JP2009211603A - Document search system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow related information showing that a plurality of documents are related to each other to be shared among a plurality of users while maintaining secrecy of the respective documents. <P>SOLUTION: A conversion processing part 22 generates secrecy related information for each related document group. The secrecy related information includes a plurality of secrecy identification data (sets of secrecy identification values) corresponding to the plurality of documents. Respective sets of secrecy identification values comprise a plurality of hash values generated by the related documents. A plurality of secrecy related information are registered on a database 32. Search is performed with a hash value or a set of hash values of an attention document as a search key to specify the hash value or a set of hash values with respect to the related document related to the attention document. It is returned to a requester client as a search result and the related document is predetermined by a requester client. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a document search system.

  In an electronic document search process, for example, a document that forms the basis of a search (hereinafter referred to as a document of interest) is specified, and one or a plurality of documents (hereinafter referred to as related documents) related to the document of interest from a large number of documents. Document) is selected. For example, in Patent Document 1, a word (keyword) in a document of interest is used as a search key, and a document having the same word is specified as a related document. Various other search techniques have been proposed.

  On the other hand, if "related information" (related information between multiple documents) that identifies multiple documents that are related to each other is generated in advance or at a required time, search for related documents using the related information. Can be carried out smoothly. For example, when related information indicating that the document A and the document B are mutually related is registered in advance, the document B that is the related document is immediately converted from the document A that is the target document based on the related information. Can be identified. The same applies to the reverse case. Such related information may be created globally across multiple documents managed by multiple users, but may also be created locally for each individual user. For example, in the process where each user performs document processing using a dedicated workspace (document placement space), one or a plurality of related information may be generated by user input or automatically for each workspace. possible. The related information generated on the basis of such a local workspace is usually information that is managed and controlled by each user, or information that is difficult for other users to actively use.

JP-A-11-53392 JP 2001-344245 A

  The above-mentioned related information is a kind of information goods, and it can be said that it is useful for other users beyond a specific user. Therefore, it is desirable to promote the use of related information, that is, to share it.

  However, if the relevant information under the control of each user is shared or disclosed in a generous manner, there is a risk that a big problem will occur from the viewpoint of information security. For example, when related information is structured as a description that can specify the contents and locations of multiple documents, and any document is a confidential document or a document that conforms to it, the related information is made If it is made public, there is a risk that a document that should be kept secret from others or information related thereto will leak out against the will of the administrator of the document. Even documents that do not require confidentiality are generally cautious about disclosing the contents or location information of a document without confirming the intention of the document administrator (usually the creator). There must be.

  Of course, if individual disclosure information or individual documents are individually set as to whether disclosure is possible or disclosure conditions are finely set, the above-mentioned safety problems may be avoided. However, such setting is very complicated for the user, and with such a mechanism, sharing of related information cannot be promoted after all. Patent Document 2 describes a technique for executing a search after checking an access right for a user when a search request is issued from the user. is necessary.

  An object of the present invention is to promote the use of related information while ensuring the safety of a document in a document search system.

  The present invention provides, for each related document group including a plurality of related documents, based on a plurality of documents constituting the related document group, from a plurality of secret identification data for identifying the documents while keeping them secret. A request for searching for a related document related to a document of interest, a database for storing a plurality of secret related information for sharing each secret related information among a plurality of users When issued from an original user, by searching the database using secret identification data about the document of interest, search means for specifying secret identification data about the related document as a search result, and the search result The requesting user according to the access authority of the requesting user to the related document identified by the confidential identification data of It relates to a document retrieval system including a providing means, the providing information relating to the relevant document for.

  According to the present invention, it is possible to promote the use of related information while ensuring the safety of a document in a document search system.

(1) Outline of Embodiment First, an outline of a preferred embodiment according to the present invention will be described. The document search system according to the present embodiment includes a generation unit that generates confidential information, a database in which a plurality of confidential information is registered, a search unit that specifies confidential identification data for a related document by searching the database, Providing means for providing information related to the related document corresponding to the identified confidential identification data in accordance with the access authority of the requesting user.

