JP2009169808A - Data management system using position information, its method, program, and medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system for managing a document by using position information of a document editor. <P>SOLUTION: A document management system comprises: a position information distribution device for transmitting position specification information; a document creation device for outputting a document file including a location stamp including created position information created on the basis of the position specification information transmitted by the position information distributor, access control definition information describing a permitted place and permitted content of a file access, and document data to a recording medium; and a document receiving device which reads the document file of the recording medium, authenticates a document creation place by collating the location stamp with the access control definition information on the document file, uses reception position information created on the basis of the position specification information transmitted by the position information distribution device to refer to the access control definition information, authenticates the reception position, and allows an act of access to permitted content of the access control definition information with respect to the document file. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

The present invention relates to a system for managing documents using position authentication information given to a document file, and a method, program, and medium thereof.

The present invention is particularly useful for improving information security by controlling access to electronic data using position information and position authentication information given to the electronic data outdoors or in a predetermined place of a building.

In modern corporate activities, it is becoming increasingly important to manage information in order to prevent unintended references and leakage of electronic data including confidential information and personal information.
Therefore, a method for managing information on electronic data, which will be described below, is used.
<< 1. Encryption of electronic information >>
By encrypting the electronic data, even if the encrypted data can be accessed, the electronic data cannot be referred to after being decrypted unless there is a password, decryption key information, or the like.
However, this method has a low security effect against negligence and fraud by an internal authority having password and decryption key information.
<< 2. Log data >>
By saving the operation history (= log data), fraud by the internal authority is suppressed, and by analyzing the log, fraud is discovered.
The log uses a log server device to perform personal authentication (password, ID card, biometric authentication, etc.) of the user terminal device, identify the individual, and record access to electronic data, decryption operations, and the like.
However, in this method, since the user terminal device must always be connected to the log server device, convenience is impaired.
Also, with this method, logs of terminal devices that cannot be connected to the log server device (such as high security terminal devices that are prohibited from connection or mobile terminal devices that are taken outside) cannot be saved.

<< 3. Authentication server
For example, in Patent Document 1, the access management server authenticates the location that the user terminal physically exists at a position where the user terminal allows access based on information acquired from the RFID tag by the user terminal, and grants the access authority to the user. A technique given to a terminal is disclosed.
JP 2006-72808 (paragraph 0018-paragraph 0021, FIG. 1)

However, in the technique of Patent Document 1, since the user terminal needs to be connected to the access management server via a network in order to obtain access permission to electronic data, convenience is impaired.

The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a system for managing a document using position information of a document editing apparatus, and a method, program, and medium thereof It is to be.

This invention solves the said subject by the means as described in each following aspect.
That is, a first aspect of the present invention is a document management system including a position information distributor that transmits information for specifying a position, a document creation apparatus, and a document reception apparatus, wherein the document creation apparatus includes: A storage unit that stores document data, location information that permits file access and access control definition information that describes an access action permitted by the location information, and a location that is transmitted from the location information distributor Position information creating means for acquiring information and creating creation position information, location stamp creating means for creating a location stamp including the created position information created by the position information creating means, document data, access control definition information, and location A document file creation means for creating a document file including a stamp, and a document file created by the document file creation means. A file output means for outputting to a recording medium, wherein the document receiving apparatus reads a storage unit and a document file recorded on the recording medium output by the document creation apparatus, and stores these The file input means to be input to the copy section, and the location stamp creation position information registered in the storage section by the file input means and the access location information of the access control definition information of the document file are collated, and there is a match between them. For example, an output position authentication unit that determines that the location where the document is created is valid, a position information creation unit that obtains information specifying the position transmitted from the position information distributor, and creates reception position information; The access location of the access control definition information of the document file registered in the storage unit by the file input means using the received position information created by the position information creating means. The input position authentication means for selecting the access action when the two match and authenticating the reception position, and the document data of the document file according to the description of the access action selected by the input position authentication means A document access unit that performs an authorized access action, and a location stamp update unit that creates a location stamp including the received location information created by the location information creation unit and updates the location stamp registered in the storage unit by the file input unit A document management system characterized in that the reception device comprises:

In this way, by using a recording medium in which a document file including access control definition information and a location stamp is recorded, document management (= access position authentication to a document file) is performed without connection to the document access management server device. It is possible.

According to a second aspect of the present invention, in the document creation device, the storage unit stores the signature key information, the document data stored in the storage unit, access control definition information, and the creation created by the location information creation unit Signing means for creating electronic signature information by encrypting hash data generated from the position information using signature key information stored in a storage unit, and the location stamp creating means includes position information creating means Is a creation device that creates a location stamp including the creation position information created by the signature means and the electronic signature information created by the signature means, wherein the storage unit stores the signature key information, and the document creation device The document data of the document file registered in the storage unit by the file input means, the access control definition information, and the location stamp The hash value generated from the location information is encrypted using the signature key information stored in the storage unit to create collation electronic signature information, and the location stamp registered in the storage unit by the file input unit The message authentication means that determines that the digital signature information is not falsified if they match, and the document data, the reception position information, and the memory are stored using the same algorithm as the signature means of the document creation apparatus. Signing means for creating electronic signature information by encrypting a hash value generated from an access control definition registered in the copy unit using signature key information stored in the storage unit;
With
The location stamp update unit creates a location stamp including the received position information created by the location information creation unit and the electronic signature information created by the signature unit, and updates the location stamp registered in the storage unit. The document management system according to claim 1, wherein the document management system is a reception device.

