JP2007148497A - Information processing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To surely prevent leakage/alteration of information in a portable storage device and unauthorized use thereof, and also surely prevent unauthorized network connecting due to spoofing by a third party. <P>SOLUTION: When connecting a portable storage device 20 to an information processor terminal 10, and executing processing by means of the terminal 10 by use of information in the storage device 20, an authentication server 30 performs triple authentication that are personal authentication, device authentication and software authentication for the storage device 20, and when legitimacy of the storage device 20 and a user are authenticated, the processing state of the processor of the terminal 10 is switched from an internal processing state to an external processing state to perform processing while using a various kinds of software and data on the storage device 20. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  When a portable storage device (for example, a USB (Universal Serial Bus) memory, a removable hard disk, etc.) for storing various software and data is connected to a connection port in an information processing terminal such as a personal computer, the portable storage device is provided. The present invention relates to an information processing system configured to activate and execute software in an apparatus by a processing unit of an information processing terminal.

  Various tools (application programs, software) used on a personal computer (hereinafter referred to as PC) such as e-mail, schedule management tool, and various games are indispensable in business and private. In addition, with the widespread use of mobile phones, it has become common to easily exchange e-mail anywhere, anytime, and to use schedule management tools and various games. The same convenience applies to various tools used on PCs. Sex is required.

  However, since various tools used on a PC include data unique to each PC user or specific settings are made for each PC user, the PC of another person can be used on the go. If you want to use various tools in the same situation (environment) as you are using your own PC, if the tool you want to use is installed on another person's PC, start the tool and use the user-specific data It takes a lot of time because it is necessary to input a user name or make a user-specific setting, and after use, it is necessary to delete the input data or cancel the setting. In addition, if a tool to be used on another person's PC is not installed, it may take the same trouble as described above after installing the tool, and in some cases, it may take time to uninstall the tool.

  For example, if you need to check email using another person's computer while away from home, set up an account on the remote computer, execute email transmission / reception, check the sent / received email, and then leave it on the computer outside It is very time-consuming to delete such that it does not exist.

  In order to save the trouble and trouble described above, it is conceivable that a user carries his / her notebook PC that he / she normally uses, but it is a burden for the user to always carry a heavy notebook PC. In addition, there are inconveniences such as restrictions on the number of characters in e-mails of mobile phones and difficulty in typing characters, so that they are not sufficiently compatible with business. Further, when using a schedule management tool or playing various games on a mobile phone, not only is the screen small and difficult to see, but the operability for data input is poor and difficult to use.

Thus, for example, Patent Document 1 below discloses a USB device that operates when a built-in program is activated when inserted into a USB port. Specifically, when this USB device is connected to the USB port of the PC main body, it activates an automatic startup program to operate the email program according to the settings in the setting file stored in the device, The attached file is stored in the device. By using such a USB device, a mailer dedicated to the user can be easily used on another person's PC on the go, and the contents of the transmitted / received mail are stored in the device, so that security can be improved.
JP 2003-178017 A

  By the way, in recent years, devices (portable storage devices) such as portable hard disk recorders and USB memories having a large-capacity storage function have become widespread, and each user can use the device for personal use. It is conceivable to carry various customized tools (application programs, software) and original data. The user can carry the original data and the program and usage environment that he / she normally uses without carrying a heavy notebook PC by carrying the device as described above. It is possible to realize an environment that is normally used by a user, and to realize various processes using original data.

  However, various tools customized for personal use and devices storing original data are small and easy to carry, so they can be lost by carelessness of the user, or they can be stolen by malicious third parties. The possibility is also high. In the unlikely event that the device is lost or stolen, the information (software and data) in the device may be leaked or tampered with. It is desired to ensure the security performance of information in the device.

  The present invention has been devised in view of such problems, and ensures the security performance of the portable storage device even if the portable storage device is lost or the portable storage device is stolen. Security performance is ensured by preventing leakage / falsification of information in the portable storage device and unauthorized use of the portable storage device, as well as preventing unauthorized network connection by impersonation of a third party. The goal is to make further improvements.

In order to achieve the above object, an information processing system according to the present invention (claim 1) at least outputs a processing unit for executing various processes, an input unit for inputting information to the processing unit, and a processing result by the processing unit. An information processing terminal having an output unit for connecting to the processing unit, and a connection port into which a connector on the external device side is inserted to connect the external device to the processing unit, and storing various software and data, and the connection port A portable storage device that can be connected as the external device, and an authentication server that is connected to the information processing terminal and that authenticates the portable storage device connected to the connection port of the information processing terminal, The information processing terminal recognizes that the portable storage device is connected to the connection port, and the portable storage device is connected to the connection port by the recognition unit. The authentication request means for requesting the authentication server to authenticate the portable storage device, and the result of the authentication executed by the authentication server in response to the request by the authentication request means. When the validity of the user of the storage device and the portable storage device is authenticated, the processing state by the processing unit is processed using software and data stored on the information processing terminal side. Switching means for switching to an external processing state for performing processing while using the various software and data stored in the portable storage device on the portable storage device, and the authentication server includes: When an authentication request for the portable storage device is received from the information processing terminal, it is input from the input unit of the information processing terminal by a user of the portable storage device. A personal authentication means for determining whether or not the user is a valid user based on personal authentication information and performing personal authentication of the user, and an authentication request for the portable storage device from the information processing terminal The portable storage device determines whether or not the portable storage device is a management target device of the authentication server based on device identification information automatically read from the portable storage device. When an authentication request for the portable storage device is received from the information processing terminal and the device authentication means for performing authentication, software stored in the portable storage device (hereinafter referred to as software at login) and the portable Contrast with software stored when the type storage device was last connected to the information processing terminal (hereinafter referred to as log-off software), whether these software match Software authentication means for performing software authentication, and authenticating that the user is a valid user by the personal authentication means, and the portable authentication device is detected by the apparatus authentication means. If it is authenticated that the device is a management target device of the authentication server, and the software authentication means determines that the log-in software and the log-off software match, the portable storage device and It is characterized by comprising notification means for judging that the validity of the user of the portable storage device has been authenticated and notifying the information processing terminal as a result of the authentication. Yes.

In the information processing system described above, when the authentication server authenticates the portable storage device and the user of the portable storage device, the processing state of the processing unit of the information processing terminal is the external process. It may be configured to further comprise recording means for determining that the portable storage device has been opened by switching to a state and recording the fact as a history (claim 2).
In the information processing terminal, when the external processing state using the portable storage device is terminated, the switching unit may switch the processing state by the processing unit from the external processing state to the internal processing state. (Claim 3).

  Further, in the authentication server, if the user is not authenticated by the personal authentication unit, or if the portable storage device is managed by the authentication server by the device authentication unit If the software authentication means determines that the software at login and the software at logoff do not match, the notification means That the authentication of the user of the device or the portable storage device has failed, the information processing terminal is notified as a result of the authentication, and the authentication server is notified of the authentication failure. In the information processing terminal, switching from the internal processing state to the external processing state by the switching unit is prohibited and the portable unit is connected through the output unit. You may notify the authentication failure to the user of 憶 apparatus (claim 4).

  On the other hand, the portable storage device further includes an access management server connected to the information processing terminal and managing access to encrypted information in the portable storage device connected to the connection port of the information processing terminal. Of the various software and data, software and data other than predetermined software are stored as encrypted information encrypted using an encryption key managed by the access management server, When the processing unit of the information processing terminal recognizes that the portable storage device is connected to the connection port by the recognition means, the predetermined software in the portable storage device is executed to execute the encryption. Authentication information about the encrypted information, which is input from the input unit of the information processing terminal by the user of the encrypted information, is transmitted. Using the decryption key requesting means for requesting the decryption key corresponding to the encrypted information from the access management server, and using the decryption key received from the access management server in response to the request from the decryption key requesting means The access management server is configured to perform a function as a decryption unit for decrypting the encrypted information, and when the access management server receives authentication information about the encrypted information from the information processing terminal, the authentication information is based on the authentication information. Determining means for determining whether or not a user of the encrypted information is a valid user; and when the determining means determines that the user of the encrypted information is a valid user, the encryption The information processing terminal may be configured to include a decryption key transmitting means for transmitting a decryption key for decrypting information to the information processing terminal (claim 5). At this time, the authentication server may have a function as the access management server (claim 6).

Further, a personal information management server connected to the information processing terminal and managing personal information files in the portable storage device is further provided, and the personal information management server is provided with the various software in the portable storage device. Investigation means for investigating whether or not an information search program is included; and as a result of the investigation by the investigation means, if the personal information program is not included, the personal information search is made to the portable storage device through the information processing terminal The portable storage device is configured to include installation means for installing a program, and the processing unit of the information processing terminal executes the personal information search program installed in the portable storage device. Personal information search means for searching and specifying a personal information file from data in Which may be configured to serve as a notification means for notifying the search result by the information search means to the user or the individual personal information management server (claim 7). At this time, the authentication server may have a function as the personal information management server (claim 8).

  Here, the personal information searching means is preset for each file included in the data in the portable storage device as a character or character string characteristically appearing in the personal information and the character or character string included in the file. The feature character or the feature character string is compared, the counting means for counting the number of times the feature character or the feature character string appears in the file, and the file is a personal information file based on the counting result by the counting means. And determining means for determining whether or not (Claim 9).

  Further, the personal information search means determines whether or not the determination target file is a personal information file having a predetermined number or more of personal information elements that can identify a specific individual. Extraction means for extracting text data contained in the file, cutout means for cutting out character sections delimited by delimiters from the text data extracted by the extraction means, and in the character sections cut out by the cutout means By determining whether or not the character string satisfies any one of a preset telephone number determination condition, an e-mail address determination condition, and an address determination condition, a telephone number that is a personal information element other than the name, First determination means for determining whether or not one of the e-mail address and the address is applicable, and the first determination means A character determination means for determining whether the number of characters in a character section determined not to correspond to any of a number, an e-mail address, and an address is within a predetermined range, and whether or not the character in the character section is a Chinese character; A character section that is determined by the character determining means to be within the predetermined range and to be a kanji character is a character or character string included in the character section and a kanji or kanji character string that is not set in advance in the name. Collating means for collating appropriate characters or inappropriate character strings to determine whether the character section includes the inappropriate characters or inappropriate character strings, and telephone numbers, electronic characters by the first determining means The number of character sections determined to correspond to either one of an e-mail address or an address and the above-mentioned inappropriate character or invalid character by the matching means. And a second determination unit that counts the number of character sections determined not to include a cut character string and determines whether the determination target file is a personal information file based on the count result. (Claim 10).

  At this time, in the first determination means, it is determined whether or not the character string in the character section cut out by the cut-out means corresponds to a telephone number, and if it does not correspond to a telephone number, it corresponds to an e-mail address. When it is determined not to be an e-mail address, it is determined whether it corresponds to an address, and when it is determined that it corresponds to any one of a telephone number, an e-mail address, and an address, The determination process for the character string may be terminated (claim 11).

  Further, the second determination means regards the character string in the character section determined not to include the inappropriate character or the inappropriate character string by the matching means as a personal information element corresponding to the name, and It may be determined whether or not the file is a personal information file (claim 12).

Further, the second determination means and the number of character sections determined by the first determination means as corresponding to any one of a telephone number, an e-mail address, and an address based on the counting result and the collation A determination value that increases as the number of character sections determined not to include the inappropriate character or inappropriate character string by the means increases, and the determination is made when the calculated determination value exceeds a predetermined threshold It may be determined that the target file is a personal information file (claim 13).

  According to the information processing system of the present invention described above, when the recognition unit recognizes that the portable storage device is connected to the connection port of the information processing terminal, the authentication of the portable storage device is authenticated to the authentication server. Required by request means. In the authentication server, the personal authentication unit authenticates that the user is a valid registrant, and the device authentication unit authenticates that the portable storage device is a management target device of the authentication server, and If it is determined by the software authentication means that the login software and the logoff software match, it is determined that the validity of the portable storage device and its user has been authenticated, and this is authenticated. As a result, the authentication server notifies the information processing terminal to the information processing terminal.

  When the validity of the portable storage device and the user is authenticated as a result of the authentication executed by the authentication server in response to the request by the authentication request unit, the processing state by the processing unit of the information processing terminal is changed to the switching unit. Thus, the internal processing state can be switched to an external processing state in which processing is performed while using various software and data on the portable storage device.

  As a result, the user stores various kinds of software and original data customized for each user in the portable storage device, and the connector of the portable storage device is connected to the information processing terminal on the go. It is possible to use the original data and the normally used program and usage environment at the information processing terminal on the go without having to carry a heavy notebook PC or the like.

  At that time, as described above, the authentication server performs the triple authentication of personal authentication, device authentication, and software authentication, so that the portable storage device may be lost or the portable storage device may be stolen. However, the security performance of the portable storage device is ensured, and leakage of information in the portable storage device and unauthorized use of the portable storage device can be surely prevented.

  In addition, software installed in the portable storage device (login software) and software installed when the portable storage device was last connected to the information processing terminal (authentication server) (logoff software) If the software is completely matched, the processing unit of the information processing terminal performs the portable storage device when the software is completely matched. Can be switched to an external processing state using software and data.

  Therefore, in the unlikely event that information necessary for personal authentication or device authentication (user ID, password, device identification information of a portable storage device, etc.) is stolen, a portable memory that is different from the original portable storage device by a third party About the software held in the impersonation device and the portable storage device corresponding to stolen information, even if trying to make an unauthorized network connection by impersonation by software in the portable storage device using the device Since it is almost impossible to completely match the software at the time of logoff, the software authentication described above makes it possible to reliably refuse the connection of the impersonation device to the network, and greatly improve the security performance. Can do.

In the authentication server of the information processing system described above, when the validity of the portable storage device and the user is authenticated, the processing state by the processing unit of the information processing terminal is switched to the external processing state depending on the authentication result. Since the fact that the storage device is opened is recorded as a history by the recording means, the portable storage device is opened, and the information in the portable storage device has been processed by the processing unit of the information processing terminal. It becomes possible to record and manage, and when unauthorized use of a portable storage device is detected, based on the recorded history, the portable storage device that has been illegally used, its usage time, It becomes possible to specify the information processing terminal used for use.

  In the portable storage device, software and data other than predetermined software among various software and data are placed under the management of the access management server and stored as encryption information. If the user of the encrypted information is authenticated by the access management server as a valid user, the encrypted information is decrypted by the processing unit of the information processing terminal using the decryption key received from the access management server. Will be executed and processing (including software authentication) using the contents (software and data) of the encrypted information will be executed, but those other than authorized users will decrypt the encrypted information It is impossible to perform processing using the contents.

