JP2006048220A - Method for applying security attribute of electronic document and its program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system for controlling the handling of a document according to an access control rule which is abstracted into security attributes, wherein it is possible to support the application of the proper security attributes of the document at the time of applying the security attributes. <P>SOLUTION: This security attribute applying method in a system for applying security attributes to an electronic document, and for managing the document according to a security policy specifying an access control rule comprises a process for accepting the display request of the access control information of the document corresponding to the designated security attributes and a process for calculating the access control information of the document corresponding to the designated security attributes from the security policy and a process for displaying the calculated access control information. Also, this system is provided with the retrieval function and editing function of access control. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an electronic document security attribute assigning method and a program thereof.

  2. Description of the Related Art In recent years, in offices that handle information (documents) such as documents and images, a method of electronically recording a document on an information recording medium as a document file instead of printing on paper has become mainstream.

  If the document is recorded electronically, the document can be recorded without using paper resources, so that resource saving can be achieved, and it is not necessary to store the paper on which the document is printed, and space saving can be realized.

  In addition, if documents are recorded electronically, it is possible to distribute the same document to many people at the same time, or to distribute a document over a network to a person at a remote location. Can be achieved.

  The advantage of electronically recording a document is that the same document can be distributed to many people at the same time or the document can be distributed over a network to a person at a remote location. It is also the inside out.

  Many documents that are handled in offices or the like require confidentiality, and therefore it is necessary to take measures to prevent document leakage.

  FIG. 1 is a diagram showing a conventional electronic document access control method, in which an access control right is given to a document in advance, and access to the document is controlled based on the given access right.

  That is, when the administrator 102 gives the access control authority 103 to the document 101 in advance (step S11), and the user 104 requests, for example, a read from the document 101 (step S12), the access control authority Confirmation of the content of 103 permits (OK) (step S13). In addition, in this example, editing (Modify) is prohibited, and printing (Print) is permitted.

  This method has the advantage that fine-grained access control can be performed because access control authority is given to each document, but on the other hand, detailed access control authority must be granted to all documents. Therefore, there is a problem that the operation is complicated. In other words, it is necessary to perform a similar operation for granting the same access control authority to a document to be handled in a similar manner, which is complicated.

  FIG. 2 is a diagram showing another conventional access control method, in which documents to be handled are grouped in a similar manner.

  That is, the general manager 105 sets the access control rule 106 in advance (step S21), and the manager 108 assigns, for example, “Secret” as the document security attribute 109 to the document 107 ( In step S22), for example, when the user 110 requests editing (Modify) of the document 107 (step S23), the security attribute 109 of the document and the access control rule 106 are confirmed (step S24), and disapproval (NG). (Step S25).

  In this method, it is only necessary to give a comprehensive security attribute such as “Secret” to a document to be handled in a similar manner. Therefore, usage modes such as “Read”, “Edit”, and “Print” are used. There is no need to grant access control authority in consideration of permission / non-permission, and the work becomes easier.

By the way, the applicant of the present application further advances the above-described document grouping,
-Document security attributes-User security attributes-Access control rules for these combinations (document security policy)
We have proposed a policy-based document security system that performs control based on.

  FIG. 3 is a diagram showing an access control method in this case. The general manager 111 sets the access control rule 112 in advance (step S31) and assigns the user security attribute 114 to the user 113 ( Step S32). In addition, the administrator 116 assigns a security attribute 117 of the document including a category (Category), a level (Level), a related person (Related Person), a permission zone (Available Zone), and the like to the document 115 (Step S33). ).

  FIG. 4 is a diagram showing an example of a screen for assigning a security attribute at the time of document registration. For example, when a security attribute is assigned to a registered document “Technical Information A-10928.doc” on the document registration screen 121, not the security attribute itself. The document classification such as “technical report / secret” in which security attributes are grouped is selected from the document classification selection screen 122. The document classification is associated with the security attribute by a database in the system.

  Returning to FIG. 3, when the user 113 requests, for example, printing (Print) from the document 115 (step S34), the user security attribute 114, the document security attribute 117, and the access control rule 112 are confirmed (step S35). ), It is permitted under the ID addition (Embed ID) as a printing requirement (step S36).

  As an advantage of this method, a user can handle a document without being aware of what access control is actually applied to satisfy the security policy of the organization. In other words, the user is asked to print the name of the printer in an inseparable form at the time of printing if it is a document related to human resources, or to "permit to view documents exchanged with specific business partners" It does not depend on the skills of, and also prevents careless mistakes.

  Although the policy-based document security system is effective as described above, the following problems have been pointed out.

  That is, when assigning the security attribute (document classification) of a document, there is a case where, for example, “technical document” should be “secret” or “externally secret”. In some cases, it may be desirable to determine the security attribute in reverse calculation from specific handling such as “printing the name of the printer in an unseparable form” or “permission is required for viewing”.

