JP2008077239A - Document management system, document management method, document browsing apparatus and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To secure documents by a simple structure in a document management system. <P>SOLUTION: The document management system connects a client PC 2 for managing document data and a server via a LAN 4. The client PC 2 comprises a secondary storage part 23 for storing document data, a communication part 26 for communicating with the server, and a document processing part 21 for permitting to interpret the document data stored in the secondary storage part 23 as document content information when the communication part 26 successfully communicates with the server and prohibiting the interpretation of the document data as document content information when the communication part 26 fails in communication with the server. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a document management system that manages document data, and more particularly to a document management system that manages document data that requires confidentiality.

  In recent years, there have been devices and software that manage document data such as data read by a scanner or a document created by an application on a personal computer (PC). A typical example is document handling software such as Adobe Acrobat (registered trademark) of Adobe Systems. For example, in this Adobe Acrobat, a paper document read by a scanner can be digitized and managed, and even document data created by different applications can be managed as a single document.

On the other hand, with the recent remarkable development of network technology, document data can be easily exchanged and distributed. In particular, since the Internet, a local area network (LAN), and the like are widely used, document data is exchanged and distributed through such a network frequently and widely.
Therefore, for example, in an apparatus for managing document data as described above, there is an increased risk of leakage of highly confidential document data via a network. In other words, document data leaked from the network can occur in various forms, such as when the document data stored in a server or the like is illegally acquired, or when a rightful document acquisition authority acquires the document data by mistake. A situation has arisen. Therefore, various techniques have been proposed to ensure confidentiality of documents.

Conventionally, such a technique is limited to a case where identification information (for example, a password) specifying a user is correctly input or a case where the user has a valid private key. A method that enables browsing of contents such as files is known.
As a specific example, when a user intends to use a document file or the like registered in a document server, a certificate and document file for identifying the user are sent from the client device of the user to the server. The document identification information (ID) to be identified is sent, and on the server side, the terms of use for the document file are determined based on the certificate and the document ID, and the document file encrypted with the user's public key is sent. In the client device, there is a technique of decrypting a document file with a user's private key in accordance with a usage rule (for example, see Patent Document 1).

  In addition, when an electronic document including a document file to be browsed and browsing restriction information of the document file is stored in the server and the electronic document is provided from the server to the client device, the electronic document is browsed by the client device. When it is confirmed that the electronic document is via the communication protocol, that is, when the electronic document is an electronic document existing on the server, the document file can be browsed within the range restricted by the browsing restriction information. On the other hand, when it is confirmed that the electronic document to be viewed on the client device is not via the communication protocol, that is, when the electronic document is located in the client device (when offline), the browsing is restricted. Technology exists (see, for example, Patent Document 2).

JP 2004-30056 (page 3-4) Japanese Patent Laying-Open No. 2001-356953 (page 4-6)

However, as in the technique described in Patent Document 1 described above, in a method of confirming whether a user is an owner of valid identification information, a secret key, or the like by communication with a server, the following is performed. There is an inconvenience. That is, since it is necessary to install and maintain a dedicated server for authenticating user identification information and the like, the configuration of the entire system becomes complicated and expensive. Furthermore, when the number of target users increases, the number of identification information and the like corresponding to the number of users must be prepared, so that system management becomes complicated. In addition, the user has to perform troublesome input operations such as input of identification information.
On the other hand, in the technique described in Patent Document 2 described above, every time document data is browsed, the document data is acquired by communicating with the server. The load of increases. For this reason, there is a problem that the configuration of the entire system becomes complicated and expensive, such that the server needs high processing capability and the network line capacity must be increased.

  Accordingly, the present invention has been made to solve the technical problems as described above, and an object thereof is to ensure confidentiality of a document with a simple configuration in a document management system.

  For this purpose, the document management system of the present invention is a document management system in which a terminal device that manages document data and an external device are connected via a network, and the terminal device stores document data. The communication means for communicating with the external device, and the communication means permits the interpretation of the document data stored in the storage means as document content information when the communication means can be connected to the external device. A document processing unit is provided that does not allow document data to be interpreted as document content information when it cannot be connected to an external device.

Here, the communication means can perform communication with an external device designated by communication destination information added to the document data.
The terminal device further includes decryption means for decrypting the document data encrypted with a predetermined encryption key, and the communication means is connected to the encryption key from the external device when it can be connected to the external device. And the decrypting means decrypts the document data stored in the storage means using the decryption key acquired by the communication means.

  Further, the terminal device further includes a decrypting unit that decrypts the document data encrypted with a predetermined encryption key, and the communication unit is connected to the encryption key from the external device when the external device can be connected. The second decryption key paired with the second encryption key obtained by encrypting the first decryption key forming the first decryption key is obtained, and the decryption means transmits the encrypted first decryption key added to the document data. , The first decryption key is decrypted using the second decryption key obtained by the communication means, and the document data stored in the storage means is decrypted using the first decryption key. Can also be characterized.

In addition, the terminal device further includes decryption means for decrypting the document data encrypted with a predetermined encryption key, and the communication means receives the encryption key from the external device when it can be connected to the external device. And a second decryption key paired with the second encryption key added to the document data, the first decryption key encrypted with the second encryption key is obtained. The key is obtained, and the first decryption key obtained by the communication means is decrypted using the second decryption key obtained from the document data, and stored in the storage means using the first decryption key. The document data can be decrypted.
Further, the document processing means may further perform a display process for displaying the interpreted document data. Further, the document processing means acquires display control information for setting a restriction on the display of the document added to the document data, and displays the document display condition based on the display control information and the success or failure of the connection with the external device. Can be characterized. Further, the document processing means obtains editing control information for setting a restriction on editing of the document added to the document data, and determines whether the document processing means is based on the editing control information and the success or failure of the connection with the external device. The editing process that can be executed is determined.

