JP2009116511A - Confidential information protection system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a confidential information protection system for preventing confidential information from being peeked by an entry person when a visitor enters a room, and the person approaches a computer terminal in the room. <P>SOLUTION: This confidential information protection system includes: an entry information reception part for receiving entry information from a management device; an entry person level determination part for determining the access authority level of the entry person by using identification information in entry information; an operation log information storage part; an operation log information acquisition part for acquiring operation log information as an operation to a file corresponding to file identification information; an access authority level determination part for determining an access authority level of the file used by each client terminal by using the acquired operation log information; and a control determination part for comparing the access authority level of the entry person with the access authority level of the file in use, and for determining the file of the access authority level which cannot be used by the entry person among the files and the client terminal. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

In the case of approaching a computer terminal in a room such as a visitor entering a room where a computer terminal is installed (hereinafter referred to as “room”) in a laboratory or office of a company, The present invention relates to a confidential information protection system which prevents confidential information from being viewed by a room occupant by controlling the screen display of a computer terminal displaying confidential information.

  In recent years, information leakage of confidential information has become a problem in companies and the like. For this reason, problems such as information leakage occur due to operation management at the computer terminal used during work, that is, recording and managing what work is being done at which computer terminal. I try not to. The following Patent Document 1 and Patent Document 2 disclose inventions related to such a remote monitoring system.

JP 2005-44226 A JP 2006-108947 A

  However, the problem of information leakage does not always leak from the operation of the computer terminal. For example, it may occur when a visitor enters a room where a computer terminal that handles confidential information is installed and looks at the screen of confidential information displayed on the computer terminal. In particular, those who work on computer terminals that handle confidential information are often enthusiastic about the work, and those who enter the room enter the room and look at the screen on which confidential information is displayed. Attention may not be paid to this.

  Therefore, for example, when handling important confidential information such as customer information on a computer terminal, the screen of the computer terminal can be seen when passing immediately behind the person performing the work. It is also assumed that. As a result, a part of customer information which is confidential information may be seen.

  In order to prevent this, conventionally, countermeasures have been taken by introducing an entrance / exit management system in which a visitor cannot enter a room that handles confidential information. However, for example, visitors may be allowed to enter the room for maintenance work such as cleaning or electrical work, or for inspections or special meetings. In that case, particularly when entry is permitted during working hours, the above-mentioned situation is assumed to occur, and there is a problem that it is not perfect to protect confidential information from visitors by the entrance / exit management system.

  Further, even if the employee is in the same company, the access authority is defined for files and programs that handle confidential information, and an employee without access authority cannot view the confidential information file or program. An employee who does not have access authority may enter the room for some reason (for example, deliver a document) and touch the screen of the employee's computer during work, thereby touching confidential information. In this case, since the person who entered the room (hereinafter referred to as “the person who entered the room”) is an employee in the same company, the employee who is working is also forgiven, and files and programs with confidential information are displayed on the screen. The risk of information leakage increases because there is a high possibility that the information will remain untouched. This cannot be protected by a conventional entrance / exit management system.

  Furthermore, even if the remote monitoring system of the above-mentioned patent document is used, it only records and monitors what kind of work is being performed on the computer terminal, and the room occupant is in the room. It is not something that can be controlled by entering the room.

  Therefore, the present inventor controls the display of the computer terminal that handles confidential information when the user enters the room, such as when entering the room, to control the display of the computer terminal that handles the confidential information. We have invented a confidential information protection system that can protect confidential information even when entering a room.

  The invention of claim 1 is a confidential information protection system for protecting confidential information displayed on a display device of a client terminal installed in a predetermined area from a person entering the area, wherein the confidential information protection system includes: An entry information receiving unit that receives entry information indicating entry of the entry person into the area from a management device that manages entry into the area, and an operation log information storage unit that stores operation log information of each client terminal Operation log that is an operation to the file corresponding to the file identification information among the operation log information stored in the operation log information storage unit using the file identification information of the file used in each client terminal An operation log information acquisition unit for acquiring information, and an access authority for a file used in each client terminal using the acquired operation log information Control for determining a client terminal to be controlled by using an access authority level determining unit for determining a bell, an access authority level of a file used in each client terminal, and an access authority level of the occupant And a determination unit.

  With the configuration of the present invention, when an outsider enters a predetermined area, for example, a room, confidential information is displayed on the display device among the client terminals installed in the room. The client terminal can be determined. As a result, the file displayed on the client terminal can be prevented from being looked into.

  In the invention of claim 2, the access authority level determination unit includes identification information of an operator who has operated the operation log information that is a predetermined operation content among the operation log information acquired by the operation log information acquisition unit. This is a confidential information protection system that extracts and obtains an access authority level corresponding to it, and determines the access authority level as the access authority level of the file.

  The access authority level of the file used in each client terminal can be determined as in the present invention. By using the present invention, instead of simply determining whether or not there is an access right as in the prior art, processing is performed after confirming operation log information which is an operation history for the file. Further, since the access authority level of the file is determined based on the operation log information, it is not necessary to set the access authority level in advance for each file. This is because files can be created easily, but setting the access authority level for each file is cumbersome and the setting is often forgotten. Therefore, according to the present invention, a complicated operation of setting an access authority level for a file is not required.

