JP2011100334A - Document file retrieval system, document file registration method, document file retrieval method, program, and recording medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To securely share a file registered in a document file retrieval system, and to protect an index. <P>SOLUTION: The document file retrieval system having a server device that searches for a file in response to a request from a client device is provided with: an index creation means for creating index data to be used for file retrieval from a file to be registered to a document file retrieval system on the client device; an encryption means for encrypting the index data created by the index creation means and the file to be registered, on the client device; an index storage means for storing the index data on the server device; a registration means for registering the index data encrypted by the encryption means in the index data storage means on the server device; and a retrieval means for retrieving a file by using the encrypted index data stored in the index storage means on the server device. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a document file search system, a document file registration method, a document file search method, a program, and a recording medium, and in particular, in a so-called document file search system that searches a file in which desired information is described using a computer. The present invention relates to a technique for searching so that only a user authorized by a user who has registered a file can use the file (hereinafter referred to as “secure”), and a technique for securely sharing a file.

  Conventionally, in a document file search system, a user who registers a file registers a file in the document file search system, and a user who browses the file accesses the document file search system to search for and obtain a desired file. Was sharing. In such a document file search system, it is important to securely protect the shared file. This is because, for example, in a document file search system operated in a company, a file that should not be leaked outside the company, such as a company secret, may be shared.

  For example, Patent Document 1 proposes a technique for securely sharing a file by setting a user who can access the file.

  However, in the method of Patent Document 1, the file is registered in the document file search system in a plain text state, and the user who has acquired the file may leak the file to a third party. It wasn't done. In order to solve this, it is necessary to protect the file on the document file search system. As a method for this, when registering a file in the document file search system, it is conceivable to protect the file by encrypting the file with a client computer and registering it in the document file search system. In general, a document file search system refers to the contents of a file registered in the document file search system, creates information such as words included in the file contents (hereinafter referred to as “index”), and stores the index. Use to search for files containing specific words at high speed.

  However, the above method has the following problems. Since the document file search system cannot refer to the contents of the encrypted file, an index cannot be created, and the encrypted file cannot be searched by the document file search system. In order to solve this, it is necessary to decrypt the encrypted file on the document file search system. As a method, a key for decrypting the encrypted file on the document file search system is stored, and the encrypted file at the time of index creation is decrypted with the key for decrypting the encrypted file and stored. Store the decrypted file in the device. A method for creating an index by referring to the contents of the decrypted file is required.

  However, this method has the following problems. Since the temporarily decrypted file is stored in the storage device, there is a possibility that the decrypted file may remain in the storage device due to a malfunction of the document file search system or due to a power failure. There was a possibility of leaking. Also, since the key for decrypting the encrypted file is stored on the document file search system, the key for decrypting the encrypted file stored in the text file search system has been leaked to the outside. In some cases, an illegally encrypted file may be decrypted, causing information leakage. In addition, the index created from the file contains information such as words contained in the file and the file path, but the index is not protected and may be leaked to third parties. . Therefore, there is a possibility that information is leaked when confidential information is described in the file contents and the contents of the confidential information are indexed.

  For example, Patent Document 2 proposes the following method for safely building and searching an indexed database table. In the database management system, transparent data is taken from the database table, and a node is formed from each index key and index data. Then, the formed node is encrypted using the first secret key, and a binary tree index is constructed.

  However, in the method of Patent Document 2, a plaintext node before encryption is handled on the database management system, or an encrypted index is decrypted at the time of retrieval, and a plaintext index is handled on the database management system. The administrator of the database management system may leak a plaintext index.

JP 2004-145589 A Special table 2008-517354 gazette

  The first problem is that the conventional document file search system does not protect the file registered in the document file search system. The second problem is that the index is not protected in the conventional document file search system. Therefore, there is a possibility that a user who has the authority to access the document file search system obtains a file from the text file search system and leaks it to a third party, or the index leaks to a third party.

  In view of the above-described circumstances, an object of the present invention is to enable secure sharing of files registered in a document file search system and protection of an index.

  A document file search system according to the present invention is a document file search system in which a server device searches for a file in response to a request from a client device. The file search is performed from a file to be registered in the document file search system on the client device. Index creation means for creating index data used in the process, encryption means for encrypting the index data created by the index creation means and the file to be registered on the client device, and index data on the server device Using index holding means, registration means for registering the index data encrypted by the encryption means on the server device in the index data holding means, and encrypted index data held by the index holding means on the server device The A search means for performing Airu search, the.

  A document file registration method of the present invention is a document file registration method in a document file search system in which a server device searches for a file in response to a request from a client device, and the client device is a registration target in the document file search system. An index creation step for creating index data used for file search from a file, an encryption step for the client device to encrypt the index data created in the index creation step and a file to be registered, and a server device for index data A registration step for registering the index data encrypted in the encryption step.

  The document file search method of the present invention is a document file search method in a document file search system in which a server device searches for a file in response to a request from a client device, and the file to be registered in the document file search system by the client device. Index data used for file search created and encrypted from is stored in index holding means for holding index data, and the server apparatus is held in index holding means in response to a file search request from a client apparatus. The decryption step for decrypting the encrypted index data is compared with the search keyword included in the index data decrypted by the server device and the search keyword acquired together with the file search request from the client device. Has a, a file search step to create a search result data.

