JP2010072885A - Data management method for electronic computer and program therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data management program for monitoring access by preventing user data provided to a client from being duplicated or moved to be used for anything other than a purpose. <P>SOLUTION: A temporary file created while an application program 10 operating on a client computer 1 is in operation is encrypted into a folder 8 created on a hard disk 25 to be stored. A driverware 50 for controlling access to a disk driver 30 monitors access from the application program 10 to the file system, and encrypts the temporary file, and stores it in a folder 8. The application program 10 operates to perform access to a conventional folder 7. The folder 8 may be created in a server 100 on a network 13 or a USB memory 5 or the like connected to the client computer 1. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a data management system for managing electronic data. In particular, the present invention relates to a data management method of an electronic computer for data traceability for tracking and monitoring access to a file in which electronic data is stored, and a program therefor.

  Personal information and business know-how are often stored in a computer storage device or recording medium as a file in the form of electronic data. It is important to closely manage the history of accessing this file, especially the history of browsing, editing, copying, printing, sending, etc. of the file. For example, insurance companies distribute recovery manuals to personnel in the event of a disaster. This recovery manual is a collection of know-how and has a very expensive information value. There are times when you do not want the recovery manual distributed offline to be leaked or copied outside. Manufacturers distribute product specifications and design documents to relevant parties.

  There are times when it is desirable to prevent this specification or design document, which is confidential information, from being viewed by anyone other than those involved, and to prevent it from leaking outside. At the time of proofreading a publication, etc., the original electronic data is changed, but we want to prevent the original and proofread electronic data from leaking outside. Similarly, for image data such as photographs, it is desirable to prevent the original or edited electronic data from leaking outside. In order to respond to such a demand, the inventors of the present invention have developed a data management system and a program therefor disclosed in Patent Document 1 and provided them to clients. The client user data stored in the non-volatile memory cannot be used for purposes other than the purpose of the electronic computer that processes the client user data, and is not taken outside.

  In many operating systems, a temporary file created during operation of an application program exists even after the application program is terminated, causing information leakage. This will be described with reference to FIG. FIG. 17 is a flowchart showing a conventional method in which an application program creates and uses a temporary file. The application program is activated and operates (step 1). The client operates the application program to open user data. Alternatively, the client operates the application program to create a new file for user data (step 2).

  The application program creates a temporary file for user data (step 3). The application program is operated by the client to display the contents of the user data on the display device (step 4). Alternatively, the application program is operated by the client to edit the contents of the user data (step 5). In other words, the client edits the content of the user data by operating the input device of the client computer while browsing the content of the user data on the display device. The contents of the user data during this work are stored in a temporary file.

  The application program stores the contents of the temporary file in a file for actual user data every predetermined time. When closing the user data, the application program saves the latest contents of the temporary file in the user data and then closes the user data. Even if the application program closes the user data, the temporary file continues to be stored on the auxiliary storage device of the client computer without being deleted. Even when the application program itself ends, this temporary file is not deleted and is continuously stored on the auxiliary storage device of the client computer 1.

Thus, the temporary file is a cause of information leakage without being deleted from the auxiliary storage device of the client computer. Even if the client deletes the user data, the temporary file for user data is not deleted but is stored in the auxiliary storage device of the client computer 1. Later, the temporary file can be opened and viewed from the application program that created the temporary file. If the operation of the application program is not restricted, this temporary file can be freely copied and edited. Thus, temporary files are a cause of information leakage.
WO2007 / 049625 “Data management method, program and recording medium for electronic computer”

  However, some application programs use temporary files stored on a hard disk during operation. The creation of the temporary file depends on the application program, but may be an indispensable setting for the operation of the application program. When the application program ends or when a user file opened by the application program is closed, the temporary file is often left as it is. This is a fatal problem in view of the purpose of preventing duplication of user data so that user data provided to the client cannot be used for purposes other than the intended purpose, and this improvement is desired. Yes. The data management method and program disclosed in Patent Document 1 are required to prevent information leakage from temporary files.

The present invention has been made based on the technical background as described above, and achieves the following objects.
An object of the present invention is to provide a data management method of an electronic computer for tracking and monitoring access to user data provided to a client, and a program therefor.
Another object of the present invention is to provide a data management method for an electronic computer for managing user data and a program therefor so that user data provided to a client cannot be used for anything other than the purpose. There is.

  Still another object of the present invention is to manage data of an electronic computer for managing user data so that a temporary file created when using an application program on a client computer cannot be used for purposes other than the purpose. It is to provide a method and a program therefor.

In order to achieve the above object, the present invention employs the following means.
The present invention relates to a data management method for an electronic computer. The present invention also relates to an electronic computer data management program for causing an electronic computer to manage electronic data. Specifically, a storage device (5) storing user data (4) is connected to the electronic computer (1), and the user data (4) is read onto the electronic computer (1) to be an application program. (10) when the application program (10) is operated and browsed or edited by the input data input from the input device of the electronic computer (1) and viewed or edited, Control is performed so that the user data (4) is not leaked to the outside from the electronic computer (1).

The data management method for an electronic computer according to the present invention operates in a kernel mode in which all instructions of an operating system that operates the electronic computer (1) can be executed, and includes a device connected to the electronic computer (1). Driverware (50) for providing a common interface for communication between device drivers (30) for direct control or communication between the device driver (30) and an application program (10) operating on the electronic computer ) Has the electronic computer (1),
The driverware (50)
First data including instructions and / or data output from the application program (10) is received, and second data including execution results of the instructions and / or received data received from the device driver (30), An application program interface (51) for transmitting to the application program (10);
The command and / or the third data including the data is transmitted to the device driver (30), and the fourth data including the execution result of the command and / or the received data is received from the device driver (30). A device driver control unit (40) for, and
A control unit (52) for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data;
When the application program (10) is activated, the application program (10) outputs a temporary file creation instruction for creating a temporary file that is temporarily used during operation of the application program (10).
The application program interface unit (51) acquires the temporary file creation command,
The device driver control unit (40) receives the temporary file creation command from the application program interface unit (51), and transmits the temporary file creation command to the device driver control unit (40).
The device driver control unit (40) sends the temporary file creation command to a file system driver (34) which is a device driver for controlling the storage device (25, 5, 100),
The file system driver (34) creates the temporary file in the storage device (25, 5, 100) according to the temporary file creation instruction,
When requesting the temporary file from the application program (10), the file system driver (34) acquires the temporary file and sends the device driver control unit (40) and the application program interface unit (51). To the application program (10) via
When the application program (10) ends, the driverware (50) sends an instruction to delete the temporary file to the file system driver (34),
The file system driver (34) deletes the temporary file.

The driverware (50) includes an encryption unit (54) for encrypting data to create encrypted data, and a decryption unit for decrypting the encrypted data and creating the original data (55)
The driverware (50) encrypts the temporary file by an encryption unit (54), creates an encrypted temporary file, and stores the encrypted temporary file in the storage device (25, 5, 100).
When requesting the temporary file from the application program (10), the driverware (50) acquires the encrypted temporary file from the storage device (25, 5, 100), and the decryption unit (55). ) To create the temporary file and pass it to the application program (10),
When the application program (10) ends, the driverware (50) may delete the encrypted temporary file.

The storage device (25, 5, 100) may be an auxiliary storage device (25, 5) built in or connected to the electronic computer (1).
Further, the storage device (25, 5, 100) may be a storage device (100) on the network (13) to which the computer (1) is connected.

