JP2013037432A - File distribution device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To achieve user convenience and security in exchanging electronic files among users.SOLUTION: A file distribution device 32 receives an electronic file from a sender PC 12, and notifies both receiver PC 20 and authorizer PC 14 of information about the electronic file. The file distribution device 32 receives an acquisition request of the electronic file from the receiver PC 20, and provides the receiver PC 20 with the electronic file. The file distribution device 32 provides the receiver PC 20 with the electronic file until receiving information demanding to inhibit provision of the electronic file from the authorizer PC 14, and after having received the information demanding to inhibit provision of the electronic file, refuses to provide the electronic file.

Description

  The present invention relates to a data processing technique, and more particularly, to a technique for mediating exchange of electronic files between users.

  In recent years, a service for distributing a file transmitted from a sender to a receiver via a server provided between the sender and the receiver has been proposed (for example, see Patent Document 1).

JP 2006-277517 A

  Traditional file delivery services so far provide files to recipients subject to approval by the approver, or to recipients (unconditionally) whether or not the approver has allowed it. Was to provide a file. Although the former has high security, the user's convenience may be lowered, and the latter has high user's convenience, but the security may be lowered. The present inventor considered that there is room for improvement in the file distribution method from the viewpoint of achieving both user convenience and security in file distribution.

  The present invention has been made in view of these problems, and a main object thereof is to provide a technique for achieving both user convenience and security in exchanging electronic files between users.

  In order to solve the above-described problem, a file delivery apparatus according to an aspect of the present invention includes a file reception unit that receives an electronic file from a sender's terminal, and information on the received electronic file that is received from the receiver's terminal and the approver's terminal. Whether to accept the electronic file acquisition request from the recipient's terminal, accept the electronic file acquisition request from the recipient's terminal, and provide the electronic file from the approver's terminal. A permission information receiving unit that receives information indicating whether or not. The file providing unit provides the electronic file until information indicating that the provision of the electronic file is prohibited is received, and refuses the provision of the electronic file after the information indicating that the prohibition is received.

  It should be noted that any combination of the above-described constituent elements, and the expression of the present invention converted between a method, a system, a program, a recording medium storing the program, and the like are also effective as an aspect of the present invention.

  According to the present invention, it is possible to achieve both user convenience and security in exchanging electronic files between users.

It is a figure which shows the system configuration | structure of embodiment. It is a block diagram which shows the function structure of the file delivery apparatus of FIG. It is a figure which shows the structure of the data stored in a file holding part. It is a figure which shows the structure of the data stored in a sender information holding part. It is a figure which shows the example of the file delivery information notified to a receiver. It is a flowchart which shows operation | movement of a file delivery apparatus. It is a flowchart which shows the operation | movement following FIG. It is a flowchart which shows the operation | movement following FIG. It is a flowchart which shows the authentication process of S12 of FIG. 6 in detail. It is a flowchart which shows the delivery information notification process of S20 of FIG. 6 in detail. It is a flowchart which shows the file provision process of S38 of FIG. 7 in detail.

  In the embodiment, a file delivery apparatus that supports the exchange of electronic files between users is proposed. This file distribution apparatus has, as a file distribution method, (1) a method for providing an electronic file to a recipient regardless of whether or not the approver has permitted, and (2) reception on the condition that the approver has permitted. In addition to the method of providing an electronic file to the receiver, (3) when the electronic file is received from the sender, the file can be provided to the receiver, and if the approver prohibits the provision of the subsequent electronic file Provide a method to reject.

  The file distribution apparatus according to the embodiment applies one of the file distribution methods (1) to (3) described above for each group to which the user belongs. For example, the method (1) is applied to a user (a group to which convenience is more important than security), and the method (2) is applied to a user (a group to which the user is involved in a business that requires security more than convenience). ) Can be applied. In addition, the method (3) can be applied to a user (a group to which the user belongs) who should place importance on the balance between security and convenience.

  Hereinafter, a sender is a user who transmits an electronic file, and a receiver is a user who receives an electronic file. The approver is a user who permits or prohibits the provision of the electronic file from the sender to the receiver, for example, the superior of the sender. The system administrator is responsible for maintaining the security of the entire system, and is a user who sets a group of each sender and an approver corresponding to each sender.