  That is, in the portable storage device, software and data other than predetermined software (a program that causes the processing unit to function as a decryption key requesting unit and a decrypting unit) out of various types of software and data are all encrypted. Since the encryption information is configured so that only authorized users can decrypt it, in the unlikely event that the portable storage device is lost or the portable storage device is stolen, Security performance of the portable storage device is ensured, information leakage / falsification in the portable storage device and unauthorized use of the portable storage device can be surely prevented, and access by authorized users is possible Therefore, the convenience for a legitimate user is not impaired.

  Further, when the portable storage device is connected to the information processing terminal, it is investigated whether or not the personal information search program is installed in the portable storage device. If the personal information search program is not installed, the personal information search program is Installed automatically (forced). Then, the personal information search program installed in the portable storage device is executed by the processing unit of the information processing terminal, whereby the personal information file is searched and specified from the data in the portable storage device, and the search result is It is notified to the user or personal information management server. As a result, when a personal information file is stored in the portable storage device, the user or personal information management server is notified to that effect, and the user is alerted or the personal information file is sent to the personal information management server. It is possible to ensure that personal information is securely protected by preventing inadvertent leakage or leakage of personal information and unauthorized use of personal information.

  At that time, for each file in the portable storage device, it is determined whether or not the file is a personal information file based on the number of appearances of characteristic characters and characteristic character strings, and the personal information file is automatically searched and specified. Therefore, it is possible to surely search and identify a personal information file (a file that is highly likely to be a personal information file) in the portable storage device.

  Further, in the information processing system of the present invention, according to the personal information search function realized by executing the personal information search program on a computer, any personal information element other than the name (phone number, e-mail address, address) Character sections that do not correspond to (1) and contain inappropriate characters or inappropriate character strings are considered not to be related to personal information, but do not correspond to personal information elements other than names and are inappropriate characters or inappropriate characters Character sections that do not contain columns are considered to be related to personal information, particularly name.

Therefore, for character sections determined to correspond to personal information elements other than names (one of phone numbers, e-mail addresses, and addresses), the determination process is terminated when the determination is made and Only character sections that are determined not to be personal information elements are checked against inappropriate characters or inappropriate character strings, and it is determined that even one inappropriate character or inappropriate character string is included in the character section. The collation process can be terminated at the point in time, so that the name collation process can be performed at high speed compared to the method of collating with all the name strings included in the name list, that is, the personal information file search process Can be performed at high speed. In addition, since all character sections that do not contain inappropriate characters or inappropriate character strings are considered to correspond to names, there is a possibility that files that do not contain inappropriate characters or inappropriate character strings for names, that is, include name information. Therefore, it is possible to surely search for a file having a high possibility of being a personal information file.

  In addition, by further providing the character determination means, the character section does not correspond to a personal information element other than a name and does not include an inappropriate character or an inappropriate character string, and the number of characters in the character section is within a predetermined range. Can be regarded as information about the name, and the name collation accuracy can be improved, and the name collation process can be performed at high speed. Can do. At this time, by setting the predetermined range to a general (appropriate) number range for the number of characters of the name, for example, 1 to 6, the name collation accuracy can be further improved, and the name collation process Can be performed at a higher speed. In addition, since it is possible to exclude long character sections exceeding the predetermined range from the object to be collated by the collating means, it contributes to further speeding up the name collating process, that is, further speeding up the personal information file search process. Become.

  Then, the personal information management server manages the determination target file and the personal information file according to the determination value calculated for each determination target file by executing the above-described personal information search program. For each personal information file, it is possible to select and execute a management method according to the judgment value level (high possibility of being a personal information file / the number of personal information elements).

Embodiments of the present invention will be described below with reference to the drawings.
[1] Configuration of this Embodiment [1-1] Configuration of Information Processing System FIG. 1 is a block diagram showing the configuration of an information processing system as one embodiment of the present invention. As shown in FIG. The information processing system 1 according to the embodiment includes an information processing terminal 10, a portable storage device 20, a server 30, and a network 41.

Here, the information processing terminal 10 is a personal computer (PC), for example, and has a functional configuration as described later with reference to FIG.
The portable storage device 20 is a device such as a portable hard disk recorder or a USB memory, and stores and holds various tools (application programs, software) customized for each user and original data for each user. It is. As will be described later with reference to FIG. 2, this portable storage device 20 has a connector 21 (see FIG. 2) on the portable storage device 20 side inserted into the connection port 14 (see FIG. 2) of the information processing terminal 10. Thus, the information processing terminal 10 is connected as an external device.

The server 30 is connected to the information processing terminal 10 through the network 40 so that they can communicate with each other. In this embodiment, as will be described later with reference to FIG. An authentication server for authenticating the portable storage device 20 connected to the connection port 14 of the terminal 1, and (2) access to encrypted information in the portable storage device 20 connected to the connection port 14 of the information processing terminal 1. The access management server performs management, and (3) functions as a personal information management server that manages personal information files in the portable storage device 20.
As described above, the network 40 connects the plurality of information processing terminals 10 and the server 30 so that they can communicate with each other, and includes, for example, the Internet and an in-house LAN (Local Area Network).

[1-2] Functional Configuration of Information Processing Terminal and Portable Storage Device FIG. 2 is a block diagram showing the functional configuration of the information processing terminal 10 and the portable storage device 20 in the information processing system 1 of this embodiment. As shown in FIG. 1, the information processing terminal (PC) 10 of the present embodiment includes a processing unit 11, an input unit 12, an output unit 13, a connection port 14, a storage unit 15, and transmission / reception that are usually provided in a general PC. The unit 16 is configured.

The processing unit (CPU: Central Processing Unit) 11 executes various processes by executing a program (software) in the storage unit 15 or the portable storage device 20 described later. When the processing unit 11 executes a program in the portable storage device 20, an OS (Operating System) installed on the information processing terminal 10 (storage unit 15) side may be used, or a portable type may be used. You may use what was installed in the memory | storage device 20 side. When an OS installed on the portable storage device 20 is used, the OS is not included in encryption information described later, but is included in the portable storage device 20 as predetermined software that is not encrypted.

  The processing unit 11 functions as a recognition unit 111, an authentication request unit 112, and a switching unit 113 by executing a program stored in the storage unit 15 in advance to correspond to the authentication server function of the server 30. Functions as decryption key request means 114 and decryption means 115 by executing a program (predetermined software that is not encrypted) stored in portable storage device 20 in order to correspond to 30 access management server functions And a program stored in the portable storage device 20 to correspond to the personal information management server function of the server 30 (a program obtained by decrypting encrypted information or a program installed from the server 30 as will be described later). By executing personal information search means 116 / 116A and notification means 1 It is adapted to serve as a 7.

The input unit 12 inputs information to the processing unit 11 and includes a keyboard, a mouse, and the like operated by a user of the information processing terminal 10 or the portable storage device 20.
The output unit 13 outputs the processing result of the processing unit 11 and is configured by a display such as a CRT (Cathode Ray Tube) or LCD (Liquid Crystal Display) for displaying various information.

The connection port 14 is inserted with a connector on the external device side to connect the external device to the processing unit 11 and is, for example, a USB (Universal Serial Bus) port or a PCMCIA (Personal Computer Memory Card International Association) port. In the present embodiment, as described above, when the portable storage device 20 is connected to the information processing terminal 10 (processing unit 11), the connector 21 of the portable storage device 20 is inserted into the connection port 14. It has become.

The storage unit 15 is, for example, a hard disk (HD), and holds and stores various software and data used in processing by the processing unit 11 when the processing state of the processing unit 11 is an internal processing state described later. .
The transmission / reception unit 16 is connected to the processing unit 11 and the network 40 so that the information processing terminal 10 transmits / receives data to / from the server 30 and other information processing terminals 10 via the network 40.
It functions as an interface between.

  As described above, the portable storage device 20 stores and holds various tools (application programs, software) customized for each user and original data for each user, and is a connector on the portable storage device 20 side. By inserting 21 into the connection port 14 of the information processing terminal 10, it is connected to the processing unit 11 of the information processing terminal 10. In the portable storage device 20, software and data other than predetermined software (programs or OSs that cause the processing unit 11 to function as the decryption key request unit 114 and the decryption unit 115) out of various types of software and data. , And stored as encrypted information encrypted using an encryption key managed by the server 30 (access management server function).

  The encrypted information stored in the portable storage device 20 includes a program customized for each user and original data, and a program that causes the processing unit 11 to function as the personal information search means 116 / 116A and the notification means 117. It is included. Further, the portable storage device 20 has a logical RAID (Redundant Array of Inexpensive Disk) configuration, and ensures data redundancy and reliability. Furthermore, the application program in the portable storage device 20 operates only in the portable storage device 20 and cannot access a disk or the like (storage unit 15 or the like) on the information processing terminal 10 side.

  The recognizing unit 111 recognizes that the portable storage device 20 is connected to the connection port 14. When the recognizing unit 111 recognizes that the portable storage device 20 is connected to the connection port 14, The processing unit 11 of the present embodiment first executes predetermined software (see FIG. 2) that is not encrypted in the portable storage device 20, and functions as the decryption key request unit 114 and the decryption unit 115. .

  The decryption key requesting unit 114 prompts the user of the encrypted information (that is, the portable storage device 20) to input authentication information (user ID and password) about the encrypted information through the output unit (display) 13 and Accordingly, the authentication information about the encrypted information input from the input unit 12 by the user is transmitted, and the decryption key according to the encrypted information is transmitted to the server 30 (access management server function). The request is made through the network 40.

The decryption unit 115 decrypts the encrypted information into the original software and data using the decryption key received by the transmission / reception unit 16 from the server 30 (access management server function) in response to the request from the decryption key request unit 114. To do.
When the authentication request unit 112 recognizes that the portable storage device 20 is connected to the connection port 14 by the recognition unit 111, and the decryption unit 115 decrypts the encryption information of the portable storage device 20, The server 30 (authentication server function) is requested to authenticate the portable storage device 20.

At that time, the authentication requesting unit 112 prompts the user of the portable storage device 20 to input authentication information (user ID and password) about the portable storage device 20 through the output unit (display) 13 and sends the authentication information. Input from the input unit 12, and further read out device identification information (disk ID) from the portable storage device 20, and information related to software (software at login) held in the portable storage device 20, specifically Reads out the information (product name, product number, etc.) for identifying each software and the version information of each software from the portable storage device 20, the identification information input from the input unit 12, and the portable storage device 20. The read-out device identification information and information about the software are transmitted together with the authentication request together with the transmitting / receiving unit 16 and the network. Through click 40, and transmits to the server 30. As the personal authentication information, for example, an ID number and a password may be input from the keyboard of the information processing terminal 10, or biological information such as a fingerprint, a palm print, an iris, and a vein pattern is used instead of the password. You may make it input from ten sensors.

  When the authentication of the portable storage device 20 and its user is authenticated as a result of the authentication executed by the server 30 (authentication server function) in response to the request by the authentication requesting unit 112, the switching unit 113 is the processing unit 11 From the internal processing state in which the processing state is processed using software and data stored on the information processing terminal 10 side (storage unit 15), various software and data stored in the portable storage device 20 are stored. It is switched to an external processing state in which processing is performed while being used on the portable storage device 20.

When switching to the external processing state in this way, the processing unit 11 displays on the output unit (display) 13 a menu screen of an application program that can be used by software stored in the portable storage device 20. .
Further, in the information processing terminal 10, when the external processing state using the portable storage device 20 is ended, the switching unit 113 switches the processing state by the processing unit 11 from the external processing state to the internal processing state.

  Further, as a result of authentication executed by the server 30 (authentication server function) in response to a request from the authentication request unit 112, the validity of the portable storage device 20 and its user is not authenticated, that is, the server 30 ( When an authentication failure notification is received from the authentication server function), switching from the internal processing state to the external processing state by the switching unit 113 is prohibited, and authentication of the user of the portable storage device 20 through the output unit 13 is performed. Notification of failure is made.

  The personal information search means 116 / 116A searches for and specifies a personal information file from data (files) in the portable storage device 20 by executing a personal information search program installed in the portable storage device 20. The notification means 117 notifies the user or the server 30 (personal information management server function) of the search result by the personal information search means 116 / 116A by executing the personal information search program. Notification to the user is performed through the output unit 13, for example, and notification to the server 30 (personal information management server function) is performed through the transmission / reception unit 16 and the network 40. The detailed configuration of the personal information searching means 116 and 116A will be described later with reference to FIGS. 4 and 5, respectively.

  In this embodiment, the personal information file (personal information aggregate) holds a predetermined number or more of records including personal information, and the personal information identifies a specific individual by itself or in combination as described above. This includes information (various personal information elements) that can be performed, such as name, date of birth, contact information (address, address, telephone number, e-mail address). In addition to these, personal information includes titles, basic resident register numbers, account numbers, credit card numbers, license numbers, passport numbers, and the like.

[1-3] Functional Configuration of Server FIG. 3 is a block diagram showing the functional configuration of the server (authentication server / access management server / personal information management server) 30 in the information processing system 1 of the present embodiment. As described above, the server 30 of this embodiment includes at least a processing unit 31, a storage unit 32, and a transmission / reception unit 33, which are usually provided in a general server.

In the server 30 of the present embodiment, the processing unit (CPU) 31 executes the program (software) in the storage unit 32, so that three types of servers, that is, (1) the connection port 14 of the information processing terminal 1 are connected. Authentication server (personal authentication means 311, device authentication means 312, software authentication means 313, notification means 314 and recording means 315) that authenticates the connected portable storage device 20, (2) Connection of the information processing terminal 1 An access management server (determination means 316 and decryption key transmission means 317) for managing access to encrypted information in the portable storage device 20 connected to the port 14, and (3) a personal information file in the portable storage device 20 So as to function as a personal information management server (survey means 318 and installation means 319) It has been made. The transmission / reception unit 33 functions as an interface between the processing unit 31 and the network 40 so that the server 30 can transmit / receive data to / from the information processing terminal 10 via the network 40.

  When the personal authentication unit 311 receives an authentication request for the portable storage device 20 from the information processing terminal 10, the personal authentication information (user) input from the input unit 12 of the information processing terminal 10 by the user of the portable storage device 20. Based on the ID / password or biometric information), it is determined whether or not the user is a valid user (a person who has a valid access right to the portable storage device 20), and personal authentication of the user is performed. To do.

