JP2008250648A - Information management device and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To flexibly decide whether information management is required or not. <P>SOLUTION: A position information detection part 10 detects whereabouts of a document or a member. A position information history holding part 11 records whereabouts area information or position information detected by the position information detection part 10. A protection attribute holding part 12 stores a secrecy degree of each the document or member. A protection area extraction part 13 extracts an area necessary for information protection from the whereabouts area information or the position information, and the individual secrecy degree of the document and the member. A control information output part 14 outputs control information for protection of the extracted protection area. Controlled equipment 15, e.g. a locking mechanism of a door is controlled based on the control information. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to information management technology.

  In recent years, importance has been placed on protection of information, and various technologies have been developed, such as encryption technology for ensuring security on computers and communication paths. However, at the display device or printout stage, which is an interface with the user, there is a problem that it is difficult to protect information and the possibility of being touched by others is increased.

  On the other hand, Patent Document 1 discloses a method for protecting personal information by changing the display of an ID card between a security area and a non-security area. However, since the security area is only a predetermined place and only personal information on the ID card is protected, it cannot be applied to general information.

Further, Patent Document 2 discloses a method for making file access impossible at a location other than a designated location by using position information from GPS as a key. However, since the security area is only a predetermined place and is effective only for file access, it cannot be applied to general control corresponding to taking out a file after downloading.
JP 2003-312173 A JP 2004-302930 A

  In the conventional technology, the designation of the security area cannot be flexibly changed later. Also, the security designation cannot be canceled depending on the situation. In addition, as a file group and an information group, it is not possible to flexibly cope with setting security when information is collected. Furthermore, it is not possible to set security according to a person in the vicinity, not a fixed place.

  The present invention has been made in consideration of the above circumstances, and is highly sensitive information based on information to be protected (information bearing media such as paper media, recording media, and information processing equipment) and position information of people. The purpose is to provide information management technology that can protect information even when people gather or when outsiders are nearby.

  Note that the above-described background art and its problems are described only for explaining a part of the background of the present invention. It should be noted that the present invention is not limited to the background art and problems described above.

  According to this invention, in order to achieve the above-mentioned object, the configuration as described in the claims is adopted. Here, prior to describing the invention in detail, supplementary explanations of the claims will be given.

  That is, according to one aspect of the present invention, in order to achieve the above-described object, an information management apparatus includes: position information detection means for detecting at least one of position information of protection target information and position information of a person; Protection attribute storage means for storing at least one protection attribute of information and person; management reference storage means for storing a management reference for defining a reference for managing information; position information detected by the position information detection means and the protection A management target determining unit that determines a management target by applying the protection attribute stored in the attribute storage unit to the management criteria; and a control information output unit that outputs control information for managing the management target. I have to.

  In this configuration, it is possible to flexibly determine whether information management is necessary based on the members detected in the area or the protection target information. The position of the protection target information is typically represented by the position of the information carrying medium that carries the information.

  The information management device may be configured as a single device, or may be configured by combining a plurality of devices.

  The information management device may be any device as long as it directly or indirectly protects information to be protected, and may be configured as a similar device such as a security management device, facility management device, or information protection device. included. In addition, the information management method can adopt various modes, for example, locking facilities, changing the security display / type, security management equipment, for example, starting a surveillance or security camera, voice, e-mail, display This includes management of alarms, action history, document file download history, document presentation history, and the like. The procedure of the information management method is realized based on the output of control information from the control information output means.

  The position information detection means is carried on at least one of an information carrying medium and a person using, for example, an RFID tag, an infrared badge, a mobile communication mobile station, GPS, and the like, and detects the position information.

  The information carrier medium is a paper document, a recording medium (CD-ROM, DVD, etc.) on which an electronic file is recorded, an external storage device, a portable information terminal (notebook PC, etc.), and the like.