  Further, the present invention is regarded as a document management method. The document management method of the present invention is a document management method for managing document data, and is connected to a terminal device from a terminal device that holds the document data via a network. A communication step that attempts to communicate with an external device, a data acquisition step that acquires document data from storage means provided in the terminal device, and if the connection to the external device is established, the acquired document data is interpreted as document content information. And a data processing step in which the document data is not interpreted as the document content information when it cannot be connected to the external device.

  Here, it further includes a decryption step of decrypting the document data encrypted with a predetermined encryption key, and the communication step is a decryption paired with the encryption key from the external device when it is connected to the external device. The key may be obtained, and the decrypting step may be characterized by decrypting the document data obtained from the storage unit using the obtained decryption key. Further, the communication step can be characterized in that communication with an external device designated by communication destination information added to the document data is attempted.

  Further, the present invention is regarded as a document browsing device, and the document browsing device of the present invention is a document browsing device connected to an external device via a network, and communication between the storage means for storing document data and the external device. When the communication means can connect to the external device, the document data stored in the storage means is interpreted as document content information, and when the communication means cannot connect to the external device, the document data is The document interpreting means that is not interpreted as the content information and the display means for displaying the document data interpreted by the document interpreting means are provided.

  Here, the document interpretation means obtains display control information for setting a restriction on the display of the document added to the document data, and the display means determines whether or not the display control information is connected to the external device based on the display control information. Further, the display condition of the document can be further determined. Further, the present invention can be characterized by further comprising data generation means for generating document data including document content information and URI information or information corresponding to the URI regarding one or a plurality of external devices as communication destinations. .

Further, the present invention is regarded as a program, and the program of the present invention is a program for causing a computer to execute processing of document data, and obtains document data from a storage means and a function for communicating with an external device via a network. And a function that interprets the acquired document data as document content information when it can be connected to an external device and does not interpret the document data as document content information when it cannot be connected to an external device. It is characterized by letting.
Here, when a connection with the external device is established, a decryption key that is paired with the encryption key used when encrypting the document data is obtained from the external device or the document data, and the obtained decryption key is used. Further, it can be characterized by further having a function of decrypting the encrypted document data.

  Note that this program may be executed by loading a program stored in a reserved area such as a hard disk into the RAM, for example. In addition, there is a form that is executed by the CPU in a state stored in the ROM in advance. Further, when a rewritable ROM such as an EEPROM is provided, only a program may be provided and installed in the ROM after the device is assembled. In providing this program, it is also conceivable that the program is transmitted to a computer having a data recording device via a network such as the Internet and installed in a ROM of the data recording device.

  According to the present invention, in a document management system, it is possible to suppress leakage of document data with a simple configuration.

Embodiments of the present invention will be described below in detail with reference to the accompanying drawings.
[Embodiment 1]
FIG. 1 is a diagram showing the overall configuration of a document management system to which the present embodiment is applied. A document management system 1 shown in FIG. 1 includes a client PC (Personal Computer) 2 (2A to 2C) as an example of a terminal device installed in a work space (for example, a desk) of a user (user), for example. A server 3 as an example of an external device is connected via a local area network (LAN) 4 such as Ethernet (registered trademark), for example, and is configured to be capable of bidirectional communication. The communication line used for the LAN 4 may include a telephone line and a satellite communication line (for example, a spatial transmission line in digital satellite broadcasting). Here, in the document management system 1 according to the present embodiment, a plurality of client PCs 2 are connected to the LAN 4, but in the configuration shown in FIG. 1, three client PCs 2A to 2C are connected as an example. Shows the case.
The LAN 4 of the present embodiment is connected to the external Internet 6 via the firewall device 5. The firewall device 5 has a function of blocking unnecessary access according to a predetermined rule for access to the LAN 4 from the external PC 7 (7A, 7B) connected to the external Internet 6. On the other hand, the client PC 2 in the LAN 4 has a function for permitting access to the external Internet 6.

  The client PC 2 has a function of creating / saving / editing a document composed of characters, graphics, photographs, etc., and a function of distributing the created document to other client PCs 2 connected to the LAN 4. Here, FIG. 2 is a block diagram illustrating a functional configuration of the client PC 2. As shown in FIG. 2, the client PC 2 includes a control unit 20 that controls the entire client PC 2, and document processing means for executing interpretation of document data, document data creation / editing processing, and the like according to a predetermined processing program (application software). As an example, a document processing unit 21, a memory unit 22 used as a working memory of the document processing unit 21, a storage unit realized by, for example, a hard disk (Hard Disk Drive) in which document data, a processing program, and the like are stored The secondary storage unit 23 as an example, the operation unit 24 that accepts an operation input from the user, for example, a mouse or a keyboard, a display unit 25 that displays various information to the user, and the communication with the LAN 4 are controlled. As an example of communication means realized by a LAN card or a modem, the communication unit 26, a DVD-RAM, And an input unit 27 for inputting data from a storage medium such as Sshumemori (storage means).