[Data Management Program for Electronic Computer of the Present Invention]
According to the data management program for an electronic computer of the present invention, a storage device (5) storing user data (4) is connected to the electronic computer (12), and the user data (4) is stored on the electronic computer (1). The application program (10) is read and browsed or edited by the application program (10), and the application program (10) is operated by the input data input from the input device of the electronic computer (1) to perform the browsing or editing. The user data (4) is a program for causing the electronic computer (1) to realize a function of controlling so that the user data (4) is not leaked from the electronic computer (1) to the outside.

The data management program for an electronic computer according to the present invention has the following characteristics. A data management program for an electronic computer according to the present invention includes:
A device driver that operates in a kernel mode in which all instructions of the operating system (11) that operates the electronic computer (1) can be executed and directly controls a device connected to the electronic computer (1). 30) a function for providing a common interface for communication between each other or communication between the device driver (30) and the application program (10) operating on the electronic computer (1), and
First data including instructions and / or data output from the application program (10) is received, and second data including execution results of the instructions and / or received data received from the device driver (30), An application program interface function (51) for transmitting to the application program (10);
The command and / or the third data including the data is transmitted to the device driver (30), and the fourth data including the execution result of the command and / or the received data is received from the device driver (30). Device driver control function (40) for, and
A control function (52) for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data; 1) having a driverware program (50) for realizing
When the application program (10) is started, a temporary file creation instruction for creating a temporary file that is temporarily used when the application program (10) is operated with an instruction output from the application program (10). The application program interface unit (51) acquiring;
The device driver control unit (40) receiving the temporary file creation command from the application program interface unit (51);
The device driver control unit (40) transmitting the temporary file creation command to the device driver control unit (40);
The device driver control unit (40) transmits the temporary file creation command to the file system driver (34) which is a device driver for controlling the storage device (25, 5, 100), and the storage device (25, 5, 100) causing the file system driver (34) to create the temporary file;
When requesting the temporary file from the application program (10), the device driver control unit (40) acquires the temporary file acquired from the storage device (25, 5, 100) by the file system driver (34). A step of obtaining,
The device driver control unit (40) passing the temporary file to the application program interface unit (51);
The application program interface unit (51) passing the temporary file acquired from the device driver control unit (40) to the application program (10); and
When the application program (10) is terminated, the driverware program (50) transmits an instruction to delete the temporary file to the file system driver (34) to delete the temporary file. It is characterized by becoming.

The driverware program (50) encrypts data to create encrypted data (54) and decrypts the encrypted data to create the original data. A decryption unit (55);
The driverware program (50) encrypting the temporary file by an encryption unit (54) to create an encrypted temporary file;
Storing the encrypted temporary file in the storage device (25, 5, 100);
Obtaining the encrypted temporary file from the storage device (25, 5, 100) when requesting the temporary file from the application program (10);
Decrypting the obtained encrypted temporary file by the decryption unit (55) to create the temporary file;
Passing the encrypted temporary file to the application program (10); and
When the application program (10) is terminated, the step of deleting the encrypted temporary file may be included.

Furthermore, the driverware program (50) preferably has a log acquisition function (53).
[Others]
The computer data management program of the present invention is preferably stored in a storage device. When the storage device is connected to the electronic computer, the electronic computer data management program of the present invention is preferably automatically installed and operated in the electronic computer. The storage device preferably has an area for storing user data, a user area that can be read and written, and an area for storing a program and a read-only program area.

  When the storage device is connected to the electronic computer, the authentication program stored in the program area starts automatically, and after confirming the driverware program, an instruction to turn on the driverware program control mode is sent to the driverware program To do. When the control mode is turned on, the user area should be recognized by the operating system, and the user data can be accessed from the electronic computer.

[Data management program storage]
The storage device may have an authentication unit for personal authentication of a client using the storage device.
The computer data management program of the present invention is preferably stored in a network storage on the network. This network may be a LAN, WAN, or the Internet. This network may be accessible by a wired or wireless public communication network.

  The data management program of the electronic computer of the present invention is preferably recorded on a recording medium such as various CDs, various DVDs, and a non-volatile memory that can only be read or read and rewritten. The data management program for the electronic computer of the present invention is preferably stored on a second electronic computer that can access this electronic computer remotely, and operates remotely on this electronic computer.

  According to the present invention, the following effects can be obtained. Tracking and monitoring access to user data provided to the client no longer causes information leakage due to temporary files created on the client computer. When the application program is terminated, the temporary file created for the application program is deleted, so that information leakage due to the temporary file can be prevented. Since the temporary file is encrypted and stored in the storage device, information leakage due to the temporary file can be prevented even during operation of the application program.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[First embodiment of the present invention]
FIG. 1 shows an overview of the first embodiment of the present invention. The client computer 1 is operated by the client 2. A management program 3 (described later) is installed on the client computer 1. The management program 3 will be described later in detail. User data 4 is displayed on a display device such as a display of the client computer 1. The client 2 operates the client computer 1.

  The client 2 operates the client computer 1 to browse and edit the user data 4. The management program 3 is for monitoring the usage status of the user data 4. The management program 3 is a program for providing an environment for using the client computer 1. In this embodiment, it is assumed that the user data 4 is stored in a storage device such as the USB memory 5. In the present embodiment, a method in which the user data 4 is stored in the USB memory 5 and provided to the client 2 is adopted. However, this does not limit the method of providing the user data 4 and the management program 3, and the storage device or recording medium for storing them, and any form having the same function may be used.

  In this embodiment, the USB memory 5 used as a storage device is a portable storage device with a built-in nonvolatile memory. The USB memory 5 is a storage device that conforms to the USB standard. The USB standard is a standard for data transmission between an electronic computer and a peripheral device, and includes a specification called “USB Mass Storage Class” for recognizing an external storage device as a removable drive. The USB memory 5 conforms to this USB Mass Storage Class. Electronic data transmission / reception between the client computer 1 and the USB memory 5 is performed using a Mass Storage Class driver possessed by the operating system.

  When the USB memory 5 is inserted into the USB port of the client computer 1, it is recognized as a removable drive by the operating system. The client computer 1 includes a hard disk drive 25 as an auxiliary storage device. The hard disk drive 25 stores operating system system files, application program execution files, and the like. Conventionally, when an application program is executed on the client computer 1, the application program creates a temporary file of the file opened by the application program on the hard disk drive 25.

  Or, conventionally, when an application program is executed on the client computer 1, the application program creates a folder 7 on the hard disk drive 25, and the application program stores a temporary file in the folder 7. In the present embodiment, the management program 3 creates a unique folder 8 in the hard disk drive 25. The application program temporary file is stored in this folder 8. The temporary file in the folder 8 is preferably stored after being encrypted. When the application program ends, the management program 3 deletes the temporary file created for the application program.

  Therefore, when the application program ends, no temporary file remains in the hard disk drive 25. Therefore, information leakage caused by the temporary file remaining in the hard disk drive 25 can be prevented.

  FIG. 2 is a functional block diagram showing an outline of software that runs on the client computer 1. In the present embodiment, the operating system 11 is Microsoft Windows XP (registered trademark). However, this does not limit the type of the operating system 11, and the type of the operating system is not limited as long as the same function can be realized. The application program 10 runs on the operating system 11. The management program 3 includes the application platform program 58 illustrated in FIG. 2 and driverware (registered trademark) 50.

