JP2009237625A - Memory device and electronic data management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a memory device and an electronic data management method that limit the use of user data provided for a user to a predetermined range and track and monitor access to the user data. <P>SOLUTION: When an electronic file stored in a memory means 1 connected to an electronic computer 2 is used, whether or not the use of the electronic file should be permitted is determined by reference to attribute information indicating the use range where the electronic file can be used. Specifically, position information and/or time information is acquired from an external device 3 and compared with the attribute information. If the position information and/or time information is within the use range predetermined by the attribute information, the use of the electronic file is permitted. If not, the use of the electronic file is rejected. The external device used is a GPS device or electronic timepiece. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a memory device, and more particularly, to a memory device storing electronic data. Further, the present invention relates to a data management system for managing electronic data, and relates to a data management method for data traceability for tracking and monitoring access to a file in which electronic data is stored.

  Personal information and business know-how are often stored in a computer storage device or recording medium as a file in the form of electronic data. It is important to closely manage the history of accessing this file, especially the history of browsing, editing, copying, printing, sending, etc. of the file. For example, insurance companies distribute recovery manuals to personnel in the event of a disaster. This recovery manual is a collection of know-how and has a very expensive information value. There are times when you do not want the recovery manual distributed offline to be leaked or copied outside.

  Also, school teachers often view, edit, check, and score documents containing lesson materials and student personal information at home. At this time, it is important to monitor whether these data are handled appropriately and to ensure the traceability of the data. In addition, manufacturers distribute product specifications and design documents to relevant parties. There are times when it is desirable to prevent this specification or design document, which is confidential information, from being viewed by anyone other than those involved, and to prevent it from leaking outside. At the time of proofreading a publication, etc., the original electronic data is changed, but we want to prevent the original and proofread electronic data from leaking outside. Similarly, for image data such as photographs, it is desirable to prevent the original or edited electronic data from leaking outside.

  As described above, even if electronic data is taken outside, it is important to clarify where and when the electronic data is handled and to ensure traceability of the electronic data. In order to meet such a demand, many products are sold. For example, Patent Document 1 discloses a data management system. Specifically, the client user data stored in the non-volatile memory cannot be used for other than the processing purpose from the electronic computer that is processing the client user data, and cannot be taken out to the outside.

  GPS can be used to monitor the data usage range. GPS is an abbreviation for Global Positioning System, and is called a global positioning system, a global positioning system, or the like. By using GPS, the current position on the earth can be known. Here, only an outline of GPS will be described. The United States launched about 30 GPS satellites, which are transmitting GPS signals. A GPS satellite is a satellite that moves at an altitude of about 20,000 km in about 12 hours.

  The GPS receiver receives GPS signals transmitted from GPS satellites and outputs the coordinates of measurement points. The GPS receiver usually receives and processes signals from several satellites in the sky above the measurement site, and calculates the coordinates of the measurement point and the current time. At present, a position confirmation method using GPS is widely used for car navigation systems and voyages. If the GPS is used, the position can be confirmed more accurately and precisely, and it can be applied to the identification of the place where the electronic file is handled and the time management.

  For example, Patent Document 2 discloses a data processing device in which a GPS control module is mounted on a portable information terminal. A use action range in which the portable information terminal can be used is stored in a recording medium inside the portable information terminal. The current position read from the GPS control module is compared with the use behavior range, and when the portable information terminal is not within the use behavior range, the file in the portable information terminal is deleted.

  Patent Documents 3 to 5 disclose systems that can provide accurate position information even indoors. This system transmits a pseudo-GPS signal even in a place where an accurate signal cannot be received from a GPS satellite due to an obstacle such as in a building or underground. Thereby, the user can receive an accurate GPS signal in the same manner as normal GPS. In particular, Patent Document 5 discloses a position information providing system, a position information providing apparatus, and an indoor transmitter for providing position information in a place where radio waves do not reach.

  The position information providing device acquires the received positioning signal, specifies the source of the positioning signal, and acquires message data from the positioning signal when the source of the positioning signal is indoors (S630). When the coordinate value is acquired from (S632), the position information is displayed based on the coordinate value (see also Patent Documents 3 and 4).

WO2007 / 049625 “Data management method, program and recording medium for electronic computer” Published patent 2003-18652 Published Patent 2007-271499 "Positioning device" Published Patent 2007-271500 "Position and orientation estimation device" Published patent 2007-278756 "Position information providing system, position information providing apparatus and indoor transmitter"

The present invention has been made based on the technical background as described above, and achieves the following objects.
An object of the present invention is to provide a memory device and an electronic data management method for tracking and monitoring access to user data provided to a client.

  Another object of the present invention is to provide a memory device and an electronic data management method for managing user data so that user data provided to a client cannot be used for any purpose.

  Still another object of the present invention is to provide a memory device and an electronic data management method for managing user data so that the user data provided to the client cannot be used for an unauthorized place and / or time / calendar. Is to provide.

In order to achieve the above object, the present invention employs the following means.
[Data management method]
The present invention relates to an electronic data management method. The present invention relates to an electronic data management method for an electronic computer. Specifically, when using the electronic file stored in the memory means (1) connected to the electronic computer (2), the attribute information indicating the usage range in which the electronic file can be used is referred to. Then, permission or non-permission of use of the electronic file is determined.

  In the electronic data management method for an electronic computer according to the present invention, the memory device (1) includes: (a) an external device (3) that provides external information; and a line that performs data communication with the electronic computer (2). Control means (14, 15) for controlling connection or disconnection, and (b) the storage means (16) storing the electronic file, wherein the external information is at a position on the earth of the electronic file. The external device (3) is connected to the electronic computer (2) via the control means (14, 15). The external device (3) is composed of certain position information and / or time information indicating the current time and calendar. When the electronic computer (2) acquires the external information, compares the attribute information with the external information, and the position information and / or within the usage range determined in advance by the attribute information The time information exists Time, the authorization, within the use range of the attribute information has predetermined, when there is no the location information and / or the time information, characterized in that the non-permission.

[Driverware]
The electronic computer (2) has driverware means (50). The driverware means (50) operates in a kernel mode that can execute all instructions of the operating system that operates the electronic computer (2). The driverware means (50) communicates between the device drivers (D1 to D5) for directly controlling the devices (E1 to E6) connected to the computer (2), or the device drivers (D1 to D5). ) And an application program (41) operating on the electronic computer (2).

  The driverware means (50) includes an application program interface unit (51), device driver control units (C1 to C4), and a control unit (52). The application program interface unit receives first data including instructions and / or data output from the application program (41), and receives the execution results of the instructions and / or received data received from the device drivers (D1 to D5). Is transmitted to the application program (41).

  The device driver control unit (C1 to C4) transmits the command and / or the third data including the data to the device driver (D1 to D5), and executes the command from the device driver (D1 to D5). For receiving fourth data including the result and / or the received data. The control unit (52) is for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data.

  Further, the application program interface unit (51) acquires the access when accessing the electronic file from the application program (41), and the device driver control unit (C1 to C4) acquires the attribute information of the file. Is acquired from the memory means (1), the position information and / or the time information is further acquired from the external device (3), and the control unit is configured to acquire the position information and / or The time information is compared with the attribute information, and the permission or the disapproval is output. In the case of the permission, the access is transmitted to the device driver (D1 to D5). Discard access.

  It is preferable to perform personal authentication of the user using the personal information of the user stored in the memory means (1). When the personal authentication is successful, the line is connected, the external device (3) is accessible from the electronic computer (2), and the power supplied to the external device from the electronic computer is shut off The line may be disconnected so that the electronic computer cannot be accessed even if the external device operates with another power source. The external device (3) may be a radio clock. In this case, the time information is data obtained by obtaining a standard radio wave with the radio timepiece and obtaining the time and the calendar.

  The external device (3) may be a GPS receiver. In this case, the position information is coordinate data acquired from GPS data acquired by the GPS receiver, and the time information is A) the time and / or the calendar acquired from the GPS data, or B It may be data obtained by obtaining a standard radio wave with a radio clock and obtaining the time and the calendar.

  According to the electronic data management method of the present invention, a storage means storing user data is connected to an electronic computer, the user data is read on the electronic computer and viewed or edited by an application program, and from an input device of the electronic computer A user who controls the user data so that it is not leaked outside from the electronic computer when the application program is manipulated by the input data that has been input and is viewed or edited, and can access a valid place and specified time Ensure data traceability.

[Memory device]
The memory device of the present invention has a memory means (16) for storing an electronic file and a first terminal (11) for connection to the electronic computer (2). The memory device of the present invention includes a second terminal (17) for connecting an external device (3), communication between the electronic computer (2) and the memory means (16), and It comprises control means (12, 13, 14) for controlling communication between the electronic computer (2) and the second terminal (17).

  The control means (12, 13, 14) is a data communication line between the first terminal (11) and the second terminal (17) when the electronic computer (2) communicates with the external device (3). Connect. When the electronic computer (2) does not communicate with the external device (3) or when the external device (3) is disconnected from the second terminal (17), the control means (12, 13, 14) The data communication line between the first terminal (11) and the second terminal (17) is disconnected.