  According to the above configuration, the generation unit generates a plurality of secret identification data based on a plurality of documents for each related document group, and the secret related information is configured by them. The individual secret-related information is data for identifying the underlying document while keeping it secret. The generated secret identification data is registered on a database that can be used by a plurality of users. When it is necessary to search for a related document related to the document of interest, the search means searches the database using the confidential identification data for the document of interest. At this time, desirably, the secret identification data corresponding to the secret identification data of the document of interest is first found on the database, and then the secret identification data (related document) associated therewith is specified. Although it is not possible to immediately identify the related document from the confidential identification data itself as the search result, for example, the confidential identification data of the individual document for which the requesting user has access authority By matching, the related document can be easily specified from the search result. In this regard, secret identification data is created and stored in advance for each document under the control of each user, and the secret identification data is immediately used as a match when it becomes necessary. Alternatively, the secret identification data may be generated from the underlying document when such secret identification data is required. When the user who issued the search request (requesting user) has access authority to the related document identified from the search result (for example, when the related document is a document managed or held by the user) Since the information related to the related document is provided to the user by the providing means, the use of the related document is promoted through the information. On the other hand, if the user does not have access authority, it is desirable to take measures to maintain the confidentiality of the document completely (in some cases, partially or conditionally).

  As described above, according to the document search system of the present embodiment, the related information held or managed by each user is shared as special related information having a format capable of concealing the document. Information assets that have been buried can be shared among users to improve convenience and workability for each user. In addition, the confidentiality of each document itself can be ensured.

  Incidentally, the relationship between a plurality of documents can be specified by using various methods that have been proposed or will be proposed in the future. In registering each secret-related information in the database, it is desirable that each secret-related information is registered while being associated with the user. According to this configuration, it is possible to easily perform filtering according to access authority when providing a search result, while using a plurality of confidential information collected from a plurality of users as a whole as a search range. Moreover, according to such a configuration, it is easy to narrow the search range in units of users. Here, the user is a concept including a user group. However, it is not always necessary to associate the user with each confidential information on the database. A device that performs document work (for example, a client device) and a user may be associated one-to-one, or may be associated one-to-many or many-to-one. Attributes other than the user may be further associated with individual confidential information. Various methods can be used to determine access authority. For example, the determination may be simply whether or not the document is owned by itself, or a reference to a table in which access authority is defined. The access authority may be determined by When the access authority is affirmed, it is desirable to provide, for example, detailed information on the related document as information on the related document. If the name of the related document is displayed, the category and contents can be recognized intuitively, and if the location of the related document is displayed, the related document can be quickly accessed. Of course, other information may be displayed instead of or together with them. For example, information indicating the degree or type of search matching degree may be displayed. Of course, various search conditions may be added as a premise of the search.

  Each of the above-described means is preferably substantially realized as a software function. Software for such a document retrieval system is provided as a document retrieval program, and specifically, is incorporated into an information processing system via a storage medium or a network. If the document search system is not a single device but a server (search device) and a plurality of clients (document work devices), the above generation means may be in each client. May be. The database is basically provided on the server side, but any document work device may substantially function as the server. The search means may be in a server or in each client. The same applies to the providing means.

  Preferably, the above configuration is provided in a system in which a work space (document placement space) is managed for each user (or for each client). In this case, confidential information generated for each local workspace of each user is shared. In other words, while managing each document in the framework of individual workspaces as before, related information can be shared among a plurality of users beyond such a framework. Such a workspace may be managed by individual clients or may be collectively managed by a server. When a plurality of users are working on documents in parallel, if each user can quickly and easily specify a related document widely, the workability can be significantly improved. Each document may be stored in each client or stored in a server. Alternatively, individual documents may be stored on another device. In any case, the above configuration can be applied.

  Preferably, each secret identification data is composed of at least one code generated by performing a code conversion process on the underlying document, and the code cannot identify the location and content of the document from the code. Has irreversibility. The code conversion process is performed on the basis document, and it may correspond to digest creation, encryption process, and the like. A conversion process using a publicly known hash function is particularly desirable. If a hash value is used as confidential information, it is possible to accurately determine matching between documents while completely guaranteeing the security of the underlying document. Moreover, since the amount of information is small, it is advantageous in constructing a database. Further, if the hash value for the entity part of the document is used, there is an advantage that even if the file name is changed or an annotation is added, it is possible to determine a match between such entities. Matching between documents can be judged at various levels or categories as follows.

  Preferably, the generating means generates a first code for identifying both an entity part and an attribute part of the underlying document, and identifies one of the entity part and the attribute part of the underlying document. And a function of generating the second code. In this configuration, each piece of secret identification data constituting the secret-related information includes the first code and the second code. According to this configuration, it is possible to perform the search process by distinguishing at least one of the entity part corresponding to the content and the attribute part such as annotation or context attached thereto. If the document is an electronic document composed of text or the like, the matching determination may be performed on a page-by-page basis. According to such a configuration, it is possible to evaluate the degree of similarity from the number of pages and the amount of pages that are recognized as coincident. In any case, if it is configured so as to be able to cope with both an overall match and a partial match, it can meet various needs in searching for related documents, and the convenience of the system can be improved.

