JP2014178826A - Information management system, information management device, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable a person outside a company to easily access available information in an information management system, while guaranteeing security of internal-use-only information stored in the information management system in the company.SOLUTION: When an information disclosure request reception unit 10 of a server 2 receives an access request, a disclosure range determination unit 11 respectively acquires current time from a current time acquisition unit 12, location information from a location information acquisition unit 13, and a disclosable condition for information to which the access request is performed from a disclosable condition presenting unit 20, and permits access to the information to which the access request is performed by a transmission source only when both of the location information included in the access request and the time (date) of reception of the access request match a relationship between a disclosable location and disclosable time for the information to which the access request is performed.

Description

  The present invention relates to an information management system and information management apparatus that manage whether or not access to information for which access restrictions are set is managed, and a program for causing a computer to function as the information management apparatus.

In organizations such as companies and public offices (here, they are described as “company” as a representative), confidential information (confidential documents, documents related to contracts, etc.) held inside them can be freely accessed by outsiders. Don't be afraid.
Therefore, an information management system with a mechanism to prevent access to confidential information without using the company's information management system, or to make it accessible only to people with specific access rights, is used. .

  However, on an information management system equipped with such a mechanism, even a document composed only of information disclosed to the outside or information known (or may be known) in contract , People outside the company could not access or it was difficult to access.

For example, when a meeting is held in which a person outside the company also participates, there is a case where the person outside the company wants to search related materials on the agenda of the meeting from the information management system in the company.
In such a case, even if the related material is information that has been disclosed to the outside, external participants can make the information management system specially available or have access rights to the related material. There has been a problem that a complicated operation of having the process of being given is required.

In order to deal with such a problem, for example, Patent Document 1 proposes the following data management system.
In the system, the use of the encrypted document recorded on the recording medium is collated with the position information of the device for referring to the information on the recording medium and the access control definition information recorded together with the encrypted document on the recording medium. . Then, when it is confirmed that the position information is a place where access defined by the access control definition information is permitted, access to the encrypted document on the recording medium is permitted.

However, such a data management system only restricts the browsing location of the encrypted document recorded on the recording medium.
For this reason, if you want people outside the company to use related information that is not confidential inside the company's information management system, you can make the information management system specially available or give access to the related material. The problem that the complicated work of giving is required cannot be solved.
The present invention has been made in view of the above points, and while keeping the security of confidential information held in the information management system in the company, even outside people can use the information in the information management system. The purpose is to make it easy to access the information.

In order to achieve the above object, the present invention is an information management system for managing access to information set with access restrictions stored in an information storage device, and has the following features.
Based on a receiving unit that requests access to the information and receives an access request having location information of the transmission source, location information included in the access request received by the receiving unit, and a time when the access request is received And an access permission / rejection determination unit that determines permission / refusal of access to the information according to the access request from the transmission source.

  The information management system according to the present invention makes it easy for people outside the company to access publicly available information in the information management system while maintaining the security of confidential information held in the information management system in the company. Can be accessed.

It is a conceptual diagram which shows the structure of one Embodiment of the information management system by this invention. It is a block diagram which shows the function structure of the server shown in FIG. 1, and an information storage device. It is a flowchart which shows a process when CPU of the server shown in FIG. 1 receives the disclosure request | requirement of information. It is a flowchart which shows the process in which CPU of the information storage device shown in FIG. It is a figure which shows an example of the correspondence of the openable conditions for every information. It is a block diagram which shows the function structure of other embodiment of the information management system by this invention.

Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings.
FIG. 1 is a conceptual diagram showing a configuration of an embodiment of an information management system according to the present invention.
The information management system 1 includes an information storage device 3 that stores various types of information such as document data and image data, and an information management device that manages access to information set with access restrictions stored in the information storage device 3. The server 2 is provided.

In addition, access points 4 and 5 that are base stations for wireless communication, notebook personal computers (hereinafter referred to as “notebook PCs”) 6 and 8 and a portable information terminal 7 used by a user are provided. These are all terminal devices having a Web browser function.
The server 2 is communicably connected to the information storage device 3 via a cable. The server 2 and the access points 4 and 5 are communicably connected via the network 9.
The access points 4 and 5 are installed in different places such as different rooms and buildings, respectively, and can wirelessly communicate with terminal devices existing within the range of the places.

