JP2011081642A - Retrieval server, information retrieval method, program and storage medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To conceal relevance between a document and confidential information or the like inside the document, and to generate a proper retrieval result. <P>SOLUTION: This retrieval server includes: a management part receiving the confidential information of the document and access right information to the confidential information from a terminal via a communication network, associating the received information to an index word of the document or a position of the index word, and managing it; and a control part deciding presence/absence of an access right of each index word or each position of the index word based on the management part and a word inside a retrieval sentence included in a retrieval request of the document when receiving the retrieval request of the document from the terminal via the communication network, creating a document list wherein information about the documents including the index word is enumerated when there is the access right by the decision, calculating a compatibility degree of the document, rearranging the respective documents inside the document list based on a calculation result thereof, and transmitting it to the terminal of a retrieval request source of the document via the communication network as a retrieval result candidate. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a technique for retrieving information such as documents.

  In recent years, introduction of information retrieval systems has become common for companies and organizations to use information across the board. However, some information within a company or organization may contain sensitive or privacy-sensitive information, so access control that discloses appropriate information only to users with appropriate authority is required. is necessary. In-house search products currently distributed in the market, in order to meet such demand, access control is widely performed in document units or document collection units. For example, Patent Document 1 discloses a technique for performing access control using an access right given to a file in a search system. Further, in the in-company search products of Non-Patent Documents 1 to 4, whether or not a search is possible for a file or a set of files is displayed according to the user's authority.

  As a conventional technique, there is an access control method in which a user's search keyword is limited. For example, Patent Document 2 discloses a technology that requires a user to input a password together with a search keyword when performing a search.

  Further, as a conventional technique, there is a technique for performing access control with a finer granularity such that a part of a document is not disclosed by sanitization or the like. For example, Patent Literature 3 and Patent Literature 4 disclose a technique for disclosing a specific portion of a document when the document is displayed. Non-Patent Document 5 discloses a technique for encrypting a part of a document.

JP-A-10-207775 Japanese Patent Laid-Open No. 10-187542 JP 2001-306558 A JP 2008-159001 A

“Autonomy White Paper: Enterprise Search-Addressing Security and Entitlement Issues”, [Search July 20, 2009] Internet <URL: http://publications.autonomy.com/docs/Autonomy%20Security%20White%20Paper> “Search Best Practices, secure search”, [Search July 20, 2009] Internet <URL: http://www.microsoft.com/enterprisesearch/en/us/FAST-technical.aspx> "OmniFind Enterprise Edition v8.5, Administering Guide", [Search July 20, 2009] Internet <URL: www.ibm.com/software/data/enterprise-search/omnifind-enterprise/> "OmniFind Enterprise Edition v8.5, Administering Guide", [Search July 20, 2009] Internet <URL: www.ibm.com/software/data/enterprise-search/omnifind-enterprise/> "Documentation for the Google Search Appliance (software version 5.2), Managing Search for Controlled-Access Content", [Search July 20, 2009] Internet <URL: www.google.com/enterprise/gsa/>

  If a document containing confidential information or privacy information is not enumerated in the search results using access control in document units as disclosed in Patent Document 1 or Non-Patent Documents 1 to 4, the document hits the search. Disappear. In this case, in information sharing within a company or organization, although it is desirable to share information as much as possible, non-confidential information and non-privacy information in the document are not shared. In addition, access control is performed in document units as disclosed in Patent Document 1 and Non-Patent Documents 1 to 4, and documents including confidential information and privacy information are listed in the search results, while the contents of the documents are You can also restrict browsing. However, in this case, since the document hits the keyword in the search sentence input by the user, the user can grasp the fact that the document includes the keyword. The user can infer the contents of the document by performing a search with several keywords, an AND search with a plurality of keywords, an OR search, etc. As a result, it may indirectly lead to leakage of confidential information and privacy information.

  Moreover, if a search keyword is restrict | limited using the technique as disclosed by patent document 2, a search will be restrict | limited uniformly by the said keyword. Limiting search keywords hinders sharing of non-confidential and non-privacy information because the same word is not classified in another document because one word is classified in one document. End up.

  In addition, when confidential information or privacy information in a document is concealed using a partial non-disclosure technique such as disclosed in Patent Documents 3 and 4 and Non-Patent Document 5, the owner of the document is not used as an index word. It becomes impossible for a user with an appropriate authority to search for the document. In addition, while using confidential information and privacy information in the document as index words, the confidential information in the document can be obtained using techniques such as those disclosed in Patent Documents 3 and 4 and Non-Patent Document 5 when browsing the document. And privacy information can be hidden. However, in this case, the information contained in the concealed part can be estimated from the search sentence entered by the user at the time of retrieval, the hit rank of the document, and the information contained in the part that is not concealed. For example, when a search is performed with a certain person's name and a certain document is hit and the document is opened, if the person's name is not included in the part that is not concealed, it is obvious that the person's name is included in the concealed part. is there. In addition, if an OR search is performed with a certain person name A and a person name B, a document hits in a high order, and only the person name B is included in the non-hidden part of the document, the hidden part even in the OR search There is a high possibility that the personal name A is included in the name, and the effectiveness of partial non-disclosure is diminished.

  From the above, there has been a problem that an appropriate search result cannot be generated in conventional information search systems that handle documents including confidential information and privacy information.