  A first program of the present invention is a program used in a document file search system in which a server device searches for a file in response to a request from a client device. The file to be registered in the document file search system is stored in the client device. Then, the index creation processing for creating the index data used for the file search and the encryption processing for encrypting the index data created by the index creation processing and the file to be registered are executed, and the server device stores the index data. The index holding means for holding the data is caused to execute a registration process for registering the index data encrypted by the encryption process.

  A second program of the present invention is a program used in a document file search system in which a server device searches for a file in response to a request from a client device, and from a file to be registered in the document file search system by the client device. The index data used for the created and encrypted file search is held in the index holding means for holding the index data, and held in the index holding means in response to the file search request from the client device in the server device. Creates search result data by comparing the decryption process that decrypts the encrypted index data, the search keyword included in the index data decrypted by the decryption process, and the search keyword obtained with the file search request from the client device. To do Le search process and, thereby executing.

  The recording medium of the present invention is a computer-readable recording medium on which the above program is recorded.

  A first effect of the present invention is that a user who has registered a file in the document file search system can protect the file so that only a user who has permitted permission to view the registered file can view it. The reason is that before the file is registered in the document file search system, the file is encrypted with the file browsing authority and then registered in the document file search system.

  The second effect of the present invention is that the index and the file are protected when the file is searched by the document file search system. The reason is that before registering a file in the document file search system, an index is created from the file, the index is encrypted with the file search authority, and then registered in the document file search system.

1 is a configuration diagram of a document file search system according to the present invention. FIG. It is a block diagram of the document file search system which concerns on embodiment (1st Embodiment, 2nd Embodiment) of this invention. It is the figure which showed the example of the file registration input means which concerns on embodiment of this invention. It is the figure which showed the example of the index table which concerns on embodiment of this invention. It is the figure which showed the example of the file search input means which concerns on embodiment of this invention. It is the figure which showed the example of the search result list | wrist which concerns on embodiment of this invention. It is the figure which showed the example of the file search result display means which concerns on embodiment of this invention. It is the figure which showed the example of the file acquisition input means which concerns on embodiment of this invention. It is the flowchart which showed the flow of the file registration process which concerns on embodiment (1st Embodiment, 2nd Embodiment) of this invention. It is the flowchart which showed the flow of the file search process which concerns on embodiment (1st Embodiment, 3rd Embodiment) of this invention. It is the flowchart which showed the flow of the file acquisition process which concerns on embodiment (1st Embodiment, 2nd Embodiment) of this invention. It is the flowchart which showed the flow of the file search process which concerns on embodiment (2nd Embodiment) of this invention. It is a block diagram of the document file search system which concerns on embodiment (3rd Embodiment) of this invention. It is the flowchart which showed the flow of the file registration process which concerns on embodiment (3rd Embodiment) of this invention. It is the flowchart which showed the flow of the file acquisition process which concerns on embodiment (3rd Embodiment) of this invention.

  In the present invention, as shown in FIG. 1, the document file search system 1 includes an index holding unit 3, a registration unit 4, a search unit 5, an index creation unit 7 on the client device 6, and an encryption unit 8. It is comprised. The index holding means 3 holds encrypted index data used for file search. The registration unit 4 registers the index data encrypted by the encryption unit 8 in the index holding unit 3. The search means 5 performs a file search using the encrypted index data held in the index holding means 3 in response to a file search request from the client device. The index creation means 7 creates index data from a file registered in the document file search system 1. The encryption unit 8 encrypts the index data created by the index creation unit and the file to be registered.

  In the present invention, when a file is registered in the document file search system 1, an index of the file is created by the index creating means 7 on the client device 6 and the encrypting means 8 on the client device 6 is registered before registering the file. Since the index data and the file are encrypted, the encrypted index data and the file are registered, and the search unit 5 on the server device 2 performs the file search using the encrypted index of the index holding unit 3, so that the file is secured It is possible to search and share.

  Hereinafter, the best mode for carrying out the present invention will be described in detail with reference to the drawings.

[First Embodiment]
(Description of configuration)
FIG. 2 is a diagram showing the configuration of the document file search system according to the first embodiment of the present invention. Referring to FIG. 2, a client computer 11 and a server computer 12 used by a user are connected using a network 15, and a file storage device 14 for storing a file registered in a document file search system 13 by a user is provided. The client computer 11 includes a client file storage device 111 and a file browsing unit 112, and includes various units constituting a document file search system described later. The document file search system 13 operates on the client computer 11 and the server computer 12, and includes file registration input means 1301, keyword extraction means 1302, keyword encryption means 1303, file encryption means 1304, file registration request on the client computer 11. A transmission unit 1305, a file search input unit 1309, a file search request transmission unit 1310, a file search result reception unit 1315, a file search result display unit 1316, a file acquisition input unit 1317, a file acquisition request transmission unit 1318, and a file reception unit 1322. File registration request receiving means 1306, file registration means 1307, index table 1308, file search request receiving means 1311 on the server computer 12, file search Stage 1312, a reading unit 1313, a file search result transmitting means 1314, file obtaining request receiving unit 1319, file obtaining unit 1320 and the file transmission means 1321, and a.

  Each of the above devices and means will be specifically described.

  The client computer 11 is a computer used by a user.

  The client file storage device 111 is a storage device for storing a file registered in the document file search system 13 by the user and a file acquired from the document file search system 13 by the user. The client file storage device 111 may be a storage device such as a hard disk.