  The application platform program 58 is application software that operates in the user mode of the operating system 11. The driverware 50 is a program that operates in the kernel mode of the operating system 11. The operations and functions of the application platform program 58 and the driverware 50 will be described later. The client computer 1 includes a central processing unit (CPU), a RAM, a ROM, an input / output device (for example, a display, a keyboard, a mouse, etc.), an auxiliary storage device (for example, a hard disk 25), and various communication ports (for example, It is a general electronic computer equipped with a USB port.

  The client computer 1 includes input devices such as a keyboard 16 and a mouse 17. Although not shown, the client computer 1 includes an output device such as a display, an auxiliary storage device such as a hard disk, and a memory such as a main memory. The client computer 1 can have peripheral devices such as an external hard disk, a scanner, and a printer. Although these peripheral devices are not shown, they are hereinafter referred to as external devices. The external device is connected to the connector 22. The client computer 1 operates under the control of the operating system 11.

  The application program 10 that operates on the client computer 1 operates on a function provided by the operating system 11. The application program 10 is an executable file or software that operates in the kernel mode or the user mode of the operating system 11. For example, the application program 10 is software for creating and editing a document such as word processing software or a text editor. In the example illustrated in FIG. 2, the application program 10 is application software that operates in the user mode of the operating system 11. The application program 10 includes a kernel mode module.

  Further, the application program 10 is software for browsing, creating, and editing a specific format file such as a pdf format file. The operating system 11 has basic functions such as input from a keyboard 16, input function from an input device such as an input by operating a mouse 17, output function from an output device such as screen output, management of an external storage device and memory, etc. Software for providing general functions and operating and managing the entire client computer 1. The operating system 11 is composed of a large number of executable programs in order to realize the functions provided by the operating system 11.

  Further, in order to understand this embodiment, in order to reproduce (implement) this, technical information disclosed about the operating system 11 and the device driver is necessary. This technical information includes data on the Internet that has been disclosed by the vendors who have developed and provided the operating system 11, and information provided to the developers from these vendors. For example, there are a large number of books about the operating system 11, especially the Windows operating system used in the present embodiment. In order to reproduce the present invention, technical knowledge described in these books, in particular, knowledge concerning device driver development is required.

List of books on the internal structure and operation of Windows operating systems:
− Inside Windows NT by Helen Custer (Microsoft Press, 1992)
− Inside the Windows NT File System by Helen Custer (Microsoft Press, 1994)
− Inside Microsoft Windows 2000, Third Edition by David A. Solomon, Mark E. Russinovich (Microsoft Press, 2000).
List of books from basic knowledge of device drivers to knowledge about their development:
− Programming the Microsoft Windows Driver Model by Walter Oney (Microsoft Press, 1999)
− Programming the Microsoft Windows Driver Model, Second Edition by Walter Oney (Microsoft Press, 2002).

  FIG. 3 is a block diagram illustrating a representative program constituting the operating system 11, and illustrates the relationship between the operating system 11 and the management program 3 of the present invention. The operating system 11 includes a subsystem 61, an executive 63, a microkernel 62, a device driver 30, and a hardware abstraction layer (HAL) 64. The subsystem 61 is a service provided in the user mode of the operating system 11.

  The executive 63 provides basic services of the operating system 11 such as memory management, process and thread management, security, I / O, network, and interprocess communication. FIG. 3 shows a representative executive 63. For example, there are an object manager 65, a process manager 66, a cache manager 67, a memory manager 68, an I / O manager 69, and the like.

  The microkernel 62 provides low-level functions such as thread scheduling, interrupts, exception notification, and multiprocessor synchronization. The microkernel 62 also provides a routine set and basic objects used inside the executive 63. The device driver 30 is illustrated as an interface driver 32, a network driver 33, a file system driver 34, a keyboard driver 35, and a mouse driver 36 in FIG.

  The device driver 30 is normally programmed for each piece of hardware connected to the client computer 1 and directly controls the hardware 60 via a HAL (hardware abstraction layer) 64. The device driver 30 is a service that converts an input / output function request (I / O call request) from the application program 10 or the operating system 11 into an input / output function request (I / O request) for a specific hardware device. Provide system services such as file system and network driver.

  The HAL 64 is a code layer for separating and abstracting the microkernel 62, the device driver 30, and the executive 63 from platform-specific hardware functions. In other words, the HAL 64 absorbs differences due to the types of hardware such as the built-in devices 22 to 27 of the client computer 1 and external devices connected to the client computer 1, and is abstracted for each service of the operating system 11. Provide service. With the HAL 64, various services constituting the operating system 11 can access the hardware without being aware of the difference depending on the type of hardware.

[Driverware 50]
The driverware 50 is for realizing data transmission / reception between device drivers in a kernel mode. The driverware 50 provides a common interface when accessing the device driver 30 from the application program 10 and when transmitting data from the device driver 30 to the application program 10. The driverware 50 operates in the kernel mode of the operating system 11. The driverware 50 has a function of providing and mediating transmission / reception of common data between the device drivers 30.

  The driverware 50 has a function of providing and mediating transmission / reception of common data between the operating system 11 and the plurality of device drivers 30. An example of the driverware 50 is disclosed in WO02 / 091195 as an “electronic computer interface driver program”. The driverware 50 includes an application program interface unit 51 for receiving commands and data from the application program 10 and transmitting data to the application program 10. The driverware 50 has a control unit 52 for controlling the overall operation of the driverware 50.

  The log acquisition unit 53 also acquires a history of operations of the driverware 50. Further, the driverware 50 includes a device driver control unit 40 for controlling the device driver 30. The driverware 50 includes an encryption unit 54 for encrypting data to be transmitted and received, and a decryption unit 55 for decrypting the encrypted data. The control unit 52 controls and monitors each part of the driverware 50 such as the device driver control unit 40, the application program interface unit 51, the log acquisition unit 53, the encryption unit 54, and the decryption unit 55. It is the core of the driverware 50.

[Application platform program 58]
The application platform program 58 is an application program that is located between the application program 10 and the operating system 11 and mediates and controls transmission and reception of commands and data between them. The application platform program 58 operates in the user mode of the operating system 11. The application platform program 58 is an application program for providing a user interface for accessing the file system of the operating system 11.

  The application platform program 58 has a function of monitoring the activation of the application program 10 and the activation of the process accompanying this, and acquiring these attribute information. The application platform program 58 is particularly preferably an application program compatible with Windows Explorer. The client computer 1 includes an auxiliary storage device such as a hard disk drive 25. The client computer 1 has a connector 22 for connecting to peripheral devices. The connector 22 is preferably a serial port such as RS-232C, IrDA, USB, or IEEE1394, or a parallel port such as IEEE1284, SCSI, or IDE.

  This serial transfer method is a data transmission method in which data is transmitted bit by bit through one signal line. The parallel transfer method is a data transmission method in which a plurality of bits are simultaneously transferred through a plurality of signal lines. In this data transmission, an interface that is optimal for each application is used for data transmission between a device built in the client computer 1 and between the client computer 1 and its peripheral devices. Here, the representative examples will be exemplified. In the case of a storage device, the parallel transfer method is high speed and this transmission method is often adopted.

  For communication between the client computer 1 and the printer, an IEEE 1284 port or a USB port is often used, and the client computer 1 may be connected via the network 13. The client computer 1 includes a network card 23 for connecting to the network 7. Furthermore, a USB port 24 for connecting a USB standard-compliant device such as the USB memory 5 is provided. Programs for directly controlling and communicating with the connector 22 and the network card 23 are an interface driver 32 and a network driver 33 which are respective device drivers.