  More specifically, the personal authentication means 311 is a registration password (or registration) corresponding to the user ID from registrant information about the portable storage device 20 registered and stored in advance in the server 30 (storage unit 32). Biometric information) is read out, and the registered password (or registered biometric information) read out is compared with the password (or biometric information) transmitted to the server 30 this time, and these passwords (or biometric information) are obtained. When the passwords match, the validity of the user is authenticated, and when these passwords (or biometric information) do not match, it is determined that the authentication has failed. It should be noted that authentication failure is also determined when there is no registered password (or registered biometric information) corresponding to the user ID in the server 30 (storage unit 32).

Upon receiving an authentication request for the portable storage device 20 from the information processing terminal, the device authentication means 312 is based on the device identification information automatically read from the portable storage device 20, and the portable storage device 20 It is determined whether the device is a management target device 30 (authentication server function), and device authentication of the portable storage device 20 is performed.
More specifically, the device authentication unit 312 reads the device identification information of the management target device registered and stored in advance in the server 30 (storage unit 32), and this time read from the portable storage device 20 and the server 30. The device identification information transmitted to the device is compared and collated, and when there is matching device identification information, the validity of the portable storage device 20 is authenticated. On the other hand, when there is no matching device identification information, the authentication failure is determined. It is supposed to be.

  Upon receiving an authentication request for the portable storage device 20 from the information processing terminal 10, the software authentication unit 313 and the software stored in the authentication-target portable storage device 20 (login software) and the server 30 The software stored in the storage unit 32 is compared with the software stored when the portable storage device 20 was last connected to the information processing terminal 10 (software at logoff). Software authentication is performed by determining whether or not the software matches.

  When the software authentication unit 313 determines whether the software matches, the determination of whether the information (product name, product number, etc.) specifying each software matches the version information of each software matches. If all software products match and the versions of each software product also match, it is determined that the login software and logoff software match. It is like that.

When the information processing terminal 10 ends the process using the portable storage device 20, the information about the software held in the portable storage device 20 at the end is automatically used as the information about the logoff software. Thus, it is sucked up by the server 30 and is registered and stored in the storage unit 32 in association with information (device identification information or the like) specifying the portable storage device 20.

  The notification unit 314 is authenticated by the personal authentication unit 311 to confirm that the user is a legitimate user, and the portable storage device 20 is a management target device of the server 30 (authentication server function) by the device authentication unit 312. And when the software authentication means 313 determines that the log-in software and the log-off software match, the validity of the portable storage device 20 and its user is confirmed. It is determined that the authentication has been made, and the fact is notified to the information processing terminal 10 through the transmission / reception unit 33 and the network 40 as a result of the authentication.

  Further, in the server 30 (authentication server function), when the personal authentication unit 311 does not authenticate the user as a valid user, or the device authentication unit 312 causes the portable storage device 20 to be connected to the server 30 (authentication). Notification means when it is not authenticated that the device is a management target device of the server function) or when the software authentication means 313 determines that the software at login and the software at logoff do not match 314 determines that authentication of the validity of the portable storage device 20 or the user has failed, and notifies the information processing terminal 10 through the transmission / reception unit 33 and the network 40 as a result of the authentication. It has become.

  When the validity of the portable storage device 20 and its user is authenticated, the recording unit 315 switches the processing state by the processing unit 11 of the information processing terminal 10 to the external processing state and opens the portable storage device 20. For example, the fact is recorded in the storage unit 32 as a history.

Upon receiving authentication information (user ID and password) about the encrypted information from the information processing terminal 10, the determining unit 316 determines whether the user of the encrypted information is a valid user based on the authentication information. Is determined.
More specifically, the determination unit 316 reads and reads a registration password corresponding to the user ID from registrant information on the encrypted information that is registered and stored in advance in the server 30 (storage unit 32). The registered password is compared with the password sent to the server 30 this time, and if these passwords match, it is determined that the user is a valid user, while these passwords match. If the registration password corresponding to the user ID does not exist in the server 30 (storage unit 32), it is determined that the user is not a valid user and the information processing terminal 10 is notified accordingly. It has become.

  When the determination unit 316 determines that the user of the encrypted information is a valid user, the decryption key transmission unit 317 reads a decryption key for decrypting the encrypted information from the storage unit 32, and The information is transmitted to the information processing terminal 10 through the transmission / reception unit 33 and the network 40.

The investigation means 318 determines whether or not the personal information search program is included in the software in the portable storage device 20 based on the information about the login software transmitted from the information processing terminal 10 for software authentication, for example. It is to investigate.
If the result of the investigation by the investigation means 318 indicates that the personal information program is not included, the installation means 319 installs the personal information search program in the portable storage device 20 through the transmission / reception unit 33, the network 40, and the information processing terminal 10. Is.

[1-4] First Example of Functional Configuration of Personal Information Search Unit FIG. 4 is a block diagram showing a first example (see reference numeral 116) of a functional configuration of the personal information search unit in the present embodiment. As described above, the personal information search unit 116 has a quarantine table 124 and functions as an extraction unit 121, a counting unit 122, and a determination unit 123. These functions are performed by the processing unit 11 on the server 30 ( It is realized by executing a personal information search program installed by the installation means 319 of the personal information management server function) or a personal information search program held in advance in the portable storage device 20. Note that the quarantine table 124 is provided in advance from the server 30 (personal information management server function) or is included in the personal information search program, and holds various types of information serving as a reference for determining a personal information file. ing.

Here, the extraction unit 121 functions as a text extraction engine that extracts a data file (determination target file) from data stored in the portable storage device 20 and converts it into a text file.
For each file included in the data in the portable storage device 20, the counting means 122 is a quarantine file as a character or character string included in the file (determination target file) and a character or character string that appears characteristically in personal information. 124 is compared with a preset characteristic character or characteristic character string, and the number of times the characteristic character or characteristic character string appears in the file is counted. A specific example of the quarantine file 124 is shown in FIG. 8, and the operation of the counting means 122 will be described later with reference to FIG.

  The determination unit 123 determines whether or not the file is a personal information file based on the count result (count value, determination value) by the counting unit 122, and in the present embodiment, based on the count result, As a search result, a P mark (privacy level mark; a level indicating a high possibility of being a personal information file, a level determined by a determination value described later) of the file held in the portable storage device 20 is determined. Output. The detailed description of the P mark will be made in conjunction with the functional description of the second determination means 136 shown in FIG.

[1-5] Second Example of Functional Configuration of Personal Information Searching Unit FIG. 5 is a block diagram showing a second example (see reference numeral 116A) of the functional configuration of the personal information searching unit in the present embodiment. As described above, the personal information search unit 116A has the quarantine table 137 and functions as the extraction unit 131, the extraction unit 132, the first determination unit 133, the character determination unit 134, the collation unit 135, and the second determination unit 136. These functions are also stored in advance in the personal information search program installed by the installation unit 319 of the server 30 (personal information management server function) or the portable storage device 20. This is realized by executing a personal information search program. The quarantine table 137 is also provided in advance from the server 30 (personal information management server function) or is included in the personal information search program, and holds various types of information serving as a reference for determining a personal information file. ing.

  Here, the first determination unit 133, the character determination unit 134, the collation unit 135, and the second determination unit 136 function as a personal information file determination unit. As will be described later, the personal information file determination unit of the present embodiment determines whether or not the character string in the character section extracted by the extraction unit 132 as described later is a personal information element. Based on the determined number of character strings (counting result), it is determined whether the determination target file is a personal information file.

The extracting unit 131 extracts text data of a file in the portable storage device 20 (for example, CSV (Comma Separated Value) format data), and a file buffer (not shown).
And functions as the text extraction engine. In the file buffer, 2-byte code characters (double-byte characters) are captured so as not to be lost at the end of the file buffer. Further, when data is cut out and taken in from a file buffer to a data shaping buffer (not shown), which will be described later, by the cut-out means 132, the data is taken into the file buffer accordingly.

The cutout unit 132 cuts out character sections delimited at a predetermined delimiter position from the text data extracted by the extraction unit 131 and sequentially writes them in a buffer (not shown) as a determination target / collation target. .
Here, as the predetermined delimiter position, an appearance position of a delimiter character set in advance or a boundary position between a 1-byte code character and a 2-byte code character (a portion where a single-byte character / ASCII character is followed by a double-byte character) Or, a half-width character / ASCII character is followed by a half-width character / ASCII character), or a boundary position between a full-width arithmetic number “0” to “9” and a character excluding the full-width arithmetic number and the hyphen. The delimiter is a delimiter that is a delimiter of the data. Specifically, a half-width space, half-width comma (half-width comma + half-width space is also regarded as a half-width comma), tab character (half-width), CR (Carrige Return) , LF (Line Feed
), “: (Colon)”, “; (semi-colon)”, “>”, “}”, “]”.

  The cutout unit 132 cuts out and imports text data from the file buffer into the data shaping buffer one character at a time. When the above-described delimiter position appears, the extraction unit 132 ends the capture at the delimiter position. Also at this time, data is fetched so that a 2-byte code character (double-byte character) is not lost at the end of the data shaping buffer. As a result, in the present embodiment, for example, addresses and names written in full-width characters such as “Taro Sato 0912341234 Minato-ku, Tokyo” or “Taro Sato sato@xxxx.com Tokyo Minato-ku” are written in half-width characters. If the text data such as a telephone number or an e-mail address is mixed without being separated by a delimiter in the text data, for example, an address or name written in full-width characters such as “Taro Sato 0912341234 Tokyo Minato-ku” Even if there is a mixture of numbers and numbers such as phone numbers written in double-byte characters without being separated by delimiters in the text data, for each personal information element such as address, name, phone number, e-mail address, etc. Cutting out the character sections “Taro Sato”, “09012341234”, “Minato-ku, Tokyo”, “sato@xxxx.com”, “09012341234” Possible to become.

  The data (determination target character section) thus taken into the data shaping buffer is taken into the data analysis buffer (not shown) from the data shaping buffer. Characters, katakana, hiragana, symbols other than kanji, etc. are removed. Examples of characters (unnecessary characters) to be removed at this time include a half-width space, a full-width space, a half-width hyphen, a full-width hyphen, an underbar, parentheses, and so on. , #, $,%, =, +, *,? Symbol characters such as, \, /, and | are defined. In the present embodiment, it is assumed that the cutting means 112 has a function of removing unnecessary characters as described above.

  The first determination unit 133 uses a name of a character string taken into the data analysis buffer, that is, a character string in a character section cut out by the cutting unit 132 to remove unnecessary characters (hereinafter simply referred to as a character string). In order to determine whether it corresponds to a personal information element other than (specifically, any one of a telephone number, an e-mail address, and an address in this embodiment), the telephone number determination means 133a, e-mail address determination The function as the means 133b and the address determination means 133c is provided. Note that the first determination unit 133 of the present embodiment performs the character string determination process in order of lighter determination processing load, that is, in the order of a telephone number, an e-mail address, and an address. The first determination unit 133 checks the size of the data fetched into the data analysis buffer. If the size is 3 bytes or less, the first determination unit 133 does not determine the data as personal information and does not perform the determination process. It may be.

  The telephone number determination means 133a determines whether or not the character string corresponds to a telephone number. If the character string satisfies the telephone number determination condition set in the quarantine table 137, the character string is a telephone number. It judges that it corresponds to a number, notifies that to the 2nd judgment means 136, and ends the judgment processing by the 1st judgment means 133 to the above-mentioned character string. In the present embodiment, the phone number determination condition is that the character string is a sequence of 9 to 11 half-width numbers or full-width numbers, the first character (first character) is “0”, and the second character is “0”. ""

  The e-mail address determination means 133b determines whether the character string corresponds to a telephone mail address when the telephone number determination means 133a determines that the character string does not correspond to a telephone number. If the character string satisfies the e-mail address determination condition set in the quarantine table 137, it is determined that the character string corresponds to the e-mail address, and that is notified to the second determining means 136, and the character string is determined. The determination process by the first determination unit 133 is terminated.

In the present embodiment, the e-mail address determination condition is “one or more ASCII characters” + “@ (at sign)” + “one or more ASCII characters” + “. (Dot)” in the character string.
”+“ ASCII character of one or more characters ”is included, and the last character of the character string is a half-width alphabetic character. In this case, the shortest e-mail address is, for example, “a @ aa”, and a character string that ends with a non-English character (for example, a number) such as “123@45.67” is determined not to be an e-mail address. It will be. According to the e-mail address determination condition, data less than 5 bytes is not subject to e-mail address determination, and no determination process is performed.

  The address determination unit 133c determines whether or not the character string corresponds to an address (residence) when the e-mail address determination unit 133b determines that the character string does not correspond to an e-mail address. When the character string satisfies the address determination condition set in the quarantine table 137, it is determined that the character string corresponds to an address, and that is notified to the second determination means 136.

  In the present embodiment, the address determination condition includes “1 to 13 full-width characters” + “city” or “ku” or “county” + “one or more full-width characters or half-width characters” in the character string. And the first character of the character string matches the initials of 47 prefecture names or city names in Japan. As a result, for example, a character string that includes a “ward” such as “acceptance classification name” in the middle but has no relation to the address is not erroneously determined as an address. At this time, if the processing capacity of the processing unit 11 is sufficiently high, it may be added to the address determination condition that a 7-digit number corresponding to the postal code is included in addition to the character string. According to the address determination condition, data less than 5 bytes is not subject to determination of an e-mail address, and determination processing is not performed.

  The character determination unit 134 sets the character string in the quarantine table 137 when the first determination unit 133 determines that the character string does not correspond to any of a telephone number, an e-mail address, and an address. Whether the number of characters in the character string is within a predetermined range and all the characters in the character string are kanji characters, It is determined whether or not the first character matches the first character of the last name belonging to the predetermined number of surnames that are more common among Japanese.

In the present embodiment, the character determination condition is that, as described above, the number of characters in the character string is within a predetermined range and all the characters in the character string are kanji characters. Is set in a general (appropriate) number range, for example, 2 or more and 6 or less as the number of characters of the name. More specifically, the determination condition by the character determination means 114 is that the character string is a 2-byte code character of 4 bytes to 12 bytes and data within the range of 0x889F to 0xEEEC (Shift-JIS kanji area) ) And the second byte is 0x40-0x7E or 0x80-0xFC
(Shift-JIS specification), and the first character matches the first letter of the last name belonging to the top 3000 last names common to Japanese people. By targeting the top 3000 surnames, more than 80% of Japanese can be covered.

