JP2009075922A - Server device, terminal device, leakage protection system for taken-out information, server processing program, and terminal processing program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a leakage protection system for taken-out information, which effectively protects information taken out from a server device from leaking without necessity of always connecting to the server device. <P>SOLUTION: A server device 10 sets definition information [A] 14a' for leakage protection in which an available time period and an action (leakage protection measure) when the available time period elapses, in association with data [A] 14a to be stored in a database 14 of the server device 10. When a terminal device 20 on a network N makes access to the database 14 of the server device 10 and obtains the data [A] 14a, the terminal device 20 also obtains the definition information [A] 14a' together with the data [A] 14a and stores them relating to an information acquisition date and time 14at. When a file [A] 24a of the data [A] 14a obtained by the terminal device 20 is stored in an external memory 28a, taken out, and read by an external terminal device 20', if an elapsed time period from the information acquisition date and time 14at to the present date and time exceeds the available time period for the definition information [A] 14a', the data [A] 14a are erased according to the action information defined above, and made readout impossible. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a server device, a terminal device, an external take-out information leakage prevention system, a server processing program, and a terminal processing program for preventing leakage of information when a file generated by the server device is taken outside.

  In recent years, information generated or stored and managed by a personal computer (PC) is recorded on an external storage medium such as a CD-ROM or USB memory, taken out, and read and used on another external PC. However, in such a case, how to eliminate leakage of highly confidential information is an important issue.

On the other hand, setting confidential information that is acquired from the server device to the terminal device and displayed by the browser while the server device and the terminal device of the user authenticated by the server device are connected via the network. A leakage prevention system that prevents leakage of confidential information managed by the server device by making it possible to display only within the limited viewing time limit has been considered (for example, see Patent Document 1). ).
JP 2003-114603 A

  In the conventional system for preventing leakage of confidential information, the server device sets a browsing time limit for the confidential information displayed by the browser on the terminal device when the authenticated terminal device is connected to the server device. It is managed to prevent leakage of confidential information by prohibiting browsing more than necessary.

  However, when the confidential information displayed and browsed on the terminal device is recorded on an external storage medium such as a CD-ROM or a USB memory as described above, the confidential information is read and used by another external PC. Since it can be freely read and displayed without being restricted by the server device, it can be recorded on another external recording medium and taken out. There is a problem that the leak prevention system cannot handle.

  The present invention has been made in view of such a problem, and a server device and a terminal device that can effectively prevent leakage of information taken out from the server device without being always connected to the server device. An object of the present invention is to provide a leakage prevention system, server processing program, and terminal processing program for external carry-out information.

  The server device according to claim 1 is a data storage means for storing data, and a definition describing a usable time of the data and a measure for preventing leakage in association with the data stored by the data storage means Definition information setting means for setting and storing information, and in response to a request from a communication-connected terminal device, the data stored by the data storage means is associated with the data for the requesting terminal device Request data transmitting means for transmitting together with the defined definition information.

  The server device according to claim 2 is the server device according to claim 1, wherein the definition information setting unit correlates with the data stored by the data storage unit, and the available time and leakage of the data. It is characterized by setting and storing definition information in which the measures for prevention are described in a plurality of stepwise sets.

  The server device according to claim 3 is the server device according to claim 1, wherein the definition information setting unit correlates with the data stored by the data storage unit, and the available time and leakage of the data. It is characterized in that definition information describing a measure for prevention and a data unit to be leaked is set and stored.

  According to a fourth aspect of the present invention, there is provided the terminal device according to the data stored by the server device, together with definition information describing an available time of the data associated with the data, a measure for preventing leakage, and an acquisition date and time of the data. Data acquisition means to be acquired, elapsed time calculation means for calculating an elapsed time from the acquisition date and time of the data associated with the data in accordance with reading of the data acquired by the data acquisition means, and the elapsed time calculation An elapsed time judging means for judging whether or not an elapsed time from the date and time of acquisition of the data calculated by the means exceeds an available time described in the definition information of the data, and the elapsed time judging means Described in the definition information when it is determined that the elapsed time from the acquisition date has exceeded the available time described in the definition information of the data And treatment execution means for executing the treatment for prevention mode, is characterized by comprising a.

  The terminal device according to claim 5 is the terminal device according to claim 4, wherein time measuring means for measuring the current time, and time adjusting means for adjusting the current time measured by the time measuring means to the reference time. And the elapsed time calculating means is adapted to read the data acquired by the data acquiring means, and from the date and time of acquisition of the data associated with the data, The elapsed time until the time is calculated.

  The terminal device according to claim 6 is the terminal device according to claim 5, wherein the time adjustment unit includes a reference time receiving unit that receives a reference time from a time server connected to the communication. The present invention is characterized in that the current time measured by the time measuring means is adjusted to the reference time received from the time server by the time receiving means.

  The terminal device according to claim 7 is the terminal device according to claim 5, wherein the time adjustment means includes reference time receiving means for receiving a reference time from a radio-controlled timepiece, and the reference time receiving means The present invention is characterized in that the current time measured by the time measuring means is adjusted to the reference time received from the radio timepiece.

