JP2015026187A - Management system, management device, and computer program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a management system configured to prevent leakage of confidential information more reliably.SOLUTION: A management system includes: a data processing unit 8 which performs copy processing for copying data in a copy source to a copy destination; and a determination unit 14 which compares a first confidential level set in the copy source with a second confidential level set in the copy destination when detecting start of the copy processing, to determine whether the copy processing is executed. The first and second confidential levels include multiple kinds of confidential levels set for each of multiple kinds of attributes set based on the content of the copy source and the copy destination. The determination unit 14 determines whether the copy processing is executed on the basis of each of the multiple kinds of confidential levels.

Description

  The present invention relates to a management system, a management apparatus, and a computer program for managing files processed by a computer or the like.

  In companies and the like, technical or business information useful for business activities such as trade secrets is often created and edited using application software such as a word processor or spreadsheet software installed in a computer.

  Documents created by the above application software are usually stored on a computer as files or data, but are shared on the network, re-edited by someone other than the creator, or another person can create another document. In some cases, the contents of the document are diverted as they are, and files and data that should be managed confidentially may be handled by a plurality of persons and leaked to the outside.

  For this reason, in order to manage files and data handled by the computer, when setting the secret level for each file and copying the data contained in the copy source file to the copy destination, the copy source secret level and the copy The past secret level is compared, and as a result, if there is a possibility of leakage in the copied data, the pasting is restricted (for example, see Patent Document 1).

JP 2009-26294 A

In the management method according to the above conventional example, the secret level is uniformly set regardless of the content and category of the document.
For this reason, even within the same category, even a document file whose contents are restricted from being pasted to other documents because it is set to a relatively high secret level, it is different between different categories. In the comparison, there are cases where pasting is allowed.

  In the above case, if data with a completely different category that is not normally pasted to the document file to be edited is pasted due to a mistake in the editing operator, etc., it is secretly managed because of this. There are cases where confidential information and data that should be leaked may occur. It is also assumed that information is intentionally leaked by pasting and editing document contents between files of different categories.

  This invention is made | formed in view of such a situation, and it aims at providing the technique which can suppress the leakage of secret information more reliably.

  The present invention is a management system for managing data, a data processing unit that performs a copy process for copying data at a copy source to a copy destination, and a first set as the copy source when the start of the copy process is detected. A first determination unit that compares one secret level with a second secret level set in the copy destination and determines whether or not the copy process can be performed, and the first and second secret levels include the copy Including a plurality of types of secret levels set for each of a plurality of types of attributes set based on the contents of the original and the copy destination, wherein the first determination unit performs the copy based on each of the plurality of types of secret levels It is determined whether the process can be executed.

  In addition, the present invention is a management device that manages data, and a data processing unit that performs a copy process for copying copy source data to a copy destination, and is set as the copy source when the start of the copy process is detected. A determination unit that compares the first secret level with the second secret level set in the copy destination and determines whether or not the copy process can be performed, wherein the first and second secret levels include the copy A plurality of types of secret levels set for each of a plurality of types of attributes set based on the contents of the original and the copy destination, and the determination unit performs the copy process based on each of the plurality of types of secret levels. It is determined whether or not execution is possible.

  According to another aspect of the present invention, there is provided a program for causing a computer to manage data, the step of detecting the start of a copy process in which the computer copies the copy source data to the copy destination, and the start of the copy process. A determination step of comparing the first secret level set at the copy source with the second secret level set at the copy destination to determine whether the copy process is possible, The first and second secret levels include a plurality of types of secret levels set for each of a plurality of types of attributes set based on the contents of the copy source and the copy destination, and the determination step includes the plurality of types This computer program determines whether or not to execute the copy process based on each secret level.

  According to the present invention, leakage of secret information can be suppressed more reliably.

It is a figure which shows the management system which concerns on one Embodiment. (A) is a block diagram which shows the functional structure of a management server, (b) is a block diagram which shows the functional structure of a terminal device. It is a figure which shows an example of a file information database. It is a flowchart which shows the process by a terminal control part. It is a flowchart which shows the process regarding the new creation process performed when the specified event is a new creation process. It is a flowchart which shows the process regarding a read process performed when the specified event is a read process. It is a flowchart which shows the process regarding a copy process performed when the specified event is a copy process. It is a flowchart which shows the process regarding a copy process based on other embodiment.

