JP2006189933A - Electronic document system, its masking method, its server, its program, and storage medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an electronic document system capable of surely preventing information leakage from a private area in a document, its masking method, its server, its program, and a storage medium. <P>SOLUTION: This electronic document system 1 is provided with a document server 100 and client PC 101 and 102 connected mutually via a network 103. The document server 100 acquires all of document data, for which a file name is selected by a user, and their masking information and converts all the data, which exist inside an area having a higher reference security level than that previously set for a log-in user, among the document data into null characters to transmit the converted document data to the client PC 102. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an electronic form system, a masking method thereof, a server thereof, a program thereof, and a storage medium, and more particularly to an electronic form system for masking form data, a masking method thereof, a server thereof, a program thereof, and a storage medium. About.

  The current electronic form system has a function for restricting reference, printing, and export (file writing) processing of form data for each user and group. For example, the reference restriction is realized by restricting the form data that can be referred to by comparing the reference security level of the user who logs in to the electronic form system and the reference security level set in advance for the form data to be referenced. Thus, the security of the form data including confidential information can be ensured by the above-described restriction function of the electronic form system.

  In addition, when a user is newly authorized to refer to form data that is subject to reference restrictions, the system administrator must reset the user's reference security level to be higher than the security level of the target form data. It was broken.

  Furthermore, if there is an area in the form data that the system administrator wants to keep private to the user regardless of the user's reference security level, new form data that excludes the data in the above area is re-registered. In addition to this, conventionally, a method for disclosing data in a specific area in a form has not been disclosed. On the other hand, the Act on the Protection of Personal Information (Law No. 57 of 2003) was formulated in 2003, and the public awareness of personal information leakage has become very high. Even in the electronic form system, there is an increasing need for a technique for making a part of form data non-public more easily.

  In order to respond to this increasing need, a method for realizing the above technique has been disclosed in recent years.

For example, in the first prior art, security information can be maintained for each page, section unit, or area for a document file in a file security system that can maintain security and can easily search for data from a common file. Thus, a method for controlling pages that can be referred to in a document file according to the user's access authority is disclosed (for example, see Patent Document 1). In addition, this file security system gives security information to the specific area of the above-mentioned fixed form of the document file that also has fixed form information, thereby not only making the specific area of each document file private, It is also possible to grant viewing authority only to specific areas.
JP 2002-268944 A

  However, in the method disclosed in the first prior art, since the data of the part to be made private to the user is transmitted to the client, the data on the private area of the document file displayed on the client is displayed. Since only masking is applied, information leakage may not be completely prevented.

  An object of the present invention is to provide an electronic form system, a masking method thereof, a server thereof, a program thereof, and a storage medium that can reliably prevent information leakage from a non-public area in the form.

  In order to achieve the above object, the electronic form system according to claim 1 is an electronic form system including a server that transmits form data to be held in response to a reference request from a client. Among the masking rectangular areas set in advance with respect to the form data, a predetermined character is inserted into one area whose reference security level is higher than the access authority level of the terminal user of the client. Is transmitted to the client.

  The masking method according to claim 8 is a masking method for an electronic form system including a server that transmits form data to be held in response to a reference request from a client, wherein the server pre-processes the form data for which the reference request has been made. Of the set masking rectangular area, the form data is transmitted by inserting a predetermined character into one area whose reference security level is higher than the access authority level of the terminal user of the client.

  The server according to claim 9 is a server that transmits form data to be held in response to a reference request from a client. Among the masking rectangular areas set in advance for the form data for which the reference request has been made, the reference security The form data is transmitted by inserting a predetermined character into one area whose level is higher than the access authority level of the terminal user of the client.

  The program according to claim 10 is a program for executing, by a computer, a masking method of an electronic form system including a server that transmits form data to be held in response to a reference request from a client. Inserting predetermined characters into one area whose reference security level is higher than the access authority level of the terminal user of the client among the masking rectangular areas set in advance for the form data, and sending the form data It is characterized by.

  According to the present invention, the server has a reference security level that is higher than the access authority level of the terminal user of the client among the masking rectangular areas set in advance for the form data requested to be referred by the client. In this area, a predetermined character is inserted, and this form data is transmitted to the client, so that information leakage from the non-public area in the form can be surely prevented.

