JP2002278821A - System and method for managing data and program for providing computer with data managing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide high security and the efficiency use of a storage area. SOLUTION: A data managing system 100 is provided with a communication interface 114, which is connected to a network, for receiving data from an HTTP server, an application security managing part 124 and a recording medium read/write part 150. The application security managing part 124 is provided with a circuit for setting an application group for each of received data on the basis of the URL of the HTTP server and a circuit for judging possibility of access to data requested to read by an application on the basis of rules stored on an access control managing database 140. The recording medium read/write part 150 is provided with a circuit for reading data stored on a fixed disk 152 when the application security managing part 124 permits access.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data management technique for a computer, and more particularly, to a data management technique that ensures high security and can efficiently use a storage area.

[0002]

2. Description of the Related Art Computers store a large number of files on a fixed disk or memory. The application accesses these files to read and write data as needed. A system for managing such file access is disclosed in Japanese Patent Laid-Open No. 5-33416.
No. 4 discloses this.

The system disclosed in this publication is a file system for managing a plurality of files. The file system has a file attribute setting circuit for setting file attributes for each of a plurality of managed files, an access condition setting circuit for setting an access condition for the file system, and interpreting the access condition to access the file system. And an access circuit.

According to this system, the file attribute setting circuit sets a file attribute for each of a plurality of files managed in advance. Prior to the access to the file system by the program, the access condition is set by the access condition setting circuit. The program makes conditional access to the file system via the access circuit. As a result, only information about the file to be processed is obtained as a response. As a result, attributes are individually set for the file group managed by the file system. This attribute is an attribute capable of distinguishing a file targeted by the program from other files. With such an attribute, information on files that are not to be processed by the program is excluded from the processing targets of the program. In this way, the file system is accessed with a condition based on the attribute, and the program (or the user) sees only the target file in the file system. No need to process.

[0005]

However, in the system disclosed in the above publication, the user must determine and set the attributes of each file before executing the program. In particular, it is difficult for a user to set attributes when automatically installing a program or when many programs are installed. Further, in the system disclosed in this publication, even if a file common to many programs exists, the file is redundantly stored, so that the storage area cannot be used efficiently.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-described problem, and it is an object of the present invention to provide an attribute to a file without requiring a user's operation and determine whether or not access is possible based on the attribute. Accordingly, an object of the present invention is to provide a data management system, a data management method, and a program for realizing a data management system that realize high security and efficient use of a storage area.

[0007]

A data management system according to a first aspect of the present invention includes: a setting unit for setting management information for each data based on information on a source of the data;
A storage unit connected to the setting unit for storing data and management information for each data; and a determination unit connected to the storage unit for determining whether to access the data based on the management information. including. The source of data refers to the distribution server from which the data is obtained, the creator from which the data is generated, and the like.

According to the first invention, the setting means creates management information for each data based on the source of the data (for example, the name of the server to which the data is downloaded) without the user's work. When there is an access request to the data stored in the storage unit, the determination unit determines whether access is possible based on the management information stored for each data. Thereby, based on the source of the data, it is possible to realize a control in which only the data whose source is apparent is accessible, and the data whose source is not apparent is not accessible. As a result, it is possible to provide a data management system that provides management information to a file without requiring user's work, determines whether access is possible based on the management information, and realizes high security.

[0009] The data management system according to the second invention comprises:
In addition to the configuration of the first aspect, the information processing apparatus further includes a receiving unit for receiving data from another computer, and the setting unit transmits data management information based on information representing the other computer that has transmitted the data. Includes means for setting.

[0010] According to the second invention, the receiving means is an HTT.
Receives data downloaded from a P (Hypertext Transfer Protocol) server or the like. The setting means is HT
Management information is created for each data based on the information representing the TP server. Thereby, for example, management information based on the URL (Uniform Resource Locators) of the HTTP server can be created without the user's work.

[0011] A data management system according to a third aspect of the present invention comprises:
In addition to the configuration of the first or second aspect of the present invention, the information processing apparatus further includes related information storage means for storing related information for associating management information with each other. It includes means for determining whether access is possible.

[0012] According to the third aspect, the determining means can access not only the data in which the specific management information is set but also the data in which the management information associated with the management information is set by the related information. Control that makes access impossible can be realized. Accordingly, it is possible to determine whether access is possible for the data downloaded from the same HTTP server and realize high security.

[0013] A data management system according to a fourth aspect of the present invention comprises:
In addition to the configuration of the third aspect of the invention, the information processing apparatus further includes a change unit connected to the related information storage unit for changing the related information by a person.

According to the fourth aspect, the related information for associating the management information with each other can be changed by a person. This makes it possible to manage access by associating management information based on the source of the data with the work of the user.

[0015] A data management system according to a fifth aspect of the present invention comprises:
In addition to the configuration of the first or second aspect of the invention, the information processing apparatus further includes a deletion determination unit for determining whether data can be deleted based on the management information.

According to the fifth aspect, the deletion determining means determines that data can be deleted based on the management information,
It can be determined that it is impossible. As a result, data downloaded from the same server can be collectively deleted. As a result, a data management system that can efficiently use a storage area by adding management information to a file without requiring user's work and deleting a plurality of data at a time based on the management information is provided. Can be provided.

[0017] A data management system according to a sixth aspect of the present invention comprises:
In addition to the configuration of the third or fourth aspect of the present invention, the information processing apparatus further includes a deletion determining unit for determining whether data can be deleted based on the management information and the related information.