FIG. 1 shows a case where the notebook PC 6 and the portable information terminal 7 are used within the range where the access point 4 is installed, and the notebook PC 8 is used within the range where the access point 5 is installed. ing.
In this way, the server 2, the information storage device 3, the access points 4, 5, the notebook PCs 6, 8 and the portable information terminal 7 form a local area network (LAN) that can communicate with each other by wireless communication and wired communication. Yes.

In this information management system 1, the notebook PCs 6, 8 or the portable information terminal 7 wirelessly transmit an access request to information stored in the information storage device 3 to the access points 4, 5.
Then, the access points 4 and 5 add the location information of their own access points 4 and 5 as the location information of the transmission source to the access request from the notebook PCs 6 and 8 or the portable information terminal 7, respectively, and transmit them to the server 2. .

When the server 2 receives the access request to which the location information is added, the server 2 applies information to the information by the access request from the transmission source based on the location information included in the access request and the time when the access request is received. Judge access permission.
When the server 2 determines that the access to the requested information is permitted, the server 2 discloses the requested information to the transmission source, and determines that the access to the information is not permitted. The information requested for access is kept private to the sender.

The notebook PCs 6 and 8 and the portable information terminal 7 transmit the access request to the server 2 through the access point 4 or 5 together with the identification information of the information requesting the server 2 to access.
Thereafter, a process of receiving the comment of the access permission judgment result transmitted from the server 2 in response to the access request or the access requested information through the access point 4 or 5 is also performed.

Each of the access points 4 and 5 is a communication device including a CPU, a ROM, and a RAM (not shown), and the CPU executes various processes by developing various programs in the ROM on the RAM and operating them.
The process includes a process of transmitting the access request received by wireless communication from the notebook PCs 6 and 8 or the portable information terminal 7 to the network 9 including the position information stored in the ROM of the own device. Also included is a process of transmitting information received from the server 2 or a comment indicating that the information cannot be disclosed to the notebook PCs 6 and 8 or the portable information terminal 7 by wireless communication.

Note that the number of notebook PCs and portable information terminals that can wirelessly communicate with the access point 4 or 5, respectively, is not limited to the number shown in FIG. In addition, any computer having a wireless communication function can communicate with a desktop personal computer other than a notebook PC or a portable information terminal. Hereinafter, these are collectively referred to as “terminal equipment”.
Further, on the network 9, other devices such as a copier, an image forming apparatus such as a multifunction peripheral, and a projector that can use these terminal devices can be connected.

Next, functions of the server 2 and the information storage device 3 that are information management devices of the information management system will be described.
FIG. 2 is a block diagram showing functional configurations of the server 2 and the information storage device 3 shown in FIG.
The server 2 is an information management device that manages access to information in the information storage device 3 in which information for which access restriction is set by location information and access permission time is stored. A computer having a CPU, ROM, RAM, and the like as its hardware configuration.

The server 2 can execute the functions as the respective means according to the present invention by the CPU 2 reading various programs in the ROM and developing them in the RAM, and then operating according to the various programs.
As shown in FIG. 2, the functions as the respective means include an access request reception unit 10, a disclosure range determination unit 11, a current time acquisition unit 12, a position information acquisition unit 13, and an information transmission unit 14. .

The access request receiving unit 10 receives and receives access requests from the access points 4 and 5 and sends the access requests to the disclosure range determining unit 11.
This access request is an access request for information stored in the information storage device 3, that is, a public request. The access request includes identification information for identifying information requesting disclosure and destination information on the network 9 of the terminal device that requests the access request.
The destination information is, for example, identification information such as an IP address for identifying the terminal devices such as the notebook PCs 6 and 8 and the portable information terminal 7 on the network 9 of the information management system 1.
The access request includes the position information of the access point 4 or 5 accessed by the terminal device. This position information is the position information of the transmission source of the access request.
In other words, the access request receiving unit 10 corresponds to a receiving unit that requests access to information stored in the information storage device 3 and receives an access request having location information of the transmission source.

When receiving the information access request from the access request receiving unit 10, the disclosure range determination unit 11 presents the current time to the current time acquisition unit 12, the location information to the location information acquisition unit 13, and the disclosure conditions for the information storage device 3. Each request is received from the section 20 and received.
When the disclosure range determination unit 11 requests the location information acquisition unit 13 for location information, the disclosure range determination unit 11 sends the location information of the access point 4 or 5 added to the access request. Further, when the disclosure range determination unit 11 requests the disclosure possible condition from the disclosure possible condition presenting unit 20 of the information storage device 3, it sends identification information of information requesting disclosure included in the access request.