  Preferably, the providing means provides detailed information about the related document to the requesting user when the requesting user has an access right to the related document. Here, as detailed information, a name, a location (URL), etc. can be mentioned, for example. In addition, information such as date of creation, owner, etc. may be displayed. You may comprise so that a display content and a display form can be customized. You may make it change the display priority about a search result according to the coincidence degree or similarity degree judged in the case of a search. For example, a higher degree of coincidence or similarity may be displayed at a higher level, and a case with a lower degree of coincidence or similarity may not be displayed. It is desirable that the user can change the display conditions as appropriate.

  Preferably, the providing means does not provide any information related to the related document to the requesting user when the requesting user does not have access authority to the related document. According to this configuration, since the concealment related information is not displayed, the related document can be completely concealed. However, only confidential information may be provided to the user, or only the fact that the related document exists may be provided to the user.

  Preferably, when the requesting user does not have an access right to the related document, the providing unit provides information used for inquiring to the user having an authority to manage the related document with respect to the requesting user. provide. According to this configuration, an inquiry to a user who manages or holds a related document is promoted, and an opportunity for using the related document can be increased. Moreover, a safe and highly convenient system can be constructed by using both automatic processing and human judgment. The information used for the inquiry may simply select whether or not the inquiry is necessary while keeping the administrator secret, or display the name and initials of the administrator to determine the necessity and inquiry method of the inquiry. It may be determined.

  In this specification, a document is usually an electronic data unit processed on an information processing apparatus. The concept includes text, still images, moving images, audio information, and others. In many cases, as described above, a document is composed of a document entity such as text and a document attribute such as annotation and management information, and one file as a whole. Of course, a file may be composed of individual pages constituting a document entity.

(2) Detailed description of embodiment Next, embodiment is explained in full detail based on drawing.

  FIG. 1 shows a block diagram of the document search system of the present embodiment. In the example shown in FIG. 1, the document search system includes a server 10 as a document search device and a plurality of clients 12, 14, 16 as document work devices or document processing devices connected to the server 10 via a network. And is composed of. In FIG. 1, three clients 12, 14 and 16 are connected to the server 10. However, the number of clients is arbitrary. In the example shown in FIG. 1, the client 12 is a device used by the user X, the client 14 is a device used by the user Y, and the client 16 is a device used by the user Z. Of course, one client may be used by a plurality of users, or one user may use a plurality of clients. Incidentally, the user may be a concept including a user group. In general, individual documents are managed for each user, and access from other users to documents held or managed by a certain user is limited. However, a document shared by a plurality of users may exist. In any case, in the illustrated example, access restrictions on individual documents are applied in units of users (user groups).

  Each client 12, 14, 16 will be described. These clients 12, 14, and 16 are devices for processing documents as described above, and work spaces described later for each client 12, 14, and 16, more specifically, for each user. (Document placement space) is managed. A workspace is a virtual management space for handling or working with documents. In the example shown in FIG. 1, since the clients 12, 14, and 16 have the same configuration, the configuration of the client 12 will be described below as a representative.

  The client 12 has a plurality of software functions, and each function is shown as a block in FIG. More specifically, the document management unit 18 is a module for managing a workspace, which will be described later with reference to FIG. The entity of each document may exist anywhere in the system, may be held in each client, or may exist on the server side or on another device. The related information generation unit 20 is a module that generates related information indicating that a plurality of documents constituting the related document group are related to each other. Related information can be generated using various techniques. On the workspace described later, for example, a related document group is defined based on the distance between documents. In that case, for example, it is considered that a plurality of documents existing within a certain distance are related to each other. Further, the degree of coincidence or similarity between a plurality of documents may be determined based on the keywords included in each document and the digest of each document, and a related document group may be defined based on the determination result. In the present embodiment, as will be described below, the related information itself is not shared, but secret related information is shared instead. Related information and confidential information are the same in that they identify (identify) a plurality of documents that are related to each other. However, as the name indicates, confidential information is used to conceal the document itself. It is different from general related information in that it is related information having a special format.