  That is, if the file can be identified, the operation log information of the file can be specified, so that the creator or editor can be specified. Of course, the creator or editor usually has access authority to the file. Also, if a person has a higher access authority level than those persons, there is no problem even if the file is looked into because the person who originally entered the room has access authority to the file. On the other hand, if the access authority of the room resident is lower than the access authority level of the open file, the resident person does not have access authority to the file. . Therefore, the above problem can be easily solved by adopting the configuration of the present invention.

  In the invention of claim 3, the confidential information protection system further includes a file level storage unit that stores file identification information and an access authority level of the file, and the access authority level determination unit includes: If there is information indicating the change of the file identification information in the acquired operation log information, the access authority level of the file is first determined by referring to the file level storage unit using the file identification information after the change. If the access authority level cannot be determined from the file identification information after the change, the access authority level is determined by referring to the file level storage unit using the file identification information before the change. Information protection system.

  The access authority level of the file used in each client terminal can be determined as in the present invention. By using the present invention, instead of simply determining whether or not there is an access right as in the prior art, processing is performed after confirming operation log information which is an operation history for the file. In addition, file identification information such as a file name is often changed. In such a case, simply set the access authority for the file, set the access authority level with the new file name, or change the original file name to the new file name and change the access authority level. There is only way to update. However, setting the access authority level is complicated and may be forgotten. In that case, no access authority is set for the new file name after the change, and anyone can access it. However, according to the present invention, the operation log information can identify the operation history indicating that the file identification information such as the file name has been changed, so that the conventional work as described above need not be performed.

  In the invention of claim 4, the confidential information protection system is a confidential information protection system further comprising a control instruction unit that transmits a predetermined control instruction to the client terminal determined by the control determination unit.

  It is preferable not only to specify the client terminal but also to cause the client terminal to execute a control instruction so that the file cannot be seen by the room occupant.

  6. The confidential information protection system according to claim 5, wherein, as a predetermined control instruction in the control instruction unit, a process for making a displayed file unreadable or difficult to read is executed in a client terminal that has received the control instruction. It is.

  There are various types of control in the client terminal, but it is preferable to use the control as in the present invention.

  6. The client terminal according to claim 6, wherein the client terminal that has received the use restriction control instruction stores the use restriction control instruction in a storage device of the client terminal and newly detects an input of a processing instruction relating to a file. A confidential information protection system that determines whether or not the use restriction control instruction stored in the storage device is violated, and executes the detected processing command if not, and does not execute the detected processing command if not It is.

  8. The client terminal according to claim 7, wherein the client terminal that has received the use restriction control instruction stores the use restriction control instruction in a storage device of the client terminal and newly detects an input of a processing instruction relating to a file. Inquires about the access authority level of the file related to the detected processing instruction, and compares the access authority level corresponding to the inquired processing instruction with the access authority level corresponding to the use restriction control instruction stored in the storage device. The confidential information protection system executes the detected processing instruction if the condition is satisfied and does not execute the detected processing instruction if the condition is not satisfied.

  9. The invention according to claim 8, wherein the confidential information protection system that has received a file access authority level query relating to the detected processing instruction uses the file identification information corresponding to the query file to store the operation log information. Among the operation log information stored in the unit, the operation log information that is an operation to the file corresponding to the file identification information is acquired, and the file used in each client terminal using the acquired operation log information It is a confidential information protection system that determines the access authority level of the system.

  The above-described new file processing command in each client terminal can be dealt with by causing the client terminal to execute the process as described above.

  According to a ninth aspect of the present invention, there is provided a computer terminal for storing operation log information of each client terminal in a storage device, from a management device for managing entry into a predetermined area, to entry information indicating entry of the entry person into the area. The operation information to the file corresponding to the file identification information among the operation log information stored in the storage device by using the file identification information of the file used in each client terminal. An operation log information acquisition unit that acquires certain operation log information, an access authority level determination unit that determines an access authority level of a file used in each client terminal using the acquired operation log information, and each client terminal And the access authority level of the file used in the user and the access authority level of the occupant. Determining control determination unit of the client terminal that is secret information protection program to function as a.

  By executing the program of the present invention on a predetermined computer, the above-described confidential information protection system can be realized.

According to the present invention, when a person entering the room approaches the computer terminal (client terminal) on which confidential information is displayed, such as entering the room, the display of the computer terminal handling the confidential information is controlled to enter the room. Even if a person enters the room, confidential information can be protected.

  A conceptual diagram of the confidential information protection system 1 of the present invention is shown in FIG. 1, and a conceptual diagram of the system configuration is shown in FIG. In the present specification, the description of “file” may include “program”. In that case, “file” may be read as “program”.

  The confidential information protection system 1 is realized by executing a program or a module for realizing the confidential information protection system 1 in the management server 2. The management server 2 is a computer terminal (including a server) that records and monitors what program is being executed in the plurality of client terminals 4. Accordingly, each client terminal 4 has information such as a program name and a file name executed in the client terminal 4 periodically or at a predetermined timing such as when a new program or file is executed or terminated. The client terminal 4 has a function of transmitting the program name and file name information to the management server 2.