  FIG. 1 is a diagram illustrating a system configuration according to the embodiment. The file distribution system 30 is an information processing system including the file distribution apparatus 32 described above. In the embodiment, one file distribution device 32 is included, but each function of the file distribution device 32 described later may be realized by cooperation of a plurality of information processing devices such as a web server, an application server, and a database server. Of course it is good.

  The company system 10 is an information processing system constructed in a certain company, and includes a sender PC 12, an approver PC 14, an administrator PC 16, and an authentication device 18.

  The sender PC 12 is a PC operated by the sender, and uploads an electronic file to be provided to the receiver to the file distribution device 32. The approver PC 14 is a PC that is operated by the approver, and receives information about the electronic file uploaded to the file distribution device 32 from the file distribution device 32 and displays it. The approver PC 14 receives an input from the approver as to whether or not to permit the electronic file to be provided to the receiver, and transmits it to the file distribution device 32.

  The authentication device 18 holds the sender's ID / password in the enterprise system 10. Further, the sender's mail address, the sender's group, and the approver's mail address for the sender are held in association with the sender's ID and password as sender attributes.

  The authentication device 18 receives an authentication request specifying an ID and a password from the sender PC 12 and authenticates the sender. When the authentication of the sender is successful, the authentication device 18 notifies the sender PC 12 of an authentication result and a sender attribute indicating that the authentication in the enterprise system 10 is successful. The sender PC 12 sets an authentication result and a sender attribute in a message (for example, an authentication assertion) defined by SAML (Security Assertion Markup Language), and notifies the file delivery apparatus 32 of the SAML message.

  As will be described later, when the SAML message received from the sender PC 12 indicates successful authentication of the sender, the file delivery apparatus 32 permits the sender to log in to the file delivery system 30 (file delivery apparatus 32). . That is, when the sender PC 12 successfully authenticates the authentication device 18, login to the file distribution system 30 (file distribution device 32) is permitted, and single sign-on is realized. The authentication device 18 also holds the ID / password of the approver in the enterprise system 10. When the approver PC 14 succeeds in authentication to the authentication device 18, login to the file distribution system 30 is permitted.

  The administrator PC 16 is a PC operated by the system administrator. The administrator PC 16 accepts input of the sender's ID, password, and sender attribute from the system administrator and records them in the authentication device 18. The recipient PC 20 is a PC operated by the recipient, and receives information from the file delivery device 32 and displays the information regarding the electronic file uploaded to the file delivery device 32. Then, an electronic file acquisition request is transmitted to the file distribution device 32, and the electronic file is downloaded from the file distribution device 32. The sender PC 12, approver PC 14, administrator PC 16, and receiver PC 20 in FIG. 1 are connected to the file distribution apparatus 32 via the Internet 40.

  FIG. 2 is a block diagram showing a functional configuration of the file distribution apparatus 32 of FIG. The file distribution device 32 includes a file holding unit 50, a sender information holding unit 52, a login request receiving unit 54, an authentication unit 56, a sender registration unit 58, a file receiving unit 60, and a file copying unit 62. , File encryption unit 64, notification unit 66, cancellation information reception unit 68, permission information reception unit 70, file provision unit 72, file deletion unit 74, and sender information deletion unit 76.

  Each block shown in the block diagram of the present specification can be realized in terms of hardware by an element such as a CPU of a computer or a mechanical device, and in terms of software, it can be realized by a computer program or the like. The functional block realized by those cooperation is drawn. Therefore, those skilled in the art will understand that these functional blocks can be realized in various forms by a combination of hardware and software. For example, each functional block in FIG. 2 may be stored in a recording medium as a file distribution program and installed in the storage of the file distribution device 32. Then, when the file distribution program is activated, the program module corresponding to each functional block may be read into the main memory and executed by the CPU.

  The file holding unit 50 is a storage area that holds information related to the electronic file uploaded from the sender PC 12. FIG. 3 shows a configuration of data stored in the file holding unit 50. In the distribution ID column, an ID (hereinafter also referred to as “distribution ID”) for uniquely specifying the uploaded electronic file is stored. In the sender ID column, the sender's mail address is stored as the sender's ID. The recipient email address field stores the recipient email address. The file data column includes an electronic file to be provided to the recipient (hereinafter also referred to as “recipient file”) and an electronic file to be confirmed by the approver. Both are also stored. As will be described later, the file holding unit 50 holds the recipient file for a relatively short period, while the trail file holds a relatively long period, in other words, a period to be held as an audit trail.

