JP2006318037A - Life cycle management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To set an access authority according to each phase in a life cycle of computerized information. <P>SOLUTION: The life cycle management system comprises a file policy information storage part 2 storing file policy information regulating whether encrypting processing is performed or not in each phase of the life cycle of each computerized information element, a user policy information storage part 4 storing user policy information in each phase of computerized information; a current user policy information storage part 9 of computerized information; a role table storage part 12 storing identification information of a user belonging to a user role; a computerized information access means 11 permitting or rejecting access based on the current user policy information and the identification information of the user belonging to the user role; and a life cycle management part 8 monitoring the establishment of a transition condition stored in the file policy information storage part for each computerized information element, and updating, upon establishment of the condition, arrangement of computerized information stored in a computerized information storage device. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a life cycle management system, and more particularly to a life cycle management system capable of setting access authority according to each phase in the life cycle of computerized information.

  In today's enterprises and government offices, in addition to the increase in digitized work, for example, the requirement for information storage for data mining, the requirement from laws and regulations that require the storage of electronic information, or the rapid recovery in case of computer failure The amount of information that needs to be stored is increasing along with the demands of the company. For this reason, there is an increasing need to reduce total costs while ensuring convenience by deploying information on an appropriate storage medium at an appropriate time, for example, infrequently using information on an inexpensive medium. Yes.

  Electronic information that requires long-term storage, such as a file used in a computer system, has a life cycle of several decades from creation to destruction in some cases. This life cycle has, for example, a plurality of phases such as a phase in which computerized information is created, a phase in which it is made public, and a phase in which it is stored as an archive. Each phase generally has a different form of use, and different requirements such as required access speed and security. For this reason, it is desirable in terms of cost and security to redeploy to an appropriate medium according to each phase.

  The computerized information generally has different security requirements for each phase. For example, when considering the life cycle of information in electronic design drawings, it is undisclosed based on the phase of creation by the designer, the phase of disclosure within the company or group of companies, and the requirements of laws and regulations. The storage phase can be considered.

  Generally, these electronic design information is used by various users. In addition, for example, when there is a phase that can be disclosed to a third party and a phase that cannot be disclosed, when access authority differs between people in the project to be accessed and people outside, or a general design drawing is created. There can be various cases such as being able to refer to a specific design drawing although it cannot be referred to by anyone other than the person.

  The above is the case where the computerized information is a design drawing, but the same applies to the case where the computerized information is another document or drawing, mail information, database information, various history information, or the like.

  As described above, for the electronic information, for each phase in the life cycle, the electronic information is encrypted according to the security requirements in the phase, or security means such as WORM (Write Only Read Many) is applied. It is desirable. In addition, a means for giving an encryption / decryption key necessary for use of the encrypted information or an authority for encryption / decryption to the user of the digitized information is provided. It is desirable to take.

  Patent Document 1 discloses a method of storing an email in which the transmitted / received email is encrypted, the encrypted email is stored in a storage device, and the stored email is stored in a non-rewritable recording medium upon expiration of a certain period of time. It is shown.

  In Non-Patent Document 1, in order to facilitate life cycle phase transition and physical distribution of digitized information accompanying the transition, life cycle phase transition time and movement set for the digitized information or a group thereof are described. Set and save life cycle policy information that prescribes information such as the physical location of the destination, and move to a destination specified at a time that matches the phase transition conditions specified in the setting and saved policy information A method for automatically moving digitized information is shown.

In Non-Patent Document 2, for example, an appropriate server is selected as a storage location from the server group of the tiered storage based on the setting of the service level target such as “save the history for a predetermined period by encrypting the file” Has been shown to do.
JP 2004-287842 A EMC Corporation and Legato Systems Inc. “Information Lifecycle Management: An Automated Approach” Technical White Paper (December 2003) [Search December 8, 2003], Internet <URL: http: /www.emc.com/ilm/pdf/ C108_ILM_an_automated_approach_ldv.pdf NEC 2004-11-2 Press Release “Hierarchical Storage Management Technology Based on File Importance” [Searched on November 24, 2004], Internet <URL: http: /www.nec.co.jp/press/en/0411 /2404.html

 Non-Patent Document 1 Policy that sets, saves, sets, and saves life cycle policy information that defines information such as the life cycle phase transition time and the physical location of the move destination for the digitized information The method of automatically moving digitized information to the destination specified at the time when the phase transition condition specified in the information is met is based on the medium that stores the digitized information at the transition of the life cycle phase of the digitized information. Deployment changes can be performed automatically. However, at the transition of the life cycle phase, it is not possible to automatically set these security functions by determining security requirements such as access authority and encryption in the transition destination phase.

  In the method shown in Patent Document 1, the transition time of the life cycle phase of the target computerized information (in this case, email) is identified, and the computerized information is encrypted or stored in a non-rewritable storage medium. Security settings such as (WORM) can be performed. However, it is not possible to freely set a security policy, that is, the setting of the WORM period and the encryption method are fixed. Further, it is not considered to automatically set different access rights for the computerized information depending on the role of the user.

