JP2018159986A - Information management apparatus, information management method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information management apparatus, an information management method and a program capable of identifying an outflow source of information even when an original file is modified, without increasing burden on a system.SOLUTION: An information management apparatus 1 includes: a feature quantity registration unit 2 that registers a feature quantity of each of a plurality of areas obtained by dividing management target information on the basis of a preset rule; an area division unit 3 that divides information inputted from outside into the plurality of areas on the basis of the rule; a feature quantity extraction unit 4 that extracts a feature quantity for each area obtained by division; and a determination unit 5 that compares the extracted feature quantity with the registered feature quantity and determines if the information inputted from the outside matches the management target information.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an information management apparatus and information management method for managing information, particularly personal information, and further relates to a program for realizing these.

  In recent years, leakage of personal information has become a social problem. In particular, in the case of a company that provides goods or services for individuals, a large amount of personal information is held in the file server, and there is a possibility that personal information may be leaked. In addition, since it is impossible to restore personal information once leaked, if personal information leaks, it is necessary to identify the source and take measures such as changing the information It becomes.

  For this reason, for example, Patent Document 1 generates dummy personal information of a non-existent person at regular intervals, and registers the generated dummy personal information in a database, so that the leakage of personal information and the source of the leakage are detected. The technology to identify is disclosed. Patent Document 2 registers the feature amount extracted from the image image of the confidential document, and compares the feature amount of the image image of the confidential document that has flowed out with the registered feature amount. The technology to identify is disclosed.

JP 2006-79233 A JP 2008-42636 A

  However, in the technique disclosed in Patent Document 1, it is necessary to periodically generate dummy information and manage the generated dummy information, which places a burden on the system. Further, in the technique disclosed in Patent Document 2, when modification such as division and column replacement is performed on the original file, the feature amount is not maintained, and it is difficult to specify the outflow source. Become.

  An example of the object of the present invention is to provide an information management apparatus and information that can solve the above-mentioned problems and can identify the outflow source of information even when the original file is modified without increasing the burden on the system. It is to provide a management method and a program.

In order to achieve the above object, an information management device according to one aspect of the present invention provides:
A feature amount registration unit that registers the feature amounts of each of a plurality of areas obtained by dividing information to be managed based on a preset rule;
An area dividing unit that divides information input from the outside into a plurality of areas based on the rules;
A feature amount extraction unit that extracts a feature amount for each region obtained by the division;
A determination unit that compares the extracted feature value with the registered feature value to determine whether information input from the outside matches information to be managed;
It is characterized by having.

In order to achieve the above object, an information management method according to one aspect of the present invention includes:
(A) registering feature quantities of each of a plurality of areas obtained by dividing information to be managed based on a preset rule;
(B) dividing information input from outside into a plurality of regions based on the rules;
(C) extracting a feature amount for each region obtained by the division; and
(D) comparing the extracted feature quantity with the registered feature quantity to determine whether information input from the outside matches information to be managed;
It is characterized by having.

Furthermore, in order to achieve the above object, a program according to one aspect of the present invention is provided.
On the computer,
(A) registering feature quantities of each of a plurality of areas obtained by dividing information to be managed based on a preset rule;
(B) dividing information input from outside into a plurality of regions based on the rules;
(C) extracting a feature amount for each region obtained by the division; and
(D) comparing the extracted feature quantity with the registered feature quantity to determine whether information input from the outside matches information to be managed;
Is executed.

  As described above, according to the present invention, it is possible to specify the source of information leakage even when the original file is altered without increasing the burden on the system.

FIG. 1 is a block diagram schematically showing a configuration of an information management apparatus according to an embodiment of the present invention. FIG. 2 is a block diagram showing a specific configuration of the information management apparatus according to the embodiment of the present invention. FIG. 3 is a diagram showing an example of the division rule used in the embodiment of the present invention. FIG. 4 is a diagram showing an example of information registered in the database used in the embodiment of the present invention. FIG. 5 is a flowchart showing an operation when the information management apparatus according to the embodiment of the present invention extracts personal information to be managed from a file. FIG. 6 is a flowchart showing an operation when the information management apparatus according to the embodiment of the present invention divides personal information to be managed. FIG. 7 is a flowchart showing an operation performed when the information management apparatus according to the embodiment of the present invention extracts a feature amount from a divided area. FIG. 8 is a flowchart showing an operation when the personal information to be determined is extracted from the file leaked by the information management apparatus according to the embodiment of the present invention. FIG. 9 is a flowchart showing an operation when dividing the personal information that is a determination target of the leaked file by the information management apparatus according to the embodiment of the present invention. FIG. 10 is a flowchart showing an operation when the feature quantity is extracted from the area obtained from the file leaked by the information management apparatus according to the embodiment of the present invention. FIG. 11 is a flowchart showing an operation when the information management apparatus according to the embodiment of the present invention executes determination processing based on comparison of feature amounts. FIG. 12 is a block diagram showing a specific configuration of Modification 1 of the information management apparatus according to the embodiment of the present invention. FIG. 13 is a block diagram illustrating an example of a computer that implements the information management apparatus according to the embodiment of the present invention.