According to the sixth aspect, the deletion judging means can delete not only the data in which the specific management information is set but also the data in which the management information associated with the management information is set by the related information. , It is possible to realize control that makes deletion impossible. This makes it possible to provide a data management system that can efficiently use a storage area by determining whether data downloaded from the same HTTP server can be collectively deleted and deleting related data collectively.

According to a seventh aspect of the present invention, there is provided a data management method comprising: a setting step of setting management information for each data based on information relating to a data source; and a storage step of storing data and management information for each data. And judging whether to access data based on the management information.

According to the seventh invention, in the setting step,
Based on the source of the data, management information is created for each piece of data without user intervention. In the determining step, when there is an access request to the data stored in the storing step, it is determined whether or not access is possible based on the management information stored for each data. Thereby, based on the source of the data, it is possible to realize a control in which only the data whose source is apparent is accessible, and the data whose source is not apparent is not accessible. As a result, it is possible to provide a data management method in which management information is provided to a file without requiring user's work, access is determined based on the management information, and high security is realized.

A data management method according to an eighth aspect of the present invention is the
In addition to the configuration of the present invention, further includes a receiving step of receiving data from another computer, the setting step,
Setting data management information based on information representing another computer that has transmitted the data.

According to the eighth aspect, in the receiving step,
Receives data downloaded from an HTTP server or the like. In the setting step, management information is created for each data based on the information representing the HTTP server. Thereby, for example, management information based on the URL of the HTTP server can be created without the user's work.

[0023] A data management method according to a ninth aspect of the present invention is the data management method according to the seventh aspect.
Alternatively, in addition to the configuration of the eighth invention, the information processing apparatus further includes a related information storing step of storing related information for associating the management information with each other, and the determining step determines whether or not to access the data based on the management information and the related information. Including the step of determining.

According to the ninth aspect, in the determining step,
It is possible to realize not only the data in which the specific management information is set but also the control in which the data in which the management information associated with the management information is set by the related information is made accessible or inaccessible. Thereby, the same HT
High security can be realized by judging whether the data downloaded from the TP server can be accessed collectively or not.

A data management method according to a tenth aspect of the present invention further includes, in addition to the configuration of the ninth aspect, a step of changing related information by a person.

According to the tenth aspect, the related information for associating the management information with each other can be changed by a person.
This makes it possible to manage access by associating management information based on the source of the data with the work of the user.

[0027] The data management method according to the eleventh aspect of the present invention further includes, in addition to the configuration of the seventh or eighth aspect, a deletion determining step of determining whether data can be deleted based on the management information.

According to the eleventh aspect, in the deletion determining step, it is possible to determine whether data can be deleted or not based on the management information. As a result, data downloaded from the same server can be collectively deleted. As a result, a data management method that can efficiently use a storage area by adding management information to a file without requiring user's work and deleting a plurality of data at a time based on the management information is provided. Can be provided.

A data management method according to a twelfth aspect of the present invention further includes, in addition to the configuration of the ninth or tenth aspect, a deletion determining step of determining whether data can be deleted based on the management information and the related information. .

According to the twelfth aspect, in the deletion determining step, not only the data in which specific management information is set, but also
With the related information, it is possible to realize control of enabling or disabling deletion of data in which management information associated with the management information is set. This allows the same HTT
It is possible to provide a data management method that can efficiently use a storage area by determining whether data downloaded from a P server can be collectively deleted and deleting related data collectively.

[0031] A program according to a thirteenth aspect of the present invention stores, in a computer, setting means for setting management information for each data on the basis of information on the source of the data, data, and management information for each data. And a determining means for determining whether or not access to data is possible based on the management information.

According to the thirteenth aspect, the computer comprises:
Based on the source of the data, management information is created for each piece of data without user intervention. When there is an access request for the stored data, the computer determines whether or not access is possible based on the management information stored for each data. Thereby, based on the source of the data, it is possible to realize a control in which only the data whose source is apparent is accessible, and the data whose source is not apparent is not accessible. As a result, it is possible to provide a program for realizing a data management system capable of ensuring high security by assigning management information to a file without requiring a user's work, determining whether access is possible based on the management information, or not.

[0033] A program according to a fourteenth invention is a program according to the thirteenth invention.
In addition to the configuration of the invention, the program further includes a program for causing a computer to function as receiving means for receiving data from another computer, wherein the setting means is configured based on information representing the other computer which has transmitted the data. Means for setting data management information.

According to the fourteenth aspect, the computer comprises:
Receives data downloaded from an HTTP server or the like. The computer creates management information for each data based on the information representing the HTTP server. Thereby, for example, management information based on the URL of the HTTP server can be created without the user's work.

A program according to a fifteenth invention is a program according to the thirteenth invention.
Or, in addition to the structure of the fourteenth invention, a computer
The information processing apparatus further includes a program for functioning as related information storage means for storing related information for associating management information with each other, and the determining means determines whether or not access to data is possible based on the management information and the related information. Means.

According to the fifteenth aspect, the computer is:
It is possible to realize not only the data in which the specific management information is set but also the control in which the data in which the management information associated with the management information is set by the related information is made accessible or inaccessible. Thereby, the same HT
High security can be realized by judging whether the data downloaded from the TP server can be accessed collectively or not.

According to a sixteenth aspect of the present invention, there is provided a program according to the fifteenth aspect.
In addition to the configuration of the invention described above, the program further includes a program for causing a computer to function as a change unit for changing related information by a person.