  The collating unit 135 is a character section determined by the first determining unit 133 as not corresponding to any of the telephone number, the e-mail address, and the address, and is further within the predetermined range by the character determining unit 134 and For a character section in which all characters are determined to be kanji, a character / character string included in the character section and an inappropriate character / inappropriate character string preset as a character / character string that cannot appear in the name Is checked to determine whether or not the character section includes an inappropriate character / unsuitable character string, and the result of the verification is notified to the second determination means 136.

  Here, the inappropriate character / unsuitable character string is set in advance in the quarantine table 10c. For example, Tokyo, Osaka, Nagoya, Yokohama, Kyushu, Hokkaido, Kyoto, capital, individual, school, store, stock, prefecture , University, academy, TSE, research, management, general affairs, accounting, sales, general management, pharmaceutical, sales, school, education, specialization, architecture, machinery, corporation, factory, manufacturing, technology, commerce, books, unknown, deputy director, public , Publication, Advertising, Broadcasting, Target, Wholesale, Retail, Planning, Human Resources, Information, Department, President, Regulatory, General Manager, Section Manager, Section Manager, Officer, Head Office, Branch Office, Business, Business, Education, Precision, Petroleum, Transportation, Management , Strategy, material, engineer, electricity, production, tax, public relations, transportation, chief, computer, finance, office work, development, policy, production, economy, industry, finance, bank, survey, English, quality, warranty, equipment, charge , President, Secretary, Audit, Support, Design, Insurance, Safe, Business, Representative, Transportation, 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, 8th, 9th, Special Sales, Facility, Name, Mail, Name, Name, City Hall, Affiliation, Feature, Childhood, Christianity, Association , Church, union, sect, commerce, nationwide, branch, contact, assembly, life, consumption, promotion, city hall, ward office, general, amendment, function, overview, composition, company, organization, association, deletion, document, deadline, valid Characters / character strings that cannot appear in general names such as, maintenance, that is, characters / character strings that are inappropriate as names.

  The second determination unit 136 determines whether the target file is an individual based on the determination result by the telephone number determination unit 133a, the e-mail address determination unit 133b and the address determination unit 133c in the first determination unit 133 and the verification determination result by the verification unit 135. It is determined whether or not the file is an information file.

  More specifically, the second determination unit 136 receives notification of determination results from the telephone number determination unit 133a, the e-mail address determination unit 133b, and the address determination unit 133c. Counts the number of character sections deemed to be applicable, receives the collation determination result from the collation means 135, and corresponds to the name of the character section determined by the collation means 135 as not including an inappropriate character / inappropriate character string Count the number.

  Then, the second determination means 136 is based on the counting results (four count values; the number of telephone numbers, the number of e-mail addresses, the number of addresses, the number of names) for each of the telephone number, the e-mail address, the address, and the name. A determination value that increases as these count values increase is calculated. For example, the second determination unit 136 may calculate the sum of four count values as the determination value, or set a weighting factor in advance for each of a telephone number, an e-mail address, an address, and a name. The sum of the multiplication results of the weighting coefficient and the count value for the personal information element may be calculated as the determination value, and various methods for calculating the determination value are conceivable.

  When the determination value as described above is calculated, the second determination unit 136 determines whether or not the determination target file is a personal information file based on the determination value. Specifically, when the determination value exceeds a predetermined threshold, it is determined that the determination target file is a personal information file. When making such a determination, the second determination means 136 further assigns a P mark (private level mark) according to the size of the determination value to the determination target file and outputs it together with the determination value for ranking. To do. As described above, the P mark is a level indicating the high possibility that the determination target file is a personal information file. The larger the determination value, the higher the P mark is set.

  For example, when the determination value is 10 or more, it is determined that the determination target file is a personal information file. When the determination value is 10 or more and less than 100, “P1” is assigned as the P mark, and when the determination value is 100 or more and less than 1000, “P2” is assigned as the P mark. When it is 1000 or more and less than 10,000, “P3” is assigned as the P mark, and when the determination value is 10000 or more, “P4” is assigned as the P mark. It should be noted that the predetermined threshold for determining the personal information file and the reference value for determining the P mark are appropriately set in the server 30 (personal information management server function). In addition, although the P mark is ranked into four “P1” to “P4” here, the number of ranks is not limited to this.

  The P mark given to the determination target file as described above is transmitted to the server 30 (personal information management server function) via the transmission / reception unit 16 and the network 40 as a search result of the personal information file together with the determination value. 30 storage units 32 are associated with identification information for specifying a determination target file and stored as management information. Then, the file to which the P mark is assigned is managed as a personal information file by the server 30 (personal information management server function) according to the rank of the P mark as described later with reference to FIG.

[2] Operation of the information processing system of the present embodiment [2-1] Operation of the information processing terminal Next, the operation of the information processing terminal 10 in the information processing system 1 of the present embodiment configured as described above will be described with reference to FIG. It demonstrates according to the flowchart (step S11-S27) shown.

  As shown in FIG. 6, when the recognition unit 111 recognizes that the portable storage device 20 is connected to the connection port 14 (the connector 21 of the portable storage device 20 is inserted into the connection port 14). (Yes in step S11), the processing unit 11 executes predetermined unencrypted software in the portable storage device 20, and the processing unit 11 includes the decryption key request unit 114 and the decryption unit 115. Function as.

  First, by the function as the decryption key request unit 114, the authentication information (user ID and password) about the encrypted information is input to the user of the encrypted information (that is, the portable storage device 20) through the output unit (display) 13. In response to this, authentication information about the encrypted information input from the input unit 12 by the user is transmitted, and the decryption key corresponding to the encrypted information is transmitted to the server 30 (access management server function). Is requested through the transmitter / receiver 16 and the network 40 (step S12).

When an error notification (see step S35 in FIG. 7) is made from the server 30 (access management server function) in response to the decryption key transmission request, the decryption key cannot be received (NO route in step S13), and the output unit An error notification is made to the user through step 13 (step S14). On the other hand, when a decryption key is transmitted from the server 30 (access management server function) in response to the decryption key transmission request (see step S34 in FIG. 7; YES route in step S13), the function as the decryption means 115 is performed. Using the decryption key, the encrypted information in the portable storage device 20 is decrypted into the original software and data (step S15).

  When the encrypted information of the portable storage device 20 is decrypted by the decryption means 115, the authentication request means 112 of the processing unit 11 sends the portable information to the user of the portable storage device 20 through the output unit (display) 13. The user is prompted to input authentication information (user ID and password) about the storage device 20, and the user inputs the authentication information from the input unit 12. At the same time, the authentication request unit 112 reads out the device identification information (disk ID) from the portable storage device 20 and information related to software (software at login) held in the portable storage device 20 [each Information identifying the software (product name, product number, etc. and version information of each software)] is read from the portable storage device 20 and the identification information input from the input unit 12 and the portable storage device 20 The read device identification information and information about the software are transmitted to the server 30 (authentication server function) through the transmission / reception unit 16 and the network 40 together with the authentication request (step S16).

  When an error notification (see step S43 in FIG. 7) is made from the server 30 (authentication server function) in response to a request from the authentication request unit 112 (NG route in step S17), an error notification is sent to the user through the output unit 13. Is performed (step S18). On the other hand, in response to a request from the authentication request unit 112, the server 30 (authentication server function) receives a notification that the validity of the portable storage device 20 and its user has been authenticated (see step S40 or S41 in FIG. 7; If the personal information search program is installed in the portable storage device 20 (YES route in step S19), the process immediately proceeds to step S21. If the personal information search program is not installed in the portable storage device 20 (NO route in step S19), the personal information search program is executed by the server 30 (personal information management server function) as described later. Since the personal information search program is installed (YES route in step S20), the process proceeds to step S21.

  In step S21, the switching unit 113 changes the processing state of the processing unit 11 from the internal processing state in which processing is performed using software and data stored on the information processing terminal 10 side (storage unit 15) to the portable storage device. Various software and data stored in the memory 20 can be switched to an external processing state in which processing is performed while using the portable storage device 20. When switching to the external processing state in this way, the processing unit 11 displays on the output unit (display) 13 a menu screen of an application program that can be used by software stored in the portable storage device 20. .

  At this time, the personal information search program installed in the portable storage device 20 is executed by the processing unit 11, and the processing unit 11 functions as the personal information search means 116 / 116A, so that the portable storage device 20 A personal information file is searched and specified from the data (file) (step S22), and the result is notified from the notification means 117 to the user through the output section 13, and from the notification means 117 to the transmission / reception section 16 and the network. The server 30 (personal information management server function) is notified through 40 (step S23). Specific processing (personal information search method) in step S22 will be described later with reference to FIGS. Note that the processes of steps S22 and S23 may be executed in parallel with the process of step S24.

Thereafter, the user uses the environment of the information processing terminal 10 and operates the input unit 12 while referring to the output unit 13 of the information processing terminal 10 to customize the portable storage device 20 for himself / herself. Processing using various software and original data is performed (step S24).

  Then, in the information processing terminal 10, when the external processing state using the portable storage device 20 ends, that is, when the processing of step S24 ends (YES route of step S25), the portable storage device 20 at the end of the processing. Is downloaded from the portable storage device 20 and transmitted from the information processing terminal 10 to the server 30 (authentication server function) (step S26), and the server 30 stores the next information on the portable storage device 20 next time. The information is registered and stored in the storage unit 32 in association with the portable storage device 20 so as to be used as information related to the log-off software at the time of software authentication. When information about the software is transmitted in this way, the switching unit 113 switches the processing state of the processing unit 11 from the external processing state to the internal processing state (step S27), and returns to the processing of step S11.

[2-2] Operation of Server Next, the flowchart of FIG. 7 shows the operation of the server (authentication server / access management server / personal information management server) 30 in the information processing system 1 of this embodiment configured as described above. A description will be given according to (Steps S31 to S43).

  As shown in FIG. 7, when the server 30 receives an authentication request for the encrypted information of the portable storage device 20 from the information processing terminal 10 through the network 40 and the transmission / reception unit 33 (YES route in step S31), the determination unit By 316, the registration password corresponding to the user ID is read out from the registrant information on the encrypted information, which is registered and stored in advance in the server 30 (storage unit 32), and the read registration password and this time The password transmitted to the server 30 is compared and collated (step S32), and when these passwords match, it is determined that the user is a valid user (YES route of step S33), and the decryption key The decryption key for decrypting the encrypted information is read from the storage unit 32 by the transmission unit 317, and information processing is performed. It is transmitted through the transceiver 33 and the network 40 to the end 10 (step S34).

  On the other hand, if the passwords do not match or if the registered password corresponding to the user ID does not exist in the server 30 (storage unit 32), it is determined that the user is not a valid user, and this is indicated as an error notification. The information processing terminal 10 is notified through the transmission / reception unit 33 and the network 40 (step S35).

  When an authentication request for the portable storage device 20 and its user is received from the information processing terminal 10 through the network 40 and the transmission / reception unit 33 (NO route in step S31 and YES route in step S36), in step S37, first, an individual The authentication means 311 reads the registration password (or registered biometric information) corresponding to the user ID from the registrant information about the portable storage device 20 registered and stored in advance in the server 30 (storage unit 32). The registered password (or registered biometric information) read out is compared with the password (or biometric information) transmitted to the server 30 this time, and the use is made when these passwords (or biometric information) match. The legitimacy of the person is authenticated. On the other hand, if these passwords (or biometric information) do not match or if the registered password (or registered biometric information) corresponding to the user ID does not exist in the server 30 (storage unit 32), it is determined that personal authentication has failed.

In step S37, the device authentication unit 312 reads the device identification information of the management target device registered and stored in advance in the server 30 (storage unit 32), and this time read from the portable storage device 20 to the server 30. The transmitted device identification information is compared and verified, and if there is matching device identification information, the validity of the portable storage device 20 is authenticated. On the other hand, if there is no matching device identification information, it is determined that the device authentication has failed.

  Further, in step S37, the software authentication unit 313 registers and saves the software (login software) stored in the portable storage device 20 to be authenticated and the storage unit 32 of the server 30. When the type storage device 20 is last connected to the information processing terminal 10, it is compared with software stored at the time of logoff (software at logoff), and when these software match, the portable storage device The validity of the software at 20 is authenticated. If these pieces of software do not match, it is determined that the software authentication has failed.

  When the server 30 (authentication server function) does not authenticate the user as a valid user by the personal authentication unit 311 (personal authentication failure), or the device authentication unit 312 performs the portable storage device 20. Is not authenticated as a device to be managed by the server 30 (authentication server function) (device authentication failure), or the software at the time of login and the software at the time of logoff match by the software authentication means 313 If it is determined that the authentication is not successful (software authentication failure), it is determined that authentication of the validity of the portable storage device 20 or the user has failed (NO route in step S38), and the notification means 314 As a result of authentication, the information processing terminal 10 passes through the transmission / reception unit 33 and the network 40. It is notified Te (step S43).

  On the other hand, in the server 30 (authentication server function), it is authenticated by the personal authentication means 311 that the user is a legitimate user, and the portable storage device 20 is connected to the server 30 (authentication server function) by the apparatus authentication means 312. And when the software authentication means 313 determines that the log-in software and the log-off software match, the portable storage device 20 and its It is determined that the user's legitimacy has been authenticated (YES route in step S38), and based on the information regarding the login software transmitted from the information processing terminal 10 for software authentication by the investigation means 318. The personal information search program is included in the software in the portable storage device 20. Whether or not it is examined (step S39).

  If the personal information search program has been installed (YES route in step S39), the notification means 314 immediately confirms that the validity of the portable storage device 20 and its user has been authenticated. Information processing terminal 10 is notified through transmission / reception unit 33 and network 40 (step S40).

  If the personal information search program is not installed (NO route in step S39), the personal information search program is installed in the portable storage device 20 by the installation means 319 through the transmission / reception unit 33, the network 40, and the information processing terminal 10. At the same time, the notification means 314 notifies the information processing terminal 10 through the transmission / reception unit 33 and the network 40 that the validity of the portable storage device 20 and its user has been authenticated. (Step S41).

Thereafter, the recording unit 315 determines that the processing state by the processing unit 11 of the information processing terminal 10 is switched to the external processing state and the portable storage device 20 is opened, and that fact is stored in the storage unit 32 as a history. To be recorded.
A specific personal information management operation executed by the function of the server 30 as the personal information management server will be described later with reference to FIG. 12 after describing the operation of the personal information search means 116 / 116A. .

