JP2009169719A - Security policy server, security policy management system, and security policy management program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To integrally execute policy management to a file as a whole organization while distributing it to a plurality of servers. <P>SOLUTION: A policy server 30 includes: a policy information storage part 37 for storing policy setting information including policy ID and a set policy; a server list storage part 38 for storing the server list of the other policy server 30; and a document relevant information storage part 39 for storing the document to be managed, the policy and each ID of the registerer of the document in association. A policy list provision part 31 generates a policy list by extracting information related with the policy which can be set for the user from a policy information storage part 37, and also acquiring the information from the policy server 30 registered in the server list in response to a policy list inquiry request including user ID, and returns the policy list to a policy list inquiry request transmission source. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a security policy server, a security policy management system, and a security policy management program.

  An organization that manages information security usually formulates a basic policy for information security policy that defines the basic policy for information security of the entire organization, and provides specific measures and means for ensuring security in accordance with this basic policy for information security policy. Develop information security policy measures standards and procedures as standards. Information security management is implemented throughout the organization according to the common rules established in this way.

  Under an information security management environment, a document that is a form of information asset describes a security policy (hereinafter simply referred to as “policy”) as a rule for who can perform operations such as viewing, editing, and copying. Is set. If the policy set in the document is registered in the security policy server in this way, the security management system used in the entire organization can prevent the act deviating from the common rule. Conventionally, a method for controlling copying of a paper document and browsing of an electronic document for each user in accordance with a predefined policy has been proposed (for example, Patent Documents 1 and 2).

  However, if security management for a large organization is to be executed by only one server, the load on processing and maintenance work on the server becomes enormous. Therefore, for example, after identifying a server that manages the document policy by querying the location management server when copying a document created in one security domain to a device installed in another security domain A technique for making an inquiry to the specified server has been proposed (for example, Patent Document 3).

JP 2004-166241 A JP 2002-304317 A JP 2005-196338 A

  However, if the system is configured such that the server managing the document policy is inquired of the position management server, it can be easily assumed that the load is concentrated on the position management server. In other words, as the number of policy management target documents increases, access to the location management server may become a bottleneck.

  Also, if you manage the policy of the document file to be managed for each server managed by each department that makes up the organization, it may be possible to distribute the load, but you can simply distribute the policy management of each document file. If this is done, there is a risk that policy management as a whole organization cannot be performed.

  SUMMARY OF THE INVENTION An object of the present invention is to make it possible for a whole organization to perform policy management for files uniformly while distributing them to a plurality of servers.

  The security policy server according to the present invention includes policy information storage means for storing policy setting information including policy identification information and policy setting contents, and a server list storing a list of identification information and connection information of other security policy servers. Storage means, file-related information storage means for storing at least the identification information of the file to be managed by the policy, the policy, and the registrant of the file, and a policy list inquiry request including user identification information Policy list inquiry request accepting means, policy acquisition means for obtaining policy setting information relating to a policy that can be set for a user specified from the user identification information included in the policy list inquiry request, and obtained by the policy acquisition means One or more policies Policy list reply means for returning setting information to a policy list inquiry request transmission source, wherein the policy acquisition means retrieves policy setting information related to policies that can be set for the user by searching the policy information storage means. The policy inquiry request including the user identification information is transmitted to the security policy server specified by the security policy server identification information stored in the server list storage means, and returned in response to the policy inquiry request. The policy setting information is acquired.

  Policy inquiry request accepting means for accepting a policy inquiry request including user identification information sent from another security policy server, and a policy set in the file based on the user identification information included in the policy inquiry request It has a specifying means for specifying the setting information, and a policy reply means for returning the policy setting information specified by the specifying means to the policy inquiry request source.

  Also, registration that accepts a file registration request that includes a policy selected from those returned by the policy list reply means, a file to be registered, a security policy server designated as a registration destination and identification information of a user who is a registrant. Request receiving means, and registration means for registering policy setting information in response to the policy inquiry request, wherein the registration means refers to security policy server identification information included in the policy inquiry request. Thus, when it is determined that the policy management of the file is performed by itself, the identification information of the file to be registered, the policy, and the registrant is associated and registered in the file related information storage unit, and the policy management of the file is performed. If another security policy server decides to do it, the policy query It was requested and transmits to the other security policy server.

  The security policy server according to the present invention includes policy information storage means for storing policy setting information including policy identification information and policy setting contents, and a server list storing a list of identification information and connection information of other security policy servers. A storage means, a file related to policy management, a file, the policy, a file related information storage means for storing each identification information of the creator of the file in association with each other, a security policy server, each identification information of the user and the file, An operation availability inquiry request accepting unit that accepts an operation availability inquiry request including information specifying the content of the operation, and a determination unit that determines whether the user can perform the operation on the file in response to the operation availability inquiry request. The result of availability determination by the determination means is manipulated. A determination result return means for returning to the availability inquiry request transmission source, and the determination means determines that the file specified from the file identification information included in the operation availability inquiry request is a policy management target In the case where it is determined whether or not the operation is possible based on the user identification information and the content of the operation included in the operation availability inquiry request based on the policy setting information, and when it is determined that the specified file is not a management target The policy inquiry information of the file is transmitted to the other security policy server specified from the security policy server identification information included in the operation availability inquiry request, and the policy setting information returned in response to the policy inquiry request is sent. Based on this, it is determined whether or not the operation is possible.

  Policy inquiry request accepting means for accepting a policy inquiry request including file identification information sent from another security policy server, and a policy set for the file based on the file identification information included in the policy inquiry request It has a specifying means for specifying the setting information, and a policy reply means for returning the policy setting information specified by the specifying means to the policy inquiry request source.

  In addition, the information processing apparatus includes a holding unit that holds the policy setting information returned in response to the policy inquiry request transmitted by the determination unit.

  A security policy management system according to the present invention includes a plurality of security policy servers and a file registration device used by a user who requests file policy management, wherein each security policy server includes policy identification information and Policy information storage means for storing policy setting information including policy setting contents, server list storage means for storing a list of identification information and connection information of other security policy servers, a file to be managed by the policy, the policy, File related information storage means for storing each identification information of the registrant of the file in association with each other, and a policy list inquiry request for receiving a policy list inquiry request including user identification information sent from the file registration device Receiving means, and Policy acquisition means for acquiring policy setting information relating to a policy that can be set for a user specified from the user identification information included in the policy list inquiry request, and one or more policy setting information acquired by the policy acquisition means Policy list reply means for replying to the file registration device, policy inquiry request acceptance means for accepting a policy inquiry request including user identification information sent from another security policy server, and users included in the policy inquiry request The policy acquisition means comprising: specifying means for specifying the policy setting information set in the file based on the identification information; and policy return means for returning the policy setting information specified by the specifying means to a policy inquiry request source. Retrieves the policy information storage means The policy inquiry request including the user identification information with respect to the security policy server specified by the security policy server identification information stored in the server list storage unit is acquired. And policy setting information returned in response to the policy inquiry request is acquired.

