JP2005285008A - Data security management system, program, and data security management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow only employees authorized by a company to access data before and after changes to an organization in the company to which the employees belong have been made. <P>SOLUTION: The data security management system includes: a data storage part 4 for storing data that can be read in response to access requests based on user IDs; a personal information storage part 2 for storing each user's personal information including his or her current department, position, and qualification, for each of the user IDs; a data security attribute storage part 5 for storing access requirements given to the data in the data storage part 4; a collation rule storage part 7 for storing department rules for determining whether or not the data can be browsed, for each of the user IDs; a department changing device 10 for changing each user's current department into his or her prior department according to his or her user ID; and an access permission determining device 6 that collates each user's personal information with his or her current and prior departments and the access requirements so as to set the matching data as the department rules for the matching person and thus determine whether or not each user should be granted the right of access. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a data security management system, a program, and a data security management method, for example.

  In general companies, etc., when a user in the company can use his / her computer system, the user ID for the function of the system is given in advance to the user ID and the terminal ID, and the user logs in to the terminal In addition, the functions that can be handled according to the user authority of the request source such as the user or the terminal are limited.

In recent years, a technique for determining whether to permit access to important data as well as functions based on some attribute data has been established.
As a prior art of this type, for example, in a communication system that provides medical data at an information providing site, an attribute of an access request source (use source) to the information providing site in response to an input access request or attribute authentication request. Data (health professional personal attribute data or medical professional corporate attribute data is read from the corporate attribute database management server device or application server device, and attribute data requested by the information providing site to be accessed (information providing site request attribute data from the database It is determined whether or not the attribute data of the read requesting access source satisfies the attribute data requested by the information providing site. If it is determined that the attribute data is satisfied, the access source is permitted to access the information providing site. Technology has been disclosed (for example, Patent Document 1) Irradiation).

In other words, in the past, function restrictions were set by the user, and user authority was given to each function of the system, or as information for determining whether to access data, an individual or corporation as a medical worker in advance The attribute information of the information and the attribute information of the information providing destination are registered in the database, and it is determined whether or not the data can be accessed using these attribute information as determination materials, thereby realizing security.
In the case of the above-described technique, once the information is registered, the user can access the function and data almost unconditionally and can obtain the information.
JP 2003-140954 A, paragraph [0060].

By the way, in companies and the like, personnel changes and departmental changes are consolidated once a year or suddenly. In this case, the employee's department often changes.
When the department to which an employee belongs changes, even if the data can be referred to in the old department, there is a situation in which the current department must make the reference impossible.

  However, in the conventional technology, once the user registers personal information in the system, all the data that can be referred to once can be referred to thereafter, so when the personal information changes In addition, there is a problem in that it is necessary to re-register already registered attribute information. In addition, once the registration information is changed, information that was worked in the previous department cannot be referred to, which may be inconvenient.

  In addition, companies that connect multiple clients via a network to build a workflow system, in the past, when a job such as application / approval is flowed from one client to another client, it is disclosed to the data. There is no clear standard for security, and there is a risk that secret matters may be leaked depending on the operation method.

  The present invention has been made to solve such problems. When a change occurs in an organization to which an employee belongs in a company, only a person authorized by the company can access information before and after the organization change. The object is to provide a highly confidential data security management system, program, and data security management method.

  In order to solve the above-described problems, a data security management system according to the present invention includes a data storage unit that stores data that can be read by an access request including user identification information that identifies a user, and personal information of the user. Personal information storage means storing the current department, job title, and qualification for each user identification information, and the user's department, job title, as access conditions given to each data stored in the data storage means, An access condition storage means for storing qualifications, a conditional expression storage means for storing for each user identification information a conditional expression for determining whether or not the user can access data requested to be accessed by the user, A department conversion means for setting the switching time between the current department of the user and the old department and outputting the old department of the user based on the user identification information; Personal information read from the personal information storage means based on the user identification information included in the user information, the user's old department output from the department conversion means, and the access conditions stored in the access condition storage means Collating and setting the matched data as a parameter of the conditional expression of the corresponding user stored in the conditional expression storage means, and determining the access authority of the user with respect to the requested data, access authority determining means; Data access means for enabling access to data determined to have access authority by the access authority determination means from a corresponding user.

