JP4964203B2 - File access management system - Google Patents

Description

  The present invention relates to a file access management system for managing access to electronic files accessed by a plurality of client terminals.

  Conventionally, exchange of electronic files (hereinafter referred to simply as “files”) using the Internet has been performed. For example, a method of exchanging files via a file server, or attaching a file to an email There are ways to replace them. Among files exchanged using the Internet, there are files containing important information that cannot be leaked to the outside, such as confidential information and personal information, and information to the outside by exchanging these files It is important to prevent leakage. Therefore, a method for preventing leakage of information to the outside due to file exchange using the Internet has been proposed (for example, Patent Document 1).

In Patent Document 1, a file attached to an e-mail is encrypted using an encryption key managed by the server, and a person who receives an e-mail attached with an encrypted file is authorized by the server. A system is disclosed that can receive a decryption key from a server and decrypt an encrypted file only when it is determined to be a valid transmission destination.
JP 2006-344000 A

  In the system of Patent Document 1, by encrypting a file that is attached to an e-mail and transmitted / received, it is possible to prevent the file from being intercepted by an external third party and leaking information to the outside. Further, since only legitimate recipients can decrypt, file information can be prevented from leaking to the outside even when an e-mail is transmitted / received to / from a party other than legitimate recipients.

  In other words, the system described in Patent Document 1 can prevent leakage to the outside due to a file attached to an e-mail when sending and receiving e-mail. However, when the file attached to the e-mail is decrypted and stored in the recipient's terminal, the management of the decrypted file is left to the recipient. Therefore, there is a problem that after the transmission / reception of the electronic mail, the sender cannot manage the file, and the file information may be leaked to the outside against the sender's will.

  There is a similar problem not only when exchanging files by attaching them to an e-mail, but also when exchanging files via a file server, and it is possible to prevent information leakage to the outside due to exchanging files. However, after the file is exchanged, that is, after the file is stored in the file recipient's terminal, the file distributor cannot manage the file, and there is a problem that the file information may be leaked to the outside. .

  In view of the above problems, the present invention enables file distributors to manage files exchanged using the Internet, thereby preventing file information from leaking outside after being stored in the file recipient's terminal. The purpose is to provide a system.

(1) A plurality of client terminals, a file management server that manages a plurality of electronic files shared by the plurality of client terminals, and an access management server that manages access right information of each of the plurality of electronic files. A file access management system connected via
The file management server comprises file storage means for storing the plurality of electronic files transmitted from each of the plurality of client terminals;
The access management server comprises access right information storage means for storing access right information for each of the plurality of electronic files stored in the file storage means;
Of the plurality of client terminals, a file receiving terminal that is a client terminal that receives at least one of the plurality of electronic files stored in the file management server,
Among the plurality of electronic files stored in the file storage means, position information acquisition means for acquiring position information in the file storage means of the electronic file for which the user of the file receiving terminal has made an acquisition instruction;
Access right information acquisition means for acquiring access right information for the electronic file from the access right information storage means based on the position information;
Determining means for determining whether or not the user of the file receiving terminal can acquire the electronic file based on the attribute of the user of the file receiving terminal and the access right information;
When the determination unit determines that the user of the file receiving terminal can acquire the electronic file, the file acquisition unit acquires the electronic file from the file storage unit;
A combined file creating means for creating a combined file by combining the electronic file acquired by the file acquiring means, access right information for the electronic file, and the position information of the electronic file;
Combined file storage means for storing the combined file;
A file access management system comprising:

  According to the configuration of (1), it is determined whether or not the user of the file receiving terminal can acquire the file based on the access right information for the file stored in the file storage means and the user attribute of the user of the file receiving terminal. By doing so, only a user having a valid authority can acquire a file from the file storage means. In addition, the electronic file acquired from the file storage means is stored in the file receiving terminal as a combined file to which access right information is added, so that the electronic file is not leaked to a third party and the information on the electronic file is leaked. There is nothing to do.

(2) The file receiving terminal is
Among the plurality of combined files stored in the combined file storage unit, a combined file information acquisition unit that acquires the location information of the combined file that the user of the file receiving terminal has given an access instruction;
Based on the attribute of the user of the file receiving terminal and the access right information acquired by the access right information acquisition means based on the location information acquired by the combined file information acquisition means, the determination means Decomposing means for decomposing the combined file when it is determined that the user of the file receiving terminal can access the combined file;
The file access management system according to (1), further comprising:

  According to the configuration of (2), when browsing an electronic file stored as a combined file on the file receiving terminal, the user of the file receiving terminal refers to the access right information storage unit of the access management server. If it is not confirmed that the electronic file has been confirmed, the electronic file cannot be viewed. As a result, even if the merged file saved on the file receiving terminal leaks out, the user who acquired the leaked merged file browses the electronic file if he does not have the authority to view the electronic file saved as the merged file. Therefore, it is possible to prevent information leakage due to file leakage from the file receiving terminal. When browsing an electronic file stored as a combined file on the file receiving terminal, access to the electronic file after downloading from the file management server by referring to the access right information storage means of the access management server Management can be performed.

(3) Among the plurality of client terminals, a file providing terminal that is a client terminal that transmits at least one of the plurality of electronic files stored in the file management server,
When the user of the file providing terminal gives a transmission instruction to the file management server for at least one of the combined files stored in the combined file storage means,
The combined file information acquisition unit acquires position information of a combined file that has been instructed to be transmitted to the file management server,
Based on the attribute of the user of the file providing terminal and the access right information acquired by the access right information acquisition unit based on the location information, the determination unit can transmit the combined file to the file management server. (2) The file access management system according to (2), further comprising a file transmission unit that decomposes the combined file by a decomposition unit and transmits the acquired electronic file to the file management server when determined to be present.

  According to the configuration of (3), an electronic file is acquired from the combined file only when a transmission instruction to the file management server is issued for the combined file stored in the combined file storage unit of the file providing terminal. As a result, the electronic file is not leaked from the file providing terminal.

(4) The file providing terminal is
Access right information setting means for setting access right information for an electronic file for which the user of the file providing terminal has instructed to save the file providing terminal;
File information acquisition means for acquiring attribute information of the electronic file;
Access right information for transmitting access right information for the electronic file set by the access right information setting means to the access management server in association with the attribute information of the electronic file acquired by the file information acquisition means. A transmission means;
Further comprising
The combined file creation means includes the electronic file, the attribute information of the electronic file acquired by the file information acquisition means, and the access right information for the electronic file set by the access right information setting means. Create the merged merged file,
The file access management system according to (3), wherein the combined file storage unit stores the combined file.

