JP2008225638A - File management system, file management method and file management program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide file management technology not requiring encryption of storage data of a removable storage device or inhibition processing or the like of a file copy to the removable storage device, preventing unauthorized bringing-out of the removable storage device in which a confidential file is copied to improve security while avoiding load increase or work efficiency reduction. <P>SOLUTION: A manager computer receives information related to file operation from each client computer, refers to a file information storage means about an operated file, acquires security information thereof to decide necessity to monitor the operation of the file, starts monitoring of operation contents of the file requiring the monitoring, and generates instruction information of bringing-out inhibition processing and transmitting it to the client computer when detecting the copy of the file to the removable device. The client computer forbids the bringing-out of the removable storage device based on the received instruction information. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a file management system and method for preventing an illegal outflow of a confidential file in a company or the like.

  As a system of this type, authentication by a first authentication means has succeeded conventionally, an electronic document generation means for generating an electronic document, a usage right setting means for setting a usage right for each user ID in the electronic document, and so on. In this case, the encryption means for encrypting the digitized document, the use execution means for executing the use of the digitized document according to the usage right when the authentication by the second authentication means is successful, and the use is executed. A log generation unit that generates a log including operation history information and a log management unit that aggregates and stores the generated logs, and from the generation of the digitized document to the disposal by the log There has been proposed a system that collectively manages the usage status over the life cycle (see, for example, Patent Document 1).

  However, if the file is encrypted and permitted according to the usage rights, the processing for encryption and decryption becomes enormous, creating an excessive load on the system and canceling the encryption setting. If possible, it can be taken out freely. For example, a file can be copied to a USB memory or the like and taken outside to be used illegally. Although there is a technology that prohibits copying to the USB memory itself, it is not easy to use for copying ordinary files other than confidential files. The copy prohibition setting is highly likely to be canceled by the user who uses the client computer.

  In addition, as an information management method for information stored in the removable storage device, an area for storing a period during which reference to the stored information is permitted and a time when the removable storage device was last accessed (last access time) is provided, When a removable storage device is used on an unauthenticated computer, the computer subtracts the elapsed time from the last access time to the time indicated by the computer clock from the period during which the reference is permitted, If the result is less than or equal to a predetermined value, access to the information stored in the removable storage device is restricted, and when the removable storage device is used in an authenticated computer, the computer Information management characterized in that a predetermined value is set in the area for storing a period during which reference is permitted Although a law has been proposed (see, for example, Patent Document 1), it is impossible to prevent the removal of a removable storage device to which a confidential file has been copied, and there is a possibility of outflow outside the company (for example, (See Patent Document 2).

JP 2006-99348 A JP 2006-146744 A

  Therefore, in view of the above-described situation, the present invention intends to solve the problem that there is no need for processing such as encryption of data stored in the removable storage device or prohibition of copy of the file to the removable storage device, and an increase in load. It is another object of the present invention to provide a file management system capable of improving security by reliably preventing unauthorized removal of a removable storage device to which a confidential file has been copied while avoiding a decrease in work efficiency.

  In order to solve the above-mentioned problems, the present invention provides a file information storage means in which a computer stores file information together with security information, an operation information acquisition means for acquiring information relating to file operations in the computer, and the operated file With respect to the file information storage means, the security information is obtained, and based on the information, determination means for determining whether or not the operation of the file needs to be monitored, and monitoring by the determination is required When a file operation monitoring unit that starts monitoring the operation content of the file by the computer and the file operation monitoring unit detects a copy operation of the file to a removable storage device, the removable file by the computer is detected. Carry out to storage device A command information generating unit that generates command information for instructing a stop process; and a carry-out prohibiting processing unit that performs a process for prohibiting taking out the connected removable storage device based on the command information. Provide a file management system.

  Further, the present invention provides a file management system comprising a plurality of client computers and an administrator computer communicably connected thereto, wherein the administrator computer stores file information together with security information, With reference to the file information storage means, operation information receiving means for receiving information related to file operations in each client computer from each of the client computers connected for communication, and acquiring the security information of the operated files. , Based on the information, determination means for determining whether or not the operation of the file needs to be monitored, and when monitoring is required by the determination, a command for monitoring the operation of the file is transmitted to the client computer Monitoring command sending Means for transmitting the operation information on the retained file to the administrator computer, and receiving the monitoring instruction from the administrator computer, so that the file is stored in the client computer. When the file operation monitoring means for starting the monitoring of the operation content and the file operation monitoring means detect a copy operation of the file to the removable storage device, the client computer performs a process of prohibiting the removal to the removable storage device. A file management system comprising: instruction information generating means for generating instruction information to be instructed; and take-out prohibition processing means for carrying out prohibition processing for the connected removable storage device based on the instruction information. It is also provided.