  The terminal device according to claim 8 is the terminal device according to any one of claims 4 to 7, wherein the definition information is a step-by-step process for preventing data leakage and leakage. A plurality of sets of definition information described above, and the elapsed time determination means includes a plurality of times in which the elapsed time from the date and time of acquisition of the data calculated by the elapsed time calculation means is described in the definition information of the data It is determined in a stepwise manner whether or not the available time has been exceeded, and the action executing means can use a plurality of available times described in the definition information of the data by the elapsed time judging means. When it is determined that the time has been exceeded in stages, a plurality of measures for preventing leakage described in the definition information are executed in stages.

  The terminal device according to claim 9 is the terminal device according to any one of claims 4 to 7, wherein the definition information includes data availability time and measures for preventing leakage and leakage prevention. The definition information describing a target data unit, and the action execution unit determines that the elapsed time from the acquisition date of the data exceeds the available time described in the definition information of the data by the elapsed time determination unit In this case, the leakage prevention process described in the definition information is executed for each leakage prevention target data unit.

  The leakage prevention system for external take-out information according to claim 10 is a leakage prevention system for external take-out information comprising a server device and a terminal device, wherein the server device includes data storage means for storing data, and the data storage A definition information setting means for setting and storing definition information describing the available time of the data and a measure for preventing leakage in association with the data stored by the means, and a request from a terminal device connected via communication And a request data transmitting means for transmitting the data stored by the data storage means together with the definition information associated with the data to the requesting terminal device, the terminal device comprising: The data stored by the server device is described in terms of the usable time of the data associated with the data and the measures for preventing leakage. A data acquisition unit that acquires information and the date and time of acquisition of the data, and an elapsed time for calculating an elapsed time from the acquisition date and time of the data associated with the data when the data acquired by the data acquisition unit is read A calculating means, an elapsed time judging means for judging whether or not an elapsed time from the acquisition date and time of the data calculated by the elapsed time calculating means exceeds an available time described in the definition information of the data, and When the elapsed time determination means determines that the elapsed time from the date and time of acquisition of the data has exceeded the available time described in the definition information of the data, take measures for preventing leakage described in the definition information. It is characterized by comprising treatment executing means for executing.

  A server processing program according to claim 11 is a server processing program for controlling a computer of a server device, wherein the computer stores data in a memory and data stored by the data storage unit. In response to a request from a communication-connected terminal device, definition information setting means for setting and storing definition information describing the available time of the data and a measure for preventing leakage in association with the request source The terminal device is made to function as request data transmission means for transmitting data stored in the data storage means together with the definition information associated with the data.

  A terminal processing program according to claim 12 is a terminal processing program for controlling a computer of a terminal device, wherein the computer uses the data associated with the data stored in the server device. Definition information describing possible time and measures for preventing leakage, data acquisition means to be acquired together with the acquisition date and time of the data, and the data associated with the data when the data acquired by the data acquisition means is read Elapsed time calculating means for calculating the elapsed time from the acquisition date and time, whether or not the elapsed time from the acquisition date and time of the data calculated by the elapsed time calculation means exceeds the available time described in the definition information of the data An elapsed time determining means for determining whether or not the elapsed time from the acquisition date of the data by the elapsed time determining means If it is determined that exceeds the available time described in the definition information of the data, it is characterized in that to function as a treatment executing means for executing the treatment for preventing leakage described in the definition information.

  According to the present invention, there is no need to always connect to a server device, and it is possible to effectively prevent leakage of information taken out from the server device, a terminal device, a system for preventing leakage of external carry-out information, A server processing program and a terminal processing program can be provided.

  Embodiments of the present invention will be described below with reference to the drawings.

(First embodiment)
FIG. 1 is a block diagram showing a configuration of a server / client system according to an embodiment of a system for preventing leakage of externally taken information according to the present invention.

  In this server / client system, for example, a server device 10 and a plurality of terminal devices (client) 20,... Connected on a network N consisting of an in-house LAN (Local Area Network) or a WAN (Wide Area Network), and further outside the company. A terminal device 20 ′ disconnected from the network N by being taken out is provided.

  The server device 10 has a plurality of application programs that function by operating the main body of the server device 10 such as a document creation processing program, a spreadsheet processing program, a presentation material creation program, a mail processing program, an Internet connection processing program, and a Web display program. In addition, various data files including confidential information generated based on the operation of the main body and various data files including confidential information collected from each terminal device 20 on the network N are stored in a data base (RAM). ) 14 has a file management program for storage management.

  In the server device 10, a data file stored in the data base (RAM) 14 by the file management program is managed by associating the definition information [A] 14a ′ for preventing leakage with the data body [A] 14a, for example. Therefore, the definition information [A] 14a ′ includes leakage prevention target information indicating whether or not the corresponding data body [A] 14a includes leakage prevention target data, the data body [A] ] The available time information indicating the available time from the point in time when 14a is taken outside (for example, outside the company) in minutes, the action of the data body [A] 14a when the available time is exceeded (for example, “ Action information indicating “delete”) and target data information indicating the target data of the treatment based on the action information by data name.