  The file browsing unit 112 is a unit for acquiring and browsing the file acquired from the document file search system 13 from the client file storage device 111, and is a program for browsing the file encrypted by the file encryption unit 1304. For example, Microsoft Office (registered trademark) manufactured by Microsoft (registered trademark) may be used. Other means may be used as long as the file encrypted by the file encryption means 1304 can be browsed and the plaintext file is not stored in the storage device.

  The server computer 12 is a server computer on which the document file search system 13 operates.

  The document file search system 13 is a system that performs file registration, file search, and file acquisition. The document file search system 13 uses an encryption technology that sets an authority to view a file for each user and controls file browsing by authenticating with a user ID and password. An example of such an encryption technique is DRM (Digital Rights Management). The user ID and password are uniquely determined for each user by an administrator of the document file search system 13 and registered in the document file search system 13. The registered user ID and password are notified to each corresponding user by the administrator.

  The file registration input unit 1301 is a unit for inputting information necessary for the user to register a file in the document file search system 13 (file to be registered, file search authority setting, file browsing authority setting, etc.). The dialog shown in FIG. 3 can be used.

  FIG. 3 shows a screen example of the file registration input unit 1301. In FIG. 3, a file registration input unit 1301 includes a user ID input unit G1001 for inputting a user ID of a user who registers a file, a password input unit G1002 for inputting a password of a user who registers a file, and a client file storage. File selection means G1003 for selecting a file to be registered in the document file search system 13 from files stored in the apparatus 111, and file search for selecting a user ID of a user who can search for the file selected by the file selection means G1003. File selection authority G1005 for selecting the user ID of a user who can view the file selected by the authority selection means G1004 and file selection means G1003: input user ID, password, file, file verification A file registration button G1006 for performing file registration with search authority and file browsing authority is provided. By pressing a file registration button G1006, the file registration request unit 1102 registers a file in the document file search system 13.

  The keyword extraction unit 1302 is a program that acquires the file to be registered selected by the file selection unit G1003 from the client file storage device 111, and analyzes and acquires the keyword and the number of appearances of the keyword from the text of the file. Here, there may be a plurality of keywords to be acquired, and the number of occurrences of the keywords may be replaced with a score that determines the importance of the keywords.

  The keyword encryption unit 1303 encrypts the keyword acquired by the keyword extraction unit 1302 and the number of appearances of the keyword with the file search authority designated by the file registration input unit 1301. That is, the keyword obtained by the keyword extraction unit 1302 and the number of appearances of the keyword are input by the file search authority selection unit G1004 using the user ID input by the user ID input unit G1001 and the password input by the password input unit G1002. It is a program that encrypts with the specified file search authority. For example, an RMS (Rights Management Service) of Microsoft (registered trademark) based on the DRM technology may be used. Other means may be used as long as it is a means that can set and encrypt file search authority for each user.

  The file encryption unit 1304 acquires the file specified by the file registration input unit 1301 from the client file storage device 111 and encrypts it with the file browsing authority specified by the file registration input unit 1301. That is, the file to be registered selected by the file selection unit G1003 is acquired from the client file storage device 111, and the acquired file is used by the user ID input by the user ID input unit G1001 and the password input by the password input unit G1002. Thus, the file browsing authority selection unit G1005 encrypts the file with the file browsing authority. For example, RMS (registered trademark) RMS may be used. Other means may be used as long as it is a means that can set and encrypt file browsing authority for each user.

  The file registration request transmission unit 1305 includes the file search authority input by the file search authority selection unit G1004, the keyword encrypted by the keyword encryption unit 1303 with the file search authority, and the number of appearances of the keyword, the file encryption unit This is a means for transmitting the file encrypted with the file browsing authority in 1304 to the file registration request receiving means 1306 by encrypting communication via the network 15. For example, SSL (Secure Socket Layer) can be used.

  The file registration request receiving unit 1306 encrypts the file search authority transmitted from the file registration request transmission unit 1305 via the network 15, the keyword encrypted with the file search authority, the number of occurrences of the keyword, and the file browsing authority. It is a means for receiving the converted file. For example, SSL may be used.

  The file registration unit 1307 stores the encrypted file received by the file registration request reception unit 1306 in the file storage device 14 and creates a file ID that uniquely identifies the file registered in the document file search system 13. The file registration unit 1307 also stores the file ID, the file search authority received by the file registration request reception unit 1306, the keyword encrypted with the file search authority, the number of occurrences of the keyword, and the file stored in the file storage device 14. The file path is combined to create a record and register it in the index table 1308. The file ID may be created by incrementing by 1 based on the number of records registered in the index table 1308.

  The index table 1308 is a set of record data created by the file registration unit 1307. The index of the file registered in the document file search system 13 by the user may be stored on a hard disk or the like. Specifically, as shown in FIG. 4, the index table 1308 is a file ID for uniquely identifying a file registered in the document file search system 13, a file search authority indicating a user who can search the file, and a file search. Keyword for encrypting the keyword for file search with the file search authority, the number of occurrence of the keyword encrypted with the file search authority for the number of occurrences of the keyword in the file, and the file path indicating the location of the file registered in the document file search system 13 Consists of

  The file search input unit 1309 is a unit for inputting information (file search keyword) required when the user searches for a file from the document file search system 13, and can be configured by a dialog as shown in FIG. 5, for example.