In this case, conventionally, it is necessary to check the access control rules and expand the access control to be actually applied, or to determine the operation by temporarily assigning security attributes and actually accessing the rules. However, there is a problem that it is difficult to assign appropriate security attributes. .
If you are at a loss, it may be possible to cover it with operations such as attaching security attributes in strict directions, but in that case strict access control will be performed more than necessary, causing a problem that prevents effective use of the document. Is not desirable.

  In contrast to the above, when a part of the access control to be provided is already determined, for example, when “tracking code printing” and “log recording” are to be included, which security attribute (document classification) ) May be wondering if it should be granted. In this case as well, the access control rules are examined and expanded to the actual applied access control, or the security attribute is provisionally assigned to actually access I had to check the operation by.

  Furthermore, when assigning security attributes (document classification) to a document, there may be a case where it is desired to apply a combination of access control that cannot be realized by an already registered document classification, and there is a case where it is desired to edit the current document classification. However, the conventional system has no corresponding function.

  The present invention has been proposed in view of the above-described conventional problems, and an object of the present invention is to set a document security attribute in a system that controls the handling of a document by an access control rule abstracted into the security attribute. An object of the present invention is to provide a security attribute assigning method for an electronic document and a program thereof capable of providing support so that an appropriate security attribute can be assigned at the time of granting.

  In order to solve the above problems, according to the present invention, as described in claim 1, security attributes are assigned to an electronic document, and the document is managed according to a security policy that defines an access control rule. A method for assigning security attributes in a system, the step of receiving a display request for access control information of a document corresponding to a specified security attribute, and calculating the access control information of a document corresponding to the specified security attribute from the security policy. And a step of displaying the calculated access control information.

  According to a second aspect of the present invention, a display request for the access control information can be made by a button for requesting an actual access control display on a screen for designating security attributes.

  According to a third aspect of the present invention, the access control information of the document can be calculated from the security policy on another server every time the display request for the access control information is received.

  According to a fourth aspect of the present invention, the content of the security policy on another server is read to the client side at the initial stage of the security attribute assignment process, and the access control information is calculated on the client side. it can.

  In addition, as described in claim 5, it is possible to confirm the validity of the contents of the security policy read out to the client side by the security policy on another server when a predetermined time elapses.

  According to a sixth aspect of the present invention, there is provided a security attribute assigning method in a system for assigning a security attribute to an electronic document and managing the document in accordance with a security policy that defines an access control rule. A step of accepting an access control search request at the time of specification, a step of searching for a corresponding security attribute from the security policy based on a search condition specified along with the search request, and a step of displaying a search result can do.

  Moreover, as described in claim 7, a part of the access control rule can be specified as the search condition.

  According to another aspect of the present invention, a search screen is displayed by pressing a button for requesting access control on a screen for designating security attributes for a document, and a search condition is set on the search screen. be able to.

  Further, as described in claim 9, every time the search request is received, a security attribute can be searched from a security policy on another server.

  In addition, as described in claim 10, the contents of the security policy on another server can be read to the client side at the initial stage of the security attribute assigning process, and the security attribute can be searched on the client side. .

  In addition, as described in claim 11, it is possible to confirm the validity of the contents of the security policy read to the client side when a predetermined time elapses according to the security policy on another server.

  A security attribute assigning method in a system for assigning a security attribute to an electronic document and managing the document in accordance with a security policy that defines an access control rule, comprising: It is possible to include a step of accepting an access control editing request upon designation, a step of editing access control based on the editing request, and a step of saving the edited content of access control.

  According to a thirteenth aspect of the present invention, an edit screen can be displayed by pressing a button that requests access control editing on a screen that displays the contents of access control corresponding to a security attribute.

  Further, as described in claim 14, it is possible to select whether the existing security attribute is overwritten or newly registered depending on the edited access control content.

  According to a fifteenth aspect of the present invention, there is provided a security attribute assigning program in a system for assigning a security attribute to an electronic document and managing the document in accordance with a security policy that defines an access control rule. A function for receiving a request to display access control information for a document corresponding to a security attribute, a function for calculating access control information for a document corresponding to a specified security attribute from the security policy, and a function for displaying the calculated access control information Can be configured as a security attribute assigning program that causes a computer to realize the above.

  According to a sixteenth aspect of the present invention, there is provided a security attribute assigning program in a system that assigns a security attribute to an electronic document and manages the document according to a security policy that defines an access control rule. A function that accepts an access authority search request at the time of specification, a function that searches for the corresponding security attribute from the security policy based on the search conditions specified in the search request, and a function that displays the search results It can be configured as a security attribute assignment program.

  According to a seventeenth aspect of the present invention, there is provided a security attribute assigning program in a system for assigning a security attribute to an electronic document and managing the document in accordance with a security policy that defines an access control rule. Configured as a security attribute grant program that allows a computer to implement an access authority editing request upon specification, a function for editing access authority based on the editing request, and a function for saving edited access control contents can do.