According to the sixteenth aspect, the related information for associating the management information with each other can be changed by a person.
This makes it possible to manage access by associating management information based on the source of the data with the work of the user.

A program according to a seventeenth invention is a program according to the thirteenth invention.
Or, in addition to the structure of the fourteenth invention, a computer
The program further includes a program for functioning as deletion determination means for determining whether data can be deleted based on the management information.

According to the seventeenth aspect, the computer comprises:
Based on the management information, it can be determined that data deletion is possible or impossible. As a result, data downloaded from the same server can be collectively deleted. As a result, a data management system that can efficiently use a storage area by adding management information to a file without requiring user's work and deleting a plurality of data at a time based on the management information is provided. We can provide a program to realize it.

A program according to an eighteenth aspect of the present invention is the program according to the fifteenth aspect.
Or, in addition to the configuration of the sixteenth aspect, a computer
The program further includes a program for functioning as a deletion determination unit for determining whether data can be deleted based on the management information and the related information.

According to the eighteenth aspect, the computer comprises:
It is possible to realize not only data for which specific management information is set but also control for enabling or disabling deletion of data for which management information associated with the management information is set based on related information. This makes it possible to determine whether or not data downloaded from the same HTTP server can be collectively deleted, and to delete related data in a batch to realize a data management system that can efficiently use a storage area. Can be provided.

[0043]

Embodiments of the present invention will be described below with reference to the drawings. In the following description, the same components are denoted by the same reference numerals. Their names and functions are the same. Therefore, detailed description thereof will not be repeated.

Referring to FIG. 1, a data management system 100 according to the present embodiment includes an interface unit 110 for input / output and communication, and a data management system 100.
And a storage unit 130 that stores applications, data, and rules.

The interface unit 110 includes an input / output interface 112 such as a keyboard and a monitor, and an HTT, which is another computer connected to a network.
A communication interface 114 for communicating with the P server and receiving data. A user inputs an application installation instruction, an execution instruction, an uninstallation instruction, a rule editing instruction, and an editing rule to the input / output interface 112.

The control unit 120 controls an application state (installation, execution, uninstallation, rule editing) by an application state control unit 122;
When there is a data access request from the application, access permission / non-permission is determined based on the rules stored in the storage unit 130, an instruction to read the data stored as accessible is given to the storage unit 130, And an application security management unit 124 for reflecting the change in the database.

The storage unit 130 includes an access control management database 140 and a recording medium read / write unit 150. The access control management database 140 is a general rule database 1 that stores general rules for access control.
42 and an individual rule database 144 that stores individual rules for access control. The recording medium read / write unit 150 includes a fixed disk 152 and a memory 154. The recording medium read / write unit 150 accesses data stored in the fixed disk 152 and the memory 154 according to an instruction from the application security management unit 124.

Referring to FIG. 2, index data stored in fixed disk 152 will be described. The index data shown in FIG. 2 is stored in the fixed disk 152 when an application group calculation process described later is executed. The index data stores a character string for each index that is a continuous number starting from “001”. The stored character string is the communication interface 1
14 is a character string included in the URL of the HTTP server connected via the HTTP server 14. Character strings of URLs separated by “/” are stored for each index.

Referring to FIG. 3, application groups stored in fixed disk 152 will be described.
As shown in FIG. 3, the application group includes an AGI (Application Group Identifier) hierarchically representing URLs by connecting indices with hyphens, and an AG.
The URL includes the URL corresponding to I and the root directory of the file system. The root directory defines the correspondence between the AGI and the actual file system. Thereby, the command described in the application (for example, sub_fopen (AGI, file name, read / write flag))
By mapping the AGI and the directory in the file system to the file system, it is possible to access a desired file.

Referring to FIG. 4, general rules stored in general rule database 142 will be described. FIG.
As shown in (1), general-purpose rules are rules prepared by the system in advance, not rules created by the user. This general rule includes "canSameAGIAccessToEachOt
her ", data set with the same AGI is mutually accessible (for example,
1-2-3 and 1-2-3), "canParantAccessToChild
As shown by “ren”, when the parent-side AGI is set, the rule that the data set with the child-side AGI is accessible (for example, 1-2-3 and 1-
2-3-4), as represented by "canSiblingsAccessToEachOther", a rule that sibling AGI-set data can be mutually accessed (for example, 1-2-3 and 1-2) 4). Since this general rule is prepared in advance by the system, the user specifies "TRUE / FALSE". Note that the most basic rule “canSameAGIAccessToEachOther” is set to “TRUE” without being specified by the user. As a result, at least one rule is set without intervention of the user.

The individual rules stored in the individual rule database 144 will be described with reference to FIG. FIG.
As shown in (1), the individual rules are not rules prepared in advance by the system, but rules created by the user. This individual rule includes “canReadSet [1-2-3 /
1-6-3] ", data with an AGI set between"["and"]"can be accessed mutually (in this case, 1-2-3 And 1-6
3). This individual rule is input by the user via the input / output interface 112. If a conflict occurs between the general rule and the individual rule, the individual rule is applied preferentially.

Data management system 1 according to the present embodiment
00 is a computer such as a PDA (Personal Digital Assistant) or a personal computer,
This is realized by a CPU (Central Processing Unit) executing a predetermined program. That is, the application state control unit 1 included in the control unit 120 described above.
22 and application security management unit 124
Are realized by the CPU executing a predetermined program.