  In the present embodiment, each device driver 30 is attached to the operating system 11. The device driver 30 includes a standard device driver provided by the operating system 11, a peripheral device, and a device driver created by a manufacturer that manufactures a built-in device. Further, the device driver 30 may be a device driver developed by a company specializing in device drivers. Among such many types of device drivers, in the present embodiment, it will be described that all the device drivers 30 are attached to the operating system 11.

  The interface driver 32 is a device driver for controlling the connector 22. The network driver 33 is a device driver for controlling the network card 23. The file system driver 34 manages information related to files and folders stored in an external storage device such as the hard disk drive 25, and is a program for accessing files and folders stored in the hard disk drive 25. It is. The file system driver 34 is a program for accessing a USB standard-compliant storage device connected to the client computer 1.

  This access is performed via a Mass Storage Class driver (not shown) of the operating system 11. The application program 10 is software installed or operating on the client computer 1. The application program 10 basically operates on the user mode of the operating system 11. The application program 10 accesses the hard disk drive 25 and reads and writes necessary files. In the present embodiment, the application program 10 also means a part of the program that operates in the Windows (registered trademark) kernel mode.

  The driverware 50 plays a common interface function and role when accessing the device driver 30 from the application program 10 and when transmitting data from the device driver 30 to the application program 10. As described above, the driverware 50 includes the application program interface unit 51, the control unit 52, the log acquisition unit 53, and the like. The driverware 50 has an encryption unit 54 for encrypting data to be communicated and a decryption unit 55 for decrypting the encrypted data. The driverware 50 includes an interface control unit 42 for controlling the interface driver 32.

  The driverware 50 has a network control unit 43 for controlling the network driver 33. The driverware 50 has a file system control unit 44 for controlling the file system driver 34. The control unit 52 is for controlling and monitoring other units of the driverware 50 including the interface control unit 42, the network control unit 43, the file system control unit 44, and the like. The control unit 52 is a core part of the driverware 50. When the storage device such as the USB memory 5 is connected to the client computer 1, it is recognized by the device driver of the device and then controlled by the file system driver 34.

  The interface control unit 42, the network control unit 43, the file system control unit 44, etc. of the driverware 50 control the device driver 30 and finally control the device connected to or built in the client computer 1. Can understand. That is, the existing device driver 30 is used to control a device connected to or built in the client computer 1. The driverware 50 controls an interface through which the device driver 30 communicates with other components of the operating system 11 in the kernel mode.

  FIG. 4 is a block diagram showing the internal structure of the USB memory 5 connected to the USB board 24. On the substrate 105, a user area 106, a program area 107, and the like are mounted and arranged. The USB memory 5 includes a user area 106 for storing electronic data and a program area 107 for storing computer programs and the like. The user area 106 is a memory for storing user data 4. The program area 107 is a memory for storing the authentication program 108 and the management program 3. User data 4 is stored in the user area 106 of the USB memory 5. The user area 106 cannot be accessed from the outside in the initial setting of the USB memory 5.

  The USB memory 5 stores the management program 3 in the program area 107. The program area 107 can be accessed from the outside in the initial setting of the USB memory 5. That is, the program area 107 can be directly accessed from the electronic computer when the USB memory 5 is connected to and recognized by the electronic computer such as the client computer 1. The connector 114 is a connector for connecting the USB memory 5 to the client computer 1. The USB memory 5 has a hidden area for storing data and the like. For example, the USB memory 5 has an authentication area 115 that stores authentication data 116 used for authentication.

  The authentication data 116 stored in the authentication area 115 is used for authentication of the USB memory 5, personal authentication of a user who uses the USB memory 5, and the like. The user data 4 and the management program 3 are stored in a user area 106 and a program area 107, which are separate memory areas of the USB memory 5, respectively. When the USB memory 5 is connected to the client computer 1, the user area 106 and the program area 107 are recognized by the operating system 11 as removable drives. In the initial setting of the USB memory 5, the program area 107 is accessible from the operating system 11.

  The user area 106 is set to be inaccessible from the client computer 1 in the initial setting. The authentication program 108 stored in the program area 107 is automatically activated and operates on the client computer 1. The authentication program 108 confirms that the management program 3 is installed and operating on the client computer 1, and performs authentication of the USB memory 5, personal authentication of the user who uses the USB memory 5, and the like. If authentication is successful by the authentication program 108, the user area 106 is set to be accessible from the client computer 1 by the command of the management program 3.

  This setting is performed by switching a switch (not shown) in the USB memory 5. Since this setting is switching between the user area 106 and the program area 107, it is preferable that this setting be performed in software. The authentication program 108 confirms that the management program 3 is installed in the client computer 1 by communicating with the management program 3. The authentication program 108 instructs the management program 3 to turn on the control mode of the management program 3 (details will be described later). The personal authentication method of the client 2 is preferably a method such as password authentication or biometrics authentication. In the present embodiment, the personal authentication of the client 2 will be described as password authentication.

  The management program 3 switches the switch in the USB memory 5 by software so that the client computer 1 can access the USB memory 5. Details of this will be described later in the description of the flowchart of FIG. User data 4 is data in which know-how is accumulated, and is, for example, a recovery manual of an insurance company for use in a disaster. In addition, it is confidential materials and data such as product specifications and designs for use by manufacturers. Furthermore, the original electronic data is used for proofreading of image data such as publications and photographs. Still further, the data file stores personal information, customer information, and the like.

  For example, personal information means information such as name, address, and contact information. As customer information, it is information, such as a customer's full name, a name, an address, a contact address, and the contents of dealings, for example. Hereinafter, such data such as personal information and customer information is simply referred to as user data 4. The user data 4 and the management program 3 may be recorded on a recording medium or a storage device. The recording medium is a recording medium such as a flash memory, a flexible disk, a compact disk, an MO (Magneto-Optical Disk), a DVD (Digital Versatile Disks), and the like.

  The storage device can be a device that can store and carry electronic data such as a USB (Universal Serial Bus) memory, a memory card, and a hard disk. When carried by the client, the user data 4 and the management program 3 are preferably recorded on the same recording medium or storage device. Further, the user data 4 and the management program 3 can be provided to the client 2 via a network. The user data 4 can be provided by a network type storage device such as a network shared folder or NAS. Thus, the method of providing the user data 4 and the management program 3 to the client side 10 does not matter.

  FIG. 5 is a block diagram showing an outline of a recording device in the client computer 1. An application program 10 is operating in the client computer 1. In the client computer 1, the file system driver 34 also operates and performs data communication with the hard disk drive 25. There is driverware 50 between the file system driver 34 and the application program 10. The driverware 50 monitors instructions and requests output from the application program 10 and controls the operation of the file system driver 34.

  FIG. 5 shows the stored contents of the hard disk drive 25 shown in FIG. 1 in an easy-to-understand manner. FIG. 5 illustrates the hard disk drive 25, the folder 7, the folder 8, and the folder 9 in the hard disk drive 25. The folder 7 is a folder in which application programs are created for temporary files. The folder 8 is a folder created for the temporary file by the management program 3. The management program 3 encrypts and stores the temporary file of the application program in the folder 8.

  When the application program ends, the temporary file created for the application program by the management program 3 is deleted from the folder 8. Accordingly, the temporary file remaining in the hard disk drive 25 does not remain when the application program ends. The folder 9 is a folder for storing files such as “Userdata” and “data” which are client data.