  The conversion processing unit 22 generates such confidential information. In the present embodiment, the conversion processing unit 22 is a module that obtains a hash value by applying a conversion process based on a hash function to a basic document. In the present embodiment, multifaceted conversion is performed on one document. Specifically, a hash value for the entire document, a hash value for the content of the document, that is, a content, and an attribute (context) of the document A plurality of hash values, such as hash values of, are obtained. A secret identification value set (secret identification data set), which will be described later, is configured as an element of these hash values. The conversion processing unit 22 performs conversion processing with reference to the related information generated by the related information generating unit 20, but the generation of the hash value is based on the document itself. Of course, related information may be converted.

  The registration processing unit 26 is a module that executes processing for registering secret related information as a secret identification value set including a plurality of secret identification values generated from a plurality of documents associated with each other in the server 10. Specifically, each secret-related information generated in each client is registered on a secret-related information database (DB) 32 described later, as indicated by reference numeral 100. The generation timing of related information and confidential information, and the registration processing timing can be arbitrarily determined, and it is automatically detected that there is a change in the configuration on the workspace, and the generation processing and conversion are triggered by this. A series of processes of the process and the registration process may be automatically executed. In general, it is desirable that the secret-related information is automatically generated at the timing when new related information is generated, and is then registered on the secret-related information DB.

  The request issuing unit 28 is a module that issues a request for searching related documents for a plurality of secret related information over the entire system registered on the server 10, that is, between a plurality of users. In that case, a search condition can be added, and examples of the search condition include a search range and a match determination condition. This will be described later. A search request issued from the request issuing unit 28 is denoted by reference numeral 102, and the search request is received and processed by the search processing unit 34 in the server 10.

  The result processing unit 30 is a module that provides a user with a list of related documents based on information representing the search result output from the search processing unit 34. The list includes information for specifying one or more documents related to the document of interest that is the basis of the search. However, as will be described later, in this embodiment, in order to ensure the confidentiality of each document, only related documents for which the user has access authority (specifically, owned or managed by the user) are listed. Reflected. For related documents managed by other users, it is desirable to take necessary measures to promote their use, which will be described later. A flow of information passed from the search processing unit 34 to the result processing unit 30 is represented by reference numeral 104. When the search result needs to be filtered to ensure the confidentiality of the related document, the filtering is executed in the search processing unit 34 or in the search processing unit 34.

  On the management table 24, the related information generated by the related information generating unit 20 is registered, and the secret related information generated by the conversion processing unit 22 is registered. Specifically, in this embodiment, a secret identification value set including one or a plurality of hash values obtained for each document is registered on the management table 24. According to such a configuration, when a hash value is passed as a search result, it is possible to quickly identify the related document that is the basis for generating the hash value. Of course, the hash value may be calculated again at a necessary timing without storing the generated hash value, and the hash values may be matched. As described above, information on each document is managed on the management table 24. Specifically, the file name, the location (URL), and the like are also managed for each document. Information managed on the management table 24 may be managed in the server 10. However, it is desirable that information indicating the association between each document and each hash value is locally managed in each client from the viewpoint of security. Alternatively, when such information is managed on the server 10, it is desirable to strictly restrict access to the information.

  As described above, the client 12 includes the document management unit 18, the related information generation unit 20, the conversion processing unit 22, and the like. The client 12 is configured as a thin client, for example, and the intelligence function in the client 12 is performed. May be substantially realized in the server 10. Alternatively, only a function related to retrieval of related documents may be installed on the server 10.

  As described above, the server 10 includes the confidentiality related information DB 32 and the search processing unit 34. Other functions are not shown. On the confidential information DB 32, confidential information transmitted from each client is registered. In this case, the individual confidential information may be managed for each user or not. FIG. 4 described later illustrates a configuration in the confidentiality related information DB 32. When a search request is issued from a certain client, that is, a certain user, the search processing unit 34 uses a secret identification value set (that is, one or a plurality of hash values) of the document of interest included in the search request as a search key, By searching the related information DB 32, the secret identification value set of the related document related to the document of interest is specified. Usually, a plurality of secret identification value sets corresponding to a plurality of related documents are specified as search results. If there is a secret identification value set of the document of interest itself, it may be excluded. Specific processing contents of the search processing unit 34 will be described in detail with reference to FIGS.

  FIG. 2 shows an example of a workspace displayed on the display screen of the client. The illustrated workspace 36 is managed by the user X. The work space 36 corresponds to a work space of a document, and an object as a symbol representing each document is displayed on the work space 36. Each object is a thumbnail image (low-resolution reduced image), an icon, or the like. Although each object displayed on the workspace 36 and each document represented by the object should be distinguished from each other, the following description will be made without distinguishing them for convenience.