FIG. 6 shows an external view of a computer system which is an example of a computer for realizing the data management system 100. Referring to FIG. 6, a computer system 200 includes a computer 202 having an FD (Flexible Disk) drive device 206 and a CD-ROM (Compact Disc-Read Only Memory) drive device 208, and a monitor 20.
4, a keyboard 210, and a mouse 212.

FIG. 7 shows this computer system 200.
Is shown in block diagram form. As shown in FIG. 7, a computer 202 includes a CPU (Central Processing Unit) 220 connected to each other via a bus, in addition to the above-described FD drive device 206 and CD-ROM drive device 208.
, A memory 222, a fixed disk 224, and a communication interface 228 for communicating with another computer
And The FD 216 is mounted on the FD driving device 206. The CD-ROM drive 208 has a CD-ROM 2
18 is mounted. These FD216 and CD-R
The OM 218 stores a predetermined program.

As described above, the data management system 1
00 is realized by computer hardware and a program executed by the CPU 220. Generally, such programs are FD216, CD-ROM21
FD driving device 2
06 or a CD-ROM drive device 208 or the like, and is temporarily stored in the fixed disk 224. Further, the data is read from the fixed disk 224 to the memory 222 and executed by the CPU 220. When the data management system 100 does not use such a recording medium, the data management system 100 receives a predetermined program from another computer connected to the network via the communication interface 228. In this case, a program recorded in another computer is received by the communication interface 228 via the network, and is stored in the fixed disk 224.
Is stored once. Further, the data is read from the fixed disk 224 to the memory 222 and executed by the CPU 220.

The hardware itself of these computers is general. The computer includes a control circuit including a CPU, a storage circuit, an input circuit, an output circuit, and an OS.
(Operating System) and an environment for executing programs. The program of the present invention is a program that causes such a computer to function as a data management system. Therefore, the most essential part of the present invention is a program recorded on a recording medium such as an FD, a CD-ROM, a memory card, and a fixed disk, and a program transmitted from another computer via a communication line.

Since the operation of the computer shown in FIGS. 6 and 7 is well known, detailed description thereof will not be repeated here.

Referring to FIG. 8, data management system 10
0 is implemented by the following flowchart.

Step (hereinafter, step is abbreviated as S)
At 100, CPU 220 determines whether or not a download request input by the user via keyboard 210 or mouse 212 has been detected. If a download request is detected (YES in S100), the process proceeds to S102.
Moved to On the other hand, if a download request is not detected (NO in S100), the process returns to S100 and waits until a download request is detected.

At S102, CPU 220 proceeds to S100
A data transmission command is transmitted based on the download request detected in. At this time, the transmission destination of the data transmission command is, for example, an HTTP server. The HTT
The P server is specified by the URL. At S104,
CPU 220 transmits, via communication interface 228, the HTT that transmitted the data transmission command in S102.
It is determined whether or not download data has been received from the P server. When the download data is received (S104
Is YES), the process proceeds to S106. On the other hand, if the download data is not received (NO in S104),
The process returns to S100, and waits for reception of download data from the HTTP server.

At S106, CPU 220 proceeds to S104
Stores the received download data in the buffer. In S108, CPU 220 calculates an application group of the received download data. This application group calculation process will be described in detail with reference to FIG.

At S110, CPU 220 updates the application group data (FIG. 3) stored in fixed disk 224. At S112, CPU 220
Secures the area required for the corresponding file system. For example, at this time, a predetermined storage area of the fixed disk 224 is secured.

At S114, CPU 220 determines whether or not a predetermined storage area has been secured. If the area can be secured (YES in S114), the process proceeds to S116. On the other hand, if the area cannot be secured (N114
O), the process is moved to S126.

At S116, CPU 220 issues a data read instruction to the buffer. At S118, CPU 2
20 determines whether data has been received from the buffer. When data is received from the buffer (Y in S118)
ES), the process proceeds to S120. If data has not been received from the buffer (NO in S118), the process returns to S116, and CPU 220 issues a data read instruction to the buffer.

At S120, CPU 220 records the data received from the buffer on a recording medium. The recording medium recorded at this time is the fixed disk 224 or the like.

At S122, CPU 220 determines whether or not the recording on the recording medium has been completed normally. When the recording on the recording medium ends normally (YES in S122),
The process proceeds to S124. On the other hand, if the recording on the recording medium does not end normally (NO in S122), the process proceeds to S1.
Moved to 28.

At S124, CPU 220 performs a normal end process of the installation process. In this normal end processing, for example, the monitor 204 is displayed to indicate that the installation processing has ended normally.

At S126, if an area cannot be secured (NO at S114), CPU 220 performs an area securing error process. This area securing error processing causes the monitor 204 to display that a necessary storage area cannot be secured, for example.

At S128, CPU 220 determines that the recording on the recording medium does not end normally (NO at S122).
O) Perform write error processing. This write error processing causes the monitor 204 to display that recording on the recording medium is impossible.

At S130, CPU 220 proceeds to S126
After the processing of S128, abnormal termination processing is performed. This abnormal end processing causes the monitor 204 to display, for example, that the installation processing did not end normally.

Referring to FIG. 9, data management system 10
The application group calculation process executed at 0
This is realized by the following flowchart.