  A security policy management system according to the present invention includes a plurality of security policy servers and a file operation device used by a user who performs operations on files. Each security policy server includes policy identification information and policy information. Policy information storage means for storing policy setting information including setting contents, server list storage means for storing a list of identification information and connection information of other security policy servers, a file to be managed by the policy, the policy, the file File-related information storage means for storing at least the identification information of each creator in association with each other, identification information of the security policy server, user and file sent from the file operation device, and the content of the operation Operations including information An operation availability inquiry request accepting unit that accepts an inquiry request, a determination unit that determines whether or not the user can perform the operation on the file in response to the operation availability inquiry request, and the file operation device that displays the availability determination result by the determination unit. Based on the file identification information included in the policy inquiry request, the policy inquiry request receiving means for receiving the policy inquiry request including the file identification information sent from another security policy server, A specifying means for specifying the policy setting information set in the file; and a policy reply means for returning the policy setting information specified by the specifying means to a policy inquiry request source. Identified from the file identification information contained in the request If it is determined that the file is a policy management target, whether the operation is possible is determined based on the user identification information and the content of the operation included in the operation availability inquiry request based on the policy setting information, and the identified file Is determined not to be managed, the policy inquiry request for the file is sent to another security policy server identified from the security policy server identification information included in the operation availability inquiry request, and the policy inquiry request Whether or not the operation is possible is determined based on the policy setting information returned in response to the request.

  A security policy management program according to the present invention includes a security policy server, policy information storage means for storing policy setting information including policy identification information and policy setting contents, a list of identification information and connection information of other security policy servers Server list storage means storing file, policy management target file, policy, file related information storage means storing at least the identification information of the registrant of the file, and policy list query including user identification information Policy list inquiry request receiving means for receiving a request, policy acquisition means for acquiring policy setting information related to a policy that can be set for a user specified from user identification information included in the policy list inquiry request, and the policy acquisition means The obtained policy setting information is made to function as a policy list reply unit that sends back the policy setting information to the policy list inquiry request transmission source, and the policy acquisition unit can be set for the user by searching the policy information storage unit Policy setting information related to a specific policy is acquired, and a policy inquiry request including user identification information is transmitted to the security policy server specified by the security policy server identification information stored in the server list storage means, and the policy inquiry The policy setting information returned in response to the request is acquired.

  A security policy management program according to the present invention includes a security policy server, policy information storage means for storing policy setting information including policy identification information and policy setting contents, a list of identification information and connection information of other security policy servers Server list storage means storing file, policy management target file, policy, file-related information storage means storing at least the identification information of the creator of the file, security policy server, user and file An operation availability query request accepting unit that accepts an operation availability query request that includes identification information and information that identifies the content of the operation, and a determination to determine whether the user can perform the operation on the file in response to the operation availability query request Means, said size A determination result return unit that returns the determination result by the unit to the operation availability inquiry request transmission source, and the determination unit is configured to manage the file specified from the file identification information included in the operation availability inquiry request If it is determined that the operation is possible, the user identification information included in the operation availability inquiry request and the content of the operation are determined based on the policy setting information, and the specified file is not managed. If it is determined, the policy inquiry request for the file is transmitted to another security policy server identified from the security policy server identification information included in the operation availability inquiry request, and is returned in response to the policy inquiry request. And determining whether or not the operation is possible based on policy setting information. That.

  According to the first aspect of the present invention, it is possible to provide information regarding policies managed in the entire organization by cooperating with other security policy servers as necessary in response to an inquiry of a policy list.

  According to the invention described in claim 2, in response to a policy inquiry from another security policy server, it is possible to provide information on a policy managed by itself.

  According to the third aspect of the present invention, in response to a policy registration request for a file, the security policy server that should manage the file can manage the policy of the file.

  According to the fourth aspect of the present invention, even if the policy for the file whose operation is inquired is not managed by itself, it is possible to respond to the operation availability of the file by cooperating with another security policy server.

  According to the fifth aspect of the present invention, it is possible to provide information on whether or not an operation is possible in response to an inquiry about whether or not a file can be operated from another security policy server.

  According to the sixth aspect of the present invention, the information related to the policy managed by the other security policy server acquired from the other security policy server is retained, so that the same contents are given to the other security policy server. No need to make inquiries.

  According to the seventh aspect of the present invention, the security policy server that has received the query for the policy list acquires information about the policy from the other security policy server as necessary, while the other security policy server receives the policy list. By providing information relating to policies managed by the security policy server that has received the inquiry, information relating to policies managed in the entire organization can be provided.

  According to the invention described in claim 8, even when the security policy server inquired about whether or not the file can be operated does not manage the policy for the file itself, whether or not the file can be operated is managed by managing the file policy. By inquiring and obtaining other security policy servers, it is possible to respond whether the file can be operated.

  According to the ninth aspect of the present invention, the security policy server is provided with information on policies managed in the entire organization by cooperating with other security policy servers as necessary in response to the inquiry of the policy list. Can do.

  According to the tenth aspect of the present invention, even when the security policy server does not manage the policy for the file whose operation is inquired, the security policy server is made to respond to the operation availability of the file by cooperating with another security policy server. be able to.

  Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is an overall configuration diagram showing an embodiment of a security policy management system according to the present invention. In the present embodiment, a case where a document file (hereinafter also simply referred to as “document”) is handled as a policy management target file will be described as an example. FIG. 1 shows a configuration in which one or a plurality of multifunction devices 22, one or a plurality of personal computers (PCs) 23, a plurality of policy servers 30 and a user management server 40 are connected via a network 24. . The multi-function device 22 and the PC 23 are used by a user who operates a policy-managed document and a user who sets a policy and wants to register a document to be a security management target. The user management server 40 manages information related to users of the security policy management system. Each policy server 30 manages one or a plurality of policies. In the present embodiment, a server computer used for managing policies in each department constituting the organization and a server computer for managing policies commonly used in the entire organization are provided as the policy server 30. Although FIG. 1 shows the general affairs department, the development department, and the sales department as examples of each department, the number and names of departments are not limited thereto.