  In Non-Patent Document 2, it is possible to set security functions in units of files such as encryption of computerized information or history storage for a predetermined period based on the specification of a security policy. However, depending on the user's role, an encryption / decryption key is given, or different security functions are automatically set for each user, such as setting access rights such as whether encryption or decryption is possible. I can't. Furthermore, it is not considered to prepare and set different security policies such as encryption for each life cycle phase.

  The present invention has been made in view of these problems, and provides a life cycle management system capable of setting access authority according to each phase in the life cycle of digitized information.

  In order to solve the above problems, the present invention employs the following means.

  A file policy information storage unit that stores file policy information that defines whether to perform at least encryption processing in each life cycle phase for each electronic information, and access for each phase and user role of the electronic information A user policy information storage unit that stores user policy information that defines authority; a life cycle management unit that stores current phase information of the life cycle of the computerized information; and the policy information, current phase information, and user role An electronic information access unit that permits or denies access to the electronic information storage device that stores the electronic information encrypted based on the identification information.

  Since this invention is provided with the above structure, the access authority according to each phase in the life cycle of digitized information can be set.

  Hereinafter, the best embodiment will be described with reference to the accompanying drawings. FIG. 1 is a diagram for explaining a life cycle management system according to the first embodiment of the present invention. In the figure, reference numeral 1 denotes an electronic information storage unit that accumulates various electronic information such as electronic drawings, design documents, and mails as files. The computerized information storage unit 1 uses a storage device using various electronic storage media such as a magnetic disk and a magnetic tape. The electronic storage medium to be used generally uses a plurality of types of media having different access speeds, reliability, and the like. It may contain removable media.

  Reference numeral 2 denotes a file policy information storage unit. For each computerized information stored in the computerized information storage unit 1, the lifecycle configuration phase, the logical location of the computerized information in the phase, and the next This includes information such as the transition condition to the life cycle phase of this or the presence / absence of encryption of digitized information in each phase.

  A file status information storage unit 3 stores status information indicating the current life cycle phase of each computerized information (file).

  Reference numeral 4 denotes a user policy information storage unit, which is information for each user type that prescribes the access authority of each user in each life cycle phase of the target computerized information (file), the decryption method required at the time of access, and the like. Are stored in association with the life cycle phases accumulated in the file policy information storage unit 2.

  A current user policy information storage unit 5 stores user policy information used in the current phase of each digitized information.

  A file policy management unit 6 sets file policy information corresponding to the computerized information created in the computerized information storage device 1 in the file policy information storage unit 2. The file policy information in the file policy information storage unit 2 is also deleted.

  Reference numeral 7 denotes a user policy management unit, which is associated with the file policy information of the computerized information in the file policy information storage unit 2 in the user policy storage unit 4 for each phase and each user policy information for each computerized information. Set. The user policy information in the user policy information storage unit 4 is also deleted.

  Reference numeral 8 denotes a life cycle management unit that monitors file policy information stored in the file policy information storage unit 2 and establishes a life cycle phase transition condition for each computerized information stored in the computerized information storage device 1. When the transition condition is satisfied, the corresponding digitized information is moved to the medium defined in the life cycle policy information via the digitized information deployment unit 10.

  In order to manage the life cycle information of the computerized information and determine whether the transition condition is satisfied, the elapsed time from the start of the current life cycle phase for each computerized information, or the non- A means for monitoring and measuring various information such as access elapsed time or access frequency or a means for holding such information as status information is necessary. However, since these means are publicly known, description thereof is omitted. .

  The life cycle management unit 8 also updates the file state information in the file state information storage unit 3 and activates the current user policy information setting unit 9. Further, as life cycle initialization processing, initialization of file state information in the file state information storage unit 3, initialization of digitized information in the digitized information storage device 1 by the digitized information deployment unit 10, role table management unit 13 The role table information setting in the role table storage unit 12 via the current user policy information and the initial setting of the current user policy information in the current user policy information storage unit 5 via the current user policy information setting unit 9 are also performed. When the digitized information is terminated (destroyed), the file status information in the file status information storage unit 3 is erased, the digitized information in the digitized information storage device 1 is erased, and the current file in the current file policy information storage unit 5 is deleted. It also deletes policy information.

  The current user policy information setting unit 9 searches the user policy information storage unit 4 for user policy information corresponding to the requested file and the requested current phase, and uses the current user policy information as the current user policy information of the file. Set in the information storage unit 5 (initial setting or update).

  Reference numeral 10 denotes a digitized information deployment unit, which requests the digitized information storage unit 1 to initialize (Create), discard (Delete), or change deployment of digitized information.