[Description of Embodiment of Present Invention]
First, the contents of the embodiments of the present invention will be listed and described.
(1) A management system for managing data according to an embodiment of the present invention detects a data processing unit that performs a copy process for copying copy source data to a copy destination, and detects the start of the copy process. A first determination unit that compares the first secret level set to the original with the second secret level set to the copy destination and determines whether or not the copy process is possible, and includes the first and second The secret level includes a plurality of types of secret levels set for each of a plurality of types of attributes set based on the contents of the copy source and the copy destination, and the first determination unit includes each of the plurality of types of secret levels. Based on the above, it is determined whether or not the copy process can be executed.

  According to the management system configured as described above, since the first and second secret levels include a plurality of types of secret levels set for each of a plurality of types of attributes, the first determination unit has different attributes. The secret level can be determined for each different attribute without being determined uniformly. For this reason, it is possible to suppress copying of data in which a secret level of a certain attribute is set relatively high to other data based on the result of comparison with a secret level of a different attribute. As a result, leakage of secret information can be suppressed more reliably.

(2) The first determination unit compares the plurality of types of secret levels included in each of the first and second secret levels for each of a plurality of types, and any one of the plurality of types of secret levels is included. When the first secret level is high, it is preferable that the copy process is rejected.
In this case, data having a relatively high secret level in a certain attribute can be effectively suppressed from being copied to other data.

(3) If the copy source data is copied to the copy destination by the copy processing, the secret level of the copy destination may change.
For this reason, in the management system, the second secret level after the data is copied to the copy destination based on the content of the data of the copy source copied to the copy destination is set to the value before the copy processing. A second determination unit for determining whether or not the copy process can be performed based on the second secret level after the copy process calculated before the copy process after the determination by the secret level setting unit and the first determination unit And a determination unit.
In this case, even if the secret level of the copy destination varies due to the copy process, the second secret level after the copy process is obtained before the copy process, so that the copy process based on the changed secret level is executed. It is possible to appropriately determine whether or not.

(4) In addition, the management apparatus that manages data according to the embodiment of the present invention detects a data processing unit that performs a copy process of copying copy source data to a copy destination, and the start of the copy process. A first determination unit that compares the first secret level set as the copy source with the second secret level set as the copy destination and determines whether or not the copy process is possible; and The second secret level includes a plurality of types of secret levels set for each of a plurality of types of attributes set based on the contents of the copy source and the copy destination, and the first determination unit includes the plurality of types of secret levels. Whether or not to execute the copy process is determined based on each secret level.

(5) A program for causing a computer to manage data, which is an embodiment of the present invention, detects the start of a copy process in which the computer copies the copy source data to the copy destination, and the copy When the start of the process is detected, a determination step for comparing the first secret level set for the copy source with the second secret level set for the copy destination to determine whether or not the copy process is possible, and the determination A control step for controlling the copy process according to a determination result of the step, wherein the first and second secret levels are set based on the contents of the copy source and the copy destination Includes multiple types of secret levels set for each type of attribute,
The determination step determines whether or not the copy process can be executed based on each of the plurality of types of secret levels.

  According to the management device and the computer program configured as described above, leakage of secret information can be more reliably suppressed as described above.

[Details of the embodiment of the present invention]
Hereinafter, preferred embodiments will be described with reference to the drawings.
[1. Overall system configuration
FIG. 1 is a diagram illustrating a management system according to an embodiment. The management system 1 includes a management server 2 and a plurality of terminal devices 3. The management server 2 and the plurality of terminal devices 3 are communicably connected to each other via a network such as a LAN.

  The management server 2 and the terminal device 3 are configured by a computer that can execute a computer program, and each executes a storage unit (not shown) such as a hard disk or a memory in which the computer program is stored, and the computer program. And a calculation unit (not shown) such as a CPU.

In addition to the operation system necessary for the operation of the management server 2, a file management program 2a is installed in the management server 2. The management server 2 has a function of managing information related to the document file processed by the terminal device 3 in the management system 1 by the file management program 2a.
The management server 2 can always update the information regarding the document file to the latest state according to the creation and editing of the document file by the terminal device 3 in the management system 1.

Here, the file is a group of data that can be handled by a computer program such as the above-described operation system or an application software program such as a word processor, and the computer program handles data in units of files.
The document file is a file including data created by using an application software program for business or technical document information used in a company. Therefore, the data included in the document file is business or technical document information whose contents are used in the company.
Further, as a document file processed by the terminal device 3, each terminal device 3 is stored in the terminal device 3 other than the own device or the management server 2 in addition to the file stored in the storage unit of the own device. Files that are included.