  The external device (3) is a device for providing external information including position information on the earth of the electronic file of the external device (3) and / or time information indicating the current time and calendar. Good to have. The memory device may compare external information with attribute information of the electronic file and determine whether to use the electronic computer. The control means may perform personal authentication using personal information stored in the memory means. When the personal authentication is successful, the control means acquires the external information and performs the determination.

  When the electronic computer accesses a file stored in the memory unit, the electronic computer obtains attribute information indicating information regarding the time and / or the position information at which the file can be used, and obtains the external information from the external device. Execution means for comparing the attribute information with the provided information and determining the access to the file, and permitting or denying the access according to a determination result from the determination means It is good to have.

[Electronic data management program]
According to the data management method for an electronic computer of the present invention, an electronic data management program for an electronic computer for causing the electronic computer to perform data management for the electronic computer may be used. Specifically, a storage device storing user data is connected to the electronic computer, the user data is read out on the electronic computer, viewed or edited by an application program, and input input from an input device of the electronic computer When the application program is operated by data to be browsed or edited, the electronic data management program controls so that user data is not leaked from the electronic computer to the outside.

  The memory device of the present invention may store this electronic data management program. When the memory device is connected to the electronic computer, the electronic data management program may be automatically installed and operated in the electronic computer. The memory device preferably has an area for storing user data, a user area that can be read and written, and an area for storing a program and a read-only program area.

  When the memory device is connected to the electronic computer, the authentication program stored in the program area starts automatically, and after confirming the electronic data management program, the instruction to turn on the control mode of the electronic data management program is electronic data management Send it to the program. When the control mode is turned on, the authentication program may make the operating system recognize the user area so that user data can be accessed from the electronic computer.

The memory device may include an authentication unit that stores authentication data used for personal authentication of a user who uses the memory device.
This electronic data management program is preferably stored in a network storage on the network. This network may be a LAN, WAN, or the Internet. This network may be accessible by a wired or wireless public communication network.

  This electronic data management program is preferably recorded on a recording medium such as various CDs, various DVDs, and a non-volatile memory that can be read and read and rewritten. This data management program is preferably stored on a second electronic computer that can remotely access this electronic computer and operates remotely on this electronic computer. When the application program matches the value of the control target list and it is necessary to restrict the copying or movement of user data, the control function has a function of issuing a command to control and restrict the input data of the input device. It is good to consist of.

  The electronic data management program may restrict the duplication of user data by controlling the mouse pointer of the mouse of the input device so as not to exit a predetermined active window. It is preferable to restrict or restrict user data replication by prohibiting or restricting data replication via the clipboard. The electronic data management program preferably has a log acquisition function. In the electronic data management program, the log acquisition function may acquire an operation log of the electronic computer, and the log may include time information and position information acquired from an external device. The electronic data management program may include an encryption unit for encrypting user data and a decryption unit for decrypting the encrypted user data.

According to the present invention, the following effects can be obtained.
In the present invention, when a memory device storing user data is connected to an electronic computer and the user data is used on the electronic computer, position information and / or time information is acquired from an external device connected to the electronic computer. It is now possible to check the location and time when user data is used. As a result, the user can no longer use the user data out of the preset location and / or time / calendar range.

In addition, by setting all external storage devices built in or connected to the electronic computer to write prohibition by the management means operating on the electronic computer, and setting to prohibit the use of the network, It is possible to prevent user data from being duplicated and used for purposes other than the intended purpose, and to manage user data appropriately.
According to the memory device of the present invention, when the power supplied to the external device connected to the memory device is cut off, the data communication line is also cut off, thereby improving the safety as the memory device.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
Embodiment of the present invention
FIG. 1 shows an outline of an electronic data management system of the present invention. The electronic data management system of the present invention comprises a memory device 1, an electronic computer 2, and an external device 3. The electronic computer 2 is an electronic computer used by a user. The electronic computer 2 is a normal electronic computer including an input device, an output device, a CPU, and a memory.

  The memory device 1 is a device provided with storage means such as a nonvolatile memory. The memory device 1 can store authentication data for personal authentication. Further, user data can be stored in the memory device 1. User data is electronic data including personal information of users, business files, and the like. For example, user data is data in which business know-how is accumulated. The user data can be an insurance company recovery manual for use in the event of a disaster.

  The user data can be a product specification or design document for use by a manufacturer. Further, it can be original electronic data for use in proofreading image data such as publications and photographs. The user data can be teaching materials used by teachers and the like, examination data, and the like. The user data can be a source code such as a program or a binary file. Furthermore, it can be a data file in which personal information, customer information, etc. are stored. For example, personal information means information such as name, address, and contact information. As customer information, it is information, such as a customer's full name, a name, an address, a contact address, and the contents of dealings, for example. Hereinafter, such data such as personal information and customer information is simply referred to as user data.

  The external device 3 is a memory device that stores electronic data of user data, or a device that provides specific data to the electronic computer 2. The external device 3 is connected to the memory device 1. This standard for connection can be basically any standard. For this connection, any standard interface of a parallel transfer system or a serial transfer system can be used. In the present embodiment, it is assumed that the external device 3 has a USB standard interface.

  The USB standard is a standard for data transmission between an electronic computer and a peripheral device, and includes a specification called “USB Mass Storage Class” for recognizing an external storage device as a removable drive. The memory device 1 and the external device 3 comply with the USB Mass Storage Class, and send and receive electronic data between the memory device 1 and the electronic computer using a Mass Storage Class driver possessed by the operating system. . When the memory device 1 and the external device 3 are inserted into the USB port of the electronic computer 2 and supplied with power, the memory device 1 and the external device 3 are recognized as removable drives by the operating system.

  In the present embodiment, the external device 3 will be described as having a USB standard connector. For example, the external device 3 is a GPS device compatible with GPS. Similarly, the connection between the memory device 1 and the electronic computer 2 can be basically any standard. In the present embodiment, it is assumed that the memory device 1 has a USB standard interface. In the present embodiment, it is assumed that the memory device 1 has a USB standard interface for connection with the external device 3.

  FIG. 2 shows a flowchart when the memory device 1 is used. The external device 3 is connected to the memory device 1 (step 1). Then, the memory device 1 is connected to the electronic computer 2 (step 3). The electronic computer 2 recognizes the memory device 1. Then, the authentication module stored in the program area in the memory device 1 is automatically activated and operates (step 5). The authentication module starts personal authentication (step 7). Authentication data for personal authentication is stored in the hidden area of the memory device 1.

  The authentication module uses this personal authentication to perform personal authentication of the user (step 9). This personal authentication can use a highly secure authentication method such as password authentication or biometric authentication. In the case of password-type personal authentication, the user inputs a password from the keyboard of the electronic computer 2 to perform personal authentication. In the case of biometric authentication, the user inputs his / her biometric information to the biometric authentication apparatus. When the personal authentication is not successful, the user data in the memory device 1 cannot be read into the electronic computer 2 and used.

  In other words, the electronic computer 2 accesses the memory device 1 and the user data in the memory device 1 cannot be used. Furthermore, when the personal authentication is not successful, the external device 3 connected to the memory device 1 cannot be used (step 11). If the personal authentication is successful, the user data in the memory device 1 can be used. If the personal authentication is successful, the external device 3 and the computer 2 are connected and can be used (step 13).

  The electronic computer 1 can acquire data from the external device 3 (step 15), and can process and edit this data (step 17). Furthermore, the electronic computer 1 can control the memory device 1 and the electronic data in the electronic computer 1 or the memory device 1 based on the data acquired from the external device 3 (step 17). When the external device 3 is a memory device, data can be written from the electronic computer 2 and data in the memory device can be read. When the external apparatus 3 outputs specific data, for example, position data or time data, the electronic computer 2 acquires these data and performs processing based on these data.

  For example, data read / write control processing in the memory device 1 can be performed based on position data or time data. Here, a case where the external device 1 is a GPS device will be described as an example. As long as it receives GPS signals and outputs position information and / or time information, the GPS device may be of any type and of any standard. If the personal authentication is successful, the electronic computer 2 is connected to the GPS device. The GPS device is recognized by the electronic computer 2 and can be used. The electronic computer 2 makes a request to the GPS device, and the electronic computer 2 acquires position information and / or time information from the GPS device.

  Various processes can be performed using the position information and / or time information. For example, in the case of protecting personal information, it can be used to guarantee the validity of the use of user data. In other words, when the place and / or time at which user data can be used is determined, the electronic computer 2 uses the position information and / or time information acquired from the GPS device to place the user or its external storage device. The user can use the user data by checking the current location and / or time. Of course, if you are out of the specified location and time range, if you are not within that range, you will not be allowed to use user data.

  In this case, the user data can be electronic data stored in the electronic computer 2, the memory device 1, another memory device connected to the electronic computer 2, a server on the network, and a storage device. Such control can be performed by an electronic data management program operating on the electronic computer 2. Such control can be performed by an electronic data management program for realizing traceability of electronic data. An embodiment will be described in detail later, but only an outline will be described here.