(Summary of Invention)
In the present invention, a management device is required, and the management device can detect a file containing personal information with respect to a file on a file server. A file containing personal information can be detected using, for example, the technique disclosed in Japanese Patent No. 5013081.

  The management device detects a file including personal information for the file stored in the file server. The detected personal information includes items such as first name, last name, gender, and prefecture. The management apparatus tags these items with attributes such as a surname attribute, a first name attribute, a gender attribute, and a prefecture attribute.

  Next, the management apparatus divides the personal information held in the file into a plurality of areas by using the attribute and the attribute value of the detected personal information. Specifically, the division is performed, for example, for each attribute or for each specific attribute value. In addition, as the number of divided areas increases, more files can be modified.

  However, since the amount of calculation increases as the number of divided areas increases, the number of divided areas may be increased or decreased according to the importance of the target file. For example, if the keyword “confidential information” is included in the document, it is determined as a more important file, and the area is divided by the attribute and attribute value of the personal information. If the keyword is not included, a method may be considered in which the area is divided only by the attribute.

  Further, after the personal information is divided into a plurality of areas, the attribute value is used for each divided area to extract a feature amount. Examples of the algorithm for extracting the feature amount include an existing algorithm such as a Huffman code algorithm and a mutual information amount algorithm. The feature quantity extracted in this way is retained, and when personal information is leaked, the leaked personal information feature quantity is compared with the retained feature quantity to identify the source of the personal information leak. The

(Embodiment)
Hereinafter, an information management apparatus, an information management method, and a program according to an embodiment of the present invention will be described with reference to FIGS.

[Device configuration]
First, a schematic configuration of the information management apparatus according to the present embodiment will be described with reference to FIG. FIG. 1 is a block diagram schematically showing a configuration of an information management apparatus according to an embodiment of the present invention.

  An information management apparatus 1 shown in FIG. 1 is an apparatus for managing information, particularly personal information. As illustrated in FIG. 1, the information management apparatus 1 includes a feature amount registration unit 2, a region division unit 3, a feature amount extraction unit 4, and a determination unit 5.

  The feature amount registration unit 2 registers the feature amounts of each of the plurality of areas obtained by dividing the information to be managed based on a preset rule. The area dividing unit 3 divides information input from the outside into a plurality of areas based on rules. The feature amount extraction unit 4 extracts a feature amount for each region obtained by the division. The determination unit 5 compares the feature amount extracted by the feature amount extraction unit 4 with the registered feature amount, and whether or not the information input from the outside matches the information to be managed. Determine.

  Thus, in this embodiment, it is not necessary to create and manage dummy information for information to be managed. Further, the feature amount of the divided area of the information to be managed is not changed even when the original file is modified. For this reason, according to the present embodiment, it is possible to specify an information outflow source even when the original file is altered without increasing the burden on the system.

  Next, the configuration of the information management apparatus according to the present embodiment will be described more specifically with reference to FIGS. FIG. 2 is a block diagram showing a specific configuration of the information management apparatus according to the embodiment of the present invention.

  First, in the present embodiment, it is assumed that information to be managed is personal information. As shown in FIG. 2, in the present embodiment, the information management device 1 is connected to a terminal device 20 and a file server 30 that are used by an administrator via a network 10.

  The file server 30 stores a file including personal information to be managed. The terminal device 20 inputs the leaked file to the information management device 1 in accordance with the administrator's instruction. Further, when the determination is made by the information management apparatus 1, the terminal device 20 acquires the determination result and displays the acquired determination result on the display screen.

  As shown in FIG. 2, in the present embodiment, the information management apparatus 1 acquires a file acquisition in addition to the above-described feature amount registration unit 2, region division unit 3, feature amount extraction unit 4, and determination unit 5. A unit 6 and a personal information detection unit 7 are provided.

  The file acquisition unit 6 accesses the file server 30 in accordance with an instruction from the administrator via the terminal device 20, and acquires the specified file. The personal information detection unit 7 detects personal information from the acquired file.

  In this embodiment, the feature amount registration unit 2 registers the feature amounts of each of a plurality of areas obtained by dividing personal information to be managed in the database 9. In the present embodiment, the feature quantity registered by the feature quantity registration unit 2 is created by the area dividing unit 3 and the feature quantity extraction unit 4. That is, in the present embodiment, the area dividing unit 3 divides personal information to be managed, and the feature amount extracting unit 4 extracts a feature amount for each region of personal information obtained by the division. The feature amount registration unit 2 registers the feature amount extracted from the divided area of personal information. In the present embodiment, the feature quantity registered by the feature quantity registration unit 2 may be a feature quantity created by an external device.

  The area dividing unit 3 divides personal information into a plurality of areas using a division rule 8 created in advance. In the present embodiment, the division rule 8 is at least one of a rule for dividing information based on a specific attribute constituting personal information and a rule for dividing information based on a specific attribute value included in the personal information. Contains one. Further, in the present embodiment, the rule used for obtaining the feature quantity registered in the feature quantity registration unit 2 and the rule used by the area dividing unit 3 are the same rule.