In addition to the operation system necessary for the operation of the terminal device 3, an application software program for creating and editing document files, for example, a word processor, a text editor, spreadsheet software, etc. is installed in each terminal device 3. Yes.
Each terminal device 3 is installed with a terminal control program 3a for realizing a function of performing control when the terminal device 3 processes a file.

  When each terminal device 3 executes data processing such as creating and editing a document file by a software program for creating and editing the document file, etc., the terminal device 3 transmits information related to the document file subjected to the data processing to the management server 2. To do.

  The management server 2 that has received the information related to the document file subjected to data processing stores and manages this information, thereby managing the information related to the document file that each terminal device 3 processes.

[2. About the management server)
FIG. 2A is a block diagram showing a functional configuration of the management server 2. The management server 2 includes a file information management unit 5 and a file information database 6 as functional units realized by the file management program 2a.
When the file information management unit 5 of the management server 2 receives information (file information) related to the document file transmitted when each terminal device 3 executes data processing, the file information management unit 5 registers the registered content in the file information database 6 and the registered contents. It is updated as needed to manage file information related to document files that each terminal device 3 processes.

  The file information management unit 5 also has a function of transmitting file information to the terminal device 3 in response to a request from each terminal device 3.

FIG. 3 is a diagram illustrating an example of the file information database 6. In the figure, in the file information database 6, as file information, file ID, creation date, creation user, file name, storage location, editing history, and document file contents are registered in association with each other.
As document files registered in the file information database 6, as described above, in addition to the document files stored in the storage unit of each terminal device 3, other terminal devices 3 other than the device itself, The document file stored in the management server 2 is also included.

  The file ID is unique identification information set in the document file processed by each terminal device 3. When the document file is newly created and registered in the file information database 6 for the first time, the file ID is managed by the file information management unit 5. Assigned. With this file ID, the document file can be specified even if the file name or the like is changed.

As the creation date and time, the date and time when the target document file is newly created by the terminal device 3 is registered.
The creation user registers information for identifying the user of the terminal device 3 that newly created the target document file.

As the file name and storage location, the current file name and storage location of the target document file are registered.
In the editing history, the contents, the editing date and time, and the like when editing processing such as addition, modification, deletion, and pasting of the contents is registered as the history.

The document file content is registered as information indicating the content of the document file including the category and the document content.
As shown in FIG. 3, the category is set with a name indicating a general content such as a contract, a design document, and a contract document. Each document file has a category that matches the content, and each category is set for each category. be registered.
The document content is registered with information that can specify the content of the target document file, for example, the title of the document.

Furthermore, the accounting secret level and the development secret level are registered in the file information database 6 in association with the above information.
The accounting secret level and the development secret level are values indicating the degree to which the secret of the document file to be set is to be maintained, and are represented, for example, in 11 stages from “0” to “10”.

The accounting secret level is a value that is set based on the degree of secrecy when the category of the document file to be set and the contents of the document file are evaluated as accounting-related documents.
The development secret level is a value that is set based on the degree of secrecy when the category of the document file to be set and the content of the document file are evaluated as a document related to technology development.

  As shown in the figure, when the “dispatch contract” is evaluated as an accounting-related document, the accounting secret level is set to the highest “10”. However, when the document is evaluated as a technology development related document, the content related to the technology development is not described, so the development secret level is set to the lowest “0”.

On the other hand, since the “module design document” does not describe contents related to accounting when evaluated as an accounting-related document, the accounting secret level is set to the lowest “0”.
However, when evaluated as a technical development-related document, the content is technical information that should not be leaked to the outside, so the development secret level is set to “9”, which is a relatively high level.

Further, since the “module design rule” does not describe contents related to accounting when evaluated as an accounting-related document, the accounting secret level is set to the lowest “0”.
When evaluated as a technical development-related document, the content is a rule compared to the “module design document”, so the probability of including technically important information is low, and the development secret The level is set to “5”, which is slightly lower than the “module design document”.

  As described above, in this embodiment, the secret level is set to a plurality of types of secret levels (accounting secrets) set for each of a plurality of types of attributes such as “accounting” set based on the contents of the document file and “technology development”. Level and development secret level).

  The management server 2 manages each document file as secret information by managing the file information database 6 in which the secret level of each document file is registered.