  Reference numeral 11 denotes an electronic information access unit which is used by a user to access the electronic information in the electronic information storage unit 1. When the user requests access, the role type (“creator”, “administrator”, etc.) of the user is acquired from the role table information in the role table storage unit 12. On the other hand, the current user policy information for the computerized information to be accessed in the user policy information storage unit 4 is acquired, and whether access is permitted or denied is determined based on the acquired information and the role type of the user. Do.

  In the case of permitting, if the user policy information defines conversion processing such as decryption of encrypted information, access (Read, Write, etc.) to the digitized information in the digitized information storage unit 1 is performed according to the rules. When the access request is “Delete”, the access request is deleted through the life cycle management unit 8.

  A role table storage unit 12 stores a role table indicating a correspondence between a “role” that is a user group for the target computerized information (file) and identification information of users belonging to the “role”. The role table is used to set user policy information stored in the user policy information storage unit 4, access authority for each user group in the current user policy information stored in the current user policy information storage unit 5, or data conversion at the time of access. To do.

  A role table management unit 13 sets or deletes user role information.

  An electronic information storage unit 1 includes an electronic information storage device management unit 14, an electronic information storage device management information storage unit 15, a storage physical access unit 16, an encryption / decryption unit 17, a high-speed storage device group (FC ) 18, medium speed storage device group (SATA) 19, and low speed storage device group (TAPE) 20.

  The computerized information storage device management unit 14 receives an access request from the computerized information deployment unit 10 or the computerized information access unit 11. Further, the physical location of the storage device in which the computerized information requested for access exists is detected by the computerized information storage device management information storage unit 15, and the high-speed storage device group (FC) 18 is detected via the storage physical access unit 16. The corresponding physical file of the target storage device in either the medium speed storage device group (SATA) 19 or the low speed storage device group (TAPE) 20 is accessed. In the case of an encrypted file, decryption after file reading from the storage physical access unit 16 or encryption before file writing is performed via the encryption / decryption unit 17.

  The high-speed storage device group (FC) 18 includes devices FC-A and FC-B. The medium-speed storage device group (SATA) 19 includes devices SATA-A and SATA-B. The low-speed storage device group (TAPE) 20 includes TAPE-A and TAPE-B. A physical file corresponding to the target file is created inside each device. In the example of Fig. 1, Sekkei-A1 file and Sekkei-B1 file are created in the high-speed storage device FC-A, and these information are respectively stored in the medium-speed storage device SATA-A as Sekkei-A2 file and Sekkei-B2 file. Move to the low-speed storage device TAPE-A as Sekkei-A3 and Sekkei-B3 files. The storage device such as a low-speed storage device may be a device for a removable medium such as a general tape.

  FIG. 2 is a diagram for explaining the file policy information accumulated in the file policy information storage unit 2. The file policy information designates a life cycle phase such as “creation”, “publication”, “storage”, etc., for a file ID that does not change throughout the life cycle (“Sekkei-A” and “Sekkei-B” in the figure). For each phase, specify its logical location ("FC", "SATA", "TAPE", storage format, and transition conditions between phases. Note that the phase name, logical location name, or storage The format can be set with any name as long as there is consistency in the system.There are various syntaxes for describing the conditions that specify transition conditions, but the transition conditions in the example of FIG. Yes.

  (a) The phase transition condition “if (“ manager transition instruction ”= 'on') →“ private disclosure ”)” in the “creation” phase of the Sekkei-A file is set by the administrator to “create” the Sekkei-A file. When a phase transition from a phase is instructed, this means a transition to the “private release” phase.

  (b) Phase transition condition in the “publication” phase of the Sekkei-A file “if ((“ non-access interval ”('year')> 3) or (“ publication period ”('year')> 5)) → “Storage”) means that when there is no access to the file for three years or more, or when the “limited publication” phase is five years or more, the transition to the “publication” phase is made.

  (c) The phase transition condition “if ((“ Storage period ”('year')> 10) → destroy) in the“ storage ”phase of the Sekkai-A file is discarded when the storage transfer of the file reaches 10 years or more. Means that.

  FIG. 3 is a diagram for explaining the file status information stored in the file status information storage unit 3. In the example of FIG. 3, for a file with Sekkei-A as the file ID, “Create” is specified as the current phase, “FC” is specified as the current location, and “plain text” is specified as the current file format. It is expressed that. In addition, the target file with Sekkei-B as the file ID is specified as “Limited Release” as the current phase, “SATA” as the current location, and “Encrypted by common key encryption” as the current file format. "Format" is specified. The contents of this state information are updated with the transition between phases. Note that as the actual state information, various information necessary for determining the transition condition such as the elapsed time from the start of the phase and the access frequency are also necessary, but are omitted in the figure.

  FIG. 4 is a diagram for explaining user policy information accumulated in the user policy information storage unit 4. In the example of FIG. 4, for the target file ID Sekkei-A specified in the file policy information, for each phase “creation”, “private release”, and “storage” specified in the file policy information, The access authority to be given to various user roles such as “administrator”, “special user”, and “general user” is specified.