  Preferably, the server transmits all the information of the masking rectangular area at the same time when sending the form data to the client. Therefore, when the client side performs additional masking processing on the sent form data, the server side sends the information. Since it is not necessary to obtain information on the masking rectangular area, processing can be performed promptly.

  Preferably, after the display of the transmitted form data, the client makes all the masking rectangular areas included in all the received information invisible when a predetermined period elapses without user operation on the form data. When the log-in user leaves his / her seat while referring to the form data including the confidential data, the time limit masking process can be performed in which the confidential data is not shown to the third party.

  Preferably, since the server transmits all information of the masking rectangular area of the form data when a request for acquisition is received from the client, the amount of data transmitted from the server when there is a reference request from the client can be reduced. In addition to displaying the form data for which the client has made a reference request to the server promptly, the additional masking process can be reliably performed by making the acquisition request.

  Preferably, the client sends the acquisition request to the server when a predetermined period of time has elapsed without displaying a user operation on the form data after displaying the sent form data. The amount of data sent from the server to the server can be reduced, and the form data for which the client has made a reference request to the server can be displayed quickly, and the time limit masking process can be reliably performed at the client. Can do.

  Preferably, when there is a search request for a predetermined search condition for the form data from the client, the server searches the form data for the search condition and sends the searched position information to the client as a search result. In this case, since the position information of the transmitted position information within the one area is deleted, there is an inconsistency that data in a secret area that cannot be referred to by the client terminal user is hit in the search process. It can be prevented from happening.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a block diagram schematically showing the configuration of an electronic form system according to the first embodiment of the present invention.

  The electronic form system 1 in FIG. 1 includes a data file 104, an electronic form database 105, and a user / form information storage unit 106, and is operated by a form server 100 that manages form data and an administrator having form administrator authority. The client PC 101 and the client PC 102 operated by a general user are connected to each other via the network 103 so as to be able to transmit and receive data.

  In the client PC 101, the administrator views the form data in the data file 104 of the form server 100, and sets each security level for referencing, printing, and exporting the form data transmitted from the form server 100 to the client PC 102. The client terminal is used to check the editing result of the form data edited by the client PC 102.

  The client PC 102 is a client terminal that is used by general users to view the form data in the data file 104 and edit the form data.

  Note that the connection configuration of various terminals in the electronic form system 1 of FIG. 1 is merely an example, and it is needless to say that various configurations can be used according to applications and purposes.

  In addition, since the form server 100 and each of the client PCs 101 and 102 according to the present embodiment are computers having the same hardware configuration, only the hardware configuration of the form server 100 will be described below, and redundant description will be omitted. To do.

  FIG. 2 is a block diagram schematically showing a hardware configuration of the form server 100 of FIG.

  In FIG. 2, the form server 100 includes a CPU 201 that centrally controls each device constituting the server via a system bus 204, an operating system (OS) that is a control program of the CPU 201, a boot program, font data, Consists of a hard disk (HD) and floppy (registered trademark) disk (FD) that store user files, edit files, printer drivers, etc., compact flash (registered trademark) connected to the PCMCIA card slot via an adapter, and smart media The external memory 211 to be executed, the ROM 203 that enables the CPU 201 to load and execute the program 212 recorded in the external memory 211 as necessary, and the main memory, work area, and temporary save area of the CPU 201 It comprises a RAM202 functioning as such, a keyboard, and an input controller 205 for controlling input from an input unit 209 composed of a pointing device such as a mouse.

  In addition, the form server 100 includes a display controller 206 that controls display on the display unit 210 including a CRT, a liquid crystal, and the like, and an external memory controller that controls access to the external memory 211 and controls data transmission / reception of the external memory 211. (MC) 207 and a communication I / F controller 208 that executes communication control processing with an external device via the network 103.

  The data file 104 is a file for storing one or a plurality of form data composed of one or a plurality of pages having a data format of any one of the extensions rep, map, frm, and pag. The data file 104 manages the same type of a plurality of form data as a group.

  Further, the masking information storage unit 105 includes items of the form ID of the form data in the data file 104 and masking rectangle area information, reference, printing, and export security levels set for the form data (FIG. 6). The user / form information storage unit 106 stores a user master that manages the security level of the user who uses the electronic form system 1 according to the user ID, and the data file 104. A form master for managing the security level of reference, printing, and export of the entire form data by form ID is stored.