[3. About terminal devices]
FIG. 2B is a block diagram showing a functional configuration of the terminal device 3. The terminal device 3 includes a data processing unit 8 as a functional unit realized by a software program for creating and editing document files and the like.
The terminal device 3 also includes a terminal control unit 10 as a functional unit realized by the terminal control program 3a.

  The data processing unit 8 executes data processing such as creating a new document file or reading an existing document file and editing data included in the document file based on an input by the user of the terminal device 3.

  The terminal control unit 10 includes an event detection unit 11, a secret level setting unit 12, a file information processing unit 13, a determination unit 14, and a control unit 15.

  The event detection unit 11 has a function in which the data processing unit 8 detects execution of an event related to data processing such as new creation and editing of a document file. The event detection unit 11 is configured to acquire information indicating that from the data processing unit 8 when the data processing unit 8 attempts to start an event related to data processing of the document file. Thereby, the event detection unit 11 can detect the start of the event by the data processing unit 8.

When the event detection unit 11 detects the start of an event by the data processing unit 8, the event detection unit 11 gives information (event start information) indicating that to the secret level setting unit 12 and the file information processing unit 13.
The data processing related to the event detected by the event detection unit 11 includes a process for creating a new document file, a read process for editing an existing document file, and an input by a user for a currently read document file to be edited In addition to data input processing to add or delete the data that has been added, other document files other than the document file to be edited are read, and some or all of the data contained in the other document file is copied to the document file to be edited ( (Or move).

The secret level setting unit 12 has a function of obtaining and setting a secret level (an accounting secret level and a development secret level) for a part or all of data included in a document file to be processed by the data processing unit 8. Yes.
The secret level setting unit 12 grasps the content of the data included in the document file by reading part or all of the data included in the document file to be processed by the data processing unit 8, and based on the content of the data The secret level can be obtained by itself, or a display for accepting the input of the secret level setting by the user of the terminal device 3 can be output, and the secret level can be set based on the accepted secret level setting input. it can.

The secret level setting unit 12 can also obtain and set the secret level of the document file after being edited by a copy process, a data input process, or the like.
The secret level setting unit 12 reads the data temporarily stored in the storage unit of the terminal device 3 for data processing by the data processing unit 8 when obtaining the secret level by itself, and based on this, the secret level is set. Ask.
The data processing unit 8 performs data processing by temporarily holding a document file to be processed in a storage unit of the terminal device 3 such as a memory or a clipboard. Therefore, the secret level setting unit 12 reads the document file temporarily stored in the memory or clipboard by the data processing unit 8 and obtains the secret level.

  The secret level setting unit 12 obtains and sets a secret level for the target document file in accordance with the event start information from the event detection unit 11.

The file information processing unit 13 has functions related to processing of file information such as generation of file information to be transmitted to the management server 2. When the event start information is given from the event detection unit 11, the file information processing unit 13 generates file information and transmits it to the management server 2.
The file information processing unit 13 acquires information associated with the document file that is the target of data processing and information indicating the secret level that the secret level setting unit 12 determines and sets, and file information to be transmitted to the management server 2 Generate.

When the file information is given from the file information processing unit 13, the management server 2 refers to the file information database 6 and performs update based on the given file information as necessary. Further, the management server 2 returns the file information related to the event target document file registered in the updated file information database 6 to the terminal device 3.
The file information processing unit 13 of the terminal device 3 acquires the file information of the document file related to the reading process registered in the file information database 6 by the reply from the management server 2.

When the event detection unit 11 detects the start of the copy process, the determination unit 14 determines the secret level set in the copy source (to the document file) and the copy destination ( It has a function of comparing the secret level set in the document file) and determining whether or not to execute the copy process.
The control unit 15 has a function of controlling the data processing unit 8 according to the determination result of the determination unit 14.
The processes performed by the determination unit 14 and the control unit 15 will be described in detail later.

  Next, processing performed by the terminal control unit 10 when an event is detected by the data processing unit 8 performed in the terminal device 3 will be described.

[4. (Processing by terminal control unit)
FIG. 4 is a flowchart showing processing by the terminal control unit 10. The event detection unit 11 of the terminal control unit 10 always waits in a state where the start of the event by the data processing unit 8 can be detected (step S1), and determines whether the start of the event is detected (step S2).
If the start of the event by the data processing unit 8 is not detected, the terminal control unit 10
Continue to wait for the start of the event (step S1).