  FIG. 3 is a diagram showing an example of the division rule used in the embodiment of the present invention. In the example of FIG. 3, the division rules include (1) a rule for dividing by attribute (last name), (2) a rule for dividing by attribute (first name), and (3) a rule for dividing by attribute values of attributes (prefectures). It has been adopted. Then, according to the division rule (1), an area composed of information whose attribute is a surname is generated. By the division rule (2), an area composed of information whose attribute is a name is generated. Further, the division rule (3) generates an area composed of rows in which the prefecture is Kanagawa and an area composed of rows in which the prefecture is Tokyo.

  In the present embodiment, for example, the feature amount extraction unit 4 extracts a feature amount by extracting a character string representing the region using a Huffman code algorithm for each region obtained by the division. In the present embodiment, the feature quantity extraction unit 4 can use an algorithm other than the Huffman code algorithm, for example, an algorithm that extracts a feature quantity such as a mutual information quantity. A specific example of processing by the feature amount extraction unit 4 will be described later with reference to FIG.

  Further, the feature quantity extraction unit 4 registers the extracted feature quantity in the database 9 as shown in FIG. FIG. 4 is a diagram showing an example of information registered in the database used in the embodiment of the present invention. As shown in FIG. 4, the database 9 stores a personal information file table and a personal information feature table.

  The personal information file table is a table storing a file path where personal information is detected. The personal information feature table stores a character string serving as a feature amount for each attribute and attribute value of a file including personal information. The personal information file table is stored by the personal information detector 7 as will be described later.

[Device operation]
Next, operation | movement of the information management apparatus 1 in embodiment of this invention is demonstrated using FIGS. In the present embodiment, the information management method is implemented by operating the information management apparatus 1. Therefore, the description of the information management method in the present embodiment is replaced with the following description of the operation of the information management apparatus 1.

  First, the information management apparatus 1 mainly extracts the feature amount of personal information to be managed and registers it, and the feature amount extracted from the leaked file and the registered feature amount. A process for determining the outflow source is performed. In the following, a feature amount extraction process for personal information to be managed will be described with reference to FIGS. In addition, the outflow source determination processing will be described with reference to FIGS.

Feature amount registration processing In order to register the feature amount of personal information to be managed, extraction processing of personal information from a file stored in the file server 30 (FIG. 5), personal information division processing (FIG. 6), division The feature amount extraction processing (FIG. 7) from the region thus performed is executed. Hereinafter, each process will be described in order.

  FIG. 5 is a flowchart showing an operation when the information management apparatus according to the embodiment of the present invention extracts personal information to be managed from a file.

  As shown in FIG. 5, first, the file acquisition unit 6 accesses the file server 30 to acquire a file (step A1). Next, the file acquisition unit 6 passes the acquired file to the personal information detection unit 7 (step A2).

  Next, the personal information detection unit 7 confirms whether the file acquired in step A1 includes personal information such as name, address, email address, telephone number, gender, credit card number, etc. If information is included, personal information is detected (step A3). The personal information can be detected using the existing technology disclosed in the above-mentioned Japanese Patent No. 5013081.

  Thereafter, the personal information detection unit 7 assigns a document ID to the detected personal information, and the detected file path and the assigned document ID are stored in the personal information file table stored in the database 9. Register (step A4).

  FIG. 6 is a flowchart showing an operation when the information management apparatus according to the embodiment of the present invention divides personal information to be managed.

  As shown in FIG. 6, first, the area dividing unit 3 acquires the personal information detected by the personal information detecting unit 7 (step B1).

  Next, the area dividing unit 3 creates a table using the personal information acquired in Step B1 (Step B2). Specifically, the area dividing unit 3 creates a table so that each row (record) arranged vertically corresponds to one piece of personal information, and each attribute value of the personal information is arranged horizontally in each row. In addition, the attributes that make up the columns of the table include last name (name), first name (name), prefecture (address), city (address), ward (address), town (address), mail address, gender, etc. Can be mentioned.

  Next, the area dividing unit 3 acquires the division rule 8 (step B3). In the example of FIG. 6, the obtained division rule is a rule for dividing by attribute (first name (full name)), a rule for dividing by attribute (first name (full name)), a rule for dividing by attribute (town (address)), and attribute These are a rule that divides by the attribute value of (prefecture (address)), a rule that divides by the attribute value of attribute (gender), and a rule that divides by the attribute value of attribute (mail address).

  Next, the area dividing unit 3 performs the division by executing steps B5 to B7 for each attribute such as a surname (name), first name (name), and town (address) in accordance with the rule for dividing by attribute (step). B4).

  In step B5, the area dividing unit 3 determines whether or not there are a predetermined number or more (for example, 100 or more) of attribute values to be processed.

  As a result of the determination in step B5, if there are no more than a certain number of values, the processing for the attribute that is the processing target is terminated, and the processing for the next attribute is started.

  On the other hand, as a result of the determination in step B5, if there are more than a certain number of values, the area dividing unit 3 divides the table so that the entire attribute to be processed becomes one area (step) B6). Subsequently, the area dividing unit 3 adds the attribute that is the key for the division to the area generated by the division (step B7).