  The object of the present invention is based on a search keyword or logical conditional expression entered as a search sentence by a user at the time of search, presence / absence of hit of a document with respect to the search sentence, information included in a part not hidden in the document, etc. It is an object of the present invention to provide a search server, an information search method, a program, and a storage medium that generate a search result that makes it difficult to guess confidential information and privacy information included in a document.

  In the present invention, in order to solve the above-described problems, a document holder or administrator registers access right information for confidential information or privacy information in a document in advance, associates the registered contents with an index word, and the same document. In contrast, different access rights are managed for each index word and each index word position. Further, the search engine confirms the access right of the user who has input the search keyword with respect to the index word matching the search keyword, creates a matching document list, and performs scoring.

  As another embodiment, the document holder or administrator registers access right information for confidential information and privacy information in the document in advance, and the number of search keywords and logical conditional expressions in the search contents entered by the registered contents and the user Based on the above, the higher-order program of the search engine deletes the documents included in the search and scoring results by the search engine and changes the order of the documents to generate a final search result.

  In yet another embodiment, the document holder or administrator pre-registers access right information for confidential information and privacy information in the document, and a higher-level program of the search engine hides the confidential information or privacy information of the document. The other document is generated internally, linked with the original document, and an index is created for both. Further, the upper program generates a final search result by performing a search by the search engine and deleting a document included in the scoring result based on the access right information and the association management information.

  According to the present invention, the search keyword or logical conditional expression that the user has input as a search sentence at the time of search, the presence or absence of hits of the document with respect to the search sentence, the order of hits, the information included in the part not hidden in the document, etc. Can provide a search server, an information search method, a program, and a storage medium that generate a search result that makes it difficult to guess confidential information and privacy information included in a document. As a result, it is possible to conceal the relevance between the document and the confidential information and privacy information in the document, thereby generating an appropriate search result, and it is possible to realize information sharing, confidentiality protection, and privacy protection in a balanced manner.

It is a figure which shows the structural example of the information search system which concerns on Example 1 of this invention. It is a figure which shows the hardware and software structural example of the client computer 2 which concerns on Example 1 of this invention. It is a figure which shows the hardware and software structural example of the document sharing server 3 which concerns on Example 1 of this invention. It is a figure which shows the hardware and software structural example of the search server 1 which concerns on Example 1 of this invention. It is a figure which shows the structural example of the confidential information management table 115 which concerns on Example 1 of this invention. It is a figure which shows the structural example of the index 13 which concerns on Example 1 of this invention. It is a figure which shows the structural example of the user group table 114 which concerns on Example 1 of this invention. It is a figure which shows an example of the interface (secret information registration screen) which concerns on Example 1 of this invention. It is a figure which shows an example of the confidential information registration processing procedure which concerns on Example 1 of this invention. It is a figure which shows an example of the whole process procedure of the search which concerns on Example 1 of this invention. It is a figure which shows an example of the search processing procedure by the search engine program 112 which concerns on Example 1 of this invention. It is a figure which shows an example of the index 113 which concerns on Example 2 of this invention. It is a flowchart which shows an example of the search processing procedure by the search service program 110 which concerns on Example 2 of this invention. It is a figure which shows the hardware and software structure of the search server 1 which concern on Example 3 of this invention. It is a figure which shows an example of the document relation table 116 which concerns on Example 3 of this invention. It is a figure which shows an example of the concept which produces | generates the replication of the document which concerns on Example 3 of this invention. It is a figure which shows an example of the confidential information registration processing procedure which concerns on Example 3 of this invention. It is a figure which shows an example of the search processing procedure which concerns on Example 3 of this invention. It is a figure which shows an example of the confidential information registration processing procedure which concerns on Example 4 of this invention. It is a figure which shows an example of the search processing procedure which concerns on Example 4 of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a diagram illustrating a configuration example of an information search system according to the first embodiment of the present invention. The information search system includes a search server 1, a plurality of client computers (terminals) 2, a document sharing server 3, and a communication network 4, and each computer is connected via the communication network 4. The user of the information search system connects to the search server 1 using the client computer 2 and is stored on the document sharing server 3, the client computer 2, the search server 1, or another in-house system such as a web server (not shown). Search for information. The communication network 4 can be realized by a public network, the Internet, ISDN, a dedicated line, a wired network such as a LAN, a wireless network using a mobile communication base station, a communication artificial satellite, or the like. In the communication network 4, each computer is identified by identification information given in advance to each computer, and each computer is connected to another computer for communication based on this identification information.

  FIG. 2 is a diagram illustrating a configuration example of hardware and software of the client computer 2 according to the first embodiment of the present invention. The client computer 2 can be configured by a control unit 20 including a CPU, a storage unit 21, a network interface unit 22 for connecting to the communication network 4, a display unit 23, an input unit 24, and a data bus 25 for connecting them. The storage unit 21 can be realized by a volatile storage device such as a semiconductor memory (RAM), a readable / writable nonvolatile storage device such as a hard disk or an SSD, or a read-only nonvolatile storage device such as a magneto-optical medium. The display unit 23 can be realized by a CRT display or a liquid crystal display, and the input unit 24 can be realized by a keyboard, a mouse, or the like. In the client computer 2, for example, arithmetic processing associated with information and document search is executed by the control unit 20. The search client program 210 executed by the control unit 20 and the data used by the search client program 210 may be stored in the storage unit 21 in advance or may be introduced from another computer via the communication network 4. Alternatively, it may be introduced from a storage medium such as a CD-ROM. Further, the function of the search client program 210 may be realized by hardware such as LSI.