  According to the configuration of (4), when the electronic file is stored in the file providing terminal, it is possible to prevent information leakage due to the outflow of the file from the file providing terminal by storing it as a combined file. This is because an electronic file stored as a combined file cannot be browsed unless it is confirmed that the user who is browsing the electronic file has browsing authority by referring to the access right information storage means of the access management server. .

(5) The access management server is
And a history storage means for storing the history acquired by the user of the file receiving terminal for each of the plurality of electronic files stored in the file storage means in association with the position information,
The file receiving terminal is
Furthermore,
(4) The file access management system according to (4), further comprising history transmission means for associating the attribute of the user of the file receiving terminal with the position information acquired by the position information acquisition means and transmitting the attribute to the history storage means.

  According to the configuration of (5), the access management server includes a history storage unit that stores a history acquired by the user of the file receiving terminal for each of the plurality of electronic files stored in the file storage unit. By checking the history storage means, the file acquisition status can be grasped. As a result, it is possible to perform file monitoring such as whether unauthorized acquisition has been performed or whether a user who wants to acquire a file has acquired the file.

(6) The file receiving terminal
Furthermore, based on the position information acquired by the combined file information acquisition unit, a history acquisition unit for acquiring the history of the electronic file constituting the combined file from the history storage unit,
The file access management system according to (5), wherein the determination unit determines whether or not a user of the file receiving terminal can acquire the electronic file based on the history acquired by the history acquisition unit. .

  According to the configuration of (6), when browsing an electronic file stored as a combined file on the file receiving terminal, browsing of the electronic file can be controlled based on the history stored in the history storage unit. . Thereby, it is possible to perform fine browsing control that cannot be performed only by the access right information. For example, when a file is browsed after a predetermined time has elapsed since the file was acquired from the file storage means, it may not be possible to browse or only the user who acquired the file from the file storage means may be allowed to view the file it can.

  (7) The file access management system according to any one of (1) to (6), wherein each unit included in the plurality of client terminals is provided by agent software.

  According to the configuration of (7), the user can make his / her terminal a file receiving terminal or a file providing terminal by installing the agent software. Further, the user of the file receiving terminal or the file providing terminal can manage the access of the file used by the user with the same operation as before. The agent software is proxy software that processes a request from a client terminal, and is intended to operate on the back end.

  According to the present invention, a file exchange that prevents file information from leaking to the outside after being stored in the file recipient's terminal by allowing the creator or distributor to manage files exchanged using the Internet. A management system can be provided.

  Hereinafter, the best mode for carrying out the present invention will be described with reference to the drawings. This is merely an example, and the technical scope of the present invention is not limited to this.

[Overall configuration of file access management system]
FIG. 1 is a diagram showing an overall configuration of a file access management system 10 according to each embodiment of the present invention. The file access management system 10 includes a plurality of client terminals (two are illustrated for simplicity in the figure), an access management server 300, and a file management server 400. The plurality of client terminals, the access management server 300, and the file management server 400 are connected via a network 500. In the figure, of the two client terminals, one client terminal is the file providing terminal 200 and the other client terminal is the file receiving terminal 100. The file providing terminal 200 stores a plurality of files, the file receiving terminal 100 also stores a plurality of files, and the file management server 400 also stores a plurality of files. There may be a plurality of file providing terminals 200, file receiving terminals 100, access management servers 300, and file management servers 400, or the access management server 300 and the file management server 400 may be configured as a single server. Also good.

  The access management server 300 includes an access right information storage unit 310. The access right information storage unit 310 manages access right information for each of a plurality of files stored in the file providing terminal 200, the file receiving terminal 100, and the file management server 400, respectively. Details of the access right information storage unit 310 will be described later.

  The file management server 400 includes file storage means 410. The file storage means 410 stores a plurality of files shared between the file providing terminal 200 and the file receiving terminal 100 in order to manage these files. The file management server 400 may be a server having a function that allows users of a plurality of client terminals connected via the network 500 to share a disk. In the present embodiment, a Web server is used as the file management server 400. By using a Web server, a file on the Web server can be accessed using an existing Web browser such as Internet Explorer (registered trademark).

(First embodiment)
[Functional structure of file receiving terminal]
FIG. 2 is a diagram showing a functional configuration of the file receiving terminal 100 according to the first embodiment of the present invention. The file receiving terminal 100 assumes that the file management server 400 stores a plurality of files whose access right information is managed by the access management server 300, and stores the plurality of files stored in the file management server 400. Of these terminals, the operation target is downloaded and the operation target file is used. The file receiving terminal 100 includes an operation receiving unit 101, a position information acquisition unit 102, an access right information acquisition unit 103, a user information acquisition unit 104, a determination unit 105, a file acquisition unit 106, a combined file creation unit 107, and a combined file information acquisition unit. 108, a disassembling means 109, and a combined file storage means 130.

  A solid line arrow connecting each means of the file receiving terminal 100 represents a flow of processing for downloading a file from the file management server 400, and a broken line arrow represents a flow of processing for browsing a file downloaded to the file receiving terminal 100. Open arrows indicate the flow of data. Below, each means with which the file receiving terminal 100 is provided is demonstrated.

  The operation accepting unit 101 has a function of accepting operation information input by an input unit (not shown) such as a keyboard and a mouse with respect to a file to be operated by the user of the file receiving terminal 100, and the received operation information. And a function of outputting to the information acquisition means 102. Specifically, in the case of processing for downloading a file from the file management server 400 (hereinafter referred to as file download processing), the operation accepting unit 101 performs an operation for instructing downloading of a file stored in the file storage unit 410, or the like. Accept. On the other hand, in the case of processing for browsing a file downloaded to the file receiving terminal 100 (hereinafter referred to as file browsing processing), the operation accepting unit 101 instructs browsing of the combined file stored in the combined file storage unit 130. An operation or the like is accepted as operation information. The operation information includes identification information of a file to be operated by the user of the file receiving terminal 100.

  Here, the combined file refers to a combined file creation unit 107 (to be described later) in order to make it impossible to directly perform operations such as browsing, deleting, and updating a file created by the user (hereinafter referred to as a normal file). It is a file created by processing a normal file, for example, an executable file. Note that when a combined file is disassembled, a normal file can be acquired, so that it can be said that the normal file is included in the combined file. Thus, the combined file browsing instruction means a normal file browsing instruction included in the combined file.

  Hereinafter, each unit included in the file receiving terminal 100 will be described separately for the file download process and the file browsing process. First, the function in the file download process of each means with which the file receiving terminal 100 is provided is demonstrated.