  Furthermore, the present invention provides a file management system comprising a plurality of client computers and an administrator computer that is communicatively connected thereto, wherein the administrator computer stores file information held by each client computer together with security information. File information storage means, operation information reception means for receiving information relating to file operations at each client computer from each of the client computers connected for communication, and the operated file with reference to the file information storage means. The security information is obtained, and based on the information, the judgment means for judging whether or not the operation of the file needs to be monitored, and the client computer for the file that needs to be monitored by the judgment. The file operation monitoring means for starting the monitoring of the operation content of the file, and when the file operation monitoring means detects a copy operation of the file to the removable storage device, the client computer is prohibited from taking out the removable storage device. Instruction information generating means for generating instruction information for instructing the processing of the above and instruction information transmitting means for transmitting the instruction information to the client computer, wherein the client computer sends operation information about the retained file to the administrator computer. A file comprising: operation information transmitting means for transmitting; and take-out prohibiting processing means for performing processing for prohibiting take-out of the connected removable storage device based on the command information received from the administrator computer. management To provide a stem.

  The present invention also includes a file information storage means for storing file information together with security information in a computer, and a procedure for acquiring information relating to file operation in the computer, and the file information storage for the operated file. The security information is obtained by referring to the means, the procedure for determining whether or not the operation of the file needs to be monitored based on the information, and the file that needs to be monitored by the determination, by the computer When the file operation monitoring means detects a copy operation of the file to the removable storage device by the procedure for starting monitoring of the operation contents of the file and the file operation monitoring means, the computer instructs the removal prohibition processing to the removable storage device Hands that generate instruction information If, based on the instruction information, and instructions for processing the taken out ban on the removable storage device that is connected, also provides a file management method characterized by comprising more.

  According to the present invention, in the file management method comprising a plurality of client computers and an administrator computer that is communicatively connected thereto, the administrator computer comprises file information storage means for storing file information together with security information. In addition, each client computer is provided with operation information transmission means for transmitting operation information about the retained file to the administrator computer, and the administrator computer is connected to each client computer from each of the client computers connected for communication. With respect to the procedure for receiving information relating to file operations and the operated file, it is necessary to refer to the file information storage means to obtain the security information and to monitor the operation of the file based on the information. A procedure for transmitting a file operation monitoring command to the client computer when monitoring is required by the determination, and the client computer sends the monitoring command to the administrator computer. And when the file operation monitoring means detects a copy operation to the removable storage device by the file operation monitoring means, the client computer detects the operation details of the file on the client computer. And a procedure for generating command information for instructing a removal prohibition process for the removable storage device, and a procedure for performing a prohibition process for the removable storage device connected based on the command information. File management method Subjected to.

  Furthermore, the present invention provides a file management method comprising a plurality of client computers and an administrator computer that is communicatively connected thereto, wherein the administrator computer includes file information storage means for storing file information together with security information. Each client computer is provided with operation information transmission means for transmitting operation information about the retained file to the administrator computer, and the administrator computer transmits a file in each client computer from each of the client computers connected for communication. With respect to the procedure for receiving information related to the operation and the file that has been operated, it is necessary to refer to the file information storage means to obtain the security information and to monitor the operation of the file based on the information. A procedure for starting monitoring of the operation content of the file by the client computer, and monitoring of the file operation for the file that is required to be monitored by the determination; and A procedure for generating command information for instructing the client computer to carry out prohibition processing for the removable storage device when a copy operation is detected, a procedure for transmitting the generated command information to the client computer, and the client computer Provides a file management method characterized by comprising a procedure for performing a process of prohibiting the removal of the connected removable storage device based on the command information received from the administrator computer.

  Here, the file information storage means includes a take-out prohibition folder in which information on a file with a high security level is stored, and the determination means stores the information on the operated file in the take-out prohibition folder. It is preferable to determine whether or not the file is stored, and if it is stored, it is recognized that the security level is high and it is determined that the operation of the file needs to be monitored. Further, the security information is information of security levels divided into a plurality of levels, and the determination means acquires the security level of the operated file, and if the level is a predetermined level or higher, Those that determine that the operation of the file needs to be monitored are preferred. In particular, the file information storage means includes a plurality of folders for distinguishing and storing file information according to a high security level, and the determination means is provided in a folder in which the information of the operated file is stored. The security level may be acquired based on the above. Preferably, the command information includes the security level information, and the take-out prohibition processing unit performs a take-out prohibition process having a different response depending on the security level of the command information.