  FIG. 5 shows a screen example of the file search input means 1309. In FIG. 5, a file search input unit 1309 is a user ID input unit G2001 for inputting a user ID of a user searching for a file, a password input unit G2002 for inputting a password of a user searching for a file, a document File search keyword setting means G2003 for setting a file search keyword for searching for a file registered in the file search system, and a file search button G2004 for searching for a file with the input user ID, password, and file search keyword. . When the file search button G2004 is pressed, the file search unit 1312 searches for a file.

  The file search request transmission unit 1310 transmits the user ID input by the user ID input unit G2001, the password input by the password input unit G2002, and the file search keyword input by the file search keyword setting unit G2003 via the network 15. Thus, the communication is encrypted and transmitted to the file search request receiving unit 1311. For example, SSL may be used.

  The file search request receiving unit 1311 is a unit that receives the user ID, password, and file search keyword transmitted from the file search request transmitting unit 1310 via the network 15. For example, SSL may be used.

  The file search means 1312 obtains each record from the index table 1308, the keyword encrypted with the file search authority for each record in the index table 1308 is decrypted by the browsing means 1313, and the keyword received by the file search request receiving means 1311. Get all records that match. The browsing unit 1313 uses the user ID and password received by the file search request receiving unit 1311 to decrypt the keyword encrypted with the file search authority for each record in the index table 1308. Further, the file search unit 1312 combines the file ID of the matched record and the number of appearances of the keyword decrypted by the browsing unit 1313 to create a search result list. Specifically, as shown in FIG. 6, the search result list includes a file ID and the number of appearances of keywords.

  The browsing means 1313 is a means for decrypting keywords and keyword appearances encrypted with the file search authority registered in the index table 1308. The browsing means 1313 displays the keywords and keyword appearances encrypted by the keyword encryption means 1303. It is a program for browsing. For example, RMS (registered trademark) RMS may be used. Any other browsing means can be used as long as it can browse keywords and the number of keyword appearances encrypted by the keyword encryption means 1303 with the file search authority and does not store the plaintext keywords and the number of keyword appearances in the storage device. Good.

  The file search result transmission unit 1314 is a unit that encrypts communication via the network 15 and transmits the search result list created by the file search unit 1312 to the file search result reception unit 1315. For example, SSL may be used.

  The file search result receiving unit 1315 is a unit that receives the search result list transmitted from the file search result transmitting unit 1314 via the network 15. For example, SSL may be used.

  The file search result display means 1316 is a means for displaying the search result list received by the file search result receiving means 1315, and can be constituted by a dialog as shown in FIG. 7, for example.

  FIG. 7 shows a screen example of the file search result display unit 1316. In FIG. 7, the file search result display means 1316 includes file search result display means G3001 for displaying all the contents of the search result list received by the file search result receiving means 1315.

  The file acquisition / input unit 1317 is a unit for inputting information (file ID) necessary for the user to acquire a file from the document file search system 13, and may be configured by a dialog as shown in FIG. 8, for example.

  FIG. 8 shows a screen example of the file acquisition / input unit 1317. In FIG. 8, a file acquisition input unit 1317 includes a file ID input unit G4001 for inputting a file ID of a file that the user wants to acquire, and a file acquisition button G4002 for performing file acquisition with the input file ID. When the file acquisition button G4002 is pressed, the file acquisition unit 1320 acquires the file.

  The file acquisition request transmission unit 1318 is a unit that encrypts communication via the network 15 and transmits the file ID input by the file ID input unit G4001 to the file acquisition request reception unit 1319. For example, SSL may be used.

  The file acquisition request receiving unit 1319 is a unit that receives the file ID transmitted from the file acquisition request transmitting unit 1318 via the network 15. For example, SSL may be used.

  The file acquisition unit 1320 compares the file ID acquired by the file acquisition request reception unit 1319 with the file ID of each record in the index table 1308, and acquires the file path of the record with the matching file ID from the index table 1308. Then, the encrypted file indicated by the acquired file path is acquired from the file storage device 14.

  The file transmission unit 1321 is a unit that encrypts the communication of the encrypted file acquired by the file acquisition unit 1320 via the network 15 and transmits the encrypted file to the file reception unit 1322. For example, SSL may be used.

  The file receiving unit 1322 is a unit that receives the encrypted file transmitted from the file transmitting unit 1321 via the network 15. For example, SSL may be used.

  The file storage device 14 is a storage device that stores a file registered in the document file search system by a user, and can be configured by, for example, a hard disk.

  The network 15 is a network for transmitting and receiving data between the client computer 11 and the server computer 12, and can be configured by a LAN (Local Area Network), for example.

(Description of operation)
A process when the user registers a file in the document file search system will be described with reference to the flowchart of FIG.

  First, the file registration input means 1301 includes information necessary for a user to register a file in the document file search system, that is, a user ID, a password, a file to be registered in the document file search system, a file search authority for the file to be registered, and registration. The file browsing authority of the file to be input is input (steps S101 to S105).

  Next, the keyword extraction unit 1302 extracts the keyword having the highest number of appearances and the number of appearances of the keywords in the text of the file designated by the user as a file registered in the document file search system in step S103 (step S106). Then, the keyword encryption unit 1303 encrypts the extracted keyword and the number of appearances of the keyword with the file search authority input in step S104 using the user ID and password input in step S101 and step S102 ( Step S107). Further, the file encryption unit 1304 encrypts the file specified by the user in step S103 with the file viewing authority input in step S105 using the user ID and password input in step S101 and step (step S108). ).