  When the lifecycle phase is "Create", the role of "Creator" has access rights "Read", "Write", and "Delete", and the role of "Administrator" has access rights "Read" and "Delete" It is shown that the roles of “special user” and “general user” do not have access authority, and the roles of “creator” and “administrator” do not perform file conversion at the time of access.

  In addition, when the life cycle phase transitions to “unlisted”, the “creator” role has the access authority “Read” and the “administrator” role has the access authorities “Read” and “Write”. It is shown that the role of “special user” has the access authority “Read” and the role of “general user” does not have the access authority.

  In the “unlisted” phase, when the files of “Creator”, “Administrator”, and “Special User” are read, the encrypted file is decrypted by using the common key of each user. It is. In addition, it is shown that the file is encrypted by using the common key of the “manager” when the “manager” writes the file. Note that the file is not converted when the “administrator” file is “Delete”.

  When the lifecycle phase transitions to “Storage”, only the role of “Administrator” has the access authority “Read” and “Delete”, and the roles of “Creator”, “Special User”, and “General User” Has no access rights. The role of “administrator” decrypts the encrypted file by using the common key at the time of file reading (Read) as in the case of the limited disclosure. In this case, the common key is encrypted and stored together with the file itself, and the encrypted common key is decrypted using the secret key possessed by the “administrator”, and the decrypted common key is decrypted. Can decrypt the file itself.

  FIG. 5 is a diagram for explaining the roll table accumulated in the roll table storage unit 12. In FIG. 5, there are three types of roles for the target file Sekkei-A: “manager”, “creator”, “special user”, and “general user”. User ID “632984253” as “administrator” role, user ID “632993456” as “creator” role, user ID “932979025” “932979033”, “general user” role as “special user” role “Other” indicating the other is designated. The same applies to the target file Sekkei-B.

  FIG. 6 is a diagram for explaining current user policy information stored in the current user policy information storage unit 5. In the example of FIG. 6, the current phase of the target file Sekkei-A is “Limited Release”, and the current user policy has the contents of the user policy information of FIG. 4 transferred as it is. That is, the “Author” role is given the access authority “Read”, the “Administrator” role is given the “Read” “Write” “Delete” authority, and the “Special User” role is assigned. Is granted the “Read” right and not the “General User” role. When the “creator”, “administrator”, and “special user” files are read, the encrypted file is decrypted by using the common key possessed by each user. In addition, it is shown that the file is encrypted by using the common key of the “manager” when the “manager” writes the file. Also, the file is not converted when the “administrator” file “Delete”.

  FIG. 8 is a diagram for explaining the computerized information storage device management information 15. As shown in FIG. 8, with respect to the target file existing in the computerized information storage unit 1, the logical file ID, the logical location specifying information, the physical location information, that is, the current location storage device name and A correspondence table with the current physical file name and information indicating a storage format such as encryption by plain text or common key encryption are stored.

  FIG. 9 is a diagram for explaining the processing of the file policy management unit 6. First, the file policy management unit 6 determines in step 901 whether the designated process is “setting” or “deletion”, and in the case of “setting”, the digitized information designated in step 902 is shown in FIG. The file policy information shown is created and stored in the file policy information storage information section 2. In the case of “delete”, the file policy information regarding the corresponding file stored in the file policy information storage unit 2 is deleted in step 903.

  FIG. 14 is a diagram illustrating processing of the role table management unit 13. The role table management unit 13 determines in step 1401 whether the specified process is “setting” or “deletion”. If “setting”, the role table management unit 13 determines in step 1402 a role (“ (Administrator "," creator "," special user "," general user ", etc.) and a user ID corresponding to the role are created to create role table information for the file and store it in the role table storage unit 11 ( (See Figure 5 for the roll table). In the case of “delete”, the roll table information for the corresponding file in the roll table storage unit 12 is deleted in step 1403.

  FIG. 10 is a diagram for explaining the process of the user policy management unit 7. In step 1001, it is determined whether the designated process is “setting” or “deletion”. In the case of deletion, the user relating to the designated file stored in the file policy information storage unit 2 in step 1004. Delete policy information.

  In the case of setting, in step 1002, the file policy information relating to the specified file in the file policy information storage unit 2 is searched and presented to the user policy setter. The setter determines a user policy for each phase and each user role for the presented policy information, creates user policy information (see FIG. 4) for the specified file in step 1003, and creates a user policy information storage unit 4 accumulates.

  FIG. 13 is a diagram for explaining a user policy presentation (upper half of the screen) and a display and input screen for the user policy (lower half of the screen) set based thereon. For each phase ("Create", "Limited Release", "Storage") of the displayed target file's lifecycle policy, each user role ("Creator", "Administrator", "Special Use") User policy (access authority and conversion processing at the time of access) for each user. Note that the user role may be set by searching the information in the role table (FIG. 5) in the role table storage unit 12 and referring to this information.