  In FIG. 1, the network is illustrated as a LAN. However, the network is not limited to this, and may be constructed in various forms such as including a WAN such as a public network.

  FIG. 2 is a hardware configuration diagram of a server computer forming the policy server 30 according to the present embodiment. In the present embodiment, the policy server 30 can be realized by a general-purpose hardware configuration that has existed in the past. That is, the policy server 30 includes a CPU 1, a ROM 2, a RAM 3, an HDD controller 5 to which a hard disk drive (HDD: Hard Disk Drive) 4 is connected, a mouse 6 and a keyboard 7 provided as input means, as shown in FIG. An input / output controller 9 for connecting a display 8 provided as a display device and a network controller 10 provided as a communication means are connected to an internal bus 11.

  Although there may be a difference in performance, since the user management server 40 and the PC 23 are also the same computer, the hardware configuration can be illustrated in the same manner as in FIG.

  FIG. 3 is a hardware configuration diagram of the MFP 22 according to the present embodiment. As described above, the multi-function device 22 is a form of an image forming apparatus equipped with various functions such as a copy function and a scanner function, and is a device incorporating a computer. In FIG. 2, the CPU 21 controls the operation of various mechanisms installed in the apparatus such as the scanner 14 and the printer engine 16 in accordance with a program stored in the ROM 19. The address data bus 12 is connected to various mechanisms to be controlled by the CPU 21 to perform data communication. The operation panel 13 receives instructions from the user and displays information. The scanner 14 reads a document set by a user and accumulates it in the HDD 15 or the like as electronic data. The HDD 15 stores an electronic document read using a scanner. The printer engine 16 prints an image on output paper in accordance with an instruction from a control program executed by the CPU 21. A network interface (I / F) 17 is connected to the network 24 to transmit electronic data generated by the apparatus, receive an e-mail transmitted to the apparatus, and access the apparatus via a browser. Used. The RAM 18 is used as a work memory during program execution and a communication buffer during electronic data transmission / reception. The ROM 19 stores various programs relating to control of the apparatus, encryption of electronic data, and transmission / reception of electronic data. By executing various programs, each component described later exhibits a predetermined processing function. The IC card reader 20 reads data such as a card ID recorded on the IC card.

  FIG. 4 is a block diagram showing a document registration apparatus according to the present embodiment. The document registration apparatus 50 is an information processing apparatus used by a user who sets a policy and registers a document that is to be subject to security management, or an apparatus equipped with an information processing apparatus. In this embodiment, FIG. This is realized by the multifunction machine 22 or the PC 23 shown in FIG. The document registration apparatus 50 includes a user authentication unit 51, a policy list acquisition unit 52, a policy selection unit 53, a document ID generation unit 54, a document registration request unit 55, a registered document generation unit 56, and a document storage unit 57. The user authentication unit 51 authenticates a user who uses the document registration apparatus 50. The policy list acquisition unit 52 acquires a list of policies that can be set for the document inquired by the user from one of the policy servers 30. The policy selection unit 53 receives a policy selected by the user from the acquired policy list. The document registration request unit 55 makes a request for managing a policy set for a document to any of the policy servers 30. The document ID generation unit 54 generates a document ID to be given to a document managed by one of the policy servers 30. The registered document generation unit 56 generates a policy-managed document by embedding a document ID in the policy-managed document. The document storage unit 57 stores the document generated by the registered document generation unit 56.

  Each of the components 51 to 56 in the document registration apparatus 50 is realized by a cooperative operation of a computer that configures the document registration apparatus 50 and a program that operates on the CPUs 1 and 21 installed in the computer. The document storage unit 57 is realized by the HDDs 4 and 15 included in the document registration device 50.

  FIG. 5 is a block diagram showing the document operation apparatus according to this embodiment. The document operation device 60 is an information processing device used by a user who performs an operation on a policy-managed document or a device equipped with an information processing device. In this embodiment, the multifunction device shown in FIG. 22 or PC23. The document operation device 60 includes a user authentication unit 61, a document ID extraction unit 62, an operation availability inquiry unit 63, an operation execution unit 64, and a document storage unit 65. The user authentication unit 61 authenticates a user who uses the document operation device 60. The document ID extraction unit 62 extracts a document ID from a document selected by the user as an operation target. The operation availability inquiry unit 63 inquires one of the policy servers 30 about the availability of an operation to be performed on the document by the user. The operation execution unit 64 executes the operation on the document when it is determined that the operation on the document is possible. The document storage unit 65 stores a document to be operated.

  Each of the components 61 to 64 in the document operation device 60 is realized by a cooperative operation of a computer that configures the document operation device 60 and a program that operates on the CPUs 1 and 21 that are mounted on the computer. The document storage unit 65 is realized by the HDDs 4 and 15 included in the document operation device 60.

  FIG. 6 is a block diagram showing the policy server 30 in the present embodiment. The policy server 30 manages policies that are common to the entire company or policies that are managed for each department that constitutes an organization. Each policy server 30 may have the same configuration although the content of the information to be held is different. The policy server 30 includes a policy list providing unit 31, a policy searching unit 32, a policy registration unit 33, an operation availability determination unit 34, a cache registration unit 35, a policy temporary storage unit 36, a policy information storage unit 37, a server list storage unit 38, and A document related information storage unit 39 is provided. The policy list providing unit 31 corresponds to a policy list inquiry request receiving unit and a policy list reply unit of the present invention, and generates a policy list in response to a policy list inquiry request sent from the document registration device 50 or the document operation device 60. And reply. The policy search unit 32 corresponds to policy acquisition means of the present invention, and acquires policy setting information related to a policy that can be set for the user specified from the user ID included in the policy list inquiry request. The policy registration unit 33 corresponds to a registration request accepting unit and a registration unit of the present invention, and performs policy registration processing in response to a document registration request sent from the document registration apparatus 50. The operation availability determination unit 34 corresponds to an operation availability inquiry request reception unit, a determination unit, and a determination result reply unit according to the present invention. The operation availability determination unit 34 controls the document operation device 60 in response to an operation availability inquiry request sent from the document operation device 60. It is determined whether or not the user who uses the document can perform the operation on the document designated as the operation target, and the determination result is returned. The cache registration unit 35 registers the policy setting information acquired from the other policy server 30 while the operation availability determination unit 34 executes the determination process in the policy temporary storage unit 36 corresponding to the cache. The policy temporary storage unit 36 temporarily stores the registered information as valid information while it is designated in advance. The policy information storage unit 37, the server list storage unit 38, and the document related information storage unit 39 will be separately described below with reference to the drawings.