  The removable storage device includes an RFID tag including an IC chip and an antenna, and an alarm device having an RFID reader that receives control information of the IC chip is provided. Warning processing means for setting up prohibition of taking out the IC chip control parameter of the RFID tag, and the alarm device is configured to issue a warning when the prohibition of taking out is set based on the received control information Is a preferred embodiment. Further, it is preferable that the warning processing means of the alarm device performs locking processing of the entrance / exit relating to the client computer installation location when the carry-out prohibition setting is made based on the received control information.

  The present invention also provides a file management method comprising a plurality of client computers and an administrator computer communicatively connected to the client computer, wherein the administrator computer stores the file information held by each client computer together with security information. Each of the client computers is provided with operation information transmission means for transmitting operation information about the retained file to the administrator computer, and the administrator computer is connected to each other through communication connection. A procedure for receiving information on file operations in each client computer from the client computer, and referring to the file information storage means for the operated file, obtains its security information, and based on the information A procedure for determining whether or not it is necessary to monitor the operation of the file; a procedure for starting monitoring of the operation contents of the file by the client computer for the file that needs to be monitored by the determination; and When the monitoring detects a copy operation of the file to the removable storage device, a procedure for generating instruction information for instructing the client computer to carry out prohibition on the removable storage device, and the generated instruction information A procedure for transmitting to a client computer; and a procedure for the client computer to perform a process of prohibiting the removal of the connected removable storage device based on the command information received from the administrator computer. To File management method, and the computer includes file information storage means for storing the file information together with the security information, and a procedure for obtaining information relating to the file operation in the computer, and the operated file, With reference to the file information storage means, the security information is obtained, and based on the information, a procedure for determining whether or not the operation of the file needs to be monitored, and a file that needs to be monitored by the determination, The procedure for starting the monitoring of the operation contents of the file by the computer, and the file operation monitoring means, when the copy operation of the file to the removable storage device is detected, prohibiting the computer from taking out the removable storage device Instruction information to instruct processing There is also provided a file management method comprising a procedure for generating information and a procedure for carrying out a prohibition process for taking out the connected removable storage device based on the command information.

  The present invention also relates to a file management program for causing a computer to function as each means in the file management system, and relates to file information storage means for storing the file information together with security information, and file operations in the computer. Operation information acquisition means for acquiring information, referring to the file information storage means for the operated file, acquiring its security information, and determining whether or not the operation of the file needs to be monitored based on the information A determination unit that performs monitoring of the operation content of the file by the computer, and a copy of the file to a removable storage device by the file operation monitoring unit. Instruction information generating means for generating instruction information for instructing the computer to carry out prohibition of taking out the removable storage device when the operation is detected, and taking out the connected removable storage device based on the instruction information Also provided is a file management program that functions as a take-out prohibition processing means for performing prohibition processing.

  The present invention also provides a file management program for causing a plurality of client computers and an administrator computer connected to the client computers to function as the respective means in the file management system, wherein the administrator computer includes file information. File information storage means for storing information together with security information, operation information receiving means for receiving information relating to file operations in each client computer from each of the client computers connected for communication, and the file information storage means for the operated files. The security information is obtained by reference, a determination means for determining whether or not it is necessary to monitor the operation of the file based on the information, and when monitoring is required by the determination, the client computer A monitoring command transmission unit that transmits a monitoring command for the operation of the file to the computer, the client computer, an operation information transmission unit that transmits the operation information about the retained file to the administrator computer, and the monitoring command Is received from the administrator computer, and the file operation monitoring unit that starts monitoring the operation content of the file on the client computer, and the file operation monitoring unit detects a copy operation of the file to the removable storage device In addition, command information generating means for generating command information for instructing the client computer to take out the removable storage device, and, based on the command information, carrying out the prohibition processing for the connected removable storage device Also it provides a file management program to function as a power sale takeout prohibiting processing means.