FIG. 3 is a block diagram illustrating the functional configuration of the server 3. As illustrated in FIG. 3, the server 3 includes a communication unit 31, a reception unit 32, a control unit 33, an access signal generation unit 34, and a transmission unit 35.
The communication unit 31 controls communication with the LAN 4.
The receiving unit 32 receives a signal transmitted from the client PC 2 via the LAN 4 and outputs it to the control unit 33.
The control unit 33 receives the signal from the client PC 2 received by the reception unit 32, and determines whether to accept access from the client PC 2 that has transmitted the signal based on the received signal. When accepting an access from the client PC 2, the access signal generation unit 34 is instructed to generate an access signal that notifies the client PC 2 that the connection with the client PC 2 has been completed.

The access signal generation unit 34 receives an access signal generation instruction from the control unit 33 and generates an access signal. Then, the generated access signal is output to the transmission unit 35.
The transmission unit 35 transmits the access signal generated by the access signal generation unit 34 to the client PC 2 that has requested access permission. The access signal transmitted from the transmission unit 35 is sent to the client PC 2 via the communication unit 31.

Next, a document creation process performed by the client PC 2 of the present embodiment will be described.
In the client PC 2 of the present embodiment, the document processing unit 21 shown in FIG. 2 creates a document composed of characters, figures, photographs, etc., or edits a document stored in the secondary storage unit 23 to create a new one. A process for creating a simple document is executed. In this case, the document processing unit 21 accesses the address information (communication destination) of the specific server 3 that can access the document content data including the actual content of the created document on the LAN 4 to which the client PC 2 is connected. Information) is automatically added. That is, the document processing unit 21 automatically adds, for example, URI (Universal Resource Identifier) information of the server 3 installed on the LAN 4 designated by the user as a communication destination or information corresponding to the URI to the document content data. To do. Therefore, the document processing unit 21 functions as a data generation unit that generates document data.

FIG. 4 is a diagram for explaining an example of a data structure of a document (document data) created by the document processing unit 21 of the client PC 2. As shown in FIG. 4, the document data created by the document processing unit 21 is composed of document content data and attribute data, and the attribute data includes URI information of the communication destination server 3. Composed. Here, the document content data is created in a format that can be interpreted only by the application software that created the document content data.
In addition to the case where the URI of one server 3 is set as the URI information of the communication destination server 3, the URIs of a plurality of servers 3 may be set. Also, different servers 3 can be set according to the content of the document content data, the level of confidentiality, and the like.

The client PC 2 has a function of distributing the document created by the document processing unit 21 to other client PCs 2. In that case, the document having the data structure shown in FIG. 4 is distributed to the other client PC 2.
Here, various methods can be used as a method for the client PC 2 to distribute the document to other client PCs 2. For example, in the LAN 4 configured as shown in FIG. 1, the client PC 2A distributes documents via the LAN 4 to the client PCs 2B and 2C by publishing the document on the server 3 or transmitting the document by mail. Can be done. In this case, the distributed document is stored in, for example, the secondary storage unit 23 of the distribution destination client PC 2. Further, it is also possible to use a form in which the information is stored and distributed in a storage medium such as a DVD-RAM or a flash memory without going through the LAN 4. In this case, the distributed document is input from the storage medium via the input unit 27 of the distribution destination client PC 2, for example.

Next, document browsing processing when browsing the document in the client PC 2 to which the document having the data structure described above is distributed will be described. Here, it is assumed that the distributed document is stored in the secondary storage unit 23. When the document is stored and distributed in a storage medium such as a flash memory, the document is acquired from the storage medium via the input unit 27.
FIG. 5 is a flowchart showing a document browsing process performed by the client PC 2. As shown in FIG. 5, when a document is to be browsed on the client PC 2, that is, when a document is to be displayed on the display unit 25, the document processing unit 21 first starts from the secondary storage unit 23. Document data is acquired (S101).
Then, the document processing unit 21 acquires the URI information of the server 3 from the acquired document data (S102). The document processing unit 21 that has acquired the URI information of the server 3 accesses the server 3 set as a communication destination on the LAN 4 via a communication protocol such as TCP / IP under the control of the control unit 20. Try (S103).

The server 3 that has received access from the client PC 2 determines whether or not the control unit 33 accepts communication with the client PC 2 based on a received signal from the client PC 2. When the control unit 33 receives communication with the client PC 2, the access signal generation unit 34 generates an access signal notifying that the communication with the client PC 2 has been received. Then, the transmission unit 35 transmits the access signal generated by the access signal generation unit 34 to the client PC 2 via the communication unit 31.
In addition, when the control unit 33 receives communication with the client PC 2, in addition to the configuration in which the access signal generation unit 34 generates an access signal, a signal used in a communication protocol such as TCP / IP is used as it is. It can also be configured to be an access signal.

Subsequently, in the client PC 2, the control unit 20 determines whether or not the access signal from the server 3 has been received (S104). If it is determined in step 104 that the access signal from the server 3 has been received, the control unit 20 causes the document processing unit 21 to perform processing for interpreting the document content data in the document data. Instruct. Thereby, the document processing unit 21 performs processing for interpreting the document content data as document content information (S105). The processing for interpreting the document content data here is performed by application software used when the document is created. That is, the document processing unit 21 here functions as a document interpretation unit. Further, the control unit 20 instructs the display unit 25 to display the document content data interpreted by the document processing unit 21, and the display unit 25 performs the document content data display process (S106). . Thereby, the user can browse the document through the display unit 25.
On the other hand, if it is determined in step 104 that the access signal from the server 3 has not been received, the control unit 20 does not permit the document processing unit 21 to interpret the document content data (S107). Therefore, in this case, the user cannot browse the document.