  On the other hand, if it is determined in step S2 that the start of the event has been detected, the terminal control unit 10 specifies data processing relating to the event to be started (step S3). The data processing related to the event to be started can be specified by event start information transmitted by the event detection unit 11.

When the event (related data processing) detected in step S3 is specified, the terminal control unit 10 executes processing according to the specified event (step S4).
In step SS4, when the execution of the process corresponding to the event is finished, the terminal control unit 10 returns to step S1 again. The terminal control unit 10 repeatedly executes the above steps S1 to S4.

The data processing unit 8 executes the data processing related to the event after the terminal control unit 10 finishes executing the process according to the event or in parallel with the execution of the process according to the event.
Next, processing for each event performed by the terminal control unit 10 will be described.

[4.1 Processing related to new creation processing]
FIG. 5 is a flowchart showing a process related to a new creation process that is executed when the identified event is a new creation process.

If the terminal control unit 10 determines that the event identified in step S3 in FIG. 4 is a new creation process, the terminal control unit 10 executes a process related to the new creation process shown in FIG.
The terminal control unit 10 first causes the secret level setting unit 12 to set both the accounting secret level and the development secret level for the newly created document file (step S11).
As described above, the secret level setting unit 12 can grasp the contents of the newly created document file and set the secret level by itself, or accepts input by the user of the terminal device 3 and accepts the received secret level. The secret level can also be set based on the input of the setting.

Next, the file information processing unit 13 of the terminal control unit 10 registers the file information such as the secret level of the newly created document file and the creation date and time of the document file in the file information database 6 shown in FIG. Among the information, information other than the file ID is acquired (step S12), and the acquired file information is transmitted to the management server 2 (step S13).
In the new document file creation process, the event detection unit 11 detects that a new document process has been started when the document file is newly created and is to be stored for the first time. The creation date and time of the file information database 6 is set to the date and time when the document file is stored for the first time.

The management server 2 that has received the file information associates the received information with the new file ID and registers it in the file information database 6 (step S14).
In addition, the management server 2 returns the file information obtained by adding the file ID to the received file information to the transmission source terminal device 3 (step S15).

Receiving this reply, the file information processing unit 13 of the terminal device 3 acquires the file information of the document file related to the new creation process registered in the file information database 6 (step S16), and ends the process.
In the process relating to the new creation process shown in FIG. 5, step S <b> 14 and step S <b> 15 are processes by the management server 2, and other processes are processes by the terminal control unit 10 of the terminal device 3.

[4.2 Processing related to read processing]
If it is determined that the event identified in step S3 in FIG. 4 is a read process, the terminal control unit 10 executes a process related to the read process.

  FIG. 6 is a flowchart illustrating a process related to a read process that is executed when the identified event is a read process.

First, the terminal control unit 10 specifies a part of file information such as the file name, storage location, and editing history (of which the last storage date / time) of the document file read by the data processing unit 8 to identify the document file. Information is transmitted to the management server 2 (step S21).
The management server 2 that has received the file name, storage location, and editing history of the document file refers to the file information database 6 and identifies the corresponding document file from the registered file information (step S22).
The management server 2 adds information other than the received information such as the file ID registered as the file information of the specified document file and the secret level to the received file name, storage location, and editing history of the document file. This is returned to the terminal device 3 (step S23).
The file information processing unit 13 that has received this reply acquires the file information of the document file related to the reading process registered in the file information database 6 (step S24).

  As described above, the file information processing unit 13 acquires the file information registered in the file information database 6 for the document file to be processed by the data processing unit 8.

  In the process related to the reading process shown in FIG. 6, step S <b> 22 and step S <b> 23 are processes performed by the management server 2, and other processes are processes performed by the terminal control unit 10 of the terminal device 3.

  The file information processing unit 13 and the management server 2 of the terminal device 3 exchange file information each time an event such as the above-described new creation process and read process is detected, and change of the document file is a file. The information database 6 is configured to be reflected. Thereby, the file information database 6 is managed so that the file information registered in the file information database 6 always has the latest content.

[4.3 Processing related to copy processing]
If it is determined that the event identified in step S3 in FIG. 4 is a copy process, the terminal control unit 10 executes a process related to the copy process.