  In the case of detecting / using position information of only the protection target information (information carrying medium), for example, when protection target information (information carrying medium) having a high security level is detected in a predetermined facility area, the facility area This includes the case where locking is performed, the presentation of a document, for example, the prohibition of the presentation of a document by a projector, or the display of a security area is displayed. The security level is also a level of access authority to information, and may have personality or property.

  When detecting and using only the location information of a person, the facility area is locked based on the security level of the person located in the predetermined facility area or the security level of the person located in the adjacent area, or the document This includes a case where the presentation, for example, the presentation of a document by a projector is prohibited or the security area is displayed.

  When detecting and using both the position information of the protection target information (information carrying medium) and the position information of the person, the security level of the protection target information carried by the information carrying medium located in the predetermined facility area and the facility area Lock the facility area against the security level of the person who is located or the security level of the person located in the adjacent facility area, prohibit the presentation of documents, for example, the presentation of documents by projectors, This includes the case where the indication is made.

  Information held by an information carrier medium, particularly a portable information terminal or a portable storage device, can be centrally managed using a database or the like. For example, when protection target information is downloaded from a file server, data indicating which portable information terminal or storage device stores the protection target information is stored in the database. Of course, the attribute of the protection target information that the portable information terminal intends to present at that time is read from the information itself or by referring to the database, and the information and its protection attribute are determined at the location of the portable information terminal. May be.

  In this configuration, the management target may be a facility area where a person can stay. In this case, the control information may be information for controlling the entrance / exit management of facilities that divide the facility area to be managed, for example, locking and input / output history acquisition.

  In addition, the management standard is brought into the facility area to be managed and the reference attribute determined by the person who brought the protection target information into the facility area to be managed and the person located in the area adjacent to the facility area. It may be a management standard for determining whether or not to lock the equipment in the facility area to be managed by comparing the protection attribute of the information attribute.

  In addition, the management standard includes a reference level determined by a protection attribute of a person located in the facility area to be managed and a protection attribute of a person located in an area adjacent to the facility area and the facility area to be managed. It may be a management standard for determining whether or not to lock the equipment in the facility area to be managed by comparing with the calculated level obtained from the protection attribute of the protection target information carried on the information carrying medium.

  The information carrying medium may be a recording medium on which information is recorded. The recording medium may be a printing medium such as paper, or may record information electronically, magnetically, or optically.

  The management target is the information carrier medium, and may be a device that can control the presentation of information. In this case, when the device presents information, presentation of information on the device may be controlled based on the protection attribute of the information. Further, the management target is the information carrying medium, and may be a device that can control the transfer of the protection target information.

  The present invention can be realized not only as an apparatus or a system but also as a method. Of course, a part of the invention can be configured as software. Of course, a software program used for causing a computer to execute such software is also included in the technical scope of the present invention.

  These and other aspects of the invention are set forth in the appended claims and will be described in detail below with reference to examples.

  According to the present invention, it is possible to flexibly determine whether information management is necessary based on at least one of members and information detected in a region.

  Examples of the present invention will be described below.

  1 shows an information management system according to a first embodiment of the present invention as a whole. In FIG. 1, an information management system 100 includes a location information detection unit 10, a location information history holding unit 11, a protection attribute holding unit 12, A protection area extraction unit 13 and a control information output unit 14 are included. The control information output unit 14 outputs control information to the controlled device 15.

  The position information detection unit 10 is a means for detecting the location of a document or member, and is a device capable of extracting the position information or location area information of a document or member, such as an infrared badge system, RFID tag system, PHS / mobile phone, GPS, etc. If so, it doesn't matter how it is realized. The document is recorded on a paper medium or an information recording medium, or downloaded to an information device and held.

  The position information history holding unit 11 is means for recording the position information or location area information detected by the position information detection unit 10.

  The protection attribute holding unit 12 is a means for storing the confidentiality of each document and member.

  The protection area extraction unit 13 is a means for extracting an area that needs information protection from the sensitivity of each document and member, and position information or location area information.

  The control information output unit 14 is means for outputting control information for protecting the extracted protected area. Based on this control information, the controlled device 15 (for example, a door locking mechanism) is controlled.