  In this embodiment, the data file 104, the masking information storage unit 105, and the user / form information storage unit 106 are stored in the external memory 211 of the form server 100. However, the present invention is not limited to this. For example, you may store in another database server.

  FIG. 3 is a flowchart showing a procedure of masking setting processing executed by the client PC 101 and the form server 100.

  The case where the administrator's form reference security level is set to “5”, the highest value among the five levels, will be described below.

  First, in FIG. 3, when the administrator logs in to the system 1 (YES in step S300), the client PC 101 displays a form manager menu on the display unit (step S301).

  When the administrator selects a form definition menu from the displayed menu (YES in step S302), the form server 101 acquires a list of file names of form data from the data file 104 in the external memory 211, The data is transmitted to the client PC 101 (step S303). Here, the list acquired in step S303 is not limited to the list of file names as long as the contents of all the form data in the data file 104 are displayed as a list.

  The client PC 101 displays the list on the display unit based on the list transmitted from the form server 100 (step S304), and the administrator selects one file name of the form data in the list (YES in step S305). ), The client PC 101 transmits the form ID of the designated form data to the form server 100. Based on the form ID transmitted from the client PC 101, the form server 100 acquires each security level of the entire form data in which the file name in the form master stored in the user / form information storage unit 216 is selected by the user. (Step S308), this is transmitted to the client PC 101.

  Thereafter, the client PC 101 displays each security level of the entire form data transmitted from the form server 100 on its display unit (step S309), and the form data of the file name selected by the administrator is stored in the entire data. When the security level of reference, printing, and export is determined (YES in step S306), a new masking rectangle area is created for the form data having the file name selected in step S305 by the masking rectangle setting process in FIG. The information and its security level are registered in the form server 100 (step S307), and this process ends.

  FIG. 4 is a flowchart showing the procedure of the masking rectangle setting process in step S307 of FIG.

  First, in FIG. 4, the client PC 101 determines whether or not the form data itself whose file name is selected by the user in step S305 in FIG. 3 is already in the external memory (step S400). The process proceeds to S404, and if not, the process of the form server 100 from Step S401 is started.

  In step S 401, the form server 100 acquires corresponding form data from the data file 104 in the external memory 211. Thereafter, all the masking information of the form data acquired in step S401 is acquired from the masking information storage unit 105 of the external memory 211 (step S402). This acquisition process is performed by searching the masking information storage unit 215 using the form ID of the form data acquired in step S401 as a key. For example, the acquisition of the form data of the file name selected in step S305 of FIG. When the form ID is “REP001”, information as shown in FIG. 5A is acquired.

  Returning to FIG. 4, the form server 100 transmits the form data acquired in step S401 and the masking information acquired in step S402 to the client PC 101 (step S403). The transmitted form data is stored in the external memory 211 of the client PC 101.

  In step S404, the client PC 101 acquires form data having the file name selected in step S305 from the external memory, creates a form image based on the form data, and displays the form image on the display unit. At this time, as shown in FIG. 7A, the user master stored in the user / form information storage unit 216 of the form server 100 is set to a level higher than the reference security level set for each user ID. For the square area (FIG. 5A), the background of the area is colored so that the administrator can recognize it.

  Next, when a new masking rectangle is designated on the form image displayed in step S404 as shown in FIG. 7B by the operation of the input unit by the administrator (step S405), the client PC 101 A dialog box including a masking rectangle property setting screen (FIG. 8) for displaying the security levels of reference, export, and printing for the designated masking rectangle in a user-designable manner is displayed on the display unit (step S406).

  After that, when the administrator operates the input unit to input the security level for general user reference, export, and printing in the specified masking area in the dialog box displayed in step S406 (step S407), the client The PC 101 determines, for each input security level value, whether or not the entire form data is larger than each security level value set in step S306 (step S408).

  As a result of the determination in step S408, when any of the input security level values is less than or equal to the security level value set for the entire form data, the client PC 101 notifies the administrator of a resetting warning and again performs step S407. Process from. For example, when all of the reference security level values input in step S407 are “3” while the reference security level value of the entire form data set in step S306 is “3”, the general user manages The masking rectangle designated by the administrator can be referred to, printed, and exported, and it is meaningless to mask the masking rectangle designated by the administrator. That is, this process can prevent unnecessary masking information from being stored in the external memory 211 of the form server 100.