  FIG. 11 is a diagram for explaining life cycle management processing by the life cycle management unit 8. In the file policy information storage unit 2, file policy information (see FIG. 2) of the lifecycle management target file is set by the file policy management unit 6 before the lifecycle management unit 7 is executed.

  First, in the life cycle step 1100, it is determined whether the designated process is “start” or “end” of the life cycle management process. If the specified process is “startup”, in step 1101, the status information stored in the file status information storage unit 3 of the target file (lifecycle management target file) (current phase at the time of file creation, current The location designation or file format) is set based on the file policy information (see FIG. 2) of the target file in the file policy information storage unit 2 (see FIG. 3).

  In step 1102, if the target file is not created by activating the computerized information deployment unit 10, initialization is performed. In step 1103, it is determined whether a role table has been created. The roll table information of the target file is set via the management unit 13 (see FIGS. 5 and 14). The setting of the roll table information may be performed by dialogue with the administrator or automatically by using information prepared in advance by the administrator.

  In step 1104, the file policy information of the initial phase (“Create” in FIG. 4) of the target file is retrieved from the file policy information storage unit 2 via the current user policy information setting unit 9 and stored in the current user policy information storage unit 5. Set.

  In step 1105, it is monitored whether or not a life cycle transition condition occurs. When an event occurs, whether or not the transition condition is satisfied in step 1106 is determined based on the file current state information in the file state information storage unit 3. Judgment is made based on the phase transition condition in the file policy information storage unit 2. If the transition condition is not satisfied, the process returns to step 1105. If the transition condition is satisfied, it is determined in step 1107 whether or not the designation of the transition destination is destruction of the file (digitized information). In cases other than (destroy), the status information of the target file in the file status information storage unit 3 is updated in step 1108 according to the file policy information for the transition destination phase. In step 1109, the physical position of the target file in the digitized information storage unit 1 is moved, or format conversion such as encryption or decryption is performed via the digitized information deployment unit 10 according to the file policy information.

  Further, in step 1109, the current access authority policy information setting unit 9 is activated, and the current policy in the current user policy information storage unit 5 is determined by the user policy information corresponding to the phase of the transition destination of the target file in the user policy information storage unit 4. Update user policy information.

  If it is determined in step 1100 that the designation process is “end”, and if it is determined in step 1107 that the designation of the transition destination is destruction (destroy) of the digitized information (file), in step 1111 The file status information of the target file in the file status information storage unit 3 is deleted, and the electronic deployment unit 10 is activated in step 1112 to physically delete the target file. In step 1113, the corresponding roll table information is deleted via the roll table management unit 13. In step 1114, the current user policy information of the target file in the current user policy information storage unit 5 is deleted.

  FIG. 12 is a diagram for explaining the processing of the computerized information access unit 11. The processing of the computerized information access unit 11 is a request for access to the file during the period from when the computerized information is created in the computerized information storage device 1 until it is discarded, that is, during the life cycle of the target file. It is done when there is.

  In step 1201, the user who performs access gives his / her user ID so that the roles in the target file of the user (“creator”, “administrator”, “special user”, "General user" etc.). In step 1202, the user policy of the target file (access authority for each role and conversion processing rules for access) is obtained from the current user policy information storage unit 4. In step 1203, it is determined whether or not the user has access authority for the access type (Read, Write, etc.) to be currently performed. If there is no access authority (rejection), the access requester is notified of the access rejection in step 1204. .

  If there is an access right (permitted), it is determined in step 1205 whether or not the access type is Delete (discard). If it is other than Delete (Read or Write), the computerized information storage device 1 is checked in step 1206. Access. When access conversion is specified for the access authority of the user role in the current user policy information, file data is converted at the time of access.

  For example, if the access type is “Read” and “common key decryption” is specified as the access time conversion, decryption is performed using the common key specified by the user when reading the file data encrypted with the common key. To convert to plain text data. In addition, when the access type is “Read” and the common key decryption using the secret key is specified as the access time conversion, the common key encrypted and stored together with the file data is read, Decrypted with the private key specified by the user. By using the decrypted common key, the encrypted file data is decrypted to be converted into plain text data.

  When the access type is “write” and the access conversion is “common key encryption”, the plaintext data is encrypted with the common key designated by the user, and then the encrypted data is written to the file. When the access type is "write" and the access conversion is "common key encryption with public key", a common key is generated at the time of access and the data to be stored is encrypted with the generated common key The generated common key is also written into the computerized information storage device 1 together with the encrypted data to be encrypted and stored.

  If the access type is “Delete”, the target file itself, the corresponding information in the role table related to the target file, file status information, current user policy information are notified by notifying the lifecycle management unit 7 of Delete in step 1207. Erase etc.