At S200, CPU 220 obtains the URL. The URL is acquired by the data management system 1
Obtained from a browser executed at 00. S202
, The CPU 220 obtains the URL acquired in S200.
Into the protocol, server name, and file hierarchy.
In S204, CPU 220 determines whether or not the character string of the protocol exists in the index data shown in FIG. If the character string of the protocol exists in the index data shown in FIG. 3 (YES in S204), the process proceeds to S212. On the other hand, if the character string of the protocol does not exist in the index data shown in FIG.
(NO at 204), the process proceeds to S206.

At S206, CPU 220 stores the character string of the protocol in a portion corresponding to index (m) of the index data shown in FIG. At this time, the variable m is obtained by adding 1 to the number of indices in which the character strings are already stored. The index (m) is “0
It is a number that continues from “01”.

At S208, CPU 220 sets A (1)
To the index (m). Thus, when a character string not registered in the index data shown in FIG. 2 newly appears, an index obtained by adding 1 to the number of indexes in which the character string is already registered is substituted into A (1). In S210, CPU 220 adds 1 to variable m. Thereafter, the process proceeds to S214.

In S212, if the character string of the protocol exists in the index data (YES in S204), CPU 220 substitutes an index already existing in the index data for A (1). At this time, for example, when the character string of the protocol is “http”, “1” is substituted into A (1).

At S214, CPU 220 determines whether or not the character string of the server name exists in the index data. If the character string of the server name exists in the index data (YES in S214), the process proceeds to S222. On the other hand, if the character string of the server name does not exist in the index data (NO in S214), the process proceeds to S216.

At S216, CPU 220 stores the character string of the server name in the portion corresponding to the index (m) of the index data shown in FIG. At S218,
The CPU 220 substitutes the index (m) for A (2). At S220, CPU 220 adds 1 to variable m. Thereafter, the process proceeds to S224.

At S222, CPU 220 determines that the character string of the server name exists in the index data (S21).
4) (YES), and substitute the index already existing in the index data into A (2). At this time, for example, if the character string of the server name is “www.aaa.co.jp”, “2” is substituted for A (2).

At S224, CPU 220 decomposes the file hierarchy with "/" and extracts each character string. The character strings extracted at this time are W (3) to W (n-
1). At this time, the variable n is the number of delimited character strings when the URL including the protocol and the server name is delimited by “/”. In the URL, since the file name (such as “cardgames.exe”) is usually the lowest layer of the file hierarchy, it is not calculated as an application group. This is because there is no need to associate files.

At S 226, CPU 220 determines whether or not the character string of the file hierarchy exists in the index data. If the character string of the file hierarchy exists in the index data (YES in S226), the process proceeds to S
234. On the other hand, if the character string of the file hierarchy does not exist in the index data (N in S226)
O), the process is moved to S228.

At S 228, CPU 220 stores the character string of the file hierarchy in the portion corresponding to index (m). In S230, CPU 220 substitutes index (m) (i = 3... (N-1)) for A (i). At S232, CPU 220 adds 1 to variable m.

At S 234, if the character string of the file hierarchy exists in the index data (YES in S 226), CPU 220 determines the index already present in the index data in A (3) to A (n−1). Is assigned.

The processing in S226 to S234 is performed for the variable i from 3 to (n-1). As a result, the indexes are determined for all the character strings (including the protocol and the server name) included in the URL acquired in S200 except the character string at the lowest layer.

At S236, CPU 220 outputs the determined index (A (1) to A (n-1)). The index output at this time is, for example, "1-2-3" as shown in FIG. The output “1-2-3” is the AGI of the downloaded application.

Referring to FIG. 10, application execution processing executed in data management system 100 according to the present embodiment is realized by the following flowchart.

At S300, CPU 220 determines whether or not an application execution request input from the user via keyboard 210 or mouse 212 has been detected. When an application execution request is detected (S30
(YES at 0), the process proceeds to S302. On the other hand, if no application execution request is detected (NO in S300), the process returns to S300, and waits until an application execution request is detected.

At S302, CPU 220 calculates an application group for the application for which the execution request has been input. At this time, the application group data shown in FIG. 3 is referred to. As a result of the reference, the URL is converted to AGI.

At S304, CPU 220 determines whether there is a request to access the file system. If there is a request to access the file system (YES in S304), the process proceeds to S306. On the other hand, if there is no access request to the file system (N in S304)
O), the process returns to S304, and waits for a request to access the file system. At this time, regarding the detection of the access request, when the CPU 220 detects, for example, a general file read instruction (fopn (file name, read flag)) in the application, the file read instruction (sub) specifying the application group name
_Fopn (AGI, file name, read flag) is detected. General file read command (A
In the case of a file read command that does not include a GI,
The AGI converted in 2 is the designated AGI as
It is determined whether the file can be accessed.

At S306, CPU 220 determines whether or not access is permitted. At this time, the general rules shown in FIG. 4 and the individual rules shown in FIG. 5 are referred to. Based on these rules and the AGI converted in S302 and the AGI specified in the file read command, it is determined whether or not the running application can access the specified file.

At S308, CPU 220 determines whether or not access is possible. If access is possible (YES in S308), the process proceeds to S310. On the other hand, if access is not possible (S308)
NO), the process proceeds to S316.

At S310, CPU 220 performs a file access process. At S312, CPU 220
Determines whether the file access process has been completed normally. When the file access process ends normally (S
If YES at 312), the process proceeds to S314. On the other hand, if the file access processing does not end normally (S3
12NO), the process proceeds to S318.

At S314, CPU 220 performs a normal end process for the application execution process.