  In the message column, a character string indicating a message from the sender to the receiver is stored. The date and time when the electronic file distribution request is received from the sender PC 12 is stored in the request reception date and time column. The cancellation flag column stores a cancellation flag indicating that the distribution of the electronic file to the recipient has been canceled. In the approval flag column, an approval flag indicating that the distribution of the electronic file to the recipient is approved by the approver is stored.

  Returning to FIG. 2, the sender information holding unit 52 is a storage area for holding attribute information about the sender. FIG. 4 shows a configuration of data stored in the sender information holding unit 52. In the sender ID column, the sender's mail address is stored as the sender's ID. The group ID column stores a group to which the sender belongs and any one of a plurality of groups having different electronic file distribution modes. In the approver ID column, the approver's mail address is stored as the approver's ID for the sender. In the login date / time column, the date / time when the sender logs into the file delivery apparatus 32 is stored.

  In the present embodiment, first to third groups are provided as sender groups. The first group is a group to which users who should focus on convenience rather than security belong, the second group is a group to which users who should focus on security rather than convenience belongs, and the third group is a balance between security and convenience. It is assumed that the group to which the user who should place importance is attached. The group of senders may be determined, for example, according to the security policy for each department to which the sender belongs. Further, it may be determined according to a security policy for each customer in charge of the sender.

  Returning to FIG. 2, the login request accepting unit 54 accepts a login request to the file delivery apparatus 32 from the sender PC 12. At that time, the login request reception unit 54 causes the authentication device 18 to authenticate the sender by transmitting a redirect instruction to the authentication device 18 to the sender PC 12. Then, the SAML message (for example, authentication assertion) including the sender authentication result in the enterprise system 10, the sender mail address and group ID as the sender attributes, and the approver mail address is received from the sender PC 12.

  When the SAML message indicates that the authentication of the sender is successful in the enterprise system 10, the authentication unit 56 permits the sender PC 12 to access the file distribution system 30. The sender registration unit 58 stores the date and time when the login request is received by the login request reception unit 54 in the sender information holding unit 52 as the login date and time. Further, the sender registration unit 58 stores the sender's mail address, group ID, and approver's mail address included in the SAML message in the sender information holding unit 52.

  The file accepting unit 60 accepts an electronic file delivery request from the sender PC 12 that has successfully logged in. In other words, it accepts upload of an electronic file to be provided to the recipient. For example, when the authentication unit 56 records that the login is permitted in the cookie of the sender PC 12 and the fact that the login is permitted is recorded in the cookie provided from the sender PC 12, the file reception unit 60 sets the electronic file. May be accepted. The file reception unit 60 also sends the sender's email address as the sender ID, the recipient's email address, the message to the recipient, and key information (for example, a password character string) used to encrypt and decrypt the electronic file. Is received from the sender PC 12 together.

  The file reception unit 60 assigns a unique distribution ID for specifying the distribution of the uploaded electronic file, and notifies the sender PC 12 of the distribution ID so that the distribution of the electronic file can be canceled. In addition, the file reception unit 60 acquires the current date and time when the electronic file upload is received as the request reception date and time. The file copy unit 62 copies the electronic file received by the file receiving unit 60 and generates a recipient file and a trail file.

  The file encryption unit 64 encrypts the file for the receiver based on the key information received from the sender PC 12 (hereinafter also referred to as “first key information”). On the other hand, the trail file is encrypted based on key information different from the key information received from the sender PC 12 (hereinafter also referred to as “second key information”). For example, the second key information may be a random value generated by a random number generator, or may be a random value determined based on the current time. The second key information is held in a key information holding unit (not shown) in association with the distribution ID. The file encryption unit 64 sends the encrypted recipient file and trail file to the distribution ID, the sender email address, the recipient email address, the message to the recipient, the request acceptance date and time acquired by the file acceptance unit 60. And stored in the file holding unit 50.