  As described above, in the document management system 1 according to the present embodiment, when the user wants to view the distributed document, when the user wants to display the document on the client PC 2 that can be connected to the LAN 4, Since access to the server 3 designated as a communication destination on the LAN 4 is attempted and succeeded (can be connected to the server 3), the contents of the document can be browsed. On the other hand, when a user tries to display a document on the client PC 2 that is not connectable to the LAN 4, an attempt is made to access the server 3 designated as the communication destination on the LAN 4, but the attempt fails ( Since it cannot be connected to the server 3, the contents of the document cannot be viewed. Therefore, for example, when the LAN 4 is operated so as to be accessible only within a specific company, the document can be browsed only within the company, so that the document can be viewed as a DVD-RAM or a flash memory. Even if it is stored in a storage medium such as the above and taken outside, the document cannot be browsed. Therefore, it is possible to ensure the confidentiality of the document.

For example, as shown in FIG. 1, when an external PC 7 (7A, 7B) connected to the external Internet 6 acquires document data from a storage medium storing the document data and tries to interpret the document. As described above, communication access to the server 3 on the LAN 4 designated as the communication destination is attempted, but the firewall device 5 denies access to the server 3. Therefore, the document content data cannot be interpreted by the external PC 7, so that the confidentiality of the document can be ensured.
In this case, even if you try to interpret the document content data using application software other than the application software used when the document was created, this document content data should be interpreted only by the created application software. Therefore, the document content data cannot be interpreted in the same manner.

Here, in the document management system 1 according to the present embodiment, for example, when a predetermined time is set and it is desired to restrict document browsing within the LAN 4 within that period, the server 3 within the predetermined time is used. Browsing can be restricted by prohibiting access to. In that case, for example, it can be realized by adding information (display control information) about the validity period of the URI information to the URI information (see FIG. 4) of the communication destination server 3 included in the document data. That is, the control unit 33 of the server 3 is configured to determine whether to instruct the access signal generation unit 34 to generate an access signal with reference to the browsing control information sent from the client PC 2. You can also. Similarly, content restriction of a document that can be browsed can be added as browsing control information.
In addition, as a setting on the server 3 side, by restricting access to the server 3 for a period of time, or by limiting data published on the server 3 within a predetermined range, etc., it is possible to restrict document browsing, etc. It can also be done.
As described above, in the document management system 1 according to the present embodiment, it is possible to freely set a document browsing method, such as setting a browsing period and restricting the contents of the viewable range.

  Further, for example, in order to disguise as if the communication with the server 3 designated as the communication destination is successful, an illegal act of causing the fake server to communicate may be performed. Therefore, in order to reliably authenticate that the server 3 designated as the communication destination is legitimate, the server is authenticated by using a technology called SSL (Secure Sokets Layer) that prevents impersonation of the communication destination. Is preferred. In this case, it is preferable to use a URI designation method based on SSL, for example, HTTPS (Hyper Text Transfer Protocol over SSL), for the address information (communication destination information) of the server 3.

As described above, in the document management system 1 of the present embodiment, when a distributed document is to be browsed, on the LAN 4 based on address information (communication destination information) embedded in document data. Access to the server 3 designated as the communication destination is attempted. The contents of the document can be browsed on the condition that the access to the server 3 is successful.
For this reason, the distributed document can be viewed only on the client PC 2 that can be connected to the predetermined LAN 4, and cannot be viewed from the external PC 7 via the external Internet 6, for example, so that the confidentiality of the document can be ensured. . Thereby, it is possible to suppress leakage of a document that needs to be kept confidential.

  At this time, the document management system 1 according to the present embodiment can detect success / failure of access to the server 3 that is the communication destination, or only send / receive simple data to / from the server 3 that is the communication destination. Therefore, it is possible to use an apparatus for another communication service such as a Web server as the server 3. Therefore, it is not necessary to newly install a dedicated server, and the entire document management system 1 can be simply configured.

  Further, in the document management system 1 of the present embodiment, the document data to be displayed is acquired from the storage medium inserted in the secondary storage unit 23 or the input unit 27 in the client PC 2, so that when browsing the document, For example, it is not necessary to acquire document data from the server 3 or another client PC 2 by communication. For this reason, even when the amount of data of the document is large, only communication as to whether or not the access to the server 3 is successful is performed in the LAN 4, so that the document can be displayed with a small amount of communication and communication time. it can. As a result, an increase in the load on the entire document management system 1 can be suppressed.

Furthermore, in the document management system 1 according to the present embodiment, a user who wants to view a document does not need to perform an operation for an authentication process such as input of a password or preparation of a secret key. It is also possible to improve the operability for the user.
In addition, it is possible to easily set or change browsing method limitations such as a browsing period limitation or a browsing document range limitation.

[Embodiment 2]
In the first embodiment, the configuration has been described in which the document content can be browsed on the condition that the access to the server 3 designated as the communication destination is successful. In the present embodiment, a description will be given of a configuration in which document content is encrypted, and the document content can be decrypted by accessing the server 3 designated as the communication destination, thereby enabling browsing. . In addition, the same code | symbol is used about the structure similar to Embodiment 1, and the detailed description is abbreviate | omitted here.