  Next, the area dividing unit 3 performs steps B9 to B16 for each attribute such as prefecture (address), sex, and mail address in accordance with the rule for dividing by attribute value (step B8).

  In step B9, the area dividing unit 3 determines whether or not a value exists in the attribute to be processed.

  If the value does not exist as a result of the determination in step B9, the area dividing unit 3 selects the next attribute and executes step B9 again.

  On the other hand, if the value is present as a result of the determination in step B9, the area dividing unit 3 determines whether the attribute to be processed is a mail address (step B10).

  As a result of the determination in step B10, if the attribute is a mail address, first, the right part of the at sign included in the mail address is taken out as a domain name, and the domain name is grouped for each domain name using the attribute value. The obtained personal information is set as a region (step B11).

  On the other hand, if the attribute is not an e-mail address as a result of the determination in step B10, the area dividing unit 3 groups the personal information for each attribute value and generates an area (step B12).

  Next, when step B11 or B12 is executed, the area dividing unit 3 executes steps B14 to B16 for each attribute of the surname (name), first name (name), and town (address) for the generated group. (Step B13).

  In step B14, the area dividing unit 3 determines whether or not there are a certain number or more (for example, 100 or more) of attribute values to be processed in the group.

  As a result of the determination in step B14, if there are not more than a certain number of values, the area dividing unit 3 selects the next attribute and executes step B14 again.

  On the other hand, as a result of the determination in step B14, if there are more than a certain number of values, the area dividing unit 3 divides the entire processing target attribute into one area in the grouped personal information. (Step B15).

  Subsequently, the area dividing unit 3 adds the attribute which is a key in the grouping and the attribute value to the area generated by the division (step B16).

  Thereafter, the region dividing unit 3 passes the region generated by the division to the feature amount extracting unit 4 (step B17).

  FIG. 7 is a flowchart showing an operation performed when the information management apparatus according to the embodiment of the present invention extracts a feature amount from a divided area. In the example of FIG. 7, the feature amount is extracted as a character string using the Huffman code algorithm.

  As illustrated in FIG. 7, the feature amount extraction unit 4 performs steps C2 to C6 to extract feature amounts for each region generated by the division (step C1).

  In step C2, the feature quantity extraction unit 4 calculates the appearance frequency of the attribute value in the processing target area.

  Next, the feature quantity extraction unit 4 generates a Huffman tree using the Huffman code algorithm based on the appearance frequency calculated in Step C2, and encodes each attribute value with a binary number. (Step C3).

  Next, the feature quantity extraction unit 4 determines whether or not “shortest code length / longest code length” is equal to or less than a certain value (for example, 0.2 or less) as a result of encoding (step C4). .

  As a result of the determination in step C4, when “the shortest code length / the longest code length” is not equal to or smaller than a predetermined value, the feature amount extraction unit 4 selects the next region and executes step C2 again.

  On the other hand, as a result of the determination in step C4, if “the shortest code length / the longest code length” is equal to or smaller than a certain value, the feature amount extraction unit 4 determines that a characteristic character string exists. . Then, the feature amount extraction unit 4 determines whether there is a character string having “code length / longest code length” equal to or greater than a certain value (for example, 0.8 or more) (step C5).

  As a result of the determination in step C5, if there is no character string whose “code length / longest code length” is equal to or greater than a certain value, the feature amount extraction unit 4 selects the next region, Step C2 is executed again.

  On the other hand, if there is a character string having “code length / longest code length” equal to or greater than a certain value as a result of the determination in step C5, the feature amount extraction unit 4 characterizes the corresponding character string. Is determined to be a typical character string (step C6).

  Next, the feature amount extraction unit 4 stores the document ID, attribute, attribute value, and feature amount (character string determined in step C6) in the personal information feature table in the database 9 (step C7).

  In step C7, the values stored in the table at the time of division into areas are used as attributes and attribute values in the personal information feature table. If there is no attribute value in the original table, the attribute value in the corresponding column of the personal information feature table is empty. Furthermore, the feature quantity extraction unit 4 stores the feature quantity so that one character string extracted as the feature quantity becomes one record in the personal information feature table (see FIG. 4).

Outflow source determination processing In order to determine the outflow source of a file, personal information extraction processing from the outflowed file (FIG. 8), personal information division processing (FIG. 9), feature amount extraction processing from the divided area ( FIG. 10) and determination processing (FIG. 11) based on comparison of feature amounts are executed. Hereinafter, each process will be described in order.

  FIG. 8 is a flowchart showing an operation when the personal information to be determined is extracted from the file leaked by the information management apparatus according to the embodiment of the present invention.

  First, the administrator sends a file that has flowed out via the terminal device 20 to the information management device 1. Thereby, as shown in FIG. 8, the file acquisition part 6 acquires the transmitted file (step D1).

  Next, the file acquisition unit 6 passes the acquired file to the personal information detection unit 7 (step D2).

  Next, the personal information detection unit 7 confirms whether the file acquired in step D1 includes personal information such as name, address, email address, telephone number, gender, credit card number, etc. If information is included, personal information is detected (step D3). Step D3 is performed in the same manner as step A3 shown in FIG.