  Document A, Document B, Document C, and Document D exist on the workspace 36 shown in FIG. 2, and these are regarded as mutually related documents based on the inter-document distance criterion. Yes. That is, they constitute an interrelated document group as indicated by reference numeral 38. Of course, the related document group may be defined based on a criterion other than the inter-document distance, for example, the degree of coincidence or similarity between keywords and digests. A plurality of judgment criteria may be combined. When related document groups are defined in this way, related information is generated for each related document group.

  FIG. 3 shows the relationship between related information and confidential information. First, the related information 40 shown in FIG. 3 will be described. In the illustrated example, a combination of a plurality of identifiers 40a is configured as the related information 40 on the assumption that four documents of document A-document D are related. Specifically, the document A identifier The related information 40 is composed of the document B identifier, the document C identifier, and the document D identifier. Each identifier may be configured by a URL, for example. Conventionally, when such related information 40 itself is registered in a database for search, the location of each document is specified by another user, which causes a problem in terms of security or confidentiality of the document. It was. Therefore, in the present embodiment, as described above, the confidential information 41 is registered on the database.

  The secret related information 41 corresponds to the related information 40 as shown in the figure, and is constituted by four secret identification value sets 42 corresponding to four documents. Each secret identification value set 42 is secret identification data composed of a plurality of hash values. Specifically, a combination of three hash values: a hash value 42a for the entire document that is the basis, a hash value 42b for the content portion in the document, and a hash value 42c for the context (attribute) of the document It is configured as. Of course, the document A may be specified only by any one of the hash values. On the other hand, by preparing hash values in many ways as described above, there is an advantage that an appropriate search can be performed according to the search needs of related documents. Incidentally, in the secret identification value set corresponding to the document B and the document D, the hash value by the context is not generated. This is because no context information was added to the underlying document. In this way, any combination of hash values can be applied to each document.

  The hash value is a code or symbol string obtained by executing the hash function, and has irreversibility from which the file name and location of the original document cannot be specified at all. Such a property is useful in document security maintenance in this embodiment. Sharing the original related information itself between the users is problematic in terms of security, but by sharing the secret related information 41 composed of a plurality of hash values between the plurality of users, it is possible to conceal the individual documents. Thus, it is possible to share information representing the relationship between documents, that is, to share information materials while maintaining the property.

  Incidentally, each client generates a plurality of related information, and secret related information is generated for each related information. And they are registered on the database. Such a series of flows is shown as a conceptual diagram in FIG. It should be noted that other conversion processing can be used as long as it exhibits an effect equivalent to hash conversion. For example, various encryption processes may be used. However, if the hash value is used, the confidentiality of the document can be completely ensured, an accurate search can be performed, and the data amount of the hash value itself is small, which is advantageous in terms of data handling. By preparing multiple types of hash values by multi-faceted or multi-step conversion as in this embodiment, for example, it is possible to specify documents with the same entity as related documents even if the file names are different The advantage of becoming.

  FIG. 4 is a conceptual diagram showing the configuration of the confidentiality related information database shown in FIG. In FIG. 4, in addition to such a configuration, handling of search processing results is also illustrated.

  In the secret related information DB 32, registration tables 44X, 44Y, and 44Z are configured for each user in the present embodiment. That is, information is managed in units of users. However, a series of concealment related information may be centrally managed across a plurality of users without performing such attribute assignment. Here, paying attention to the table 44X generated for the user X, a plurality of confidential information 41 is registered in the table 44X. In each secret related information 41, an identification number 41a is added in the example shown in FIG. As described above, the individual concealment related information 41 is composed of a plurality of concealment identification value sets related to each other, and each set is composed of one or a plurality of hash values.

  Here, an example of a related information search process will be described. When a search request is issued from a certain client, a hash value included in the search request is recognized. The hash value is a hash value for the document of interest. Normally, a plurality of hash values for the document of interest are included in the search request, but here, it is assumed that one hash value is included. The search processing unit in the server executes a search for the confidential information DB using the hash value as a search key. Then, for example, as indicated by reference numeral 46, a match with a specific hash value is determined. Of course, a match may be determined between the hash values in the other confidential information. Such coincidence determination corresponds to identification of a related document related to the document of interest. However, at this stage, the related document itself is not immediately specified, but the confidential identification data associated with the related document (that is, one or more hash values as one or more confidential identifiers) is specified. The In the example shown in FIG. 4, for example, three hash value sets (see reference numeral 41) corresponding to three related documents are specified, and these are set as search results or search result candidates.