  The terminal device 20 (20 ′) is composed of, for example, an ordinary PC (Personal Computer), and includes a document creation processing program, a spreadsheet processing program, a presentation material creation program, a mail processing program, an Internet connection processing program, a Web display program, etc. It has a plurality of application programs that function by operating the main body of the terminal device 20, and also has a server access program for accessing the data base (RAM) 14 of the server device 10 to save / read various data.

  In this terminal device 20, when, for example, the data body [A] 14a is read from the data base 14 of the server device 10, definition information [A] 14a ′ for preventing leakage associated with the data body [A] 14a. Are read together and stored in the internal memory as a data file [A] 24a associated with the information acquisition date 14at when the data is read.

  The data file [A] 24a stored in the internal memory of the terminal device 20 is copied and taken out to an external storage medium (28a) such as a CD-ROM or USB memory, and used in the external terminal device 20 '. Is possible.

  At this time, in the external terminal device 20 ′, when the data file [A] 24a stored in the external storage medium (28a) is read and used, the elapsed time from the information acquisition date 14at is compared with the current date and time. Is calculated by When the elapsed time from the information acquisition date 14at exceeds the available time (minutes) in the definition information [A] 14a ′ of the data file [A] 24a, the data [A ] 14a is executed, and the action “deletion” described in the action information is executed to prevent leakage of the data [A] 14a.

  As a result, for example, the data body [A] 14a as confidential information read out from the data base 14 of the server device 10 in the company to the terminal device 20 and stored in the external storage medium (28a) is protected from leakage. can do.

  FIG. 2 is a block diagram showing a circuit configuration of the server apparatus 10 in the server / client system.

  The server device 10 includes a CPU 11 as a computer, and a ROM 13, a RAM 14, a frame buffer RAM 15, and a display device 16 are connected to the CPU 11 via a bus 12.

  In addition, a communication I / F (interface) 19 with a key input device 17 such as a keyboard and a mouse, an external storage device 18a, an auxiliary storage device 18b, a terminal device 20,. .

  The CPU 11 controls the operation of each part of the circuit by using the RAM 14 as a working memory in accordance with a system program or various application programs stored in the ROM 13 in advance, via a key input signal from the key input device 17 or a communication I / F 19. The various programs are activated and executed in response to a processing request signal or the like corresponding to a user operation from the terminal device 20 received.

  FIG. 3 is a block diagram showing a circuit configuration of the terminal device 20 (20 ′) in the server client system.

  The terminal device 20 (20 ′) includes a CPU 21 as a computer, and a ROM 23, a RAM 24, and a frame buffer RAM 25 are connected to the CPU 21 via a bus 22. The drawing data written in the frame buffer RAM 25 is output to the display device 26 and displayed.

  Further, a key input device 27 such as a keyboard and a mouse, an external storage device 28a, an auxiliary storage device 28b, and a communication I / F (interface) 29 with the server device 10 are connected to the CPU 21 via a bus 22.

  The CPU 21 controls the operation of each part of the circuit by using the RAM 24 as a working memory in accordance with a system program and various application programs stored in advance in the ROM 23. The CPU 21 controls the various applications according to key input signals from the key input device 27. The program is started and executed.

  The terminal device 20 (20 ′) has a date / time data acquisition function based on the clock signal output from the CPU 21. However, the terminal device 20 (20 ′) can always acquire accurate date / time data by providing the radio clock circuit 30. It is good also as a structure.

  Next, the leakage prevention function of external take-out information of the first embodiment in the server client system having the above configuration will be described.

  Here, after data [A] 14a, which is confidential information stored in the data base 14 of the in-house server device 10, is read by the terminal device 20 on the in-house network N, an external storage medium such as a USB memory ( 28a) will be described for prevention of leakage when stored and taken out and used by the external terminal device 20 '.

  FIG. 4 is a flowchart showing a server data transmission process for transmitting data in response to a request from the terminal device 20 in the server device 10 of the server client system.

  FIG. 5 is a flowchart showing a terminal data acquisition process for acquiring specified data from the server device 10 in the terminal device 20 of the server client system.

  When the terminal device 20 performs an access process to the data base 14 of the server device 10 in response to a user operation (step A1), an authentication request for the terminal device 20 is transmitted to the server device 10 (step A2).

  When the server device 10 receives the authentication request from the terminal device 20 (step S1), an authentication process is performed based on the ID number of the terminal device 20 (step S2), and the authentication result is the terminal device 20. (Step S3).

  When the terminal device 20 receives the authentication result from the server device 10 and determines that the authentication is OK (step A3 (Yes)), the data [A] to be read is specified according to the user operation. A read request for data [A] is transmitted to the server device 10 (step A4).

  When the server device 10 confirms the data [A] 14a in the data base 14 as the request data in response to the read request of the designated data [A] from the terminal device 20 (step S4), this data [A] 14a is encrypted (step S5), and then transmitted to the data requesting terminal device 20. At this time, the data [A] 14a is transmitted to the terminal device 10 together with the leakage prevention definition information [A] 14a 'stored and managed in association with the data [A] 14a (step S6).