In S316, if the access is not possible as a result of the access permission determination (S3
(NO at 08), access violation error processing is performed. The access violation error processing is performed by, for example,
Display that access to a file for which access is not permitted has been performed.

At S318, CPU 220 performs an access error process if the file access is permitted but the file access is not normally completed (NO at S312). Access error handling is, for example,
The monitor 204 displays that access is permitted but data reading has failed.

At S320, CPU 220 determines at S316
After the processing in S318, an abnormal termination processing for the application execution processing is performed.

Referring to FIG. 11, the uninstallation process executed in data processing system 100 according to the present embodiment is realized by the following flowchart.

At S400, CPU 220 determines whether or not an uninstall request input by the user via keyboard 210 or mouse 212 has been detected. When an uninstall request is detected (YE in S400)
S), the process is moved to S402. On the other hand, if no uninstall request is detected (NO in S400), the process waits until an uninstall request is detected.

At S402, CPU 220 proceeds to S400
The AGI of the application to be uninstalled is calculated based on the uninstallation request detected in (1). In S404, CPU 220 searches for application group data shown in FIG. At this time, S4
The corresponding root directory is searched based on the AGI calculated in 02. At this time, the AGI calculated in S402 and the general rule shown in FIG.
The root directory having a certain relation based on the individual rule shown in (1) is searched.

At S406, CPU 220 determines at S404
As a result of the search in, it is determined whether application group data (root directory) exists. If the application group data exists (S
The process moves to S408. If application group data does not exist (NO in S406), the process proceeds to S416.

At S408, CPU 220 releases the area of the existing root directory. At S410, C
The PU 220 determines whether the area release has been completed normally. When the area release ends normally (YE in S410)
S), the process is moved to S412. On the other hand, if the area release does not end normally (NO in S410), the process proceeds to S41.
Moved to 8.

At S412, CPU 220 updates the application group data shown in FIG. At this time, of the general rules and individual rules shown in FIGS.
E "or individual rules are deleted.

At S414, CPU 220 performs a normal end process for the uninstall process.

In S416, if predetermined application group data has not been retrieved (NO in S406), CPU 220 performs a retrieval error process. In the search error process, for example, the monitor 204 displays that data corresponding to the application to be uninstalled has not been searched.

At S418, CPU 220 performs release error processing when the data to be uninstalled exists but the area release failed (NO at S410).
This release error processing causes the monitor 204 to display, for example, that the data to be uninstalled exists but the area release failed.

At S420, CPU 220 returns to S416
After the processing of S418, abnormal termination processing of uninstallation is performed.

Referring to FIG. 12, the access control change processing executed in data management system 100 according to the present embodiment is realized by the following flowchart.

At S500, CPU 220 determines whether or not an access control change request input from the user via keyboard 210 or mouse 212 has been detected. If an access control change request is detected (YES in S500), the process proceeds to S502. On the other hand, if no access control change request is detected (NO in S500), the process returns to S500, and waits until an access control change request is detected.

Note that the access control change request input by the user in S500 is, specifically, “TRUE / FALSE” of the general rule shown in FIG. 4, and the rule ID of the individual rule shown in FIG. In the case where the specified rule is deleted), or in addition to the individual rules shown in FIG. 5, the content of the newly added rule is input by the user.

At S502, CPU 220 reads the access control management database storing the general rules and the individual rules. In S504, CPU 220 determines whether or not to change. At this time, the CPU 220
At 500, it is determined whether to change the access control request based on the detected content. Specifically, this is performed based on the “TRUE / FALSE” column of the general rule shown in FIG. 4 and the individual rule list in FIG. If the rule is to be changed (YES in S504), the process proceeds to S506. On the other hand, if the rule is not changed (NO in S504), the process proceeds to S508.

At S506, CPU 220 changes and stores the general rule or the individual rule stored in the access control management database. At S508, CPU 2
20 performs a change error process. This change error process causes, for example, the monitor 204 to display that the corresponding rule could not be searched.

The operation of the data management system 100 based on the above structure and flowchart will be described.

[Installation Operation] An installation operation when a user inputs a URL of an HTTP server from the keyboard 210 and downloads a certain application and data will be described.

When the user inputs the URL of the HTTP server from keyboard 210, a download request is detected (YES in S100), and a data transmission command is transmitted to the HTTP server (S102). When the download data is received from the HTTP server (YE in S104)
S), the received download data is stored in the buffer (S106). The application group is calculated (S108), and the application group data shown in FIG. 3 is updated (S110).

In order to store the data stored in the buffer, the area of the root directory of the file system shown in FIG. 3 is secured (S112). When the area is secured (YES in S114), data is read from the buffer (S116). When data is received from the buffer (YES in S118), the received data is recorded on a storage medium (S120).

[Application Group Calculation Operation] The application group calculation operation will be described below. For example, "http: // ww
w.aaa.co.jp/AprGr1/apr1.exe ”, application 2
As “http://www.aaa.co.jp/AprGr1/apr2.exe”, and as data 1 “http://www.aaa.co.jp/AprGr1/titlefig
ure.png ”and application 3 as“ http: //www.aa
a.co.jp/AprGr2/apr3.exe ”,“ http://www.bbb.com/AprGr1/apr4.exe ”as application 4 and“ http://www.aaa.com/AprGr1/ apr5.e
The case where “xe” is downloaded will be described.