FIG. 7 is a flowchart illustrating processing relating to copy processing that is executed when the identified event is copy processing.
As described above, the copy process is a process of copying (or moving) part or all of data included in another document file to the document file to be edited.
Here, the data processing unit 8 has already read a document file as a copy destination (copy destination document file) as a document file to be edited and a copy source document file (copy source document file) as another document file. The file information processing unit 13 of the terminal control unit 10 performs processing related to the reading process of the copy destination document file and the copy source document file, thereby obtaining the file information of each of the copy destination document file and the copy source document file. It is assumed that it is in an acquired state. That is, the file information processing unit 13 acquires the accounting secret level and the development secret level set for each of the copy destination document file and the copy source document file.

  If it is determined that the identified event is copy processing, the determination unit 14 of the terminal control unit 10 determines the accounting secret level (second secret level) set in the copy destination document file before the copy processing is executed, Whether the accounting secret level set in the copy source document file is equal to or higher than the accounting secret level set in the copy source document file by comparing the accounting secret level (first secret level) set in the copy source document file It is determined whether or not (step S31).

  If it is determined that the accounting secret level set in the copy destination document file is not equal to or higher than the accounting secret level set in the copy source document file, the determination unit 14 proceeds to step S32 and executes the copy process by the data processing unit 8 The control part 15 is made to perform the restriction | limiting process which is a process which restrict | limits (step S32). Thus, when step S31 is the above determination, the determination unit 14 restricts execution of the copy process and determines rejection.

  As the restriction process executed by the control unit 15, for example, the execution of the copy process by the data processing unit 8 is stopped, or in addition to the stop of the execution of the copy process, the copy process to be executed may cause information leakage. For example, a process of outputting the accompanying process to the user of the terminal device 3 can be given.

  If it is determined in step S31 that the accounting secret level set in the copy destination document file is equal to or higher than the accounting secret level set in the copy source document file, the determination unit 14 sets the development secret level set in the copy destination document file. (Second secret level) is compared with the development secret level (first secret level) set in the copy source document file, and the development secret level set in the copy destination document file is set in the copy source document file. It is determined whether or not the development secret level is exceeded (step S33).

  If it is determined that the development secret level set in the copy destination document file is not equal to or higher than the development secret level set in the copy source document file, the determination unit 14 proceeds to step S32 and performs a restriction process (step S32).

  If it is determined in step S33 that the development secret level set in the copy destination document file is equal to or higher than the development secret level set in the copy source document file, the determination unit 14 permits the data processing unit 8 to execute the copy process. (Step S34). The control unit 15 controls the copy processing by the data processing unit 8 to be executed in accordance with the permission of the copy processing of the determination unit 14.

  Next, the file information processing unit 13 transmits to the management server 2 information to be updated regarding the file information of the document file after the copy process, to the management server 2. Thereafter, by receiving the file information transmitted from the management server 2 after the update of the file information database 6, the file information processing unit 13 stores the file information of the document file to be processed that is registered in the file information database 6. Obtain (step S35).

  For example, in FIG. 3, when a document file whose document content is a dispatch contract document is a copy destination document file and a document file whose document content is a module design document is a copy source document file, first, in step S31, a dispatch contract document The accounting secret level of the copy destination document file is “10”, and the accounting secret level of the copy source document file that is the module design document is “0”. Since it is higher, the determination unit 14 proceeds to step S33.

  In step S33, the development secret level of the copy destination document file that is the dispatch contract is “0”, and the development secret level of the copy source document file that is the module design document is “9”. Since the development secret level of the document file is higher, the process proceeds to step S32, and execution of the copy process by the data processing unit 8 is restricted.

  In this case, the document file that is the dispatch contract has a high secret level as an accounting secret level, but has a low secret level as a development secret level. It is possible to prevent the document from being copied and to prevent information having a high development secret level from being copied to the dispatch contract and leaked to the outside.

  Also, in FIG. 3, when the document file whose document content is a module design document is a copy destination document file and the document file whose document content is a module design rule is a copy source document file, in step S31, it is a module design document. Since the accounting secret level of the copy destination document file and the accounting secret level of the copy source document file which is the module design rule are both “0”, in this case, the determination unit 14 proceeds to step S33.

  In step S33, the development secret level of the copy destination document file, which is a module design document, is “9”, and the development secret level of the copy source document file, which is a module design rule, is “5”. Since the development secret level of the document file is higher, the process proceeds to step S34, and execution of the copy process by the data processing unit 8 is permitted.