  Each component 31 to 35 in the policy server 30 is realized by a cooperative operation of a computer that forms the policy server 30 and a program that operates on the CPU 1 mounted on the computer. The policy temporary storage unit 36 is realized by the RAM 3, and the storage units 37 to 39 are realized by the HDD 4.

  7 and 8 are diagrams showing an example of the data configuration of policy setting information stored in the policy information storage unit 37. Of these, FIG. 7 shows a policy server (common to all companies) 30, and FIG. 8 shows a policy server (development). Part) 30, respectively. In the policy setting information, the target person, permitted operations, valid period, and operational restrictions are set as policies in the policy ID, name, and cache valid period. In the policy, a policy ID and a policy name are set as identification information for identifying the policy in the system. The cache effective period is set to the end when it is determined that the data is valid after the policy is registered in the policy temporary storage unit 36 as cache data. In the setting example of FIG. 7, the policy with the policy ID “PLC-0001” is regarded as valid data for 30 days after being registered in the policy temporary storage unit 36. Next, the policy contains information about the attributes (target person) of the user for whom the policy is set, the operations permitted for the user of that attribute, the end date when the operation is permitted, and the operational restrictions as necessary. Set in association. For example, according to the setting example shown in FIG. 8, a user who belongs to the Development Department 1 for a document in which the policy with the policy ID “PLC-3001” is set is operated until March 31, 2008. Operations such as application, browsing, editing, printing, and copying are permitted. When the document is printed, a copy-forgery-inhibited pattern is embedded, and on the other hand, the user C belonging to the sales department has a March 31, 2008 Each policy has a content that only browsing is permitted as an operation.

  9 and 10 are diagrams showing an example of the data structure of the server list stored in the server list storage unit 38. Of these, FIG. 9 shows the policy server (sales department) 30, and FIG. 10 shows the policy server (development part). ) 30 is an example of setting the server list. The server list is set by associating the server ID of the other policy server 30 that operates in cooperation with the execution of processing such as policy list generation, the management department, and the connection information. In the server list, in order to obtain the same result when the user makes an inquiry to the policy server 30 arbitrarily in the system, it is desirable to set information regarding all the policy servers 30 other than the user. .

  11 and 12 are diagrams showing examples of the data structure of the document related information stored in the document related information storage unit 39. Of these, FIG. 11 shows the policy server (common to all companies) 30, and FIG. This is a setting example of document related information set in each of the development department 30). The document related information includes a document ID that is identification information of a document to be managed by a policy, a policy ID of a policy set for the document, a registration date indicating a date when the document is registered as a management target, and the document Are set in association with a user name for identifying a user who has registered.

  FIG. 13 is a block diagram showing the user management server 40 in the present embodiment. The user management server 40 manages information related to users of this system. The user management server 40 includes a user authentication unit 41, an information providing unit 42, a user information storage unit 43, and a group information storage unit 44. The user authentication unit 41 performs user authentication in response to authentication requests from the document registration device 50 and the document operation device 60, and returns the authentication result. The information providing unit 42 returns the result of the content inquired from the policy server 30. The user information storage unit 43 and the group information storage unit 44 will be separately described below with reference to the drawings.

  The components 41 to 42 in the user management server 40 are realized by a cooperative operation of a computer that forms the user management server 40 and a program that operates on the CPU 1 mounted on the computer. Each storage unit 37 to 39 is realized by the HDD 4.

  FIG. 14 is a diagram illustrating a data configuration example of user information stored in the user information storage unit 43. The user information includes a user ID that is user identification information, a name of the user, a password required when the user uses the system, an employee ID of the user, and a department to which the user belongs. Set in association.

  FIG. 15 is a diagram illustrating a data configuration example of group information stored in the group information storage unit 44. The group information is set in association with a group ID, which is group identification information, a name of the group (group name), a user ID of all users belonging to the group, and a management department of the group. The

  Although the present embodiment is implemented with the configuration described above, the program used in the present embodiment is not only provided by communication means, but also a computer-readable recording medium such as a CD-ROM or DVD-ROM. It is also possible to provide it by storing it in The program provided from the communication means or the recording medium is installed in the computer, and various processes are realized by the CPU of the computer sequentially executing the installation program.

  Next, the operation in this embodiment will be described. First, a document registration process in which an electronic document that is not a management target is set as a management target will be described. Here, a case where a user B who belongs to the development department 1 section scans a paper document that is not a management target by using the multifunction device 22 which is one form of the document registration apparatus 50 and generates a managed electronic document is illustrated. This will be described with reference to the sequence diagram shown in FIG. In the sequence diagram, only communication performed between the MFP 22 (document registration apparatus 50) and the policy server 30 used by the user is illustrated.

  The user B usually carries an IC card formed as an employee ID card and holds the IC card over the IC card reader 20 of the multifunction device 22 when using the multifunction device 22. When the IC card reader 20 reads the employee ID from the IC card, the user authentication unit 51 performs user authentication (step 101). More specifically, the user authentication unit 51 in the multifunction device 22 causes the user to input a password, and transmits an authentication request including the read employee ID and the input password to the user management server 40. The user authentication unit 41 in the user management server 40 searches the user information storage unit 43 based on the employee ID included in the authentication request to verify the correct password and the entered password, thereby verifying the legitimacy of the user. In the case of a legitimate user, the user ID of the user, in this example, the user ID “U-00202” of user B is returned to the inquiring multifunction device 22.

  When the document registration apparatus 50 is not the multifunction machine 22 but the PC 23, authentication using a user ID and a password may be performed. Alternatively, the authentication result used when logging in to the PC 23 may be used. In the case of user authentication by this login, the authenticated login ID is specified as the user ID. Here, it is only necessary to obtain at least the user ID of the user who is using the multi-function device 22, and therefore it is not always necessary to execute user authentication using a password.

