JP2016130875A - File management device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a file management device capable of preventing illegal operation by a third person.SOLUTION: In a recording unit 10, files 12, 14 and more, an operation history table 16, and the like are recorded. User authentication means 2 performs authentication for a user. The system is designed so that files in the recording unit 10 cannot be accessed by anyone but an authenticated user. User operation content acquisition means 4 acquires operation content of a user and records the content in the operation history table 16. Operation trend extraction means 6 extracts an operation trend from the operation history of each user. When the file operation by the user is different from the extracted operation trend of the user by a predetermined degree or more, access inhibition means 8 inhibits the file operation by the user.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a file management apparatus for managing security of document files and the like.

  In order to prevent leakage of confidential documents, access authority is set for each file so that only those who have access authority can view it. However, if a person with access authority leaves the PC in use while logging in, there is a problem that a person without access authority can operate the file.

  In order to solve this problem, for example, a system has been proposed that automatically logs off if no keyboard or mouse operation is performed for a predetermined time after login. According to this system, it is possible to prevent other people from operating the PC even when they are away from their seats for a long time, and to maintain security.

  Further, in Patent Document 1, in a PC having a touch screen, the identity of the operator is always confirmed based on the fingerprint of the finger operating the touch screen. According to this system, it is possible to prevent a person other than the user from operating the PC and acquiring a document.

JP2010-93635A

  However, in a system that automatically logs off when there is no operation for a predetermined time after login, there is a problem that safety is lowered if the predetermined time is set longer. However, if the predetermined time is set short, there is a problem that even if the operation is slightly interrupted, re-login processing is necessary, and the burden on the operator increases.

  In addition, the prior art of Patent Document 1 has a problem that it can only be applied to a PC using a touch screen.

  The above problem is a problem that may occur not only when the user leaves his / her seat after logging in but also when a person other than the user performs an operation.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a file management apparatus that can solve the above-described problems and prevent unauthorized operations by persons other than the user.

  In the present invention, in order to solve any of the above problems, the following means are employed. Note that the following features can be independently employed.

(1) (2) A file management apparatus according to the present invention includes a file, an operation history table for recording an operation history table for recording a user's operation history, user authentication means for authenticating a user, and user's User operation content acquisition means for acquiring operation contents and recording them in the operation history table, operation trend extraction means for extracting operation trends based on each user's operation history recorded in the operation history table, and the user's operation contents However, it is provided with an access prohibiting means for prohibiting access to the file when it differs from the extracted main operation tendency.

  Therefore, it is possible to determine whether to refuse access to the file according to the past operation tendency of the user.

(3) In the file management apparatus according to the present invention, the operation tendency extraction means extracts an operation tendency based on the history of the file search operation of the user, and the access prohibition means includes a file search operation. The access to the file is prohibited when it differs from the main operation tendency.

  Therefore, when an abnormal file search is performed, access to the file can be prohibited.

(4) In the file management apparatus according to the present invention, the operation tendency extracting means acquires the average number of file searches per predetermined time of a plurality of users as an operation tendency, and the access prohibiting means is the user's predetermined time Access to the file is prohibited when the number of hit file searches is larger than the average number of file searches by a predetermined amount or more.

  Therefore, when an abnormal file search is performed, access to the file can be prohibited.

(5) In the file management apparatus according to the present invention, the operation tendency extracting means extracts the average number of browsing per day on the day the user has viewed the file in the past as an operation tendency, and the access prohibiting means is The access to the file is prohibited when the number of times that the user browses the file today is greater than or equal to the browsing average number of times.

  Therefore, if the number of file browsing times is abnormal, access to the file can be prohibited.

(6) (7) The file management apparatus according to the present invention includes a file, an access authority table indicating correspondence between each file and a department having access authority, and a business relation indicating a degree of business relevance between each user and each department. A recording unit that records a degree table, a user authentication unit that authenticates a user, a user operation content acquisition unit that acquires a user operation content related to the file, the access authority table, and the business relevance level table, Access that prohibits access to the file when the user has authority over the file that the user intends to browse through the operation and the business relevance level of the user does not exceed a predetermined value It has a prohibition means.

  Therefore, it is possible to prohibit access to a file that seems to be less relevant to the user.