  FIG. 2 shows a specific configuration example in which the area is locked according to the security level of the area. In FIG. 2, the position information detection unit 10 includes a tag 10 a held by a user, a tag 10 a incorporated in an information carrier medium such as a paper medium on which a document is recorded, and a receiver 10 b installed in the area. In some cases, a plurality of pieces of information are assigned to one information carrier medium. For example, an information terminal (such as a personal computer) or an external storage device from which a plurality of documents have been downloaded is assigned a plurality of documents. Information terminals and external storage devices are typically portable, but may be stationary. In the case of the stationary type, the position information is always constant, but the document assigned to it is not constant.

  In this example, the position information history holding unit 11 uses a storage device on the server 20 or the like. The protection attribute holding unit 12 also uses a storage device on the server 20. The protected area extraction unit 13 is realized by a computer program or the like on the server.

  The functional units 11 to 14 illustrated in FIG. 1 are realized by, for example, cooperation of hardware resources and software of the server 20. The server 20 is a normal computer system, and includes a CPU, a main memory, an input / output device, a bus, an auxiliary storage device, and the like. The position information detection unit 10 may also be realized by cooperation of hardware resources and software of the server 20 when the detection data of the receiver 10b is further processed to obtain a position information detection output. In this example, the controlled device 15 is a door 15 a and its controller (control output device) 15 b, and the controller 15 b is connected to or incorporated in the server 20. The controller 15b is not limited to the electronic lock of the door 15a, and may control display of the projector 15c, transmission of a warning mail, start of camera shooting, or the like.

  The network 21 is a communication network such as a LAN for connecting the receiver 10b and various devices.

  Although only areas 1 to 3 are shown in FIG. 2, there may be more areas, or at least good.

  FIG. 3 is an example of a map when a certain floor is viewed from above. In the example of FIG. 3, it is assumed that the areas are separated by a gate that does not open and close unless the tag 10a (FIG. 2) is provided, and the visitor is lent with a tag for the visitor. Thereby, it is not necessary to assume moving between areas without having a tag. In addition, a receiver 10b (FIG. 2) is installed in each area, so that it is possible to grasp who is currently in which area.

  The table in FIG. 4 is an example of a list of IDs of members of each group. The member ID is uniquely assigned by the user information management system. The member ID is held in the database of the server 20 as user information, for example. The correspondence between the tag ID of the tag 10a carried by the member and the member ID is also held in the database of the server 20, for example. The tag ID may be used as it is as the member ID.

  The table of FIG. 5 shows an example of a list of document IDs of paper medium copies of documents attached with tags. The document ID is an ID uniquely assigned to a document by, for example, a file management system, and a tag ID is assigned to the document ID. For example, when a tag is attached to a paper medium copy of a document, the ID of the tag is associated with the document ID. Since a plurality of paper medium copies and electronic copies are created or downloaded, the document ID and the tag ID are usually associated in a one-to-many relationship. When the document and the tag have a one-to-one correspondence, a tag ID may be used as the document ID. In order to table the document ID from the tag ID, for example, the correspondence between the tag ID and the document ID may be held in the database of the server 20 or the like.

  Based on the ID of the tag detected by the receiver 10b installed in each area, the ID of the member in the area or the ID of the document in the area is detected from the ID of the document or the ID of the member. The

  FIG. 6 shows the operation of this embodiment as a whole. In this figure, position information is collected from the position information detection unit 10 in the position information detection step S10. In the history information recording step S <b> 11, the collected position information is recorded in the position information history holding unit 11. In point calculation processing step S12, points related to the current security of each area are calculated. In security discrimination processing step S13, it is discriminated whether or not to set security with an adjacent area based on the security setting conditions stored in the protection attribute holding unit 12. In the control information output step S14, information for controlling security is output based on the determination result of the security setting.