  Next, the policy list acquisition unit 52 transmits a policy list acquisition request including the user ID of the user B to one of the policy servers 30 in order to acquire a list of policies applicable to the user B. The list is inquired (step 102). The policy server (hereinafter referred to as “inquiry policy server”) 30 selected as the inquiry destination is based on information such as the installation location of the document registration device 50 and the policy server 30 used by the user and the network environment, and the like. May be set in advance, or may be set each time based on the result of an inquiry to another policy server 30 by some method. As will be described later, the inquiry policy server 30 is one of the policy servers 30 selected from the policy servers 30 included in the system, and the user registers a policy list or a document. The policy server 30 can be defined as the only direct exchange when making a request or the like. Therefore, it is not necessary to set the policy server 30 to which the user using the document registration device 50 belongs as the inquiry policy server 30, and any policy server 30 included in the system may be set. In the example, it is assumed that the policy server 30 managed by the development department to which the user B belongs is set.

  The policy list providing unit 31 in the policy server (development unit) 30 that has received the policy list acquisition request inquires of another policy server 30 registered in the server list for a list of policies applicable to the user B. At the same time, the policy search unit 32 is searched for the policy information storage unit 37 in order to check whether there is a policy applicable to the user B among the policies managed by the user B.

  In other words, the policy server (development unit) 30 extracts a policy applicable to the user B by searching the policy information storage unit 37 (step 103). More specifically, the policy server (development unit) 30 inquires of the user management server 40 about the group to which the user B belongs. The information providing unit 42 in the user management server 40 searches the group information storage unit 44 based on the user ID of the user B specified by the inquiry, thereby identifying the list of groups to which the user B belongs, Return to the policy server (development department) 30. If there is no group to which user B belongs, this is returned. According to the group information setting example shown in FIG. 15, it can be seen that the user B with the user ID “U-00202” belongs to “all employees” and “development department 1st section”.

  When the list of groups to which the user B belongs is acquired from the user management server 40, the policy list acquisition unit 52 in the policy server (development unit) 30 is obtained by the list of groups to which the user B belongs and the policy search unit 32. Collation with a list of policies managed by the own server 30 is performed. As a result of the collation, since the user B is a member of the first development section, the policy of “project X material” is extracted as an applicable policy. In the present embodiment, the policy illustrated in FIG. 8 is extracted.

  Further, a policy inquiry is performed by transmitting an inquiry request including the user ID of user B to the policy server 30 set in the server list stored in the server list storage unit 38 (step 104). According to the server list setting example shown in FIG. 10, the policy server (development department) 30 makes an inquiry to the policy server 30 that is common throughout the company and the policy servers 30 installed in the general affairs department and the sales department. . Access to the other policy server 30 is performed with reference to the connection information set in the server list.

  In response to an inquiry from the policy server (development unit) 30, for example, the policy list providing unit 31 in the policy server (common throughout the company) 30 extracts a policy applicable to the user B by searching the policy information storage unit 37. (Step 105). In the present embodiment, since user B is an employee, the “confidential” policy illustrated in FIG. 7 is extracted. Then, the policy list providing unit 31 in the policy server (common throughout the company) 30 returns the policy to the policy server (development unit) 30 as the inquiry source (step 106). At this time, the policy may be returned with necessary information such as specific information of the policy server 30 serving as the policy provider. If there is no applicable policy, reply to that effect.

  In the present embodiment, it is assumed that policies applicable to the user B are not registered in the policy servers 30 other than those common to the development department and the entire company. That is, only the policies illustrated in FIGS. 7 and 8 are extracted.

  As described above, when the policy list providing unit 31 in the policy server (developing unit) 30 obtains policies applicable to the user B, after generating a policy list based on these policies (step 107), A policy list is transmitted to the multi-function device 22 (step 108).

  Note that when making a policy inquiry in step 104, the policy server 30 may be queried for all policy servers 30 set in the server list, or all or some of the policy servers 30 that match a predetermined selection criterion. It is possible to make an inquiry only to this. As a selection criterion, for example, the user management server 40 is inquired in advance about the department to which the registrant belongs, and the policy server 30 is managed by an organization that is positioned above the department to which the registrant belongs in the department and organization structure The inquiry may be made only by Alternatively, the user management server 40 may be queried for a list of groups to which the registrant belongs, and the policy server 30 of the department that manages those groups may be added as an inquiry target. For example, when the user C of the sales department whose user ID is “U-00203” is a registrant, the department to which the user C belongs can be identified as the sales department from the user information illustrated in FIG. 14, and the group information illustrated in FIG. Since user C can be identified as the project X group, the sales department that is the department to which user C belongs and the entire company corresponding to the higher-level organization of the sales department (common throughout the company) and the management department of the project X group to which user C belongs. An inquiry may be made to the policy server (development department) 30 managed by the development department, and the policy server 30 to be inquired is selected from those set in the server list. May be.

  Upon receipt of the applicable policy list, the policy selection unit 53 in the multifunction device 22 presents the policy list to the registrant by displaying it on the operation panel 13 and selects the policy to be applied to the generated electronic document from the list. Let When displaying the policy list, display the department that provides the policy, or refer to the relationship between the department to which user B belongs and the department that manages the policy server 30 that provided the policy included in the policy list. The policies may be displayed with priorities, such as by adjusting the display order of the policies. In step 104, the policy server (development unit) 30 makes a policy inquiry to the policy server 30 set in the server list, but causes the user B to specify the policy server 30 to make the inquiry. The conditions for acquiring the policy list may be configured to be set by the user.

  Thus, when the policy selection unit 53 receives the policy selected by the user B (step 109), the document ID generation unit 54 includes a unique ID including the server ID of the policy server 30 that manages the policy to be applied. A document ID is generated (step 110). Here, it is assumed that the document ID “003-0408214” including the server ID “003” of the policy server 30 managed by the development department is generated. Of course, the server ID may be handled as information separate from the document ID. Here, it is assumed that the policy of “project X material” is selected.

  Subsequently, the document registration request unit 55 makes a registration request to the inquiry policy server 30 based on the generated document ID, the selected policy, and the user ID of the registrant (step 111).

  The policy registration unit 33 in the policy server (development unit) 30 that has received the registration request manages the policy included in the registration request by collating the server ID included in the document ID with its own server ID. Find out what to do. If it is managed by itself, the document ID, policy ID, registration date, and registrant information are associated with the document / policy association information list and registered in the document related information storage unit 39 (step 112). If it is not managed by itself, a registration request is sent to the policy server 30 that manages the policy. The registration request destination can be easily specified from the server ID incorporated in the document ID. Here, since the selected policy is managed by the policy server (development unit) 30 that is the inquiry policy server 30, the document related information of the policy server (development unit) 30 as illustrated in FIG. Records of document ID “003-0428214”, policy ID “PLC-3001”, registration date “December 07, 2007”, and registrant “user B” included in the registration request are added to the storage unit 39.