  In response to receiving the operation information transmitted by the operation accepting unit 101, the position information acquiring unit 102 uses the file specifying information included in the received operation information among the plurality of files stored in the file storage unit 410. A function of acquiring position information (for example, a URL of the file) of the specified file, and a function of outputting the acquired position information to the access right information acquiring unit 103; Here, the operation information received by the position information acquisition unit 102 is information relating to an operation instructing to download a file stored in the file storage unit 410.

  The access right information acquisition unit 103 accesses a file based on the position information acquired by the position information acquisition unit 102 among the plurality of access right information stored in the access right information storage unit 310 during the download process. A right acquisition function and a function of outputting the acquired access right information to the determination means 105 via the user information acquisition means 104. Here, the access right information is information that is held in each of a plurality of files stored in the file storage unit 410 and indicates which operations can be performed from which user or group.

  Specifically, the access right information is associated with various access rights such as a viewing right, an update right, a printing right, and a deletion right by a user ID for specifying a user having the right and a group ID for specifying a group. Information. For example, in the access right information for a certain file, the A group has the viewing right, the B group has the update right, the C group has the printing right, and the D right has the deletion right. Hereinafter, the user ID and the group ID are simply referred to as an ID.

  The user information acquisition unit 104 has a function of acquiring user information related to one user currently used among a plurality of users who can operate the file receiving terminal 100, and the acquired user information to the determination unit 105. Output function. Here, the file receiving terminal 100 is connected to an external device for specifying the currently used user. Specifically, the external device is an IC card reader connected to the file receiving terminal 100, reads user information from an IC card in which user information is set in advance, and transmits it to the user information acquisition means. The user information acquisition unit 104 acquires user information from an external device. Here, the user information is, for example, a user ID that uniquely identifies a user, a group ID that uniquely identifies a group to which the user belongs, a user name, and the like. Since the user may belong to a plurality of groups such as a sales group and a managerial group, the user can have a plurality of group IDs.

  The determining unit 105 determines whether or not the file specified by the file specifying information can be operated based on the access right information acquired by the access right information acquiring unit 103 and the user information acquired by the user information acquiring unit 104. A determination function and a function of outputting the determination result to the file acquisition means 106. In the file download process, specifically, among the files stored in the file storage unit 410, the determination unit 105 determines whether the user of the file receiving terminal 100 has made a download instruction by the user of the file receiving terminal 100. It is determined whether or not the user has authority to download.

  For example, when the user of the file receiving terminal 100 instructs to download a file from the file management server 400, the access right information acquired by the access right information acquisition unit 103 has authority to use the file. Based on an ID corresponding to a certain browsing right and the like and an ID which is user information acquired by the user information acquisition unit 104, the user of the file receiving terminal 100 determines whether or not there is a browsing right for the normal file included in the combined file. . Specifically, in the access right information acquired by the access right information acquiring unit 103, the ID corresponding to the viewing right or the like includes the ID that is the user information acquired by the user information acquiring unit 104 Is determined to have a viewing right or the like, and when it is not included, it is determined that there is no viewing right or the like.

  Upon receiving a positive determination result from the determination unit 105, the file acquisition unit 106 acquires a file from the file storage unit 410 based on the position information acquired by the position information acquisition unit 102, and the acquired file. And a function of outputting to the combined file creating means 107. Specifically, among the files stored in the file storage unit 410, it is determined that the file receiving terminal 100 user has authority to download a file for which the user of the file receiving terminal 100 has issued a download instruction. When a positive determination result is received from, the file is acquired from the file storage unit 410 based on the position information acquired by the position information acquisition unit 102. The file acquired from the file storage unit 410 is a normal file.

  The combined file creation unit 107 adds the access right information acquired by the access right information acquisition unit 103 and the location information of the file acquired by the location information acquisition unit 102 to the file acquired by the file acquisition unit 106. Has a function of creating a combined file. The combined file creation unit 107 has a function of storing the created combined file in the combined file storage unit 130.

  By storing the combined file created by the combined file creating unit 107 instead of the normal file acquired by the file acquiring unit 106 in the file receiving terminal 100, information leakage due to file outflow or the like can be prevented. When saved as a combined file, the user typically has to decompose the combined file to view the file. In order for the user to decompose the combined file, it is necessary to confirm that the user has the right to view the normal file based on the access right information in the access management server 300. Therefore, even if a third party user obtains the combined file due to outflow of the file or the like, it becomes clear from the access right information in the access management server 300 that the third party user does not have the viewing right. Can not be disassembled. Therefore, the third-party user cannot view the normal file, and the information on the normal file can be prevented from leaking to the third-party user.

  Next, the function in the file browsing process of each means with which the file receiving terminal 100 is provided is demonstrated. The description will focus on the differences from the functions in the file download process described above.

  The combined file information acquisition unit 108 specifies the file included in the received operation information among the plurality of combined files stored in the combined file storage unit 130 in response to receiving the operation information transmitted by the operation receiving unit 101. It has a function of acquiring the position information of the normal file included in the combined file specified by the information and the access right information for the normal file. In addition, the function of outputting the acquired file information and access right information to the access right information acquiring unit 103, and the file specifying information included in the received operation information are output to the decomposing unit 109 via the access right information acquiring unit 103 and the like. It has a function. Here, the operation information received by the combined file information acquisition unit 108 is information related to an operation for instructing browsing of the combined file stored in the combined file storage unit 130.

  In addition to the above-described functions, the access right information acquisition unit 103 includes a file based on the location information acquired by the combined file information acquisition unit 108 among a plurality of access right information stored in the access right information storage unit 310. It has a function to acquire access right information.

  In addition to the functions described above, the determination unit 105 has a function of outputting the determination result to the decomposition unit 109. In the file browsing process, specifically, whether the determination unit 105 has authority to allow the user of the file receiving terminal 100 to browse the normal file included in the combined file that the user of the file receiving terminal 100 has instructed to browse. Determine whether or not. In addition, the determination unit 105 receives the instruction to browse the combined file stored in the combined file storage unit 130, that is, when the user of the file receiving terminal 100 receives an instruction to browse the normal file included in the combined file. , Access right information for a normal file for which a browsing instruction has been acquired by the access right information acquiring unit 103 and an access right included in the combined file for which a browsing instruction has been acquired by the combined file information acquiring unit 108 to be described later It is determined whether the information matches.

  When the decomposing unit 109 receives a positive determination result from the determining unit 105, the decomposing unit 109 is identified by the file specifying information received from the combined file information acquiring unit 108 among the combined files stored in the combined file storage unit 130. It has a function of decomposing a combined file and extracting a normal file. In addition, the extracted normal file has a function of transmitting to the output unit. For example, among the combined files stored in the combined file storage unit 130, the extracted normal file is included in the combined file that the user of the file receiving terminal 100 has instructed to view. When a positive determination result is received from the determination unit 105 that the normal file can be browsed, the normal file is extracted from the combined file instructed to be browsed.