(8) The file management device according to the present invention is characterized in that the file management device is configured as a server device, and the operation content of the user is transmitted from a terminal device capable of communicating with the server device. .

  Therefore, the present invention can be applied to a server / client system.

  In the embodiment, “user authentication means” corresponds to step S3.

  In the embodiment, “user operation content acquisition unit” corresponds to steps S1, S4, S7, S13, S24, S29, S32, S35, and the like.

  In the embodiment, “operation tendency extraction means” corresponds to steps S25, S29, S32, S35, and the like.

  In the embodiment, “access prohibiting means” corresponds to steps S9, S26, S30, S33, S36, and the like.

  The “program” is a concept that includes not only a program that can be directly executed by the CPU, but also a source format program, a compressed program, an encrypted program, and the like.

It is a functional block diagram of the file management apparatus by one Embodiment of this invention. This is a system configuration using a file management apparatus. It is a hardware configuration of a server apparatus. 5 is a flowchart of an operation management program 44. 5 is a flowchart of an operation management program 44. It is an example of the operation history table. 5 is a flowchart of an operation management program 44. 5 is a flowchart of an operation management program 44. It is an example of a trend analysis table. It is an example of an access authority table. It is an example of a business related table.

1. Functional Block Diagram of File Management Device FIG. 1 shows a functional block diagram of a file management device according to an embodiment of the present invention. In the recording unit 10, files 12, 14,..., An operation history table 16 and the like are recorded.

  The user authentication means 2 performs user authentication. In this system, only the authenticated user can access the file in the recording unit 10. The user operation content acquisition unit 4 acquires the user operation content and records it in the operation history table 16. The operation tendency extraction means 6 extracts an operation tendency from the operation history of each user.

The access prohibition means 8 prohibits the file operation when the file operation by the user this time is different from the extracted operation tendency of the user by a predetermined degree or more.

2. Hardware Configuration FIG. 2 shows a system configuration when a file management device is used as the server device 60. A database 40 is connected to the server device 60. In the database 40, files 12, 14... Are recorded. An operation history table 16 is also recorded.

  A terminal device 50 is connected to the server device 60 via a network. The user operates the terminal device 50 to access the database 40 via the server device 60.

  FIG. 3 shows a hardware configuration of the server device 60. A memory 32, a communication circuit 34, a hard disk 36, a DVD-ROM drive 38, and a database 40 are connected to the CPU 30.

  The communication circuit 34 is for communicating with the terminal device 50 via a network. An operating system 42 and a file management program 44 are recorded on the hard disk 36. The file management program 44 performs its function in cooperation with the operating system 42. These programs are those recorded on the DVD-ROM 48 and installed on the hard disk 36 via the DVD-ROM drive 38.

The hardware configuration of the terminal device 50 is the same as that of the server device 60. However, in the terminal device 50, a keyboard / mouse and a display are connected. The hard disk 36 stores a terminal program instead of the file management program 44.

3. Processing of File Management Program FIGS. 4 and 5 show flowcharts of the file management program. CPU30 receives operation performed in terminal unit 50 (Step S1). Next, the CPU 30 determines whether or not the received operation content is a login request (step S2).

  If it is a login request, it is determined whether or not the combination of “user ID” and “password” sent from the terminal device 50 is registered (step S3). If registered, the subsequent access is permitted, and if not registered, the subsequent access is denied (a login screen is transmitted again).

  The CPU 30 records in the operation history table 16 together with the user ID that the login operation has been performed (step S4). FIG. 6 shows an example of the operation history table 16. The user ID, operation content, operation time, operation interval, operation target, and the like are recorded. If it is a login operation, as shown in the second line, the operation time is recorded as the operation time together with the user ID, and the time since the user performed the previous login operation is recorded as the operation interval. When the recording is finished, the CPU 30 finishes the process for this operation and waits for the next operation.

  If it is not a login request, the CPU 30 determines whether it is a logout request (step S5). If it is a logout request, the CPU 30 executes logout processing (step S6). Further, the fact that a logout operation has been performed is recorded in the operation history table 16 together with the user ID (step S7). In the example of FIG. 6, recording is performed as in the first line. When the recording is finished, the CPU 30 finishes the process for this operation and waits for the next operation.