  FIG. 15 is a diagram for explaining processing of the computerized information storage device management unit 14 in the computerized information storage device 1. Details of the “file read process” in steps 1507 and 1512 are shown in FIG. 16, and details of the “file write process” in steps 1509 and 1513 are shown in FIG.

  When the computerized information storage device management unit 14 receives an access request from the computerized information access unit 11 or the computerized information deployment unit 10, it determines the processing type in step 1501.

  If the process type is “creation” of a file (electronic information), in step 1502, a logical location designation (“FC”, “SATA”, etc.) for a new file is made via the storage physical access unit 16. A physical file area is secured in the matching device. Also, in the computerized information storage device management information storage unit 15, as shown in FIG. 8, for the target file, the logical location location designation, the physical location location designation of the secured file (current location device name) And management information including correspondence information between the storage format ("plain text", "encryption by common key encryption", etc.)) is created (step 1503).

  If the processing type is “delete” of the file, in step 1504, the physical location of the file is searched from the management information of the target file in the computerized information storage device management information storage unit 15 and the management information related to the file is deleted. . In step 1505, the target file area in the storage device is deleted via the storage physical access unit 16.

  If the process type is “Read” of the file, the management information in the computerized information storage device management information storage unit 15 is searched in step 1506 to detect the physical location of the target file, and the storage physical access is performed in step 1507. The target file is read out via the unit 16. When an encrypted file is read as will be described later with reference to FIG. 16, after the reading, the encryption / decryption unit 17 performs a decryption process.

  When the processing type is “Write” of the file, the management information in the computerized information storage device management information storage unit 15 is searched in step 1508 to detect the physical location of the target file, and in step 1509 the storage physical access unit 16 The target file is written via. As will be described later with reference to FIG. 17, when encryption is performed at the time of file writing, the encryption / decryption unit 17 performs data encryption processing and then writes the encrypted data to the file.

  If the processing type is “change deployment” of the file, the management information of the target file in the computerized information storage device management information storage unit 15 is searched in step 1510 and the new deployment destination logical in step 1511 is retrieved. A new physical file area is secured in the storage device from the location designation. Thereafter, in step 1512, the conventional physical file retrieved in step 1510 via the storage physical access unit 16 is read, and in the case of an encrypted file, the data is decrypted by the encryption / decryption unit 17.

  Details of step 1512 will be described later with reference to FIG. In step 1513, the data read in the previous step is written to the newly secured physical file area via the storage physical access unit 16. As will be described later with reference to FIG. 17, when encryption is necessary at the time of writing, encryption is performed by the encryption / decryption unit 17. In step 1514, the physical location specification (current location specification and current physical file name) and storage format information in the computerized information storage device management information storage unit 15 of the target file are updated. In step 1515, the original physical file is deleted via the storage physical access unit 16.

  FIG. 16 is a diagram for explaining the details of the file reading process shown in steps 1507 and 1512 of FIG. In step 1601, the physical file at the designated location is read via the storage physical access unit 16. In step 1602, the storage format of the target file is determined. If the target file is plain text data, the file reading process is terminated as it is. If the storage format of the target file is an encryption format using a common key, in step 1603, the encryption / decryption unit 17 decrypts the file with the common key designated by the user. If the storage format of the target file is that the common key is encrypted with the public key, the common key encrypted together with the data by the encryption / decryption unit 17 in step 1604 is decrypted with the user's private key, and step 1605 is performed. Then, the encryption / decryption unit 17 decrypts the data using the decrypted common key.

  FIG. 7 is a diagram for explaining the details of the file writing process in steps 1509 and 1514 shown in FIG. In step 1701, the storage format of the data to be written to the target file is determined. In the case of plain text data, in step 1702, the data requested to be written is directly written to the physical file via the storage physical access unit 16.

  If an encryption format using a common key is designated as the data storage format, the encryption / decryption unit 17 encrypts the data to be written using the common key designated by the user in step 1703, and then in step 1702. The encrypted data is written into the physical file via the storage physical access unit 16.

  If it is specified that the common key to be used as the data storage format is encrypted with the public key, the encryption / decryption unit 17 generates the common key in step 1504 and writes it with the generated common key. In step 1505, the common data is encrypted with the public key designated by the user. In step 1702, the data encrypted via the storage physical access unit 16 is written into the physical file together with the encrypted public key.

  In this embodiment, a transition condition between phases is specified as file policy information in the file policy information storage unit 2, and the lifecycle management unit 8 monitors whether or not this transition condition is satisfied. An example in which lifecycle change processing such as deployment change and security change such as encryption is started automatically has been explained. However, the transition between phases can be performed by other means, for example, an instruction from the administrator without having the transition condition between phases as a policy condition.

  In the present embodiment, the file deployment is changed using information (deployment information) specifying the location of the file as the file policy information in the file policy information storage unit 2. However, deployment information is not included in the file policy information, so file deployment is not automatically changed, and only security requirements such as encryption can be changed.