  A program according to the present invention is a program for causing a computer to execute processing, the data storage means storing data that can be read by an access request including user identification information for identifying the user, and a user. Personal information storage means for storing the current department, job title, and qualification for each user identification information as personal information of the user, and the user's department as an access condition given to each data stored in the data storage means , An access condition storage means that stores job titles and qualifications, and a conditional expression storage that stores, for each user identification information, a conditional expression for determining whether the user can access data requested by the user The method and the department conversion method that outputs the user's old department based on the user identification information is set. Stored in the personal information read from the personal information storage means based on the user identification information included in the access request, the user's old department output from the department conversion means, and the access condition storage means. Access to determine the access authority of the user for the requested data by setting the matched data as a parameter of the conditional expression of the corresponding user stored in the conditional expression storage means. An authority determining means and data access means for making it possible to access data determined to have access authority by the access authority determining means from a corresponding user.

The data security management method of the present invention is a data security management method for a user to log in by inputting user identification information to a computer, and to access data to be accessed stored in a data storage means. The access authority determination means reads the personal information from the personal information storage means based on the user identification information included in the access request from the user, and the user accesses the access request data based on the user identification information. A step in which the access authority determining means reads out a conditional expression for determining whether or not it is possible from the access condition storing means; and based on the user identification information, the department converting means determines the current department of the user as the old department. The personal information read from the personal information storage means by the access authority determination means The user's old department converted by the department conversion means and the access conditions stored in the access condition storage means are collated, and the matched data is stored in the conditional expression storage means. And determining the access authority of the user for the data requested to be accessed, and the data access means corresponding to the data stored in the data storage means determined by the access authority determination means And a step of allowing access from a user.
In the present invention, based on the user identification information included in the access request from the user, the access authority determining means reads out the personal information and the access conditions, and uses the user after converting the current department to the old department. Since it is determined whether or not the data requested by the user can be accessed, only the user who has been recognized as being able to access the data stored in the data storage means can access the data. Will be able to.
In other words, according to the present invention, since some access restriction rules are created and each parameter can be set by setting a parameter to which rule is applied each time, it is possible to flexibly cope with a change in the user's organization. A certain level of security can be ensured.

  As described above, according to the present invention, when a change occurs in an organization to which an employee belongs in a company, only a person authorized by the company can access information before and after the organization change.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
(First embodiment)
FIG. 1 is a diagram showing the configuration of the data security management system according to the first embodiment of the present invention. The data security management system according to the first embodiment is a computer that a user logs in to use. As shown in FIG. 1, the function configuration includes a personal authentication device 1 and a personal information storage unit 2 as personal information storage means. A data security granting device 3 as an access condition granting means, a data storage unit 4 as a data storage means, a data security attribute storage part 5 as an access condition storage means, an access permission judging device 6 as an access authority judging means, an access condition Collation rule storage unit 7 as a formula storage means, collation rule creation device 8 as an access condition formula creation means, data search device 9 as a data access means, department conversion device 10 as a department conversion means, data as a data access means A registration / update device 11 is provided.

  The personal information storage unit 2, the data storage unit 4, the collation rule storage unit 7 and the like correspond to hard disk devices or memories in computer hardware. The personal authentication device 1, data security grant device 3, access permission determination device 6, collation rule creation device 8, data search device 9, and data registration / update device 11, in a computer, are software stored in a hard disk device or memory. Corresponds to each module.

The personal authentication device 1 issues user identification information (user ID, password, etc.) issued when user identification information (user ID, password, etc.) for identifying an individual user who uses this system is input from the keyboard. ) Including a user ID, a password and a personal information stored in the personal information storage unit 2 in advance, and authenticating whether or not the requesting user can use this system. is there. After authentication, information such as the user ID is held in the memory until the user logs out. The personal information storage unit 2 stores personal information in an in-house organization such as a user name A, a department A, a job title A, and a qualification A in addition to a login user ID and password for each user. The data storage unit 4 stores data to be accessed that can be read by a user making an access request.
The data security assigning device 3 is a device that assigns a security attribute to data stored in the data storage unit 4 or to data stored in the data storage unit 4, and the security attribute of the accessible user assigned to the data (Department, Title, Qualification, etc.) are stored in the data security attribute storage unit 5.
In response to an access request for data retrieval from the user, the data search device 9 issues an access permission determination request to the access permission determination device 6, and when the access permission determination device notifies that access is possible, the data storage unit 4 is searched, and the corresponding data is read from the data storage unit 4 and displayed on the display screen.