  In the illustrated example, the information 41 specifying the related document is processed according to the process indicated by reference numeral 106A or the process indicated by reference numeral 106B. Each process is used selectively. In the process indicated by reference numeral 106A, as indicated by reference numeral 50, first, filtering is performed on the information 41 on the server, thereby generating a list as a search result. The filtering corresponds to a process of narrowing down only related documents to which a user who has issued a search request has access authority. That is, the filtering process is positioned as a mask process that prevents a document held or managed by another user from being immediately identified as a related document. In the present embodiment, since each secret-related information is managed on a database 32 basis on a user basis, the above filtering process can be performed using such a management system. That is, only when the hash value or hash value set included in the information 41 is associated with the search requesting user, processing is performed so that the hash value or hash value set is included in the search result. In the process indicated by reference numeral 52, the list generated in the server is provided to the requesting client, and the list is displayed on the client.

  On the other hand, in the process indicated by reference numeral 106B, as indicated by reference numeral 54, the information extracted on the server is provided as it is as a search result to the requesting client. Then, as indicated by reference numeral 56, a filtering process is performed on the information provided from the server on the client. As a result, a list that can be provided to the user is constructed and displayed on the screen. As a result, in the process 106B, all the hash values are provided to the user side. However, as described above, since it is impossible to specify the document from the hash values themselves, the process 106B is adopted. Even in this case, the confidentiality of the document can be maintained. However, when it is not desired to provide the hash value itself, it is desirable to select the process 106A. The process 106A will be described in detail later with reference to FIG.

Next, a specific example of the related document search will be described. The premise is as follows.
[DB contents]
・ Confidential information (Figure 3) from user X has been registered
[User Y side status]
-Document A: Exists on the workspace of User Y-Document B: Exists in another space far away from User Y's workspace
(Therefore, the relationship between document A and document B is not recognized)
-Document B ': Annotated document B
Exists slightly away from document A in user Y's workspace Document C: exists in another space close to user Y's workspace Document D: does not exist When a related document search request is issued, search results shown in FIG. 5 or 6 are displayed in a list.

  In the example illustrated in FIG. 5, the document B ′ and the document C are displayed as search results as related documents of the document A. In the example shown in the figure, information on the document name 58, the document location (location) 60, and the match type 62 is displayed for each related document, and the details of each related document can be grasped based on the information. In particular, since the match type information is also displayed, it is possible to immediately understand under what conditions the match is determined, and the information can be referred to when using the related document. The match type 62 indicates at which level (which category) the hash value as the search key is matched, and in the example of FIG. 4, the hash value at the content level for the document B ′ is indicated by reference numeral 46. Match is allowed. On the other hand, if hash value matching is recognized for the entire file, as shown for document C in FIG. When matching of hash values is recognized at the content level, content matching is displayed. For example, in the case of content matching, a related document can be identified by matching between entities without depending on the addition of annotations and contents, so that the convenience of searching related documents can be improved.

  The list shown in FIG. 6 has basically the same structure as the list shown in FIG. 5, except that information 46 relating to the user who holds the list is added to each list shown in FIG. Has been. Such information is preferably provided from the server side. In other words, if user information is managed in association with each secret identification value set on the server side, it is possible to provide information on users who own each document at the stage of displaying a list as a search result. It is.

  The list shown in FIG. 6 includes items corresponding to documents managed and held by users other than the user Y who issued the search request (see reference numeral 66). In this item, although the existence of the document itself can be recognized, information such as the document name, location, and matching type is kept secret. On the other hand, only the information of the user who owns it is provided as indicated by reference numeral 64a. According to such a configuration, although it is an unknown document, it is possible to make an inquiry to a user who holds the document and to receive a necessary document from the owner. In that case, if the possessed user refuses to provide, the confidentiality of the document can be maintained as it is. If automatic processing and user judgment are combined in this way, two conflicting needs for confidentiality and information availability can be satisfied. In the inquiry to the possessing user, the secret identification data (that is, one or a plurality of hash values) regarding the target related document may be included therein. According to such a configuration, it is possible to reliably specify the related document for the user who has received the inquiry. Incidentally, in order to facilitate such an inquiry, a predetermined inquiry may be automatically issued to the possessing user by clicking the item 66 described above. In that case, the inquiry may be issued directly from the inquiring user to the user who owns the document, or such an inquiry may be transmitted via the server. Further, instead of the information as shown in the item 66, the possessed user name may be concealed and only the inquiry button may be displayed.