  When the uploaded electronic file is newly stored in the file holding unit 50, the notification unit 66 sets information related to the electronic file (hereinafter also referred to as “file distribution information”) according to the group of the sender. Notify relevant parties. Specifically, when the sender belongs to the first group, an e-mail describing file distribution information is transmitted to the recipient PC 20. Further, when the sender belongs to the second group, it is transmitted to the approver PC 14 and the administrator PC 16, and when the sender belongs to the third group, it is transmitted to the approver PC 14, the administrator PC 16 and the receiver PC 20. When the sender belongs to the second group, the notification unit 66 sends an e-mail describing the file distribution information to the recipient PC 20 on the condition that the approval flag is set to ON for the uploaded electronic file. Send.

  FIG. 5 shows an example of file distribution information notified to the recipient (recipient PC 20). In the sender mail address 80, the recipient mail address 82, and the message 86 in the same figure, information associated with the electronic file to be distributed in the file holding unit 50 is set. The file URL 84 is a URL by which the distribution ID stored in the file holding unit 50 and the recipient file can be specified, and a hyperlink to the recipient file acquisition page is set. The “random number” in the URL of FIG. 5 includes a character string obtained by encrypting information necessary for accessing the recipient file, such as information indicating the storage location of the recipient file in the file delivery apparatus 32 and a delivery ID, and a random number. Is a character string obtained by combining a character string indicating the character string with a predetermined algorithm. The receiver can acquire the decrypted file for the recipient by selecting the file URL 84 and inputting a password (that is, first key information) predetermined with the sender.

  The file distribution information notified to the approver (approver PC 14) also includes the same contents as in FIG. However, the file URL in this case is a URL that can specify the distribution ID and the trail file stored in the file holding unit 50. As described above, since the password for decrypting the trail file (that is, the second key information) is held in the file distribution device 32, the approver does not know the first key information or the second key information. However, by selecting the file URL, the decrypted trail file can be acquired. Further, the file distribution information notified to the approver includes a hyperlink to a permission information input screen for setting permission or prohibition of provision of the electronic file to the recipient. The approver displays a permission information input screen and selectively inputs to permit or prohibit the provision of the electronic file to the recipient. The approver PC 14 transmits permission information or prohibition information specifying the distribution ID of the electronic file to the file distribution device 32.

  The file distribution information notified to the system administrator (administrator PC 16) does not include the contents of the electronic file (file URL in the example of FIG. 5). In the file distribution information notified to the system administrator, information on the distribution mode of the electronic file includes a transmission source (sender mail address), a transmission destination (recipient mail address), a request reception date and time, and a message to the receiver. included. A hyperlink to a prohibition information input screen for setting prohibition of provision of an electronic file to the recipient is also included. When the system administrator prohibits the provision of the electronic file to the receiver, the system administrator displays a prohibition information input screen and inputs that the provision of the electronic file to the receiver is prohibited. The administrator PC 16 transmits prohibition information specifying the distribution ID of the electronic file to the file distribution device 32.

  Returning to FIG. 2, the cancellation information receiving unit 68 receives cancellation information indicating that the electronic file distribution request is canceled from the sender PC 12. In this cancellation information, the distribution ID notified from the file distribution device 32 when uploading the electronic file is designated. The cancellation information receiving unit 68 sets the cancellation flag of the electronic file corresponding to the distribution ID specified by the cancellation information among the electronic files stored in the file holding unit 50 to ON.

  The permission information receiving unit 70 receives permission information from the approver PC 14 to permit the provision of the electronic file to the recipient. In this permission information, a specific distribution ID is designated. The permission information receiving unit 70 sets the approval flag of the electronic file corresponding to the distribution ID specified by the permission information among the electronic files stored in the file holding unit 50 to ON. Further, the permission information receiving unit 70 receives prohibition information for prohibiting the provision of the electronic file to the recipient from the approver PC 14 and the administrator PC 16. A specific distribution ID is also specified in this prohibition information. The permission information receiving unit 70 sets the approval flag of the electronic file corresponding to the distribution ID specified by the prohibition information among the electronic files stored in the file holding unit 50 to OFF.

  The file providing unit 72 receives an electronic file acquisition request (hereinafter also referred to as a “file acquisition request”) from the recipient PC 20. In this file acquisition request, the distribution ID of the electronic file and the first key information are specified. For example, the file providing unit 72 may accept the random number set in the file URL 84 of the file distribution information and the first key information from the recipient PC 20 as the file acquisition request. Then, information for accessing the recipient file based on a predetermined algorithm, for example, the distribution ID of the electronic file may be extracted from the random number. The file providing unit 72 decrypts the recipient file corresponding to the distribution ID specified in the file acquisition request among the recipient files held in the file holding unit 50 by using the first key information, and sends it to the recipient PC 20. Send.