  Subsequently, the file registration request transmission unit 1305 encrypts the file search authority input in step S104, the keyword encrypted with the file search authority in step 107 and the number of occurrences of the keyword, and the file browsing authority in step S108. The file thus transmitted is transmitted from the client computer 11 to the server computer 12 (step S109).

  Next, the file registration unit 1307 stores the encrypted file transmitted in step S109 in the file storage device 14 (step S110). Further, the file registration unit 1307 acquires the number of records registered in the index table (step S111), and creates a file ID based on the acquired number of records (step S112). Then, a record is created by combining the created file ID, the file search authority transmitted in S109, the keyword encrypted with the file search authority and the number of occurrences of the keyword, and the file path storing the file in S110. (Step S113), and the created record is registered in the index table (Step S114).

  A process when the user searches for a file registered in the document file search system will be described with reference to the flowchart of FIG.

  First, the file search input unit 1309 inputs information necessary for the user to search for a file registered in the document file search system, that is, a user ID, a password, and a file search keyword (steps S201 to S203).

  Next, the file search request transmission unit 1310 transmits the user ID, password, and file search keyword input in steps S201 to S203 from the client computer 11 to the server computer 12 (step S204).

  Subsequently, the file search unit 1312 acquires the index table 1306 (step S205), and acquires records one by one from the index table 1306 (step S206). Then, the keyword encrypted with the file search authority is acquired from the record (step S207), and the encrypted keyword is decrypted using the user ID and password transmitted in step S204 (step S208). If the decryption is successful (step S209 / YES), the file search keyword transmitted in step S204 is compared with the keyword decrypted in step S208 (S210). On the other hand, when decryption fails (step S209 / NO), the encrypted keyword is acquired from another record and decrypted (step S206 to step S208).

  When the file search keyword matches the keyword in S210 (step S211 / YES), the file search unit 1312 acquires the number of appearances of the keyword encrypted with the file search authority from the record acquired in step S206 (step S212). The number of appearances of the encrypted keyword is decrypted using the user ID and password transmitted in step S204 (step S213). Then, the file ID is acquired from the record acquired in step S206 (step S214), and the file ID and the number of appearances of the keyword acquired in step S213 are added to the search result list (step S215). On the other hand, if the file search keyword and the keyword do not match in S210 (step S211 / NO), the file search means 1312 performs the processing after step S206 (steps S206 to S210). Note that the processing from step S206 to step S215 is repeated for the number of records in the index table 1308.

  Next, the file search result transmission unit 1315 transmits the search result list acquired in step S215 from the server computer 12 to the client computer 11 (step S216). The file search result display unit 1316 displays the search result based on the search result list transmitted in step S216 (step S217).

  Processing when the user acquires a file registered in the document file search system will be described with reference to the flowchart of FIG.

  First, the file acquisition input unit 1317 inputs information necessary for the user to acquire a file registered in the document file search system, that is, the file ID of the file to be acquired by the user (step S301).

  Next, the file acquisition request transmission unit 1318 transmits the file ID input in step S301 from the client computer 11 to the server computer 12 (step S302).

  Subsequently, the file acquisition unit 1320 acquires the index table 1306 (step S303), and acquires records one by one from the index table 1306 (step S304). Then, a file ID is acquired from the record (step S305), and the file ID is compared with the file ID transmitted in step S302 (step S306). If both file IDs match (step S307 / YES), the file path is acquired from the record acquired in step S304 (step S308). If both file IDs do not match (step S307 / NO), A file ID is obtained from another record and compared with the file ID transmitted in step S302 (steps S304 to S306). Note that the processing from step S304 to step S307 is repeated for the number of records in the index table 1308.

  Next, the file acquisition unit 1320 acquires an encrypted file from the file storage device 14 based on the file path acquired in step S308 (step S309). Then, the file transmission unit 1321 transmits the encrypted file acquired in step S309 from the server computer 12 to the client computer 11 (step S310). The file receiving unit 1322 stores the encrypted file transmitted in step S310 in the client file storage device 111 (step S311).

[Second Embodiment]
(Description of operation)
The second embodiment of the present invention is an improvement of the process of the first embodiment with respect to the process when a user searches for a file registered in a document file search system. The file search process of this embodiment will be described with reference to FIG.

  The present embodiment is different from the first embodiment in the processing of step S206 to step S215. In the second embodiment, step S207 to step S209 and step S212 to step S214 in the first embodiment are deleted, and step S218 to step S224 between step S206 and step S210, and step S225 between step 211 and step S215. And step S226 is added respectively. Hereinafter, processing performed by the file search unit 1312 (step S206 ("record acquisition from index table" processing) to step S215 ("add file ID and number of occurrences of keywords to search result list")) will be described.

  The file search unit 1312 acquires records one by one from the index table 1308 (step S206), acquires the record file search authority (step S218), and the user ID transmitted in step S204 is set as the file search authority. Whether they are included is compared (step S219). If the user ID is included in the file search authority (step S220 / YES), the record acquired in S206 is added to the list of indexes for which the user has file search authority (hereinafter referred to as “search list”) ( Step S221). If the user ID is not included in the file search authority (step S220 / NO), another record is acquired and the user ID and the file search authority are compared (step S206, step S218, step S219). These processes (step S206, step S218, step S219, step S220, and step S221) are repeated by the number of records.

  Subsequently, the file search means 1312 decrypts the keyword and the number of appearances of the keyword encrypted with the file search authority in the search list created in step S221 using the user ID and password transmitted in step S204. Then, a decrypted search list is created (step S222).