  The search client program 210 is a program that provides a user interface for searching information to the user of the information search system, and can take the form of, for example, a web browser or a search-dedicated application. The search client program 210 transmits a search sentence input by the user using the input unit 24 to the search server 1, receives the search result from the search server 1, displays it on the display unit 23, and presents it to the user. In addition, the search client program 210 provides an interface for registering confidential information and privacy information (hereinafter simply referred to as confidential information) in a document to the user of the information search system.

  FIG. 3 is a diagram illustrating a configuration example of hardware and software of the document sharing server 3 according to the first embodiment of the present invention. Similarly to the client computer 2, the document sharing server 3 connects a control unit 30 including a CPU and the like, a storage unit 31, a network interface unit 32 for connecting to the communication network 4, a display unit 33, and an input unit 34. A data bus 35 can be used. The storage unit 31 can be realized by a volatile storage device such as a semiconductor memory (RAM), a readable / writable nonvolatile storage device such as a hard disk or an SSD, or a read-only nonvolatile storage device such as a magneto-optical medium. The display unit 33 can be realized by a CRT display or a liquid crystal display, and the input unit 34 can be realized by a keyboard, a mouse, or the like. Further, the document sharing server 3 can be configured such that the display unit 33 and the input unit 34 are omitted. In the document sharing server 3, the document sharing service program 310 executed by the control unit 30 and the data used by the document sharing service program 310 may be stored in advance in the storage unit 31 or from other computers. It may be introduced via the communication network 4 or may be introduced from a storage medium such as a CD-ROM. Further, the function of the document sharing service program 310 may be realized by hardware such as LSI.

  The document sharing service program 310 provides an interface for storing and reading an electronic document or file (hereinafter simply referred to as a document) 311 to users of the information search system. It is a program that enables document sharing. The document sharing service program 310 can take the form of, for example, a file sharing service program using NFS, CIFS, or the like, a proprietary document management service program, or a database program for storing structured data. . The user of the information search system stores the document 311 on the document sharing server 3 from the client computer 2 via the search client program 210 or the document sharing service program 310, and the document via the document sharing service program 310 or the search client program 210. 311 can be referred to.

  FIG. 4 is a diagram illustrating a configuration example of hardware and software of the search server 1 according to the first embodiment of the present invention. Similar to the client computer 2 and the document sharing server 3, the search server 1 includes a control unit 10 including a CPU, a storage unit 11, a network interface unit 12 for connecting to the communication network 4, a display unit 13, an input unit 14, A data bus 15 connecting them can be used. The storage unit 11 can be realized by a volatile storage device such as a semiconductor memory (RAM), a readable / writable nonvolatile storage device such as a hard disk or an SSD, or a read-only nonvolatile storage device such as a magneto-optical medium. The display unit 13 can be realized by a CRT display or a liquid crystal display, and the input unit 14 can be realized by a keyboard, a mouse, or the like. Further, the search server 1 may be configured such that the display unit 13 and the input unit 14 are omitted. In the search server 1, the search service program 110, the crawler program 111, the search engine program 112 executed by the control unit 10, and data used by these programs may be stored in the storage unit 11 in advance. It may be introduced from another computer via the communication network 4 or may be introduced from a storage medium such as a CD-ROM. The functions of the search service program 110, the crawler program 111, and the search engine program 112 may be realized by hardware such as LIS.

  The search service program 110 is a program that provides an interface for searching information to the search client program 210 and other programs. The search service program 110 receives a search sentence input by the user using the input unit 24 of the client computer 2 via the search client program 210, and generates a search query (document search request) based on the search sentence. Issued to the search engine program 112. Next, the search service program 110 receives a document list from the search engine program 112 as a full-text search result of the document for the search query, and generates a final search result to be returned to the search client program 210 based on the document list. . The search service program 110 performs access control based on the user's access authority to confidential information that can be included in documents, document attributes, document names, etc., when generating final search results, and generates appropriate search results. This is presented to the user via the search client program 210. Further, the search service program 110 provides the user of the information search system with an interface for registering confidential information in the document via the search client program 210.

  The crawler program 111 is a program for acquiring a document stored in the document sharing server 3 and its accompanying information and generating information necessary for the search engine program 112 to perform a full-text search of the document 311. The crawler program 111 periodically accesses the document sharing server 3 and acquires the document 311 on the document sharing server 3 via the document sharing service program 310. In addition, the crawler program 111 creates the index 113 of the document 311 necessary for the search engine program 112 to perform a full text search on the document 311. Further, the crawler program 111 acquires the security attribute information such as the access right given to the document together with the document 311 from the document sharing server 3, and the search service program 110 and the search engine program 112 obtain this security attribute information. The information is stored in the storage unit 11 of the search server 1 in a state where it can be used for performing access control in document units. Further, the crawler program 111 can extract feature information from the acquired document by using a known technique such as morphological analysis using a dictionary or extraction of a specific expression by machine learning.