  Thereafter, the personal information detection unit 7 passes the personal information detected in step D3 to the region dividing unit 3 (step D4).

  FIG. 9 is a flowchart showing an operation when dividing the personal information that is a determination target of the leaked file by the information management apparatus according to the embodiment of the present invention. In addition, each step shown in FIG. 9 is performed according to each step shown in FIG.

  As shown in FIG. 9, first, the area dividing unit 3 acquires the personal information detected by the personal information detecting unit 7 from the outflowed file (step E1).

  Next, the area dividing unit 3 creates a table using the personal information of the leaked file (step E2). Also in step E2, similarly to step B2 shown in FIG. 6, the area dividing unit 3 corresponds to each row (record) arranged vertically corresponds to one piece of personal information, and each attribute of the personal information is horizontally displayed in each row. Create a table so that the values are aligned. In addition, the attributes that make up the columns of the table include last name (first name), first name (name), prefecture (address), city (address), ward (address), town (address), mail address, gender, etc. Can be mentioned.

  Next, the area dividing unit 3 acquires the division rule 8 (step B3). In the example of FIG. 6, the obtained division rule is a rule that divides by attribute (first name (first name)), a rule that divides by attribute (first name (first name)), a rule that divides by attribute (town (address)), and an attribute These are a rule that divides by the attribute value of (prefecture (address)), a rule that divides by the attribute value of attribute (gender), and a rule that divides by the attribute value of attribute (mail address).

  Next, the area dividing unit 3 performs the division by executing steps E5 to E7 for each attribute such as a surname (name), first name (name), and town (address) in accordance with the rule for dividing by attribute (step S5). E4).

  In Step E5, the area dividing unit 3 determines whether or not there are a certain number or more (for example, 100 or more) of attribute values to be processed.

  As a result of the determination in step E5, if there are no more than a certain number of values, the processing for the attribute that is the processing target is terminated, and the processing for the next attribute is started.

  On the other hand, as a result of the determination in step E5, if there are more than a certain number of values, the area dividing unit 3 divides the table so that the entire attribute to be processed becomes one area (step E6). Subsequently, the area dividing unit 3 adds the attribute that is the key for the division to the area generated by the division (step E7).

  Next, the area dividing unit 3 performs steps E9 to E16 for each attribute such as prefecture (address), sex, and mail address in accordance with the rule for dividing by attribute value (step E8).

  In step E9, the area dividing unit 3 determines whether or not a value exists in the attribute to be processed.

  If the value does not exist as a result of the determination in step E9, the area dividing unit 3 selects the next attribute and executes step E9 again.

  On the other hand, if the value is present as a result of the determination in step E9, the area dividing unit 3 determines whether the attribute to be processed is a mail address (step E10).

  As a result of the determination in step E10, if the attribute is a mail address, first, the right part of the at sign included in the mail address is taken out as a domain name, and the domain name is grouped by domain name as an attribute value. The obtained personal information is set as an area (step E11).

  On the other hand, if the attribute is not a mail address as a result of the determination in step E10, the area dividing unit 3 groups the personal information for each attribute value and generates an area (step E12).

  Next, when step E11 or E12 is executed, the area dividing unit 3 executes steps E14 to E16 for each attribute of the surname (name), first name (name), and town (address) for the generated group. (Step E13).

  In step E14, the area dividing unit 3 determines whether or not there are a certain number or more (for example, 100 or more) of attribute values to be processed in the group.

  As a result of the determination in step E14, if there are not more than a certain number of values, the area dividing unit 3 selects the next attribute and executes step E14 again.

  On the other hand, as a result of the determination in step E14, if there are more than a certain number of values, the area dividing unit 3 divides the entire attribute to be processed into one area in the grouped personal information. (Step E15).

  Subsequently, the area dividing unit 3 adds the attribute which is a key in the grouping and the attribute value to the area generated by the division (step E16).

  Thereafter, the region dividing unit 3 passes the region generated by the division to the feature amount extracting unit 4 (step E17).

  FIG. 10 is a flowchart showing an operation when the feature quantity is extracted from the area obtained from the file leaked by the information management apparatus according to the embodiment of the present invention. In addition, each step shown in FIG. 10 is performed according to each step shown in FIG. Also in the example of FIG. 10, the feature amount is extracted as a character string using the Huffman code algorithm.

  As shown in FIG. 10, the feature quantity extraction unit 4 performs steps F2 to F6 to extract feature quantities for each region generated from the outflowed file (step F1).

  In step F2, the feature quantity extraction unit 4 calculates the appearance frequency of the attribute value in the processing target area.

  Next, the feature quantity extraction unit 4 generates a Huffman tree using the Huffman code algorithm based on the appearance frequency calculated in Step F2, and encodes each attribute value with a binary number. (Step F3).

  Next, the feature amount extraction unit 4 determines whether or not “shortest code length / longest code length” is equal to or less than a certain value (for example, 0.2 or less) as a result of encoding (step F4). .

  If the result of determination in step F4 is that “shortest code length / longest code length” is not equal to or less than a certain value, the feature quantity extraction unit 4 selects the next region and executes step F2 again.