FIG. 6 is a block diagram illustrating a functional configuration of the client PC 2 used in the document management system 1 (see FIG. 1) according to the present embodiment. In addition to the configuration of the client PC 2 in the first embodiment, the client PC 2 shown in FIG. 6 stores a document composed of characters, figures, photographs, etc. created and edited by the document processing unit 21 with a predetermined encryption key ( An encryption unit 28 for encrypting with a public key), and a decryption unit 29 for obtaining a decryption key (secret key) paired with the encryption key provided in the encryption unit 28 from the server 3 and decrypting the document. And.
FIG. 7 is a block diagram illustrating a functional configuration of the server 3 used in the document management system 1 according to the present embodiment. The server 3 shown in FIG. 7 includes a decryption key storage unit that stores a decryption key that is paired with the encryption key provided in the encryption unit 28 of the client PC 2 in addition to the configuration of the server 3 in the first embodiment. 36.

In the client PC 2 of the present embodiment, the document processing unit 21 creates a document composed of characters, graphics, photographs, and the like, or edits a document stored in the secondary storage unit 23 to create a new document. At this time, the address information (communication destination information) of a specific server 3 that can be accessed on the LAN 4 to which the client PC 2 is connected with respect to the document content data including the actual content of the created document, for example, as the communication destination A process of automatically adding the URI information of the server 3 designated by the user is performed. Further, the encryption unit 28 encrypts the document content data created by the document processing unit 21 with a predetermined encryption key.
Thereby, in the document data created by the client PC 2 of the present embodiment, the document content data shown in FIG. 4 is generated as encrypted.

Next, document browsing processing when browsing the document in the client PC 2 to which the document created as described above is distributed will be described. Here, it is assumed that the distributed document is stored in the secondary storage unit 23 as in the first embodiment.
FIG. 8 is a flowchart showing a document browsing process performed by the client PC 2. As shown in FIG. 8, when browsing a document on the client PC 2, the document processing unit 21 first acquires document data from the secondary storage unit 23 (S201).
Then, the document processing unit 21 acquires the URI information of the server 3 from the acquired document data (S202). The document processing unit 21 that has acquired the URI information of the server 3 tries to access the server 3 on the LAN 4 via a communication protocol such as TCP / IP under the control of the control unit 20 (S203).

The server 3 that has received access from the client PC 2 determines whether or not the control unit 33 accepts communication with the client PC 2 based on a received signal from the client PC 2. When the control unit 33 receives communication with the client PC 2, the access signal generation unit 34 generates an access signal notifying that the communication with the client PC 2 has been received. At the same time, the control unit 33 instructs the decryption key storage unit 36 to output the stored decryption key to the client PC 2.
Then, the transmission unit 35 transmits the access signal generated by the access signal generation unit 34 and the decryption key stored in the decryption key storage unit 36 to the client PC 2 via the communication unit 31.
In addition, when the control unit 33 accepts communication with the client PC 2 without generating the access signal, only the decryption key can be transmitted from the transmission unit 35 to the client PC 2.

Subsequently, in the client PC 2, the control unit 20 determines whether or not the access signal and the decryption key from the server 3 have been received (S204). When determining in step 204 that the access signal and the decryption key from the server 3 have been received, the control unit 20 sends the decryption key to the decryption unit 29. The decryption unit 29 that has acquired the decryption key decrypts the document content data in the document processing unit 21 (S205). The document content data decrypted by the decryption unit 29 is interpreted by the document processing unit 21 as document content information (S206). The processing for interpreting the document content data here is performed by application software used when the document is created. Further, the control unit 20 instructs the display unit 25 to display the document content data interpreted by the document processing unit 21, and the display unit 25 performs the document content data display process (S207). . Thereby, the user can browse the document through the display unit 25.
On the other hand, if it is determined in step 204 that the access signal and the decryption key from the server 3 have not been received, the control unit 20 cannot send the decryption key to the decryption unit 29. Cannot be decrypted. As a result, the document processing unit 21 cannot interpret the document content data (S208). Therefore, in this case, the user cannot browse the document.

As described above, in the document management system 1 according to the present embodiment, when a user who wants to view a distributed document wants to display a document on the client PC 2 that can be connected to the LAN 4, Since the access to the server 3 designated as the communication destination is attempted and succeeded (can be connected to the server 3), a decryption key paired with the encryption key used for encrypting the document is received from the server 3. Can be acquired. Therefore, the encrypted document can be decrypted, and the contents of the document can be browsed.
On the other hand, when a user tries to display a document on the client PC 2 that is not connectable to the LAN 4, an attempt is made to access the server 3 designated as the communication destination on the LAN 4, but the attempt fails ( Therefore, the decryption key cannot be acquired from the server 3. Therefore, the encrypted document cannot be decrypted, and the contents of the document cannot be browsed. Therefore, for example, when the LAN 4 is operated so as to be accessible only within a specific company, the document can be browsed only within the company, so that the document can be viewed as a DVD-RAM or a flash memory. Even if it is stored in a storage medium such as the above and taken outside, the document cannot be browsed.
As described above, the document management system 1 according to the present embodiment is configured to encrypt the document and acquire the decryption key from the server 3, thereby further ensuring the confidentiality of the document. It becomes possible.

[Embodiment 3]
In the second embodiment, the configuration has been described in which the document content is encrypted, and the document content can be decrypted by accessing the server 3 designated as the communication destination. . In the present embodiment, a description will be given of a configuration in which double decryption keys that enable decryption of document contents are provided. In addition, the same code | symbol is used about the structure similar to Embodiment 2, and the detailed description is abbreviate | omitted here.