  The management server 2 and the client terminal 4 include a calculation device 20 such as a CPU that executes calculation processing of a program, a storage device 21 such as a RAM or a hard disk that stores information, a processing result of the calculation device 20, and a storage device 21. It has at least a communication device 24 that transmits and receives information to be stored via a network such as the Internet or a LAN. Each function (each unit) realized on the computer is executed when a unit (program, module, etc.) for executing the process is read into the arithmetic unit 20. When using the information stored in the storage device 21 in the processing, each function reads the corresponding information from the storage device 21 and uses the read information for processing in the arithmetic device 20 as appropriate. The computer may include an input device 23 such as a keyboard, a mouse, and a numeric keypad, and a display device 22 such as a display (screen). FIG. 3 schematically shows an example of the hardware configuration of the management server 2 and the client terminal 4.

  Each means in the present invention is only logically distinguished in function, and may be physically or practically the same area. Moreover, the management server 2 may be comprised by one server, and the function may be distributed by several servers.

  The management server 2 can transmit / receive information to / from the entry / exit management device 3 that manages entry into the room in which the client terminal 4 is installed, and each client terminal 4. The entrance / exit management device 3 is a device that detects that a person entering the room (such as a room) in which the client terminal 4 is installed. For example, it is a device that detects entry into a room by controlling the opening and closing of the door of the room with an IC tag or a magnetic card attached to the admission card. In addition to the entrance / exit management device 3, for example, a device that detects the entrance to a room by recognizing a face image and controlling the opening and closing of a door based on an image taken by a camera, It may be a device that detects entry into a room by controlling the opening and closing of the door based on various biometric information such as palm prints, irises, and vein patterns. In addition to the entrance / exit management device 3, the device detects and manages intrusion into a predetermined area (not limited to a room, for example, a floor, a building, etc.) where the client terminal 4 is installed. Also good.

  The management server 2 includes an entrance information receiving unit 5, a occupant level determination unit 6, an access authority level information storage unit 7, an operation log information reception unit 8, an operation log information storage unit 9, an operation log information acquisition unit 10, and an access authority level. It has a determination unit 11, a control determination unit 12, and a control instruction unit 13.

  The room entry information receiving unit 5 enters and exits information (room entry information) indicating that a room entrant has entered a predetermined area (a room is preferred, but not limited to) where the client terminal 4 is installed. It is means for receiving from the management apparatus 3. This room entry information includes the room visitor identification information read by the room entry / exit management device 3 from the room entry card. The identification information includes, for example, information for identifying an admission card (such as an employee card). In addition, identification information that identifies you as an outsider is included in the admission card that is given to an outsider. Identification information such as an employee number is included in the admission card (such as an employee ID card) that is passed to an insider. Depending on its attributes, such as identification information identifying the security officer on the admission card given to the person, identification information identifying it on the admission card given to the cleaning person, etc. The type of identification information may be different. In other words, it may be information for identifying “who” or “who” entered the room.

  The occupant level determination unit 6 is a means for determining the access authority level of the occupant by referring to an access authority level information storage unit 7 described later based on the identification information in the entrance information received by the entrance information receiving unit 5. is there. For example, when the person entering the room is an outside person, it is shown as identification information (for example, in the case of a visitor, an admission card storing “Z1” is given as identification information). With reference to the access authority level information storage unit 7 described later, it is determined that the access authority level of the room occupant is “1”. When an employee number or the like is received as identification information in the room entry information, the access authority level information storage unit 7 is referenced based on the employee number to determine the access authority level of the employee who has entered the room. In addition to regular employees, employees such as contract employees, temporary employees, etc. may be any person who has the right to enter the company, regardless of the type of employment.

  The access authority level information storage unit 7 includes identification information of a user who may create, edit, use, etc. a file to be used in each client terminal 4 and a person who may enter each room (room entry). The access authority level is stored in contrast. FIG. 5 schematically shows an example of the access authority level information storage unit 7. FIG. 5 shows a case where the attribute information and the access authority level of the person who possesses the information are associated with each other based on the identification information stored in the admission card or the like.

  In FIG. 5, information about employees and non-employees is shown in one table, but they may be divided into a plurality of pieces. For example, the correspondence between each identification information and the access authority level may be stored in different tables for employees, security personnel, cleaning personnel, and visitors.

  The operation log information receiving unit 8 receives operation log information in the client terminal 4 from each client terminal 4 regularly or irregularly (at a predetermined timing). The received operation log information is stored in an operation log information storage unit 9 (to be described later) together with the date and time and information for identifying which client terminal 4 is the operation log information. The operation log information may be information indicating the operation content in each client terminal 4 and the processing content in the client terminal 4, for example, “file copy”, “file selection”, “drive addition”, “pointing device” Information indicating the operation of the operator of the client terminal 4 such as “operation” and “screen control (such as window size change)” is applicable. FIG. 6 schematically shows an example of operation log information. Further, when the management server 2 receives operation log information from each client terminal 4, it may be received via a network, or the operation log information is recorded on a recording medium such as a DVD in the client terminal 4, and the recording medium is stored in the recording medium. It may be read by the management server 2 and received by reading operation log information therefrom.

  The operation log information storage unit 9 stores the operation log information received from each client terminal 4 by the operation log information reception unit 8. The operation log information includes information for identifying the client terminal 4, information indicating the operation content, the name of the file that is the operation target of the operation content, information indicating the location of the file, information indicating the date and time or the date and time, etc. It is included. Also, file name, file creator (file creator identification information), creation date / time, editor (file editor identification information), editing date / time, new file creation, file update, file deletion, file name change It is preferable that contents indicating processing for the file such as change of access authority, creation of a copy, movement of the file, and the like are included. The operation log information is preferably stored for each client terminal 4 or its user (login name or the like). In addition, when associating the information indicating the operation content with the date and time, it may be performed at the client terminal 4, may be performed when the operation log information is received by the management server 2, or an operation log information storage unit You may perform when you memorize | store in 9. FIG. 7 schematically shows an example of the operation log information storage unit 9.