  Then, when the terminal device 20 receives the data [A] 14a and the definition information [A] 14a ′ transmitted from the server device 10, the data [A] 14a and the definition information [A] 14a ′ are received. The current date and time is added as the information acquisition date and time 14at, and the file [A] 24a is stored in the RAM 24 or the auxiliary storage device 28a (step A6).

  Thereby, in the terminal device 20, the data [A] 14a read from the server device 10 is stored as a file [A] 24a in which the definition information [A] 14a ′ and the information acquisition date and time 14at are associated with each other, and the USB memory It can be taken out by being stored in the external storage medium (28a).

  FIG. 6 shows a terminal data reading process for reading and using the data file [A] 24a saved and taken out in the external storage medium (28a) in the terminal device 20 ′ outside the server / client system. It is a flowchart.

  When an external storage medium (28a) in which the data file [A] 24a is stored is loaded in the external terminal device 20 ′ and the data file [A] 24a is read, the terminal data reading process in FIG. First, time adjustment processing (see FIGS. 7A and 7B) is executed (step BC).

  As will be described in detail later, this time adjustment process is a process for accurately adjusting the current date and time that is time-measured by the current date and time function built in the terminal device 20 '. In a state where it is not determined that the process has been normally completed while being set to “NG” (Step B1 (No)), it is processed as a time adjustment error (Step B2), and the current terminal data reading process is terminated. .

  When it is determined that the time adjustment flag is set to “OK” and the time adjustment processing is normally completed (step B1 (Yes)), the time adjustment flag is stored in the external storage medium 28a attached to the terminal device 20 ′. From the stored data file [A] 24a, the data [A] 14a, the definition information [A] 14a 'for preventing leakage, and the information acquisition date 14at are read into the RAM 24 (steps B3 and B4).

  Here, according to the leakage prevention target information (OFF) described in the definition information [A] 14a ′ read into the RAM 24, the data [A] 14a is not leakage prevention target information (critical information). If it is determined (step B5 (No)), the encryption of the data [A] 14a is released (step B6), and displayed on the display device 26, for example, and output (step B7).

  On the other hand, according to the leakage prevention target information (ON) described in the definition information [A] 14a ′ read into the RAM 24, it is determined that the data [A] 14a is leakage prevention target information (critical information). If it is determined (step B5 (Yes)), the elapsed time from the information acquisition date and time 14at to the current date and time accurately adjusted in the time adjustment process is calculated (step B8), and the elapsed time is the leakage prevention. It is determined whether or not the available time (minutes) described in the definition information [A] 14a ′ for use is exceeded (step B9).

  Here, it is determined that the elapsed time from the information acquisition date 14at of the data [A] 14a read from the external storage medium (28a) is within the available time set in the data [A] 14a. In this case (step B9 (No)), the encryption of the data [A] 14a is released (step B6), and displayed on the display device 26, for example, and output (step B7).

  On the other hand, in step B9, the available time set in the data [A] 14a exceeds the time elapsed from the information acquisition date 14at of the data [A] 14a read from the external storage medium (28a). If it is determined (step B9 (Yes)), the data [A] 14a is erased according to the action information “erasure” described in the definition information [A] 14a ′ for preventing leakage, and the display or the like is output. Cannot be performed (step B10).

  As a result, the confidential information data [A] 14a read from the server device 10 to the terminal device 20 on the network N is stored in the external storage medium (28a) and taken out and read by the external terminal device 20 '. Even if an attempt is made to use the data [A], if it exceeds the available time described in the leakage prevention definition information [A] 14a ′ set in association with the data [A] 14a, the data [A ] 14a is erased and set to be unusable, so that it is possible to prevent the external storage medium (28a) from leaking information to a malicious third party.

  FIG. 7 is a flowchart showing a time adjustment process associated with the terminal data reading process of the external terminal device 20 ′. FIG. 7A is a flowchart when a time server on the communication network N is used. B) is a flowchart in the case of using the radio timepiece (30) provided in the terminal device 20 ′.

  As shown in FIG. 7A, in the time adjustment process [1] (step BC1) when using a time server on the communication network N, first, the current date and time information that is established on the communication network N and is always accurate is firstly displayed. The access process for the distributed time server is executed a predetermined number of times (step C11).

  If it is determined that the access to the time server is OK (step C12 (Yes)), the current date and time processed by the current date and time function built in the terminal device 20 ′ is the current access time. The correct date and time (time) received from the time server is set (step C13). Then, a time adjustment flag indicating that this time adjustment processing has been completed normally is set to “OK” (step C14).

  As shown in FIG. 7B, in the time adjustment process [2] (step BC2) when the radio timepiece (30) provided in the terminal device 20 ′ is used, first, in the radio timepiece circuit 30, the reference time transmission station The reception process of the time signal radio wave transmitted from is executed a predetermined number of times (step C21).