  The search engine program 112 is a program for performing a full-text search of a document using a search sentence input by the user using the input unit 24 of the client computer 2. The search engine program 112 uses the index 113 created by the crawler program 111 to find a document that matches the search sentence entered by the user. In addition, the search engine program 112 receives a search query generated based on the search sentence from the search service program 110 and performs a full-text search, and then searches each index word or index word position that matches a word included in the search sentence. In addition, a value based on the appearance frequency and rarity degree in the document is calculated, and the degree of suitability of each document with respect to the search sentence is calculated as a score using the calculated value for each index word, and the document list is sorted in the order of score. To the search service program 110. As described above, in the method in which the search engine program 112 performs access control in units of documents and enumerates the documents 311 including confidential information in the search result, while controlling the browsing of the contents of the documents 311, Since the document 311 hits the keyword in the search sentence entered by the user, the user can grasp the fact that the document 311 includes the keyword, and there is a risk of leakage of confidential information. Therefore, in the first embodiment, the access right of the document 311 can be set according to the confidentiality of the information in the document 311, and the search engine program 112 extracts and extracts an appropriate document 311 using the access right information. The document list is returned to the search service program 110 after scoring.

  The index 113 generally refers to a list of the appearance locations of words, characters, and character strings included in the document 311. Particularly in the field of information retrieval, in order to improve retrieval performance, for each word, character, and character string, a transposed index that represents the document in which it appears and the position within the document is used. In analysis of words, characters, and character strings in the document 311, for example, morphological analysis, N-gram, or the like is used. Further, in the above-described conventional method for implementing access control in units of documents 311, there is a method in which access right information for each document 311 is stored in association with an index.

  The user group table 114 stores information indicating the relationship between information for identifying a user and a group to which the user belongs. In the first embodiment, the search service program 110 identifies a user by information for identifying the user, further identifies the group to which the user belongs using the user group table 114, and searches the group information together with the search query as a search engine. Pass to program 112. Thereby, the search engine program 112 can extract an appropriate document using the information. In the first embodiment, when the search service program 110 generates a final search result, the user group table 114 and a confidential information management table 115 to be described later are referred to, and the confidential information included in the document name or the like is referred to. On the other hand, access control is performed in units of groups. Thereby, the system administrator can reduce the trouble of setting and managing the access right for each user. Note that the user group table 114 may be stored in an external system such as an authentication server or directory server not shown.

  The confidential information management table 115 includes confidential information in the document and information regarding the access right of the confidential information. As the information in the confidential information management table 115, confidential information and access right information in the document input by the user are registered in the confidential information management table 115 via the search client program 210 and the search service program 110. The search service program 110 sets not only the confidential information and the access right in the confidential information management table 115 but also the index 113. The search engine program 112 can extract an appropriate document according to the user's access right by using the index 113. In addition, the search service program 110 refers to the confidential information management table 115 and the user group table 114 when generating a final search result, and controls access to the confidential information included in the document name in groups. To implement.

  In the first embodiment, the following description will be made assuming that the search service program 110, the crawler program 111, and the search engine program 112 operate in the same search server 1. However, the present invention is not limited to this configuration. These may operate on different computers and cooperate with each other via a communication network.

  FIG. 5 is a diagram illustrating a configuration example of the confidential information management table 115 according to the first embodiment of the present invention. The document ID 401 is identification information for uniquely identifying each document in the information search system. A field 402 is identification information for identifying the structure of the document, such as “title”, “text”, and “attribute”. The confidential information 403 is confidential information in a document registered by a document holder, an administrator, or the like, for example, a specific person name, organization name, place name, or a sentence including a certain fact. When a plurality of confidential information is included in the same document or field, a plurality of confidential information 403 corresponds to one document 401 or field 402. The position 404 is information indicating the position of the confidential information 403 in the document. When there are a plurality of the same confidential information in the document 311, the plurality of positional information 404 corresponds to one confidential information 403. The access right 405 is access right information for individual confidential information in the document 311. In the first embodiment, the access right 405 is group information of users who can search for the confidential information. The access right 405 may be information indicating user identification information, whether confidential information can be searched, whether a document can be viewed, and the like.

  FIG. 6 is a diagram illustrating a configuration example of the index 113 according to the first embodiment of the present invention, and particularly illustrates a conceptual example of an inverted index in which words included in the body of the document 311 are index words. Similarly, there is an index for a part other than the body text such as a document name. Moreover, the structure which uses the text of a document, a document name, etc. as one index may be sufficient. In such an inverted index, generally, for a word (index word) 501, document information 502 including the word and position information 503 in the document 311 are held. Although FIG. 6 shows a list structure combination, it may be a table or a combination of a plurality of tables. In the first embodiment, in order to realize access control for individual words in the document 311, access right information (access permission group information) is associated with the position of each word in the document 311. Associated. For example, in the document X shown in FIG. 6, the access permission group information 504 and 505 are associated with each word (in this case, the person name x and the word y) in the document X, and the contents are different for each word. .

  FIG. 7 is a diagram showing an example of the user group table 114 according to the first embodiment of the present invention. The group 601 is information (hereinafter referred to as group information) for uniquely identifying the group to which the user belongs in the information search system. The user 602 is information (hereinafter referred to as user identification information) for uniquely identifying the user in the information search system.

  FIG. 8 is a diagram illustrating an example of an interface (confidential information registration screen) for registering confidential information in the document 311 according to the first embodiment of the present invention. The screen 701 includes a document name display part 702, a text display part 703, a confidential information list display part 704 specified by the user or program, and an access permission group selection part 705.

  FIG. 9 is a flowchart showing an example of the confidential information registration procedure in the document according to the first embodiment of the present invention.