  The present invention also provides a file management program for causing a plurality of client computers and an administrator computer connected to the client computer to function as each means in the above-described file management system. File information storage means for storing file information held by the client computer together with security information, operation information receiving means for receiving information relating to file operation in each client computer from each of the client computers connected for communication, With respect to the file, the security information is obtained by referring to the file information storage means, and based on the information, judgment means for judging whether or not the operation of the file needs to be monitored, monitoring by the judgment is required. When a file operation monitoring unit that starts monitoring the operation content of the file by the client computer and a copy operation of the file to a removable storage device are detected by the file operation monitoring unit, the client computer Function information generating means for generating instruction information for instructing to carry out prohibition processing on the removable storage device, and instruction information transmitting means for transmitting instruction information to the client computer. Operation information transmission means for transmitting operation information to the administrator computer, and prohibition of taking out the connected removable storage device based on the command information received from the administrator computer Also it provides a file management program to function as a takeout prohibiting processing means for performing processing.

  According to the present invention as described above, it is possible to immediately grasp the copy operation of the confidential information to the removable storage device based on the file operation determined to be monitored, and to carry out the prohibition of taking out, so that all It is not prohibited to copy files, it can be restricted to confidential files, and it can be prohibited to take out files, and other files can be taken out as a removable storage device and can be used normally, impeding user convenience. There is no.

  Further, the administrator computer can easily determine whether the file is a confidential file based on the folder in which the information of the file is stored, and can perform an appropriate prohibition process according to different security levels.

  In addition, the removable storage device includes an RFID tag and an alarm device having an RFID reader for receiving control information of the IC chip is provided, and the take-out prohibition processing means of the client computer is prohibited from taking out the IC chip control parameter of the RFID tag. Since the alarm device is provided with warning processing means for giving a warning when the carry-out prohibition setting is made based on the received control information, the alarm device has a heavy load such as encryption processing. It is possible to execute a take-out prohibition measure for a removable storage device to which a confidential file has been copied without performing processing.

  Next, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is a diagram showing the overall configuration of a file management system according to the present invention. FIGS. 1 to 6 show typical embodiments, in which reference numeral 1 denotes an administrator computer, 2 denotes a client computer, and 3 denotes removable storage. Devices 4 indicate alarm devices, respectively.

  As shown in FIG. 1, the file management system S of the present embodiment includes a plurality of client computers 2,..., An administrator computer 1 connected to the computer via an in-house LAN or other communication network N, A removable storage device 3 with an RFID tag that is attached to the client computer 2 and stores file information copied from the client computer by a user operation, and an RFID tag in the tag from the RFID tag of the removable storage device 3 that the user intends to take out. The alarm device 4 includes an RFID reader that receives control information.

  The administrator computer 1 is a computer that functions as a server composed of a single computer or a plurality of computers. As shown in FIG. 2, a storage unit 11, a communication control unit 12, other input devices, The processing device 10 is composed of a display device, and is mainly composed of a CPU such as a microprocessor. The processing device 10 has a storage unit including a RAM and a ROM (not shown) and stores programs and processing data for defining various processing operation procedures. .

  The processing device 10 functionally refers to the operation information reception processing unit 10a that receives information related to file operations from each of the client computers that are communicatively connected, and the file information storage unit 11a for the operated files. A determination processing unit 10b that determines whether it is necessary to monitor the operation of the file based on security information, a file operation monitoring unit 10c that monitors the operation of a file that is determined to require monitoring, and the file operation monitoring unit 10c. Thus, when a copy operation of the file to the removable storage device 3 is detected, command information for instructing the client computer 2 to carry out prohibition on the removable storage device 3 is generated, and the command information is sent to the client computer 2. Instruction information transmission processing unit 10d for transmitting The comprises at least, these functions are realized by the program.

  The storage means 11 includes hard disks and the like inside and outside the administrator computer 1 and includes at least a file information storage unit 11a that stores file information held by each client computer together with security information. These storage means 11 include, of course, a case where data is stored in a temporary storage area in addition to the hard disk or the like.

  In this example, as shown in FIG. 1, an example is described in which a processing unit of a single computer and the storage unit 11 are provided with these functions and storage units, but these functions and storage units are shared by a plurality of computers. May be configured. In addition, the administrator computer 1 is not necessarily a fixed computer, and any one of a plurality of computers connected by communication is designated as the administrator computer 1, and other computers function as the client computer 2. Of course you can.

  The file information storage unit 11 a includes a take-out prohibition folder 110 in which information on files with a high security level is stored. The determination processing unit 10 b stores the operated file in the take-out prohibition folder 110. It is possible to determine whether or not monitoring is necessary simply by confirming whether or not monitoring has been performed.