  The department conversion device 10 stores organization conversion information of the old department and the new department for each user in advance, and converts the current department of the corresponding person to the old department in response to an inquiry request from the accessibility determination device 6. This is a device that returns past department data. The organization conversion information stores, for example, department A as user A's current department information, department X as old department information, start YY year Y month, end YY year data security management system month, etc. as switching date information. .

  The data registration / update device 11 is a device that stores data in the data storage unit 4 or updates data stored in the data storage unit 4 in response to an access request such as data registration or update from a user.

  The access permission determination device 6 stores the personal information read from the personal information storage unit 2 based on the user ID (user identification information included in the access request) held in the memory after the user login and the data security attribute storage. The data security attribute stored in the section 5 and the user's old department output from the department conversion device 10 are collated, and the matched data is parameterized in the collation rule of the corresponding person stored in the collation rule storage section 7. This is a device that determines whether access is permitted or not based on whether or not the matching rule is satisfied. The collation rule creation device 8 is a device that creates a collation rule between the data security attribute and personal information, and stores the created collation rule in the collation rule storage unit 7. The collation rule storage unit 7 stores at least one department rule, for example, as a collation rule created by the collation rule creation device 8. The department rule is a conditional expression in which information related to an organization in the company such as a department, a title, and a qualification is associated with an individual name and data.

As shown in FIG. 2, for example, as shown in FIG. 2, the collation rule storage unit 7 includes individual (department =: department A and position> =: position A and qualification =: qualification A), data (department =: Department A) is stored.
As “department rule 2”, individuals (department =: department A and position> =: position A) and data (department =: department A and position> =: position B) are stored.
Note that “” means a rule, and the items in parentheses are arranged as (item: large / small value: value connection condition item: large / small value: value). Items in parentheses indicate items to be compared between personal information and data security attributes. Symbols such as (=,> =, <=, <>) are entered in the large and small values in (), and these symbols indicate comparison conditions. It is assumed that the position rank is in the relationship of position A> position B, and the rank of qualification is in the relationship of qualification A> qualification B.
In this example, for example, “department rule 1” means that if the personal information is department = department A and position> = position A and qualification> = qualification A, the data security attribute can view the data of department = department A Is shown.

Next, the operation of the data security management system according to the first embodiment will be described with reference to FIG.
(Verification rule creation operation)
An operation for creating a collation rule, which is a material for determining permission / denial of access to data, will be described.
In this data security management system, when a user A starts up a computer, the personal authentication device 1 displays a login screen on the display screen of the monitor.
Then, when the user A inputs his / her user ID and password on the login screen displayed on the display screen (S1), the personal authentication device 1 is stored in the personal information storage unit 2 with the input user ID and password. The personal information is verified by collating with the personal information (S2). When personal authentication by the personal authentication device 1 is completed, various buttons (collation rule creation button, data registration / update button, data security grant button, data search button) for specifying processing such as data registration / change and data search are displayed on the display screen. , An execution button, etc.) is displayed.

When the user A operates, for example, a data registration / update button from this menu screen, a matching rule registration screen for registering the matching rule in the matching rule storage unit 7 is displayed on the display screen by the matching rule creation device 8. Is done. This collation rule registration screen has a group of buttons such as large / small / upper / lower comparison, absolute value comparison symbols and items to be collated. By operating these buttons and entering the required values as keys, the collation rules are displayed. Can be created (S3).
After creating the collation rule, the collation rule created on the collation rule registration screen is registered in the collation rule storage unit 7 by the collation rule creation device 8 by clicking the execution button with a mouse or the like (S4).

(Data security attribute assignment operation)
An operation for assigning data security attributes to data will be described.
In this case, for example, when a data security grant button is operated by the user A from the menu screen, the data security attribute grant screen for granting the data security attribute is displayed on the display screen by the data security grant device 3. . This data security attribute assignment screen is provided with an input field for giving a data security attribute that becomes an access condition, that is, an access button, an execution button, and the like for specified data. The input field includes a field for specifying the name of the target data and a field for inputting a reference button, a department, a title, a qualification, and the like.