When the disclosure range determination unit 11 receives the current time, location information, and disclosure possible condition, the disclosure range determination unit 11 compares the current time (the time when the access request is received), the location information and the disclosure possible condition, and information on the access request. It is determined whether or not access is possible, that is, whether it can be disclosed.
The disclosure range determination unit 11 refers to the information requested to be accessed when the position information corresponds to the disclosure possible position of the disclosure possible condition and the current time is included in the disclosure possible time (access permission time) of the disclosure possible condition. It is determined that the access to the site is permitted (can be made public).

In addition, when the position information does not correspond to the releasable position of the releasable condition or when the current time is not included in the releasable time of the releasable condition, access to the requested information is not permitted (disclosed). NO).
When it is determined that the information requested to be accessed is “permitted”, the disclosure range determination unit 11 requests and receives the requested information from the disclosure possible condition presenting unit 20 of the information storage device 3.
When making the request, identification information of the information requested to be accessed is sent.

When receiving the information requested to be accessed, the disclosure range determination unit 11 designates the transmission destination of the information as the destination of the terminal device that is the access request source, and sends the information to the information transmission unit 14.
Also, if the disclosure range determination unit 11 determines that the information requested to be accessed is “No”, the disclosure range determination unit 11 creates a comment indicating that the information cannot be disclosed, and sets the destination of the comment to the access request source terminal device. The address is designated and sent to the information transmitter 14.

That is, the disclosure range determination unit 11 receives the location information and the access request received by the access request reception unit 10 and the time when the access request is received, and the location information and access set in the information stored in the information storage device 3. The access restriction information according to the permission time is checked. Based on the comparison result, whether access to the requested information is permitted or not is determined.
Accordingly, the disclosure range determination unit 11 corresponds to an access permission / rejection determination unit that determines permission / refusal of access to information according to an access request from a transmission source of the access request.

The current time acquisition unit 12 counts the date and time, and when receiving a request for the current time from the disclosure range determination unit 11, acquires the date and time at the time of the request and includes the date and time The current time is sent to the disclosure range determination unit 11.
When the location information acquisition unit 13 receives a request for location information from the disclosure range determination unit 11, the location information acquisition unit 13 acquires the location information from the location information storage unit 24 of the information storage device 3 and sends the location information to the disclosure range determination unit 11. send.

The location information acquisition unit 13 searches the location information storage unit 24 of the information storage device 3 for location information corresponding to the location information of the access point 4 or 5 sent together with the location information request from the disclosure range determination unit 11. And get.
The location information of the access point 4 or 5 is location information included in the access request, and the latter location information is location information indicating a location where the terminal device is used.
When the information transmission unit 14 receives the designation of the destination together with the information or comment to be published from the disclosure range determination unit 11, the information transmission unit 14 sends the information or comment to be published via the network 9 with the designated access request source terminal device as the destination. To access point 4 or 5.

On the other hand, the information storage device 3 is a device including a large-capacity memory such as a hard disk device having a large-capacity storage area together with a CPU, a ROM, and a RAM as a hardware configuration.
Then, the CPU reads out various programs in the ROM, expands them in the RAM, and then operates according to the various programs, thereby executing the function as the openable condition presentation unit 20 in FIG. 2, which is a means related to the present invention. .

The large-capacity memory functions as the information storage unit 21, the publicly available time storage unit 22, the publicly available location storage unit 23, and the location information storage unit 24 in FIG. 2.
The information storage unit 21 stores various types of information such as document data and image data in association with identification information of the information.
The releasable time storage unit 22 stores a releasable time (access permitted time) indicating a date and time range that can be disclosed, set for each piece of information stored in the information storage unit 21.

The openable position storage unit 23 stores “openable position” set for each piece of information stored in the information storage unit 21.
This publicly available position is position information indicating a place such as a room or a building that can be opened, which is set for each piece of information stored in the information storage unit 21, and corresponds to information stored in the information storage device 3. This is location information where there is an accessible terminal device.

The position information storage unit 24 corresponds to the position information of the access points 4 and 5 (position information included in the access request) and indicates a location such as a room or a building that is accessible only to either the access point 4 or 5. I remember information.
The publishable condition presentation unit 20, the publishable time storage unit 22, and the publishable position storage unit 23 transmit an access request for each of a plurality of pieces of information stored in the information storage unit 21 and set with access restrictions. The relationship between the original position information and the access permission time is stored.