  More specifically, the file information storage unit 11a is provided with a plurality of folders that are distinguished according to the security level. In addition to the export prohibition folder 110 with a high security level, a export permission folder with a low level is also prepared. . Then, the determination processing unit 10b can acquire the security level by recognizing the folder in which the operated file is stored, and recognize the necessity of monitoring by recognizing whether or not the folder is prohibited from being taken out. Yes, it can be judged.

  As shown in FIG. 3, each client computer 2 has been widely used conventionally, with a processing unit 20 as a center, a storage unit 21, a display 22, an input operation unit 23 such as a mouse and a keyboard, and a communication control unit 24. In this example, a memory device interface for connecting the removable storage device 3 is provided. The processing device 20 is mainly configured by a CPU such as a microprocessor, and has a storage unit including a RAM and a ROM (not shown), and stores programs and processing data that define procedures for various processing operations.

  The processing device 20 is functionally connected to the operation information transmission processing unit 20a that transmits operation information about the retained file to the administrator computer, based on the command information received from the administrator computer. At least a take-out prohibition processing unit 20b that performs a process for prohibiting take-out of the removable storage device, and these functions are realized by the program.

  As shown in FIG. 4, the removable storage device 3 includes an RFID tag 30 including an IC chip control parameter 32 and an antenna 33, and a memory 31 for storing file information and the like. Specifically, the on / off rewriting process of the carry-out prohibition flag 34 in the IC chip control parameter 32 is performed, and the alarm device 4 is caused to read the flag rewritten to the on state through the antenna 33. The carry-out prohibition is executed by the device 4.

  As shown in FIG. 5, the alarm device 4 includes a processing device 40 (control unit) including a warning processing unit 40a, an RFID reader 41, and a locking / unlocking device 43. The warning processing unit 40a receives the received control. Based on the information (on / off information of the take-out prohibition flag 34), when the prohibition of take-out (flag on) is set, a warning sound is emitted from the buzzer 42, or the door or gate of the entrance / exit regarding the client computer installation location Is locked by the locking / unlocking device 43, and the prohibition of taking out is executed.

  As the removable storage device 3, for example, a USB memory which is a flash memory device that can be connected to a USB connector provided in the client computer 2 can be suitably adopted in addition to a flexible disk and a CDROM, but other devices may be used.

  Hereinafter, each procedure of the file management method of the present invention will be described with reference to the flowchart of FIG. In the following description, an example is described in which a file is copied to a USB memory with an RFID tag as the removable storage device 3 and a warning is issued or the gate is locked by a security gate equipped with an RFID reader / writer. To do.

  The administrator computer 1 receives file information that is always held from each client computer 2,... And operation information that has been variously operated by the user (S1), and the operation information reception processing unit 10a of the administrator computer 1 The file information and operation log of these client computers 2 are managed in the file information storage unit 11a and the like.

  When the operation information reception processing unit 10a of the administrator computer 1 receives information about the operation of the file from the client computer 2 (S2), the determination processing unit 10b refers to the file information storage unit 11a for the operated file, By acquiring the security level from the name of the folder in which the file information is stored, it is determined whether or not the operation of the file needs to be monitored (S3).

  In this example, the security level and the necessity of monitoring can be determined based on the folder in which the file information is stored, and the processing by the determination processing unit 10b can be performed quickly and efficiently. . In addition to the determination based on the folder, the security level and the necessity of monitoring can be determined by classifying the database itself according to security and searching in which database the file information exists. Further, in this example, the security level, especially the carry-out prohibited folder 110, is further divided into a plurality of folders, and the level of prohibition, that is, whether taking out from the office room is prohibited, whether taking out from the company is prohibited, etc. Although detailed regulation is possible, the present invention is not limited to this, and it is of course possible to provide only one take-out prohibited folder 110 and determine only whether it is a take-out prohibited file.

  In S3, when the determination processing unit 10b determines that monitoring is necessary, the file operation monitoring unit 10c performs a process of tracking the operation of the file and monitoring whether or not a copy operation to the USB memory is performed. Start (S4).

  In step S5, when the file operation monitoring unit 10c detects that the file has been copied to the USB memory, the command information transmission processing unit 10d instructs the client computer to instruct the client computer to prohibit taking out the USB memory. And the command information is transmitted to the client computer (S6).