  FIG. 6 is a flowchart showing the operation of the first exemplary embodiment of the present invention. First, the management program 10 operating on the client computer 1 is in the control mode (step 10). Thereafter, the application program 10 is activated and operates (step 12). The client 2 operates the application program 10 to open the user data 4 file. Alternatively, the client 2 operates the application program 10 to create a new file for the user data 4 (step 14). The application program 10 creates a temporary file for the user data 4.

  At this time, the application program 10 issues an instruction to create a temporary file for user data on the hard disk 25 (step 16). This instruction is received by the management program 3 (step 18). The management program 3 receives this instruction and creates a temporary file for the user data 4 in its own folder (folder 8) (step 20). This temporary file is encrypted. The application program 10 is operated by the client 2 to display the contents of the user data 4 on the display device (step 22). Alternatively, the application program 10 is operated by the client 2 to edit the contents of the user data 4 (step 22).

  In other words, the client 2 edits the content of the user data 4 by operating the input device of the client computer 1 while browsing the content of the user data 4 on the display device. The contents of the user data 4 during this work are stored in a temporary file. The application program 10 stores the contents of the temporary file in the actual user data 4 every predetermined time (step 24). At this time, the application program 10 issues an instruction to save the contents of the temporary file. The management program 3 receives this instruction and updates the contents of the temporary file in the unique folder to the user data 4.

  Further, the contents of the temporary file are stored in the actual user data 4 in response to a request from the application program 10 (step 25). At this time, the application program 10 issues an instruction to save the contents of the temporary file. The management program 3 receives this instruction, and updates the contents of the temporary file, which is a unique folder, to the user data 4. When closing the file of the user data 4, the application program 10 saves the latest contents of the temporary file in the user data 4 and then closes the user data 4 (step 26).

  When closing the user data 4, the management program 3 stores the latest contents of the temporary file in the user data 4. Then, the management program 3 deletes the temporary file (step 28). In this way, the temporary file that has contributed to the top leakage is deleted. Further, since the temporary file is encrypted and stored on the auxiliary storage device, information is not leaked when the user data 4 is opened.

  FIG. 7 is a flowchart showing a flow when the user data 4 is read from the USB memory 5 and browsed in the client computer 1. The USB memory 5 is connected to the client computer 1 (step 50). The client computer 1 recognizes the USB memory 5 (step 52). At this time, the operating system 11 detects and recognizes the connection of the USB memory 5 using the PnP function. The program area 107 (see FIG. 4) of the USB memory 5 is recognized by the client computer 1.

  When the USB memory 5 is recognized, the authentication program 108 stored in the program area 107 is automatically started (step 54). The authentication program 108 starts authentication as to whether or not the management program 3 is installed in the client computer 1 (step 54). The authentication program 108 checks whether or not the management program 3 is installed on the client computer 1 (step 56). If the management program 3 is not installed in the client computer 1, the client 2 outputs a message indicating that the management program 3 needs to be installed (steps 56 and 58).

  The authentication program 108 calls and installs the management program 3 stored in the program area 107 (see FIG. 4) of the USB memory 5 (step 58). Alternatively, the client 2 installs the management program 3 (step 58). If the management program 3 is installed in the client computer 1, personal authentication of the client 2 is performed (step 60). If the personal authentication is successful, the control mode of the management program 3 is set (step 62). Details of the setting of the control mode are shown in the flowchart of FIG.

  When setting of the control mode of the management program 3 is completed, the management program 3 causes the client computer 1 to recognize the user area 106 of the USB memory 5. Therefore, the user area 106 can be accessed from the client computer 1 and can be used (step 66). Reading of the user data 4 stored in the user area 106 is permitted, and automatic decryption of the encrypted user data 4 is also permitted. User data 4 is read from the USB memory 5 (step 68). The user data 4 read from the USB memory 5 is decrypted (step 70). The decrypted user data 4 is displayed on an output device such as a display of the client computer 1 (step 72).

  When entering the control mode (see the description of FIG. 9), the management program 3 accesses each device so that the user data 4 cannot be stored in the hard disk drive 25 or other peripheral devices connected to the client computer 1. Is limiting. For this reason, the client 2 cannot store the user data 4 in the hard disk drive 25, other peripheral devices connected to the client computer 1, or the like. Furthermore, when the management program 3 enters the control mode, the network function, various communication ports, and the like are also prohibited from being used.

  In addition, when the management program 3 enters the control mode, the use of the clipboard, screen capture, copy and paste functions, etc. is prohibited by other application programs of the application program 10 viewing and editing the user data 4. ing. Specifically, the data entered into the clipboard by the application program 10 that is viewing and editing the user data 4 cannot be used by other application programs. Therefore, the user data 4 cannot be operated other than browsing. Even if the user data 4 is edited, it can be saved only in the original USB memory 5 in which the user data 4 is stored.

  FIG. 8 is a flowchart showing the operation of the management program 3. The management program 3 is stored in a recording medium such as the USB memory 5 and passed to the client 2. The management program 3 is installed on the client computer 1 by the client 2 (step 100). However, the management program 3 can be automatically installed in the client computer 1 by the authentication program 108. The management program 3 is activated and starts operating (step 102). When the USB memory 5 is connected to the client computer 1, the operating system 11 detects and recognizes the connection of the USB memory 5 using the PnP function.

  When the USB memory 5 is recognized, the authentication program 108 stored in the program area 107 of the USB memory 5 is automatically activated (step 54 in FIG. 7). The authentication program 108 confirms whether the management program 3 is installed in the client computer 1 (step 56 in FIG. 7). If the management program 3 is installed in the client computer 1, the authentication program 108 instructs the management program 3 to enter the control mode, and the management program 3 is set to the control mode (step 106).

  When the management program 3 is set to the control mode, the management program 3 causes the operating system 11 to recognize the user area 106 in the USB memory 5 and make it usable (step 66 in FIG. 7). The management program 3 monitors access from the application program to the USB memory 5. When there is access to the USB memory 5, the management program 3 receives it (step 108). The management program 3 confirms the type of access (step 108). Further, it is confirmed whether or not this access is permitted access (step 110).

  When the access is permitted, the user data 4 is read from the USB memory 5 (step 112). The management program 3 decrypts the user data 4 read from the USB memory 5 (step 114). The decrypted user data 4 is displayed on the output device of the client computer 1 (step 116). When the access is not permitted, the management program 3 discards the access (steps 110 and 120). At this time, when the message indicating that the access is prohibited is displayed on the display, the message can be displayed so that the client 2 can browse (step 122).

  The management program 3 continuously monitors the displayed user data 4 (step 118). The user data 4 is displayed by starting an appropriate application program 10 depending on the type of data. For example, in the case of text data, the user data 4 is delivered to the text editing application program 10 and displayed. The client 2 browses the user data 4 by operating the application program 10 while operating input devices such as the keyboard 16 and the mouse 17. However, the user data 4 cannot be saved from the application program 10.

  Also, a newly created file using the user data 4 cannot be saved. That is, the client 2 can only browse the user data 4. Depending on the setting of the control mode, if the user data 4 is edited, this access is interrupted. If user data 4 is to be recorded on a storage device such as the hard disk drive 25 or a recording medium, the user data 4 is interrupted. Here, an operation in the control mode of the management program 3 will be described. The control mode defines which function of the client computer 1 is monitored by the management program 3 and what data flow is controlled.