As described above, by using the electronic signature information, it is possible to check whether or not the data of the document file has been falsified.

According to a third aspect of the present invention, the document creation device includes log creation means for creating log data including access act information, creator information, and creation time work history data, and the document file creation means includes: A creation device for creating a document file including document data, access control definition information, log data created by a log creation means, and a location stamp, wherein the document reception device creates log data and the file input means stores it The document management system according to claim 1, wherein the document management system includes a log appending unit that appends to log data of a document file registered in a copy unit.

In this way, by using a recording medium in which a document file including log data is recorded, document management (= document file log management) can be performed without connecting to a log server device.

According to a fourth aspect of the present invention, the storage unit stores signature key information, document data and access control definition information stored in the storage unit, log data created by the log creation unit, and position information creation unit The location stamp creating means comprises: signing means for creating electronic signature information by encrypting hash data generated from the created position information created by using the signature key information stored in the storage unit, A creation device for creating a location stamp including creation location information created by a location information creation unit and electronic signature information created by a signature unit, wherein the storage unit stores signature key information The document data, access control definition information, and location of the document file registered in the storage unit by the file input unit using the same algorithm as the signature unit of the document creation device. The signature creation position information and the hash value generated from the log data are encrypted by using the signature key information stored in the storage unit to create the electronic signature information for verification, and the file input means stores it in the storage unit. Compare the electronic signature information of the registered location stamp, and if both match, use the same algorithm as the message authentication means that determines that the falsification has not been made and the signature means of the document creation apparatus, and append the document data The hash value generated from the received log data and the received position information created by the position information creating means and the access control definition registered in the storage unit is encrypted using the signature key information stored in the storage unit and electronically The signing means for creating the signature information and the location stamp updating means include the received position information and the signing means created by the position information creating means. Create a location stamp including electronic signature information created a document management system according to claim 3, characterized in that the reception device comprising a updating location stamp that is registered in the storage unit.

According to a fifth aspect of the present invention, the document management system further includes an IC card that stores decryption key information, and the document creation device includes the creation device in which the document data is encrypted document data. The document receiving apparatus includes an IC card reader, obtains decryption key information stored in the IC card that is returned by issuing a key request to the IC card reader, and is accessed by the document access unit. The document management system according to any one of claims 1 to 4, wherein the document management system is a reception device including a decoding unit that decodes document data of a file.

A sixth invention of the present invention is a document management method using access control definition information stored in a document creation device, wherein (1) << location stamp creation >> a document creation device is transmitted from a position information distributor. A location stamp creating step for obtaining information for specifying a position to create creation location information and creating a location stamp including the location information; (2) << output >> document data and access control information stored in the document creation device; A file output step of creating a document file including the location stamp created in the location stamp creation step and outputting it to a recording medium; and (3) << input >> a file input step in which the document receiving apparatus inputs the document file of the recording medium; , (4) << Location stamp verification >> The document reception device accesses the input document file. A creation location verification step for verifying that a document has been created at a predetermined location by comparing the definition information with the location stamp, and (5) << access control >> a document reception device is transmitted from the location information distributor. The received location information is acquired to create the received location information, which is verified against the input access control definition information to authenticate that the document file has been input at a predetermined location, and to access the input document. (6) << Location stamp update >> The document reception apparatus creates a location stamp including reception position information and updates a location stamp update step for updating the input location stamp. This is a document management method characterized in that

According to a seventh aspect of the present invention, (1) a document creating apparatus creates log data including access act information, creator information, and creation time work history data; and (2) the file output step includes A step of creating a document file including log data created by the log creation step and outputting it to a recording medium; and (3) a document reception device creating log data and appending it to the log data of the input document file. The document management method according to claim 6, wherein the document management method is performed by a procedure including a log addition step.

An eighth invention of the present invention is a document management method using access control definition information and signature key information. (1) The document creation apparatus acquires information specifying a position transmitted from a position information distributor. The created location information is created, and the stored document data, access control definition information, created log data, and hash data generated from the created creation location information are encrypted using the stored signature key information. (2) A document including a creation position information created by the document receiving apparatus, a location stamp having the electronic signature information, document data stored in the document creation apparatus, and access control information A file output step of creating a file and outputting it to a recording medium; and (3) a file input step in which the document receiving apparatus inputs a document file of the recording medium. (4) Using the same signature algorithm as that of the document creation device, the document reception device applies a hash value generated from the document data of the input document file, access control definition information, and location stamp creation position information. The digital signature information for verification is created by encrypting using the stored signature key information, and this is compared with the digital signature information of the location stamp entered in the file. A message authentication step for determining, and (5) a creation location verification step for confirming that the document has been created at a predetermined location by collating the access control definition information of the input document file with the location stamp. (6) The document reception device acquires the position specifying information transmitted from the position information distributor, creates the reception position information, An access permission step for verifying that the document file has been input at a predetermined location and allowing access to the input document; (7) Using the same signature algorithm as the document creation device, the digital signature information is encrypted using the stored signature key information for the hash value generated from the document data, the created reception position information, and the input access control definition And (8) a document reception apparatus that generates a location stamp including reception position information and electronic signature information, and a location stamp update step in which the input location stamp is updated. This is a document management method.