  First, the user sets an access right for confidential information in the document 311 via an interface as shown in FIG. 8 (step 1001). The confidential information may be specified by the user using the input unit 24 in the document name display part 702 or the text display part 703, or a program such as the crawler program 111 may be extracted and set in advance using a dictionary or the like. May be. Alternatively, the information is extracted from the document based on the learned information, and the candidate of confidential information (confidential information list) 704 is presented to the user via the search client program 210, and the user uses the input unit 24 to list the confidential information. The confidential information may be designated from 704. After specifying the confidential information, the user sets the access right 705 for the confidential information using the input unit 24 and performs an operation of pressing the OK button 706, so that the search service program 110 stores the confidential information in the document 311. The access right information for the information and the confidential information is acquired (step 1001) and registered in the confidential information management table 115 (step 1002).

  Next, the search service program 110 registers access right information in the index 113 in the form as shown in FIG. 6 based on the contents set by the user in step 1001 (step 1003).

  FIG. 10 is a flowchart illustrating an example of the entire search processing procedure according to the first embodiment of the invention.

  First, the search service program 110 receives a search sentence and user identification information input by the user using the input unit 24 of the client computer 2 via the search client program 210 (step 1101). Note that the user identification information may be input before inputting the search text.

  Next, the search service program 110 refers to the user group table 114 based on the user identification information, acquires the corresponding group information, and sends the search statement received in step 1101 and the acquired user group information to the search engine program 112. Then, the search engine program performs search and access control according to the processing procedure shown in FIG. 11 (step 1102).

  Next, the search service program 110 receives a document list as a full-text search result from the search engine program 112 (step 1103). Here, since there is a possibility that confidential information remains in the document names described in the document list, this is dealt with in step 1104 and the subsequent steps.

  Next, the search service program 110 refers to the confidential information management table 115 and the user group table 114 (step 1104), and the words (keywords) included in the search sentence are included in the document names listed in the document list. In addition, it is confirmed for each document included in the document list whether or not the access permission is given to the user group to which the user belongs (step 1105).

  If it is determined in step 1105 that access permission is not granted, the search service program 110 then deletes confidential information included in the document name or replaces it with prone characters (step 1106).

  Next, the search service program 110 presents the search results to the user via the search client program 210 (step 1107), and the series of search processing ends.

  Next, when the user selects a document in the search result (step 1108), the search service program 110 performs access control in units of documents (step 1109). Based on the result, the user is permitted or prohibited to view the document contents.

  If it is determined in step 1105 that access permission has been granted, the search service program 110 proceeds to step 1107.

  FIG. 11 is a flowchart illustrating an example of a search processing procedure performed by the search engine program 112 according to the first embodiment of the present invention.

  First, the search engine program 112 receives from the search service program 110 the search text entered by the user and the group information to which the user belongs (step 1201).

  Next, the search engine program 112 extracts words included in the search sentence (step 1202). A known technique is used for word extraction. For example, morphological analysis can be used for Japanese. In addition, the search sentence may be divided by spaces or the like to extract words.

  Next, the search engine program 112 refers to the index 113, selects one document 311 including the index word 501 that matches the word extracted in step 1202 (step 1203), and selects each of the words in the selected document. The access permission group information 504 is confirmed for each position (step 1204).

  Next, the search engine program 112 compares the access permission group information confirmed in Step 1204 with the group information of the user received in Step 1201, so that the index word included in the document 311 selected in Step 1203 by the user is obtained. It is determined whether or not the user has an access right (step 1205). As shown in FIG. 6 and FIG. 8, when the index 113 manages the position of the index word and the same index word is included in a plurality of positions in the document, the search engine program 112 reads each index word. The access permission group information 504 associated with the position in the document 311 is used to determine whether the user has the access right.

  If it is determined in step 1205 that the user has access rights to any of the index words in the document that match the word, the search engine program 112 then passes the document to the search service program 110. It adds to the document list (step 1206).

  Next, the search engine program 112 calculates the score of the document for the word (step 1207). The score calculation formula may be a known formula or a proprietary formula, and the score shown in step 1211 may be calculated for the entire search sentence instead of word units. There are various methods for calculating the score. For example, the score is described in a known non-patent document “Apache Lucene-Scoring, Internet URL: http://lucene.apache.org/java/2_4_0/scoring.html”. The method can be used. In this method, for each index word that matches a word included in the search sentence entered by the user, a value based on the appearance frequency or rarity degree in the document is calculated, and each value for the search sentence is calculated based on the calculated value. Calculate the score of the document. When a plurality of the same index words are included in the document, the score is calculated based on only the index words in the document that are determined to have the access right by the user. As described above, in the first embodiment, when calculating the score of the document for the search sentence, the index is calculated using only the index words that the user has access rights among the index words that match the words included in the search sentence. It is determined that the higher the calculated score, the higher the degree of matching with the search sentence.

  Next, the search engine program 112 refers to the index 113 to check whether there are any other documents that contain the index word that matches the word (step 1208). If there are, then the processing from step 1203 to step 1207 is performed. Do this for the next document.

  On the other hand, if it is the last document in step 1208, the search engine program 112 refers to the search sentence and checks whether another word is still included in the search sentence (step 1209). Performs the processing from step 1202 to step 1208 on the next word.

  On the other hand, if it is the last word in step 1209, the search engine program 112 selects the document list obtained for each word in the search sentence according to the search logical expression (search condition) specified by the user. Merge (step 1210). For example, the search engine program 112 generates a common document list of individual lists in the case of AND search, and generates a logical sum of the individual lists in the case of OR search.