  The operation log information storage unit 9 stores, as operation log information, operation histories of operations performed on various files in each client terminal 4.

  The operation log information acquisition unit 10 receives the identification information (for example, the file name) of the file used in each client terminal 4 managed by the management server 2 when the room entry information receiving unit 5 receives the room entry information. Obtained from the operation log information stored in the information storage unit 9 or obtained from each client terminal 4. Then, the operation log information for the file used in each client terminal 4 is acquired from the operation log information storage unit 9.

  For example, there are four client terminals 4 managed by the management server 2, “competitive product information.xls” and “web browser program .exe” at the client terminal A, and “new product meeting material.doc” at the client terminal B. The client terminal C uses the “employee information.xls”, “accounting program .exe”, “salary program .exe”, and the client terminal D uses the “mail program .exe”. When the entry information is received from the entry / exit management device 3, the operation log information acquisition unit 10 is used by each client terminal 4 by inquiring the client terminal A to the client terminal D about the file currently used. Determine the identification information of the file. For example, in the case described above, “competitive product information.xls” and “web browser program .exe” at the client terminal A, “new product meeting material.doc” at the client terminal B, “employee information.xls”, “ It is determined that “accounting program .exe”, “salary program .exe”, and “mail program .exe” are used in client terminal D. And "competitive product information.xls", "web browser program.exe", "new product meeting materials.doc", "employee information.xls", "accounting program .exe", "salary program .exe", "email program" Operation log information for each file of “.exe” is acquired from the operation log information storage unit 9. This is schematically shown in FIG.

  Alternatively, when the entrance information receiving unit 5 receives the entrance information from the entrance / exit management device 3, the operation log information acquisition unit 10 reads the operation log from the operation log information storage unit 9 until the predetermined time before the entrance information is received. By acquiring information from the operation log information storage unit 9, the identification information of the file used in each client terminal 4 is acquired. If this is a file currently used by the client terminal 4, operation log information indicating the operation content such as “open file” is stored in the operation log information storage unit 9 as operation log information. Based on this, the identification information of the file used at the timing when the entry information is received by each client terminal 4 can be acquired. When the file used in each client terminal 4 is determined, the operation log information for each determined file is acquired from the operation log information storage unit 9 as described above.

  The access authority level determination unit 11 determines the access authority level of each file based on the operation log information for each file currently used by the client terminal 4 acquired by the operation log information acquisition unit 10. There are various methods for this determination. For example, there are the following methods. In the following determination method, what operation is performed in the operation log information is determined in advance by the OS or the like, and therefore, what operation is performed is identified by identification information for identifying the operation. I can do it.

  As a determination method, based on the file creator information (user identification information of the file creator) in the operation log information of the file acquired by the operation log information acquisition unit 10 from the operation log information storage unit 9 (in the creator, The access authority level of the file creator (file editor) can be extracted by referring to the access authority level information storage unit 7. The access authority level of the file is determined.

  For example, the file creator of “competitive product information.xls” used in the client terminal A described above has the operation content “in the operation log information acquired by the operation log information acquisition unit 10 from the operation log information storage unit 9. Operation log information such as “Create file” or “Save file” is extracted, and can be determined by an operator (login name) (for example, “BBBB”) in the operation log information. Then, by referring to the access authority level information storage unit 7 based on the identification information of the operator (file creator (eg, “BBBB”)) in the determined operation log information, the file creator of “competing product information.xls” Can be determined (for example, access authority level “3”). The determined access authority level (for example, access authority level “3”) is set as the access authority level of the “competitive product information.xls”.

  Similarly, the file creator of “New Product Conference Material.doc” used in the client terminal B has the operation contents in the operation log information acquired from the operation log information storage unit 9 by the operation log information acquisition unit 10. Operation log information such as “create file” or “save file” is extracted and can be determined by an operator (login name) (for example, “DDDD”) in the operation log information. Then, referring to the access authority level information storage unit 7 based on the identification information of the operator (file creator (for example, “DDDD”)) in the determined operation log information, the file creation of “new product meeting material.doc” is created. The access authority level (for example, access authority level “5”) of the user can be determined. The determined access authority level (for example, access authority level “5”) is set as the access authority level of the “new product meeting material.doc”.

  By executing these processes for each operation log information of the file determined by the operation log information acquisition unit 10, the access authority level for the file used in each client terminal 4 is determined. To do. This process is schematically shown in FIG.

  The control determination unit 12 compares the access authority level of the occupant determined by the occupant level determination unit 6 with the access authority level of the file used in each client terminal 4 determined by the access authority level determination unit 11. It is a means for determining whether or not there is an access authority level file that cannot be viewed at the access authority level of the room occupant. Further, the client terminal 4 using a file that cannot be seen at the access authority level of the room occupant is determined based on the identification information of each client terminal 4 in the operation log information acquired by the operation log information acquisition unit 10.