[2-3] Operation of personal information search means shown in FIG. 4 (first search method)
Next, the processing performed by the personal information search means 116 shown in FIG. 4, that is, the operation (first search method) of the personal information search means 116 shown in FIG. The description will be given with reference. 8 shows a specific example of the quarantine table 124 used in the personal information search means 116 shown in FIG. 4, FIG. 9 shows a specific example of the title header, and FIG. 10 shows the personal information search shown in FIG. 10 is a flowchart for explaining an operation (first search technique) of means 116.

In the personal information searching means 116 of this embodiment, the appearance frequency of an address, a telephone number, an e-mail address, and a name is quantified and the personal information file is specified as follows.
More specifically, the counting unit 122 of the personal information searching unit 116 firstly sets a character or character string included in the determination target file and a characteristic character / character string preset as a character / character string characteristically appearing in the personal information. The number of occurrences of the characteristic character / characteristic character string in the determination target file is counted by collating with the characteristic character string. However, in the present embodiment, when collation / recognition using character strings is performed, the load on the processing unit 11 becomes extremely large. Therefore, collation / recognition for each character is performed. Therefore, one character is set in the quarantine table 124 as described later with reference to FIG. If the processing capacity of the processing unit 11 is sufficiently high, collation / recognition by character strings may be performed.

  Then, the characters extracted from the determination target file (text file) are collated one by one with the characteristic characters in the quarantine table 124, and if they match, it is determined that the characteristic characters have appeared, The count value of the characteristic character is incremented by “1”. After counting the number of appearances of characteristic characters in all characters included in the target file in this way, the personal information file is identified based on the count result (determination of whether the target file is a personal information file) ).

Here, the characteristic characters preset in the quarantine table 124 will be specifically described.
In general personal information, an address is usually required. Therefore, as shown in FIG. 8, characters that appear characteristically in addresses in Japan are set and registered in the quarantine table 124 as characteristic characters. For example, the address information may include “city”, “road”, “fu”, “prefecture”, “city”, “ward”, “town”, “village”, “county”, etc. In the case of “Tokyo”, the characters “East” and “Kyo” appear in ordinary documents, but in the case of address information, they will appear in combination with “City”. It becomes possible to regard the number of appearances as the number of addresses. Similarly, “prefecture”, “prefecture”, and “road” are considered as address information, and “@” can be used as e-mail address information.

In the quarantine table 124 shown in FIG. 8, the following characteristic characters and points are set.
(1) Address information (characters) as “East”, “Kyo”, “Miyako”, “Large”, “Osaka”,
“Fu”, “North”, “Sea”, “Road” are set, and the total of the count values of these characteristic characters is counted and calculated as address point 1.
(2) As presumed address information (characteristics), prefecture names other than address point 1, that is, “mountain”, “form”, “god”, “na”, “river”, “saki”, “tama”, ..., "Fuku", "Oka", "Prefecture", etc. are set, and the total of the count values of these characteristic characters is counted and calculated as address point 2.
(3) “City”, “District”, “Town”, “Village” and “County” are set as address disregard information (characteristic characters), and the total of the count values of these characteristic characters is calculated as address point 3 Is done.

(4) “@” is set as the mail address deemed information (characteristic character), and the count value of “@” is used as the mail address point.
(5) “N” (numeric string with a predetermined number of digits consisting of numerals and hyphens) is set as the telephone number deemed information (characteristic character string), and the counted value is used as the telephone number point. More specifically, the phone number is a specific number string corresponding to the mobile phone area code or area code, such as “090-XXXX-XXXX”, “03-XXXX-XXXX”, “048-XXX-XXXX”. It consists of “090”, “03”, “048” followed by an 8-digit or 7-digit numeric string. When such a numeric string appears, the telephone number point is incremented by “1”. . At this time, the count-up is performed regardless of the presence or absence of a hyphen in the numeric string.

(6) As name disregard information (characters), for example, the 50 best surnames in Japan
The characters “sa”, “wisteria”, “field”, “middle”, “high”, “bridge”,..., “Mountain”, “field” are set, and the sum of the count values of these characteristic characters Is calculated as a name point.
(7) As the quarantine total points, the total value of each point of the items (1) to (6) described above is counted and calculated.
Here, in FIG. 8, a count value indicating the number of appearances of each characteristic character or each point (total value of the number of appearances) is written in “”, and can be counted up to, for example, about 10 million. It has become.

  In addition, handling when duplicate characters exist when calculating the appearance rate of each prefecture name based on the counting result (number of appearances) obtained using the quarantine table 124 as described above will be described. For example, if “Tokyo” and “Kyoto Prefecture” are mixed in a text file, “Metropolitan” is duplicated. Therefore, the “Metropolitan” count is the same as the “Tokyo” count. It will be mixed. Since “Fu” in “Kyoto” overlaps with “Fu” in “Osaka”, first calculate the appearance rate of “Osaka” and subtract that appearance rate from the appearance rate of “Fu”. It is possible to predict the appearance rate of “fu”. The appearance rate of “Tokyo” can be obtained by subtracting the appearance rate of “Kyoto Prefecture” predicted in this manner from the appearance rate of “Miyako”. If the prefecture name and city name overlap (for example, Osaka City, Osaka Prefecture), the appearance rate of “Osaka” will double, but based on the Japanese address book published by the Ministry of Posts and Telecommunications. It is possible to estimate the actual appearance rate by calculating the duplication rate for each prefecture name and adjusting the appearance rate based on the calculated duplication rate.

  Furthermore, the handling when there is no state display will be described. In the data file, when the title header as shown in FIG. 9 is used for the prefecture name, or when the address display of the government-designated city or the address display using the zip code is used, “city”, “road”, “prefecture”, “ The appearance rate of “prefecture” will be extremely reduced. Instead, since the name appearance rate such as the prefecture name becomes high, it is possible to specify that the data file is a personal information file including address information from the name appearance rate.

  In the quarantine table 124 described above, characters / character strings that appear characteristically in addresses, email addresses, telephone numbers, and names are set as characteristic characters / characteristic strings, but the present invention is not limited to these. Characters / character strings that appear characteristically in the date of birth, title, personal identification information (for example, Basic Resident Register Number, Account Number, Credit Card Number, License Number, Passport Number, etc.) It may be set as a character / characteristic character string.

Then, the determination unit 123 of the personal information search unit 116 calculates a determination value indicating the degree to which the determination target file is a personal information file based on the counting result obtained using the quarantine table 124 described above. As the determination value, (a) the value of the quarantine total point (see item (7) above) of the quarantine table 124 may be used as it is, or (b) the higher the appearance rate of feature characters / feature character strings, the larger the value. Or (c) obtaining an appearance pattern of a feature character / feature character string in a judgment target file based on a count result obtained for each feature character / feature character string, The degree of coincidence indicating the degree of coincidence between the found appearance pattern and the feature appearance pattern preset as the appearance pattern of the feature character / feature character string may be calculated as the determination value, or (d) these three types Two or more of the determination values may be combined, and a value calculated by substituting two or more determination values into a predetermined function may be used as the determination value.

  At this time, if there are characteristic characters / character strings related to multiple types of information (for example, four types of address, mail address, telephone number, and name) in the determination target file, one type of information is included in the determination target file. The count result is weighted so that the determination value becomes larger than when there is a feature character / feature character string related to. In other words, if a determination target file includes a plurality of types of information that can identify an individual, the possibility that the determination target file is a personal information file is that only one type of information that can identify an individual is included. Since it is considered that it is higher than the case where it is included, weighting is performed so that the determination value (importance) for the determination target file becomes large. Further, weighting may be performed so that the determination value increases as the number of types of information increases. This makes it possible to specify the personal information file more reliably.

  When the determination value as described above is calculated, the determination unit 123 of the personal information search unit 116 determines whether or not the determination target file is a personal information file based on the determination value. For example, when the determination value exceeds a predetermined threshold, it is determined that the determination target file is a personal information file. When making such a determination, in this embodiment, as described above, a P mark (private level mark) corresponding to the size of the determination value is assigned to the determination target file for ranking. As described above, the P mark is a level indicating the high possibility that the determination target file is a personal information file. The larger the determination value, the higher the P mark is set.

A series of procedures of personal information search (personal information file identification) executed by the personal information search means 116 will be described with reference to the flowchart (steps S51 to S57) shown in FIG.
As shown in FIG. 10, when the personal information search program is executed in step S22 of FIG. 6 in the processing unit 11 of the information processing terminal 10, the portable storage device 20 is referred to. The presence / absence of an unmarked file is determined (step S51). If there is no P mark unset file (NO route in step S51), the personal information search process is terminated. On the other hand, if there is a P mark unset file (YES route in step S51), the portable storage device. One file with no P mark set is selected as a determination target file from step 20 (step S52), and the determination target file is converted into a text file by the extraction unit 121 (text extraction engine) (step S53).

  Then, the characters extracted from the text file are collated one by one with the characteristic characters in the quarantine table 124. If they match, it is determined that the characteristic characters have appeared, and the counting means 122 The count value of the characteristic character is incremented by “1” (step S54). Thus, after counting the number of appearances of characteristic characters in all characters included in the determination target file, the determination unit 123 indicates the degree to which the determination target file is a personal information file based on the count result. A determination value (for example, see the items (a) to (d) above) is calculated (step S55).

Based on the determination value calculated in step S55, as described above, the determination unit 123 determines whether or not the determination target file is a personal information file and ranks the P mark (step S56). . The personal information file determination result and the P mark ranking result are also transmitted to the server 30 (personal information management server function) via the transmission / reception unit 16 and the network 40 (step S57), and the server 30 (personal information management). Server function) is stored in the storage unit 32. Thereafter, the process returns to step S51, and steps S52 to S57 are repeatedly executed until there is no file in which the P mark is not set in the portable storage device 20 (until NO is determined in step S51).

[2-4] Operation of personal information search means shown in FIG. 5 (second search method)
Next, the processing (second search method) of the personal information search means 116A shown in FIG. 5 in the process performed by the personal information search means 116A shown in FIG. A description will be given according to steps S61 to S76.

  As shown in FIG. 11, when the personal information search program is executed in step S <b> 22 of FIG. 6 in the processing unit 11 of the information processing terminal 10, the portable storage device 20 is referred to. The presence / absence of an unmarked file is determined (step S61). If there is no P mark unset file (NO route in step S61), the personal information search process is terminated. On the other hand, if there is a P mark unset file (YES route in step S61), the portable storage device. One file with no P mark set is selected as a determination target file from 20, and the text data is extracted from the determination target file by the extraction means 131 and is taken into the file buffer (step S62).

  In this way, from the text captured in the file buffer, the character section is cut out by the cutout unit 132 at the predetermined break position described above, and passed through the data shaping buffer as a determination target / collation target. The data is sequentially written to the data analysis buffer (step S63). When cutting out a character section, as described above, by the cutting means 132, unnecessary characters other than alphanumeric characters, katakana, hiragana, and kanji, for example, half-width space, full-width space, half-width hyphen, full-width hyphen, are extracted from the character section. , Underbar, parenthesis,! , #, $,%, =, +, *,? Symbol characters such as, \, /, and | are removed.

  Whether or not the character string (hereinafter simply referred to as character string) in the character section cut out by the cutting means 132 and from which the symbol character is removed corresponds to any one of a telephone number, an e-mail address, and an address. Are sequentially determined by the telephone number determination means 133a, the e-mail address determination means 133b, and the address determination means 133c (steps S64, S66, S68).

  First, the telephone number determination unit 133a determines whether or not the character string corresponds to a telephone number (step S64). At this time, if the character string satisfies the telephone number determination condition set in the quarantine table 137, that is, the character string is a sequence of 9 to 11 half-width numbers or full-width numbers, and the first character If the (first character) is “0” and the second character is other than “0”, it is determined that the character string corresponds to the telephone number (YES route in step S64), and that is the second determination means 136. In the second determination means 136, the count value corresponding to the number of appearances of the telephone number is incremented by 1 (step S65), and the process proceeds to step S73.

If it is determined that the character string does not correspond to a telephone number (NO route of step S64), the e-mail address determination means 133b determines whether the character string corresponds to a telephone mail address (step S66). ). At this time, if the character string satisfies the e-mail address determination condition set in the quarantine table 137, that is, “one or more ASCII” + “@ (at sign)” + “one or more characters in the character string. No ASCII "+
If a character string “. (Dot)” + “ASCII character of one or more characters” is included and the last character of the character string is a half-width alphabetic character, the character string corresponds to an e-mail address. It is determined (YES route of step S106), and the fact is notified to the second determination means 136, and the second determination means 136 increments the count value corresponding to the number of appearances of the e-mail address by one ( The process proceeds to step S67) and step S73.

  If it is determined that the character string does not correspond to an e-mail address (NO route of step S66), the address determination unit 133c determines whether the character string corresponds to an address (location) (step S68). ). At that time, if the character string satisfies the address determination condition set in the quarantine table 137, that is, “1 to 13 double-byte characters” + “city” or “ku” or “ A character string “county” + “one or more full-width characters or half-width characters” is included, and the first character of the character string is the same as the initial name of 47 prefectures or city names in Japan. If so, it is determined that the character string corresponds to an address (YES route in step S68), and that is notified to the second determination means 136. In the second determination means 136, the address (location) is determined. The count value corresponding to the number of appearances is incremented by 1 (step S69), and the process proceeds to step S73.

  When it is determined that the character string does not correspond to an address (NO route in step S68), that is, the first determination unit 133 determines that the character string does not correspond to any of a telephone number, an e-mail address, and an address. The character determination means 134 determines that the character string is a character determination condition set in the quarantine table 137 (the number of characters is 2 or more and 6 or less, all characters are kanji characters, and the first character of the character string). It is determined whether or not the first letter of the last name belonging to the uppermost predetermined number of surnames in Japanese is satisfied (step S70). When this character determination condition is not satisfied (NO route in step S70), the process proceeds to step S73.

  On the other hand, if the character determination condition is satisfied (YES route in step S70), the collation unit 135 determines whether the character / character string included in the character section (the character string) and the name set in the quarantine table 137 are incorrect. The appropriate character / unsuitable character string is collated, and it is determined whether or not the character section includes the unsuitable character / unsuitable character string (step S71). If there is at least one character / character string that matches the inappropriate character / inappropriate character string in the character section (YES route in step S71), the inappropriate character / inappropriate character string at that time The collation process is immediately terminated, and the process proceeds to step S73.

  If the character section does not contain inappropriate characters / unsuitable character strings (NO route in step S71), the collation determination result is notified to the second determination unit 136. In the second determination unit 136, The character section is considered to correspond to the name, and the count value corresponding to the number of appearances of the name is incremented by 1 (step S72), and the process proceeds to step S73.