  In the electronic document security attribute assigning method and program therefor according to the present invention, since the contents of access control corresponding to the security attributes can be displayed, appropriate security attributes are assigned from the contents of the access control actually performed. be able to. Further, since the security attribute can be searched from a part of access control, an appropriate security attribute including desired access control can be given. Furthermore, since the contents of access control can be edited as appropriate, a combination of access control that cannot be realized by already registered document classification can be applied.

  Preferred embodiments of the present invention will be described below with reference to the drawings.

  FIG. 5 is a block diagram of a document security system according to an embodiment of the present invention.

  In FIG. 5, a registration-side client 1A mainly used by a document manager, a use-side client 1B mainly used by a document user, a document management server 3 for storing and managing documents, and a document A security server 4 for managing security and a user management server 5 for managing users are connected via the network 2. Note that the document management server 3, the security server 4, and the user management server 5 show functional divisions. Even if they are physically built in the same server, they are built in different servers. It may be done. Further, a plurality of servers may be provided according to the scale of the management target.

  The document management server 3 is provided with a document database 31 for storing documents. FIG. 6 is a diagram showing an example of the structure of the document database 31, and stores a protected document including a document ID for identifying a document and an encrypted encrypted document.

  Returning to FIG. 5, the security server 4 stores a document security policy 41 that stores access control rules, a security attribute database 42 that stores document security attributes, and a document classification that stores the correspondence between document classifications and security attributes. A management database 43 is provided.

  FIG. 7 is a diagram showing an example of the structure of the document security policy 41. A document type (Document Type) including a document category (Category) and a level (Level / Sensitivity), a user group (Group), and a level (Level) are shown. User type including User, Access type indicating expected usage such as Reference, Read, Modify, and Print, and Access type corresponding to each access type (Availability) And a requirement (requirement) such as a printing requirement that is compulsory with respect to what becomes “permitted”.

  FIG. 8 is a diagram showing an example of the document security policy 41 described in XML. The description 411 indicates the document type, the description 412 indicates the user type, and the description 413 indicates the availability and requirements for each access type. ing.

  FIG. 9 is a diagram showing an example of the structure of the security attribute database 42. A document ID for identifying a document, a document category (Category), a level (Level / Sensity), a party (Related Person), and a permission zone ( Security attributes including “Available Zone” and the like, and an encryption key (decryption key) used to generate the protected document.

  FIG. 10 is a diagram showing an example of the structure of the document classification management database 43, which includes document classifications such as “Personnel / Secret” and “Personnel / Confidential”, and security attributes corresponding to the document classification.

  Returning to FIG. 5, the user management server 5 is provided with a user database 51 for storing user information. FIG. 11 is a diagram showing an example of the structure of the user database 51, which includes a user name (User Name), a password (Password), a group (Group), and a level (Level).

  Next, the basic operation of the document security system shown in FIG. 5 will be described with reference to FIGS.

  FIG. 12 is a diagram showing an outline of generation of a protected document generated in the security server 4 and stored in the document management server 3. That is, a document is encrypted with the generated encryption key to form an encrypted document, and a document ID is generated (numbered) and added to the document to generate a protected document.

  FIG. 13 is a sequence diagram showing processing for generating and storing a protected document.

  In FIG. 13, when the person in charge of management specifies a document in the client 1A and assigns a security attribute to request registration to the document management server 3 (step S101), the document management server 3 temporarily stores the document (step S102). ), The security server 4 is requested to create a protected document (step S103).

  The security server 4 generates an encryption key (step S104), encrypts the document with the encryption key to generate an encrypted document (step S105), generates a document ID (step S106), and encrypts the document ID. The protected document is generated by adding the converted document (step S107). Then, in association with the document ID, the security attribute assigned by the administrator in the client 1A and the encryption key used for encryption are stored in the security attribute database 42 (step S108).

  Next, the security server 4 transmits the protected document to the document management server 3 (step S109), and the document management server 3 stores the protected document in the document database 31 (step S110). After saving the protected document, the document before encryption is erased or made inaccessible.

  Next, FIG. 14 is a sequence diagram showing processing when a protected document is used.

  In FIG. 14, when the user acquires a protected document from the document management server 3 in the client 1B (step S111) and transmits the protected document together with the user name and password to the security server 4 (step S112), the security server 4 User information is acquired from the management server 5 and access rights including user authentication are checked using security attributes in the security attribute database 42 (step S113). If it is not permitted (not permitted in step S114), this is notified to the client 1B, and an error or disapproval is displayed (step S115).

  If permitted (permitted in step S114), the protected document is decrypted with the decryption key to generate a document (step S116), and the document and requirements are transmitted to the client 1B (step S117). Then, the client 1B uses the document in a state where the processing based on the requirement is forced (step S118).