  The control instruction unit 13 transmits a predetermined control instruction to the client terminal 4 using the file that cannot be viewed with the access authority level of the room occupant determined by the control determination unit 12. As this control instruction, attention information is displayed on the screen of the client terminal 4, a screen saver is displayed on the screen of the client terminal 4, the window of the file is erased, minimized, or painted with a predetermined color (for example, black) There is a method of making it impossible to open a file operated by an operator having an authority level lower than the access authority level of the occupant.

  The control for preventing the file operated by the operator having the access authority level lower than the access authority level of the room occupant from being opened is transmitted to each client terminal 4, and each client terminal 4 receiving the control instruction receives the file. When opening (before opening the file), an instruction to open the file is transmitted to the management server 2 together with information for identifying the file. When the management server 2 receives the instruction, the operation log information stored in the operation log information storage unit 9 is searched based on the file identification information, and the operation log information of the file is acquired. Based on the operation log information, the access authority level information storage unit 7 is referenced based on information such as the creator and editor of the file, and the access authority level of the file is determined in the same manner as described above. Then, the access authority level is transmitted to the client terminal 4. The client terminal 4 compares the access authority level of the occupant with the access authority level of the file to be opened. If the access authority level of the file to be opened is higher than the access authority level of the occupant, Do not allow the file to be opened. As a result of the comparison, if the access authority level of the file to be opened is the same as or lower than the access authority level of the room occupant, the file is permitted to be opened and an operation for opening the file is executed.

  That is, when a start command, a file open command, an operation command, or the like is issued in the client terminal 4, the operation log information storage unit 9 or the access authority level information storage unit 7 is referred to based on the file name. The access authority level is inquired, and if the condition is not satisfied, the start instruction, the open instruction, the operation instruction, etc. are controlled not to be executed by the client terminal 4.

  Next, an example of the processing process of the confidential information protection system 1 of the present invention will be described with reference to the flowchart of FIG. 4 and the conceptual diagrams of FIGS.

  First, when an outsider enters the company, the entrance procedure is performed at the reception. At that time, identification information for identifying the outsider as identification information is stored. Admission cards such as magnetic cards will be issued. In addition, in the case of a resident who is an employee, he has an entrance card (employee card) in which an employee number is stored as identification information.

  When entering the room, the person entering the room causes the entrance / exit management device 3 to read an entrance card or the like. The entrance / exit management device 3 that has read the entrance certificate reads the identification information stored therein, includes the identification information in the entrance information, and transmits the entrance information to the management server 2. In other words, the entrance / exit management device 3 transmits to the management server 2 entrance information notifying who the entrance person is.

  The room entry information transmitted from the room entry / exit management device 3 is received by the room entry information receiving unit 5 of the management server 2 (S100). When the entrance information receiving unit 5 receives the entrance information, the entrance level determination unit 6 refers to the access authority level information storage unit 7 using the identification information in the entrance information, and determines the access authority level of the entrance person ( S110).

  For example, when the identification information in the room entry information is identification information indicating that the person is outside the company, the access authority level is determined as “1” with reference to the access authority level information storage unit 7. If the identification information in the room entry information is employee information, the access authority level is determined based on the employee information.

  Further, the operation log information acquisition unit 10 receives each of the client terminal 4 monitored by the management server 2, that is, each client in the room where the user enters the room, when the room information receiving unit 5 receives the room entry information or at a predetermined timing. Information on the file name used in the terminal 4 is determined based on each client terminal 4, the operation log information storage unit 9, and the like. When each client terminal 4 determines a currently used file, the operation log information of each file is acquired from the operation log information storage unit 9.

  The access authority level determination unit 11 determines the creator, editor, and the like of the file based on the operation log information of each file acquired by the operation log information storage unit 9, and uses the identification information of the file. The access authority level is determined by referring to the access authority level information storage unit 7 (S120). If there are multiple creators, editors, etc., refer to each access authority level, and the highest access authority level may be determined as the file access authority level, or the lowest access authority level may be determined. The access authority level may be determined, or the average value may be used as the file access authority level. Even when there are a plurality of files, the access authority level of a preset person such as the creator or editor may be determined as the file access authority level.

  When the access authority level of the occupant and the access authority level of the file being executed / used in each client terminal 4 to be monitored by the management server 2 are determined in this way, the control is performed by comparing the information. The determination unit 12 determines the client terminal 4 that needs to be controlled and the file that needs to be controlled (S130).

  For example, when the access authority level of the room occupant is “1”, the client terminal 4 that uses a file with a higher access authority level (a file with an access authority level higher than “1”) and the security of the file are concerned. Determine that control is required.

  When the access authority level of the resident (entrancer) is “3”, the client terminal 4 using a file with a higher access authority level (file with an access authority level higher than “3”) and the file Determine that security control is required.

  In this way, with respect to the client terminal 4 and file that have been determined by the control determination unit 12 that security control is required, the file that the control instruction unit 13 has determined that control is required for each client terminal 4 A predetermined control instruction is transmitted together with the information (S140).

  In parallel with the control instruction, the control instruction unit 13 transmits a control instruction for restricting the use of a file having an access authority level higher than the access authority level of the room occupant to each client terminal 4.

  For example, when the access authority level of the room occupant is “1”, a control instruction is transmitted to each client terminal 4 that it is necessary to control the security of a file whose access authority level is higher than “1”. Also, a control instruction is transmitted to each client terminal 4 so that a file start command, open command, operation command, etc., whose access authority level is higher than “1” cannot be executed.