  The file providing unit 72 transmits the electronic file to the recipient PC 20 in a manner corresponding to the group of the sender who uploaded the electronic file. For example, when the sender is the first group, regardless of whether the cancel flag and the approval flag corresponding to the electronic file are set to ON in the file holding unit 50, in other words, the approver and the system administrator The electronic file is transmitted to the recipient PC 20 regardless of whether the provision of the file is prohibited. When the sender is the second group or the third group, when the approval flag corresponding to the electronic file is set to ON in the file holding unit 50 and the cancel flag is not set (OFF), the electronic file is received by the receiver. Send to PC20.

  In the initial state where the electronic file is stored in the file holding unit 50, the cancellation flag is set to OFF, while the approval flag is set to ON when the sender is the first group and the third group, and the transmission is performed. If the person is in the second group, it is set to OFF. Therefore, when the sender is the second group, the electronic file is not provided to the recipient PC 20 unless the approver approves the file provision by the approver. On the other hand, when the sender is the third group, the electronic file is provided to the receiver from the uploading of the electronic file until the approver or system administrator prohibits the provision of the electronic file. If the approver or the system administrator prohibits the provision of the electronic file, the provision of the electronic file after that is refused.

  The file providing unit 72 receives a file acquisition request from the approver PC 14. In this file acquisition request, the distribution ID of the electronic file is specified. The file providing unit 72 uses the second key stored in association with the distribution ID of the trail file corresponding to the distribution ID specified in the file acquisition request among the recipient files stored in the file storage unit 50. The information is decrypted and transmitted to the approver PC 14.

  The file deletion unit 74 deletes the electronic file held in the file holding unit 50. Specifically, the recipient file held in the file holding unit 50 is deleted within a relatively short period (for example, two weeks) from the request reception date and time. On the other hand, the trail file held in the file holding unit 50 is deleted on the condition that a relatively long time (for example, three years) has passed since the request reception date and time. The holding period of the electronic file in the file holding unit 50 may be appropriately determined according to the amount of hardware resources of the file distribution device 32 and the security policy of each company.

  The sender information deleting unit 76 deletes the sender information held in the sender information holding unit 52. Specifically, sender information that has passed a predetermined period (for example, three months) from the login date is deleted from the sender information held in the sender information holding unit 52.

The operation of the file distribution apparatus 32 configured as described above will be described below.
FIG. 6 is a flowchart showing the operation of the file distribution device 32. When the login request receiving unit 54 receives a login request from the sender PC 12 (Y in S10), an authentication process described later is executed (S12). If the sender's login is permitted in the authentication process (Y in S14), the request from the sender PC 12 is accepted, while if the sender's login is denied (N in S14), the subsequent flow is skipped. Then, the process shown in the flowchart ends. If the login request is not accepted (N in S10), S12 and S14 are skipped.

  When the file receiving unit 60 receives an electronic file upload from the sender PC 12 (Y in S16), the file copying unit 62 copies the electronic file to generate a receiver file and a trail file. The file encryption unit 64 encrypts the recipient file with the first key information, encrypts the trail file with the second key information, and stores it in the file holding unit 50 (S18). And the notification part 66 performs the delivery information notification process mentioned later (S20). The file encryption unit 64 sets the cancellation flag to OFF when the electronic file is stored in the file holding unit 50. Further, when the sender is the first group or the third group, the approval flag is set to ON, and when the sender is the second group, the approval flag is set to OFF. If the electronic file upload is not accepted (N in S16), S18 and S20 are skipped.

  When the cancel information of the file transmission is received from the sender PC 12 (Y of S22), the cancel information receiving unit 68 sets the cancel flag associated with the electronic file specified by the cancel information to ON (S23). If the cancel information is not accepted (N in S22), S23 is skipped. When the file transmission prohibition information is received from the approver PC 14 or the administrator PC 16 (Y in S24), the permission information reception unit 70 sets the approval flag associated with the electronic file specified by the prohibition information to OFF. (S26). If the prohibition information is not accepted (N in S24), S26 is skipped.