When the application 1 is downloaded, a URL is obtained (S200). The URL acquired at this time is the URL of the application 1 “http: // w
ww.aaa.co.jp/AprGr1/apr1.exe ”. The URL is decomposed into a protocol, a server name, and a file hierarchy (S20).
2). At this time, "http" is used as the protocol, "www.aaa.co.jp" is used as the server name, and "Apr" is used as the file hierarchy.
Gr / apr1.exe ".

Since the character string of the protocol already exists in the index data shown in FIG. 2 (YE in S204)
S), “1”, which is an existing index, is assigned to A (1) (S212).

Since the character string of the server already exists in the index data shown in FIG. 2 (YES in S214),
“2”, which is an existing index, is substituted into A (2) (S222).

The file hierarchy is decomposed by “/” (S22).
4), “AprGr” as W (3) and “aprG” as W (4)
1.exe "is extracted. At this time, application 1
Are four characters including the protocol and the server name. Therefore, the application group is calculated up to W (3) which is the first file hierarchy decomposed by “/”. W (3)
Is already present in the index data shown in FIG. 2 (YES in S226), "3" which is an index corresponding to "AprGr1" already existing in A (3) is substituted (S234). .

For the application 1, "1-2-3" is output as the AGI (S236).

Such an operation is performed by the application 1,
Application 2, data 1, application 3,
This is performed for the application 4 and the application 5, respectively. In the course of this operation, if the URL includes a character string that does not exist in the index data shown in FIG. 2 (NO in S204, NO in S214, NO in S226), the number of index data (m− 1)
A new character string is stored corresponding to the index (m) obtained by adding 1 to (S206, S216, S228). An index corresponding to the new character string is obtained (S20).
8, S218, S230), 1 is added to the variable m, and the index data is updated (S210, S220,
S232).

As a result of performing the application group calculation operation as described above, the AGI is “1-2-3” for application 1, “1-2-3” for application 2, and “1-3” for data 1 2-
3 ”,“ 1-2-4 ”for application 3,
The application 4 is calculated as “1-5-3”, and the application 5 is calculated as “1-6-3”.
As a result of such an operation, data as shown in FIG. 3 is stored as application group data.

[Application Execution Operation] An application execution operation when an execution request is made for the application 1 will be described. It should be noted that the access control management database has a general rule as shown in FIG.
It is assumed that the rules shown in FIG. 5 are set as the individual rules, respectively.

When an execution request for the application 1 is input from the keyboard 210 or the mouse 212 (S300)
Is YES), the application group of the application 1 is calculated (S302). At this time, the application group is calculated as “1-2-3”.

When there is a data read command for data 1 in application 1 (YES in S304),
It is determined whether access is possible (S306). At this time, the access request of the file system is “sub_fopn
(AGI, file name, read flag). The file name in this instruction is “titlefigure.png” which is the file name of data 1. The AGI of this data 1 is the AGI of application 1
This is “1-2-3” which is the same as GI. Application 1
AGI specified in the program is "1-2-3"
And the AGI of data 1 specified by the file name
Is “1-2-3”. As shown in FIG. 4, the first of the general rules allows access between applications and data having an AGI common to each other. Therefore, it is determined that access is possible (S3
(YES at 08).

If it is determined that access is possible (S
308), data from application 1
Is accessed (S310).

For example, as data 2, AGI
Is “1-5-3”, and AGI is “1-6
In the case where the data “3” exists and the application 1 issues a data read instruction for the data 2 and the data 3, the following is performed. For data 3,
Access is permitted according to the individual rule (the rule whose rule ID is “001”) shown in FIG. On the other hand, data 2
For both the general rule shown in FIG. 4 and the individual rule shown in FIG.
The GI “1-2-3” and the data 2 AGI “1-5-3” are not permitted to access each other. Therefore, the access violation error processing (S31)
6) is performed.

[Uninstallation operation] As described above,
The data management system 100 includes applications 1 to
5. An operation of uninstalling the application 1 when data 1 to 3 are installed will be described.

When the user inputs a request to uninstall the application 1 from the keyboard 210 (S40)
0, YES), the AGI of the target application 1 is calculated based on the uninstall request (S40).
2). The AGI calculated at this time is “1-2-3”. From the application group data shown in FIG.
The root directory of the corresponding application group is searched (S404).

At this time, based on the rules shown in FIGS. 4 and 5, the AGI “1-2-3”
The root directory of the AGI associated with is also searched. For example, if the rule ID in the individual rule shown in FIG.
According to the rule of “01”, the AGI is searched for “1-2-3” and the related AGI is searched for “1-6-3”. As a result, if the application group data is as shown in FIG. 3, two directories corresponding to two AGIs whose AGI is “1-2-3” and “1-6-3” are searched. As a result, two root directories to be uninstalled are “rootDir1” and “rootDir4” (S404, S40).
YES at 6). Area release is performed for those directories (S408), and the applications and data in the specified directories are deleted.

When the area release is completed normally (YES in S410), the application group data is updated (S412).

[Access Control Change Operation] The operation when the user changes the general rule or the individual rule stored in the access control management database will be described below.

When the user operates the keyboard 210 or the mouse 2
12 when an access control change request is input from S12 (S500
YES), the access control management database is read (S502). At this time, the user sends “canSiblingsA” in the general rule shown in FIG. 4 as the access control change request.
ccessToEachOther ”was changed from“ FALSE ”to“ TRUE ”, and the individual rule shown in FIG.
) Will be described. As a result of reading the access control management database (S502), since there are rules to be changed, a change process is performed on those rules (S506). As a result, FIG.
"CanSiblingsAccessToEachOther" of the general rule shown in
Is “TRUE”, and the individual rule (rule with rule ID “003”) shown in FIG. 5 is deleted.