  In this example, the case where the policy managed by the inquiry policy server 30 is selected has been described. However, when the policy managed by another policy server 30 such as “confidential” is selected by the user B, the inquiry is performed. The destination policy server 30 makes a registration request to the other policy server 30, and the policy registration unit 33 in the other policy server 30 stores the document ID, policy ID, and the like included in the registration request in the policy information storage unit. 37 is newly registered.

  After making the registration request, the multi-function device 22 scans the document to generate an electronic document, embeds the document ID in the electronic document, and writes and saves it in the document storage unit 57 (step 113). At that time, if necessary, an encryption process may be performed so that an unauthorized user cannot access. In this case, however, it is necessary to send information necessary for decryption to the policy server 30 when making a registration request.

  Next, document operation processing for performing an operation on an electronic document to be managed will be described. Here, the case where the user C of the sales department browses the electronic document with the document ID “003-048214” to be managed from the PC 23 will be described with reference to the sequence diagram shown in FIG. In the sequence diagram, only communication performed between the PC 23 (document operation device 60) used by the user and the policy server 30 is illustrated.

  First, when the user C performs a predetermined operation to view the electronic document with the document ID “003-048214” using the document application installed in the PC 23, the user authentication unit 51 performs user authentication (step S1). 201). The user authentication method is the same as in the document registration process. As a result of the user authentication, the user C is specified as the operator.

  When the operator is specified, the document ID extraction unit 62 in the PC 23 extracts the document ID from the operation target document (step 202). Since the document ID is embedded in the electronic document, the document ID may be extracted from the document data by the document application. If the target is a paper document, since the document ID is embedded in a machine-readable state such as a QR code, the document ID can be extracted from the result of scanning. In this way, the document ID extraction unit 62 extracts the document ID “003-048214” by any method.

  Subsequently, the operation availability inquiry unit 34 transmits an availability inquiry request including the extracted document ID, the user ID of the user C who is the operator, and the content of the operation (here, “browsing”), thereby inquiring the policy server. 30 is inquired of whether or not the operation is possible (step 203). The inquiry policy server 30 is as described in the document registration process. Here, it is assumed that the policy server (sales department) 30 managed by the sales department is preset in the PC 23 as the inquiry policy server 30.

  When the availability inquiry request sent from the PC 23 is received, the operation availability determination unit 34 in the policy server (sales department) 30 extracts the server ID “003” from the document ID “003-0428214” included in the availability inquiry request. . Then, the operation availability determination unit 34 compares the extracted server ID with its own server ID, and if they match, the policy information storage unit 37 is stored in the policy search unit based on the user ID and the operation content included in the availability inquiry request. 23 (step 204). Thereby, the operation availability determination unit 34 determines whether the content of the operation by the inquired user is possible (step 209). In other words, the operation availability determination unit 34 determines that an operation is permitted if an operation permitted by the inquired user is permitted, and that the operation is not permitted otherwise. Then, the determination result is returned to the inquiry source PC 23 (step 210).

  As shown in this example, when the extracted server ID is “003” and the server ID of the policy server 30 managed by the sales department does not match “004”, the operation availability determination unit 34 next selects the policy temporary storage unit. The (cache) 36 is searched for the presence or absence of policy data that matches the document ID included in the inquiry (step 205). Here, if the policy temporary storage unit (cache) 36 does not include policy data that matches the document ID, the operation availability determination unit 34 searches the server list set in the server list storage unit 38. The record corresponding to the server ID extracted from the document ID is specified, the connection destination of the policy server 30 included in the record is specified, and an inquiry including the document ID is made to the policy server 30. (Step 206). In this example, since the extracted server ID “003” is the server ID of the policy server 30 managed by the development department, the policy server (development department) 30 is inquired. If the server ID extracted from the document ID is not included in the policy server list, an error is returned as indeterminable.

  Upon receiving the policy inquiry, the policy server (development unit) 30 specifies the corresponding record by searching the document related information storage unit 39 based on the document ID “003-048214” included in the inquiry (step 207). The policy ID, registrant, and registration date / time are specified from the record. Further, a policy extracted by searching the policy information storage unit 37 with the specified policy ID is returned to the inquiring policy server (sales department) 30 as a query result (step 208). Here, it is assumed that the policy shown in FIG. 8 is retrieved. In the policy shown in FIG. 7, since the object to which the right is given and the effective period are fixed, the information may be returned as it is. However, the object to which the right is given and the effective period are applied as in the policy illustrated in FIG. If it differs depending on the document that has been changed, information that confirms them is returned. Specifically, if the registrant is described as the subject to be entitled, the value is replaced with the actual registrant's name, and if the validity period describes the period from the registration date, Replace that period with the actual registration date and time.

  The operation availability determination unit 34 in the policy server (sales department) 30 that has received the inquiry result from the policy server (development department) 30 inquires of the user management server 40 about the group to which the operator belongs, and Whether the operation is possible is determined from the policy associated with the document, the operator included in the inquiry about whether or not the operation can be performed from the PC 23, the group to which the registrant as the result of the inquiry to the user management server 40 belongs, and the operation content. (Step 209). Specifically, in response to an inquiry as to whether the user C of the sales department can browse, the policy shown in FIG. 8 describes that the user C of the sales department can browse until March 31, 2008. . Then, the operation availability determination unit 34 further compares the current time with the effective period, and determines that the determination is possible if the determination time is before March 31, 2008, and is impossible if the determination time is later. The operation availability determination unit 34 returns the determination result thus made to the PC 23 (step 210).

  After that, the cache registration unit 35 registers the result of the inquiry to the policy server (development unit) 30 in the policy temporary storage unit 36 as cache data in order to be able to quickly respond to the next and subsequent inquiries (step 211). . When registering a policy, the cache registration unit 35 adds a document ID to be inquired, and adds a period (1 day) indicated in the cache validity period and the time when the inquiry is made to a new one. Set as cache lifetime. An example of the cache data registered in the policy temporary storage unit 36 by the cache registration process by the cache registration unit 35 is shown in FIG.

