JP2016038618A - Access control apparatus, access control method, and access control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the risk of information leakage.SOLUTION: An information management level is determined from a score of a file stored in a file server 21. An unlimited authorized user is specified on the basis of the determined information management level and an information category given to the file. When a person who accesses the file is the unlimited authorized user, the access to the file is permitted. A score updating section 15 reduces the score of the file so as to limit the access to the file in accordance with the time that has elapsed after the file is stored in the file server 21. An access to information having a value decreased due to the lapse of time is limited, thereby reducing the risk of information leakage from information which has been left and poorly managed.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a technique for managing information.

  The amount of information of digital data managed by companies is increasing year by year, and there is a growing concern about information leakage.

  Normally, information leakage is prevented by setting access rights to files and managing employees who can access information. For example, in Patent Document 1, access authority is determined based on the location of a client terminal that accesses data.

JP 2013-214219 A

  As the amount of information of digital data increases, data without access history is often left unattended. Data that has not been accessed and left is insufficiently managed, and when an intruder uses an employee as a stepping stone, information may be leaked from the data.

  The present invention has been made in view of the above, and an object thereof is to reduce the risk of information leakage.

  An access control device according to a first aspect of the present invention is an access control device for controlling access to a file stored in a file storage device, the score holding means for holding a score indicating the information value of the file, An access control means for restricting access to the file based on the score, and a score held by the score holding means is updated so that access is more restricted as time passes after the file is stored. And a score updating means.

  In the access control device, even when the access control means restricts access to the file based on the score, when the approval is obtained from the approver according to the score, the access control means The access is permitted.

  An access control method according to a second aspect of the present invention is an access control method by a computer for controlling access to a file stored in a file storage device, wherein the score indicating the information value of the file held by the score holding means is used. A step of restricting access to the file based on, and a step of updating a score held by the score holding means so that access is more restricted as time passes after the file is stored. It is characterized by having.

  In the access control method, in the step of controlling access to the file, even when the access to the file is limited based on the score, approval is obtained from an approver according to the score. Is characterized by permitting access to the file.

  An access control program according to a third aspect of the present invention is characterized in that a computer is operated as each means of the access control device.

  According to the present invention, it is possible to reduce the risk of information leakage.

It is a functional block diagram which shows the structure of the information management system in this Embodiment. It is a figure which shows the example of the information management policy used by this Embodiment. It is a figure which shows a mode that access group ID is set according to the structure of an organization. It is a figure which shows a mode that access group ID is set for every project. It is the graph which showed the change of the score with progress of time. It is a flowchart which shows the flow of the process which stores a file. It is a figure which shows the example of file list information. It is a flowchart which shows the flow of the process which controls access to a file. It is a flowchart which shows the flow of the prior approval process of the access to a file. It is a figure which shows the example of approver information. It is a figure which shows the example of an access list.

  The present invention reduces the value of information over time and restricts access to information that has become low in value, thereby reducing the risk of information leakage from information that has been left unmanaged and insufficiently managed. This is a technology to reduce the amount. It also provides a mechanism for restricting access authority to information with restricted access under the approval of the council. Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a functional block diagram showing the configuration of the information management system in the present embodiment. The information management system shown in FIG. 1 includes a file storage unit 11, an access control unit 12, an access control information generation unit 13, a pre-approval processing unit 14, a score update unit 15, a file server 21, a file list information storage unit 22, A setting information storage unit 23, an access list file 24, and an approver information storage unit 25 are provided. Each unit included in the information management system may be configured by a computer including an arithmetic processing device, a storage device, and the like, and the processing of each unit may be executed by a program. This program is stored in a storage device included in the information management system, and can be recorded on a recording medium such as a magnetic disk, an optical disk, or a semiconductor memory, or provided through a network.

  The file storage unit 11 receives a read-only file from the file creator, encrypts the file and stores it in the file server 21, and includes a score indicating the information value of the file, an information classification indicating the confidential level of the file, and the like The list information is stored in the file list information storage unit 22. The score is calculated based on the attribute of the file, the type of operation performed during file creation, and the access frequency during file creation. Although the score varies during the creation of the file, the score when the file creator makes the file a read-only file such as a PDF file is stored in the file list information storage unit 22 as the initial score of the read-only file. The information classification is assigned to the file in accordance with information security management defined in each organization. For example, information category A = customer information, employee information, etc. that are expected to have a significant impact on information leakage, information category B = strict management is required, and the person in charge who is directly related to the content of the information Information that should not be known to anyone other than the above, information category C = information other than the above two categories, and information that should not be disclosed to anyone other than employees.

  In response to an access request for the file stored in the file server 21, the access control unit 12 determines whether the file access person can access the file unconditionally, whether the file access needs to be discussed, or whether the file cannot be accessed. A determination is made based on the access control information obtained from the access control information generation unit 13, and the access to the file is controlled. If it is necessary to negotiate for access to the file, refer to the access list file 24 that describes the prior application / approval status, determine whether approval has been obtained from all approvers in advance, Check the file name and allow access to the file.