A ninth invention of the present invention is a computer program that causes a computer to operate as the document management display system according to any one of claims 1 to 5 by being incorporated in the computer.

A tenth aspect of the present invention is a computer-readable recording medium on which the computer program according to the ninth aspect is recorded.

According to the present invention,
(1) With respect to the document editing apparatus, it is possible to limit the places where the electronic document can be accessed (viewed or the like) without using the access management server apparatus.
(2) The document editing device does not require a log server device, and can prove when and where the electronic document was accessed.
Therefore, according to the present invention, since the document editing apparatus does not need to be connected to the network, there is an effect that highly secure file access control can be realized even in the document editing apparatus in which the network connection is prohibited.

Hereinafter, embodiments of the present invention will be described in more detail with reference to the drawings.
FIG. 1 is a diagram for explaining the outline of a document management system 1 according to the present invention.
The document management system 1 includes an IC card 400, a position information distributor 500, a document creation apparatus 100 and a document reception apparatus 300 that communicate wirelessly.

The document creation apparatus 100 is a personal computer equipped with an existing document editing program and a dedicated program described later. The document creation device 100 communicates with the position information distributor 500 wirelessly.

The document receiving apparatus 300 is a personal computer in which a dedicated program described later is installed. The document reception device 300 communicates with the position information distributor 500 wirelessly.
The document receiving apparatus 300 includes an IC card reader.

The IC card 400 includes a storage unit that stores decryption key information.

The position information distributor 500 includes a storage unit that stores position information (information for specifying a position and information for specifying a location).
Examples of the position information distributor 500 include a passive IC tag, GPS, a wireless LAN access point (= network connection device) capable of measuring radio wave intensity, a position information marker (= short-range communication device) for transmitting position information, infrared light Information transmitter, ultrasonic radar, etc.

FIG. 2 illustrates a rough processing flow of the document management system 1.
<< 1. Create location stamp >>
The document creation apparatus 100 acquires location information from the location information distributor 500 installed near the document creation location and creates a location stamp that proves the location where the document containing the location information was created (FIG. 2 (1)). .
<< 2. output"
The document creation apparatus 100 outputs a document file including access control definition information that defines a place where access is permitted (= access location), a created location stamp, and an encrypted document to a recording medium ((2)). ).

<< 3. input"
The document receiving apparatus 300 inputs a document file on the recording medium ((3)).
<< 4. Location stamp verification
The document receiving apparatus 300 checks the access control definition information of the input document file against the location stamp and confirms that the document has been created at a predetermined location (= access location) ((4)).
<< 5. Access control >>
The document reception apparatus 300 acquires position information from a position information distributor installed near the document reception apparatus, compares it with the input access control definition information, and stores a document file at a predetermined location (= access location). The input is authenticated and access to the input document is permitted ((5)).
<< 6. Decryption
The document reception apparatus 300 acquires the decryption key information stored in the IC card 400 and decrypts the encrypted document ((6)).
<< 7. Location stamp update
The document reception apparatus 300 creates a location stamp including the position information of the document reception apparatus and updates the input location stamp ((7)).

In the access control definition information, an access action (for example, read permission, write update permission, execution permission, etc.) that is permitted may be described in association with the access location. At this time, the document receiving apparatus 300 can execute only the access action permitted by the access control definition information.

FIG. 3 is a diagram for explaining the format of the document file 198 output to the recording medium.
The document file 198 includes document file name information 198 a, encrypted document data 194, access control definition information 191, log data 196, and a location stamp 195.
The location stamp 195 includes position information 197 and an electronic signature 199.
The document file name information is a character string.
The encrypted document data 194 is obtained by encrypting a document created by the document reception apparatus 300.
The access control definition information 191 is information that associates an access location with an access action. (Details will be described later)
Log data 196 is work history data. (Details will be described later)
The location stamp location information 197 is information for specifying an access location.
The location stamp electronic signature 199 is information generated from the encrypted document data 194, access control definition information 191, log data 196, and location stamp position information 197.

Next, with reference to FIGS. 4 and 10, a description will be given of the flow of document management processing in which an input file created by the customer X company is received in the Y company computer room.
At this time, the access control definition information defines that the access action permitted by the customer X company is the write permission, and the access action permitted by the company Y is the read and write update. .