  According to the above configuration, the secret level is set for each of a plurality of types of attributes such as “accounting” and “technical development” set based on the contents of the document file. Since the development secret level is included, the determination unit 14 can determine the secret level for different attributes without uniformly determining the secret level over different attributes. For this reason, it is possible to suppress copying of data in which a secret level of a certain attribute is set relatively high to other data based on the result of comparison with a secret level of a different attribute. As a result, leakage of secret information can be suppressed more reliably.

  In the above embodiment, the determination unit 14 compares the plurality of types (two types) of secret levels set in the copy destination document file and the copy source document file for each of the plurality of types, and sets the plurality of types of secret levels. If any one of them has a high secret level (first secret level) set in the copy source document file, the execution of the copy process is rejected and the execution of the copy process is restricted. It is possible to effectively prevent data of a document file having a relatively high level from being copied to another document file.

[5. Regarding other embodiments]
FIG. 8 is a flowchart illustrating processing relating to copy processing according to another embodiment.
In the process related to the copy process of the above embodiment, the secret level set in the copy destination document file is compared with the secret level set in the copy source document file, and whether or not the copy process can be executed is determined based on the comparison result. Was judged.
On the other hand, in this embodiment, after the determination by comparing the secret level set in the copy destination document file with the secret level set in the copy source document file (steps S31 and S33 in FIG. 7), the copy level is further copied. A secret level of the processed document file is obtained, and based on the obtained secret level, whether or not the copy process can be executed is determined. This is different from the above embodiment.

  In FIG. 8, steps SS31 to S33 are the same as those in the above embodiment, and a description thereof will be omitted.

  If it is determined in step S33 in FIG. 8 that the development secret level set in the copy destination document file is equal to or higher than the development secret level set in the copy source document file, the secret level setting unit 12 of the terminal control unit 10 copies Before the process is executed, the accounting secret level and the development secret level of the copy destination document file after the copy process are obtained (step S41).

In other words, the secret level setting unit 12 of the present embodiment performs the secret level (second secret) of the copy destination document file after part or all of the data included in the copy source document file has been copied to the copy destination document file. The accounting secret level and the development secret level, which are levels), are obtained before executing the copy process.
More specifically, the secret level setting unit 12 reads the content of data included in the document file, specifies a keyword included in the data, and obtains a secret level based on the specified keyword.

The degree of contribution that contributes to the setting of the secret level is set for the keyword (secret management keyword) that should be secretly managed in advance. The secret management keyword and the degree of contribution are set for each of the accounting secret level and the development secret level.
The secret level setting unit 12 specifies a secret management keyword included in the copy destination document file after part or all of the data included in the copy source document file is copied to the copy destination document file.
The secret level setting unit 12 obtains the accounting secret level and the development secret level of the copy destination document file after the copy processing based on the specified secret management keyword.

When the secret level is obtained in step S41, the determination unit 14 determines whether or not the accounting secret level of the copy destination document file after the copy process is equal to or lower than a preset threshold Th1 (step S42). .
Here, the threshold value Th <b> 1 is set to the upper limit value of the accounting secret level that can be set according to the authority of the user of the terminal device 3.

If it is determined that the accounting secret level of the copy destination document file after the copy process is not equal to or less than the threshold value Th1, the determination unit 14 proceeds to step S32 and causes the control unit 15 to execute a restriction process (step S32) to copy. Restrict execution of processing.
In this case, since the accounting secret level of the copy destination document file after the copy processing is an accounting secret level that cannot be set depending on the authority of the user of the terminal device 3, execution of the copy processing is limited. .

If it is determined in step S42 that the accounting secret level of the copy destination document file after the copy process is equal to or less than the threshold Th1, the determination unit 14 determines that the development secret level of the copy destination document file after the copy process is Then, it is determined whether or not it is equal to or less than a preset threshold value Th2 (step S44).
Here, the threshold value Th <b> 2 is set to the upper limit value of the development secret level that can be set according to the authority of the user of the terminal device 3.

If it is determined that the development secret level of the copy destination document file after the copy process is not equal to or less than the threshold value Th2, the determination unit 14 proceeds to step S32 and causes the control unit 15 to execute a restriction process (step S32) to copy. Restrict execution of processing.
In this case, since the development secret level of the copy destination document file after the copy processing is a development secret level that cannot be set depending on the authority of the user of the terminal device 3, execution of the copy processing is limited. .