  If the operation content from the terminal device 50 is neither login nor logout, the CPU 30 determines from the previous operation time of the user (the time when any operation to be recorded in the history is performed) to the current operation time. It is calculated whether only the time has passed. In this case, the time from the previous logout to the current logout is not considered. That is, for the operation after logging in, the time from the previous operation to the current operation is calculated. This can be easily performed by referring to the operation history table 16.

  CPU30 judges whether this elapsed time is more than predetermined time (step S8). If it is longer than a predetermined time (for example, 30 minutes), the user is automatically logged out (step S9). Further, a login screen is transmitted to the terminal device (step S10). Therefore, when the user is away, it can be used by logging in again, and unauthorized use by a third party can be prevented.

  If the predetermined time has not elapsed, the CPU 30 determines whether the operation content is a search process for the files 12, 14... (Step S11). Here, the search process refers to a process for accessing the target file. For example, a process for searching for a file name, a search keyword attached to the file, the contents of the file, etc. using a character string, A process of searching for a file while following a folder tree (directory tree), a process of reaching a file by directly inputting a URL, and the like.

  If the operation content is a search process, the CPU 30 executes the search process (step S12). Further, this operation content is recorded in the operation history table 16 (step S13). For example, recording is performed as shown in the third, fifth, and seventh lines in FIG. At this time, the CUP 30 records the instructed directory in the operation target column in the case of a search using a folder tree. In the case of keyword search, the keyword is recorded. In the case of searching by URL, the URL is recorded.

  If the operation content is not a search process, the CPU 30 determines whether it is a browsing process (step S14). If it is not a browsing process, the CPU 30 executes the requested operation content (step S16). For example, if a new document is registered, there are few security problems, so the operation is executed.

  If the operation content is a browsing process in which a specific file is specified (file ID is specified), the CPU 30 determines that there is a possibility of a security problem, and executes the process after verifying unauthorized use. (Step S15).

  7 and 8 show flowcharts of unauthorized use verification. First, the CPU 30 acquires the operation history of the user from the operation history table 16 (step S21). Furthermore, the operation tendency with respect to the file of the user is acquired from the trend analysis table. This trend analysis table is an analysis of operation trends based on the operation history table 16, and is updated each time unauthorized use verification is performed, as will be described later.

  FIG. 9 shows an example of the trend analysis table. For each user ID and each file ID (document ID), the past number of browsing times, browsing frequency, and search method are analyzed and recorded. If the user ID is “UID00001” and the file ID to be viewed is “DOC0000003”, the CPU 30 acquires the data on the third line. This data indicates that the file is browsed 10 times by the user, the average browsing frequency is once every 15 days, and that the search method is 10 times by the folder tree. Although not shown in FIG. 9, the number of browsing, the browsing frequency, the search method, etc. for all files for each user are also recorded.

  Next, the CPU 30 determines whether or not the current user's search method for the file is significantly different from the past tendency (step S23). For example, it is assumed that the user performs a search for a file to be browsed (file ID = “DOC0000003”) using a keyword in the current operation. As described above, this user has a folder tree for all 10 past search methods for the file. Therefore, the current operation is significantly different from the past trend, and the CPU 30 determines that there is a possibility of abnormality. Then, this browsing request operation is recorded in the operation history table 16 (step S24). At this time, the fact that there is a possibility of abnormality is also recorded.

  Next, the CPU 30 updates the trend analysis table (step S25). Subsequently, logout is automatically performed (step S26). Furthermore, a login screen is transmitted to the terminal device (step S27). In this way, when a search method greatly different from the past operation history is performed, the browsing process is not permitted.

  When the past operation history is less than a predetermined number of times for the user and the file (for example, less than 10 times), the search method determination in step S23 is not performed. This is because if the number of samples is small, a reasonable judgment cannot be made.

  Whether or not the search method is significantly different from the past search method can be determined, for example, based on whether or not the current search method is less than a predetermined ratio (for example, less than 5%) of all search methods in the past operation history. it can.

  If the search method is normal, the CPU 30 next determines the browsing frequency (step S28). That is, regarding the file requested to be browsed this time, the frequency of browsing by the user in the past is compared with the browsing frequency of today, and if it is greatly different, it is determined to be abnormal.