  Then, the file search means 1312 acquires a record from the decrypted search list decrypted in step S222 (step S223), acquires a keyword from the record (step S224), and transmits the keyword and step S204. The file search keywords are compared (S210). If the file search keyword matches the keyword in S210 (step S211 / YES), the number of occurrences of the keyword and the file ID are acquired from the record acquired in step S223 (step S225, step S226), and the acquired file ID and keyword The number of appearances is added to the search result list (step S215). On the other hand, if the file search keyword does not match the keyword in S210 (step S211 / NO), the processing after step S223 is performed (step S223, step S224, step S210, step S211, step S225, step S226, step S215). ). These processes (step S223, step S224, step S210, step S211, step S225, step S226, and step S215) are repeated for the number of decrypted search lists.

  In this embodiment, keywords are not decrypted for all records acquired from the index table, and a search list is created by comparing the user ID and file search authority to narrow down the decryption target. It is possible to increase the processing speed when searching for a file registered in the document file search system.

[Third Embodiment]
The third embodiment of the present invention is configured so that a file registered in the document file search system can be shared without being stored in an external storage device without using the file storage device 14 as in the first embodiment. It is.

(Description of configuration)
FIG. 13 is a diagram showing the configuration of a document file search system according to the third embodiment of the present invention. Referring to FIG. 13, two client computers 11 used by a user and a server computer 12 are connected using a network 15. The client computer 11 includes a client file storage device 111 and a file browsing unit 112, and includes various units constituting a document file search system described later. The document file search system 13 operates on the client computer 11 and the server computer 12, and includes file registration input means 1301, keyword extraction means 1302, keyword encryption means 1303, file search input means 1309, file search request on the client computer 11. Transmission means 1310, file search result reception means 1315, file search result display means 1316, file acquisition input means 1317, file acquisition request transmission means 1318, client file encryption means 1323, index registration request transmission means 1324, file path reception means 1329 , File reception request transmission means 1330, file reception request reception means 1331, client file acquisition means 1332, client file transmission means 1333, and Client file reception means 1334, index table 1308 on server computer 12, file search request reception means 1311, file search means 1312, browsing means 1313, file search result transmission means 1314, file acquisition request reception means 1319, index registration request reception It comprises means 1325, index registration means 1326, file path acquisition means 1327 and file path transmission means 1328.

  The difference in configuration from the first embodiment is that the client computer 11 replaces the file encryption unit 1304, the file registration request transmission unit 1305, and the file reception unit 1322 with a client file encryption unit 1323, an index registration request transmission unit. 1324, file path reception means 1329, file reception request transmission means 1330, file reception request reception means 1331, client file acquisition means 1332, client file transmission means 1333 and client file reception means 1334, and the server computer 12 performs file registration Instead of request receiving means 1306, file registration means 1307, file acquisition means 1320 and file transmission means 1321, index registration request receiving means 1325, index registration Stage 1326 is a point having a file path obtaining means 1327 and file paths transmitting unit 1328.

  Each of the above-described devices and means will be specifically described, but differences from the first embodiment will be described.

  The client file encryption unit 1323 obtains the file specified by the file registration input unit 1301 from the client file storage device 111, encrypts it with the file viewing authority specified by the file registration input unit 1301, and stores it in the client file storage device 111. Store the encrypted file. Specifically, the file selected by the file selection unit G1003 (FIG. 3) is acquired from the client file storage device 111, and the user ID and password input by the user ID input unit G1001 (FIG. 3) are input for the file. Using the password input by means G1002 (FIG. 3), encryption is performed with the file browsing authority input by file browsing authority selecting means G1005 (FIG. 3), and the encrypted file is stored in the client file storage device 111. It is a program. For example, RMS (registered trademark) RMS may be used. Other means may be used as long as it is a means that can set and encrypt file browsing authority for each user.

  The index registration request transmission unit 1324 transmits the keyword encrypted by the keyword encryption unit 1303 with the file search authority, the number of occurrences of the keyword, and the file path of the encrypted file stored in the client file storage device 111. The encrypted communication is transmitted to the index registration request receiving means 1325 via the. For example, SSL may be used.

  The index registration request receiving unit 1325 receives the keyword encrypted with the file search authority, the number of appearances of the keyword, and the file path transmitted from the index registration request transmitting unit 1324 via the network 15. For example, SSL may be used.

  The index registration unit 1326 creates a file ID for uniquely identifying a file registered in the document file search system 13, and encrypts the keyword and keyword keyword encrypted with the file search authority received by the index registration request reception unit 1325. The number of appearances and the file path are registered in the index table 1308. Specifically, a file ID for uniquely identifying a file registered in the document file search system 13, a keyword encrypted with the file search authority received by the file registration request receiving unit 1306, the number of occurrences of the keyword, and an index This is a program for creating a record by combining the file path received by the registration request receiving means 1325 and registering it in the index table 1308. The file ID may be created by incrementing by 1 based on the number of records registered in the index table 1308.

  The file path acquisition unit 1327 compares the file ID acquired by the file acquisition request reception unit 1319 with the file ID of each record in the index table 1308, and acquires the file path of the record with the matching file ID.

  The file path transmission unit 1328 encrypts the communication of the encrypted file acquired by the file path acquisition unit 1327 via the network 15 and transmits the encrypted file to the file path reception unit 1329. For example, SSL may be used.