  When the access authority level of the room occupant is “3”, a control instruction is transmitted to each client terminal 4 indicating that it is necessary to control the security of files whose access authority level is higher than “3”. In addition, a control instruction is transmitted to each client terminal 4 so that a file start command, an open command, an operation command, etc., whose access authority level is higher than “3” cannot be executed.

  Further, when the access authority level of the room occupant is “5”, a control instruction is transmitted to each client terminal 4 that it is necessary to control the security of a file whose access authority level is higher than “5”. In addition, a control instruction is transmitted to each client terminal 4 so that a file start command, an open command, an operation command, etc., whose access authority level is higher than “5” cannot be performed.

  When each client terminal 4 receiving each control instruction described above receives a control instruction indicating that security control is required for an individual file, the client terminal 4 performs control corresponding to the control instruction. Execute (S150).

  For example, display control for displaying warning information such as “an outsider has entered the room” on the display device 22 of the client terminal 4, starting a screen saver on the screen of the client terminal 4, turning off the window of the file, minimum Or display control such as painting with a predetermined color (for example, black). Since the control regarding the window is received from the management server 2 together with the control instruction and the file name information that needs to be controlled, the client terminal 4 may perform the control based on the information.

  Further, since each client terminal 4 receives a control instruction for restricting the use of a file transmitted from the control instruction unit 13, the control instruction is stored in the storage device 21 of the client terminal 4. When a new file start command, file open command, operation command, or the like is input at the client terminal 4, whether or not the input is detected and the control instruction stored in the storage device 21 is not violated. After the determination process is performed, the input command is executed unless the control instruction is violated, and when the control instruction is violated, the input command is not executed.

  The process of determining whether or not the stored control instruction is not contradicted is performed by transmitting a file name corresponding to the input command to the management server 2 so that the operation log information storage unit 9 and the access authority level information storage unit of the management server 2 7, the access authority levels of these file names are inquired, and the result is received by the client terminal 4. Then, by comparing the access authority level of each file name with the access authority level in the stored control instruction, it is possible to determine whether it is against the control instruction.

  By executing the processing as described above, the confidential information displayed on the display device 22 of each client terminal 4 is not seen even when there is a room occupant.

  In addition, about the control instruction | command transmitted to each client terminal 4 from the above-mentioned management server 2, when the user of the client terminal 4 performs predetermined | prescribed operation, or the control cancellation instruction | command is transmitted from the management server 2 to the client terminal 4, It is preferable that the above-described control instruction is canceled by receiving it. When the control release instruction is transmitted from the management server 2, when the information indicating that the occupant has left the room is received from the room entry / exit management device 3, or after entering the room (after receiving the room entry information by the room entry information receiving unit 5), It is also possible to transmit at a timing such as when a predetermined time has passed.

  In the case of the present embodiment, a case where a file level storage unit 14 is provided in addition to the system configuration of the first embodiment is shown. An example of the system configuration in this embodiment is shown in FIG.

  The file level storage unit 14 stores the access authority level of the file used in the client terminal 4 in association with the file identification information. An example of the file level storage unit 14 is schematically shown in FIG.

  In this embodiment, the access authority level determination unit 11 changes the file name in the operation log information among the operation log information of the file currently used by each client terminal 4 acquired by the operation log information acquisition unit 10. It is determined whether there is an operation indicating. If there is no operation indicating the change of the file name, the access level of the file is determined by referring to the file level storage unit 14 based on the file identification information of the file.

  If there is an operation indicating a change of the file name, it is first determined whether the access authority level is stored in the file level storage unit 14 based on the changed file name (file identification information). For example, the access authority level is determined as the access authority level of the file. On the other hand, when the access authority level by the changed file name (file identification information) is not stored, the file name before the change can be specified based on the operation log information acquired by the operation log information acquisition unit 10, It is determined whether the access authority level is stored based on the file name before the change, and if it is stored, the access authority level is determined as the access authority level of the file.

  By using such a determination method, the access authority level can be easily determined even if the file name has been changed. In other words, the file name is often changed frequently. Therefore, when the access authority level is set for each file, even if the access authority level determination unit 11 refers to the access authority level based on the new file name, the file name stored in the file level storage unit 14 is not changed. If the file name is not updated with the new file name, the access authority level cannot be determined. Therefore, by using the operation log information as in this embodiment, even when the access authority level is stored only in the file level storage unit 14 with the file name before the change, the access authority level can be determined. .

  In this case, the file name before change stored in the file level storage unit 14 may be updated with the file name after change.

  Next, an example of a processing process in another embodiment of the confidential information protection system 1 of the present invention will be described.

  In the first embodiment and the second embodiment, the occupant level information storage unit uses the identification information in the occupancy information received by the occupancy information reception unit 5 for the access authority level of the occupant in the occupant level determination unit 6. The access authority level of the person entering the room is determined by referring to.

  Therefore, in the present embodiment, when the identification information is employee information, the room occupant level determination unit 6 extracts the room occupant's extracted information based on the information indicating the title extracted from the access authority level information storage unit 7. The access authority level may be multiplied by a coefficient K.

  The value of the coefficient K to be multiplied at this time is changed according to the job title. FIG. 12 schematically shows an example of the coefficient K.