  FIG. 7 is a flowchart showing the operation following FIG. When the permission information for file transmission is received from the approver PC 14 (Y in S28), the permission information receiving unit 70 sets the approval flag associated with the electronic file specified by the permission information to ON (S30). When the sender belongs to the second group (Y in S32), the notification unit 66 notifies the recipient PC 20 of the file distribution information (S34). When the sender belongs to the first group or the third group (N in S32), S34 is skipped. If the permission information is not accepted (N in S28), S30 to S34 are skipped. When the file providing unit 72 receives the file acquisition request (Y in S36), the file providing unit 72 executes a file providing process described later (S38). If the file acquisition request is not accepted (N in S36), S38 is skipped.

  FIG. 8 is a flowchart showing the operation following FIG. When the file deletion unit 74 detects a file for the recipient whose retention period has passed in the file for the recipient held in the file holding unit 50 (Y in S40), the file deletion unit 74 deletes the file for the recipient (S42). If a file for a recipient whose retention period has passed is not detected (N in S40), S42 is skipped. When the file deletion unit 74 detects a trail file whose retention period has passed in the trail file held in the file holding unit 50 (Y in S44), the file deletion unit 74 deletes the trail file (S46). If a file for a recipient whose retention period has passed is not detected (N in S44), S46 is skipped. When the sender information deletion unit 76 detects sender information that has passed a predetermined effective period in the sender information held in the sender information holding unit 52 (Y in S48), the sender information deletion unit 76 deletes the sender information (S48). S50). If the sender information that has passed the valid period has not been detected (N in S48), S50 is skipped.

  FIG. 9 is a flowchart showing in detail the authentication process in S12 of FIG. The login request reception unit 54 transmits an instruction to redirect to the authentication page provided by the authentication device 18 to the sender PC 12 (S60). When the SAML message indicating that the authentication by the authentication device 18 is successful is accepted (Y in S62), the authentication unit 56 permits the login to the file distribution device 32 (S64). If the sender email address included in the SAML message is not registered in the sender information holding unit 52 (Y in S66), the sender registration unit 58 uses the sender attribute included in the SAML message as the sender information. The information is newly recorded in the information holding unit 52 (S68). On the other hand, if the sender ID included in the SAML message is already registered in the sender information holding unit 52 (N in S66), the sender information recorded in the sender information holding unit 52 is used as the sender of the SAML message. Update with attributes (S70). When the SAML message indicating that the authentication in the authentication device 18 has failed is accepted (N in S62), the authentication unit 56 refuses to log in to the file distribution device 32 and ends the flow of this figure (S72).

  FIG. 10 is a flowchart showing in detail the distribution information notification process in S20 of FIG. If the sender belongs to the first group (Y in S80), the file delivery information is sent to the recipient PC 20 (S82). When the sender is not the first group (N in S80) and belongs to the second group (Y in S84), the file distribution information is transmitted to the approver PC 14 and the administrator PC 16 (S86). When the sender belongs to the third group (N in S84), the file distribution information is transmitted to the receiver PC 20, the approver PC 14, and the administrator PC 16 (S88).

  FIG. 11 is a flowchart showing in detail the file providing process in S38 of FIG. When the request source of the file acquisition request is the approver PC 14 (Y in S90), the trail file specified in the file acquisition request is transmitted to the approver PC 14 (S92). If the request source is not the approver PC 14 (N in S90), S92 is skipped. Note that identification information indicating the approver may be set in the file URL of the file distribution information provided to the approver PC 14, and the file providing unit 72 identifies the approver in the file URL specified in the file acquisition request. When the information is included, the request source may be determined as the approver PC 14. Similarly, identification information indicating the recipient may be set in the file URL of the file distribution information provided to the recipient PC 20, and the identification information of the recipient is included in the file URL specified in the file acquisition request. Alternatively, the request source may be determined as the recipient PC 20.

  If the requester of the file acquisition request is the recipient PC 20 (Y in S94) and the sender belongs to the first group (Y in S96), the file for the recipient is transmitted to the recipient PC 20 (S104). When the sender belongs to the second group or the third group instead of the first group (N in S96), the cancellation flag of the electronic file to be acquired is OFF (N in S100) and the approval flag is ON. If there is (Y in S102), the recipient file is transmitted to the recipient PC 20 (S104). If the cancel flag is ON (Y in S100) or the approval flag is OFF (N in S102), the transmission of the recipient file is rejected (S106). If the request source of the file acquisition request is not the recipient PC 20 (N in S94), the subsequent processing is skipped and the flow of FIG.