  Further, in the present embodiment, file policy information specifying the life cycle phase transition condition of electronic information and file encryption, and user policy information specifying the encryption / decryption authority for each user are included. Although the case of managing separately has been described, the present invention can also be implemented by integrating both pieces of information as policy information. In addition, when selecting the user policy information corresponding to the phase that was transitioned at the time of phase transition, instead of copying the current user policy information corresponding to the transitioned phase by referring to the original user policy information and creating it separately, the user Each time the computer accesses the digitized information, the user information corresponding to the transitioned phase can be selected based on the phase state information holding the current current phase, and conversion such as encryption or access permission can be determined. it can.

  Further, even if the target computerized information is not a general file but a database managed by a database system, it can be similarly applied.

  FIG. 17 is a diagram illustrating a life cycle management system according to the second embodiment of the present invention. In this example, the current user policy can be notified to the user of the computerized information at the transition of the life cycle. This system is almost the same as the system shown in FIG. 1, but the life cycle management unit 8 is changed, and a user notification unit 21 and a mail address table storage unit 22 are added to the changed life cycle management unit 8b. .

  The life cycle management unit 8b is substantially the same as the life cycle management unit 8 shown in FIG. 1, but the access authority to the file is given to the user who has access authority to the target file in the new life cycle phase at the time of phase transition. Alternatively, key information used for decrypting a file encrypted by phase transition is notified via the user notification means 21.

  FIG. 19 is a diagram illustrating the process of the life cycle management unit 8b. FIG. 19 is almost the same as the process shown in FIG. 11, but the process of step 1115, that is, the process of user notification by the computerized information deployment unit 10 is added. This process is executed by calling the user notification unit 21.

  The user notification unit 21 obtains a user role having access authority to the target file in the transition destination phase based on the current user policy information (see FIG. 6). Further, the user ID corresponding to the role is obtained from the roll table (see FIG. 5) in the roll table storage unit 12. Furthermore, the mail address of the user who has access authority is obtained from the mail address table that is a correspondence table between the user ID and the mail address of the target system, and the access authority in the new phase of the target file and the key information necessary for access (common key) Alternatively, the secret key is sent to the user by mail (step 1115).

  FIG. 18 is a diagram for explaining the mail address table stored in the mail address table storage unit 22. For example, in the file policy information shown in FIG. 2, when the new current phase of the file Sekke-A1 transitions from “creation” to “private release”, the current policy information based on the user policy information shown in FIG. It is set as shown in

  At this time, the roll table is set as shown in FIG. If the mail address table is set as shown in FIG. 18, the user ID of the user having the role of “creator” is 932993456, and the mail address is sanada@ilm.co.jp from the mail address table. It is determined that the access authority is “Read” to the mail address, the common key decryption is performed at the time of access, and the mail including the common key used for the decryption is transmitted.

  In the example shown in FIG. 6, an email including access authority and key information used for encryption and decryption is also sent to users having the roles of “administrator” and “special user”.

  By such a method, it is possible to easily give the security authority to the user at the time of phase transition.

  FIG. 20 is a diagram for explaining a life cycle management system according to the third embodiment of the present invention. In this example, the access authority is not checked when the computerized information is accessed. Limiting the access authority by user type is performed by encrypting the target electronic information and distributing the key only to users with access authority.

  The system shown in FIG. 20 is similar to the system shown in FIG. However, the current user policy information storage unit 5 and the current user policy information setting unit 9 are deleted, the life cycle management unit 8b is changed, and the computerized information access unit 11 is changed.

  FIG. 21 is a diagram for explaining processing of the changed life cycle management unit 8c. Compared with the process shown in FIG. 19, the current user policy initial setting at step 1104, the current user policy information replacement at step 1110, and the deletion of the current user policy information at step 1114 are deleted in this process.

  That is, in this example, since the current user policy information storage unit 5 does not exist, the current policy information is not initially set, replaced, or deleted. However, in this case, in step 1115, the user policy information of the transition destination phase is obtained as the current user policy information based on the user policy information stored in the user policy information storage unit 4. Next, as in step 1115 shown in FIG. 19, the user ID of the target user is obtained from the roll table storage unit 12 (see FIG. 5). Next, an e-mail address is obtained from the e-mail address table 22 (see FIG. 18), and the contents of the user policy information (access authority, etc.) or the encryption / decryption key information to be used are transmitted to a user with access authority.

  The computerized information access unit 11b accepts access to the computerized information by the user as in the computerized information access unit 11 shown in the first and second embodiments. An access request is made to the computerized information storage device 1 without referring to the current user policy information. In the case of reading and writing an encrypted file, access by an unauthorized user is prevented because key information used for encryption / decryption is not passed to an unauthorized user. Note that unauthorized access to a plaintext file cannot be prevented only by the mechanism of this embodiment, but unauthorized access can be prevented by using an access authority checking mechanism such as an OS together. As described above, according to the present embodiment, it is possible to automate the security authority of each user at the time of the phase shift of the encrypted file by a relatively simple mechanism.