[Functional configuration of file providing terminal]
FIG. 3 is a diagram illustrating a functional configuration of the file providing terminal 200 according to the first embodiment. The file providing terminal 200 is a terminal that provides (uploads) a file to be provided to the user of the file receiving terminal 100 to the file management server 400, and can set access right information of the file to be provided. The file providing terminal 200 includes an operation receiving unit 201, a file information acquiring unit 210, an access right information setting unit 211, an access right information transmitting unit 212, a combined file creating unit 207, a combined file information acquiring unit 208, and an access right information acquiring unit 203. , A user information acquisition unit 204, a determination unit 205, a decomposition unit 209, a file transmission unit 213, and a combined file storage unit 230.

  Note that the solid arrows connecting the respective units of the file providing terminal 200 shown in FIG. 3 represent the flow of processing for locally storing files in the file providing terminal 200, and the broken arrows represent the flow of processing for uploading files to the file management server 400. Represents. However, the white arrow represents the flow of data. Below, each means with which the file provision terminal 200 is provided is demonstrated centering around difference with the file reception terminal 100. FIG.

  The operation accepting unit 201 has a function similar to that of the operation accepting unit 101 of the file receiving terminal 100, but the accepted operation is different. Specifically, in the case of processing for locally saving a file in the file providing terminal 200 (hereinafter referred to as saving processing), the operation accepting unit 201 instructs to save a normal file created by the user of the file providing terminal 200. The operation to be accepted is accepted. On the other hand, in the case of processing for uploading a file to the file management server 400 (hereinafter referred to as file upload processing), an operation for instructing upload of a file stored in the file providing terminal 200 is accepted.

  Hereinafter, each unit included in the file providing terminal 200 will be described separately for a storage process and a file upload process. First, the function in the storage process of each means with which the file provision terminal 200 is provided is demonstrated.

  In response to receiving the operation information transmitted by the operation accepting unit 201, the file information acquiring unit 210 uses the file specifying information included in the received operation information among the plurality of files stored in the file storage unit 410. It has a function of acquiring file information related to a specified file. Specifically, file information regarding a normal file (hereinafter referred to as a save file) for which a user of the file providing terminal 200 has instructed save is acquired. In addition, a function of outputting the file specifying information included in the received operation information to the access right information setting unit 211 and a function of outputting the acquired file information to the access right information transmitting unit 212 via the access right information setting unit 211. Have. Here, the file information is file attribute information such as a file name, a file creator, and an IP address of the file providing terminal 200 storing the file. The received operation information is information related to an operation instructed by the user of the file providing terminal 200 to save a normal file.

  The access right information setting unit 211 has a function of setting access right information for a file (stored file) specified by the file specifying information received from the file information acquisition unit 210, and accesses the access right information set for the file. It has a function of outputting to the right information transmitting means 212. A specific access right information setting method will be described later.

  The access right information transmission unit 212 associates the file information related to the saved file acquired by the file information acquisition unit 210 and the access right information for the saved file set by the access right information setting unit 211 in association with the access management server 300. And a function for outputting the information transmitted to the access management server 300 to the combined file creating means 207.

  The combined file creation unit 207 is the same as the combined file creation unit 107 in that it has a function of creating a combined file and storing it in the combined file storage unit 230. However, the difference is that instead of the position information of the file acquired by the position information acquisition unit 102, the file information regarding the storage file acquired by the file information acquisition unit 210 is used. This is because the saved file is not stored in the file storage unit 410 and the saved file has no position information in the file storage unit 410. Therefore, the combined file creating unit 207 in the file providing terminal 200 is set for the saved file in the saved file by the file information related to the saved file acquired by the file information obtaining unit 210 and the access right information setting unit 211. Create a combined file that combines access rights information.

  Similar to the file receiving terminal 100, the file providing terminal 200 stores not the normal file but the combined file, so that information leakage due to file outflow can be prevented.

  Next, the function in the file upload process of each means with which the file provision terminal 200 is provided is demonstrated. The description will focus on differences from the functions in the file upload process described above.

  The combined file information acquisition unit 208 specifies a file included in the received operation information among a plurality of combined files stored in the combined file storage unit 230 in response to receiving the operation information transmitted by the operation receiving unit 201. It has a function of acquiring file information related to a normal file and access right information for the normal file included in the combined file specified by the information. In addition, a function of outputting the acquired file information and access right information to the access right information acquiring unit 203, and file specifying information included in the received operation information are output to the determining unit 205 via the access right information acquiring unit 203 and the like. With functions.

  The access right information acquisition unit 203 is the same as the access right information acquisition unit 103 in that it has a function of acquiring access right information from the access right information storage unit 310 via the access management server 300. However, regarding the storage file acquired by the combined file information acquisition unit 208 instead of the location information in the file storage unit 410 of the file for which the user of the file receiving terminal 100 acquired by the location information acquisition unit 102 has issued a download instruction. The difference is that the access right information is acquired from the access right information storage unit 310 based on the file information. Further, the access right information acquisition unit 203 does not have to acquire IDs corresponding to all access rights included in the access right information, and may acquire IDs corresponding to necessary access rights.

  The user information acquisition unit 204 has the same function as the user information acquisition unit 104. The determination unit 205 has the same function as the determination unit 105. Specifically, the determination unit 205 determines whether or not the user of the file providing terminal 200 has authority to save the saved file, and the combined file storage unit. Among the files stored in 230, the user of the file receiving terminal 100 has the authority to upload the saved file included in the combined file that the user of the file providing terminal 200 has instructed to upload to the file storage means 410. It is determined whether or not.

  When the decomposing unit 209 receives a positive determination result from the determining unit 205, the decomposing unit 209 is identified by the file specifying information received from the combined file information acquiring unit 208 among the combined files stored in the combined file storage unit 130. It has a function of decomposing a combined file and extracting a normal file and file information. Further, it has a function of transmitting the extracted normal file to the file transmitting unit 213 and a function of outputting the extracted file information to the access right information transmitting unit 212 via the file transmitting unit 213.

  The file transmission unit 213 has a function of transmitting the storage file extracted from the combined file by the decomposition unit 209 to the file management server 400, and after the file management server 400 stores the storage file in the file storage unit 410, the file management server 400 has a function of acquiring the location information of the saved file in the file storage unit 410 from 400 and a function of outputting the acquired location information to the access right information transmission unit 212.

  In addition to the functions described above, the access right information transmission unit 212 updates the access right information storage unit 310 with the location information acquired by the file transmission unit 213 based on the file information extracted by the decomposition unit 209. It has a function.