  The electronic data management program is a program that provides an environment for using user data on the electronic computer 2. In other words, the electronic data management program provides an environment in which user data is not leaked to the outside. The electronic data management program specifies whether the electronic computer 2 is operating in a valid environment using GPS data including position information and / or time information acquired from the GPS device. That is, it is specified where and when the electronic computer 2 is to be used. Here, it is assumed that the user operates the electronic computer 2 directly.

  It is assumed that the electronic computer 2, the memory device 1, and the external device 3 are connected through a common-sense wired or wireless interface. Further, when accessing by reading user data from the electronic computer 2, this access is caught and the access is permitted or not permitted. For example, when reading the user data, the electronic data management program catches this read access and permits the read access only when the specific condition is met. The electronic data management program can request and obtain data from the GPS device.

  The user data can have user authentication, access location, access time, etc. as specific conditions that can be used. This specific condition is preferably stored as attribute information of user data. The storage destination is preferably written at the top of the user data. This attribute information is data that can specify a user who can use user data, a period during which the user data can be used, a place where the user data can be used, and the like. The electronic data management program collates the GPS data with the attribute information, confirms whether it can be used for a period and / or time, and where it can be used, and permits or disallows the use of user data.

  For example, the following process is performed. A user accesses user data in the memory device 1. The electronic data management program detects and obtains this user access. The electronic data management program acquires GPS data from the GPS device and compares it with attribute information of user data. When the position information of the GPS data is within the accessible range indicated by the attribute information of the user data, access to the user data is permitted.

  From the GPS information, information on the location where the electronic computer 2 is used can be acquired in real time. By comparing this, it is possible to always determine whether the user data is accessed at a valid place. Further, it is determined whether the user data is accessed within a valid time range using the time data of the GPS device. When the access to the user data is not at the permitted place and time, the use of the user data can be stopped. It can also be deleted.

  FIG. 3 is a flowchart showing control of a user data file. The “file” here refers to a user data of electronic data that is given a specific name and stored in a recording device. That is, “file” refers to a normal file. A file stored in the memory device 1 is accessed from the electronic computer 2 (step 30). This access is first to read the file. Alternatively, a new file may be written in the memory device 1.

  When reading a file, first, attribute information of the file is acquired (step 32). Data is acquired from the external device 3 (step 34). The attribute information is preferably written at the beginning of the file. The file can also be encrypted. In the attribute information, one or more data among the user who can access the file, the range of the accessible location, the accessible period, the accessible time zone, and the like are designated. In addition, an accessible application program can be specified.

  Further, this attribute information can be stored as an independent file separately from the file. The attribute information constitutes a database, and the database can be stored in any of the memory device 1, the electronic computer 2, storage on the network, and other recording media connected to the electronic computer 2. . Furthermore, the attribute information of a plurality of files can be listed to make another file. Then, the data regarding the position and / or time acquired from the external device is compared with the attribute information of the file, and it is determined whether the data regarding the position and / or time is within the range of the attribute information (step 36).

  If it does not fall within the range, a message indicating that the file cannot be operated is displayed. Therefore, the user cannot access this file (step 38). It is desirable to warn the user of this disapproval by displaying the fact on the display. Also, user data can be deleted in order to prevent leakage of user data (step 40). If the user makes an inappropriate number of accesses to the same file despite the fact that it cannot be operated, the user data can be deleted in order to prevent leakage of user data ( Step 40).

If the position and / or time data falls within the attribute information range, access to the file is permitted (step 42). Specifically, the file is permitted to be read. In addition, this permission may be permission to write in addition to the file. Also, permission to delete the file or permission to copy the file may be used. Further, the file may be transferred to another folder in the same memory area. Further, the file may be transferred and copied to another storage device.
When reading the file, the file is decrypted (step 44). The decrypted file is transferred to an appropriate application program for editing (step 46).

[Configuration of memory device]
An example of the configuration of the memory device 1 of the present invention is shown in FIGS. 4A is a front view, and FIG. 4B is a back view. The memory device 1 includes a first terminal 11, a hub controller 12, a port controller 13, a switch 14, a memory controller 15, a memory 16, and a second terminal 17. The first terminal 11 is a connector for connecting the memory device 1 to the electronic computer 2. The memory 16 is a memory for storing user data. The second terminal 17 is a connector for connecting the external device 3 to the memory device 1.

  The external device 3 can usually be a non-volatile memory. The external device 3 can be a GPS device, a radio clock, a mobile phone, or the like. This embodiment will be described as a GPS device. The switch 14 controls data communication between the external device 3 and the electronic computer 1. Specifically, it is an element that connects and disconnects the communication line between the external device 3 and the electronic computer 1. The port controller 13 controls the operation of the switch 14. The hub controller 12 controls communication between the electronic computer 1 and the memory 16 and communication between the electronic computer 1 and the external device 3.

  The hub controller 12 functions as a USB standard hub. The memory device 1 has a display 18 that shows its operation status. FIG. 5 is a block diagram showing main components of the memory device 1. FIG. 4 is a block diagram showing main components of the memory device 1. The display 18 shows the operation of the memory device 1. Here, the first terminal 11 is connected to the hub controller 12. The hub controller 12 is connected to a memory controller 15, a switch 14, and a port controller 13.

  The memory controller 15 is connected to the memory 16. The port controller 13 is also connected to the switch 14. The switch 14 is also connected to the second terminal 17. FIG. 6 shows a block diagram similar to FIG. 5, and in addition to FIG. 5, power-related elements are also shown. There are a power converter 19 and a power switch 20 as power-related elements. Although the power converter 19 is connected to each device, since this connection state is not the gist of the present invention, it is omitted, and details thereof are not shown in detail.

  The power converter 19 is connected to the first terminal 11 and is connected to a power line (not shown) of the electronic computer 2. The power converter 19 converts the voltage applied from the power line and applies it to each device as a power source corresponding to each device. The power switch 20 is connected to the first terminal 11 and the second terminal 17. The power switch 20 is for supplying power to the external device 3 connected to the second terminal 17. The display 18 is an element that indicates the operating state of the memory device 1. The display 18 can be of any known principle or means as long as it provides the user visually or audibly with the operation of the memory device 1.

  The indicator 18 is, for example, an LED, a speaker, a lamp, or the like. In the present embodiment, LEDs are used for the display 18. The memory device 1 conforms to the USB standard. The external device 3 connected to the second terminal 17 is supplied with power from the electronic computer 2 via the memory device 1. Specifically, the external device 3 connected to the second terminal 17 is supplied with power from the power switch 17.

  In the USB standard, when power is supplied to the external device 3, the external device 3 can perform data communication with other devices and computers connected thereto. The external device 3 is assumed to be supplied with power from the outside instead of the memory device 1. In this case, when the external device 3 is connected to the memory device 1, its data communication line is connected to the hub controller 12. The switch 14 in the memory device 1 is used for the purpose of disconnecting and connecting the data communication line.

  The switching device 14 disconnects the line so that the external device 3 cannot perform data communication with the electronic computer 2 when the power is not supplied from the power switch 20 to the external device 3. That is, in this state, the switcher 14 disconnects the connection line between the external device 3 and the hub controller 12.

  FIG. 7 is a block showing an example of the configuration of the memory 16 of the memory device 1. The memory device 1 includes a user area 32 for storing electronic data, computer programs, and the like, and a program area 31. The user data is stored in the user area 32 of the memory device 1 and cannot be accessed from the outside by the initial setting of the memory device 1. In the memory device 1, an authentication program is stored in the program area 31. Further, in the memory device 1, an electronic data management program is stored in the program area 31.

  The program area 31 can be directly accessed from the electronic computer 2 when the memory device 1 is connected to the electronic computer 2 and it is recognized that it is used properly. When the memory device 1 is connected to the electronic computer 1 and automatically recognized by the electronic computer 1, the program area 31 can be used. Thus, the program area 31 can be accessed from the electronic computer 2 and read from the program stored in the program area 31 and executed. Further, the program stored in the program area 31 can be automatically started and operated on the electronic computer 2.

  The program area 31 stores an authentication program. This authentication program performs user personal authentication. Further, this authentication program can check the operating environment of the electronic computer 2 and confirm a program installed or operating on the electronic computer 2. When the electronic data management program is not installed on the electronic computer 2, the authentication program can read the electronic data management program from the memory device 1 and install it on the electronic computer 2.

  When the electronic data management program is not installed on the electronic computer 2, this authentication program can be activated on the electronic computer 2 by activating the electronic data management program stored in the memory device 1. Furthermore, the memory 16 of the memory device 1 can be divided into arbitrary portions depending on the use of the user. For example, the memory 16 can comprise a CD area, a removable disk area, and a hidden area. The memory 16 can be composed of a user data area and a hidden area.

  The memory 16 can be composed of a plurality of user data areas. The memory 16 can also consist of a plurality of hidden areas. The memory can have an arbitrary recording medium such as a DVD, a CD, a flexible disk (registered trademark), a hard disk, or an area of the recording medium. In these many areas, the above-described authentication program and electronic data management program can be appropriately stored.