  Receiving the command information, the client computer 2 uses the take-out prohibition processing unit 20b to perform a take-out prohibition process for the connected USB memory according to the content of the command information (S7). This command information includes security level information, and a take-out prohibition process having a different response is performed according to the security level. Specifically, the RFID tag mounted on the USB memory is prohibited from being taken out. For example, the RFID take-out prohibition flag is turned on. When the user of the client computer tries to pass the security gate or the like while holding the USB memory with RFID, the RFID reader / writer installed in the security gate or the like reads the RFID control information of the USB memory, When the take-out prohibition flag is on, a warning is generated and the gate is locked.

  Specifically, depending on the security level of the received command information, an alarm is given as to whether taking out from the office room is prohibited (level 1: confidential) or prohibited from taking outside (level 2: confidential) Is selected (level 3: viewing is prohibited except for related parties) or selected from various correspondences and executed.

  As an application example, in this system, there is a case where it is preferable to prohibit taking out even if the file is not a low security level, that is, a confidential file. In other words, when a certain number of low-level files are copied on the client computer, or when the copied time zone is early morning, late at night, etc., this is determined by the administrator computer. It is also a preferred embodiment that the processing unit 10b determines and starts monitoring.

  In addition, the administrator computer includes means for managing and registering a removable storage device such as a USB memory and a management database, and information such as a copy destination USB memory notified from the client computer is not permitted to be used, or It is also preferable to prohibit take-out when it is not registered. In addition to the above-mentioned time period, it is also a preferable example that no one is using peripheral terminals based on the login information of the client, that is, if no person is in the vicinity, it is prohibited to take out.

  Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments and does not depart from the gist of the present invention, such as a client computer itself provided with determination means and a file operation monitoring unit. Of course, it can be implemented in various forms within the scope.

  For example, the determination unit is provided in the administrator computer, and the subsequent file operation monitoring is performed by the client computer. When the administrator computer needs to be monitored by the determination, the client computer A monitoring command transmission means for transmitting a monitoring command for the operation of the file to the client computer, wherein the client computer receives the monitoring command from the administrator computer and starts monitoring the operation content of the file on the client computer And a command operation command for instructing the client computer to carry out prohibition on the removable storage device when the file operation monitoring unit detects a copy operation of the file to the removable storage device. And instruction information generating means for generating for, based on the instruction information may be Sonaere a takeout prohibiting processing means for processing the taken out ban on the removable storage device that is connected.

  Further, when the determination unit is provided in the client computer itself, the computer may be provided with a function similar to the function provided in the above-described administrator computer. The security information of the manipulated file is obtained from the file information storage means, and based on the information, the judgment means for judging whether or not the operation of the file needs to be monitored; the file that needs to be monitored by the judgment A file operation monitoring unit that starts monitoring the operation content of the file by the computer, and when the file operation monitoring unit detects a copy operation of the file to the removable storage device, the computer performs the operation on the removable storage device. No take-out Handle may be provided such as command information generation unit for generating instruction information for instruction.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is an explanatory diagram showing a configuration of a file management system according to a representative embodiment of the present invention. The block diagram which similarly shows the structure of the administrator computer in a file management system. The block diagram which similarly shows the structure of a client computer. The block diagram which similarly shows the structure of a removable storage device. The block diagram which similarly shows the structure of an alarm device. The flowchart which similarly shows the process sequence in a file management system.

Explanation of symbols

S file management system N communication network 1 administrator computer 2 client computer 3 removable storage device 4 alarm device 10 processing device 10a operation information reception processing unit 10b determination processing unit 10c file operation monitoring unit 10d command information transmission processing unit 11 storage means 11a file Information storage unit 12 Communication control unit 20 Processing device 20a Operation information transmission processing unit 20b Take-out prohibition processing unit 21 Storage unit 22 Display 23 Input operation unit 24 Communication control unit 30 RFID tag 31 Memory 32 IC chip control parameter 33 Antenna 34 Take-out prohibition flag 40a Warning processing unit 40 Processing device 41 RFID reader 42 Buzzer 43 Locking / unlocking device 110 Folder according to level

Claims (15)