  On the other hand, if it is determined in step S408 that the input security level value is greater than the security level value set for the entire form data, the client PC 101 determines that the masking rectangle specified by the user is a valid rectangle. And the area information and various security level values of the area designated in step S407 are transmitted to the form server 100, and the form server 100 uses the transmitted information as masking information as a masking information storage unit. 215 is registered. For example, after “2” is set for all security levels for reference, export, and printing of the entire form data in step S306, a masking rectangle as shown in FIG. 7B is designated in the process of step S405. In addition, when “5” is set for all security levels of reference, export, and printing in the processing of step S407 for the designated area, the masking rectangle designated by the user is a valid rectangle. The value of each security level set for the designated area is transmitted to the form server 100, and the masking information shown in FIG. 5B is added to the masking information storage unit 105, respectively.

  After that, the client PC 101 notifies the administrator whether or not to end, and when the administrator selects the user to end (YES in step S410), the process is ended as it is.

  FIG. 9 is a flowchart showing the procedure of the form display process executed by the client PC 102 and the form server 100.

  In FIG. 9, first, when a general user having a form reference authority logs in to the system 1 (YES in step S900), the client PC 102 transmits the user ID of the logged-in user to the form server 100. Thereafter, the form server 100 creates a list of form data file names from the data file 104 in the external memory 211, and transmits it to the client PC 102 (step S901). Here, the list created in step S901 is not limited to the list of file names as long as the contents of all the form data in the data file 104 are displayed as a list.

  The client PC 102 displays the list on the display unit based on the list transmitted from the form server 100 (step S902), and when the logged-in user selects one of the file names in the list (YES in step S903), The form server 100 acquires the corresponding form data from the data file 104 in the external memory 211 (step S904), and acquires all the masking information of the form data acquired in step S904 from the masking information storage unit 215 (step S905). . This acquisition process is performed by searching the masking information storage unit 215 using the form ID of the form data acquired in step S904 as a key. For example, this process is performed after the process of FIG. When “REP001” is selected as the form ID of the form data selected in step S903, information as shown in FIG. 5C is acquired.

  Next, the form server 100 compares the reference security level value of the acquired masking information with the reference security level value of the login user in the user master stored in the user / form information storage unit 216, and the login user's reference security level value is compared. Masking information having a security level value higher than the reference security level value is acquired (step S906). For example, the reference security level set for the entire form data is “2”, the reference security level of the masking rectangle set in the card number field of the form data is “5”, and the telephone number field is set. When the reference security level of the masking rectangle is “4”, the reference security level of the masking rectangle set in the account number field is “3”, and the reference security level of the login user is “4”, the reference security level is 4 Masking information (FIG. 5 (d)) is obtained for the area of the card number column in which a larger value is set. In the above example, when the reference security level of the logged-in user is “3”, the masking information about the area of the card number field and the telephone number field in which a value greater than 3 is set as the reference security level (FIG. 5 (e )) Is acquired.

  Thereafter, the form server 100 converts all the data existing in the area acquired from the masking information acquired in step S906 out of the form data acquired in step S904 into empty characters (step S907). As a result, it is possible to eliminate the possibility of information leakage by transmitting data that is not scheduled to be displayed to the login user to the client PC 102. For example, when the masking information as shown in FIG. 5D is acquired in step S906, the data present in the rectangle represented by the upper left coordinates (53, 108) and the lower right coordinates (301, 449), that is, If all the data in the area of the card number column is converted to an empty character and the masking information as shown in FIG. 5E is acquired in step S906, the upper left coordinates (53, 108), the lower right coordinates (301, 449). ) In the rectangle (card number field area) as well as in the rectangle (phone number field area) represented by upper left coordinates (512, 108) and lower right coordinates (767, 449). All data is also converted to empty characters.

  Here, the data conversion in this process is conversion to the empty character, but it is not limited to this as long as the possibility of information leakage can be eliminated. For example, it may be converted to “*” instead of the empty character. .

  Next, the form server 100 transmits the form data after completion of the conversion in step S907 and all the masking information acquired in step S905 to the client PC 102 (step S908).