FIG. 4 is a diagram for explaining a procedure for creating input data (= document information) using the document creation device 100 in the X company.
<< 1. Create location stamp >>
In company X, the person in charge of company X uses the document creation device 100 to create the submitted data 194a (FIG. 4 (1-1)).
The document creation apparatus 100 creates the encrypted document data 194 by encrypting the submitted data with the encryption key corresponding to the decryption key of the IC card held by the person in charge of the company Y (1-2).
The document creation apparatus 100 creates (= writes) the input data when the access location is “inside the X company building”, decrypts the encrypted document when the access location is “Company Y's computer room”, and browses (= reads). Access control definition information 191 defined so as to be able to be attached is attached to the encrypted document data 194 ((1-3)).
The document creation apparatus 100 creates a log 196 including information on the file creation action, the creator, and the creation time, and attaches it to the encrypted document data 194 ((1-4)).
The document creation apparatus 100 creates location information 197 (= in the building of company X) of the creation location using the location specifying information acquired from the location information distributor 500 (for example, a passive IC tag), and a location stamp including the location information 195 is created and attached to the encrypted document data 194 ((1-5)).
The location stamp 195 may include a predetermined electronic signature 199.
<< 2. output"
The document creation apparatus 100 copies and outputs the encrypted document 194, the access control information 191 attached thereto, the log 196, and the location stamp 195 to the recording medium 200 ((2-1)).

The person in charge of company X sends this recording medium 200 to company Y ((2-2)).
Alternatively, the person in charge of company X may send these pieces of information to company Y using a secure electronic communication path instead of copying and outputting them to a recording medium.

First, details of the passive IC tag 500 will be described.
FIG. 9 is a circuit function block diagram of the passive IC tag 500.
The passive IC tag 500 includes a calculation unit 501, a wireless communication unit 502, an antenna coil 503, a power supply capacitor 508, and a nonvolatile memory 509.

The operation unit 501 is a logic operation circuit.
The wireless communication unit 502 demodulates the received electromagnetic wave (= wireless radio wave) and extracts a control signal. Alternatively, a carrier wave for transmitting electromagnetic waves is generated, and digital information is converted into radio waves.
The antenna coil 503 receives radio waves. The radio wave is a long wave band, a short wave band, a UHF band, or a microwave band.
The power supply capacitor 508 stores electromagnetic wave energy (= power) of radio waves received by the antenna coil 503, and supplies the stored power to each circuit.

The nonvolatile memory 509 is a semiconductor memory.
The non-volatile memory 509 stores information 591 for specifying the position (for example, a coordinate value or a name of a place where the document creation apparatus is installed).

The passive IC tag 500 receives the transmitted position specifying information request and returns information 591 specifying the position stored in the nonvolatile memory 509.

Next, details of the document creation apparatus 100 according to the present invention will be described.
FIG. 5 is a detailed configuration diagram of the document creation apparatus 100.
The document creation apparatus 100 includes a CPU 101, an input unit 102, a display unit 103, a wireless communication unit 104, an antenna 105, a storage unit 109, and a dedicated program.

The CPU 101 is a central processing unit.
The input unit 102 is a mouse or a keyboard.
The display unit 103 is a liquid crystal display device, an EL (electroluminescence) display device, or the like.
The wireless communication unit 104 is a wireless transmission / reception device.
The wireless communication unit 104 wirelessly communicates with the position information distributor 500 via the antenna 105.
The wireless communication unit 104 generates a carrier wave for transmitting electromagnetic waves (= wireless radio waves) and converts digital information into radio waves. Alternatively, the received electromagnetic wave is demodulated and a control signal is extracted.

The storage unit 109 is a semiconductor memory or a magnetic memory.
The storage unit 109 stores access control definition information 191, signature key information 192, an encryption key 193, and document information 194 a.
The access control definition information 191 is information including location information that permits access (= access location information).
The document information 194a is information created by an existing document editing program included in the document creation device 100.

In addition, an encryption unit 110, a log creation unit 120, a position information creation unit 140, a signature unit 150, a location stamp creation unit 160, a document file creation unit 130, and a file output unit 190 are provided. Each of these means is realized by each dedicated program and functions by the CPU 101 interpreting and executing the dedicated program.

The encryption unit 110 generates encrypted document data 194 from the document information 194 a stored in the storage unit 109 using the encryption key information 193 stored in the storage unit 109.
The encryption key information 193 may be pre-shared secret key information or public key information.

The log creation means 120 creates log data 196 including file creation action information, creator information, and creation time work history data. (Details of log data will be described later)

The position information creating unit 140 transmits a position specifying information request to the position information distributor 500, acquires the returned position specifying information 591, and generates position information 197.
Incidentally, the location information 197 created by the location information creation unit 140 matches one of the access location information described in the access control definition information 191.

The signature unit 150 stores a storage unit for the hash data (= digest data) generated from the encrypted document data 194, the access control definition information 191, the log data 196, and the position information 197 created by the creation position acquisition unit 140. The digital signature information 199 is created by encrypting using the signature key information 192 stored in 109.

The location stamp creating means 160 creates a location stamp including the created position information 197 created by the position information creating means 140 and the electronic signature information 199 created by the signature means 150.

The document file creation unit 130 creates a document file including encrypted document data 194, access control definition information 191, log data 196, and a location stamp 195.
The file output unit 190 outputs the document file 198 created by the document file creation unit 130 to the recording medium 200.

FIG. 6 shows the format and example of the access control definition information 191.

FIG. 6A is a diagram for explaining the format of the access control definition information 191.
The access control definition information 191 includes an access action 191a, a target person ID 191b, an access location 191c, and a period 191d.
The access action 191a describes whether or not each of the “read”, “write update”, and “execute” access actions is permitted.
The target person ID 191b is identification information of a target person to whom access is permitted.
The access location 191c is a name of a location where access is permitted.
The period 191d is a period during which access is permitted.