  Next, the search engine program 112 calculates scores for the search sentences for each document included in the document list, rearranges the scores in descending order (in descending order of suitability), and retrieves the resulting document list as a search service. It returns to the program 110 (step 1211).

  In step 1205, if the search engine program 112 determines that the user does not have access rights to any of the index words in the document that match the word, the process proceeds to step 1208.

  The first embodiment of the present invention has been described above. According to the first embodiment, a document holder or administrator registers access right information for confidential information or privacy information in a document in advance, associates the access right information with an index word, and positions of index words and index words for the same document. Manage different access rights for each. Further, the search engine program 112 confirms the access right of the user who has input the search sentence for the index word matching the word in the search sentence, creates a matching document list, and performs scoring. This makes it difficult for the user to guess the relevance between the document and the confidential information in the document based on changes in the order of the search results in response to changes in the search statement or logical conditional expression. As a result, the appropriate information based on the confidential information in the document is obtained. Search results can be generated.

  Another embodiment of the information search system to which the present invention is applied will be described. In the following, parts not specifically described are the same as those in the first embodiment.

  In the second embodiment, the search service program 110 deletes or ranks each document in the document list received from the search engine program 112 according to the authority of the user and the confidential information included in the document. This is different from the first embodiment in that a final search result is generated by making a change. That is, in the second embodiment, an access right check for each index word is not required.

  FIG. 12 is a diagram illustrating a configuration example of the index 113 according to the second embodiment of the present invention. As illustrated in FIG. 12, for example, only one access permission group information 506 is associated with the document X illustrated in FIG. 12 regardless of the index word included in the document. Therefore, in the second embodiment, the search engine program 112 performs only access control in document units.

  FIG. 13 is a flowchart illustrating an example of a search processing procedure by the search service program 110 according to the second embodiment of the present invention.

  First, the search service program 110 receives a search sentence and user identification information input by the user using the input unit 24 of the client computer 2 via the search client program 210 (step 1301).

  Next, the search service program 110 passes the search text and group information to the search engine program 112, and the search engine program 112 performs search and scoring by the method and procedure described above, and returns a document list to the search service program 110 ( Step 1302).

  Next, the search service program 110 selects one document from the document list received from the search engine program 112 (step 1303).

  Next, the search service program 110 determines whether or not there is one word included in the search sentence (step 1304), and if there is one, the process proceeds to step 1305, and if there is a plurality, the process proceeds to step 1309.

  If it is determined in step 1304 that the search sentence includes one word, the search service program 110 refers to the confidential information management table 115 and the user group table 114, the search word matches the confidential information in the document, and If the confidential information is in a plurality of positions, it is determined whether or not the user has access to any of them (step 1305). As a result of the determination, the search service program 110 checks whether there is another document in the document list if it has access right (step 1306). If it does not have access right, the search service program 110 checks the document being processed from the document list. Processing for deletion is performed (step 1308).

  In step 1306, if there is no other document in the document list, the search service program 110 proceeds to step 1307, and if there is another document, performs the processing from step 1303 to step 1306 for the next document.

  If it is determined in step 1306 that there are no other documents in the document list, the search service program 110 presents the search results created in steps 1303 to 1306 to the user via the search client program 210 (step 1307). .

  If it is determined in step 1304 that there are a plurality of words included in the search sentence, the search service program 110 has performed an OR search to determine whether the user has performed an AND search on the plurality of search words included in the search sentence. Is determined from the search logical expression designated by the user (step 1309). The search service program 110 proceeds to step 1310 if it is an AND search, and to step 1311 if it is an OR search.

  If it is determined in step 1309 that an AND search has been performed, the search service program 110 refers to the confidential information management table 115 and the user group table 114, and any one of a plurality of search words included in the search sentence is classified in the document. If it matches the information and the confidential information is in a plurality of positions, it is determined whether or not the user has an access right for any of them (step 1310). As a result of the determination, the search service program 110 proceeds to step 1306 if it has access right, and deletes the document being processed from the document list if it does not have access right (step 1308).

  If it is determined in step 1309 that an OR search has been performed, the search service program 110 refers to the confidential information management table 115 and the user group table 114, and any one of a plurality of search words included in the search sentence is included in the document. It is determined whether or not it matches the confidential information (step 1311). As a result of the determination, if there is a match, the search service program 110 lowers the rank of the document being processed in the document list (step 1312), and none of the search words matches the information designated as confidential in the document. Proceeds to step 1306.

  In step 1312, the retrieval service program 110 recalculates the score by the above-described score calculation method, and lowers it to a predetermined score position in the document list based on the recalculated score. The recalculation is performed considering only the information that the user has access to among the information designated confidentially in the document. Note that the amount of descent may be determined as a constant in advance by the document owner or administrator.

  After the processing in step 1312, the search service program 110 determines whether any of the search words included in the search sentence matches the confidentially registered information in the document name being processed. Processing such as deleting the information portion or replacing it with an abbreviation is performed (step 1313).

  The second embodiment of the present invention has been described above. According to the second embodiment, a document holder or administrator registers access right information for confidential information in a document in advance, and based on the registered contents and the number of search keywords of a search sentence input by the user and a logical conditional expression, When the search service program deletes the documents included in the search and scoring results by the search engine and changes the order of the documents, an appropriate search result based on confidential information and privacy information in the documents can be generated.

  Hereinafter, another embodiment of the information search system to which the present invention is applied will be described. In the following, parts not specifically described are the same as those in the first or second embodiment.