  The file receiving terminal 100 and the file providing terminal 200 described above may have the other function. In this case, as long as the means with the same name provided in the file providing terminal 200 and the file receiving terminal 100 have functions in both terminals, the number of means may be one.

  Each means except for the storage means provided in the file receiving terminal 100 and the file providing terminal 200 is configured to operate in the background of processing performed in accordance with a user instruction. Therefore, each means except the storage means provided in the file receiving terminal 100 and the file providing terminal 200 can be provided by the agent software. As a result, the user can manage access to the files used by the user with the same operation as before.

  The combined file storage means 130, 230, access right information storage means 310, and file storage means 410 are mainly assumed to be a database (DB) on a hard disk, but the storage means on the client terminal is a USB memory or an SD card. Such a non-volatile memory, an optical disk, a magnetic tape cartridge, an external storage device such as a flexible disk may be used. The hardware configurations of the client terminals 100 and 200, the access management server 300, and the file management server 400 will be described later.

[Access right information storage means]
FIG. 4 is a diagram showing an access management table stored in the access right information storage unit 310 according to each embodiment. The access right management table has a URL column 311a, a file name column 311b, an IP address column 311c, a browsing right column 311d, an update right column 311e, and a deletion right column 311f. However, the present invention is not limited to these, and a printing right column or the like may be provided.

  The URL column 311a stores a URL indicating the location of the saved file stored in the file storage unit 410 in the file storage unit 410. In the present embodiment, since a Web server is used as the file management server 400, the location of the saved file stored in the file storage unit 410 can be acquired by a URL, and the saved file can be uniquely specified by the URL. Therefore, the access right information stored in the access right information storage unit 310 can be associated with the file stored in the file storage unit 410 by the URL.

  The file name column 311b stores the file name of the file stored in the file providing terminal 200. The IP address column 311c stores the IP address of the file providing terminal 200 where the file is stored. In the file name column 311b and the IP address column 311c, the file stored in the file providing terminal 200 is associated with the access right information stored in the access right information storage unit 310. Since the file stored in the file providing terminal 200 cannot be uniquely specified by the URL, it is uniquely specified by the file name and the IP address of the file providing terminal 200.

  The browsing right column 311d stores a user ID for specifying a user who has a browsing right for a file specified in the URL column 311a or the file name column 311b and the IP address column 311c and a group ID for specifying a group. Is done. Similarly, in the update right column 311e, an ID for specifying a user or group having an update right for the file specified in the URL column 311a or the file name column 311b and the IP address column 311c, and a deletion right column 311f Stores an ID for identifying a user or group having a deletion right.

[File save processing]
FIG. 5 is a flowchart of the file saving process according to the first embodiment. When the operation reception unit 201 receives operation information input by an input unit (not shown) such as a keyboard or a mouse for a file to be saved by the user of the file providing terminal 200, the process starts.

  S100: The file information acquisition unit 210 acquires file information related to the saved file. The file information needs to include at least the file name and the IP address of the file providing terminal 200. This is because the saved file saved in the file providing terminal 200 is associated with the access right information stored in the access right information storage unit 310.

  S110: The access right information setting unit 211 sets access right information for the saved file. The access right information may be arbitrarily set by the user, or may be automatically set by the access right information setting unit 211. As a case where the user arbitrarily sets, for example, the file providing terminal 200 has a function of providing a window for setting access right information, and the access right information set in the window by the user is set as access right information setting means. 211 acquires and sets with respect to a preservation | save file. In addition, when the access right information setting unit 211 automatically sets, for example, several types of access right information are prepared in advance in the file providing terminal 200, and according to the file information acquired in step S100. Then, the access right information setting unit 211 may select them and automatically set the saved file.

  S120: The access right information transmitting unit 212 transmits to the access management server 300 the file information regarding the saved file acquired in step S100 and the access right information set for the saved file in step S110. The access management server 300 stores the access right information in the access right information storage unit 310 in association with the file information.

S130: The combined file creating means 207 combines the file information acquired in step S100 and the access right information set in step S110 with the file instructed to be saved by the user of the file providing terminal 200, thereby combining the files. Create
S140: The combined file created in step S130 is stored in the combined file storage unit 230.

  In order for the user to access the saved file included in the combined file, it must be confirmed by the access management server 300 that manages the access right information that the user has the right to access the saved file. Therefore, even if a combined file flows out from the file providing terminal 200, a third party without any authority cannot access the saved file, and the contents of the saved file can be prevented from leaking. In addition, by managing the access right information of the saved file by the access management server 300, after the combined file has been leaked, the right owner of the saved file can also save it by changing the access right information of the access management server 300. It is possible to prevent the contents of the file from being leaked.

[File upload processing]
FIG. 6 is a flowchart of file upload processing according to the first embodiment. Of the combined files stored in the file providing terminal 200 as the combined file, input means such as a keyboard and a mouse for the combined file including the stored file that the user of the file providing terminal 200 intends to upload to the file management server 400 ( When the operation receiving means 201 receives the operation information input at (not shown), the process starts.

S200: The combined file information acquisition unit 208 acquires file information related to the storage file included in the combined file from the combined file.
S210: The access right information acquisition unit 203 acquires access right information from the access right information storage unit 310 based on the file information related to the saved file acquired in step S200. Specifically, an ID corresponding to the access right indicating the right to upload the file to the file management server 400 corresponding to the file name and the IP address of the file providing terminal 200 in which the file is stored is acquired.

  S220: The user information acquisition unit 204 acquires an ID or the like for identifying a user or group as user information regarding the user of the file providing terminal 200.

  S230: The determination unit 205 determines whether the user of the file providing terminal 200 can upload the saved file to the file management server 400. Specifically, whether or not the file management server 400 acquired in step S210 includes the ID of the user information acquired in step S220 in the ID corresponding to the access right indicating the authority to upload the saved file. Determine. If the ID of the user information acquired in step S220 is included in the ID corresponding to the access right indicating the right to upload the file to the file management server 400 acquired in step S210, the file providing terminal 200 It is determined that the user has the authority to upload the saved file to the file management server 400, and if it is not included, it is determined that the user does not have the authority to upload.

S240: In step S230, when the determining unit 205 determines that the user of the file providing terminal 200 has the authority to upload the saved file to the file management server 400, the decomposing unit 209 decomposes the combined file and extracts the saved file. .
S250: The file transmission unit 213 transmits the saved file extracted in step S240 to the file management server 400. The file management server 400 stores the received saved file in the file storage unit 410 and returns position information of the stored file stored in the file storage unit 410 to the file providing terminal 200.