  FIG. 7 shows an implementation example of the point calculation processing step. In this figure, first, an area number as a point calculation target is initialized (S120). Subsequently, a person in the corresponding area is detected, and a group in the area is extracted (S121). Next, protection target information in the corresponding area is detected (S122). Next, the total value of the security points of the protection target information in the area is calculated (S123). Security points of protection target information are set for each type of document or information as in the example of the table of FIG. The calculated total value is recorded (S124). If an area remains, the next area is recorded. If no area remains, the process ends (S125).

  Note that it is sometimes necessary to calculate a security point for electronic information as well as a document to which a tag is attached. In this case, a tag is attached to a notebook PC that stores electronic files, or an external storage medium such as a USB memory or an external hard disk drive, and is added according to the type of file obtained by downloading the file. By associating the assigned security point with the tag, the security point in the area can be calculated by the same operation.

  FIG. 9 shows an implementation example of the security discrimination processing step. In this figure, first, an area number to be controlled is initialized (S130). Subsequently, the numbers of adjacent areas to be discriminated are initialized (S131). In this example, an outsider does not enter the control area and the key is controlled. However, an outsider also enters the area and the display is changed or a warning is given to deal with this. May be sent by e-mail or the like, not only the adjacent area but also the control target area. If only the control target area needs to be used, only the number of the control target area may be included in the determination target list instead of the adjacent area.

  Next, the security point of the area to be controlled is compared with the attribute of the person detected in the adjacent area to be determined (S132). It is desirable to take a logical sum so that a judgment result is selected that has the most severe conditions with other adjacent areas. Further, depending on the security level, for example, the control measures may be changed such that the area door is locked when confidential information is included, and the display is turned off when the information is in-house.

  When the adjacent area remains, the security is determined for the next adjacent area. When the adjacent area does not remain, the control information is output based on the determination result (S133, S134).

  If the area to be controlled remains, the process returns to the initialization of the adjacent area number. If the area to be controlled does not remain, the process ends (S135).

  The output of control information may be recorded and output collectively after the security discrimination processing.

  In a specific example, it is determined whether disclosure is possible using the total disclosureable points. That is, points are assigned according to the attribute relating to the confidentiality of the document, and it is determined whether disclosure is possible based on the total value of the points of the document in the area.

  For example, since the level that can be disclosed differs between departments, the total value that can be disclosed between departments and the points for each document type are set as shown in the table of FIG. The information bringer is, for example, a member in the target area, and the security protectee is, for example, a member in the adjacent area. If the attribute of the member is not uniform for each person who brings information or who is subject to security protection, the attribute of the representative member (majority decision) may be used as a standard, or multiple attributes may be adopted individually for each attribute. The logical sum of the determination results may be taken. Based on information and the position detection history of the person, the person who belongs to the protection target information may be associated with the protection target information to specifically identify the person who brought the information.

  In the example of FIG. 10, the information disclosure level between sales departments is set strictly even in the same sales, in order to avoid information leakage between the sales department 1 customers and the sales department 2 customers.

  For example, if a member of sales department 1 brings information into the corresponding area and there is a member of sales department 1 in the adjacent area, the total value that can be disclosed is set to “less than 1000”, and it is disclosed when the confidentiality is not high. On the other hand, if there are two members of sales in the adjacent area, the total disclosureable value is set to “less than 5”, and if there is some confidentiality, it is determined that disclosure is impossible It has become.

  As a result, for example, if a member of the sales department 1 brings a document of 5 points or more in a certain area, the member of the sales department 2 cannot lock or display the document on the projector. To control.

  For example, if the floor is divided into six areas as shown in FIG. 11, a list of adjacent areas on the right as shown in FIG. 12 can be created. In this example, there is no gate that can go between Area 3 and Area 5, so it is not an adjacent area.

  As a result, it is possible to determine whether it is necessary to enhance the security level between adjacent areas.

  In addition, when there is a functional space such as a conference room, the area may be set finely by the division.