FIG. 6B is an example of access control definition information.
For example, “read” of the access action 191a of the access control definition information 191 is “OK”, “write update” is “OK”, “execute” is “NG”, and the target person ID 191b is “Yamada005” An example is shown in which the access location 191c is “401 room” and the period 191d is “2007.10.01 to 2007.12.31”.
The meaning of this example is that the location where access is permitted is “401 room”, the permitted access actions are “read” and “write update”, and the unauthorized access action is “execute”. Thus, the ID of the subject who is permitted access is “Yamada005”, and the period during which access is permitted is “2007.10.01 to 2007.12.31”.

In addition, “read” of the access action 191a of the access control definition information 191 is “OK”, “write update” is “NG”, “execute” is “OK”, and the target person ID 191b is “takahasi642”. In this example, the access location name 191c is “K88 room” and the period 191d is “2007.10.01 to 2008.01.31”.
In this example, the name of the place where access is permitted is “K88 room”, the permitted access actions are “read” and “execute”, and the unauthorized access action is “write update”. Thus, the ID of the subject who is permitted access is “takahasi642” and the period during which access is permitted is “2007.10.01 to 2008.01.31”.

FIG. 7 shows the format and example of the log data 196.

FIG. 7A illustrates the format of the log data 196.
The log data 196 includes an access action content 196a, an access action date 196b, an access action person 196c, an access action place 196d, a file name 196e, a file size 196f, and hash data 196g.
The access action content 196a describes an executed access action (that is, “read”, “write update”, or “execute”).
The access act date and time 196b is the date and time when the access act was performed.
The access actor 196c is identification information of the target person who performed the access act.
Access action place 196d is the name of the place where the access action was performed.
The file name 196e is the name of the accessed document file.
The file size 196f is the file size of the accessed document file.
The hash data 196g is a hash value of the accessed document file.

FIG. 7B is an example of log data 196.
As log data 196, the action content 196a is “Read”, the action date and time 196b is “2007.12.04.11:26”, the actor 196c is “kimura”, the action place 196d is “Y company reception room”, and the file name Log data in which 196e is “hihgf328”, the file size 196f is “526MB”, and the hash data 196g is “E952CA77D36F063BA33CEE9ADEF1BD21” is illustrated.
The meaning of this log data is that the document file with the file name "hihgf328" with the file size "526MB" and the hash data "E952CA77D36F063BA33CEE9ADEF1BD21" was "read" at "Y company reception room" on "2007.12.04.11:26"That's what it means.

FIG. 8 is a diagram illustrating a procedure for creating a location stamp.
The position information creation unit 140 acquires the position specifying information 591 from the position information distributor 500 and creates the document creation position information 197 (FIG. 8 (1)).
Since the document file 198 is created at a location permitted by the access control definition information 191, the created document creation position information 197 is included in the location name 191 c of the access control definition information 191 included in the document file 198. There is a match.

The signature unit 150 creates the electronic signature information 199 using the encrypted document data 194, the access control definition information 191, the log data 196, and the document creation position information 197 ((2)).
Note that the electronic signature information 199 may be created using document data instead of the encrypted document data 194.

The location stamp creation means 160 creates a location stamp 195 including the document creation position information 197 created by the position information creation means 140 and the electronic signature information 199 created by the signature means 150 ((3)).

FIG. 10 is a diagram for explaining a procedure for accepting input data using the document accepting apparatus 300 in Y.
<< 3. input"
The person in charge of company Y receives the recording medium 200 (FIG. 10 (3-1)).
The person in charge of Company Y authenticates himself / herself with the IC card 400 when logging on to the document reception apparatus 300 ((3-2)). The person in charge of company Y may authenticate himself / herself with the IC card 400 when entering the computer room.
The document file 198 (= submission data file) recorded in the recording medium 200 is input to the document receiving apparatus 300 ((3-3)).
<< 4. Location stamp verification
The document reception apparatus 300 uses the electronic signature information 199 of the location stamp of the submitted data file to confirm that the document file has not been tampered with, the location stamp position information 197 (= in the building X company), and the access control definition information. By comparison, it is confirmed that the place where the file is created (= written) is indeed the customer (= Company X) ((4)).
At this time, the person in charge of Company Y may confirm the creator and the creation time by confirming the log information.
<< 5. Access control >>
The document accepting apparatus 300 to which the IC card is connected checks the access control definition information 191 for the position information 197 (= Company Y's computer room) obtained by acquiring the information 591 specifying the position from the passive IC tag 500. Then, since “inside Y company building” exists in the access control definition information 191, it is confirmed that the location is permitted ((5)).
<< 6. Decryption
Since the document receiving apparatus 300 decrypts the submitted data 194a from the encrypted document data 194 using the decryption key 491 of the IC card 400, the person in charge of Company Y can visually check the submitted data (same as above). (6)).
The person in charge of Company Y is allowed only the access action permitted by the access control definition information 191 using the document reception device 300.