  The access control information generation unit 13 obtains the information management level of the file from the score of the file and the score band information stored in the setting information storage unit 23, the obtained information management level, the information classification assigned to the file, and the setting information An unconditionally accessible target person and an accessible target person that needs to be discussed are specified from the information management policy stored in the storage unit 23. In addition, the access control information generation unit 13 obtains approver information generated by the pre-approval processing unit 14 to be described later on a matter that needs to be negotiated for file access, creates an access list describing whether access is permitted, Write to the access list file 24.

  The score band information is information in which an information management level is associated with each score. For example, when the score range is 0 to 100, the score 0 to 30 is the management level 1, the scores 31 to 70 are the management level 2, and the scores 71 to 100 are the management level 3. The higher the information management level, that is, the lower the score, the more unconditionally accessible users are limited.

  The information management policy is information that defines a person who becomes an approver when a discussion with an unconditionally accessible target person is required for each information management level and information category. FIG. 2 shows an example of the information management policy in the present embodiment. In the present embodiment, the information management level is classified into three stages of 1 to 3, and the information classification is classified into three, A, B, and C. If the information management level and information classification of the file are known, the unconditionally accessible target person, the accessible target person that needs to be negotiated, and the approver can be known from the information management policy. When the file access person corresponds to an unconditionally accessible target person of the information management policy specified by the information management level and information classification of the file, the file access person can access the file unconditionally. Even if the file access person does not correspond to an unconditionally accessible target person, if the file can be accessed, the file access person becomes an accessible target person that needs to be discussed. Whether or not the file can be accessed is determined by the information classification of the file. Specifically, in the example of FIG. 2, the file access person who is not the manager belongs to the same department as the creator of the file of the management level 2 and the information category B, but does not belong to the same person in charge (see FIG. 2). In the example of 2, department → department → charge → line and organization are configured), which is not an unconditionally accessible target person, but an accessible target person that needs to be discussed. The approver of the council becomes the direct manager of the file accessor, the direct manager of the file creator, and the general manager of the file creator.

  In this embodiment, since it is determined whether or not it corresponds to an unconditionally accessible target person according to the affiliation of the file creator and the affiliation of the file accessor, as shown in FIG. To generate an access group ID. In the example of FIG. 3, the access group ID in charge is 11216. By comparing the access group ID of the file creator and the access group ID of the file accessor, it can be determined whether it is an unconditionally accessible target person or an accessible target person that needs to be discussed. For example, when an employee in the same department as the file creator is an unconditionally accessible person, whether or not the file created by the file creator whose access group ID is 11215 can be unconditionally accessed is determined by file access It is sufficient to check whether the access group ID of the user corresponds to 1112 ** (* indicates any number).

  Alternatively, as another example of setting an access group ID, an access group ID may be set for each project as shown in FIG.

  The pre-approval processing unit 14 accepts an application for access to a file stored in the file server 21 from a file access person who is an accessible target person who needs to be discussed, and refers to the information management policy to manage information on the file. Approvers are determined according to the level and information category, and access approval is obtained from the approver. The obtained approval status is stored in the approver information storage unit 25. When approval is obtained from all approvers, the access control information generation unit 13 creates an access list from the approval status. If the superior ID of each department, department, or person in charge is stored in the setting information storage unit 23, it can be used when an approver is determined.

  The score updating unit 15 updates the score described in the file list information according to the elapsed time since the read-only file is stored. FIG. 5 is a graph showing the change in score over time. The time when a new file is created is set to zero. The time when the editing of the file is completed and the file is read-only and stored in the file server 21 is t1. The file is being edited from time 0 to t1. While editing a file, a score is calculated based on the file extension and the frequency of access to the file. The score at time t1 is recorded in the file list information as the initial score of the read-only file. The score update unit 15 decreases the score of the read-only file with the passage of time. The lower the score, the more restricted access to read-only files. In the present embodiment, three score bands are provided, and an access group that can be accessed unconditionally for each score band is set. Note that the score update unit 15 may perform the score update process as a batch process once a day.

  Next, the operation of the information management system in the present embodiment will be described.

  FIG. 6 is a flowchart showing a flow of processing for storing a file.

  The file creator transmits the created file as a read-only file such as a PDF file to the file storage unit 11 and inputs an information classification and a storage period of the read-only file (step S11). The organization code (access group ID) of the file creator, the input information classification and the storage period are described in the file list information. Further, the current time is set as the management start time, and the management end time is obtained from the management start time and the storage period and described in the file list information.

  Then, the score at the time of file editing is inherited and recorded in the file list information (step S12). Or you may set a score arbitrarily according to the information value of a file.

  FIG. 7 shows an example of file list information. The file list information includes information such as file attributes. In the example of FIG. 7, information particularly relevant to the information management system includes the creator's organization code, information classification, management start time, storage period, management end time, and encryption key.

  Then, the file storage unit 11 generates an encryption key, encrypts the received read-only file, and stores it in the file server 21 (step S13). The encryption key is recorded in the file list information.

  Next, processing for controlling access to a file will be described.

  FIG. 8 is a flowchart showing a flow of processing for controlling access to a file.