  In step S73, it is determined whether or not there is a character segment that has not yet been extracted from the text data extracted from the target file. ) Repeatedly. When all the character sections are cut out from the text data in this way and the determination processing, collation processing, counting processing, etc. for all the character sections are finished (NO route in step S73), the second determination means 136 uses the telephone number, electronic Based on the count values for each of the mail address, address, and name, the above-described determination value is calculated (step S74).

Then, in the second determination means 136, as described above, it is determined whether or not the circulation target electronic file is a personal information file based on the determination value calculated in step S74, and the rank of the P mark is determined. Appending (four in this embodiment, “P1” to “P4”) is performed (step S75). The determination result of the personal information file and the ranking result of the P mark are notified to the server 30 (personal information management server function) via the notification means 117, the transmission / reception unit 16, and the network 40 (step S76).

[2-5] Personal Information Management Operation Next, the operation of the server 30 as a personal information management server will be described with reference to the flowchart (steps S81 to S89) shown in FIG.
As shown in FIG. 12, the server 30 (personal information management server function) stores a determination result (determination value or P mark) about the personal information file in the portable storage device 20 notified from the information processing terminal 10. 32, and by referring to the determination result, it is determined whether or not there is a personal information file (file with a P mark) (step S81).

If a personal information file exists (YES route in step S81), each personal information is determined by the server 30 (personal information management server function) according to the determination result of the personal information file [here, P mark level (rank)]. Management / operation for files is performed as follows (steps S82 to S89).
First, the presence / absence of a personal information file having a P mark level “P1” is determined (step S82). If there is a personal information file having a P mark level “P1” (YES route in step S82), the personal information file is monitored for access. It is set and registered as a target (access log recording target) (step S83).

  When there is no personal information file of P mark level “P1” (NO route of step S82), or after registration of step S83, it is determined whether or not there is a personal information file of P mark level “P2” (step S84). If there is a personal information file with the mark level “P2” (YES route in step S84), the personal information file is set and registered as an access monitoring target, and a pop-up is made to call attention to the user of the personal information file The notice information by display is notified (step S85).

  When there is no personal information file of P mark level “P2” (NO route of step S84), or after the notice information is notified in step S85, it is determined whether or not there is a personal information file of P mark level “P3” (step S86). ) If there is a personal information file of P mark level “P3” (YES route in step S86), the personal information file is set and registered as an access monitoring target, and the user who stores the personal information file is stored. The fact that it exists is notified to the system administrator by e-mail or the like as warning information, and the user is instructed to return the personal information file (step S87).

  If there is no personal information file of P mark level “P3” (NO route of step S86), or after issuing alarm information notification and return instruction in step S87, whether there is a personal information file of P mark level “P4”. If it is determined (step S88) and there is a personal information file of P mark level “P4” (YES route of step S88), the personal information file is forced from the portable storage device 20 via the information processing terminal 10 and the network 40. Are captured and recovered (step S89). If there is no personal information file of the P mark level “P4” (NO route in step S88), or after the process in step S89 ends, the process ends.

  As described above, regarding the personal information file of the P mark level “P4”, the personal information file is forcibly prohibited from being output from the portable storage device 20 to the outside, or the personal information file is managed by the administrator. Or it may be stored in a folder accessible only to the user. Further, when a personal information file having a P mark level “P3” is left for a predetermined number of days, the same processing as that for a personal information file having a P mark level “P4” may be executed.

[3] Effect of Information Processing System According to this Embodiment As described above, according to the information processing system 1 as one embodiment of the present invention, the connector 21 of the portable storage device 20 is connected to the connection port 14 of the information processing terminal 10. When the recognition unit 111 recognizes that the authentication has been performed, the authentication request unit 112 requests the server 30 (authentication server function) to authenticate the portable storage device 20. In the server 30 (authentication server function), it is authenticated by the personal authentication means 311 that the user is a valid registrant, and the portable storage device 20 is connected to the server 30 (authentication server function) by the apparatus authentication means 312. If the device is authenticated and the software authentication means 313 determines that the login software and the logoff software match, the portable storage device 20 and its user's legitimacy The server 30 (authentication server function) notifies the information processing terminal 10 to that effect by the notification means 314 as a result of authentication.

  When the validity of the portable storage device 20 and its user is authenticated as a result of the authentication executed by the server 30 (authentication server function) in response to the request by the authentication request unit 112, the processing of the information processing terminal 10 The processing state by the unit 11 is switched by the switching unit 113 from the internal processing state to an external processing state in which processing is performed while using various software and data on the portable storage device 20.

  Thereby, the user stores various kinds of software and original data customized for each user in the portable storage device 20, and connects the connector 21 of the portable storage device 20 to the information processing terminal on the go 10 can be used on the information processing terminal 10 on the go without having to carry a heavy notebook PC or the like without using a heavy notebook PC or the like. .

  At that time, as described above, in the server 30 (authentication server function), the authentication means 311, 312 and 313 perform the triple authentication of personal authentication, device authentication and software authentication. Even if the portable storage device 20 is stolen, the security performance of the portable storage device 20 is ensured, information leakage in the portable storage device 20 or unauthorized use of the portable storage device 20 Can be reliably prevented.

  In addition, software (login software) installed in the portable storage device 20 and software installed when the portable storage device 20 was last connected to the information processing terminal 10 (server 30) ( When the software is completely matched by comparing the software with the software at the time of logoff and determining whether or not these software match, the processing unit 11 of the information processing terminal 10 Can be switched to an external processing state using software and data in the portable storage device 20.

  Therefore, in the unlikely event that information necessary for personal authentication or device authentication (user ID, password, biometric information, device identification information of the portable storage device 20, etc.) is stolen, what is the original portable storage device used by a third party? Even if a different portable storage device is used and an unauthorized network connection is made by impersonation by software in the portable storage device 20, the software held in the impersonation device and the stolen information are supported. Since the log-off software for the portable storage device can hardly coincide completely, the software authentication described above connects the impersonation device to the network 40 (to a terminal or server other than the server 30 in FIG. 1). Connection) can be reliably rejected, and the security performance can be greatly improved.

In the server 30 (authentication server function) of the information processing system 1 described above, when the validity of the portable storage device 20 and its user is authenticated, the processing state by the processing unit 11 of the information processing terminal 10 is determined by the authentication result. Since the fact that the portable storage device 20 is switched to the external processing state and opened is recorded as a history by the recording means 315, the portable storage device 20 is opened, and information in the portable storage device 20 is processed as information. It becomes possible to record and manage in the storage unit 32 that the processing unit 11 of the terminal 10 has been processed, and record it in the storage unit 32 when unauthorized use of the portable storage device 20 is detected. Based on the recorded history, it is possible to identify the portable storage device 20 that has been illegally used, the usage time thereof, the information processing terminal 10 used for the usage, and the like. It becomes ability.

  Further, in the portable storage device 20, software and data other than predetermined software among various software and data are stored as encrypted information under the management of the server 30 (access management server function). deep. If the user of the encrypted information is authenticated by the server 30 (access management server function) as a valid user, the server 30 (access management server) is processed by the processing unit 11 of the information processing terminal 10. Encrypted information is decrypted with the decryption key received from, and processing (including software authentication) using the contents (software and data) of the encrypted information will be executed. Cannot decrypt the encrypted information, and it is impossible to perform processing using the contents.

  That is, in the portable storage device 20, software and data other than predetermined software (a program that causes the processing unit 11 to function as the decryption key request unit 114 and the decryption unit 115) among various software and data are: All are encrypted, and the encrypted information is configured so that only a legitimate user can decrypt it. In the unlikely event that the portable storage device 20 is lost or the portable storage device 20 is stolen. Even if it happens, the security performance of the portable storage device 20 can be ensured, information leakage / falsification in the portable storage device 20 and unauthorized use of the portable storage device 20 can be reliably prevented, and Since the legitimate user can access, the convenience for the legitimate user is not impaired.

  Further, when the portable storage device 20 is connected to the information processing terminal 10, the personal information search program (the processing unit 11 is stored in the portable storage device 20 by the investigation unit 318 of the server 30 (personal information management server function). It is investigated whether or not the program that functions as the personal information search means 116 / 116A is installed. If the program is not installed, the personal information search program is automatically (forced) installed. The personal information search program installed in the portable storage device 20 is executed by the processing unit 11 of the information processing terminal 10 so that the personal information file is searched and specified from the data in the portable storage device 20, The search result is notified to the user or the server 30 (personal information management server function).

  Thereby, when the personal information file in the portable storage device 20 is stored, the user or the server 30 (personal information management server function) is notified to that effect, and the user is alerted or the personal information is stored. The file can be placed under the control of the server 30 (personal information management server function), and the personal information is surely protected by preventing the inadvertent leakage and leakage of personal information and unauthorized use of personal information. Can do.

  At that time, by using the function as the personal information search means 116, it is determined for each file in the portable storage device 20 whether the file is a personal information file based on the number of appearances of characteristic characters and characteristic character strings. Since the personal information file can be automatically searched and specified, the personal information file (file that is highly likely to be a personal information file) in the portable storage device 20 can be reliably searched and identified. it can.

When a file having a predetermined number or more of personal information elements that can identify a specific individual is determined as a personal information file, the second determination is made by using the function as the personal information search means 116A of the present embodiment. In the means 136, the character section that does not correspond to any of the telephone number, the e-mail address, and the address and includes the inappropriate character / inappropriate character string is considered not to be related to the personal information. A character section that does not correspond to either an address or an address and does not include an inappropriate character / unsuitable character string is considered to be related to a name.

  Therefore, for the character section determined to correspond to any one of the telephone number, the e-mail address, and the address by the first determination means 133, the determination process is terminated when the determination is made, and the telephone number, the e-mail Only the character section determined not to correspond to either the address or the address is subjected to the matching process with the inappropriate character / unsuitable character string, and the matching unit 135 has one inappropriate character / unsuitable character string. However, when it is determined that it is included in the character section, the matching process can be terminated, so the name matching process is faster than the method of matching with all name strings included in the name list. It is possible to perform the determination, that is, the personal information file determination process at high speed.

At this time, in the first determination unit 133, the determination process of the character string in the character section is performed in order from the lighter determination process load, that is, in the order of the telephone number, the e-mail address, and the address. Can be executed efficiently.
In addition, since the second determination unit 136 regards all character sections that do not include inappropriate characters / unsuitable character strings as corresponding to names, electronic files that do not include inappropriate characters / unsuitable character strings for names, ie, It is possible to reliably determine an electronic file that is highly likely to contain name information and is likely to be a personal information file. That is, it is possible to reliably identify a file that is highly likely to be a personal information file (a suspicious file).

  Furthermore, in this embodiment, the character determination means 134 determines whether the number of characters in the character section is 1 or more and 6 or less and all the characters in the character section are kanji characters, and the characters satisfying this character determination condition. Since only the section is a collation target by the collation means 135, the character section to be collated by the collation means 135 is narrowed down to a character section having a higher possibility of a name, and the name collation accuracy can be improved. At the same time, name verification processing can be performed at high speed. In addition, since a long character section having more than 6 characters is excluded from the collation target by the collating means 135, it contributes to further speeding up the name collating process, that is, further speeding up the personal information file determining process. Become.

  In particular, according to the personal information search unit 116A of the present embodiment, when the cutout unit 132 cuts out text data as a determination target character segment, elements in the text data are not separated by clear delimiters. However, the boundary position between a 1-byte code character and a 2-byte code character, that is, the boundary position between a half-width character and a full-width character (a portion where a half-width character is followed by a full-width character or a portion where a half-width character is followed by a half-width character) or The text data is divided and cut out as a character section at the boundary position between the full-width arithmetic number and the character excluding the full-width arithmetic number and the hyphen.

  This makes it possible to mix addresses and names written in double-byte characters with text numbers such as phone numbers and e-mail addresses written in single-byte characters without being separated by delimiters in double-byte characters. Address, name, phone number, and e-mail address even if the address, name, etc. written in the text data and a numeric string such as a phone number written in double-byte characters are mixed in the text data without being separated by a delimiter A character section can be cut out for each personal information element. Therefore, it becomes possible to reliably determine personal information elements such as an address, name, telephone number, and e-mail address, and it is possible to efficiently and reliably determine a personal information file in a short time.

In addition, as an e-mail address determination condition by the e-mail address determination unit 133b, a character string in the character section to be determined includes “one or more ASCII characters” + “@ (at mark)” + “one or more ASCII characters” + “ . (Dot) "+" AS of one or more characters
“@ (At sign)” is used to display the unit price and unit by setting that the character string “CII character” is included and the last character of the character string is a half-width alphabetic character. A string of numbers that is “@ (at sign)” followed by “one or more half-width numbers” + “. (Dot)” + “one or more half-width numbers” (for example, “123@45.67 ") Can be reliably prevented from being erroneously determined as an e-mail address. Accordingly, it is possible to reliably determine the personal information element such as an e-mail address, and it is possible to efficiently and reliably determine the personal information file in a short time.

In the electronic mail address, the character string after the last “. (Dot)” after “@” is always an alphabetic character string such as “com”, “net”, and “jp” at present. In general, “@” is often used to display a unit price or a unit. For example, one of an article
When displaying the price and weight per piece, “@” may be used, such as “@ 100.00” or “@ 10.55”. For this reason, the e-mail address determination condition is simply that “one or more ASCII characters” + “@ (at mark)” + “one or more ASCII characters” + “. (Dot)” in the character string in the character section to be determined. + If a character string that is "one or more ASCII characters" is included, the above character strings containing "@ 100.00" or "@ 10.55" will be mistakenly recognized as e-mail addresses. However, by adding that the last character of the character string is a single-byte alphabetic character to the e-mail address judgment condition, the character string including the numeric character strings “@ 100.00” and “@ 10.55” as described above It is possible to reliably prevent erroneous recognition as an e-mail address.

  Further, as an address determination condition by the address determination unit 133c, “one or more full-width characters” + “city” or “ku” or “county” + “one or more full-width characters or half-width characters is added to the character string in the character section to be determined. ”And the first character of the character section to be judged and the initials of the 47 prefectures or city names. , When a character string that includes "county" in the middle but is not related to the address at all is mistakenly determined as an address, and when 47 prefecture names or city names are determined to match completely Compared with an extremely short time, it is possible to efficiently and reliably determine a character section with high accuracy as an address.