When the user clicks the execution button with an input device such as a mouse after inputting in the input fields of this data security attribute assignment screen, the data security attributes (department, title, qualification) that are the conditions for granting the relevant data Is stored in association with the data in the data storage unit 4 and the security attribute storage unit 5 (S5).
As for the operation of registering new data in the data registration / update device 11, the operation when assigning data security attributes to the data is the same as the operation for providing data security attributes, except that the data specifying location is different. It is. Further, when the data security attribute is not added to the new data, the operation is the same as the general operation of storing data in the hard disk device or the like, and the description thereof is omitted.

(Data access operation)
Next, the data access operation by this data security management system will be described.
For example, when a data search button is operated by the user A from the menu screen, a data search request including a user ID is issued to the data search device 9, and the data search device 9 uses the data search for browsing the data. The screen is displayed on the display screen. The data search screen is provided with a data search field for searching for data, an execution button, and the like.

When the user A inputs the data name desired to be browsed in the data search field of the data search screen and then clicks the execution button, the data search device 9 sends an access permission determination request command to the access permission determination device 6. Send (S6). The determination request command includes at least a user ID.
When the determination request command from the data search device 9 is received, the access permission determination device 6 extracts the user ID included in the determination request command, and personal information of the user A (user's information already known by user authentication) (Personal attributes such as department, job title, qualification, etc.) are read from the personal information storage unit 2 (S7), and data security attributes assigned to the data requested for retrieval are acquired from the data security attribute storage unit 5 (S8).
Further, the access permission determination device 6 makes an inquiry request with the user ID to the department conversion device 10 in order to consider the case where the department to which the affiliation changes due to personnel changes or the consolidation of departments, and the department conversion device 10 In response to this inquiry request, the current department of the user is converted to the old department based on the user ID, and the data of the old department is notified to the access permission determination device 6 (S9).
In other words, the department conversion device 10 associates the past department of the user, which department is the current department and the former department, based on the current department and the application date of the data. This is to prevent past data from becoming inaccessible when the current user A's department determines. The department conversion device 10 sends the converted old department of the user to the access permission determination device 6 to determine the access right to the data having the attribute of the past department.
The access permission determination device 6 includes the personal attribute of the user A acquired from the personal information storage unit 2, the old department of the user notified from the department conversion device 10, and the data security attribute acquired from the data security attribute storage unit 5. When the data of department, title, qualification, etc. are matched, one department rule having the corresponding user ID is selected from a plurality of department rules stored in the collation rule storage unit 7 and read ( In step S10, the corresponding data is set as a parameter in the read department rule, and the department rule is interpreted to determine whether the user A has the access authority for the data based on whether the department rule is correct.
As a result of this determination, if there is an access authority for the relevant data requested to be searched and the access to the relevant data is permitted, the access permission judging device 6 notifies the data storage unit 4 and the data retrieval that the retrieval is permitted for the data. The process is performed on the apparatus 9 (S11).
With this search permission notification, the corresponding data in the data storage unit 4 can be accessed, and the data search device 9 accesses the data storage unit 4, reads the corresponding data from the data storage unit 4, and displays it on the data search screen. (S12).
If there is no access authority for the corresponding data, a notification indicating that the search is not possible is returned from the access permission determination device 6 to the data search device 9, so that the data search device 9 displays a message indicating that the search is not possible on the data search screen. To do.

That is, when the user accesses the data, the access permission determination device 6 collates the personal attribute of the user with the data security attribute, selects one collation rule from among a plurality of settings, and selects it. The user's access right to the data in the data storage unit 4 is determined according to the collation rule. If the access is possible, the search is permitted for the data, and otherwise the search is not permitted.
For example, as a result of the access permission determination device 6 collating the user's personal attribute, the user's old department, and the data security attribute, in the collation rule shown in FIG. When selected, data 1 and data 2 in the data storage unit 4 shown in FIG. 3 can be accessed. When “department rule 2” is selected, only data 1 is accessible.
Furthermore, if the old department of user A is department X from YY Y month to YY year data security management system month, data of department X from YY Y month to YY year data security management system month (data 4) Can also be accessed.