  For example, although the past browsing frequency is once every 15 days, if today's browsing frequency is 10 times, it is determined to be abnormal. For this determination, for example, based on the past browsing frequency, the average number of browsing per day is calculated (if it is once every 15 days, it is 0.06 times / day), and this number of times is a predetermined multiple or more. If there is a viewing request (for example, 100 times or more) today, it is determined to be abnormal.

  In addition, you may make it judge using the average browsing frequency per day in the day when the said file was browsed.

  In addition, when the past browsing history is less than a predetermined number of times for the user and the file (for example, less than 10 times), the browsing method is not determined in step S28. This is because if the number of samples is small, a reasonable judgment cannot be made.

  If it is determined that there is an abnormality, the CPU 30 records this browsing request operation in the operation history table 16 together with an abnormality flag. Further, the trend analysis table is updated (step S29). Subsequently, logout is automatically performed, and a login screen is transmitted to the terminal device (step S30). In this way, browsing is not permitted for abnormal operations.

  If the browsing frequency is normal, the CPU 30 next determines the search frequency (step S31). That is, the frequency with which the user has performed a file search in the past is compared with the search frequency of today, and if it is significantly different, it is determined that the user is abnormal. In this determination, a search frequency for all files is used without specifying a file.

  For example, although the past search frequency is 15 times on average per day, if today's search frequency is 40 times, it is determined that there is an abnormality. This determination is, for example, determined to be abnormal if there is a search on the current day that exceeds a predetermined multiple (for example, twice) of the past daily average search frequency.

  When the past search history for the user and the file is less than a predetermined number of days (for example, less than 10 days), the search method in step S31 is not determined. This is because if the number of samples is small, a reasonable judgment cannot be made.

  If it is determined that there is an abnormality, the CPU 30 records this browsing request operation in the operation history table 16 together with an abnormality flag. Further, the trend analysis table is updated (step S32). Subsequently, logout is automatically performed, and a login screen is transmitted to the terminal device (step S33). In this way, browsing is not permitted for abnormal operations.

  If the search frequency is normal, the CPU 30 next determines the relevance (step S34). That is, it is determined whether or not the user is related to the file. Here, first, it is determined whether or not the user has viewing authority for the file for which the viewing request has been made. This determination is made with reference to the browsing authority table.

  FIG. 10 shows an example of the browsing authority table. For each file, it is described which user belonging to which department has access authority. For example, with respect to the file with the file ID “DOC0000001”, it is indicated that the users belonging to the departments with the department IDs “GRP40001” and “GRP40002” have the access authority.

  The CPU 30 acquires the department to which the user belongs from a user table (not shown), and determines whether the user has an access right for the file requested to be browsed. If there is no access authority, it is determined to be abnormal.

  If there is an access right, the CPU 30 determines whether or not there is a relationship between the user and the file. For this determination, a recorded business relation table is used. An example of the business related table is shown in FIG.

  The degree of association between each user and each department is indicated by “large”, “medium”, and “small”. The CPU 30 acquires the degree of association between each department (see FIG. 10) having access authority to the file requested by the user and the user from the business relation table. When a plurality of departments have access authority to the file, a plurality of association degrees are also acquired. The CPU 30 determines that it is normal if at least one of these degrees of association is “medium” or higher. Otherwise, it is determined to be abnormal.

  If it is determined that there is an abnormality, the CPU 30 records this browsing request operation in the operation history table 16 together with an abnormality flag. Further, the trend analysis table is updated (step S35). Subsequently, logout is automatically performed, and a login screen is transmitted to the terminal device (step S36). In this way, browsing is not permitted for abnormal operations.

When determining that it is normal, the CPU 30 records the browse request operation in the operation history table 16. Further, the trend analysis table is updated (step S37). Thereafter, the file browsing operation requested by the user is executed (step S38). That is, the database 40 is accessed, the requested file is acquired, and transmitted to the terminal device.

4). Other
(1) In the above embodiment, in step S8, the time from any previous operation is determined. However, for the same operation as the current operation, the time from the previous operation may be determined.

(2) In the above embodiment, in step S8, the determination is made for the operation to be recorded in the history. However, apart from the operations to be recorded in the history, all operations sent from the terminal device regarding the user may be targeted.

(3) In the above embodiment, when it is determined that there is an abnormality, automatic logout is performed so that browsing is not permitted. However, except for the relevance determination (step S34), when it is determined to be abnormal, a screen requesting the input of a password is transmitted, and if a correct password is returned in response to this, browsing is permitted. Also good.