  S260: In step S250, the access right information transmission unit 212 sends the location information of the storage file in the file storage unit 410 acquired by the file transmission unit 213 and the file information related to the storage file acquired in step S200 to the access management server 300. Send. In the access right information storage unit 310, the access management server 300 updates the access right information corresponding to the file information related to the received storage file with the location information of the storage file received in the file storage unit 410. Specifically, the location information of the saved file in the file storage unit 410 is stored in the URL column 311a of the access right management table of the access right information storage unit 310, and the information in the file name column 311b and the IP address column 311c is deleted. This process is for associating the saved file saved in the file storage unit 410 with the access right information already stored in the access right information storage unit 310.

  S270: The combined file creation unit 207 recreates the combined file by replacing the file information included in the combined file with the location information of the saved file in the file storage unit 410 acquired by the file transmission unit 213 in step S250. This is because the access right information stored in the access right information storage unit 310 is associated with the saved file included in the combined file saved in the file providing terminal 200 in response to the update in step S260.

  Since the access management server 300 manages the access right information of the storage file included in the combined file stored in the file providing terminal 200, even if the storage file is uploaded to the file management server 400, Access right information can be taken over as it is. Further, even when a file is uploaded to the file management server 400, the access right information set by the user is inherited, so that the user can manage access to the file even after the file is uploaded.

[File download process]
FIG. 7 is a flowchart of file download processing according to the first embodiment. This process is a process of downloading the file stored in the file storage means 410 to the file receiving terminal 100 different from the file providing terminal 200 by the file saving process and the file upload process described above. Of the files stored in the file storage means 410, an operation in which the user of the file receiving terminal 100 inputs a file to be downloaded to the file receiving terminal 100 with an input means (not shown) such as a keyboard or a mouse. When the operation receiving unit 101 receives the information, the process starts.

S300: The location information acquisition unit 102 acquires location information in the file storage unit 410 of a file (hereinafter referred to as “target file”) stored in the file storage unit 410 to which the user of the file receiving terminal 100 has issued a download instruction. To do.
S310: The access right information acquisition unit 103 acquires access right information corresponding to the position information of the target file in the file storage unit 410 acquired in step S300 from the access right information storage unit 310. Here, as the access right information to be acquired, an ID corresponding to each of all access rights stored in the access right information storage unit 310 is acquired. This is because it is necessary for creating a combined file described later.

  S320: The user information acquisition unit 104 acquires user information of the file receiving terminal 100.

  S330: The determination unit 105 determines whether the user of the file receiving terminal 100 can download the target file to the file receiving terminal 100. Specifically, the ID of the user information acquired in step S320 is included in the ID corresponding to the access right indicating the authority to download the target file to the file receiving terminal 100 in the access right information acquired in step S310. It is determined whether or not. If the ID corresponding to the access right indicating the right to download the target file to the file receiving terminal 100 acquired in step S310 includes the user information ID acquired in step S320, the file receiving terminal It is determined that the user 100 has the authority to download the target file to the file receiving terminal 100. If the file is not included, it is determined that the user does not have the authority to download.

  S340: In step S330, when the determination unit 105 determines that the user of the file receiving terminal 100 has the authority to download the target file to the file receiving terminal 100, the file acquisition unit 106 acquires the target file from the file storage unit 410. .

S350: The combined file creation unit 107 combines the target file location information acquired in step S300 and the target file access right information acquired in step S310 with the target file acquired in step S340. Create a combined file. The target file is the same as the storage file in the file storage process and the file upload process described above.
S360: The combined file creation unit 107 stores the combined file created in step S350 in the combined file storage unit 130.

  S370: When the determination unit 105 determines in step S330 that the user of the file receiving terminal 100 does not have the authority to download the target file to the file receiving terminal 100, a message that the target file cannot be downloaded without being downloaded. Is displayed on a display or the like as output means.

  The target file downloaded to the file receiving terminal 100 is included and stored in the combined file, so that even if the combined file leaks from the file receiving terminal 100, a third party without any authority has access to the stored file. It is not possible to prevent the contents of the saved file from leaking. In addition, by managing the access right information of the target file included in the combined file stored in the file receiving terminal 100 by the access right information storage unit 310, the access right management of the target file is provided by providing the target file. It can be performed by the user of the terminal 200.

[File browsing process]
FIG. 8 is a flowchart of the file browsing process according to the first embodiment. This is a process in which the user of each terminal browses the stored file included in the combined file stored in the combined file storage means 130, 230 of the file providing terminal 200 and the file receiving terminal 100. Here, the browsing process of the stored file included in the combined file stored in the combined file storage unit 130 of the file receiving terminal 100 in the file download process will be described.

  Of the combined files stored in the combined file storage unit 130, the input unit (not shown) such as a keyboard and a mouse inputs a combined file including a normal file to be browsed by the user of the file receiving terminal 100. When the operation accepting unit 101 accepts the operated information, the process starts.

S400: The combined file information acquisition unit 108 acquires the location information and access right information of the storage file in the file storage unit 410 included in the combined file from the combined file including the storage file for which the browsing instruction has been given.
S410: The access right information obtaining unit 103 obtains access right information corresponding to the location information of the saved file in the file storage unit 410 obtained in step S400 from the access right information storage unit 310. The acquired access right information is information on all access rights set for the saved file.

  S420: The user information acquisition unit 104 acquires user information regarding the user of the file receiving terminal 100.

  S430: The determination unit 105 determines whether the user of the file receiving terminal 100 can view the saved file. Specifically, it is determined whether or not the ID of the user information acquired in step S420 is included in the ID corresponding to the access right indicating the authority to view the saved file in the access right information acquired in step S410. To do. When the ID of the user information acquired in step S420 is included in the ID corresponding to the access right indicating the authority to view the saved file in the access right information acquired in step S410, the file receiving terminal 100 It is determined that the user has the authority to view the saved file. If the user is not included, the user is judged not to have the authority to view the saved file. Further, the determination unit 105 determines whether the access right information included in the combined file acquired in step S400 matches the access right information stored in the access right information storage unit 310 acquired in step S410.

  As a result, when the access right to the saved file in the access right information storage unit 310 is changed after the saved file is acquired by the download process described above, the user of the file receiving terminal 100 cannot view the saved file. . Thereby, it is possible to prevent the information from leaking by changing the access right to the saved file in the access right information storage unit 310 after the saved file has been leaked to a third party.

S440: If the determination unit 105 determines in step S430 that the user of the file receiving terminal 100 has the authority to view the saved file, the disassembling unit 109 reads the saved file that has been instructed to be browsed by the user of the file receiving terminal 100. Decompose the combined file, and extract the saved file. The contents of the extracted saved file are displayed on a display or the like as output means.
S450: If it is determined in step S430 that the user of the file receiving terminal 100 is not authorized to view the file, the disassembling unit 109 does not decompose the combined file, and the output unit displays a message that the saved file cannot be viewed. It is displayed on a certain display.