  FIG. 15 is a diagram showing an example of a security function provided in a printer. A stamp function for printing a mark such as a confidential mark as a stamp or a watermark on an arbitrary place in a page, and a specific function when copied by a copying machine. A copy-forgery-inhibited pattern print function that prints a copy-forgery-inhibited pattern image that is controlled so that the image is raised, a secret print function that is not printed out unless a PIN (Personal Identification Number) is entered when printing is provided. . When these are specified as document requirements, printing is performed after these functions are forced.

  Next, a support function for assigning an appropriate security attribute when assigning a document security attribute will be described. These processes are realized by software (programs) installed in the client 1A, the document management server 3, and the security server 4.

  FIG. 16 is a sequence diagram showing security attribute assignment support processing at the time of document registration.

  In FIG. 16, when the manager in charge starts the client program of the client 1A (step S201), the client program displays a document registration screen on the monitor (step S202). The person in charge of management specifies the security attributes (document classification) to be given to the document on the document registration screen. If you are unsure about the selection of the document classification and you want to determine the security attributes from the specific handling, An actual access control request is made (step S203). FIG. 17 is a diagram showing a screen example at the time of document registration. After a registered document is designated on the document registration screen 11, a document classification is selected from the document classification selection screen 12, and the specific handling by the selected document classification is known. If it is desired, the button 13 for “actual access control” is pressed.

  Returning to FIG. 16, the client program of the client 1A confirms the access authority to the security server 4 (step S204), and the security server 4 calculates the access authority according to the selected document classification (step S205). That is, the corresponding security attribute is obtained from the selected document classification by the document classification management database 43 (FIG. 5), and the corresponding access control is calculated from this security attribute with reference to the document security policy 41 (FIG. 5).

  The security server 4 notifies the calculated access authority to the client program of the client 1A (step S206), and the client program displays the actual access control content based on the access authority on the monitor (step S207). FIG. 18 is a diagram showing a display example of access control. The content of access control based on the document classification selected on the document classification selection screen 12 is displayed on the access control display screen 14.

  Returning to FIG. 16, the display of access control (step S207) is repeated from the designation of the security attribute (step S203) until the manager in charge can designate the desired access attribute (step S208). (Step S209), document registration is performed with respect to the document management server 3 (step S210).

  The document management server 3 stores the document (step S211) and requests the security server 4 to create a protected document (step S212). The security server 4 creates a protected document and assigns the security attribute to the security attribute database 42 ( 5) (step S213), the protected document is returned to the document management server 3 (step S214), and the document management server 3 stores the protected document in the document database 31 (FIG. 5) (step S215).

  In this way, since the contents of actual access control can be confirmed when assigning security attributes (document classification) at the time of document registration, it is possible to resolve on the spot when wondering which document classification should be made, which is inconvenient in operation. Appropriate security attributes can be assigned without causing strict security attributes to be required and preventing the effective use of the document.

  Next, FIG. 19 is a sequence diagram showing another process of providing security attribute at the time of document registration. That is, in the process shown in FIG. 16, every time the manager in charge designates a security attribute, the security server 4 is queried for access authority. Therefore, it is not necessary to place extra data in the client program of the client 1A, and it is always effective now. Although there is a merit that the access authority can be confirmed based on the latest security policy, since an inquiry to the security server 4 occurs every time the person in charge of management designates the security attribute, traffic is affected or the line is If it is not so thick, there is a problem that the response becomes slow. Therefore, in the processing example shown in FIG. 19, the client program of the client 1A first obtains the security policy from the security server 4 in a batch, and the client program of the client 1A interprets the security policy and calculates the access authority. Like to do.

  In FIG. 19, when the manager in charge activates the program for the client program of the client 1A (step S221), the client program requests a security policy from the security server 4 (step S222). A security policy is acquired from the document security policy 41 (FIG. 5) and notified to the client program of the client 1A (step S223).

  In the client program of the client 1A, the document registration screen is displayed on the monitor (step S224), and the manager in charge designates the security attribute (document classification) to be given to the document on the document registration screen, but hesitates in selecting the document classification. When it is desired to determine the security attribute from specific handling, an actual access control request is also made (step S225).

  The client program of the client 1A calculates the access authority based on the selected document classification (step S226), and displays the actual access control content based on the access authority on the monitor (step S227).

  From the security attribute designation (step S225) to the access control display (step S227) until the manager in charge can designate the desired access attribute (step S228), the security attribute is assigned (step S229). Document registration is performed with respect to the document management server 3 (step S230).

  The document management server 3 stores the document (step S231), requests the security server 4 to create a protected document (step S232), and the security server 4 creates the protected document and assigns the security attribute to the security attribute database 42 ( 5) (step S233), the protected document is returned to the document management server 3 (step S234), and the document management server 3 stores the protected document in the document database 31 (FIG. 5) (step S235).