  For example, when the access authority level of the room occupant as a result of referring to the access authority level information storage unit 7 using the identification information in the room entrance information received by the room entrance information receiving unit 5 and the attribute information thereby is “2” Furthermore, if the identification information is employee information and the job title in the attribute information is “section manager”, the occupant level determination unit 6 corresponds to the determined access authority level “2” corresponding to the job title “section manager”. The occupant level determination unit 6 determines the final access authority level of the occupant as “2.6”. Then, the determined “2.6” is passed to the control determination unit 12 as the access authority level of the room occupant.

  If the access authority level of the room occupant as a result of referring to the room occupant level information storage unit using the identification information in the room entrance information received by the room entrance information receiving unit 5 is “3”, the attribute information is employee information. Assuming that the title in the attribute information is “head of headquarters”, the room occupant level determination unit 6 uses the determined access authority level “3” to a coefficient K = 1. The occupant level determination unit 6 multiplies 8 and determines that the final access authority level of the occupant is “5.4”. Then, the determined “5.4” is transferred to the control determination unit 12 as the access authority level of the room occupant.

  The access determination level of the occupant calculated in consideration of the coefficient K in this way and the access authority level of the file determined by the access authority level determination unit 11 are compared by the control determination unit 12 so that the access of the occupant can be accessed. It can also be configured to determine if there is an access authority level file that cannot be viewed at the authority level.

  Furthermore, in the first to third embodiments, as shown in FIG. 13, by installing a plurality of position information detection devices such as IC tag readers in the room, the person who enters the room regularly or at a predetermined timing. Position information in the room may be detected, and the management server 2 may transmit a control instruction so as to perform display control only for the client terminal 4 close to the position information. In that case, position information of each client terminal 4 installed in the room is stored. Then, the position information of the room occupant in the room is received from an IC tag reader or the like, and the position information of each client terminal 4 is compared. As a result of the comparison, the client terminal 4 within a predetermined range (for example, within 2 meters) is extracted from the position information in the room of the room occupant, and the extracted client terminal 4 in the above-described first to third embodiments. Execute the process.

  In addition to the IC tag as the position information detection device, if the admission card or employee card has a GPS function, the position information of the occupant may be detected thereby.

  By performing such processing, when the room is large, it is possible to control only the client terminal 4 near the occupant rather than controlling all the client terminals 4 in the room. It becomes.

  In the first to fourth embodiments, the management server 2 is configured to transmit a control instruction to the client terminal 4. However, the function may be distributed between the management server 2 and the client terminal 4. For example, the management server 2 includes a room entrance information receiving unit 5, a room occupant level determination unit 6, an access authority level information storage unit 7, an operation log information reception unit 8, and an operation log information storage unit 9. The control determination unit 12 and the control instruction unit 13 can also be configured to be provided in each client terminal 4.

  In these cases, when each function of the management server 2 is used at the time of processing in each client terminal 4, an inquiry is made from the client terminal 4 to the management server 2, and the result is sent to the client terminal 4. Used for processing. Then, the processing result is executed by the client terminal 4. In this case, since the control determination is performed in each client terminal 4, processing for transmitting the result to the other client terminals 4 becomes unnecessary. Further, since the processing in the control instruction unit 13 may be performed in the client terminal 4, the control instruction may be passed to the arithmetic device 20 of the client terminal 4.

  In addition to the above-described distributed arrangement, for example, when these functions are distributed to the management server 2 and the client terminal 4, an entrance information receiving unit 5, an entrance level determination unit 6, an access authority level information storage unit 7, The operation log information receiving unit 8, the operation log information storage unit 9, the operation log information acquisition unit 10, and the access authority level determination unit 11 are provided in the management server 2, and the control determination unit 12 is provided in each client terminal 4. You can also In this case, based on the room entry information received by the room entry information receiving unit 5, the room authority level determination unit 6 performs the access authority level of the room entry person. The determined access authority level of the room entrant is transmitted to each client terminal 4. Further, operation log information is received from each client terminal 4 by the operation log information receiving unit 8 and stored in the operation log information storage unit 9. On the other hand, when each client terminal 4 receives the access authority level of the room occupant, each client terminal 4 transmits the file identification information of the file used by the client terminal 4 to the management server 2. To inquire about the access authority level of these files. By this inquiry, the access authority level determination unit 11 determines the access authority level of each file used in each client terminal 4 and transmits the determination result to each client terminal 4. The control determination unit 12 of each client terminal 4 compares the access authority level of the room occupant received from the management server 2 with the access authority level of the file used in the client terminal 4 to determine the access authority of the room occupant. Determine whether you are using a file with an access privilege level that cannot be viewed at the level. When a file that cannot be seen is used, predetermined control is executed in the client terminal 4. The client terminal 4 may notify the management server 2 of the determination result in the control determination unit 12.

  In addition to the above, there are various methods for distributed arrangement, and any form may be adopted.

  In the above-described first to fifth embodiments, the room entry level determination unit 6 determines the access authority level of the room entry person based on the room entry information received by the room entry information reception unit 5. May include an access authority level. For example, the identification information of the occupant and the access authority level information of the occupant are stored in the employee ID, and when the occupant reads the employee ID etc. by the entrance / exit management device 3, the entrance / exit management device 3 And at least including identification information and access authority level information, the information is transmitted to the management server 2 as entry information indicating that the entry person has entered the room. When such a configuration is adopted, the occupant level determination unit 6 becomes unnecessary.