  In this radio clock circuit 30, when the time signal radio wave from the reference time transmitting station is normally received and judged to be “OK” (step C22 (Yes)), the current date incorporated in the terminal device 20 ′. The current date and time measured by the clock function is set to the exact date and time (time) received by the radio clock circuit 30 (step C23). Then, a time adjustment flag indicating that this time adjustment processing has been completed normally is set to “OK” (step C24).

  Accordingly, when the terminal data reading process in FIG. 6 is performed in the external terminal device 20 ′, the current date and time measured by the current date / time function built in the terminal device 20 ′ is displayed. Accurate time can always be set, and the elapsed time from the information acquisition date 14at of the data [A] 14a, which is confidential information read from the external storage medium (28a), to the current time can be accurately calculated. Therefore, it is possible to perform highly reliable leakage prevention processing of externally taken-out information without being influenced by, for example, the malicious operation of changing the time of the time by the built-in time measurement function.

  Therefore, according to the external take-out information leakage prevention function of the first embodiment having the above configuration, the data [A] 14a is associated with the data [A] 14a stored in the data base 14 of the server device 10. Leakage prevention definition information [A] 14a ′ describing the available time information and action (leakage prevention measure) information when the available time is exceeded is set. When the terminal device 20 on the communication network N accesses the data base 14 of the server device 10 and acquires the data [A] 14a, the definition information [A] 14a ′ for preventing leakage is also included. Both are acquired and stored as a file [A] 24a in which the information acquisition date 14at at that time is associated. When the file [A] 24a of the data [A] 14a acquired by the terminal device 20 is stored in the external storage medium (28a) and taken out and read by the external terminal device 20 ', the information acquisition date and time 14at to the current date and time are stored. When the available time described in the definition information [A] 14a ′ is exceeded, the action time (leakage prevention measure) information described in the definition information [A] 14a ′ is used. The data [A] 14a is erased and cannot be read out.

  For this reason, the confidential information data [A] 14a read from the server device 10 to the terminal device 20 on the network N is stored in the external storage medium (28a) and taken out and read by the external terminal device 20 '. Even if an attempt is made to use the data [A], if it exceeds the available time described in the leakage prevention definition information [A] 14a ′ set in association with the data [A] 14a, the data [A ] Since the leakage prevention measure is applied to 14a, it is possible to prevent the external storage medium (28a) from leaking information to a malicious third party.

  In the first embodiment, the leakage prevention definition information [A] 14a ′ set in association with the data [A] 14a serving as confidential information is a leakage indicating whether the data is a leakage prevention target data. Along with the prevention target information, a set of the available time information from the time when the data [A] 14a is taken outside and the action (leakage prevention measure) information when the available time is exceeded, are described as one set. When one available time described was exceeded, the same leakage prevention measure was taken. On the other hand, as will be described in the external take-out information leakage prevention function of the second embodiment below, a plurality of types (n stages) of usable time information and different actions when the respective usable times are exceeded ( (Leakage prevention treatment) Information is described and stepwise leakage prevention treatment is performed, and the data to be treated is DB name “data A” indicating the entire data [A] 14a, or a schema name “Schema B” therein. ”Or the table name“ table C ”may be described, and a leakage prevention measure may be performed in a selective data unit.

(Second Embodiment)
FIG. 8 shows the content of the definition information [B] 14b set in association with the confidential information stored in the data base 14 of the server device 10 in the leakage prevention system according to the second embodiment of the present invention. FIG.

  In the second embodiment, for example, the definition information [B] 14b as shown in FIG. 8 is set in association with the data [A] 14a stored in the data base 14 of the server apparatus 10 in FIG. To do.

  The definition information [B] 14b of the second embodiment includes, for example, leakage prevention target information indicating whether the corresponding data [A] 14a includes leakage prevention target data by ON / OFF, and the data [A] 14a. .., Which indicates the staged available time from the time when is taken out to the outside (for example, outside the company), and exceeds this staged available time 1, 2, 3,. .., Step-wise leakage prevention action action information 1, 2, 3,... Related to the data [A] 14a, and data [A for leakage prevention treatment according to the action information 1, 2, 3,. ] Is composed of target data unit information indicating, for example, a DB name “data A”, a schema name “schema B”, or a table name “table C”.

  Specifically, the action information 1 (warning), 2 (when the available time 1 (60 min), 2 (180 min), 3 (24 hour), the available time 1, 2, 3,. (Not displayed), 3 (erased), and the target data unit is [Database A] meaning the whole of the data [A] 14a, or [Schema B] meaning the schema B therein, or Is selectively set as [Table C] or the like, which means Table C.

  FIG. 9 shows a terminal according to the second embodiment for reading and using the data file [A] 24a saved and taken out in the external storage medium (28a) in the terminal device 20 ′ outside the server / client system. It is a flowchart which shows a data reading process.

  In the terminal data reading process of the second embodiment, the time adjustment process (step BC) and the related processes (steps B1 and B2) executed at the initial stage of the start-up are the same as those in the first embodiment (see FIG. 7). ), The description thereof is omitted.