In the client PC 2 used in the document management system 1 (see FIG. 1) of the present embodiment, the document processing unit 21 creates a document made up of characters, graphics, photographs, etc., or is stored in the secondary storage unit 23. When creating a new document by editing existing documents, the document contents data consisting of the actual contents of the created documents can be accessed by a specific server 3 accessible on the LAN 4 to which the client PC 2 is connected. Address information (communication destination information), for example, processing for automatically adding URI information of the server 3 designated by the user as the communication destination is performed.
The encryption unit 28 encrypts the document content data created by the document processing unit 21 with the first encryption key. Further, a first decryption key (which is paired with the first encryption key) for decrypting the encrypted document content data is encrypted with the second encryption key.
The document processing unit 21 then encrypts the document content data as shown in FIG. 9 (an example of the data structure of the document data created by the document processing unit 21 of the present embodiment). And document data composed of the attribute data including the URI information of the server 3 and the encrypted first decryption key.
On the other hand, in the server 3 used in the document management system 1 (see FIG. 1) of the present embodiment, a second decryption key (second decryption key) that decrypts the encrypted first decryption key added to the document data. Is stored in the decryption key storage unit 36.

Here, the document data generation processing in the document processing unit 21 will be specifically described. FIG. 10 is a flowchart illustrating an example of a procedure of document data generation processing in the document processing unit 21.
As shown in FIG. 10, first, the document processing unit 21 acquires document content data from, for example, the secondary storage unit 23 and stores it in the document data (S301). Further, the server 3 on the LAN 4 designated as the communication destination is determined by, for example, a user instruction input from the operation unit 24 of the client PC 2 (S302). Then, the URI information of the determined communication destination server 3 is stored as attribute data in the document data (S303).

Next, the encryption unit 28 uses a random number or the like to generate a first encryption key for encrypting the document content data (S304). Then, the encryption unit 28 retrieves the document content data stored in the document data of the document processing unit 21, and encrypts the document content data using the first encryption key (S305). The encrypted document content data is stored in the document data of the document processing unit 21 (S306).
Subsequently, the encryption unit 28 generates a first decryption key that is paired with the first encryption key (S307). Further, a second encryption key for encrypting the generated first decryption key is generated using a random number or the like (S308). Furthermore, a second decryption key that is paired with the generated second encryption key is generated (S309).

The first decryption key generated in step 307 is encrypted with the second encryption key generated in step 308 (S310). Then, the encrypted first decryption key is stored as attribute data in the document data of the document processing unit 21 (S311).
On the other hand, the second decryption key generated in step 309 is sent to the server 3 via the communication unit 26 under the control of the control unit 20 and stored in the decryption key storage unit 36 of the server 3 ( S312).
In this way, the document processing unit 21 generates document data having the data structure shown in FIG. On the other hand, the decryption key storage unit 36 of the server 3 stores a second decryption key that is paired with a second encryption key obtained by encrypting the first decryption key.

Next, document browsing processing when browsing the document in the client PC 2 to which the document created as described above (see FIG. 9) is distributed in the document management system 1 of the present embodiment will be described. Here, it is assumed that the distributed document is stored in the secondary storage unit 23 as in the first embodiment.
FIG. 11 is a flowchart showing a document browsing process performed by the client PC 2. As shown in FIG. 11, when browsing a document on the client PC 2, the document processing unit 21 first acquires document data from the secondary storage unit 23 (S401).
Then, the document processing unit 21 acquires the URI information of the server 3 from the acquired document data (S402). The document processing unit 21 that has acquired the URI information of the server 3 tries to access the server 3 on the LAN 4 via a communication protocol such as TCP / IP under the control of the control unit 20 (S403).

The server 3 that has received access from the client PC 2 determines whether or not the control unit 33 accepts communication with the client PC 2 based on a received signal from the client PC 2. When the control unit 33 receives communication with the client PC 2, the access signal generation unit 34 generates an access signal notifying that the communication with the client PC 2 has been received. At the same time, the control unit 33 instructs the decryption key storage unit 36 to output the stored second decryption key to the client PC 2.
Then, the transmission unit 35 transmits the access signal generated by the access signal generation unit 34 and the second decryption key stored in the decryption key storage unit 36 to the client PC 2 via the communication unit 31.
Note that it is also possible to configure so that only the second decryption key is transmitted from the transmission unit 35 to the client PC 2 when the control unit 33 accepts communication with the client PC 2 without generating an access signal.

Subsequently, in the client PC 2, the control unit 20 determines whether or not the access signal and the second decryption key from the server 3 have been received (S404). If it is determined in step 404 that the access signal from the server 3 and the second decryption key have been received, the control unit 20 sends the second decryption key to the decryption unit 29.
Here, FIG. 12 is a block diagram showing a functional configuration of the decoding unit 29 of the present embodiment. The decryption unit 29 decrypts the encrypted first decryption key stored in the document data, and decrypts the encrypted document content data stored in the document data. The document content data decrypting unit 292 is included.