  In the third embodiment, the search service program 110 internally generates a copy of an original document for a document in which confidential information is registered by a document owner or administrator, manages this in association with the original document, The duplicated document is different from the first and second embodiments in that both documents are registered in the index after the confidential registration location is excluded from the index target.

  FIG. 14 shows a hardware and software configuration example of the search server 1 according to the third embodiment of the present invention.

  The document relationship table 116 includes relationship information between documents. In the third embodiment, when information in a document is confidentially registered, the search service program 110 internally creates a duplicate document of the document and gives identification information to the duplicate document. Further, the document relation table 116 stores the newly created duplicate document identification information and the original document identification information in association with each other.

  FIG. 15 is a diagram illustrating an example of a document relationship table according to the third embodiment of the present invention. The document 801 is information for uniquely identifying a document in the information search system. The original document 802 stores information for uniquely identifying the original document of the duplicate document when the document 801 is a duplicate document of the original document newly generated when the user specifies confidential information.

  FIG. 16 is a diagram illustrating an example of a concept for generating a copy of a document according to the third embodiment of the present invention. The document owner or administrator can set an access permission group individually for a plurality of confidential information in the same document. For example, as shown in FIG. 16, when an access permission group is set for each confidential information in the document Z, as shown in 901 in the confidential information management table 115, it is different for the user group p, the user group q, and the user group r. A disclosure range is set. In this case, since the users belonging to the user group q and the user group r are subject to different partial disclosure restrictions, the search service program 110 generates at least two duplicate documents according to individual partial disclosure ranges. These are managed in association with each other in the document relation table 116.

  FIG. 17 is a flowchart showing an example of the confidential information registration procedure in the document according to the third embodiment of the present invention.

  First, the user sets the access permission group for the confidential information in the document through the interface as shown in FIG. 8 by the document owner or administrator (step 1401). The confidential information may be designated by the document owner or administrator, or the user may confirm and designate the confidential information based on the candidates presented by the program.

  Next, the search service program 110 internally generates a duplicate document separately from the original document for the document in which confidential information is registered (step 1402). For newly created duplicate documents, the confidential information is concealed by deleting the secret designated portion, replacing it with a hidden character, or performing encryption. As a result, the confidential information in the duplicate document is not indexed.

  Next, the search service program 110 registers the original document in the confidential information management table 115 based on the contents set by the user in step 1401 (step 1403).

  Next, the search service program 110 registers both the original document and the duplicate document generated in step 1402 in the index 113 (step 1404). As described above, confidential information in a duplicate document is not indexed, and only non-confidential parts are indexed.

  FIG. 18 is a flowchart illustrating an example of a search processing procedure by the search service program 110 according to the third embodiment of the present invention.

  First, the search service program 110 receives a search sentence and user identification information input by the user using the input unit 24 of the client computer 2 via the search client program 210 (step 1501).

  Next, the search service program 110 passes the search sentence to the search engine program 112, and the search engine program 112 performs search and scoring by the above-described score calculation method and procedure, and returns a document list to the search service program 110 (step). 1502).

  Next, the search service program 110 selects one document from the document list received from the search engine program 112, and performs steps 1504 to 1508 for each document (step 1503).

  Next, the search service program 110 refers to the document relation table 116 (step 1504).

  Next, the search service program 110 determines whether or not the original document exists in the document being processed (step 1505). As a result of the determination, the search service program 110 proceeds to step 1506 if the original document exists, and proceeds to step 1508 if the original document does not exist.

  If it is determined in step 1505 that the original document exists in the document being processed, the search service program 110 refers to the confidential information management table 115 and the user matches the one or more words included in the search sentence. It is determined whether or not access to all of the information is permitted (step 1506). As a result of the determination, the search service program 110 proceeds to step 1507 if it has the access right, and proceeds to step 1510 if it does not have the access right.

  If it is determined in step 1506 that the user has an access right, the search service program 110 associates the document being processed with the original document (step 1507). As a method of association, for example, the document being processed is arranged immediately below the original document regardless of the score of the document being processed.

  Next, the search service program 110 determines whether there are any other documents in the document list (step 1508). If there is, the search service program 110 executes step 1503 and subsequent steps for the next document. The search result is presented to the user via the search client program 210 (step 1508).

  If it is determined in step 1506 that the user does not have access rights, the search service program 110 deletes the document being processed from the document list, and the document other than the document being processed of the original document. If the duplicate document is in the document list, the duplicate document is deleted from the list (step 1510), and the process proceeds to step 1508.

  In the third embodiment, the search service program 110 generates a search result for each document in the document list received from the search engine program 112 and the original document according to the user authority and the confidential information included in the document. In the fourth embodiment, the search engine program 112 generates a document list according to the user's authority and the access right to the document in the fourth embodiment. An example of a processing procedure when the search service program 110 generates a final search result will be described.

  FIG. 19 is a flowchart illustrating an example of a procedure for registering confidential information in a document according to the fourth embodiment of the present invention.

  Each processing from step 1401 to step 1404 is the same as that in FIG.

  After the processing of step 1404, the search service program 110 registers access permission group information in units of documents in the form shown in FIG. 12 in the index 113 based on the contents set by the user in step 1403 (step 1605).

  FIG. 20 is a flowchart showing another example of the search processing procedure by the search service program 110 according to the fourth embodiment of the present invention.

  First, the search service program 110 receives a search sentence and user identification information input by the user via the search client program 210 (step 1501).