  In addition, browsing requests for which specific conditions are prepared in advance may be permitted to be browsed regardless of the abnormality determination. For example, if the user intentionally performs an operation different from the conventional one, if the flag indicating that the system administrator has obtained permission is included in the operation content, browsing is allowed unconditionally. Also good. Or you may make it permit browsing with respect to a specific document irrespective of said abnormality determination.

(4) In the above embodiment, all abnormality determinations are performed. However, at least one of these may be executed. Moreover, in the said embodiment, although the abnormality determination based on each tendency is performed independently, you may make it perform one abnormality determination combining a some tendency. Therefore, the search method and the search frequency may be combined, and if either one is normal, it may be determined as “normal”.

(5) In the above embodiment, the determination is made based on the operation interval and operation frequency. However, based on the operation time (eg, the time zone is significantly different from the previous operation time) and the input device used for the operation (eg, this time it was a mouse but this time it is a keyboard) You may make it judge.

(6) In the above-described embodiment, the file browsing is determined. However, the file printing and copying processes can be determined in the same manner.

(7) In the above embodiment, the case where the file management apparatus is constructed as a server apparatus has been described. However, the file management device may be constructed as a stand-alone device.

Claims (8)

A recording unit for recording a file and an operation history table for recording a user's operation history;
User authentication means for authenticating the user;
User operation content acquisition means for acquiring user operation content related to the file and recording it in the operation history table;
An operation tendency extracting means for extracting an operation tendency based on the operation history of each user recorded in the operation history table;
If the user's operation content is different from the extracted main operation tendency, access prohibiting means for prohibiting access to the file;
A file management device. A file management program for realizing a file management apparatus by a computer accessible to a recording unit that records a file and an operation history table that records an operation history of a user, the computer comprising:
User authentication means for authenticating the user;
User operation content acquisition means for acquiring user operation content related to the file and recording it in the operation content table;
An operation tendency extracting means for extracting an operation tendency based on the operation history of the user recorded in the operation history table;
The file management program for functioning as an access prohibition means for prohibiting access to the file when the user operation content is different from the extracted main operation tendency. In the apparatus of claim 1 or the program of claim 2,
The operation tendency extraction means is for extracting an operation tendency based on a history of search operations for the user's file.
The access prohibiting unit prohibits access to the file when a file search operation is different from a main operation tendency. In the apparatus or program in any one of Claims 1-3,
The operation tendency extracting means acquires an average file search count per predetermined time of a plurality of users as an operation tendency,
The access prohibiting means prohibits access to the file when the number of file searches per predetermined time of the user is greater than a predetermined number of times relative to the average number of file searches. . In the apparatus or program in any one of Claims 1-4,
The operation tendency extraction means extracts the average number of browsing per day on the day when the user has browsed the file in the past as an operation tendency.
The access prohibiting unit prohibits access to the file when the number of times the user browses the file today is greater than or equal to the browsing average number of times by a predetermined amount or more. . A recording unit for recording a file, an access authority table indicating a correspondence between each file and a department having access authority, and a business relevance table indicating a business relevance degree between each user and each department;
User authentication means for authenticating the user;
User operation content acquisition means for acquiring user operation content related to the file;
With reference to the access authority table and the business relevance level table, the business relevance level of the user is greater than or equal to a predetermined value for a department to which the user is authorized to view the file that the user intends to view by operation. An access prohibition means for prohibiting access to the file when there is not,
A file management device. A file that can be accessed by a computer that can access a recording unit that records a file, an access authority table that indicates correspondence between each file and a department having access authority, and a business relevance table that indicates the degree of business relevance between each user and each department A file management program for realizing a management device, comprising:
User authentication means for authenticating the user;
User operation content acquisition means for acquiring user operation content related to the file;
With reference to the access authority table and the business relevance level table, there is no business relevance level that the user has more than a predetermined value for the department that is authorized for the file that the user intends to view by operation. A file management program for functioning as access prohibiting means for prohibiting access to the file. In the apparatus or program in any one of Claims 1-7,
The file management device is configured as a server device,
The operation content of the user is transmitted from a terminal device capable of communicating with the server device.

Images