  FIG. 8 illustrates an outline of software that operates on the electronic computer 2. The memory device 1 is connected to the USB port E3 of the electronic computer. The external device 3 is connected to the memory device 1. Here, an overview of the operating system 40 operating on the electronic computer 2 and the electronic data management program will be described. In the present embodiment, the operating system 40 is Microsoft Windows XP (registered trademark). However, this does not limit the operating system 40, and the type of operating system is not limited as long as similar functions can be realized.

  An application program 41 runs on the operating system 40. The electronic computer 2 includes an external storage device such as a hard disk E4. The electronic computer 2 has a connector E1 for connecting with peripheral devices. The connector E1 is preferably a serial port such as RS-232C, IrDA, USB, or IEEE1394, or a parallel port such as IEEE1284, SCSI, or IDE. The electronic data management program is composed of the application platform program 42 shown in FIG.

  The application platform program 42 is application software that operates in the user mode 43 of the operating system 40. The driverware 50 is a program that operates in the kernel mode 44 of the operating system 40. The operations and functions of the application platform program 42 and the driverware 50 will be described later. The electronic computer 2 includes an input device such as a keyboard 82 and a mouse 83, an output device such as a display (not shown), an external storage device such as a hard disk E4, and a memory such as a main memory (not shown). .

  The electronic computer 2 can have peripheral devices such as an external hard disk, a scanner, and a printer. These peripheral devices are connected to the connector E1. The hard disk E4 is built in the electronic computer 2. The electronic computer 2 operates under the control of the operating system 40. The application program 41 operating on the electronic computer 2 uses the functions provided by the operating system 40 to perform input / output from the input / output device and perform necessary processing.

  The application program 41 is an executable file or software that operates in the kernel mode 44 or the user mode 43 of the operating system 40. For example, the application program 41 may be software for creating and editing a document such as word processing software or a text editor. Furthermore, it may be software for viewing, creating, and editing a specific format file such as a pdf format file.

  The operating system 40 provides input / output functions from an input / output device such as input from the keyboard 82, input from the mouse 83 and screen output, and basic functions such as management of an external storage device and memory. This is software for operating and managing the entire computer 21. The operating system 40 is composed of a number of executable programs in order to realize the functions provided by the operating system 40. There are many books about the operating system 40, especially the Windows (registered trademark) operating system used in the embodiment of the present invention.

In order to reproduce the present invention, technical knowledge described in these books, in particular, knowledge concerning device driver development is required.
List of books on the internal structure and operation of Windows operating systems:
− Inside Windows NT by Helen Custer (Microsoft Press, 1992)
− Inside the Windows NT File System by Helen Custer (Microsoft Press, 1994)
− Inside Microsoft Windows 2000, Third Edition by David A. Solomon, Mark E. Russinovich (Microsoft Press, 2000).

List of books from basic knowledge of device drivers to knowledge about their development:
− Programming the Microsoft Windows Driver Model by Walter Oney (Microsoft Press, 1999)
− Programming the Microsoft Windows Driver Model, Second Edition by Walter Oney (Microsoft Press, 2002).
Here, description will be made from representative ones of the components of the operating system 40. The operating system 40 includes a subsystem 45, an executive 46, a kernel 47, device drivers D1 to D5, and a hardware abstraction layer (HAL) 48.

  The subsystem 45 is a service provided in the user mode 43 of the operating system 40. The executive 46 provides basic services of the operating system 40 such as memory management, process and thread management, security, I / O, network, and interprocess communication. The kernel 47 provides low-level functions such as thread scheduling, interrupts, exception notification, and multiprocessor synchronization. In addition, the kernel 47 provides a routine set and basic objects used inside the executive 46.

  The device drivers D1 to D5 are usually created for each piece of hardware connected to the electronic computer 2, and directly control the hardware E1 to E6 via the hardware abstraction layer 48. The device drivers D1 to D5 turn input / output function requests (I / O call requests) from the application program 41 and the operating system 40 into input / output function requests (I / O requests) to specific hardware devices E1 to E6. Provides services to convert and system services such as file systems and network drivers.

  The hardware abstraction layer 48 is a code layer for separating and abstracting the kernel 47, device drivers D1 to D5, and executive 46 from platform-specific hardware functions. The hardware abstraction layer 48 absorbs differences depending on the model and type of hardware such as an internal device of the electronic computer 2 and an external device connected to the electronic computer 2, and is abstracted for each service of the operating system 40. Provide customized services. Various services constituting the operating system 40 can access the hardware without being aware of differences depending on the type and type of hardware.

[Driverware 50]
The driverware 50 is for realizing data transmission / reception between device drivers in a kernel mode. The driverware 50 provides a common interface when accessing the device drivers D1 to D5 from the application program 41 and when transmitting data from the device drivers D1 to D5 to the application program 41. The driverware 50 operates in the kernel mode 44 of the operating system 40.

  The driverware 50 has a function of providing data transmission / reception not only between the device drivers D1 to D5 but also between the operating system 40 and the plurality of device drivers D1 to D5. An example of the driverware 50 is a well-known technique disclosed in WO02 / 091195 as an interface driver program for an electronic computer. The driverware 50 has an application program interface unit 51 for receiving commands and data from the application program 41 and transmitting data to the application program 41.

  The driverware 50 has a control unit 52 for controlling the overall operation of the driverware 50. The log acquisition unit 53 also acquires a history of operations of the driverware 50. Furthermore, the driverware 50 includes device driver control units 42 to 44 for controlling the device drivers D1 to D5. The driverware 50 has an encryption unit 54 for encrypting data to be communicated and a decryption unit 55 for decrypting the encrypted data. The control unit 52 controls and monitors other parts of the driverware 50 such as the device driver control units C1 to C4, the application program interface unit 51, the log acquisition unit 53, the encryption unit 54, and the decryption unit 55. It is the core of the driverware 50.

[Application platform program 42]
The application platform program 42 is located between the application program 41 and the operating system 40, and is an application program for mediating and controlling transmission / reception of commands and data between them. The application platform program 42 operates in the user mode 43 of the operating system 40.

  The application platform program 42 is an application program for providing a user interface for accessing the file system of the operating system 40. The application platform program 42 has a function of monitoring the activation of the application program 41 and the activation of the process accompanying this, and acquiring the attribute information. The application platform program 42 is particularly preferably an application program that is compatible with Windows Explorer.

  This serial transfer method is a data transmission method in which data is transmitted bit by bit through one signal line. The parallel transfer method is a data transmission method in which a plurality of bits are simultaneously transferred through a plurality of signal lines. An interface that is optimal for each application is used for data transmission between the device built into the electronic computer 2 and the electronic computer 2 and its peripheral devices. Here, the representative examples will be exemplified. In the case of a storage device, the parallel transfer method is high speed and this transmission method is often adopted. However, due to the widespread use of the USB standard, a USB port is often used.

  For communication between the electronic computer 2 and the printer, an IEEE 1284 port and a USB port are often used, and there are also cases where the communication is via a network. The electronic computer 2 includes a network card E2 for connecting to the network 81. Furthermore, a USB port E3 for connecting a USB standard-compliant device such as the memory device 1 is provided. Programs for directly controlling and communicating with the connector E1 and the network card E2 are an interface driver D1 and a network driver D2, which are respective device drivers.

  In the present embodiment, the device drivers D1 to D5 are described as belonging to the operating system 40. The interface driver D1 is a device driver for controlling the connector E1. The network driver D2 is a device driver for controlling the network card E2. The file system driver D3 manages information related to files and folders stored in an external storage device such as the hard disk E4, and provides access to the files and folders stored in the hard disk E4.

  The file system driver D3 also provides access to a USB standard compliant storage device connected to the electronic computer 2. This access is performed via a Mass Storage Class driver (not shown) of the operating system 40. The application program 41 is software installed or operating in the electronic computer 2. The application program 41 operates on the user mode 43 of the operating system 40. The application program 41 accesses the hard disk E4 to read and write necessary files.

  The application program 41 also means a part of the program that operates in the Windows (registered trademark) kernel mode 44. The driverware 50 provides a common interface when accessing the device drivers D1 to D5 from the application program 41 and when transmitting data from the device drivers D1 to D5 to the application program 41. The driverware 50 includes an application program interface unit 51, a control unit 52, a log acquisition unit 53, and the like.

  The driverware 50 has an encryption unit 54 for encrypting data to be communicated and a decryption unit 55 for decrypting the encrypted data. Further, the driverware 50 includes an interface control unit C1 for controlling the interface driver D1. The driverware 50 has a network control unit C2 for controlling the network driver D2. The driverware 50 includes a file system control unit C3 for controlling the file system driver D3.

  The control unit 52 controls and monitors other parts of the driverware 50 such as the interface control unit C1, the network control unit C2, and the file system control unit C3, and is a core part of the driverware 50. When a storage device such as the memory device 1 is connected to the electronic computer 2, it is recognized by the device driver of the device and then controlled by the file system driver D3. The interface control unit C1, the network control unit C2, the file system control unit C3, etc. of the driverware 50 are finally connected to or built in the electronic computer 2 by controlling the device drivers D1 to D5 of the electronic computer 2. It can be understood that it controls the device.