  The control mode is on means that the management program 3 monitors the computer and restricts some of the functions of the client computer 1. The control mode is OFF means that the management program 3 is operating on the electronic computer, but the function of the client computer 1 is not particularly limited. FIG. 9 is a flowchart showing an operation when the management program 3 turns on the control mode. As shown in step 62 in FIG. 7 and step 106 in FIG. 8, the management program 3 turns on the control mode (step 130). At this time, the management program 3 prohibits writing to the hard disk drive 25 built in the client computer 1 (step 131).

  The management program 3 prohibits writing to the removable drive (step 132). This removable drive also includes a USB memory 5. Therefore, when the application program 10 or the operating system 11 tries to write data to the USB memory 5, the driverware 50 detects this and stops the writing operation. If there is a recording device in addition to the USB memory 5 and the built-in hard disk, writing to them is prohibited (step 134). Examples of the recording device that prohibits writing include a removable drive, a flexible disk drive, and an external hard disk. Furthermore, the management program 3 prohibits the use of network communication (step 136).

  For example, the use of network communication includes access to the Internet, LAN, etc. via the network card 23 and communication between computers. Use of the other interface of the USB memory 5 is prohibited. For example, use of USB, SCSI, IDE, and RS-232C standard interfaces is prohibited (step 138). Furthermore, the management program 3 prohibits copy and paste, use of the creep board, and network function (step 139). The management program 3 also prohibits the use of screen capture (step 139).

  The management program 3 designates a process necessary for normal operation of the operating system 11 and sets an exception (step 140). For example, “System” or the like necessary for the operation of the operating system 11 is made operable. The management program 3 acquires the process name and process ID of the running process (step 142). The management program 3 stores the acquired process name and process ID in the management table (step 144). The various settings in steps 131 to 140 after the management program 3 turns on the control mode do not necessarily need to be performed in this order, and can be freely combined depending on the situation.

  When the USB memory 5 is removed from the client computer 1, the operating system 11 detects this. Since the USB memory 5 is recognized as a removable drive by the operating system 11, the management program 3 checks whether this is the USB memory 5 in which the management program 3 is stored. In this confirmation, when the USB memory 5 is disconnected, the management program 3 cancels all the settings set in steps 131 to 140. Also, the setting for automatic decryption of the file is canceled.

  FIG. 10 shows a flowchart of the operation of the control unit 52. When the driverware 50 is instructed to turn on the control mode, the control unit 52 receives this instruction and transmits a command for prohibiting all file accesses (step 200). This command is transmitted to the interface control unit 42, the network control unit 43, and the file system control unit 44 (see FIG. 2). The interface control unit 42, the network control unit 43, and the file system control unit 44 receive this command and prohibit file access. In addition, control process setting, network use prohibition, clipboard use prohibition, screen capture use prohibition, copy and paste function prohibition, etc. are performed.

  The executive process manager manages all processes executed on the client computer 1. Here, by registering a callback function (using a kernel API), a process start / end event is acquired. A callback function is set for the start / end event of the process to be executed so that the start and end of the application program 10 can be detected. When the application platform program 58 is operating, the application program 10 is activated (step 202). The application platform program 58 detects the activation of the application program 10 (step 204).

   In the “SUSPEND” (suspend) mode of “CreateProcess”, the process of the application program 10 is started, and the application platform program 58 acquires the handle and process ID of this process. When a process is started in “CreateProcess” suspend mode, the process is suspended and will not be executed until it is resumed. The handle is a process handle returned from “CreateProcess”. The application platform program 58 transmits the acquired handle and process ID to the control unit 52.

  When the process is activated, the callback function in the file system control unit 44 is executed, and the control unit 52 is notified of the start of control. The control unit 52 acquires the handle and the process ID (Step 206). The detailed operation of this acquisition will be described later. The control unit 52 transmits a handle and a process ID to the file system control unit 44, and performs setting to permit file access issued from the process ID. Items set to permit file access are process ID, process name, file name, folder name, and file operation.

  The setting designated for the file operation is a setting that permits either read-only (Read Only) or read-write (Read / Write) (step 208). The interface control unit 42 sets various interfaces to use prohibition (step 210). Further, the network control unit 43 sets so as to prohibit network communication (step 210). When these series of settings are completed, the suspend process is resumed using the acquired handle (step 212). Then, the application program 10 is operated.

  Then, the control unit 52 waits for an end event that is a notification issued from the operating system 11 when the application program 10 ends (step 214). When the application program 10 ends, the callback function in the file system control unit 44 is executed, and the control release is notified to the control unit 52. The file system control unit 44 cancels the control performed by the process control list 150 (see FIG. 14) and does not control the application program 10 thereafter. Of course, when the application program 10 accesses the user data 4, the control is resumed.

  FIG. 11 is a flowchart showing the operation of the control unit 52 when the application program 10 ends. When the application program 10 operates and ends, an end event is generated (step 230). The application platform program 58 acquires the process ID of the end event. The application platform program 58 transmits the process ID of the end event to the control unit 52. The control unit 52 acquires the process ID of the end event (step 232).

  The control unit 52 sets the file system control unit 44 to prohibit file access from the acquired process ID (step 234). Then, the interface control unit 42 is instructed to cancel the prohibition setting, and the interface control unit 42 cancels the prohibition setting (step 236). The network control unit 43 is instructed to cancel the prohibition setting, and the network control unit 43 is canceled what has been set to prohibit use (step 238).

  FIG. 12 is a flowchart illustrating a flow when the control unit 52 sets use exclusion exclusion. The personal authentication shown in steps 54 and 56 of FIG. 7 is successful (step 260). If the authentication is successful, it is necessary to designate processes indispensable for the operation of the operating system 11 and not restrict these processes. For example, when an execution file related to a system service of the operating system 11 and a process when the execution file operates are disabled or cannot be started, a service provided by the operating system 11 can be hindered, The operation of the system 11 itself becomes unstable.

  For this purpose, it is necessary to operate the minimum executable files and processes necessary for the operation of the operating system 11 without restriction. For example, “System”, “Kernel.exe”, and “explorer.exe” can be exemplified as processes. The control process name and control directory are registered in the process control list 150. The process control list 150 is illustrated in FIG. The control unit 52 reads the control process name and control directory from the process control list 150 (step 262). There is also an application program 10 that does not store or operate temporary files on the local disk.

  For this purpose, the application program 10 performs process protection in order to prevent the temporary file from being accessed from other application programs by performing encryption when creating the temporary file on the local disk. This process protection is performed by the driverware 50 prohibiting file access by a process by an application program other than the application program 10 being controlled. When the operation of the application program 10 ends, this temporary file is deleted. The control unit 52 acquires the process ID from the control process name (step 264). The actual program (module such as .exe) name is determined from the process ID.

  Then, the control unit 52 instructs the file system control unit 44 to prohibit all settings, and the file system control unit 44 sets prohibition of all processes (step 266). Next, the control unit 52 instructs the file system control unit 44 to set the process ID of the control process name and the permission setting for reading / writing the control directory (Step 268). The file system control unit 44 receives the process ID, file path, and control mode transmitted from the control unit 52 (step 270). The file system control unit 44 adds the process ID, file path, and control mode to the process control list 150 (step 272).

  FIG. 13 is a process flowchart showing the operation of the file system control unit 34. A file access event occurs when accessing a file from the application program 10 or the operating system 11 (step 300). The file system control unit 44 acquires a process ID, a file path, and a file operation (Read / Write) from the control unit 52 (Step 302). It is confirmed whether or not the process ID and the file path match those registered in the process control list 150 (steps 304 to 310).