As described above, according to the data security management system of the first embodiment, the data security attribute of the corporate organization is given to the data, and the access permission determination device 6 has the personal information and the data security attribute of the user who wants to access the data. Since the access right is determined by selecting a verification rule from a plurality of verification rules, the security for the data can be improved. Further, by providing the data security assigning device 3, it is possible to give data security attributes (department, title, qualification) as a condition for granting the access target data.
In addition, by providing the department conversion device 10, the user A's current department is converted into a past department (old department), so that even if the department changes due to personnel changes or department consolidation, the user Can refer to past data as needed.

(Second Embodiment)
Next, a data security management system according to the second embodiment of the present invention will be described with reference to FIGS. FIG. 4 is a diagram showing the configuration of the data security management system of the second embodiment. The data security management system according to the second embodiment corresponds to the workflow according to the first embodiment.

  That is, the data security management system of the second embodiment includes a personal authentication device 1, a personal information storage unit 2, an access permission determination device 6, a collation rule creation device 8, a data search device 9, a department, as shown in FIG. A conversion device 10, a collation rule storage unit 12, a workflow system 13, a route information adding device 16, a workflow data storage unit 14, a route information storage unit 15 and the like are provided.

  The personal information storage unit 2, the data storage unit 4, the collation rule storage unit 7 and the like correspond to hard disk devices or memories in computer hardware. The personal authentication device 1, data security grant device 3, access permission determination device 6, collation rule creation device 8, and data search device 9 correspond to respective modules of software stored in a hard disk device or memory in a computer.

When a user who is an individual who uses this system inputs a user ID, a password, and the like from the keyboard, the personal authentication device 1 receives the input user ID and password and personal information stored in the personal information storage unit 2 in advance. Is a device that performs user authentication as to whether or not the requesting user can use this system. The personal information storage unit 2 stores personal information in an in-house organization such as a user name A, a department A, a job title A, and a qualification A in addition to a login user ID and password for each user. The data storage unit 4 stores data to be accessed by the user.
For example, the workflow system 13 executes a work workflow of route circulation of a document circulation or the like to a designated employee. The workflow data storage unit 14 stores workflow data such as documents circulated in the workflow. The route information storage unit 15 stores route information added to the workflow data by the route information adding device 16. The route information includes, for example, an applicant, an application department, an approver, an approval department, and a management department.
The route information assigning device 16 is a device that assigns route information to the workflow data stored in the workflow data storage unit 14 or stored in the workflow data storage unit 14. Information is stored in the route information storage unit 15.
In response to a data search request from the user, the data search device 9 issues an access permission determination request to the access permission determination device 6. When the access permission determination device 6 notifies the access permission, the data search device 9 14 is searched for workflow data, and the corresponding workflow data is read from the workflow data storage unit 14 and displayed on the display screen.

The department conversion device 10 stores organization conversion information of the old department and the new department for each user in advance, and in response to an inquiry request from the accessibility determination device 6, the current department of the corresponding person is converted to the old department. It is a device that returns information, that is, past department data. The department data of the corresponding person for conversion includes, for example, department A as user A's current department information, department X as old department information, start YY year / month as end date information, end YY year data security management system month, etc. It is remembered.
The access permission determination device 6 is based on the personal information stored in the personal information storage unit 2, the route information stored in the route information storage unit 15, and the collation rules stored in the collation rule storage unit 12. Is a device that determines whether access is permitted or not.
The collation rule creation device 8 is a device that creates a collation rule between route information and personal information, and stores the created collation rule in the collation rule storage unit 12. The collation rule storage unit 12 stores at least one workflow rule, for example, as a collation rule created by the collation rule creation device 8. The workflow rule is a conditional expression in which workflow data and information on the circulation route of the workflow in the company such as the applicant, the approver, and the management department are associated with the ID of the individual employee.