  First, in the time adjustment process (step BC), the time adjustment flag is set to “OK”, and when it is determined that the time adjustment is normally completed (step B1 (Yes)), the time adjustment flag is attached to the terminal device 20 ′. From the data file [A] 24a stored and saved in the external storage medium 28a, the data [A] 14a, definition information [B] 14b for preventing leakage thereof (see FIG. 8), and the information acquisition date 14at are read into the RAM 24. (Steps D1, D2).

  Here, according to the leakage prevention target information (OFF) described in the definition information [B] 14b read into the RAM 24, it is determined that the data [A] 14a is not leakage prevention target information (critical information). If it has been done (step D3 (No)), the encryption of the data [A] 14a is released (step D4), and displayed on the display device 26, for example, and outputted (step D5). In this case, since it is determined in step D3 that the data [A] 14a is not the information to be leaked (secret confidential information), the information described in the definition information [B] 14b can be used. The time information is ignored (step D6 (No)), and the reading of the data [A] 14a and its output process are terminated.

  On the other hand, according to the leakage prevention target information (ON) described in the definition information [B] 14b (see FIG. 8) read into the RAM 24, the data [A] 14a is subject to leakage prevention target information (critical information). Is determined (step D3 (Yes)), the elapsed time from the information acquisition date and time 14at to the current date and time accurately adjusted in the time adjustment process is calculated (step D7), and the elapsed time Is determined to have exceeded one of the three levels of usable time 1, 2, 3 described in the definition information [B] 14b for preventing leakage (see FIG. 8) (step D5).

  Here, regarding the elapsed time from the information acquisition date and time 14at of the data [A] 14a read from the external storage medium (28a), the three available times 1, 2, and 2 set in the data [A] 14a 3 is not exceeded (step D8 (No) → D9 (No)), the data [A] 14a is decrypted (step D4) and displayed on the display device 26, for example. And output (step D5).

  Then, it is determined that there is usable time information for which the elapsed time from the information acquisition date and time 14at has not yet been determined for the three levels of usable time information described in the definition information [B] 14b. (Step D6 (Yes)), the elapsed time from the information acquisition date and time 14at to the current date and time is again calculated (Step D7), and the elapsed time is the definition information [B] 14b for preventing leakage (see FIG. 8). It is determined whether or not any of the available times 1, 2, and 3 described in (1) is exceeded (step D8).

  Here, when it is determined that the elapsed time from the information acquisition date and time 14at to the current date and time has exceeded, for example, only the first available time 1 (60 min) of the available times 1, 2, and 3. (Step D8 (Yes) → D10 (Yes) → D8 (No) → D9 (Yes)), the action of the first stage described in association with the available time 1 (60 min) of the first stage In accordance with Information 1 “Warning”, a warning message is displayed that the use of the data unit ([Database A], [Schema B] or [Table C]) described in the target data unit information is prohibited ( Step D11).

  Then, the encryption of the data [A] 14a excluding the data unit currently being used for prohibition of warning processing described in the target data unit information of the definition information [B] 14b is released (step D12), for example, a display device 26 and output (step D5).

  Thereafter, the processing after Step D7 is repeated, and when it is determined that the elapsed time from the information acquisition date and time 14at to the current date and time exceeds the available time 2 (180 min) of the next second stage ( Step D8 (Yes) → D10 (Yes) → D8 (No) → D9 (Yes)), second stage action information 2 described in association with the second stage available time 2 (180 min) In accordance with “Hide”, display of the data unit ([Database A], [Schema B], or [Table C]) described in the target data unit information is prohibited (step D11).

  Then, in the same manner as described above, the encryption of the data [A] 14a excluding the data unit currently being prohibited from being displayed described in the target data unit information of the definition information [B] 14b is released (step D12), for example, displayed. The data is displayed on the device 26 and output (step D5).

  After this, if the processing after step D7 is repeated, and it is determined that the elapsed time from the information acquisition date and time 14at to the current date and time exceeds the available time 3 (24hours) of the next third stage, (Step D8 (Yes) → D10 (No)), the target data unit information according to the third stage action information 3 “erasure” described in association with the third stage available time 3 (180 min). The data unit ([Database A] or [Schema B] or [Table C]) described in (1) is deleted (step D11).

  Then, similarly to the above, the encryption of the data [A] 14a excluding the currently erased data unit described in the target data unit information of the definition information [B] 14b is released (step D12). 26 and output (step D5).

  Then, it is determined that there is no usable time information in the next stage (step D6 (No)), and the leakage prevention process accompanying reading of the data [A] 14a is terminated.

  Therefore, according to the leakage prevention function of external take-out information of the second embodiment having the above-described configuration, there are a plurality of types (n of n) as the leakage prevention definition information [B] 14b associated with the confidential information data [A] 14a. Stage) available time information and different action (leakage prevention action) information when each available time is exceeded, and stepwise leakage prevention treatment is performed, and the target data of the treatment is also data [A ] A data unit in which the DB name “data A” indicating the whole of 14a, the schema name “schema B” therein, or the table name “table C” is described, and is selected according to the data management level. To prevent leakage. For this reason, the confidential information data [A] 14a read from the server device 10 to the terminal device 20 on the network N is stored in the external storage medium (28a), taken out, and read and used by the external terminal device 20 ′. Even if it is going to be done, the data [A] 14a is not usable in accordance with the above-mentioned stepwise usable time in a target data unit corresponding to the data management level, by performing a procedure such as warning of prohibition of use → display prohibition → data deletion. Accordingly, it is possible to more effectively prevent the external storage medium (28a) from leaking information to a malicious third party.