  As is clear from this cache registration process, if the policy temporary holding unit (cache) 36 includes policy data that matches the document ID in step 205, the operation availability determination unit 34 sends the policy information to another policy server 30. Whether or not the operation is possible is determined using the cache data without making an inquiry (step 209).

  As a result of the inquiry from the policy server (sales department) 30, when a determination result of “operation is possible” is returned, the operation execution unit 64 in the PC 23 executes a predetermined document application to illustrate the document to be inquired. The user C is made to browse by displaying on the display not to be performed (step 212). If the operation target document is encrypted, information necessary for decryption may be included in the inquiry result. When the determination result “operation not possible” is returned, the PC 23 prohibits the operation execution unit 64 from operating the operation target document, and the operation is not possible, that is, the document (document ID) by the user (user C). Error information indicating that the operation (viewing) on the document “003-0428214” is not permitted is displayed on the display (step 212).

  As described above, in the present embodiment, the process for registering the document to be managed by the policy and the process for determining whether the operation is possible for the document to be managed by the policy are performed. In the present embodiment, the document registration device 50 and the document operation device 60 are illustrated as separate components as described above, but may be realized by the same device. That is, in the case of the present embodiment, the multi-function device 22 and the PC 23 can be either the document registration device 50 or the document operation device 60, respectively.

  In particular, when copying a management document on a paper medium and registering a newly created paper document as a management document, the document operation device 60 determines whether or not a copy operation is possible, and at the same time, the document registration device 50. Since it is necessary to register a policy for a paper document newly generated by copying at, it is desirable to implement the document registration device 50 and the document operation device 60 with a single multifunction device 22. In this case, the policy applied to the new paper document may be set by the operator who performs the copy, or the policy applied to the copy source paper document may be applied as it is.

1 is an overall configuration diagram showing an embodiment of a security policy management system according to the present invention. FIG. It is a hardware block diagram of the server computer which forms the policy server in this Embodiment. FIG. 2 is a hardware configuration diagram of a multifunction machine according to the present embodiment. It is the block block diagram which showed the document registration apparatus in this Embodiment. It is the block block diagram which showed the document operation apparatus in this Embodiment. It is the block block diagram which showed the policy server in this Embodiment. It is the figure which showed the data structural example of the policy setting information memorize | stored in the policy information storage part of the policy server (common throughout a company) in this Embodiment. It is the figure which showed the data structural example of the policy setting information memorize | stored in the policy information storage part of the policy server (development part) in this Embodiment. It is the figure which showed the data structural example of the server list memorize | stored in the server list memory | storage part of the policy server (sales department) in this Embodiment. It is the figure which showed the data structural example of the server list memorize | stored in the server list memory | storage part of the policy server (development part) in this Embodiment. It is the figure which showed the data structural example of the document relevant information memorize | stored in the document relevant information storage part of the policy server (common throughout a company) in this Embodiment. It is the figure which showed the data structural example of the document relevant information memorize | stored in the document relevant information storage part of the policy server (development part) in this Embodiment. It is the block block diagram which showed the user management server in this Embodiment. It is the figure which showed the data structural example of the user information memorize | stored in the user information storage part in this Embodiment. It is the figure which showed the data structural example of the group information memorize | stored in the group information storage part in this Embodiment. It is the figure which showed the data structural example of the policy setting information hold | maintained in the policy temporary holding part in this Embodiment. It is the sequence diagram which showed the flow of the document registration process in this Embodiment. It is the sequence figure which showed the flow of the document operation process in this Embodiment.

Explanation of symbols

  1,21 CPU, 2,19 ROM, 3,18 RAM, 4,15 Hard disk drive (HDD), 5 HDD controller, 6 Mouse, 7 Keyboard, 8 Display, 9 Input / output controller, 10 Network controller, 11 Internal bus, 12 address data bus, 13 operation panel, 14 scanner, 16 printer engine, 17 network interface (I / F), 20 IC card reader, 22 multifunction device, 23 personal computer (PC), 24 network, 30 policy server, 31 policy List providing unit, 32 policy search unit, 33 policy registration unit, 34 operation availability determination unit, 35 cache registration unit, 36 policy temporary storage unit, 37 policy information storage unit, 38 server list storage unit, 39 Document related information storage unit, 40 user management server, 41, 51, 61 user authentication unit, 42 information providing unit, 43 user information storage unit, 44 group information storage unit, 50 document registration device, 52 policy list acquisition unit, 53 policy Selection unit, 54 Document ID generation unit, 55 Document registration request unit, 56 Registered document generation unit, 57 Document storage unit, 60 Document operation device, 62 Document ID extraction unit, 63 Operation availability inquiry unit, 64 Operation execution unit, 65 Document Memory part.

Claims (10)