Computer
File information storage means for storing file information together with security information;
Operation information acquisition means for acquiring information relating to file operations in the computer;
With respect to the operated file, referring to the file information storage means, obtaining the security information, and based on the information, a determination means for determining whether or not it is necessary to monitor the operation of the file;
File operation monitoring means for starting monitoring of the operation content of the file by the computer for the file that needs to be monitored by the determination;
Command information generating means for generating command information for instructing the computer to carry out prohibition on the removable storage device when the file operation monitoring means detects a copy operation of the file to the removable storage device;
Based on the command information, a take-out prohibition processing unit that performs a process for prohibiting take-out of the connected removable storage device;
A file management system characterized by comprising: In a file management system composed of a plurality of client computers and an administrator computer connected to the computer,
The administrator computer is
File information storage means for storing file information together with security information;
Operation information receiving means for receiving information on file operations in each client computer from each of the client computers connected for communication;
With respect to the operated file, referring to the file information storage means, obtaining the security information, and based on the information, a determination means for determining whether or not it is necessary to monitor the operation of the file;
A monitoring command transmission unit that transmits a monitoring command for the operation of the file to the client computer when monitoring is required by the determination;
The client computer is
Operation information transmitting means for transmitting operation information about the retained file to the administrator computer;
File operation monitoring means for receiving the monitoring command from the administrator computer and starting monitoring of the operation content of the file on the client computer;
Command information generating means for generating command information for instructing the client computer to carry out prohibition on the removable storage device when the file operation monitoring means detects a copy operation of the file to the removable storage device;
A file management system comprising: a take-out prohibition processing unit that performs a process for prohibiting take-out of the connected removable storage device based on the command information. In a file management system composed of a plurality of client computers and an administrator computer connected to the computer,
The administrator computer is
File information storage means for storing file information together with security information;
Operation information receiving means for receiving information on file operations in each client computer from each of the client computers connected for communication;
With respect to the operated file, referring to the file information storage means, obtaining the security information, and based on the information, a determination means for determining whether or not it is necessary to monitor the operation of the file;
A file operation monitoring means for starting monitoring of the operation content of the file by the client computer for the file that needs to be monitored by the determination;
Instruction information generating means for generating instruction information for instructing the client computer to carry out prohibition on the removable storage device when the file operation monitoring means detects a copy operation of the file to the removable storage device;
Command information transmitting means for transmitting command information to the client computer,
The client computer is
Operation information transmitting means for transmitting operation information about the retained file to the administrator computer;
A file management system comprising: take-out prohibition processing means for performing a process for prohibiting take-out of the connected removable storage device based on the command information received from the administrator computer.   Whether the file information storage means includes a folder for prohibiting taking out information of a file with a high security level, and whether the determination means stores information on the operated file in the folder for prohibiting taking out The file management system according to any one of claims 1 to 3, wherein the file management system is configured to determine whether or not the security level is high if it is stored, and to determine that the operation of the file needs to be monitored.   The security information is security level information divided into a plurality of levels, and the determination means acquires a security level of the operated file, and if the level is a predetermined level or higher, The file management system according to claim 1, wherein it is determined that the operation needs to be monitored.   The file information storage means comprises a plurality of folders for distinguishing and storing file information according to the level of security level, and the determination means is configured to perform security based on the folder in which the information on the operated file is stored. The file management system according to claim 5, wherein the level is acquired.   The file management system according to claim 5 or 6, wherein the command information includes the security level information, and the take-out prohibition processing unit performs a take-out prohibition process corresponding to the security level of the command information.   The removable storage device includes an RFID tag including an IC chip and an antenna, and an alarm device having an RFID reader for receiving control information of the IC chip is provided. The take-out prohibition processing unit is configured to provide the RFID of the removable storage device. This is a process for setting take-out prohibition for the IC chip control parameter of the tag, and the alarm device comprises warning processing means for giving a warning when take-out prohibition is set based on the received control information The file management system according to any one of claims 1 to 7.   The file management system according to claim 8, wherein the warning processing means of the alarm device performs locking processing of the entrance / exit relating to the computer installation location when the carry-out prohibition setting is made based on the received control information. Computer
File information storage means for storing file information together with security information;
A procedure for obtaining information on file operations in the computer;
For the manipulated file, referring to the file information storage means, obtaining the security information, and based on the information, determining whether or not it is necessary to monitor the operation of the file;
A procedure for starting monitoring of the operation contents of the file by the computer for a file that needs to be monitored by the determination;
When the file operation monitoring means detects a copy operation of the file to the removable storage device, a procedure for generating instruction information for instructing the computer to carry out prohibition on the removable storage device;
Based on the command information, a procedure for carrying out the prohibition of taking out the connected removable storage device;
A file management method characterized by comprising: In a file management method comprising a plurality of client computers and an administrator computer that is communicatively connected thereto,