  A description will be given according to a specific example. The table in FIG. 13 is an example of a list of detected members and document IDs at a receiver installed in an area at a certain moment. When attention is paid to the area where the receiver ID is 1, the detected members are 2, 3 and 5, and it can be seen that all the members are members of the sales department 1 using the group member list. Similarly, it can be seen that the detected document is a document owned by the first sales department.

  For example, as shown in the example of the table of FIG. 13, the number of members of the sales department 1 (2, 3, 5) in the area 1 and the number of members of development (17, 19, 22) in the adjacent area 2 ) Are at the same time and there is no one in Area 3. Members of the sales department 1 brought in 5 public information (1001 to 1005), 1 internal information (1006), and 2 general confidential information (1007, 1008). And 1 in-house information (development member's document attributes are not shown, but are defined in the same way as the table shown in Fig. 4) The point is 1 point. If this is determined on the basis of the table of FIG. 10, the information of the sales department 1 cannot be disclosed, but the development information can be disclosed. Based on this, it can be controlled that area 1 is locked and area 2 is not locked, or that area 1 cannot be displayed on the projector and area 2 can be displayed on the projector.

  In the present embodiment, since the point of the public information is 0, when controlling the projector, the public information may be controlled so that it can be displayed independently without being controlled.

  Next, a modification of the first embodiment of the present invention will be described as a second embodiment.

  In the second embodiment, in the example in which a tag is attached to a notebook PC, a passing gate or the like is set as a single special area so that an alarm sounds when a confidential condition is violated.

  For example, let the gate between area 1 and area 3 be area 13. In area 13, it is assumed that a member with ID = 11 mistakes for a notebook PC of his / her department and is going to pass with a notebook PC which is a medium with ID = 2001. ID = 11 is a member of the second sales department, and all owners of the files downloaded to the notebook PC of ID = 2001 are the first sales department. For this reason, since the security point is 11 and the disclosure possible point is less than 5, this is a combination that cannot be disclosed for security reasons. Note that the ID of the notebook PC is the tag ID itself or an ID (media ID) associated with the tag ID on a one-to-one basis, and the tag ID or the media ID and the file ID are one-to-many (including one-to-one). ).

  Here, it is possible to replace control for taking out information instead of control for information disclosure, and in the case of such a combination that cannot be disclosed, an alarm is sounded, whether it is intentional or not. In addition, a warning can be issued for taking out information. Also, in the case of a gate, an alarm or warning may be given for detection by a notebook PC alone, assuming that a misplaced person or a take-out person without a tag is involved. In addition to physical location information, if information on the logical recording location of information such as on a company-wide document server, department server, laptop PC, etc. is used, information to be protected on the network You can also limit or warn about movement or transfer.

  The present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the spirit of the invention. For example, in the above-described embodiment, the one-to-many relationship between the media and the information about the protection target information downloaded to the portable information terminal or the external storage device (media) is based on the fact or history of the download. Although it is managed centrally by the database of the server, etc., an agent program that negotiates with the server is installed in the portable information terminal, and the portable information terminal presents the information to be protected (displayed, printed, or transferred) ), At that time, the position of the portable information terminal may be notified to the server or the like as the position of the information to protect the information. Further, instead of centrally managing the protection attributes of the protection target information using a database or the like, information protection may be performed by using the protection attribute information held by the protection target information (electronic file) itself. Further, when the download file is deleted from the information terminal or the external storage device, it is preferable that the agent program notifies the server of this and reflects that the information no longer exists in the database or the like.