  As described above, according to the present embodiment, security policy information related to encryption or decryption is set in advance for each life cycle phase and for each user in computerized information such as a file, It is possible to automatically realize a security policy request for each file such as file encryption or decryption at the time of transition between phases. In addition, it is possible to realize a function that satisfies security requirements regarding different encryption or decryption according to the user. For this reason, it becomes easy to implement security measures such as encryption associated with the transition of the life cycle of computerized information, in particular encryption specifying a user, or provision of a decryption key without error.

It is a figure explaining the life cycle management system concerning a 1st embodiment of the present invention. It is a figure explaining the file policy information accumulate | stored in the file policy information storage part 2. FIG. It is a figure explaining the file status information stored in the file status information storage unit 3. It is a figure explaining the user policy information accumulate | stored in the user policy information storage part 4. FIG. It is a figure explaining the roll table accumulate | stored in the roll table storage part. It is a figure explaining the current user policy information stored in the current user policy information storage unit 5. FIG. 16 is a diagram for explaining details of file writing processing in steps 1509 and 1514 shown in FIG. 15. It is a figure explaining the computerized information storage apparatus management information 15. FIG. It is a figure explaining the process of the file policy management part. It is a figure explaining the process of the user policy management part. It is a figure explaining the life cycle management process by the life cycle management part. It is a figure explaining the process of the electronic information access part. It is a figure explaining presentation of a user policy (upper half of a screen), a display and input screen of a user policy (lower half of a screen) set based thereon. It is a figure explaining the process of the process of the roll table management part. It is a figure explaining the process of the electronic information storage apparatus management part 14 in the electronic information storage apparatus 1. FIG. It is a figure explaining the detail of the file read-out process shown to step 1507, 1512 of FIG. It is a figure explaining the life cycle management system which concerns on the 2nd Embodiment of this invention. It is a figure explaining the mail address table stored in the mail address table storage part 22. FIG. It is a figure explaining the process of the life cycle management part 8b. It is a figure explaining the life cycle management system which concerns on the 3rd Embodiment of this invention. It is a figure explaining the process of the life cycle management part 8c.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Electronic information (file) storage part 2 File policy information storage part 3 File status information storage part 4 User policy information storage part 5 Current user policy information storage part 6 File policy management part 7 User policy management part 8 Life cycle management part 9 Current user policy information setting unit 10 Electronic information (file) deployment unit 11 Electronic information (file) access unit 12 Role table storage unit 13 Role table management unit 14 Electronic information storage device management unit 15 Electronic information storage device management information Storage unit 16 Storage physical access unit 17 Encryption / decryption unit 18 High-speed storage device group (FC)
19 Medium-speed storage devices (SATA)
20 Low-speed storage device group (TAPE)

Claims (8)

A file policy information storage unit that stores file policy information that is information specifying whether to perform at least encryption processing in each life cycle phase for each electronic information;
A user policy information storage unit that stores user policy information that defines the access authority for each phase of the computerized information and for each user role;
A life cycle management unit that holds current phase information of the life cycle of the computerized information;
An electronic information access unit for permitting or denying access to an electronic information storage device storing the electronic information encrypted based on the policy information, current phase information, and user role identification information. Life cycle management system. In the life cycle management system according to claim 1,
A role table storage unit storing user roles and identification information of users belonging to the user roles;
The life cycle management system characterized in that identification of a user role in the electronic information access unit is performed using information in the role table storage unit based on user identification information. In the life cycle management system according to claim 1,
A current user policy information storage unit for storing user policy information used in the current phase of computerized information is provided.
The life cycle management unit selects and sets user policy information corresponding to a current phase of the digitized information from the user policy information storage unit,
2. The life cycle management system according to claim 1, wherein the computerized information access unit permits or denies access to the computerized information storage device according to current user policy information in the current user policy information storage unit. In the life cycle management system according to claim 1,
The electronic information storage device includes an encryption / decryption unit that encrypts or decrypts electronic information to be stored. In the life cycle management system according to claim 1,
Storing information indicating file deployment in each life cycle phase in the file policy information;
The lifecycle management system, wherein the lifecycle management unit updates the deployment of digitized information stored in the digitized information storage device based on file deployment information in the file policy information. In the life cycle management system according to claim 1,
Stores information indicating life cycle phase transition conditions in the file policy information storage unit,
The life cycle management system updates the deployment of digitized information stored in the file policy information storage unit. In the life cycle management system according to claim 1,
The life cycle management unit includes a user notification unit for notifying a user having access authority of access authority information, or in addition to this, key information for decrypting or encrypting encrypted and stored electronic information. Life cycle management system characterized by that. In the life cycle management system according to claim 7,
A life cycle management system for extracting a user having the access authority based on user policy information stored in the user policy storage unit.

Images