  According to the file distribution apparatus 32 of the present embodiment, when an electronic file is received from the sender, the file can be provided to the receiver, and when the approver prohibits the provision of the subsequent electronic file is rejected. File distribution can be realized, and both user convenience and security can be achieved. Depending on the user's attributes, file distribution that provides an electronic file to the recipient regardless of whether or not the approver has permitted, and file distribution that provides the electronic file to the recipient on condition that the approver has permitted Can be flexibly adapted to the security policy that the user should comply with.

  Further, according to the file distribution device 32, the sender directly related to the receiver, the approver such as the sender's superior, and the system administrator stop providing the electronic file to the receiver. Can do. Thereby, users with different responsibilities can avoid security risks from their respective viewpoints. For example, the system administrator does not know the contents of the business, so the contents of the electronic file are not notified, but based on the sender's / recipient's email address and the request reception date and time, It is possible to prevent provision of an electronic file uploaded at an illegal date and time.

  Further, according to the file distribution device 32, the login to the file distribution device 32 is permitted on condition that the authentication device 18 succeeds in authenticating the sender, and single sign-on between the enterprise system 10 and the file distribution system 30 is realized. To do. Further, if the system administrator sets the sender attribute for the authentication device 18, the sender information is automatically registered in the file delivery device 32 along with the single sign-on between the company system 10 and the file delivery system 30. The This eliminates the need for the system administrator to register the sender information in the file delivery apparatus 32. In other words, it is not necessary to manage the sender information twice in both the enterprise system 10 and the file delivery system 30. The burden on the administrator can be reduced.

  The present invention has been described based on the embodiments. This embodiment is an exemplification, and it will be understood by those skilled in the art that various modifications can be made to combinations of the respective constituent elements and processing processes, and such modifications are also within the scope of the present invention. is there.

  The modification regarding the aspect of electronic file delivery cancellation will be described. The file distribution device 32 may further include a transmission history screen providing unit. The transmission history screen providing unit acquires information on electronic files uploaded by a user who has successfully logged in (for example, a sender) from the file holding unit 50, and displays a list of information on the uploaded electronic files. Is provided to the user terminal (for example, the sender PC 12) and displayed. When the user selects an electronic file whose distribution is to be canceled on the transmission history screen, the user's terminal transmits file transmission cancellation information specifying the identification information of the electronic file to the file distribution apparatus 32. The cancellation information reception unit 68 of the file distribution apparatus 32 executes a file transmission cancellation process in the same manner as in the embodiment.

  The modification regarding the aspect of electronic file distribution approval will be described. The file distribution device 32 may further include an approval list screen providing unit. The approval list screen providing unit acquires, from the file holding unit 50, information on electronic files that a user (for example, an approver) who has successfully logged in should approve or reject the distribution, and displays the acquired information on the electronic files as a list. The approval list screen is provided to the user terminal (for example, the approver PC 14) and displayed. When the user selects approval or rejection for distribution of a specific electronic file on the approval list screen, the user's terminal distributes permission information indicating that the distribution of the electronic file is approved or prohibition information indicating that it is rejected. Transmit to device 32. The permission information receiving unit 70 of the file distribution device 32 performs the same processing as that of the embodiment on the permission information and the prohibition information.

  In the above embodiment, the sender belongs to one of the first group to the third group. As a variation, the sender may belong to more than one group. In this modification, the sender information holding unit 52 may hold information indicating a plurality of groups to which the sender belongs. The file accepting unit 60 may accept an electronic file delivery request including information indicating the group selected by the sender from the sender PC 12. The notification unit 66 and the file providing unit 72 are configured so that the sender group specified in the electronic file delivery request is included in the sender group stored in the sender information holding unit 52, in other words, matching. As a condition, processing corresponding to the group of senders specified in the electronic file distribution request may be executed. According to this modification, the sender can provide an electronic file by appropriately switching the group according to business circumstances (for example, for each of a plurality of customers having different security policies).

  It should also be understood by those skilled in the art that the functions to be fulfilled by the constituent elements recited in the claims are realized by the individual constituent elements shown in the embodiments and the modified examples or by their linkage.