For example, as shown in FIG. 5, an individual (user =: data. Applicant or user =: data.approver) is stored in the matching rule storage unit 12 as “workflow rule 1”.
As “workflow rule 2”, individuals (department =: department A and post> =: post A) and data (user =: data.applicant or department =: data.management department) are stored.
As “workflow rule 3”, an individual (department> =: position A or department> =: qualification A) and data (all data) are stored.
Note that “” means a rule, and the items in parentheses are arranged as (item: large / small value: value connection condition item: large / small value: value). Items in parentheses indicate items to be compared between personal information and data security attributes. Symbols such as (=,> =, <=, <>) are entered in the large and small values in (), and these symbols indicate comparison conditions.
In this example, for example, in the case of “workflow rule 1”, it is indicated that it is possible to browse data in which the user of the personal information = the user is the applicant or the user> = the data approver.

  That is, the data security management system according to the second embodiment includes a workflow data storage unit 14 as a data storage unit that stores workflow data that can be read by an access request including user identification information (user ID) that identifies a user. And personal information storage unit 2 as personal information storage means for storing the current department, title, and qualification for each user ID as user personal information, and each workflow data stored in workflow data storage unit 14 In addition to the user's department, job title, and qualification, information indicating the circulation order (root) of documents (workflow data) in the workflow (applicant → management department, management department → approver, etc.) was stored as the granted access conditions The route information storage unit 15 as an access condition storage means, and the user needs access A collation rule storage unit 12 as a conditional expression storage means for storing, for each user ID, a conditional expression (workflow rule) for determining whether or not the user can access the workflow data that has occurred, and the current department of the user Switching time from the old department is set, the department conversion device 10 as a department conversion means for outputting the user's old department based on the user ID, and reading from the personal information storage unit 2 based on the user ID included in the access request The personal information is compared with the user's old department output from the department conversion device 10 and the access conditions stored in the route information storage unit 15, and the matched data is stored in the verification rule storage unit 12. Set as a parameter of the workflow rule of the corresponding user, and the access right of the user to the workflow data for which access is requested An access permission determination device 6 as an access authority determination means for determining the data, and a data search device as a data access means for allowing the workflow data determined to have access authority by the access permission determination device 6 to be accessible from the corresponding user 9.

Next, the operation of the data security management system according to the second embodiment will be described with reference to FIG.
(Verification rule creation operation)
An operation for creating a collation rule as a material for determining permission / denial of access to workflow data will be described.
In this data security management system, when a user A starts up a computer, the personal authentication device 1 displays a login screen on the display screen of the monitor.
Then, when the user A inputs his / her user ID and password on the login screen displayed on the display screen (S21), the personal authentication device 1 is stored in the personal information storage unit 2 with the input user ID and password. The personal information is verified by collating with the personal information (S22). When personal authentication is completed by the personal authentication device 1, various buttons (collation rule creation button, workflow data registration / update button, route information addition button, data search) for specifying processing such as data registration / change and data search are displayed on the display screen. A menu screen with buttons, execution buttons, etc. is displayed.

When, for example, the workflow data registration / update button is operated by the user A from this menu screen, the collation rule registration screen for registering the collation rule in the collation rule storage unit 12 is displayed on the display screen by the collation rule creation device 8. Is displayed. This collation rule registration screen has a group of buttons such as large / small / upper / lower comparison, absolute value comparison symbols and items to be collated. By operating these buttons and entering the required values as keys, the collation rules are displayed. Can be created (S23).
After creating the collation rule, the collation rule created on the collation rule registration screen is registered in the collation rule storage unit 12 by the collation rule creation device 8 by clicking the execution button with a mouse or the like (S24).

(Data security attribute assignment operation)
An operation for assigning route information to workflow data will be described.
In this case, when the route information grant button is operated by the user A from the menu screen, for example, an access request including the user ID is issued to the route information grant device 16 and the route information grant device 16 assigns the route information. A route information addition screen for doing so is displayed on the display screen. This route information addition screen is provided with an input field, an execution button, and the like for adding route information as a condition for determining the circulation route for the specified workflow data. The input field includes a field for designating the name of the target workflow data and a field for inputting a reference button, an applicant, an approver, a management department, a title, a qualification, and the like.

  When the user clicks the execution button with an input device such as a mouse after inputting in the input fields of the route information addition screen, the route information (department, applicant) that becomes the condition for granting the permission, that is, the data access condition , Approver, title, qualification, management department, approval department, etc.) are given to the corresponding data and stored in association with the data in the data storage unit 4 and the route information storage unit 15 (S25).