  In displaying the search result, in order to more easily identify the related document, for example, an aspect as shown in FIG. 7 can be adopted. In FIG. 7, a work space 68 managed by the user Y is shown, and the above-described preconditions are generated on the work space 68. That is, the document B′72 as the related document exists at a position slightly away from the target document A70. Although the relationship between the document A and the document B ′ is not recognized on the user Y device, the related information generated on the user X workspace shown in FIG. 2, specifically, the confidential information related to the user X It is possible for the user Y to specify that the document B ′ is a related document of the document A70. At this time, as indicated by reference numeral 74 in FIG. 7, it may be made clear that the specific document is a related document in the form of a pop-up or a balloon. In the balloon indicated by the reference numeral 74, the document A that is the document of interest is specified, and the above-mentioned matching type information is also included therein. Further, two buttons 76 for turning the related document are displayed. When the user clicks such a button, the related document can be specified in order on the list. Since the balloon moves to the next specified sentence, the user can easily and quickly select a necessary related document while viewing such a series of displays, which is very convenient for the user.

  In the above embodiment, the search can be performed using the three levels or categories such as the entire file, the content, and the context. In addition to or instead of the search, the search management can be performed in units of pages. Good. That is, each page has a hash value. Then, the degree of association may be evaluated according to the number of pages or the amount of pages with the same hash value.

  Next, an operation example of the configuration shown in FIG. 1 will be described with reference to FIG. FIG. 8 is a flowchart showing the search process. In FIG. 8, in S101, a document of interest is designated in a certain client, and in S102, a search condition is designated by the user in the client. The search condition may include category specification and search range specification. In S103, a search request is issued from the client (request source client). In the present embodiment, the search request includes one or a plurality of hash values that specify the document of interest.

  S104 corresponds to the process indicated by reference numeral 106A in FIG. Of course, the process indicated by reference numeral 106A in FIG. 4 or other processes may be executed.

  Specifically, in S105, search processing corresponding to the search request is started on the server side. In the process of sequentially referencing each secret-related information, if a hash value with the same hash value is found in S106, the process proceeds to S107 and subsequent steps.

  In S107, one set of hash values corresponding to a document (related document) different from the document of interest is extracted from the secret related information including the hash values for which the match is recognized. In S108, the presence / absence of access authority is determined. For example, if the requesting user is included in one or a plurality of users associated with the extracted hash value set on the database, it is determined that the user has access authority. If the access authority is affirmed, the process proceeds from S108 to S109, and the hash value set is reflected in the search result list in S109. Various methods can be used to determine whether there is access authority.

  On the other hand, if it is determined in S108 that the requesting user does not have access authority, in S110, a confidential format (confidential mode) is determined, and complete confidentiality is selected as the confidential format. In step S111, the hash value set extracted in the above is discarded without being reflected in the list. On the other hand, if it is determined in S110 that conditional disclosure is set, the hash value set extracted in S107 in S112 is reflected in the list under certain conditions (that is, in a state where disclosure is restricted). . For example, as shown in FIG. 6, the related document is expressed as an item including a plurality of blank information.

  In S113, it is determined whether or not other related documents (more precisely, other hash value sets) that have not yet been searched remain in the currently recognized related document group. The steps after S107 are repeatedly executed. On the other hand, if it does not remain, the process proceeds from S113 to S114. In S114, it is determined whether or not the search is to be continued, and if it is continued (that is, if there is a part that has not been searched yet) The process is repeated. On the other hand, if the search has progressed to the end of the database or the end of the search range, the process proceeds from S114 to S115. In S115, the list after the filtering process is executed based on the user as described above. Is provided to the requesting user or requesting client. In S116, the list is displayed on the screen of the requesting client. At that time, the requesting client refers to the management table, specifies a document corresponding to each hash value (or each hash value set) sent as a search result, and displays it as a related document. Specifically, information such as a file name, a location, and the like regarding the related document is displayed. When a hash value managed by another user is received, processing for prompting an inquiry is executed. This has already been explained. If the hash value for each document held by itself is not stored in the management table, the hash value may be recalculated and the matching may be performed.

  In the flowchart of FIG. 8, the filtering process is executed on the server side. However, as described with reference to FIG. 4, the filtering process and other processing processes may be performed on the client side. In displaying a list of search results, ranking may be performed according to priority. For example, the superiority or inferiority between related documents may be determined based on indices such as the category and the degree of coincidence, and only the upper predetermined number of related documents may be displayed in a list. At that time, the user may select display conditions. For example, only related documents whose contents match are displayed as a list. The update of the database may be performed at a timing when the situation of each user, for example, the document arrangement, the document content, or the like changes, or may be periodically executed.