  Next, FIG. 20 is a sequence diagram showing still another process of security attribute assignment support at the time of document registration. That is, in the process shown in FIG. 19, first, a security policy is collectively acquired from the security server 4, and the client program side of the client 1A interprets the security policy to calculate the access authority, thereby reducing the network traffic. Although there is a reduction, there is a problem that an incorrect content is displayed if the security policy is changed in the meantime. Therefore, in the processing example shown in FIG. 20, the validity of the security policy is confirmed at an appropriate time interval from the client program of the client 1A.

  In FIG. 20, when the manager in charge starts the client program of the client 1A (step S241), the client program requests a security policy from the security server 4 (step S242). A security policy is acquired from the document security policy 41 (FIG. 5) and notified to the client program of the client 1A (step S243).

  In the client program of the client 1A, the document registration screen is displayed on the monitor (step S244), and the manager in charge designates the security attribute (document classification) to be given to the document on the document registration screen, but hesitates in selecting the document classification. When it is desired to determine the security attribute from specific handling, an actual access control request is also made (step S245).

  The client program of the client 1A calculates the access authority according to the selected document classification (step S246), and displays the actual access control content based on the access authority on the monitor (step S247).

  Thereafter, when a predetermined time has elapsed, the client program of the client 1A confirms the validity of the security policy with respect to the security server 4 (step S248), and the security server 4 confirms the validity of the security policy and changes the contents. Is notified (step S249).

  Until the person in charge of management can specify a desired access attribute, the security attribute is specified (step S245), the access control is displayed (step S247), and the validity and response of the security policy is checked as time passes (step S248, Step S249) is repeated (Step S250). When the determination is made, security attributes are assigned (Step S251), and the document is registered in the document management server 3 (Step S252).

  The document management server 3 stores the document (step S253), requests the security server 4 to create a protected document (step S254), and the security server 4 creates the protected document and assigns the security attribute to the security attribute database 42 ( 5) (step S255), the protected document is returned to the document management server 3 (step S256), and the document management server 3 stores the protected document in the document database 31 (FIG. 5) (step S257).

  Next, FIG. 21 is a sequence diagram showing security attribute assignment support processing with a search function at the time of document registration.

  In FIG. 21, when the manager in charge starts the program for the client program of the client 1A (step S301), the client program displays a document registration screen on the monitor (step S302). When the person in charge of management specifies the security attribute (document classification) to be given to the document on the document registration screen, he / she is unsure about the selection of the document classification, but the access control to be provided has already been determined. The search instruction is performed (step S303).

  In response, the client program displays a search screen on the monitor (step S304). Then, the manager in charge designates a desired search condition (step S305). FIG. 22 is a diagram showing a screen example at the time of document registration. When a registered document is designated on the document registration screen 15 and the “access control search” button 16 is pressed, a search screen 17 is displayed. "Search" by specifying the operation such as "Printing", User type such as "Related party", Authority level such as "Not specified", Availability of "Yes", etc., "Tracking code printing", "Log recording", etc. The “execute” button 18 is pressed.

  Returning to FIG. 21, the client program of the client 1A that has received the search condition specification confirms the access authority to the security server 4 (step S306), and the security server 4 has the access authority corresponding to the specified search condition. Calculation is performed (step S307), and the calculated access authority is notified to the client program of the client 1A (step S308).

  The client program of the client 1A searches for all security attributes that match the search conditions (step S309), and displays a search result screen on the monitor (step S310). FIG. 23 is a diagram showing a display example of the access control search result. The search result is displayed on the search result screen 19 so that the document classification can be selected from the matches. The search result screen 19 is provided with a button 20 for confirming actual access control from the selected document classification.

  Returning to FIG. 21, when the manager in charge wants to determine the security attribute from more specific handling as necessary, he / she makes a request for actual access control after selecting the document classification (step S311). The client program of the client 1A confirms the access authority to the security server 4 (step S312), the security server 4 calculates the access authority according to the selected document classification (step S313), and the calculated access authority is transmitted to the client 1A. The client program is notified (step S314), and the client 1A displays the actual access control content based on the access authority on the monitor (step S315).

  Then, the display of access control (step S315) is repeated from the specification of the search condition (step S303) until the manager in charge can specify the desired access attribute (step S316), and when determined, the security attribute is assigned (step S317). ), Document registration is performed with respect to the document management server 3 (step S318).

  The document management server 3 stores the document (step S319), requests the security server 4 to create a protected document (step S320), and the security server 4 creates the protected document and assigns the security attribute to the security attribute database 42 ( 5) (step S321), the protected document is returned to the document management server 3 (step S322), and the document management server 3 stores the protected document in the document database 31 (FIG. 5) (step S323).

  As described above, when assigning security attributes (document classification) at the time of document registration, the corresponding document classification can be searched from a part of the access control to be provided. And can be given appropriate security attributes.