  That is, the disclosure possible condition presentation unit 20, the disclosure possible time storage unit 22, and the disclosure possible position storage unit 23 include the location information and access permission time of the transmission source of the access request for each information stored in the information storage device 3. This corresponds to a storage unit that stores the relationship.

Next, a processing procedure when the server 2 receives an access request will be described.
FIG. 3 is a flowchart showing processing when the CPU of the server 2 shown in FIG. 1 receives an access request.

For example, as a specific example of a method for making an access request for information from the notebook PC 6, a web browser operating on the notebook PC 6 accesses a portal site on the network 9, and the access request is executed by searching the server 2 for information there. Conceivable.
When the access point 4 receives the access request from the notebook PC 6, the access point 4 adds the location information of the access point 4 to the access request and transmits it to the server 2 via the network 9.

Then, the server 2 receives an access request from the access point in step S1 shown in FIG. This process corresponds to the function of the access request receiving unit 10 described with reference to FIG.
Next, in step S2, the location information of the access point, the current time (date and time) when the access request is received, and the disclosure conditions for the information requested to be accessed are acquired, and the process proceeds to step S3.

  In step S3, it is determined whether or not the disclosure request is from a place where the disclosure of information is permitted. If yes (Y), the process proceeds to step S4, and if no (N), the process proceeds to step S6.

In step S4, it is determined whether or not it is a time when disclosure of information is permitted. If yes (Y), the process proceeds to step S5, and if no (N), the process proceeds to step S6.
In the process of step S4, the function of the disclosure range determination unit 11 is yes when the current time is included in the disclosure possible time of the disclosure possible condition, and when the current time is not included in the disclosure possible time of the disclosure possible condition. Judge each as no.

If both the determinations in steps S3 and S4 are yes, it is determined that the information requested for access can be disclosed.
In Steps S3 and S4, the location information included in the access request and the time when the access request is received are collated with the access restriction based on the location information set in the information stored in the information storage device 3 and the access permission time. .

Then, it is determined whether or not access to the information by the access request from the transmission source is permitted.
By these steps S3 and S4, access is permitted only when the location information included in the received access request and the received time coincide with the relationship between the location information of the transmission source of the access request and the disclosure possible time. .

On the other hand, if either step S3 or step S4 is NO, it is determined that the information requested for access is not disclosed.
In step S5, the information requested for access is acquired, the information is transmitted to the source of the access request, and this process is terminated.
On the other hand, in step S6, a comment indicating that the requested information cannot be disclosed is created and transmitted, and this process ends.
The processing of steps S2 to S4 corresponds to the function of the disclosure range determination unit 11 described with reference to FIG. 2, and the processing of steps S5 and S6 corresponds to the processing of the disclosure range determination unit 11 and the information transmission unit 14.

When the destination transmitted in step S5 or S6 is, for example, the notebook PC 6, it is transmitted from the access point 4 shown in FIG. 1 so that it can be received at the location where the notebook PC 6 is located. Therefore, in the notebook PC 6 that requested access to the information requested to be accessed at the location where the disclosure is permitted and at the time when the disclosure is permitted, the necessary information can be obtained without performing a complicated operation for requesting the disclosure of the information. Information can be received and used.
In addition, by sending a comment indicating that the information cannot be disclosed to the notebook PC 6 that has requested access to the information at a location or time when the information is not permitted to be disclosed, You can be notified that it cannot be published.

Next, a procedure of processing when the information storage device 3 presents the disclosure possible condition to the server 2 will be described.
FIG. 4 is a flowchart showing processing when the information storage device 3 shown in FIG.

When the information storage device 3 receives a request for the disclosure requirement of the information requested from the server 2 in step S11 shown in FIG. 4, the information storage device 3 discloses the disclosure requirement (disclosure possible) of the information requested for the access in step S12. Location and availability time).
In step S13, the disclosure possible condition is presented to the server 2, and the process is terminated.
The processing of steps S11 to S13 corresponds to the function of the disclosure possible condition presentation unit 20 of the information storage device 3.

Next, an example of the correspondence relationship between the disclosure conditions for each piece of information stored in the information storage device 3 will be described with reference to FIG.
FIG. 5 is a diagram illustrating an example of a correspondence relationship of the disclosure possible conditions for each piece of information.
Each information stored in the information storage unit 21 shown in FIG. 2 of the information storage device 3 is associated with a publicly available position where the disclosure is permitted, and the disclosure is permitted for each location. The openable time is associated.