  That is, in order to control a device connected to or incorporated in the electronic computer 2, existing device drivers D1 to D5 are used. The driverware 50 controls an interface through which the device drivers D1 to D5 communicate with other components of the operating system 40 in the kernel mode.

[User data browsing operation]
FIG. 9 is a flowchart showing a flow when the electronic computer 2 reads user data from the memory device 1 and browses it. The memory device 1 is connected to the electronic computer 2 (step 70). The electronic computer 2 recognizes the memory device 1 (step 72). At this time, the operating system 40 detects and recognizes the connection of the memory device 1 using the PnP function. Of the plurality of memory areas of the memory device 1, the program area 31 is recognized by the electronic computer 2.

  When the memory device 1 is recognized, the authentication program stored in the program area 31 of the memory device 1 is automatically started (step 74). The authentication program starts authentication of whether or not an electronic data management program is installed in the electronic computer 2 (step 74). The authentication program confirms whether the electronic data management program is installed in the electronic computer 2 (step 76).

  If the electronic data management program is not installed, the electronic data management program stored in the program area 31 is automatically installed in the electronic computer 2 (steps 76 → 99). At this time, a message indicating that the user needs to install the electronic data management program is displayed. Further, a message requesting the user to approve the installation of the electronic data management program can be displayed, and the user can press the designated button or the like to display the intention.

  Further, the user can receive this message and manually install the electronic data management program by the user himself / herself. If the electronic data management program is installed in the electronic computer 2, personal authentication using a password is performed (step 77). If the personal authentication is successful, the electronic data management program is set to the control mode (step 78). Details of the control mode are shown in the flowchart of FIG. 11 and the description thereof.

  When the setting of the control mode of the electronic data management program is completed, the authentication program causes the electronic computer 2 to recognize the user area 32 of the memory device 1. Therefore, the user area 32 can be accessed from the electronic computer 2 and can be used (step 80). Reading of user data is permitted, and automatic decryption of encrypted user data is also permitted (step 82).

  The user instructs to read user data stored in the memory device 1. A request for reading user data is transmitted from the application program on the electronic computer 2 to the memory device 1 (step 84). This request is acquired by the electronic data management program. Then, the electronic data management program acquires attribute information of the file of user data. The electronic data management program analyzes this attribute information (step 86).

  In this analysis, it is confirmed whether the location, time, user, etc. that can access the file are specified. If a user is specified, it is confirmed whether the user is authenticated and personally logged in. After this confirmation, the following conditions are confirmed. The electronic data management program checks the conditions regarding location and / or time. If this condition exists, the electronic data management program acquires position information and / or time information from the external device 2 (step 88). Then, when the position information and / or time information acquired from the external device 2 meets the attribute information condition, user data is read (step 90).

  If the condition is not met, a message indicating that the user cannot use the user data is displayed (step 92). The user data read from the memory device 1 is decrypted (step 94). The decrypted user data is displayed on an output device such as a display of the electronic computer 2 (step 96). When the electronic data management program enters the control mode (refer to the description of FIG. 11), the electronic data management program accesses each device so that user data cannot be stored in the hard disk E4 and other peripheral devices connected to the electronic computer 2. Restricted.

  For this reason, the client 11 cannot store user data in the hard disk E4 or a peripheral device connected to the electronic computer 2. Furthermore, when the electronic data management program enters the control mode, the network function, various communication ports, use of the clipboard, screen capture, copy and paste functions, and the like are prohibited. Therefore, user data can be viewed, edited, and written to the memory device 1. In other words, it is impossible to save, move, or copy user data, a part of the data, or data derived from the user data to a memory device other than the memory device 1.

  FIG. 10 is a flowchart showing the operation of the electronic data management program. The electronic data management program is stored in the memory device 1 and provided to the user. The electronic data management program is installed in the electronic computer 2 (step 100). In this installation, after the memory device 1 is connected to the electronic computer 2 and recognized, the electronic data management program can be automatically activated and installed in the electronic computer 2. Further, it can be installed in the electronic computer 2 by an instruction of another program such as an authentication program. Then, the electronic data management program is activated and starts operating (step 102).

The electronic data management program turns on the control mode (step 106). Or
The control mode can also be turned on by an instruction from another program such as an authentication program. When the electronic data management program is set to the control mode, the authentication program causes the operating system 40 to recognize the user area 32 in the memory device 1 and make it available (see step 80 in FIG. 9). .

  The electronic data management program monitors access from the application program to the memory device 1. When there is an access to the memory device 1, the electronic data management program receives it (step 108). The electronic data management program confirms the type of access (step 108). It is confirmed whether the access is permitted or not (step 110). When the access is permitted, the user data is read from the memory device 1 (step 112). The electronic data management program decrypts the user data read from the memory device 1 (step 114).

  The electronic data management program confirms whether the access to the user data is permitted. This confirmation work is performed with reference to the attribute information of the user data. If the attribute information includes a location that can be accessed, the following processing is performed. The electronic data management program acquires position information from the external device 3 connected to the memory device 1. It is confirmed whether or not the acquired position information matches the designated location. If it matches, allow access. If they do not match, access is denied. In the case where there is a designation of accessible time in the attribute information, similarly, time information is acquired from the external device 3 and processed in the same manner.

  The decrypted user data is displayed on the output device of the electronic computer 2 (step 116). If the access is not permitted, the electronic data management program discards the access (steps 110 and 120). At this time, it is possible to display a message indicating that the access is not permitted on the display (step 122). The electronic data management program continuously monitors (step 118). Depending on the type of data, the user data is displayed by starting an appropriate application program 41.

  For example, when user data is read-only, the user data is passed to an appropriate application program 41 and displayed. The user browses user data by operating the application program 41 while operating an input device such as a keyboard or a mouse. However, user data cannot be saved from the application program 41. Also, a newly created file using user data cannot be saved. In addition, a part of user data cannot be passed to another application program or transmitted. The user can only browse user data.

  Depending on the control mode setting, this access is interrupted when editing user data. Further, when user data is recorded in a storage device such as the hard disk E4 or a recording medium, it is interrupted. Here, the operation in the control mode of the electronic data management program will be described. The control mode defines which function of the electronic computer the electronic data management program monitors and what data flow is controlled. The control mode is on means a state in which the electronic data management program monitors the electronic computer and restricts some of the functions of the electronic computer. The control mode is off means that the electronic data management program is operating on the electronic computer, but the function of the electronic computer is not particularly limited.

  FIG. 11 is a flowchart showing an operation when the electronic data management program turns on the control mode. As shown in step 78 of FIG. 9 and step 106 of FIG. 10, the electronic data management program turns on the control mode (step 130). At this time, the electronic data management program prohibits writing to the hard disk E4 built in the electronic computer 2 (step 131). The electronic data management program prohibits writing to the removable drive (step 132).

  In general, the removable drive also includes the memory device 1, but in this case, only the memory device 1 is an exception and is excluded from this setting. Other memory devices such as a USB memory are set to a setting for prohibiting writing. Therefore, when the application program 41 or the operating system 40 tries to write data to the memory device, the driverware 50 detects this and stops the writing operation. When the recording device is connected to the computer 2 in addition to the memory device 1 and the built-in hard disk, writing to them is prohibited (step 134).

  For example, a removable drive, a flexible disk drive, an external hard disk, and the like. Further, the electronic data management program prohibits the use of network communication (step 136). For example, use of network communication includes access to the network 81 such as the Internet and LAN via the network card E2, and communication between computers. The use of another interface of the memory device 1 is prohibited. For example, use of USB, SCSI, IDE, and RS-232C standard interfaces is prohibited (step 138).

  Further, the electronic data management program prohibits copy and paste, use of the creep board, and network function (step 139). The electronic data management program also prohibits the use of screen capture (step 139). The electronic data management program designates a process necessary for the normal operation of the operating system 40 and sets an exception (step 140). For example, System necessary for the operation of the operating system 40 can be operated. The electronic data management program acquires the process name and process ID of the running process (step 142).

  The electronic data management program stores the acquired process name and process ID in the management table (step 144). The various settings in steps 131 to 140 after the electronic data management program turns on the control mode do not necessarily need to be performed in this order, and can be freely combined depending on the situation. When the memory device 1 is removed from the electronic computer 2, the operating system 40 detects this. Since the memory device 1 is recognized as a removable drive by the operating system 40, the electronic data management program confirms whether or not this is the memory device 1 in which the authentication program 113 is stored.

  When the memory device 1 is disconnected, the electronic data management program cancels all the settings set in steps 131-140. Also, the setting for automatic decryption of the file is canceled. FIG. 12 shows a flowchart of the operation of the control unit 52. When the driverware 52 is instructed to turn on the control mode, the control unit 52 receives this instruction and transmits a command for prohibiting all file accesses (step 200). This command is transmitted to the interface control unit C1, the network control unit C2, and the file system control unit C3.

  The interface control unit C1, the network control unit C2, and the file system control unit C3 receive this command and prohibit file access. Also, control process settings, network usage prohibition, clipboard usage prohibition, screen capture usage prohibition, copy and paste function prohibition, etc. are performed. The process manager of the executive 46 (see FIG. 2) manages all processes being executed. Here, by registering a callback function (using the API of the kernel 47), an event of process start / end is acquired.