  Thereafter, in step S909, the client PC 102 creates a form image based on the form data transmitted from the form server 100, displays the form image on the display unit, and ends the present process. For example, when the masking information acquired in step S905 is as shown in FIG. 5D, the “card number” having “5” which is a value greater than the log-in user's form reference security level “4”. A form image (FIG. 10A) in which the area is masked is displayed on the display unit of the client PC 102. If the masking information acquired in step S905 is as shown in FIG. 5E, the “card number” having “5” which is a value greater than the document reference security level “3” of the login user. A form image (FIG. 12A) in which the area and the area of “phone number” having “4” are masked is displayed on the display unit of the client PC.

  According to the processing of FIG. 9, the form server 100 acquires all of the form data (step S904) and the masking information of which the file name is selected by the user on the client PC 102 (step S905). All the data existing in the area where the reference security level in the masking information is higher than the reference security level set in advance for the login user is converted to an empty character (step S907), and the converted form data is converted into the client PC 102. (Step S908), information leakage from a non-public area in the form can be reliably prevented.

  FIG. 11 is a flowchart showing a procedure of additional masking processing executed by the client PC 102 and the form server 100.

  Hereinafter, the additional masking process refers to a process of adding a masking area converted with a null character to a form image displayed on the client PC 102.

  In FIG. 11, after the form display of FIG. 9 is performed (step S1101), when the login user presses the “additional mask” button (YES in step S1102), the masking information transmitted in step S908 of FIG. Based on the above, an area where “additional mask” can be performed (hereinafter referred to as “additional mask candidate area”) is displayed on the display unit of the client computer (step S1103). For example, if the masking information acquired in step S905 of FIG. 9 is as shown in FIG. 5C, the area information other than the already masked area, specifically, the upper left coordinates (512, 108), the right The rectangle represented by the lower coordinates (767, 449), the upper left coordinates (767, 108), and the background of the area represented by the lower right coordinates (943, 449) are colored as shown in FIG. It is displayed so that the user can recognize it as an area where additional masking processing can be performed. If the masking information acquired in step S905 in FIG. 9 is as shown in FIG. 5E, the background of the area represented by the upper left coordinates (767, 108) and the lower right coordinates (943, 449) is shown. It is colored as shown in 12 (b).

  Next, when there is an area designated by the login user among the additional mask candidate areas displayed in step S1102, the client PC 102 converts the data in the designated area into an empty character. A form image is created and displayed on the display unit (step S1105), and this process ends.

  According to the processing in FIG. 11, the form server 100 transmits all the masking information at the same time when transmitting the form data to the client PC 102 in step S908 in FIG. it can.

  Here, in this process, all the masking information acquired in step S905 is transmitted to the client PC 102 together with the converted form data in advance, but when performing the form display process, as shown in step S1301 of FIG. In addition, only the converted form data is transmitted together with the form information and page definition information, and only the masking information necessary for the additional masking process is separately transmitted as shown in steps S1401 and S1402 of FIG. To the client PC 102. As a result, the amount of data transmitted in step S1301 can be reduced compared to the amount of data transmitted in step S908, and the form data for which the client PC 102 has made a reference request to the form server 100 is displayed promptly. In addition, when the “additional mask” button is pressed on the client PC 102 (YES in step S1102), the additional masking process can be reliably performed by acquiring the masking information from the form server 100.

  FIG. 15 is a flowchart illustrating a procedure of time limit masking processing executed by the client PC 102 and the form server 100. Here, the time limit masking process means that after the logged-in user displays the form data including the confidential data on the client PC, the logged-in user leaves the seat and the form data is displayed on the client PC for a certain period of time. In some cases, this is a process aimed at not showing the confidential data to a third party.

  In FIG. 15, after the form display process of FIG. 9 is first performed (step S1501), when there is no user operation for a certain time (YES in step S1502), all the masking information transmitted in step S908 of FIG. A form image obtained by additionally masking the data of the area included in (converted into empty characters) is created and displayed on the display unit (step S1503). Here, for example, the reference security level set for the entire form data is “2”, the form reference security level of the login user is “4”, the reference security level of the masking rectangle set in the card number field is “5”, The reference security level of the masking rectangle set in the telephone number column is “4”, the reference security level of the masking rectangle set in the account number column is “3”, and the time limit masking is security level “2”. If it is set in advance to be applied to an area having a larger value, in step S1501, an area of “card number” having “5” which is a value greater than the log-in user's form reference security level “4”. A form image is displayed on the display with masking applied to the In-up S1503, masking is additionally also for the region of the "phone number" or "account number".