  As described above, when browsing the stored file included in the combined file, the user browses the file unless the access management server 300 managing access right information confirms that the user of the file receiving terminal 100 has the viewing right. Can not do it. Therefore, even if a combined file flows out of the file receiving terminal 100, an unauthorized third party cannot view the file, and leakage of the file contents can be prevented.

(Second Embodiment)
The second embodiment will be described focusing on the differences from the first embodiment. The difference from the first embodiment is that when downloading a file stored in the file storage unit 410, information relating to the download is left as a history, and the history is referred to when browsing the file. Except for the points described below, the second embodiment is the same as the first embodiment. Moreover, in the following description and drawings, the same reference numerals are given to the portions that perform the same functions as those of the first embodiment, and overlapping descriptions are appropriately omitted.

[Functional structure of file receiving terminal]
FIG. 9 is a diagram illustrating a functional configuration of the file receiving terminal 100 according to the second embodiment. The difference from FIG. 2 is that the file receiving terminal 100 includes a history acquisition unit 120 and a history transmission unit 121, and the access management server 300 includes a history storage unit 320.

  In addition to the functions described above, the access right information acquisition unit 103 has a function of outputting the position information received from the position information acquisition unit 102 to the history acquisition unit 120 via the user information acquisition unit 104. In addition to the functions described above, the user information acquisition unit 104 has a function of outputting notification information notifying that user information has been acquired to the history acquisition unit 120.

  When receiving notification information from the user information acquisition unit 104, the history acquisition unit 120 acquires the history information from the history storage unit 320 based on the position information received from the access right information acquisition unit 103, and the acquired history information And a function of outputting the position information received from the access right information acquisition unit 103 to the determination unit 105. The download information acquired by the history acquisition unit 120 is used to determine whether or not the user of the file receiving terminal 100 can view the file.

  The file acquisition unit 106 has a function of outputting the acquired file to the history transmission unit 121 instead of the function of outputting the acquired file to the combined file creation unit 107. When the history transmission unit 121 receives a file from the file acquisition unit 106, the history transmission unit 121 transmits the history information of the file to the history storage unit 320, and outputs the file received from the file acquisition unit 106 to the combined file creation unit 107. Have

  Here, the history information is information relating to file download, and includes, for example, a user ID that identifies a user who downloaded a file, a group ID that identifies a group to which the downloaded user belongs, the date and time when the file was downloaded, and the like. .

[History storage means]
The history storage unit 320 stores information related to file download stored in the file storage unit 410. The history storage unit 320 includes items such as a URL indicating the storage location of the file in the file storage unit 410, a user ID for specifying the downloaded user, a group ID for specifying the group to which the downloaded user belongs, and the date and time when the file was downloaded. Have. Since the file stored in the file storage unit 410 is not downloaded once, one or more pieces of download information are stored in the history storage unit 320 for one file.

[File download process]
FIG. 10 is a flowchart of the file download process according to the second embodiment. The difference from FIG. 7 is that step S341 is provided.
S341: The history transmission unit 121 transmits the download information of the file downloaded from the file management server in step S300 to the access management server 300. The file storage location in the file storage means 410 included in the download information uses the value of the location information acquired in step S300, and the user ID and the like use the value of the user information acquired in step S320.

[File browsing process]
FIG. 11 is a flowchart of file browsing processing according to the second embodiment. The difference from FIG. 8 is that step S421 is provided. Further, by providing step S421, the process of step S430 is changed to step S431.
S421: The history acquisition unit 120 acquires download information from the history storage unit 320 based on the storage position acquired in step S400.

  S431: The determination unit 105 determines whether the user of the file receiving terminal 100 can view the file by using the download information acquired in step S421 in addition to the access right information and the user information. Specifically, whether or not the user ID included in the user information acquired in step S420 is included in the user ID included in the download information acquired in step S421 in addition to the determination in step S430 of FIG. judge.

  With this process, only the user who has acquired the file from the file storage unit 410 can view the downloaded file. Thereby, the user who can view the file is the user who has acquired the file from the file storage unit 410 and is recorded in the history storage unit 320. As a result, the user who provided the file can grasp the user who viewed the file by referring to the history storage unit 320. Note that the determination may be made not by the user ID but by the group ID.

  In addition, the download time included in the download information is compared with the time when the file is browsed, and the user can be prevented from browsing the file when a considerable time has elapsed. Thereby, when the file stored in the file receiving terminal 100 and the file stored in the file storage unit 410 are different due to update or the like, it is possible to prevent the user from browsing the file before the change. it can.

  As described above, in the second embodiment, the access management server 300 manages the download information of the file stored in the file storage unit 410 so that the user of the file providing terminal 200 stores it in the file storage unit 410. You can check the download status of the downloaded file. Thereby, file monitoring can be performed, such as whether a file has not been downloaded to a third party, or whether a user who wants to hand over the file has downloaded the file.

[Hardware configuration of client terminal, access management server, and file management server]
FIG. 12 is a diagram illustrating a hardware configuration of the client terminals 100 and 200, the access management server 300, and the file management server 400 according to each embodiment. An apparatus in which the present invention is implemented may be a standard one, and an example of the configuration is shown below. The general configuration of the client terminals 100 and 200, the access management server 300, and the file management server 400 as an information processing apparatus 1000 typified by a computer will be described.

  The information processing apparatus 1000 includes a CPU (Central Processing Unit) 1310 (a plurality of CPUs such as a CPU 1320 may be added in a multiprocessor configuration), a bus line 1200, a communication I / F (I / F: An interface) 1330, a main memory 1340, a BIOS (Basic Input Output System) 1350, a display device 1360, an I / O controller 1370, an input device 1380 such as a keyboard and a mouse, a hard disk 1390, an optical disk drive 1400, and a semiconductor memory 1420. The hard disk 1390, the optical disk drive 1400, and the semiconductor memory 1420 are collectively referred to as a storage device 1430.

  The control unit 1300 controls the information processing apparatus 1000 in an integrated manner, and appropriately reads and executes various programs stored in the hard disk 1390 (described later), thereby cooperating with the hardware described above. Various functions related to are realized.

  The communication I / F 1330 is a network adapter when the information processing apparatus 1000 transmits / receives information to / from the mail server via the network 500. The communication I / F 1330 may include a modem, a cable modem, and an Ethernet (registered trademark) adapter.

  The BIOS 1350 records a boot program executed by the CPU 1310 when the information processing apparatus 1000 is activated, a program depending on the hardware of the information processing apparatus 1000, and the like.

  Display device 1360 includes a display device such as a cathode ray tube display device (CRT) or a liquid crystal display device (LCD).