It is a block diagram which shows typically the structure of Example 1 of this invention. It is a figure explaining the mounting form of Example 1. FIG. It is a figure explaining the example of the floor arrangement | sequence of the area in the facility of Example 1. FIG. It is a figure which shows the relationship between member ID (tag ID) of Example 1, and the group to which a member belongs. FIG. 6 is a diagram illustrating document IDs (tag IDs) and document attributes (security type and affiliation group) according to the first exemplary embodiment. 3 is a flowchart for explaining an operation example of the first embodiment. It is a flowchart explaining the detail of the step of the point addition process of FIG. It is a figure which shows the example of the point allocated for every security classification of a document. It is a flowchart explaining the detail of the step of the security discrimination | determination process of FIG. It is a figure explaining the total point which can be disclosed for every combination of the information bringer and the security protection target person of Example 1. It is a figure explaining the floor arrangement of the area in the facility of a specific example. It is a figure explaining the adjacent area list of the floor arrangement | sequence of FIG. It is a figure explaining the list | wrist of ID detected in each area (each receiver) in the specific example. It is a figure explaining the example of calculation of the security point of the area 1 of a specific example. It is a figure explaining the list | wrist of ID detected in each area (each receiver) in Example 2. FIG. FIG. 10 is a diagram illustrating an example of a list of media IDs and download file IDs according to the second embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Position information detection part 10a Tag 10b Receiver 11 Position information log | history holding part 12 Protection attribute holding part 13 Protection area extraction part 14 Control information output part 15a Door 15b Controller 15c Projector 15 Controlled device 20 Server 21 Network 100 Information management system

Claims (12)

Position information detecting means for detecting at least one of the position information of the protection target information and the position information of the person;
Protection attribute storage means for storing at least one protection attribute of information to be protected and a person;
Management standard storage means for storing a management standard that defines a standard for managing protection target information;
A management target determination unit that determines a management target by applying the positional information detected by the positional information detection unit and the protection attribute stored in the protection attribute storage unit to the management standard;
An information management apparatus comprising: control information output means for outputting control information for managing the management object.   The information management device according to claim 1, wherein the position of the protection target information is represented by a position of an information carrying medium carrying the information.   The information management apparatus according to claim 1, wherein the management target is a facility area where a person can stay.   The information management apparatus according to claim 1, wherein the control information is information for controlling entrance / exit management of equipment that divides the facility area to be managed.   The management criteria are the reference attributes determined by the person who brought the protection target information into the facility area to be managed and the person located in the area adjacent to the facility area, and the protection target brought into the facility area to be managed. 5. The information management apparatus according to claim 4, which is a management standard for determining whether to perform entrance / exit management of equipment in the facility area to be managed by comparing with protection attributes of information attributes.   The management standard is located in the facility area to be managed and the reference level determined by the protection attribute of the person located in the facility area to be managed and the protection attribute of the person located in the area adjacent to the facility area. 5. A management standard for determining whether to perform entrance / exit management of equipment in the facility area to be managed in comparison with a calculated level obtained from a protection attribute of protection target information carried on an information carrying medium. Information management device.   The information management apparatus according to claim 2, wherein the information carrier medium is a recording medium on which protection target information is recorded.   The information management apparatus according to claim 2, wherein the management target is the information carrying medium and is a device capable of controlling presentation of protection target information.   The information management apparatus according to claim 2, wherein the management target is the information carrying medium and is a device capable of controlling transfer of protection target information.   The information management apparatus according to claim 8, wherein when the device presents protection target information, the presentation of the protection target information in the device is controlled based on a protection attribute of the information. A position information detecting means for detecting at least one of the position information of the protection target information and the position information of the person;
A protection attribute storage means for storing at least one protection attribute of information to be protected and a person;
A management criteria storage means for storing management criteria defining criteria for managing the protection target information;
A management target determining unit that determines a management target by applying the position information detected by the position information detection unit and the protection attribute stored in the protection attribute storage unit to the management criteria;
And a control information output means for outputting control information for managing the management object. A position information storage means for storing at least one of the position information of the protection target information and the position information of the person;
A protection attribute storage means for storing at least one protection attribute of information to be protected and a person;
A management criteria storage means for storing management criteria defining criteria for managing the protection target information;
A management object determining unit that determines the management object by applying the position information stored in the position information storage and the protection attribute stored in the protection attribute storage unit to the management standard;
A computer program for information management, wherein the control information output means is used for causing a computer to execute a step of outputting control information for managing the management target.