  Furthermore, the first character of the character string to be determined matches the initial character of the last name belonging to the upper predetermined number (for example, the top 3000 types) common to Japanese in the character determination condition (name determination condition) by the character determination means 134 By adding this, it is possible to efficiently and surely determine a character section with high accuracy as a name in a very short time compared with the case of determining perfect match of the last name.

Then, the server 30 (personal information management server function) manages the files determined to be personal information files according to the counting result (determination value level) obtained by the second determination means 136, For each personal information file, it is possible to select and execute a management method according to the judgment value level (high possibility of being a personal information file / the number of personal information elements). That is, as described above, the file determined to be a personal information file by the personal information searching means 116 / 116A corresponds to the server 30 (personal information management server function) according to the P mark (rank / level) given to the file. ) To notify the creator, circulation destination user, and system administrator of the caution information / warning information, forcibly capture and collect the file from the portable storage device 20 to prohibit circulation, The file can be stored in a folder accessible only to the administrator, and personal information can be prevented from being accidentally leaked or leaked or unauthorized use of personal information.

[4] Others The present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the spirit of the present invention.
For example, in the above-described embodiment, the function as three types of servers (authentication server, access management server, personal information management server) is realized by one server 30, but these servers are divided into two servers. It may be realized or may be realized by dividing it into three servers.

  Further, in the above-described embodiment, the case where it is determined whether or not the file stored in the portable storage device 20 is a personal information file has been described. It is also applied in the same manner as described above to determine whether or not the file contains certain information), and the same operational effects as in the above embodiment can be obtained. Can be reliably prevented from being illegally used. In that case, as an inappropriate character or inappropriate character string, a character or a character string that cannot appear in the confidential information is set.

  Further, in the above-described embodiment, the determination condition for the name is set such that an inappropriate character / unsuitable character string preset as a Chinese character / character string that cannot appear in the name is not included in the character section to be determined. However, it may be further added to the address determination condition that an inappropriate character / unsuitable character string preset as a kanji / kanji character string that cannot appear in the address is not included in the character section to be determined. .

  Furthermore, in the above-described embodiment, the case where the personal information elements other than the name are three elements of the telephone number, the e-mail address, and the address has been described. However, the present invention is not limited to this, and the name is As other personal information elements, for example, date of birth, basic resident register number, account number, credit card number, license number, passport number, etc. may be used.

  By the way, as described above, the functions (all or a part of the functions) of the information processing terminal 10 as the recognition unit 111, the authentication request unit 112, and the switching unit 113 described above are performed by the processing unit 11 in the information processing terminal. This is realized by executing a predetermined application program installed in advance in ten storage units 15.

  In addition, as described above, the processing unit 11 functions as the above-described decryption key request unit 114 and decryption unit 115 in the information processing terminal 10 by the processing unit 11 in the portable storage device 20. This is realized by executing predetermined unencrypted software installed in advance.

  Further, as described above, the functions (all or a part of the functions) of the information processing terminal 10 as the personal information search unit 116 and the notification unit 117 are performed by the processing unit 11 in the portable storage device 20. This is executed by executing a personal information search program installed in advance.

  In the server 30, as the above-described personal authentication unit 311, device authentication unit 312, software authentication unit 313, notification unit 314, recording unit 315, determination unit 316, decryption key transmission unit 317, investigation unit 318, and installation unit 319. This function (all or a part of the functions of each unit) is realized by the processing unit 31 executing a predetermined application program installed in advance in the storage unit 32 of the server 30 as described above.

  Then, a predetermined application program installed in advance in the storage unit 15 of the information processing terminal 10, predetermined unencrypted software installed in advance in the portable storage device 20, or in advance in the portable storage device 20. The personal information search program to be installed and the predetermined application program installed in advance in the storage unit 32 of the server 30 are, for example, a flexible disk, CD (CD-ROM, CD-R, CD-RW, etc.), DVD (DVD -ROM, DVD-RAM, DVD-R, DVD-RW, DVD + R, DVD + RW, etc.) and the like. In this case, the computer reads a predetermined application program from the recording medium, transfers it to an internal storage device or an external storage device, and uses it. Further, the program may be recorded in a storage device (recording medium) such as a magnetic disk, an optical disk, or a magneto-optical disk, and provided from the storage device to a computer via a communication line.

  Here, the computer is a concept including hardware and an OS (operating system), and means hardware operating under the control of the OS. Further, when the OS is unnecessary and the hardware is operated by the application program alone, the hardware itself corresponds to the computer. The hardware includes at least a microprocessor such as a CPU and means for reading a computer program recorded on a recording medium. The personal information search program and the application program as the personal information management server program include program codes that cause the computers (processing units 11 and 31) to realize the functions of the units 111 to 117 and 311 to 319. . Also, some of the functions may be realized by the OS instead of the application program.

  Furthermore, as a recording medium in the present embodiment, in addition to the flexible disk, CD, DVD, magnetic disk, optical disk, and magneto-optical disk described above, an IC card, ROM cartridge, magnetic tape, punch card, computer internal storage device (RAM) In addition, various computer-readable media such as an external storage device or a printed matter on which a code such as a barcode is printed can be used.

[5] Appendix (Appendix 1)
At least a processing unit that executes various processes, an input unit that inputs information to the processing unit, an output unit that outputs a processing result by the processing unit, and an external device side to connect an external device to the processing unit An information processing terminal having a connection port into which the connector is inserted; and
A portable storage device that stores various software and data and can be connected to the connection port as the external device;
An authentication server connected to the information processing terminal and configured to authenticate the portable storage device connected to the connection port of the information processing terminal;
The information processing terminal
Recognition means for recognizing that the portable storage device is connected to the connection port;
When recognizing that the portable storage device is connected to the connection port by the recognition means, an authentication requesting means for requesting the authentication server to authenticate the portable storage device;
When the validity of the portable storage device and the user of the portable storage device is authenticated as a result of the authentication executed by the authentication server in response to the request by the authentication request means, the processing state by the processing unit is changed. The various software and data stored in the portable storage device are used on the portable storage device from an internal processing state in which processing is performed using the software and data stored on the information processing terminal side. And switching means for switching to an external processing state in which processing is performed,
The authentication server is
Upon receiving an authentication request for the portable storage device from the information processing terminal, the user is authorized based on personal authentication information input from the input unit of the information processing terminal by the user of the portable storage device. Personal authentication means for determining whether or not the user is personal and performing personal authentication of the user;
When the authentication request for the portable storage device is received from the information processing terminal, is the portable storage device a management target device of the authentication server based on device identification information automatically read from the portable storage device? Device authentication means for determining whether or not to perform device authentication of the portable storage device;
When an authentication request for the portable storage device is received from the information processing terminal, software stored in the portable storage device (hereinafter referred to as software at login) and the portable storage device are transferred to the information processing terminal. Software authentication means for performing software authentication by comparing with software stored at the time of the last connection (hereinafter referred to as log-off software) and determining whether or not these software matches. When,
The personal authentication means authenticates that the user is a valid user, and the apparatus authentication means authenticates that the portable storage device is a management target apparatus of the authentication server, and When it is determined by the software authentication means that the log-in software and the log-off software match, the portable storage device and the validity of the user of the portable storage device are authenticated And an information means for notifying the information processing terminal of the fact as a result of authentication.

(Appendix 2)
The authentication server is
When the validity of the portable storage device and the user of the portable storage device is authenticated, the processing state of the processing unit of the information processing terminal is switched to the external processing state, and the portable storage device is opened. The information processing system according to appendix 1, further comprising recording means for judging that the information is recorded as a history.

(Appendix 3)
In the information processing terminal, when the external processing state using the portable storage device is terminated, the switching unit switches the processing state by the processing unit from the external processing state to the internal processing state. The information processing system according to Supplementary Note 1 or Supplementary Note 2.

(Appendix 4)
In the authentication server, if the user is not authenticated by the personal authentication unit, or if the portable storage device is a device to be managed by the authentication server by the device authentication unit Is not authenticated, or when it is determined by the software authentication means that the log-in software and the log-off software do not match, the notifying means is the portable storage device or Judging that the authentication of the user of the portable storage device has failed, notifies the information processing terminal as a result of the authentication,
In the information processing terminal that has received a notification of authentication failure from the authentication server, the switching unit prohibits switching from the internal processing state to the external processing state, and a user of the portable storage device through the output unit The information processing system according to any one of Supplementary Note 1 to Supplementary Note 3, wherein an authentication failure is notified to.

(Appendix 5)
An access management server connected to the information processing terminal and managing access to encrypted information in the portable storage device connected to the connection port of the information processing terminal;
In the portable storage device, among the various software and data, software and data other than predetermined software are encrypted as encrypted information encrypted using an encryption key managed by the access management server. Remembered,
The processing unit of the information processing terminal
When recognizing that the portable storage device is connected to the connection port by the recognition means, by executing the predetermined software in the portable storage device,
Authentication information about the encrypted information input from the input unit of the information processing terminal by the user of the encrypted information is transmitted, and a decryption key corresponding to the encrypted information is transmitted to the access management server. Requesting decryption key request means, and
Configured to serve as a decryption means for decrypting the encrypted information using the decryption key received from the access management server in response to a request from the decryption key request means;
The access management server is
Determining means for determining whether or not a user of the encrypted information is a valid user based on the authentication information upon receiving authentication information about the encrypted information from the information processing terminal;
And a decryption key transmitting means for transmitting a decryption key for decrypting the encrypted information to the information processing terminal when the determination means determines that the user of the encrypted information is a valid user. It is comprised, The information processing system as described in any one of the additional remarks 1 to 4 characterized by the above-mentioned.

(Appendix 6)
The information processing system according to appendix 5, wherein the authentication server also has a function as the access management server.

(Appendix 7)
A personal information management server connected to the information processing terminal for managing personal information files in the portable storage device;
The personal information management server
Investigation means for investigating whether or not a personal information search program is included in the various types of software in the portable storage device;
As a result of the investigation by the investigation means, when the personal information program is not included, the personal information program is configured to include an installation means for installing the personal information search program in the portable storage device through the information processing terminal.
The processing unit of the information processing terminal
By executing the personal information search program installed in the portable storage device,
Personal information search means for searching and specifying a personal information file from data in the portable storage device; and
Any one of Supplementary notes 1 to 6, wherein the personal information search means is configured to serve as a notification means for notifying a user or the personal information management server of a search result by the personal information search means. The information processing system described.

(Appendix 8)
The information processing system according to appendix 7, wherein the authentication server also has a function as the personal information management server.

(Appendix 9)
The personal information searching means
For each file included in the data in the portable storage device, a character or character string included in the file is collated with a character or character string preset as a character or character string characteristically appearing in personal information And counting means for counting the number of times the feature character or the feature character string appears in the file,
9. The information processing system according to appendix 7 or appendix 8, wherein the information processing system comprises: a determination unit that determines whether or not the file is a personal information file based on a counting result by the counting unit.

(Appendix 10)
The personal information searching means
It is determined whether the determination target file is a personal information file having a predetermined number of personal information elements that can identify a specific individual,
Extracting means for extracting text data included in the determination target file;
Cutting out means for cutting out character sections delimited by delimiters from the text data extracted by the extracting unit;
By determining whether or not the character string in the character section cut by the cutting means satisfies any one of the preset telephone number determination condition, e-mail address determination condition, and address determination condition, First determination means for determining whether or not any one of a telephone number, an e-mail address, and an address, which is a personal information element other than a name,
Whether or not the number of characters in the character section determined not to correspond to any of the telephone number, the e-mail address, and the address by the first determination means is within a predetermined range, and whether or not the character in the character section is a Chinese character Character determining means for determining;
A character section that is determined by the character determining means to be within the predetermined range and to be a kanji character is a character or character string included in the character section and a kanji or kanji character string that is not set in advance in the name. Collating means for collating appropriate characters or inappropriate character strings to determine whether the character section includes the inappropriate characters or inappropriate character strings;
The number of character sections determined to correspond to any one of a telephone number, an e-mail address, and an address by the first determination means and the inappropriate character or inappropriate character string is not included by the matching means. The number of determined character sections is counted, and based on the count result, the second determination means for determining whether or not the determination target file is a personal information file is provided. The information processing system according to appendix 7 or appendix 8.

(Appendix 11)
In the first determination means, it is determined whether or not the character string in the character section cut out by the cutting means corresponds to a telephone number, and if it does not correspond to a telephone number, whether or not it corresponds to an e-mail address. If it does not correspond to an e-mail address, it is determined whether or not it corresponds to an address, and when it is determined that it corresponds to any one of a telephone number, an e-mail address, and an address, the character string 11. The information processing system according to appendix 10, characterized in that the determination process is terminated.

(Appendix 12)
The second determination unit regards the character string in the character section determined not to include the inappropriate character or the inappropriate character string by the matching unit as a personal information element corresponding to the name, and the determination target file is The information processing system according to appendix 10 or appendix 11, wherein it is determined whether the file is a personal information file.

(Appendix 13)
The second determination means determines the number of character sections determined by the first determination means as corresponding to any one of a telephone number, an e-mail address, and an address based on the counting result and the collation means. A determination value that increases as the number of character sections determined not to include the inappropriate character or inappropriate character string increases, and when the calculated determination value exceeds a predetermined threshold, the determination target file The information processing system according to any one of Supplementary Note 10 to Supplementary Note 12, wherein it is determined that is a personal information file.

(Appendix 14)
At least a processing unit that executes various processes, an input unit that inputs information to the processing unit, an output unit that outputs a processing result by the processing unit, and an external device side to connect an external device to the processing unit An information processing terminal having a connection port into which the connector is inserted; and
In an information processing system that stores various software and data and includes a portable storage device that can be connected to the connection port as the external device,
An authentication server that is connected to the information processing terminal and that authenticates the portable storage device connected to the connection port of the information processing terminal;
Upon receiving an authentication request for the portable storage device from the information processing terminal, the user is authorized based on personal authentication information input from the input unit of the information processing terminal by the user of the portable storage device. Personal authentication means for determining whether or not the user is personal and performing personal authentication of the user;
When the authentication request for the portable storage device is received from the information processing terminal, is the portable storage device a management target device of the authentication server based on device identification information automatically read from the portable storage device? Device authentication means for determining whether or not to perform device authentication of the portable storage device;
When an authentication request for the portable storage device is received from the information processing terminal, software stored in the portable storage device (hereinafter referred to as software at login) and the portable storage device are transferred to the information processing terminal. Software authentication means for performing software authentication by comparing with software stored at the time of the last connection (hereinafter referred to as log-off software) and determining whether or not these software matches. When,
The personal authentication means authenticates that the user is a valid user, and the apparatus authentication means authenticates that the portable storage device is a management target apparatus of the authentication server, and When it is determined by the software authentication means that the log-in software and the log-off software match, the portable storage device and the validity of the user of the portable storage device are authenticated An authentication server comprising: a notification means that determines that the information processing terminal is notified as a result of authentication.