  As described above, according to the system of the present embodiment, confidential related information is registered on the database for each related document group, and is shared among a plurality of users. In that case, since the information indicating the relevance of the document itself can be shared while keeping the confidentiality of the document itself, there is an advantage that information assets buried in individual users can be used widely and safely. In the above embodiment, the document can be converted into a hash value from various viewpoints, and each hash value can be made a search target. There is an advantage that the convenience can be greatly improved.

It is a block diagram showing embodiment of this invention. 3 is a diagram illustrating an example of a workspace managed by a user X. FIG. It is a figure for demonstrating the structure and production | generation process of secrecy relevant information. It is a figure for demonstrating the handling of the structure of a database, and a search process result. It is a figure which shows an example of a search result. It is a figure which shows the other example of a search result. It is a figure which shows the workspace managed by the user Y. It is a flowchart for demonstrating the process of a search process.

Explanation of symbols

  10 server, 12, 14, 16 client, 18 document management section (workspace management section), 20 related information generation section, 22 conversion processing section, 24 management table, 26 registration processing section, 28 request issuing section, 30 result processing section , 32 secret related information database, 34 search processing unit, 40 related information, 41 secret related information, 42 secret identification value set (secret identification data).

Claims (8)

For each related document group composed of a plurality of related documents, the confidentiality-related information composed of a plurality of confidential identification data for identifying the documents in a confidential manner based on the plurality of documents constituting the related document group. Generating means for generating
A database in which a plurality of confidential information is registered in order to share the confidential information among a plurality of users;
When a request for searching for a related document related to the document of interest is issued from the requesting user, the database is searched using the confidential identification data of the document of interest, thereby obtaining the confidential identification data of the related document. Search means to identify as search results;
Providing means for providing information on the related document to the requesting user according to the access authority of the requesting user to the related document identified by the confidential identification data as the search result;
A document retrieval system including: The document search system according to claim 1, wherein
Each secret identification data constituting the secret-related information is composed of at least one code generated by performing a code conversion process on a basic document,
The code has irreversibility that cannot identify the location and content of the document based on the code.
A document retrieval system characterized by that. The document search system according to claim 2, wherein
The generating means includes
A function of generating a first code for identifying both an entity part and an attribute part of the underlying document;
A function for generating a second code for identifying one of an entity part and an attribute part of the underlying document;
Comprising
Each secret identification data constituting the secret related information includes the first code and the second code,
A document retrieval system characterized by that. The document search system according to any one of claims 1-3.
The providing means provides detailed information about the related document to the requesting user when the requesting user has access authority to the related document.
A document retrieval system characterized by that. The document search system according to claim 4, wherein
The providing means does not provide any information related to the related document to the requesting user when the requesting user does not have access authority to the related document.
A document retrieval system characterized by that. The document search system according to claim 4, wherein
The providing means provides the request source user with information used for inquiries to the user having the authority to manage the related document when the request source user does not have the access authority to the related document;
A document retrieval system characterized by that. For each related document group which is provided in each client device used by the server device or user and is composed of a plurality of related documents, the documents are concealed based on the plurality of documents constituting the related document group. Generating means for generating secret related information composed of a plurality of secret identification data for identification while
Provided in the server device, a database in which a plurality of secret-related information is registered in order to share each secret-related information among a plurality of users;
When the request source user issues a request for searching for a related document related to the document of interest provided in the server device or each of the client devices, the database is searched using confidential identification data of the document of interest. Search means for specifying confidential identification data about the related document as a search result,
Information on the related document for the requesting user according to the access authority of the requesting user for the related document provided in the server device or each client device and identified by the confidential identification data as the search result Providing means for providing
A document retrieval system including: A document search program executed in the information processing apparatus,
For each related document group composed of a plurality of related documents, the confidentiality-related information composed of a plurality of confidential identification data for identifying the documents in a confidential manner based on the plurality of documents constituting the related document group. With the ability to generate
When a request for searching for a related document related to a document of interest is issued by a requesting user, a plurality of users can use a plurality of users to share confidential information with a plurality of users using confidential identification data about the document of interest. A function of specifying confidential identification data about the related document as a search result by searching a database in which confidential information is registered;
Including
According to the access authority of the requesting user for the related document identified by the confidential identification data as the search result, information related to the related document is provided to the requesting user.
A document search program characterized by that.

Images