  Thereafter, when any user operation is performed on the display unit of the client PC 102 (YES in step S1504), the client PC 102 displays a password input screen for releasing additional masking for the time limit masking area on the display unit in step S1503. (Step S1505).

  When there is a user input of a password on this input screen (YES in step S1506), the form server 100 determines whether or not the password input by the user is correct (step S1507). When the process is repeated and the result is correct, the client PC 102 displays the same form image as the form image displayed in step S1501 on the display unit (step S1508), and ends this process.

  According to the processing in FIG. 15, the client PC 102 displays the form data transmitted from the form server 100 (step S1501), and then when a predetermined period has passed without any user operation on the form data (in step S1502). (YES) Since a form image with additional masking is created and displayed (step S1503), the time limit masking process can be performed reliably.

  Here, in step S1501 of this process, all the masking information acquired in step S905 is transmitted to the client PC 102 together with the converted form data. However, when performing the form display process, step S1301 in FIG. As shown in FIG. 16, only the converted form data is transmitted together with the form information and page definition information, and only the masking information necessary for the time limit masking process is shown in steps S1601 and S1602 in FIG. Alternatively, it may be transmitted from the form server 100 to the client PC 102. As a result, the amount of data transmitted in step S1301 can be reduced compared to the amount of data transmitted in step S908, and the form data for which the client PC 102 has made a reference request to the form server 100 is displayed promptly. In addition, when there is no operation until a certain time after the form data is displayed on the client PC 102 (YES in step S1502), the time limit masking process can be surely performed by obtaining the masking information from the form server 100. .

  FIG. 17 is a flowchart illustrating a procedure of search processing executed by the client PC 102 and the form server 100.

  In FIG. 17, after the form display process executed in FIG. 9 or FIG. 13 is performed (step S1701), the login user specifies the search target area from the form image displayed on the display unit of the client PC 102 (step S1701). When the search condition (type of search data (characters, numerical values), number of search pages, etc.) is input thereafter (YES in step S1703), the form server 100 masks the form data selected by the user. Information having a security level value higher than the reference security level of the login user is acquired from the list (step S1704).

  Next, the form server 100 acquires search rectangle data designated by the user in step S1702 (step S1705), and searches the acquired data for a search condition that matches the search condition input by the user in step S1703. Then, a coordinate list including the position coordinates of the retrieved data is acquired (step S1706), and the position coordinates of the retrieved data are obtained from the information acquired in step S1704 from the position coordinates of the acquired coordinate list. Items included in the area are deleted (step S1707). Thereafter, the form server 100 transmits this deleted coordinate list to the client PC 102 (step S1708).

  Based on the coordinate list transmitted in step S1708, the client PC displays the position of the character string or the like that meets the search condition on the form image (step S1709), and ends this process.

  According to the processing in FIG. 17, the form server 100 searches the form data from the form data when the client PC 102 inputs a search condition in a predetermined area of the form data (YES in step S1703). (Step S1705), a position coordinate list of the searched one is acquired (Step S1706), and an area obtained from the masking information having a security level value higher than the reference security level of the logged-in user in the acquired coordinate list. Since the included list is deleted (step S1707) and the coordinate list is transmitted to the client PC 102 (step S1708), it is found that there is an inconsistency that data in a private area that cannot be referred to by the login user is hit in the search process. Can be prevented.

  In the above description, the method of performing the masking process on the area of the form data where the reference restriction is applied to the login user has been described. However, the present invention is not limited to this, and the form data transmitted from the form server 100 is not limited thereto. On the other hand, the same masking process can be performed for the portion where the login user is restricted in printing and export.

  Another object of the present invention is to supply a storage medium (or recording medium) on which a program code of software that realizes the functions of the above-described embodiments is recorded to a system or apparatus, and the computer (or CPU or CPU) of the system or apparatus Needless to say, this can also be achieved by the MPU) reading and executing the program code stored in the storage medium.

  In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the program code constitutes the present invention.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an operating system (OS) running on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Further, after the program code read from the storage medium is written in a memory provided in a function expansion card inserted into the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. It goes without saying that the CPU or the like provided in the card or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  The above-described program only needs to be able to realize the functions of the above-described embodiments by a computer, and the form includes forms such as object code, a program executed by an interpreter, and script data supplied to the OS. But you can.