  On the other hand, as a result of the determination in step F4, when “the shortest code length / the longest code length” is equal to or smaller than a certain value, the feature amount extraction unit 4 determines that a characteristic character string exists. . Then, the feature amount extraction unit 4 determines whether there is a character string having “code length / longest code length” equal to or greater than a certain value (for example, 0.8 or more) (step F5).

  As a result of the determination in step F5, when there is no character string whose “code length / longest code length” is equal to or greater than a certain value, the feature amount extraction unit 4 selects the next region, Step F2 is executed again.

  On the other hand, if there is a character string having “code length / longest code length” equal to or greater than a certain value as a result of the determination in step F5, the feature amount extraction unit 4 characterizes the corresponding character string. Is determined to be a typical character string (step F6). Further, after the end of step F6, the feature amount extraction unit 4 passes the extracted feature amount for each region to the determination unit 5.

  FIG. 11 is a flowchart showing an operation when the information management apparatus according to the embodiment of the present invention executes determination processing based on comparison of feature amounts.

  As illustrated in FIG. 11, the determination unit 5 performs steps G <b> 2 to G <b> 10 for each region using the feature amount for each region (region obtained from the outflowed file) received from the feature amount extraction unit 4. (Step G1).

  In step G2, the determination unit 5 determines whether or not an attribute having an empty attribute value exists in the region to be processed (step G2).

  If there is an attribute with an empty attribute value in the region to be processed as a result of the determination in step G2, the determination unit 5 searches the personal information feature table using an attribute with an empty attribute value as a search condition. Then, a record having an empty attribute value is specified (step G3).

  On the other hand, as a result of the determination in step G2, if there is no attribute with an empty attribute value in the region to be processed, the determination unit 5 uses the attribute and the attribute value in the region to be processed as a search condition. The personal information feature table is searched (step G4).

  Next, when step G3 or G4 is executed, the determination unit 5 separates the records extracted by the search for each document ID (step G5). Subsequently, the determination unit 5 extracts a feature amount (character string) from the record for each document ID (step G6).

  Next, the determination unit 5 compares the feature amount (character string) extracted in step G6 with the feature amount for each region received from the feature amount extraction unit 4 for each document ID, and the document whose feature amount matches. It is determined whether or not an ID exists (step G7).

  As a result of the determination in step G7, when there is no document ID having the same feature value, the determination unit 5 selects the next area and executes step G2 again. On the other hand, as a result of the determination in step G7, if there is a document ID having a matching feature amount, the determination unit 5 sets the document ID as a source of the outflow source (step G8). By step G8, the document ID that is a candidate of the outflow source can be specified for each divided area.

  Next, the determination unit 5 searches the personal information file table (see FIG. 4), specifies a file of a document having the specified document ID, and sets the specified file as an outflow source candidate (step G9). . Next, the determination unit 5 calculates the number of candidates for each document ID (step G10).

  When Steps G2 to G10 for each region are completed, the determination unit 5 adds the number of times of each document ID calculated for each region, and calculates the total number of times for each document ID (Step G11). Multiple document IDs can be candidates for each divided area, and the document IDs that can be candidates for each divided area may be different. Judgment is high. Therefore, in step G11, the total value is calculated.

  Next, the determination unit 5 determines that the document ID having the highest total value is the outflow source document, and outputs the determination result (step G12). Specifically, the determination result is transmitted to the administrator's terminal device 20 via the network 10. In addition, when the information management apparatus 1 includes a display device, the determination result may be output to the display device.

[Effects of the embodiment]
In the present embodiment as described above, the feature amount of the area obtained by dividing the personal information using the attribute and the attribute value is compared with the feature amount of the similarly divided area of the outflowed file. , The source file is identified. For this reason, even if a file is leaked in a state where division or order change has been performed, it is possible to identify the source file.

  Further, in this embodiment, as described above, the outflow source file is specified using the feature amount of the divided area as a clue, so it is difficult to embed a digital watermark such as a text file in this embodiment. Even if a large file is leaked, it can be handled.

[Modification 1]
Hereinafter, Modification Example 1 of the present embodiment will be described. In the first modification, the number of divisions by the area dividing unit 3 is set according to the importance of information (personal information) to be managed. FIG. 12 is a block diagram showing a specific configuration of Modification 1 of the information management apparatus according to the embodiment of the present invention.

  As shown in FIG. 12, in the first modification, the information management apparatus 1 further includes an importance degree calculation unit 11. When the personal information is detected by the personal information detecting unit 7, the importance calculating unit 11 calculates the importance of the detected personal information and uses it for the division by the region dividing unit 3 according to the calculated importance. Increase or decrease the number of division rules 8 to be created. For example, the importance calculation unit 11 can improve the accuracy of identifying the outflow source by increasing the number of division rules 8 used by the region division unit 3 as the importance is higher.

  Specifically, for example, the importance level calculation unit 11 sets a keyword (specific person name, specific address, etc.) and an appearance frequency of the keyword for each level of importance level, In accordance with the appearance frequency, importance is set for personal information to be managed. Further, each of the division rules 8 may be set with a rule that is applied according to the importance. In this case, the region dividing unit 3 uses the division rule 8 that is applied to the set importance. To execute splitting.