The decryption unit 29 that has acquired the second decryption key uses the second decryption key acquired in the decryption key decryption unit 291 shown in FIG. 12 to store the second decryption unit 29 stored in the document data in the document processing unit 21. The decryption key 1 is decrypted (S405). Then, the decrypted first decryption key is output to the document content data decryption unit 292.
The document content data decryption unit 292 that has acquired the first decryption key decrypts the document content data stored in the document data in the document processing unit 21 by using the acquired first decryption key (S406).
In this way, the document content data stored in the document data in the document processing unit 21 is decrypted by the decryption unit 29.

The document content data decrypted by the decryption unit 29 is interpreted by the document processing unit 21 as document content information (S407). The processing for interpreting the document content data here is performed by application software used when the document is created. Further, the control unit 20 instructs the display unit 25 to display the document content data interpreted by the document processing unit 21, and the display unit 25 performs the document content data display process (S408). . Thereby, the user can browse the document through the display unit 25.
On the other hand, if it is determined in step 404 that the access signal from the server 3 and the second decryption key have not been received, the control unit 20 can send the second decryption key to the decryption unit 29. Therefore, the first decryption key for decrypting the document content data cannot be decrypted. As a result, the document processing unit 21 cannot perform processing for interpreting the document content data (S409). Therefore, in this case, the user cannot browse the document.

As described above, in the document management system 1 according to the present embodiment, the first decryption key paired with the first encryption key used when encrypting the document is encrypted. The decrypted first decryption key is added to the document data. A second decryption key that is paired with the second encryption key used when the first decryption key added to the document data is encrypted is stored in the server 3.
In such a configuration, when a user wants to view a distributed document and the user wants to display the document on the client PC 2 that can be connected to the LAN 4, it is designated as a communication destination on the LAN 4. Since the access to the existing server 3 is attempted and succeeded (can be connected to the server 3), the second decryption key can be acquired from the server 3. Therefore, since the encrypted document can be finally decrypted, the contents of the document can be browsed.
On the other hand, when a user tries to display a document on the client PC 2 that is not connectable to the LAN 4, an attempt is made to access the server 3 designated as the communication destination on the LAN 4, but the attempt fails ( Therefore, the second decryption key cannot be acquired from the server 3. Therefore, the encrypted document cannot be finally decrypted, so that the contents of the document cannot be browsed. Therefore, for example, when the LAN 4 is operated so as to be accessible only within a specific company, the document can be browsed only within the company, so that the document can be viewed as a DVD-RAM or a flash memory. Even if it is stored in a storage medium such as the above and taken outside, the document cannot be browsed.
As described above, in the document management system 1 according to the present embodiment, the document is double-encrypted using the first encryption key and the second encryption key, and the decryption key is obtained from the server 3. By configuring so, the confidentiality of the document can be secured extremely high.

  Here, in the document management system 1 of the present embodiment, the encrypted first decryption key is stored in the document data, and the second decryption key is stored in the server 3 (see FIG. 10). It is also possible to store the encrypted first decryption key in the server 3 and store the second decryption key in the document data. In that case, in the decryption unit 29, the decryption key decryption unit 291 receives the encrypted first decryption key from the server 3, and the first decryption key is stored in the document data as the second decryption key. Will be decrypted.

In the document management system 1 according to the first to third embodiments described above, the case where the document content data interpreted by the document processing unit 21 is displayed is described. The present invention can be similarly applied to other processing performed by the client PC 2, such as document editing processing and printing processing.
FIG. 13 is a diagram for explaining another configuration example of the data structure of the document data created by the document processing unit 21 of the client PC 2. As an example, the document data shown in FIG. 13 is created with a configuration in which editing right data is further added as attribute data in addition to the document data in the third embodiment (see FIG. 9). Then, when each processing content included in the editing right data is executed in the document management system 1, for example, steps 101 to 104 in the processing flow of FIG. 5 are executed with respect to the processing content. It is configured to determine whether or not.

  For example, it is assumed that document editing rights, annotation editing rights, printing rights, and transcription rights are set as editing rights data (editing control information) in the document data. In that case, when the user tries to execute any one of the document editing process, the annotation editing process, the printing process, and the transfer process for the interpreted document content data, the document processing unit 21 converts the editing right data from the document data. And the same processing as steps 101 to 104 in the processing flow of FIG. 5 is performed. Then, the document processing unit 21 performs document editing processing and annotation editing processing based on the acquired editing right data and information on whether or not the communication with the server 3 is successful, for example, whether or not an access signal is received from the server 3. It is determined whether the printing process and the transfer process can be executed. That is, for example, on the condition that an access signal is received from the server 3, execution of document editing processing, annotation editing processing, printing processing, and transcription processing is permitted.

In the document data shown in FIG. 13, different URI information of the server 3 can be set for each of the document editing right, annotation editing right, printing right, and transcription right set as editing right data. In this case, for example, when trying to perform document editing processing, access to the server 3A (not shown) is attempted, and when trying to perform annotation editing processing, access to the server 3B (not shown) is attempted. It will be. For example, when the access to the server 3A is successful, the document editing process can be performed. On the other hand, for example, if the access to the server 3B is not successful, the annotation editing process cannot be performed.
In this case, the URI information of a plurality of servers 3 can be set for each editing right data.