  Next, FIG. 24 is a sequence diagram showing another process for providing security attributes with a search function at the time of document registration. That is, in the process shown in FIG. 21, since the administrator inquires the access authority to the security server 4 every time the security attribute search condition is specified, it is not necessary to place extra data in the client program of the client 1A, and always. There is an advantage that the access authority can be confirmed based on the latest effective security policy. However, every time the manager in charge specifies the search condition of the security attribute, the security server 4 is inquired. There is a problem that the response becomes slow when the network is given or the line is not so thick. Therefore, in the processing example shown in FIG. 24, in the client program of the client 1A, the security policy is first obtained from the security server 4 in a lump, and the access right is calculated by interpreting the security policy on the client program side of the client 1A. Like to do.

  In FIG. 24, when the person in charge of management starts the program for the client program of the client 1A (step S331), the client program requests a security policy from the security server 4 (step S332). A security policy is acquired from the document security policy 41 (FIG. 5) and notified to the client program of the client 1A (step S333).

  The client program displays a document registration screen on the monitor (step S334), and the manager responsible is confused when selecting the document classification when specifying the security attribute (document classification) to be given to the document on the document registration screen. If part of the access control has already been determined, an access control search instruction is issued (step S335).

  In response, the client program displays a search screen on the monitor (step S336), and the manager in charge designates the desired search condition (step S337).

  Based on the security policy already acquired from the security server 4, the client program that has received the specified search condition calculates the access authority corresponding to the specified search condition (step S 338), and the security attributes that match the search condition (Step S339), and a search result screen is displayed on the monitor (step S340).

  If the manager in charge wants to determine the security attribute from more specific handling as necessary, he / she selects the document classification and makes an actual access control request (step S341). The client program of the client 1A calculates the access authority based on the security policy already acquired from the security server 4 (step S342), and displays the actual access control content based on the calculated access authority on the monitor (step S343). .

  Then, the display of access control (step S343) is repeated from the specification of search conditions (step S335) until the manager in charge can specify the desired access attribute (step S344). ), Document registration is performed with respect to the document management server 3 (step S346).

  The document management server 3 stores the document (step S347), requests the security server 4 to create a protected document (step S348), and the security server 4 creates the protected document and assigns the security attribute to the security attribute database 42 ( 5) (step S349), the protected document is returned to the document management server 3 (step S350), and the document management server 3 stores the protected document in the document database 31 (FIG. 5) (step S351).

  Next, FIG. 25 is a sequence diagram showing still another processing for providing security attributes with a search function at the time of document registration. That is, in the process shown in FIG. 24, first, a security policy is collectively acquired from the security server 4, and the client program side of the client 1A interprets the security policy to calculate access authority, thereby reducing network traffic. Although there is a reduction, there is a problem that an incorrect content is displayed if the security policy is changed in the meantime. Therefore, in the processing example shown in FIG. 25, the validity of the security policy is confirmed at an appropriate time interval from the client program of the client 1A.

  In FIG. 25, when the manager in charge starts the client program of the client 1A (step S361), the client program requests a security policy from the security server 4 (step S362). A security policy is acquired from the document security policy 41 (FIG. 5) and notified to the client program of the client 1A (step S363).

  The client program displays a document registration screen on the monitor (step S 364), and the person in charge of management is confused when selecting the document classification when specifying the security attribute (document classification) to be given to the document on the document registration screen. If part of the access control has already been determined, an access control search instruction is issued (step S365).

  In response, the client program displays a search screen on the monitor (step S366), and the manager in charge designates the desired search condition (step S367).

  Based on the security policy already acquired from the security server 4, the client program that has received the specified search condition calculates the access authority corresponding to the specified search condition (step S 368), and the security attributes that match the search condition Are searched (step S369), and a search result screen is displayed on the monitor (step S370).

  If the manager in charge wants to determine the security attribute from more specific handling as necessary, he / she selects the document classification and makes an actual access control request (step S371). The client program of the client 1A calculates the access authority based on the security policy already acquired from the security server 4 (step S372), and displays the actual access control content based on the calculated access authority on the monitor (step S373). .

  Thereafter, when a predetermined time has elapsed, the client program of the client 1A confirms the validity of the security policy with respect to the security server 4 (step S374), and the security server 4 confirms the validity of the security policy and changes the contents. Is notified (step S375).

  Then, until the person in charge of management can specify the desired access attribute, the search condition is specified (step S365), the access control is displayed (step S373), and the validity of the security policy is confirmed and responded as time elapses (step Steps S374 and S375) are repeated (step S376). When the determination is made, security attributes are assigned (step S377), and the document is registered in the document management server 3 (step S378).

  The document management server 3 stores the document (step S379), requests the security server 4 to create a protected document (step S380), and the security server 4 creates the protected document and assigns the security attribute to the security attribute database 42 ( 5) (step S381), the protected document is returned to the document management server 3 (step S382), and the document management server 3 stores the protected document in the document database 31 (FIG. 5) (step S383).

  Next, FIG. 26 is a sequence diagram showing security attribute assignment support processing with an editing function at the time of document registration.

  In FIG. 26, when the manager in charge activates the client program of the client 1A (step S401), the client program requests a security policy from the security server 4 (step S402). A security policy is acquired from the document security policy 41 (FIG. 5) and notified to the client program of the client 1A (step S403).