[Modification 2]
Subsequently, Modification 2 of the present embodiment will be described. In the above-described embodiment, when personal information is grouped using attribute values, records having the same attribute value such as prefecture, sex, and mail address are grouped. On the other hand, in the second modification, not the records having the same attribute value but, for example, the results of sorting the last names in the dictionary order are grouped. Even in this case, the spill source can be identified.

[program]
The programs in the present embodiment are stored in the computer in steps A1 to A4 shown in FIG. 5, steps B1 to B17 shown in FIG. 6, steps C1 to C7 shown in FIG. 7, steps D1 to D4 shown in FIG. Any program that executes steps E1 to E17, steps F1 to F6 shown in FIG. 10, and steps G1 to G12 shown in FIG.

  Moreover, the information management apparatus 1 and the information management method in the present embodiment can be realized by installing and executing the program in the present embodiment on a computer. In this case, a CPU (Central Processing Unit) of the computer functions as a feature amount registration unit 2, a region division unit 3, a feature amount extraction unit 4, a determination unit 5, a file acquisition unit 6, and a personal information detection unit 7, and performs processing. Do.

  The program in the present embodiment may be executed by a computer system constructed by a plurality of computers. In this case, for example, each computer functions as any one of the feature amount registration unit 2, the region division unit 3, the feature amount extraction unit 4, the determination unit 5, the file acquisition unit 6, and the personal information detection unit 7, respectively. Also good.

  Here, a computer that realizes the information management apparatus 1 by executing the program according to the embodiment will be described with reference to FIG. FIG. 13 is a block diagram illustrating an example of a computer that implements the information management apparatus according to the embodiment of the present invention.

  As shown in FIG. 13, the computer 110 includes a CPU 111, a main memory 112, a storage device 113, an input interface 114, a display controller 115, a data reader / writer 116, and a communication interface 117. These units are connected to each other via a bus 121 so that data communication is possible.

  The CPU 111 performs various calculations by developing the program (code) in the present embodiment stored in the storage device 113 in the main memory 112 and executing them in a predetermined order. The main memory 112 is typically a volatile storage device such as a DRAM (Dynamic Random Access Memory). Further, the program in the present embodiment is provided in a state of being stored in a computer-readable recording medium 120. Note that the program in the present embodiment may be distributed on the Internet connected via the communication interface 117.

  Specific examples of the storage device 113 include a hard disk drive and a semiconductor storage device such as a flash memory. The input interface 114 mediates data transmission between the CPU 111 and an input device 118 such as a keyboard and a mouse. The display controller 115 is connected to the display device 119 and controls display on the display device 119.

  The data reader / writer 116 mediates data transmission between the CPU 111 and the recording medium 120, and reads a program from the recording medium 120 and writes a processing result in the computer 110 to the recording medium 120. The communication interface 117 mediates data transmission between the CPU 111 and another computer.

  Specific examples of the recording medium 120 include general-purpose semiconductor storage devices such as CF (Compact Flash (registered trademark)) and SD (Secure Digital), magnetic recording media such as a flexible disk, or CD- An optical recording medium such as ROM (Compact Disk Read Only Memory) can be used.

  Note that the information management apparatus 1 according to the present embodiment can be realized not by using a computer in which a program is installed but also by using hardware corresponding to each unit. Furthermore, part of the information management apparatus 1 may be realized by a program, and the remaining part may be realized by hardware.

  Part or all of the above-described embodiment can be expressed by (Appendix 1) to (Appendix 15) described below, but is not limited to the following description.

(Appendix 1)
A feature amount registration unit that registers the feature amounts of each of a plurality of areas obtained by dividing information to be managed based on a preset rule;
An area dividing unit that divides information input from the outside into a plurality of areas based on the rules;
A feature amount extraction unit that extracts a feature amount for each region obtained by the division;
A determination unit that compares the extracted feature value with the registered feature value to determine whether information input from the outside matches information to be managed;
An information management device comprising:

(Appendix 2)
The rule includes at least one of a rule for dividing information based on a specific attribute constituting information and a rule for dividing information based on a specific attribute value included in the information,
The rule used to obtain the feature amount registered in the feature amount registration unit and the rule used by the region division unit are the same rule.
The information management device according to attachment 1.

(Appendix 3)
The area dividing unit divides the information to be managed,
The feature amount extraction unit extracts a feature amount for each area obtained by dividing the information to be managed,
The feature amount registration unit registers the feature amount extracted from the region obtained by dividing the information to be managed by the feature amount extraction unit;
The information management device according to appendix 1 or 2.

(Appendix 4)
Further comprising an importance calculator that calculates the importance of the information to be managed, and increases or decreases the number of rules used for division by the region divider according to the calculated importance;
The information management device according to attachment 3.

(Appendix 5)
Information to be managed is personal information,
The information management device according to any one of appendices 1 to 4.