Taking the non-public information A shown in FIG. 5A as an example, this information A is publicly available at location A, which is a publicly available position, from January 23, 2012 to March 2012. Public permission is permitted only on the 20th of May and between 12:20 on June 5, 2012 and 13:20 on June 6, 2012.
Therefore, for example, when the access point 4 shown in FIG. 1 is installed at the location A, if the notebook PC 6 requests access to the information A, the time is from January 23, 2012 to March 20, 2012. If it is between, the information A can be browsed.
Further, the information A can be permitted to be disclosed to other places B and D, but the time periods in which the information A can be disclosed are different.
For this reason, for example, on January 23, 2012, when access is simultaneously made to the information A at the location A and the location B that are publicly available, only the access from the location A is permitted.
This information A is not disclosed in places other than places A, B, and D.

  In addition, the information B of the non-public information shown in FIG. 5B can be permitted to be published in the same time zone as a part of the time zone in which the information A can be made public, but only the location C can be made public. The information B is not provided to the user who requests access from the location A.

As shown in FIG. 5 (c), since the information M, which is public information, is set to be free for both the publicly available position and the publicly available time, it can be viewed from any place where the server 2 can be accessed. Can do.
In this way, by dynamically changing the disclosure range of information by a meeting, it is possible to access information under the management of the in-house information management system 1 even from outside the company.

For example, after the user of the notebook PC 6 moves to the installation location of the access point 5, even if an access request is made to information that can be disclosed only at the installation location of the access point 4, the information cannot be browsed.
This is because the access points 4 and 5 have different location information as described above, and therefore the server 2 determines whether or not the information can be disclosed based on the location information and the time of the disclosure request.

In the above-described embodiment, a case has been described in which the information storage device 3 is provided with a storage unit that stores the relationship between the location information of the transmission source of the access request for information and the disclosure possible time (access permission time).
In addition, the storage unit stores the relationship between the location information of the transmission source of the access request and the disclosure possible time (access permission time) for each of a plurality of pieces of information that are stored in the information storage device 3 and each of which has access restrictions set. The case of memorizing was explained.
However, this storage unit may be provided in the server 2 or another device on the network 9 to refer to the storage unit.

Next, another embodiment of the present invention will be described with reference to FIG.
In the information management system 1 described above, as described with reference to FIG. 2, access to information set with access restrictions stored in the information storage device 3 by the server 2 is managed.
However, the information management system shown in FIG. 6 has the functions of the units shown in FIG. 2 somewhere in the entire system including the server 2 and the information storage device 3. In this case, the information management system can be realized by only one of the server 2 and the information storage device 3. Moreover, you may make it implement | achieve the function of these each part with several apparatuses including the apparatus provided on the network 9 other than each apparatus shown in FIG.

  The access request reception unit 10, the disclosure range determination unit 11, the current time acquisition unit 12, the position information acquisition unit 13, the information transmission unit 14, the disclosure possible condition presentation unit 20, the information storage unit 21, the disclosure possible time storage unit 22, the disclosure The functions of the possible position storage unit 23 and the position information storage unit 24 have been described with reference to FIG.

The program according to the present invention is a program for causing a computer to function as an information management device that manages access to information in a storage device that stores information in which access restrictions are set by location information and disclosure possible time.
Therefore, this is a program for causing a computer to realize the reception function and the access permission determination function in the server 2 or the information storage device 3 described above.

  The reception function is a function for requesting access to information and receiving an access request having position information of the transmission source. The access permission / inhibition determination function is a function for determining permission / inhibition of access to information by the access request from the transmission source based on the location information included in the access request received by the reception function and the time at which the access request is received. .

Such a program may be stored in a storage means such as a ROM or HDD provided in the computer from the beginning. It can also be provided by being recorded on a non-volatile recording medium (memory) such as a CD-ROM or flexible disk, SRAM, EEPROM, memory card or the like as a recording medium.
Each function of the server 2 or the information storage device 3 can be executed by installing the program recorded in the memory in the computer and causing the CPU to execute the program, or by causing the CPU to read and execute the program from the memory. .

In each of these embodiments, the information management system maintains the security of confidential information held in the information management system in the company, while an outside person can be specified at a specific time set in advance in the information management system. Easy access to information available only from the location. Therefore, even for those who do not have access rights to use this information management system, only the place and time zone set in advance will disclose private information in the same way as those who have access rights. Can do.
The organization (group) that uses this information management system has been described as a “company” for convenience. However, regardless of the form of the organization, various companies, government offices, schools, hospitals, and other organizations (groups) ) Or a group.