  A callback function is set for the start / end event of the process to be executed so that the start and end of the application program 41 can be detected. When the application platform program 42 is operating, the application program 41 is activated (step 202). The application platform program 42 detects the activation of the application program 41 (step 204). In the “CreateProcess” SUSPEND mode, the process of the application program 41 is started, and the application platform program 42 acquires the handle and process ID of this process.

  When a process is started in "CreateProcess" suspend mode, it enters a paused state and will not run until it is resumed. The handle is a process handle returned from “CreateProcess”. The application platform program 42 transmits the acquired handle and process ID to the control unit 52. When the process is activated, the callback function in the file system control unit C3 is executed, and the control unit 52 is notified of the start of control. The control unit 52 acquires the handle and the process ID (Step 206). The detailed operation of this acquisition will be described later.

  The control unit 52 transmits a handle and a process ID to the file system control unit C3, and performs setting to permit file access issued from the process ID. Items set to permit file access are process ID, process name, file name, folder name, and file operation. The setting designated for the file operation is a setting that permits either read-only (Read Only) or read-write (Read / Write) (step 208). The interface control unit C1 sets various interfaces to use prohibition (step 210).

  Further, the network control unit C2 sets so as to prohibit network communication (step 210). When these series of settings are completed, the suspend process is resumed using the acquired handle (step 212). The application program 41 is operated. Then, the control unit 52 waits for an end event which is a notification issued from the operating system 40 when the application program 41 ends (step 214). When the application program 41 ends, the callback function in the file system control unit C3 is executed, and the control unit 52 is notified of the release of control.

  The file system control unit C3 cancels the control performed by the process control list 150, and does not control the application program 41 thereafter. Of course, when the application program 41 accesses user data, control is resumed. FIG. 13 is a flowchart showing the operation of the control unit 52 when the application program 41 ends. When the application program 41 operates and ends, an end event is generated (step 230). The application platform program 42 acquires the process ID of the end event.

  The application platform program 42 transmits the process ID of the end event to the control unit 52. The control unit 52 acquires the process ID of the end event (step 232). The control unit 52 sets the file system control unit C3 to prohibit file access from the acquired process ID (step 234). Then, the interface control unit C1 is instructed to cancel the prohibition setting, and the interface control unit C1 cancels the use prohibition setting (step 236). The network control unit C2 is instructed to cancel the prohibition setting, and the network control unit C2 cancels the use prohibition setting (step 238).

  FIG. 14 is a diagram illustrating a flowchart when the control unit 52 sets exclusion of prohibition of use. The user's personal authentication is successful (step 260). If the personal authentication is successful, it is necessary to designate processes indispensable for the operation of the operating system 40 and not restrict these processes. For example, an execution file related to the system service of the operating system 40, and a service provided by the operating system 40 that is not related to the use prohibition when a process when the execution file operates is disabled or cannot be started. Or the operation of the operating system 40 itself becomes unstable.

  For this purpose, it is necessary to operate the minimum executable files and processes necessary for the operation of the operating system 40 without restriction. For example, “System”, “Kernel.exe”, and “explorer.exe” can be exemplified as processes. The control process name and control directory are registered in the process control list 150. The process control list 150 is illustrated in FIG. The control unit 52 reads the control process name and control directory from the process control list 150 (step 262).

  There are also non-operating application programs that do not save temporary files to the local disk. For this purpose, encryption is performed when the application program creates a temporary file on the local disk, and process protection is performed so that the temporary file cannot be accessed from other application programs. Process protection is performed by a driverware prohibiting file access by a process by an application program other than the application program being controlled. When the operation of the application program ends, this temporary file is deleted.

  The control unit 52 acquires the process ID from the control process name (step 264). The actual program (module such as .exe) name is determined from the process ID. Then, the control unit 52 instructs the file system control unit C3 to set all prohibition, and the file system control unit C3 sets prohibition of all processes (step 266). Next, the control unit 52 instructs the file system control unit C3 to set the process ID of the control process name and the permission setting for reading / writing the control directory (step 268).

  The file system control unit C3 receives the process ID, file path, and control mode transmitted from the control unit 52 (step 270). The file system control unit C3 adds the process ID, file path, and control mode to the process control list 150 (step 272).

  FIG. 15 is a process flowchart showing the operation of the file system control unit 34. A file access event occurs when accessing a file from the application program 41 or the operating system 40 (step 300). The file system control unit C3 acquires a process ID, a file path, and a file operation (Read / Write) from the control unit 52 (Step 302). It is confirmed whether or not the process ID and the file path match those registered in the process control list 150 (steps 304 to 310).

  When the process ID and the file path match those registered in the process control list 150, the file operation is set to be permitted or prohibited based on the control value (step 308). When the process ID and the file path do not match those registered in the process control list 150, the file operation is set to be prohibited based on the control value (step 312).

  FIG. 16 illustrates an example of the process control list 150. The process control list 150 is stored in a file as an initial value and stored in the hard disk E4 when the electronic data management program is installed. The process control list 150 can be edited and changed when necessary. The process control list 150 includes a serial number column 151 indicating the order of registered items, a process name 152 indicating a process name to be controlled, a process ID 153 indicating a process ID of a control target, a file path 154 indicating a file path, a control path There is a column for control 155 indicating the method. The control target process name is described as a control process in part of the above description.

[About acquisition of process name, process ID, and file name]
In order to detect the process, the following pre-processing is performed. In the file system control unit C3, a callback for a request for an input / output function related to file access (hereinafter referred to as an I / O request) is set to come to the control unit 52. This is because all I / O requests related to file access pass through the file system control unit C3, so that the I / O requests are transferred to the control unit 52 and analyzed. Then, the process control list 150 is transferred to the file system control unit C3, and the file system control unit C3 monitors whether the access registered in the process control list 150 is performed.

  In order to detect a process, the following execution process is performed. The application program 41 tries to access a file stored in the memory device 1. At this time, the application program 41 issues an I / O request related to file access. This I / O request is called back and transmitted to the control unit 52 as set during the pre-processing described above. Upon receiving this I / O request callback, the control unit 52 obtains a process ID, a process name, and a file name. The process name, process ID, and file name associated with the process are obtained as follows.

  To obtain the process name, use the “ZwQueryInformationProcess” function to obtain the image path of the execution process, and obtain the process name from the file name of the execution file (exe file). In order to acquire the process ID, the ID of the current process is acquired using the “PsGetCurrentProcessId ()” function. In order to obtain the file name, the file name is obtained from the file object referenced from the input / output (I / O) request (IRP) related to the file I / O request.

  Then, the file system control unit C3 receives the process name, process ID, and file name relating to the I / O request from the control unit 52 and compares them with the process control list 150 to control file access. The file system control unit C3 returns to the application program 41 permission or denial of access to the file in response to the I / O request according to the process control list 150.

[Event detection]
The event detection is performed as follows. An I / O request in the kernel of the operating system 40 is made in the form of an IRP (IO Request Packet). For file access, the IRP shown in Table 1 below is used. Event detection is performed by setting a callback function for this IRP. The callback function is registered in the process manager of the executive 46 (see FIG. 2), and when the callback function is executed, control is transferred to the reference destination driverware 50.

  Depending on the electronic data management program of the present invention, it is possible to control only the application program 41 and the process that are trying to access the memory device 1 storing the user data. In this way, the application program 41 operating on the electronic computer 2 and the service of the operating system 40 are not forcibly restricted, and an attempt to access only the user data 3 is monitored and the access is permitted or not permitted. I do.

  Further, the user data 3 is accessed to block access to the application program 41, the network function of the process, and other recording devices, and the use of functions that are likely to duplicate the user data 3 such as the clipboard is prohibited. Thereby, the user data 3 can be used without being leaked to the outside.

[Example of file attribute information]
FIG. 17 shows an example of file attribute information. In FIG. 17, there are a “number” field, a “file name” field, a “period” field, a “time” field, and a “location” field as examples of file attribute information. The “number” column indicates the order of registration of files in which attribute information is registered. The “file name” column indicates the name of the registered file. The “period” column indicates a period during which the file can be accessed.

  Here, the date is specified as an example of the period. This period can be specified in days. You can specify either a month or year. Further, it can be specified by excluding the day of the week, a specific holiday, or a specific holiday or day. The “time” column indicates the time and time zone during which the file can be accessed. Here, as an example of time, it is specified in units of hours and minutes, but it can also be specified by time alone. Furthermore, it can be designated as daytime or nighttime. The “location” column indicates a location where the file can be accessed.

  The “location” column indicates a range of locations where the file can be accessed. Here, as an example of the place, the coordinates on the earth are designated as “137 degrees east longitude”, “30 degrees north latitude”, and the like. Furthermore, it can be specified by administrative division such as “Tokyo, Japan”. Furthermore, it can be designated as “company premises” or the like. In this way, when specified, another data representing the coordinates is required in conjunction with these, and the coordinates are acquired by referring to the data. Further, the “place” column can also be used as a user action range.