  When the information management system receives an access request for a file stored in the file server 21 from a file accessor, first, an information management level is obtained from the score of the target file (step S21).

  And it is determined whether it is an unconditionally accessible target person from the information management level and the information classification given to the target file (step S22). If the file access person corresponds to an unconditionally accessible target person (YES in step S22), the target file is decrypted and access is permitted (step S26).

  If the file access person is not an unconditionally accessible target person (NO in step S22), it is determined whether or not the file access person is an accessible target person that needs to be discussed (step S23). Whether or not it can be accessed if there is a discussion is determined for each information category. For example, an administrator in the same department as the file creator for the file of information category A, an employee in the same department as the creator of the file for the file of information category B, and all employees for the file of information category C If there is, you can access it.

  If the file access person is not an accessible target person that needs to be discussed (NO in step S23), access to the target file is rejected (step S27).

  When the file access person corresponds to an accessible target person that needs to be discussed (YES in step S23), the access list file 24 is referred to and it is determined whether there is prior application / approval (step S24).

  If there is no prior application / approval (NO in step S24), access to the target file is denied (step S27).

  If there is prior application / approval (YES in step S24), the identity of the file accessor is confirmed by the user ID of the file accessor, the desired access date, and the encryption key (step S25). By confirming the identity by using an access key based on the user ID, the desired access date, and the encryption key, access from the user who obtained the access key illegally is rejected.

  If the identity cannot be confirmed (NO in step S25), access to the target file is denied (step S27).

  If the identity is confirmed (YES in step S25), the target file is decrypted (step S26).

  Next, the pre-approval process for accessing the file will be described.

  FIG. 9 is a flowchart showing a flow of pre-approval processing for access to a file.

  When receiving a file access application from a file access person (step S31), the pre-approval processing unit 14 obtains an information management level from the score of the target file (step S32), and assigns it to the obtained information management level and the target file. The approver is identified based on the information classification (step S33), and the approval request is notified to the approver (step S34). The access application includes the user ID of the file accessor, the access group ID, the access file name to be accessed, and the desired access date. The prior approval processing unit 14 creates approver information based on the received access application, and stores it in the approver information storage unit 25. FIG. 10 shows an example of the approver information.

  The prior approval processing unit 14 determines whether approval is obtained from the approver (step S35).

  When approval is denied from the approver and when approval is not obtained from all the approvers by the desired access date (NO in step S35), the denial result is written in the approver information storage unit 25 (step S39).

  When approval is obtained from the approver (YES in step S35), the obtained approval result is written in the approver information storage unit 25 (step S36).

  It is determined whether or not approval has been obtained from all the approvers (step S37). If approval has not yet been obtained from all the members (NO in step S37), the process returns to step S35 and waits for an approval result.

  If approval is obtained from all members (YES in step S37), an access key based on the user ID, access date, and encryption key is generated and paid out to the file accessor (step S38). The access control information generation unit 13 acquires the approver information, generates an access list, and stores the access list in the access list file 24. FIG. 11 shows an example of an access list. The access list holds access key information in addition to the approver information. The access control unit 12 confirms that the access has been approved and the identity of the file accessor by referring to the access list when the file accessor accessing the file is an accessible target person who needs to consult. To do.

  As described above, according to the present embodiment, the information management level is obtained from the score of the file stored in the file server 21, and unconditional access is possible from the obtained information management level and the information classification assigned to the file. The target person is specified, and when the file access person is an unconditionally accessible target person, access to the file is permitted. Further, the score update unit 15 has elapsed since the file was stored in the file server 21. By reducing the file score so that access is more restricted depending on the time, access to information that has become less valuable over time is restricted, and information from information that has been left unmanaged and poorly managed The risk of leakage can be reduced.

  According to the present embodiment, even if the file access person does not correspond to an unconditionally accessible target person, it is limited by obtaining approval in advance from the approver determined by the information management level and information classification of the file. Files can be accessed automatically.

DESCRIPTION OF SYMBOLS 11 ... File storage part 12 ... Access control part 13 ... Access control information generation part 14 ... Pre-approval process part 15 ... Score update part 21 ... File server 22 ... File list information storage part 23 ... Setting information storage part 24 ... Access list file 25. Approver information storage unit

Claims (5)

An access control device for controlling access to a file stored in a file storage device,
Score holding means for holding a score indicating the information value of the file;
Access control means for restricting access to the file based on the score;
Score updating means for updating the score held by the score holding means so that access is more restricted according to the passage of time since storing the file;
An access control device comprising:   The access control means permits access to the file when approval is obtained from an approver according to the score, even when access to the file is restricted based on the score. The access control apparatus according to claim 1. An access control method by a computer for controlling access to a file stored in a file storage device,
Restricting access to the file based on a score indicating the information value of the file held by the score holding means;
Updating the score held by the score holding means so that access is more restricted according to the passage of time since storing the file;
An access control method comprising:   In the step of controlling access to the file, even when access to the file is restricted based on the score, when approval is obtained from an approver according to the score, 4. The access control method according to claim 3, wherein access is permitted. An access control program that causes a computer to operate as each means of the access control apparatus according to claim 1.

Images