As described above, the data management system according to the present embodiment is configured such that, based on the URL of the HTTP server from which the application and the data can be obtained, the user does not perform any work, and the application and the data are individually applied to the application and the data. You can create groups. At the time of execution of the application, if there is an access request for the stored data, it is determined whether or not access is possible based on the application group stored for each data. Thereby, based on the source of the application and the data, control can be realized such that only the data whose source is clear is accessible, and the data whose source is not clear is not accessible. Also,
Based on the application group, the applications and data of the related application group can be collectively deleted. As a result, without requiring the user's work, an application group is assigned, access permission is determined based on the application group, and data deletion is determined, thereby realizing high security. A data management system capable of efficiently using a storage area can be provided.

The embodiments disclosed this time are to be considered in all respects as illustrative and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

[Brief description of the drawings]

FIG. 1 is a control block diagram of a data management system according to the present embodiment.

FIG. 2 is a diagram showing index data stored on a fixed disk.

FIG. 3 is a diagram showing application group data stored on a fixed disk.

FIG. 4 is a diagram showing general rules stored in a general rule database.

FIG. 5 is a diagram showing individual rules stored in an individual rule database.

FIG. 6 is an external view of a computer that realizes the data management device according to the embodiment of the present invention.

FIG. 7 is a control block diagram of the computer system shown in FIG.

FIG. 8 is a flowchart of an installation process in the data management system according to the present embodiment.

FIG. 9 is a flowchart of an application group calculation process in the data management system according to the present embodiment.

FIG. 10 is a flowchart of an application execution process in the data management system according to the present embodiment.

FIG. 11 is a flowchart of an uninstallation process in the data management system according to the present embodiment.

FIG. 12 is a flowchart of an access control change process in the data management system according to the present embodiment.

[Explanation of symbols]

Reference Signs List 100 data management system, 110 interface unit, 112 input / output interface, 114 communication interface, 120 control unit, 122 application state control unit, 124 application security management unit, 130 storage unit, 140 access control management database, 142 general rule database, 1
44 individual rule database, 150 recording medium read / write unit, 152 fixed disk, 154 memory, 20
0 computer system, 202 computer, 2
04 monitor, 206 FD drive, 208 CD-
ROM drive, 210 keyboard, 212 mouse

Claims (18)

[Claims] 1. Based on information about the source of the data,
Setting means for setting management information for each data, connected to the setting means, storage means for storing the data and management information for each data, and connected to the storage means, A determination unit for determining whether to access the data based on the management information. 2. The data management system further includes receiving means for receiving the data from another computer, wherein the setting means is configured based on information representing the other computer which has transmitted the data. 2. The data management system according to claim 1, further comprising a unit for setting management information of the data. 3. The data management system further includes related information storage means for storing related information that associates the management information with each other. 3. The data management system according to claim 1, further comprising means for judging whether data can be accessed. 4. The data management system according to claim 3, wherein said data management system is further connected to said related information storage means and further includes a change means for changing said related information by a person. 5. The data management system according to claim 1, wherein the data management system further includes a deletion determination unit configured to determine whether the data can be deleted based on the management information. 6. The data management system according to claim 3, wherein the data management system further includes a deletion determination unit configured to determine whether the data can be deleted based on the management information and the related information. system. 7. Based on information about the source of the data,
A setting step of setting management information for each data; a storage step of storing the data and management information of each data; and a determining step of determining whether to access the data based on the management information. And a data management method. 8. The data management method further includes a receiving step of receiving the data from another computer, wherein the setting step is performed based on information indicating the other computer which has transmitted the data. 8. The data management method according to claim 7, further comprising the step of setting management information of the data. 9. The data management method further includes a related information storing step of storing related information for associating the management information with each other, and the determining step includes: 9. The data management method according to claim 7, further comprising the step of judging whether access is allowed. 10. The data management method according to claim 9, wherein the data management method further includes a change step of changing the related information by a person. 11. The data management method according to claim 7, wherein the data management method further includes a deletion determination step of determining whether the data can be deleted based on the management information. 12. The data management method according to claim 9, further comprising a deletion determining step of determining whether or not the data can be deleted based on the management information and the related information.
Or the data management method according to 10. 13. A computer, comprising: setting means for setting management information for each data based on information on the source of the data; and storage means for storing the data and management information for each data. And a program for functioning as determination means for determining whether to access the data based on the management information. 14. The program according to claim 1, wherein
The computer further includes a program for causing the computer to function as a receiving unit for receiving the data from another computer, wherein the setting unit is configured to manage the data based on information indicating the other computer that has transmitted the data. The program according to claim 13, further comprising: means for setting: 15. The computer-readable storage medium storing the program,
The information processing apparatus further includes a program for functioning as related information storage means for storing related information that associates the management information with each other. The program according to claim 13, further comprising means for determining whether or not the permission is granted. 16. The computer-readable storage medium storing the program
The program according to claim 15, further comprising a program for causing the related information to function as a change unit for a person to change. 17. The computer-readable storage medium storing the program,
15. The program according to claim 13, further comprising: a program for functioning as a deletion determination unit for determining whether the data can be deleted based on the management information. 18. The computer-readable storage medium storing the program
17. The program according to claim 15, further comprising a program for causing the program to function as deletion determination means for determining whether the data can be deleted based on the management information and the related information.