  The client program displays the document registration screen on the monitor (step S404), and the person in charge of management is confused in selecting the document classification when specifying the security attribute (document classification) to be given to the document on the document registration screen. If part of the access control has already been determined, an access control search instruction is issued (step S405).

  In response to this, the client program displays a search screen on the monitor (step S406), and the manager in charge designates a desired search condition (step S407).

  The client program that has received the search condition designation calculates the access authority corresponding to the designated search condition based on the security policy already acquired from the security server 4 (step S408), and the security attribute that matches the search condition. (Step S409), and a search result screen is displayed on the monitor (step S410).

  If the manager in charge wants to determine the security attribute from more specific handling as necessary, he / she selects the document classification and makes an actual access control request (step S411). The client program of the client 1A calculates the access authority based on the security policy already acquired from the security server 4 (step S412), and displays the actual access control content based on the calculated access authority on the monitor (step S413). .

  Here, when it is desired to apply a combination of access control that cannot be realized by the document classification already registered by the manager, the editing is requested to the client program of the client 1A (step S414). FIG. 27 is a diagram showing a screen example at the time of document registration. In the state where the registered document is designated on the document registration screen 21, the document classification is designated from the document classification selection screen 22, and the access control display screen 23 is displayed. An edit request is made by pressing the “edit” button 24.

  Returning to FIG. 26, the client program of the client 1A that has received the editing request displays an editing screen on the monitor (step S415), and the manager in charge edits the access authority (step S416). When saving the edited content, the client program of the client 1A is requested to save (step S417). FIG. 28 is a diagram showing an example of an access authority editing screen. In the editing screen 25, a desired access authority is designed by appropriately combining operations, user types, authority levels, permission / requirements, and requirements. Is updated, the “overwrite registration” button 26 is pressed, and when registering a new one, the “register with name” button 27 is pressed.

  Returning to FIG. 26, the client program of the client 1A that has received the save request displays a save screen on the monitor (step S418), and the manager in charge confirms the save (step S419). FIG. 29 is a diagram showing an example of the overwrite registration screen. After the registration contents are confirmed on the document classification registration screen 28, the overwrite registration is performed. FIG. 30 is a diagram showing an example of a new registration screen. New registration is performed after a document classification name is input on the document classification registration screen 29.

  Returning to FIG. 26, the client program of the client 1A that has received the confirmation of saving notifies the security server 4 of the document classification change (step S420), and the security server 4 updates the document classification management database 43 (FIG. 5). Alternatively, the correspondence relationship between the newly registered document classification and the security attribute is registered, and the security server 4 notifies the client program of the client 1A that the change has been completed (step S421).

  Then, the client program of the client 1A designates the document classification updated or newly registered by editing (step S422), assigns security attributes (step S423), and registers the document with the document management server 3 (step S424). ).

  The document management server 3 stores the document (step S425), requests the security server 4 to create a protected document (step S426), and the security server 4 creates the protected document and assigns the security attribute to the security attribute database 42 ( (Step S427), the protected document is returned to the document management server 3 (Step S428), and the document management server 3 stores the protected document in the document database 31 (FIG. 5) (Step S429).

  As described above, since the security attribute (document classification) can be edited at the time of assigning the security attribute (document classification) at the time of document registration, a combination of access control that cannot be realized by the already registered document classification on the spot. It can be created, and more appropriate security attributes suitable for the contents of the document can be given.

  The present invention has been described above by the preferred embodiments of the present invention. While the invention has been described with reference to specific embodiments, various modifications and changes may be made to the embodiments without departing from the broad spirit and scope of the invention as defined in the claims. Obviously you can. In other words, the present invention should not be construed as being limited by the details of the specific examples and the accompanying drawings.

It is FIG. (1) which shows the method of the conventional access control of an electronic document. It is FIG. (2) which shows the method of the conventional access control of an electronic document. It is FIG. (3) which shows the technique of the conventional access control of an electronic document. It is a figure which shows the example of a screen which provides a security attribute at the time of document registration. It is a block diagram of the document security system concerning one Embodiment of this invention. It is a figure which shows the structural example of a document database. It is a figure which shows the structural example of a document security policy. It is a figure which shows the example of the document security policy described by XML. It is a figure which shows the structural example of a security attribute database. It is a figure which shows the structural example of a document classification management database. It is a figure which shows the structural example of a user database. It is a figure which shows the outline | summary of the production | generation of a protection document. It is a sequence diagram which shows the production | generation and preservation | save process of a protection document. It is a sequence diagram which shows the process at the time of utilization of a protected document. It is a figure which shows the example of the security function with which a printer is provided. FIG. 11 is a sequence diagram (No. 1) illustrating a security attribute assignment support process at the time of document registration. It is a figure which shows the example of a screen at the time of document registration. It is a figure which shows the example of a display of access control. FIG. 10 is a sequence diagram (part 2) illustrating a security attribute assignment support process at the time of document registration. FIG. 11 is a sequence diagram (No. 3) illustrating a security attribute assignment support process at the time of document registration. FIG. 11 is a sequence diagram (No. 1) illustrating a security attribute assignment support process with a search function at the time of document registration. It is a figure which shows the example of a screen at the time of document registration. It is a figure which shows the example of a display of the search result of access control. FIG. 10 is a sequence diagram (part 2) illustrating a security attribute assignment support process with a search function at the time of document registration. FIG. 10 is a sequence diagram (No. 3) illustrating a security attribute assignment support process with a search function at the time of document registration. It is a sequence diagram which shows the process of the security attribute provision assistance accompanied by the edit function at the time of document registration. It is a figure which shows the example of a screen at the time of document registration. It is a figure which shows the example of the edit screen of an access authority. It is a figure which shows the example of a screen of overwrite registration. It is a figure which shows the example of a screen of new registration.