(Data access operation)
Next, an operation for accessing workflow data by the data security management system will be described.
When, for example, a workflow data search button is operated by the user A from the menu screen, an access request including a user ID is issued to the data search device 9, and data for browsing the workflow document by the data search device 9 is issued. The search screen is displayed on the display screen. This data search screen is provided with a search field for searching for documents being circulated, an execution button, and the like.

When user A clicks the execution button after inputting the name of a document desired to be browsed in the search field of the data search screen, the data search device 9 sends an access permission determination request command to the access permission determination device 6. (S26). This determination request command includes a user ID.
When the determination request command from the data search device 9 is received, the access permission determination device 6 extracts the user ID included in the determination request command and uses the personal information (use of user A) already known by the user authentication. (Personal attributes such as a person's department, title, qualification) are read from the personal information storage unit 2 (S27), and route information having a user ID is obtained from the route information storage unit 15 (S28).
Further, the access permission determination device 6 makes an inquiry request with the user ID to the department conversion device 10 in order to consider the case where the department to which the affiliation changes due to personnel changes or the consolidation of departments, and the department conversion device 10 In response to this inquiry request, the current department of the user is converted to the old department based on the user ID, and the old department is notified (S29).
That is, the department conversion device 10 associates the user with a past department based on the current department and the application date of the data. This is to prevent past data from becoming inaccessible when the current user A's department determines. The department conversion device 10 sends the converted old department of the user to the access permission determination device 6 to determine the access right to the data having the attribute of the past department.

The access permission determination device 6 compares the personal attribute of the user A acquired from the personal information storage unit 2 with the old department of the user output from the department conversion device 10 and the route information acquired from the route information storage unit 15. When the data matches, one workflow rule corresponding to the user ID is selected from the plurality of workflow rules stored in the collation rule storage unit 12 and read (S30), and corresponds to the read workflow rule. Data is set as a parameter, the workflow rule is interpreted, and whether or not the user A has access authority to the document circulated in the workflow is determined based on whether or not the workflow rule is correct.
As a result of this determination, if there is an access right for the corresponding document and the access to the corresponding document is permitted, the access permission determining device 6 sends a notice of permission to view the document to the workflow data storage unit 14 and the data search device 9. Perform (S31).
With this search permission notification, the corresponding workflow data in the workflow data storage unit 14, that is, the document can be accessed, and the data search device 9 accesses the workflow data storage unit 14 and stores the corresponding workflow data in the workflow data storage unit 4. And the document is displayed on the data search screen (S32).
In addition, when there is no access authority for the corresponding workflow data, a notification indicating that browsing is not possible is returned from the access permission determination device 6 to the data search device 9, so that the data search device 9 displays a message indicating that it is not authorized and cannot be viewed. Display on the data search screen.

That is, when the user accesses the workflow data, the access permission determination device 6 compares the personal attribute of the user with the route information, and selects one workflow rule having the corresponding user ID from among a plurality of settings. In accordance with the selected workflow rule, the user's access authority to the workflow data in the workflow data storage unit 14 is determined. If the user has access authority and can access the workflow data, the workflow data is permitted to be browsed. Otherwise, browsing is not permitted.
For example, as a result of collation of the user's personal attribute, the user's old department, and route information, the access permission judgment device 6 selects “workflow rule 1” in the collation rule shown in FIG. In this case, data 1 and data 2 in the workflow data storage unit 14 shown in FIG. 6 can be accessed. When “workflow rule 2” is selected, only data 1 can be accessed.
Furthermore, if the old department of user A is department X from YY Y month to YY year data security management system month, data of department X from YY Y month to YY year data security management system month (data 4) Can also be accessed.

  As described above, according to the data security management system of the second embodiment, the route information for circulating the document in the business organization is added to the workflow data, and the access permission determination device 6 uses the personal information and the workflow of the user who wants to access the data. The route information is checked and a matching rule is selected from a plurality of routes to determine the access authority, so that the document circulated in the workflow can be viewed according to whether it is an approver or an administrator. Businesses can flow at a certain security level.

  That is, since the access permission determination device 6 compares the personal information (user ID) of the user with the applicant / approver of the route information to determine the access authority, the security for the workflow data can be improved. In addition, since the access authority is determined by comparing the department to which the user belongs and the application department / approval department / management department, security for workflow data can be improved. Furthermore, since the access authority is determined based on the job title / qualification of the user, the security for the workflow data can be improved.