  The embodiment of the present invention has been described above, but the specific configuration, processing content, numerical data, and the like of each unit are not limited to those described in the embodiment. In addition, the configuration of each embodiment described above can be added, changed, or partially omitted as appropriate, and can be implemented in any combination as long as there is no contradiction.

For example, the function of the disclosure possible condition presentation unit 20 shown in FIG. 2 may be provided on the server 2 side. Further, the function of each unit of the information storage device 3 may be provided in the server 2.
Furthermore, the function of each unit shown in FIG. 2 may be realized in one device as shown in FIG. 6, or the function of each arbitrary unit in a system composed of a plurality of devices. You may make it implement | achieve by assigning to each.

In the above-described embodiment, the case where the use positions of the terminal devices such as the notebook PCs 6 and 8 and the portable information terminal 7 used by the user are specified according to the place where the access points 4 and 5 are installed has been described.
However, the terminal devices themselves such as the notebook PCs 6 and 8 and the portable information terminal 7 may have a GPS function, for example, and may provide the server 2 with location information of each terminal device. If it does so, the positional information for specifying the location of the terminal device which made the access request will become more accurate.

Furthermore, if it is desired to further limit the range to the user in addition to the location and time at which disclosure is possible, some authentication means may be used as necessary.
For example, if you take a picture of the inside of a room, building, etc. so that people in the place can be identified based on that picture, it will be non-existent if there are no people in the company. It is also possible to make it public.
Further, in a scheduled meeting or the like, when there are more people than the number of people registered in advance as a participant, a method of making it private is also conceivable.

1: Information management system 2: Server 3: Information storage device 4, 5: Access point 6, 8: Notebook PC 7: Portable information terminal 9: Network 10: Access request reception unit 11: Open range determination unit 12: Current time acquisition Unit 13: Location information acquisition unit 14: Information transmission unit 20: Disclosure condition presentation unit 21: Information storage unit 22: Disclosure time storage unit 23: Disclosure position storage unit 24: Position information storage unit

JP 2009-169808 A

Claims (8)

An information management system for managing access to information set with access restrictions stored in an information storage device,
A receiver for requesting access to the information and receiving an access request having location information of the transmission source;
An access permission / rejection determination unit that determines permission / refusal of access to the information by the access request from the transmission source based on position information included in the access request received by the reception unit and a time when the access request is received; An information management system comprising: In the information management system according to claim 1,
An information management system comprising: a storage unit storing a relationship between location information of an access request transmission source for information stored in the information storage device and access permission time.   The storage unit stores, for each of a plurality of pieces of information set with the access restriction, stored in the information storage device, the relationship between the location information of the transmission source of the access request and the access permission time. The information management system according to claim 2, wherein the system is an information management system.   The access permission determination unit includes a relationship between position information included in the access request received by the reception unit and a time when the access request is received, and position information of a transmission source of the access request stored in the storage unit. 4. The information management system according to claim 2, wherein whether or not access to the information by the access request from the transmission source is permitted is determined based on a relationship with an access permission time.   The access permission / rejection determination unit includes both the location information included in the access request received by the reception unit and the time when the access request is received as the location information of the transmission source of the access request stored in the storage unit. 4. The information management system according to claim 2, wherein access to the information by the access request from the transmission source is permitted only when the relationship with the access permission time is matched. An information management device that manages access to the information in a storage device that stores information in which access restrictions are set according to location information and time,
A receiver for requesting access to the information and receiving an access request having location information of the transmission source;
An access permission / rejection determination unit that determines permission / refusal of access to the information by the access request from the transmission source based on position information included in the access request received by the reception unit and a time when the access request is received; An information management apparatus comprising:   The access permission / rejection determination unit includes position information included in the access request received by the reception unit, a time when the access request is received, position information and time set in the information stored in the information storage device, The information management apparatus according to claim 6, wherein access permission by the transmission source is checked to determine whether or not access to the information is permitted according to the access request from the transmission source. A program for causing a computer to function as an information management device that manages access to the information in an information storage device that stores information in which access restrictions are set according to location information and time,
In the computer,
A receiving function for requesting access to the information and receiving an access request having location information of the transmission source;
An access permission / rejection determination function for determining permission / refusal of access to the information by the access request from the transmission source based on position information of the access request received by the reception function and a time at which the access request is received; A program to realize

Images