By using the confidential information protection system 1 of the present invention, a computer that handles confidential information when a person entering the room approaches the computer terminal (client terminal 4) on which confidential information is displayed, such as entering the room. By controlling the display on the terminal, it is possible to protect confidential information even when a user enters the room.

1 is an overall conceptual diagram of the present invention. It is a conceptual diagram which shows typically an example of the system configuration | structure of this invention. It is a conceptual diagram which shows an example of a hardware configuration typically. It is a flowchart which shows an example of the process of this invention typically. It is a figure which shows an example of an access authority level information storage part typically. It is a figure which shows an example of operation log information typically. It is a figure which shows an example of an operation log information storage part typically. It is a figure which shows typically the file name and its client terminal 4 which are used in each client terminal. It is a figure which shows typically the file name currently used by each client terminal, its client terminal 4, and an access authority level. It is a conceptual diagram which shows typically another example of the system configuration | structure of this invention. It is a figure which shows an example of a file level memory | storage part typically. It is a figure which shows typically the coefficient with respect to the post. It is a figure which shows the case of Example 4 typically.

Explanation of symbols

1: Confidential information protection system 2: Management server 3: Entrance / exit management device 4: Client terminal 5: Entrance information receiving unit 6: Entering person level determination unit 7: Access authority level information storage unit 8: Operation log information receiving unit 9: Operation log information storage unit 10: Operation log information acquisition unit 11: Access authority level determination unit 12: Control determination unit 13: Control instruction unit 14: File level storage unit 20: Computing device 21: Storage device 22: Display device 23: Input Device 24: Communication device

Claims (9)

A confidential information protection system for protecting confidential information displayed on a display device of a client terminal installed in a predetermined area from a person entering the area,
The confidential information protection system includes:
An entry information receiving unit for receiving entry information indicating entry of the entry person into the area from a management device that manages entry into the area;
An operation log information storage unit for storing operation log information of each client terminal;
Using the file identification information of the file used in each client terminal, among the operation log information stored in the operation log information storage unit, operation log information that is an operation to the file corresponding to the file identification information An operation log information acquisition unit to be acquired;
Using the acquired operation log information, an access authority level determination unit that determines an access authority level of a file used in each client terminal;
A control determination unit for determining a client terminal to be controlled using an access authority level of a file used in each client terminal and an access authority level of the occupant;
A confidential information protection system characterized by comprising: The access authority level determination unit
Among the operation log information acquired by the operation log information acquisition unit, the identification information of the operator who has operated the operation log information which is the predetermined operation content is extracted to obtain the corresponding access authority level, and the access Determine the authority level as the access authority level of the file.
The confidential information protection system according to claim 1. The confidential information protection system further includes:
A file level storage unit for storing file identification information and an access authority level of the file;
The access authority level determination unit
In the acquired operation log information, when there is information indicating the change of the file identification information, the access authority level of the file is first checked by referring to the file level storage unit using the file identification information after the change. If the access authority level cannot be determined using the file identification information after the change, the access authority level is determined by referring to the file level storage unit using the file identification information before the change.
The confidential information protection system according to claim 1. The confidential information protection system further includes:
A control instruction unit that transmits a predetermined control instruction to the client terminal determined by the control determination unit;
The confidential information protection system according to claim 1, further comprising: As a predetermined control instruction in the control instruction unit,
In the client terminal that has received the control instruction, a process for making the displayed file unreadable or difficult to read is executed.
The confidential information protection system according to claim 4. The client terminal that has received the use restriction control instruction
Storing the use restriction control instruction in a storage device of the client terminal;
When newly detecting an input of a processing command related to a file, it is determined whether the usage restriction control instruction stored in the storage device is violated,
If not, execute the detected processing instruction; otherwise, do not execute the detected processing instruction.
The confidential information protection system according to claim 5. The client terminal that has received the use restriction control instruction
Storing the use restriction control instruction in a storage device of the client terminal;
When the input of a processing instruction relating to a file is newly detected, the access authority level of the file related to the detected processing instruction is inquired.
Comparing the access authority level corresponding to the inquired processing instruction with the access authority level corresponding to the use restriction control instruction stored in the storage device;
If the condition is satisfied, the detected processing instruction is executed. If the condition is not satisfied, the detected processing instruction is not executed.
The confidential information protection system according to claim 5. The confidential information protection system that has received the inquiry about the access authority level of the file related to the detected processing instruction,
Using the file identification information corresponding to the inquiry file, among the operation log information stored in the operation log information storage unit, obtain operation log information that is an operation to the file corresponding to the file identification information,
Using the acquired operation log information, the access authority level of the file used in each client terminal is determined.
The confidential information protection system according to claim 7. A computer terminal that stores operation log information of each client terminal in a storage device,
An entrance information receiving unit for receiving entrance information indicating entry of the entrance person into the area from a management device that manages entry into the predetermined area,
An operation for acquiring operation log information that is an operation to a file corresponding to the file identification information among the operation log information stored in the storage device, using the file identification information of the file used in each client terminal. Log information acquisition unit,
Using the acquired operation log information, an access authority level determination unit that determines an access authority level of a file used in each client terminal,
A control determination unit for determining a client terminal to be controlled using an access authority level of a file used in each client terminal and an access authority level of the occupant;
A confidential information protection program characterized by functioning as

Images