  Next, the search service program 110 passes the search sentence to the search engine program 112, and the search engine program 112 performs search, access control and scoring in document units by the above-described score calculation method and procedure, and searches the document list. Return to service program 110. In access control, access right information in document units set in step 1605 is used.

  Each processing from step 1503 to step 1509 is the same as that in FIG. In the fourth embodiment, access control is performed in step 1702 using access right information in document units set in advance in step 1605, and at that time, the user has authority over the original document and the duplicate document. 18 is included in the document list and passed to the search service program 110, so the processing of step 1510 shown in FIG. 18 can be omitted.

  The embodiments 3 and 4 of the present invention have been described above. According to the third and fourth embodiments, the document holder or administrator registers access right information for confidential information or privacy information in the document in advance, and the upper program of the search engine program 112 conceals the confidential information of the document. Another document is generated internally, the generated document is managed in association with the original document, and an index is created for both. In addition, the search service program deletes the documents included in the search and scoring results by the search engine based on the access right information and the above association information, so that appropriate information based on the confidential information and privacy information in the document is obtained. Search results can be generated.

  The embodiments of the present invention have been specifically described with reference to some examples. However, the present invention is not limited to these examples, and various modifications can be made without departing from the scope of the present invention. It is.

DESCRIPTION OF SYMBOLS 1 ... Search server, 2 ... Client computer (terminal), 3 ... Document sharing server, 4 ... Communication network, 10, 20, 30 ... Control part, 11, 21, 31, ... Storage unit 12, 22, 32 ... Network interface unit 13, 23, 33 ... Display unit, 14, 24, 34 ... Input unit, 15, 25, 35 ... Data bus.

Claims (11)

A search server connected to a plurality of terminals via a communication network,
A management unit that receives confidential information of the document and access right information for the confidential information from the terminal via the communication network, and manages the received information in association with the index word of the document or the position of the index word;
When a document search request is received from the terminal via the communication network, the index word or the access right for each position of the index word based on the words in the search sentence included in the document search request and the management unit If there is an access right as a result of the determination, a document list is created in which information of documents including the index word is listed, the degree of conformity of the document is calculated, and the document list is calculated based on the calculation result. A control unit that rearranges each of the documents therein, and transmits this as a search result candidate to the search request source terminal of the document via the communication network;
Search server with The management unit
Managing confidential information of the document and access right information for the confidential information in association with the structure of the document;
The controller is
For each document in the search result candidate, the confidential information included in the document name of the document is concealed based on the access right information related to the structure of the document, and this is used as a final search result. Transmitting to the search requesting terminal of the document via a communication network;
The search server according to claim 1. A search server connected to a plurality of terminals via a communication network,
A management unit that receives confidential information of the document and access right information for the confidential information from the terminal via the communication network, and manages the received information in association with the structure and words of the document;
A document search request is received from the terminal via the communication network, and a document that matches the document search request is searched based on a word in a search sentence included in the document search request and the management unit. This is used as a full text search result, and the degree of conformity of the document is calculated. The full text search result is rearranged based on the calculation result, and this is used as a search result candidate as a search request source of the document via the communication network. A control unit that transmits to the terminal;
Search server with The controller is
Delete a document containing a word that the user cannot access from the search result candidates, and send this as a final search result to the search requesting terminal of the document via the communication network.
The search server according to claim 3. The controller is
In the search result candidate, the output rank of the document including the word accessible by the user is lowered, and this is transmitted as a final search result to the terminal that is the search request source of the document via the communication network.
The search server according to claim 4. The controller is
Based on the confidential information of the document and the access right information of the user for the confidential information, the document is copied, the confidential information is concealed in the copied document, and the document from which the document is created Associating and storing in the previous term management section, indexing each document,
The search server according to claim 3. The controller is
Based on the information of the management unit, it is determined whether or not the user has an access right to the original document of the duplicate document, and if the access right is determined by the determination, the document is selected as the original document in the search result candidate. Reordering in association with this, and sending this as a final search result to the terminal of the document search request source via the communication network,
The search server according to claim 6. Based on the information of the management unit, the presence or absence of the user's access right to the original document of the duplicate document is determined, and if the access right is not determined by the determination, the original document is deleted in the search result candidate. Then, this is transmitted as a final search result to the search request source terminal of the document via the communication network.
The search server according to claim 7. An information retrieval method in a computer,
By the control unit provided in the computer,
Obtain confidential information of the document and access right information for the confidential information;
Associating the acquired information with the index word of the document or the position of the index word;
Get a document search request,
Based on the word in the search sentence included in the search request for the document and the association information, it is determined whether or not there is an access right for each position of the index word or the index word,
If there is an access right according to the determination, a document list that lists information of documents including the index word having the access right is created.
Calculating the fitness of the document containing the index term;
Reordering each document in the document list based on the calculation result, and outputting this as a search result candidate;
Information retrieval method. On the computer,
Obtain confidential information of the document and access right information for the confidential information;
Associating the received information with an index word of the document or a position of the index word;
Get a document search request,
Based on the word in the search sentence included in the search request for the document and the association information, it is determined whether or not there is an access right for each position of the index word or the index word,
If there is an access right according to the determination, a document list that lists information of documents including the index word having the access right is created.
Calculating the fitness of the document containing the index term;
Reordering each document in the document list based on the calculation result, and executing a process of outputting this as a search result candidate;
program.   A computer-readable storage medium storing the program according to claim 10.

Images