  Here, a small number of examples are given, but any of those exemplified in the “place” column, the “time” column, and the “place” column can be used in any combination.

[About log acquisition]
The log acquisition unit 53 acquires a history of access by which a user accesses a file in the memory device 1 and stores it in the memory device 1. This history can be stored in the user area 32. This history is preferably stored in the user area 32 in the dark. The history includes time information and position information acquired from the external device 3. Later, by analyzing this history, the user can grasp where, when, which file and how. Of course, the user also leaves the range of use and attempts to access the file also remain in the history.

[About GPS]
In the present embodiment, the GPS device has been mainly described as an example of carrying the external device 3. The GPS device has a GPS receiver mounted therein. The GPS receiver receives and processes signals from GPS satellites, and as a result, the GPS device outputs time information and position information. Here, a little more detailed explanation will be given. The signal from the GPS satellite includes time data from an atomic clock mounted on the GPS satellite, the orbit of the satellite, and the like. If the GPS receiver is equipped with a clock that can know the exact time, it will receive radio waves from GPS satellites, and the radio wave propagation speed (300,000, the same as the speed of light) km / sec) to determine the distance from the satellite.

  If the distances from the three GPS satellites are known, one point in space can be determined, but there is also a signal interference from the GPS satellites and an error in the internal clock of the GPS device, so the accuracy is not high. Therefore, normally, radio waves from four GPS satellites are received, and positioning is performed while calibrating the internal clock of the GPS receiver. Currently, consumer-use GPS receivers are widely used in aircraft, ships, surveying equipment, mountain climbing portable devices, and the like. Furthermore, they are installed in car navigation systems, mobile terminals, mobile phones, notebook computers and the like.

  Furthermore, it is also applied to systems such as mining equipment, luxury car management, and monitoring and tracking management of illegal dumping of industrial waste. In particular, the applications in the security field are expanding. GPS can basically be used only where radio waves from GPS satellites reach directly. For this reason, it is required to significantly improve the positioning utilization rate in a building district or a mountainous area in an urban area where GPS signals are difficult to reach and positioning utilization efficiency is poor. As an improvement, many systems have been devised that can use GPS signals indoors.

  One of these is the quasi-zenith satellite system being developed by the Japan Aerospace Exploration Agency (JAXA), which can be used indoors and underground malls where positioning signals from satellites do not reach as well as outdoors. You can measure the position. For details, JAXA has released the standard specifications as a ground complement device (IMES: Indoor Messaging System). In this system, indoor GPS is a pseudo satellite that transmits a signal equivalent to a GPS satellite. This system was devised to enable accurate positioning even indoors where radio waves are difficult to reach.

  IMES was conceived from the framework of “Quasi-Zenith Satellite”, a Japanese positioning satellite system, and has officially obtained satellite numbers from US GPS. For this reason, any terminal equipped with an IMES-compatible GPS receiver can be used without a special positioning function, so it can also be a mobile phone or PDA. In GPS and many other positioning methods, the accuracy is greatly degraded due to multipath, and the location is difficult to identify. IMES reads position information as a message, so it is possible to identify the location with certainty. IMES is a method of sending the location data of the transmitter installation location instead of satellite orbit data.

  Therefore, the GPS receiver can be easily handled. The transmitted message includes the floor in addition to the location, and can specify a building or a room. Since IMES is the same signal system as GPS satellites, outdoor and indoor seamless positioning can be performed together with GPS. If the terminal is equipped with a GPS function, it can be adapted to IMES with minor modifications, and there is no need to prepare a special interface.

  In the present invention, as described above, the GPS device of the external device is preferably an IMES compatible GPS device. Therefore, traceability of user data can be realized both outdoors and indoors. In particular, information that strongly requires security requirements can be managed for each building and for each building floor. Specifically, the electronic data management apparatus can clearly confirm whether the positioning point where the position information is acquired from the IMES-compatible GPS apparatus is a place where security is implemented. For example, it is possible to grasp what floor is accessed from the building.

[Second Embodiment of Electronic Data Management System]
FIG. 18 shows an outline of the second embodiment of the electronic data management system of the present invention. The electronic data management system of the present invention comprises a host device 102, a memory device 101, and a radio clock 103. The host device 102 may be the electronic computer 2 described in the above embodiment. The host device 102 may be a portable computer such as a PDA. The basic operation of the host device 102 is the same as that of the above-described electronic computer 2, and here, only different parts of the electronic computer 2 and the host device 102 will be described.

  The memory device 101 is the memory device 1 described above. The radio clock 103 is a radio clock that receives time information by radio waves. The radio clock 103 provides accurate clock information to the memory device 101 and the host device 102. The radio timepiece 103 is a watch that acquires time information using radio waves in a broad sense. For example, GPS receivers, mobile phones, television and radio broadcast time reports, etc. can be used as radio wave clocks in a broad sense. Digital broadcast clock information such as BS digital and terrestrial digital can be used as the radio clock 103.

  That is, in digital broadcasting, the current time is incorporated as a TOT (Time Offset Table) in the broadcast wave. Further, a time signal of a television or radio broadcast can be used as the radio clock 103. As described above, any type can be used as long as it transmits time information to the memory device. Standard radio waves are most preferred when seeking real-time accuracy. The radio timepiece 103 in a narrow sense has a function of receiving this standard radio wave (JJY in Japan) and automatically correcting an error. Each country has a transmitter station that emits standard radio waves.

  A clock called a “cesium atomic clock” is installed at the transmitting station. This atomic clock is an accurate clock with almost no error of 1 second in 100,000 years. The transmitting station converts the date information of this cesium clock and the digital signal of the time information into a radio signal and transmits it. In Japan, there are two transmitting stations called JJY covering almost the entire country. The northern transmitter station installed at Otaka Toriyayama in Fukushima Prefecture transmits standard radio waves at a transmission frequency of 40 kHz.

  The transmitting station in the south is located at Mt. Hagane, located on the border between Fukuoka Prefecture and Saga Prefecture, and transmits standard radio waves with a transmission frequency of 60 kHz. A receiver built in the radio timepiece 103 reads a signal transmitted from the transmitting station at regular intervals, and automatically adjusts the time. For this reason, the radio timepiece 103 can know the accurate time in seconds while omitting the time adjustment and the like only in an environment where radio waves can be normally received. Therefore, an accurate access time can be grasped in realizing traceability of user data.

  The standard radio wave is not currently implemented in Japan, but it can cope with daylight saving time, and in this case, it is not necessary to set the time twice a year. As described above, the second embodiment uses the radio timepiece 103 as the external device 3. As described above, it can be used similarly to the use of the external device 3. When a user accesses a file stored in the memory device 101, the electronic data management program acquires time information and calendar information from the radio clock 103 and compares them with file attribute information. Therefore, access to the file is permitted or denied depending on the comparison result.

[Third Embodiment of Electronic Data Management System]
FIG. 19 shows an outline of the third embodiment of the electronic data management system of the present invention. The electronic data management system of the present invention comprises a host device 202, a memory device 201, and a mobile phone 203 or 204. The host device 202 may be the electronic computer 2 described in the above embodiment. The host device 202 may be a portable computer such as a PDA.

  The basic operation of the host device 202 is the same as that of the electronic computer 2 described above, and only different parts of the electronic computer 2 and the host device 202 will be described here. The memory device 201 is the memory device 1 described above. The mobile phone 203 or 204 is a normal mobile phone and can output time information. The mobile phone 204 includes a GPS receiver and outputs position information and time information received from the GPS. Time information is superimposed on the control signal transmitted from the base station of the mobile communication network. The cellular phone 203 receives this time information and can use it for correcting the internal clock and time information for data communication.

  In addition, time information is superimposed on the calling radio wave emitted from the base station of the mobile communication network. The cellular phone 203 receives this time information, corrects the internal clock, and transmits the time information to the host device 202. Further, the cellular phones 203 and 204 have memory means such as a memory card, and the memory means can be recognized by the host device and used as a user data storage destination. That is, it can be used as the user area 32 or the authentication area 30 as described in the first embodiment.

  In this case, when the cellular phones 203 and 204 are connected to the host device 202 via the memory device 201, they are recognized and authenticated as independent drives. The electronic data management program makes settings that can be accessed from the host device 202. Therefore, it can be used as the user area 32 described in the first embodiment (see FIG. 7).

[Fourth Embodiment of Electronic Data Management System]
FIG. 20 shows an outline of the fourth embodiment of the electronic data management system of the present invention. The electronic data management system of the present invention comprises an electronic computer 302, a memory device 301, an external device 303, and a server 304. The electronic computer 302 is the electronic computer 2 described in the above embodiment. The basic operation of the electronic computer 302 is the same as that of the electronic computer 2 described above, and only different parts will be described here. The memory device 301 is the memory device 1 described above. The external device 303 is the external device 1 described in the first embodiment.

  The server 304 and the computer 302 are connected via a network 305. The network 305 can be a LAN, a WAN, or the like. The network 305 is preferably the Internet. The present invention provides an electronic data management system for monitoring and tracking the usage status of user data 3. This electronic data management system includes an electronic data management program that operates on the electronic computer 302. The electronic data management program is a program for providing an environment for using user data on the electronic computer 302.