<< 7. Location stamp update
When the document processing is finished, the document reception apparatus 300 creates encrypted document data 194 using a predetermined encryption key in accordance with an instruction from the person in charge of the company Y, and log data including a file access act, a creator, and a creation time 196 is created and added to the log data 196 of the input document file ((7-1)).
The document reception apparatus 300 calculates the electronic signature 199 using the created encrypted document data 194, the additionally written log data 196, and the access control information 191 of the input document file, and calculates the calculated electronic signature 199. A location stamp 195 including the signature 199 and the position information 197 of the place where the document file is input is created, and the location stamp 195 of the input document file is updated ((7-2)).

FIG. 13 is a detailed configuration diagram of the IC card 400.
The IC card 400 includes a CPU 401, a contact terminal unit 402, and a nonvolatile memory 409.
The CPU 401 is a central processing unit.
The contact terminal unit 402 is in contact connection with the contact terminal plate of the IC card reader 306 for communication.
The nonvolatile memory 409 is a semiconductor memory.
The nonvolatile memory 409 stores the ID 491.

FIG. 11 is a detailed configuration diagram of the document reception apparatus 300.
The document reception apparatus 300 includes a CPU 301, an input unit 302, a display unit 303, a wireless communication unit 304, an antenna 305, an IC card reader 306, a storage unit 309, and a dedicated program.
The CPU 301 is a central processing unit.
The input unit 302 is a mouse or a keyboard.
The display unit 303 is a liquid crystal display device, an EL (electroluminescence) display device, or the like.
The wireless communication unit 304 is a wireless transmission / reception device.
The wireless communication unit 304 performs wireless communication with the position information distributor 500 via the antenna 305. The wireless communication unit 304 generates a carrier wave for transmitting electromagnetic waves (= wireless radio waves), and converts digital information into radio waves. Alternatively, the received electromagnetic wave is demodulated and a control signal is extracted.
The IC card reader 306 has a contact terminal plate.
The contact terminal plate is in contact connection with the contact terminal portion of the IC card 400 for communication.

The storage unit 309 is a semiconductor memory or a magnetic memory.
The storage unit 309 stores signature key information 392 and personal authentication information 394.

In addition, file input means 390, message authentication means 355, output position authentication means 370, position information creation means 340, input position authentication means 345, document access means 330, decryption means 315, encryption means 310, a document file creation unit 365, a log addition unit 320, a location stamp update unit 360, and a personal authentication unit 385. Each of these means is realized by each dedicated program, and functions when the dedicated program is interpreted and executed by the CPU 301.

The personal authentication means 385 issues an ID request to the IC card reader 306, acquires the ID 491 stored in the returned IC card 400, and compares this with the personal authentication information 394 stored in the storage unit 309. If they match, ID authentication is performed.

The file input unit 390 reads the document file 198 recorded on the recording medium 200 output from the document creation apparatus 100 and registers these in the storage unit 309.

The message authentication unit 355 uses the same algorithm as the signature unit 150 of the document creation apparatus, and the encrypted document data 194, the access control definition information 191 and the log included in the document file 198 registered in the storage unit 309 by the file input unit 390. The hash value generated from the data 196 and the document creation position information 197 is encrypted using the signature key information stored in the storage unit 309 to generate collation electronic signature information, and the file input means stores the storage unit The electronic signature information 199 of the location stamp registered in 309 is compared, and if both match, it is determined that the file has not been tampered with (= message authentication).
In the output position authentication unit 370, the file input unit collates the location stamp creation position information 197 registered in the storage unit 309 with the access location information of the document file access management information 191, and there is a case in which both match. Then, it is determined that the place where the document was created (= the position where the document file was output) is valid (= output position authentication).

The position information creating means 340 acquires the information specifying the returned position by transmitting a position specifying information request to the position information distributor, and creates the input position information (= document reception position).
The input location authentication unit 345 uses the location information created by the location information creation unit 340 and refers to the access location 191c of the access control definition information 191 of the document file registered in the storage unit 309 by the file input unit. If they match, the document reception position is authenticated, and the access act 191a at that time is selected.

The document access means 330 performs the permitted access action on the encrypted document data 194 of the document file according to the description of the access action 191a selected by the input position authentication means.
The decryption means 315 obtains the decryption key information (for example, the pre-shared secret key) stored in the IC card returned by issuing a key request to the IC card reader 306, and the document access means 330 accesses the document file accessed. The encrypted document data 194 is decrypted.

The log appending unit 320 creates log data 196 and appends it to the log data 196 of the document file registered in the data holding unit by the file input unit.
The signing unit 350 uses the same algorithm as the signing unit 150 of the document creation device, the encrypted document, the log data 196 added by the log adding unit 320, the received position information, and the access control registered in the storage unit 309. The digital signature information 199 is created by encrypting the hash value generated from the definition 191 using the signature key information stored in the storage unit 309.
The location stamp update unit 360 creates a location stamp 195 including the received location information 191 created by the location information creation unit 340 and the electronic signature information 199 created by the signature unit 350, and the location stamp registered in the storage unit 309. Update 195

It should be noted that unauthorized access can be found by analyzing the access history to the document file 198 using the log data 196 registered in the storage unit 309.

The encryption unit 310 generates encrypted document data 194 from the document information 194a using predetermined encryption key information.
The document file creation unit 365 includes encrypted document data 194 encrypted by the encryption unit 310, access control definition information 191 stored by the storage unit 309, log data 196 added by the log addition unit 320, and location stamp update unit. The document file 198 including the location stamp 196 updated by 360 is created.