  The file path receiving unit 1329 receives the file path transmitted from the file path transmitting unit 1328 via the network 15. For example, SSL may be used.

  The file reception request transmission unit 1330 encrypts communication via the network 15 and transmits the file path acquired by the file path reception unit 1329 to the file reception request reception unit 1331. For example, SSL may be used.

  The file reception request reception unit 1331 receives the file path transmitted from the file reception request transmission unit 1330 via the network 15. For example, SSL may be used.

  The client file acquisition unit 1332 is a program that acquires the encrypted file indicated by the file path acquired by the file reception request reception unit 1331 from the client file storage device 111.

  The client file transmission unit 1333 encrypts communication via the network 15 and transmits the encrypted file acquired by the client file acquisition unit 1332 to the client file reception unit 1334. For example, SSL may be used.

  The client file reception unit 1334 is a program that receives the encrypted file transmitted from the client file transmission unit 1333 via the network 15 and stores the encrypted file in the client file storage device 111. For example, SSL may be used.

(Description of operation)
Processing when the user registers a file in the document file search system will be described using the flowchart of FIG.

  The file registration process in the present embodiment is different from that in the first embodiment in the processes in steps S107 to S111. In the third embodiment, steps S108 to S110 in the first embodiment are deleted, and steps S115 and S116 are added between steps S107 and S111. Hereinafter, the process of step S115 and step S116 is demonstrated.

  In step S115, the client file encryption unit 1323 uses the user ID input in step S101 and the password input in input step S102 to input the file to be registered input in step S103 in input step S105. The file is encrypted with the file browsing authority, and the encrypted file is stored in the client file storage device 111.

  In step S116, the index registration request transmission unit 1324 uses the keyword encrypted with the file search authority input in step S104 in step S107 and the number of occurrences of the keyword, and the file search authority input in step 104 in step S115. The file path of the encrypted file stored in the client file storage device 111 is transmitted from the client computer 11 to the server computer 12.

  In the third embodiment, the index registration unit 1326 acquires the number of records in the index table (step S111), file ID creation (step S112), record creation (step S113), and record registration in the index table (step S114). I do.

  Next, processing when the user acquires a file registered in the document file search system will be described using the flowchart of FIG.

  The file registration process in this embodiment is different from that in the first embodiment in steps S308 to S311. In the third embodiment, steps S309 and S310 in the first embodiment are deleted, and steps S312 to S315 are added between steps S308 and S311. Hereinafter, the process of step S312-step S315 is demonstrated.

  In step S312, the file path transmission unit 1328 transmits the file path acquired in step S308 from the server computer 12 to the client computer 11.

  In step S313, the file reception request transmission unit 1330 transmits the file path transmitted in step S312 to the client computer 11 indicated by the file path. Then, the file reception request reception unit 1331 of the client computer 11 receives the file path from the file reception request transmission unit 1330.

  In step S314, the client file acquisition unit 1332 acquires the encrypted file indicated by the file path transmitted in step 313 and received by the file reception request reception unit 1331 from the client storage device 111.

  In step S315, the client file transmission unit 1333 transmits the encrypted file acquired in step S314 to the client computer 11 that requested the file reception by the file reception request transmission unit 1330.

  In the third embodiment, the file path acquisition unit 1327 acquires the index table (step S303), the record (step S304), the file ID (step S305), and the file ID comparison (step S306 and step S306). In step S307, the file path is acquired (step S308), and the client file receiving unit 1334 stores the encrypted file in the client file storage device 111 (step S311).

  In this embodiment, each client computer is provided with a client file storage device that stores an encrypted file, and the server computer holds records such as encrypted keywords and file paths in an index table, and files according to requests. Since the path is sent to the client computer and the encrypted file is transmitted / received between the client computers based on the file path, the file registered in the document file search system is not stored in an external storage device. It becomes possible to share.

  The above-described embodiment is a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above-described embodiment alone, and various modifications are made without departing from the gist of the present invention. Implementation is possible.

  The program executed by the client computer 11 in this embodiment has a module configuration including the above-described units (keyword extraction unit 1302, keyword encryption unit 1303, file encryption unit 1304, etc.). Specific means are realized using hardware. That is, when the computer (CPU) reads a program from a predetermined recording medium and executes it, the above-mentioned means are loaded onto the main storage device and generated.

  In addition, the program executed by the server computer 12 in this embodiment has a module configuration including the above-described units (file registration unit 1307, file search unit 1312, browsing unit 1313, file acquisition unit 1320, etc.). And actual means are realized using actual hardware. That is, when the computer (CPU) reads a program from a predetermined recording medium and executes it, the above-mentioned means are loaded onto the main storage device and generated.

  The program executed by the client computer 11 and the server computer 12 in this embodiment may be configured to be stored on a computer connected to a network such as the Internet and provided by being downloaded via the network. Further, the program may be provided or distributed via a network such as the Internet.

  The program is a file in an installable or executable format, such as a floppy (registered trademark) disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD, nonvolatile memory card, or the like. It may be configured to be provided by being recorded on a computer-readable recording medium. Further, the program may be provided by being incorporated in advance in a ROM or the like.

  In this case, the program code itself read from the recording medium or loaded and executed through the communication line realizes the functions of the above-described embodiments. And the recording medium which recorded the program code comprises this invention.