Explanation of symbols

1A, 1B client 2 network 3 document management server 31 document database 4 security server 41 document security policy 42 security attribute database 43 document classification management database 5 user management server 51 user database

Claims (17)

A security attribute assigning method in a system for assigning a security attribute to an electronic document and managing the document according to a security policy defining an access control rule,
Receiving a display request for access control information of a document corresponding to a specified security attribute;
Calculating access control information of a document corresponding to a specified security attribute from the security policy;
And a security attribute assigning method for an electronic document, comprising: displaying the calculated access control information.   2. The security attribute assigning method for an electronic document according to claim 1, wherein a display request for the access control information is made by a button for requesting an actual access control display on a screen for designating a security attribute.   3. The security attribute assignment of an electronic document according to claim 1, wherein the access control information of the document is calculated from a security policy on another server every time the access control information display request is received. Method.   The content of the security policy on another server is read to the client side at the initial stage of security attribute assignment processing, and the access control information is calculated on the client side. To assign security attributes to electronic documents.   5. The method for assigning security attributes of an electronic document according to claim 4, wherein the validity of the contents of the security policy read to the client side is confirmed by a security policy on another server when a predetermined time elapses. A security attribute assigning method in a system for assigning a security attribute to an electronic document and managing the document according to a security policy defining an access control rule,
Accepting an access control search request when specifying security attributes;
Searching for a corresponding security attribute from the security policy based on a search condition specified along with the search request;
A security attribute assigning method for an electronic document, comprising: a step of displaying a search result.   7. The method of claim 6, wherein a part of an access control rule is specified as the search condition.   8. The search screen is displayed by pressing a button for requesting access control search on a screen for specifying a security attribute for a document, and a search condition is set on the search screen. The security attribute assigning method of the electronic document described in 1.   9. The method for assigning security attributes of an electronic document according to claim 6, wherein a security attribute is searched from a security policy on another server each time the search request is received.   The content of the security policy on another server is read to the client side at the initial stage of the security attribute assigning process, and the security attribute is searched on the client side. A method for assigning security attributes to electronic documents.   11. The method for assigning security attributes of an electronic document according to claim 10, wherein the validity of the contents of the security policy read to the client side is checked by a security policy on another server when a predetermined time elapses. A security attribute assigning method in a system for assigning a security attribute to an electronic document and managing the document in accordance with a security policy that defines an access control rule,
A process of accepting an access control edit request when specifying a security attribute;
Editing access control based on the editing request;
A security attribute assigning method for an electronic document, comprising: storing the edited contents of access control.   13. The method for assigning security attributes of an electronic document according to claim 12, wherein an edit screen is displayed by pressing a button for requesting edit of access control on a screen displaying contents of access control corresponding to the security attributes.   14. The method for assigning security attributes of an electronic document according to claim 12, wherein it is possible to select whether the existing security attributes are to be overwritten or newly registered according to the edited contents of access control. . A security attribute assigning program in a system that assigns security attributes to an electronic document and manages the document according to a security policy that defines an access control rule,
A function for accepting a request to display access control information of a document corresponding to a specified security attribute;
A function for calculating access control information of a document corresponding to a specified security attribute from the security policy;
A security attribute assigning program for an electronic document, which causes a computer to realize a function of displaying calculated access control information. A security attribute assigning program in a system that assigns security attributes to an electronic document and manages the document according to a security policy that defines an access control rule,
A function to accept a search request for access authority when specifying security attributes;
A function of searching for a corresponding security attribute from the security policy based on a search condition specified along with the search request;
A security attribute assigning program for an electronic document, which causes a computer to realize a function of displaying a search result. A security attribute assigning program in a system that assigns security attributes to an electronic document and manages the document according to a security policy that defines an access control rule,
A function to accept an access authority edit request when specifying security attributes;
A function for editing access authority based on the above editing request,
A security attribute assigning program for an electronic document, which causes a computer to realize a function of saving edited access control contents.

Images