(Example)
Next, a document management procedure when the position information distributor is an entrance management gate will be described.

FIG. 12 is a diagram for explaining the procedure for document management of the submitted file in Y company.
<< 3. input"
When the person in charge of Company Y enters the computer room, the ID of the IC card 400 is read at the entrance gate 500a and is authenticated. The entrance gate 500a stores the stored position specifying information 591 in the IC card 400 (FIG. 12 (3-0)).
<< 4. Location stamp verification
(3-1) to (4) are the same as (3-1) to (4) in FIG.
<< 5. Access control >>
The document accepting apparatus 300 to which the IC card is connected acquires the position specifying information 591 stored in the IC card 400, and the obtained position information (= Company Y computer room) is checked in the access control definition information and allowed. It is confirmed that it is the place (= Y company building) (same (5)).
<< 6. Decryption and << 7. Location stamp update
(6) to (7-2) are the same as (6) to (7-2) in FIG.

The figure explaining the outline | summary of the document management system 1 by this invention The figure explaining the flow of a rough process of the document management system 1 Diagram explaining the format of the document file output to the recording medium A diagram explaining the procedure for managing document files in X Detailed configuration diagram of document creation apparatus 100 according to the present invention Format and example of access control definition information 191 Format and example of log data 196 Diagram explaining location stamp creation procedure Circuit function block diagram of passive IC tag 500 Figure explaining the procedure for document management of file submissions within Y Detailed configuration diagram of document accepting apparatus 300 (Embodiment) Diagram illustrating the procedure for document management of an input file in Y Circuit block diagram of IC card 400

Explanation of symbols

Document management system 1
DESCRIPTION OF SYMBOLS 100 Document creation apparatus 110 Encryption means 120 Log creation means 140 Location information creation means 150 Signature means 160 Location stamp creation means 130 Document file creation means 190 File output means 191 Access control definition information 192 Signature key information 193 Encryption key 194 Encryption document Data 194a Document information, submission data 195 Location stamp 196 Log data 197 Position information 198 Document file 199 Electronic signature information 200 Recording medium 300 Document reception device 310 Encryption means 315 Decoding means 320 Log additional means 330 Document access means 340 Position information creation means 345 Input position authentication means 355 Message authentication means 360 Update means 365 Document file creation means 370 Output position authentication means 385 Personal authentication means 390 File input means 392 Key information 394 personal authentication information 400 IC card 491 ID
493 Decryption key 500 Position information distributor, passive IC tag 591 Information specifying the position

Claims (10)