  12 sender PC, 14 approver PC, 16 administrator PC, 18 authentication device, 20 receiver PC, 32 file delivery device, 50 file holding unit, 52 sender information holding unit, 54 login request receiving unit, 56 authentication unit , 58 Sender registration unit, 60 File reception unit, 62 File copy unit, 64 File encryption unit, 66 Notification unit, 68 Cancellation information reception unit, 70 Permit information reception unit, 72 File provision unit, 74 File deletion unit, 76 Sender information deletion unit.

Claims (7)

A file accepting unit that accepts an electronic file from the sender's terminal;
A notification unit for notifying both the recipient's terminal and the approver's terminal of information about the accepted electronic file;
A file providing unit that accepts the electronic file acquisition request from the recipient's terminal, and provides the electronic file to the recipient's terminal;
A permission information receiving unit that receives information indicating whether to permit the provision of the electronic file from the terminal of the approver;
With
The file providing unit provides the electronic file until information for prohibiting the provision of the electronic file is received, and rejects provision of the electronic file after the information for the prohibition is received. A file delivery apparatus characterized by the above. A copy unit for copying an electronic file received from the sender's terminal;
A file encryption unit,
The file providing unit receives an acquisition request for the electronic file from the approver's terminal, and provides the electronic file to the approver's terminal.
The file encryption unit encrypts an electronic file to be transmitted to the receiver's terminal based on key information designated by the sender, while the electronic file to be transmitted to the approver's terminal 2. The file delivery apparatus according to claim 1, wherein encryption is performed based on key information different from the information. A copy unit for copying an electronic file received from the sender's terminal;
A file holding unit,
The file providing unit receives an acquisition request for the electronic file from the approver's terminal, and provides the electronic file to the approver's terminal.
The file holding unit holds an electronic file to be transmitted to the recipient's terminal for a relatively short period, while holding an electronic file to be sent to the approver's terminal as an audit trail for a relatively long period. The file delivery apparatus according to claim 1 or 2, characterized by the above. The notification unit is information that does not include the contents of the electronic file, and further notifies the system administrator's terminal of information indicating a distribution mode of the electronic file,
When the system administrator prohibits the provision of the electronic file, the permission information reception unit receives information indicating that from the terminal of the system administrator,
4. The information processing apparatus according to claim 1, wherein when the information to prohibit the provision of the electronic file is received from a system administrator's terminal, the file providing unit rejects the provision of the electronic file thereafter. The file delivery apparatus according to any one of the above. For a plurality of types of groups with different delivery modes of the electronic file, further comprising a sender information holding unit for holding information indicating which group the sender belongs to,
The file providing unit
If the sender belongs to the first group, regardless of whether the approver permits the provision of the electronic file, the electronic file is provided to the recipient's terminal;
If the sender belongs to the second group, the electronic file is provided to the recipient's terminal on the condition that information indicating that the provision of the electronic file is permitted has been received;
When the sender belongs to the third group, the electronic file is provided until the information indicating that the electronic file is prohibited is received, and the electronic file is provided after the information indicating the prohibition is received. The file distribution apparatus according to claim 1, wherein the file distribution apparatus rejects. This file distribution device and the sender's terminal are connected via the Internet,
An authentication result of the sender in the first system including the sender's terminal, the sender's ID, and an external authentication information accepting unit that accepts external authentication information indicating the sender's group from the sender's terminal;
If the external authentication information indicates successful authentication of the sender, an authentication unit that permits access to the second system including the file distribution device;
By storing the ID and group of the sender indicated by the external authentication information in the sender information holding unit, the ID and group of the sender indicated by the external authentication information are changed to the ID of the sender in the second system and A sender registration unit to register as a group;
The file delivery apparatus according to claim 5, further comprising: The ability to accept electronic files from the sender ’s device;
The ability to notify both the recipient's device and the approver's device of information about the accepted electronic file,
A function of accepting an acquisition request for the electronic file from the recipient's terminal and providing the electronic file to the recipient's terminal;
A function of accepting information indicating whether to permit the provision of the electronic file from the terminal of the approver;
Is realized on a computer,
The provided function provides the electronic file until information indicating that the provision of the electronic file is prohibited is accepted, and refuses provision of the electronic file after the information indicating that the prohibition is accepted. A computer program characterized by the above.

Images