  When the process ID and file path match those registered in the process control list 150, the file operation is set to be permitted or prohibited based on the value in the control column (step 308). When the process ID and the file path do not match those registered in the process control list 150, the file operation is set to be prohibited based on the control value (step 312). FIG. 14 shows an example of the process control list 150. The process control list 150 is stored in a file as an initial value and stored in the hard disk drive 25 when the management program 3 is installed.

  The process control list 150 can be edited and changed when necessary. The process control list 150 includes a serial number column 151 indicating the order of registered items, a process name 152 indicating a process name to be controlled, a process ID 153 indicating a process ID of a control target, a file path 154 indicating a file path, a control path There is a data field for control 155 indicating the method. The control target process name is described as a control process in part of the above description.

[About acquisition of process name, process ID, and file name]
In order to detect the process, the following pre-processing is performed. In the file system control unit 44, a callback for a request for an input / output function related to file access (hereinafter referred to as an I / O request) is set to come to the control unit 52. This is because all the I / O requests related to file access pass through the file system control unit 44, so that the I / O requests are transferred to the control unit 52, and the control unit 52 analyzes this. Then, the process control list 150 is transferred to the file system control unit 44, and the file system control unit 44 monitors whether or not the access registered in the process control list 150 is being performed.

  In order to detect a process, the following execution process is performed. The application program 10 tries to access a file stored in the USB memory 5. At this time, the application program 10 issues an I / O request related to file access. This I / O request is called back and transmitted to the control unit 52 as set during the pre-processing described above. Upon receiving this I / O request callback, the control unit 52 obtains a process ID, a process name, and a file name. The process name, process ID, and file name associated with the process are obtained as follows.

  To get the process name, use the “ZwQueryInformationProcess” function, get the image path of the execution process, and get the process name from the file name of the executable file exe. To obtain the process ID, the ID of the current process is obtained using the PsGetCurrentProcessId () function. In order to obtain the file name, the file name is obtained from the referenced file object from the input / output (I / O) request (IRP) related to the file I / O request. Then, the file system control unit 44 receives the process name, process ID, and file name relating to the I / O request from the control unit 52 and controls the file access by comparing with the process control list 150. The file system control unit 44 returns to the application program 10 permission or denial of access to the file in response to the I / O request according to the process control list 150.

[Event detection]
The event detection is performed as follows. An I / O request in the kernel of the operating system 11 is made in the form of an IRP (IO Request Packet). For file access, the IRP shown in Table 1 below is used. Event detection is performed by setting a callback function for this IRP. The callback function is registered in the executive process manager, and when the callback function is executed, control is transferred to the driverware 50 that is a reference destination.

  Depending on the program of the management program 3, it is possible to control only the application program 10 and the process that are trying to access the USB memory 5 in which the user data 4 is stored. In this way, only the attempt to access only the user data 4 is monitored without forcibly limiting the services of the other application programs 10 and the operating system 11 operating on the client computer 1, and the access is permitted or not permitted. Control. Further, the application program 10 accessing the user data 4, the network function of the process, and access to other recording devices are blocked, and the use of functions that are likely to duplicate the user data 4 such as the clipboard is prohibited. As a result, the user data 4 can be used without being leaked to the outside.

[Second Embodiment]
FIG. 15 is a conceptual diagram showing a second embodiment of the present invention. The second embodiment of the present invention is basically the same as the above-described first embodiment, and only different parts will be described. In the second embodiment of the present invention, the temporary file is stored in an auxiliary recording device such as a USB memory connected to the client computer 1. An application program 10 is operating in the client computer 1. The file system driver 34 also operates and performs data communication with the hard disk drive 25.

  There is driverware 50 between the file system driver 34 and the application program 10. The driverware 50 monitors instructions and requests output from the application program 10 and controls the operation of the file system driver 34. FIG. 15 illustrates the hard disk drive 25 and the folders 7 and 9 in the hard disk drive 25. The folder 7 is a folder in which application programs are created for temporary files.

  The folder 8 is a folder created for the temporary file by the management program 3. The management program 3 encrypts and saves the temporary file of the application program in the folder 8b in the USB memory 14. When the application program ends, the temporary file created for the application program by the management program 3 is deleted from the folder 8b. Therefore, when the application program ends, no temporary file remains in the USB memory 14.

[Third Embodiment]
FIG. 16 is a conceptual diagram showing a third embodiment of the present invention. The third embodiment of the present invention is basically the same as the first and second embodiments described above, and only different parts will be described. In the third embodiment of the present invention, the client computer 1 is connected to the server 100 via the network 13. Conventionally, temporary files stored in the client computer 1 are stored in the server 100.

  The server 100 is an electronic computer that includes a central processing unit (CPU), RAM, ROM, various communication ports including a network port, and input / output devices. An application program 10 is operating in the client computer 1. The file system driver 34 also operates and performs data communication with the hard disk drive 25. There is driverware 50 between the file system driver 34 and the application program 10. The driverware 50 monitors instructions and requests output from the application program 10 and controls the operation of the file system driver 34.

  FIG. 16 illustrates the hard disk drive 25 and the folders 7 and 9 in the hard disk drive 25. The folder 7 is a folder in which the application program 10 is created for temporary files. The folder 8 is a folder created for the temporary file by the management program 3. The management program 3 encrypts and stores the temporary file of the application program 10 in the folder 8c in the server 100. When the application program ends, the temporary file created for the application program by the management program 3 is deleted from the folder 8c. Therefore, no temporary file remains in the server 100 when the application program ends.

  The present invention records a user's files, data, programs, etc. on an electronic recording medium, provides them to the outside, and can grasp how they are used by the provider, and manages electronic data closely. It is good to use it for the field that needs. In particular, it is desirable to use it in the printing industry, insurance companies, and stores that require management of confidential data such as user data and files in sales or accounting data, and employee data management. Furthermore, the present invention may be used in fields such as financial institutions that require close management of electronic data, facilities related to nuclear power, and terminals that handle personal data.