  The present invention also provides a memory device 303 for storing and carrying user data. The user data and the electronic data management program can be recorded on the same recording medium or storage device and provided to the user. Further, the user data and / or electronic data management program can be provided to the electronic computer 302 and the external device 301 via the network 305. User data is stored in a network storage device such as a network shared folder or NAS, and can be downloaded to the electronic computer 302 and used when necessary.

  The server 304 is an electronic computer including a central processing unit, an input / output device, a built-in memory such as a ROM and a RAM, and a hard disk. An authentication program (see FIG. 7) stored in the memory device 201 is connected to the server 304 to authenticate the electronic computer 202. The electronic data management program can be installed by downloading the electronic data management program from the server 304 (see step 99 in FIG. 9).

  The authentication program instructs the electronic data management program to turn on the control mode (details will be described later) of the electronic data management program (see step 78 in FIG. 7). When the control mode of the electronic data management program is turned on, the connection between the electronic computer 302 and the server 304 is preferably maintained. At this time, the electronic data management program constantly transmits log information to the server 304.

  The log information includes time data acquired from the external device 303 and / or position information. The server 304 can acquire the time data and / or the position information and monitor online from where the user is accessing. If necessary, the use of user data can be stopped or temporarily stopped by instructing the electronic computer 302.

  The present invention records a user's files, data, programs, etc. on an electronic recording medium, provides them to the outside, and can grasp how they are used by the provider, and manages electronic data closely. It is good to use it for the field that needs. In particular, it is possible to determine in advance a range in which the user can use data based on position information and time information, and monitor whether the data is used within the range. In this way, it is desirable to use it in the printing industry, insurance companies, and stores that require management of confidential information such as user data and files in sales or accounting data, and employee data management. Furthermore, the present invention may be used in fields such as financial institutions that require close management of electronic data, facilities related to nuclear power, and terminals that handle personal data.

FIG. 1 is a diagram illustrating an outline of an electronic data management system according to the present invention. FIG. 2 is a flowchart showing a procedure for using the memory device 1 of the present invention. FIG. 3 is a flowchart showing an overview of controlling user data. 4A and 4B are block diagrams showing the internal structure of the memory device 1 of the present invention. FIG. 5 is a block diagram showing main components of the memory device 1 of the present invention. FIG. 6 is a block diagram showing the main components of the memory device 1 of the present invention (including the power converter 19). FIG. 7 is a block diagram illustrating a configuration example of the memory 16 of the memory device 1. FIG. 8 is a diagram illustrating an outline of software operating on the electronic computer 2. FIG. 9 is a flowchart showing a flow when the electronic computer 2 reads user data from the memory device 1 and browses it. FIG. 10 is a flowchart showing an outline of the operation of the electronic data management program. FIG. 11 is a flowchart showing an operation when the electronic data management program turns on the control mode. FIG. 12 is a flowchart illustrating an operation example of the control unit 52. FIG. 13 is a flowchart illustrating an operation example of the control unit 52 when the application program 41 is terminated. FIG. 14 is a flowchart when the control unit 52 sets use prohibition exclusion. FIG. 15 is a process flowchart showing the operation of the file system control unit 34. FIG. 16 is a diagram illustrating an example of the process control list 150. FIG. 17 is a diagram illustrating an example of file attribute information. FIG. 18 is a block diagram illustrating the outline of the second embodiment of the electronic data management system of the present invention (when the external device is an electronic timepiece). FIG. 19 is a block diagram illustrating the outline of the third embodiment of the electronic data management system of the present invention (when the external device is a mobile phone). FIG. 20 is a block diagram illustrating the outline of the fourth embodiment of the electronic data management system of the present invention (in the case of a network).

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Memory device 2 ... Computer 3 ... External device 4 ... Server 5 ... Network 11 ... 1st terminal 12 ... Hub controller 13 ... Port controller 14 ... Switch 15 ... Memory controller 16 ... Memory 17 ... 2nd terminal 18 ... Display 19: Power converter 20 ... Power switch 30 ... Authentication area 31 ... Program area 32 ... User area 41 ... Application program 43 ... User mode 44 ... Kernel mode 46 ... Executive 47 ... Kernel 50 ... Driverware 51 ... Application program interface section 52 ... Control unit 53 ... Log acquisition unit 54 ... Encryption unit 55 ... Decryption unit 82 ... Keyboard 83 ... Mouse C1 ... Interface control unit C2 ... Network control unit C3 ... File system control unit C4 ... Input device control D1 ... Interface driver D2 ... Network driver D3 ... File system driver D4 ... Keyboard driver D5 ... Mouse driver E1 ... Connector E2 ... Network card E3 ... USB port E4 ... Hard disk

Claims (9)

When using an electronic file stored in the memory device (1) connected to the electronic computer (2), the electronic file is referred to by referring to attribute information indicating a use range in which the electronic file can be used. In the electronic data management method for determining permission or disapproval of use of
The memory device (1) includes (a) control means (14) for controlling connection or disconnection between an external device (3) for providing external information and a line for data communication with the electronic computer (2). 15) and (b) the storage means (16) storing the electronic file,
The external information includes position information that is the position of the electronic file on the earth and / or time information indicating the current time and calendar,
When the external device (3) is connected to the electronic computer (2) via the control means (14, 15),
The electronic computer (2) acquires the external information, compares the attribute information with the external information,
When the position information and / or the time information exist within the usage range that the attribute information has been determined in advance, the permission is given,
The electronic data management method, wherein when the position information and / or the time information are not within the usage range determined in advance by the attribute information, the disapproval is performed. In claim 1,
The electronic computer (2)
A device for directly controlling the devices (E1 to E6) connected to the electronic computer (2), operating in a kernel mode capable of executing all the instructions of the operating system operating the electronic computer (2) Means for providing a common interface for communication between the drivers (D1 to D5) or communication between the device driver (D1 to D5) and the application program (41) operating on the electronic computer (2); And,
Second data including first data including instructions and / or data output from the application program (41) and including execution results of the instructions and / or received data received from the device drivers (D1 to D5). To the application program (41), an application program interface unit (51),
A third data including the command and / or the data is transmitted to the device driver (D1 to D5), and a fourth result including the execution result of the command and / or the received data from the device driver (D1 to D5). Device driver control units (C1 to C4) for receiving data;
Driverware means comprising: a control unit (52) for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data (50)
The application program interface unit (51) acquires the access when accessing the electronic file from the application program (41),
The device driver control unit (C1 to C4) acquires the attribute information of the file from the memory means (1), and further receives the position information and / or the time from the external device (3). Get information,
The control unit compares the position information and / or the time information with the attribute information, and outputs the permission or the disapproval.
In the case of the permission, the access is transmitted to the device driver (D1 to D5),
The data management method for an electronic computer, wherein the access is discarded when the access is not permitted. In claim 1 or 2,
Using the personal information of the user stored in the memory means (1) to perform personal authentication of the user;
When the personal authentication is successful, connect the line and make the external device (3) accessible from the electronic computer (2),
When the power supplied to the external device from the electronic computer is cut off, the line is disconnected so that the external computer cannot be accessed even if the external device operates with another power source. Data management method for electronic computers. In claim 1 or 2,
The external device (3) is a radio clock,
The electronic time management method, wherein the time information is data obtained by obtaining a standard radio wave with the radio timepiece and obtaining the time and the calendar. In claim 1 or 2,
The external device (3) is a GPS receiver;
The position information is coordinate data acquired from GPS data acquired by the GPS receiver,
The time information is A) the time and / or the calendar acquired from the GPS data, or B) data obtained by obtaining a standard radio wave with a radio clock and obtaining the time and the calendar. Electronic data management method. In a memory device having a memory means (16) for storing an electronic file and a first terminal (11) for connection to an electronic computer (2),
A second terminal (17) to which an external device (3) is connected;
Control means (12,) for controlling communication between the electronic computer (2) and the memory means (16) and communication between the electronic computer (2) and the second terminal (17) 13 and 14),
The control means (12, 13, 14) is configured to perform data communication between the first terminal (11) and the second terminal (17) when the computer (2) communicates with the external device (3). Connect the wires,
When the electronic computer (2) does not communicate with the external device (3) or when the external device (3) is disconnected from the second terminal (17), the control means (12, 13, 14) And disconnecting the data communication line between the first terminal (11) and the second terminal (17). In claim 6,
The external device (3) is a device for providing external information including position information on the earth of the electronic file of the external device (3) and / or time information indicating the current time and calendar. Yes,
A memory device, wherein the external information is compared with attribute information of the electronic file to determine whether or not to use the electronic computer. In claim 7,
The control means performs personal authentication using personal information stored in the memory means,
If the personal authentication is successful, the external information is acquired and the determination is performed. In claim 7,
When the electronic computer accesses a file stored in the memory means,
Obtaining attribute information indicating information about the time and / or the location information at which the file can be used;
Obtaining the external information from the external device;
A determination means for comparing the attribute information with the provided information and determining the access to the file;
A memory device comprising execution means for permitting or not permitting the access in accordance with a determination result from the determination means.

Images