  A storage device 1430 such as a hard disk 1390, an optical disk drive 1400, and a semiconductor memory 1420 can be connected to the I / O controller 1370.

  The input device 1380 accepts input by the user of the information processing apparatus 1000.

  The hard disk 1390 stores various programs for causing the hardware to function as the information processing apparatus 1000, programs for executing the functions of the invention, and tables and records to be described later. The information processing apparatus 1000 can also use a hard disk (not shown) separately provided as an external storage device.

  As the optical disk drive 1400, for example, a DVD-ROM drive, a CD-ROM drive, a DVD-RAM drive, or a CD-RAM drive can be used. In this case, the optical disk 1410 corresponding to each drive is used. A program or data may be read from the optical disk 1410 by the optical disk drive 1400 and provided to the main memory 1340 or the hard disk 1390 via the I / O controller 1370.

  Note that the computer in the present invention includes one or a plurality of information processing apparatuses 1000 including a storage device 1430, a control unit 1300, and the like.

  Each means except the combined file storage means 130 and 230 included in the file receiving terminal 100 and the file providing terminal 200 is realized by executing a computer program by the control unit 1300. The combined file storage units 130 and 230, the access right information storage unit 310, and the file storage unit 410 are mainly mounted on the hard disk 1390. However, as described above, other storage devices may be used.

1 is a diagram illustrating an overall configuration of a file access management system according to each embodiment of the present invention. It is a figure which shows the function structure of the file reception terminal which concerns on 1st Embodiment. It is a figure which shows the function structure of the file provision terminal which concerns on 1st Embodiment. It is a figure which shows the access right management table stored in the access right information storage means which concerns on each embodiment. It is a flowchart of the file preservation | save process which concerns on 1st Embodiment. It is a flowchart of the file upload process which concerns on 1st Embodiment. It is a flowchart of the file download process which concerns on 1st Embodiment. It is a flowchart of the file browsing process which concerns on 1st Embodiment. It is a figure which shows the function structure of the file reception terminal which concerns on 2nd Embodiment. It is a flowchart of the file download process which concerns on 2nd Embodiment. It is a flowchart of the file browsing process which concerns on 2nd Embodiment. It is a figure which shows the hardware constitutions of the client terminal which concerns on each embodiment, an access management server, and a file management server.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 File access management system 100 File receiving terminal 102 Location information acquisition means 103,203 Access right information acquisition means 105,205 Determination means 106 File acquisition means 107,207 Combined file creation means 108,208 Combined file information acquisition means 109,209 Decomposition Means 130, 230 Combined file storage means 200 File providing terminal 211 Access right information setting means 212 Access right information transmission means 213 File transmission means 300 Access management server 310 Access right information storage means 400 File management server 410 File storage means

Claims (7)

A plurality of client terminals, a file management server that manages a plurality of electronic files shared by the plurality of client terminals, and an access management server that manages access right information of each of the plurality of electronic files are connected via a network. File access management system,
The file management server comprises file storage means for storing the plurality of electronic files transmitted from each of the plurality of client terminals;
The access management server comprises access right information storage means for storing access right information for each of the plurality of electronic files stored in the file storage means;
Of the plurality of client terminals, a file receiving terminal that is a client terminal that receives at least one of the plurality of electronic files stored in the file management server,
Among the plurality of electronic files stored in the file storage means, position information acquisition means for acquiring position information in the file storage means of the electronic file for which the user of the file receiving terminal has made an acquisition instruction;
Access right information acquisition means for acquiring access right information for the electronic file from the access right information storage means based on the position information;
Determining means for determining whether or not the user of the file receiving terminal can acquire the electronic file based on the attribute of the user of the file receiving terminal and the access right information;
When the determination unit determines that the user of the file receiving terminal can acquire the electronic file, the file acquisition unit acquires the electronic file from the file storage unit;
A combined file creating means for creating a combined file by combining the electronic file acquired by the file acquiring means, access right information for the electronic file, and the position information of the electronic file;
Combined file storage means for storing the combined file;
A file access management system comprising: The file receiving terminal is
Among the plurality of combined files stored in the combined file storage unit, a combined file information acquisition unit that acquires the location information of the combined file that the user of the file receiving terminal has given an access instruction;
Based on the attribute of the user of the file receiving terminal and the access right information acquired by the access right information acquisition means based on the location information acquired by the combined file information acquisition means, the determination means Decomposing means for decomposing the combined file when it is determined that the user of the file receiving terminal can access the combined file;
The file access management system according to claim 1, further comprising: Among the plurality of client terminals, a file providing terminal that is a client terminal that transmits at least one of the plurality of electronic files stored in the file management server,
When the user of the file providing terminal gives a transmission instruction to the file management server for at least one of the combined files stored in the combined file storage means,
The combined file information acquisition unit acquires position information of a combined file that has been instructed to be transmitted to the file management server,
Based on the attribute of the user of the file providing terminal and the access right information acquired by the access right information acquisition unit based on the location information, the determination unit can transmit the combined file to the file management server. 3. The file access management system according to claim 2, further comprising: a file transmission unit configured to decompose the combined file by a decomposition unit and to transmit the acquired electronic file to the file management server when it is determined that there is a file. The file providing terminal is
Access right information setting means for setting access right information for an electronic file for which the user of the file providing terminal has instructed to save the file providing terminal;
File information acquisition means for acquiring attribute information of the electronic file;
Access right information for transmitting access right information for the electronic file set by the access right information setting means to the access management server in association with the attribute information of the electronic file acquired by the file information acquisition means. A transmission means;
Further comprising
The combined file creation means includes the electronic file, the attribute information of the electronic file acquired by the file information acquisition means, and the access right information for the electronic file set by the access right information setting means. Create the merged merged file,
The file access management system according to claim 3, wherein the combined file storage unit stores the combined file. The access management server is
And a history storage means for storing the history acquired by the user of the file receiving terminal for each of the plurality of electronic files stored in the file storage means in association with the position information,
The file receiving terminal is
Furthermore,
5. The file access management system according to claim 4, further comprising: a history transmission unit configured to associate the attribute of the user of the file receiving terminal with the position information acquired by the position information acquisition unit and transmit the attribute to the history storage unit. The file receiving terminal is
Furthermore, based on the position information acquired by the combined file information acquisition unit, a history acquisition unit for acquiring the history of the electronic file constituting the combined file from the history storage unit,
6. The file access management system according to claim 5, wherein the determination unit determines whether or not a user of the file receiving terminal can acquire the electronic file based on the history acquired by the history acquisition unit. .   The file access management system according to any one of claims 1 to 6, wherein each unit included in the plurality of client terminals is provided by agent software.

Images