  It should be noted that each processing method by the server device 10 and the terminal device 20 (20 ′) of the server / client system described in each of the above embodiments, that is, the first embodiment by the server device 10 shown in the system configuration of FIG. Leak prevention definition information setting function, data transmission processing to the terminal device 20 by the server device 10 shown in the flowchart of FIG. 4, data acquisition processing from the server device 10 by the terminal device 20 shown in the flowchart of FIG. The external terminal device 20 ′ shown in the flowchart of FIG. 8 reads the externally taken-out data according to the first embodiment, the time adjustment process associated with the externally taken-out data reading process shown in the flowchart of FIG. 10 is a function for setting the definition information for preventing leakage according to the second embodiment. Each method such as reading processing of externally taken-out data of the second embodiment by the external terminal device 20 ′ shown in the chart is a program that can be executed by a computer such as a memory card (ROM card, RAM card, etc.), It can be stored and distributed in an external recording medium (18a) (28a) such as a magnetic disk (floppy disk, hard disk, etc.), optical disk (CD-ROM, DVD, etc.), semiconductor memory or the like. Then, the computers (11) and (21) of the server device 10 and the terminal device 20 (20 ′) read the program stored in the external recording medium into the storage devices (13) and (23), and operate according to the read program. Is controlled, the leakage prevention function of the externally taken-out information by the server device 10 and the terminal device 20 (20 ′) described in the above embodiments can be realized, and the same processing by the above-described method can be executed. .

  In addition, program data for realizing each of the above methods can be transmitted on a communication network (LAN) N in the form of a program code, and a computer device (program server) connected to the communication network (LAN) N ) From the above-described program data via the communication interfaces (19) and (29) and stored in the storage devices (13) and (23). A leakage prevention function can also be realized.

  Note that the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the invention at the stage of implementation. Further, each of the embodiments includes inventions at various stages, and various inventions can be extracted by appropriately combining a plurality of disclosed constituent elements. For example, even if some constituent elements are deleted from all the constituent elements shown in each embodiment or some constituent elements are combined in different forms, the problems described in the column of the problem to be solved by the invention If the effects described in the column “Effects of the Invention” can be obtained, a configuration in which these constituent requirements are deleted or combined can be extracted as an invention.

The block diagram which shows the structure of the server client system which concerns on embodiment of the leakage prevention system of the external taking-out information of this invention. The block diagram which shows the circuit structure of the server apparatus 10 in the said server client system. The block diagram which shows the circuit structure of the terminal device 20 (20 ') in the said server client system. The flowchart which shows the server data transmission process for transmitting the data according to the request | requirement from the terminal device 20 in the server apparatus 10 of the said server client system. The flowchart which shows the terminal data acquisition process for acquiring the designated data from the server apparatus 10 in the terminal apparatus 20 of the said server client system. The flowchart which shows the terminal data reading process for reading and using the data file [A] 24a preserve | saved and taken out by the external storage medium (28a) in the terminal device 20 'outside the said server client system. It is a flowchart which shows the time adjustment process accompanying the terminal data reading process of the said external terminal device 20 ', The figure (A) is a flowchart in the case of using the time server on the communication network N, The figure (B) is the said figure. The flowchart in the case of using the radio timepiece (30) with which terminal device 20 'is provided. The figure which shows the content of the definition information [B] 14b set by matching with the confidential information preserve | saved at the data base 14 of the server apparatus 10 in the leakage prevention system which concerns on 2nd Embodiment of this invention. The terminal data reading process of the second embodiment for reading and using the data file [A] 24a stored and taken out in the external storage medium (28a) in the terminal device 20 ′ outside the server client system. The flowchart shown.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Server apparatus 20, 20 '... Terminal device 11, 21 ... CPU
12, 22 ... Bus 13, 23 ... ROM
14, 24 ... RAM (data base)
14a ... Data [A] (Necessary confidential information)
14a '... Leakage prevention definition information [A]
14b ... Leakage prevention definition information [B]
14at ... Date and time of information acquisition 24a ... File A
15, 25 ... Frame buffer RAM
16, 26 ... Display device 17, 27 ... Key input device 18a, 28a ... External storage device (external storage medium)
18b, 28b ... auxiliary storage device 19, 29 ... communication I / F
30 ... Radio clock circuit N ... Communication network

Claims (12)