Policy information storage means for storing policy setting information including policy identification information and policy setting content;
Server list storage means for storing a list of identification information and connection information of other security policy servers;
A file-related information storage unit that stores at least associating each identification information of a file to be managed by the policy, the policy, and the registrant of the file;
A policy list inquiry request receiving means for receiving a policy list inquiry request including user identification information;
Policy acquisition means for acquiring policy setting information relating to a policy that can be set for a user specified from the user identification information included in the policy list inquiry request;
A policy list reply means for returning one or more policy setting information acquired by the policy acquisition means to a policy list inquiry request transmission source;
Have
The policy acquisition means acquires policy setting information related to policies that can be set for the user by searching the policy information storage means, and is specified by the security policy server identification information stored in the server list storage means. Sends a policy inquiry request including user identification information to the security policy server, and obtains policy setting information returned in response to the policy inquiry request.
Security policy server characterized by that. The security policy server according to claim 1,
Policy inquiry request accepting means for accepting a policy inquiry request including user identification information sent from another security policy server;
Specifying means for specifying policy setting information set in the file based on user identification information included in the policy inquiry request;
Policy return means for returning the policy setting information specified by the specifying means to the policy inquiry request source;
A security policy server characterized by comprising: The security policy server according to claim 1,
Registration request reception for receiving a file registration request including the policy selected from those returned by the policy list reply means, the file to be registered, the security policy server designated as the registration destination and the identification information of the user who is the registrant Means,
Registration means for registering policy setting information in response to the policy inquiry request;
Have
The registration means refers to security policy server identification information included in the policy inquiry request,
If it is determined that policy management of the file is performed by itself, the identification information of the file to be registered, the policy, and the registrant is associated and registered in the file related information storage unit,
When it is determined that another security policy server performs policy management of the file, the policy inquiry request is transmitted to the other security policy server.
Security policy server characterized by that. Policy information storage means for storing policy setting information including policy identification information and policy setting content;
Server list storage means for storing a list of identification information and connection information of other security policy servers;
File-related information storage means for storing at least the file associated with the policy management, the policy, and identification information of the creator of the file in association with each other;
An operation availability inquiry request accepting means for accepting an operation availability inquiry request including identification information of the security policy server, the user and the file, and information specifying the content of the operation;
In response to the operation availability inquiry request, a determination unit that determines whether the user can perform the operation on the file;
A determination result return means for returning the availability determination result by the determination means to the operation availability inquiry request transmission source;
Have
The determination means includes
If it is determined that the file specified from the file identification information included in the operation availability inquiry request is a policy management target, the user identification information included in the operation availability inquiry request based on the policy setting information, and Judge whether the operation is possible from the contents of the operation,
If it is determined that the specified file is not a management target, the policy inquiry request for the file is transmitted to another security policy server specified from the security policy server identification information included in the operation availability inquiry request. , Based on the policy setting information returned in response to the policy inquiry request, whether or not the operation is possible is determined.
Security policy server characterized by that. In the security policy server according to claim 4,
Policy inquiry request accepting means for accepting a policy inquiry request including file identification information sent from another security policy server;
Identifying means for identifying policy setting information set in the file based on the file identification information included in the policy inquiry request;
Policy return means for returning the policy setting information specified by the specifying means to the policy inquiry request source;
A security policy server characterized by comprising: In the security policy server according to claim 4,
A security policy server comprising holding means for holding policy setting information returned in response to a policy inquiry request transmitted by the determination means. Multiple security policy servers,
A file registration device used by a user requesting file policy management;
Have
Each security policy server
Policy information storage means for storing policy setting information including policy identification information and policy setting content;
Server list storage means for storing a list of identification information and connection information of other security policy servers;
A file-related information storage unit that stores at least associating each identification information of a file to be managed by the policy, the policy, and the registrant of the file;
Policy list inquiry request receiving means for receiving a policy list inquiry request including identification information of a user sent from the file registration device;
Policy acquisition means for acquiring policy setting information relating to a policy that can be set for a user specified from the user identification information included in the policy list inquiry request;
A policy list reply means for returning one or more policy setting information acquired by the policy acquisition means to the file registration device;
Policy inquiry request accepting means for accepting a policy inquiry request including user identification information sent from another security policy server;
Specifying means for specifying policy setting information set in the file based on user identification information included in the policy inquiry request;
Policy return means for returning the policy setting information specified by the specifying means to the policy inquiry request source;
Have
The policy acquisition means acquires policy setting information related to policies that can be set for the user by searching the policy information storage means, and is specified by the security policy server identification information stored in the server list storage means. Sends a policy inquiry request including user identification information to the security policy server, and obtains policy setting information returned in response to the policy inquiry request.
Security policy management system characterized by that. Multiple security policy servers,
A file operation device used by a user operating on the file;
Have
Each security policy server
Policy information storage means for storing policy setting information including policy identification information and policy setting content;
Server list storage means for storing a list of identification information and connection information of other security policy servers;
File-related information storage means for storing at least the file associated with the policy management, the policy, and identification information of the creator of the file in association with each other;
An operation availability inquiry request accepting unit that accepts an operation availability inquiry request including identification information of the security policy server, the user and the file, and information specifying the operation content sent from the file operation device;
In response to the operation availability inquiry request, a determination unit that determines whether the user can perform the operation on the file;
A determination result return means for returning the determination result by the determination means to the file operation device;
Policy inquiry request accepting means for accepting a policy inquiry request including file identification information sent from another security policy server;
Identifying means for identifying policy setting information set in the file based on the file identification information included in the policy inquiry request;
Policy return means for returning the policy setting information specified by the specifying means to the policy inquiry request source;
Have
The determination means includes
If it is determined that the file specified from the file identification information included in the operation availability inquiry request is a policy management target, the user identification information included in the operation availability inquiry request based on the policy setting information, and Judge whether the operation is possible from the contents of the operation,
If it is determined that the specified file is not a management target, the policy inquiry request for the file is transmitted to another security policy server specified from the security policy server identification information included in the operation availability inquiry request. , Based on the policy setting information returned in response to the policy inquiry request, whether or not the operation is possible is determined.
Security policy management system characterized by that. Security policy server
Policy information storage means for storing policy setting information including policy identification information and policy setting contents;
Server list storage means for storing a list of identification information and connection information of other security policy servers,
File-related information storage means for storing at least associating each identification information of a file to be managed by the policy, the policy, and the registrant of the file;
Policy list inquiry request accepting means for accepting a policy list inquiry request including user identification information;
Policy acquisition means for acquiring policy setting information relating to a policy that can be set for a user specified from the user identification information included in the policy list inquiry request;
A policy list reply means for replying one or more policy setting information acquired by the policy acquisition means to a policy list inquiry request transmission source;
Function as
The policy acquisition unit acquires policy setting information regarding a policy that can be set for the user by searching the policy information storage unit, and is specified by the security policy server identification information stored in the server list storage unit. Sends a policy inquiry request including user identification information to the security policy server, and obtains policy setting information returned in response to the policy inquiry request.
A security policy management program characterized by that. Security policy server
Policy information storage means for storing policy setting information including policy identification information and policy setting contents;
Server list storage means for storing a list of identification information and connection information of other security policy servers,
File-related information storage means for storing at least associating each identification information of the file to be managed by the policy, the policy, and the creator of the file;
An operation availability inquiry request accepting means for accepting an operation availability inquiry request including identification information of the security policy server, the user and the file, and information specifying the content of the operation;
A determination unit configured to determine whether or not the user can perform the operation on the file according to the operation availability query request;
A determination result return means for returning the determination result by the determination means to the operation availability inquiry request transmission source;
Function as
The determination means includes
If it is determined that the file specified from the file identification information included in the operation availability inquiry request is a policy management target, the user identification information included in the operation availability inquiry request based on the policy setting information, and Judge whether the operation is possible from the contents of the operation,
If it is determined that the specified file is not a management target, a policy inquiry request for the file is transmitted to another security policy server specified from the security policy server identification information included in the operation availability inquiry request. , Based on the policy setting information returned in response to the policy inquiry request, whether or not the operation is possible is determined.
A security policy management program characterized by that.

Images