  As a recording medium for supplying the program, for example, RAM, NV-RAM, floppy (registered trademark) disk, optical disk, magneto-optical disk, CD-ROM, MO, CD-R, CD-RW, DVD (DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), magnetic tape, non-volatile memory card, other ROM, etc. may be used as long as they can store the above programs. Alternatively, the program is supplied by downloading from another computer or database (not shown) connected to the Internet, a commercial network, a local area network, or the like.

1 is a block diagram schematically showing a configuration of an electronic form system according to a first embodiment of the present invention. It is a block diagram which shows roughly the hardware constitutions of the form server of FIG. It is a flowchart which shows the procedure of the masking setting process performed by client PC and a form server. It is a flowchart which shows the procedure of the masking rectangle setting process of step S307 of FIG. It is a figure which shows the example of the masking information acquired by step S402 of FIG. It is a figure which shows the item of the masking information of FIG. FIG. 5 is a diagram of a form image displayed by the processing of FIG. 4, where (a) shows a case where it is displayed in step S404 and (b) shows a case where it is displayed in step S405. FIG. 5 is a diagram showing a masking rectangle property setting screen displayed in step S406 of FIG. 4. It is a flowchart which shows the procedure of the form display process performed by client PC and a form server. It is a figure of the form image displayed with a client PC, (a) shows the case where it displays by a form display process, (b) shows the case where it displays by an additional masking process. It is a flowchart which shows the procedure of the additional masking process performed by client PC and a form server. The form image displayed on the client PC is shown. (A) is displayed when the form is displayed, and (b) is displayed when the additional masking process is displayed. It is a flowchart which shows the procedure of the modification of the form display process of FIG. It is a flowchart which shows the procedure of the modification of the additional masking process of FIG. It is a flowchart which shows the procedure of the time limit masking process performed by client PC and a form server. It is a flowchart which shows the procedure of the modification of the time limit masking process of FIG. It is a flowchart which shows the procedure of the search process performed by client PC and a form server.

Explanation of symbols

1 Electronic form system 103 Network 100 Form server 101 Client PC
102 Client PC
104 Data file 105 Masking information storage unit 106 User / form information storage unit

Claims (11)

In an electronic form system including a server that transmits form data to be held in response to a reference request from a client,
The server puts predetermined characters in one area whose reference security level is higher than the access authority level of the terminal user of the client among the masking rectangular areas set in advance for the form data requested to be referred to. An electronic form system that inserts and transmits the form data to the client.   The electronic form system according to claim 1, wherein the server simultaneously transmits all information of the masking rectangular area when transmitting the form data to the client.   The client makes the masking rectangular area included in all the received information invisible when a predetermined period elapses without any user operation on the form data after displaying the sent form data. The electronic form system according to claim 2.   The electronic form system according to claim 1, wherein the server transmits all information of the masking rectangular area when an acquisition request is received from the client.   5. The client according to claim 4, wherein after the display of the transmitted form data, the client transmits the acquisition request to the server when a predetermined period elapses without any user operation on the form data. Electronic form system. The server, when there is a search request for a predetermined search condition for the form data from the client, searches the form data for a search condition that matches the search condition, and uses the position information of the searched item as a search result. A search result transmitting means for transmitting to the client;
The electronic form system according to any one of claims 1 to 5, wherein the search result transmitting unit deletes position information of the transmitted position information within the one area. .   The electronic form system according to claim 1, wherein the predetermined character is an empty character. In a masking method of an electronic form system including a server that transmits form data to be held in response to a reference request from a client,
The server puts predetermined characters in one area whose reference security level is higher than the access authority level of the terminal user of the client among the masking rectangular areas set in advance for the form data requested to be referred to. A masking method comprising inserting and transmitting form data. In the server that sends the form data to be held in response to the reference request from the client,
Among the masking rectangular areas set in advance for the form data requested to be referred to, a predetermined character is inserted into one area whose reference security level is higher than the access authority level of the client terminal user. A server characterized by transmitting form data. In a program for executing, by a computer, a masking method of an electronic form system provided with a server that transmits form data to be held in response to a reference request from a client.
The server puts predetermined characters in one area whose reference security level is higher than the access authority level of the terminal user of the client among the masking rectangular areas set in advance for the form data requested to be referred to. A program that inserts and transmits form data.   A computer-readable storage medium storing the program according to claim 10.

Images