  If it is determined in step S44 that the development secret level of the copy destination document file after the copy process is equal to or less than the threshold Th2, the determination unit 14 permits the data processing unit 8 to execute the copy process (step S45). ). The control unit 15 controls the copy processing by the data processing unit 8 to be executed in accordance with the permission of the copy processing of the determination unit 14.

  Thus, in the present embodiment, the determination unit 14 compares the secret level (second secret level) set in the copy destination document file with the secret level (first secret level) set in the copy source document file. (Step S31 and S33 in FIG. 7), the secret level of the document file after the copy process is further obtained, and whether or not the copy process can be executed is determined based on the obtained secret level. (Steps S42 and S44 in FIG. 8).

  In other words, when the determination unit 14 of the present embodiment detects the copy process, the determination unit 14 compares the first secret level set as the copy source with the second secret level set as the copy destination, and determines whether or not the copy process is possible. A first determination unit is configured to determine whether or not the copy process can be performed based on the second secret level after the copy process obtained before the copy process after the determination by the first determination unit. 2 determination part is also comprised.

  When the copy process is permitted in step S45, the file information processing unit 13 transmits to the management server 2 information to be updated regarding the file information of the document file after the copy process. Thereafter, by receiving the file information transmitted from the management server 2 after the update of the file information database 6, the file information processing unit 13 stores the file information of the document file to be processed that is registered in the file information database 6. Obtain (step S46).

If the data processing unit 8 performs the copy process, a part or all of the data included in the copy source document file is included in the copy destination document file, so the secret level of the copy destination document file after the copy process varies. To do.
In this regard, in the present embodiment, the secret level (second secret level) of the copy destination document file after the copy process is obtained before the copy process, and the obtained secret level can be set by the authority of the user of the terminal device 3. If the secret level fluctuates within the range of the authority of the user of the terminal device 3, copy processing is permitted, and the secret level is the range of the authority of the user of the terminal device 3. When it fluctuates to the extent that it is outside, it is configured to limit the execution of the copy process.
Thereby, even if the secret level of the copy destination document file changes due to the copy process, it is possible to appropriately determine whether or not the copy process can be executed based on the secret level.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

DESCRIPTION OF SYMBOLS 1 Management system 2 Management server 2a File management program 3 Terminal device 3a Terminal control program 5 File information management part 6 File information database 8 Data processing part 10 Terminal control part 11 Event detection part 12 Secret level setting part 13 File information processing part 14 Determination Part 15 Control part

Claims (5)

A management system for managing data,
A data processing unit for performing copy processing for copying copy source data to a copy destination;
When the start of the copy process is detected, a first determination unit that compares the first secret level set as the copy source with the second secret level set as the copy destination and determines whether or not the copy process is possible And comprising
The first and second secret levels include a plurality of types of secret levels set for a plurality of types of attributes set based on the contents of the copy source and the copy destination,
The first determination unit is a management system that determines whether or not to execute the copy process based on each of the plurality of types of secret levels.   The first determination unit compares the plurality of types of secret levels included in each of the first and second secret levels for each of a plurality of types, and any one of the plurality of types of secret levels includes the first level. The management system according to claim 1, wherein, when one secret level is high, the rejection of the execution of the copy process is determined. A secret level setting unit for obtaining the second secret level after the data is copied to the copy destination based on the content of the data of the copy source to be copied to the copy destination before the copy processing;
A second determination unit that determines whether or not the copy process is possible based on the second secret level after the copy process obtained after the determination by the first determination unit and before the copy process; The management system according to claim 1 or 2. A management device for managing data,
A data processing unit for performing copy processing for copying copy source data to a copy destination;
When the start of the copy process is detected, a first determination unit that compares the first secret level set as the copy source with the second secret level set as the copy destination and determines whether or not the copy process is possible And comprising
The first and second secret levels include a plurality of types of secret levels set for a plurality of types of attributes set based on the contents of the copy source and the copy destination,
The first determination unit is a management device that determines whether or not to execute the copy processing based on each of the plurality of types of secret levels. A program for causing a computer to manage data,
Detecting the start of the copy process to copy the copy source data to the copy destination on the computer;
When detecting the start of the copy process, a determination step of comparing the first secret level set for the copy source with the second secret level set for the copy destination to determine whether the copy process is possible; Is a program that executes
The first and second secret levels include a plurality of types of secret levels set for a plurality of types of attributes set based on the contents of the copy source and the copy destination,
The determination step is a computer program for determining whether or not to execute the copy process based on each of the plurality of types of secret levels.

Images