It is a figure which shows the whole structure of the document management system of this invention. It is a block diagram explaining the functional structure of client PC. It is a block diagram explaining the functional structure of a server. It is a figure explaining an example of the data structure of the document (document data) produced with client PC. It is the flowchart which showed the procedure of the document browsing process which a client PC performs. It is a block diagram explaining the functional structure of client PC. It is a block diagram explaining the functional structure of a server. It is the flowchart figure which showed the procedure of the document browsing process which client PC performs. It is the figure which showed an example of the data structure of the document data produced with client PC. It is the flowchart which showed an example of the procedure of the production | generation process of the document data in a document processing part. It is the flowchart which showed the procedure of the document browsing process which a client PC performs. It is the block diagram which showed the function structure of the decoding part. It is a figure explaining the other structural example of the data structure of the document data produced with a client PC.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Document management system, 2 (2A, 2B, 2C) ... Client PC, 3 ... Server, 4 ... Local area network (LAN), 5 ... Firewall apparatus, 6 ... External internet, 7 (7A, 7B) ... External PC , 20, 33 ... control unit, 21 ... document processing unit, 22 ... memory unit, 23 ... secondary storage unit, 24 ... operation unit, 25 ... display unit, 26, 31 ... communication unit, 27 ... input unit, 28 ... Encryption unit 29 ... Decryption unit 32 ... Reception unit 34 ... Access signal generation unit 35 ... Transmission unit 36 ... Decryption key storage unit 291 ... Decryption key decryption unit 292 ... Document content data decryption unit

Claims (16)

A document management system in which a terminal device for managing document data and an external device are connected via a network,
The terminal device
Storage means for storing document data;
A communication means for communicating with the external device;
When the communication unit can be connected to the external device, the document data stored in the storage unit is allowed to be interpreted as document content information, and the communication unit cannot connect to the external device. A document management system comprising: document processing means that does not permit the document data to be interpreted as document content information.   The document management system according to claim 1, wherein the communication unit performs communication with the external device designated by communication destination information added to the document data. The terminal device further comprises decryption means for decrypting the document data encrypted with a predetermined encryption key,
When the communication unit is able to connect to the external device, the communication unit obtains a decryption key paired with the encryption key from the external device, and the decryption unit obtains the decryption key acquired by the communication unit. The document management system according to claim 1, wherein the document data stored in the storage means is decrypted by using. The terminal device further comprises decryption means for decrypting the document data encrypted with a predetermined encryption key,
When the communication unit is able to connect to the external device, the communication unit performs second decryption paired with the second encryption key obtained by encrypting the first decryption key paired with the encryption key from the external device. Get the key,
The decryption means obtains the encrypted first decryption key added to the document data, and uses the second decryption key obtained by the communication means to perform the first decryption 2. The document management system according to claim 1, wherein a key is decrypted, and the document data stored in the storage means is decrypted using the first decryption key. The terminal device further comprises decryption means for decrypting the document data encrypted with a predetermined encryption key,
When the communication unit is able to connect to the external device, the communication unit obtains a first decryption key that is paired with the encryption key and encrypted with the second encryption key from the external device,
The decryption means obtains a second decryption key paired with the second encryption key added to the document data, and uses the second decryption key obtained from the document data, 2. The first decryption key acquired by the communication unit is decrypted, and the document data stored in the storage unit is decrypted using the first decryption key. Document management system.   2. The document management system according to claim 1, wherein the document processing means further executes display processing for displaying the interpreted document data.   The document processing means acquires display control information for setting a restriction on display of the document added to the document data, and based on the display control information and success or failure of connection with the external device, The document management system according to claim 6, wherein a display condition of the document is determined.   The document processing means acquires edit control information for setting restrictions on editing of the document added to the document data, and based on the edit control information and the success or failure of the connection with the external device, 2. The document management system according to claim 1, wherein edit processing executable by the processing means is determined. A document management method for managing document data,
A communication step for attempting communication from a terminal device holding document data to an external device connected to the terminal device via a network;
A data acquisition step of acquiring document data from a storage means provided in the terminal device;
A data processing step of interpreting the acquired document data as document content information when the external device can be connected, and not interpreting the document data as document content information when the external device cannot be connected. A document management method characterized by the above. A decrypting step of decrypting the document data encrypted with a predetermined encryption key;
The communication step obtains a decryption key paired with the encryption key from the external device when the external device is connected, and the decryption step uses the obtained decryption key to store the stored key. 10. The document management method according to claim 9, wherein the document data acquired from the means is decrypted.   The document management method according to claim 9, wherein the communication step attempts communication with the external device designated by communication destination information added to the document data. A document browsing device connected to an external device via a network,
Storage means for storing document data;
A communication means for communicating with the external device;
When the communication means can connect to the external device, the document data stored in the storage means is interpreted as document content information, and when the communication means cannot connect to the external device, the document data is Document interpretation means not to interpret as document content information,
A document browsing apparatus comprising: display means for displaying the document data interpreted by the document interpretation means.   The document interpretation means acquires display control information for setting a restriction on display of the document added to the document data, and based on the display control information and success or failure of connection with the external device, 13. The document browsing apparatus according to claim 12, further comprising determining a display condition of the document on a display unit.   13. The data generation means for generating document data including document content information and URI information or information corresponding to the URI regarding one or a plurality of the external devices as communication destinations. Document browsing device. A program for causing a computer to process document data,
A function of communicating with an external device via a network;
A function for acquiring document data from a storage means;
The computer realizes a function of interpreting the acquired document data as document content information when the external device can be connected, and not interpreting the document data as document content information when the external device cannot be connected. Program to make.   When a connection with the external device is established, a decryption key that is paired with the encryption key used when encrypting the document data is obtained from the external device or the document data, and the obtained decryption key is 16. The program according to claim 15, further comprising a function of using and decrypting the encrypted document data.

Images