A document management system comprising a location information distributor for transmitting information for specifying a location, a document creation device, and a document reception device,
The document creation device includes:
A storage unit that stores document data and location information that permits file access and access control definition information that describes an access action permitted by the location information;
Acquiring information specifying the position transmitted from the position information distributor, position information creating means for creating the created position information,
A location stamp creating means for creating a location stamp including the created position information created by the position information creating means;
A document file creating means for creating a document file including document data, access control definition information, and a location stamp;
File output means for outputting the document file created by the document file creation means to a recording medium;
A creation device comprising:
The document reception device
A storage unit;
A file input means for reading a document file recorded on a recording medium output by the document creation device and inputting these into a storage unit;
The location where the document was created is valid if the location input of the location stamp registered in the storage unit by the file input means matches the access location information of the access control definition information of the document file, and there is a match. Output position authentication means for determining that
Position information creating means for obtaining information identifying the position transmitted from the position information distributor and creating received position information;
Using the received position information created by the position information creating means, refer to the access location of the access control definition information of the document file registered in the storage unit by the file input means, and select the access action when the two match Input position authentication means for authenticating the reception position;
A document access means for performing an authorized access action on the document data of the document file according to the description of the access action selected by the input position authentication means;
A location stamp update unit that creates a location stamp including the received position information created by the location information creation unit and updates the location stamp registered in the storage unit by the file input unit;
A document management system, comprising: The document creation device includes:
The storage unit stores signature key information,
The hash data generated from the document data stored in the storage unit, the access control definition information, and the created location information created by the location information creation unit are encrypted using the signature key information stored in the storage unit to obtain an electronic signature Signing means to create information,
With
The location stamp creating means creates a location stamp including the created position information created by the position information creating means and the electronic signature information created by the signature means,
The document reception device
The storage unit stores signature key information,
Using the same algorithm as the signature unit of the document creation device, for the hash value generated from the document data of the document file registered in the storage unit by the file input unit, the access control definition information, and the creation position information of the location stamp, Encrypt using the signature key information stored in the storage unit to create verification digital signature information, and compare this with the digital signature information of the location stamp registered in the storage unit by the file input means. A message authentication means for determining that the message has not been tampered with,
Using the same algorithm as the signature unit of the document creation device, the signature key information stored in the storage unit is used for the hash value generated from the document data, the reception position information, and the access control definition registered in the storage unit. Signing means for encrypting and creating electronic signature information;
With
The location stamp update unit creates a location stamp including the received position information created by the location information creation unit and the electronic signature information created by the signature unit, and updates the location stamp registered in the storage unit. The document management system according to claim 1, wherein the document management system is a reception device. The document creation device includes:
Log creation means for creating log data including access act information, creator information and creation time work history data;
With
The document file creation means is a creation device for creating a document file including document data, access control definition information, log data created by the log creation means, and a location stamp,
The document reception device
Log appending means for creating log data and appending to the log data of the document file registered in the storage unit by the file input means;
The document management system according to claim 1, wherein the document management system is a reception device. The document creation device includes:
The storage unit stores signature key information,
Signature stored by the storage unit for the hash data generated from the document data and the access control definition information stored by the storage unit, the log data generated by the log generation unit, and the created position information generated by the position information generation unit A signature means for encrypting with the key information to create electronic signature information;
With
The location stamp creating means creates a location stamp including the created position information created by the position information creating means and the electronic signature information created by the signature means,
The document reception device
The storage unit stores signature key information,
Using the same algorithm as the signature unit of the document creation device, for the hash value generated from the document data of the document file registered in the storage unit by the file input unit, the access control definition information, the creation position information of the location stamp, and the log data The signature key information stored in the storage unit is encrypted to create electronic signature information for verification, and this is compared with the digital signature information of the location stamp registered in the storage unit by the file input unit. If they match, the message authentication means determines that the message has not been tampered with,
Using the same algorithm as the signature unit of the document creation device, the hash value generated from the document data, the additionally written log data, the received location information created by the location information creation unit, and the access control definition registered in the storage unit On the other hand, a signature unit that creates digital signature information by encrypting using signature key information stored in the storage unit;
The location stamp update unit creates a location stamp including the received position information created by the location information creation unit and the electronic signature information created by the signature unit, and updates the location stamp registered in the storage unit. The document management system according to claim 3, wherein the document management system is a reception device. The document management system further includes an IC card for storing decryption key information,
The document creation device includes:
A creation device in which the document data is encrypted document data,
The document reception device
With an IC card reader,
It is a reception device including a decryption unit that obtains decryption key information stored in an IC card returned by issuing a key request to the IC card reader and decrypts document data of a document file accessed by the document access unit. The document management system according to any one of claims 1 to 4, wherein the document management system is characterized in that: A document management method using access control definition information stored in a document creation device,
(1) A location stamp creating step in which the document creating device acquires information specifying the position transmitted from the position information distributor, creates the created position information, and creates a location stamp including the created position information;
(2) a file output step of creating a document file including the document data and access control information stored in the document creation device and the location stamp created in the location stamp creation step, and outputting the document file to a recording medium;
(3) a file input step in which the document reception device inputs a document file on a recording medium;
(4) a creation location verification step in which the document reception device compares the access control definition information of the input document file with the location stamp to confirm that the document has been created at a predetermined location;
(5) The document reception device acquires the position specifying information transmitted from the position information distributor, creates reception position information, compares it with the input access control definition information, and stores the document file at a predetermined location. A permission step that authenticates that the user has entered and allows access to the entered document;
(6) The document reception device creates a location stamp including reception position information and updates the input location stamp, and a location stamp update step,
A document management method characterized in that the document management method is performed by a procedure including: (1) a log creation step in which the document creation device creates log data including access act information, creator information, and creation time work history data;
(2) The file output step creates a document file including log data created by the log creation step, and outputs the document file to a recording medium;
(3) a log appending step in which the document reception device creates log data and appends to the log data of the input document file;
The document management method according to claim 6, wherein the document management method is performed in a procedure including: A document management method using access control definition information and signature key information,
(1) The document creation device acquires information specifying the position transmitted from the position information distributor, creates creation position information, stores document data, access control definition information, created log data, A signature step of creating electronic signature information by encrypting hash data generated from the created creation position information using stored signature key information;
(2) File output in which the document reception apparatus creates a document file including the created creation position information and location stamp having electronic signature information, document data stored in the document creation apparatus, and access control information, and outputs the document file to a recording medium Steps,
(3) a file input step in which the document reception device inputs a document file on a recording medium;
(4) The document reception apparatus stores the hash value generated from the document data of the input document file, the access control definition information, and the creation position information of the location stamp, using the same signature algorithm as the document creation apparatus. The digital signature information for verification is created by encrypting using the signature key information to be compared, and this is compared with the digital signature information of the location stamp input in the file. A message authentication step;
(5) a creation location verification step in which the document reception device compares the access control definition information of the input document file with the location stamp to confirm that the document has been created at a predetermined location;
(6) The document reception device acquires the position specifying information transmitted from the position information distributor, creates reception position information, compares it with the input access control definition information, and stores the document file at a predetermined location. A permission step that authenticates that the user has entered and allows access to the entered document;
(7) Using the same signature algorithm as the document creation device, the document reception device stores signature key information to be stored for the hash value generated from the document data, the created reception position information, and the input access control definition. Using the signature step to encrypt and create electronic signature information;
(8) A location stamp update step in which the document reception device creates a location stamp including reception position information and electronic signature information, and updates the input location stamp;
A document management method characterized in that the document management method is performed by a procedure including: A computer program that causes a computer to operate as the document management display system according to any one of claims 1 to 5 by being incorporated in the computer. The computer-readable recording medium which recorded the computer program of Claim 9.

Images