Data storage means for storing data;
Definition information setting means for setting and storing definition information describing the available time of the data and measures for preventing leakage in association with the data stored by the data storage means;
Request data transmission means for transmitting data stored in the data storage means together with the definition information associated with the data to the request source terminal apparatus in response to a request from the terminal apparatus connected for communication; ,
A server device comprising: The definition information setting means sets definition information in which the available time of the data and the measures for preventing leakage are described in a plurality of stages in association with the data stored in the data storage means. Remember
The server apparatus according to claim 1. The definition information setting means sets definition information that describes the available time of the data, a measure for preventing leakage, and a data unit for leakage prevention in association with the data stored in the data storage means. Remember,
The server apparatus according to claim 1. Data acquisition means for acquiring the data stored by the server device together with definition information describing the available time of the data associated with the data and a measure for preventing leakage, and the acquisition date and time of the data;
Along with reading of the data acquired by the data acquisition means, an elapsed time calculation means for calculating an elapsed time from the acquisition date and time of the data associated with the data;
An elapsed time judging means for judging whether or not an elapsed time from the acquisition date and time of the data calculated by the elapsed time calculating means exceeds an available time described in the definition information of the data;
When the elapsed time determination means determines that the elapsed time from the date and time of acquisition of the data has exceeded the available time described in the definition information of the data, a measure for preventing leakage described in the definition information Action execution means for executing
A terminal device comprising: A time keeping means for keeping the current time,
Time adjustment means for adjusting the current time measured by the time measurement means to the reference time,
The elapsed time calculation means, with the reading of the data acquired by the data acquisition means, the elapsed time from the acquisition date and time of the data associated with the data to the current time adjusted to the reference time by the time adjustment means Calculate the time,
The terminal device according to claim 4. The time adjustment means includes reference time receiving means for receiving a reference time from a time server connected to the communication, and the reference time receiving means receives the reference time from the time server by the time counting means. Set the current time,
The terminal device according to claim 5. The time adjustment means includes a reference time receiving means for receiving a reference time from a radio timepiece, and a current time measured by the time counting means at a reference time received from the radio timepiece by the reference time receiving means. Set the time,
The terminal device according to claim 5. The definition information is definition information in which data availability time and leakage prevention measures are described in a plurality of stages.
The elapsed time determination means determines stepwise whether or not the elapsed time from the date and time of acquisition of the data calculated by the elapsed time calculation means has exceeded a plurality of available times described in the definition information of the data And
When the elapsed time determining means determines that the elapsed time from the date and time of acquisition of the data has stepped over a plurality of available times described in the definition information of the data, Perform multiple steps to prevent leakage described in information in stages,
The terminal device according to claim 4, wherein the terminal device is a terminal device. The definition information is definition information describing a data availability time, a measure for preventing leakage, and a data unit of a leakage prevention target,
The action execution means is described in the definition information when the elapsed time determination means determines that the elapsed time from the data acquisition date and time exceeds the available time described in the definition information of the data. Execute measures to prevent leakage in units of data subject to leakage prevention.
The terminal device according to claim 4, wherein the terminal device is a terminal device. A system for preventing leakage of external information that consists of a server device and a terminal device,
The server device
Data storage means for storing data;
Definition information setting means for setting and storing definition information describing the available time of the data and measures for preventing leakage in association with the data stored by the data storage means;
Request data transmission means for transmitting data stored in the data storage means together with the definition information associated with the data to the request source terminal apparatus in response to a request from the terminal apparatus connected for communication; With
The terminal device
Data acquisition means for acquiring the data stored by the server device together with definition information describing the available time of the data associated with the data and a measure for preventing leakage, and the acquisition date and time of the data;
Along with reading of the data acquired by the data acquisition means, an elapsed time calculation means for calculating an elapsed time from the acquisition date and time of the data associated with the data;
An elapsed time judging means for judging whether or not an elapsed time from the acquisition date and time of the data calculated by the elapsed time calculating means exceeds an available time described in the definition information of the data;
When the elapsed time determination means determines that the elapsed time from the date and time of acquisition of the data has exceeded the available time described in the definition information of the data, a measure for preventing leakage described in the definition information An action execution means for executing
Leakage prevention system for information taken outside. A server processing program for controlling a computer of a server device,
The computer,
Data storage means for storing data in a memory;
Definition information setting means for setting and storing definition information describing the available time of the data and a measure for preventing leakage in association with the data stored by the data storage means,
In response to a request from a communication-connected terminal device, a request data transmission unit that transmits data stored in the data storage unit together with the definition information associated with the data to the requesting terminal device;
A computer-readable server processing program designed to function as a computer. A terminal processing program for controlling a computer of a terminal device,
The computer,
Data acquisition means for acquiring data stored by the server device together with definition information describing an available time of the data associated with the data and a measure for preventing leakage, and acquisition date and time of the data;
With the reading of the data acquired by the data acquisition means, an elapsed time calculation means for calculating an elapsed time from the acquisition date and time of the data associated with the data,
An elapsed time judging means for judging whether or not an elapsed time from the acquisition date and time of the data calculated by the elapsed time calculating means exceeds an available time described in the definition information of the data;
When the elapsed time determination means determines that the elapsed time from the date and time of acquisition of the data has exceeded the available time described in the definition information of the data, a measure for preventing leakage described in the definition information Treatment execution means for executing
A computer-readable terminal processing program designed to function as a computer.

Images