012-12-12 株式会社マイクロフォーサム 電子ファイル自販機運営システム
CN102227734B (zh) * 2008-11-28 2014-02-26 国际商业机器公司 用于保护机密文件的客户端计算机和其服务器计算机以及其方法
JP2011004385A (ja) * 2009-03-16 2011-01-06 Ricoh Co Ltd 情報処理装置、相互認証方法、相互認証プログラム、情報処理システム、情報処理方法、情報処理プログラム及び記録媒体
JP2010229775A (ja) * 2009-03-30 2010-10-14 Mitsubishi Motors Corp 車両制御装置
JP5509888B2 (ja) * 2010-02-02 2014-06-04 日本電気株式会社 文書管理システム及び文書管理方法
JP2014174721A (ja) * 2013-03-08 2014-09-22 Genetec Corp 情報共有システム
JP5995341B1 (ja) * 2016-06-27 2016-09-21 株式会社 ゼネテック 閲覧用ファイルの閲覧方法、閲覧用ファイルの閲覧プログラム、情報共有システム、情報共有システムのサーバー

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003218851A (ja) * 2001-12-12 2003-07-31 Pervasive Security Systems Inc ディジタル資産を安全化する方法及び装置
JP2003345931A (ja) * 2002-05-28 2003-12-05 Nippon Telegr & Teleph Corp <Ntt> 個人情報流通管理方法,個人情報流通管理システムにおける個人情報認証装置,個人情報利用環境認証装置,個人情報提供装置,個人情報利用装置および開示利用規定判断プログラム,並びに上記各装置用プログラム

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003218851A (ja) * 2001-12-12 2003-07-31 Pervasive Security Systems Inc ディジタル資産を安全化する方法及び装置
JP2003345931A (ja) * 2002-05-28 2003-12-05 Nippon Telegr & Teleph Corp <Ntt> 個人情報流通管理方法,個人情報流通管理システムにおける個人情報認証装置,個人情報利用環境認証装置,個人情報提供装置,個人情報利用装置および開示利用規定判断プログラム,並びに上記各装置用プログラム

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011152468A1 (fr) * 2010-06-03 2011-12-08 株式会社 東芝 Dispositif de contrôle d'accès et support d'enregistrement
JP2011253450A (ja) * 2010-06-03 2011-12-15 Toshiba Corp アクセス制御プログラム及び装置
CN102859530A (zh) * 2010-06-03 2013-01-02 株式会社东芝 访问控制装置以及存储介质
US8719950B2 (en) 2010-06-03 2014-05-06 Kabushiki Kaisha Toshiba Access control apparatus and storage medium
JP2012083922A (ja) * 2010-10-08 2012-04-26 Fujitsu Ltd データ監視プログラム、データ監視方法及びデータ監視装置
JP2023016044A (ja) * 2017-11-09 2023-02-01 ブロードリッジ・ファイナンシャル・ソリューションズ・インコーポレイテッド 暗号学的に保護された分散データ管理のためのデータベース中心のコンピュータ・ネットワーク・システムおよびコンピュータ実装方法
JP7434480B2 (ja) 2017-11-09 2024-02-20 ブロードリッジ・ファイナンシャル・ソリューションズ・インコーポレイテッド 暗号学的に保護された分散データ管理のためのデータベース中心のコンピュータ・ネットワーク・システムおよびコンピュータ実装方法

Also Published As

Publication number Publication date
JP2008026925A (ja) 2008-02-07

Similar Documents

Publication Publication Date Title
CN104662870B (zh) 数据安全管理系统
US6173402B1 (en) Technique for localizing keyphrase-based data encryption and decryption
JP5270694B2 (ja) 機密ファイルを保護するためのクライアント・コンピュータ、及びそのサーバ・コンピュータ、並びにその方法及びコンピュータ・プログラム
CA2578186C (fr) Systeme et procede de commande d&#39;acces
JP4853939B2 (ja) 文書制御システムにおけるオフラインアクセス
KR100464755B1 (ko) 이메일 주소와 하드웨어 정보를 이용한 사용자 인증방법
US20070177740A1 (en) Encryption key distribution system, key distribution server, locking terminal, viewing terminal, encryption key distribution method, and computer-readable medium
US7707416B2 (en) Authentication cache and authentication on demand in a distributed network environment
US20050055552A1 (en) Assurance system and assurance method
US20040177248A1 (en) Network connection system
US12289310B2 (en) Decentralized application authentication
US20080010453A1 (en) Method and apparatus for one time password access to portable credential entry and memory storage devices
US7487535B1 (en) Authentication on demand in a distributed network environment
US8850563B2 (en) Portable computer accounts
WO2006001153A1 (fr) Programme de gestion de fichiers
US7178169B1 (en) Method and apparatus for securing transfer of and access to digital content
JP2002041347A (ja) 情報提供システムおよび装置
JPH10260939A (ja) コンピュータネットワークのクライアントマシン認証方法,クライアントマシン,ホストマシン及びコンピュータシステム
WO2006072994A1 (fr) Système d’authentification d’ouverture de session avec une caméra en réseau
JP4587688B2 (ja) 暗号鍵管理サーバ、暗号鍵管理プログラム、暗号鍵取得端末、暗号鍵取得プログラム、暗号鍵管理システム及び暗号鍵管理方法
JP2011077740A (ja) 鍵情報管理装置
JP3833635B2 (ja) 情報管理システム、キー配信サーバ、情報管理方法、及びプログラム
JP2004213265A (ja) 電子文書管理装置、文書作成者装置、文書閲覧者装置、電子文書管理方法及び電子文書管理システム
JP6464544B1 (ja) 情報処理装置、情報処理方法、情報処理プログラム、及び情報処理システム
JP4683856B2 (ja) 認証プログラムおよび認証サーバ

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION UNDER RULE 69 EPC ( EPO FORM 1205A DATED 26/06/07 )

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP

122 Ep: pct application non-entry in european phase

Ref document number: 05743349

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 5743349

Country of ref document: EP

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载