(Appendix 6)
(A) registering feature quantities of each of a plurality of areas obtained by dividing information to be managed based on a preset rule;
(B) dividing information input from outside into a plurality of regions based on the rules;
(C) extracting a feature amount for each region obtained by the division; and
(D) comparing the extracted feature quantity with the registered feature quantity to determine whether information input from the outside matches information to be managed;
An information management method characterized by comprising:

(Appendix 7)
The rule includes at least one of a rule for dividing information based on a specific attribute constituting information and a rule for dividing information based on a specific attribute value included in the information,
The rule used for obtaining the feature value registered in the step (a) and the rule used in the step (b) are the same rule.
The information management method according to attachment 6.

(Appendix 8)
(E) dividing the information to be managed into a plurality of areas based on the rules;
And (f) extracting a feature amount for each area obtained by dividing the information to be managed, and
In the step (a), the feature amount extracted in the step (f) is registered.
The information management method according to appendix 6 or 7.

(Appendix 9)
(G) Calculate the importance of the information to be managed, and increase or decrease the number of rules used for the division by the step (b) and the step (e) according to the calculated importance. Further comprising a step,
The information management method according to attachment 8.

(Appendix 10)
Information to be managed is personal information,
The information management method according to any one of appendices 6 to 9.

(Appendix 11)
On the computer,
(A) registering feature quantities of each of a plurality of areas obtained by dividing information to be managed based on a preset rule;
(B) dividing information input from outside into a plurality of regions based on the rules;
(C) extracting a feature amount for each region obtained by the division; and
(D) comparing the extracted feature quantity with the registered feature quantity to determine whether information input from the outside matches information to be managed;
A program that executes

(Appendix 12)
The rule includes at least one of a rule for dividing information based on a specific attribute constituting information and a rule for dividing information based on a specific attribute value included in the information,
The rule used for obtaining the feature value registered in the step (a) and the rule used in the step (b) are the same rule.
The program according to appendix 11.

(Appendix 13)
In the computer,
(E) dividing the information to be managed into a plurality of areas based on the rules;
(F) further executing a step of extracting a feature amount for each area obtained by dividing the information to be managed,
In the step (a), the feature amount extracted in the step (f) is registered.
The program according to appendix 11 or 12.

(Appendix 14)
In the computer,
(G) Calculate the importance of the information to be managed, and increase or decrease the number of rules used for the division by the step (b) and the step (e) according to the calculated importance. Let the step run further,
The program according to attachment 13.

(Appendix 15)
Information to be managed is personal information,
The program according to any one of appendices 11 to 14.

  As described above, according to the present invention, it is possible to specify the source of information leakage even when the original file is altered without increasing the burden on the system. In the present invention, when a file server is used in a company where a file containing personal information is placed (or misplaced) on the file server, the file containing personal information is leaked. Can be used to efficiently identify the source file.

DESCRIPTION OF SYMBOLS 1 Information management measure 2 Feature quantity registration part 3 Area division part 4 Feature quantity extraction part 5 Judgment part 6 File acquisition part 7 Personal information detection part 8 Division rule 9 Database 10 Network 11 Importance calculation part 20 Terminal apparatus 30 File server 110 Computer 111 CPU
112 Main Memory 113 Storage Device 114 Input Interface 115 Display Controller 116 Data Reader / Writer 117 Communication Interface 118 Input Device 119 Display Device 120 Recording Medium 121 Bus

Claims (7)

A feature amount registration unit that registers the feature amounts of each of a plurality of areas obtained by dividing information to be managed based on a preset rule;
An area dividing unit that divides information input from the outside into a plurality of areas based on the rules;
A feature amount extraction unit that extracts a feature amount for each region obtained by the division;
A determination unit that compares the extracted feature value with the registered feature value to determine whether information input from the outside matches information to be managed;
An information management device comprising: The rule includes at least one of a rule for dividing information based on a specific attribute constituting information and a rule for dividing information based on a specific attribute value included in the information,
The rule used to obtain the feature amount registered in the feature amount registration unit and the rule used by the region division unit are the same rule.
The information management apparatus according to claim 1. The area dividing unit divides the information to be managed,
The feature amount extraction unit extracts a feature amount for each area obtained by dividing the information to be managed,
The feature amount registration unit registers the feature amount extracted from the region obtained by dividing the information to be managed by the feature amount extraction unit;
The information management apparatus according to claim 1 or 2. Further comprising an importance calculator that calculates the importance of the information to be managed, and increases or decreases the number of rules used for division by the region divider according to the calculated importance;
The information management apparatus according to claim 3. Information to be managed is personal information,
The information management apparatus in any one of Claims 1-4. (A) registering feature quantities of each of a plurality of areas obtained by dividing information to be managed based on a preset rule;
(B) dividing information input from outside into a plurality of regions based on the rules;
(C) extracting a feature amount for each region obtained by the division; and
(D) comparing the extracted feature quantity with the registered feature quantity to determine whether information input from the outside matches information to be managed;
An information management method characterized by comprising: On the computer,
(A) registering feature quantities of each of a plurality of areas obtained by dividing information to be managed based on a preset rule;
(B) dividing information input from outside into a plurality of regions based on the rules;
(C) extracting a feature amount for each region obtained by the division; and
(D) comparing the extracted feature quantity with the registered feature quantity to determine whether information input from the outside matches information to be managed;
A program that executes

Images