DESCRIPTION OF SYMBOLS 1 Document file search system 2 Server apparatus 3 Index holding means 4 Registration means 5 Search means 6 Client apparatus 7 Index creation means 8 Encryption means 11 Client computer 12 Server computer 13 Document file search system 14 File storage device 15 Network 111 Client file storage Device 112 File browsing means 1301 File registration input means 1302 Keyword extraction means 1303 Keyword encryption means 1304 File encryption means 1305 File registration request transmission means 1306 File registration request reception means 1307 File registration means 1308 Index table 1309 File search input means 1310 File Search request transmission means 1311 File search request reception means 1312 File File search result transmission unit 1315 File search result reception unit 1316 File search result display unit 1317 File acquisition input unit 1318 File acquisition request transmission unit 1319 File acquisition request reception unit 1320 File acquisition unit 1321 File transmission unit 1322 File reception means 1323 Client file encryption means 1324 Index registration request transmission means 1325 Index registration request reception means 1326 Index registration means 1327 File path acquisition means 1328 File path transmission means 1329 File path reception means 1330 File reception request transmission means 1331 File reception request Receiving means 1332 Client file obtaining means 1333 Client file transmission Communication means 1334 Client file reception means

Claims (12)

A document file search system in which a server device performs a file search in response to a request from a client device,
Index creation means for creating index data used for file search from a file to be registered in the document file search system on the client device;
Encryption means for encrypting the index data created by the index creation means and the file to be registered on the client device;
Index holding means for holding the index data on the server device;
Registration means for registering the index data encrypted by the encryption means in the index data holding means on the server device;
Search means for performing a file search using the encrypted index data held by the index holding means on the server device;
A document file search system comprising:   The document file search system according to claim 1, wherein the encryption unit performs encryption using a file search authority indicating an authority to access the document file search system. On the server device, having decryption means for decrypting the encrypted index data,
The search means compares the search keyword included in the index data decrypted by the decryption means with the search keyword acquired together with the file search request from the client device, and creates search result data. The document file search system according to claim 1 or 2. On the server device, having decryption means for decrypting the encrypted index data,
4. The document file search system according to claim 1, wherein the decrypting unit does not store the decrypted index data in the index holding unit and other storage units. The registration means registers the file encrypted by the encryption means in a storage means for storing the registered file,
On the server device, in response to a file acquisition request from the client device, a file acquisition unit that acquires the encrypted file from the storage unit;
On the server device, a file transmission unit that transmits the encrypted file acquired by the file acquisition unit to the client device;
5. The document file search system according to claim 1, further comprising: On the server device, having decryption means for decrypting the encrypted index data,
The index holding means holds file search authority indicating the authority to access the document file search system used for encrypting the index data;
The search means acquires the file search authority from the index holding means, compares the file search authority with the user ID acquired together with the file search request from the client device, and sets the file search authority to match the user ID. The corresponding encrypted index data is created as a search intermediate list, the search keyword included in the index data of the search intermediate list decrypted by the decryption means, and the search keyword acquired together with the file search request from the client device, The document file search system according to any one of claims 1 to 4, wherein search result data is created. The index holding means holds a file path of the encrypted file,
On the server device, in response to a file acquisition request from the client device, a file path acquisition unit that acquires a file path of the encrypted file from the index holding unit;
File path transmission means for transmitting the file path acquired by the file path acquisition means to the client apparatus on the server device;
Storage means for storing a registered file on the client device;
File registration means for registering the file encrypted by the encryption means in the storage means on the client device;
On the client device, a file acquisition unit that acquires the encrypted file from the storage unit using a file path acquired from the server device;
On the client device, when an encrypted file corresponding to the file path acquired from the server device is not stored in the storage unit, a file reception request unit that makes a file reception request to another client device;
5. The document file search system according to claim 1, further comprising: A document file registration method in a document file search system in which a server device performs a file search in response to a request from a client device,
An index creating step in which the client device creates index data used for file search from a file to be registered in the document file search system;
The client device encrypts the index data created in the index creation step and the file to be registered;
A registration step in which the server device registers the index data encrypted in the encryption step in an index holding unit for holding the index data;
A document file registration method characterized by comprising: A document file search method in a document file search system in which a server device searches for a file in response to a request from a client device,
Index data used for file search created and encrypted from a file to be registered in the document file search system by the client device is held in an index holding unit for holding the index data,
The server device, in response to a file search request from the client device, decrypting the encrypted index data held in the index holding means;
A file search step in which the server device compares a search keyword included in the index data decrypted in the decryption step with a search keyword acquired together with a file search request from the client device, and creates search result data;
A document file search method characterized by comprising: A program used in a document file search system in which a server device searches for a file in response to a request from a client device,
In the client device,
Index creation processing for creating index data used for file search from a file to be registered in the document file search system;
An encryption process for encrypting the index data created in the index creation process and the file to be registered;
And execute
In the server device,
A program causing an index holding unit for holding the index data to execute a registration process for registering the index data encrypted by the encryption process. A program used in a document file search system in which a server device searches for a file in response to a request from a client device,
Index data used for file search created and encrypted from a file to be registered in the document file search system by the client device is held in an index holding unit for holding the index data,
In the server device,
A decryption process for decrypting the encrypted index data held in the index holding means in response to a file search request from the client device;
A file search process for comparing the search keyword included in the index data decrypted by the decryption process with the search keyword acquired together with the file search request from the client device, and creating search result data;
A program characterized by having executed.   12. A recording medium on which the program according to claim 10 or 11 is recorded and readable by a computer.

Images