FIG. 1 is a conceptual diagram illustrating an outline of a first embodiment of the present invention. FIG. 2 is a diagram illustrating an outline of software operating on the client computer 1 in functional blocks. FIG. 3 is a block diagram illustrating a representative program constituting the operating system 11, and is a diagram illustrating the relationship between the operating system 11 and the management program 3. FIG. 4 is a block diagram showing the internal structure of the USB memory 5. FIG. 5 is a block diagram showing an outline of the auxiliary recording device of the client computer 1. FIG. 6 is a flowchart showing the operation of the first exemplary embodiment of the present invention. FIG. 7 is a flowchart showing a flow when the user data 4 is read from the USB memory 5 and browsed in the client computer 1. FIG. 8 is a flowchart showing the operation of the management program 3. FIG. 9 is a flowchart showing an operation when the management program 3 turns on the control mode. FIG. 10 shows a flowchart of the operation of the control unit 52. FIG. 11 is a flowchart showing the operation of the control unit 52 when the application program 10 ends. FIG. 12 is a flowchart illustrating a flow when the control unit 52 sets use exclusion exclusion. FIG. 13 is a process flowchart showing the operation of the file system control unit 34. FIG. 14 illustrates an example of the process control list 150. FIG. 15 is a conceptual diagram showing an outline of the second embodiment of the present invention (example in which a temporary file is stored in the USB memory 5). FIG. 16 is a conceptual diagram showing an outline of the third embodiment of the present invention (an example in which a temporary file is stored in the server 100 on the network 13). FIG. 17 is a flowchart for explaining a conventional method in which an application program creates a temporary file and uses it.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Client computer 2 ... Client 3 ... Management program 4 ... User data 5 ... USB memory 7 ... Folder (conventional)
8, 8a, 8b ... folder (of the present invention)
DESCRIPTION OF SYMBOLS 10 ... Application program 11 ... Operating system 13 ... Network 16 ... Keyboard 17 ... Mouse 22 ... Connector 23 ... Network card 24 ... USB port 25 ... Hard disk 26 ... Keyboard port 27 Mouse port 30 ... Device driver 32 ... Interface driver 33 ... Network driver 34 ... File system driver 35 ... Keyboard driver 36 ... Mouse driver 40 ... Device driver control unit 42 ... Interface control unit 43 ... Network control unit 44 ... File system control unit 45 ... Input device control unit 50 ... Driverware 51 ... Application program interface Unit 52 ... Control unit 53 ... Log acquisition unit 54 ... Encryption unit 55 ... Decryption unit 100 ... Server 10 ... substrate 106 ... user area 107 ... program area 108 ... authentication program 115 ... authentication area 116 ... authentication data 150 ... process control list

Claims (7)

A storage device (5) storing user data (4) is connected to the electronic computer (1), and the user data (4) is read onto the electronic computer (1) and viewed by an application program (10). Alternatively, when the application program (10) is operated and viewed or edited by the input data input from the input device of the electronic computer (1), the user data (4 ) Is a data management method for an electronic computer for controlling the electronic computer (1) so that it is not leaked to the outside,
Device drivers (30) that operate in a kernel mode in which all instructions of the operating system that operates the electronic computer (1) can be executed and directly control devices connected to the electronic computer (1) The electronic computer (1) has driverware (50) for providing a common interface for communication between the device driver (30) and communication between the device driver (30) and the application program (10) operating on the electronic computer. ,
The driverware (50)
The first data including the instruction and / or data output from the application program is received, and the second data including the execution result of the instruction and / or the received data received from the device driver (30) is received as the application program. An application program interface unit (51) for transmitting to
The command and / or the third data including the data is transmitted to the device driver (30), and the fourth data including the execution result of the command and / or the received data is received from the device driver (30). A device driver control unit (40) for, and
A control unit (52) for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data;
When the application program (10) is activated, the application program (10) outputs a temporary file creation instruction for creating a temporary file that is temporarily used during operation of the application program (10).
The application program interface unit (51) acquires the temporary file creation command,
The device driver control unit (40) receives the temporary file creation command from the application program interface unit (51), and transmits the temporary file creation command to the device driver control unit (40).
The device driver control unit (40) sends the temporary file creation command to a file system driver (34) which is a device driver for controlling the storage device (25, 5, 100),
The file system driver (34) creates the temporary file in the storage device (25, 5, 100) according to the temporary file creation instruction,
When requesting the temporary file from the application program (10), the file system driver (34) acquires the temporary file and sends the device driver control unit (40) and the application program interface unit (51). To the application program (10) via
When the application program (10) ends, the driverware (50) sends an instruction to delete the temporary file to the file system driver (34),
The data management method for an electronic computer, wherein the file system driver (34) deletes the temporary file. The data management method for an electronic computer according to claim 1,
The driverware (50) includes an encryption unit (54) for encrypting data to create encrypted data, and a decryption unit for decrypting the encrypted data and creating the original data (55)
The driverware (50) encrypts the temporary file by an encryption unit (54), creates an encrypted temporary file, and stores the encrypted temporary file in the storage device (25, 5, 100).
When requesting the temporary file from the application program (10), the driverware (50) acquires the encrypted temporary file from the storage device (25, 5, 100), and the decryption unit (55). ) To create the temporary file and pass it to the application program (10),
When the application program (10) ends, the driverware (50) deletes the encrypted temporary file. A data management method for an electronic computer, comprising: In the data management method of the electronic computer of Claim 1 or 2,
The data storage method for an electronic computer, wherein the storage device (25, 5, 100) is an auxiliary storage device (25, 5) built in or connected to the electronic computer (1). In the data management method of the electronic computer of Claim 1 or 2,
The data management method for an electronic computer, wherein the storage device (25, 5, 100) is a storage device (100) on a network (13) to which the electronic computer (1) is connected. A storage device (5) storing user data (4) is connected to the electronic computer (12), and the user data (4) is read onto the electronic computer (1) and viewed by an application program (10). Or when the application program (10) is operated by the input data input from the input device of the electronic computer (1) and the browsing or editing is performed, the user data (4) is In a data management program for an electronic computer for causing the electronic computer (1) to perform a function of controlling the electronic computer (1) so as not to leak outside,
A device driver that operates in a kernel mode in which all instructions of the operating system (11) that operates the electronic computer (1) can be executed and directly controls a device connected to the electronic computer (1). 30) a function for providing a common interface for communication between each other or communication between the device driver (30) and the application program (10) operating on the electronic computer (1), and
First data including instructions and / or data output from the application program (10) is received, and second data including execution results of the instructions and / or received data received from the device driver (30), An application program interface function (51) for transmitting to the application program (10);
The command and / or the third data including the data is transmitted to the device driver (30), and the fourth data including the execution result of the command and / or the received data is received from the device driver (30). Device driver control function (40) for, and
A control function (52) for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data; 1) having a driverware program (50) for realizing
When the application program (10) is started, a temporary file creation instruction for creating a temporary file that is temporarily used when the application program (10) is operated with an instruction output from the application program (10). The application program interface unit (51) acquiring;
The device driver control unit (40) receiving the temporary file creation command from the application program interface unit (51);
The device driver control unit (40) transmitting the temporary file creation command to the device driver control unit (40);
The device driver control unit (40) transmits the temporary file creation command to the file system driver (34) which is a device driver for controlling the storage device (25, 5, 100), and the storage device (25, 5, 100) causing the file system driver (34) to create the temporary file;
When requesting the temporary file from the application program (10), the device driver control unit (40) acquires the temporary file acquired from the storage device (25, 5, 100) by the file system driver (34). A step of obtaining,
The device driver control unit (40) passing the temporary file to the application program interface unit (51);
The application program interface unit (51) passing the temporary file acquired from the device driver control unit (40) to the application program (10); and
When the application program (10) is terminated, the driverware program (50) transmits an instruction to delete the temporary file to the file system driver (34) to delete the temporary file. A data management program for an electronic computer. The data management program for an electronic computer according to claim 5,
The driverware program (50) includes an encryption unit (54) for encrypting data to create encrypted data, and a decryption for decrypting the encrypted data and creating the original data Part (55),
The driverware program (50) encrypting the temporary file by an encryption unit (54) to create an encrypted temporary file;
Storing the encrypted temporary file in the storage device (25, 5, 100);
Obtaining the encrypted temporary file from the storage device (25, 5, 100) when requesting the temporary file from the application program (10);
Decrypting the obtained encrypted temporary file by the decryption unit (55) to create the temporary file;
Passing the encrypted temporary file to the application program (10); and
A data management program for an electronic computer, comprising: deleting the temporary encryption file when the application program (10) ends. The data management program for an electronic computer according to claim 5 or 6,
The driverware program (50) has a log acquisition function (53).

Images