In addition, by providing the route information adding device 16, route information (applicant, approver, management department, etc.), which is a condition such as whether to view the workflow data to be accessed or whether it can be signed, is provided. Can be given.
In addition, by providing the department conversion device 10, the user A's current department is converted into a past department (old department), so that even if the department changes due to personnel changes or department consolidation, the user Can refer to past data as needed.

The figure which shows the structure of the data security management system of 1st Embodiment which concerns on this invention. The figure which shows an example of the department rule stored in the collation rule storage part in the data security management system of FIG. The figure for demonstrating operation | movement of the data security management system of FIG. The figure which shows the structure of the data security management system of 2nd Embodiment which concerns on this invention. The figure which shows an example of the workflow rule stored in the collation rule storage part in the data security management system of FIG. The figure for demonstrating operation | movement of the data security management system of FIG.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Personal authentication apparatus, 2 ... Personal information storage part, 3 ... Data security provision apparatus, 4 ... Data storage part, 5 ... Data security attribute storage part, 6 ... Access permission determination apparatus, 7 ... Collation rule storage part, 8 ... Collation rule creation device, 9 ... Data search device, 10 ... Department conversion device, 11 ... Data registration / update device, 12 ... Collation rule storage unit, 13 ... Workflow system, 14 ... Workflow data storage unit, 15 ... Route information storage unit , 16 ... Route information giving device.

Claims (3)

Data storage means for storing data that can be read by an access request including user identification information for identifying a user;
Personal information storage means that stores the current department, title, and qualification for each user identification information as personal information of the user,
An access condition storage means for storing a user's department, post, and qualification as an access condition given to each data stored in the data storage means;
Conditional expression storage means for storing, for each user identification information, a conditional expression for determining whether the user can access data requested to be accessed by the user;
A department conversion means for setting the switching time between the current department of the user and the old department, and outputting the old department of the user based on the user identification information;
The personal information read from the personal information storage means based on the user identification information included in the access request, the user's old department output from the department conversion means, and the access stored in the access condition storage means Access authority determination that compares conditions and sets the matched data as a parameter of the conditional expression of the corresponding user stored in the conditional expression storage means to determine the access authority of the user for the requested data Means,
A data security management system comprising: data access means for allowing data determined to have access authority by the access authority determination means to be accessible from a corresponding user. A program for causing a computer to execute processing,
The computer,
Data storage means for storing data that can be read by an access request including user identification information for identifying a user;
Personal information storage means that stores the current department, title, and qualification for each user identification information as personal information of the user,
An access condition storage means for storing a user's department, post, and qualification as an access condition given to each data stored in the data storage means;
Conditional expression storage means for storing, for each user identification information, a conditional expression for determining whether the user can access data requested to be accessed by the user;
A department conversion means for setting the switching time between the current department of the user and the old department, and outputting the old department of the user based on the user identification information;
The personal information read from the personal information storage means based on the user identification information included in the access request, the user's old department output from the department conversion means, and the access stored in the access condition storage means Access authority determination that compares conditions and sets the matched data as a parameter of the conditional expression of the corresponding user stored in the conditional expression storage means to determine the access authority of the user for the requested data Means,
A program for causing data determined to have access authority by the access authority determining means to function as data access means for allowing access from a corresponding user. In a data security management method for a user to log in by inputting user identification information to a computer and to access data to be accessed stored in a data storage means,
A step in which the access authority determining means reads the personal information from the personal information storing means based on the user identification information included in the access request from the user;
The access authority determining means reading from the access condition storage means a conditional expression for determining whether or not the user can access the data of the access request based on the user identification information;
Based on the user identification information, the department conversion means converts the current department of the user to an old department;
Data matching the personal information read from the personal information storage means by the access authority determination means, the old department of the user converted by the department conversion means, and the access conditions stored in the access condition storage means Is set as a parameter of the conditional expression of the corresponding user stored in the conditional expression storage means, and the user's access authority to the requested data is determined;
A data security management method, comprising: a step of allowing data access means to access data of the data storage means determined by the access authority determination means as having access authority.

Images