The administrator computer includes a file information storage unit that stores file information together with security information, and each client computer includes an operation information transmission unit that transmits operation information about a retained file to the administrator computer.
The administrator computer is
A procedure for receiving information on file operations in each client computer from each of the client computers connected for communication;
For the manipulated file, referring to the file information storage means, obtaining the security information, and based on the information, determining whether or not it is necessary to monitor the operation of the file;
A procedure for sending a monitoring instruction for the operation of the file to the client computer when monitoring is required by the determination;
The client computer is
A procedure for receiving the monitoring instruction from the administrator computer and starting monitoring operation contents of the file on the client computer;
A procedure for generating command information for instructing the client computer to carry out prohibition on the removable storage device when the file operation monitoring unit detects a copy operation of the file to the removable storage device;
Based on the command information, a procedure for carrying out the prohibition of taking out the connected removable storage device;
A file management method characterized by comprising: In a file management method comprising a plurality of client computers and an administrator computer connected to the computer,
The administrator computer includes a file information storage unit that stores file information together with security information, and each client computer includes an operation information transmission unit that transmits operation information about a retained file to the administrator computer.
The administrator computer is
A procedure for receiving information on file operations on each client computer from each of the client computers connected for communication;
With respect to the operated file, referring to the file information storage means, obtaining the security information, based on the information, determining whether it is necessary to monitor the operation of the file,
A procedure for starting monitoring of the operation content of the file by the client computer for a file that needs to be monitored by the determination;
A procedure for generating instruction information for instructing the client computer to carry out prohibition on the removable storage device when a copy operation to the removable storage device is detected by monitoring the file operation;
Transmitting the generated instruction information to the client computer;
The client computer is
Based on the command information received from the administrator computer, a procedure for carrying out prohibition processing for the connected removable storage device,
A file management method characterized by comprising: A file management program for causing a computer to function as each means in the file management system according to any one of claims 1, 4 to 9,
The computer,
File information storage means for storing file information together with security information;
Operation information acquisition means for acquiring information relating to file operations in the computer;
For the operated file, with reference to the file information storage unit, the security information is obtained, and based on the information, a determination unit that determines whether or not the operation of the file needs to be monitored,
File operation monitoring means for starting monitoring of the operation content of the file by the computer for the file that needs to be monitored by the determination,
Command information generating means for generating command information for instructing the computer to carry out prohibition on the removable storage device when the file operation monitoring means detects a copy operation of the file to the removable storage device;
And a file management program that functions as a take-out prohibition processing unit that performs a process of prohibiting take-out of the connected removable storage device based on the command information. A file management program for causing a plurality of client computers and an administrator computer connected to the client computers to function as each means in the file management system according to any one of claims 2, 4 to 9, respectively. ,
The administrator computer;
File information storage means for storing file information together with security information;
Operation information receiving means for receiving information on file operations in each client computer from each of the client computers connected for communication;
For the operated file, referring to the file information storage means, obtains its security information, and based on the information, a judging means for determining whether or not it is necessary to monitor the operation of the file,
And, when monitoring is required by the determination, it functions as a monitoring command transmission means for transmitting a monitoring command for the operation of the file to the client computer,
The client computer;
Operation information transmitting means for transmitting operation information about the retained file to the administrator computer;
File operation monitoring means for receiving the monitoring command from the administrator computer and starting monitoring the operation content of the file on the client computer;
Command information generating means for generating command information for instructing the client computer to carry out prohibition on the removable storage device when the file operation monitoring means detects a copy operation of the file to the removable storage device;
And a file management program that functions as a take-out prohibition processing unit that performs a process of prohibiting take-out of the connected removable storage device based on the command information. A file management program for causing a plurality of client computers and an administrator computer communicably connected thereto to function as each means in the file management system according to any one of claims 3 to 9,
The administrator computer;
File information storage means for storing file information together with security information;
Operation information receiving means for receiving information on file operations in each client computer from each of the client computers connected for communication;
For the operated file, referring to the file information storage means, obtains its security information, and based on the information, a judging means for determining whether or not it is necessary to monitor the operation of the file,
File operation monitoring means for starting monitoring of the operation content of the file by the client computer for the file that needs to be monitored by the determination;
Instruction information generating means for generating instruction information for instructing the client computer to carry out prohibition on the removable storage device when the file operation monitoring means detects a copy operation of the file to the removable storage device;
And functioning as command information transmitting means for transmitting command information to the client computer,
The client computer;
Operation information transmitting means for transmitting operation information about the retained file to the administrator computer;
And a file management program that functions as a take-out prohibition processing unit that performs a process of prohibiting take-out of the connected removable storage device based on the command information received from the administrator computer.

Images