(Appendix 15)
When the validity of the portable storage device and the user of the portable storage device is authenticated, the processing state of the processing unit of the information processing terminal is switched to the external processing state, and the portable storage device is opened. 15. The authentication server according to appendix 14, further comprising recording means for judging that the information is recorded as a history.

(Appendix 16)
When the personal authentication means does not authenticate the user as a valid user, or the apparatus authentication means does not authenticate that the portable storage device is a management target apparatus of the authentication server Or when the software authentication means determines that the log-in software and the log-off software do not match, the notifying means is the portable storage device or the portable storage device. The authentication server according to appendix 14 or appendix 15, characterized in that it is determined that authentication of the legitimacy of the user has failed and is notified to the information processing terminal as a result of authentication.

(Appendix 17)
In order to serve as an access management server for managing access to encrypted information in the portable storage device connected to the connection port of the information processing terminal,
Determining means for determining whether or not a user of the encrypted information is a valid user based on the authentication information upon receiving authentication information about the encrypted information from the information processing terminal;
And a decryption key transmitting means for transmitting a decryption key for decrypting the encrypted information to the information processing terminal when the determination means determines that the user of the encrypted information is a valid user. The authentication server according to any one of appendix 14 to appendix 16, wherein the authentication server is configured.

(Appendix 18)
In order to fulfill the function as a personal information management server for managing personal information files in the portable storage device,
Investigation means for investigating whether or not a personal information search program is included in the various types of software in the portable storage device;
When the personal information program is not included as a result of the investigation by the investigation means, the information processing terminal is configured to include an installation means for installing the personal information search program in the portable storage device through the information processing terminal. The authentication server according to any one of Appendix 14 to Appendix 17.

(Appendix 19)
At least a processing unit that executes various processes, an input unit that inputs information to the processing unit, an output unit that outputs a processing result by the processing unit, and an external device side to connect an external device to the processing unit An information processing terminal having a connection port into which the connector is inserted; and
In an information processing system that stores various software and data and includes a portable storage device that can be connected to the connection port as the external device,
An authentication server program that causes a computer to function as an authentication server that is connected to the information processing terminal and that authenticates the portable storage device connected to the connection port of the information processing terminal,
Upon receiving an authentication request for the portable storage device from the information processing terminal, the user is authorized based on personal authentication information input from the input unit of the information processing terminal by the user of the portable storage device. Personal authentication means for determining whether or not the user is personal and performing personal authentication of the user;
When the authentication request for the portable storage device is received from the information processing terminal, is the portable storage device a management target device of the authentication server based on device identification information automatically read from the portable storage device? Device authentication means for determining whether or not to perform device authentication of the portable storage device,
When an authentication request for the portable storage device is received from the information processing terminal, software stored in the portable storage device (hereinafter referred to as software at login) and the portable storage device are transferred to the information processing terminal. Software authentication means for performing software authentication by comparing with software stored at the time of the last connection (hereinafter referred to as log-off software) and determining whether or not these software matches. ,and,
The personal authentication means authenticates that the user is a valid user, and the apparatus authentication means authenticates that the portable storage device is a management target apparatus of the authentication server, and When it is determined by the software authentication means that the log-in software and the log-off software match, the portable storage device and the validity of the user of the portable storage device are authenticated An authentication server program that causes the computer to function as notification means for determining that the information processing terminal is notified as a result of authentication.

(Appendix 20)
When the validity of the portable storage device and the user of the portable storage device is authenticated, the processing state of the processing unit of the information processing terminal is switched to the external processing state, and the portable storage device is opened. The authentication server program according to appendix 19, wherein the computer is made to function as a recording unit that records the fact as a history.

(Appendix 21)
When the personal authentication means does not authenticate the user as a valid user, or the apparatus authentication means does not authenticate that the portable storage device is a management target apparatus of the authentication server Or when the software authentication means determines that the log-in software and the log-off software do not match, the notifying means is the portable storage device or the portable storage device. Supplementary note 19 or Supplementary note, wherein the computer is caused to function so as to determine that the authentication of the legitimacy of the user has failed and to notify the information processing terminal of the fact as a result of the authentication 20. The authentication server program according to 20.

It is a block diagram which shows the structure of the information processing system as one Embodiment of this invention. It is a block diagram which shows the function structure of the information processing terminal and portable storage device in the information processing system of this embodiment. It is a block diagram which shows the function structure of the server (Authentication server / Access management server / Personal information management server) in the information processing system of this embodiment. It is a block diagram which shows the 1st example of a function structure of the personal information search means in this embodiment. It is a block diagram which shows the 2nd example of a function structure of the personal information search means in this embodiment. It is a flowchart for demonstrating operation | movement of the information processing terminal in the information processing system of this embodiment. It is a flowchart for demonstrating operation | movement of the server (Authentication server / Access management server / Personal information management server) in the information processing system of this embodiment. It is a figure which shows the specific example of the quarantine table used in the personal information search means shown in FIG. It is a figure which shows the specific example of a title header. 5 is a flowchart for explaining the operation (first search method) of the personal information search means shown in FIG. It is a flowchart for demonstrating operation | movement (2nd search method) of the personal information search means shown in FIG. It is a flowchart for demonstrating operation | movement (operation | movement as a personal information management server) of the server of this embodiment.

Explanation of symbols

1 Information processing system 10 Information processing terminal (PC)
11 Processing unit (CPU)
12 Input section (keyboard, mouse)
13 Output unit (display)
14 Connection port 15 Storage unit (HD)
16 Transmission / Reception Unit 111 Recognition Unit 112 Authentication Request Unit 113 Switching Unit 114 Decryption Key Request Unit 115 Decryption Unit 116, 116A Personal Information Search Unit 117 Notification Unit 121 Extraction Unit 122 Count Unit 123 Determination Unit 124 Quarantine Table 131 Extraction Unit 132 Extraction Means 133 First judgment means 133a Telephone number judgment means 133b Email address judgment means 133c Address judgment means 134 Character judgment means 135 Collation means 136 Second judgment means 137 Quarantine table 20 Portable storage device 21 Connector 30 Server (authentication server / access) Management server / personal information management server)
31 Processing unit (CPU)
32 Storage unit (HD)
33 Transmission / Reception Unit 311 Personal Authentication Unit 312 Device Authentication Unit 313 Software Authentication Unit 314 Notification Unit 315 Recording Unit 316 Determination Unit 317 Decryption Key Transmission Unit 318 Investigation Unit 319 Installation Unit 40 Network (Internet, Internal LAN)

Claims (13)

At least a processing unit that executes various processes, an input unit that inputs information to the processing unit, an output unit that outputs a processing result by the processing unit, and an external device side to connect an external device to the processing unit An information processing terminal having a connection port into which the connector is inserted; and
A portable storage device that stores various software and data and can be connected to the connection port as the external device;
An authentication server connected to the information processing terminal and configured to authenticate the portable storage device connected to the connection port of the information processing terminal;
The information processing terminal
Recognition means for recognizing that the portable storage device is connected to the connection port;
When recognizing that the portable storage device is connected to the connection port by the recognition means, an authentication requesting means for requesting the authentication server to authenticate the portable storage device;
When the validity of the portable storage device and the user of the portable storage device is authenticated as a result of the authentication executed by the authentication server in response to the request by the authentication request means, the processing state by the processing unit is changed. The various software and data stored in the portable storage device are used on the portable storage device from an internal processing state in which processing is performed using the software and data stored on the information processing terminal side. And switching means for switching to an external processing state in which processing is performed,
The authentication server is
Upon receiving an authentication request for the portable storage device from the information processing terminal, the user is authorized based on personal authentication information input from the input unit of the information processing terminal by the user of the portable storage device. Personal authentication means for determining whether or not the user is personal and performing personal authentication of the user;
When the authentication request for the portable storage device is received from the information processing terminal, is the portable storage device a management target device of the authentication server based on device identification information automatically read from the portable storage device? Device authentication means for determining whether or not to perform device authentication of the portable storage device;
When an authentication request for the portable storage device is received from the information processing terminal, software stored in the portable storage device (hereinafter referred to as software at login) and the portable storage device are transferred to the information processing terminal. Software authentication means for performing software authentication by comparing with software stored at the time of the last connection (hereinafter referred to as log-off software) and determining whether or not these software matches. When,
The personal authentication means authenticates that the user is a valid user, and the apparatus authentication means authenticates that the portable storage device is a management target apparatus of the authentication server, and When it is determined by the software authentication means that the log-in software and the log-off software match, the portable storage device and the validity of the user of the portable storage device are authenticated And an information means for notifying the information processing terminal of the fact as a result of authentication. The authentication server is
When the validity of the portable storage device and the user of the portable storage device is authenticated, the processing state of the processing unit of the information processing terminal is switched to the external processing state, and the portable storage device is opened. The information processing system according to claim 1, further comprising recording means for determining that the information has been recorded and recording the fact as a history.   In the information processing terminal, when the external processing state using the portable storage device is terminated, the switching unit switches the processing state by the processing unit from the external processing state to the internal processing state. The information processing system according to claim 1 or 2. In the authentication server, if the user is not authenticated by the personal authentication unit, or if the portable storage device is a device to be managed by the authentication server by the device authentication unit Is not authenticated, or when it is determined by the software authentication means that the log-in software and the log-off software do not match, the notifying means is the portable storage device or Judging that the authentication of the user of the portable storage device has failed, notifies the information processing terminal as a result of the authentication,
In the information processing terminal that has received a notification of authentication failure from the authentication server, the switching unit prohibits switching from the internal processing state to the external processing state, and a user of the portable storage device through the output unit The information processing system according to any one of claims 1 to 3, wherein authentication failure is notified. An access management server connected to the information processing terminal and managing access to encrypted information in the portable storage device connected to the connection port of the information processing terminal;
In the portable storage device, among the various software and data, software and data other than predetermined software are encrypted as encrypted information encrypted using an encryption key managed by the access management server. Remembered,
The processing unit of the information processing terminal
When recognizing that the portable storage device is connected to the connection port by the recognition means, by executing the predetermined software in the portable storage device,
Authentication information about the encrypted information input from the input unit of the information processing terminal by the user of the encrypted information is transmitted, and a decryption key corresponding to the encrypted information is transmitted to the access management server. Requesting decryption key request means, and
Configured to serve as a decryption means for decrypting the encrypted information using the decryption key received from the access management server in response to a request from the decryption key request means;
The access management server is
Determining means for determining whether or not a user of the encrypted information is a valid user based on the authentication information upon receiving authentication information about the encrypted information from the information processing terminal;
And a decryption key transmitting means for transmitting a decryption key for decrypting the encrypted information to the information processing terminal when the determination means determines that the user of the encrypted information is a valid user. It is comprised, The information processing system as described in any one of Claims 1-4 characterized by the above-mentioned.   6. The information processing system according to claim 5, wherein the authentication server also has a function as the access management server. A personal information management server connected to the information processing terminal for managing personal information files in the portable storage device;
The personal information management server
Investigation means for investigating whether or not a personal information search program is included in the various types of software in the portable storage device;
As a result of the investigation by the investigation means, when the personal information program is not included, the personal information program is configured to include an installation means for installing the personal information search program in the portable storage device through the information processing terminal.
The processing unit of the information processing terminal
By executing the personal information search program installed in the portable storage device,
Personal information search means for searching and specifying a personal information file from data in the portable storage device; and
7. The system according to claim 1, wherein the personal information search unit is configured to serve as a notification unit that notifies a user or the personal information management server of a search result by the personal information search unit. Information processing system according to item.   8. The information processing system according to claim 7, wherein the authentication server also has a function as the personal information management server. The personal information searching means
For each file included in the data in the portable storage device, a character or character string included in the file is collated with a character or character string preset as a character or character string characteristically appearing in personal information And counting means for counting the number of times the feature character or the feature character string appears in the file,
9. The information processing according to claim 7, further comprising: a determination unit that determines whether or not the file is a personal information file based on a counting result by the counting unit. system. The personal information search means
It is determined whether the determination target file is a personal information file having a predetermined number of personal information elements that can identify a specific individual,
Extraction means for extracting text data included in the determination target file;
Cutting out means for cutting out character sections delimited by delimiters from the text data extracted by the extracting unit;
By determining whether or not the character string in the character section cut by the cutting means satisfies any one of the preset telephone number determination condition, e-mail address determination condition, and address determination condition, First determination means for determining whether or not any one of a telephone number, an e-mail address, and an address, which is a personal information element other than a name,
Whether or not the number of characters in the character section determined not to correspond to any of the telephone number, the e-mail address, and the address by the first determination means is within a predetermined range, and whether or not the character in the character section is a Chinese character Character determining means for determining;
A character section that is determined by the character determining means to be within the predetermined range and to be a kanji character is a character or character string included in the character section and a kanji or kanji character string that is not set in advance in the name. Collating means for collating appropriate characters or inappropriate character strings to determine whether the character section includes the inappropriate characters or inappropriate character strings;
The number of character sections determined to correspond to any one of a telephone number, an e-mail address, and an address by the first determination means and the inappropriate character or inappropriate character string is not included by the matching means. The number of determined character sections is counted, and based on the count result, the second determination means for determining whether or not the determination target file is a personal information file. The information processing system according to claim 7 or 8.   In the first determination means, it is determined whether or not the character string in the character section cut out by the cutting means corresponds to a telephone number, and if it does not correspond to a telephone number, whether or not it corresponds to an e-mail address. If it does not correspond to an e-mail address, it is determined whether or not it corresponds to an address, and when it is determined that it corresponds to any one of a telephone number, an e-mail address, and an address, the character string The information processing system according to claim 10, wherein the determination process is terminated. The second determination unit regards the character string in the character section determined not to include the inappropriate character or the inappropriate character string by the matching unit as a personal information element corresponding to the name, and the determination target file is The information processing system according to claim 10 or 11, wherein it is determined whether or not the file is a personal information file.   The second determining means determines the number of character sections determined by the first determining means to correspond to any one of a telephone number, an e-mail address, and an address based on the counting result and the collating means. A determination value that increases as the number of character sections determined not to include the inappropriate character or inappropriate character string increases, and when the calculated determination value exceeds a predetermined threshold, the determination target file The information processing system according to claim 10, wherein the information processing system is determined to be a personal information file.

Images